Provided by: salt-doc_2017.7.4+dfsg1-1ubuntu18.04.2_all 
NAME
salt - Salt Documentation
INSTALLATION
This section contains instructions to install Salt. If you are setting up your environment for the first
time, you should install a Salt master on a dedicated management server or VM, and then install a Salt
minion on each system that you want to manage using Salt. For now you don't need to worry about your
architecture, you can easily add components and modify your configuration later without needing to
reinstall anything.
The general installation process is as follows:
1. Install a Salt master using the instructions for your platform or by running the Salt bootstrap
script. If you use the bootstrap script, be sure to include the -M option to install the Salt master.
2. Make sure that your Salt minions can find the Salt master.
3. Install the Salt minion on each system that you want to manage.
4. Accept the Salt minion keys after the Salt minion connects.
After this, you should be able to run a simple command and receive returns from all connected Salt
minions.
salt '*' test.ping
Quick Install
On most distributions, you can set up a Salt Minion with the Salt bootstrap.
Platform-specific Installation Instructions
These guides go into detail how to install Salt on a given platform.
Arch Linux
Installation
Salt (stable) is currently available via the Arch Linux Official repositories. There are currently -git
packages available in the Arch User repositories (AUR) as well.
Stable Release
Install Salt stable releases from the Arch Linux Official repositories as follows:
pacman -S salt
Tracking develop
To install the bleeding edge version of Salt (may include bugs!), use the -git package. Installing the
-git package as follows:
wget https://aur.archlinux.org/packages/sa/salt-git/salt-git.tar.gz
tar xf salt-git.tar.gz
cd salt-git/
makepkg -is
NOTE:
yaourt
If a tool such as Yaourt is used, the dependencies will be gathered and built automatically.
The command to install salt using the yaourt tool is:
yaourt salt-git
Post-installation tasks
systemd
Activate the Salt Master and/or Minion via systemctl as follows:
systemctl enable salt-master.service
systemctl enable salt-minion.service
Start the Master
Once you've completed all of these steps you're ready to start your Salt Master. You should be able to
start your Salt Master now using the command seen here:
systemctl start salt-master
Now go to the Configuring Salt page.
Debian GNU/Linux / Raspbian
Debian GNU/Linux distribution and some derivatives such as Raspbian already have included Salt packages
to their repositories. However, current stable release codenamed "Jessie" contains old outdated Salt
release. It is recommended to use SaltStack repository for Debian as described below.
Installation from official Debian and Raspbian repositories is described here.
Installation from the Official SaltStack Repository
Packages for Debian 9 (Stretch) and Debian 8 (Jessie) are available in the Official SaltStack repository.
Instructions are at https://repo.saltstack.com/#debian.
NOTE:
Regular security support for Debian 7 ended on April 25th 2016. As a result, 2016.3.1 and 2015.8.10
will be the last Salt releases for which Debian 7 packages are created.
Installation from the Debian / Raspbian Official Repository
Stretch (Testing) and Sid (Unstable) distributions are already contain mostly up-to-date Salt packages
built by Debian Salt Team. You can install Salt components directly from Debian.
On Jessie (Stable) there is an option to install Salt minion from Stretch with python-tornado dependency
from jessie-backports repositories.
To install fresh release of Salt minion on Jessie:
1. Add jessie-backports and stretch repositories:
Debian:
echo 'deb http://httpredir.debian.org/debian jessie-backports main' >> /etc/apt/sources.list
echo 'deb http://httpredir.debian.org/debian stretch main' >> /etc/apt/sources.list
Raspbian:
echo 'deb http://archive.raspbian.org/raspbian/ stretch main' >> /etc/apt/sources.list
2. Make Jessie a default release:
echo 'APT::Default-Release "jessie";' > /etc/apt/apt.conf.d/10apt
3. Install Salt dependencies:
Debian:
apt-get update
apt-get install python-zmq python-systemd/jessie-backports python-tornado/jessie-backports salt-common/stretch
Raspbian:
apt-get update
apt-get install python-zmq python-tornado/stretch salt-common/stretch
4. Install Salt minion package from Stretch:
apt-get install salt-minion/stretch
Install Packages
Install the Salt master, minion or other packages from the repository with the apt-get command. These
examples each install one of Salt components, but more than one package name may be given at a time:
• apt-get install salt-api
• apt-get install salt-cloud
• apt-get install salt-master
• apt-get install salt-minion
• apt-get install salt-ssh
• apt-get install salt-syndic
Post-installation tasks
Now, go to the Configuring Salt page.
Arista EOS Salt minion installation guide
The Salt minion for Arista EOS is distributed as a SWIX extension and can be installed directly on the
switch. The EOS network operating system is based on old Fedora distributions and the installation of the
salt-minion requires backports. This SWIX extension contains the necessary backports, together with the
Salt basecode.
NOTE:
This SWIX extension has been tested on Arista DCS-7280SE-68-R, running EOS 4.17.5M and vEOS 4.18.3F.
Important Notes
This package is in beta, make sure to test it carefully before running it in production.
If confirmed working correctly, please report and add a note on this page with the platform model and EOS
version.
If you want to uninstall this package, please refer to the uninstalling section.
Installation from the Official SaltStack Repository
Download the swix package and save it to flash.
veos#copy https://salt-eos.netops.life/salt-eos-latest.swix flash:
veos#copy https://salt-eos.netops.life/startup.sh flash:
Install the Extension
Copy the Salt package to extension
veos#copy flash:salt-eos-latest.swix extension:
Install the SWIX
veos#extension salt-eos-latest.swix force
Verify the installation
veos#show extensions | include salt-eos
salt-eos-2017-07-19.swix 1.0.11/1.fc25 A, F 27
Change the Salt master IP address or FQDN, by edit the variable (SALT_MASTER)
veos#bash vi /mnt/flash/startup.sh
Make sure you enable the eAPI with unix-socket
veos(config)#management api http-commands
protocol unix-socket
no shutdown
Post-installation tasks
Generate Keys and host record and start Salt minion
veos#bash
#sudo /mnt/flash/startup.sh
salt-minion should be running
Copy the installed extensions to boot-extensions
veos#copy installed-extensions boot-extensions
Apply event-handler to let EOS start salt-minion during boot-up
veos(config)#event-handler boot-up-script
trigger on-boot
action bash sudo /mnt/flash/startup.sh
For more specific installation details of the salt-minion, please refer to Configuring Salt.
Uninstalling
If you decide to uninstall this package, the following steps are recommended for safety:
1. Remove the extension from boot-extensions
veos#bash rm /mnt/flash/boot-extensions
2. Remove the extension from extensions folder
veos#bash rm /mnt/flash/.extensions/salt-eos-latest.swix
2. Remove boot-up script
veos(config)#no event-handler boot-up-script
Additional Information
This SWIX extension contains the following RPM packages:
libsodium-1.0.11-1.fc25.i686.rpm
libstdc++-6.2.1-2.fc25.i686.rpm
openpgm-5.2.122-6.fc24.i686.rpm
python-Jinja2-2.8-0.i686.rpm
python-PyYAML-3.12-0.i686.rpm
python-babel-0.9.6-5.fc18.noarch.rpm
python-backports-1.0-3.fc18.i686.rpm
python-backports-ssl_match_hostname-3.4.0.2-1.fc18.noarch.rpm
python-backports_abc-0.5-0.i686.rpm
python-certifi-2016.9.26-0.i686.rpm
python-chardet-2.0.1-5.fc18.noarch.rpm
python-crypto-1.4.1-1.noarch.rpm
python-crypto-2.6.1-1.fc18.i686.rpm
python-futures-3.1.1-1.noarch.rpm
python-jtextfsm-0.3.1-0.noarch.rpm
python-kitchen-1.1.1-2.fc18.noarch.rpm
python-markupsafe-0.18-1.fc18.i686.rpm
python-msgpack-python-0.4.8-0.i686.rpm
python-napalm-base-0.24.3-1.noarch.rpm
python-napalm-eos-0.6.0-1.noarch.rpm
python-netaddr-0.7.18-0.noarch.rpm
python-pyeapi-0.7.0-0.noarch.rpm
python-salt-2017.7.0_1414_g2fb986f-1.noarch.rpm
python-singledispatch-3.4.0.3-0.i686.rpm
python-six-1.10.0-0.i686.rpm
python-tornado-4.4.2-0.i686.rpm
python-urllib3-1.5-7.fc18.noarch.rpm
python2-zmq-15.3.0-2.fc25.i686.rpm
zeromq-4.1.4-5.fc25.i686.rpm
Fedora
Beginning with version 0.9.4, Salt has been available in the primary Fedora repositories and EPEL. It is
installable using yum or dnf, depending on your version of Fedora.
NOTE:
Released versions of Salt starting with 2015.5.2 through 2016.3.2 do not have Fedora packages
available though EPEL. To install a version of Salt within this release array, please use SaltStack's
Bootstrap Script and use the git method of installing Salt using the version's associated release tag.
Release 2016.3.3 and onward will have packaged versions available via EPEL.
WARNING: Fedora 19 comes with systemd 204. Systemd has known bugs fixed in later revisions that prevent
the salt-master from starting reliably or opening the network connections that it needs to. It's not
likely that a salt-master will start or run reliably on any distribution that uses systemd version 204 or
earlier. Running salt-minions should be OK.
Installation
Salt can be installed using yum and is available in the standard Fedora repositories.
Stable Release
Salt is packaged separately for the minion and the master. It is necessary only to install the
appropriate package for the role the machine will play. Typically, there will be one master and multiple
minions.
yum install salt-master
yum install salt-minion
Installing from updates-testing
When a new Salt release is packaged, it is first admitted into the updates-testing repository, before
being moved to the stable repo.
To install from updates-testing, use the enablerepo argument for yum:
yum --enablerepo=updates-testing install salt-master
yum --enablerepo=updates-testing install salt-minion
Installation Using pip
Since Salt is on PyPI, it can be installed using pip, though most users prefer to install using a package
manager.
Installing from pip has a few additional requirements:
• Install the group 'Development Tools', dnf groupinstall 'Development Tools'
• Install the 'zeromq-devel' package if it fails on linking against that afterwards as well.
A pip install does not make the init scripts or the /etc/salt directory, and you will need to provide
your own systemd service unit.
Installation from pip:
pip install salt
WARNING:
If installing from pip (or from source using setup.py install), be advised that the yum-utils package
is needed for Salt to manage packages. Also, if the Python dependencies are not already installed,
then you will need additional libraries/tools installed to build some of them. More information on
this can be found here.
Post-installation tasks
Master
To have the Master start automatically at boot time:
systemctl enable salt-master.service
To start the Master:
systemctl start salt-master.service
Minion
To have the Minion start automatically at boot time:
systemctl enable salt-minion.service
To start the Minion:
systemctl start salt-minion.service
Now go to the Configuring Salt page.
FreeBSD
Installation
Salt is available in binary package form from both the FreeBSD pkgng repository or directly from
SaltStack. The instructions below outline installation via both methods:
FreeBSD repo
The FreeBSD pkgng repository is preconfigured on systems 10.x and above. No configuration is needed to
pull from these repositories.
pkg install py27-salt
These packages are usually available within a few days of upstream release.
SaltStack repo
SaltStack also hosts internal binary builds of the Salt package, available from
https://repo.saltstack.com/freebsd/. To make use of this repository, add the following file to your
system:
/usr/local/etc/pkg/repos/saltstack.conf:
saltstack: {
url: "https://repo.saltstack.com/freebsd/${ABI}/",
enabled: yes
}
You should now be able to install Salt from this new repository:
pkg install py27-salt
These packages are usually available earlier than upstream FreeBSD. Also available are release candidates
and development releases. Use these pre-release packages with caution.
Post-installation tasks
Master
Copy the sample configuration file:
cp /usr/local/etc/salt/master.sample /usr/local/etc/salt/master
rc.conf
Activate the Salt Master in /etc/rc.conf:
sysrc salt_master_enable="YES"
Start the Master
Start the Salt Master as follows:
service salt_master start
Minion
Copy the sample configuration file:
cp /usr/local/etc/salt/minion.sample /usr/local/etc/salt/minion
rc.conf
Activate the Salt Minion in /etc/rc.conf:
sysrc salt_minion_enable="YES"
Start the Minion
Start the Salt Minion as follows:
service salt_minion start
Now go to the Configuring Salt page.
Gentoo
Salt can be easily installed on Gentoo via Portage:
emerge app-admin/salt
Post-installation tasks
Now go to the Configuring Salt page.
OpenBSD
Salt was added to the OpenBSD ports tree on Aug 10th 2013. It has been tested on OpenBSD 5.5 onwards.
Salt is dependent on the following additional ports. These will be installed as dependencies of the
sysutils/salt port:
devel/py-futures
devel/py-progressbar
net/py-msgpack
net/py-zmq
security/py-crypto
security/py-M2Crypto
textproc/py-MarkupSafe
textproc/py-yaml
www/py-jinja2
www/py-requests
www/py-tornado
Installation
To install Salt from the OpenBSD pkg repo, use the command:
pkg_add salt
Post-installation tasks
Master
To have the Master start automatically at boot time:
rcctl enable salt_master
To start the Master:
rcctl start salt_master
Minion
To have the Minion start automatically at boot time:
rcctl enable salt_minion
To start the Minion:
rcctl start salt_minion
Now go to the Configuring Salt page.
macOS
Installation from the Official SaltStack Repository
Latest stable build from the selected branch:
The output of md5 <salt pkg> should match the contents of the corresponding md5 file.
Earlier builds from supported branches
Archived builds from unsupported branches
Installation from Homebrew
brew install saltstack
It should be noted that Homebrew explicitly discourages the use of sudo:
Homebrew is designed to work without using sudo. You can decide to use it but we strongly recommend
not to do so. If you have used sudo and run into a bug then it is likely to be the cause. Please don’t
file a bug report unless you can reproduce it after reinstalling Homebrew from scratch without using
sudo
Installation from MacPorts
sudo port install salt
Installation from Pip
When only using the macOS system's pip, install this way:
sudo pip install salt
Salt-Master Customizations
NOTE:
Salt master on macOS is not tested or supported by SaltStack. See SaltStack Platform Support for more
information.
To run salt-master on macOS, sudo add this configuration option to the /etc/salt/master file:
max_open_files: 8192
On versions previous to macOS 10.10 (Yosemite), increase the root user maxfiles limit:
sudo launchctl limit maxfiles 4096 8192
NOTE:
On macOS 10.10 (Yosemite) and higher, maxfiles should not be adjusted. The default limits are
sufficient in all but the most extreme scenarios. Overriding these values with the setting below will
cause system instability!
Now the salt-master should run without errors:
sudo salt-master --log-level=all
Post-installation tasks
Now go to the Configuring Salt page.
RHEL / CentOS / Scientific Linux / Amazon Linux / Oracle Linux
Salt should work properly with all mainstream derivatives of Red Hat Enterprise Linux, including CentOS,
Scientific Linux, Oracle Linux, and Amazon Linux. Report any bugs or issues on the issue tracker.
Installation from the Official SaltStack Repository
Packages for Redhat, CentOS, and Amazon Linux are available in the SaltStack Repository.
• Red Hat / CentOS
• Amazon Linux
NOTE:
As of 2015.8.0, EPEL repository is no longer required for installing on RHEL systems. SaltStack
repository provides all needed dependencies.
WARNING:
If installing on Red Hat Enterprise Linux 7 with disabled (not subscribed on) 'RHEL Server Releases'
or 'RHEL Server Optional Channel' repositories, append CentOS 7 GPG key URL to SaltStack yum
repository configuration to install required base packages:
[saltstack-repo]
name=SaltStack repo for Red Hat Enterprise Linux $releasever
baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
enabled=1
gpgcheck=1
gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub
https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/base/RPM-GPG-KEY-CentOS-7
NOTE:
systemd and systemd-python are required by Salt, but are not installed by the Red Hat 7 @base
installation or by the Salt installation. These dependencies might need to be installed before Salt.
Installation from the Community-Maintained Repository
Beginning with version 0.9.4, Salt has been available in EPEL. For RHEL/CentOS 5, Fedora COPR is a single
community repository that provides Salt packages due to the removal from EPEL5.
NOTE:
Packages in these repositories are built by community, and it can take a little while until the latest
stable SaltStack release become available.
RHEL/CentOS 6 and 7, Scientific Linux, etc.
WARNING:
Salt 2015.8 is currently not available in EPEL due to unsatisfied dependencies: python-crypto 2.6.1 or
higher, and python-tornado version 4.2.1 or higher. These packages are not currently available in EPEL
for Red Hat Enterprise Linux 6 and 7.
Enabling EPEL
If the EPEL repository is not installed on your system, you can download the RPM for RHEL/CentOS 6 or for
RHEL/CentOS 7 and install it using the following command:
rpm -Uvh epel-release-X-Y.rpm
Replace epel-release-X-Y.rpm with the appropriate filename.
Installing Stable Release
Salt is packaged separately for the minion and the master. It is necessary to install only the
appropriate package for the role the machine will play. Typically, there will be one master and multiple
minions.
• yum install salt-master
• yum install salt-minion
• yum install salt-ssh
• yum install salt-syndic
• yum install salt-cloud
Installing from epel-testing
When a new Salt release is packaged, it is first admitted into the epel-testing repository, before being
moved to the stable EPEL repository.
To install from epel-testing, use the enablerepo argument for yum:
yum --enablerepo=epel-testing install salt-minion
Installation Using pip
Since Salt is on PyPI, it can be installed using pip, though most users prefer to install using RPM
packages (which can be installed from EPEL).
Installing from pip has a few additional requirements:
• Install the group 'Development Tools', yum groupinstall 'Development Tools'
• Install the 'zeromq-devel' package if it fails on linking against that afterwards as well.
A pip install does not make the init scripts or the /etc/salt directory, and you will need to provide
your own systemd service unit.
Installation from pip:
pip install salt
WARNING:
If installing from pip (or from source using setup.py install), be advised that the yum-utils package
is needed for Salt to manage packages. Also, if the Python dependencies are not already installed,
then you will need additional libraries/tools installed to build some of them. More information on
this can be found here.
ZeroMQ 4
We recommend using ZeroMQ 4 where available. SaltStack provides ZeroMQ 4.0.5 and pyzmq 14.5.0 in the
SaltStack Repository as well as a separate zeromq4 COPR repository.
If this repository is added before Salt is installed, then installing either salt-master or salt-minion
will automatically pull in ZeroMQ 4.0.5, and additional steps to upgrade ZeroMQ and pyzmq are
unnecessary.
WARNING:
RHEL/CentOS 5 Users Using COPR repos on RHEL/CentOS 5 requires that the python-hashlib package be
installed. Not having it present will result in checksum errors because YUM will not be able to
process the SHA256 checksums used by COPR.
NOTE:
For RHEL/CentOS 5 installations, if using the SaltStack repo or Fedora COPR to install Salt (as
described above), then it is not necessary to enable the zeromq4 COPR, because those repositories
already include ZeroMQ 4.
Package Management
Salt's interface to yum makes heavy use of the repoquery utility, from the yum-utils package. This
package will be installed as a dependency if salt is installed via EPEL. However, if salt has been
installed using pip, or a host is being managed using salt-ssh, then as of version 2014.7.0 yum-utils
will be installed automatically to satisfy this dependency.
Post-installation tasks
Master
To have the Master start automatically at boot time:
RHEL/CentOS 5 and 6
chkconfig salt-master on
RHEL/CentOS 7
systemctl enable salt-master.service
To start the Master:
RHEL/CentOS 5 and 6
service salt-master start
RHEL/CentOS 7
systemctl start salt-master.service
Minion
To have the Minion start automatically at boot time:
RHEL/CentOS 5 and 6
chkconfig salt-minion on
RHEL/CentOS 7
systemctl enable salt-minion.service
To start the Minion:
RHEL/CentOS 5 and 6
service salt-minion start
RHEL/CentOS 7
systemctl start salt-minion.service
Now go to the Configuring Salt page.
Solaris
Salt is known to work on Solaris but community packages are unmaintained.
It is possible to install Salt on Solaris by using setuptools.
For example, to install the develop version of salt:
git clone https://github.com/saltstack/salt
cd salt
sudo python setup.py install --force
NOTE:
SaltStack does offer commerical support for Solaris which includes packages.
Ubuntu
Installation from the Official SaltStack Repository
Packages for Ubuntu 16 (Xenial), Ubuntu 14 (Trusty), and Ubuntu 12 (Precise) are available in the
SaltStack repository.
Instructions are at https://repo.saltstack.com/#ubuntu.
Install Packages
Install the Salt master, minion or other packages from the repository with the apt-get command. These
examples each install one of Salt components, but more than one package name may be given at a time:
• apt-get install salt-api
• apt-get install salt-cloud
• apt-get install salt-master
• apt-get install salt-minion
• apt-get install salt-ssh
• apt-get install salt-syndic
Post-installation tasks
Now go to the Configuring Salt page.
Windows
Salt has full support for running the Salt minion on Windows. You must connect Windows Salt minions to a
Salt master on a supported operating system to control your Salt Minions.
Many of the standard Salt modules have been ported to work on Windows and many of the Salt States
currently work on Windows as well.
Installation from the Official SaltStack Repository
Latest stable build from the selected branch:
The output of md5sum <salt minion exe> should match the contents of the corresponding md5 file.
Earlier builds from supported branches
Archived builds from unsupported branches
NOTE:
The installation executable installs dependencies that the Salt minion requires.
The 64bit installer has been tested on Windows 7 64bit and Windows Server 2008R2 64bit. The 32bit
installer has been tested on Windows 2008 Server 32bit. Please file a bug report on our GitHub repo if
issues for other platforms are found.
There are installers available for Python 2 and Python 3.
The installer will detect previous installations of Salt and ask if you would like to remove them.
Clicking OK will remove the Salt binaries and related files but leave any existing config, cache, and PKI
information.
Salt Minion Installation
After the Welcome and the License Agreement, the installer asks for two bits of information to configure
the minion; the master hostname and the minion name. The installer will update the minion config with
these options. If the installer finds an existing minion config file, these fields will be populated with
values from the existing config.
The final page allows you to start the minion service and optionally change its startup type. By default,
the minion is set to Automatic. You can change the minion start type to Automatic (Delayed Start) by
checking the 'Delayed Start' checkbox.
NOTE:
Highstates that require a reboot may fail after reboot because salt continues the highstate before
Windows has finished the booting process. This can be fixed by changing the startup type to
'Automatic (Delayed Start)'. The drawback is that it may increase the time it takes for the
'salt-minion' service to actually start.
The salt-minion service will appear in the Windows Service Manager and can be managed there or from the
command line like any other Windows service.
sc start salt-minion
net start salt-minion
NOTE:
If the minion won't start, you may need to install the Microsoft Visual C++ 2008 x64 SP1
redistributable. Allow all Windows updates to run salt-minion smoothly.
Installation Prerequisites
Most Salt functionality should work just fine right out of the box. A few Salt modules rely on
PowerShell. The minimum version of PowerShell required for Salt is version 3. If you intend to work with
DSC then Powershell version 5 is the minimum.
Silent Installer Options
The installer can be run silently by providing the /S option at the command line. The installer also
accepts the following options for configuring the Salt Minion silently:
┌───────────────────────┬───────────────────────────────────────┐
│ Option │ Description │
├───────────────────────┼───────────────────────────────────────┤
│ /minion-name= │ A string value to set the minion │
│ │ name. Default is 'hostname' │
├───────────────────────┼───────────────────────────────────────┤
│ /master= │ A string value to set the IP address │
│ │ or host name of the master. Default │
│ │ value is 'salt' │
├───────────────────────┼───────────────────────────────────────┤
│ /start-minion= │ Either a 1 or 0. '1' will start the │
│ │ salt-minion service, '0' will not. │
│ │ Default is to start the service after │
│ │ installation. │
├───────────────────────┼───────────────────────────────────────┤
│ /start-minion-delayed │ Set the minion start type to │
│ │ Automatic (Delayed Start) │
└───────────────────────┴───────────────────────────────────────┘
NOTE:
/start-service has been deprecated but will continue to function as expected for the time being.
Here are some examples of using the silent installer:
# Install the Salt Minion
# Configure the minion and start the service
Salt-Minion-2017.7.1-Py2-AMD64-Setup.exe /S /master=yoursaltmaster /minion-name=yourminionname
# Install the Salt Minion
# Configure the minion but don't start the minion service
Salt-Minion-2017.7.1-Py3-AMD64-Setup.exe /S /master=yoursaltmaster /minion-name=yourminionname /start-minion=0
Running the Salt Minion on Windows as an Unprivileged User
Notes:
• These instructions were tested with Windows Server 2008 R2
• They are generalizable to any version of Windows that supports a salt-minion
Create the Unprivileged User that the Salt Minion will Run As
1. Click Start > Control Panel > User Accounts.
2. Click Add or remove user accounts.
3. Click Create new account.
4. Enter salt-user (or a name of your preference) in the New account name field.
5. Select the Standard user radio button.
6. Click the Create Account button.
7. Click on the newly created user account.
8. Click the Create a password link.
9. In the New password and Confirm new password fields, provide a password (e.g
"SuperSecretMinionPassword4Me!").
10. In the Type a password hint field, provide appropriate text (e.g. "My Salt Password").
11. Click the Create password button.
12. Close the Change an Account window.
Add the New User to the Access Control List for the Salt Folder
1. In a File Explorer window, browse to the path where Salt is installed (the default path is C:\Salt).
2. Right-click on the Salt folder and select Properties.
3. Click on the Security tab.
4. Click the Edit button.
5. Click the Add button.
6. Type the name of your designated Salt user and click the OK button.
7. Check the box to Allow the Modify permission.
8. Click the OK button.
9. Click the OK button to close the Salt Properties window.
Update the Windows Service User for the salt-minion Service
1. Click Start > Administrative Tools > Services.
2. In the Services list, right-click on salt-minion and select Properties.
3. Click the Log On tab.
4. Click the This account radio button.
5. Provide the account credentials created in section A.
6. Click the OK button.
7. Click the OK button to the prompt confirming that the user has been granted the Log On As A Service
right.
8. Click the OK button to the prompt confirming that The new logon name will not take effect until you
stop and restart the service.
9. Right-Click on salt-minion and select Stop.
10. Right-Click on salt-minion and select Start.
Building and Developing on Windows
This document will explain how to set up a development environment for Salt on Windows. The development
environment allows you to work with the source code to customize or fix bugs. It will also allow you to
build your own installation.
There are several scripts to automate creating a Windows installer as well as setting up an environment
that facilitates developing and troubleshooting Salt code. They are located in the pkg\windows directory
in the Salt repo (here).
Scripts:
┌─────────────────┬───────────────────────────────────────┐
│ Script │ Description │
├─────────────────┼───────────────────────────────────────┤
│ build_env_2.ps1 │ A PowerShell script that sets up a │
│ │ Python 2 build environment │
├─────────────────┼───────────────────────────────────────┤
│ build_env_3.ps1 │ A PowerShell script that sets up a │
│ │ Python 3 build environment │
├─────────────────┼───────────────────────────────────────┤
│ build_pkg.bat │ A batch file that builds a Windows │
│ │ installer based on the contents of │
│ │ the C:\Python27 directory │
├─────────────────┼───────────────────────────────────────┤
│ build.bat │ A batch file that fully automates the │
│ │ building of the Windows installer │
│ │ using the above two scripts │
└─────────────────┴───────────────────────────────────────┘
NOTE:
The build.bat and build_pkg.bat scripts both accept a parameter to specify the version of Salt that
will be displayed in the Windows installer. If no version is passed, the version will be determined
using git.
Both scripts also accept an additional parameter to specify the version of Python to use. The default
is 2.
Prerequisite Software
The only prerequisite is Git for Windows.
Create a Build Environment
1. Working Directory
Create a Salt-Dev directory on the root of C:. This will be our working directory. Navigate to Salt-Dev
and clone the Salt repo from GitHub.
Open a command line and type:
cd \
md Salt-Dev
cd Salt-Dev
git clone https://github.com/saltstack/salt
Go into the salt directory and checkout the version of salt to work with (2016.3 or higher).
cd salt
git checkout 2017.7.2
2. Setup the Python Environment
Navigate to the pkg\windows directory and execute the build_env.ps1 PowerShell script.
cd pkg\windows
powershell -file build_env_2.ps1
NOTE:
You can also do this from Explorer by navigating to the pkg\windows directory, right clicking the
build_env_2.ps1 powershell script and selecting Run with PowerShell
This will download and install Python 2 with all the dependencies needed to develop and build Salt.
NOTE:
If you get an error or the script fails to run you may need to change the execution policy. Open a
powershell window and type the following command:
Set-ExecutionPolicy RemoteSigned
3. Salt in Editable Mode
Editable mode allows you to more easily modify and test the source code. For more information see the Pip
documentation.
Navigate to the root of the salt directory and install Salt in editable mode with pip
cd \Salt-Dev\salt
pip install -e .
NOTE:
The . is important
NOTE:
If pip is not recognized, you may need to restart your shell to get the updated path
NOTE:
If pip is still not recognized make sure that the Python Scripts folder is in the System %PATH%.
(C:\Python2\Scripts)
4. Setup Salt Configuration
Salt requires a minion configuration file and a few other directories. The default config file is named
minion located in C:\salt\conf. The easiest way to set this up is to copy the contents of the
salt\pkg\windows\buildenv directory to C:\salt.
cd \
md salt
xcopy /s /e \Salt-Dev\salt\pkg\windows\buildenv\* \salt\
Now go into the C:\salt\conf directory and edit the minion config file named minion (no extension). You
need to configure the master and id parameters in this file. Edit the following lines:
master: <ip or name of your master>
id: <name of your minion>
Create a Windows Installer
To create a Windows installer, follow steps 1 and 2 from Create a Build Environment above. Then proceed
to 3 below:
3. Install Salt
To create the installer for Window we install Salt using Python instead of pip. Navigate to the root
salt directory and install Salt.
cd \Salt-Dev\salt
python setup.py install
4. Create the Windows Installer
Navigate to the pkg\windows directory and run the build_pkg.bat with the build version (2017.7.2) and the
Python version as parameters.
cd pkg\windows
build_pkg.bat 2017.7.2 2
^^^^^^^^ ^
| |
# build version -- |
# python version ------
NOTE:
If no version is passed, the build_pkg.bat will guess the version number using git. If the python
version is not passed, the default is 2.
Creating a Windows Installer: Alternate Method (Easier)
Clone the Salt repo from GitHub into the directory of your choice. We're going to use Salt-Dev.
cd \
md Salt-Dev
cd Salt-Dev
git clone https://github.com/saltstack/salt
Go into the salt directory and checkout the version of Salt you want to build.
cd salt
git checkout 2017.7.2
Then navigate to pkg\windows and run the build.bat script with the version you're building.
cd pkg\windows
build.bat 2017.7.2 3
^^^^^^^^ ^
| |
# build version |
# python version --
This will install everything needed to build a Windows installer for Salt using Python 3. The binary will
be in the salt\pkg\windows\installer directory.
Testing the Salt minion
1. Create the directory C:\salt (if it doesn't exist already)
2.
Copy the example conf and var directories from
pkg\windows\buildenv into C:\salt
3. Edit C:\salt\conf\minion
master: ipaddress or hostname of your salt-master
4. Start the salt-minion
cd C:\Python27\Scripts
python salt-minion -l debug
5. On the salt-master accept the new minion's key
sudo salt-key -A
This accepts all unaccepted keys. If you're concerned about security just accept the key for this
specific minion.
6. Test that your minion is responding
On the salt-master run:
sudo salt '*' test.ping
You should get the following response: {'your minion hostname': True}
Packages Management Under Windows 2003
Windows Server 2003 and Windows XP have both reached End of Support. Though Salt is not officially
supported on operating systems that are EoL, some functionality may continue to work.
On Windows Server 2003, you need to install optional component "WMI Windows Installer Provider" to get a
full list of installed packages. If you don't have this, salt-minion can't report some installed
software.
SUSE
Installation from the Official SaltStack Repository
Packages for SUSE 12 SP1, SUSE 12, SUSE 11, openSUSE 13 and openSUSE Leap 42.1 are available in the
SaltStack Repository.
Instructions are at https://repo.saltstack.com/#suse.
Installation from the SUSE Repository
Since openSUSE 13.2, Salt 2014.1.11 is available in the primary repositories. With the release of SUSE
manager 3 a new repository setup has been created. The new repo will by systemsmanagement:saltstack,
which is the source for newer stable packages. For backward compatibility a linkpackage will be created
to the old devel:language:python repo. All development of suse packages will be done in
systemsmanagement:saltstack:testing. This will ensure that salt will be in mainline suse repo's, a
stable release repo and a testing repo for further enhancements.
Installation
Salt can be installed using zypper and is available in the standard openSUSE/SLES repositories.
Stable Release
Salt is packaged separately for the minion and the master. It is necessary only to install the
appropriate package for the role the machine will play. Typically, there will be one master and multiple
minions.
zypper install salt-master
zypper install salt-minion
Post-installation tasks openSUSE
Master
To have the Master start automatically at boot time:
systemctl enable salt-master.service
To start the Master:
systemctl start salt-master.service
Minion
To have the Minion start automatically at boot time:
systemctl enable salt-minion.service
To start the Minion:
systemctl start salt-minion.service
Post-installation tasks SLES
Master
To have the Master start automatically at boot time:
chkconfig salt-master on
To start the Master:
rcsalt-master start
Minion
To have the Minion start automatically at boot time:
chkconfig salt-minion on
To start the Minion:
rcsalt-minion start
Unstable Release
openSUSE
For openSUSE Tumbleweed run the following as root:
zypper addrepo http://download.opensuse.org/repositories/systemsmanagement:/saltstack/openSUSE_Tumbleweed/systemsmanagement:saltstack.repo
zypper refresh
zypper install salt salt-minion salt-master
For openSUSE 42.1 Leap run the following as root:
zypper addrepo http://download.opensuse.org/repositories/systemsmanagement:/saltstack/openSUSE_Leap_42.1/systemsmanagement:saltstack.repo
zypper refresh
zypper install salt salt-minion salt-master
For openSUSE 13.2 run the following as root:
zypper addrepo http://download.opensuse.org/repositories/systemsmanagement:/saltstack/openSUSE_13.2/systemsmanagement:saltstack.repo
zypper refresh
zypper install salt salt-minion salt-master
SUSE Linux Enterprise
For SLE 12 run the following as root:
zypper addrepo http://download.opensuse.org/repositories/systemsmanagement:/saltstack/SLE_12/systemsmanagement:saltstack.repo
zypper refresh
zypper install salt salt-minion salt-master
For SLE 11 SP4 run the following as root:
zypper addrepo http://download.opensuse.org/repositories/systemsmanagement:/saltstack/SLE_11_SP4/systemsmanagement:saltstack.repo
zypper refresh
zypper install salt salt-minion salt-master
Now go to the Configuring Salt page.
Initial Configuration
Configuring Salt
Salt configuration is very simple. The default configuration for the master will work for most
installations and the only requirement for setting up a minion is to set the location of the master in
the minion configuration file.
The configuration files will be installed to /etc/salt and are named after the respective components,
/etc/salt/master, and /etc/salt/minion.
Master Configuration
By default the Salt master listens on ports 4505 and 4506 on all interfaces (0.0.0.0). To bind Salt to a
specific IP, redefine the "interface" directive in the master configuration file, typically
/etc/salt/master, as follows:
- #interface: 0.0.0.0
+ interface: 10.0.0.1
After updating the configuration file, restart the Salt master. See the master configuration reference
for more details about other configurable options.
Minion Configuration
Although there are many Salt Minion configuration options, configuring a Salt Minion is very simple. By
default a Salt Minion will try to connect to the DNS name "salt"; if the Minion is able to resolve that
name correctly, no configuration is needed.
If the DNS name "salt" does not resolve to point to the correct location of the Master, redefine the
"master" directive in the minion configuration file, typically /etc/salt/minion, as follows:
- #master: salt
+ master: 10.0.0.1
After updating the configuration file, restart the Salt minion. See the minion configuration reference
for more details about other configurable options.
Proxy Minion Configuration
A proxy minion emulates the behaviour of a regular minion and inherits their options.
Similarly, the configuration file is /etc/salt/proxy and the proxy tries to connect to the DNS name
"salt".
In addition to the regular minion options, there are several proxy-specific - see the proxy minion
configuration reference.
Running Salt
1. Start the master in the foreground (to daemonize the process, pass the -d flag):
salt-master
2. Start the minion in the foreground (to daemonize the process, pass the -d flag):
salt-minion
Having trouble?
The simplest way to troubleshoot Salt is to run the master and minion in the foreground with
log level set to debug:
salt-master --log-level=debug
For information on salt's logging system please see the logging document.
Run as an unprivileged (non-root) user
To run Salt as another user, set the user parameter in the master config file.
Additionally, ownership, and permissions need to be set such that the desired user can read
from and write to the following directories (and their subdirectories, where applicable):
• /etc/salt
• /var/cache/salt
• /var/log/salt
• /var/run/salt
More information about running salt as a non-privileged user can be found here.
There is also a full troubleshooting guide available.
Key Identity
Salt provides commands to validate the identity of your Salt master and Salt minions before the initial
key exchange. Validating key identity helps avoid inadvertently connecting to the wrong Salt master, and
helps prevent a potential MiTM attack when establishing the initial connection.
Master Key Fingerprint
Print the master key fingerprint by running the following command on the Salt master:
salt-key -F master
Copy the master.pub fingerprint from the Local Keys section, and then set this value as the master_finger
in the minion configuration file. Save the configuration file and then restart the Salt minion.
Minion Key Fingerprint
Run the following command on each Salt minion to view the minion key fingerprint:
salt-call --local key.finger
Compare this value to the value that is displayed when you run the salt-key --finger <MINION_ID> command
on the Salt master.
Key Management
Salt uses AES encryption for all communication between the Master and the Minion. This ensures that the
commands sent to the Minions cannot be tampered with, and that communication between Master and Minion is
authenticated through trusted, accepted keys.
Before commands can be sent to a Minion, its key must be accepted on the Master. Run the salt-key command
to list the keys known to the Salt Master:
[root@master ~]# salt-key -L
Unaccepted Keys:
alpha
bravo
charlie
delta
Accepted Keys:
This example shows that the Salt Master is aware of four Minions, but none of the keys has been accepted.
To accept the keys and allow the Minions to be controlled by the Master, again use the salt-key command:
[root@master ~]# salt-key -A
[root@master ~]# salt-key -L
Unaccepted Keys:
Accepted Keys:
alpha
bravo
charlie
delta
The salt-key command allows for signing keys individually or in bulk. The example above, using -A
bulk-accepts all pending keys. To accept keys individually use the lowercase of the same option, -a
keyname.
SEE ALSO:
salt-key manpage
Sending Commands
Communication between the Master and a Minion may be verified by running the test.ping command:
[root@master ~]# salt alpha test.ping
alpha:
True
Communication between the Master and all Minions may be tested in a similar way:
[root@master ~]# salt '*' test.ping
alpha:
True
bravo:
True
charlie:
True
delta:
True
Each of the Minions should send a True response as shown above.
What's Next?
Understanding targeting is important. From there, depending on the way you wish to use Salt, you should
also proceed to learn about Remote Execution and Configuration Management.
Additional Installation Guides
Salt Bootstrap
The Salt Bootstrap script allows for a user to install the Salt Minion or Master on a variety of system
distributions and versions. This shell script known as bootstrap-salt.sh runs through a series of checks
to determine the operating system type and version. It then installs the Salt binaries using the
appropriate methods. The Salt Bootstrap script installs the minimum number of packages required to run
Salt. This means that in the event you run the bootstrap to install via package, Git will not be
installed. Installing the minimum number of packages helps ensure the script stays as lightweight as
possible, assuming the user will install any other required packages after the Salt binaries are present
on the system. The script source is available on GitHub: https://github.com/saltstack/salt-bootstrap
Supported Operating Systems
NOTE:
In the event you do not see your distribution or version available please review the develop branch on
GitHub as it may contain updates that are not present in the stable release:
https://github.com/saltstack/salt-bootstrap/tree/develop
Debian and derivatives
• Debian GNU/Linux 7/8
• Linux Mint Debian Edition 1 (based on Debian 8)
• Kali Linux 1.0 (based on Debian 7)
Red Hat family
• Amazon Linux 2012.09/2013.03/2013.09/2014.03/2014.09
• CentOS 5/6/7
• Fedora 17/18/20/21/22
• Oracle Linux 5/6/7
• Red Hat Enterprise Linux 5/6/7
• Scientific Linux 5/6/7
SUSE family
• openSUSE 12/13
• openSUSE Leap 42
• openSUSE Tumbleweed 2015
• SUSE Linux Enterprise Server 11 SP1/11 SP2/11 SP3/12
Ubuntu and derivatives
• Elementary OS 0.2 (based on Ubuntu 12.04)
• Linaro 12.04
• Linux Mint 13/14/16/17
• Trisquel GNU/Linux 6 (based on Ubuntu 12.04)
• Ubuntu 10.x/11.x/12.x/13.x/14.x/15.x/16.x
Other Linux distro
• Arch Linux
• Gentoo
UNIX systems
BSD:
• OpenBSD (pip installation)
• FreeBSD 9/10/11
SunOS:
• SmartOS
Example Usage
If you're looking for the one-liner to install Salt, please scroll to the bottom and use the instructions
for Installing via an Insecure One-Liner
NOTE:
In every two-step example, you would be well-served to examine the downloaded file and examine it to
ensure that it does what you expect.
The Salt Bootstrap script has a wide variety of options that can be passed as well as several ways of
obtaining the bootstrap script itself.
NOTE:
These examples below show how to bootstrap Salt directly from GitHub or other Git repository. Run the
script without any parameters to get latest stable Salt packages for your system from SaltStack
corporate repository. See first example in the Install using wget section.
Install using curl
Using curl to install latest development version from GitHub:
curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com
sudo sh bootstrap-salt.sh git develop
If you want to install a specific release version (based on the Git tags):
curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com
sudo sh bootstrap-salt.sh git v2015.8.8
To install a specific branch from a Git fork:
curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com
sudo sh bootstrap-salt.sh -g https://github.com/myuser/salt.git git mybranch
If all you want is to install a salt-master using latest Git:
curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com
sudo sh bootstrap-salt.sh -M -N git develop
If your host has Internet access only via HTTP proxy:
PROXY='http://user:password@myproxy.example.com:3128'
curl -o bootstrap-salt.sh -L -x "$PROXY" https://bootstrap.saltstack.com
sudo sh bootstrap-salt.sh -G -H "$PROXY" git
Install using wget
Using wget to install your distribution's stable packages:
wget -O bootstrap-salt.sh https://bootstrap.saltstack.com
sudo sh bootstrap-salt.sh
Downloading the script from develop branch:
wget -O bootstrap-salt.sh https://bootstrap.saltstack.com/develop
sudo sh bootstrap-salt.sh
Installing a specific version from git using wget:
wget -O bootstrap-salt.sh https://bootstrap.saltstack.com
sudo sh bootstrap-salt.sh -P git v2015.8.8
NOTE:
On the above example we added -P which will allow PIP packages to be installed if required but it's
not a necessary flag for Git based bootstraps.
Install using Python
If you already have Python installed, python 2.6, then it's as easy as:
python -m urllib "https://bootstrap.saltstack.com" > bootstrap-salt.sh
sudo sh bootstrap-salt.sh git develop
All Python versions should support the following in-line code:
python -c 'import urllib; print urllib.urlopen("https://bootstrap.saltstack.com").read()' > bootstrap-salt.sh
sudo sh bootstrap-salt.sh git develop
Install using fetch
On a FreeBSD base system you usually don't have either of the above binaries available. You do have fetch
available though:
fetch -o bootstrap-salt.sh https://bootstrap.saltstack.com
sudo sh bootstrap-salt.sh
If you have any SSL issues install ca_root_nssp:
pkg install ca_root_nssp
And either copy the certificates to the place where fetch can find them:
cp /usr/local/share/certs/ca-root-nss.crt /etc/ssl/cert.pem
Or link them to the right place:
ln -s /usr/local/share/certs/ca-root-nss.crt /etc/ssl/cert.pem
Installing via an Insecure One-Liner
The following examples illustrate how to install Salt via a one-liner.
NOTE:
Warning! These methods do not involve a verification step and assume that the delivered file is
trustworthy.
Any of the example above which use two-lines can be made to run in a single-line configuration with minor
modifications.
For example, using curl to install your distribution's stable packages:
curl -L https://bootstrap.saltstack.com | sudo sh
Using wget to install your distribution's stable packages:
wget -O - https://bootstrap.saltstack.com | sudo sh
Installing the latest develop branch of Salt:
curl -L https://bootstrap.saltstack.com | sudo sh -s -- git develop
Command Line Options
Here's a summary of the command line options:
$ sh bootstrap-salt.sh -h
Usage : bootstrap-salt.sh [options] <install-type> <install-type-args>
Installation types:
- stable (default)
- stable [version] (ubuntu specific)
- daily (ubuntu specific)
- testing (redhat specific)
- git
Examples:
- bootstrap-salt.sh
- bootstrap-salt.sh stable
- bootstrap-salt.sh stable 2014.7
- bootstrap-salt.sh daily
- bootstrap-salt.sh testing
- bootstrap-salt.sh git
- bootstrap-salt.sh git develop
- bootstrap-salt.sh git v0.17.0
- bootstrap-salt.sh git 8c3fadf15ec183e5ce8c63739850d543617e4357
Options:
-h Display this message
-v Display script version
-n No colours.
-D Show debug output.
-c Temporary configuration directory
-g Salt repository URL. (default: git://github.com/saltstack/salt.git)
-G Instead of cloning from git://github.com/saltstack/salt.git, clone from https://github.com/saltstack/salt.git (Usually necessary on systems which have the regular git protocol port blocked, where https usually is not)
-k Temporary directory holding the minion keys which will pre-seed
the master.
-s Sleep time used when waiting for daemons to start, restart and when checking
for the services running. Default: 3
-M Also install salt-master
-S Also install salt-syndic
-N Do not install salt-minion
-X Do not start daemons after installation
-C Only run the configuration function. This option automatically
bypasses any installation.
-P Allow pip based installations. On some distributions the required salt
packages or its dependencies are not available as a package for that
distribution. Using this flag allows the script to use pip as a last
resort method. NOTE: This only works for functions which actually
implement pip based installations.
-F Allow copied files to overwrite existing(config, init.d, etc)
-U If set, fully upgrade the system prior to bootstrapping salt
-K If set, keep the temporary files in the temporary directories specified
with -c and -k.
-I If set, allow insecure connections while downloading any files. For
example, pass '--no-check-certificate' to 'wget' or '--insecure' to 'curl'
-A Pass the salt-master DNS name or IP. This will be stored under
${BS_SALT_ETC_DIR}/minion.d/99-master-address.conf
-i Pass the salt-minion id. This will be stored under
${BS_SALT_ETC_DIR}/minion_id
-L Install the Apache Libcloud package if possible(required for salt-cloud)
-p Extra-package to install while installing salt dependencies. One package
per -p flag. You're responsible for providing the proper package name.
-d Disable check_service functions. Setting this flag disables the
'install_<distro>_check_services' checks. You can also do this by
touching /tmp/disable_salt_checks on the target host. Defaults ${BS_FALSE}
-H Use the specified http proxy for the installation
-Z Enable external software source for newer ZeroMQ(Only available for RHEL/CentOS/Fedora/Ubuntu based distributions)
-b Assume that dependencies are already installed and software sources are set up.
If git is selected, git tree is still checked out as dependency step.
Opening the Firewall up for Salt
The Salt master communicates with the minions using an AES-encrypted ZeroMQ connection. These
communications are done over TCP ports 4505 and 4506, which need to be accessible on the master only.
This document outlines suggested firewall rules for allowing these incoming connections to the master.
NOTE:
No firewall configuration needs to be done on Salt minions. These changes refer to the master only.
Fedora 18 and beyond / RHEL 7 / CentOS 7
Starting with Fedora 18 FirewallD is the tool that is used to dynamically manage the firewall rules on a
host. It has support for IPv4/6 settings and the separation of runtime and permanent configurations. To
interact with FirewallD use the command line client firewall-cmd.
firewall-cmd example:
firewall-cmd --permanent --zone=<zone> --add-port=4505-4506/tcp
Please choose the desired zone according to your setup. Don't forget to reload after you made your
changes.
firewall-cmd --reload
RHEL 6 / CentOS 6
The lokkit command packaged with some Linux distributions makes opening iptables firewall ports very
simple via the command line. Just be careful to not lock out access to the server by neglecting to open
the ssh port.
lokkit example:
lokkit -p 22:tcp -p 4505:tcp -p 4506:tcp
The system-config-firewall-tui command provides a text-based interface to modifying the firewall.
system-config-firewall-tui:
system-config-firewall-tui
openSUSE
Salt installs firewall rules in /etc/sysconfig/SuSEfirewall2.d/services/salt. Enable with:
SuSEfirewall2 open
SuSEfirewall2 start
If you have an older package of Salt where the above configuration file is not included, the
SuSEfirewall2 command makes opening iptables firewall ports very simple via the command line.
SuSEfirewall example:
SuSEfirewall2 open EXT TCP 4505
SuSEfirewall2 open EXT TCP 4506
The firewall module in YaST2 provides a text-based interface to modifying the firewall.
YaST2:
yast2 firewall
Windows
Windows Firewall is the default component of Microsoft Windows that provides firewalling and packet
filtering. There are many 3rd party firewalls available for Windows, some of which use rules from the
Windows Firewall. If you are experiencing problems see the vendor's specific documentation for opening
the required ports.
The Windows Firewall can be configured using the Windows Interface or from the command line.
Windows Firewall (interface):
1. Open the Windows Firewall Interface by typing wf.msc at the command prompt or in a run dialog (Windows
Key + R)
2. Navigate to Inbound Rules in the console tree
3. Add a new rule by clicking New Rule... in the Actions area
4. Change the Rule Type to Port. Click Next
5. Set the Protocol to TCP and specify local ports 4505-4506. Click Next
6. Set the Action to Allow the connection. Click Next
7. Apply the rule to Domain, Private, and Public. Click Next
8. Give the new rule a Name, ie: Salt. You may also add a description. Click Finish
Windows Firewall (command line):
The Windows Firewall rule can be created by issuing a single command. Run the following command from the
command line or a run prompt:
netsh advfirewall firewall add rule name="Salt" dir=in action=allow protocol=TCP localport=4505-4506
iptables
Different Linux distributions store their iptables (also known as netfilter) rules in different places,
which makes it difficult to standardize firewall documentation. Included are some of the more common
locations, but your mileage may vary.
Fedora / RHEL / CentOS:
/etc/sysconfig/iptables
Arch Linux:
/etc/iptables/iptables.rules
Debian
Follow these instructions: https://wiki.debian.org/iptables
Once you've found your firewall rules, you'll need to add the two lines below to allow traffic on
tcp/4505 and tcp/4506:
-A INPUT -m state --state new -m tcp -p tcp --dport 4505 -j ACCEPT
-A INPUT -m state --state new -m tcp -p tcp --dport 4506 -j ACCEPT
Ubuntu
Salt installs firewall rules in /etc/ufw/applications.d/salt.ufw. Enable with:
ufw allow salt
pf.conf
The BSD-family of operating systems uses packet filter (pf). The following example describes the
additions to pf.conf needed to access the Salt master.
pass in on $int_if proto tcp from any to $int_if port 4505
pass in on $int_if proto tcp from any to $int_if port 4506
Once these additions have been made to the pf.conf the rules will need to be reloaded. This can be done
using the pfctl command.
pfctl -vf /etc/pf.conf
Whitelist communication to Master
There are situations where you want to selectively allow Minion traffic from specific hosts or networks
into your Salt Master. The first scenario which comes to mind is to prevent unwanted traffic to your
Master out of security concerns, but another scenario is to handle Minion upgrades when there are
backwards incompatible changes between the installed Salt versions in your environment.
Here is an example Linux iptables ruleset to be set on the Master:
# Allow Minions from these networks
-I INPUT -s 10.1.2.0/24 -p tcp -m multiport --dports 4505,4506 -j ACCEPT
-I INPUT -s 10.1.3.0/24 -p tcp -m multiport --dports 4505,4506 -j ACCEPT
# Allow Salt to communicate with Master on the loopback interface
-A INPUT -i lo -p tcp -m multiport --dports 4505,4506 -j ACCEPT
# Reject everything else
-A INPUT -p tcp -m multiport --dports 4505,4506 -j REJECT
NOTE:
The important thing to note here is that the salt command needs to communicate with the listening
network socket of salt-master on the loopback interface. Without this you will see no outgoing Salt
traffic from the master, even for a simple salt '*' test.ping, because the salt client never reached
the salt-master to tell it to carry out the execution.
Preseed Minion with Accepted Key
In some situations, it is not convenient to wait for a minion to start before accepting its key on the
master. For instance, you may want the minion to bootstrap itself as soon as it comes online. You may
also want to let your developers provision new development machines on the fly.
SEE ALSO:
Many ways to preseed minion keys
Salt has other ways to generate and pre-accept minion keys in addition to the manual steps outlined
below.
salt-cloud performs these same steps automatically when new cloud VMs are created (unless instructed
not to).
salt-api exposes an HTTP call to Salt's REST API to generate and download the new minion keys as a
tarball.
There is a general four step process to do this:
1. Generate the keys on the master:
root@saltmaster# salt-key --gen-keys=[key_name]
Pick a name for the key, such as the minion's id.
2. Add the public key to the accepted minion folder:
root@saltmaster# cp key_name.pub /etc/salt/pki/master/minions/[minion_id]
It is necessary that the public key file has the same name as your minion id. This is how Salt matches
minions with their keys. Also note that the pki folder could be in a different location, depending on
your OS or if specified in the master config file.
3. Distribute the minion keys.
There is no single method to get the keypair to your minion. The difficulty is finding a distribution
method which is secure. For Amazon EC2 only, an AWS best practice is to use IAM Roles to pass
credentials. (See blog post,
http://blogs.aws.amazon.com/security/post/Tx610S2MLVZWEA/Using-IAM-roles-to-distribute-non-AWS-credentials-to-your-EC2-instances
)
Security Warning
Since the minion key is already accepted on the master, distributing the private key poses a
potential security risk. A malicious party will have access to your entire state tree and other
sensitive data if they gain access to a preseeded minion key.
4. Preseed the Minion with the keys
You will want to place the minion keys before starting the salt-minion daemon:
/etc/salt/pki/minion/minion.pem
/etc/salt/pki/minion/minion.pub
Once in place, you should be able to start salt-minion and run salt-call state.apply or any other salt
commands that require master authentication.
The macOS (Maverick) Developer Step By Step Guide To Salt Installation
This document provides a step-by-step guide to installing a Salt cluster consisting of one master, and
one minion running on a local VM hosted on macOS.
NOTE:
This guide is aimed at developers who wish to run Salt in a virtual machine. The official (Linux)
walkthrough can be found here.
The 5 Cent Salt Intro
Since you're here you've probably already heard about Salt, so you already know Salt lets you configure
and run commands on hordes of servers easily. Here's a brief overview of a Salt cluster:
• Salt works by having a "master" server sending commands to one or multiple "minion" servers [1]. The
master server is the "command center". It is going to be the place where you store your configuration
files, aka: "which server is the db, which is the web server, and what libraries and software they
should have installed". The minions receive orders from the master. Minions are the servers actually
performing work for your business.
• Salt has two types of configuration files:
1. the "salt communication channels" or "meta" or "config" configuration files (not official names):
one for the master (usually is /etc/salt/master , on the master server), and one for minions (default
is /etc/salt/minion or /etc/salt/minion.conf, on the minion servers). Those files are used to determine
things like the Salt Master IP, port, Salt folder locations, etc.. If these are configured incorrectly,
your minions will probably be unable to receive orders from the master, or the master will not know
which software a given minion should install.
2. the "business" or "service" configuration files (once again, not an official name): these are
configuration files, ending with ".sls" extension, that describe which software should run on which
server, along with particular configuration properties for the software that is being installed. These
files should be created in the /srv/salt folder by default, but their location can be changed using ...
/etc/salt/master configuration file!
NOTE:
This tutorial contains a third important configuration file, not to be confused with the previous two:
the virtual machine provisioning configuration file. This in itself is not specifically tied to Salt,
but it also contains some Salt configuration. More on that in step 3. Also note that all configuration
files are YAML files. So indentation matters.
[1] Salt also works with "masterless" configuration where a minion is autonomous (in which case salt can
be seen as a local configuration tool), or in "multiple master" configuration. See the documentation
for more on that.
Before Digging In, The Architecture Of The Salt Cluster
Salt Master
The "Salt master" server is going to be the Mac OS machine, directly. Commands will be run from a
terminal app, so Salt will need to be installed on the Mac. This is going to be more convenient for
toying around with configuration files.
Salt Minion
We'll only have one "Salt minion" server. It is going to be running on a Virtual Machine running on the
Mac, using VirtualBox. It will run an Ubuntu distribution.
Step 1 - Configuring The Salt Master On Your Mac
official documentation
Because Salt has a lot of dependencies that are not built in macOS, we will use Homebrew to install Salt.
Homebrew is a package manager for Mac, it's great, use it (for this tutorial at least!). Some people
spend a lot of time installing libs by hand to better understand dependencies, and then realize how
useful a package manager is once they're configuring a brand new machine and have to do it all over
again. It also lets you uninstall things easily.
NOTE:
Brew is a Ruby program (Ruby is installed by default with your Mac). Brew downloads, compiles, and
links software. The linking phase is when compiled software is deployed on your machine. It may
conflict with manually installed software, especially in the /usr/local directory. It's ok, remove the
manually installed version then refresh the link by typing brew link 'packageName'. Brew has a brew
doctor command that can help you troubleshoot. It's a great command, use it often. Brew requires xcode
command line tools. When you run brew the first time it asks you to install them if they're not
already on your system. Brew installs software in /usr/local/bin (system bins are in /usr/bin). In
order to use those bins you need your $PATH to search there first. Brew tells you if your $PATH needs
to be fixed.
TIP:
Use the keyboard shortcut cmd + shift + period in the "open" macOS dialog box to display hidden files
and folders, such as .profile.
Install Homebrew
Install Homebrew here http://brew.sh/ Or just type
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
Now type the following commands in your terminal (you may want to type brew doctor after each to make
sure everything's fine):
brew install python
brew install swig
brew install zmq
NOTE:
zmq is ZeroMQ. It's a fantastic library used for server to server network communication and is at the
core of Salt efficiency.
Install Salt
You should now have everything ready to launch this command:
pip install salt
NOTE:
There should be no need for sudo pip install salt. Brew installed Python for your user, so you should
have all the access. In case you would like to check, type which python to ensure that it's
/usr/local/bin/python, and which pip which should be /usr/local/bin/pip.
Now type python in a terminal then, import salt. There should be no errors. Now exit the Python terminal
using exit().
Create The Master Configuration
If the default /etc/salt/master configuration file was not created, copy-paste it from here:
http://docs.saltstack.com/ref/configuration/examples.html#configuration-examples-master
NOTE:
/etc/salt/master is a file, not a folder.
Salt Master configuration changes. The Salt master needs a few customization to be able to run on macOS:
sudo launchctl limit maxfiles 4096 8192
In the /etc/salt/master file, change max_open_files to 8192 (or just add the line: max_open_files: 8192
(no quote) if it doesn't already exists).
You should now be able to launch the Salt master:
sudo salt-master --log-level=all
There should be no errors when running the above command.
NOTE:
This command is supposed to be a daemon, but for toying around, we'll keep it running on a terminal to
monitor the activity.
Now that the master is set, let's configure a minion on a VM.
The Salt minion is going to run on a Virtual Machine. There are a lot of software options that let you
run virtual machines on a mac, But for this tutorial we're going to use VirtualBox. In addition to
virtualBox, we will use Vagrant, which allows you to create the base VM configuration.
Vagrant lets you build ready to use VM images, starting from an OS image and customizing it using
"provisioners". In our case, we'll use it to:
• Download the base Ubuntu image
• Install salt on that Ubuntu image (Salt is going to be the "provisioner" for the VM).
• Launch the VM
• SSH into the VM to debug
• Stop the VM once you're done.
Install VirtualBox
Go get it here: https://www.virtualBox.org/wiki/Downloads (click on VirtualBox for macOS hosts =>
x86/amd64)
Install Vagrant
Go get it here: http://downloads.vagrantup.com/ and choose the latest version (1.3.5 at time of writing),
then the .dmg file. Double-click to install it. Make sure the vagrant command is found when run in the
terminal. Type vagrant. It should display a list of commands.
Create The Minion VM Folder
Create a folder in which you will store your minion's VM. In this tutorial, it's going to be a minion
folder in the $home directory.
cd $home
mkdir minion
Initialize Vagrant
From the minion folder, type
vagrant init
This command creates a default Vagrantfile configuration file. This configuration file will be used to
pass configuration parameters to the Salt provisioner in Step 3.
Import Precise64 Ubuntu Box
vagrant box add precise64 http://files.vagrantup.com/precise64.box
NOTE:
This box is added at the global Vagrant level. You only need to do it once as each VM will use this
same file.
Modify the Vagrantfile
Modify ./minion/Vagrantfile to use th precise64 box. Change the config.vm.box line to:
config.vm.box = "precise64"
Uncomment the line creating a host-only IP. This is the ip of your minion (you can change it to something
else if that IP is already in use):
config.vm.network :private_network, ip: "192.168.33.10"
At this point you should have a VM that can run, although there won't be much in it. Let's check that.
Checking The VM
From the $home/minion folder type:
vagrant up
A log showing the VM booting should be present. Once it's done you'll be back to the terminal:
ping 192.168.33.10
The VM should respond to your ping request.
Now log into the VM in ssh using Vagrant again:
vagrant ssh
You should see the shell prompt change to something similar to vagrant@precise64:~$ meaning you're inside
the VM. From there, enter the following:
ping 10.0.2.2
NOTE:
That ip is the ip of your VM host (the macOS host). The number is a VirtualBox default and is
displayed in the log after the Vagrant ssh command. We'll use that IP to tell the minion where the
Salt master is. Once you're done, end the ssh session by typing exit.
It's now time to connect the VM to the salt master
Creating The Minion Configuration File
Create the /etc/salt/minion file. In that file, put the following lines, giving the ID for this minion,
and the IP of the master:
master: 10.0.2.2
id: 'minion1'
file_client: remote
Minions authenticate with the master using keys. Keys are generated automatically if you don't provide
one and can accept them later on. However, this requires accepting the minion key every time the minion
is destroyed or created (which could be quite often). A better way is to create those keys in advance,
feed them to the minion, and authorize them once.
Preseed minion keys
From the minion folder on your Mac run:
sudo salt-key --gen-keys=minion1
This should create two files: minion1.pem, and minion1.pub. Since those files have been created using
sudo, but will be used by vagrant, you need to change ownership:
sudo chown youruser:yourgroup minion1.pem
sudo chown youruser:yourgroup minion1.pub
Then copy the .pub file into the list of accepted minions:
sudo cp minion1.pub /etc/salt/pki/master/minions/minion1
Modify Vagrantfile to Use Salt Provisioner
Let's now modify the Vagrantfile used to provision the Salt VM. Add the following section in the
Vagrantfile (note: it should be at the same indentation level as the other properties):
# salt-vagrant config
config.vm.provision :salt do |salt|
salt.run_highstate = true
salt.minion_config = "/etc/salt/minion"
salt.minion_key = "./minion1.pem"
salt.minion_pub = "./minion1.pub"
end
Now destroy the vm and recreate it from the /minion folder:
vagrant destroy
vagrant up
If everything is fine you should see the following message:
"Bootstrapping Salt... (this may take a while)
Salt successfully configured and installed!"
Checking Master-Minion Communication
To make sure the master and minion are talking to each other, enter the following:
sudo salt '*' test.ping
You should see your minion answering the ping. It's now time to do some configuration.
In this step we'll use the Salt master to instruct our minion to install Nginx.
Checking the system's original state
First, make sure that an HTTP server is not installed on our minion. When opening a browser directed at
http://192.168.33.10/ You should get an error saying the site cannot be reached.
Initialize the top.sls file
System configuration is done in /srv/salt/top.sls (and subfiles/folders), and then applied by running the
state.apply function to have the Salt master order its minions to update their instructions and run the
associated commands.
First Create an empty file on your Salt master (macOS machine):
touch /srv/salt/top.sls
When the file is empty, or if no configuration is found for our minion an error is reported:
sudo salt 'minion1' state.apply
This should return an error stating: No Top file or external nodes data matches found.
Create The Nginx Configuration
Now is finally the time to enter the real meat of our server's configuration. For this tutorial our
minion will be treated as a web server that needs to have Nginx installed.
Insert the following lines into /srv/salt/top.sls (which should current be empty).
base:
'minion1':
- bin.nginx
Now create /srv/salt/bin/nginx.sls containing the following:
nginx:
pkg.installed:
- name: nginx
service.running:
- enable: True
- reload: True
Check Minion State
Finally, run the state.apply function again:
sudo salt 'minion1' state.apply
You should see a log showing that the Nginx package has been installed and the service configured. To
prove it, open your browser and navigate to http://192.168.33.10/, you should see the standard Nginx
welcome page.
Congratulations!
Where To Go From Here
A full description of configuration management within Salt (sls files among other things) is available
here: http://docs.saltstack.com/en/latest/index.html#configuration-management
running salt as normal user tutorial
Before continuing make sure you have a working Salt installation by following the installation and the
configuration instructions.
Stuck?
There are many ways to get help from the Salt community including our mailing list and our IRC
channel #salt.
Running Salt functions as non root user
If you don't want to run salt cloud as root or even install it you can configure it to have a virtual
root in your working directory.
The salt system uses the salt.syspath module to find the variables
If you run the salt-build, it will generated in:
./build/lib.linux-x86_64-2.7/salt/_syspaths.py
To generate it, run the command:
python setup.py build
Copy the generated module into your salt directory
cp ./build/lib.linux-x86_64-2.7/salt/_syspaths.py salt/_syspaths.py
Edit it to include needed variables and your new paths
# you need to edit this
ROOT_DIR = *your current dir* + '/salt/root'
# you need to edit this
INSTALL_DIR = *location of source code*
CONFIG_DIR = ROOT_DIR + '/etc/salt'
CACHE_DIR = ROOT_DIR + '/var/cache/salt'
SOCK_DIR = ROOT_DIR + '/var/run/salt'
SRV_ROOT_DIR= ROOT_DIR + '/srv'
BASE_FILE_ROOTS_DIR = ROOT_DIR + '/srv/salt'
BASE_PILLAR_ROOTS_DIR = ROOT_DIR + '/srv/pillar'
BASE_MASTER_ROOTS_DIR = ROOT_DIR + '/srv/salt-master'
LOGS_DIR = ROOT_DIR + '/var/log/salt'
PIDFILE_DIR = ROOT_DIR + '/var/run'
CLOUD_DIR = INSTALL_DIR + '/cloud'
BOOTSTRAP = CLOUD_DIR + '/deploy/bootstrap-salt.sh'
Create the directory structure
mkdir -p root/etc/salt root/var/cache/run root/run/salt root/srv
root/srv/salt root/srv/pillar root/srv/salt-master root/var/log/salt root/var/run
Populate the configuration files:
cp -r conf/* root/etc/salt/
Edit your root/etc/salt/master configuration that is used by salt-cloud:
user: *your user name*
Run like this:
PYTHONPATH=`pwd` scripts/salt-cloud
Standalone Minion
Since the Salt minion contains such extensive functionality it can be useful to run it standalone. A
standalone minion can be used to do a number of things:
• Use salt-call commands on a system without connectivity to a master
• Masterless States, run states entirely from files local to the minion
NOTE:
When running Salt in masterless mode, do not run the salt-minion daemon. Otherwise, it will attempt
to connect to a master and fail. The salt-call command stands on its own and does not need the
salt-minion daemon.
Minion Configuration
Throughout this document there are several references to setting different options to configure a
masterless Minion. Salt Minions are easy to configure via a configuration file that is located, by
default, in /etc/salt/minion. Note, however, that on FreeBSD systems, the minion configuration file is
located in /usr/local/etc/salt/minion.
You can learn more about minion configuration options in the Configuring the Salt Minion docs.
Telling Salt Call to Run Masterless
The salt-call command is used to run module functions locally on a minion instead of executing them from
the master. Normally the salt-call command checks into the master to retrieve file server and pillar
data, but when running standalone salt-call needs to be instructed to not check the master for this data.
To instruct the minion to not look for a master when running salt-call the file_client configuration
option needs to be set. By default the file_client is set to remote so that the minion knows that file
server and pillar data are to be gathered from the master. When setting the file_client option to local
the minion is configured to not gather this data from the master.
file_client: local
Now the salt-call command will not look for a master and will assume that the local system has all of the
file and pillar resources.
Running States Masterless
The state system can be easily run without a Salt master, with all needed files local to the minion. To
do this the minion configuration file needs to be set up to know how to return file_roots information
like the master. The file_roots setting defaults to /srv/salt for the base environment just like on the
master:
file_roots:
base:
- /srv/salt
Now set up the Salt State Tree, top file, and SLS modules in the same way that they would be set up on a
master. Now, with the file_client option set to local and an available state tree then calls to functions
in the state module will use the information in the file_roots on the minion instead of checking in with
the master.
Remember that when creating a state tree on a minion there are no syntax or path changes needed, SLS
modules written to be used from a master do not need to be modified in any way to work with a minion.
This makes it easy to "script" deployments with Salt states without having to set up a master, and allows
for these SLS modules to be easily moved into a Salt master as the deployment grows.
The declared state can now be executed with:
salt-call state.apply
Or the salt-call command can be executed with the --local flag, this makes it unnecessary to change the
configuration file:
salt-call state.apply --local
External Pillars
External pillars are supported when running in masterless mode.
Salt Masterless Quickstart
Running a masterless salt-minion lets you use Salt's configuration management for a single machine
without calling out to a Salt master on another machine.
Since the Salt minion contains such extensive functionality it can be useful to run it standalone. A
standalone minion can be used to do a number of things:
• Stand up a master server via States (Salting a Salt Master)
• Use salt-call commands on a system without connectivity to a master
• Masterless States, run states entirely from files local to the minion
It is also useful for testing out state trees before deploying to a production setup.
Bootstrap Salt Minion
The salt-bootstrap script makes bootstrapping a server with Salt simple for any OS with a Bourne shell:
curl -L https://bootstrap.saltstack.com -o bootstrap_salt.sh
sudo sh bootstrap_salt.sh
See the salt-bootstrap documentation for other one liners. When using Vagrant to test out salt, the
Vagrant salt provisioner will provision the VM for you.
Telling Salt to Run Masterless
To instruct the minion to not look for a master, the file_client configuration option needs to be set in
the minion configuration file. By default the file_client is set to remote so that the minion gathers
file server and pillar data from the salt master. When setting the file_client option to local the
minion is configured to not gather this data from the master.
file_client: local
Now the salt minion will not look for a master and will assume that the local system has all of the file
and pillar resources.
Configuration which resided in the master configuration (e.g. /etc/salt/master) should be moved to the
minion configuration since the minion does not read the master configuration.
NOTE:
When running Salt in masterless mode, do not run the salt-minion daemon. Otherwise, it will attempt
to connect to a master and fail. The salt-call command stands on its own and does not need the
salt-minion daemon.
Create State Tree
Following the successful installation of a salt-minion, the next step is to create a state tree, which is
where the SLS files that comprise the possible states of the minion are stored.
The following example walks through the steps necessary to create a state tree that ensures that the
server has the Apache webserver installed.
NOTE:
For a complete explanation on Salt States, see the tutorial.
1. Create the top.sls file:
/srv/salt/top.sls:
base:
'*':
- webserver
2. Create the webserver state tree:
/srv/salt/webserver.sls:
apache: # ID declaration
pkg: # state declaration
- installed # function declaration
NOTE:
The apache package has different names on different platforms, for instance on Debian/Ubuntu it is
apache2, on Fedora/RHEL it is httpd and on Arch it is apache
The only thing left is to provision our minion using salt-call.
Salt-call
The salt-call command is used to run remote execution functions locally on a minion instead of executing
them from the master. Normally the salt-call command checks into the master to retrieve file server and
pillar data, but when running standalone salt-call needs to be instructed to not check the master for
this data:
salt-call --local state.apply
The --local flag tells the salt-minion to look for the state tree in the local file system and not to
contact a Salt Master for instructions.
To provide verbose output, use -l debug:
salt-call --local state.apply -l debug
The minion first examines the top.sls file and determines that it is a part of the group matched by *
glob and that the webserver SLS should be applied.
It then examines the webserver.sls file and finds the apache state, which installs the Apache package.
The minion should now have Apache installed, and the next step is to begin learning how to write more
complex states.
Dependencies
Salt should run on any Unix-like platform so long as the dependencies are met.
•
`Python 2.7`_
>= 2.7 <3.0
• msgpack-python - High-performance message interchange format
• YAML - Python YAML bindings
• Jinja2 - parsing Salt States (configurable in the master settings)
• MarkupSafe - Implements a XML/HTML/XHTML Markup safe string for Python
• apache-libcloud - Python lib for interacting with many of the popular cloud service providers using a
unified API
• Requests - HTTP library
• Tornado - Web framework and asynchronous networking library
• futures - Backport of the concurrent.futures package from Python 3.2
Depending on the chosen Salt transport, ZeroMQ or RAET, dependencies vary:
• ZeroMQ:
• ZeroMQ >= 3.2.0
• pyzmq >= 2.2.0 - ZeroMQ Python bindings
• PyCrypto - The Python cryptography toolkit
• RAET:
• libnacl - Python bindings to libsodium
• ioflo - The flo programming interface raet and salt-raet is built on
• RAET - The worlds most awesome UDP protocol
Salt defaults to the ZeroMQ transport, and the choice can be made at install time, for example:
python setup.py --salt-transport=raet install
This way, only the required dependencies are pulled by the setup script if need be.
If installing using pip, the --salt-transport install option can be provided like:
pip install --install-option="--salt-transport=raet" salt
NOTE:
Salt does not bundle dependencies that are typically distributed as part of the base OS. If you have
unmet dependencies and are using a custom or minimal installation, you might need to install some
additional packages from your OS vendor.
Optional Dependencies
• mako - an optional parser for Salt States (configurable in the master settings)
• gcc - dynamic Cython module compiling
Upgrading Salt
When upgrading Salt, the master(s) should always be upgraded first. Backward compatibility for minions
running newer versions of salt than their masters is not guaranteed.
Whenever possible, backward compatibility between new masters and old minions will be preserved.
Generally, the only exception to this policy is in case of a security vulnerability.
SEE ALSO:
Installing Salt for development and contributing to the project.
Building Packages using Salt Pack
Salt-pack is an open-source package builder for most commonly used Linux platforms, for example:
Redhat/CentOS and Debian/Ubuntu families, utilizing SaltStack states and execution modules to build Salt
and a specified set of dependencies, from which a platform specific repository can be built.
https://github.com/saltstack/salt-pack
CONFIGURING SALT
This section explains how to configure user access, view and store job results, secure and troubleshoot,
and how to perform many other administrative tasks.
Configuring the Salt Master
The Salt system is amazingly simple and easy to configure, the two components of the Salt system each
have a respective configuration file. The salt-master is configured via the master configuration file,
and the salt-minion is configured via the minion configuration file.
SEE ALSO:
Example master configuration file.
The configuration file for the salt-master is located at /etc/salt/master by default. A notable
exception is FreeBSD, where the configuration file is located at /usr/local/etc/salt. The available
options are as follows:
Primary Master Configuration
interface
Default: 0.0.0.0 (all interfaces)
The local interface to bind to, must be an IP address.
interface: 192.168.0.1
ipv6
Default: False
Whether the master should listen for IPv6 connections. If this is set to True, the interface option must
be adjusted too (for example: interface: '::')
ipv6: True
publish_port
Default: 4505
The network port to set up the publication interface.
publish_port: 4505
master_id
Default: None
The id to be passed in the publish job to minions. This is used for MultiSyndics to return the job to the
requesting master.
NOTE:
This must be the same string as the syndic is configured with.
master_id: MasterOfMaster
user
Default: root
The user to run the Salt processes
user: root
ret_port
Default: 4506
The port used by the return server, this is the server used by Salt to receive execution returns and
command executions.
ret_port: 4506
pidfile
Default: /var/run/salt-master.pid
Specify the location of the master pidfile.
pidfile: /var/run/salt-master.pid
root_dir
Default: /
The system root directory to operate from, change this to make Salt run from an alternative root.
root_dir: /
NOTE:
This directory is prepended to the following options: pki_dir, cachedir, sock_dir, log_file,
autosign_file, autoreject_file, pidfile.
conf_file
Default: /etc/salt/master
The path to the master's configuration file.
conf_file: /etc/salt/master
pki_dir
Default: /etc/salt/pki/master
The directory to store the pki authentication keys.
pki_dir: /etc/salt/pki/master
extension_modules
Changed in version 2016.3.0: The default location for this directory has been moved. Prior to this
version, the location was a directory named extmods in the Salt cachedir (on most platforms,
/var/cache/salt/extmods). It has been moved into the master cachedir (on most platforms,
/var/cache/salt/master/extmods).
Directory for custom modules. This directory can contain subdirectories for each of Salt's module types
such as runners, output, wheel, modules, states, returners, engines, utils, etc. This path is appended
to root_dir.
extension_modules: /root/salt_extmods
extmod_whitelist/extmod_blacklist
New in version 2017.7.0.
By using this dictionary, the modules that are synced to the master's extmod cache using saltutil.sync_*
can be limited. If nothing is set to a specific type, then all modules are accepted. To block all
modules of a specific type, whitelist an empty list.
extmod_whitelist:
modules:
- custom_module
engines:
- custom_engine
pillars: []
extmod_blacklist:
modules:
- specific_module
Valid options:
• modules
• states
• grains
• renderers
• returners
• output
• proxy
• runners
• wheel
• engines
• queues
• pillar
• utils
• sdb
• cache
• clouds
• tops
• roster
module_dirs
Default: []
Like extension_modules, but a list of extra directories to search for Salt modules.
module_dirs:
- /var/cache/salt/minion/extmods
cachedir
Default: /var/cache/salt/master
The location used to store cache information, particularly the job information for executed salt
commands.
This directory may contain sensitive data and should be protected accordingly.
cachedir: /var/cache/salt/master
verify_env
Default: True
Verify and set permissions on configuration directories at startup.
verify_env: True
keep_jobs
Default: 24
Set the number of hours to keep old job information. Note that setting this option to 0 disables the
cache cleaner.
keep_jobs: 24
gather_job_timeout
New in version 2014.7.0.
Default: 10
The number of seconds to wait when the client is requesting information about running jobs.
gather_job_timeout: 10
timeout
Default: 5
Set the default timeout for the salt command and api.
loop_interval
Default: 60
The loop_interval option controls the seconds for the master's maintenance process check cycle. This
process updates file server backends, cleans the job cache and executes the scheduler.
output
Default: nested
Set the default outputter used by the salt command.
outputter_dirs
Default: []
A list of additional directories to search for salt outputters in.
outputter_dirs: []
output_file
Default: None
Set the default output file used by the salt command. Default is to output to the CLI and not to a file.
Functions the same way as the "--out-file" CLI option, only sets this to a single file for all salt
commands.
output_file: /path/output/file
show_timeout
Default: True
Tell the client to show minions that have timed out.
show_timeout: True
show_jid
Default: False
Tell the client to display the jid when a job is published.
show_jid: False
color
Default: True
By default output is colored, to disable colored output set the color value to False.
color: False
cli_summary
Default: False
When set to True, displays a summary of the number of minions targeted, the number of minions returned,
and the number of minions that did not return.
cli_summary: False
sock_dir
Default: /var/run/salt/master
Set the location to use for creating Unix sockets for master process communication.
sock_dir: /var/run/salt/master
enable_gpu_grains
Default: True
Enable GPU hardware data for your master. Be aware that the master can take a while to start up when
lspci and/or dmidecode is used to populate the grains for the master.
job_cache
Default: True
The master maintains a temporary job cache. While this is a great addition, it can be a burden on the
master for larger deployments (over 5000 minions). Disabling the job cache will make previously executed
jobs unavailable to the jobs system and is not generally recommended. Normally it is wise to make sure
the master has access to a faster IO system or a tmpfs is mounted to the jobs dir.
job_cache: True
NOTE:
Setting the job_cache to False will not cache minion returns, but the JID directory for each job is
still created. The creation of the JID directories is necessary because Salt uses those directories to
check for JID collisions. By setting this option to False, the job cache directory, which is
/var/cache/salt/master/jobs/ by default, will be smaller, but the JID directories will still be
present.
Note that the keep_jobs option can be set to a lower value, such as 1, to limit the number of hours
jobs are stored in the job cache. (The default is 24 hours.)
Please see the Managing the Job Cache documentation for more information.
minion_data_cache
Default: True
The minion data cache is a cache of information about the minions stored on the master, this information
is primarily the pillar, grains and mine data. The data is cached via the cache subsystem in the Master
cachedir under the name of the minion or in a supported database. The data is used to predetermine what
minions are expected to reply from executions.
minion_data_cache: True
cache
Default: localfs
Cache subsystem module to use for minion data cache.
cache: consul
memcache_expire_seconds
Default: 0
Memcache is an additional cache layer that keeps a limited amount of data fetched from the minion data
cache for a limited period of time in memory that makes cache operations faster. It doesn't make much
sence for the localfs cache driver but helps for more complex drivers like consul.
This option sets the memcache items expiration time. By default is set to 0 that disables the memcache.
memcache_expire_seconds: 30
memcache_max_items
Default: 1024
Set memcache limit in items that are bank-key pairs. I.e the list of minion_0/data, minion_0/mine,
minion_1/data contains 3 items. This value depends on the count of minions usually targeted in your
environment. The best one could be found by analyzing the cache log with memcache_debug enabled.
memcache_max_items: 1024
memcache_full_cleanup
Default: False
If cache storage got full, i.e. the items count exceeds the memcache_max_items value, memcache cleans up
it's storage. If this option set to False memcache removes the only one oldest value from it's storage.
If this set set to True memcache removes all the expired items and also removes the oldest one if there
are no expired items.
memcache_full_cleanup: True
memcache_debug
Default: False
Enable collecting the memcache stats and log it on debug log level. If enabled memcache collect
information about how many fetch calls has been done and how many of them has been hit by memcache. Also
it outputs the rate value that is the result of division of the first two values. This should help to
choose right values for the expiration time and the cache size.
memcache_debug: True
ext_job_cache
Default: ''
Used to specify a default returner for all minions. When this option is set, the specified returner needs
to be properly configured and the minions will always default to sending returns to this returner. This
will also disable the local job cache on the master.
ext_job_cache: redis
event_return
New in version 2015.5.0.
Default: ''
Specify the returner(s) to use to log events. Each returner may have installation and configuration
requirements. Read the returner's documentation.
NOTE:
Not all returners support event returns. Verify that a returner has an event_return() function before
configuring this option with a returner.
event_return:
- syslog
- splunk
event_return_queue
New in version 2015.5.0.
Default: 0
On busy systems, enabling event_returns can cause a considerable load on the storage system for
returners. Events can be queued on the master and stored in a batched fashion using a single transaction
for multiple events. By default, events are not queued.
event_return_queue: 0
event_return_whitelist
New in version 2015.5.0.
Default: []
Only return events matching tags in a whitelist.
Changed in version 2016.11.0: Supports glob matching patterns.
event_return_whitelist:
- salt/master/a_tag
- salt/run/*/ret
event_return_blacklist
New in version 2015.5.0.
Default: []
Store all event returns _except_ the tags in a blacklist.
Changed in version 2016.11.0: Supports glob matching patterns.
event_return_blacklist:
- salt/master/not_this_tag
- salt/wheel/*/ret
max_event_size
New in version 2014.7.0.
Default: 1048576
Passing very large events can cause the minion to consume large amounts of memory. This value tunes the
maximum size of a message allowed onto the master event bus. The value is expressed in bytes.
max_event_size: 1048576
ping_on_rotate
New in version 2014.7.0.
Default: False
By default, the master AES key rotates every 24 hours. The next command following a key rotation will
trigger a key refresh from the minion which may result in minions which do not respond to the first
command after a key refresh.
To tell the master to ping all minions immediately after an AES key refresh, set ping_on_rotate to True.
This should mitigate the issue where a minion does not appear to initially respond after a key is
rotated.
Note that ping_on_rotate may cause high load on the master immediately after the key rotation event as
minions reconnect. Consider this carefully if this salt master is managing a large number of minions.
master_job_cache
New in version 2014.7.0.
Default: local_cache
Specify the returner to use for the job cache. The job cache will only be interacted with from the salt
master and therefore does not need to be accessible from the minions.
master_job_cache: redis
enforce_mine_cache
Default: False
By-default when disabling the minion_data_cache mine will stop working since it is based on cached data,
by enabling this option we explicitly enabling only the cache for the mine system.
enforce_mine_cache: False
max_minions
Default: 0
The maximum number of minion connections allowed by the master. Use this to accommodate the number of
minions per master if you have different types of hardware serving your minions. The default of 0 means
unlimited connections. Please note that this can slow down the authentication process a bit in large
setups.
max_minions: 100
con_cache
Default: False
If max_minions is used in large installations, the master might experience high-load situations because
of having to check the number of connected minions for every authentication. This cache provides the
minion-ids of all connected minions to all MWorker-processes and greatly improves the performance of
max_minions.
con_cache: True
presence_events
Default: False
Causes the master to periodically look for actively connected minions. Presence events are fired on the
event bus on a regular interval with a list of connected minions, as well as events with lists of newly
connected or disconnected minions. This is a master-only operation that does not send executions to
minions. Note, this does not detect minions that connect to a master via localhost.
presence_events: False
ping_on_rotate
Default: False
By default, the master AES key rotates every 24 hours. The next command following a key rotation will
trigger a key refresh from the minion which may result in minions which do not respond to the first
command after a key refresh.
To tell the master to ping all minions immediately after an AES key refresh, set ping_on_rotate to True.
This should mitigate the issue where a minion does not appear to initially respond after a key is
rotated.
Note that ping_on_rotate may cause high load on the master immediately after the key rotation event as
minions reconnect. Consider this carefully if this salt master is managing a large number of minions.
If disabled, it is recommended to handle this event by listening for the aes_key_rotate event with the
key tag and acting appropriately.
ping_on_rotate: False
transport
Default: zeromq
Changes the underlying transport layer. ZeroMQ is the recommended transport while additional transport
layers are under development. Supported values are zeromq, raet (experimental), and tcp (experimental).
This setting has a significant impact on performance and should not be changed unless you know what you
are doing! Transports are explained in Salt Transports.
transport: zeromq
transport_opts
Default: {}
(experimental) Starts multiple transports and overrides options for each transport with the provided
dictionary This setting has a significant impact on performance and should not be changed unless you know
what you are doing! Transports are explained in Salt Transports. The following example shows how to start
a TCP transport alongside a ZMQ transport.
transport_opts:
tcp:
publish_port: 4605
ret_port: 4606
zeromq: []
sock_pool_size
Default: 1
To avoid blocking waiting while writing a data to a socket, we support socket pool for Salt applications.
For example, a job with a large number of target host list can cause long period blocking waiting. The
option is used by ZMQ and TCP transports, and the other transport methods don't need the socket pool by
definition. Most of Salt tools, including CLI, are enough to use a single bucket of socket pool. On the
other hands, it is highly recommended to set the size of socket pool larger than 1 for other Salt
applications, especially Salt API, which must write data to socket concurrently.
sock_pool_size: 15
ipc_mode
Default: ipc
The ipc strategy. (i.e., sockets versus tcp, etc.) Windows platforms lack POSIX IPC and must rely on TCP
based inter-process communications. ipc_mode is set to tcp by default on Windows.
ipc_mode: ipc
tcp_master_pub_port
Default: 4512
The TCP port on which events for the master should be published if ipc_mode is TCP.
tcp_master_pub_port: 4512
tcp_master_pull_port
Default: 4513
The TCP port on which events for the master should be pulled if ipc_mode is TCP.
tcp_master_pull_port: 4513
tcp_master_publish_pull
Default: 4514
The TCP port on which events for the master should be pulled fom and then republished onto the event bus
on the master.
tcp_master_publish_pull: 4514
tcp_master_workers
Default: 4515
The TCP port for mworkers to connect to on the master.
tcp_master_workers: 4515
auth_events
New in version 2017.7.3.
Default: True
Determines whether the master will fire authentication events. Authentication events are fired when a
minion performs an authentication check with the master.
auth_events: True
minion_data_cache_events
New in version 2017.7.3.
Default: True
Determines whether the master will fire minion data cache events. Minion data cache events are fired
when a minion requests a minion data cache refresh.
minion_data_cache_events: True
Salt-SSH Configuration
roster_file
Default: /etc/salt/roster
Pass in an alternative location for the salt-ssh roster file.
roster_file: /root/roster
ssh_passwd
Default: ''
The ssh password to log in with.
ssh_passwd: ''
ssh_port
Default: 22
The target system's ssh port number.
ssh_port: 22
ssh_scan_ports
Default: 22
Comma-separated list of ports to scan.
ssh_scan_ports: 22
ssh_scan_timeout
Default: 0.01
Scanning socket timeout for salt-ssh.
ssh_scan_timeout: 0.01
ssh_sudo
Default: False
Boolean to run command via sudo.
ssh_sudo: False
ssh_timeout
Default: 60
Number of seconds to wait for a response when establishing an SSH connection.
ssh_timeout: 60
ssh_user
Default: root
The user to log in as.
ssh_user: root
ssh_log_file
New in version 2016.3.5.
Default: /var/log/salt/ssh
Specify the log file of the salt-ssh command.
ssh_log_file: /var/log/salt/ssh
ssh_minion_opts
Default: None
Pass in minion option overrides that will be inserted into the SHIM for salt-ssh calls. The local minion
config is not used for salt-ssh. Can be overridden on a per-minion basis in the roster (minion_opts)
ssh_minion_opts:
gpg_keydir: /root/gpg
ssh_use_home_key
Default: False
Set this to True to default to using ~/.ssh/id_rsa for salt-ssh authentication with minions
ssh_use_home_key: False
ssh_identities_only
Default: False
Set this to True to default salt-ssh to run with -o IdentitiesOnly=yes. This option is intended for
situations where the ssh-agent offers many different identities and allows ssh to ignore those identities
and use the only one specified in options.
ssh_identities_only: False
ssh_list_nodegroups
Default: {}
List-only nodegroups for salt-ssh. Each group must be formed as either a comma-separated list, or a YAML
list. This option is useful to group minions into easy-to-target groups when using salt-ssh. These groups
can then be targeted with the normal -N argument to salt-ssh.
ssh_list_nodegroups:
groupA: minion1,minion2
groupB: minion1,minion3
thin_extra_mods
Default: None
List of additional modules, needed to be included into the Salt Thin. Pass a list of importable Python
modules that are typically located in the site-packages Python directory so they will be also always
included into the Salt Thin, once generated.
min_extra_mods
Default: None
Identical as thin_extra_mods, only applied to the Salt Minimal.
Master Security Settings
open_mode
Default: False
Open mode is a dangerous security feature. One problem encountered with pki authentication systems is
that keys can become "mixed up" and authentication begins to fail. Open mode turns off authentication and
tells the master to accept all authentication. This will clean up the pki keys received from the minions.
Open mode should not be turned on for general use. Open mode should only be used for a short period of
time to clean up pki keys. To turn on open mode set this value to True.
open_mode: False
auto_accept
Default: False
Enable auto_accept. This setting will automatically accept all incoming public keys from minions.
auto_accept: False
keysize
Default: 2048
The size of key that should be generated when creating new keys.
keysize: 2048
autosign_timeout
New in version 2014.7.0.
Default: 120
Time in minutes that a incoming public key with a matching name found in pki_dir/minion_autosign/keyid is
automatically accepted. Expired autosign keys are removed when the master checks the minion_autosign
directory. This method to auto accept minions can be safer than an autosign_file because the keyid record
can expire and is limited to being an exact name match. This should still be considered a less than
secure option, due to the fact that trust is based on just the requesting minion id.
autosign_file
Default: not defined
If the autosign_file is specified incoming keys specified in the autosign_file will be automatically
accepted. Matches will be searched for first by string comparison, then by globbing, then by full-string
regex matching. This should still be considered a less than secure option, due to the fact that trust is
based on just the requesting minion id.
autoreject_file
New in version 2014.1.0.
Default: not defined
Works like autosign_file, but instead allows you to specify minion IDs for which keys will automatically
be rejected. Will override both membership in the autosign_file and the auto_accept setting.
permissive_pki_access
Default: False
Enable permissive access to the salt keys. This allows you to run the master or minion as root, but have
a non-root group be given access to your pki_dir. To make the access explicit, root must belong to the
group you've given access to. This is potentially quite insecure. If an autosign_file is specified,
enabling permissive_pki_access will allow group access to that specific file.
permissive_pki_access: False
publisher_acl
Default: {}
Enable user accounts on the master to execute specific modules. These modules can be expressed as regular
expressions.
publisher_acl:
fred:
- test.ping
- pkg.*
publisher_acl_blacklist
Default: {}
Blacklist users or modules
This example would blacklist all non sudo users, including root from running any commands. It would also
blacklist any use of the "cmd" module.
This is completely disabled by default.
publisher_acl_blacklist:
users:
- root
- '^(?!sudo_).*$' # all non sudo users
modules:
- cmd.*
- test.echo
sudo_acl
Default: False
Enforce publisher_acl and publisher_acl_blacklist when users have sudo access to the salt command.
sudo_acl: False
external_auth
Default: {}
The external auth system uses the Salt auth modules to authenticate and validate users to access areas of
the Salt system.
external_auth:
pam:
fred:
- test.*
token_expire
Default: 43200
Time (in seconds) for a newly generated token to live.
Default: 12 hours
token_expire: 43200
token_expire_user_override
Default: False
Allow eauth users to specify the expiry time of the tokens they generate.
A boolean applies to all users or a dictionary of whitelisted eauth backends and usernames may be given:
token_expire_user_override:
pam:
- fred
- tom
ldap:
- gary
keep_acl_in_token
Default: False
Set to True to enable keeping the calculated user's auth list in the token file. This is disabled by
default and the auth list is calculated or requested from the eauth driver each time.
keep_acl_in_token: False
eauth_acl_module
Default: ''
Auth subsystem module to use to get authorized access list for a user. By default it's the same module
used for external authentication.
eauth_acl_module: django
file_recv
Default: False
Allow minions to push files to the master. This is disabled by default, for security purposes.
file_recv: False
file_recv_max_size
New in version 2014.7.0.
Default: 100
Set a hard-limit on the size of the files that can be pushed to the master. It will be interpreted as
megabytes.
file_recv_max_size: 100
master_sign_pubkey
Default: False
Sign the master auth-replies with a cryptographic signature of the master's public key. Please see the
tutorial how to use these settings in the Multimaster-PKI with Failover Tutorial
master_sign_pubkey: True
master_sign_key_name
Default: master_sign
The customizable name of the signing-key-pair without suffix.
master_sign_key_name: <filename_without_suffix>
master_pubkey_signature
Default: master_pubkey_signature
The name of the file in the master's pki-directory that holds the pre-calculated signature of the
master's public-key.
master_pubkey_signature: <filename>
master_use_pubkey_signature
Default: False
Instead of computing the signature for each auth-reply, use a pre-calculated signature. The
master_pubkey_signature must also be set for this.
master_use_pubkey_signature: True
rotate_aes_key
Default: True
Rotate the salt-masters AES-key when a minion-public is deleted with salt-key. This is a very important
security-setting. Disabling it will enable deleted minions to still listen in on the messages published
by the salt-master. Do not disable this unless it is absolutely clear what this does.
rotate_aes_key: True
publish_session
Default: 86400
The number of seconds between AES key rotations on the master.
publish_session: Default: 86400
ssl
New in version 2016.11.0.
Default: None
TLS/SSL connection options. This could be set to a dictionary containing arguments corresponding to
python ssl.wrap_socket method. For details see Tornado and Python documentation.
Note: to set enum arguments values like cert_reqs and ssl_version use constant names without ssl module
prefix: CERT_REQUIRED or PROTOCOL_SSLv23.
ssl:
keyfile: <path_to_keyfile>
certfile: <path_to_certfile>
ssl_version: PROTOCOL_TLSv1_2
allow_minion_key_revoke
Default: False
By default, the master deletes its cache of minion data when the key for that minion is removed. To
preserve the cache after key deletion, set preserve_minion_cache to True.
WARNING: This may have security implications if compromised minions auth with a previous deleted minion
ID.
preserve_minion_cache: False
allow_minion_key_revoke
Default: True
Controls whether a minion can request its own key revocation. When True the master will honor the
minion's request and revoke its key. When False, the master will drop the request and the minion's key
will remain accepted.
rotate_aes_key: True
Master Large Scale Tuning Settings
max_open_files
Default: 100000
Each minion connecting to the master uses AT LEAST one file descriptor, the master subscription
connection. If enough minions connect you might start seeing on the console(and then salt-master
crashes):
Too many open files (tcp_listener.cpp:335)
Aborted (core dumped)
max_open_files: 100000
By default this value will be the one of ulimit -Hn, i.e., the hard limit for max open files.
To set a different value than the default one, uncomment, and configure this setting. Remember that this
value CANNOT be higher than the hard limit. Raising the hard limit depends on the OS and/or distribution,
a good way to find the limit is to search the internet for something like this:
raise max open files hard limit debian
worker_threads
Default: 5
The number of threads to start for receiving commands and replies from minions. If minions are stalling
on replies because you have many minions, raise the worker_threads value.
Worker threads should not be put below 3 when using the peer system, but can drop down to 1 worker
otherwise.
NOTE:
When the master daemon starts, it is expected behaviour to see multiple salt-master processes, even if
'worker_threads' is set to '1'. At a minimum, a controlling process will start along with a Publisher,
an EventPublisher, and a number of MWorker processes will be started. The number of MWorker processes
is tuneable by the 'worker_threads' configuration value while the others are not.
worker_threads: 5
pub_hwm
Default: 1000
The zeromq high water mark on the publisher interface.
pub_hwm: 1000
zmq_backlog
Default: 1000
The listen queue size of the ZeroMQ backlog.
zmq_backlog: 1000
salt_event_pub_hwm and event_publisher_pub_hwm
These two ZeroMQ High Water Mark settings, salt_event_pub_hwm and event_publisher_pub_hwm are significant
for masters with thousands of minions. When these are insufficiently high it will manifest in random
responses missing in the CLI and even missing from the job cache. Masters that have fast CPUs and many
cores with appropriate worker_threads will not need these set as high.
The ZeroMQ high-water-mark for the SaltEvent pub socket default is:
salt_event_pub_hwm: 20000
The ZeroMQ high-water-mark for the EventPublisher pub socket default is:
event_publisher_pub_hwm: 10000
As an example, on single master deployment with 8,000 minions, 2.4GHz CPUs, 24 cores, and 32GiB memory
has these settings:
salt_event_pub_hwm: 128000
event_publisher_pub_hwm: 64000
Master Module Management
runner_dirs
Default: []
Set additional directories to search for runner modules.
runner_dirs:
- /var/lib/salt/runners
cython_enable
Default: False
Set to true to enable Cython modules (.pyx files) to be compiled on the fly on the Salt master.
cython_enable: False
Master State System Settings
state_top
Default: top.sls
The state system uses a "top" file to tell the minions what environment to use and what modules to use.
The state_top file is defined relative to the root of the base environment.
state_top: top.sls
state_top_saltenv
This option has no default value. Set it to an environment name to ensure that only the top file from
that environment is considered during a highstate.
NOTE:
Using this value does not change the merging strategy. For instance, if top_file_merging_strategy is
set to merge, and state_top_saltenv is set to foo, then any sections for environments other than foo
in the top file for the foo environment will be ignored. With state_top_saltenv set to base, all
states from all environments in the base top file will be applied, while all other top files are
ignored. The only way to set state_top_saltenv to something other than base and not have the other
environments in the targeted top file ignored, would be to set top_file_merging_strategy to merge_all.
state_top_saltenv: dev
top_file_merging_strategy
Changed in version 2016.11.0: A merge_all strategy has been added.
Default: merge
When no specific fileserver environment (a.k.a. saltenv) has been specified for a highstate, all
environments' top files are inspected. This config option determines how the SLS targets in those top
files are handled.
When set to merge, the base environment's top file is evaluated first, followed by the other
environments' top files. The first target expression (e.g. '*') for a given environment is kept, and when
the same target expression is used in a different top file evaluated later, it is ignored. Because base
is evaluated first, it is authoritative. For example, if there is a target for '*' for the foo
environment in both the base and foo environment's top files, the one in the foo environment would be
ignored. The environments will be evaluated in no specific order (aside from base coming first). For
greater control over the order in which the environments are evaluated, use env_order. Note that, aside
from the base environment's top file, any sections in top files that do not match that top file's
environment will be ignored. So, for example, a section for the qa environment would be ignored if it
appears in the dev environment's top file. To keep use cases like this from being ignored, use the
merge_all strategy.
When set to same, then for each environment, only that environment's top file is processed, with the
others being ignored. For example, only the dev environment's top file will be processed for the dev
environment, and any SLS targets defined for dev in the base environment's (or any other environment's)
top file will be ignored. If an environment does not have a top file, then the top file from the
default_top config parameter will be used as a fallback.
When set to merge_all, then all states in all environments in all top files will be applied. The order in
which individual SLS files will be executed will depend on the order in which the top files were
evaluated, and the environments will be evaluated in no specific order. For greater control over the
order in which the environments are evaluated, use env_order.
top_file_merging_strategy: same
env_order
Default: []
When top_file_merging_strategy is set to merge, and no environment is specified for a highstate, this
config option allows for the order in which top files are evaluated to be explicitly defined.
env_order:
- base
- dev
- qa
master_tops
Default: {}
The master_tops option replaces the external_nodes option by creating a pluggable system for the
generation of external top data. The external_nodes option is deprecated by the master_tops option. To
gain the capabilities of the classic external_nodes system, use the following configuration:
master_tops:
ext_nodes: <Shell command which returns yaml>
external_nodes
Default: None
The external_nodes option allows Salt to gather data that would normally be placed in a top file from and
external node controller. The external_nodes option is the executable that will return the ENC data.
Remember that Salt will look for external nodes AND top files and combine the results if both are enabled
and available!
external_nodes: cobbler-ext-nodes
renderer
Default: yaml_jinja
The renderer to use on the minions to render the state data.
renderer: yaml_jinja
userdata_template
New in version 2016.11.4.
Default: None
The renderer to use for templating userdata files in salt-cloud, if the userdata_template is not set in
the cloud profile. If no value is set in the cloud profile or master config file, no templating will be
performed.
userdata_template: jinja
jinja_trim_blocks
New in version 2014.1.0.
Default: False
If this is set to True, the first newline after a Jinja block is removed (block, not variable tag!).
Defaults to False and corresponds to the Jinja environment init variable trim_blocks.
jinja_trim_blocks: False
jinja_lstrip_blocks
New in version 2014.1.0.
Default: False
If this is set to True, leading spaces and tabs are stripped from the start of a line to a block.
Defaults to False and corresponds to the Jinja environment init variable lstrip_blocks.
jinja_lstrip_blocks: False
failhard
Default: False
Set the global failhard flag. This informs all states to stop running states at the moment a single state
fails.
failhard: False
state_verbose
Default: True
Controls the verbosity of state runs. By default, the results of all states are returned, but setting
this value to False will cause salt to only display output for states that failed or states that have
changes.
state_verbose: False
state_output
Default: full
The state_output setting changes if the output is the full multi line output for each changed state if
set to 'full', but if set to 'terse' the output will be shortened to a single line. If set to 'mixed',
the output will be terse unless a state failed, in which case that output will be full. If set to
'changes', the output will be full unless the state didn't change.
state_output: full
state_output_diff
Default: False
The state_output_diff setting changes whether or not the output from successful states is returned.
Useful when even the terse output of these states is cluttering the logs. Set it to True to ignore them.
state_output_diff: False
state_aggregate
Default: False
Automatically aggregate all states that have support for mod_aggregate by setting to True. Or pass a list
of state module names to automatically aggregate just those types.
state_aggregate:
- pkg
state_aggregate: True
state_events
Default: False
Send progress events as each function in a state run completes execution by setting to True. Progress
events are in the format salt/job/<JID>/prog/<MID>/<RUN NUM>.
state_events: True
yaml_utf8
Default: False
Enable extra routines for YAML renderer used states containing UTF characters.
yaml_utf8: False
runner_returns
Default: False
If set to True, runner jobs will be saved to job cache (defined by master_job_cache).
runner_returns: True
Master File Server Settings
fileserver_backend
Default: ['roots']
Salt supports a modular fileserver backend system, this system allows the salt master to link directly to
third party systems to gather and manage the files available to minions. Multiple backends can be
configured and will be searched for the requested file in the order in which they are defined here. The
default setting only enables the standard backend roots, which is configured using the file_roots option.
Example:
fileserver_backend:
- roots
- git
NOTE:
For masterless Salt, this parameter must be specified in the minion config file.
fileserver_followsymlinks
New in version 2014.1.0.
Default: True
By default, the file_server follows symlinks when walking the filesystem tree. Currently this only
applies to the default roots fileserver_backend.
fileserver_followsymlinks: True
fileserver_ignoresymlinks
New in version 2014.1.0.
Default: False
If you do not want symlinks to be treated as the files they are pointing to, set
fileserver_ignoresymlinks to True. By default this is set to False. When set to True, any detected
symlink while listing files on the Master will not be returned to the Minion.
fileserver_ignoresymlinks: False
fileserver_limit_traversal
New in version 2014.1.0.
Default: False
By default, the Salt fileserver recurses fully into all defined environments to attempt to find files. To
limit this behavior so that the fileserver only traverses directories with SLS files and special Salt
directories like _modules, set fileserver_limit_traversal to True. This might be useful for installations
where a file root has a very large number of files and performance is impacted.
fileserver_limit_traversal: False
fileserver_list_cache_time
New in version 2014.1.0.
Changed in version 2016.11.0: The default was changed from 30 seconds to 20.
Default: 20
Salt caches the list of files/symlinks/directories for each fileserver backend and environment as they
are requested, to guard against a performance bottleneck at scale when many minions all ask the
fileserver which files are available simultaneously. This configuration parameter allows for the max age
of that cache to be altered.
Set this value to 0 to disable use of this cache altogether, but keep in mind that this may increase the
CPU load on the master when running a highstate on a large number of minions.
NOTE:
Rather than altering this configuration parameter, it may be advisable to use the
fileserver.clear_list_cache runner to clear these caches.
fileserver_list_cache_time: 5
fileserver_verify_config
New in version 2017.7.0.
Default: True
By default, as the master starts it performs some sanity checks on the configured fileserver backends. If
any of these sanity checks fail (such as when an invalid configuration is used), the master daemon will
abort.
To skip these sanity checks, set this option to False.
fileserver_verify_config: False
hash_type
Default: sha256
The hash_type is the hash to use when discovering the hash of a file on the master server. The default is
sha256, but md5, sha1, sha224, sha384, and sha512 are also supported.
hash_type: sha256
file_buffer_size
Default: 1048576
The buffer size in the file server in bytes.
file_buffer_size: 1048576
file_ignore_regex
Default: ''
A regular expression (or a list of expressions) that will be matched against the file path before syncing
the modules and states to the minions. This includes files affected by the file.recurse state. For
example, if you manage your custom modules and states in subversion and don't want all the '.svn' folders
and content synced to your minions, you could set this to '/.svn($|/)'. By default nothing is ignored.
file_ignore_regex:
- '/\.svn($|/)'
- '/\.git($|/)'
file_ignore_glob
Default ''
A file glob (or list of file globs) that will be matched against the file path before syncing the modules
and states to the minions. This is similar to file_ignore_regex above, but works on globs instead of
regex. By default nothing is ignored.
file_ignore_glob:
- '\*.pyc'
- '\*/somefolder/\*.bak'
- '\*.swp'
NOTE:
Vim's .swp files are a common cause of Unicode errors in file.recurse states which use templating.
Unless there is a good reason to distribute them via the fileserver, it is good practice to include
'\*.swp' in the file_ignore_glob.
roots: Master's Local File Server
file_roots
Default:
base:
- /srv/salt
Salt runs a lightweight file server written in ZeroMQ to deliver files to minions. This file server is
built into the master daemon and does not require a dedicated port.
The file server works on environments passed to the master. Each environment can have multiple root
directories. The subdirectories in the multiple file roots cannot match, otherwise the downloaded files
will not be able to be reliably ensured. A base environment is required to house the top file.
Example:
file_roots:
base:
- /srv/salt
dev:
- /srv/salt/dev/services
- /srv/salt/dev/states
prod:
- /srv/salt/prod/services
- /srv/salt/prod/states
NOTE:
For masterless Salt, this parameter must be specified in the minion config file.
master_roots
Default: /srv/salt-master
A master-only copy of the file_roots dictionary, used by the state compiler.
master_roots: /srv/salt-master
git: Git Remote File Server Backend
gitfs_remotes
Default: []
When using the git fileserver backend at least one git remote needs to be defined. The user running the
salt master will need read access to the repo.
The repos will be searched in order to find the file requested by a client and the first repo to have the
file will return it. Branches and tags are translated into salt environments.
gitfs_remotes:
- git://github.com/saltstack/salt-states.git
- file:///var/git/saltmaster
NOTE:
file:// repos will be treated as a remote and copied into the master's gitfs cache, so only the local
refs for those repos will be exposed as fileserver environments.
As of 2014.7.0, it is possible to have per-repo versions of several of the gitfs configuration
parameters. For more information, see the GitFS Walkthrough.
gitfs_provider
New in version 2014.7.0.
Optional parameter used to specify the provider to be used for gitfs. More information can be found in
the GitFS Walkthrough.
Must be either pygit2 or gitpython. If unset, then each will be tried in that same order, and the first
one with a compatible version installed will be the provider that is used.
gitfs_provider: gitpython
gitfs_ssl_verify
Default: True
Specifies whether or not to ignore SSL certificate errors when fetching from the repositories configured
in gitfs_remotes. The False setting is useful if you're using a git repo that uses a self-signed
certificate. However, keep in mind that setting this to anything other True is a considered insecure, and
using an SSH-based transport (if available) may be a better option.
gitfs_ssl_verify: False
NOTE:
pygit2 only supports disabling SSL verification in versions 0.23.2 and newer.
Changed in version 2015.8.0: This option can now be configured on individual repositories as well. See
here for more info.
Changed in version 2016.11.0: The default config value changed from False to True.
gitfs_mountpoint
New in version 2014.7.0.
Default: ''
Specifies a path on the salt fileserver which will be prepended to all files served by gitfs. This option
can be used in conjunction with gitfs_root. It can also be configured for an individual repository, see
here for more info.
gitfs_mountpoint: salt://foo/bar
NOTE:
The salt:// protocol designation can be left off (in other words, foo/bar and salt://foo/bar are
equivalent). Assuming a file baz.sh in the root of a gitfs remote, and the above example mountpoint,
this file would be served up via salt://foo/bar/baz.sh.
gitfs_root
Default: ''
Relative path to a subdirectory within the repository from which Salt should begin to serve files. This
is useful when there are files in the repository that should not be available to the Salt fileserver. Can
be used in conjunction with gitfs_mountpoint. If used, then from Salt's perspective the directories above
the one specified will be ignored and the relative path will (for the purposes of gitfs) be considered as
the root of the repo.
gitfs_root: somefolder/otherfolder
Changed in version 2014.7.0: This option can now be configured on individual repositories as well. See
here for more info.
gitfs_base
Default: master
Defines which branch/tag should be used as the base environment.
gitfs_base: salt
Changed in version 2014.7.0: This option can now be configured on individual repositories as well. See
here for more info.
gitfs_saltenv
New in version 2016.11.0.
Default: []
Global settings for per-saltenv configuration parameters. Though per-saltenv configuration parameters are
typically one-off changes specific to a single gitfs remote, and thus more often configured on a
per-remote basis, this parameter can be used to specify per-saltenv changes which should apply to all
remotes. For example, the below configuration will map the develop branch to the dev saltenv for all
gitfs remotes.
gitfs_saltenv:
- dev:
- ref: develop
gitfs_env_whitelist
New in version 2014.7.0.
Default: []
Used to restrict which environments are made available. Can speed up state runs if the repos in
gitfs_remotes contain many branches/tags. More information can be found in the GitFS Walkthrough.
gitfs_env_whitelist:
- base
- v1.*
- 'mybranch\d+'
gitfs_env_blacklist
New in version 2014.7.0.
Default: []
Used to restrict which environments are made available. Can speed up state runs if the repos in
gitfs_remotes contain many branches/tags. More information can be found in the GitFS Walkthrough.
gitfs_env_blacklist:
- base
- v1.*
- 'mybranch\d+'
gitfs_global_lock
New in version 2015.8.9.
Default: True
When set to False, if there is an update lock for a gitfs remote and the pid written to it is not running
on the master, the lock file will be automatically cleared and a new lock will be obtained. When set to
True, Salt will simply log a warning when there is an update lock present.
On single-master deployments, disabling this option can help automatically deal with instances where the
master was shutdown/restarted during the middle of a gitfs update, leaving a update lock in place.
However, on multi-master deployments with the gitfs cachedir shared via GlusterFS, nfs, or another
network filesystem, it is strongly recommended not to disable this option as doing so will cause lock
files to be removed if they were created by a different master.
# Disable global lock
gitfs_global_lock: False
GitFS Authentication Options
These parameters only currently apply to the pygit2 gitfs provider. Examples of how to use these can be
found in the GitFS Walkthrough.
gitfs_user
New in version 2014.7.0.
Default: ''
Along with gitfs_password, is used to authenticate to HTTPS remotes.
gitfs_user: git
NOTE:
This is is a global configuration option, see here for examples of configuring it for individual
repositories.
gitfs_password
New in version 2014.7.0.
Default: ''
Along with gitfs_user, is used to authenticate to HTTPS remotes. This parameter is not required if the
repository does not use authentication.
gitfs_password: mypassword
NOTE:
This is is a global configuration option, see here for examples of configuring it for individual
repositories.
gitfs_insecure_auth
New in version 2014.7.0.
Default: False
By default, Salt will not authenticate to an HTTP (non-HTTPS) remote. This parameter enables
authentication over HTTP. Enable this at your own risk.
gitfs_insecure_auth: True
NOTE:
This is is a global configuration option, see here for examples of configuring it for individual
repositories.
gitfs_pubkey
New in version 2014.7.0.
Default: ''
Along with gitfs_privkey (and optionally gitfs_passphrase), is used to authenticate to SSH remotes.
Required for SSH remotes.
gitfs_pubkey: /path/to/key.pub
NOTE:
This is is a global configuration option, see here for examples of configuring it for individual
repositories.
gitfs_privkey
New in version 2014.7.0.
Default: ''
Along with gitfs_pubkey (and optionally gitfs_passphrase), is used to authenticate to SSH remotes.
Required for SSH remotes.
gitfs_privkey: /path/to/key
NOTE:
This is is a global configuration option, see here for examples of configuring it for individual
repositories.
gitfs_passphrase
New in version 2014.7.0.
Default: ''
This parameter is optional, required only when the SSH key being used to authenticate is protected by a
passphrase.
gitfs_passphrase: mypassphrase
NOTE:
This is is a global configuration option, see here for examples of configuring it for individual
repositories.
gitfs_refspecs
New in version 2017.7.0.
Default: ['+refs/heads/*:refs/remotes/origin/*', '+refs/tags/*:refs/tags/*']
When fetching from remote repositories, by default Salt will fetch branches and tags. This parameter can
be used to override the default and specify alternate refspecs to be fetched. More information on how
this feature works can be found in the GitFS Walkthrough.
gitfs_refspecs:
- '+refs/heads/*:refs/remotes/origin/*'
- '+refs/tags/*:refs/tags/*'
- '+refs/pull/*/head:refs/remotes/origin/pr/*'
- '+refs/pull/*/merge:refs/remotes/origin/merge/*'
hg: Mercurial Remote File Server Backend
hgfs_remotes
New in version 0.17.0.
Default: []
When using the hg fileserver backend at least one mercurial remote needs to be defined. The user running
the salt master will need read access to the repo.
The repos will be searched in order to find the file requested by a client and the first repo to have the
file will return it. Branches and/or bookmarks are translated into salt environments, as defined by the
hgfs_branch_method parameter.
hgfs_remotes:
- https://username@bitbucket.org/username/reponame
NOTE:
As of 2014.7.0, it is possible to have per-repo versions of the hgfs_root, hgfs_mountpoint, hgfs_base,
and hgfs_branch_method parameters. For example:
hgfs_remotes:
- https://username@bitbucket.org/username/repo1
- base: saltstates
- https://username@bitbucket.org/username/repo2:
- root: salt
- mountpoint: salt://foo/bar/baz
- https://username@bitbucket.org/username/repo3:
- root: salt/states
- branch_method: mixed
hgfs_branch_method
New in version 0.17.0.
Default: branches
Defines the objects that will be used as fileserver environments.
• branches - Only branches and tags will be used
• bookmarks - Only bookmarks and tags will be used
• mixed - Branches, bookmarks, and tags will be used
hgfs_branch_method: mixed
NOTE:
Starting in version 2014.1.0, the value of the hgfs_base parameter defines which branch is used as the
base environment, allowing for a base environment to be used with an hgfs_branch_method of bookmarks.
Prior to this release, the default branch will be used as the base environment.
hgfs_mountpoint
New in version 2014.7.0.
Default: ''
Specifies a path on the salt fileserver which will be prepended to all files served by hgfs. This option
can be used in conjunction with hgfs_root. It can also be configured on a per-remote basis, see here for
more info.
hgfs_mountpoint: salt://foo/bar
NOTE:
The salt:// protocol designation can be left off (in other words, foo/bar and salt://foo/bar are
equivalent). Assuming a file baz.sh in the root of an hgfs remote, this file would be served up via
salt://foo/bar/baz.sh.
hgfs_root
New in version 0.17.0.
Default: ''
Relative path to a subdirectory within the repository from which Salt should begin to serve files. This
is useful when there are files in the repository that should not be available to the Salt fileserver. Can
be used in conjunction with hgfs_mountpoint. If used, then from Salt's perspective the directories above
the one specified will be ignored and the relative path will (for the purposes of hgfs) be considered as
the root of the repo.
hgfs_root: somefolder/otherfolder
Changed in version 2014.7.0: Ability to specify hgfs roots on a per-remote basis was added. See here for
more info.
hgfs_base
New in version 2014.1.0.
Default: default
Defines which branch should be used as the base environment. Change this if hgfs_branch_method is set to
bookmarks to specify which bookmark should be used as the base environment.
hgfs_base: salt
hgfs_env_whitelist
New in version 2014.7.0.
Default: []
Used to restrict which environments are made available. Can speed up state runs if your hgfs remotes
contain many branches/bookmarks/tags. Full names, globs, and regular expressions are supported. If using
a regular expression, the expression must match the entire minion ID.
If used, only branches/bookmarks/tags which match one of the specified expressions will be exposed as
fileserver environments.
If used in conjunction with hgfs_env_blacklist, then the subset of branches/bookmarks/tags which match
the whitelist but do not match the blacklist will be exposed as fileserver environments.
hgfs_env_whitelist:
- base
- v1.*
- 'mybranch\d+'
hgfs_env_blacklist
New in version 2014.7.0.
Default: []
Used to restrict which environments are made available. Can speed up state runs if your hgfs remotes
contain many branches/bookmarks/tags. Full names, globs, and regular expressions are supported. If using
a regular expression, the expression must match the entire minion ID.
If used, branches/bookmarks/tags which match one of the specified expressions will not be exposed as
fileserver environments.
If used in conjunction with hgfs_env_whitelist, then the subset of branches/bookmarks/tags which match
the whitelist but do not match the blacklist will be exposed as fileserver environments.
hgfs_env_blacklist:
- base
- v1.*
- 'mybranch\d+'
svn: Subversion Remote File Server Backend
svnfs_remotes
New in version 0.17.0.
Default: []
When using the svn fileserver backend at least one subversion remote needs to be defined. The user
running the salt master will need read access to the repo.
The repos will be searched in order to find the file requested by a client and the first repo to have the
file will return it. The trunk, branches, and tags become environments, with the trunk being the base
environment.
svnfs_remotes:
- svn://foo.com/svn/myproject
NOTE:
As of 2014.7.0, it is possible to have per-repo versions of the following configuration parameters:
• svnfs_root
• svnfs_mountpoint
• svnfs_trunk
• svnfs_branches
• svnfs_tags
For example:
svnfs_remotes:
- svn://foo.com/svn/project1
- svn://foo.com/svn/project2:
- root: salt
- mountpoint: salt://foo/bar/baz
- svn//foo.com/svn/project3:
- root: salt/states
- branches: branch
- tags: tag
svnfs_mountpoint
New in version 2014.7.0.
Default: ''
Specifies a path on the salt fileserver which will be prepended to all files served by hgfs. This option
can be used in conjunction with svnfs_root. It can also be configured on a per-remote basis, see here for
more info.
svnfs_mountpoint: salt://foo/bar
NOTE:
The salt:// protocol designation can be left off (in other words, foo/bar and salt://foo/bar are
equivalent). Assuming a file baz.sh in the root of an svnfs remote, this file would be served up via
salt://foo/bar/baz.sh.
svnfs_root
New in version 0.17.0.
Default: ''
Relative path to a subdirectory within the repository from which Salt should begin to serve files. This
is useful when there are files in the repository that should not be available to the Salt fileserver. Can
be used in conjunction with svnfs_mountpoint. If used, then from Salt's perspective the directories above
the one specified will be ignored and the relative path will (for the purposes of svnfs) be considered as
the root of the repo.
svnfs_root: somefolder/otherfolder
Changed in version 2014.7.0: Ability to specify svnfs roots on a per-remote basis was added. See here for
more info.
svnfs_trunk
New in version 2014.7.0.
Default: trunk
Path relative to the root of the repository where the trunk is located. Can also be configured on a
per-remote basis, see here for more info.
svnfs_trunk: trunk
svnfs_branches
New in version 2014.7.0.
Default: branches
Path relative to the root of the repository where the branches are located. Can also be configured on a
per-remote basis, see here for more info.
svnfs_branches: branches
svnfs_tags
New in version 2014.7.0.
Default: tags
Path relative to the root of the repository where the tags are located. Can also be configured on a
per-remote basis, see here for more info.
svnfs_tags: tags
svnfs_env_whitelist
New in version 2014.7.0.
Default: []
Used to restrict which environments are made available. Can speed up state runs if your svnfs remotes
contain many branches/tags. Full names, globs, and regular expressions are supported. If using a regular
expression, the expression must match the entire minion ID.
If used, only branches/tags which match one of the specified expressions will be exposed as fileserver
environments.
If used in conjunction with svnfs_env_blacklist, then the subset of branches/tags which match the
whitelist but do not match the blacklist will be exposed as fileserver environments.
svnfs_env_whitelist:
- base
- v1.*
- 'mybranch\d+'
svnfs_env_blacklist
New in version 2014.7.0.
Default: []
Used to restrict which environments are made available. Can speed up state runs if your svnfs remotes
contain many branches/tags. Full names, globs, and regular expressions are supported. If using a regular
expression, the expression must match the entire minion ID.
If used, branches/tags which match one of the specified expressions will not be exposed as fileserver
environments.
If used in conjunction with svnfs_env_whitelist, then the subset of branches/tags which match the
whitelist but do not match the blacklist will be exposed as fileserver environments.
svnfs_env_blacklist:
- base
- v1.*
- 'mybranch\d+'
minion: MinionFS Remote File Server Backend
minionfs_env
New in version 2014.7.0.
Default: base
Environment from which MinionFS files are made available.
minionfs_env: minionfs
minionfs_mountpoint
New in version 2014.7.0.
Default: ''
Specifies a path on the salt fileserver from which minionfs files are served.
minionfs_mountpoint: salt://foo/bar
NOTE:
The salt:// protocol designation can be left off (in other words, foo/bar and salt://foo/bar are
equivalent).
minionfs_whitelist
New in version 2014.7.0.
Default: []
Used to restrict which minions' pushed files are exposed via minionfs. If using a regular expression, the
expression must match the entire minion ID.
If used, only the pushed files from minions which match one of the specified expressions will be exposed.
If used in conjunction with minionfs_blacklist, then the subset of hosts which match the whitelist but do
not match the blacklist will be exposed.
minionfs_whitelist:
- server01
- dev*
- 'mail\d+.mydomain.tld'
minionfs_blacklist
New in version 2014.7.0.
Default: []
Used to restrict which minions' pushed files are exposed via minionfs. If using a regular expression, the
expression must match the entire minion ID.
If used, only the pushed files from minions which match one of the specified expressions will not be
exposed.
If used in conjunction with minionfs_whitelist, then the subset of hosts which match the whitelist but do
not match the blacklist will be exposed.
minionfs_blacklist:
- server01
- dev*
- 'mail\d+.mydomain.tld'
Pillar Configuration
pillar_roots
Default:
base:
- /srv/pillar
Set the environments and directories used to hold pillar sls data. This configuration is the same as
file_roots:
pillar_roots:
base:
- /srv/pillar
dev:
- /srv/pillar/dev
prod:
- /srv/pillar/prod
on_demand_ext_pillar
New in version 2016.3.6,2016.11.3,2017.7.0.
Default: ['libvirt', 'virtkey']
The external pillars permitted to be used on-demand using pillar.ext.
on_demand_ext_pillar:
- libvirt
- virtkey
- git
WARNING:
This will allow minions to request specific pillar data via pillar.ext, and may be considered a
security risk. However, pillar data generated in this way will not affect the in-memory pillar data,
so this risk is limited to instances in which states/modules/etc. (built-in or custom) rely upon
pillar data generated by pillar.ext.
decrypt_pillar
New in version 2017.7.0.
Default: []
A list of paths to be recursively decrypted during pillar compilation.
decrypt_pillar:
- 'foo:bar': gpg
- 'lorem:ipsum:dolor'
Entries in this list can be formatted either as a simple string, or as a key/value pair, with the key
being the pillar location, and the value being the renderer to use for pillar decryption. If the former
is used, the renderer specified by decrypt_pillar_default will be used.
decrypt_pillar_delimiter
New in version 2017.7.0.
Default: :
The delimiter used to distinguish nested data structures in the decrypt_pillar option.
decrypt_pillar_delimiter: '|'
decrypt_pillar:
- 'foo|bar': gpg
- 'lorem|ipsum|dolor'
decrypt_pillar_default
New in version 2017.7.0.
Default: gpg
The default renderer used for decryption, if one is not specified for a given pillar key in
decrypt_pillar.
decrypt_pillar_default: my_custom_renderer
decrypt_pillar_renderers
New in version 2017.7.0.
Default: ['gpg']
List of renderers which are permitted to be used for pillar decryption.
decrypt_pillar_renderers:
- gpg
- my_custom_renderer
pillar_opts
Default: False
The pillar_opts option adds the master configuration file data to a dict in the pillar called master.
This can be used to set simple configurations in the master config file that can then be used on minions.
Note that setting this option to True means the master config file will be included in all minion's
pillars. While this makes global configuration of services and systems easy, it may not be desired if
sensitive data is stored in the master configuration.
pillar_opts: False
pillar_safe_render_error
Default: True
The pillar_safe_render_error option prevents the master from passing pillar render errors to the minion.
This is set on by default because the error could contain templating data which would give that minion
information it shouldn't have, like a password! When set True the error message will only show:
Rendering SLS 'my.sls' failed. Please see master log for details.
pillar_safe_render_error: True
ext_pillar
The ext_pillar option allows for any number of external pillar interfaces to be called when populating
pillar data. The configuration is based on ext_pillar functions. The available ext_pillar functions can
be found herein:
https://github.com/saltstack/salt/blob/develop/salt/pillar
By default, the ext_pillar interface is not configured to run.
Default: []
ext_pillar:
- hiera: /etc/hiera.yaml
- cmd_yaml: cat /etc/salt/yaml
- reclass:
inventory_base_uri: /etc/reclass
There are additional details at salt-pillars
ext_pillar_first
New in version 2015.5.0.
Default: False
This option allows for external pillar sources to be evaluated before pillar_roots. External pillar data
is evaluated separately from pillar_roots pillar data, and then both sets of pillar data are merged into
a single pillar dictionary, so the value of this config option will have an impact on which key "wins"
when there is one of the same name in both the external pillar data and pillar_roots pillar data. By
setting this option to True, ext_pillar keys will be overridden by pillar_roots, while leaving it as
False will allow ext_pillar keys to override those from pillar_roots.
NOTE:
For a while, this config option did not work as specified above, because of a bug in Pillar
compilation. This bug has been resolved in version 2016.3.4 and later.
ext_pillar_first: False
pillarenv_from_saltenv
Default: False
When set to True, the pillarenv value will assume the value of the effective saltenv when running states.
This essentially makes salt-run pillar.show_pillar saltenv=dev equivalent to salt-run pillar.show_pillar
saltenv=dev pillarenv=dev. If pillarenv is set on the CLI, it will override this option.
pillarenv_from_saltenv: True
NOTE:
For salt remote execution commands this option should be set in the Minion configuration instead.
pillar_raise_on_missing
New in version 2015.5.0.
Default: False
Set this option to True to force a KeyError to be raised whenever an attempt to retrieve a named value
from pillar fails. When this option is set to False, the failed attempt returns an empty string.
Git External Pillar (git_pillar) Configuration Options
git_pillar_provider
New in version 2015.8.0.
Specify the provider to be used for git_pillar. Must be either pygit2 or gitpython. If unset, then both
will be tried in that same order, and the first one with a compatible version installed will be the
provider that is used.
git_pillar_provider: gitpython
git_pillar_base
New in version 2015.8.0.
Default: master
If the desired branch matches this value, and the environment is omitted from the git_pillar
configuration, then the environment for that git_pillar remote will be base. For example, in the
configuration below, the foo branch/tag would be assigned to the base environment, while bar would be
mapped to the bar environment.
git_pillar_base: foo
ext_pillar:
- git:
- foo https://mygitserver/git-pillar.git
- bar https://mygitserver/git-pillar.git
git_pillar_branch
New in version 2015.8.0.
Default: master
If the branch is omitted from a git_pillar remote, then this branch will be used instead. For example, in
the configuration below, the first two remotes would use the pillardata branch/tag, while the third would
use the foo branch/tag.
git_pillar_branch: pillardata
ext_pillar:
- git:
- https://mygitserver/pillar1.git
- https://mygitserver/pillar2.git:
- root: pillar
- foo https://mygitserver/pillar3.git
git_pillar_env
New in version 2015.8.0.
Default: '' (unset)
Environment to use for git_pillar remotes. This is normally derived from the branch/tag (or from a
per-remote env parameter), but if set this will override the process of deriving the env from the
branch/tag name. For example, in the configuration below the foo branch would be assigned to the base
environment, while the bar branch would need to explicitly have bar configured as it's environment to
keep it from also being mapped to the base environment.
git_pillar_env: base
ext_pillar:
- git:
- foo https://mygitserver/git-pillar.git
- bar https://mygitserver/git-pillar.git:
- env: bar
For this reason, this option is recommended to be left unset, unless the use case calls for all (or
almost all) of the git_pillar remotes to use the same environment irrespective of the branch/tag being
used.
git_pillar_root
New in version 2015.8.0.
Default: ''
Path relative to the root of the repository where the git_pillar top file and SLS files are located. In
the below configuration, the pillar top file and SLS files would be looked for in a subdirectory called
pillar.
git_pillar_root: pillar
ext_pillar:
- git:
- master https://mygitserver/pillar1.git
- master https://mygitserver/pillar2.git
NOTE:
This is a global option. If only one or two repos need to have their files sourced from a
subdirectory, then git_pillar_root can be omitted and the root can be specified on a per-remote basis,
like so:
ext_pillar:
- git:
- master https://mygitserver/pillar1.git
- master https://mygitserver/pillar2.git:
- root: pillar
In this example, for the first remote the top file and SLS files would be looked for in the root of
the repository, while in the second remote the pillar data would be retrieved from the pillar
subdirectory.
git_pillar_ssl_verify
New in version 2015.8.0.
Changed in version 2016.11.0.
Default: False
Specifies whether or not to ignore SSL certificate errors when contacting the remote repository. The
False setting is useful if you're using a git repo that uses a self-signed certificate. However, keep in
mind that setting this to anything other True is a considered insecure, and using an SSH-based transport
(if available) may be a better option.
In the 2016.11.0 release, the default config value changed from False to True.
git_pillar_ssl_verify: True
NOTE:
pygit2 only supports disabling SSL verification in versions 0.23.2 and newer.
git_pillar_global_lock
New in version 2015.8.9.
Default: True
When set to False, if there is an update/checkout lock for a git_pillar remote and the pid written to it
is not running on the master, the lock file will be automatically cleared and a new lock will be
obtained. When set to True, Salt will simply log a warning when there is an lock present.
On single-master deployments, disabling this option can help automatically deal with instances where the
master was shutdown/restarted during the middle of a git_pillar update/checkout, leaving a lock in place.
However, on multi-master deployments with the git_pillar cachedir shared via GlusterFS, nfs, or another
network filesystem, it is strongly recommended not to disable this option as doing so will cause lock
files to be removed if they were created by a different master.
# Disable global lock
git_pillar_global_lock: False
git_pillar_includes
New in version 2017.7.0.
Default: True
Normally, when processing git_pillar remotes, if more than one repo under the same git section in the
ext_pillar configuration refers to the same pillar environment, then each repo in a given environment
will have access to the other repos' files to be referenced in their top files. However, it may be
desirable to disable this behavior. If so, set this value to False.
For a more detailed examination of how includes work, see this explanation from the git_pillar
documentation.
git_pillar_includes: False
Git External Pillar Authentication Options
These parameters only currently apply to the pygit2 git_pillar_provider. Authentication works the same as
it does in gitfs, as outlined in the GitFS Walkthrough, though the global configuration options are named
differently to reflect that they are for git_pillar instead of gitfs.
git_pillar_user
New in version 2015.8.0.
Default: ''
Along with git_pillar_password, is used to authenticate to HTTPS remotes.
git_pillar_user: git
git_pillar_password
New in version 2015.8.0.
Default: ''
Along with git_pillar_user, is used to authenticate to HTTPS remotes. This parameter is not required if
the repository does not use authentication.
git_pillar_password: mypassword
git_pillar_insecure_auth
New in version 2015.8.0.
Default: False
By default, Salt will not authenticate to an HTTP (non-HTTPS) remote. This parameter enables
authentication over HTTP. Enable this at your own risk.
git_pillar_insecure_auth: True
git_pillar_pubkey
New in version 2015.8.0.
Default: ''
Along with git_pillar_privkey (and optionally git_pillar_passphrase), is used to authenticate to SSH
remotes.
git_pillar_pubkey: /path/to/key.pub
git_pillar_privkey
New in version 2015.8.0.
Default: ''
Along with git_pillar_pubkey (and optionally git_pillar_passphrase), is used to authenticate to SSH
remotes.
git_pillar_privkey: /path/to/key
git_pillar_passphrase
New in version 2015.8.0.
Default: ''
This parameter is optional, required only when the SSH key being used to authenticate is protected by a
passphrase.
git_pillar_passphrase: mypassphrase
git_pillar_refspecs
New in version 2017.7.0.
Default: ['+refs/heads/*:refs/remotes/origin/*', '+refs/tags/*:refs/tags/*']
When fetching from remote repositories, by default Salt will fetch branches and tags. This parameter can
be used to override the default and specify alternate refspecs to be fetched. This parameter works
similarly to its GitFS counterpart, in that it can be configured both globally and for individual
remotes.
git_pillar_refspecs:
- '+refs/heads/*:refs/remotes/origin/*'
- '+refs/tags/*:refs/tags/*'
- '+refs/pull/*/head:refs/remotes/origin/pr/*'
- '+refs/pull/*/merge:refs/remotes/origin/merge/*'
git_pillar_verify_config
New in version 2017.7.0.
Default: True
By default, as the master starts it performs some sanity checks on the configured git_pillar
repositories. If any of these sanity checks fail (such as when an invalid configuration is used), the
master daemon will abort.
To skip these sanity checks, set this option to False.
git_pillar_verify_config: False
Pillar Merging Options
pillar_source_merging_strategy
New in version 2014.7.0.
Default: smart
The pillar_source_merging_strategy option allows you to configure merging strategy between different
sources. It accepts 5 values:
• none:
New in version 2016.3.4: It will not do any merging at all and only parse the pillar data from the passed
environment and 'base' if no environment was specified.
• recurse:
it will merge recursively mapping of data. For example, theses 2 sources:
foo: 42
bar:
element1: True
bar:
element2: True
baz: quux
will be merged as:
foo: 42
bar:
element1: True
element2: True
baz: quux
• aggregate:
instructs aggregation of elements between sources that use the #!yamlex renderer.
For example, these two documents:
#!yamlex
foo: 42
bar: !aggregate {
element1: True
}
baz: !aggregate quux
#!yamlex
bar: !aggregate {
element2: True
}
baz: !aggregate quux2
will be merged as:
foo: 42
bar:
element1: True
element2: True
baz:
- quux
- quux2
• overwrite:
Will use the behaviour of the 2014.1 branch and earlier.
Overwrites elements according the order in which they are processed.
First pillar processed:
A:
first_key: blah
second_key: blah
Second pillar processed:
A:
third_key: blah
fourth_key: blah
will be merged as:
A:
third_key: blah
fourth_key: blah
• smart (default):
Guesses the best strategy based on the "renderer" setting.
pillar_merge_lists
New in version 2015.8.0.
Default: False
Recursively merge lists by aggregating them instead of replacing them.
pillar_merge_lists: False
Pillar Cache Options
pillar_cache
New in version 2015.8.8.
Default: False
A master can cache pillars locally to bypass the expense of having to render them for each minion on
every request. This feature should only be enabled in cases where pillar rendering time is known to be
unsatisfactory and any attendant security concerns about storing pillars in a master cache have been
addressed.
When enabling this feature, be certain to read through the additional pillar_cache_* configuration
options to fully understand the tunable parameters and their implications.
pillar_cache: False
NOTE:
Setting pillar_cache: True has no effect on targeting minions with pillar.
pillar_cache_ttl
New in version 2015.8.8.
Default: 3600
If and only if a master has set pillar_cache: True, the cache TTL controls the amount of time, in
seconds, before the cache is considered invalid by a master and a fresh pillar is recompiled and stored.
pillar_cache_backend
New in version 2015.8.8.
Default: disk
If an only if a master has set pillar_cache: True, one of several storage providers can be utilized:
• disk (default):
The default storage backend. This caches rendered pillars to the master cache. Rendered pillars are
serialized and deserialized as msgpack structures for speed. Note that pillars are stored UNENCRYPTED.
Ensure that the master cache has permissions set appropriately (sane defaults are provided).
• memory [EXPERIMENTAL]:
An optional backend for pillar caches which uses a pure-Python in-memory data structure for maximal
performance. There are several caveats, however. First, because each master worker contains its own
in-memory cache, there is no guarantee of cache consistency between minion requests. This works best in
situations where the pillar rarely if ever changes. Secondly, and perhaps more importantly, this means
that unencrypted pillars will be accessible to any process which can examine the memory of the
salt-master! This may represent a substantial security risk.
pillar_cache_backend: disk
Master Reactor Settings
reactor
Default: []
Defines a salt reactor. See the Reactor documentation for more information.
reactor:
- 'salt/minion/*/start':
- salt://reactor/startup_tasks.sls
reactor_refresh_interval
Default: 60
The TTL for the cache of the reactor configuration.
reactor_refresh_interval: 60
reactor_worker_threads
Default: 10
The number of workers for the runner/wheel in the reactor.
reactor_worker_hwm
Default: 10000
The queue size for workers in the reactor.
reactor_worker_hwm: 10000
Syndic Server Settings
A Salt syndic is a Salt master used to pass commands from a higher Salt master to minions below the
syndic. Using the syndic is simple. If this is a master that will have syndic servers(s) below it, set
the order_masters setting to True.
If this is a master that will be running a syndic daemon for passthrough the syndic_master setting needs
to be set to the location of the master server.
Do not forget that, in other words, it means that it shares with the local minion its ID and PKI
directory.
order_masters
Default: False
Extra data needs to be sent with publications if the master is controlling a lower level master via a
syndic minion. If this is the case the order_masters value must be set to True
order_masters: False
syndic_master
Changed in version 2016.3.5,2016.11.1: Set default higher level master address.
Default: masterofmasters
If this master will be running the salt-syndic to connect to a higher level master, specify the higher
level master with this configuration value.
syndic_master: masterofmasters
You can optionally connect a syndic to multiple higher level masters by setting the syndic_master value
to a list:
syndic_master:
- masterofmasters1
- masterofmasters2
Each higher level master must be set up in a multi-master configuration.
syndic_master_port
Default: 4506
If this master will be running the salt-syndic to connect to a higher level master, specify the higher
level master port with this configuration value.
syndic_master_port: 4506
syndic_pidfile
Default: /var/run/salt-syndic.pid
If this master will be running the salt-syndic to connect to a higher level master, specify the pidfile
of the syndic daemon.
syndic_pidfile: /var/run/syndic.pid
syndic_log_file
Default: /var/log/salt/syndic
If this master will be running the salt-syndic to connect to a higher level master, specify the log file
of the syndic daemon.
syndic_log_file: /var/log/salt-syndic.log
syndic_failover
New in version 2016.3.0.
Default: random
The behaviour of the multi-syndic when connection to a master of masters failed. Can specify random
(default) or ordered. If set to random, masters will be iterated in random order. If ordered is
specified, the configured order will be used.
syndic_failover: random
syndic_wait
Default: 5
The number of seconds for the salt client to wait for additional syndics to check in with their lists of
expected minions before giving up.
syndic_wait: 5
syndic_forward_all_events
New in version 2017.7.0.
Default: False
Option on multi-syndic or single when connected to multiple masters to be able to send events to all
connected masters.
syndic_forward_all_events: False
Peer Publish Settings
Salt minions can send commands to other minions, but only if the minion is allowed to. By default "Peer
Publication" is disabled, and when enabled it is enabled for specific minions and specific commands. This
allows secure compartmentalization of commands based on individual minions.
peer
Default: {}
The configuration uses regular expressions to match minions and then a list of regular expressions to
match functions. The following will allow the minion authenticated as foo.example.com to execute
functions from the test and pkg modules.
peer:
foo.example.com:
- test.*
- pkg.*
This will allow all minions to execute all commands:
peer:
.*:
- .*
This is not recommended, since it would allow anyone who gets root on any single minion to instantly have
root on all of the minions!
By adding an additional layer you can limit the target hosts in addition to the accessible commands:
peer:
foo.example.com:
'db*':
- test.*
- pkg.*
peer_run
Default: {}
The peer_run option is used to open up runners on the master to access from the minions. The peer_run
configuration matches the format of the peer configuration.
The following example would allow foo.example.com to execute the manage.up runner:
peer_run:
foo.example.com:
- manage.up
Master Logging Settings
log_file
Default: /var/log/salt/master
The master log can be sent to a regular file, local path name, or network location. See also log_file.
Examples:
log_file: /var/log/salt/master
log_file: file:///dev/log
log_file: udp://loghost:10514
log_level
Default: warning
The level of messages to send to the console. See also log_level.
log_level: warning
log_level_logfile
Default: warning
The level of messages to send to the log file. See also log_level_logfile. When it is not set explicitly
it will inherit the level set by log_level option.
log_level_logfile: warning
log_datefmt
Default: %H:%M:%S
The date and time format used in console log messages. See also log_datefmt.
log_datefmt: '%H:%M:%S'
log_datefmt_logfile
Default: %Y-%m-%d %H:%M:%S
The date and time format used in log file messages. See also log_datefmt_logfile.
log_datefmt_logfile: '%Y-%m-%d %H:%M:%S'
log_fmt_console
Default: [%(levelname)-8s] %(message)s
The format of the console logging messages. See also log_fmt_console.
NOTE:
Log colors are enabled in log_fmt_console rather than the color config since the logging system is
loaded before the master config.
Console log colors are specified by these additional formatters:
%(colorlevel)s %(colorname)s %(colorprocess)s %(colormsg)s
Since it is desirable to include the surrounding brackets, '[' and ']', in the coloring of the
messages, these color formatters also include padding as well. Color LogRecord attributes are only
available for console logging.
log_fmt_console: '%(colorlevel)s %(colormsg)s'
log_fmt_console: '[%(levelname)-8s] %(message)s'
log_fmt_logfile
Default: %(asctime)s,%(msecs)03d [%(name)-17s][%(levelname)-8s] %(message)s
The format of the log file logging messages. See also log_fmt_logfile.
log_fmt_logfile: '%(asctime)s,%(msecs)03d [%(name)-17s][%(levelname)-8s] %(message)s'
log_granular_levels
Default: {}
This can be used to control logging levels more specifically. See also log_granular_levels.
Node Groups
Default: {}
Node groups allow for logical groupings of minion nodes. A group consists of a group name and a compound
target.
nodegroups:
group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com or bl*.domain.com'
group2: 'G@os:Debian and foo.domain.com'
group3: 'G@os:Debian and N@group1'
group4:
- 'G@foo:bar'
- 'or'
- 'G@foo:baz'
More information on using nodegroups can be found here.
Range Cluster Settings
range_server
Default: 'range:80'
The range server (and optional port) that serves your cluster information
https://github.com/ytoolshed/range/wiki/%22yamlfile%22-module-file-spec
range_server: range:80
Include Configuration
default_include
Default: master.d/*.conf
The master can include configuration from other files. Per default the master will automatically include
all config files from master.d/*.conf where master.d is relative to the directory of the master
configuration file.
NOTE:
Salt creates files in the master.d directory for its own use. These files are prefixed with an
underscore. A common example of this is the _schedule.conf file.
include
Default: not defined
The master can include configuration from other files. To enable this, pass a list of paths to this
option. The paths can be either relative or absolute; if relative, they are considered to be relative to
the directory the main minion configuration file lives in. Paths can make use of shell-style globbing. If
no files are matched by a path passed to this option then the master will log a warning message.
# Include files from a master.d directory in the same
# directory as the master config file
include: master.d/*
# Include a single extra file into the configuration
include: /etc/roles/webserver
# Include several files and the master.d directory
include:
- extra_config
- master.d/*
- /etc/roles/webserver
Keepalive Settings
tcp_keepalive
Default: True
The tcp keepalive interval to set on TCP ports. This setting can be used to tune Salt connectivity issues
in messy network environments with misbehaving firewalls.
tcp_keepalive: True
tcp_keepalive_cnt
Default: -1
Sets the ZeroMQ TCP keepalive count. May be used to tune issues with minion disconnects.
tcp_keepalive_cnt: -1
tcp_keepalive_idle
Default: 300
Sets ZeroMQ TCP keepalive idle. May be used to tune issues with minion disconnects.
tcp_keepalive_idle: 300
tcp_keepalive_intvl
Default: -1
Sets ZeroMQ TCP keepalive interval. May be used to tune issues with minion disconnects.
tcp_keepalive_intvl': -1
Windows Software Repo Settings
winrepo_provider
New in version 2015.8.0.
Specify the provider to be used for winrepo. Must be either pygit2 or gitpython. If unset, then both will
be tried in that same order, and the first one with a compatible version installed will be the provider
that is used.
winrepo_provider: gitpython
winrepo_dir
Changed in version 2015.8.0: Renamed from win_repo to winrepo_dir.
Default: /srv/salt/win/repo
Location on the master where the winrepo_remotes are checked out for pre-2015.8.0 minions. 2015.8.0 and
later minions use winrepo_remotes_ng instead.
winrepo_dir: /srv/salt/win/repo
winrepo_dir_ng
New in version 2015.8.0: A new ng repo was added.
Default: /srv/salt/win/repo-ng
Location on the master where the winrepo_remotes_ng are checked out for 2015.8.0 and later minions.
winrepo_dir_ng: /srv/salt/win/repo-ng
winrepo_cachefile
Changed in version 2015.8.0: Renamed from win_repo_mastercachefile to winrepo_cachefile
NOTE:
2015.8.0 and later minions do not use this setting since the cachefile is now located on the minion.
Default: winrepo.p
Path relative to winrepo_dir where the winrepo cache should be created.
winrepo_cachefile: winrepo.p
winrepo_remotes
Changed in version 2015.8.0: Renamed from win_gitrepos to winrepo_remotes.
Default: ['https://github.com/saltstack/salt-winrepo.git']
List of git repositories to checkout and include in the winrepo for pre-2015.8.0 minions. 2015.8.0 and
later minions use winrepo_remotes_ng instead.
winrepo_remotes:
- https://github.com/saltstack/salt-winrepo.git
To specify a specific revision of the repository, prepend a commit ID to the URL of the repository:
winrepo_remotes:
- '<commit_id> https://github.com/saltstack/salt-winrepo.git'
Replace <commit_id> with the SHA1 hash of a commit ID. Specifying a commit ID is useful in that it allows
one to revert back to a previous version in the event that an error is introduced in the latest revision
of the repo.
winrepo_remotes_ng
New in version 2015.8.0: A new ng repo was added.
Default: ['https://github.com/saltstack/salt-winrepo-ng.git']
List of git repositories to checkout and include in the winrepo for 2015.8.0 and later minions.
winrepo_remotes_ng:
- https://github.com/saltstack/salt-winrepo-ng.git
To specify a specific revision of the repository, prepend a commit ID to the URL of the repository:
winrepo_remotes_ng:
- '<commit_id> https://github.com/saltstack/salt-winrepo-ng.git'
Replace <commit_id> with the SHA1 hash of a commit ID. Specifying a commit ID is useful in that it allows
one to revert back to a previous version in the event that an error is introduced in the latest revision
of the repo.
winrepo_branch
New in version 2015.8.0.
Default: master
If the branch is omitted from a winrepo remote, then this branch will be used instead. For example, in
the configuration below, the first two remotes would use the winrepo branch/tag, while the third would
use the foo branch/tag.
winrepo_branch: winrepo
ext_pillar:
- git:
- https://mygitserver/winrepo1.git
- https://mygitserver/winrepo2.git:
- foo https://mygitserver/winrepo3.git
winrepo_ssl_verify
New in version 2015.8.0.
Changed in version 2016.11.0.
Default: False
Specifies whether or not to ignore SSL certificate errors when contacting the remote repository. The
False setting is useful if you're using a git repo that uses a self-signed certificate. However, keep in
mind that setting this to anything other True is a considered insecure, and using an SSH-based transport
(if available) may be a better option.
In the 2016.11.0 release, the default config value changed from False to True.
winrepo_ssl_verify: True
Winrepo Authentication Options
These parameters only currently apply to the pygit2 winrepo_provider. Authentication works the same as it
does in gitfs, as outlined in the GitFS Walkthrough, though the global configuration options are named
differently to reflect that they are for winrepo instead of gitfs.
winrepo_user
New in version 2015.8.0.
Default: ''
Along with winrepo_password, is used to authenticate to HTTPS remotes.
winrepo_user: git
winrepo_password
New in version 2015.8.0.
Default: ''
Along with winrepo_user, is used to authenticate to HTTPS remotes. This parameter is not required if the
repository does not use authentication.
winrepo_password: mypassword
winrepo_insecure_auth
New in version 2015.8.0.
Default: False
By default, Salt will not authenticate to an HTTP (non-HTTPS) remote. This parameter enables
authentication over HTTP. Enable this at your own risk.
winrepo_insecure_auth: True
winrepo_pubkey
New in version 2015.8.0.
Default: ''
Along with winrepo_privkey (and optionally winrepo_passphrase), is used to authenticate to SSH remotes.
winrepo_pubkey: /path/to/key.pub
winrepo_privkey
New in version 2015.8.0.
Default: ''
Along with winrepo_pubkey (and optionally winrepo_passphrase), is used to authenticate to SSH remotes.
winrepo_privkey: /path/to/key
winrepo_passphrase
New in version 2015.8.0.
Default: ''
This parameter is optional, required only when the SSH key being used to authenticate is protected by a
passphrase.
winrepo_passphrase: mypassphrase
winrepo_refspecs
New in version 2017.7.0.
Default: ['+refs/heads/*:refs/remotes/origin/*', '+refs/tags/*:refs/tags/*']
When fetching from remote repositories, by default Salt will fetch branches and tags. This parameter can
be used to override the default and specify alternate refspecs to be fetched. This parameter works
similarly to its GitFS counterpart, in that it can be configured both globally and for individual
remotes.
winrepo_refspecs:
- '+refs/heads/*:refs/remotes/origin/*'
- '+refs/tags/*:refs/tags/*'
- '+refs/pull/*/head:refs/remotes/origin/pr/*'
- '+refs/pull/*/merge:refs/remotes/origin/merge/*'
Configure Master on Windows
The master on Windows requires no additional configuration. You can modify the master configuration by
creating/editing the master config file located at c:\salt\conf\master. The same configuration options
available on Linux are available in Windows, as long as they apply. For example, SSH options wouldn't
apply in Windows. The main differences are the file paths. If you are familiar with common salt paths,
the following table may be useful:
┌─────────────┬───────┬───────────────┐
│ linux Paths │ │ Windows Paths │
├─────────────┼───────┼───────────────┤
│ /etc/salt │ <---> │ c:\salt\conf │
├─────────────┼───────┼───────────────┤
│ / │ <---> │ c:\salt │
└─────────────┴───────┴───────────────┘
So, for example, the master config file in Linux is /etc/salt/master. In Windows the master config file
is c:\salt\conf\master. The Linux path /etc/salt becomes c:\salt\conf in Windows.
Common File Locations
┌───────────────────────────────────┬───────────────────────────────────────┐
│ Linux Paths │ Windows Paths │
├───────────────────────────────────┼───────────────────────────────────────┤
│ conf_file: /etc/salt/master │ conf_file: c:\salt\conf\master │
├───────────────────────────────────┼───────────────────────────────────────┤
│ log_file: /var/log/salt/master │ log_file: c:\salt\var\log\salt\master │
├───────────────────────────────────┼───────────────────────────────────────┤
│ pidfile: /var/run/salt-master.pid │ pidfile: │
│ │ c:\salt\var\run\salt-master.pid │
└───────────────────────────────────┴───────────────────────────────────────┘
Common Directories
┌──────────────────────────────────┬───────────────────────────────────────┐
│ Linux Paths │ Windows Paths │
├──────────────────────────────────┼───────────────────────────────────────┤
│ cachedir: /var/cache/salt/master │ cachedir: │
│ │ c:\salt\var\cache\salt\master │
├──────────────────────────────────┼───────────────────────────────────────┤
│ extension_modules: │ c:\salt\var\cache\salt\master\extmods │
│ /var/cache/salt/master/extmods │ │
├──────────────────────────────────┼───────────────────────────────────────┤
│ pki_dir: /etc/salt/pki/master │ pki_dir: c:\salt\conf\pki\master │
├──────────────────────────────────┼───────────────────────────────────────┤
│ root_dir: / │ root_dir: c:\salt │
├──────────────────────────────────┼───────────────────────────────────────┤
│ sock_dir: /var/run/salt/master │ sock_dir: c:\salt\var\run\salt\master │
└──────────────────────────────────┴───────────────────────────────────────┘
Roots
file_roots
┌───────────────┬──────────────────────┐
│ Linux Paths │ Windows Paths │
├───────────────┼──────────────────────┤
│ /srv/salt │ c:\salt\srv\salt │
├───────────────┼──────────────────────┤
│ /srv/spm/salt │ c:\salt\srv\spm\salt │
└───────────────┴──────────────────────┘
pillar_roots
┌─────────────────┬────────────────────────┐
│ Linux Paths │ Windows Paths │
├─────────────────┼────────────────────────┤
│ /srv/pillar │ c:\salt\srv\pillar │
├─────────────────┼────────────────────────┤
│ /srv/spm/pillar │ c:\salt\srv\spm\pillar │
└─────────────────┴────────────────────────┘
Win Repo Settings
┌───────────────────────────────────────┬──────────────────────────────┐
│ Linux Paths │ Windows Paths │
├───────────────────────────────────────┼──────────────────────────────┤
│ winrepo_dir: /srv/salt/win/repo │ winrepo_dir: │
│ │ c:\salt\srv\salt\win\repo │
├───────────────────────────────────────┼──────────────────────────────┤
│ winrepo_dir_ng: /srv/salt/win/repo-ng │ winrepo_dir_ng: │
│ │ c:\salt\srv\salt\win\repo-ng │
└───────────────────────────────────────┴──────────────────────────────┘
Configuring the Salt Minion
The Salt system is amazingly simple and easy to configure. The two components of the Salt system each
have a respective configuration file. The salt-master is configured via the master configuration file,
and the salt-minion is configured via the minion configuration file.
SEE ALSO:
example minion configuration file
The Salt Minion configuration is very simple. Typically, the only value that needs to be set is the
master value so the minion knows where to locate its master.
By default, the salt-minion configuration will be in /etc/salt/minion. A notable exception is FreeBSD,
where the configuration will be in /usr/local/etc/salt/minion.
Minion Primary Configuration
master
Default: salt
The hostname or IP address of the master. See ipv6 for IPv6 connections to the master.
Default: salt
master: salt
master:port Syntax
New in version 2015.8.0.
The master config option can also be set to use the master's IP in conjunction with a port number by
default.
master: localhost:1234
For IPv6 formatting with a port, remember to add brackets around the IP address before adding the port
and enclose the line in single quotes to make it a string:
master: '[2001:db8:85a3:8d3:1319:8a2e:370:7348]:1234'
NOTE:
If a port is specified in the master as well as master_port, the master_port setting will be
overridden by the master configuration.
List of Masters Syntax
The option can also be set to a list of masters, enabling multi-master mode.
master:
- address1
- address2
Changed in version 2014.7.0: The master can be dynamically configured. The master value can be set to an
module function which will be executed and will assume that the returning value is the ip or hostname of
the desired master. If a function is being specified, then the master_type option must be set to func, to
tell the minion that the value is a function to be run and not a fully-qualified domain name.
master: module.function
master_type: func
In addition, instead of using multi-master mode, the minion can be configured to use the list of master
addresses as a failover list, trying the first address, then the second, etc. until the minion
successfully connects. To enable this behavior, set master_type to failover:
master:
- address1
- address2
master_type: failover
ipv6
Default: None
Whether the master should be connected over IPv6. By default salt minion will try to automatically detect
IPv6 connectivity to master.
ipv6: True
master_uri_format
New in version 2015.8.0.
Specify the format in which the master address will be evaluated. Valid options are default or ip_only.
If ip_only is specified, then the master address will not be split into IP and PORT, so be sure that only
an IP (or domain name) is set in the master configuration setting.
master_uri_format: ip_only
master_type
New in version 2014.7.0.
Default: str
The type of the master variable. Can be str, failover, func or disable.
master_type: failover
If this option is set to failover, master must be a list of master addresses. The minion will then try
each master in the order specified in the list until it successfully connects. master_alive_interval
must also be set, this determines how often the minion will verify the presence of the master.
master_type: func
If the master needs to be dynamically assigned by executing a function instead of reading in the static
master value, set this to func. This can be used to manage the minion's master setting from an execution
module. By simply changing the algorithm in the module to return a new master ip/fqdn, restart the minion
and it will connect to the new master.
As of version 2016.11.0 this option can be set to disable and the minion will never attempt to talk to
the master. This is useful for running a masterless minion daemon.
master_type: disable
max_event_size
New in version 2014.7.0.
Default: 1048576
Passing very large events can cause the minion to consume large amounts of memory. This value tunes the
maximum size of a message allowed onto the minion event bus. The value is expressed in bytes.
max_event_size: 1048576
master_failback
New in version 2016.3.0.
Default: False
If the minion is in multi-master mode and the :conf_minion`master_type` configuration option is set to
failover, this setting can be set to True to force the minion to fail back to the first master in the
list if the first master is back online.
master_failback: False
master_failback_interval
New in version 2016.3.0.
Default: 0
If the minion is in multi-master mode, the :conf_minion`master_type` configuration is set to failover,
and the master_failback option is enabled, the master failback interval can be set to ping the top master
with this interval, in seconds.
master_failback_interval: 0
master_alive_interval
Default: 0
Configures how often, in seconds, the minion will verify that the current master is alive and responding.
The minion will try to establish a connection to the next master in the list if it finds the existing one
is dead.
master_alive_interval: 30
master_shuffle
New in version 2014.7.0.
Default: False
If master is a list of addresses and :conf_minion`master_type` is failover, shuffle them before trying to
connect to distribute the minions over all available masters. This uses Python's random.shuffle method.
master_shuffle: True
random_master
Default: False
If master is a list of addresses, and :conf_minion`master_type` is set to failover shuffle them before
trying to connect to distribute the minions over all available masters. This uses Python's random.shuffle
method.
random_master: True
retry_dns
Default: 30
Set the number of seconds to wait before attempting to resolve the master hostname if name resolution
fails. Defaults to 30 seconds. Set to zero if the minion should shutdown and not retry.
retry_dns: 30
master_port
Default: 4506
The port of the master ret server, this needs to coincide with the ret_port option on the Salt master.
master_port: 4506
publish_port
Default: 4505
The port of the master publish server, this needs to coincide with the publish_port option on the Salt
master.
publish_port: 4505
user
Default: root
The user to run the Salt processes
user: root
sudo_user
Default: ''
The user to run salt remote execution commands as via sudo. If this option is enabled then sudo will be
used to change the active user executing the remote command. If enabled the user will need to be allowed
access via the sudoers file for the user that the salt minion is configured to run as. The most common
option would be to use the root user. If this option is set the user option should also be set to a
non-root user. If migrating from a root minion to a non root minion the minion cache should be cleared
and the minion pki directory will need to be changed to the ownership of the new user.
sudo_user: root
pidfile
Default: /var/run/salt-minion.pid
The location of the daemon's process ID file
pidfile: /var/run/salt-minion.pid
root_dir
Default: /
This directory is prepended to the following options: pki_dir, cachedir, log_file, sock_dir, and pidfile.
root_dir: /
conf_file
Default: /etc/salt/minion
The path to the minion's configuration file.
conf_file: /etc/salt/minion
pki_dir
Default: /etc/salt/pki/minion
The directory used to store the minion's public and private keys.
pki_dir: /etc/salt/pki/minion
id
Default: the system's hostname
SEE ALSO:
Salt Walkthrough
The Setting up a Salt Minion section contains detailed information on how the hostname is determined.
Explicitly declare the id for this minion to use. Since Salt uses detached ids it is possible to run
multiple minions on the same machine but with different ids.
id: foo.bar.com
minion_id_caching
New in version 0.17.2.
Default: True
Caches the minion id to a file when the minion's
:minion_conf:`id`
is not statically defined in the minion config. This setting prevents potential problems when automatic
minion id resolution changes, which can cause the minion to lose connection with the master. To turn off
minion id caching, set this config to False.
For more information, please see Issue #7558 and Pull Request #8488.
minion_id_caching: True
append_domain
Default: None
Append a domain to a hostname in the event that it does not exist. This is useful for systems where
socket.getfqdn() does not actually result in a FQDN (for instance, Solaris).
append_domain: foo.org
cachedir
Default: /var/cache/salt/minion
The location for minion cache data.
This directory may contain sensitive data and should be protected accordingly.
cachedir: /var/cache/salt/minion
append_minionid_config_dirs
Default: [] (the empty list) for regular minions, ['cachedir'] for proxy minions.
Append minion_id to these configuration directories. Helps with multiple proxies and minions running on
the same machine. Allowed elements in the list: pki_dir, cachedir, extension_modules. Normally not
needed unless running several proxies and/or minions on the same machine.
append_minionid_config_dirs:
- pki_dir
- cachedir
verify_env
Default: True
Verify and set permissions on configuration directories at startup.
verify_env: True
NOTE:
When set to True the verify_env option requires WRITE access to the configuration directory
(/etc/salt/). In certain situations such as mounting /etc/salt/ as read-only for templating this will
create a stack trace when state.apply is called.
cache_jobs
Default: False
The minion can locally cache the return data from jobs sent to it, this can be a good way to keep track
of the minion side of the jobs the minion has executed. By default this feature is disabled, to enable
set cache_jobs to True.
cache_jobs: False
grains
Default: (empty)
SEE ALSO:
static-custom-grains
Statically assigns grains to the minion.
grains:
roles:
- webserver
- memcache
deployment: datacenter4
cabinet: 13
cab_u: 14-15
grains_cache
Default: False
The minion can locally cache grain data instead of refreshing the data each time the grain is referenced.
By default this feature is disabled, to enable set grains_cache to True.
grains_cache: False
grains_deep_merge
New in version 2016.3.0.
Default: False
The grains can be merged, instead of overridden, using this option. This allows custom grains to defined
different subvalues of a dictionary grain. By default this feature is disabled, to enable set
grains_deep_merge to True.
grains_deep_merge: False
For example, with these custom grains functions:
def custom1_k1():
return {'custom1': {'k1': 'v1'}}
def custom1_k2():
return {'custom1': {'k2': 'v2'}}
Without grains_deep_merge, the result would be:
custom1:
k1: v1
With grains_deep_merge, the result will be:
custom1:
k1: v1
k2: v2
grains_refresh_every
Default: 0
The grains_refresh_every setting allows for a minion to periodically check its grains to see if they have
changed and, if so, to inform the master of the new grains. This operation is moderately expensive,
therefore care should be taken not to set this value too low.
Note: This value is expressed in minutes.
A value of 10 minutes is a reasonable default.
grains_refresh_every: 0
mine_enabled
New in version 2015.8.10.
Default: True
Determines whether or not the salt minion should run scheduled mine updates. If this is set to False
then the mine update function will not get added to the scheduler for the minion.
mine_enabled: True
mine_return_job
New in version 2015.8.10.
Default: False
Determines whether or not scheduled mine updates should be accompanied by a job return for the job cache.
mine_return_job: False
mine_functions
Default: Empty
Designate which functions should be executed at mine_interval intervals on each minion. See this
documentation on the Salt Mine for more information. Note these can be defined in the pillar for a
minion as well.
example minion configuration file
mine_functions:
test.ping: []
network.ip_addrs:
interface: eth0
cidr: '10.0.0.0/8'
mine_interval
Default: 60
The number of minutes between mine updates.
mine_interval: 60
sock_dir
Default: /var/run/salt/minion
The directory where Unix sockets will be kept.
sock_dir: /var/run/salt/minion
outputter_dirs
Default: []
A list of additional directories to search for salt outputters in.
outputter_dirs: []
backup_mode
Default: ''
Make backups of files replaced by file.managed and file.recurse state modules under cachedir in
file_backup subdirectory preserving original paths. Refer to File State Backups documentation for more
details.
backup_mode: minion
acceptance_wait_time
Default: 10
The number of seconds to wait until attempting to re-authenticate with the master.
acceptance_wait_time: 10
acceptance_wait_time_max
Default: 0
The maximum number of seconds to wait until attempting to re-authenticate with the master. If set, the
wait will increase by acceptance_wait_time seconds each iteration.
acceptance_wait_time_max: 0
rejected_retry
Default: False
If the master rejects the minion's public key, retry instead of exiting. Rejected keys will be handled
the same as waiting on acceptance.
rejected_retry: False
random_reauth_delay
Default: 10
When the master key changes, the minion will try to re-auth itself to receive the new master key. In
larger environments this can cause a syn-flood on the master because all minions try to re-auth
immediately. To prevent this and have a minion wait for a random amount of time, use this optional
parameter. The wait-time will be a random number of seconds between 0 and the defined value.
random_reauth_delay: 60
master_tries
New in version 2016.3.0.
Default: 1
The number of attempts to connect to a master before giving up. Set this to -1 for unlimited attempts.
This allows for a master to have downtime and the minion to reconnect to it later when it comes back up.
In 'failover' mode, which is set in the master_type configuration, this value is the number of attempts
for each set of masters. In this mode, it will cycle through the list of masters for each attempt.
master_tries is different than auth_tries because auth_tries attempts to retry auth attempts with a
single master. auth_tries is under the assumption that you can connect to the master but not gain
authorization from it. master_tries will still cycle through all of the masters in a given try, so it is
appropriate if you expect occasional downtime from the master(s).
master_tries: 1
auth_tries
New in version 2014.7.0.
Default: 7
The number of attempts to authenticate to a master before giving up. Or, more technically, the number of
consecutive SaltReqTimeoutErrors that are acceptable when trying to authenticate to the master.
auth_tries: 7
auth_timeout
New in version 2014.7.0.
Default: 60
When waiting for a master to accept the minion's public key, salt will continuously attempt to reconnect
until successful. This is the timeout value, in seconds, for each individual attempt. After this timeout
expires, the minion will wait for acceptance_wait_time seconds before trying again. Unless your master
is under unusually heavy load, this should be left at the default.
auth_timeout: 60
auth_safemode
New in version 2014.7.0.
Default: False
If authentication fails due to SaltReqTimeoutError during a ping_interval, this setting, when set to
True, will cause a sub-minion process to restart.
auth_safemode: False
ping_interval
Default: 0
Instructs the minion to ping its master(s) every n number of minutes. Used primarily as a mitigation
technique against minion disconnects.
ping_interval: 0
random_startup_delay
Default: 0
The maximum bound for an interval in which a minion will randomly sleep upon starting up prior to
attempting to connect to a master. This can be used to splay connection attempts for cases where many
minions starting up at once may place undue load on a master.
For example, setting this to 5 will tell a minion to sleep for a value between 0 and 5 seconds.
random_startup_delay: 5
recon_default
Default: 1000
The interval in milliseconds that the socket should wait before trying to reconnect to the master (1000ms
= 1 second).
recon_default: 1000
recon_max
Default: 10000
The maximum time a socket should wait. Each interval the time to wait is calculated by doubling the
previous time. If recon_max is reached, it starts again at the recon_default.
Short example:
• reconnect 1: the socket will wait 'recon_default' milliseconds
• reconnect 2: 'recon_default' * 2
• reconnect 3: ('recon_default' * 2) * 2
• reconnect 4: value from previous interval * 2
• reconnect 5: value from previous interval * 2
• reconnect x: if value >= recon_max, it starts again with recon_default
recon_max: 10000
recon_randomize
Default: True
Generate a random wait time on minion start. The wait time will be a random value between recon_default
and recon_default + recon_max. Having all minions reconnect with the same recon_default and recon_max
value kind of defeats the purpose of being able to change these settings. If all minions have the same
values and the setup is quite large (several thousand minions), they will still flood the master. The
desired behavior is to have time-frame within all minions try to reconnect.
recon_randomize: True
loop_interval
Default: 1
The loop_interval sets how long in seconds the minion will wait between evaluating the scheduler and
running cleanup tasks. This defaults to 1 second on the minion scheduler.
loop_interval: 1
pub_ret
Default: True
Some installations choose to start all job returns in a cache or a returner and forgo sending the results
back to a master. In this workflow, jobs are most often executed with --async from the Salt CLI and then
results are evaluated by examining job caches on the minions or any configured returners. WARNING:
Setting this to False will disable returns back to the master.
pub_ret: True
return_retry_timer
Default: 5
The default timeout for a minion return attempt.
return_retry_timer: 5
return_retry_timer_max
Default: 10
The maximum timeout for a minion return attempt. If non-zero the minion return retry timeout will be a
random int between return_retry_timer and return_retry_timer_max
return_retry_timer_max: 10
cache_sreqs
Default: True
The connection to the master ret_port is kept open. When set to False, the minion creates a new
connection for every return to the master.
cache_sreqs: True
ipc_mode
Default: ipc
Windows platforms lack POSIX IPC and must rely on slower TCP based inter- process communications. Set
ipc_mode to tcp on such systems.
ipc_mode: ipc
tcp_pub_port
Default: 4510
Publish port used when ipc_mode is set to tcp.
tcp_pub_port: 4510
tcp_pull_port
Default: 4511
Pull port used when ipc_mode is set to tcp.
tcp_pull_port: 4511
transport
Default: zeromq
Changes the underlying transport layer. ZeroMQ is the recommended transport while additional transport
layers are under development. Supported values are zeromq, raet (experimental), and tcp (experimental).
This setting has a significant impact on performance and should not be changed unless you know what you
are doing! Transports are explained in Salt Transports.
transport: zeromq
syndic_finger
Default: ''
The key fingerprint of the higher-level master for the syndic to verify it is talking to the intended
master.
syndic_finger: 'ab:30:65:2a:d6:9e:20:4f:d8:b2:f3:a7:d4:65:50:10'
proxy_host
Default: ''
The hostname used for HTTP proxy access.
proxy_host: proxy.my-domain
proxy_port
Default: 0
The port number used for HTTP proxy access.
proxy_port: 31337
proxy_username
Default: ''
The username used for HTTP proxy access.
proxy_username: charon
proxy_password
Default: ''
The password used for HTTP proxy access.
proxy_password: obolus
Minion Module Management
disable_modules
Default: [] (all modules are enabled by default)
The event may occur in which the administrator desires that a minion should not be able to execute a
certain module. The sys module is built into the minion and cannot be disabled.
This setting can also tune the minion. Because all modules are loaded into system memory, disabling
modules will lower the minion's memory footprint.
Modules should be specified according to their file name on the system and not by their virtual name. For
example, to disable cmd, use the string cmdmod which corresponds to salt.modules.cmdmod.
disable_modules:
- test
- solr
disable_returners
Default: [] (all returners are enabled by default)
If certain returners should be disabled, this is the place
disable_returners:
- mongo_return
whitelist_modules
Default: [] (Module whitelisting is disabled. Adding anything to the config option will cause only the
listed modules to be enabled. Modules not in the list will not be loaded.)
This option is the reverse of disable_modules.
Note that this is a very large hammer and it can be quite difficult to keep the minion working the way
you think it should since Salt uses many modules internally itself. At a bare minimum you need the
following enabled or else the minion won't start.
whitelist_modules:
- cmdmod
- test
- config
module_dirs
Default: []
A list of extra directories to search for Salt modules
module_dirs:
- /var/lib/salt/modules
returner_dirs
Default: []
A list of extra directories to search for Salt returners
returner_dirs:
- /var/lib/salt/returners
states_dirs
Default: []
A list of extra directories to search for Salt states
states_dirs:
- /var/lib/salt/states
grains_dirs
Default: []
A list of extra directories to search for Salt grains
grains_dirs:
- /var/lib/salt/grains
render_dirs
Default: []
A list of extra directories to search for Salt renderers
render_dirs:
- /var/lib/salt/renderers
utils_dirs
Default: []
A list of extra directories to search for Salt utilities
utils_dirs:
- /var/lib/salt/utils
cython_enable
Default: False
Set this value to true to enable auto-loading and compiling of .pyx modules, This setting requires that
gcc and cython are installed on the minion.
cython_enable: False
enable_zip_modules
New in version 2015.8.0.
Default: False
Set this value to true to enable loading of zip archives as extension modules. This allows for packing
module code with specific dependencies to avoid conflicts and/or having to install specific modules'
dependencies in system libraries.
enable_zip_modules: False
providers
Default: (empty)
A module provider can be statically overwritten or extended for the minion via the providers option. This
can be done on an individual basis in an SLS file, or globally here in the minion config, like below.
providers:
service: systemd
modules_max_memory
Default: -1
Specify a max size (in bytes) for modules on import. This feature is currently only supported on
*
nix operating systems and requires psutil.
modules_max_memory: -1
extmod_whitelist/extmod_blacklist
New in version 2017.7.0.
By using this dictionary, the modules that are synced to the minion's extmod cache using saltutil.sync_*
can be limited. If nothing is set to a specific type, then all modules are accepted. To block all
modules of a specific type, whitelist an empty list.
extmod_whitelist:
modules:
- custom_module
engines:
- custom_engine
pillars: []
extmod_blacklist:
modules:
- specific_module
Valid options:
• beacons
• clouds
• sdb
• modules
• states
• grains
• renderers
• returners
• proxy
• engines
• output
• utils
• pillar
Top File Settings
These parameters only have an effect if running a masterless minion.
state_top
Default: top.sls
The state system uses a "top" file to tell the minions what environment to use and what modules to use.
The state_top file is defined relative to the root of the base environment.
state_top: top.sls
state_top_saltenv
This option has no default value. Set it to an environment name to ensure that only the top file from
that environment is considered during a highstate.
NOTE:
Using this value does not change the merging strategy. For instance, if top_file_merging_strategy is
set to merge, and state_top_saltenv is set to foo, then any sections for environments other than foo
in the top file for the foo environment will be ignored. With state_top_saltenv set to base, all
states from all environments in the base top file will be applied, while all other top files are
ignored. The only way to set state_top_saltenv to something other than base and not have the other
environments in the targeted top file ignored, would be to set top_file_merging_strategy to merge_all.
state_top_saltenv: dev
top_file_merging_strategy
Changed in version 2016.11.0: A merge_all strategy has been added.
Default: merge
When no specific fileserver environment (a.k.a. saltenv) has been specified for a highstate, all
environments' top files are inspected. This config option determines how the SLS targets in those top
files are handled.
When set to merge, the base environment's top file is evaluated first, followed by the other
environments' top files. The first target expression (e.g. '*') for a given environment is kept, and when
the same target expression is used in a different top file evaluated later, it is ignored. Because base
is evaluated first, it is authoritative. For example, if there is a target for '*' for the foo
environment in both the base and foo environment's top files, the one in the foo environment would be
ignored. The environments will be evaluated in no specific order (aside from base coming first). For
greater control over the order in which the environments are evaluated, use env_order. Note that, aside
from the base environment's top file, any sections in top files that do not match that top file's
environment will be ignored. So, for example, a section for the qa environment would be ignored if it
appears in the dev environment's top file. To keep use cases like this from being ignored, use the
merge_all strategy.
When set to same, then for each environment, only that environment's top file is processed, with the
others being ignored. For example, only the dev environment's top file will be processed for the dev
environment, and any SLS targets defined for dev in the base environment's (or any other environment's)
top file will be ignored. If an environment does not have a top file, then the top file from the
default_top config parameter will be used as a fallback.
When set to merge_all, then all states in all environments in all top files will be applied. The order in
which individual SLS files will be executed will depend on the order in which the top files were
evaluated, and the environments will be evaluated in no specific order. For greater control over the
order in which the environments are evaluated, use env_order.
top_file_merging_strategy: same
env_order
Default: []
When top_file_merging_strategy is set to merge, and no environment is specified for a highstate, this
config option allows for the order in which top files are evaluated to be explicitly defined.
env_order:
- base
- dev
- qa
default_top
Default: base
When top_file_merging_strategy is set to same, and no environment is specified for a highstate (i.e.
environment is not set for the minion), this config option specifies a fallback environment in which to
look for a top file if an environment lacks one.
default_top: dev
startup_states
Default: ''
States to run when the minion daemon starts. To enable, set startup_states to:
• highstate: Execute state.highstate
• sls: Read in the sls_list option and execute the named sls files
• top: Read top_file option and execute based on that file on the Master
startup_states: ''
sls_list
Default: []
List of states to run when the minion starts up if startup_states is set to sls.
sls_list:
- edit.vim
- hyper
top_file
Default: ''
Top file to execute if startup_states is set to top.
top_file: ''
State Management Settings
renderer
Default: yaml_jinja
The default renderer used for local state executions
renderer: yaml_jinja
test
Default: False
Set all state calls to only test if they are going to actually make changes or just post what changes are
going to be made.
test: False
state_verbose
Default: True
Controls the verbosity of state runs. By default, the results of all states are returned, but setting
this value to False will cause salt to only display output for states that failed or states that have
changes.
state_verbose: True
state_output
Default: full
The state_output setting changes if the output is the full multi line output for each changed state if
set to 'full', but if set to 'terse' the output will be shortened to a single line.
state_output: full
state_output_diff
Default: False
The state_output_diff setting changes whether or not the output from successful states is returned.
Useful when even the terse output of these states is cluttering the logs. Set it to True to ignore them.
state_output_diff: False
autoload_dynamic_modules
Default: True
autoload_dynamic_modules turns on automatic loading of modules found in the environments on the master.
This is turned on by default. To turn off auto-loading modules when states run, set this value to False.
autoload_dynamic_modules: True
Default: True
clean_dynamic_modules keeps the dynamic modules on the minion in sync with the dynamic modules on the
master. This means that if a dynamic module is not on the master it will be deleted from the minion. By
default this is enabled and can be disabled by changing this value to False.
clean_dynamic_modules: True
NOTE:
If extmod_whitelist is specified, modules which are not whitelisted will also be cleaned here.
environment
Normally the minion is not isolated to any single environment on the master when running states, but the
environment can be isolated on the minion side by statically setting it. Remember that the recommended
way to manage environments is to isolate via the top file.
environment: dev
snapper_states
Default: False
The snapper_states value is used to enable taking snapper snapshots before and after salt state runs.
This allows for state runs to be rolled back.
For snapper states to function properly snapper needs to be installed and enabled.
snapper_states: True
snapper_states_config
Default: root
Snapper can execute based on a snapper configuration. The configuration needs to be set up before snapper
can use it. The default configuration is root, this default makes snapper run on SUSE systems using the
default configuration set up at install time.
snapper_states_config: root
File Directory Settings
file_client
Default: remote
The client defaults to looking on the master server for files, but can be directed to look on the minion
by setting this parameter to local.
file_client: remote
use_master_when_local
Default: False
When using a local file_client, this parameter is used to allow the client to connect to a master for
remote execution.
use_master_when_local: False
file_roots
Default:
base:
- /srv/salt
When using a local file_client, this parameter is used to setup the fileserver's environments. This
parameter operates identically to the master config parameter of the same name.
file_roots:
base:
- /srv/salt
dev:
- /srv/salt/dev/services
- /srv/salt/dev/states
prod:
- /srv/salt/prod/services
- /srv/salt/prod/states
fileserver_followsymlinks
New in version 2014.1.0.
Default: True
By default, the file_server follows symlinks when walking the filesystem tree. Currently this only
applies to the default roots fileserver_backend.
fileserver_followsymlinks: True
fileserver_ignoresymlinks
New in version 2014.1.0.
Default: False
If you do not want symlinks to be treated as the files they are pointing to, set
fileserver_ignoresymlinks to True. By default this is set to False. When set to True, any detected
symlink while listing files on the Master will not be returned to the Minion.
fileserver_ignoresymlinks: False
fileserver_limit_traversal
New in version 2014.1.0.
Default: False
By default, the Salt fileserver recurses fully into all defined environments to attempt to find files. To
limit this behavior so that the fileserver only traverses directories with SLS files and special Salt
directories like _modules, set fileserver_limit_traversal to True. This might be useful for installations
where a file root has a very large number of files and performance is impacted.
fileserver_limit_traversal: False
hash_type
Default: sha256
The hash_type is the hash to use when discovering the hash of a file on the local fileserver. The default
is sha256, but md5, sha1, sha224, sha384, and sha512 are also supported.
hash_type: sha256
Pillar Configuration
pillar_roots
Default:
base:
- /srv/pillar
When using a local file_client, this parameter is used to setup the pillar environments.
pillar_roots:
base:
- /srv/pillar
dev:
- /srv/pillar/dev
prod:
- /srv/pillar/prod
on_demand_ext_pillar
New in version 2016.3.6,2016.11.3,2017.7.0.
Default: ['libvirt', 'virtkey']
When using a local file_client, this option controls which external pillars are permitted to be used
on-demand using pillar.ext.
on_demand_ext_pillar:
- libvirt
- virtkey
- git
WARNING:
This will allow a masterless minion to request specific pillar data via pillar.ext, and may be
considered a security risk. However, pillar data generated in this way will not affect the in-memory
pillar data, so this risk is limited to instances in which states/modules/etc. (built-in or custom)
rely upon pillar data generated by pillar.ext.
decrypt_pillar
New in version 2017.7.0.
Default: []
A list of paths to be recursively decrypted during pillar compilation.
decrypt_pillar:
- 'foo:bar': gpg
- 'lorem:ipsum:dolor'
Entries in this list can be formatted either as a simple string, or as a key/value pair, with the key
being the pillar location, and the value being the renderer to use for pillar decryption. If the former
is used, the renderer specified by decrypt_pillar_default will be used.
decrypt_pillar_delimiter
New in version 2017.7.0.
Default: :
The delimiter used to distinguish nested data structures in the decrypt_pillar option.
decrypt_pillar_delimiter: '|'
decrypt_pillar:
- 'foo|bar': gpg
- 'lorem|ipsum|dolor'
decrypt_pillar_default
New in version 2017.7.0.
Default: gpg
The default renderer used for decryption, if one is not specified for a given pillar key in
decrypt_pillar.
decrypt_pillar_default: my_custom_renderer
decrypt_pillar_renderers
New in version 2017.7.0.
Default: ['gpg']
List of renderers which are permitted to be used for pillar decryption.
decrypt_pillar_renderers:
- gpg
- my_custom_renderer
pillarenv
Default: None
Isolates the pillar environment on the minion side. This functions the same as the environment setting,
but for pillar instead of states.
pillarenv: dev
pillarenv_from_saltenv
New in version 2017.7.0.
Default: False
When set to True, the pillarenv value will assume the value of the effective saltenv when running states.
This essentially makes salt '*' state.sls mysls saltenv=dev equivalent to salt '*' state.sls mysls
saltenv=dev pillarenv=dev. If pillarenv is set, either in the minion config file or via the CLI, it will
override this option.
pillarenv_from_saltenv: True
pillar_raise_on_missing
New in version 2015.5.0.
Default: False
Set this option to True to force a KeyError to be raised whenever an attempt to retrieve a named value
from pillar fails. When this option is set to False, the failed attempt returns an empty string.
minion_pillar_cache
New in version 2016.3.0.
Default: False
The minion can locally cache rendered pillar data under cachedir/pillar. This allows a temporarily
disconnected minion to access previously cached pillar data by invoking salt-call with the --local and
--pillar_root=:conf_minion:cachedir/pillar options. Before enabling this setting consider that the
rendered pillar may contain security sensitive data. Appropriate access restrictions should be in place.
By default the saved pillar data will be readable only by the user account running salt. By default this
feature is disabled, to enable set minion_pillar_cache to True.
minion_pillar_cache: False
file_recv_max_size
New in version 2014.7.0.
Default: 100
Set a hard-limit on the size of the files that can be pushed to the master. It will be interpreted as
megabytes.
file_recv_max_size: 100
Security Settings
open_mode
Default: False
Open mode can be used to clean out the PKI key received from the Salt master, turn on open mode, restart
the minion, then turn off open mode and restart the minion to clean the keys.
open_mode: False
master_finger
Default: ''
Fingerprint of the master public key to validate the identity of your Salt master before the initial key
exchange. The master fingerprint can be found by running "salt-key -F master" on the Salt master.
master_finger: 'ba:30:65:2a:d6:9e:20:4f:d8:b2:f3:a7:d4:65:11:13'
keysize
Default: 2048
The size of key that should be generated when creating new keys.
keysize: 2048
permissive_pki_access
Default: False
Enable permissive access to the salt keys. This allows you to run the master or minion as root, but have
a non-root group be given access to your pki_dir. To make the access explicit, root must belong to the
group you've given access to. This is potentially quite insecure.
permissive_pki_access: False
verify_master_pubkey_sign
Default: False
Enables verification of the master-public-signature returned by the master in auth-replies. Please see
the tutorial on how to configure this properly Multimaster-PKI with Failover Tutorial
New in version 2014.7.0.
verify_master_pubkey_sign: True
If this is set to True, master_sign_pubkey must be also set to True in the master configuration file.
master_sign_key_name
Default: master_sign
The filename without the .pub suffix of the public key that should be used for verifying the signature
from the master. The file must be located in the minion's pki directory.
New in version 2014.7.0.
master_sign_key_name: <filename_without_suffix>
always_verify_signature
Default: False
If verify_master_pubkey_sign is enabled, the signature is only verified if the public-key of the master
changes. If the signature should always be verified, this can be set to True.
New in version 2014.7.0.
always_verify_signature: True
cmd_blacklist_glob
Default: []
If cmd_blacklist_glob is enabled then any shell command called over remote execution or via salt-call
will be checked against the glob matches found in the cmd_blacklist_glob list and any matched shell
command will be blocked.
NOTE:
This blacklist is only applied to direct executions made by the salt and salt-call commands. This does
NOT blacklist commands called from states or shell commands executed from other modules.
New in version 2016.11.0.
cmd_blacklist_glob:
- 'rm * '
- 'cat /etc/* '
cmd_whitelist_glob
Default: []
If cmd_whitelist_glob is enabled then any shell command called over remote execution or via salt-call
will be checked against the glob matches found in the cmd_whitelist_glob list and any shell command NOT
found in the list will be blocked. If cmd_whitelist_glob is NOT SET, then all shell commands are
permitted.
NOTE:
This whitelist is only applied to direct executions made by the salt and salt-call commands. This does
NOT restrict commands called from states or shell commands executed from other modules.
New in version 2016.11.0.
cmd_whitelist_glob:
- 'ls * '
- 'cat /etc/fstab'
ssl
New in version 2016.11.0.
Default: None
TLS/SSL connection options. This could be set to a dictionary containing arguments corresponding to
python ssl.wrap_socket method. For details see Tornado and Python documentation.
Note: to set enum arguments values like cert_reqs and ssl_version use constant names without ssl module
prefix: CERT_REQUIRED or PROTOCOL_SSLv23.
ssl:
keyfile: <path_to_keyfile>
certfile: <path_to_certfile>
ssl_version: PROTOCOL_TLSv1_2
Reactor Settings
reactor
Default: []
Defines a salt reactor. See the Reactor documentation for more information.
reactor: []
reactor_refresh_interval
Default: 60
The TTL for the cache of the reactor configuration.
reactor_refresh_interval: 60
reactor_worker_threads
Default: 10
The number of workers for the runner/wheel in the reactor.
reactor_worker_hwm
Default: 10000
The queue size for workers in the reactor.
reactor_worker_hwm: 10000
Thread Settings
multiprocessing
Default: True
If multiprocessing is enabled when a minion receives a publication a new process is spawned and the
command is executed therein. Conversely, if multiprocessing is disabled the new publication will be run
executed in a thread.
multiprocessing: True
Minion Logging Settings
log_file
Default: /var/log/salt/minion
The minion log can be sent to a regular file, local path name, or network location. See also log_file.
Examples:
log_file: /var/log/salt/minion
log_file: file:///dev/log
log_file: udp://loghost:10514
log_level
Default: warning
The level of messages to send to the console. See also log_level.
log_level: warning
log_level_logfile
Default: info
The level of messages to send to the log file. See also log_level_logfile. When it is not set explicitly
it will inherit the level set by log_level option.
log_level_logfile: warning
log_datefmt
Default: %H:%M:%S
The date and time format used in console log messages. See also log_datefmt.
log_datefmt: '%H:%M:%S'
log_datefmt_logfile
Default: %Y-%m-%d %H:%M:%S
The date and time format used in log file messages. See also log_datefmt_logfile.
log_datefmt_logfile: '%Y-%m-%d %H:%M:%S'
log_fmt_console
Default: [%(levelname)-8s] %(message)s
The format of the console logging messages. See also log_fmt_console.
NOTE:
Log colors are enabled in log_fmt_console rather than the color config since the logging system is
loaded before the minion config.
Console log colors are specified by these additional formatters:
%(colorlevel)s %(colorname)s %(colorprocess)s %(colormsg)s
Since it is desirable to include the surrounding brackets, '[' and ']', in the coloring of the
messages, these color formatters also include padding as well. Color LogRecord attributes are only
available for console logging.
log_fmt_console: '%(colorlevel)s %(colormsg)s'
log_fmt_console: '[%(levelname)-8s] %(message)s'
log_fmt_logfile
Default: %(asctime)s,%(msecs)03d [%(name)-17s][%(levelname)-8s] %(message)s
The format of the log file logging messages. See also log_fmt_logfile.
log_fmt_logfile: '%(asctime)s,%(msecs)03d [%(name)-17s][%(levelname)-8s] %(message)s'
log_granular_levels
Default: {}
This can be used to control logging levels more specifically. See also log_granular_levels.
zmq_monitor
Default: False
To diagnose issues with minions disconnecting or missing returns, ZeroMQ supports the use of monitor
sockets to log connection events. This feature requires ZeroMQ 4.0 or higher.
To enable ZeroMQ monitor sockets, set 'zmq_monitor' to 'True' and log at a debug level or higher.
A sample log event is as follows:
[DEBUG ] ZeroMQ event: {'endpoint': 'tcp://127.0.0.1:4505', 'event': 512,
'value': 27, 'description': 'EVENT_DISCONNECTED'}
All events logged will include the string ZeroMQ event. A connection event should be logged as the minion
starts up and initially connects to the master. If not, check for debug log level and that the necessary
version of ZeroMQ is installed.
tcp_authentication_retries
Default: 5
The number of times to retry authenticating with the salt master when it comes back online.
Zeromq does a lot to make sure when connections come back online that they reauthenticate. The tcp
transport should try to connect with a new connection if the old one times out on reauthenticating.
-1 for infinite tries.
failhard
Default: False
Set the global failhard flag. This informs all states to stop running states at the moment a single state
fails
failhard: False
Include Configuration
default_include
Default: minion.d/*.conf
The minion can include configuration from other files. Per default the minion will automatically include
all config files from minion.d/*.conf where minion.d is relative to the directory of the minion
configuration file.
NOTE:
Salt creates files in the minion.d directory for its own use. These files are prefixed with an
underscore. A common example of this is the _schedule.conf file.
include
Default: not defined
The minion can include configuration from other files. To enable this, pass a list of paths to this
option. The paths can be either relative or absolute; if relative, they are considered to be relative to
the directory the main minion configuration file lives in. Paths can make use of shell-style globbing. If
no files are matched by a path passed to this option then the minion will log a warning message.
# Include files from a minion.d directory in the same
# directory as the minion config file
include: minion.d/*.conf
# Include a single extra file into the configuration
include: /etc/roles/webserver
# Include several files and the minion.d directory
include:
- extra_config
- minion.d/*
- /etc/roles/webserver
Keepalive Settings
tcp_keepalive
Default: True
The tcp keepalive interval to set on TCP ports. This setting can be used to tune Salt connectivity issues
in messy network environments with misbehaving firewalls.
tcp_keepalive: True
tcp_keepalive_cnt
Default: -1
Sets the ZeroMQ TCP keepalive count. May be used to tune issues with minion disconnects.
tcp_keepalive_cnt: -1
tcp_keepalive_idle
Default: 300
Sets ZeroMQ TCP keepalive idle. May be used to tune issues with minion disconnects.
tcp_keepalive_idle: 300
tcp_keepalive_intvl
Default: -1
Sets ZeroMQ TCP keepalive interval. May be used to tune issues with minion disconnects.
tcp_keepalive_intvl': -1
Frozen Build Update Settings
These options control how salt.modules.saltutil.update() works with esky frozen apps. For more
information look at https://github.com/cloudmatrix/esky/.
update_url
Default: False (Update feature is disabled)
The url to use when looking for application updates. Esky depends on directory listings to search for new
versions. A webserver running on your Master is a good starting point for most setups.
update_url: 'http://salt.example.com/minion-updates'
update_restart_services
Default: [] (service restarting on update is disabled)
A list of services to restart when the minion software is updated. This would typically just be a list
containing the minion's service name, but you may have other services that need to go with it.
update_restart_services: ['salt-minion']
winrepo_cache_expire_min
New in version 2016.11.0.
Default: 0
If set to a nonzero integer, then passing refresh=True to functions in the windows pkg module will not
refresh the windows repo metadata if the age of the metadata is less than this value. The exception to
this is pkg.refresh_db, which will always refresh the metadata, regardless of age.
winrepo_cache_expire_min: 1800
winrepo_cache_expire_max
New in version 2016.11.0.
Default: 21600
If the windows repo metadata is older than this value, and the metadata is needed by a function in the
windows pkg module, the metadata will be refreshed.
winrepo_cache_expire_max: 86400
Standalone Minion Windows Software Repo Settings
IMPORTANT:
To use these config options, the minion must be running in masterless mode (set file_client to local).
winrepo_dir
Changed in version 2015.8.0: Renamed from win_repo to winrepo_dir. Also, this option did not have a
default value until this version.
Default: C:\salt\srv\salt\win\repo
Location on the minion where the winrepo_remotes are checked out.
winrepo_dir: 'D:\winrepo'
winrepo_dir_ng
New in version 2015.8.0: A new ng repo was added.
Default: /srv/salt/win/repo-ng
Location on the minion where the winrepo_remotes_ng are checked out for 2015.8.0 and later minions.
winrepo_dir_ng: /srv/salt/win/repo-ng
winrepo_source_dir
Default: salt://win/repo-ng/
The source location for the winrepo sls files.
winrepo_source_dir: salt://win/repo-ng/
winrepo_cachefile
Changed in version 2015.8.0: Renamed from win_repo_cachefile to winrepo_cachefile. Also, this option did
not have a default value until this version.
Default: winrepo.p
Path relative to winrepo_dir where the winrepo cache should be created.
winrepo_cachefile: winrepo.p
winrepo_remotes
Changed in version 2015.8.0: Renamed from win_gitrepos to winrepo_remotes. Also, this option did not have
a default value until this version.
New in version 2015.8.0.
Default: ['https://github.com/saltstack/salt-winrepo.git']
List of git repositories to checkout and include in the winrepo
winrepo_remotes:
- https://github.com/saltstack/salt-winrepo.git
To specify a specific revision of the repository, prepend a commit ID to the URL of the repository:
winrepo_remotes:
- '<commit_id> https://github.com/saltstack/salt-winrepo.git'
Replace <commit_id> with the SHA1 hash of a commit ID. Specifying a commit ID is useful in that it allows
one to revert back to a previous version in the event that an error is introduced in the latest revision
of the repo.
winrepo_remotes_ng
New in version 2015.8.0: A new ng repo was added.
Default: ['https://github.com/saltstack/salt-winrepo-ng.git']
List of git repositories to checkout and include in the winrepo for 2015.8.0 and later minions.
winrepo_remotes_ng:
- https://github.com/saltstack/salt-winrepo-ng.git
To specify a specific revision of the repository, prepend a commit ID to the URL of the repository:
winrepo_remotes_ng:
- '<commit_id> https://github.com/saltstack/salt-winrepo-ng.git'
Replace <commit_id> with the SHA1 hash of a commit ID. Specifying a commit ID is useful in that it allows
one to revert back to a previous version in the event that an error is introduced in the latest revision
of the repo.
Configuring the Salt Proxy Minion
The Salt system is amazingly simple and easy to configure. The two components of the Salt system each
have a respective configuration file. The salt-master is configured via the master configuration file,
and the salt-proxy is configured via the proxy configuration file.
SEE ALSO:
example proxy minion configuration file
The Salt Minion configuration is very simple. Typically, the only value that needs to be set is the
master value so the proxy knows where to locate its master.
By default, the salt-proxy configuration will be in /etc/salt/proxy. A notable exception is FreeBSD,
where the configuration will be in /usr/local/etc/salt/proxy.
Proxy-specific Configuration Options
add_proxymodule_to_opts
New in version 2015.8.2.
Changed in version 2016.3.0.
Default: False
Add the proxymodule LazyLoader object to opts.
add_proxymodule_to_opts: True
proxy_merge_grains_in_module
New in version 2016.3.0.
Changed in version 2017.7.0.
Default: True
If a proxymodule has a function called grains, then call it during regular grains loading and merge the
results with the proxy's grains dictionary. Otherwise it is assumed that the module calls the grains
function in a custom way and returns the data elsewhere.
proxy_merge_grains_in_module: False
proxy_keep_alive
New in version 2017.7.0.
Default: True
Whether the connection with the remote device should be restarted when dead. The proxy module must
implement the alive function, otherwise the connection is considered alive.
proxy_keep_alive: False
proxy_keep_alive_interval
New in version 2017.7.0.
Default: 1
The frequency of keepalive checks, in minutes. It requires the proxy_keep_alive option to be enabled (and
the proxy module to implement the alive function).
proxy_keep_alive_interval: 5
proxy_always_alive
New in version 2017.7.0.
Default: True
Wheter the proxy should maintain the connection with the remote device. Similarly to proxy_keep_alive,
this option is very specific to the design of the proxy module. When proxy_always_alive is set to False,
the connection with the remote device is not maintained and has to be closed after every command.
proxy_always_alive: False
proxy_merge_pillar_in_opts
New in version 2017.7.3.
Default: False.
Wheter the pillar data to be merged into the proxy configuration options. As multiple proxies can run on
the same server, we may need different configuration options for each, while there's one single
configuration file. The solution is merging the pillar data of each proxy minion into the opts.
proxy_merge_pillar_in_opts: True
proxy_deep_merge_pillar_in_opts
New in version 2017.7.3.
Default: False.
Deep merge of pillar data into configuration opts. This option is evaluated only when
proxy_merge_pillar_in_opts is enabled.
proxy_merge_pillar_in_opts_strategy
New in version 2017.7.3.
Default: smart.
The strategy used when merging pillar configuration into opts. This option is evaluated only when
proxy_merge_pillar_in_opts is enabled.
proxy_mines_pillar
New in version 2017.7.3.
Default: True.
Allow enabling mine details using pillar data. This evaluates the mine configuration under the pillar,
for the following regular minion options that are also equally available on the proxy minion:
mine_interval, and mine_functions.
Configuration file examples
• Example master configuration file
• Example minion configuration file
• Example proxy minion configuration file
Example master configuration file
##### Primary configuration settings #####
##########################################
# This configuration file is used to manage the behavior of the Salt Master.
# Values that are commented out but have an empty line after the comment are
# defaults that do not need to be set in the config. If there is no blank line
# after the comment then the value is presented as an example and is not the
# default.
# Per default, the master will automatically include all config files
# from master.d/*.conf (master.d is a directory in the same directory
# as the main master config file).
#default_include: master.d/*.conf
# The address of the interface to bind to:
#interface: 0.0.0.0
# Whether the master should listen for IPv6 connections. If this is set to True,
# the interface option must be adjusted, too. (For example: "interface: '::'")
#ipv6: False
# The tcp port used by the publisher:
#publish_port: 4505
# The user under which the salt master will run. Salt will update all
# permissions to allow the specified user to run the master. The exception is
# the job cache, which must be deleted if this user is changed. If the
# modified files cause conflicts, set verify_env to False.
#user: root
# The port used by the communication interface. The ret (return) port is the
# interface used for the file server, authentication, job returns, etc.
#ret_port: 4506
# Specify the location of the daemon process ID file:
#pidfile: /var/run/salt-master.pid
# The root directory prepended to these options: pki_dir, cachedir,
# sock_dir, log_file, autosign_file, autoreject_file, extension_modules,
# key_logfile, pidfile:
#root_dir: /
# The path to the master's configuration file.
#conf_file: /etc/salt/master
# Directory used to store public key data:
#pki_dir: /etc/salt/pki/master
# Key cache. Increases master speed for large numbers of accepted
# keys. Available options: 'sched'. (Updates on a fixed schedule.)
# Note that enabling this feature means that minions will not be
# available to target for up to the length of the maintanence loop
# which by default is 60s.
#key_cache: ''
# Directory to store job and cache data:
# This directory may contain sensitive data and should be protected accordingly.
#
#cachedir: /var/cache/salt/master
# Directory for custom modules. This directory can contain subdirectories for
# each of Salt's module types such as "runners", "output", "wheel", "modules",
# "states", "returners", "engines", "utils", etc.
#extension_modules: /var/cache/salt/master/extmods
# Directory for custom modules. This directory can contain subdirectories for
# each of Salt's module types such as "runners", "output", "wheel", "modules",
# "states", "returners", "engines", "utils", etc.
# Like 'extension_modules' but can take an array of paths
#module_dirs: []
# Verify and set permissions on configuration directories at startup:
#verify_env: True
# Set the number of hours to keep old job information in the job cache:
#keep_jobs: 24
# The number of seconds to wait when the client is requesting information
# about running jobs.
#gather_job_timeout: 10
# Set the default timeout for the salt command and api. The default is 5
# seconds.
#timeout: 5
# The loop_interval option controls the seconds for the master's maintenance
# process check cycle. This process updates file server backends, cleans the
# job cache and executes the scheduler.
#loop_interval: 60
# Set the default outputter used by the salt command. The default is "nested".
#output: nested
# To set a list of additional directories to search for salt outputters, set the
# outputter_dirs option.
#outputter_dirs: []
# Set the default output file used by the salt command. Default is to output
# to the CLI and not to a file. Functions the same way as the "--out-file"
# CLI option, only sets this to a single file for all salt commands.
#output_file: None
# Return minions that timeout when running commands like test.ping
#show_timeout: True
# Tell the client to display the jid when a job is published.
#show_jid: False
# By default, output is colored. To disable colored output, set the color value
# to False.
#color: True
# Do not strip off the colored output from nested results and state outputs
# (true by default).
# strip_colors: False
# To display a summary of the number of minions targeted, the number of
# minions returned, and the number of minions that did not return, set the
# cli_summary value to True. (False by default.)
#
#cli_summary: False
# Set the directory used to hold unix sockets:
#sock_dir: /var/run/salt/master
# The master can take a while to start up when lspci and/or dmidecode is used
# to populate the grains for the master. Enable if you want to see GPU hardware
# data for your master.
# enable_gpu_grains: False
# The master maintains a job cache. While this is a great addition, it can be
# a burden on the master for larger deployments (over 5000 minions).
# Disabling the job cache will make previously executed jobs unavailable to
# the jobs system and is not generally recommended.
#job_cache: True
# Cache minion grains, pillar and mine data via the cache subsystem in the
# cachedir or a database.
#minion_data_cache: True
# Cache subsystem module to use for minion data cache.
#cache: localfs
# Enables a fast in-memory cache booster and sets the expiration time.
#memcache_expire_seconds: 0
# Set a memcache limit in items (bank + key) per cache storage (driver + driver_opts).
#memcache_max_items: 1024
# Each time a cache storage got full cleanup all the expired items not just the oldest one.
#memcache_full_cleanup: False
# Enable collecting the memcache stats and log it on `debug` log level.
#memcache_debug: False
# Store all returns in the given returner.
# Setting this option requires that any returner-specific configuration also
# be set. See various returners in salt/returners for details on required
# configuration values. (See also, event_return_queue below.)
#
#event_return: mysql
# On busy systems, enabling event_returns can cause a considerable load on
# the storage system for returners. Events can be queued on the master and
# stored in a batched fashion using a single transaction for multiple events.
# By default, events are not queued.
#event_return_queue: 0
# Only return events matching tags in a whitelist, supports glob matches.
#event_return_whitelist:
# - salt/master/a_tag
# - salt/run/*/ret
# Store all event returns **except** the tags in a blacklist, supports globs.
#event_return_blacklist:
# - salt/master/not_this_tag
# - salt/wheel/*/ret
# Passing very large events can cause the minion to consume large amounts of
# memory. This value tunes the maximum size of a message allowed onto the
# master event bus. The value is expressed in bytes.
#max_event_size: 1048576
# By default, the master AES key rotates every 24 hours. The next command
# following a key rotation will trigger a key refresh from the minion which may
# result in minions which do not respond to the first command after a key refresh.
#
# To tell the master to ping all minions immediately after an AES key refresh, set
# ping_on_rotate to True. This should mitigate the issue where a minion does not
# appear to initially respond after a key is rotated.
#
# Note that ping_on_rotate may cause high load on the master immediately after
# the key rotation event as minions reconnect. Consider this carefully if this
# salt master is managing a large number of minions.
#
# If disabled, it is recommended to handle this event by listening for the
# 'aes_key_rotate' event with the 'key' tag and acting appropriately.
# ping_on_rotate: False
# By default, the master deletes its cache of minion data when the key for that
# minion is removed. To preserve the cache after key deletion, set
# 'preserve_minion_cache' to True.
#
# WARNING: This may have security implications if compromised minions auth with
# a previous deleted minion ID.
#preserve_minion_cache: False
# Allow or deny minions from requesting their own key revocation
#allow_minion_key_revoke: True
# If max_minions is used in large installations, the master might experience
# high-load situations because of having to check the number of connected
# minions for every authentication. This cache provides the minion-ids of
# all connected minions to all MWorker-processes and greatly improves the
# performance of max_minions.
# con_cache: False
# The master can include configuration from other files. To enable this,
# pass a list of paths to this option. The paths can be either relative or
# absolute; if relative, they are considered to be relative to the directory
# the main master configuration file lives in (this file). Paths can make use
# of shell-style globbing. If no files are matched by a path passed to this
# option, then the master will log a warning message.
#
# Include a config file from some other path:
# include: /etc/salt/extra_config
#
# Include config from several files and directories:
# include:
# - /etc/salt/extra_config
##### Large-scale tuning settings #####
##########################################
# Max open files
#
# Each minion connecting to the master uses AT LEAST one file descriptor, the
# master subscription connection. If enough minions connect you might start
# seeing on the console (and then salt-master crashes):
# Too many open files (tcp_listener.cpp:335)
# Aborted (core dumped)
#
# By default this value will be the one of `ulimit -Hn`, ie, the hard limit for
# max open files.
#
# If you wish to set a different value than the default one, uncomment and
# configure this setting. Remember that this value CANNOT be higher than the
# hard limit. Raising the hard limit depends on your OS and/or distribution,
# a good way to find the limit is to search the internet. For example:
# raise max open files hard limit debian
#
#max_open_files: 100000
# The number of worker threads to start. These threads are used to manage
# return calls made from minions to the master. If the master seems to be
# running slowly, increase the number of threads. This setting can not be
# set lower than 3.
#worker_threads: 5
# Set the ZeroMQ high water marks
# http://api.zeromq.org/3-2:zmq-setsockopt
# The listen queue size / backlog
#zmq_backlog: 1000
# The publisher interface ZeroMQPubServerChannel
#pub_hwm: 1000
# These two ZMQ HWM settings, salt_event_pub_hwm and event_publisher_pub_hwm
# are significant for masters with thousands of minions. When these are
# insufficiently high it will manifest in random responses missing in the CLI
# and even missing from the job cache. Masters that have fast CPUs and many
# cores with appropriate worker_threads will not need these set as high.
# On deployment with 8,000 minions, 2.4GHz CPUs, 24 cores, 32GiB memory has
# these settings:
#
# salt_event_pub_hwm: 128000
# event_publisher_pub_hwm: 64000
# ZMQ high-water-mark for SaltEvent pub socket
#salt_event_pub_hwm: 20000
# ZMQ high-water-mark for EventPublisher pub socket
#event_publisher_pub_hwm: 10000
# The master may allocate memory per-event and not
# reclaim it.
# To set a high-water mark for memory allocation, use
# ipc_write_buffer to set a high-water mark for message
# buffering.
# Value: In bytes. Set to 'dynamic' to have Salt select
# a value for you. Default is disabled.
# ipc_write_buffer: 'dynamic'
##### Security settings #####
##########################################
# Enable "open mode", this mode still maintains encryption, but turns off
# authentication, this is only intended for highly secure environments or for
# the situation where your keys end up in a bad state. If you run in open mode
# you do so at your own risk!
#open_mode: False
# Enable auto_accept, this setting will automatically accept all incoming
# public keys from the minions. Note that this is insecure.
#auto_accept: False
# The size of key that should be generated when creating new keys.
#keysize: 2048
# Time in minutes that an incoming public key with a matching name found in
# pki_dir/minion_autosign/keyid is automatically accepted. Expired autosign keys
# are removed when the master checks the minion_autosign directory.
# 0 equals no timeout
# autosign_timeout: 120
# If the autosign_file is specified, incoming keys specified in the
# autosign_file will be automatically accepted. This is insecure. Regular
# expressions as well as globing lines are supported.
#autosign_file: /etc/salt/autosign.conf
# Works like autosign_file, but instead allows you to specify minion IDs for
# which keys will automatically be rejected. Will override both membership in
# the autosign_file and the auto_accept setting.
#autoreject_file: /etc/salt/autoreject.conf
# Enable permissive access to the salt keys. This allows you to run the
# master or minion as root, but have a non-root group be given access to
# your pki_dir. To make the access explicit, root must belong to the group
# you've given access to. This is potentially quite insecure. If an autosign_file
# is specified, enabling permissive_pki_access will allow group access to that
# specific file.
#permissive_pki_access: False
# Allow users on the master access to execute specific commands on minions.
# This setting should be treated with care since it opens up execution
# capabilities to non root users. By default this capability is completely
# disabled.
#publisher_acl:
# larry:
# - test.ping
# - network.*
#
# Blacklist any of the following users or modules
#
# This example would blacklist all non sudo users, including root from
# running any commands. It would also blacklist any use of the "cmd"
# module. This is completely disabled by default.
#
#
# Check the list of configured users in client ACL against users on the
# system and throw errors if they do not exist.
#client_acl_verify: True
#
#publisher_acl_blacklist:
# users:
# - root
# - '^(?!sudo_).*$' # all non sudo users
# modules:
# - cmd
# Enforce publisher_acl & publisher_acl_blacklist when users have sudo
# access to the salt command.
#
#sudo_acl: False
# The external auth system uses the Salt auth modules to authenticate and
# validate users to access areas of the Salt system.
#external_auth:
# pam:
# fred:
# - test.*
#
# Time (in seconds) for a newly generated token to live. Default: 12 hours
#token_expire: 43200
#
# Allow eauth users to specify the expiry time of the tokens they generate.
# A boolean applies to all users or a dictionary of whitelisted eauth backends
# and usernames may be given.
# token_expire_user_override:
# pam:
# - fred
# - tom
# ldap:
# - gary
#
#token_expire_user_override: False
# Set to True to enable keeping the calculated user's auth list in the token
# file. This is disabled by default and the auth list is calculated or requested
# from the eauth driver each time.
#keep_acl_in_token: False
# Auth subsystem module to use to get authorized access list for a user. By default it's
# the same module used for external authentication.
#eauth_acl_module: django
# Allow minions to push files to the master. This is disabled by default, for
# security purposes.
#file_recv: False
# Set a hard-limit on the size of the files that can be pushed to the master.
# It will be interpreted as megabytes. Default: 100
#file_recv_max_size: 100
# Signature verification on messages published from the master.
# This causes the master to cryptographically sign all messages published to its event
# bus, and minions then verify that signature before acting on the message.
#
# This is False by default.
#
# Note that to facilitate interoperability with masters and minions that are different
# versions, if sign_pub_messages is True but a message is received by a minion with
# no signature, it will still be accepted, and a warning message will be logged.
# Conversely, if sign_pub_messages is False, but a minion receives a signed
# message it will be accepted, the signature will not be checked, and a warning message
# will be logged. This behavior went away in Salt 2014.1.0 and these two situations
# will cause minion to throw an exception and drop the message.
# sign_pub_messages: False
# Signature verification on messages published from minions
# This requires that minions cryptographically sign the messages they
# publish to the master. If minions are not signing, then log this information
# at loglevel 'INFO' and drop the message without acting on it.
# require_minion_sign_messages: False
# The below will drop messages when their signatures do not validate.
# Note that when this option is False but `require_minion_sign_messages` is True
# minions MUST sign their messages but the validity of their signatures
# is ignored.
# These two config options exist so a Salt infrastructure can be moved
# to signing minion messages gradually.
# drop_messages_signature_fail: False
# Use TLS/SSL encrypted connection between master and minion.
# Can be set to a dictionary containing keyword arguments corresponding to Python's
# 'ssl.wrap_socket' method.
# Default is None.
#ssl:
# keyfile: <path_to_keyfile>
# certfile: <path_to_certfile>
# ssl_version: PROTOCOL_TLSv1_2
##### Salt-SSH Configuration #####
##########################################
# Pass in an alternative location for the salt-ssh roster file
#roster_file: /etc/salt/roster
# Define locations for roster files so they can be chosen when using Salt API.
# An administrator can place roster files into these locations. Then when
# calling Salt API, parameter 'roster_file' should contain a relative path to
# these locations. That is, "roster_file=/foo/roster" will be resolved as
# "/etc/salt/roster.d/foo/roster" etc. This feature prevents passing insecure
# custom rosters through the Salt API.
#
#rosters:
# - /etc/salt/roster.d
# - /opt/salt/some/more/rosters
# The ssh password to log in with.
#ssh_passwd: ''
#The target system's ssh port number.
#ssh_port: 22
# Comma-separated list of ports to scan.
#ssh_scan_ports: 22
# Scanning socket timeout for salt-ssh.
#ssh_scan_timeout: 0.01
# Boolean to run command via sudo.
#ssh_sudo: False
# Number of seconds to wait for a response when establishing an SSH connection.
#ssh_timeout: 60
# The user to log in as.
#ssh_user: root
# The log file of the salt-ssh command:
#ssh_log_file: /var/log/salt/ssh
# Pass in minion option overrides that will be inserted into the SHIM for
# salt-ssh calls. The local minion config is not used for salt-ssh. Can be
# overridden on a per-minion basis in the roster (`minion_opts`)
#ssh_minion_opts:
# gpg_keydir: /root/gpg
# Set this to True to default to using ~/.ssh/id_rsa for salt-ssh
# authentication with minions
#ssh_use_home_key: False
# Set this to True to default salt-ssh to run with ``-o IdentitiesOnly=yes``.
# This option is intended for situations where the ssh-agent offers many
# different identities and allows ssh to ignore those identities and use the
# only one specified in options.
#ssh_identities_only: False
# List-only nodegroups for salt-ssh. Each group must be formed as either a
# comma-separated list, or a YAML list. This option is useful to group minions
# into easy-to-target groups when using salt-ssh. These groups can then be
# targeted with the normal -N argument to salt-ssh.
#ssh_list_nodegroups: {}
##### Master Module Management #####
##########################################
# Manage how master side modules are loaded.
# Add any additional locations to look for master runners:
#runner_dirs: []
# Enable Cython for master side modules:
#cython_enable: False
##### State System settings #####
##########################################
# The state system uses a "top" file to tell the minions what environment to
# use and what modules to use. The state_top file is defined relative to the
# root of the base environment as defined in "File Server settings" below.
#state_top: top.sls
# The master_tops option replaces the external_nodes option by creating
# a plugable system for the generation of external top data. The external_nodes
# option is deprecated by the master_tops option.
#
# To gain the capabilities of the classic external_nodes system, use the
# following configuration:
# master_tops:
# ext_nodes: <Shell command which returns yaml>
#
#master_tops: {}
# The external_nodes option allows Salt to gather data that would normally be
# placed in a top file. The external_nodes option is the executable that will
# return the ENC data. Remember that Salt will look for external nodes AND top
# files and combine the results if both are enabled!
#external_nodes: None
# The renderer to use on the minions to render the state data
#renderer: yaml_jinja
# The Jinja renderer can strip extra carriage returns and whitespace
# See http://jinja.pocoo.org/docs/api/#high-level-api
#
# If this is set to True the first newline after a Jinja block is removed
# (block, not variable tag!). Defaults to False, corresponds to the Jinja
# environment init variable "trim_blocks".
#jinja_trim_blocks: False
#
# If this is set to True leading spaces and tabs are stripped from the start
# of a line to a block. Defaults to False, corresponds to the Jinja
# environment init variable "lstrip_blocks".
#jinja_lstrip_blocks: False
# The failhard option tells the minions to stop immediately after the first
# failure detected in the state execution, defaults to False
#failhard: False
# The state_verbose and state_output settings can be used to change the way
# state system data is printed to the display. By default all data is printed.
# The state_verbose setting can be set to True or False, when set to False
# all data that has a result of True and no changes will be suppressed.
#state_verbose: True
# The state_output setting changes if the output is the full multi line
# output for each changed state if set to 'full', but if set to 'terse'
# the output will be shortened to a single line. If set to 'mixed', the output
# will be terse unless a state failed, in which case that output will be full.
# If set to 'changes', the output will be full unless the state didn't change.
#state_output: full
# The state_output_diff setting changes whether or not the output from
# successful states is returned. Useful when even the terse output of these
# states is cluttering the logs. Set it to True to ignore them.
#state_output_diff: False
# Automatically aggregate all states that have support for mod_aggregate by
# setting to 'True'. Or pass a list of state module names to automatically
# aggregate just those types.
#
# state_aggregate:
# - pkg
#
#state_aggregate: False
# Send progress events as each function in a state run completes execution
# by setting to 'True'. Progress events are in the format
# 'salt/job/<JID>/prog/<MID>/<RUN NUM>'.
#state_events: False
##### File Server settings #####
##########################################
# Salt runs a lightweight file server written in zeromq to deliver files to
# minions. This file server is built into the master daemon and does not
# require a dedicated port.
# The file server works on environments passed to the master, each environment
# can have multiple root directories, the subdirectories in the multiple file
# roots cannot match, otherwise the downloaded files will not be able to be
# reliably ensured. A base environment is required to house the top file.
# Example:
# file_roots:
# base:
# - /srv/salt/
# dev:
# - /srv/salt/dev/services
# - /srv/salt/dev/states
# prod:
# - /srv/salt/prod/services
# - /srv/salt/prod/states
#
#file_roots:
# base:
# - /srv/salt
#
# The master_roots setting configures a master-only copy of the file_roots dictionary,
# used by the state compiler.
#master_roots: /srv/salt-master
# When using multiple environments, each with their own top file, the
# default behaviour is an unordered merge. To prevent top files from
# being merged together and instead to only use the top file from the
# requested environment, set this value to 'same'.
#top_file_merging_strategy: merge
# To specify the order in which environments are merged, set the ordering
# in the env_order option. Given a conflict, the last matching value will
# win.
#env_order: ['base', 'dev', 'prod']
# If top_file_merging_strategy is set to 'same' and an environment does not
# contain a top file, the top file in the environment specified by default_top
# will be used instead.
#default_top: base
# The hash_type is the hash to use when discovering the hash of a file on
# the master server. The default is sha256, but md5, sha1, sha224, sha384 and
# sha512 are also supported.
#
# WARNING: While md5 and sha1 are also supported, do not use them due to the
# high chance of possible collisions and thus security breach.
#
# Prior to changing this value, the master should be stopped and all Salt
# caches should be cleared.
#hash_type: sha256
# The buffer size in the file server can be adjusted here:
#file_buffer_size: 1048576
# A regular expression (or a list of expressions) that will be matched
# against the file path before syncing the modules and states to the minions.
# This includes files affected by the file.recurse state.
# For example, if you manage your custom modules and states in subversion
# and don't want all the '.svn' folders and content synced to your minions,
# you could set this to '/\.svn($|/)'. By default nothing is ignored.
#file_ignore_regex:
# - '/\.svn($|/)'
# - '/\.git($|/)'
# A file glob (or list of file globs) that will be matched against the file
# path before syncing the modules and states to the minions. This is similar
# to file_ignore_regex above, but works on globs instead of regex. By default
# nothing is ignored.
# file_ignore_glob:
# - '*.pyc'
# - '*/somefolder/*.bak'
# - '*.swp'
# File Server Backend
#
# Salt supports a modular fileserver backend system, this system allows
# the salt master to link directly to third party systems to gather and
# manage the files available to minions. Multiple backends can be
# configured and will be searched for the requested file in the order in which
# they are defined here. The default setting only enables the standard backend
# "roots" which uses the "file_roots" option.
#fileserver_backend:
# - roots
#
# To use multiple backends list them in the order they are searched:
#fileserver_backend:
# - git
# - roots
#
# Uncomment the line below if you do not want the file_server to follow
# symlinks when walking the filesystem tree. This is set to True
# by default. Currently this only applies to the default roots
# fileserver_backend.
#fileserver_followsymlinks: False
#
# Uncomment the line below if you do not want symlinks to be
# treated as the files they are pointing to. By default this is set to
# False. By uncommenting the line below, any detected symlink while listing
# files on the Master will not be returned to the Minion.
#fileserver_ignoresymlinks: True
#
# By default, the Salt fileserver recurses fully into all defined environments
# to attempt to find files. To limit this behavior so that the fileserver only
# traverses directories with SLS files and special Salt directories like _modules,
# enable the option below. This might be useful for installations where a file root
# has a very large number of files and performance is impacted. Default is False.
# fileserver_limit_traversal: False
#
# The fileserver can fire events off every time the fileserver is updated,
# these are disabled by default, but can be easily turned on by setting this
# flag to True
#fileserver_events: False
# Git File Server Backend Configuration
#
# Optional parameter used to specify the provider to be used for gitfs. Must be
# either pygit2 or gitpython. If unset, then both will be tried (in that
# order), and the first one with a compatible version installed will be the
# provider that is used.
#
#gitfs_provider: pygit2
# Along with gitfs_password, is used to authenticate to HTTPS remotes.
# gitfs_user: ''
# Along with gitfs_user, is used to authenticate to HTTPS remotes.
# This parameter is not required if the repository does not use authentication.
#gitfs_password: ''
# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote.
# This parameter enables authentication over HTTP. Enable this at your own risk.
#gitfs_insecure_auth: False
# Along with gitfs_privkey (and optionally gitfs_passphrase), is used to
# authenticate to SSH remotes. This parameter (or its per-remote counterpart)
# is required for SSH remotes.
#gitfs_pubkey: ''
# Along with gitfs_pubkey (and optionally gitfs_passphrase), is used to
# authenticate to SSH remotes. This parameter (or its per-remote counterpart)
# is required for SSH remotes.
#gitfs_privkey: ''
# This parameter is optional, required only when the SSH key being used to
# authenticate is protected by a passphrase.
#gitfs_passphrase: ''
# When using the git fileserver backend at least one git remote needs to be
# defined. The user running the salt master will need read access to the repo.
#
# The repos will be searched in order to find the file requested by a client
# and the first repo to have the file will return it.
# When using the git backend branches and tags are translated into salt
# environments.
# Note: file:// repos will be treated as a remote, so refs you want used must
# exist in that repo as *local* refs.
#gitfs_remotes:
# - git://github.com/saltstack/salt-states.git
# - file:///var/git/saltmaster
#
# The gitfs_ssl_verify option specifies whether to ignore ssl certificate
# errors when contacting the gitfs backend. You might want to set this to
# false if you're using a git backend that uses a self-signed certificate but
# keep in mind that setting this flag to anything other than the default of True
# is a security concern, you may want to try using the ssh transport.
#gitfs_ssl_verify: True
#
# The gitfs_root option gives the ability to serve files from a subdirectory
# within the repository. The path is defined relative to the root of the
# repository and defaults to the repository root.
#gitfs_root: somefolder/otherfolder
#
# The refspecs fetched by gitfs remotes
#gitfs_refspecs:
# - '+refs/heads/*:refs/remotes/origin/*'
# - '+refs/tags/*:refs/tags/*'
#
#
##### Pillar settings #####
##########################################
# Salt Pillars allow for the building of global data that can be made selectively
# available to different minions based on minion grain filtering. The Salt
# Pillar is laid out in the same fashion as the file server, with environments,
# a top file and sls files. However, pillar data does not need to be in the
# highstate format, and is generally just key/value pairs.
#pillar_roots:
# base:
# - /srv/pillar
#
#ext_pillar:
# - hiera: /etc/hiera.yaml
# - cmd_yaml: cat /etc/salt/yaml
# A list of paths to be recursively decrypted during pillar compilation.
# Entries in this list can be formatted either as a simple string, or as a
# key/value pair, with the key being the pillar location, and the value being
# the renderer to use for pillar decryption. If the former is used, the
# renderer specified by decrypt_pillar_default will be used.
#decrypt_pillar:
# - 'foo:bar': gpg
# - 'lorem:ipsum:dolor'
# The delimiter used to distinguish nested data structures in the
# decrypt_pillar option.
#decrypt_pillar_delimiter: ':'
# The default renderer used for decryption, if one is not specified for a given
# pillar key in decrypt_pillar.
#decrypt_pillar_default: gpg
# List of renderers which are permitted to be used for pillar decryption.
#decrypt_pillar_renderers:
# - gpg
# The ext_pillar_first option allows for external pillar sources to populate
# before file system pillar. This allows for targeting file system pillar from
# ext_pillar.
#ext_pillar_first: False
# The external pillars permitted to be used on-demand using pillar.ext
#on_demand_ext_pillar:
# - libvirt
# - virtkey
# The pillar_gitfs_ssl_verify option specifies whether to ignore ssl certificate
# errors when contacting the pillar gitfs backend. You might want to set this to
# false if you're using a git backend that uses a self-signed certificate but
# keep in mind that setting this flag to anything other than the default of True
# is a security concern, you may want to try using the ssh transport.
#pillar_gitfs_ssl_verify: True
# The pillar_opts option adds the master configuration file data to a dict in
# the pillar called "master". This is used to set simple configurations in the
# master config file that can then be used on minions.
#pillar_opts: False
# The pillar_safe_render_error option prevents the master from passing pillar
# render errors to the minion. This is set on by default because the error could
# contain templating data which would give that minion information it shouldn't
# have, like a password! When set true the error message will only show:
# Rendering SLS 'my.sls' failed. Please see master log for details.
#pillar_safe_render_error: True
# The pillar_source_merging_strategy option allows you to configure merging strategy
# between different sources. It accepts five values: none, recurse, aggregate, overwrite,
# or smart. None will not do any merging at all. Recurse will merge recursively mapping of data.
# Aggregate instructs aggregation of elements between sources that use the #!yamlex renderer. Overwrite
# will overwrite elements according the order in which they are processed. This is
# behavior of the 2014.1 branch and earlier. Smart guesses the best strategy based
# on the "renderer" setting and is the default value.
#pillar_source_merging_strategy: smart
# Recursively merge lists by aggregating them instead of replacing them.
#pillar_merge_lists: False
# Set this option to True to force the pillarenv to be the same as the effective
# saltenv when running states. If pillarenv is specified this option will be
# ignored.
#pillarenv_from_saltenv: False
# Set this option to 'True' to force a 'KeyError' to be raised whenever an
# attempt to retrieve a named value from pillar fails. When this option is set
# to 'False', the failed attempt returns an empty string. Default is 'False'.
#pillar_raise_on_missing: False
# Git External Pillar (git_pillar) Configuration Options
#
# Specify the provider to be used for git_pillar. Must be either pygit2 or
# gitpython. If unset, then both will be tried in that same order, and the
# first one with a compatible version installed will be the provider that
# is used.
#git_pillar_provider: pygit2
# If the desired branch matches this value, and the environment is omitted
# from the git_pillar configuration, then the environment for that git_pillar
# remote will be base.
#git_pillar_base: master
# If the branch is omitted from a git_pillar remote, then this branch will
# be used instead
#git_pillar_branch: master
# Environment to use for git_pillar remotes. This is normally derived from
# the branch/tag (or from a per-remote env parameter), but if set this will
# override the process of deriving the env from the branch/tag name.
#git_pillar_env: ''
# Path relative to the root of the repository where the git_pillar top file
# and SLS files are located.
#git_pillar_root: ''
# Specifies whether or not to ignore SSL certificate errors when contacting
# the remote repository.
#git_pillar_ssl_verify: False
# When set to False, if there is an update/checkout lock for a git_pillar
# remote and the pid written to it is not running on the master, the lock
# file will be automatically cleared and a new lock will be obtained.
#git_pillar_global_lock: True
# Git External Pillar Authentication Options
#
# Along with git_pillar_password, is used to authenticate to HTTPS remotes.
#git_pillar_user: ''
# Along with git_pillar_user, is used to authenticate to HTTPS remotes.
# This parameter is not required if the repository does not use authentication.
#git_pillar_password: ''
# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote.
# This parameter enables authentication over HTTP.
#git_pillar_insecure_auth: False
# Along with git_pillar_privkey (and optionally git_pillar_passphrase),
# is used to authenticate to SSH remotes.
#git_pillar_pubkey: ''
# Along with git_pillar_pubkey (and optionally git_pillar_passphrase),
# is used to authenticate to SSH remotes.
#git_pillar_privkey: ''
# This parameter is optional, required only when the SSH key being used
# to authenticate is protected by a passphrase.
#git_pillar_passphrase: ''
# The refspecs fetched by git_pillar remotes
#git_pillar_refspecs:
# - '+refs/heads/*:refs/remotes/origin/*'
# - '+refs/tags/*:refs/tags/*'
# A master can cache pillars locally to bypass the expense of having to render them
# for each minion on every request. This feature should only be enabled in cases
# where pillar rendering time is known to be unsatisfactory and any attendant security
# concerns about storing pillars in a master cache have been addressed.
#
# When enabling this feature, be certain to read through the additional ``pillar_cache_*``
# configuration options to fully understand the tunable parameters and their implications.
#
# Note: setting ``pillar_cache: True`` has no effect on targeting Minions with Pillars.
# See https://docs.saltstack.com/en/latest/topics/targeting/pillar.html
#pillar_cache: False
# If and only if a master has set ``pillar_cache: True``, the cache TTL controls the amount
# of time, in seconds, before the cache is considered invalid by a master and a fresh
# pillar is recompiled and stored.
#pillar_cache_ttl: 3600
# If and only if a master has set `pillar_cache: True`, one of several storage providers
# can be utililzed.
#
# `disk`: The default storage backend. This caches rendered pillars to the master cache.
# Rendered pillars are serialized and deserialized as msgpack structures for speed.
# Note that pillars are stored UNENCRYPTED. Ensure that the master cache
# has permissions set appropriately. (Same defaults are provided.)
#
# memory: [EXPERIMENTAL] An optional backend for pillar caches which uses a pure-Python
# in-memory data structure for maximal performance. There are several caveats,
# however. First, because each master worker contains its own in-memory cache,
# there is no guarantee of cache consistency between minion requests. This
# works best in situations where the pillar rarely if ever changes. Secondly,
# and perhaps more importantly, this means that unencrypted pillars will
# be accessible to any process which can examine the memory of the ``salt-master``!
# This may represent a substantial security risk.
#
#pillar_cache_backend: disk
###### Reactor Settings #####
###########################################
# Define a salt reactor. See https://docs.saltstack.com/en/latest/topics/reactor/
#reactor: []
#Set the TTL for the cache of the reactor configuration.
#reactor_refresh_interval: 60
#Configure the number of workers for the runner/wheel in the reactor.
#reactor_worker_threads: 10
#Define the queue size for workers in the reactor.
#reactor_worker_hwm: 10000
##### Syndic settings #####
##########################################
# The Salt syndic is used to pass commands through a master from a higher
# master. Using the syndic is simple. If this is a master that will have
# syndic servers(s) below it, then set the "order_masters" setting to True.
#
# If this is a master that will be running a syndic daemon for passthrough, then
# the "syndic_master" setting needs to be set to the location of the master server
# to receive commands from.
# Set the order_masters setting to True if this master will command lower
# masters' syndic interfaces.
#order_masters: False
# If this master will be running a salt syndic daemon, syndic_master tells
# this master where to receive commands from.
#syndic_master: masterofmasters
# This is the 'ret_port' of the MasterOfMaster:
#syndic_master_port: 4506
# PID file of the syndic daemon:
#syndic_pidfile: /var/run/salt-syndic.pid
# The log file of the salt-syndic daemon:
#syndic_log_file: /var/log/salt/syndic
# The behaviour of the multi-syndic when connection to a master of masters failed.
# Can specify ``random`` (default) or ``ordered``. If set to ``random``, masters
# will be iterated in random order. If ``ordered`` is specified, the configured
# order will be used.
#syndic_failover: random
# The number of seconds for the salt client to wait for additional syndics to
# check in with their lists of expected minions before giving up.
#syndic_wait: 5
##### Peer Publish settings #####
##########################################
# Salt minions can send commands to other minions, but only if the minion is
# allowed to. By default "Peer Publication" is disabled, and when enabled it
# is enabled for specific minions and specific commands. This allows secure
# compartmentalization of commands based on individual minions.
# The configuration uses regular expressions to match minions and then a list
# of regular expressions to match functions. The following will allow the
# minion authenticated as foo.example.com to execute functions from the test
# and pkg modules.
#peer:
# foo.example.com:
# - test.*
# - pkg.*
#
# This will allow all minions to execute all commands:
#peer:
# .*:
# - .*
#
# This is not recommended, since it would allow anyone who gets root on any
# single minion to instantly have root on all of the minions!
# Minions can also be allowed to execute runners from the salt master.
# Since executing a runner from the minion could be considered a security risk,
# it needs to be enabled. This setting functions just like the peer setting
# except that it opens up runners instead of module functions.
#
# All peer runner support is turned off by default and must be enabled before
# using. This will enable all peer runners for all minions:
#peer_run:
# .*:
# - .*
#
# To enable just the manage.up runner for the minion foo.example.com:
#peer_run:
# foo.example.com:
# - manage.up
#
#
##### Mine settings #####
#####################################
# Restrict mine.get access from minions. By default any minion has a full access
# to get all mine data from master cache. In acl definion below, only pcre matches
# are allowed.
# mine_get:
# .*:
# - .*
#
# The example below enables minion foo.example.com to get 'network.interfaces' mine
# data only, minions web* to get all network.* and disk.* mine data and all other
# minions won't get any mine data.
# mine_get:
# foo.example.com:
# - network.interfaces
# web.*:
# - network.*
# - disk.*
##### Logging settings #####
##########################################
# The location of the master log file
# The master log can be sent to a regular file, local path name, or network
# location. Remote logging works best when configured to use rsyslogd(8) (e.g.:
# ``file:///dev/log``), with rsyslogd(8) configured for network logging. The URI
# format is: <file|udp|tcp>://<host|socketpath>:<port-if-required>/<log-facility>
#log_file: /var/log/salt/master
#log_file: file:///dev/log
#log_file: udp://loghost:10514
#log_file: /var/log/salt/master
#key_logfile: /var/log/salt/key
# The level of messages to send to the console.
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
#
# The following log levels are considered INSECURE and may log sensitive data:
# ['garbage', 'trace', 'debug']
#
#log_level: warning
# The level of messages to send to the log file.
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
# If using 'log_granular_levels' this must be set to the highest desired level.
#log_level_logfile: warning
# The date and time format used in log messages. Allowed date/time formatting
# can be seen here: http://docs.python.org/library/time.html#time.strftime
#log_datefmt: '%H:%M:%S'
#log_datefmt_logfile: '%Y-%m-%d %H:%M:%S'
# The format of the console logging messages. Allowed formatting options can
# be seen here: http://docs.python.org/library/logging.html#logrecord-attributes
#
# Console log colors are specified by these additional formatters:
#
# %(colorlevel)s
# %(colorname)s
# %(colorprocess)s
# %(colormsg)s
#
# Since it is desirable to include the surrounding brackets, '[' and ']', in
# the coloring of the messages, these color formatters also include padding as
# well. Color LogRecord attributes are only available for console logging.
#
#log_fmt_console: '%(colorlevel)s %(colormsg)s'
#log_fmt_console: '[%(levelname)-8s] %(message)s'
#
#log_fmt_logfile: '%(asctime)s,%(msecs)03d [%(name)-17s][%(levelname)-8s] %(message)s'
# This can be used to control logging levels more specificically. This
# example sets the main salt library at the 'warning' level, but sets
# 'salt.modules' to log at the 'debug' level:
# log_granular_levels:
# 'salt': 'warning'
# 'salt.modules': 'debug'
#
#log_granular_levels: {}
##### Node Groups ######
##########################################
# Node groups allow for logical groupings of minion nodes. A group consists of
# a group name and a compound target. Nodgroups can reference other nodegroups
# with 'N@' classifier. Ensure that you do not have circular references.
#
#nodegroups:
# group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com or bl*.domain.com'
# group2: 'G@os:Debian and foo.domain.com'
# group3: 'G@os:Debian and N@group1'
# group4:
# - 'G@foo:bar'
# - 'or'
# - 'G@foo:baz'
##### Range Cluster settings #####
##########################################
# The range server (and optional port) that serves your cluster information
# https://github.com/ytoolshed/range/wiki/%22yamlfile%22-module-file-spec
#
#range_server: range:80
##### Windows Software Repo settings #####
###########################################
# Location of the repo on the master:
#winrepo_dir_ng: '/srv/salt/win/repo-ng'
#
# List of git repositories to include with the local repo:
#winrepo_remotes_ng:
# - 'https://github.com/saltstack/salt-winrepo-ng.git'
##### Windows Software Repo settings - Pre 2015.8 #####
########################################################
# Legacy repo settings for pre-2015.8 Windows minions.
#
# Location of the repo on the master:
#winrepo_dir: '/srv/salt/win/repo'
#
# Location of the master's repo cache file:
#winrepo_mastercachefile: '/srv/salt/win/repo/winrepo.p'
#
# List of git repositories to include with the local repo:
#winrepo_remotes:
# - 'https://github.com/saltstack/salt-winrepo.git'
# The refspecs fetched by winrepo remotes
#winrepo_refspecs:
# - '+refs/heads/*:refs/remotes/origin/*'
# - '+refs/tags/*:refs/tags/*'
#
##### Returner settings ######
############################################
# Which returner(s) will be used for minion's result:
#return: mysql
###### Miscellaneous settings ######
############################################
# Default match type for filtering events tags: startswith, endswith, find, regex, fnmatch
#event_match_type: startswith
# Save runner returns to the job cache
#runner_returns: True
# Permanently include any available Python 3rd party modules into thin and minimal Salt
# when they are generated for Salt-SSH or other purposes.
# The modules should be named by the names they are actually imported inside the Python.
# The value of the parameters can be either one module or a comma separated list of them.
#thin_extra_mods: foo,bar
#min_extra_mods: foo,bar,baz
###### Keepalive settings ######
############################################
# Warning: Failure to set TCP keepalives on the salt-master can result in
# not detecting the loss of a minion when the connection is lost or when
# it's host has been terminated without first closing the socket.
# Salt's Presence System depends on this connection status to know if a minion
# is "present".
# ZeroMQ now includes support for configuring SO_KEEPALIVE if supported by
# the OS. If connections between the minion and the master pass through
# a state tracking device such as a firewall or VPN gateway, there is
# the risk that it could tear down the connection the master and minion
# without informing either party that their connection has been taken away.
# Enabling TCP Keepalives prevents this from happening.
# Overall state of TCP Keepalives, enable (1 or True), disable (0 or False)
# or leave to the OS defaults (-1), on Linux, typically disabled. Default True, enabled.
#tcp_keepalive: True
# How long before the first keepalive should be sent in seconds. Default 300
# to send the first keepalive after 5 minutes, OS default (-1) is typically 7200 seconds
# on Linux see /proc/sys/net/ipv4/tcp_keepalive_time.
#tcp_keepalive_idle: 300
# How many lost probes are needed to consider the connection lost. Default -1
# to use OS defaults, typically 9 on Linux, see /proc/sys/net/ipv4/tcp_keepalive_probes.
#tcp_keepalive_cnt: -1
# How often, in seconds, to send keepalives after the first one. Default -1 to
# use OS defaults, typically 75 seconds on Linux, see
# /proc/sys/net/ipv4/tcp_keepalive_intvl.
#tcp_keepalive_intvl: -1
##### NetAPI settings #####
############################################
# Allow the raw_shell parameter to be used when calling Salt SSH client via API
#netapi_allow_raw_shell: True
Example minion configuration file
##### Primary configuration settings #####
##########################################
# This configuration file is used to manage the behavior of the Salt Minion.
# With the exception of the location of the Salt Master Server, values that are
# commented out but have an empty line after the comment are defaults that need
# not be set in the config. If there is no blank line after the comment, the
# value is presented as an example and is not the default.
# Per default the minion will automatically include all config files
# from minion.d/*.conf (minion.d is a directory in the same directory
# as the main minion config file).
#default_include: minion.d/*.conf
# Set the location of the salt master server. If the master server cannot be
# resolved, then the minion will fail to start.
#master: salt
# Set http proxy information for the minion when doing requests
#proxy_host:
#proxy_port:
#proxy_username:
#proxy_password:
# If multiple masters are specified in the 'master' setting, the default behavior
# is to always try to connect to them in the order they are listed. If random_master is
# set to True, the order will be randomized instead. This can be helpful in distributing
# the load of many minions executing salt-call requests, for example, from a cron job.
# If only one master is listed, this setting is ignored and a warning will be logged.
# NOTE: If master_type is set to failover, use master_shuffle instead.
#random_master: False
# Use if master_type is set to failover.
#master_shuffle: False
# Minions can connect to multiple masters simultaneously (all masters
# are "hot"), or can be configured to failover if a master becomes
# unavailable. Multiple hot masters are configured by setting this
# value to "str". Failover masters can be requested by setting
# to "failover". MAKE SURE TO SET master_alive_interval if you are
# using failover.
# Setting master_type to 'disable' let's you have a running minion (with engines and
# beacons) without a master connection
# master_type: str
# Poll interval in seconds for checking if the master is still there. Only
# respected if master_type above is "failover". To disable the interval entirely,
# set the value to -1. (This may be necessary on machines which have high numbers
# of TCP connections, such as load balancers.)
# master_alive_interval: 30
# If the minion is in multi-master mode and the master_type configuration option
# is set to "failover", this setting can be set to "True" to force the minion
# to fail back to the first master in the list if the first master is back online.
#master_failback: False
# If the minion is in multi-master mode, the "master_type" configuration is set to
# "failover", and the "master_failback" option is enabled, the master failback
# interval can be set to ping the top master with this interval, in seconds.
#master_failback_interval: 0
# Set whether the minion should connect to the master via IPv6:
#ipv6: False
# Set the number of seconds to wait before attempting to resolve
# the master hostname if name resolution fails. Defaults to 30 seconds.
# Set to zero if the minion should shutdown and not retry.
# retry_dns: 30
# Set the port used by the master reply and authentication server.
#master_port: 4506
# The user to run salt.
#user: root
# The user to run salt remote execution commands as via sudo. If this option is
# enabled then sudo will be used to change the active user executing the remote
# command. If enabled the user will need to be allowed access via the sudoers
# file for the user that the salt minion is configured to run as. The most
# common option would be to use the root user. If this option is set the user
# option should also be set to a non-root user. If migrating from a root minion
# to a non root minion the minion cache should be cleared and the minion pki
# directory will need to be changed to the ownership of the new user.
#sudo_user: root
# Specify the location of the daemon process ID file.
#pidfile: /var/run/salt-minion.pid
# The root directory prepended to these options: pki_dir, cachedir, log_file,
# sock_dir, pidfile.
#root_dir: /
# The path to the minion's configuration file.
#conf_file: /etc/salt/minion
# The directory to store the pki information in
#pki_dir: /etc/salt/pki/minion
# Explicitly declare the id for this minion to use, if left commented the id
# will be the hostname as returned by the python call: socket.getfqdn()
# Since salt uses detached ids it is possible to run multiple minions on the
# same machine but with different ids, this can be useful for salt compute
# clusters.
#id:
# Cache the minion id to a file when the minion's id is not statically defined
# in the minion config. Defaults to "True". This setting prevents potential
# problems when automatic minion id resolution changes, which can cause the
# minion to lose connection with the master. To turn off minion id caching,
# set this config to ``False``.
#minion_id_caching: True
# Append a domain to a hostname in the event that it does not exist. This is
# useful for systems where socket.getfqdn() does not actually result in a
# FQDN (for instance, Solaris).
#append_domain:
# Custom static grains for this minion can be specified here and used in SLS
# files just like all other grains. This example sets 4 custom grains, with
# the 'roles' grain having two values that can be matched against.
#grains:
# roles:
# - webserver
# - memcache
# deployment: datacenter4
# cabinet: 13
# cab_u: 14-15
#
# Where cache data goes.
# This data may contain sensitive data and should be protected accordingly.
#cachedir: /var/cache/salt/minion
# Append minion_id to these directories. Helps with
# multiple proxies and minions running on the same machine.
# Allowed elements in the list: pki_dir, cachedir, extension_modules
# Normally not needed unless running several proxies and/or minions on the same machine
# Defaults to ['cachedir'] for proxies, [] (empty list) for regular minions
#append_minionid_config_dirs:
# Verify and set permissions on configuration directories at startup.
#verify_env: True
# The minion can locally cache the return data from jobs sent to it, this
# can be a good way to keep track of jobs the minion has executed
# (on the minion side). By default this feature is disabled, to enable, set
# cache_jobs to True.
#cache_jobs: False
# Set the directory used to hold unix sockets.
#sock_dir: /var/run/salt/minion
# Set the default outputter used by the salt-call command. The default is
# "nested".
#output: nested
# To set a list of additional directories to search for salt outputters, set the
# outputter_dirs option.
#outputter_dirs: []
# By default output is colored. To disable colored output, set the color value
# to False.
#color: True
# Do not strip off the colored output from nested results and state outputs
# (true by default).
# strip_colors: False
# Backup files that are replaced by file.managed and file.recurse under
# 'cachedir'/file_backup relative to their original location and appended
# with a timestamp. The only valid setting is "minion". Disabled by default.
#
# Alternatively this can be specified for each file in state files:
# /etc/ssh/sshd_config:
# file.managed:
# - source: salt://ssh/sshd_config
# - backup: minion
#
#backup_mode: minion
# When waiting for a master to accept the minion's public key, salt will
# continuously attempt to reconnect until successful. This is the time, in
# seconds, between those reconnection attempts.
#acceptance_wait_time: 10
# If this is nonzero, the time between reconnection attempts will increase by
# acceptance_wait_time seconds per iteration, up to this maximum. If this is
# set to zero, the time between reconnection attempts will stay constant.
#acceptance_wait_time_max: 0
# If the master rejects the minion's public key, retry instead of exiting.
# Rejected keys will be handled the same as waiting on acceptance.
#rejected_retry: False
# When the master key changes, the minion will try to re-auth itself to receive
# the new master key. In larger environments this can cause a SYN flood on the
# master because all minions try to re-auth immediately. To prevent this and
# have a minion wait for a random amount of time, use this optional parameter.
# The wait-time will be a random number of seconds between 0 and the defined value.
#random_reauth_delay: 60
# To avoid overloading a master when many minions startup at once, a randomized
# delay may be set to tell the minions to wait before connecting to the master.
# This value is the number of seconds to choose from for a random number. For
# example, setting this value to 60 will choose a random number of seconds to delay
# on startup between zero seconds and sixty seconds. Setting to '0' will disable
# this feature.
#random_startup_delay: 0
# When waiting for a master to accept the minion's public key, salt will
# continuously attempt to reconnect until successful. This is the timeout value,
# in seconds, for each individual attempt. After this timeout expires, the minion
# will wait for acceptance_wait_time seconds before trying again. Unless your master
# is under unusually heavy load, this should be left at the default.
#auth_timeout: 60
# Number of consecutive SaltReqTimeoutError that are acceptable when trying to
# authenticate.
#auth_tries: 7
# The number of attempts to connect to a master before giving up.
# Set this to -1 for unlimited attempts. This allows for a master to have
# downtime and the minion to reconnect to it later when it comes back up.
# In 'failover' mode, it is the number of attempts for each set of masters.
# In this mode, it will cycle through the list of masters for each attempt.
#
# This is different than auth_tries because auth_tries attempts to
# retry auth attempts with a single master. auth_tries is under the
# assumption that you can connect to the master but not gain
# authorization from it. master_tries will still cycle through all
# the masters in a given try, so it is appropriate if you expect
# occasional downtime from the master(s).
#master_tries: 1
# If authentication fails due to SaltReqTimeoutError during a ping_interval,
# cause sub minion process to restart.
#auth_safemode: False
# Ping Master to ensure connection is alive (minutes).
#ping_interval: 0
# To auto recover minions if master changes IP address (DDNS)
# auth_tries: 10
# auth_safemode: False
# ping_interval: 2
#
# Minions won't know master is missing until a ping fails. After the ping fail,
# the minion will attempt authentication and likely fails out and cause a restart.
# When the minion restarts it will resolve the masters IP and attempt to reconnect.
# If you don't have any problems with syn-floods, don't bother with the
# three recon_* settings described below, just leave the defaults!
#
# The ZeroMQ pull-socket that binds to the masters publishing interface tries
# to reconnect immediately, if the socket is disconnected (for example if
# the master processes are restarted). In large setups this will have all
# minions reconnect immediately which might flood the master (the ZeroMQ-default
# is usually a 100ms delay). To prevent this, these three recon_* settings
# can be used.
# recon_default: the interval in milliseconds that the socket should wait before
# trying to reconnect to the master (1000ms = 1 second)
#
# recon_max: the maximum time a socket should wait. each interval the time to wait
# is calculated by doubling the previous time. if recon_max is reached,
# it starts again at recon_default. Short example:
#
# reconnect 1: the socket will wait 'recon_default' milliseconds
# reconnect 2: 'recon_default' * 2
# reconnect 3: ('recon_default' * 2) * 2
# reconnect 4: value from previous interval * 2
# reconnect 5: value from previous interval * 2
# reconnect x: if value >= recon_max, it starts again with recon_default
#
# recon_randomize: generate a random wait time on minion start. The wait time will
# be a random value between recon_default and recon_default +
# recon_max. Having all minions reconnect with the same recon_default
# and recon_max value kind of defeats the purpose of being able to
# change these settings. If all minions have the same values and your
# setup is quite large (several thousand minions), they will still
# flood the master. The desired behavior is to have timeframe within
# all minions try to reconnect.
#
# Example on how to use these settings. The goal: have all minions reconnect within a
# 60 second timeframe on a disconnect.
# recon_default: 1000
# recon_max: 59000
# recon_randomize: True
#
# Each minion will have a randomized reconnect value between 'recon_default'
# and 'recon_default + recon_max', which in this example means between 1000ms
# 60000ms (or between 1 and 60 seconds). The generated random-value will be
# doubled after each attempt to reconnect. Lets say the generated random
# value is 11 seconds (or 11000ms).
# reconnect 1: wait 11 seconds
# reconnect 2: wait 22 seconds
# reconnect 3: wait 33 seconds
# reconnect 4: wait 44 seconds
# reconnect 5: wait 55 seconds
# reconnect 6: wait time is bigger than 60 seconds (recon_default + recon_max)
# reconnect 7: wait 11 seconds
# reconnect 8: wait 22 seconds
# reconnect 9: wait 33 seconds
# reconnect x: etc.
#
# In a setup with ~6000 thousand hosts these settings would average the reconnects
# to about 100 per second and all hosts would be reconnected within 60 seconds.
# recon_default: 100
# recon_max: 5000
# recon_randomize: False
#
#
# The loop_interval sets how long in seconds the minion will wait between
# evaluating the scheduler and running cleanup tasks. This defaults to 1
# second on the minion scheduler.
#loop_interval: 1
# Some installations choose to start all job returns in a cache or a returner
# and forgo sending the results back to a master. In this workflow, jobs
# are most often executed with --async from the Salt CLI and then results
# are evaluated by examining job caches on the minions or any configured returners.
# WARNING: Setting this to False will **disable** returns back to the master.
#pub_ret: True
# The grains can be merged, instead of overridden, using this option.
# This allows custom grains to defined different subvalues of a dictionary
# grain. By default this feature is disabled, to enable set grains_deep_merge
# to ``True``.
#grains_deep_merge: False
# The grains_refresh_every setting allows for a minion to periodically check
# its grains to see if they have changed and, if so, to inform the master
# of the new grains. This operation is moderately expensive, therefore
# care should be taken not to set this value too low.
#
# Note: This value is expressed in __minutes__!
#
# A value of 10 minutes is a reasonable default.
#
# If the value is set to zero, this check is disabled.
#grains_refresh_every: 1
# Cache grains on the minion. Default is False.
#grains_cache: False
# Cache rendered pillar data on the minion. Default is False.
# This may cause 'cachedir'/pillar to contain sensitive data that should be
# protected accordingly.
#minion_pillar_cache: False
# Grains cache expiration, in seconds. If the cache file is older than this
# number of seconds then the grains cache will be dumped and fully re-populated
# with fresh data. Defaults to 5 minutes. Will have no effect if 'grains_cache'
# is not enabled.
# grains_cache_expiration: 300
# Determines whether or not the salt minion should run scheduled mine updates.
# Defaults to "True". Set to "False" to disable the scheduled mine updates
# (this essentially just does not add the mine update function to the minion's
# scheduler).
#mine_enabled: True
# Determines whether or not scheduled mine updates should be accompanied by a job
# return for the job cache. Defaults to "False". Set to "True" to include job
# returns in the job cache for mine updates.
#mine_return_job: False
# Example functions that can be run via the mine facility
# NO mine functions are established by default.
# Note these can be defined in the minion's pillar as well.
#mine_functions:
# test.ping: []
# network.ip_addrs:
# interface: eth0
# cidr: '10.0.0.0/8'
# The number of minutes between mine updates.
#mine_interval: 60
# Windows platforms lack posix IPC and must rely on slower TCP based inter-
# process communications. Set ipc_mode to 'tcp' on such systems
#ipc_mode: ipc
# Overwrite the default tcp ports used by the minion when in tcp mode
#tcp_pub_port: 4510
#tcp_pull_port: 4511
# Passing very large events can cause the minion to consume large amounts of
# memory. This value tunes the maximum size of a message allowed onto the
# minion event bus. The value is expressed in bytes.
#max_event_size: 1048576
# To detect failed master(s) and fire events on connect/disconnect, set
# master_alive_interval to the number of seconds to poll the masters for
# connection events.
#
#master_alive_interval: 30
# The minion can include configuration from other files. To enable this,
# pass a list of paths to this option. The paths can be either relative or
# absolute; if relative, they are considered to be relative to the directory
# the main minion configuration file lives in (this file). Paths can make use
# of shell-style globbing. If no files are matched by a path passed to this
# option then the minion will log a warning message.
#
# Include a config file from some other path:
# include: /etc/salt/extra_config
#
# Include config from several files and directories:
#include:
# - /etc/salt/extra_config
# - /etc/roles/webserver
# The syndic minion can verify that it is talking to the correct master via the
# key fingerprint of the higher-level master with the "syndic_finger" config.
#syndic_finger: ''
#
#
#
##### Minion module management #####
##########################################
# Disable specific modules. This allows the admin to limit the level of
# access the master has to the minion. The default here is the empty list,
# below is an example of how this needs to be formatted in the config file
#disable_modules:
# - cmdmod
# - test
#disable_returners: []
# This is the reverse of disable_modules. The default, like disable_modules, is the empty list,
# but if this option is set to *anything* then *only* those modules will load.
# Note that this is a very large hammer and it can be quite difficult to keep the minion working
# the way you think it should since Salt uses many modules internally itself. At a bare minimum
# you need the following enabled or else the minion won't start.
#whitelist_modules:
# - cmdmod
# - test
# - config
# Modules can be loaded from arbitrary paths. This enables the easy deployment
# of third party modules. Modules for returners and minions can be loaded.
# Specify a list of extra directories to search for minion modules and
# returners. These paths must be fully qualified!
#module_dirs: []
#returner_dirs: []
#states_dirs: []
#render_dirs: []
#utils_dirs: []
#
# A module provider can be statically overwritten or extended for the minion
# via the providers option, in this case the default module will be
# overwritten by the specified module. In this example the pkg module will
# be provided by the yumpkg5 module instead of the system default.
#providers:
# pkg: yumpkg5
#
# Enable Cython modules searching and loading. (Default: False)
#cython_enable: False
#
# Specify a max size (in bytes) for modules on import. This feature is currently
# only supported on *nix operating systems and requires psutil.
# modules_max_memory: -1
##### State Management Settings #####
###########################################
# The state management system executes all of the state templates on the minion
# to enable more granular control of system state management. The type of
# template and serialization used for state management needs to be configured
# on the minion, the default renderer is yaml_jinja. This is a yaml file
# rendered from a jinja template, the available options are:
# yaml_jinja
# yaml_mako
# yaml_wempy
# json_jinja
# json_mako
# json_wempy
#
#renderer: yaml_jinja
#
# The failhard option tells the minions to stop immediately after the first
# failure detected in the state execution. Defaults to False.
#failhard: False
#
# Reload the modules prior to a highstate run.
#autoload_dynamic_modules: True
#
# clean_dynamic_modules keeps the dynamic modules on the minion in sync with
# the dynamic modules on the master, this means that if a dynamic module is
# not on the master it will be deleted from the minion. By default, this is
# enabled and can be disabled by changing this value to False.
#clean_dynamic_modules: True
#
# Normally, the minion is not isolated to any single environment on the master
# when running states, but the environment can be isolated on the minion side
# by statically setting it. Remember that the recommended way to manage
# environments is to isolate via the top file.
#environment: None
#
# Isolates the pillar environment on the minion side. This functions the same
# as the environment setting, but for pillar instead of states.
#pillarenv: None
#
# Set this option to True to force the pillarenv to be the same as the
# effective saltenv when running states. Note that if pillarenv is specified,
# this option will be ignored.
#pillarenv_from_saltenv: False
#
# Set this option to 'True' to force a 'KeyError' to be raised whenever an
# attempt to retrieve a named value from pillar fails. When this option is set
# to 'False', the failed attempt returns an empty string. Default is 'False'.
#pillar_raise_on_missing: False
#
# If using the local file directory, then the state top file name needs to be
# defined, by default this is top.sls.
#state_top: top.sls
#
# Run states when the minion daemon starts. To enable, set startup_states to:
# 'highstate' -- Execute state.highstate
# 'sls' -- Read in the sls_list option and execute the named sls files
# 'top' -- Read top_file option and execute based on that file on the Master
#startup_states: ''
#
# List of states to run when the minion starts up if startup_states is 'sls':
#sls_list:
# - edit.vim
# - hyper
#
# Top file to execute if startup_states is 'top':
#top_file: ''
# Automatically aggregate all states that have support for mod_aggregate by
# setting to True. Or pass a list of state module names to automatically
# aggregate just those types.
#
# state_aggregate:
# - pkg
#
#state_aggregate: False
##### File Directory Settings #####
##########################################
# The Salt Minion can redirect all file server operations to a local directory,
# this allows for the same state tree that is on the master to be used if
# copied completely onto the minion. This is a literal copy of the settings on
# the master but used to reference a local directory on the minion.
# Set the file client. The client defaults to looking on the master server for
# files, but can be directed to look at the local file directory setting
# defined below by setting it to "local". Setting a local file_client runs the
# minion in masterless mode.
#file_client: remote
# The file directory works on environments passed to the minion, each environment
# can have multiple root directories, the subdirectories in the multiple file
# roots cannot match, otherwise the downloaded files will not be able to be
# reliably ensured. A base environment is required to house the top file.
# Example:
# file_roots:
# base:
# - /srv/salt/
# dev:
# - /srv/salt/dev/services
# - /srv/salt/dev/states
# prod:
# - /srv/salt/prod/services
# - /srv/salt/prod/states
#
#file_roots:
# base:
# - /srv/salt
# Uncomment the line below if you do not want the file_server to follow
# symlinks when walking the filesystem tree. This is set to True
# by default. Currently this only applies to the default roots
# fileserver_backend.
#fileserver_followsymlinks: False
#
# Uncomment the line below if you do not want symlinks to be
# treated as the files they are pointing to. By default this is set to
# False. By uncommenting the line below, any detected symlink while listing
# files on the Master will not be returned to the Minion.
#fileserver_ignoresymlinks: True
#
# By default, the Salt fileserver recurses fully into all defined environments
# to attempt to find files. To limit this behavior so that the fileserver only
# traverses directories with SLS files and special Salt directories like _modules,
# enable the option below. This might be useful for installations where a file root
# has a very large number of files and performance is negatively impacted. Default
# is False.
#fileserver_limit_traversal: False
# The hash_type is the hash to use when discovering the hash of a file on
# the local fileserver. The default is sha256, but md5, sha1, sha224, sha384
# and sha512 are also supported.
#
# WARNING: While md5 and sha1 are also supported, do not use them due to the
# high chance of possible collisions and thus security breach.
#
# Warning: Prior to changing this value, the minion should be stopped and all
# Salt caches should be cleared.
#hash_type: sha256
# The Salt pillar is searched for locally if file_client is set to local. If
# this is the case, and pillar data is defined, then the pillar_roots need to
# also be configured on the minion:
#pillar_roots:
# base:
# - /srv/pillar
# Set a hard-limit on the size of the files that can be pushed to the master.
# It will be interpreted as megabytes. Default: 100
#file_recv_max_size: 100
#
#
###### Security settings #####
###########################################
# Enable "open mode", this mode still maintains encryption, but turns off
# authentication, this is only intended for highly secure environments or for
# the situation where your keys end up in a bad state. If you run in open mode
# you do so at your own risk!
#open_mode: False
# The size of key that should be generated when creating new keys.
#keysize: 2048
# Enable permissive access to the salt keys. This allows you to run the
# master or minion as root, but have a non-root group be given access to
# your pki_dir. To make the access explicit, root must belong to the group
# you've given access to. This is potentially quite insecure.
#permissive_pki_access: False
# The state_verbose and state_output settings can be used to change the way
# state system data is printed to the display. By default all data is printed.
# The state_verbose setting can be set to True or False, when set to False
# all data that has a result of True and no changes will be suppressed.
#state_verbose: True
# The state_output setting changes if the output is the full multi line
# output for each changed state if set to 'full', but if set to 'terse'
# the output will be shortened to a single line.
#state_output: full
# The state_output_diff setting changes whether or not the output from
# successful states is returned. Useful when even the terse output of these
# states is cluttering the logs. Set it to True to ignore them.
#state_output_diff: False
# The state_output_profile setting changes whether profile information
# will be shown for each state run.
#state_output_profile: True
# Fingerprint of the master public key to validate the identity of your Salt master
# before the initial key exchange. The master fingerprint can be found by running
# "salt-key -f master.pub" on the Salt master.
#master_finger: ''
# Use TLS/SSL encrypted connection between master and minion.
# Can be set to a dictionary containing keyword arguments corresponding to Python's
# 'ssl.wrap_socket' method.
# Default is None.
#ssl:
# keyfile: <path_to_keyfile>
# certfile: <path_to_certfile>
# ssl_version: PROTOCOL_TLSv1_2
###### Reactor Settings #####
###########################################
# Define a salt reactor. See https://docs.saltstack.com/en/latest/topics/reactor/
#reactor: []
#Set the TTL for the cache of the reactor configuration.
#reactor_refresh_interval: 60
#Configure the number of workers for the runner/wheel in the reactor.
#reactor_worker_threads: 10
#Define the queue size for workers in the reactor.
#reactor_worker_hwm: 10000
###### Thread settings #####
###########################################
# Disable multiprocessing support, by default when a minion receives a
# publication a new process is spawned and the command is executed therein.
#
# WARNING: Disabling multiprocessing may result in substantial slowdowns
# when processing large pillars. See https://github.com/saltstack/salt/issues/38758
# for a full explanation.
#multiprocessing: True
##### Logging settings #####
##########################################
# The location of the minion log file
# The minion log can be sent to a regular file, local path name, or network
# location. Remote logging works best when configured to use rsyslogd(8) (e.g.:
# ``file:///dev/log``), with rsyslogd(8) configured for network logging. The URI
# format is: <file|udp|tcp>://<host|socketpath>:<port-if-required>/<log-facility>
#log_file: /var/log/salt/minion
#log_file: file:///dev/log
#log_file: udp://loghost:10514
#
#log_file: /var/log/salt/minion
#key_logfile: /var/log/salt/key
# The level of messages to send to the console.
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
#
# The following log levels are considered INSECURE and may log sensitive data:
# ['garbage', 'trace', 'debug']
#
# Default: 'warning'
#log_level: warning
# The level of messages to send to the log file.
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
# If using 'log_granular_levels' this must be set to the highest desired level.
# Default: 'warning'
#log_level_logfile:
# The date and time format used in log messages. Allowed date/time formatting
# can be seen here: http://docs.python.org/library/time.html#time.strftime
#log_datefmt: '%H:%M:%S'
#log_datefmt_logfile: '%Y-%m-%d %H:%M:%S'
# The format of the console logging messages. Allowed formatting options can
# be seen here: http://docs.python.org/library/logging.html#logrecord-attributes
#
# Console log colors are specified by these additional formatters:
#
# %(colorlevel)s
# %(colorname)s
# %(colorprocess)s
# %(colormsg)s
#
# Since it is desirable to include the surrounding brackets, '[' and ']', in
# the coloring of the messages, these color formatters also include padding as
# well. Color LogRecord attributes are only available for console logging.
#
#log_fmt_console: '%(colorlevel)s %(colormsg)s'
#log_fmt_console: '[%(levelname)-8s] %(message)s'
#
#log_fmt_logfile: '%(asctime)s,%(msecs)03d [%(name)-17s][%(levelname)-8s] %(message)s'
# This can be used to control logging levels more specificically. This
# example sets the main salt library at the 'warning' level, but sets
# 'salt.modules' to log at the 'debug' level:
# log_granular_levels:
# 'salt': 'warning'
# 'salt.modules': 'debug'
#
#log_granular_levels: {}
# To diagnose issues with minions disconnecting or missing returns, ZeroMQ
# supports the use of monitor sockets to log connection events. This
# feature requires ZeroMQ 4.0 or higher.
#
# To enable ZeroMQ monitor sockets, set 'zmq_monitor' to 'True' and log at a
# debug level or higher.
#
# A sample log event is as follows:
#
# [DEBUG ] ZeroMQ event: {'endpoint': 'tcp://127.0.0.1:4505', 'event': 512,
# 'value': 27, 'description': 'EVENT_DISCONNECTED'}
#
# All events logged will include the string 'ZeroMQ event'. A connection event
# should be logged as the minion starts up and initially connects to the
# master. If not, check for debug log level and that the necessary version of
# ZeroMQ is installed.
#
#zmq_monitor: False
# Number of times to try to authenticate with the salt master when reconnecting
# to the master
#tcp_authentication_retries: 5
###### Module configuration #####
###########################################
# Salt allows for modules to be passed arbitrary configuration data, any data
# passed here in valid yaml format will be passed on to the salt minion modules
# for use. It is STRONGLY recommended that a naming convention be used in which
# the module name is followed by a . and then the value. Also, all top level
# data must be applied via the yaml dict construct, some examples:
#
# You can specify that all modules should run in test mode:
#test: True
#
# A simple value for the test module:
#test.foo: foo
#
# A list for the test module:
#test.bar: [baz,quo]
#
# A dict for the test module:
#test.baz: {spam: sausage, cheese: bread}
#
#
###### Update settings ######
###########################################
# Using the features in Esky, a salt minion can both run as a frozen app and
# be updated on the fly. These options control how the update process
# (saltutil.update()) behaves.
#
# The url for finding and downloading updates. Disabled by default.
#update_url: False
#
# The list of services to restart after a successful update. Empty by default.
#update_restart_services: []
###### Keepalive settings ######
############################################
# ZeroMQ now includes support for configuring SO_KEEPALIVE if supported by
# the OS. If connections between the minion and the master pass through
# a state tracking device such as a firewall or VPN gateway, there is
# the risk that it could tear down the connection the master and minion
# without informing either party that their connection has been taken away.
# Enabling TCP Keepalives prevents this from happening.
# Overall state of TCP Keepalives, enable (1 or True), disable (0 or False)
# or leave to the OS defaults (-1), on Linux, typically disabled. Default True, enabled.
#tcp_keepalive: True
# How long before the first keepalive should be sent in seconds. Default 300
# to send the first keepalive after 5 minutes, OS default (-1) is typically 7200 seconds
# on Linux see /proc/sys/net/ipv4/tcp_keepalive_time.
#tcp_keepalive_idle: 300
# How many lost probes are needed to consider the connection lost. Default -1
# to use OS defaults, typically 9 on Linux, see /proc/sys/net/ipv4/tcp_keepalive_probes.
#tcp_keepalive_cnt: -1
# How often, in seconds, to send keepalives after the first one. Default -1 to
# use OS defaults, typically 75 seconds on Linux, see
# /proc/sys/net/ipv4/tcp_keepalive_intvl.
#tcp_keepalive_intvl: -1
###### Windows Software settings ######
############################################
# Location of the repository cache file on the master:
#win_repo_cachefile: 'salt://win/repo/winrepo.p'
###### Returner settings ######
############################################
# Default Minion returners. Can be a comma delimited string or a list:
#
#return: mysql
#
#return: mysql,slack,redis
#
#return:
# - mysql
# - hipchat
# - slack
###### Miscellaneous settings ######
############################################
# Default match type for filtering events tags: startswith, endswith, find, regex, fnmatch
#event_match_type: startswith
Example proxy minion configuration file
##### Primary configuration settings #####
##########################################
# This configuration file is used to manage the behavior of all Salt Proxy
# Minions on this host.
# With the exception of the location of the Salt Master Server, values that are
# commented out but have an empty line after the comment are defaults that need
# not be set in the config. If there is no blank line after the comment, the
# value is presented as an example and is not the default.
# Per default the minion will automatically include all config files
# from minion.d/*.conf (minion.d is a directory in the same directory
# as the main minion config file).
#default_include: minion.d/*.conf
# Backwards compatibility option for proxymodules created before 2015.8.2
# This setting will default to 'False' in the 2016.3.0 release
# Setting this to True adds proxymodules to the __opts__ dictionary.
# This breaks several Salt features (basically anything that serializes
# __opts__ over the wire) but retains backwards compatibility.
#add_proxymodule_to_opts: True
# Set the location of the salt master server. If the master server cannot be
# resolved, then the minion will fail to start.
#master: salt
# If a proxymodule has a function called 'grains', then call it during
# regular grains loading and merge the results with the proxy's grains
# dictionary. Otherwise it is assumed that the module calls the grains
# function in a custom way and returns the data elsewhere
#
# Default to False for 2016.3 and 2016.11. Switch to True for 2017.7.0.
# proxy_merge_grains_in_module: True
# If a proxymodule has a function called 'alive' returning a boolean
# flag reflecting the state of the connection with the remove device,
# when this option is set as True, a scheduled job on the proxy will
# try restarting the connection. The polling frequency depends on the
# next option, 'proxy_keep_alive_interval'. Added in 2017.7.0.
# proxy_keep_alive: True
# The polling interval (in minutes) to check if the underlying connection
# with the remote device is still alive. This option requires
# 'proxy_keep_alive' to be configured as True and the proxymodule to
# implement the 'alive' function. Added in 2017.7.0.
# proxy_keep_alive_interval: 1
# By default, any proxy opens the connection with the remote device when
# initialized. Some proxymodules allow through this option to open/close
# the session per command. This requires the proxymodule to have this
# capability. Please consult the documentation to see if the proxy type
# used can be that flexible. Added in 2017.7.0.
# proxy_always_alive: True
# If multiple masters are specified in the 'master' setting, the default behavior
# is to always try to connect to them in the order they are listed. If random_master is
# set to True, the order will be randomized instead. This can be helpful in distributing
# the load of many minions executing salt-call requests, for example, from a cron job.
# If only one master is listed, this setting is ignored and a warning will be logged.
#random_master: False
# Minions can connect to multiple masters simultaneously (all masters
# are "hot"), or can be configured to failover if a master becomes
# unavailable. Multiple hot masters are configured by setting this
# value to "str". Failover masters can be requested by setting
# to "failover". MAKE SURE TO SET master_alive_interval if you are
# using failover.
# master_type: str
# Poll interval in seconds for checking if the master is still there. Only
# respected if master_type above is "failover".
# master_alive_interval: 30
# Set whether the minion should connect to the master via IPv6:
#ipv6: False
# Set the number of seconds to wait before attempting to resolve
# the master hostname if name resolution fails. Defaults to 30 seconds.
# Set to zero if the minion should shutdown and not retry.
# retry_dns: 30
# Set the port used by the master reply and authentication server.
#master_port: 4506
# The user to run salt.
#user: root
# Setting sudo_user will cause salt to run all execution modules under an sudo
# to the user given in sudo_user. The user under which the salt minion process
# itself runs will still be that provided in the user config above, but all
# execution modules run by the minion will be rerouted through sudo.
#sudo_user: saltdev
# Specify the location of the daemon process ID file.
#pidfile: /var/run/salt-minion.pid
# The root directory prepended to these options: pki_dir, cachedir, log_file,
# sock_dir, pidfile.
#root_dir: /
# The directory to store the pki information in
#pki_dir: /etc/salt/pki/minion
# Where cache data goes.
# This data may contain sensitive data and should be protected accordingly.
#cachedir: /var/cache/salt/minion
# Append minion_id to these directories. Helps with
# multiple proxies and minions running on the same machine.
# Allowed elements in the list: pki_dir, cachedir, extension_modules
# Normally not needed unless running several proxies and/or minions on the same machine
# Defaults to ['cachedir'] for proxies, [] (empty list) for regular minions
# append_minionid_config_dirs:
# - cachedir
# Verify and set permissions on configuration directories at startup.
#verify_env: True
# The minion can locally cache the return data from jobs sent to it, this
# can be a good way to keep track of jobs the minion has executed
# (on the minion side). By default this feature is disabled, to enable, set
# cache_jobs to True.
#cache_jobs: False
# Set the directory used to hold unix sockets.
#sock_dir: /var/run/salt/minion
# Set the default outputter used by the salt-call command. The default is
# "nested".
#output: nested
#
# By default output is colored. To disable colored output, set the color value
# to False.
#color: True
# Do not strip off the colored output from nested results and state outputs
# (true by default).
# strip_colors: False
# Backup files that are replaced by file.managed and file.recurse under
# 'cachedir'/file_backup relative to their original location and appended
# with a timestamp. The only valid setting is "minion". Disabled by default.
#
# Alternatively this can be specified for each file in state files:
# /etc/ssh/sshd_config:
# file.managed:
# - source: salt://ssh/sshd_config
# - backup: minion
#
#backup_mode: minion
# When waiting for a master to accept the minion's public key, salt will
# continuously attempt to reconnect until successful. This is the time, in
# seconds, between those reconnection attempts.
#acceptance_wait_time: 10
# If this is nonzero, the time between reconnection attempts will increase by
# acceptance_wait_time seconds per iteration, up to this maximum. If this is
# set to zero, the time between reconnection attempts will stay constant.
#acceptance_wait_time_max: 0
# If the master rejects the minion's public key, retry instead of exiting.
# Rejected keys will be handled the same as waiting on acceptance.
#rejected_retry: False
# When the master key changes, the minion will try to re-auth itself to receive
# the new master key. In larger environments this can cause a SYN flood on the
# master because all minions try to re-auth immediately. To prevent this and
# have a minion wait for a random amount of time, use this optional parameter.
# The wait-time will be a random number of seconds between 0 and the defined value.
#random_reauth_delay: 60
# When waiting for a master to accept the minion's public key, salt will
# continuously attempt to reconnect until successful. This is the timeout value,
# in seconds, for each individual attempt. After this timeout expires, the minion
# will wait for acceptance_wait_time seconds before trying again. Unless your master
# is under unusually heavy load, this should be left at the default.
#auth_timeout: 60
# Number of consecutive SaltReqTimeoutError that are acceptable when trying to
# authenticate.
#auth_tries: 7
# If authentication fails due to SaltReqTimeoutError during a ping_interval,
# cause sub minion process to restart.
#auth_safemode: False
# Ping Master to ensure connection is alive (minutes).
#ping_interval: 0
# To auto recover minions if master changes IP address (DDNS)
# auth_tries: 10
# auth_safemode: False
# ping_interval: 90
#
# Minions won't know master is missing until a ping fails. After the ping fail,
# the minion will attempt authentication and likely fails out and cause a restart.
# When the minion restarts it will resolve the masters IP and attempt to reconnect.
# If you don't have any problems with syn-floods, don't bother with the
# three recon_* settings described below, just leave the defaults!
#
# The ZeroMQ pull-socket that binds to the masters publishing interface tries
# to reconnect immediately, if the socket is disconnected (for example if
# the master processes are restarted). In large setups this will have all
# minions reconnect immediately which might flood the master (the ZeroMQ-default
# is usually a 100ms delay). To prevent this, these three recon_* settings
# can be used.
# recon_default: the interval in milliseconds that the socket should wait before
# trying to reconnect to the master (1000ms = 1 second)
#
# recon_max: the maximum time a socket should wait. each interval the time to wait
# is calculated by doubling the previous time. if recon_max is reached,
# it starts again at recon_default. Short example:
#
# reconnect 1: the socket will wait 'recon_default' milliseconds
# reconnect 2: 'recon_default' * 2
# reconnect 3: ('recon_default' * 2) * 2
# reconnect 4: value from previous interval * 2
# reconnect 5: value from previous interval * 2
# reconnect x: if value >= recon_max, it starts again with recon_default
#
# recon_randomize: generate a random wait time on minion start. The wait time will
# be a random value between recon_default and recon_default +
# recon_max. Having all minions reconnect with the same recon_default
# and recon_max value kind of defeats the purpose of being able to
# change these settings. If all minions have the same values and your
# setup is quite large (several thousand minions), they will still
# flood the master. The desired behavior is to have timeframe within
# all minions try to reconnect.
#
# Example on how to use these settings. The goal: have all minions reconnect within a
# 60 second timeframe on a disconnect.
# recon_default: 1000
# recon_max: 59000
# recon_randomize: True
#
# Each minion will have a randomized reconnect value between 'recon_default'
# and 'recon_default + recon_max', which in this example means between 1000ms
# 60000ms (or between 1 and 60 seconds). The generated random-value will be
# doubled after each attempt to reconnect. Lets say the generated random
# value is 11 seconds (or 11000ms).
# reconnect 1: wait 11 seconds
# reconnect 2: wait 22 seconds
# reconnect 3: wait 33 seconds
# reconnect 4: wait 44 seconds
# reconnect 5: wait 55 seconds
# reconnect 6: wait time is bigger than 60 seconds (recon_default + recon_max)
# reconnect 7: wait 11 seconds
# reconnect 8: wait 22 seconds
# reconnect 9: wait 33 seconds
# reconnect x: etc.
#
# In a setup with ~6000 thousand hosts these settings would average the reconnects
# to about 100 per second and all hosts would be reconnected within 60 seconds.
# recon_default: 100
# recon_max: 5000
# recon_randomize: False
#
#
# The loop_interval sets how long in seconds the minion will wait between
# evaluating the scheduler and running cleanup tasks. This defaults to a
# sane 60 seconds, but if the minion scheduler needs to be evaluated more
# often lower this value
#loop_interval: 60
# The grains_refresh_every setting allows for a minion to periodically check
# its grains to see if they have changed and, if so, to inform the master
# of the new grains. This operation is moderately expensive, therefore
# care should be taken not to set this value too low.
#
# Note: This value is expressed in __minutes__!
#
# A value of 10 minutes is a reasonable default.
#
# If the value is set to zero, this check is disabled.
#grains_refresh_every: 1
# Cache grains on the minion. Default is False.
#grains_cache: False
# Grains cache expiration, in seconds. If the cache file is older than this
# number of seconds then the grains cache will be dumped and fully re-populated
# with fresh data. Defaults to 5 minutes. Will have no effect if 'grains_cache'
# is not enabled.
# grains_cache_expiration: 300
# Windows platforms lack posix IPC and must rely on slower TCP based inter-
# process communications. Set ipc_mode to 'tcp' on such systems
#ipc_mode: ipc
# Overwrite the default tcp ports used by the minion when in tcp mode
#tcp_pub_port: 4510
#tcp_pull_port: 4511
# Passing very large events can cause the minion to consume large amounts of
# memory. This value tunes the maximum size of a message allowed onto the
# minion event bus. The value is expressed in bytes.
#max_event_size: 1048576
# To detect failed master(s) and fire events on connect/disconnect, set
# master_alive_interval to the number of seconds to poll the masters for
# connection events.
#
#master_alive_interval: 30
# The minion can include configuration from other files. To enable this,
# pass a list of paths to this option. The paths can be either relative or
# absolute; if relative, they are considered to be relative to the directory
# the main minion configuration file lives in (this file). Paths can make use
# of shell-style globbing. If no files are matched by a path passed to this
# option then the minion will log a warning message.
#
# Include a config file from some other path:
# include: /etc/salt/extra_config
#
# Include config from several files and directories:
#include:
# - /etc/salt/extra_config
# - /etc/roles/webserver
#
#
#
##### Minion module management #####
##########################################
# Disable specific modules. This allows the admin to limit the level of
# access the master has to the minion.
#disable_modules: [cmd,test]
#disable_returners: []
#
# Modules can be loaded from arbitrary paths. This enables the easy deployment
# of third party modules. Modules for returners and minions can be loaded.
# Specify a list of extra directories to search for minion modules and
# returners. These paths must be fully qualified!
#module_dirs: []
#returner_dirs: []
#states_dirs: []
#render_dirs: []
#utils_dirs: []
#
# A module provider can be statically overwritten or extended for the minion
# via the providers option, in this case the default module will be
# overwritten by the specified module. In this example the pkg module will
# be provided by the yumpkg5 module instead of the system default.
#providers:
# pkg: yumpkg5
#
# Enable Cython modules searching and loading. (Default: False)
#cython_enable: False
#
# Specify a max size (in bytes) for modules on import. This feature is currently
# only supported on *nix operating systems and requires psutil.
# modules_max_memory: -1
##### State Management Settings #####
###########################################
# The state management system executes all of the state templates on the minion
# to enable more granular control of system state management. The type of
# template and serialization used for state management needs to be configured
# on the minion, the default renderer is yaml_jinja. This is a yaml file
# rendered from a jinja template, the available options are:
# yaml_jinja
# yaml_mako
# yaml_wempy
# json_jinja
# json_mako
# json_wempy
#
#renderer: yaml_jinja
#
# The failhard option tells the minions to stop immediately after the first
# failure detected in the state execution. Defaults to False.
#failhard: False
#
# Reload the modules prior to a highstate run.
#autoload_dynamic_modules: True
#
# clean_dynamic_modules keeps the dynamic modules on the minion in sync with
# the dynamic modules on the master, this means that if a dynamic module is
# not on the master it will be deleted from the minion. By default, this is
# enabled and can be disabled by changing this value to False.
#clean_dynamic_modules: True
#
# Normally, the minion is not isolated to any single environment on the master
# when running states, but the environment can be isolated on the minion side
# by statically setting it. Remember that the recommended way to manage
# environments is to isolate via the top file.
#environment: None
#
# If using the local file directory, then the state top file name needs to be
# defined, by default this is top.sls.
#state_top: top.sls
#
# Run states when the minion daemon starts. To enable, set startup_states to:
# 'highstate' -- Execute state.highstate
# 'sls' -- Read in the sls_list option and execute the named sls files
# 'top' -- Read top_file option and execute based on that file on the Master
#startup_states: ''
#
# List of states to run when the minion starts up if startup_states is 'sls':
#sls_list:
# - edit.vim
# - hyper
#
# Top file to execute if startup_states is 'top':
#top_file: ''
# Automatically aggregate all states that have support for mod_aggregate by
# setting to True. Or pass a list of state module names to automatically
# aggregate just those types.
#
# state_aggregate:
# - pkg
#
#state_aggregate: False
##### File Directory Settings #####
##########################################
# The Salt Minion can redirect all file server operations to a local directory,
# this allows for the same state tree that is on the master to be used if
# copied completely onto the minion. This is a literal copy of the settings on
# the master but used to reference a local directory on the minion.
# Set the file client. The client defaults to looking on the master server for
# files, but can be directed to look at the local file directory setting
# defined below by setting it to "local". Setting a local file_client runs the
# minion in masterless mode.
#file_client: remote
# The file directory works on environments passed to the minion, each environment
# can have multiple root directories, the subdirectories in the multiple file
# roots cannot match, otherwise the downloaded files will not be able to be
# reliably ensured. A base environment is required to house the top file.
# Example:
# file_roots:
# base:
# - /srv/salt/
# dev:
# - /srv/salt/dev/services
# - /srv/salt/dev/states
# prod:
# - /srv/salt/prod/services
# - /srv/salt/prod/states
#
#file_roots:
# base:
# - /srv/salt
# By default, the Salt fileserver recurses fully into all defined environments
# to attempt to find files. To limit this behavior so that the fileserver only
# traverses directories with SLS files and special Salt directories like _modules,
# enable the option below. This might be useful for installations where a file root
# has a very large number of files and performance is negatively impacted. Default
# is False.
#fileserver_limit_traversal: False
# The hash_type is the hash to use when discovering the hash of a file in
# the local fileserver. The default is sha256 but sha224, sha384 and sha512
# are also supported.
#
# WARNING: While md5 and sha1 are also supported, do not use it due to the high chance
# of possible collisions and thus security breach.
#
# WARNING: While md5 is also supported, do not use it due to the high chance
# of possible collisions and thus security breach.
#
# Warning: Prior to changing this value, the minion should be stopped and all
# Salt caches should be cleared.
#hash_type: sha256
# The Salt pillar is searched for locally if file_client is set to local. If
# this is the case, and pillar data is defined, then the pillar_roots need to
# also be configured on the minion:
#pillar_roots:
# base:
# - /srv/pillar
#
#
###### Security settings #####
###########################################
# Enable "open mode", this mode still maintains encryption, but turns off
# authentication, this is only intended for highly secure environments or for
# the situation where your keys end up in a bad state. If you run in open mode
# you do so at your own risk!
#open_mode: False
# Enable permissive access to the salt keys. This allows you to run the
# master or minion as root, but have a non-root group be given access to
# your pki_dir. To make the access explicit, root must belong to the group
# you've given access to. This is potentially quite insecure.
#permissive_pki_access: False
# The state_verbose and state_output settings can be used to change the way
# state system data is printed to the display. By default all data is printed.
# The state_verbose setting can be set to True or False, when set to False
# all data that has a result of True and no changes will be suppressed.
#state_verbose: True
# The state_output setting changes if the output is the full multi line
# output for each changed state if set to 'full', but if set to 'terse'
# the output will be shortened to a single line.
#state_output: full
# The state_output_diff setting changes whether or not the output from
# successful states is returned. Useful when even the terse output of these
# states is cluttering the logs. Set it to True to ignore them.
#state_output_diff: False
# The state_output_profile setting changes whether profile information
# will be shown for each state run.
#state_output_profile: True
# Fingerprint of the master public key to validate the identity of your Salt master
# before the initial key exchange. The master fingerprint can be found by running
# "salt-key -F master" on the Salt master.
#master_finger: ''
###### Thread settings #####
###########################################
# Disable multiprocessing support, by default when a minion receives a
# publication a new process is spawned and the command is executed therein.
#multiprocessing: True
##### Logging settings #####
##########################################
# The location of the minion log file
# The minion log can be sent to a regular file, local path name, or network
# location. Remote logging works best when configured to use rsyslogd(8) (e.g.:
# ``file:///dev/log``), with rsyslogd(8) configured for network logging. The URI
# format is: <file|udp|tcp>://<host|socketpath>:<port-if-required>/<log-facility>
#log_file: /var/log/salt/minion
#log_file: file:///dev/log
#log_file: udp://loghost:10514
#
#log_file: /var/log/salt/minion
#key_logfile: /var/log/salt/key
# The level of messages to send to the console.
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
#
# The following log levels are considered INSECURE and may log sensitive data:
# ['garbage', 'trace', 'debug']
#
# Default: 'warning'
#log_level: warning
# The level of messages to send to the log file.
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
# If using 'log_granular_levels' this must be set to the highest desired level.
# Default: 'warning'
#log_level_logfile:
# The date and time format used in log messages. Allowed date/time formatting
# can be seen here: http://docs.python.org/library/time.html#time.strftime
#log_datefmt: '%H:%M:%S'
#log_datefmt_logfile: '%Y-%m-%d %H:%M:%S'
# The format of the console logging messages. Allowed formatting options can
# be seen here: http://docs.python.org/library/logging.html#logrecord-attributes
#
# Console log colors are specified by these additional formatters:
#
# %(colorlevel)s
# %(colorname)s
# %(colorprocess)s
# %(colormsg)s
#
# Since it is desirable to include the surrounding brackets, '[' and ']', in
# the coloring of the messages, these color formatters also include padding as
# well. Color LogRecord attributes are only available for console logging.
#
#log_fmt_console: '%(colorlevel)s %(colormsg)s'
#log_fmt_console: '[%(levelname)-8s] %(message)s'
#
#log_fmt_logfile: '%(asctime)s,%(msecs)03d [%(name)-17s][%(levelname)-8s] %(message)s'
# This can be used to control logging levels more specificically. This
# example sets the main salt library at the 'warning' level, but sets
# 'salt.modules' to log at the 'debug' level:
# log_granular_levels:
# 'salt': 'warning'
# 'salt.modules': 'debug'
#
#log_granular_levels: {}
# To diagnose issues with minions disconnecting or missing returns, ZeroMQ
# supports the use of monitor sockets # to log connection events. This
# feature requires ZeroMQ 4.0 or higher.
#
# To enable ZeroMQ monitor sockets, set 'zmq_monitor' to 'True' and log at a
# debug level or higher.
#
# A sample log event is as follows:
#
# [DEBUG ] ZeroMQ event: {'endpoint': 'tcp://127.0.0.1:4505', 'event': 512,
# 'value': 27, 'description': 'EVENT_DISCONNECTED'}
#
# All events logged will include the string 'ZeroMQ event'. A connection event
# should be logged on the as the minion starts up and initially connects to the
# master. If not, check for debug log level and that the necessary version of
# ZeroMQ is installed.
#
#zmq_monitor: False
###### Module configuration #####
###########################################
# Salt allows for modules to be passed arbitrary configuration data, any data
# passed here in valid yaml format will be passed on to the salt minion modules
# for use. It is STRONGLY recommended that a naming convention be used in which
# the module name is followed by a . and then the value. Also, all top level
# data must be applied via the yaml dict construct, some examples:
#
# You can specify that all modules should run in test mode:
#test: True
#
# A simple value for the test module:
#test.foo: foo
#
# A list for the test module:
#test.bar: [baz,quo]
#
# A dict for the test module:
#test.baz: {spam: sausage, cheese: bread}
#
#
###### Update settings ######
###########################################
# Using the features in Esky, a salt minion can both run as a frozen app and
# be updated on the fly. These options control how the update process
# (saltutil.update()) behaves.
#
# The url for finding and downloading updates. Disabled by default.
#update_url: False
#
# The list of services to restart after a successful update. Empty by default.
#update_restart_services: []
###### Keepalive settings ######
############################################
# ZeroMQ now includes support for configuring SO_KEEPALIVE if supported by
# the OS. If connections between the minion and the master pass through
# a state tracking device such as a firewall or VPN gateway, there is
# the risk that it could tear down the connection the master and minion
# without informing either party that their connection has been taken away.
# Enabling TCP Keepalives prevents this from happening.
# Overall state of TCP Keepalives, enable (1 or True), disable (0 or False)
# or leave to the OS defaults (-1), on Linux, typically disabled. Default True, enabled.
#tcp_keepalive: True
# How long before the first keepalive should be sent in seconds. Default 300
# to send the first keepalive after 5 minutes, OS default (-1) is typically 7200 seconds
# on Linux see /proc/sys/net/ipv4/tcp_keepalive_time.
#tcp_keepalive_idle: 300
# How many lost probes are needed to consider the connection lost. Default -1
# to use OS defaults, typically 9 on Linux, see /proc/sys/net/ipv4/tcp_keepalive_probes.
#tcp_keepalive_cnt: -1
# How often, in seconds, to send keepalives after the first one. Default -1 to
# use OS defaults, typically 75 seconds on Linux, see
# /proc/sys/net/ipv4/tcp_keepalive_intvl.
#tcp_keepalive_intvl: -1
###### Windows Software settings ######
############################################
# Location of the repository cache file on the master:
#win_repo_cachefile: 'salt://win/repo/winrepo.p'
###### Returner settings ######
############################################
# Which returner(s) will be used for minion's result:
#return: mysql
Minion Blackout Configuration
New in version 2016.3.0.
Salt supports minion blackouts. When a minion is in blackout mode, all remote execution commands are
disabled. This allows production minions to be put "on hold", eliminating the risk of an untimely
configuration change.
Minion blackouts are configured via a special pillar key, minion_blackout. If this key is set to True,
then the minion will reject all incoming commands, except for saltutil.refresh_pillar. (The exception is
important, so minions can be brought out of blackout mode)
Salt also supports an explicit whitelist of additional functions that will be allowed during blackout.
This is configured with the special pillar key minion_blackout_whitelist, which is formed as a list:
minion_blackout_whitelist:
- test.ping
- pillar.get
Access Control System
New in version 0.10.4.
Salt maintains a standard system used to open granular control to non administrative users to execute
Salt commands. The access control system has been applied to all systems used to configure access to non
administrative control interfaces in Salt.
These interfaces include, the peer system, the external auth system and the publisher acl system.
The access control system mandated a standard configuration syntax used in all of the three
aforementioned systems. While this adds functionality to the configuration in 0.10.4, it does not negate
the old configuration.
Now specific functions can be opened up to specific minions from specific users in the case of external
auth and publisher ACLs, and for specific minions in the case of the peer system.
Publisher ACL system
The salt publisher ACL system is a means to allow system users other than root to have access to execute
select salt commands on minions from the master.
The publisher ACL system is configured in the master configuration file via the publisher_acl
configuration option. Under the publisher_acl configuration option the users open to send commands are
specified and then a list of regular expressions which specify the minion functions which will be made
available to specified user. This configuration is much like the peer configuration:
publisher_acl:
# Allow thatch to execute anything.
thatch:
- .*
# Allow fred to use test and pkg, but only on "web*" minions.
fred:
- web*:
- test.*
- pkg.*
# Allow managers to use saltutil module functions
manager_.*:
- saltutil.*
Permission Issues
Directories required for publisher_acl must be modified to be readable by the users specified:
chmod 755 /var/cache/salt /var/cache/salt/master /var/cache/salt/master/jobs /var/run/salt /var/run/salt/master
NOTE:
In addition to the changes above you will also need to modify the permissions of /var/log/salt and the
existing log file to be writable by the user(s) which will be running the commands. If you do not wish
to do this then you must disable logging or Salt will generate errors as it cannot write to the logs
as the system users.
If you are upgrading from earlier versions of salt you must also remove any existing user keys and
re-start the Salt master:
rm /var/cache/salt/.*key
service salt-master restart
Whitelist and Blacklist
Salt's authentication systems can be configured by specifying what is allowed using a whitelist, or by
specifying what is disallowed using a blacklist. If you specify a whitelist, only specified operations
are allowed. If you specify a blacklist, all operations are allowed except those that are blacklisted.
See publisher_acl and publisher_acl_blacklist.
External Authentication System
Salt's External Authentication System (eAuth) allows for Salt to pass through command authorization to
any external authentication system, such as PAM or LDAP.
NOTE:
eAuth using the PAM external auth system requires salt-master to be run as root as this system needs
root access to check authentication.
External Authentication System Configuration
The external authentication system allows for specific users to be granted access to execute specific
functions on specific minions. Access is configured in the master configuration file and uses the access
control system:
external_auth:
pam:
thatch:
- 'web*':
- test.*
- network.*
steve:
- .*
The above configuration allows the user thatch to execute functions in the test and network modules on
the minions that match the web* target. User steve is given unrestricted access to minion commands.
Salt respects the current PAM configuration in place, and uses the 'login' service to authenticate.
NOTE:
The PAM module does not allow authenticating as root.
NOTE:
state.sls and state.highstate will return "Failed to authenticate!" if the request timeout is
reached. Use -t flag to increase the timeout
To allow access to wheel modules or runner modules the following @ syntax must be used:
external_auth:
pam:
thatch:
- '@wheel' # to allow access to all wheel modules
- '@runner' # to allow access to all runner modules
- '@jobs' # to allow access to the jobs runner and/or wheel module
NOTE:
The runner/wheel markup is different, since there are no minions to scope the acl to.
NOTE:
Globs will not match wheel or runners! They must be explicitly allowed with @wheel or @runner.
WARNING:
All users that have external authentication privileges are allowed to run saltutil.findjob. Be aware
that this could inadvertently expose some data such as minion IDs.
Matching syntax
The structure of the external_auth dictionary can take the following shapes. Function matches are regular
expressions; minion matches are compound targets.
By user:
external_auth:
<eauth backend>:
<user or group%>:
- <regex to match function>
By user, by minion:
external_auth:
<eauth backend>:
<user or group%>:
<minion compound target>:
- <regex to match function>
Groups
To apply permissions to a group of users in an external authentication system, append a % to the ID:
external_auth:
pam:
admins%:
- '*':
- 'pkg.*'
Limiting by function arguments
Positional arguments or keyword arguments to functions can also be whitelisted.
New in version 2016.3.0.
external_auth:
pam:
my_user:
- '*':
- 'my_mod.*':
args:
- 'a.*'
- 'b.*'
kwargs:
'kwa': 'kwa.*'
'kwb': 'kwb'
The rules:
1. The arguments values are matched as regexp.
2. If arguments restrictions are specified the only matched are allowed.
3. If an argument isn't specified any value is allowed.
4. To skip an arg use "everything" regexp .*. I.e. if arg0 and arg2 should be limited but arg1 and other
arguments could have any value use:
args:
- 'value0'
- '.*'
- 'value2'
Usage
The external authentication system can then be used from the command-line by any user on the same system
as the master with the -a option:
$ salt -a pam web\* test.ping
The system will ask the user for the credentials required by the authentication system and then publish
the command.
Tokens
With external authentication alone, the authentication credentials will be required with every call to
Salt. This can be alleviated with Salt tokens.
Tokens are short term authorizations and can be easily created by just adding a -T option when
authenticating:
$ salt -T -a pam web\* test.ping
Now a token will be created that has an expiration of 12 hours (by default). This token is stored in a
file named salt_token in the active user's home directory.
Once the token is created, it is sent with all subsequent communications. User authentication does not
need to be entered again until the token expires.
Token expiration time can be set in the Salt master config file.
LDAP and Active Directory
NOTE:
LDAP usage requires that you have installed python-ldap.
Salt supports both user and group authentication for LDAP (and Active Directory accessed via its LDAP
interface)
OpenLDAP and similar systems
LDAP configuration happens in the Salt master configuration file.
Server configuration values and their defaults:
# Server to auth against
auth.ldap.server: localhost
# Port to connect via
auth.ldap.port: 389
# Use TLS when connecting
auth.ldap.tls: False
# LDAP scope level, almost always 2
auth.ldap.scope: 2
# Server specified in URI format
auth.ldap.uri: '' # Overrides .ldap.server, .ldap.port, .ldap.tls above
# Verify server's TLS certificate
auth.ldap.no_verify: False
# Bind to LDAP anonymously to determine group membership
# Active Directory does not allow anonymous binds without special configuration
# In addition, if auth.ldap.anonymous is True, empty bind passwords are not permitted.
auth.ldap.anonymous: False
# FOR TESTING ONLY, this is a VERY insecure setting.
# If this is True, the LDAP bind password will be ignored and
# access will be determined by group membership alone with
# the group memberships being retrieved via anonymous bind
auth.ldap.auth_by_group_membership_only: False
# Require authenticating user to be part of this Organizational Unit
# This can be blank if your LDAP schema does not use this kind of OU
auth.ldap.groupou: 'Groups'
# Object Class for groups. An LDAP search will be done to find all groups of this
# class to which the authenticating user belongs.
auth.ldap.groupclass: 'posixGroup'
# Unique ID attribute name for the user
auth.ldap.accountattributename: 'memberUid'
# These are only for Active Directory
auth.ldap.activedirectory: False
auth.ldap.persontype: 'person'
auth.ldap.minion_stripdomains: []
# Redhat Identity Policy Audit
auth.ldap.freeipa: False
Authenticating to the LDAP Server
There are two phases to LDAP authentication. First, Salt authenticates to search for a users'
Distinguished Name and group membership. The user it authenticates as in this phase is often a special
LDAP system user with read-only access to the LDAP directory. After Salt searches the directory to
determine the actual user's DN and groups, it re-authenticates as the user running the Salt commands.
If you are already aware of the structure of your DNs and permissions in your LDAP store are set such
that users can look up their own group memberships, then the first and second users can be the same. To
tell Salt this is the case, omit the auth.ldap.bindpw parameter. Note this is not the same thing as
using an anonymous bind. Most LDAP servers will not permit anonymous bind, and as mentioned above, if
auth.ldap.anonymous is False you cannot use an empty password.
You can template the binddn like this:
auth.ldap.basedn: dc=saltstack,dc=com
auth.ldap.binddn: uid={{ username }},cn=users,cn=accounts,dc=saltstack,dc=com
Salt will use the password entered on the salt command line in place of the bindpw.
To use two separate users, specify the LDAP lookup user in the binddn directive, and include a bindpw
like so
auth.ldap.binddn: uid=ldaplookup,cn=sysaccounts,cn=etc,dc=saltstack,dc=com
auth.ldap.bindpw: mypassword
As mentioned before, Salt uses a filter to find the DN associated with a user. Salt substitutes the {{
username }} value for the username when querying LDAP
auth.ldap.filter: uid={{ username }}
Determining Group Memberships (OpenLDAP / non-Active Directory)
For OpenLDAP, to determine group membership, one can specify an OU that contains group data. This is
prepended to the basedn to create a search path. Then the results are filtered against
auth.ldap.groupclass, default posixGroup, and the account's 'name' attribute, memberUid by default.
auth.ldap.groupou: Groups
Note that as of 2017.7, auth.ldap.groupclass can refer to either a groupclass or an objectClass. For
some LDAP servers (notably OpenLDAP without the memberOf overlay enabled) to determine group membership
we need to know both the objectClass and the memberUid attributes. Usually for these servers you will
want a auth.ldap.groupclass of posixGroup and an auth.ldap.groupattribute of memberUid.
LDAP servers with the memberOf overlay will have entries similar to auth.ldap.groupclass: person and
auth.ldap.groupattribute: memberOf.
When using the ldap('DC=domain,DC=com') eauth operator, sometimes the records returned from LDAP or
Active Directory have fully-qualified domain names attached, while minion IDs instead are simple
hostnames. The parameter below allows the administrator to strip off a certain set of domain names so
the hostnames looked up in the directory service can match the minion IDs.
auth.ldap.minion_stripdomains: ['.external.bigcorp.com', '.internal.bigcorp.com']
Determining Group Memberships (Active Directory)
Active Directory handles group membership differently, and does not utilize the groupou configuration
variable. AD needs the following options in the master config:
auth.ldap.activedirectory: True
auth.ldap.filter: sAMAccountName={{username}}
auth.ldap.accountattributename: sAMAccountName
auth.ldap.groupclass: group
auth.ldap.persontype: person
To determine group membership in AD, the username and password that is entered when LDAP is requested as
the eAuth mechanism on the command line is used to bind to AD's LDAP interface. If this fails, then it
doesn't matter what groups the user belongs to, he or she is denied access. Next, the distinguishedName
of the user is looked up with the following LDAP search:
(&(<value of auth.ldap.accountattributename>={{username}})
(objectClass=<value of auth.ldap.persontype>)
)
This should return a distinguishedName that we can use to filter for group membership. Then the
following LDAP query is executed:
(&(member=<distinguishedName from search above>)
(objectClass=<value of auth.ldap.groupclass>)
)
external_auth:
ldap:
test_ldap_user:
- '*':
- test.ping
To configure a LDAP group, append a % to the ID:
external_auth:
ldap:
test_ldap_group%:
- '*':
- test.echo
In addition, if there are a set of computers in the directory service that should be part of the eAuth
definition, they can be specified like this:
external_auth:
ldap:
test_ldap_group%:
- ldap('DC=corp,DC=example,DC=com'):
- test.echo
The string inside ldap() above is any valid LDAP/AD tree limiter. OU= in particular is permitted as long
as it would return a list of computer objects.
Peer Communication
Salt 0.9.0 introduced the capability for Salt minions to publish commands. The intent of this feature is
not for Salt minions to act as independent brokers one with another, but to allow Salt minions to pass
commands to each other.
In Salt 0.10.0 the ability to execute runners from the master was added. This allows for the master to
return collective data from runners back to the minions via the peer interface.
The peer interface is configured through two options in the master configuration file. For minions to
send commands from the master the peer configuration is used. To allow for minions to execute runners
from the master the peer_run configuration is used.
Since this presents a viable security risk by allowing minions access to the master publisher the
capability is turned off by default. The minions can be allowed access to the master publisher on a per
minion basis based on regular expressions. Minions with specific ids can be allowed access to certain
Salt modules and functions.
Peer Configuration
The configuration is done under the peer setting in the Salt master configuration file, here are a number
of configuration possibilities.
The simplest approach is to enable all communication for all minions, this is only recommended for very
secure environments.
peer:
.*:
- .*
This configuration will allow minions with IDs ending in example.com access to the test, ps, and pkg
module functions.
peer:
.*example.com:
- test.*
- ps.*
- pkg.*
The configuration logic is simple, a regular expression is passed for matching minion ids, and then a
list of expressions matching minion functions is associated with the named minion. For instance, this
configuration will also allow minions ending with foo.org access to the publisher.
peer:
.*example.com:
- test.*
- ps.*
- pkg.*
.*foo.org:
- test.*
- ps.*
- pkg.*
NOTE:
Functions are matched using regular expressions.
Peer Runner Communication
Configuration to allow minions to execute runners from the master is done via the peer_run option on the
master. The peer_run configuration follows the same logic as the peer option. The only difference is that
access is granted to runner modules.
To open up access to all minions to all runners:
peer_run:
.*:
- .*
This configuration will allow minions with IDs ending in example.com access to the manage and jobs runner
functions.
peer_run:
.*example.com:
- manage.*
- jobs.*
NOTE:
Functions are matched using regular expressions.
Using Peer Communication
The publish module was created to manage peer communication. The publish module comes with a number of
functions to execute peer communication in different ways. Currently there are three functions in the
publish module. These examples will show how to test the peer system via the salt-call command.
To execute test.ping on all minions:
# salt-call publish.publish \* test.ping
To execute the manage.up runner:
# salt-call publish.runner manage.up
To match minions using other matchers, use tgt_type:
# salt-call publish.publish 'webserv* and not G@os:Ubuntu' test.ping tgt_type='compound'
NOTE:
In pre-2017.7.0 releases, use expr_form instead of tgt_type.
When to Use Each Authentication System
publisher_acl is useful for allowing local system users to run Salt commands without giving them root
access. If you can log into the Salt master directly, then publisher_acl allows you to use Salt without
root privileges. If the local system is configured to authenticate against a remote system, like LDAP or
Active Directory, then publisher_acl will interact with the remote system transparently.
external_auth is useful for salt-api or for making your own scripts that use Salt's Python API. It can be
used at the CLI (with the -a flag) but it is more cumbersome as there are more steps involved. The only
time it is useful at the CLI is when the local system is not configured to authenticate against an
external service but you still want Salt to authenticate against an external service.
Examples
The access controls are manifested using matchers in these configurations:
publisher_acl:
fred:
- web\*:
- pkg.list_pkgs
- test.*
- apache.*
In the above example, fred is able to send commands only to minions which match the specified glob
target. This can be expanded to include other functions for other minions based on standard targets (all
matchers are supported except the compound one).
external_auth:
pam:
dave:
- test.ping
- mongo\*:
- network.*
- log\*:
- network.*
- pkg.*
- 'G@os:RedHat':
- kmod.*
steve:
- .*
The above allows for all minions to be hit by test.ping by dave, and adds a few functions that dave can
execute on other minions. It also allows steve unrestricted access to salt commands.
NOTE:
Functions are matched using regular expressions.
Job Management
New in version 0.9.7.
Since Salt executes jobs running on many systems, Salt needs to be able to manage jobs running on many
systems.
The Minion proc System
Salt Minions maintain a proc directory in the Salt cachedir. The proc directory maintains files named
after the executed job ID. These files contain the information about the current running jobs on the
minion and allow for jobs to be looked up. This is located in the proc directory under the cachedir, with
a default configuration it is under /var/cache/salt/proc.
Functions in the saltutil Module
Salt 0.9.7 introduced a few new functions to the saltutil module for managing jobs. These functions are:
1. running Returns the data of all running jobs that are found in the proc directory.
2. find_job Returns specific data about a certain job based on job id.
3. signal_job Allows for a given jid to be sent a signal.
4. term_job Sends a termination signal (SIGTERM, 15) to the process controlling the specified job.
5. kill_job Sends a kill signal (SIGKILL, 9) to the process controlling the specified job.
These functions make up the core of the back end used to manage jobs at the minion level.
The jobs Runner
A convenience runner front end and reporting system has been added as well. The jobs runner contains
functions to make viewing data easier and cleaner.
The jobs runner contains a number of functions...
active
The active function runs saltutil.running on all minions and formats the return data about all running
jobs in a much more usable and compact format. The active function will also compare jobs that have
returned and jobs that are still running, making it easier to see what systems have completed a job and
what systems are still being waited on.
# salt-run jobs.active
lookup_jid
When jobs are executed the return data is sent back to the master and cached. By default it is cached
for 24 hours, but this can be configured via the keep_jobs option in the master configuration. Using the
lookup_jid runner will display the same return data that the initial job invocation with the salt command
would display.
# salt-run jobs.lookup_jid <job id number>
list_jobs
Before finding a historic job, it may be required to find the job id. list_jobs will parse the cached
execution data and display all of the job data for jobs that have already, or partially returned.
# salt-run jobs.list_jobs
Scheduling Jobs
Salt's scheduling system allows incremental executions on minions or the master. The schedule system
exposes the execution of any execution function on minions or any runner on the master.
Scheduling can be enabled by multiple methods:
• schedule option in either the master or minion config files. These require the master or minion
application to be restarted in order for the schedule to be implemented.
• Minion pillar data. Schedule is implemented by refreshing the minion's pillar data, for example by
using saltutil.refresh_pillar.
• The schedule state or schedule module
NOTE:
The scheduler executes different functions on the master and minions. When running on the master the
functions reference runner functions, when running on the minion the functions specify execution
functions.
A scheduled run has no output on the minion unless the config is set to info level or higher. Refer to
minion-logging-settings.
States are executed on the minion, as all states are. You can pass positional arguments and provide a
YAML dict of named arguments.
schedule:
job1:
function: state.sls
seconds: 3600
args:
- httpd
kwargs:
test: True
This will schedule the command: state.sls httpd test=True every 3600 seconds (every hour).
schedule:
job1:
function: state.sls
seconds: 3600
args:
- httpd
kwargs:
test: True
splay: 15
This will schedule the command: state.sls httpd test=True every 3600 seconds (every hour) splaying the
time between 0 and 15 seconds.
schedule:
job1:
function: state.sls
seconds: 3600
args:
- httpd
kwargs:
test: True
splay:
start: 10
end: 15
This will schedule the command: state.sls httpd test=True every 3600 seconds (every hour) splaying the
time between 10 and 15 seconds.
Schedule by Date and Time
New in version 2014.7.0.
Frequency of jobs can also be specified using date strings supported by the Python dateutil library. This
requires the Python dateutil library to be installed.
schedule:
job1:
function: state.sls
args:
- httpd
kwargs:
test: True
when: 5:00pm
This will schedule the command: state.sls httpd test=True at 5:00 PM minion localtime.
schedule:
job1:
function: state.sls
args:
- httpd
kwargs:
test: True
when:
- Monday 5:00pm
- Tuesday 3:00pm
- Wednesday 5:00pm
- Thursday 3:00pm
- Friday 5:00pm
This will schedule the command: state.sls httpd test=True at 5:00 PM on Monday, Wednesday and Friday, and
3:00 PM on Tuesday and Thursday.
schedule:
job1:
function: state.sls
seconds: 3600
args:
- httpd
kwargs:
test: True
range:
start: 8:00am
end: 5:00pm
This will schedule the command: state.sls httpd test=True every 3600 seconds (every hour) between the
hours of 8:00 AM and 5:00 PM. The range parameter must be a dictionary with the date strings using the
dateutil format.
schedule:
job1:
function: state.sls
seconds: 3600
args:
- httpd
kwargs:
test: True
range:
invert: True
start: 8:00am
end: 5:00pm
Using the invert option for range, this will schedule the command state.sls httpd test=True every 3600
seconds (every hour) until the current time is between the hours of 8:00 AM and 5:00 PM. The range
parameter must be a dictionary with the date strings using the dateutil format.
schedule:
job1:
function: pkg.install
kwargs:
pkgs: [{'bar': '>1.2.3'}]
refresh: true
once: '2016-01-07T14:30:00'
This will schedule the function pkg.install to be executed once at the specified time. The schedule entry
job1 will not be removed after the job completes, therefore use schedule.delete to manually remove it
afterwards.
The default date format is ISO 8601 but can be overridden by also specifying the once_fmt option, like
this:
schedule:
job1:
function: test.ping
once: 2015-04-22T20:21:00
once_fmt: '%Y-%m-%dT%H:%M:%S'
Maximum Parallel Jobs Running
New in version 2014.7.0.
The scheduler also supports ensuring that there are no more than N copies of a particular routine
running. Use this for jobs that may be long-running and could step on each other or pile up in case of
infrastructure outage.
The default for maxrunning is 1.
schedule:
long_running_job:
function: big_file_transfer
jid_include: True
maxrunning: 1
Cron-like Schedule
New in version 2014.7.0.
schedule:
job1:
function: state.sls
cron: '*/15 * * * *'
args:
- httpd
kwargs:
test: True
The scheduler also supports scheduling jobs using a cron like format. This requires the Python croniter
library.
Job Data Return
New in version 2015.5.0.
By default, data about jobs runs from the Salt scheduler is returned to the master. Setting the
return_job parameter to False will prevent the data from being sent back to the Salt master.
schedule:
job1:
function: scheduled_job_function
return_job: False
Job Metadata
New in version 2015.5.0.
It can be useful to include specific data to differentiate a job from other jobs. Using the metadata
parameter special values can be associated with a scheduled job. These values are not used in the
execution of the job, but can be used to search for specific jobs later if combined with the return_job
parameter. The metadata parameter must be specified as a dictionary, othewise it will be ignored.
schedule:
job1:
function: scheduled_job_function
metadata:
foo: bar
Run on Start
New in version 2015.5.0.
By default, any job scheduled based on the startup time of the minion will run the scheduled job when the
minion starts up. Sometimes this is not the desired situation. Using the run_on_start parameter set to
False will cause the scheduler to skip this first run and wait until the next scheduled run:
schedule:
job1:
function: state.sls
seconds: 3600
run_on_start: False
args:
- httpd
kwargs:
test: True
Until and After
New in version 2015.8.0.
schedule:
job1:
function: state.sls
seconds: 15
until: '12/31/2015 11:59pm'
args:
- httpd
kwargs:
test: True
Using the until argument, the Salt scheduler allows you to specify an end time for a scheduled job. If
this argument is specified, jobs will not run once the specified time has passed. Time should be
specified in a format supported by the dateutil library. This requires the Python dateutil library to be
installed.
New in version 2015.8.0.
schedule:
job1:
function: state.sls
seconds: 15
after: '12/31/2015 11:59pm'
args:
- httpd
kwargs:
test: True
Using the after argument, the Salt scheduler allows you to specify an start time for a scheduled job. If
this argument is specified, jobs will not run until the specified time has passed. Time should be
specified in a format supported by the dateutil library. This requires the Python dateutil library to be
installed.
Scheduling States
schedule:
log-loadavg:
function: cmd.run
seconds: 3660
args:
- 'logger -t salt < /proc/loadavg'
kwargs:
stateful: False
shell: /bin/sh
Scheduling Highstates
To set up a highstate to run on a minion every 60 minutes set this in the minion config or pillar:
schedule:
highstate:
function: state.highstate
minutes: 60
Time intervals can be specified as seconds, minutes, hours, or days.
Scheduling Runners
Runner executions can also be specified on the master within the master configuration file:
schedule:
run_my_orch:
function: state.orchestrate
hours: 6
splay: 600
args:
- orchestration.my_orch
The above configuration is analogous to running salt-run state.orch orchestration.my_orch every 6 hours.
Scheduler With Returner
The scheduler is also useful for tasks like gathering monitoring data about a minion, this schedule
option will gather status data and send it to a MySQL returner database:
schedule:
uptime:
function: status.uptime
seconds: 60
returner: mysql
meminfo:
function: status.meminfo
minutes: 5
returner: mysql
Since specifying the returner repeatedly can be tiresome, the schedule_returner option is available to
specify one or a list of global returners to be used by the minions when scheduling.
Managing the Job Cache
The Salt Master maintains a job cache of all job executions which can be queried via the jobs runner.
This job cache is called the Default Job Cache.
Default Job Cache
A number of options are available when configuring the job cache. The default caching system uses local
storage on the Salt Master and can be found in the job cache directory (on Linux systems this is
typically /var/cache/salt/master/jobs). The default caching system is suitable for most deployments as it
does not typically require any further configuration or management.
The default job cache is a temporary cache and jobs will be stored for 24 hours. If the default cache
needs to store jobs for a different period the time can be easily adjusted by changing the keep_jobs
parameter in the Salt Master configuration file. The value passed in is measured via hours:
keep_jobs: 24
Reducing the Size of the Default Job Cache
The Default Job Cache can sometimes be a burden on larger deployments (over 5000 minions). Disabling the
job cache will make previously executed jobs unavailable to the jobs system and is not generally
recommended. Normally it is wise to make sure the master has access to a faster IO system or a tmpfs is
mounted to the jobs dir.
However, you can disable the job_cache by setting it to False in the Salt Master configuration file.
Setting this value to False means that the Salt Master will no longer cache minion returns, but a JID
directory and jid file for each job will still be created. This JID directory is necessary for checking
for and preventing JID collisions.
The default location for the job cache is in the /var/cache/salt/master/jobs/ directory.
Setting the job_cache` to False in addition to setting the keep_jobs option to a smaller value, such as
1, in the Salt Master configuration file will reduce the size of the Default Job Cache, and thus the
burden on the Salt Master.
NOTE:
Changing the keep_jobs option sets the number of hours to keep old job information and defaults to 24
hours. Do not set this value to 0 when trying to make the cache cleaner run more frequently, as this
means the cache cleaner will never run.
Additional Job Cache Options
Many deployments may wish to use an external database to maintain a long term register of executed jobs.
Salt comes with two main mechanisms to do this, the master job cache and the external job cache.
See Storing Job Results in an External System.
Storing Job Results in an External System
After a job executes, job results are returned to the Salt Master by each Salt Minion. These results are
stored in the Default Job Cache.
In addition to the Default Job Cache, Salt provides two additional mechanisms to send job results to
other systems (databases, local syslog, and others):
• External Job Cache
• Master Job Cache
The major difference between these two mechanism is from where results are returned (from the Salt Master
or Salt Minion). Configuring either of these options will also make the Jobs Runner functions to
automatically query the remote stores for infomation.
External Job Cache - Minion-Side Returner
When an External Job Cache is configured, data is returned to the Default Job Cache on the Salt Master
like usual, and then results are also sent to an External Job Cache using a Salt returner module running
on the Salt Minion. [image]
• Advantages: Data is stored without placing additional load on the Salt Master.
• Disadvantages: Each Salt Minion connects to the external job cache, which can result in a large number
of connections. Also requires additional configuration to get returner module settings on all Salt
Minions.
Master Job Cache - Master-Side Returner
New in version 2014.7.0.
Instead of configuring an External Job Cache on each Salt Minion, you can configure the Master Job Cache
to send job results from the Salt Master instead. In this configuration, Salt Minions send data to the
Default Job Cache as usual, and then the Salt Master sends the data to the external system using a Salt
returner module running on the Salt Master. [image]
• Advantages: A single connection is required to the external system. This is preferred for databases and
similar systems.
• Disadvantages: Places additional load on your Salt Master.
Configure an External or Master Job Cache
Step 1: Understand Salt Returners
Before you configure a job cache, it is essential to understand Salt returner modules ("returners").
Returners are pluggable Salt Modules that take the data returned by jobs, and then perform any necessary
steps to send the data to an external system. For example, a returner might establish a connection,
authenticate, and then format and transfer data.
The Salt Returner system provides the core functionality used by the External and Master Job Cache
systems, and the same returners are used by both systems.
Salt currently provides many different returners that let you connect to a wide variety of systems. A
complete list is available at all Salt returners. Each returner is configured differently, so make sure
you read and follow the instructions linked from that page.
For example, the MySQL returner requires:
• A database created using provided schema (structure is available at MySQL returner)
• A user created with privileges to the database
• Optional SSL configuration
A simpler returner, such as Slack or HipChat, requires:
• An API key/version
• The target channel/room
• The username that should be used to send the message
Step 2: Configure the Returner
After you understand the configuration and have the external system ready, the configuration requirements
must be declared.
External Job Cache
The returner configuration settings can be declared in the Salt Minion configuration file, the Minion's
pillar data, or the Minion's grains.
If external_job_cache configuration settings are specified in more than one place, the options are
retrieved in the following order. The first configuration location that is found is the one that will be
used.
• Minion configuration file
• Minion's grains
• Minion's pillar data
Master Job Cache
The returner configuration settings for the Master Job Cache should be declared in the Salt Master's
configuration file.
Configuration File Examples
MySQL requires:
mysql.host: 'salt'
mysql.user: 'salt'
mysql.pass: 'salt'
mysql.db: 'salt'
mysql.port: 3306
Slack requires:
slack.channel: 'channel'
slack.api_key: 'key'
slack.from_name: 'name'
After you have configured the returner and added settings to the configuration file, you can enable the
External or Master Job Cache.
Step 3: Enable the External or Master Job Cache
Configuration is a single line that specifies an already-configured returner to use to send all job data
to an external system.
External Job Cache
To enable a returner as the External Job Cache (Minion-side), add the following line to the Salt Master
configuration file:
ext_job_cache: <returner>
For example:
ext_job_cache: mysql
NOTE:
When configuring an External Job Cache (Minion-side), the returner settings are added to the Minion
configuration file, but the External Job Cache setting is configured in the Master configuration file.
Master Job Cache
To enable a returner as a Master Job Cache (Master-side), add the following line to the Salt Master
configuration file:
master_job_cache: <returner>
For example:
master_job_cache: mysql
Verify that the returner configuration settings are in the Master configuration file, and be sure to
restart the salt-master service after you make configuration changes. (service salt-master restart).
Logging
The salt project tries to get the logging to work for you and help us solve any issues you might find
along the way.
If you want to get some more information on the nitty-gritty of salt's logging system, please head over
to the logging development document, if all you're after is salt's logging configurations, please
continue reading.
Log Levels
The log levels are ordered numerically such that setting the log level to a specific level will record
all log statements at that level and higher. For example, setting log_level: error will log statements
at error, critical, and quiet levels, although nothing should be logged at quiet level.
Most of the logging levels are defined by default in Python's logging library and can be found in the
official Python documentation. Salt uses some more levels in addition to the standard levels. All
levels available in salt are shown in the table below.
NOTE:
Python dependencies used by salt may define and use additional logging levels. For example, the
Python 2 version of the multiprocessing standard Python library uses the levels subwarning, 25 and
subdebug, 5.
┌──────────┬───────────────┬──────────────────────────────┐
│ Level │ Numeric value │ Description │
├──────────┼───────────────┼──────────────────────────────┤
│ quiet │ 1000 │ Nothing should be logged at │
│ │ │ this level │
├──────────┼───────────────┼──────────────────────────────┤
│ critical │ 50 │ Critical errors │
├──────────┼───────────────┼──────────────────────────────┤
│ error │ 40 │ Errors │
├──────────┼───────────────┼──────────────────────────────┤
│ warning │ 30 │ Warnings │
├──────────┼───────────────┼──────────────────────────────┤
│ info │ 20 │ Normal log information │
├──────────┼───────────────┼──────────────────────────────┤
│ profile │ 15 │ Profiling information on │
│ │ │ salt performance │
├──────────┼───────────────┼──────────────────────────────┤
│ debug │ 10 │ Information useful for │
│ │ │ debugging both salt │
│ │ │ implementations and salt │
│ │ │ code │
├──────────┼───────────────┼──────────────────────────────┤
│ trace │ 5 │ More detailed code debugging │
│ │ │ information │
├──────────┼───────────────┼──────────────────────────────┤
│ garbage │ 1 │ Even more debugging │
│ │ │ information │
├──────────┼───────────────┼──────────────────────────────┤
│ all │ 0 │ Everything │
└──────────┴───────────────┴──────────────────────────────┘
Available Configuration Settings
log_file
The log records can be sent to a regular file, local path name, or network location. Remote logging
works best when configured to use rsyslogd(8) (e.g.: file:///dev/log), with rsyslogd(8) configured for
network logging. The format for remote addresses is:
<file|udp|tcp>://<host|socketpath>:<port-if-required>/<log-facility>. Where log-facility is the symbolic
name of a syslog facility as defined in the SysLogHandler documentation . It defaults to LOG_USER.
Default: Dependent of the binary being executed, for example, for salt-master, /var/log/salt/master.
Examples:
log_file: /var/log/salt/master
log_file: /var/log/salt/minion
log_file: file:///dev/log
log_file: file:///dev/log/LOG_DAEMON
log_file: udp://loghost:10514
log_level
Default: warning
The level of log record messages to send to the console. One of all, garbage, trace, debug, profile,
info, warning, error, critical, quiet.
log_level: warning
NOTE:
Add log_level: quiet in salt configuration file to completely disable logging. In case of running salt
in command line use --log-level=quiet instead.
log_level_logfile
Default: info
The level of messages to send to the log file. One of all, garbage, trace, debug, profile, info, warning,
error, critical, quiet.
log_level_logfile: warning
log_datefmt
Default: %H:%M:%S
The date and time format used in console log messages. Allowed date/time formatting can be seen on
time.strftime.
log_datefmt: '%H:%M:%S'
log_datefmt_logfile
Default: %Y-%m-%d %H:%M:%S
The date and time format used in log file messages. Allowed date/time formatting can be seen on
time.strftime.
log_datefmt_logfile: '%Y-%m-%d %H:%M:%S'
log_fmt_console
Default: [%(levelname)-8s] %(message)s
The format of the console logging messages. All standard python logging LogRecord attributes can be used.
Salt also provides these custom LogRecord attributes to colorize console log output:
'%(colorlevel)s' # log level name colorized by level
'%(colorname)s' # colorized module name
'%(colorprocess)s' # colorized process number
'%(colormsg)s' # log message colorized by level
NOTE:
The %(colorlevel)s, %(colorname)s, and %(colorprocess) LogRecord attributes also include padding and
enclosing brackets, [ and ] to match the default values of their collateral non-colorized LogRecord
attributes.
log_fmt_console: '[%(levelname)-8s] %(message)s'
log_fmt_logfile
Default: %(asctime)s,%(msecs)03d [%(name)-17s][%(levelname)-8s] %(message)s
The format of the log file logging messages. All standard python logging LogRecord attributes can be
used. Salt also provides these custom LogRecord attributes that include padding and enclosing brackets [
and ]:
'%(bracketlevel)s' # equivalent to [%(levelname)-8s]
'%(bracketname)s' # equivalent to [%(name)-17s]
'%(bracketprocess)s' # equivalent to [%(process)5s]
log_fmt_logfile: '%(asctime)s,%(msecs)03d [%(name)-17s][%(levelname)-8s] %(message)s'
log_granular_levels
Default: {}
This can be used to control logging levels more specifically, based on log call name. The example sets
the main salt library at the 'warning' level, sets salt.modules to log at the debug level, and sets a
custom module to the all level:
log_granular_levels:
'salt': 'warning'
'salt.modules': 'debug'
'salt.loader.saltmaster.ext.module.custom_module': 'all'
External Logging Handlers
Besides the internal logging handlers used by salt, there are some external which can be used, see the
external logging handlers document.
Salt File Server
Salt comes with a simple file server suitable for distributing files to the Salt minions. The file server
is a stateless ZeroMQ server that is built into the Salt master.
The main intent of the Salt file server is to present files for use in the Salt state system. With this
said, the Salt file server can be used for any general file transfer from the master to the minions.
File Server Backends
In Salt 0.12.0, the modular fileserver was introduced. This feature added the ability for the Salt Master
to integrate different file server backends. File server backends allow the Salt file server to act as a
transparent bridge to external resources. A good example of this is the git backend, which allows Salt to
serve files sourced from one or more git repositories, but there are several others as well. Click here
for a full list of Salt's fileserver backends.
Enabling a Fileserver Backend
Fileserver backends can be enabled with the fileserver_backend option.
fileserver_backend:
- git
See the documentation for each backend to find the correct value to add to fileserver_backend in order to
enable them.
Using Multiple Backends
If fileserver_backend is not defined in the Master config file, Salt will use the roots backend, but the
fileserver_backend option supports multiple backends. When more than one backend is in use, the files
from the enabled backends are merged into a single virtual filesystem. When a file is requested, the
backends will be searched in order for that file, and the first backend to match will be the one which
returns the file.
fileserver_backend:
- roots
- git
With this configuration, the environments and files defined in the file_roots parameter will be searched
first, and if the file is not found then the git repositories defined in gitfs_remotes will be searched.
Defining Environments
Just as the order of the values in fileserver_backend matters, so too does the order in which different
sources are defined within a fileserver environment. For example, given the below file_roots
configuration, if both /srv/salt/dev/foo.txt and /srv/salt/prod/foo.txt exist on the Master, then
salt://foo.txt would point to /srv/salt/dev/foo.txt in the dev environment, but it would point to
/srv/salt/prod/foo.txt in the base environment.
file_roots:
base:
- /srv/salt/prod
qa:
- /srv/salt/qa
- /srv/salt/prod
dev:
- /srv/salt/dev
- /srv/salt/qa
- /srv/salt/prod
Similarly, when using the git backend, if both repositories defined below have a hotfix23 branch/tag, and
both of them also contain the file bar.txt in the root of the repository at that branch/tag, then
salt://bar.txt in the hotfix23 environment would be served from the first repository.
gitfs_remotes:
- https://mydomain.tld/repos/first.git
- https://mydomain.tld/repos/second.git
NOTE:
Environments map differently based on the fileserver backend. For instance, the mappings are
explicitly defined in roots backend, while in the VCS backends (git, hg, svn) the environments are
created from branches/tags/bookmarks/etc. For the minion backend, the files are all in a single
environment, which is specified by the minionfs_env option.
See the documentation for each backend for a more detailed explanation of how environments are mapped.
Dynamic Module Distribution
New in version 0.9.5.
Custom Salt execution, state, and other modules can be distributed to Salt minions using the Salt file
server.
Under the root of any environment defined via the file_roots option on the master server directories
corresponding to the type of module can be used.
The directories are prepended with an underscore:
• _beacons
• _clouds
• _engines
• _grains
• _modules
• _output
• _proxy
• _renderers
• _returners
• _states
• _tops
• _utils
The contents of these directories need to be synced over to the minions after Python modules have been
created in them. There are a number of ways to sync the modules.
Sync Via States
The minion configuration contains an option autoload_dynamic_modules which defaults to True. This option
makes the state system refresh all dynamic modules when states are run. To disable this behavior set
autoload_dynamic_modules to False in the minion config.
When dynamic modules are autoloaded via states, modules only pertinent to the environments matched in the
master's top file are downloaded.
This is important to remember, because modules can be manually loaded from any specific environment that
environment specific modules will be loaded when a state run is executed.
Sync Via the saltutil Module
The saltutil module has a number of functions that can be used to sync all or specific dynamic modules.
The saltutil module function saltutil.sync_all will sync all module types over to a minion. For more
information see: salt.modules.saltutil
Requesting Files from Specific Environments
The Salt fileserver supports multiple environments, allowing for SLS files and other files to be isolated
for better organization.
For the default backend (called roots), environments are defined using the roots option. Other backends
(such as gitfs) define environments in their own ways. For a list of available fileserver backends, see
here.
Querystring Syntax
Any salt:// file URL can specify its fileserver environment using a querystring syntax, like so:
salt://path/to/file?saltenv=foo
In Reactor configurations, this method must be used to pull files from an environment other than base.
In States
Minions can be instructed which environment to use both globally, and for a single state, and multiple
methods for each are available:
Globally
A minion can be pinned to an environment using the environment option in the minion config file.
Additionally, the environment can be set for a single call to the following functions:
• state.apply
• state.highstate
• state.sls
• state.top
NOTE:
When the saltenv parameter is used to trigger a highstate using either state.apply or state.highstate,
only states from that environment will be applied.
On a Per-State Basis
Within an individual state, there are two ways of specifying the environment. The first is to add a
saltenv argument to the state. This example will pull the file from the config environment:
/etc/foo/bar.conf:
file.managed:
- source: salt://foo/bar.conf
- user: foo
- mode: 600
- saltenv: config
Another way of doing the same thing is to use the querystring syntax described above:
/etc/foo/bar.conf:
file.managed:
- source: salt://foo/bar.conf?saltenv=config
- user: foo
- mode: 600
NOTE:
Specifying the environment using either of the above methods is only necessary in cases where a state
from one environment needs to access files from another environment. If the SLS file containing this
state was in the config environment, then it would look in that environment by default.
File Server Configuration
The Salt file server is a high performance file server written in ZeroMQ. It manages large files quickly
and with little overhead, and has been optimized to handle small files in an extremely efficient manner.
The Salt file server is an environment aware file server. This means that files can be allocated within
many root directories and accessed by specifying both the file path and the environment to search. The
individual environments can span across multiple directory roots to create overlays and to allow for
files to be organized in many flexible ways.
Environments
The Salt file server defaults to the mandatory base environment. This environment MUST be defined and is
used to download files when no environment is specified.
Environments allow for files and sls data to be logically separated, but environments are not isolated
from each other. This allows for logical isolation of environments by the engineer using Salt, but also
allows for information to be used in multiple environments.
Directory Overlay
The environment setting is a list of directories to publish files from. These directories are searched
in order to find the specified file and the first file found is returned.
This means that directory data is prioritized based on the order in which they are listed. In the case of
this file_roots configuration:
file_roots:
base:
- /srv/salt/base
- /srv/salt/failover
If a file's URI is salt://httpd/httpd.conf, it will first search for the file at
/srv/salt/base/httpd/httpd.conf. If the file is found there it will be returned. If the file is not found
there, then /srv/salt/failover/httpd/httpd.conf will be used for the source.
This allows for directories to be overlaid and prioritized based on the order they are defined in the
configuration.
It is also possible to have file_roots which supports multiple environments:
file_roots:
base:
- /srv/salt/base
dev:
- /srv/salt/dev
- /srv/salt/base
prod:
- /srv/salt/prod
- /srv/salt/base
This example ensures that each environment will check the associated environment directory for files
first. If a file is not found in the appropriate directory, the system will default to using the base
directory.
Local File Server
New in version 0.9.8.
The file server can be rerouted to run from the minion. This is primarily to enable running Salt states
without a Salt master. To use the local file server interface, copy the file server data to the minion
and set the file_roots option on the minion to point to the directories copied from the master. Once the
minion file_roots option has been set, change the file_client option to local to make sure that the local
file server interface is used.
The cp Module
The cp module is the home of minion side file server operations. The cp module is used by the Salt state
system, salt-cp, and can be used to distribute files presented by the Salt file server.
Escaping Special Characters
The salt:// url format can potentially contain a query string, for example
salt://dir/file.txt?saltenv=base. You can prevent the fileclient/fileserver from interpreting ? as the
initial token of a query string by referencing the file with salt://| rather than salt://.
/etc/marathon/conf/?checkpoint:
file.managed:
- source: salt://|hw/config/?checkpoint
- makedirs: True
Environments
Since the file server is made to work with the Salt state system, it supports environments. The
environments are defined in the master config file and when referencing an environment the file specified
will be based on the root directory of the environment.
get_file
The cp.get_file function can be used on the minion to download a file from the master, the syntax looks
like this:
# salt '*' cp.get_file salt://vimrc /etc/vimrc
This will instruct all Salt minions to download the vimrc file and copy it to /etc/vimrc
Template rendering can be enabled on both the source and destination file names like so:
# salt '*' cp.get_file "salt://{{grains.os}}/vimrc" /etc/vimrc template=jinja
This example would instruct all Salt minions to download the vimrc from a directory with the same name as
their OS grain and copy it to /etc/vimrc
For larger files, the cp.get_file module also supports gzip compression. Because gzip is CPU-intensive,
this should only be used in scenarios where the compression ratio is very high (e.g. pretty-printed JSON
or YAML files).
To use compression, use the gzip named argument. Valid values are integers from 1 to 9, where 1 is the
lightest compression and 9 the heaviest. In other words, 1 uses the least CPU on the master (and minion),
while 9 uses the most.
# salt '*' cp.get_file salt://vimrc /etc/vimrc gzip=5
Finally, note that by default cp.get_file does not create new destination directories if they do not
exist. To change this, use the makedirs argument:
# salt '*' cp.get_file salt://vimrc /etc/vim/vimrc makedirs=True
In this example, /etc/vim/ would be created if it didn't already exist.
get_dir
The cp.get_dir function can be used on the minion to download an entire directory from the master. The
syntax is very similar to get_file:
# salt '*' cp.get_dir salt://etc/apache2 /etc
cp.get_dir supports template rendering and gzip compression arguments just like get_file:
# salt '*' cp.get_dir salt://etc/{{pillar.webserver}} /etc gzip=5 template=jinja
File Server Client Instance
A client instance is available which allows for modules and applications to be written which make use of
the Salt file server.
The file server uses the same authentication and encryption used by the rest of the Salt system for
network communication.
fileclient Module
The salt/fileclient.py module is used to set up the communication from the minion to the master. When
creating a client instance using the fileclient module, the minion configuration needs to be passed in.
When using the fileclient module from within a minion module the built in __opts__ data can be passed:
import salt.minion
import salt.fileclient
def get_file(path, dest, saltenv='base'):
'''
Used to get a single file from the Salt master
CLI Example:
salt '*' cp.get_file salt://vimrc /etc/vimrc
'''
# Get the fileclient object
client = salt.fileclient.get_file_client(__opts__)
# Call get_file
return client.get_file(path, dest, False, saltenv)
Creating a fileclient instance outside of a minion module where the __opts__ data is not available, it
needs to be generated:
import salt.fileclient
import salt.config
def get_file(path, dest, saltenv='base'):
'''
Used to get a single file from the Salt master
'''
# Get the configuration data
opts = salt.config.minion_config('/etc/salt/minion')
# Get the fileclient object
client = salt.fileclient.get_file_client(opts)
# Call get_file
return client.get_file(path, dest, False, saltenv)
Git Fileserver Backend Walkthrough
NOTE:
This walkthrough assumes basic knowledge of Salt. To get up to speed, check out the Salt Walkthrough.
The gitfs backend allows Salt to serve files from git repositories. It can be enabled by adding git to
the fileserver_backend list, and configuring one or more repositories in gitfs_remotes.
Branches and tags become Salt fileserver environments.
NOTE:
Branching and tagging can result in a lot of potentially-conflicting top files, for this reason it may
be useful to set top_file_merging_strategy to same in the minions' config files if the top files are
being managed in a GitFS repo.
Installing Dependencies
Both pygit2 and GitPython are supported Python interfaces to git. If compatible versions of both are
installed, pygit2 will be preferred. In these cases, GitPython can be forced using the gitfs_provider
parameter in the master config file.
NOTE:
It is recommended to always run the most recent version of any the below dependencies. Certain
features of GitFS may not be available without the most recent version of the chosen library.
pygit2
The minimum supported version of pygit2 is 0.20.3. Availability for this version of pygit2 is still
limited, though the SaltStack team is working to get compatible versions available for as many platforms
as possible.
For the Fedora/EPEL versions which have a new enough version packaged, the following command would be
used to install pygit2:
# yum install python-pygit2
Provided a valid version is packaged for Debian/Ubuntu (which is not currently the case), the package
name would be the same, and the following command would be used to install it:
# apt-get install python-pygit2
If pygit2 is not packaged for the platform on which the Master is running, the pygit2 website has
installation instructions here. Keep in mind however that following these instructions will install
libgit2 and pygit2 without system packages. Additionally, keep in mind that SSH authentication in pygit2
requires libssh2 (not libssh) development libraries to be present before libgit2 is built. On some
Debian-based distros pkg-config is also required to link libgit2 with libssh2.
If you are receiving the error "Unsupported URL Protocol" in the Salt Master
log when making a connection using SSH, review the libssh2 details listed
above.
Additionally, version 0.21.0 of pygit2 introduced a dependency on python-cffi, which in turn depends on
newer releases of libffi. Upgrading libffi is not advisable as several other applications depend on it,
so on older LTS linux releases pygit2 0.20.3 and libgit2 0.20.0 is the recommended combination.
WARNING:
pygit2 is actively developed and frequently makes non-backwards-compatible API changes, even in minor
releases. It is not uncommon for pygit2 upgrades to result in errors in Salt. Please take care when
upgrading pygit2, and pay close attention to the changelog, keeping an eye out for API changes. Errors
can be reported on the SaltStack issue tracker.
RedHat Pygit2 Issues
The release of RedHat/CentOS 7.3 upgraded both python-cffi and http-parser, both of which are
dependencies for pygit2/libgit2. Both pygit2 and libgit2 (which are from the EPEL repository and not
managed directly by RedHat) need to be rebuilt against these updated dependencies.
The below errors will show up in the master log if an incompatible python-pygit2 package is installed:
2017-02-10 09:07:34,892 [salt.utils.gitfs ][ERROR ][11211] Import pygit2 failed: CompileError: command 'gcc' failed with exit status 1
2017-02-10 09:07:34,907 [salt.utils.gitfs ][ERROR ][11211] gitfs is configured but could not be loaded, are pygit2 and libgit2 installed?
2017-02-10 09:07:34,907 [salt.utils.gitfs ][CRITICAL][11211] No suitable gitfs provider module is installed.
2017-02-10 09:07:34,912 [salt.master ][CRITICAL][11211] Master failed pre flight checks, exiting
The below errors will show up in the master log if an incompatible libgit2 package is installed:
2017-02-15 18:04:45,211 [salt.utils.gitfs ][ERROR ][6211] Error occurred fetching gitfs remote 'https://foo.com/bar.git': No Content-Type header in response
As of 15 February 2017, python-pygit2 has been rebuilt and is in the stable EPEL repository. However,
libgit2 remains broken (a bug report has been filed to get it rebuilt).
In the meantime, you can work around this by downgrading http-parser. To do this, go to this page and
download the appropriate http-parser RPM for the OS architecture you are using (x86_64, etc.). Then
downgrade using the rpm command. For example:
[root@784e8a8c5028 /]# curl --silent -O https://kojipkgs.fedoraproject.org//packages/http-parser/2.0/5.20121128gitcd01361.el7/x86_64/http-parser-2.0-5.20121128gitcd01361.el7.x86_64.rpm
[root@784e8a8c5028 /]# rpm -Uvh --oldpackage http-parser-2.0-5.20121128gitcd01361.el7.x86_64.rpm
Preparing... ################################# [100%]
Updating / installing...
1:http-parser-2.0-5.20121128gitcd01################################# [ 50%]
Cleaning up / removing...
2:http-parser-2.7.1-3.el7 ################################# [100%]
A restart of the salt-master daemon may be required to allow http(s) repositories to continue to be
fetched.
GitPython
GitPython 0.3.0 or newer is required to use GitPython for gitfs. For RHEL-based Linux distros, a
compatible version is available in EPEL, and can be easily installed on the master using yum:
# yum install GitPython
Ubuntu 14.04 LTS and Debian Wheezy (7.x) also have a compatible version packaged:
# apt-get install python-git
GitPython requires the git CLI utility to work. If installed from a system package, then git should
already be installed, but if installed via pip then it may still be necessary to install git separately.
For MacOS users, GitPython comes bundled in with the Salt installer, but git must still be installed for
it to work properly. Git can be installed in several ways, including by installing XCode.
WARNING:
Keep in mind that if GitPython has been previously installed on the master using pip (even if it was
subsequently uninstalled), then it may still exist in the build cache (typically
/tmp/pip-build-root/GitPython) if the cache is not cleared after installation. The package in the
build cache will override any requirement specifiers, so if you try upgrading to version 0.3.2.RC1 by
running pip install 'GitPython==0.3.2.RC1' then it will ignore this and simply install the version
from the cache directory. Therefore, it may be necessary to delete the GitPython directory from the
build cache in order to ensure that the specified version is installed.
WARNING:
GitPython 2.0.9 and newer is not compatible with Python 2.6. If installing GitPython using pip on a
machine running Python 2.6, make sure that a version earlier than 2.0.9 is installed. This can be done
on the CLI by running pip install 'GitPython<2.0.9', or in a pip.installed state using the following
SLS:
GitPython:
pip.installed:
- name: 'GitPython < 2.0.9'
Simple Configuration
To use the gitfs backend, only two configuration changes are required on the master:
1. Include git in the fileserver_backend list in the master config file:
fileserver_backend:
- git
2. Specify one or more git://, https://, file://, or ssh:// URLs in gitfs_remotes to configure which
repositories to cache and search for requested files:
gitfs_remotes:
- https://github.com/saltstack-formulas/salt-formula.git
SSH remotes can also be configured using scp-like syntax:
gitfs_remotes:
- git@github.com:user/repo.git
- ssh://user@domain.tld/path/to/repo.git
Information on how to authenticate to SSH remotes can be found here.
3. Restart the master to load the new configuration.
NOTE:
In a master/minion setup, files from a gitfs remote are cached once by the master, so minions do not
need direct access to the git repository.
Multiple Remotes
The gitfs_remotes option accepts an ordered list of git remotes to cache and search, in listed order, for
requested files.
A simple scenario illustrates this cascading lookup behavior:
If the gitfs_remotes option specifies three remotes:
gitfs_remotes:
- git://github.com/example/first.git
- https://github.com/example/second.git
- file:///root/third
And each repository contains some files:
first.git:
top.sls
edit/vim.sls
edit/vimrc
nginx/init.sls
second.git:
edit/dev_vimrc
haproxy/init.sls
third:
haproxy/haproxy.conf
edit/dev_vimrc
Salt will attempt to lookup the requested file from each gitfs remote repository in the order in which
they are defined in the configuration. The git://github.com/example/first.git remote will be searched
first. If the requested file is found, then it is served and no further searching is executed. For
example:
• A request for the file salt://haproxy/init.sls will be served from the
https://github.com/example/second.git git repo.
• A request for the file salt://haproxy/haproxy.conf will be served from the file:///root/third repo.
NOTE:
This example is purposefully contrived to illustrate the behavior of the gitfs backend. This example
should not be read as a recommended way to lay out files and git repos.
The file:// prefix denotes a git repository in a local directory. However, it will still use the
given file:// URL as a remote, rather than copying the git repo to the salt cache. This means that
any refs you want accessible must exist as local refs in the specified repo.
WARNING:
Salt versions prior to 2014.1.0 are not tolerant of changing the order of remotes or modifying the URI
of existing remotes. In those versions, when modifying remotes it is a good idea to remove the gitfs
cache directory (/var/cache/salt/master/gitfs) before restarting the salt-master service.
Per-remote Configuration Parameters
New in version 2014.7.0.
The following master config parameters are global (that is, they apply to all configured gitfs remotes):
• gitfs_base
• gitfs_root
• gitfs_ssl_verify
• gitfs_mountpoint (new in 2014.7.0)
• gitfs_user (pygit2 only, new in 2014.7.0)
• gitfs_password (pygit2 only, new in 2014.7.0)
• gitfs_insecure_auth (pygit2 only, new in 2014.7.0)
• gitfs_pubkey (pygit2 only, new in 2014.7.0)
• gitfs_privkey (pygit2 only, new in 2014.7.0)
• gitfs_passphrase (pygit2 only, new in 2014.7.0)
• gitfs_refspecs (new in 2017.7.0)
NOTE:
pygit2 only supports disabling SSL verification in versions 0.23.2 and newer.
These parameters can now be overridden on a per-remote basis. This allows for a tremendous amount of
customization. Here's some example usage:
gitfs_provider: pygit2
gitfs_base: develop
gitfs_remotes:
- https://foo.com/foo.git
- https://foo.com/bar.git:
- root: salt
- mountpoint: salt://bar
- base: salt-base
- ssl_verify: False
- https://foo.com/bar.git:
- name: second_bar_repo
- root: other/salt
- mountpoint: salt://other/bar
- base: salt-base
- http://foo.com/baz.git:
- root: salt/states
- user: joe
- password: mysupersecretpassword
- insecure_auth: True
IMPORTANT:
There are two important distinctions which should be noted for per-remote configuration:
1. The URL of a remote which has per-remote configuration must be suffixed with a colon.
2. Per-remote configuration parameters are named like the global versions, with the gitfs_ removed
from the beginning. The exception being the name and saltenv parameters, which are only available
to per-remote configurations.
In the example configuration above, the following is true:
1. The first and fourth gitfs remotes will use the develop branch/tag as the base environment, while the
second and third will use the salt-base branch/tag as the base environment.
2. The first remote will serve all files in the repository. The second remote will only serve files from
the salt directory (and its subdirectories). The third remote will only server files from the
other/salt directory (and its subdirectories), while the fourth remote will only serve files from the
salt/states directory (and its subdirectories).
3. The first and fourth remotes will have files located under the root of the Salt fileserver namespace
(salt://). The files from the second remote will be located under salt://bar, while the files from the
third remote will be located under salt://other/bar.
4. The second and third remotes reference the same repository and unique names need to be declared for
duplicate gitfs remotes.
5. The fourth remote overrides the default behavior of not authenticating to insecure (non-HTTPS)
remotes.
Per-Saltenv Configuration Parameters
New in version 2016.11.0.
For more granular control, Salt allows the following three things to be overridden for individual
saltenvs within a given repo:
• The mountpoint
• The root
• The branch/tag to be used for a given saltenv
Here is an example:
gitfs_root: salt
gitfs_saltenv:
- dev:
- mountpoint: salt://gitfs-dev
- ref: develop
gitfs_remotes:
- https://foo.com/bar.git:
- saltenv:
- staging:
- ref: qa
- mountpoint: salt://bar-staging
- dev:
- ref: development
- https://foo.com/baz.git:
- saltenv:
- staging:
- mountpoint: salt://baz-staging
Given the above configuration, the following is true:
1. For all gitfs remotes, files for the dev saltenv will be located under salt://gitfs-dev.
2. For the dev saltenv, files from the first remote will be sourced from the development branch, while
files from the second remote will be sourced from the develop branch.
3. For the staging saltenv, files from the first remote will be located under salt://bar-staging, while
files from the second remote will be located under salt://baz-staging.
4. For all gitfs remotes, and in all saltenvs, files will be served from the salt directory (and its
subdirectories).
Custom Refspecs
New in version 2017.7.0.
GitFS will by default fetch remote branches and tags. However, sometimes it can be useful to fetch custom
refs (such as those created for GitHub pull requests). To change the refspecs GitFS fetches, use the
gitfs_refspecs config option:
gitfs_refspecs:
- '+refs/heads/*:refs/remotes/origin/*'
- '+refs/tags/*:refs/tags/*'
- '+refs/pull/*/head:refs/remotes/origin/pr/*'
- '+refs/pull/*/merge:refs/remotes/origin/merge/*'
In the above example, in addition to fetching remote branches and tags, GitHub's custom refs for pull
requests and merged pull requests will also be fetched. These special head refs represent the head of the
branch which is requesting to be merged, and the merge refs represent the result of the base branch after
the merge.
IMPORTANT:
When using custom refspecs, the destination of the fetched refs must be under refs/remotes/origin/,
preferably in a subdirectory like in the example above. These custom refspecs will map as environment
names using their relative path underneath refs/remotes/origin/. For example, assuming the
configuration above, the head branch for pull request 12345 would map to fileserver environment
pr/12345 (slash included).
Refspecs can be configured on a per-remote basis. For example, the below configuration would only alter
the default refspecs for the second GitFS remote. The first remote would only fetch branches and tags
(the default).
gitfs_remotes:
- https://domain.tld/foo.git
- https://domain.tld/bar.git:
- refspecs:
- '+refs/heads/*:refs/remotes/origin/*'
- '+refs/tags/*:refs/tags/*'
- '+refs/pull/*/head:refs/remotes/origin/pr/*'
- '+refs/pull/*/merge:refs/remotes/origin/merge/*'
Configuration Order of Precedence
The order of precedence for GitFS configuration is as follows (each level overrides all levels below it):
1. Per-saltenv configuration (defined under a per-remote saltenv param)
gitfs_remotes:
- https://foo.com/bar.git:
- saltenv:
- dev:
- mountpoint: salt://bar
2. Global per-saltenv configuration (defined in gitfs_saltenv)
gitfs_saltenv:
- saltenv:
- dev:
- mountpoint: salt://bar
3. Per-remote configuration parameter
gitfs_remotes:
- https://foo.com/bar.git:
- mountpoint: salt://bar
4. Global configuration parameter
gitfs_mountpoint: salt://bar
Serving from a Subdirectory
The gitfs_root parameter allows files to be served from a subdirectory within the repository. This allows
for only part of a repository to be exposed to the Salt fileserver.
Assume the below layout:
.gitignore
README.txt
foo/
foo/bar/
foo/bar/one.txt
foo/bar/two.txt
foo/bar/three.txt
foo/baz/
foo/baz/top.sls
foo/baz/edit/vim.sls
foo/baz/edit/vimrc
foo/baz/nginx/init.sls
The below configuration would serve only the files under foo/baz, ignoring the other files in the
repository:
gitfs_remotes:
- git://mydomain.com/stuff.git
gitfs_root: foo/baz
The root can also be configured on a per-remote basis.
Mountpoints
New in version 2014.7.0.
The gitfs_mountpoint parameter will prepend the specified path to the files served from gitfs. This
allows an existing repository to be used, rather than needing to reorganize a repository or design it
around the layout of the Salt fileserver.
Before the addition of this feature, if a file being served up via gitfs was deeply nested within the
root directory (for example, salt://webapps/foo/files/foo.conf, it would be necessary to ensure that the
file was properly located in the remote repository, and that all of the parent directories were present
(for example, the directories webapps/foo/files/ would need to exist at the root of the repository).
The below example would allow for a file foo.conf at the root of the repository to be served up from the
Salt fileserver path salt://webapps/foo/files/foo.conf.
gitfs_remotes:
- https://mydomain.com/stuff.git
gitfs_mountpoint: salt://webapps/foo/files
Mountpoints can also be configured on a per-remote basis.
Using gitfs Alongside Other Backends
Sometimes it may make sense to use multiple backends; for instance, if sls files are stored in git but
larger files are stored directly on the master.
The cascading lookup logic used for multiple remotes is also used with multiple backends. If the
fileserver_backend option contains multiple backends:
fileserver_backend:
- roots
- git
Then the roots backend (the default backend of files in /srv/salt) will be searched first for the
requested file; then, if it is not found on the master, each configured git remote will be searched.
Branches, Environments, and Top Files
When using the GitFS backend, branches, and tags will be mapped to environments using the branch/tag name
as an identifier.
There is one exception to this rule: the master branch is implicitly mapped to the base environment.
So, for a typical base, qa, dev setup, the following branches could be used:
master
qa
dev
top.sls files from different branches will be merged into one at runtime. Since this can lead to overly
complex configurations, the recommended setup is to have a separate repository, containing only the
top.sls file with just one single master branch.
To map a branch other than master as the base environment, use the gitfs_base parameter.
gitfs_base: salt-base
The base can also be configured on a per-remote basis.
Environment Whitelist/Blacklist
New in version 2014.7.0.
The gitfs_env_whitelist and gitfs_env_blacklist parameters allow for greater control over which
branches/tags are exposed as fileserver environments. Exact matches, globs, and regular expressions are
supported, and are evaluated in that order. If using a regular expression, ^ and $ must be omitted, and
the expression must match the entire branch/tag.
gitfs_env_whitelist:
- base
- v1.*
- 'mybranch\d+'
NOTE:
v1.*, in this example, will match as both a glob and a regular expression (though it will have been
matched as a glob, since globs are evaluated before regular expressions).
The behavior of the blacklist/whitelist will differ depending on which combination of the two options is
used:
• If only gitfs_env_whitelist is used, then only branches/tags which match the whitelist will be
available as environments
• If only gitfs_env_blacklist is used, then the branches/tags which match the blacklist will not be
available as environments
• If both are used, then the branches/tags which match the whitelist, but do not match the blacklist,
will be available as environments.
Authentication
pygit2
New in version 2014.7.0.
Both HTTPS and SSH authentication are supported as of version 0.20.3, which is the earliest version of
pygit2 supported by Salt for gitfs.
NOTE:
The examples below make use of per-remote configuration parameters, a feature new to Salt 2014.7.0.
More information on these can be found here.
HTTPS
For HTTPS repositories which require authentication, the username and password can be provided like so:
gitfs_remotes:
- https://domain.tld/myrepo.git:
- user: git
- password: mypassword
If the repository is served over HTTP instead of HTTPS, then Salt will by default refuse to authenticate
to it. This behavior can be overridden by adding an insecure_auth parameter:
gitfs_remotes:
- http://domain.tld/insecure_repo.git:
- user: git
- password: mypassword
- insecure_auth: True
SSH
SSH repositories can be configured using the ssh:// protocol designation, or using scp-like syntax. So,
the following two configurations are equivalent:
• ssh://git@github.com/user/repo.git
• git@github.com:user/repo.git
Both gitfs_pubkey and gitfs_privkey (or their per-remote counterparts) must be configured in order to
authenticate to SSH-based repos. If the private key is protected with a passphrase, it can be configured
using gitfs_passphrase (or simply passphrase if being configured per-remote). For example:
gitfs_remotes:
- git@github.com:user/repo.git:
- pubkey: /root/.ssh/id_rsa.pub
- privkey: /root/.ssh/id_rsa
- passphrase: myawesomepassphrase
Finally, the SSH host key must be added to the known_hosts file.
NOTE:
There is a known issue with public-key SSH authentication to Microsoft Visual Studio (VSTS) with
pygit2. This is due to a bug or lack of support for VSTS in older libssh2 releases. Known working
releases include libssh2 1.7.0 and later, and known incompatible releases include 1.5.0 and older. At
the time of this writing, 1.6.0 has not been tested.
Since upgrading libssh2 would require rebuilding many other packages (curl, etc.), followed by a
rebuild of libgit2 and a reinstall of pygit2, an easier workaround for systems with older libssh2 is
to use GitPython with a passphraseless key for authentication.
GitPython
HTTPS
For HTTPS repositories which require authentication, the username and password can be configured in one
of two ways. The first way is to include them in the URL using the format
https://<user>:<password>@<url>, like so:
gitfs_remotes:
- https://git:mypassword@domain.tld/myrepo.git
The other way would be to configure the authentication in ~/.netrc:
machine domain.tld
login git
password mypassword
If the repository is served over HTTP instead of HTTPS, then Salt will by default refuse to authenticate
to it. This behavior can be overridden by adding an insecure_auth parameter:
gitfs_remotes:
- http://git:mypassword@domain.tld/insecure_repo.git:
- insecure_auth: True
SSH
Only passphrase-less SSH public key authentication is supported using GitPython. The auth parameters
(pubkey, privkey, etc.) shown in the pygit2 authentication examples above do not work with GitPython.
gitfs_remotes:
- ssh://git@github.com/example/salt-states.git
Since GitPython wraps the git CLI, the private key must be located in ~/.ssh/id_rsa for the user under
which the Master is running, and should have permissions of 0600. Also, in the absence of a user in the
repo URL, GitPython will (just as SSH does) attempt to login as the current user (in other words, the
user under which the Master is running, usually root).
If a key needs to be used, then ~/.ssh/config can be configured to use the desired key. Information on
how to do this can be found by viewing the manpage for ssh_config. Here's an example entry which can be
added to the ~/.ssh/config to use an alternate key for gitfs:
Host github.com
IdentityFile /root/.ssh/id_rsa_gitfs
The Host parameter should be a hostname (or hostname glob) that matches the domain name of the git
repository.
It is also necessary to add the SSH host key to the known_hosts file. The exception to this would be if
strict host key checking is disabled, which can be done by adding StrictHostKeyChecking no to the entry
in ~/.ssh/config
Host github.com
IdentityFile /root/.ssh/id_rsa_gitfs
StrictHostKeyChecking no
However, this is generally regarded as insecure, and is not recommended.
Adding the SSH Host Key to the known_hosts File
To use SSH authentication, it is necessary to have the remote repository's SSH host key in the
~/.ssh/known_hosts file. If the master is also a minion, this can be done using the ssh.set_known_host
function:
# salt mymaster ssh.set_known_host user=root hostname=github.com
mymaster:
----------
new:
----------
enc:
ssh-rsa
fingerprint:
16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
hostname:
|1|OiefWWqOD4kwO3BhoIGa0loR5AA=|BIXVtmcTbPER+68HvXmceodDcfI=
key:
AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
old:
None
status:
updated
If not, then the easiest way to add the key is to su to the user (usually root) under which the
salt-master runs and attempt to login to the server via SSH:
$ su -
Password:
# ssh github.com
The authenticity of host 'github.com (192.30.252.128)' can't be established.
RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'github.com,192.30.252.128' (RSA) to the list of known hosts.
Permission denied (publickey).
It doesn't matter if the login was successful, as answering yes will write the fingerprint to the
known_hosts file.
Verifying the Fingerprint
To verify that the correct fingerprint was added, it is a good idea to look it up. One way to do this is
to use nmap:
$ nmap -p 22 github.com --script ssh-hostkey
Starting Nmap 5.51 ( http://nmap.org ) at 2014-08-18 17:47 CDT
Nmap scan report for github.com (192.30.252.129)
Host is up (0.17s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
22/tcp open ssh
| ssh-hostkey: 1024 ad:1c:08:a4:40:e3:6f:9c:f5:66:26:5d:4b:33:5d:8c (DSA)
|_2048 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48 (RSA)
80/tcp open http
443/tcp open https
9418/tcp open git
Nmap done: 1 IP address (1 host up) scanned in 28.78 seconds
Another way is to check one's own known_hosts file, using this one-liner:
$ ssh-keygen -l -f /dev/stdin <<<`ssh-keyscan github.com 2>/dev/null` | awk '{print $2}'
16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
WARNING:
AWS tracks usage of nmap and may flag it as abuse. On AWS hosts, the ssh-keygen method is recommended
for host key verification.
NOTE:
As of OpenSSH 6.8 the SSH fingerprint is now shown as a base64-encoded SHA256 checksum of the host
key. So, instead of the fingerprint looking like 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48, it
would look like SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8.
Refreshing gitfs Upon Push
By default, Salt updates the remote fileserver backends every 60 seconds. However, if it is desirable to
refresh quicker than that, the Reactor System can be used to signal the master to update the fileserver
on each push, provided that the git server is also a Salt minion. There are three steps to this process:
1. On the master, create a file /srv/reactor/update_fileserver.sls, with the following contents:
update_fileserver:
runner.fileserver.update
2. Add the following reactor configuration to the master config file:
reactor:
- 'salt/fileserver/gitfs/update':
- /srv/reactor/update_fileserver.sls
3. On the git server, add a post-receive hook
a. If the user executing git push is the same as the minion user, use the following hook:
#!/usr/bin/env sh
salt-call event.fire_master update salt/fileserver/gitfs/update
b. To enable other git users to run the hook after a push, use sudo in the hook script:
#!/usr/bin/env sh
sudo -u root salt-call event.fire_master update salt/fileserver/gitfs/update
4. If using sudo in the git hook (above), the policy must be changed to permit all users to fire the
event. Add the following policy to the sudoers file on the git server.
Cmnd_Alias SALT_GIT_HOOK = /bin/salt-call event.fire_master update salt/fileserver/gitfs/update
Defaults!SALT_GIT_HOOK !requiretty
ALL ALL=(root) NOPASSWD: SALT_GIT_HOOK
The update argument right after event.fire_master in this example can really be anything, as it
represents the data being passed in the event, and the passed data is ignored by this reactor.
Similarly, the tag name salt/fileserver/gitfs/update can be replaced by anything, so long as the usage is
consistent.
The root user name in the hook script and sudo policy should be changed to match the user under which the
minion is running.
Using Git as an External Pillar Source
The git external pillar (a.k.a. git_pillar) has been rewritten for the 2015.8.0 release. This rewrite
brings with it pygit2 support (allowing for access to authenticated repositories), as well as more
granular support for per-remote configuration.
To make use of the new features, changes to the git ext_pillar configuration must be made. The new
configuration schema is detailed here.
For Salt releases before 2015.8.0, click here for documentation.
Why aren't my custom modules/states/etc. syncing to my Minions?
In versions 0.16.3 and older, when using the git fileserver backend, certain versions of GitPython may
generate errors when fetching, which Salt fails to catch. While not fatal to the fetch process, these
interrupt the fileserver update that takes place before custom types are synced, and thus interrupt the
sync itself. Try disabling the git fileserver backend in the master config, restarting the master, and
attempting the sync again.
This issue is worked around in Salt 0.16.4 and newer.
MinionFS Backend Walkthrough
New in version 2014.1.0.
NOTE:
This walkthrough assumes basic knowledge of Salt and cp.push. To get up to speed, check out the Salt
Walkthrough.
Sometimes it is desirable to deploy a file located on one minion to one or more other minions. This is
supported in Salt, and can be accomplished in two parts:
1. Minion support for pushing files to the master (using cp.push)
2. The minionfs fileserver backend
This walkthrough will show how to use both of these features.
Enabling File Push
To set the master to accept files pushed from minions, the file_recv option in the master config file
must be set to True (the default is False).
file_recv: True
NOTE:
This change requires a restart of the salt-master service.
Pushing Files
Once this has been done, files can be pushed to the master using the cp.push function:
salt 'minion-id' cp.push /path/to/the/file
This command will store the file in a subdirectory named minions under the master's cachedir. On most
masters, this path will be /var/cache/salt/master/minions. Within this directory will be one directory
for each minion which has pushed a file to the master, and underneath that the full path to the file on
the minion. So, for example, if a minion with an ID of dev1 pushed a file /var/log/myapp.log to the
master, it would be saved to /var/cache/salt/master/minions/dev1/var/log/myapp.log.
Serving Pushed Files Using MinionFS
While it is certainly possible to add /var/cache/salt/master/minions to the master's file_roots and serve
these files, it may only be desirable to expose files pushed from certain minions. Adding
/var/cache/salt/master/minions/<minion-id> for each minion that needs to be exposed can be cumbersome and
prone to errors.
Enter minionfs. This fileserver backend will make files pushed using cp.push available to the Salt
fileserver, and provides an easy mechanism to restrict which minions' pushed files are made available.
Simple Configuration
To use the minionfs backend, add minion to the list of backends in the fileserver_backend configuration
option on the master:
file_recv: True
fileserver_backend:
- roots
- minion
NOTE:
As described earlier, file_recv: True is also needed to enable the master to receive files pushed from
minions. As always, changes to the master configuration require a restart of the salt-master service.
Files made available via minionfs are by default located at salt://<minion-id>/path/to/file. Think back
to the earlier example, in which dev1 pushed a file /var/log/myapp.log to the master. With minionfs
enabled, this file would be addressable in Salt at salt://dev1/var/log/myapp.log.
If many minions have pushed to the master, this will result in many directories in the root of the Salt
fileserver. For this reason, it is recommended to use the minionfs_mountpoint config option to organize
these files underneath a subdirectory:
minionfs_mountpoint: salt://minionfs
Using the above mountpoint, the file in the example would be located at
salt://minionfs/dev1/var/log/myapp.log.
Restricting Certain Minions' Files from Being Available Via MinionFS
A whitelist and blacklist can be used to restrict the minions whose pushed files are available via
minionfs. These lists can be managed using the minionfs_whitelist and minionfs_blacklist config options.
Click the links for both of them for a detailed explanation of how to use them.
A more complex configuration example, which uses both a whitelist and blacklist, can be found below:
file_recv: True
fileserver_backend:
- roots
- minion
minionfs_mountpoint: salt://minionfs
minionfs_whitelist:
- host04
- web*
- 'mail\d+\.domain\.tld'
minionfs_whitelist:
- web21
Potential Concerns
• There is no access control in place to restrict which minions have access to files served up by
minionfs. All minions will have access to these files.
• Unless the minionfs_whitelist and/or minionfs_blacklist config options are used, all minions which push
files to the master will have their files made available via minionfs.
Salt Package Manager
The Salt Package Manager, or SPM, enables Salt formulas to be packaged to simplify distribution to Salt
masters. The design of SPM was influenced by other existing packaging systems including RPM, Yum, and
Pacman. [image]
NOTE:
The previous diagram shows each SPM component as a different system, but this is not required. You can
build packages and host the SPM repo on a single Salt master if you'd like.
Packaging System
The packaging system is used to package the state, pillar, file templates, and other files used by your
formula into a single file. After a formula package is created, it is copied to the Repository System
where it is made available to Salt masters.
See Building SPM Packages
Repo System
The Repo system stores the SPM package and metadata files and makes them available to Salt masters via
http(s), ftp, or file URLs. SPM repositories can be hosted on a Salt Master, a Salt Minion, or on another
system.
See Distributing SPM Packages
Salt Master
SPM provides Salt master settings that let you configure the URL of one or more SPM repos. You can then
quickly install packages that contain entire formulas to your Salt masters using SPM.
See Installing SPM Packages
Contents
Building SPM Packages
The first step when using Salt Package Manager is to build packages for each of of the formulas that you
want to distribute. Packages can be built on any system where you can install Salt.
Package Build Overview
To build a package, all state, pillar, jinja, and file templates used by your formula are assembled into
a folder on the build system. These files can be cloned from a Git repository, such as those found at the
saltstack-formulas organization on GitHub, or copied directly to the folder.
The following diagram demonstrates a typical formula layout on the build system: [image]
In this example, all formula files are placed in a myapp-formula folder. This is the folder that is
targeted by the spm build command when this package is built.
Within this folder, pillar data is placed in a pillar.example file at the root, and all state, jinja, and
template files are placed within a subfolder that is named after the application being packaged. State
files are typically contained within a subfolder, similar to how state files are organized in the state
tree. Any non-pillar files in your package that are not contained in a subfolder are placed at the root
of the spm state tree.
Additionally, a FORMULA file is created and placed in the root of the folder. This file contains package
metadata that is used by SPM.
Package Installation Overview
When building packages, it is useful to know where files are installed on the Salt master. During
installation, all files except pillar.example and FORMULA are copied directly to the spm state tree on
the Salt master (located at \srv\spm\salt).
If a pillar.example file is present in the root, it is renamed to <formula name>.sls.orig and placed in
the pillar_path. [image]
NOTE:
Even though the pillar data file is copied to the pillar root, you still need to manually assign this
pillar data to systems using the pillar top file. This file can also be duplicated and renamed so the
.orig version is left intact in case you need to restore it later.
Building an SPM Formula Package
1. Assemble formula files in a folder on the build system.
2. Create a FORMULA file and place it in the root of the package folder.
3. Run spm build <folder name>. The package is built and placed in the /srv/spm_build folder.
spm build /path/to/salt-packages-source/myapp-formula
4. Copy the .spm file to a folder on the repository system.
Types of Packages
SPM supports different types of packages. The function of each package is denoted by its name. For
instance, packages which end in -formula are considered to be Salt States (the most common type of
formula). Packages which end in -conf contain configuration which is to be placed in the /etc/salt/
directory. Packages which do not contain one of these names are treated as if they have a -formula name.
formula
By default, most files from this type of package live in the /srv/spm/salt/ directory. The exception is
the pillar.example file, which will be renamed to <package_name>.sls and placed in the pillar directory
(/srv/spm/pillar/ by default).
reactor
By default, files from this type of package live in the /srv/spm/reactor/ directory.
conf
The files in this type of package are configuration files for Salt, which normally live in the /etc/salt/
directory. Configuration files for packages other than Salt can and should be handled with a Salt State
(using a formula type of package).
Technical Information
Packages are built using BZ2-compressed tarballs. By default, the package database is stored using the
sqlite3 driver (see Loader Modules below).
Support for these are built into Python, and so no external dependencies are needed.
All other files belonging to SPM use YAML, for portability and ease of use and maintainability.
SPM-Specific Loader Modules
SPM was designed to behave like traditional package managers, which apply files to the filesystem and
store package metadata in a local database. However, because modern infrastructures often extend beyond
those use cases, certain parts of SPM have been broken out into their own set of modules.
Package Database
By default, the package database is stored using the sqlite3 module. This module was chosen because
support for SQLite3 is built into Python itself.
Please see the SPM Development Guide for information on creating new modules for package database
management.
Package Files
By default, package files are installed using the local module. This module applies files to the local
filesystem, on the machine that the package is installed on.
Please see the SPM Development Guide for information on creating new modules for package file management.
Distributing SPM Packages
SPM packages can be distributed to Salt masters over HTTP(S), FTP, or through the file system. The SPM
repo can be hosted on any system where you can install Salt. Salt is installed so you can run the spm
create_repo command when you update or add a package to the repo. SPM repos do not require the
salt-master, salt-minion, or any other process running on the system.
NOTE:
If you are hosting the SPM repo on a system where you can not or do not want to install Salt, you can
run the spm create_repo command on the build system and then copy the packages and the generated
SPM-METADATA file to the repo. You can also install SPM files directly on a Salt master, bypassing the
repository completely.
Setting up a Package Repository
After packages are built, the generated SPM files are placed in the srv/spm_build folder.
Where you place the built SPM files on your repository server depends on how you plan to make them
available to your Salt masters.
You can share the srv/spm_build folder on the network, or copy the files to your FTP or Web server.
Adding a Package to the repository
New packages are added by simply copying the SPM file to the repo folder, and then generating repo
metadata.
Generate Repo Metadata
Each time you update or add an SPM package to your repository, issue an spm create_repo command:
spm create_repo /srv/spm_build
SPM generates the repository metadata for all of the packages in that directory and places it in an
SPM-METADATA file at the folder root. This command is used even if repository metadata already exists in
that directory.
Installing SPM Packages
SPM packages are installed to your Salt master, where they are available to Salt minions using all of
Salt's package management functions.
Configuring Remote Repositories
Before SPM can use a repository, two things need to happen. First, the Salt master needs to know where
the repository is through a configuration process. Then it needs to pull down the repository metadata.
Repository Configuration Files
Repositories are configured by adding each of them to the /etc/salt/spm.repos.d/spm.repo file on each
Salt master. This file contains the name of the repository, and the link to the repository:
my_repo:
url: https://spm.example.com/
For HTTP/HTTPS Basic authorization you can define credentials:
Beware of unauthorized access to this file, please set at least 0640 permissions for this configuration
file:
The URL can use http, https, ftp, or file.
my_repo:
url: file:///srv/spm_build
Updating Local Repository Metadata
After the repository is configured on the Salt master, repository metadata is downloaded using the spm
update_repo command:
spm update_repo
NOTE:
A file for each repo is placed in /var/cache/salt/spm on the Salt master after you run the update_repo
command. If you add a repository and it does not seem to be showing up, check this path to verify that
the repository was found.
Update File Roots
SPM packages are installed to the srv/spm/salt folder on your Salt master. This path needs to be added
to the file roots on your Salt master manually.
file_roots:
base:
1. /srv/salt
2. /srv/spm/salt
Restart the salt-master service after updating the file_roots setting.
Installing Packages
To install a package, use the spm install command:
spm install apache
WARNING:
Currently, SPM does not check to see if files are already in place before installing them. That means
that existing files will be overwritten without warning.
Installing directly from an SPM file
You can also install SPM packages using a local SPM file using the spm local install command:
spm local install /srv/spm/apache-201506-1.spm
An SPM repository is not required when using spm local install.
Pillars
If an installed package includes Pillar data, be sure to target the installed pillar to the necessary
systems using the pillar Top file.
Removing Packages
Packages may be removed after they are installed using the spm remove command.
spm remove apache
If files have been modified, they will not be removed. Empty directories will also be removed.
SPM Configuration
There are a number of options that are specific to SPM. They may be configured in the master
configuration file, or in SPM's own spm configuration file (normally located at /etc/salt/spm). If
configured in both places, the spm file takes precedence. In general, these values will not need to be
changed from the defaults.
spm_logfile
Default: /var/log/salt/spm
Where SPM logs messages.
spm_repos_config
Default: /etc/salt/spm.repos
SPM repositories are configured with this file. There is also a directory which corresponds to it, which
ends in .d. For instance, if the filename is /etc/salt/spm.repos, the directory will be
/etc/salt/spm.repos.d/.
spm_cache_dir
Default: /var/cache/salt/spm
When SPM updates package repository metadata and downloads packaged, they will be placed in this
directory. The package database, normally called packages.db, also lives in this directory.
spm_db
Default: /var/cache/salt/spm/packages.db
The location and name of the package database. This database stores the names of all of the SPM packages
installed on the system, the files that belong to them, and the metadata for those files.
spm_build_dir
Default: /srv/spm_build
When packages are built, they will be placed in this directory.
spm_build_exclude
Default: ['.git']
When SPM builds a package, it normally adds all files in the formula directory to the package. Files
listed here will be excluded from that package. This option requires a list to be specified.
spm_build_exclude:
- .git
- .svn
Types of Packages
SPM supports different types of formula packages. The function of each package is denoted by its name.
For instance, packages which end in -formula are considered to be Salt States (the most common type of
formula). Packages which end in -conf contain configuration which is to be placed in the /etc/salt/
directory. Packages which do not contain one of these names are treated as if they have a -formula name.
formula
By default, most files from this type of package live in the /srv/spm/salt/ directory. The exception is
the pillar.example file, which will be renamed to <package_name>.sls and placed in the pillar directory
(/srv/spm/pillar/ by default).
reactor
By default, files from this type of package live in the /srv/spm/reactor/ directory.
conf
The files in this type of package are configuration files for Salt, which normally live in the /etc/salt/
directory. Configuration files for packages other than Salt can and should be handled with a Salt State
(using a formula type of package).
FORMULA File
In addition to the formula itself, a FORMULA file must exist which describes the package. An example of
this file is:
name: apache
os: RedHat, Debian, Ubuntu, SUSE, FreeBSD
os_family: RedHat, Debian, Suse, FreeBSD
version: 201506
release: 2
summary: Formula for installing Apache
description: Formula for installing Apache
Required Fields
This file must contain at least the following fields:
name
The name of the package, as it will appear in the package filename, in the repository metadata, and the
package database. Even if the source formula has -formula in its name, this name should probably not
include that. For instance, when packaging the apache-formula, the name should be set to apache.
os
The value of the os grain that this formula supports. This is used to help users know which operating
systems can support this package.
os_family
The value of the os_family grain that this formula supports. This is used to help users know which
operating system families can support this package.
version
The version of the package. While it is up to the organization that manages this package, it is suggested
that this version is specified in a YYYYMM format. For instance, if this version was released in June
2015, the package version should be 201506. If multiple releases are made in a month, the release field
should be used.
minimum_version
Minimum recommended version of Salt to use this formula. Not currently enforced.
release
This field refers primarily to a release of a version, but also to multiple versions within a month. In
general, if a version has been made public, and immediate updates need to be made to it, this field
should also be updated.
summary
A one-line description of the package.
description
A more detailed description of the package which can contain more than one line.
Optional Fields
The following fields may also be present.
top_level_dir
This field is optional, but highly recommended. If it is not specified, the package name will be used.
Formula repositories typically do not store .sls files in the root of the repository; instead they are
stored in a subdirectory. For instance, an apache-formula repository would contain a directory called
apache, which would contain an init.sls, plus a number of other related files. In this instance, the
top_level_dir should be set to apache.
Files outside the top_level_dir, such as README.rst, FORMULA, and LICENSE will not be installed. The
exceptions to this rule are files that are already treated specially, such as pillar.example and
_modules/.
dependencies
A comma-separated list of packages that must be installed along with this package. When this package is
installed, SPM will attempt to discover and install these packages as well. If it is unable to, then it
will refuse to install this package.
This is useful for creating packages which tie together other packages. For instance, a package called
wordpress-mariadb-apache would depend upon wordpress, mariadb, and apache.
optional
A comma-separated list of packages which are related to this package, but are neither required nor
necessarily recommended. This list is displayed in an informational message when the package is installed
to SPM.
recommended
A comma-separated list of optional packages that are recommended to be installed with the package. This
list is displayed in an informational message when the package is installed to SPM.
files
A files section can be added, to specify a list of files to add to the SPM. Such a section might look
like:
files:
- _pillar
- FORMULA
- _runners
- d|mymodule/index.rst
- r|README.rst
When files are specified, then only those files will be added to the SPM, regardless of what other files
exist in the directory. They will also be added in the order specified, which is useful if you have a
need to lay down files in a specific order.
As can be seen in the example above, you may also tag files as being a specific type. This is done by
pre-pending a filename with its type, followed by a pipe (|) character. The above example contains a
document file and a readme. The available file types are:
• c: config file
• d: documentation file
• g: ghost file (i.e. the file contents are not included in the package payload)
• l: license file
• r: readme file
• s: SLS file
• m: Salt module
The first 5 of these types (c, d, g, l, r) will be placed in /usr/share/salt/spm/ by default. This can be
changed by setting an spm_share_dir value in your /etc/salt/spm configuration file.
The last two types (s and m) are currently ignored, but they are reserved for future use.
Pre and Post States
It is possible to run Salt states before and after installing a package by using pre and post states. The
following sections may be declared in a FORMULA:
• pre_local_state
• pre_tgt_state
• post_local_state
• post_tgt_state
Sections with pre in their name are evaluated before a package is installed and sections with post are
evaluated after a package is installed. local states are evaluated before tgt states.
Each of these sections needs to be evaluated as text, rather than as YAML. Consider the following block:
Note that this declaration uses > after pre_local_state. This is a YAML marker that marks the next
multi-line block as text, including newlines. It is important to use this marker whenever declaring pre
or post states, so that the text following it can be evaluated properly.
local States
local states are evaluated locally; this is analagous to issuing a state run using a salt-call --local
command. These commands will be issued on the local machine running the spm command, whether that machine
is a master or a minion.
local states do not require any special arguments, but they must still use the > marker to denote that
the state is evaluated as text, not a data structure.
tgt States
tgt states are issued against a remote target. This is analogous to issuing a state using the salt
command. As such it requires that the machine that the spm command is running on is a master.
Because tgt states require that a target be specified, their code blocks are a little different. Consider
the following state:
With tgt states, the state data is placed under a data section, inside the *_tgt_state code block. The
target is of course specified as a tgt and you may also optionally specify a tgt_type (the default is
glob).
You still need to use the > marker, but this time it follows the data line, rather than the *_tgt_state
line.
Templating States
The reason that state data must be evaluated as text rather than a data structure is because that state
data is first processed through the rendering engine, as it would be with a standard state run.
This means that you can use Jinja or any other supported renderer inside of Salt. All formula variables
are available to the renderer, so you can reference FORMULA data inside your state if you need to:
You may also declare your own variables inside the FORMULA. If SPM doesn't recognize them then it will
ignore them, so there are no restrictions on variable names, outside of avoiding reserved words.
By default the renderer is set to yaml_jinja. You may change this by changing the renderer setting in the
FORMULA itself.
Building a Package
Once a FORMULA file has been created, it is placed into the root of the formula that is to be turned into
a package. The spm build command is used to turn that formula into a package:
spm build /path/to/saltstack-formulas/apache-formula
The resulting file will be placed in the build directory. By default this directory is located at
/srv/spm/.
Loader Modules
When an execution module is placed in <file_roots>/_modules/ on the master, it will automatically be
synced to minions, the next time a sync operation takes place. Other modules are also propagated this
way: state modules can be placed in _states/, and so on.
When SPM detects a file in a package which resides in one of these directories, that directory will be
placed in <file_roots> instead of in the formula directory with the rest of the files.
Removing Packages
Packages may be removed once they are installed using the spm remove command.
spm remove apache
If files have been modified, they will not be removed. Empty directories will also be removed.
Technical Information
Packages are built using BZ2-compressed tarballs. By default, the package database is stored using the
sqlite3 driver (see Loader Modules below).
Support for these are built into Python, and so no external dependencies are needed.
All other files belonging to SPM use YAML, for portability and ease of use and maintainability.
SPM-Specific Loader Modules
SPM was designed to behave like traditional package managers, which apply files to the filesystem and
store package metadata in a local database. However, because modern infrastructures often extend beyond
those use cases, certain parts of SPM have been broken out into their own set of modules.
Package Database
By default, the package database is stored using the sqlite3 module. This module was chosen because
support for SQLite3 is built into Python itself.
Please see the SPM Development Guide for information on creating new modules for package database
management.
Package Files
By default, package files are installed using the local module. This module applies files to the local
filesystem, on the machine that the package is installed on.
Please see the SPM Development Guide for information on creating new modules for package file management.
Types of Packages
SPM supports different types of formula packages. The function of each package is denoted by its name.
For instance, packages which end in -formula are considered to be Salt States (the most common type of
formula). Packages which end in -conf contain configuration which is to be placed in the /etc/salt/
directory. Packages which do not contain one of these names are treated as if they have a -formula name.
formula
By default, most files from this type of package live in the /srv/spm/salt/ directory. The exception is
the pillar.example file, which will be renamed to <package_name>.sls and placed in the pillar directory
(/srv/spm/pillar/ by default).
reactor
By default, files from this type of package live in the /srv/spm/reactor/ directory.
conf
The files in this type of package are configuration files for Salt, which normally live in the /etc/salt/
directory. Configuration files for packages other than Salt can and should be handled with a Salt State
(using a formula type of package).
SPM Development Guide
This document discusses developing additional code for SPM.
SPM-Specific Loader Modules
SPM was designed to behave like traditional package managers, which apply files to the filesystem and
store package metadata in a local database. However, because modern infrastructures often extend beyond
those use cases, certain parts of SPM have been broken out into their own set of modules.
Each function that accepts arguments has a set of required and optional arguments. Take note that SPM
will pass all arguments in, and therefore each function must accept each of those arguments. However,
arguments that are marked as required are crucial to SPM's core functionality, while arguments that are
marked as optional are provided as a benefit to the module, if it needs to use them.
Package Database
By default, the package database is stored using the sqlite3 module. This module was chosen because
support for SQLite3 is built into Python itself.
Modules for managing the package database are stored in the salt/spm/pkgdb/ directory. A number of
functions must exist to support database management.
init()
Get a database connection, and initialize the package database if necessary.
This function accepts no arguments. If a database is used which supports a connection object, then that
connection object is returned. For instance, the sqlite3 module returns a connect() object from the
sqlite3 library:
conn = sqlite3.connect(__opts__['spm_db'], isolation_level=None)
...
return conn
SPM itself will not use this connection object; it will be passed in as-is to the other functions in the
module. Therefore, when you set up this object, make sure to do so in a way that is easily usable
throughout the module.
info()
Return information for a package. This generally consists of the information that is stored in the
FORMULA file in the package.
The arguments that are passed in, in order, are package (required) and conn (optional).
package is the name of the package, as specified in the FORMULA. conn is the connection object returned
from init().
list_files()
Return a list of files for an installed package. Only the filename should be returned, and no other
information.
The arguments that are passed in, in order, are package (required) and conn (optional).
package is the name of the package, as specified in the FORMULA. conn is the connection object returned
from init().
register_pkg()
Register a package in the package database. Nothing is expected to be returned from this function.
The arguments that are passed in, in order, are name (required), formula_def (required), and conn
(optional).
name is the name of the package, as specified in the FORMULA. formula_def is the contents of the FORMULA
file, as a dict. conn is the connection object returned from init().
register_file()
Register a file in the package database. Nothing is expected to be returned from this function.
The arguments that are passed in are name (required), member (required), path (required), digest
(optional), and conn (optional).
name is the name of the package.
member is a tarfile object for the package file. It is included, because it contains most of the
information for the file.
path is the location of the file on the local filesystem.
digest is the SHA1 checksum of the file.
conn is the connection object returned from init().
unregister_pkg()
Unregister a package from the package database. This usually only involves removing the package's record
from the database. Nothing is expected to be returned from this function.
The arguments that are passed in, in order, are name (required) and conn (optional).
name is the name of the package, as specified in the FORMULA. conn is the connection object returned from
init().
unregister_file()
Unregister a package from the package database. This usually only involves removing the package's record
from the database. Nothing is expected to be returned from this function.
The arguments that are passed in, in order, are name (required), pkg (optional) and conn (optional).
name is the path of the file, as it was installed on the filesystem.
pkg is the name of the package that the file belongs to.
conn is the connection object returned from init().
db_exists()
Check to see whether the package database already exists. This is the path to the package database file.
This function will return True or False.
The only argument that is expected is db_, which is the package database file.
Package Files
By default, package files are installed using the local module. This module applies files to the local
filesystem, on the machine that the package is installed on.
Modules for managing the package database are stored in the salt/spm/pkgfiles/ directory. A number of
functions must exist to support file management.
init()
Initialize the installation location for the package files. Normally these will be directory paths, but
other external destinations such as databases can be used. For this reason, this function will return a
connection object, which can be a database object. However, in the default local module, this object is a
dict containing the paths. This object will be passed into all other functions.
Three directories are used for the destinations: formula_path, pillar_path, and reactor_path.
formula_path is the location of most of the files that will be installed. The default is specific to the
operating system, but is normally /srv/salt/.
pillar_path is the location that the pillar.example file will be installed to. The default is specific
to the operating system, but is normally /srv/pillar/.
reactor_path is the location that reactor files will be installed to. The default is specific to the
operating system, but is normally /srv/reactor/.
check_existing()
Check the filesystem for existing files. All files for the package will be checked, and if any are
existing, then this function will normally state that SPM will refuse to install the package.
This function returns a list of the files that exist on the system.
The arguments that are passed into this function are, in order: package (required), pkg_files (required),
formula_def (formula_def), and conn (optional).
package is the name of the package that is to be installed.
pkg_files is a list of the files to be checked.
formula_def is a copy of the information that is stored in the FORMULA file.
conn is the file connection object.
install_file()
Install a single file to the destination (normally on the filesystem). Nothing is expected to be returned
from this function.
This function returns the final location that the file was installed to.
The arguments that are passed into this function are, in order, package (required), formula_tar
(required), member (required), formula_def (required), and conn (optional).
package is the name of the package that is to be installed.
formula_tar is the tarfile object for the package. This is passed in so that the function can call
formula_tar.extract() for the file.
member is the tarfile object which represents the individual file. This may be modified as necessary,
before being passed into formula_tar.extract().
formula_def is a copy of the information from the FORMULA file.
conn is the file connection object.
remove_file()
Remove a single file from file system. Normally this will be little more than an os.remove(). Nothing is
expected to be returned from this function.
The arguments that are passed into this function are, in order, path (required) and conn (optional).
path is the absolute path to the file to be removed.
conn is the file connection object.
hash_file()
Returns the hexdigest hash value of a file.
The arguments that are passed into this function are, in order, path (required), hashobj (required), and
conn (optional).
path is the absolute path to the file.
hashobj is a reference to hashlib.sha1(), which is used to pull the hexdigest() for the file.
conn is the file connection object.
This function will not generally be more complex than:
def hash_file(path, hashobj, conn=None):
with salt.utils.fopen(path, 'r') as f:
hashobj.update(f.read())
return hashobj.hexdigest()
path_exists()
Check to see whether the file already exists on the filesystem. Returns True or False.
This function expects a path argument, which is the absolute path to the file to be checked.
path_isdir()
Check to see whether the path specified is a directory. Returns True or False.
This function expects a path argument, which is the absolute path to be checked.
Storing Data in Other Databases
The SDB interface is designed to store and retrieve data that, unlike pillars and grains, is not
necessarily minion-specific. The initial design goal was to allow passwords to be stored in a secure
database, such as one managed by the keyring package, rather than as plain-text files. However, as a
generic database interface, it could conceptually be used for a number of other purposes.
SDB was added to Salt in version 2014.7.0.
SDB Configuration
In order to use the SDB interface, a configuration profile must be set up. To be available for master
commands, such as runners, it needs to be configured in the master configuration. For modules executed on
a minion, it can be set either in the minion configuration file, or as a pillar. The configuration stanza
includes the name/ID that the profile will be referred to as, a driver setting, and any other arguments
that are necessary for the SDB module that will be used. For instance, a profile called mykeyring, which
uses the system service in the keyring module would look like:
mykeyring:
driver: keyring
service: system
It is recommended to keep the name of the profile simple, as it is used in the SDB URI as well.
SDB URIs
SDB is designed to make small database queries (hence the name, SDB) using a compact URL. This allows
users to reference a database value quickly inside a number of Salt configuration areas, without a lot of
overhead. The basic format of an SDB URI is:
sdb://<profile>/<args>
The profile refers to the configuration profile defined in either the master or the minion configuration
file. The args are specific to the module referred to in the profile, but will typically only need to
refer to the key of a key/value pair inside the database. This is because the profile itself should
define as many other parameters as possible.
For example, a profile might be set up to reference credentials for a specific OpenStack account. The
profile might look like:
kevinopenstack:
driver: keyring
service: salt.cloud.openstack.kevin
And the URI used to reference the password might look like:
sdb://kevinopenstack/password
Getting, Setting and Deleting SDB Values
Once an SDB driver is configured, you can use the sdb execution module to get, set and delete values from
it. There are two functions that may appear in most SDB modules: get, set and delete.
Getting a value requires only the SDB URI to be specified. To retrieve a value from the kevinopenstack
profile above, you would use:
salt-call sdb.get sdb://kevinopenstack/password
Some drivers use slightly more complex URIs. For instance, the vault driver requires the full path to
where the key is stored, followed by a question mark, followed by the key to be retrieved. If you were
using a profile called myvault, you would use a URI that looks like:
salt-call sdb.get 'sdb://myvault/secret/salt?saltstack'
Setting a value uses the same URI as would be used to retrieve it, followed by the value as another
argument. For the above myvault URI, you would set a new value using a command like:
salt-call sdb.set 'sdb://myvault/secret/salt?saltstack' 'super awesome'
Deleting values (if supported by the driver) is done pretty much the same way as getting them. Provided
that you have a profile called mykvstore that uses a driver allowing to delete values you would delete a
value as shown below:
salt-call sdb.delete 'sdb://mykvstore/foobar'
The sdb.get, sdb.set and sdb.delete functions are also available in the runner system:
salt-run sdb.get 'sdb://myvault/secret/salt?saltstack'
salt-run sdb.set 'sdb://myvault/secret/salt?saltstack' 'super awesome'
salt-run sdb.delete 'sdb://mykvstore/foobar'
Using SDB URIs in Files
SDB URIs can be used in both configuration files, and files that are processed by the renderer system
(jinja, mako, etc.). In a configuration file (such as /etc/salt/master, /etc/salt/minion,
/etc/salt/cloud, etc.), make an entry as usual, and set the value to the SDB URI. For instance:
mykey: sdb://myetcd/mykey
To retrieve this value using a module, the module in question must use the config.get function to
retrieve configuration values. This would look something like:
mykey = __salt__['config.get']('mykey')
Templating renderers use a similar construct. To get the mykey value from above in Jinja, you would use:
{{ salt['config.get']('mykey') }}
When retrieving data from configuration files using config.get, the SDB URI need only appear in the
configuration file itself.
If you would like to retrieve a key directly from SDB, you would call the sdb.get function directly,
using the SDB URI. For instance, in Jinja:
{{ salt['sdb.get']('sdb://myetcd/mykey') }}
When writing Salt modules, it is not recommended to call sdb.get directly, as it requires the user to
provide values in SDB, using a specific URI. Use config.get instead.
Writing SDB Modules
There is currently one function that MUST exist in any SDB module (get()), one that SHOULD exist (set_())
and one that MAY exist (delete()). If using a (set_()) function, a __func_alias__ dictionary MUST be
declared in the module as well:
__func_alias__ = {
'set_': 'set',
}
This is because set is a Python built-in, and therefore functions should not be created which are called
set(). The __func_alias__ functionality is provided via Salt's loader interfaces, and allows
legally-named functions to be referred to using names that would otherwise be unwise to use.
The get() function is required, as it will be called via functions in other areas of the code which make
use of the sdb:// URI. For example, the config.get function in the config execution module uses this
function.
The set_() function may be provided, but is not required, as some sources may be read-only, or may be
otherwise unwise to access via a URI (for instance, because of SQL injection attacks).
The delete() function may be provided as well, but is not required, as many sources may be read-only or
restrict such operations.
A simple example of an SDB module is salt/sdb/keyring_db.py, as it provides basic examples of most, if
not all, of the types of functionality that are available not only for SDB modules, but for Salt modules
in general.
Running the Salt Master/Minion as an Unprivileged User
While the default setup runs the master and minion as the root user, some may consider it an extra
measure of security to run the master as a non-root user. Keep in mind that doing so does not change the
master's capability to access minions as the user they are running as. Due to this many feel that running
the master as a non-root user does not grant any real security advantage which is why the master has
remained as root by default.
NOTE:
Some of Salt's operations cannot execute correctly when the master is not running as root,
specifically the pam external auth system, as this system needs root access to check authentication.
As of Salt 0.9.10 it is possible to run Salt as a non-root user. This can be done by setting the user
parameter in the master configuration file. and restarting the salt-master service.
The minion has it's own user parameter as well, but running the minion as an unprivileged user will keep
it from making changes to things like users, installed packages, etc. unless access controls (sudo, etc.)
are setup on the minion to permit the non-root user to make the needed changes.
In order to allow Salt to successfully run as a non-root user, ownership, and permissions need to be set
such that the desired user can read from and write to the following directories (and their
subdirectories, where applicable):
• /etc/salt
• /var/cache/salt
• /var/log/salt
• /var/run/salt
Ownership can be easily changed with chown, like so:
# chown -R user /etc/salt /var/cache/salt /var/log/salt /var/run/salt
WARNING:
Running either the master or minion with the root_dir parameter specified will affect these paths, as
will setting options like pki_dir, cachedir, log_file, and other options that normally live in the
above directories.
Using cron with Salt
The Salt Minion can initiate its own highstate using the salt-call command.
$ salt-call state.apply
This will cause the minion to check in with the master and ensure it is in the correct "state".
Use cron to initiate a highstate
If you would like the Salt Minion to regularly check in with the master you can use cron to run the
salt-call command:
0 0 * * * salt-call state.apply
The above cron entry will run a highstate every day at midnight.
NOTE:
When executing Salt using cron, keep in mind that the default PATH for cron may not include the path
for any scripts or commands used by Salt, and it may be necessary to set the PATH accordingly in the
crontab:
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin
0 0 * * * salt-call state.apply
Hardening Salt
This topic contains tips you can use to secure and harden your Salt environment. How you best secure and
harden your Salt environment depends heavily on how you use Salt, where you use Salt, how your team is
structured, where you get data from, and what kinds of access (internal and external) you require.
General hardening tips
• Restrict who can directly log into your Salt master system.
• Use SSH keys secured with a passphrase to gain access to the Salt master system.
• Track and secure SSH keys and any other login credentials you and your team need to gain access to the
Salt master system.
• Use a hardened bastion server or a VPN to restrict direct access to the Salt master from the internet.
• Don't expose the Salt master any more than what is required.
• Harden the system as you would with any high-priority target.
• Keep the system patched and up-to-date.
• Use tight firewall rules.
Salt hardening tips
• Subscribe to salt-users or salt-announce so you know when new Salt releases are available. Keep your
systems up-to-date with the latest patches.
• Use Salt's Client ACL system to avoid having to give out root access in order to run Salt commands.
• Use Salt's Client ACL system to restrict which users can run what commands.
• Use external Pillar to pull data into Salt from external sources so that non-sysadmins (other teams,
junior admins, developers, etc) can provide configuration data without needing access to the Salt
master.
• Make heavy use of SLS files that are version-controlled and go through a peer-review/code-review
process before they're deployed and run in production. This is good advice even for "one-off" CLI
commands because it helps mitigate typos and mistakes.
• Use salt-api, SSL, and restrict authentication with the external auth system if you need to expose your
Salt master to external services.
• Make use of Salt's event system and reactor to allow minions to signal the Salt master without
requiring direct access.
• Run the salt-master daemon as non-root.
• Disable which modules are loaded onto minions with the disable_modules setting. (for example, disable
the cmd module if it makes sense in your environment.)
• Look through the fully-commented sample master and minion config files. There are many options for
securing an installation.
• Run masterless-mode minions on particularly sensitive minions. There is also salt-ssh or the
modules.sudo if you need to further restrict a minion.
Security disclosure policy
email security@saltstack.com
gpg key ID
4EA0793D
gpg key fingerprint
8ABE 4EFC F0F4 B24B FF2A AF90 D570 F2D3 4EA0 793D
gpg public key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
mQINBFO15mMBEADa3CfQwk5ED9wAQ8fFDku277CegG3U1hVGdcxqKNvucblwoKCb
hRK6u9ihgaO9V9duV2glwgjytiBI/z6lyWqdaD37YXG/gTL+9Md+qdSDeaOa/9eg
7y+g4P+FvU9HWUlujRVlofUn5Dj/IZgUywbxwEybutuzvvFVTzsn+DFVwTH34Qoh
QIuNzQCSEz3Lhh8zq9LqkNy91ZZQO1ZIUrypafspH6GBHHcE8msBFgYiNBnVcUFH
u0r4j1Rav+621EtD5GZsOt05+NJI8pkaC/dDKjURcuiV6bhmeSpNzLaXUhwx6f29
Vhag5JhVGGNQxlRTxNEM86HEFp+4zJQ8m/wRDrGX5IAHsdESdhP+ljDVlAAX/ttP
/Ucl2fgpTnDKVHOA00E515Q87ZHv6awJ3GL1veqi8zfsLaag7rw1TuuHyGLOPkDt
t5PAjsS9R3KI7pGnhqI6bTOi591odUdgzUhZChWUUX1VStiIDi2jCvyoOOLMOGS5
AEYXuWYP7KgujZCDRaTNqRDdgPd93Mh9JI8UmkzXDUgijdzVpzPjYgFaWtyK8lsc
Fizqe3/Yzf9RCVX/lmRbiEH+ql/zSxcWlBQd17PKaL+TisQFXcmQzccYgAxFbj2r
QHp5ABEu9YjFme2Jzun7Mv9V4qo3JF5dmnUk31yupZeAOGZkirIsaWC3hwARAQAB
tDBTYWx0U3RhY2sgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAc2FsdHN0YWNrLmNv
bT6JAj4EEwECACgFAlO15mMCGwMFCQeGH4AGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
AheAAAoJENVw8tNOoHk9z/MP/2vzY27fmVxU5X8joiiturjlgEqQw41IYEmWv1Bw
4WVXYCHP1yu/1MC1uuvOmOd5BlI8YO2C2oyW7d1B0NorguPtz55b7jabCElekVCh
h/H4ZVThiwqgPpthRv/2npXjIm7SLSs/kuaXo6Qy2JpszwDVFw+xCRVL0tH9KJxz
HuNBeVq7abWD5fzIWkmGM9hicG/R2D0RIlco1Q0VNKy8klG+pOFOW886KnwkSPc7
JUYp1oUlHsSlhTmkLEG54cyVzrTP/XuZuyMTdtyTc3mfgW0adneAL6MARtC5UB/h
q+v9dqMf4iD3wY6ctu8KWE8Vo5MUEsNNO9EA2dUR88LwFZ3ZnnXdQkizgR/Aa515
dm17vlNkSoomYCo84eN7GOTfxWcq+iXYSWcKWT4X+h/ra+LmNndQWQBRebVUtbKE
ZDwKmiQz/5LY5EhlWcuU4lVmMSFpWXt5FR/PtzgTdZAo9QKkBjcv97LYbXvsPI69
El1BLAg+m+1UpE1L7zJT1il6PqVyEFAWBxW46wXCCkGssFsvz2yRp0PDX8A6u4yq
rTkt09uYht1is61joLDJ/kq3+6k8gJWkDOW+2NMrmf+/qcdYCMYXmrtOpg/wF27W
GMNAkbdyzgeX/MbUBCGCMdzhevRuivOI5bu4vT5s3KdshG+yhzV45bapKRd5VN+1
mZRquQINBFO15mMBEAC5UuLii9ZLz6qHfIJp35IOW9U8SOf7QFhzXR7NZ3DmJsd3
f6Nb/habQFIHjm3K9wbpj+FvaW2oWRlFVvYdzjUq6c82GUUjW1dnqgUvFwdmM835
1n0YQ2TonmyaF882RvsRZrbJ65uvy7SQxlouXaAYOdqwLsPxBEOyOnMPSktW5V2U
IWyxsNP3sADchWIGq9p5D3Y/loyIMsS1dj+TjoQZOKSj7CuRT98+8yhGAY8YBEXu
9r3I9o6mDkuPpAljuMc8r09Im6az2egtK/szKt4Hy1bpSSBZU4W/XR7XwQNywmb3
wxjmYT6Od3Mwj0jtzc3gQiH8hcEy3+BO+NNmyzFVyIwOLziwjmEcw62S57wYKUVn
HD2nglMsQa8Ve0e6ABBMEY7zGEGStva59rfgeh0jUMJiccGiUDTMs0tdkC6knYKb
u/fdRqNYFoNuDcSeLEw4DdCuP01l2W4yY+fiK6hAcL25amjzc+yYo9eaaqTn6RAT
bzdhHQZdpAMxY+vNT0+NhP1Zo5gYBMR65Zp/VhFsf67ijb03FUtdw9N8dHwiR2m8
vVA8kO/gCD6wS2p9RdXqrJ9JhnHYWjiVuXR+f755ZAndyQfRtowMdQIoiXuJEXYw
6XN+/BX81gJaynJYc0uw0MnxWQX+A5m8HqEsbIFUXBYXPgbwXTm7c4IHGgXXdwAR
AQABiQIlBBgBAgAPBQJTteZjAhsMBQkHhh+AAAoJENVw8tNOoHk91rcQAIhxLv4g
duF/J1Cyf6Wixz4rqslBQ7DgNztdIUMjCThg3eB6pvIzY5d3DNROmwU5JvGP1rEw
hNiJhgBDFaB0J/y28uSci+orhKDTHb/cn30IxfuAuqrv9dujvmlgM7JUswOtLZhs
5FYGa6v1RORRWhUx2PQsF6ORg22QAaagc7OlaO3BXBoiE/FWsnEQCUsc7GnnPqi7
um45OJl/pJntsBUKvivEU20fj7j1UpjmeWz56NcjXoKtEvGh99gM5W2nSMLE3aPw
vcKhS4yRyLjOe19NfYbtID8m8oshUDji0XjQ1z5NdGcf2V1YNGHU5xyK6zwyGxgV
xZqaWnbhDTu1UnYBna8BiUobkuqclb4T9k2WjbrUSmTwKixokCOirFDZvqISkgmN
r6/g3w2TRi11/LtbUciF0FN2pd7rj5mWrOBPEFYJmrB6SQeswWNhr5RIsXrQd/Ho
zvNm0HnUNEe6w5YBfA6sXQy8B0Zs6pcgLogkFB15TuHIIIpxIsVRv5z8SlEnB7HQ
Io9hZT58yjhekJuzVQB9loU0C/W0lzci/pXTt6fd9puYQe1DG37pSifRG6kfHxrR
if6nRyrfdTlawqbqdkoqFDmEybAM9/hv3BqriGahGGH/hgplNQbYoXfNwYMYaHuB
aSkJvrOQW8bpuAzgVyd7TyNFv+t1kLlfaRYJ
=wBTJ
-----END PGP PUBLIC KEY BLOCK-----
The SaltStack Security Team is available at security@saltstack.com for security-related bug reports or
questions.
We request the disclosure of any security-related bugs or issues be reported non-publicly until such time
as the issue can be resolved and a security-fix release can be prepared. At that time we will release the
fix and make a public announcement with upgrade instructions and download locations.
Security response procedure
SaltStack takes security and the trust of our customers and users very seriously. Our disclosure policy
is intended to resolve security issues as quickly and safely as is possible.
1. A security report sent to security@saltstack.com is assigned to a team member. This person is the
primary contact for questions and will coordinate the fix, release, and announcement.
2. The reported issue is reproduced and confirmed. A list of affected projects and releases is made.
3. Fixes are implemented for all affected projects and releases that are actively supported. Back-ports
of the fix are made to any old releases that are actively supported.
4. Packagers are notified via the salt-packagers mailing list that an issue was reported and resolved,
and that an announcement is incoming.
5. A new release is created and pushed to all affected repositories. The release documentation provides a
full description of the issue, plus any upgrade instructions or other relevant details.
6. An announcement is made to the salt-users and salt-announce mailing lists. The announcement contains a
description of the issue and a link to the full release documentation and download locations.
Receiving security announcements
The fastest place to receive security announcements is via the salt-announce mailing list. This list is
low-traffic.
Salt Transport
One of fundamental features of Salt is remote execution. Salt has two basic "channels" for communicating
with minions. Each channel requires a client (minion) and a server (master) implementation to work within
Salt. These pairs of channels will work together to implement the specific message passing required by
the channel interface.
Pub Channel
The pub channel, or publish channel, is how a master sends a job (payload) to a minion. This is a basic
pub/sub paradigm, which has specific targeting semantics. All data which goes across the publish system
should be encrypted such that only members of the Salt cluster can decrypt the publishes.
Req Channel
The req channel is how the minions send data to the master. This interface is primarily used for fetching
files and returning job returns. The req channels have two basic interfaces when talking to the master.
send is the basic method that guarantees the message is encrypted at least so that only minions attached
to the same master can read it-- but no guarantee of minion-master confidentiality, whereas the
crypted_transfer_decode_dictentry method does guarantee minion-master confidentiality.
Zeromq Transport
NOTE:
Zeromq is the current default transport within Salt
Zeromq is a messaging library with bindings into many languages. Zeromq implements a socket interface for
message passing, with specific semantics for the socket type.
Pub Channel
The pub channel is implemented using zeromq's pub/sub sockets. By default we don't use zeromq's
filtering, which means that all publish jobs are sent to all minions and filtered minion side. Zeromq
does have publisher side filtering which can be enabled in salt using zmq_filtering.
Req Channel
The req channel is implemented using zeromq's req/rep sockets. These sockets enforce a send/recv pattern,
which forces salt to serialize messages through these socket pairs. This means that although the
interface is asynchronous on the minion we cannot send a second message until we have received the reply
of the first message.
TCP Transport
The tcp transport is an implementation of Salt's channels using raw tcp sockets. Since this isn't using
a pre-defined messaging library we will describe the wire protocol, message semantics, etc. in this
document.
The tcp transport is enabled by changing the transport setting to tcp on each Salt minion and Salt
master.
transport: tcp
Wire Protocol
This implementation over TCP focuses on flexibility over absolute efficiency. This means we are okay to
spend a couple of bytes of wire space for flexibility in the future. That being said, the wire framing is
quite efficient and looks like:
msgpack({'head': SOMEHEADER, 'body': SOMEBODY})
Since msgpack is an iterably parsed serialization, we can simply write the serialized payload to the
wire. Within that payload we have two items "head" and "body". Head contains header information (such as
"message id"). The Body contains the actual message that we are sending. With this flexible wire protocol
we can implement any message semantics that we'd like-- including multiplexed message passing on a single
socket.
TLS Support
The TCP transport allows for the master/minion communication to be optionally wrapped in a TLS
connection. Enabling this is simple, the master and minion need to be using the tcp connection, then the
ssl option is enabled. The ssl option is passed as a dict and corresponds to the options passed to the
Python ssl.wrap_socket <https://docs.python.org/2/library/ssl.html#ssl.wrap_socket> function.
A simple setup looks like this, on the Salt Master add the ssl option to the master configuration file:
ssl:
keyfile: <path_to_keyfile>
certfile: <path_to_certfile>
ssl_version: PROTOCOL_TLSv1_2
The minimal ssl option in the minion configuration file looks like this:
ssl: True
# Versions below 2016.11.4:
ssl: {}
Specific options can be sent to the minion also, as defined in the Python ssl.wrap_socket function.
NOTE:
While setting the ssl_version is not required, we recommend it. Some older versions of python do not
support the latest TLS protocol and if this is the case for your version of python we strongly
recommend upgrading your version of Python.
Crypto
The current implementation uses the same crypto as the zeromq transport.
Pub Channel
For the pub channel we send messages without "message ids" which the remote end interprets as a one-way
send.
NOTE:
As of today we send all publishes to all minions and rely on minion-side filtering.
Req Channel
For the req channel we send messages with a "message id". This "message id" allows us to multiplex
messages across the socket.
The RAET Transport
NOTE:
The RAET transport is in very early development, it is functional but no promises are yet made as to
its reliability or security. As for reliability and security, the encryption used has been audited
and our tests show that raet is reliable. With this said we are still conducting more security audits
and pushing the reliability. This document outlines the encryption used in RAET
New in version 2014.7.0.
The Reliable Asynchronous Event Transport, or RAET, is an alternative transport medium developed
specifically with Salt in mind. It has been developed to allow queuing to happen up on the application
layer and comes with socket layer encryption. It also abstracts a great deal of control over the socket
layer and makes it easy to bubble up errors and exceptions.
RAET also offers very powerful message routing capabilities, allowing for messages to be routed between
processes on a single machine all the way up to processes on multiple machines. Messages can also be
restricted, allowing processes to be sent messages of specific types from specific sources allowing for
trust to be established.
Using RAET in Salt
Using RAET in Salt is easy, the main difference is that the core dependencies change, instead of needing
pycrypto, M2Crypto, ZeroMQ, and PYZMQ, the packages libsodium, libnacl, ioflo, and raet are required.
Encryption is handled very cleanly by libnacl, while the queueing and flow control is handled by ioflo.
Distribution packages are forthcoming, but libsodium can be easily installed from source, or many
distributions do ship packages for it. The libnacl and ioflo packages can be easily installed from pypi,
distribution packages are in the works.
Once the new deps are installed the 2014.7 release or higher of Salt needs to be installed.
Once installed, modify the configuration files for the minion and master to set the transport to raet:
/etc/salt/master:
transport: raet
/etc/salt/minion:
transport: raet
Now start salt as it would normally be started, the minion will connect to the master and share long term
keys, which can then in turn be managed via salt-key. Remote execution and salt states will function in
the same way as with Salt over ZeroMQ.
Limitations
The 2014.7 release of RAET is not complete! The Syndic and Multi Master have not been completed yet and
these are slated for completion in the 2015.5.0 release.
Also, Salt-Raet allows for more control over the client but these hooks have not been implemented yet,
thereforre the client still uses the same system as the ZeroMQ client. This means that the extra
reliability that RAET exposes has not yet been implemented in the CLI client.
Why?
Customer and User Request
Why make an alternative transport for Salt? There are many reasons, but the primary motivation came from
customer requests, many large companies came with requests to run Salt over an alternative transport, the
reasoning was varied, from performance and scaling improvements to licensing concerns. These customers
have partnered with SaltStack to make RAET a reality.
More Capabilities
RAET has been designed to allow salt to have greater communication capabilities. It has been designed to
allow for development into features which out ZeroMQ topologies can't match.
Many of the proposed features are still under development and will be announced as they enter proof of
concept phases, but these features include salt-fuse - a filesystem over salt, salt-vt - a parallel api
driven shell over the salt transport and many others.
RAET Reliability
RAET is reliable, hence the name (Reliable Asynchronous Event Transport).
The concern posed by some over RAET reliability is based on the fact that RAET uses UDP instead of TCP
and UDP does not have built in reliability.
RAET itself implements the needed reliability layers that are not natively present in UDP, this allows
RAET to dynamically optimize packet delivery in a way that keeps it both reliable and asynchronous.
RAET and ZeroMQ
When using RAET, ZeroMQ is not required. RAET is a complete networking replacement. It is noteworthy that
RAET is not a ZeroMQ replacement in a general sense, the ZeroMQ constructs are not reproduced in RAET,
but they are instead implemented in such a way that is specific to Salt's needs.
RAET is primarily an async communication layer over truly async connections, defaulting to UDP. ZeroMQ is
over TCP and abstracts async constructs within the socket layer.
Salt is not dropping ZeroMQ support and has no immediate plans to do so.
Encryption
RAET uses Dan Bernstein's NACL encryption libraries and CurveCP handshake. The libnacl python binding
binds to both libsodium and tweetnacl to execute the underlying cryptography. This allows us to
completely rely on an externally developed cryptography system.
Programming Intro
Intro to RAET Programming
NOTE:
This page is still under construction
The first thing to cover is that RAET does not present a socket api, it presents, and queueing api, all
messages in RAET are made available to via queues. This is the single most differentiating factor with
RAET vs other networking libraries, instead of making a socket, a stack is created. Instead of calling
send() or recv(), messages are placed on the stack to be sent and messages that are received appear on
the stack.
Different kinds of stacks are also available, currently two stacks exist, the UDP stack, and the UXD
stack. The UDP stack is used to communicate over udp sockets, and the UXD stack is used to communicate
over Unix Domain Sockets.
The UDP stack runs a context for communicating over networks, while the UXD stack has contexts for
communicating between processes.
UDP Stack Messages
To create a UDP stack in RAET, simply create the stack, manage the queues, and process messages:
from salt.transport.road.raet import stacking
from salt.transport.road.raet import estating
udp_stack = stacking.StackUdp(ha=('127.0.0.1', 7870))
r_estate = estating.Estate(stack=stack, name='foo', ha=('192.168.42.42', 7870))
msg = {'hello': 'world'}
udp_stack.transmit(msg, udp_stack.estates[r_estate.name])
udp_stack.serviceAll()
Master Tops System
In 0.10.4 the external_nodes system was upgraded to allow for modular subsystems to be used to generate
the top file data for a highstate run on the master.
The old external_nodes option has been removed. The master tops system provides a pluggable and
extendable replacement for it, allowing for multiple different subsystems to provide top file data.
Using the new master_tops option is simple:
master_tops:
ext_nodes: cobbler-external-nodes
for Cobbler or:
master_tops:
reclass:
inventory_base_uri: /etc/reclass
classes_uri: roles
for Reclass.
master_tops:
varstack: /path/to/the/config/file/varstack.yaml
for Varstack.
It's also possible to create custom master_tops modules. Simply place them into salt://_tops in the Salt
fileserver and use the saltutil.sync_tops runner to sync them. If this runner function is not available,
they can manually be placed into extmods/tops, relative to the master cachedir (in most cases the full
path will be /var/cache/salt/master/extmods/tops).
Custom tops modules are written like any other execution module, see the source for the two modules above
for examples of fully functional ones. Below is a bare-bones example:
/etc/salt/master:
master_tops:
customtop: True
customtop.py: (custom master_tops module)
import logging
import sys
# Define the module's virtual name
__virtualname__ = 'customtop'
log = logging.getLogger(__name__)
def __virtual__():
return __virtualname__
def top(**kwargs):
log.debug('Calling top in customtop')
return {'base': ['test']}
salt minion state.show_top should then display something like:
$ salt minion state.show_top
minion
----------
base:
- test
NOTE:
If a master_tops module returns top file data for a given minion, it will be added to the states
configured in the top file. It will not replace it altogether. The Oxygen release adds additional
functionality allowing a minion to treat master_tops as the single source of truth, irrespective of
the top file.
Returners
By default the return values of the commands sent to the Salt minions are returned to the Salt master,
however anything at all can be done with the results data.
By using a Salt returner, results data can be redirected to external data-stores for analysis and
archival.
Returners pull their configuration values from the Salt minions. Returners are only configured once,
which is generally at load time.
The returner interface allows the return data to be sent to any system that can receive data. This means
that return data can be sent to a Redis server, a MongoDB server, a MySQL server, or any system.
SEE ALSO:
Full list of builtin returners
Using Returners
All Salt commands will return the command data back to the master. Specifying returners will ensure that
the data is _also_ sent to the specified returner interfaces.
Specifying what returners to use is done when the command is invoked:
salt '*' test.ping --return redis_return
This command will ensure that the redis_return returner is used.
It is also possible to specify multiple returners:
salt '*' test.ping --return mongo_return,redis_return,cassandra_return
In this scenario all three returners will be called and the data from the test.ping command will be sent
out to the three named returners.
Writing a Returner
A returner is a Python module containing at minimum a returner function. Other optional functions can be
included to add support for master_job_cache, external-job-cache, and Event Returners.
returner
The returner function must accept a single argument. The argument contains return data from the
called minion function. If the minion function test.ping is called, the value of the argument will
be a dictionary. Run the following command from a Salt master to get a sample of the dictionary:
salt-call --local --metadata test.ping --out=pprint
import redis
import json
def returner(ret):
'''
Return information to a redis server
'''
# Get a redis connection
serv = redis.Redis(
host='redis-serv.example.com',
port=6379,
db='0')
serv.sadd("%(id)s:jobs" % ret, ret['jid'])
serv.set("%(jid)s:%(id)s" % ret, json.dumps(ret['return']))
serv.sadd('jobs', ret['jid'])
serv.sadd(ret['jid'], ret['id'])
The above example of a returner set to send the data to a Redis server serializes the data as JSON and
sets it in redis.
Master Job Cache Support
master_job_cache, external-job-cache, and Event Returners. Salt's master_job_cache allows returners to
be used as a pluggable replacement for the default_job_cache. In order to do so, a returner must
implement the following functions:
NOTE:
The code samples contained in this section were taken from the cassandra_cql returner.
prep_jid
Ensures that job ids (jid) don't collide, unless passed_jid is provided.
nochache is an optional boolean that indicates if return data should be cached. passed_jid is a
caller provided jid which should be returned unconditionally.
def prep_jid(nocache, passed_jid=None): # pylint: disable=unused-argument
'''
Do any work necessary to prepare a JID, including sending a custom id
'''
return passed_jid if passed_jid is not None else salt.utils.jid.gen_jid()
save_load
Save job information. The jid is generated by prep_jid and should be considered a unique
identifier for the job. The jid, for example, could be used as the primary/unique key in a
database. The load is what is returned to a Salt master by a minion. The following code example
stores the load as a JSON string in the salt.jids table.
def save_load(jid, load):
'''
Save the load to the specified jid id
'''
query = '''INSERT INTO salt.jids (
jid, load
) VALUES (
'{0}', '{1}'
);'''.format(jid, json.dumps(load))
# cassandra_cql.cql_query may raise a CommandExecutionError
try:
__salt__['cassandra_cql.cql_query'](query)
except CommandExecutionError:
log.critical('Could not save load in jids table.')
raise
except Exception as e:
log.critical('''Unexpected error while inserting into
jids: {0}'''.format(str(e)))
raise
get_load
must accept a job id (jid) and return the job load stored by save_load, or an empty dictionary
when not found.
def get_load(jid):
'''
Return the load data that marks a specified jid
'''
query = '''SELECT load FROM salt.jids WHERE jid = '{0}';'''.format(jid)
ret = {}
# cassandra_cql.cql_query may raise a CommandExecutionError
try:
data = __salt__['cassandra_cql.cql_query'](query)
if data:
load = data[0].get('load')
if load:
ret = json.loads(load)
except CommandExecutionError:
log.critical('Could not get load from jids table.')
raise
except Exception as e:
log.critical('''Unexpected error while getting load from
jids: {0}'''.format(str(e)))
raise
return ret
External Job Cache Support
Salt's external-job-cache extends the master_job_cache. External Job Cache support requires the following
functions in addition to what is required for Master Job Cache support:
get_jid
Return a dictionary containing the information (load) returned by each minion when the specified
job id was executed.
Sample:
{
"local": {
"master_minion": {
"fun_args": [],
"jid": "20150330121011408195",
"return": true,
"retcode": 0,
"success": true,
"cmd": "_return",
"_stamp": "2015-03-30T12:10:12.708663",
"fun": "test.ping",
"id": "master_minion"
}
}
}
get_fun
Return a dictionary of minions that called a given Salt function as their last function call.
Sample:
{
"local": {
"minion1": "test.ping",
"minion3": "test.ping",
"minion2": "test.ping"
}
}
get_jids
Return a list of all job ids.
Sample:
{
"local": [
"20150330121011408195",
"20150330195922139916"
]
}
get_minions
Returns a list of minions
Sample:
{
"local": [
"minion3",
"minion2",
"minion1",
"master_minion"
]
}
Please refer to one or more of the existing returners (i.e. mysql, cassandra_cql) if you need further
clarification.
Event Support
An event_return function must be added to the returner module to allow events to be logged from a master
via the returner. A list of events are passed to the function by the master.
The following example was taken from the MySQL returner. In this example, each event is inserted into the
salt_events table keyed on the event tag. The tag contains the jid and therefore is guaranteed to be
unique.
def event_return(events):
'''
Return event to mysql server
Requires that configuration be enabled via 'event_return'
option in master config.
'''
with _get_serv(events, commit=True) as cur:
for event in events:
tag = event.get('tag', '')
data = event.get('data', '')
sql = '''INSERT INTO `salt_events` (`tag`, `data`, `master_id` )
VALUES (%s, %s, %s)'''
cur.execute(sql, (tag, json.dumps(data), __opts__['id']))
Custom Returners
Place custom returners in a _returners directory within the file_roots specified by the master config
file.
Custom returners are distributed when any of the following are called:
• state.apply
• saltutil.sync_returners
• saltutil.sync_all
Any custom returners which have been synced to a minion that are named the same as one of Salt's default
set of returners will take the place of the default returner with the same name.
Naming the Returner
Note that a returner's default name is its filename (i.e. foo.py becomes returner foo), but that its name
can be overridden by using a __virtual__ function. A good example of this can be found in the redis
returner, which is named redis_return.py but is loaded as simply redis:
try:
import redis
HAS_REDIS = True
except ImportError:
HAS_REDIS = False
__virtualname__ = 'redis'
def __virtual__():
if not HAS_REDIS:
return False
return __virtualname__
Testing the Returner
The returner, prep_jid, save_load, get_load, and event_return functions can be tested by configuring the
master_job_cache and Event Returners in the master config file and submitting a job to test.ping each
minion from the master.
Once you have successfully exercised the Master Job Cache functions, test the External Job Cache
functions using the ret execution module.
salt-call ret.get_jids cassandra_cql --output=json
salt-call ret.get_fun cassandra_cql test.ping --output=json
salt-call ret.get_minions cassandra_cql --output=json
salt-call ret.get_jid cassandra_cql 20150330121011408195 --output=json
Event Returners
For maximum visibility into the history of events across a Salt infrastructure, all events seen by a salt
master may be logged to one or more returners.
To enable event logging, set the event_return configuration option in the master config to the
returner(s) which should be designated as the handler for event returns.
NOTE:
Not all returners support event returns. Verify a returner has an event_return() function before
using.
NOTE:
On larger installations, many hundreds of events may be generated on a busy master every second. Be
certain to closely monitor the storage of a given returner as Salt can easily overwhelm an
underpowered server with thousands of returns.
Full List of Returners
returner modules
────────────────────────────────────────────────────────────────
carbon_return Take data from salt and "return" it
into a carbon receiver
────────────────────────────────────────────────────────────────
cassandra_cql_return Return data to a cassandra server
────────────────────────────────────────────────────────────────
cassandra_return Return data to a Cassandra
ColumnFamily
────────────────────────────────────────────────────────────────
couchbase_return Simple returner for Couchbase.
────────────────────────────────────────────────────────────────
couchdb_return Simple returner for CouchDB.
────────────────────────────────────────────────────────────────
django_return A returner that will inform a Django
system that returns are available
using Django's signal system.
────────────────────────────────────────────────────────────────
elasticsearch_return Return data to an elasticsearch
server for indexing.
────────────────────────────────────────────────────────────────
etcd_return Return data to an etcd server or
cluster
────────────────────────────────────────────────────────────────
highstate_return Return the results of a highstate (or
any other state function that returns
data in a compatible format) via an
HTML email or HTML file.
────────────────────────────────────────────────────────────────
hipchat_return Return salt data via hipchat.
────────────────────────────────────────────────────────────────
influxdb_return Return data to an influxdb server.
────────────────────────────────────────────────────────────────
kafka_return Return data to a Kafka topic
────────────────────────────────────────────────────────────────
librato_return Salt returner to return highstate
stats to Librato
────────────────────────────────────────────────────────────────
local The local returner is used to test
the returner interface, it just
prints the
────────────────────────────────────────────────────────────────
local_cache Return data to local job cache
────────────────────────────────────────────────────────────────
mattermost_returner Return salt data via mattermost
────────────────────────────────────────────────────────────────
memcache_return Return data to a memcache server
────────────────────────────────────────────────────────────────
mongo_future_return Return data to a mongodb server
────────────────────────────────────────────────────────────────
mongo_return Return data to a mongodb server
────────────────────────────────────────────────────────────────
multi_returner Read/Write multiple returners
────────────────────────────────────────────────────────────────
mysql Return data to a mysql server
────────────────────────────────────────────────────────────────
nagios_return Return salt data to Nagios
────────────────────────────────────────────────────────────────
odbc Return data to an ODBC compliant
server.
────────────────────────────────────────────────────────────────
pgjsonb Return data to a PostgreSQL server
with json data stored in Pg's jsonb
data type
────────────────────────────────────────────────────────────────
postgres Return data to a postgresql server
────────────────────────────────────────────────────────────────
postgres_local_cache Use a postgresql server for the
master job cache.
────────────────────────────────────────────────────────────────
pushover_returner Return salt data via pushover (‐
http://www.pushover.net)
────────────────────────────────────────────────────────────────
rawfile_json Take data from salt and "return" it
into a raw file containing the json,
with one line per event.
────────────────────────────────────────────────────────────────
redis_return Return data to a redis server
────────────────────────────────────────────────────────────────
sentry_return Salt returner that reports execution
results back to sentry.
────────────────────────────────────────────────────────────────
slack_returner Return salt data via slack
────────────────────────────────────────────────────────────────
sms_return Return data by SMS.
────────────────────────────────────────────────────────────────
smtp_return Return salt data via email
────────────────────────────────────────────────────────────────
splunk Send json response data to Splunk via
the HTTP Event Collector
────────────────────────────────────────────────────────────────
sqlite3_return Insert minion return data into a
sqlite3 database
────────────────────────────────────────────────────────────────
syslog_return Return data to the host operating
system's syslog facility
────────────────────────────────────────────────────────────────
xmpp_return Return salt data via xmpp
────────────────────────────────────────────────────────────────
zabbix_return Return salt data to Zabbix
┌──────────────────────┬───────────────────────────────────────┐
│ │ │
--
USING SALT
This section describes the fundamental components and concepts that you need to understand to use Salt.
Grains
Salt comes with an interface to derive information about the underlying system. This is called the
grains interface, because it presents salt with grains of information. Grains are collected for the
operating system, domain name, IP address, kernel, OS type, memory, and many other system properties.
The grains interface is made available to Salt modules and components so that the right salt minion
commands are automatically available on the right systems.
Grain data is relatively static, though if system information changes (for example, if network settings
are changed), or if a new value is assigned to a custom grain, grain data is refreshed.
NOTE:
Grains resolve to lowercase letters. For example, FOO, and foo target the same grain.
Listing Grains
Available grains can be listed by using the 'grains.ls' module:
salt '*' grains.ls
Grains data can be listed by using the 'grains.items' module:
salt '*' grains.items
Grains in the Minion Config
Grains can also be statically assigned within the minion configuration file. Just add the option grains
and pass options to it:
grains:
roles:
- webserver
- memcache
deployment: datacenter4
cabinet: 13
cab_u: 14-15
Then status data specific to your servers can be retrieved via Salt, or used inside of the State system
for matching. It also makes targeting, in the case of the example above, simply based on specific data
about your deployment.
Grains in /etc/salt/grains
If you do not want to place your custom static grains in the minion config file, you can also put them in
/etc/salt/grains on the minion. They are configured in the same way as in the above example, only without
a top-level grains: key:
roles:
- webserver
- memcache
deployment: datacenter4
cabinet: 13
cab_u: 14-15
NOTE:
Grains in /etc/salt/grains are ignored if you specify the same grains in the minion config.
NOTE:
Grains are static, and since they are not often changed, they will need a grains refresh when they are
updated. You can do this by calling: salt minion saltutil.refresh_modules
NOTE:
You can equally configure static grains for Proxy Minions. As multiple Proxy Minion processes can run
on the same machine, you need to index the files using the Minion ID, under /etc/salt/proxy.d/<minion
ID>/grains. For example, the grains for the Proxy Minion router1 can be defined under
/etc/salt/proxy.d/router1/grains, while the grains for the Proxy Minion switch7 can be put in
/etc/salt/proxy.d/switch7/grains.
Matching Grains in the Top File
With correctly configured grains on the Minion, the top file used in Pillar or during Highstate can be
made very efficient. For example, consider the following configuration:
'node_type:webserver':
- match: grain
- webserver
'node_type:postgres':
- match: grain
- postgres
'node_type:redis':
- match: grain
- redis
'node_type:lb':
- match: grain
- lb
For this example to work, you would need to have defined the grain node_type for the minions you wish to
match. This simple example is nice, but too much of the code is similar. To go one step further, Jinja
templating can be used to simplify the top file.
{% set the_node_type = salt['grains.get']('node_type', '') %}
{% if the_node_type %}
'node_type:{{ the_node_type }}':
- match: grain
- {{ the_node_type }}
{% endif %}
Using Jinja templating, only one match entry needs to be defined.
NOTE:
The example above uses the grains.get function to account for minions which do not have the node_type
grain set.
Writing Grains
The grains are derived by executing all of the "public" functions (i.e. those which do not begin with an
underscore) found in the modules located in the Salt's core grains code, followed by those in any custom
grains modules. The functions in a grains module must return a Python dict, where the dictionary keys are
the names of grains, and each key's value is that value for that grain.
Custom grains modules should be placed in a subdirectory named _grains located under the file_roots
specified by the master config file. The default path would be /srv/salt/_grains. Custom grains modules
will be distributed to the minions when state.highstate is run, or by executing the saltutil.sync_grains
or saltutil.sync_all functions.
Grains modules are easy to write, and (as noted above) only need to return a dictionary. For example:
def yourfunction():
# initialize a grains dictionary
grains = {}
# Some code for logic that sets grains like
grains['yourcustomgrain'] = True
grains['anothergrain'] = 'somevalue'
return grains
The name of the function does not matter and will not factor into the grains data at all; only the
keys/values returned become part of the grains.
When to Use a Custom Grain
Before adding new grains, consider what the data is and remember that grains should (for the most part)
be static data.
If the data is something that is likely to change, consider using Pillar or an execution module instead.
If it's a simple set of key/value pairs, pillar is a good match. If compiling the information requires
that system commands be run, then putting this information in an execution module is likely a better
idea.
Good candidates for grains are data that is useful for targeting minions in the top file or the Salt CLI.
The name and data structure of the grain should be designed to support many platforms, operating systems
or applications. Also, keep in mind that Jinja templating in Salt supports referencing pillar data as
well as invoking functions from execution modules, so there's no need to place information in grains to
make it available to Jinja templates. For example:
...
...
{{ salt['module.function_name']('argument_1', 'argument_2') }}
{{ pillar['my_pillar_key'] }}
...
...
WARNING:
Custom grains will not be available in the top file until after the first highstate. To make custom
grains available on a minion's first highstate, it is recommended to use this example to ensure that
the custom grains are synced when the minion starts.
Loading Custom Grains
If you have multiple functions specifying grains that are called from a main function, be sure to prepend
grain function names with an underscore. This prevents Salt from including the loaded grains from the
grain functions in the final grain data structure. For example, consider this custom grain file:
#!/usr/bin/env python
def _my_custom_grain():
my_grain = {'foo': 'bar', 'hello': 'world'}
return my_grain
def main():
# initialize a grains dictionary
grains = {}
grains['my_grains'] = _my_custom_grain()
return grains
The output of this example renders like so:
# salt-call --local grains.items
local:
----------
<Snipped for brevity>
my_grains:
----------
foo:
bar
hello:
world
However, if you don't prepend the my_custom_grain function with an underscore, the function will be
rendered twice by Salt in the items output: once for the my_custom_grain call itself, and again when it
is called in the main function:
# salt-call --local grains.items
local:
----------
<Snipped for brevity>
foo:
bar
<Snipped for brevity>
hello:
world
<Snipped for brevity>
my_grains:
----------
foo:
bar
hello:
world
Precedence
Core grains can be overridden by custom grains. As there are several ways of defining custom grains,
there is an order of precedence which should be kept in mind when defining them. The order of evaluation
is as follows:
1. Core grains.
2. Custom grains in /etc/salt/grains.
3. Custom grains in /etc/salt/minion.
4. Custom grain modules in _grains directory, synced to minions.
Each successive evaluation overrides the previous ones, so any grains defined by custom grains modules
synced to minions that have the same name as a core grain will override that core grain. Similarly,
grains from /etc/salt/minion override both core grains and custom grain modules, and grains in _grains
will override any grains of the same name.
Examples of Grains
The core module in the grains package is where the main grains are loaded by the Salt minion and provides
the principal example of how to write grains:
https://github.com/saltstack/salt/blob/develop/salt/grains/core.py
Syncing Grains
Syncing grains can be done a number of ways, they are automatically synced when state.highstate is
called, or (as noted above) the grains can be manually synced and reloaded by calling the
saltutil.sync_grains or saltutil.sync_all functions.
NOTE:
When the grains_cache is set to False, the grains dictionary is built and stored in memory on the
minion. Every time the minion restarts or saltutil.refresh_grains is run, the grain dictionary is
rebuilt from scratch.
Storing Static Data in the Pillar
Pillar is an interface for Salt designed to offer global values that can be distributed to minions.
Pillar data is managed in a similar way as the Salt State Tree.
Pillar was added to Salt in version 0.9.8
NOTE:
Storing sensitive data
Pillar data is compiled on the master. Additionally, pillar data for a given minion is only accessible
by the minion for which it is targeted in the pillar configuration. This makes pillar useful for
storing sensitive data specific to a particular minion.
Declaring the Master Pillar
The Salt Master server maintains a pillar_roots setup that matches the structure of the file_roots used
in the Salt file server. Like file_roots, the pillar_roots option maps environments to directories. The
pillar data is then mapped to minions based on matchers in a top file which is laid out in the same way
as the state top file. Salt pillars can use the same matcher types as the standard top file.
conf_master:pillar_roots is configured just like file_roots. For example:
pillar_roots:
base:
- /srv/pillar
This example configuration declares that the base environment will be located in the /srv/pillar
directory. It must not be in a subdirectory of the state tree.
The top file used matches the name of the top file used for States, and has the same structure:
/srv/pillar/top.sls
base:
'*':
- packages
In the above top file, it is declared that in the base environment, the glob matching all minions will
have the pillar data found in the packages pillar available to it. Assuming the pillar_roots value of
/srv/pillar taken from above, the packages pillar would be located at /srv/pillar/packages.sls.
Any number of matchers can be added to the base environment. For example, here is an expanded version of
the Pillar top file stated above:
/srv/pillar/top.sls:
base:
'*':
- packages
'web*':
- vim
In this expanded top file, minions that match web* will have access to the /srv/pillar/packages.sls file,
as well as the /srv/pillar/vim.sls file.
Another example shows how to use other standard top matching types to deliver specific salt pillar data
to minions with different properties.
Here is an example using the grains matcher to target pillars to minions by their os grain:
dev:
'os:Debian':
- match: grain
- servers
/srv/pillar/packages.sls
{% if grains['os'] == 'RedHat' %}
apache: httpd
git: git
{% elif grains['os'] == 'Debian' %}
apache: apache2
git: git-core
{% endif %}
company: Foo Industries
IMPORTANT:
See Is Targeting using Grain Data Secure? for important security information.
The above pillar sets two key/value pairs. If a minion is running RedHat, then the apache key is set to
httpd and the git key is set to the value of git. If the minion is running Debian, those values are
changed to apache2 and git-core respectively. All minions that have this pillar targeting to them via a
top file will have the key of company with a value of Foo Industries.
Consequently this data can be used from within modules, renderers, State SLS files, and more via the
shared pillar dict:
apache:
pkg.installed:
- name: {{ pillar['apache'] }}
git:
pkg.installed:
- name: {{ pillar['git'] }}
Finally, the above states can utilize the values provided to them via Pillar. All pillar values targeted
to a minion are available via the 'pillar' dictionary. As seen in the above example, Jinja substitution
can then be utilized to access the keys and values in the Pillar dictionary.
Note that you cannot just list key/value-information in top.sls. Instead, target a minion to a pillar
file and then list the keys and values in the pillar. Here is an example top file that illustrates this
point:
base:
'*':
- common_pillar
And the actual pillar file at '/srv/pillar/common_pillar.sls':
foo: bar
boo: baz
NOTE:
When working with multiple pillar environments, assuming that each pillar environment has its own top
file, the jinja placeholder {{ saltenv }} can be used in place of the environment name:
{{ saltenv }}:
'*':
- common_pillar
Yes, this is {{ saltenv }}, and not {{ pillarenv }}. The reason for this is because the Pillar top
files are parsed using some of the same code which parses top files when running states, so the pillar
environment takes the place of {{ saltenv }} in the jinja context.
Pillar Namespace Flattening
The separate pillar SLS files all merge down into a single dictionary of key-value pairs. When the same
key is defined in multiple SLS files, this can result in unexpected behavior if care is not taken to how
the pillar SLS files are laid out.
For example, given a top.sls containing the following:
base:
'*':
- packages
- services
with packages.sls containing:
bind: bind9
and services.sls containing:
bind: named
Then a request for the bind pillar key will only return named. The bind9 value will be lost, because
services.sls was evaluated later.
NOTE:
Pillar files are applied in the order they are listed in the top file. Therefore conflicting keys
will be overwritten in a 'last one wins' manner! For example, in the above scenario conflicting key
values in services will overwrite those in packages because it's at the bottom of the list.
It can be better to structure your pillar files with more hierarchy. For example the package.sls file
could be configured like so:
packages:
bind: bind9
This would make the packages pillar key a nested dictionary containing a bind key.
Pillar Dictionary Merging
If the same pillar key is defined in multiple pillar SLS files, and the keys in both files refer to
nested dictionaries, then the content from these dictionaries will be recursively merged.
For example, keeping the top.sls the same, assume the following modifications to the pillar SLS files:
packages.sls:
bind:
package-name: bind9
version: 9.9.5
services.sls:
bind:
port: 53
listen-on: any
The resulting pillar dictionary will be:
$ salt-call pillar.get bind
local:
----------
listen-on:
any
package-name:
bind9
port:
53
version:
9.9.5
Since both pillar SLS files contained a bind key which contained a nested dictionary, the pillar
dictionary's bind key contains the combined contents of both SLS files' bind keys.
Including Other Pillars
New in version 0.16.0.
Pillar SLS files may include other pillar files, similar to State files. Two syntaxes are available for
this purpose. The simple form simply includes the additional pillar as if it were part of the same file:
include:
- users
The full include form allows two additional options -- passing default values to the templating engine
for the included pillar file as well as an optional key under which to nest the results of the included
pillar:
include:
- users:
defaults:
sudo: ['bob', 'paul']
key: users
With this form, the included file (users.sls) will be nested within the 'users' key of the compiled
pillar. Additionally, the 'sudo' value will be available as a template variable to users.sls.
In-Memory Pillar Data vs. On-Demand Pillar Data
Since compiling pillar data is computationally expensive, the minion will maintain a copy of the pillar
data in memory to avoid needing to ask the master to recompile and send it a copy of the pillar data each
time pillar data is requested. This in-memory pillar data is what is returned by the pillar.item,
pillar.get, and pillar.raw functions.
Also, for those writing custom execution modules, or contributing to Salt's existing execution modules,
the in-memory pillar data is available as the __pillar__ dunder dictionary.
The in-memory pillar data is generated on minion start, and can be refreshed using the
saltutil.refresh_pillar function:
salt '*' saltutil.refresh_pillar
This function triggers the minion to asynchronously refresh the in-memory pillar data and will always
return None.
In contrast to in-memory pillar data, certain actions trigger pillar data to be compiled to ensure that
the most up-to-date pillar data is available. These actions include:
• Running states
• Running pillar.items
Performing these actions will not refresh the in-memory pillar data. So, if pillar data is modified, and
then states are run, the states will see the updated pillar data, but pillar.item, pillar.get, and
pillar.raw will not see this data unless refreshed using saltutil.refresh_pillar.
How Pillar Environments Are Handled
When multiple pillar environments are used, the default behavior is for the pillar data from all
environments to be merged together. The pillar dictionary will therefore contain keys from all configured
environments.
The pillarenv minion config option can be used to force the minion to only consider pillar configuration
from a single environment. This can be useful in cases where one needs to run states with alternate
pillar data, either in a testing/QA environment or to test changes to the pillar data before pushing them
live.
For example, assume that the following is set in the minion config file:
pillarenv: base
This would cause that minion to ignore all other pillar environments besides base when compiling the
in-memory pillar data. Then, when running states, the pillarenv CLI argument can be used to override the
minion's pillarenv config value:
salt '*' state.apply mystates pillarenv=testing
The above command will run the states with pillar data sourced exclusively from the testing environment,
without modifying the in-memory pillar data.
NOTE:
When running states, the pillarenv CLI option does not require a pillarenv option to be set in the
minion config file. When pillarenv is left unset, as mentioned above all configured environments will
be combined. Running states with pillarenv=testing in this case would still restrict the states'
pillar data to just that of the testing pillar environment.
Starting in the 2017.7.0 release, it is possible to pin the pillarenv to the effective saltenv, using the
pillarenv_from_saltenv minion config option. When this is set to True, if a specific saltenv is specified
when running states, the pillarenv will be the same. This essentially makes the following two commands
equivalent:
salt '*' state.apply mystates saltenv=dev
salt '*' state.apply mystates saltenv=dev pillarenv=dev
However, if a pillarenv is specified, it will override this behavior. So, the following command will use
the qa pillar environment but source the SLS files from the dev saltenv:
salt '*' state.apply mystates saltenv=dev pillarenv=qa
So, if a pillarenv is set in the minion config file, pillarenv_from_saltenv will be ignored, and passing
a pillarenv on the CLI will temporarily override pillarenv_from_saltenv.
Viewing Pillar Data
To view pillar data, use the pillar execution module. This module includes several functions, each of
them with their own use. These functions include:
• pillar.item - Retrieves the value of one or more keys from the in-memory pillar datj.
• pillar.items - Compiles a fresh pillar dictionary and returns it, leaving the in-memory pillar data
untouched. If pillar keys are passed to this function however, this function acts like pillar.item and
returns their values from the in-memory pillar data.
• pillar.raw - Like pillar.items, it returns the entire pillar dictionary, but from the in-memory pillar
data instead of compiling fresh pillar data.
• pillar.get - Described in detail below.
The pillar.get Function
New in version 0.14.0.
The pillar.get function works much in the same way as the get method in a python dict, but with an
enhancement: nested dictonaries can be traversed using a colon as a delimiter.
If a structure like this is in pillar:
foo:
bar:
baz: qux
Extracting it from the raw pillar in an sls formula or file template is done this way:
{{ pillar['foo']['bar']['baz'] }}
Now, with the new pillar.get function the data can be safely gathered and a default can be set, allowing
the template to fall back if the value is not available:
{{ salt['pillar.get']('foo:bar:baz', 'qux') }}
This makes handling nested structures much easier.
NOTE:
pillar.get() vs salt['pillar.get']()
It should be noted that within templating, the pillar variable is just a dictionary. This means that
calling pillar.get() inside of a template will just use the default dictionary .get() function which
does not include the extra : delimiter functionality. It must be called using the above syntax
(salt['pillar.get']('foo:bar:baz', 'qux')) to get the salt function, instead of the default dictionary
behavior.
Setting Pillar Data at the Command Line
Pillar data can be set at the command line like the following example:
salt '*' state.apply pillar='{"cheese": "spam"}'
This will add a pillar key of cheese with its value set to spam.
NOTE:
Be aware that when sending sensitive data via pillar on the command-line that the publication
containing that data will be received by all minions and will not be restricted to the targeted
minions. This may represent a security concern in some cases.
Pillar Encryption
Salt's renderer system can be used to decrypt pillar data. This allows for pillar items to be stored in
an encrypted state, and decrypted during pillar compilation.
Encrypted Pillar SLS
New in version 2017.7.0.
Consider the following pillar SLS file:
secrets:
vault:
foo: |
-----BEGIN PGP MESSAGE-----
hQEMAw2B674HRhwSAQgAhTrN8NizwUv/VunVrqa4/X8t6EUulrnhKcSeb8sZS4th
W1Qz3K2NjL4lkUHCQHKZVx/VoZY7zsddBIFvvoGGfj8+2wjkEDwFmFjGE4DEsS74
ZLRFIFJC1iB/O0AiQ+oU745skQkU6OEKxqavmKMrKo3rvJ8ZCXDC470+i2/Hqrp7
+KWGmaDOO422JaSKRm5D9bQZr9oX7KqnrPG9I1+UbJyQSJdsdtquPWmeIpamEVHb
VMDNQRjSezZ1yKC4kCWm3YQbBF76qTHzG1VlLF5qOzuGI9VkyvlMaLfMibriqY73
zBbPzf6Bkp2+Y9qyzuveYMmwS4sEOuZL/PetqisWe9JGAWD/O+slQ2KRu9hNww06
KMDPJRdyj5bRuBVE4hHkkP23KrYr7SuhW2vpe7O/MvWEJ9uDNegpMLhTWruGngJh
iFndxegN9w==
=bAuo
-----END PGP MESSAGE-----
bar: this was unencrypted already
baz: |
-----BEGIN PGP MESSAGE-----
hQEMAw2B674HRhwSAQf+Ne+IfsP2IcPDrUWct8sTJrga47jQvlPCmO+7zJjOVcqz
gLjUKvMajrbI/jorBWxyAbF+5E7WdG9WHHVnuoywsyTB9rbmzuPqYCJCe+ZVyqWf
9qgJ+oUjcvYIFmH3h7H68ldqbxaAUkAOQbTRHdr253wwaTIC91ZeX0SCj64HfTg7
Izwk383CRWonEktXJpientApQFSUWNeLUWagEr/YPNFA3vzpPF5/Ia9X8/z/6oO2
q+D5W5mVsns3i2HHbg2A8Y+pm4TWnH6mTSh/gdxPqssi9qIrzGQ6H1tEoFFOEq1V
kJBe0izlfudqMq62XswzuRB4CYT5Iqw1c97T+1RqENJCASG0Wz8AGhinTdlU5iQl
JkLKqBxcBz4L70LYWyHhYwYROJWjHgKAywX5T67ftq0wi8APuZl9olnOkwSK+wrY
1OZi
=7epf
-----END PGP MESSAGE-----
qux:
- foo
- bar
- |
-----BEGIN PGP MESSAGE-----
hQEMAw2B674HRhwSAQgAg1YCmokrweoOI1c9HO0BLamWBaFPTMblOaTo0WJLZoTS
ksbQ3OJAMkrkn3BnnM/djJc5C7vNs86ZfSJ+pvE8Sp1Rhtuxh25EKMqGOn/SBedI
gR6N5vGUNiIpG5Tf3DuYAMNFDUqw8uY0MyDJI+ZW3o3xrMUABzTH0ew+Piz85FDA
YrVgwZfqyL+9OQuu6T66jOIdwQNRX2NPFZqvon8liZUPus5VzD8E5cAL9OPxQ3sF
f7/zE91YIXUTimrv3L7eCgU1dSxKhhfvA2bEUi+AskMWFXFuETYVrIhFJAKnkFmE
uZx+O9R9hADW3hM5hWHKH9/CRtb0/cC84I9oCWIQPdI+AaPtICxtsD2N8Q98hhhd
4M7I0sLZhV+4ZJqzpUsOnSpaGyfh1Zy/1d3ijJi99/l+uVHuvmMllsNmgR+ZTj0=
=LrCQ
-----END PGP MESSAGE-----
When the pillar data is compiled, the results will be decrypted:
# salt myminion pillar.items
myminion:
----------
secrets:
----------
vault:
----------
bar:
this was unencrypted already
baz:
rosebud
foo:
supersecret
qux:
- foo
- bar
- baz
Salt must be told what portions of the pillar data to decrypt. This is done using the decrypt_pillar
config option:
decrypt_pillar:
- 'secrets:vault': gpg
The notation used to specify the pillar item(s) to be decrypted is the same as the one used in pillar.get
function.
If a different delimiter is needed, it can be specified using the decrypt_pillar_delimiter config option:
decrypt_pillar:
- 'secrets|vault': gpg
decrypt_pillar_delimiter: '|'
The name of the renderer used to decrypt a given pillar item can be omitted, and if so it will fall back
to the value specified by the decrypt_pillar_default config option, which defaults to gpg. So, the first
example above could be rewritten as:
decrypt_pillar:
- 'secrets:vault'
Encrypted Pillar Data on the CLI
New in version 2016.3.0.
The following functions support passing pillar data on the CLI via the pillar argument:
• pillar.items
• state.apply
• state.highstate
• state.sls
Triggerring decryption of this CLI pillar data can be done in one of two ways:
1. Using the pillar_enc argument:
# salt myminion pillar.items pillar_enc=gpg pillar='{foo: "-----BEGIN PGP MESSAGE-----\n\nhQEMAw2B674HRhwSAQf+OvPqEdDoA2fk15I5dYUTDoj1yf/pVolAma6iU4v8Zixn\nRDgWsaAnFz99FEiFACsAGDEFdZaVOxG80T0Lj+PnW4pVy0OXmXHnY2KjV9zx8FLS\nQxfvmhRR4t23WSFybozfMm0lsN8r1vfBBjbK+A72l0oxN78d1rybJ6PWNZiXi+aC\nmqIeunIbAKQ21w/OvZHhxH7cnIiGQIHc7N9nQH7ibyoKQzQMSZeilSMGr2abAHun\nmLzscr4wKMb+81Z0/fdBfP6g3bLWMJga3hSzSldU9ovu7KR8rDJI1qOlENj3Wm8C\nwTpDOB33kWIKMqiAjY3JFtb5MCHrafyggwQL7cX1+tI+AbSO6kZpbcDfzetb77LZ\nxc5NWnnGK4pGoqq4MAmZshw98RpecSHKMosto2gtiuWCuo9Zn5cV/FbjZ9CTWrQ=\n=0hO/\n-----END PGP MESSAGE-----"}'
The newlines in this example are specified using a literal \n. Newlines can be replaced with a literal
\n using sed:
$ echo -n bar | gpg --armor --trust-model always --encrypt -r user@domain.tld | sed ':a;N;$!ba;s/\n/\\n/g'
NOTE:
Using pillar_enc will perform the decryption minion-side, so for this to work it will be necessary
to set up the keyring in /etc/salt/gpgkeys on the minion just as one would typically do on the
master. The easiest way to do this is to first export the keys from the master:
# gpg --homedir /etc/salt/gpgkeys --export-secret-key -a user@domain.tld >/tmp/keypair.gpg
Then, copy the file to the minion, setup the keyring, and import:
# mkdir -p /etc/salt/gpgkeys
# chmod 0700 /etc/salt/gpgkeys
# gpg --homedir /etc/salt/gpgkeys --list-keys
# gpg --homedir /etc/salt/gpgkeys --import --allow-secret-key-import keypair.gpg
The --list-keys command is run create a keyring in the newly-created directory.
Pillar data which is decrypted minion-side will still be securely transferred to the master, since the
data sent between minion and master is encrypted with the master's public key.
2. Use the decrypt_pillar option. This is less flexible in that the pillar key passed on the CLI must be
pre-configured on the master, but it doesn't require a keyring to be setup on the minion. One other
caveat to this method is that pillar decryption on the master happens at the end of pillar
compilation, so if the encrypted pillar data being passed on the CLI needs to be referenced by pillar
or ext_pillar during pillar compilation, it must be decrypted minion-side.
Adding New Renderers for Decryption
Those looking to add new renderers for decryption should look at the gpg renderer for an example of how
to do so. The function that performs the decryption should be recursive and be able to traverse a mutable
type such as a dictionary, and modify the values in-place.
Once the renderer has been written, decrypt_pillar_renderers should be modified so that Salt allows it to
be used for decryption.
If the renderer is being submitted upstream to the Salt project, the renderer should be added in
salt/renderers/. Additionally, the following should be done:
• Both occurrences of decrypt_pillar_renderers in salt/config/__init__.py should be updated to include
the name of the new renderer so that it is included in the default value for this config option.
• The documentation for the decrypt_pillar_renderers config option in the master config file and minion
config file should be updated to show the correct new default value.
• The commented example for the decrypt_pillar_renderers config option in the master config template
should be updated to show the correct new default value.
Master Config in Pillar
For convenience the data stored in the master configuration file can be made available in all minion's
pillars. This makes global configuration of services and systems very easy but may not be desired if
sensitive data is stored in the master configuration. This option is disabled by default.
To enable the master config from being added to the pillar set pillar_opts to True in the minion config
file:
pillar_opts: True
Minion Config in Pillar
Minion configuration options can be set on pillars. Any option that you want to modify, should be in the
first level of the pillars, in the same way you set the options in the config file. For example, to
configure the MySQL root password to be used by MySQL Salt execution module, set the following pillar
variable:
mysql.pass: hardtoguesspassword
Master Provided Pillar Error
By default if there is an error rendering a pillar, the detailed error is hidden and replaced with:
Rendering SLS 'my.sls' failed. Please see master log for details.
The error is protected because it's possible to contain templating data which would give that minion
information it shouldn't know, like a password!
To have the master provide the detailed error that could potentially carry protected data set
pillar_safe_render_error to False:
pillar_safe_render_error: False
Pillar Walkthrough
NOTE:
This walkthrough assumes that the reader has already completed the initial Salt walkthrough.
Pillars are tree-like structures of data defined on the Salt Master and passed through to minions. They
allow confidential, targeted data to be securely sent only to the relevant minion.
NOTE:
Grains and Pillar are sometimes confused, just remember that Grains are data about a minion which is
stored or generated from the minion. This is why information like the OS and CPU type are found in
Grains. Pillar is information about a minion or many minions stored or generated on the Salt Master.
Pillar data is useful for:
Highly Sensitive Data:
Information transferred via pillar is guaranteed to only be presented to the minions that are
targeted, making Pillar suitable for managing security information, such as cryptographic keys and
passwords.
Minion Configuration:
Minion modules such as the execution modules, states, and returners can often be configured via
data stored in pillar.
Variables:
Variables which need to be assigned to specific minions or groups of minions can be defined in
pillar and then accessed inside sls formulas and template files.
Arbitrary Data:
Pillar can contain any basic data structure in dictionary format, so a key/value store can be
defined making it easy to iterate over a group of values in sls formulas.
Pillar is therefore one of the most important systems when using Salt. This walkthrough is designed to
get a simple Pillar up and running in a few minutes and then to dive into the capabilities of Pillar and
where the data is available.
Setting Up Pillar
The pillar is already running in Salt by default. To see the minion's pillar data:
salt '*' pillar.items
NOTE:
Prior to version 0.16.2, this function is named pillar.data. This function name is still supported for
backwards compatibility.
By default, the contents of the master configuration file are not loaded into pillar for all minions.
This default is stored in the pillar_opts setting, which defaults to False.
The contents of the master configuration file can be made available to minion pillar files. This makes
global configuration of services and systems very easy, but note that this may not be desired or
appropriate if sensitive data is stored in the master's configuration file. To enable the master
configuration file to be available to a minion's pillar files, set pillar_opts to True in the minion
configuration file.
Similar to the state tree, the pillar is comprised of sls files and has a top file. The default location
for the pillar is in /srv/pillar.
NOTE:
The pillar location can be configured via the pillar_roots option inside the master configuration
file. It must not be in a subdirectory of the state tree or file_roots. If the pillar is under
file_roots, any pillar targeting can be bypassed by minions.
To start setting up the pillar, the /srv/pillar directory needs to be present:
mkdir /srv/pillar
Now create a simple top file, following the same format as the top file used for states:
/srv/pillar/top.sls:
base:
'*':
- data
This top file associates the data.sls file to all minions. Now the /srv/pillar/data.sls file needs to be
populated:
/srv/pillar/data.sls:
info: some data
To ensure that the minions have the new pillar data, issue a command to them asking that they fetch their
pillars from the master:
salt '*' saltutil.refresh_pillar
Now that the minions have the new pillar, it can be retrieved:
salt '*' pillar.items
The key info should now appear in the returned pillar data.
More Complex Data
Unlike states, pillar files do not need to define formulas. This example sets up user data with a UID:
/srv/pillar/users/init.sls:
users:
thatch: 1000
shouse: 1001
utahdave: 1002
redbeard: 1003
NOTE:
The same directory lookups that exist in states exist in pillar, so the file users/init.sls can be
referenced with users in the top file.
The top file will need to be updated to include this sls file:
/srv/pillar/top.sls:
base:
'*':
- data
- users
Now the data will be available to the minions. To use the pillar data in a state, you can use Jinja:
/srv/salt/users/init.sls
{% for user, uid in pillar.get('users', {}).items() %}
{{user}}:
user.present:
- uid: {{uid}}
{% endfor %}
This approach allows for users to be safely defined in a pillar and then the user data is applied in an
sls file.
Parameterizing States With Pillar
Pillar data can be accessed in state files to customise behavior for each minion. All pillar (and grain)
data applicable to each minion is substituted into the state files through templating before being run.
Typical uses include setting directories appropriate for the minion and skipping states that don't apply.
A simple example is to set up a mapping of package names in pillar for separate Linux distributions:
/srv/pillar/pkg/init.sls:
pkgs:
{% if grains['os_family'] == 'RedHat' %}
apache: httpd
vim: vim-enhanced
{% elif grains['os_family'] == 'Debian' %}
apache: apache2
vim: vim
{% elif grains['os'] == 'Arch' %}
apache: apache
vim: vim
{% endif %}
The new pkg sls needs to be added to the top file:
/srv/pillar/top.sls:
base:
'*':
- data
- users
- pkg
Now the minions will auto map values based on respective operating systems inside of the pillar, so sls
files can be safely parameterized:
/srv/salt/apache/init.sls:
apache:
pkg.installed:
- name: {{ pillar['pkgs']['apache'] }}
Or, if no pillar is available a default can be set as well:
NOTE:
The function pillar.get used in this example was added to Salt in version 0.14.0
/srv/salt/apache/init.sls:
apache:
pkg.installed:
- name: {{ salt['pillar.get']('pkgs:apache', 'httpd') }}
In the above example, if the pillar value pillar['pkgs']['apache'] is not set in the minion's pillar,
then the default of httpd will be used.
NOTE:
Under the hood, pillar is just a Python dict, so Python dict methods such as get and items can be
used.
Pillar Makes Simple States Grow Easily
One of the design goals of pillar is to make simple sls formulas easily grow into more flexible formulas
without refactoring or complicating the states.
A simple formula:
/srv/salt/edit/vim.sls:
vim:
pkg.installed: []
/etc/vimrc:
file.managed:
- source: salt://edit/vimrc
- mode: 644
- user: root
- group: root
- require:
- pkg: vim
Can be easily transformed into a powerful, parameterized formula:
/srv/salt/edit/vim.sls:
vim:
pkg.installed:
- name: {{ pillar['pkgs']['vim'] }}
/etc/vimrc:
file.managed:
- source: {{ pillar['vimrc'] }}
- mode: 644
- user: root
- group: root
- require:
- pkg: vim
Where the vimrc source location can now be changed via pillar:
/srv/pillar/edit/vim.sls:
{% if grains['id'].startswith('dev') %}
vimrc: salt://edit/dev_vimrc
{% elif grains['id'].startswith('qa') %}
vimrc: salt://edit/qa_vimrc
{% else %}
vimrc: salt://edit/vimrc
{% endif %}
Ensuring that the right vimrc is sent out to the correct minions.
The pillar top file must include a reference to the new sls pillar file:
/srv/pillar/top.sls:
base:
'*':
- pkg
- edit.vim
Setting Pillar Data on the Command Line
Pillar data can be set on the command line when running state.apply <salt.modules.state.apply_() like so:
salt '*' state.apply pillar='{"foo": "bar"}'
salt '*' state.apply my_sls_file pillar='{"hello": "world"}'
Nested pillar values can also be set via the command line:
salt '*' state.sls my_sls_file pillar='{"foo": {"bar": "baz"}}'
NOTE:
If a key is passed on the command line that already exists on the minion, the key that is passed in
will overwrite the entire value of that key, rather than merging only the specified value set via the
command line.
The example below will swap the value for vim with telnet in the previously specified list, notice the
nested pillar dict:
salt '*' state.apply edit.vim pillar='{"pkgs": {"vim": "telnet"}}'
This will attempt to install telnet on your minions, feel free to uninstall the package or replace telnet
value with anything else.
NOTE:
Be aware that when sending sensitive data via pillar on the command-line that the publication
containing that data will be received by all minions and will not be restricted to the targeted
minions. This may represent a security concern in some cases.
More On Pillar
Pillar data is generated on the Salt master and securely distributed to minions. Salt is not restricted
to the pillar sls files when defining the pillar but can retrieve data from external sources. This can be
useful when information about an infrastructure is stored in a separate location.
Reference information on pillar and the external pillar interface can be found in the Salt documentation:
Pillar
Minion Config in Pillar
Minion configuration options can be set on pillars. Any option that you want to modify, should be in the
first level of the pillars, in the same way you set the options in the config file. For example, to
configure the MySQL root password to be used by MySQL Salt execution module:
mysql.pass: hardtoguesspassword
This is very convenient when you need some dynamic configuration change that you want to be applied on
the fly. For example, there is a chicken and the egg problem if you do this:
mysql-admin-passwd:
mysql_user.present:
- name: root
- password: somepasswd
mydb:
mysql_db.present
The second state will fail, because you changed the root password and the minion didn't notice it.
Setting mysql.pass in the pillar, will help to sort out the issue. But always change the root admin
password in the first place.
This is very helpful for any module that needs credentials to apply state changes: mysql, keystone, etc.
Targeting Minions
Targeting minions is specifying which minions should run a command or execute a state by matching against
hostnames, or system information, or defined groups, or even combinations thereof.
For example the command salt web1 apache.signal restart to restart the Apache httpd server specifies the
machine web1 as the target and the command will only be run on that one minion.
Similarly when using States, the following top file specifies that only the web1 minion should execute
the contents of webserver.sls:
base:
'web1':
- webserver
The simple target specifications, glob, regex, and list will cover many use cases, and for some will
cover all use cases, but more powerful options exist.
Targeting with Grains
The Grains interface was built into Salt to allow minions to be targeted by system properties. So minions
running on a particular operating system can be called to execute a function, or a specific kernel.
Calling via a grain is done by passing the -G option to salt, specifying a grain and a glob expression to
match the value of the grain. The syntax for the target is the grain key followed by a glob expression:
"os:Arch*".
salt -G 'os:Fedora' test.ping
Will return True from all of the minions running Fedora.
To discover what grains are available and what the values are, execute the grains.item salt function:
salt '*' grains.items
More info on using targeting with grains can be found here.
Compound Targeting
New in version 0.9.5.
Multiple target interfaces can be used in conjunction to determine the command targets. These targets can
then be combined using and or or statements. This is well defined with an example:
salt -C 'G@os:Debian and webser* or E@db.*' test.ping
In this example any minion who's id starts with webser and is running Debian, or any minion who's id
starts with db will be matched.
The type of matcher defaults to glob, but can be specified with the corresponding letter followed by the
@ symbol. In the above example a grain is used with G@ as well as a regular expression with E@. The
webser* target does not need to be prefaced with a target type specifier because it is a glob.
More info on using compound targeting can be found here.
Node Group Targeting
New in version 0.9.5.
For certain cases, it can be convenient to have a predefined group of minions on which to execute
commands. This can be accomplished using what are called nodegroups. Nodegroups allow for predefined
compound targets to be declared in the master configuration file, as a sort of shorthand for having to
type out complicated compound expressions.
nodegroups:
group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com'
group2: 'G@os:Debian and foo.domain.com'
group3: 'G@os:Debian and N@group1'
Advanced Targeting Methods
There are many ways to target individual minions or groups of minions in Salt:
Matching the minion id
Each minion needs a unique identifier. By default when a minion starts for the first time it chooses its
FQDN as that identifier. The minion id can be overridden via the minion's id configuration setting.
TIP:
minion id and minion keys
The minion id is used to generate the minion's public/private keys and if it ever changes the master
must then accept the new key as though the minion was a new host.
Globbing
The default matching that Salt utilizes is shell-style globbing around the minion id. This also works for
states in the top file.
NOTE:
You must wrap salt calls that use globbing in single-quotes to prevent the shell from expanding the
globs before Salt is invoked.
Match all minions:
salt '*' test.ping
Match all minions in the example.net domain or any of the example domains:
salt '*.example.net' test.ping
salt '*.example.*' test.ping
Match all the webN minions in the example.net domain (web1.example.net, web2.example.net …
webN.example.net):
salt 'web?.example.net' test.ping
Match the web1 through web5 minions:
salt 'web[1-5]' test.ping
Match the web1 and web3 minions:
salt 'web[1,3]' test.ping
Match the web-x, web-y, and web-z minions:
salt 'web-[x-z]' test.ping
NOTE:
For additional targeting methods please review the compound matchers documentation.
Regular Expressions
Minions can be matched using Perl-compatible regular expressions (which is globbing on steroids and a ton
of caffeine).
Match both web1-prod and web1-devel minions:
salt -E 'web1-(prod|devel)' test.ping
When using regular expressions in a State's top file, you must specify the matcher as the first option.
The following example executes the contents of webserver.sls on the above-mentioned minions.
base:
'web1-(prod|devel)':
- match: pcre
- webserver
Lists
At the most basic level, you can specify a flat list of minion IDs:
salt -L 'web1,web2,web3' test.ping
Targeting using Grains
Grain data can be used when targeting minions.
For example, the following matches all CentOS minions:
salt -G 'os:CentOS' test.ping
Match all minions with 64-bit CPUs, and return number of CPU cores for each matching minion:
salt -G 'cpuarch:x86_64' grains.item num_cpus
Additionally, globs can be used in grain matches, and grains that are nested in a dictionary can be
matched by adding a colon for each level that is traversed. For example, the following will match hosts
that have a grain called ec2_tags, which itself is a dict with a key named environment, which has a value
that contains the word production:
salt -G 'ec2_tags:environment:*production*'
IMPORTANT:
See Is Targeting using Grain Data Secure? for important security information.
Targeting using Pillar
Pillar data can be used when targeting minions. This allows for ultimate control and flexibility when
targeting minions.
NOTE:
To start using Pillar targeting it is required to make a Pillar data cache on Salt Master for each
Minion via following commands: salt '*' saltutil.refresh_pillar or salt '*' saltutil.sync_all. Also
Pillar data cache will be populated during the highstate run. Once Pillar data changes, you must
refresh the cache by running above commands for this targeting method to work correctly.
Example:
salt -I 'somekey:specialvalue' test.ping
Like with Grains, it is possible to use globbing as well as match nested values in Pillar, by adding
colons for each level that is being traversed. The below example would match minions with a pillar named
foo, which is a dict containing a key bar, with a value beginning with baz:
salt -I 'foo:bar:baz*' test.ping
Subnet/IP Address Matching
Minions can easily be matched based on IP address, or by subnet (using CIDR notation).
salt -S 192.168.40.20 test.ping
salt -S 2001:db8::/64 test.ping
Ipcidr matching can also be used in compound matches
salt -C 'S@10.0.0.0/24 and G@os:Debian' test.ping
It is also possible to use in both pillar and state-matching
'172.16.0.0/12':
- match: ipcidr
- internal
Compound matchers
Compound matchers allow very granular minion targeting using any of Salt's matchers. The default matcher
is a glob match, just as with CLI and top file matching. To match using anything other than a glob,
prefix the match string with the appropriate letter from the table below, followed by an @ sign.
┌────────┬───────────────────┬──────────────────────────────────────────┬────────────────┐
│ Letter │ Match Type │ Example │ Alt Delimiter? │
├────────┼───────────────────┼──────────────────────────────────────────┼────────────────┤
│ G │ Grains glob │ G@os:Ubuntu │ Yes │
├────────┼───────────────────┼──────────────────────────────────────────┼────────────────┤
│ E │ PCRE Minion ID │ E@web\d+\.(dev|qa|prod)\.loc │ No │
├────────┼───────────────────┼──────────────────────────────────────────┼────────────────┤
│ P │ Grains PCRE │ P@os:(RedHat|Fedora|CentOS) │ Yes │
├────────┼───────────────────┼──────────────────────────────────────────┼────────────────┤
│ L │ List of minions │ L@minion1.example.com,minion3.domain.com │ No │
│ │ │ or bl*.domain.com │ │
├────────┼───────────────────┼──────────────────────────────────────────┼────────────────┤
│ I │ Pillar glob │ I@pdata:foobar │ Yes │
├────────┼───────────────────┼──────────────────────────────────────────┼────────────────┤
│ J │ Pillar PCRE │ J@pdata:^(foo|bar)$ │ Yes │
├────────┼───────────────────┼──────────────────────────────────────────┼────────────────┤
│ S │ Subnet/IP address │ S@192.168.1.0/24 or S@192.168.1.100 │ No │
├────────┼───────────────────┼──────────────────────────────────────────┼────────────────┤
│ R │ Range cluster │ R@%foo.bar │ No │
└────────┴───────────────────┴──────────────────────────────────────────┴────────────────┘
Matchers can be joined using boolean and, or, and not operators.
For example, the following string matches all Debian minions with a hostname that begins with webserv, as
well as any minions that have a hostname which matches the regular expression web-dc1-srv.*:
salt -C 'webserv* and G@os:Debian or E@web-dc1-srv.*' test.ping
That same example expressed in a top file looks like the following:
base:
'webserv* and G@os:Debian or E@web-dc1-srv.*':
- match: compound
- webserver
New in version 2015.8.0.
Excluding a minion based on its ID is also possible:
salt -C 'not web-dc1-srv' test.ping
Versions prior to 2015.8.0 a leading not was not supported in compound matches. Instead, something like
the following was required:
salt -C '* and not G@kernel:Darwin' test.ping
Excluding a minion based on its ID was also possible:
salt -C '* and not web-dc1-srv' test.ping
Precedence Matching
Matchers can be grouped together with parentheses to explicitly declare precedence amongst groups.
salt -C '( ms-1 or G@id:ms-3 ) and G@id:ms-3' test.ping
NOTE:
Be certain to note that spaces are required between the parentheses and targets. Failing to obey this
rule may result in incorrect targeting!
Alternate Delimiters
New in version 2015.8.0.
Matchers that target based on a key value pair use a colon (:) as a delimiter. Matchers with a Yes in the
Alt Delimiters column in the previous table support specifying an alternate delimiter character.
This is done by specifying an alternate delimiter character between the leading matcher character and the
@ pattern separator character. This avoids incorrect interpretation of the pattern in the case that : is
part of the grain or pillar data structure traversal.
salt -C 'J|@foo|bar|^foo:bar$ or J!@gitrepo!https://github.com:example/project.git' test.ping
Node groups
Nodegroups are declared using a compound target specification. The compound target documentation can be
found here.
The nodegroups master config file parameter is used to define nodegroups. Here's an example nodegroup
configuration within /etc/salt/master:
nodegroups:
group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com or bl*.domain.com'
group2: 'G@os:Debian and foo.domain.com'
group3: 'G@os:Debian and N@group1'
group4:
- 'G@foo:bar'
- 'or'
- 'G@foo:baz'
NOTE:
The L within group1 is matching a list of minions, while the G in group2 is matching specific grains.
See the compound matchers documentation for more details.
As of the 2017.7.0 release of Salt, group names can also be prepended with a dash. This brings the
usage in line with many other areas of Salt. For example:
nodegroups:
- group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com or bl*.domain.com'
New in version 2015.8.0.
NOTE:
Nodegroups can reference other nodegroups as seen in group3. Ensure that you do not have circular
references. Circular references will be detected and cause partial expansion with a logged error
message.
New in version 2015.8.0.
Compound nodegroups can be either string values or lists of string values. When the nodegroup is A
string value will be tokenized by splitting on whitespace. This may be a problem if whitespace is
necessary as part of a pattern. When a nodegroup is a list of strings then tokenization will happen for
each list element as a whole.
To match a nodegroup on the CLI, use the -N command-line option:
salt -N group1 test.ping
NOTE:
The N@ classifier cannot be used in compound matches within the CLI or top file, it is only recognized
in the nodegroups master config file parameter.
To match a nodegroup in your top file, make sure to put - match: nodegroup on the line directly following
the nodegroup name.
base:
group1:
- match: nodegroup
- webserver
NOTE:
When adding or modifying nodegroups to a master configuration file, the master must be restarted for
those changes to be fully recognized.
A limited amount of functionality, such as targeting with -N from the command-line may be available
without a restart.
Defining Nodegroups as Lists of Minion IDs
A simple list of minion IDs would traditionally be defined like this:
nodegroups:
group1: L@host1,host2,host3
They can now also be defined as a YAML list, like this:
nodegroups:
group1:
- host1
- host2
- host3
New in version 2016.11.0.
Batch Size
The -b (or --batch-size) option allows commands to be executed on only a specified number of minions at a
time. Both percentages and finite numbers are supported.
salt '*' -b 10 test.ping
salt -G 'os:RedHat' --batch-size 25% apache.signal restart
This will only run test.ping on 10 of the targeted minions at a time and then restart apache on 25% of
the minions matching os:RedHat at a time and work through them all until the task is complete. This makes
jobs like rolling web server restarts behind a load balancer or doing maintenance on BSD firewalls using
carp much easier with salt.
The batch system maintains a window of running minions, so, if there are a total of 150 minions targeted
and the batch size is 10, then the command is sent to 10 minions, when one minion returns then the
command is sent to one additional minion, so that the job is constantly running on 10 minions.
New in version 2016.3.
The --batch-wait argument can be used to specify a number of seconds to wait after a minion returns,
before sending the command to a new minion.
SECO Range
SECO range is a cluster-based metadata store developed and maintained by Yahoo!
The Range project is hosted here:
https://github.com/ytoolshed/range
Learn more about range here:
https://github.com/ytoolshed/range/wiki/
Prerequisites
To utilize range support in Salt, a range server is required. Setting up a range server is outside the
scope of this document. Apache modules are included in the range distribution.
With a working range server, cluster files must be defined. These files are written in YAML and define
hosts contained inside a cluster. Full documentation on writing YAML range files is here:
https://github.com/ytoolshed/range/wiki/%22yamlfile%22-module-file-spec
Additionally, the Python seco range libraries must be installed on the salt master. One can verify that
they have been installed correctly via the following command:
python -c 'import seco.range'
If no errors are returned, range is installed successfully on the salt master.
Preparing Salt
Range support must be enabled on the salt master by setting the hostname and port of the range server
inside the master configuration file:
range_server: my.range.server.com:80
Following this, the master must be restarted for the change to have an effect.
Targeting with Range
Once a cluster has been defined, it can be targeted with a salt command by using the -R or --range flags.
For example, given the following range YAML file being served from a range server:
$ cat /etc/range/test.yaml
CLUSTER: host1..100.test.com
APPS:
- frontend
- backend
- mysql
One might target host1 through host100 in the test.com domain with Salt as follows:
salt --range %test:CLUSTER test.ping
The following salt command would target three hosts: frontend, backend, and mysql:
salt --range %test:APPS test.ping
The Salt Mine
The Salt Mine is used to collect arbitrary data from Minions and store it on the Master. This data is
then made available to all Minions via the salt.modules.mine module.
Mine data is gathered on the Minion and sent back to the Master where only the most recent data is
maintained (if long term data is required use returners or the external job cache).
Mine vs Grains
Mine data is designed to be much more up-to-date than grain data. Grains are refreshed on a very limited
basis and are largely static data. Mines are designed to replace slow peer publishing calls when Minions
need data from other Minions. Rather than having a Minion reach out to all the other Minions for a piece
of data, the Salt Mine, running on the Master, can collect it from all the Minions every Mine Interval,
resulting in almost fresh data at any given time, with much less overhead.
Mine Functions
To enable the Salt Mine the mine_functions option needs to be applied to a Minion. This option can be
applied via the Minion's configuration file, or the Minion's Pillar. The mine_functions option dictates
what functions are being executed and allows for arguments to be passed in. The list of functions are
available in the salt.module. If no arguments are passed, an empty list must be added like in the
test.ping function in the example below:
mine_functions:
test.ping: []
network.ip_addrs:
interface: eth0
cidr: '10.0.0.0/8'
In the example above salt.modules.network.ip_addrs has additional filters to help narrow down the
results. In the above example IP addresses are only returned if they are on a eth0 interface and in the
10.0.0.0/8 IP range.
Mine Functions Aliases
Function aliases can be used to provide friendly names, usage intentions or to allow multiple calls of
the same function with different arguments. There is a different syntax for passing positional and
key-value arguments. Mixing positional and key-value arguments is not supported.
New in version 2014.7.0.
mine_functions:
network.ip_addrs: [eth0]
networkplus.internal_ip_addrs: []
internal_ip_addrs:
mine_function: network.ip_addrs
cidr: 192.168.0.0/16
ip_list:
- mine_function: grains.get
- ip_interfaces
Mine Interval
The Salt Mine functions are executed when the Minion starts and at a given interval by the scheduler. The
default interval is every 60 minutes and can be adjusted for the Minion via the mine_interval option:
mine_interval: 60
Mine in Salt-SSH
As of the 2015.5.0 release of salt, salt-ssh supports mine.get.
Because the Minions cannot provide their own mine_functions configuration, we retrieve the args for
specified mine functions in one of three places, searched in the following order:
1. Roster data
2. Pillar
3. Master config
The mine_functions are formatted exactly the same as in normal salt, just stored in a different location.
Here is an example of a flat roster containing mine_functions:
test:
host: 104.237.131.248
user: root
mine_functions:
cmd.run: ['echo "hello!"']
network.ip_addrs:
interface: eth0
NOTE:
Because of the differences in the architecture of salt-ssh, mine.get calls are somewhat inefficient.
Salt must make a new salt-ssh call to each of the Minions in question to retrieve the requested data,
much like a publish call. However, unlike publish, it must run the requested function as a wrapper
function, so we can retrieve the function args from the pillar of the Minion in question. This results
in a non-trivial delay in retrieving the requested data.
Minions Targeting with Mine
The mine.get function supports various methods of Minions targeting to fetch Mine data from particular
hosts, such as glob or regular expression matching on Minion id (name), grains, pillars and compound
matches. See the salt.modules.mine module documentation for the reference.
NOTE:
Pillar data needs to be cached on Master for pillar targeting to work with Mine. Read the note in
relevant section.
Example
One way to use data from Salt Mine is in a State. The values can be retrieved via Jinja and used in the
SLS file. The following example is a partial HAProxy configuration file and pulls IP addresses from all
Minions with the "web" grain to add them to the pool of load balanced servers.
/srv/pillar/top.sls:
base:
'G@roles:web':
- web
/srv/pillar/web.sls:
mine_functions:
network.ip_addrs: [eth0]
Then trigger the minions to refresh their pillar data by running:
salt '*' saltutil.refresh_pillar
Verify that the results are showing up in the pillar on the minions by executing the following and
checking for network.ip_addrs in the output:
salt '*' pillar.items
Which should show that the function is present on the minion, but not include the output:
minion1.example.com:
----------
mine_functions:
----------
network.ip_addrs:
- eth0
Mine data is typically only updated on the master every 60 minutes, this can be modified by setting:
/etc/salt/minion.d/mine.conf:
mine_interval: 5
To force the mine data to update immediately run:
salt '*' mine.update
Setup the salt.states.file.managed state in /srv/salt/haproxy.sls:
haproxy_config:
file.managed:
- name: /etc/haproxy/config
- source: salt://haproxy_config
- template: jinja
Create the Jinja template in /srv/salt/haproxy_config:
<...file contents snipped...>
{% for server, addrs in salt['mine.get']('roles:web', 'network.ip_addrs', tgt_type='grain') | dictsort() %}
server {{ server }} {{ addrs[0] }}:80 check
{% endfor %}
<...file contents snipped...>
In the above example, server will be expanded to the minion_id.
NOTE:
The expr_form argument will be renamed to tgt_type in the 2017.7.0 release of Salt.
Runners
Salt runners are convenience applications executed with the salt-run command.
Salt runners work similarly to Salt execution modules however they execute on the Salt master itself
instead of remote Salt minions.
A Salt runner can be a simple client call or a complex application.
SEE ALSO:
The full list of runners
Writing Salt Runners
A Salt runner is written in a similar manner to a Salt execution module. Both are Python modules which
contain functions and each public function is a runner which may be executed via the salt-run command.
For example, if a Python module named test.py is created in the runners directory and contains a function
called foo, the test runner could be invoked with the following command:
# salt-run test.foo
Runners have several options for controlling output.
Any print statement in a runner is automatically also fired onto the master event bus where. For example:
def a_runner(outputter=None, display_progress=False):
print('Hello world')
...
The above would result in an event fired as follows:
Event fired at Tue Jan 13 15:26:45 2015
*************************
Tag: salt/run/20150113152644070246/print
Data:
{'_stamp': '2015-01-13T15:26:45.078707',
'data': 'hello',
'outputter': 'pprint'}
A runner may also send a progress event, which is displayed to the user during runner execution and is
also passed across the event bus if the display_progress argument to a runner is set to True.
A custom runner may send its own progress event by using the __jid_event_.fire_event() method as shown
here:
if display_progress:
__jid_event__.fire_event({'message': 'A progress message'}, 'progress')
The above would produce output on the console reading: A progress message as well as an event on the
event similar to:
Event fired at Tue Jan 13 15:21:20 2015
*************************
Tag: salt/run/20150113152118341421/progress
Data:
{'_stamp': '2015-01-13T15:21:20.390053',
'message': "A progress message"}
A runner could use the same approach to send an event with a customized tag onto the event bus by
replacing the second argument (progress) with whatever tag is desired. However, this will not be shown on
the command-line and will only be fired onto the event bus.
Synchronous vs. Asynchronous
A runner may be fired asynchronously which will immediately return control. In this case, no output will
be display to the user if salt-run is being used from the command-line. If used programmatically, no
results will be returned. If results are desired, they must be gathered either by firing events on the
bus from the runner and then watching for them or by some other means.
NOTE:
When running a runner in asynchronous mode, the --progress flag will not deliver output to the
salt-run CLI. However, progress events will still be fired on the bus.
In synchronous mode, which is the default, control will not be returned until the runner has finished
executing.
To add custom runners, put them in a directory and add it to runner_dirs in the master configuration
file.
Examples
Examples of runners can be found in the Salt distribution:
https://github.com/saltstack/salt/blob/develop/salt/runners
A simple runner that returns a well-formatted list of the minions that are responding to Salt calls could
look like this:
# Import salt modules
import salt.client
def up():
'''
Print a list of all of the minions that are up
'''
client = salt.client.LocalClient(__opts__['conf_file'])
minions = client.cmd('*', 'test.ping', timeout=1)
for minion in sorted(minions):
print minion
Salt Engines
New in version 2015.8.0.
Salt Engines are long-running, external system processes that leverage Salt.
• Engines have access to Salt configuration, execution modules, and runners (__opts__, __salt__, and
__runners__).
• Engines are executed in a separate process that is monitored by Salt. If a Salt engine stops, it is
restarted automatically.
• Engines can run on the Salt master and on Salt minions.
Salt engines enhance and replace the external processes functionality.
Configuration
Salt engines are configured under an engines top-level section in your Salt master or Salt minion
configuration. Provide a list of engines and parameters under this section.
engines:
- logstash:
host: log.my_network.com
port: 5959
proto: tcp
Salt engines must be in the Salt path, or you can add the engines_dirs option in your Salt master
configuration with a list of directories under which Salt attempts to find Salt engines. This option
should be formatted as a list of directories to search, such as:
engines_dirs:
- /home/bob/engines
Writing an Engine
An example Salt engine, https://github.com/saltstack/salt/blob/develop/salt/engines/test.py, is available
in the Salt source. To develop an engine, the only requirement is that your module implement the start()
function.
Understanding YAML
The default renderer for SLS files is the YAML renderer. YAML is a markup language with many powerful
features. However, Salt uses a small subset of YAML that maps over very commonly used data structures,
like lists and dictionaries. It is the job of the YAML renderer to take the YAML data structure and
compile it into a Python data structure for use by Salt.
Though YAML syntax may seem daunting and terse at first, there are only three very simple rules to
remember when writing YAML for SLS files.
Rule One: Indentation
YAML uses a fixed indentation scheme to represent relationships between data layers. Salt requires that
the indentation for each level consists of exactly two spaces. Do not use tabs.
Rule Two: Colons
Python dictionaries are, of course, simply key-value pairs. Users from other languages may recognize this
data type as hashes or associative arrays.
Dictionary keys are represented in YAML as strings terminated by a trailing colon. Values are represented
by either a string following the colon, separated by a space:
my_key: my_value
In Python, the above maps to:
{'my_key': 'my_value'}
Alternatively, a value can be associated with a key through indentation.
my_key:
my_value
NOTE:
The above syntax is valid YAML but is uncommon in SLS files because most often, the value for a key is
not singular but instead is a list of values.
In Python, the above maps to:
{'my_key': 'my_value'}
Dictionaries can be nested:
first_level_dict_key:
second_level_dict_key: value_in_second_level_dict
And in Python:
{
'first_level_dict_key': {
'second_level_dict_key': 'value_in_second_level_dict'
}
}
Rule Three: Dashes
To represent lists of items, a single dash followed by a space is used. Multiple items are a part of the
same list as a function of their having the same level of indentation.
- list_value_one
- list_value_two
- list_value_three
Lists can be the value of a key-value pair. This is quite common in Salt:
my_dictionary:
- list_value_one
- list_value_two
- list_value_three
In Python, the above maps to:
{'my_dictionary': ['list_value_one', 'list_value_two', 'list_value_three']}
Learning More
One easy way to learn more about how YAML gets rendered into Python data structures is to use an online
YAML parser to see the Python output.
One excellent choice for experimenting with YAML parsing is: http://yaml-online-parser.appspot.com/
Templating
Jinja statements and expressions are allowed by default in SLS files. See Understanding Jinja.
Understanding Jinja
Jinja is the default templating language in SLS files.
Jinja in States
Jinja is evaluated before YAML, which means it is evaluated before the States are run.
The most basic usage of Jinja in state files is using control structures to wrap conditional or redundant
state elements:
{% if grains['os'] != 'FreeBSD' %}
tcsh:
pkg:
- installed
{% endif %}
motd:
file.managed:
{% if grains['os'] == 'FreeBSD' %}
- name: /etc/motd
{% elif grains['os'] == 'Debian' %}
- name: /etc/motd.tail
{% endif %}
- source: salt://motd
In this example, the first if block will only be evaluated on minions that aren't running FreeBSD, and
the second block changes the file name based on the os grain.
Writing if-else blocks can lead to very redundant state files however. In this case, using pillars, or
using a previously defined variable might be easier:
{% set motd = ['/etc/motd'] %}
{% if grains['os'] == 'Debian' %}
{% set motd = ['/etc/motd.tail', '/var/run/motd'] %}
{% endif %}
{% for motdfile in motd %}
{{ motdfile }}:
file.managed:
- source: salt://motd
{% endfor %}
Using a variable set by the template, the for loop will iterate over the list of MOTD files to update,
adding a state block for each file.
The filter_by function can also be used to set variables based on grains:
{% set auditd = salt['grains.filter_by']({
'RedHat': { 'package': 'audit' },
'Debian': { 'package': 'auditd' },
}) %}
Include and Import
Includes and imports can be used to share common, reusable state configuration between state files and
between files.
{% from 'lib.sls' import test %}
This would import the test template variable or macro, not the test state element, from the file lib.sls.
In the case that the included file performs checks against grains, or something else that requires
context, passing the context into the included file is required:
{% from 'lib.sls' import test with context %}
Including Context During Include/Import
By adding with context to the include/import directive, the current context can be passed to an
included/imported template.
{% import 'openssl/vars.sls' as ssl with context %}
Macros
Macros are helpful for eliminating redundant code. Macros are most useful as mini-templates to repeat
blocks of strings with a few parameterized variables. Be aware that stripping whitespace from the
template block, as well as contained blocks, may be necessary to emulate a variable return from the
macro.
# init.sls
{% from 'lib.sls' import pythonpkg with context %}
python-virtualenv:
pkg.installed:
- name: {{ pythonpkg('virtualenv') }}
python-fabric:
pkg.installed:
- name: {{ pythonpkg('fabric') }}
# lib.sls
{% macro pythonpkg(pkg) -%}
{%- if grains['os'] == 'FreeBSD' -%}
py27-{{ pkg }}
{%- elif grains['os'] == 'Debian' -%}
python-{{ pkg }}
{%- endif -%}
{%- endmacro %}
This would define a macro that would return a string of the full package name, depending on the packaging
system's naming convention. The whitespace of the macro was eliminated, so that the macro would return a
string without line breaks, using whitespace control.
Template Inheritance
Template inheritance works fine from state files and files. The search path starts at the root of the
state tree or pillar.
Filters
Saltstack extends builtin filters with these custom filters:
strftime
Converts any time related object into a time based string. It requires a valid strftime directives. An
exhaustive list can be found in the official Python documentation.
{% set curtime = None | strftime() %}
Fuzzy dates require the timelib Python module is installed.
{{ "2002/12/25"|strftime("%y") }}
{{ "1040814000"|strftime("%Y-%m-%d") }}
{{ datetime|strftime("%u") }}
{{ "tomorrow"|strftime }}
sequence
Ensure that parsed data is a sequence.
yaml_encode
Serializes a single object into a YAML scalar with any necessary handling for escaping special
characters. This will work for any scalar YAML data type: ints, floats, timestamps, booleans, strings,
unicode. It will not work for multi-objects such as sequences or maps.
{%- set bar = 7 %}
{%- set baz = none %}
{%- set zip = true %}
{%- set zap = 'The word of the day is "salty"' %}
{%- load_yaml as foo %}
bar: {{ bar|yaml_encode }}
baz: {{ baz|yaml_encode }}
baz: {{ zip|yaml_encode }}
baz: {{ zap|yaml_encode }}
{%- endload %}
In the above case {{ bar }} and {{ foo.bar }} should be identical and {{ baz }} and {{ foo.baz }} should
be identical.
yaml_dquote
Serializes a string into a properly-escaped YAML double-quoted string. This is useful when the contents
of a string are unknown and may contain quotes or unicode that needs to be preserved. The resulting
string will be emitted with opening and closing double quotes.
{%- set bar = '"The quick brown fox . . ."' %}
{%- set baz = 'The word of the day is "salty".' %}
{%- load_yaml as foo %}
bar: {{ bar|yaml_dquote }}
baz: {{ baz|yaml_dquote }}
{%- endload %}
In the above case {{ bar }} and {{ foo.bar }} should be identical and {{ baz }} and {{ foo.baz }} should
be identical. If variable contents are not guaranteed to be a string then it is better to use
yaml_encode which handles all YAML scalar types.
yaml_squote
Similar to the yaml_dquote filter but with single quotes. Note that YAML only allows special escapes
inside double quotes so yaml_squote is not nearly as useful (viz. you likely want to use yaml_encode or
yaml_dquote).
to_bool
New in version 2017.7.0.
Returns the logical value of an element.
Example:
{{ 'yes' | to_bool }}
{{ 'true' | to_bool }}
{{ 1 | to_bool }}
{{ 'no' | to_bool }}
Will be rendered as:
True
True
True
False
exactly_n_true
New in version 2017.7.0.
Tests that exactly N items in an iterable are "truthy" (neither None, False, nor 0).
Example:
{{ ['yes', 0, False, 'True'] | exactly_n_true(2) }}
Returns:
True
exactly_one_true
New in version 2017.7.0.
Tests that exactly one item in an iterable is "truthy" (neither None, False, nor 0).
Example:
{{ ['yes', False, 0, None] | exactly_one_true }}
Returns:
True
quote
New in version 2017.7.0.
This text will be wrapped in quotes.
regex_search
New in version 2017.7.0.
Scan through string looking for a location where this regular expression produces a match. Returns None
in case there were no matches found
Example:
{{ 'abcdefabcdef' | regex_search('BC(.*)', ignorecase=True) }}
Returns:
('defabcdef',)
regex_match
New in version 2017.7.0.
If zero or more characters at the beginning of string match this regular expression, otherwise returns
None.
Example:
{{ 'abcdefabcdef' | regex_match('BC(.*)', ignorecase=True) }}
Returns:
None
uuid
New in version 2017.7.0.
Return a UUID.
Example:
{{ 'random' | uuid }}
Returns:
3652b285-26ad-588e-a5dc-c2ee65edc804
is_list
New in version 2017.7.0.
Return if an object is list.
Example:
{{ [1, 2, 3] | is_list }}
Returns:
True
is_iter
New in version 2017.7.0.
Return if an object is iterable.
Example:
{{ [1, 2, 3] | is_iter }}
Returns:
True
min
New in version 2017.7.0.
Return the minimum value from a list.
Example:
{{ [1, 2, 3] | min }}
Returns:
1
max
New in version 2017.7.0.
Returns the maximum value from a list.
Example:
{{ [1, 2, 3] | max }}
Returns:
3
avg
New in version 2017.7.0.
Returns the average value of the elements of a list
Example:
{{ [1, 2, 3] | avg }}
Returns:
2
union
New in version 2017.7.0.
Return the union of two lists.
Example:
{{ [1, 2, 3] | union([2, 3, 4]) | join(', ') }}
Returns:
1, 2, 3, 4
intersect
New in version 2017.7.0.
Return the intersection of two lists.
Example:
{{ [1, 2, 3] | intersect([2, 3, 4]) | join(', ') }}
Returns:
2, 3
difference
New in version 2017.7.0.
Return the difference of two lists.
Example:
{{ [1, 2, 3] | difference([2, 3, 4]) | join(', ') }}
Returns:
1
symmetric_difference
New in version 2017.7.0.
Return the symmetric difference of two lists.
Example:
{{ [1, 2, 3] | symmetric_difference([2, 3, 4]) | join(', ') }}
Returns:
1, 4
is_sorted
New in version 2017.7.0.
Return is an iterable object is already sorted.
Example:
{{ [1, 2, 3] | is_sorted }}
Returns:
True
compare_lists
New in version 2017.7.0.
Compare two lists and return a dictionary with the changes.
Example:
{{ [1, 2, 3] | compare_lists([1, 2, 4]) }}
Returns:
{'new': 4, 'old': 3}
compare_dicts
New in version 2017.7.0.
Compare two dictionaries and return a dictionary with the changes.
Example:
{{ {'a': 'b'} | compare_lists({'a': 'c'}) }}
Returns:
{'a': {'new': 'c', 'old': 'b'}}
is_hex
New in version 2017.7.0.
Return True if the value is hexazecimal.
Example:
{{ '0xabcd' | is_hex }}
{{ 'xyzt' | is_hex }}
Returns:
True
False
contains_whitespace
New in version 2017.7.0.
Return True if a text contains whitespaces.
Example:
{{ 'abcd' | contains_whitespace }}
{{ 'ab cd' | contains_whitespace }}
Returns:
False
True
substring_in_list
New in version 2017.7.0.
Return is a substring is found in a list of string values.
Example:
{{ 'abcd' | substring_in_list(['this', 'is', 'an abcd example']) }}
Returns:
True
check_whitelist_blacklist
New in version 2017.7.0.
Check a whitelist and/or blacklist to see if the value matches it.
This filter can be used with either a whitelist or a blacklist individually, or a whitelist and a
blacklist can be passed simultaneously.
If whitelist is used alone, value membership is checked against the whitelist only. If the value is
found, the function returns True. Otherwise, it returns False.
If blacklist is used alone, value membership is checked against the blacklist only. If the value is
found, the function returns False. Otherwise, it returns True.
If both a whitelist and a blacklist are provided, value membership in the blacklist will be examined
first. If the value is not found in the blacklist, then the whitelist is checked. If the value isn't
found in the whitelist, the function returns False.
Whitelist Example:
{{ 5 | check_whitelist_blacklist(whitelist=[5, 6, 7]) }}
Returns:
True
Blacklist Example:
{{ 5 | check_whitelist_blacklist(blacklist=[5, 6, 7]) }}
False
date_format
New in version 2017.7.0.
Converts unix timestamp into human-readable string.
Example:
{{ 1457456400 | date_format }}
{{ 1457456400 | date_format('%d.%m.%Y %H:%M') }}
Returns:
2017-03-08
08.03.2017 17:00
str_to_num
New in version 2017.7.0.
Converts a string to its numerical value.
Example:
{{ '5' | str_to_num }}
Returns:
5
to_bytes
New in version 2017.7.0.
Converts string-type object to bytes.
Example:
{{ 'wall of text' | to_bytes }}
NOTE:
This option may have adverse effects when using the default renderer, yaml_jinja. This is due to the
fact that YAML requires proper handling in regard to special characters. Please see the section on
YAML ASCII support in the YAML Idiosyncracies documentation for more information.
json_decode_list
New in version 2017.7.0.
JSON decodes as unicode, Jinja needs bytes.
Example:
{{ [1, 2, 3] | json_decode_list }}
Returns:
[1, 2, 3]
json_decode_dict
New in version 2017.7.0.
JSON decodes as unicode, Jinja needs bytes.
Example:
{{ {'a': 'b'} | json_decode_dict }}
Returns:
{'a': 'b'}
rand_str
New in version 2017.7.0.
New in version Oxygen: Renamed from rand_str to random_hash to more accurately describe what the filter
does.
Generates a random number between 1 and the number passed to the filter, and then hashes it. The default
hash type is the one specified by the minion's hash_type config option, but an alternate hash type can be
passed to the filter as an argument.
Example:
{% set num_range = 99999999 %}
{{ num_range | rand_str }}
{{ num_range | rand_str('sha512') }}
Returns:
43ec517d68b6edd3015b3edc9a11367b
d94a45acd81f8e3107d237dbc0d5d195f6a52a0d188bc0284c0763ece1eac9f9496fb6a531a296074c87b3540398dace1222b42e150e67c9301383fde3d66ae5
md5
New in version 2017.7.0.
Return the md5 digest of a string.
Example:
{{ 'random' | md5 }}
Returns:
7ddf32e17a6ac5ce04a8ecbf782ca509
sha256
New in version 2017.7.0.
Return the sha256 digest of a string.
Example:
{{ 'random' | sha256 }}
Returns:
a441b15fe9a3cf56661190a0b93b9dec7d04127288cc87250967cf3b52894d11
sha512
New in version 2017.7.0.
Return the sha512 digest of a string.
Example:
{{ 'random' | sha512 }}
Returns:
811a90e1c8e86c7b4c0eef5b2c0bf0ec1b19c4b1b5a242e6455be93787cb473cb7bc9b0fdeb960d00d5c6881c2094dd63c5c900ce9057255e2a4e271fc25fef1
base64_encode
New in version 2017.7.0.
Encode a string as base64.
Example:
{{ 'random' | base64_encode }}
Returns:
cmFuZG9t
base64_decode
New in version 2017.7.0.
Decode a base64-encoded string.
{{ 'Z2V0IHNhbHRlZA==' | base64_decode }}
Returns:
get salted
hmac
New in version 2017.7.0.
Verify a challenging hmac signature against a string / shared-secret. Returns a boolean value.
Example:
{{ 'get salted' | hmac('shared secret', 'eBWf9bstXg+NiP5AOwppB5HMvZiYMPzEM9W5YMm/AmQ=') }}
Returns:
True
http_query
New in version 2017.7.0.
Return the HTTP reply object from a URL.
Example:
{{ 'http://jsonplaceholder.typicode.com/posts/1' | http_query }}
Returns:
{
'body': '{
"userId": 1,
"id": 1,
"title": "sunt aut facere repellat provident occaecati excepturi optio reprehenderit",
"body": "quia et suscipit\\nsuscipit recusandae consequuntur expedita et cum\\nreprehenderit molestiae ut ut quas totam\\nnostrum rerum est autem sunt rem eveniet architecto"
}'
}
Networking Filters
The following networking-related filters are supported:
is_ip
New in version 2017.7.0.
Return if a string is a valid IP Address.
{{ '192.168.0.1' | is_ip }}
Additionally accepts the following options:
• global
• link-local
• loopback
• multicast
• private
• public
• reserved
• site-local
• unspecified
Example - test if a string is a valid loopback IP address.
{{ '192.168.0.1' | is_ip(options='loopback') }}
is_ipv4
New in version 2017.7.0.
Returns if a string is a valid IPv4 address. Supports the same options as is_ip.
{{ '192.168.0.1' | is_ipv4 }}
is_ipv6
New in version 2017.7.0.
Returns if a string is a valid IPv6 address. Supports the same options as is_ip.
{{ 'fe80::' | is_ipv6 }}
ipaddr
New in version 2017.7.0.
From a list, returns only valid IP entries. Supports the same options as is_ip. The list can contains
also IP interfaces/networks.
Example:
{{ ['192.168.0.1', 'foo', 'bar', 'fe80::'] | ipaddr }}
Returns:
['192.168.0.1', 'fe80::']
ipv4
New in version 2017.7.0.
From a list, returns only valid IPv4 entries. Supports the same options as is_ip. The list can contains
also IP interfaces/networks.
Example:
{{ ['192.168.0.1', 'foo', 'bar', 'fe80::'] | ipv4 }}
Returns:
['192.168.0.1']
ipv6
New in version 2017.7.0.
From a list, returns only valid IPv6 entries. Supports the same options as is_ip. The list can contains
also IP interfaces/networks.
Example:
{{ ['192.168.0.1', 'foo', 'bar', 'fe80::'] | ipv6 }}
Returns:
['fe80::']
network_hosts
New in version 2017.7.0.
Return the list of hosts within a networks. This utility works for both IPv4 and IPv6.
NOTE:
When running this command with a large IPv6 network, the command will take a long time to gather all
of the hosts.
Example:
{{ '192.168.0.1/30' | network_hosts }}
Returns:
['192.168.0.1', '192.168.0.2']
network_size
New in version 2017.7.0.
Return the size of the network. This utility works for both IPv4 and IPv6.
Example:
{{ '192.168.0.1/8' | network_size }}
Returns:
16777216
gen_mac
New in version 2017.7.0.
Generates a MAC address with the defined OUI prefix.
Common prefixes:
• 00:16:3E -- Xen
• 00:18:51 -- OpenVZ
• 00:50:56 -- VMware (manually generated)
• 52:54:00 -- QEMU/KVM
• AC:DE:48 -- PRIVATE
Example:
{{ '00:50' | gen_mac }}
Returns:
00:50:71:52:1C
mac_str_to_bytes
New in version 2017.7.0.
Converts a string representing a valid MAC address to bytes.
Example:
{{ '00:11:22:33:44:55' | mac_str_to_bytes }}
NOTE:
This option may have adverse effects when using the default renderer, yaml_jinja. This is due to the
fact that YAML requires proper handling in regard to special characters. Please see the section on
YAML ASCII support in the YAML Idiosyncracies documentation for more information.
dns_check
New in version 2017.7.0.
Return the ip resolved by dns, but do not exit on failure, only raise an exception. Obeys system
preference for IPv4/6 address resolution.
Example:
{{ 'www.google.com' | dns_check }}
Returns:
'172.217.3.196'
File filters
is_text_file
New in version 2017.7.0.
Return if a file is text.
Uses heuristics to guess whether the given file is text or binary, by reading a single block of bytes
from the file. If more than 30% of the chars in the block are non-text, or there are NUL ('x00') bytes
in the block, assume this is a binary file.
Example:
{{ '/etc/salt/master' | is_text_file }}
Returns:
True
is_binary_file
New in version 2017.7.0.
Return if a file is binary.
Detects if the file is a binary, returns bool. Returns True if the file is a bin, False if the file is
not and None if the file is not available.
Example:
{{ '/etc/salt/master' | is_binary_file }}
Returns:
False
is_empty_file
New in version 2017.7.0.
Return if a file is empty.
Example:
{{ '/etc/salt/master' | is_empty_file }}
Returns:
False
file_hashsum
New in version 2017.7.0.
Return the hashsum of a file.
Example:
{{ '/etc/salt/master' | file_hashsum }}
Returns:
02d4ef135514934759634f10079653252c7ad594ea97bd385480c532bca0fdda
list_files
New in version 2017.7.0.
Return a recursive list of files under a specific path.
Example:
{{ '/etc/salt/' | list_files | join('\n') }}
Returns:
/etc/salt/master
/etc/salt/proxy
/etc/salt/minion
/etc/salt/pillar/top.sls
/etc/salt/pillar/device1.sls
path_join
New in version 2017.7.0.
Joins absolute paths.
Example:
{{ '/etc/salt/' | path_join('pillar', 'device1.sls') }}
Returns:
/etc/salt/pillar/device1.sls
which
New in version 2017.7.0.
Python clone of /usr/bin/which.
Example:
{{ 'salt-master' | which }}
Returns:
/usr/local/salt/virtualenv/bin/salt-master
Escape filters
regex_escape
New in version 2017.7.0.
Allows escaping of strings so they can be interpreted literally by another function.
Example:
regex_escape = {{ 'https://example.com?foo=bar%20baz' | regex_escape }}
will be rendered as:
regex_escape = https\:\/\/example\.com\?foo\=bar\%20baz
Set Theory Filters
unique
New in version 2017.7.0.
Performs set math using Jinja filters.
Example:
unique = {{ ['foo', 'foo', 'bar'] | unique }}
will be rendered as:
unique = ['foo', 'bar']
Jinja in Files
Jinja_
can be used in the same way in managed files:
# redis.sls
/etc/redis/redis.conf:
file.managed:
- source: salt://redis.conf
- template: jinja
- context:
bind: 127.0.0.1
# lib.sls
{% set port = 6379 %}
# redis.conf
{% from 'lib.sls' import port with context %}
port {{ port }}
bind {{ bind }}
As an example, configuration was pulled from the file context and from an external template file.
NOTE:
Macros and variables can be shared across templates. They should not be starting with one or more
underscores, and should be managed by one of the following tags: macro, set, load_yaml, load_json,
import_yaml and import_json.
Escaping Jinja
Occasionally, it may be necessary to escape Jinja syntax. There are two ways to do this in Jinja. One is
escaping individual variables or strings and the other is to escape entire blocks.
To escape a string commonly used in Jinja syntax such as {{, you can use the following syntax:
{{ '{{' }}
For larger blocks that contain Jinja syntax that needs to be escaped, you can use raw blocks:
{% raw %}
some text that contains jinja characters that need to be escaped
{% endraw %}
See the Escaping section of Jinja's documentation to learn more.
A real-word example of needing to use raw tags to escape a larger block of code is when using
file.managed with the contents_pillar option to manage files that contain something like consul-template,
which shares a syntax subset with Jinja. Raw blocks are necessary here because the Jinja in the pillar
would be rendered before the file.managed is ever called, so the Jinja syntax must be escaped:
{% raw %}
- contents_pillar: |
job "example-job" {
<snipped>
task "example" {
driver = "docker"
config {
image = "docker-registry.service.consul:5000/example-job:{{key "nomad/jobs/example-job/version"}}"
<snipped>
{% endraw %}
Calling Salt Functions
The Jinja renderer provides a shorthand lookup syntax for the salt dictionary of execution function.
New in version 2014.7.0.
# The following two function calls are equivalent.
{{ salt['cmd.run']('whoami') }}
{{ salt.cmd.run('whoami') }}
Debugging
The show_full_context function can be used to output all variables present in the current Jinja context.
New in version 2014.7.0.
Context is: {{ show_full_context() }}
Logs
New in version 2017.7.0.
Yes, in Salt, one is able to debug a complex Jinja template using the logs. For example, making the
call:
{%- do salt.log.error('testing jinja logging') -%}
Will insert the following message in the minion logs:
2017-02-01 01:24:40,728 [salt.module.logmod][ERROR ][3779] testing jinja logging
Custom Execution Modules
Custom execution modules can be used to supplement or replace complex Jinja. Many tasks that require
complex looping and logic are trivial when using Python in a Salt execution module. Salt execution
modules are easy to write and distribute to Salt minions.
Functions in custom execution modules are available in the Salt execution module dictionary just like the
built-in execution modules:
{{ salt['my_custom_module.my_custom_function']() }}
• How to Convert Jinja Logic to an Execution Module
• Writing Execution Modules
Custom Jinja filters
Given that all execution modules are available in the Jinja template, one can easily define a custom
module as in the previous paragraph and use it as a Jinja filter. However, please note that it will not
be accessible through the pipe.
For example, instead of:
{{ my_variable | my_jinja_filter }}
The user will need to define my_jinja_filter function under an extension module, say my_filters and use
as:
{{ salt.my_filters.my_jinja_filter(my_variable) }}
The greatest benefit is that you are able to access thousands of existing functions, e.g.:
• get the DNS AAAA records for a specific address using the dnsutil:
{{ salt.dnsutil.AAAA('www.google.com') }}
• retrieve a specific field value from a Redis hash:
{{ salt.redis.hget('foo_hash', 'bar_field') }}
• get the routes to 0.0.0.0/0 using the NAPALM route:
{{ salt.route.show('0.0.0.0/0') }}
Tutorials Index
• Salt as a Cloud Controller
• Using Cron with Salt
• Automatic Updates / Frozen Deployments
• ESXi Proxy Minion
• Opening the Firewall up for Salt
• Git Fileserver Backend Walkthrough
• Halite
• HTTP Modules
• Using Salt at Scale
• LXC Management with Salt
• MinionFS Backend Walkthrough
• Remote Execution Tutorial
• Multi-Master-PKI Tutorial With Failover
• Multi Master Tutorial
• Pillar Walkthrough
• Packaging External Modules for Salt
• Salt Masterless Quickstart
• running salt as normal user tutorial
• Salt Bootstrap
• Standalone Minion
• How Do I Use Salt States?
• States tutorial, part 1 - Basic Usage
• States tutorial, part 2 - More Complex States, Requisites
• States tutorial, part 3 - Templating, Includes, Extends
• States tutorial, part 4
• How to Convert Jinja Logic to an Execution Module
• Using Salt with Stormpath
• Syslog-ng usage
• The macOS (Maverick) Developer Step By Step Guide To Salt Installation
• SaltStack Walk-through
• Writing Salt Tests
• Running Salt States and Commands in Docker Containers
• Preseed Minion with Accepted Key
Troubleshooting
The intent of the troubleshooting section is to introduce solutions to a number of common issues
encountered by users and the tools that are available to aid in developing States and Salt code.
Troubleshooting the Salt Master
If your Salt master is having issues such as minions not returning data, slow execution times, or a
variety of other issues, the following links contain details on troubleshooting the most common issues
encountered:
Troubleshooting the Salt Master
Running in the Foreground
A great deal of information is available via the debug logging system, if you are having issues with
minions connecting or not starting run the master in the foreground:
# salt-master -l debug
Anyone wanting to run Salt daemons via a process supervisor such as monit, runit, or supervisord, should
omit the -d argument to the daemons and run them in the foreground.
What Ports does the Master Need Open?
For the master, TCP ports 4505 and 4506 need to be open. If you've put both your Salt master and minion
in debug mode and don't see an acknowledgment that your minion has connected, it could very well be a
firewall interfering with the connection. See our firewall configuration page for help opening the
firewall on various platforms.
If you've opened the correct TCP ports and still aren't seeing connections, check that no additional
access control system such as SELinux or AppArmor is blocking Salt.
Too many open files
The salt-master needs at least 2 sockets per host that connects to it, one for the Publisher and one for
response port. Thus, large installations may, upon scaling up the number of minions accessing a given
master, encounter:
12:45:29,289 [salt.master ][INFO ] Starting Salt worker process 38
Too many open files
sock != -1 (tcp_listener.cpp:335)
The solution to this would be to check the number of files allowed to be opened by the user running
salt-master (root by default):
[root@salt-master ~]# ulimit -n
1024
If this value is not equal to at least twice the number of minions, then it will need to be raised. For
example, in an environment with 1800 minions, the nofile limit should be set to no less than 3600. This
can be done by creating the file /etc/security/limits.d/99-salt.conf, with the following contents:
root hard nofile 4096
root soft nofile 4096
Replace root with the user under which the master runs, if different.
If your master does not have an /etc/security/limits.d directory, the lines can simply be appended to
/etc/security/limits.conf.
As with any change to resource limits, it is best to stay logged into your current shell and open another
shell to run ulimit -n again and verify that the changes were applied correctly. Additionally, if your
master is running upstart, it may be necessary to specify the nofile limit in /etc/default/salt-master if
upstart isn't respecting your resource limits:
limit nofile 4096 4096
NOTE:
The above is simply an example of how to set these values, and you may wish to increase them even
further if your Salt master is doing more than just running Salt.
Salt Master Stops Responding
There are known bugs with ZeroMQ versions less than 2.1.11 which can cause the Salt master to not respond
properly. If you're running a ZeroMQ version greater than or equal to 2.1.9, you can work around the bug
by setting the sysctls net.core.rmem_max and net.core.wmem_max to 16777216. Next, set the third field in
net.ipv4.tcp_rmem and net.ipv4.tcp_wmem to at least 16777216.
You can do it manually with something like:
# echo 16777216 > /proc/sys/net/core/rmem_max
# echo 16777216 > /proc/sys/net/core/wmem_max
# echo "4096 87380 16777216" > /proc/sys/net/ipv4/tcp_rmem
# echo "4096 87380 16777216" > /proc/sys/net/ipv4/tcp_wmem
Or with the following Salt state:
net.core.rmem_max:
sysctl:
- present
- value: 16777216
net.core.wmem_max:
sysctl:
- present
- value: 16777216
net.ipv4.tcp_rmem:
sysctl:
- present
- value: 4096 87380 16777216
net.ipv4.tcp_wmem:
sysctl:
- present
- value: 4096 87380 16777216
Live Python Debug Output
If the master seems to be unresponsive, a SIGUSR1 can be passed to the salt-master threads to display
what piece of code is executing. This debug information can be invaluable in tracking down bugs.
To pass a SIGUSR1 to the master, first make sure the minion is running in the foreground. Stop the
service if it is running as a daemon, and start it in the foreground like so:
# salt-master -l debug
Then pass the signal to the master when it seems to be unresponsive:
# killall -SIGUSR1 salt-master
When filing an issue or sending questions to the mailing list for a problem with an unresponsive daemon,
be sure to include this information if possible.
Live Salt-Master Profiling
When faced with performance problems one can turn on master process profiling by sending it SIGUSR2.
# killall -SIGUSR2 salt-master
This will activate yappi profiler inside salt-master code, then after some time one must send SIGUSR2
again to stop profiling and save results to file. If run in foreground salt-master will report filename
for the results, which are usually located under /tmp on Unix-based OSes and c:\temp on windows.
Results can then be analyzed with kcachegrind or similar tool.
Commands Time Out or Do Not Return Output
Depending on your OS (this is most common on Ubuntu due to apt-get) you may sometimes encounter times
where a state.apply, or other long running commands do not return output.
By default the timeout is set to 5 seconds. The timeout value can easily be increased by modifying the
timeout line within your /etc/salt/master configuration file.
Having keys accepted for Salt minions that no longer exist or are not reachable also increases the
possibility of timeouts, since the Salt master waits for those systems to return command results.
Passing the -c Option to Salt Returns a Permissions Error
Using the -c option with the Salt command modifies the configuration directory. When the configuration
file is read it will still base data off of the root_dir setting. This can result in unintended behavior
if you are expecting files such as /etc/salt/pki to be pulled from the location specified with -c. Modify
the root_dir setting to address this behavior.
Salt Master Doesn't Return Anything While Running jobs
When a command being run via Salt takes a very long time to return (package installations, certain
scripts, etc.) the master may drop you back to the shell. In most situations the job is still running but
Salt has exceeded the set timeout before returning. Querying the job queue will provide the data of the
job but is inconvenient. This can be resolved by either manually using the -t option to set a longer
timeout when running commands (by default it is 5 seconds) or by modifying the master configuration file:
/etc/salt/master and setting the timeout value to change the default timeout for all commands, and then
restarting the salt-master service.
Salt Master Auth Flooding
In large installations, care must be taken not to overwhealm the master with authentication requests.
Several options can be set on the master which mitigate the chances of an authentication flood from
causing an interruption in service.
NOTE:
recon_default:
The average number of seconds to wait between reconnection attempts.
recon_max:
The maximum number of seconds to wait between reconnection attempts.
recon_randomize:
A flag to indicate whether the recon_default value should be randomized.
acceptance_wait_time:
The number of seconds to wait for a reply to each authentication request.
random_reauth_delay:
The range of seconds across which the minions should attempt to randomize authentication
attempts.
auth_timeout:
The total time to wait for the authentication process to complete, regardless of the number of
attempts.
Running states locally
To debug the states, you can use call locally.
salt-call -l trace --local state.highstate
The top.sls file is used to map what SLS modules get loaded onto what minions via the state system.
It is located in the file defined in the file_roots variable of the salt master configuration file which
is defined by found in CONFIG_DIR/master, normally /etc/salt/master
The default configuration for the file_roots is:
file_roots:
base:
- /srv/salt
So the top file is defaulted to the location /srv/salt/top.sls
Salt Master Umask
The salt master uses a cache to track jobs as they are published and returns come back. The recommended
umask for a salt-master is 022, which is the default for most users on a system. Incorrect umasks can
result in permission-denied errors when the master tries to access files in its cache.
Troubleshooting the Salt Minion
In the event that your Salt minion is having issues, a variety of solutions and suggestions are
available. Please refer to the following links for more information:
Troubleshooting the Salt Minion
Running in the Foreground
A great deal of information is available via the debug logging system, if you are having issues with
minions connecting or not starting run the minion in the foreground:
# salt-minion -l debug
Anyone wanting to run Salt daemons via a process supervisor such as monit, runit, or supervisord, should
omit the -d argument to the daemons and run them in the foreground.
What Ports does the Minion Need Open?
No ports need to be opened on the minion, as it makes outbound connections to the master. If you've put
both your Salt master and minion in debug mode and don't see an acknowledgment that your minion has
connected, it could very well be a firewall interfering with the connection. See our firewall
configuration page for help opening the firewall on various platforms.
If you have netcat installed, you can check port connectivity from the minion with the nc command:
$ nc -v -z salt.master.ip.addr 4505
Connection to salt.master.ip.addr 4505 port [tcp/unknown] succeeded!
$ nc -v -z salt.master.ip.addr 4506
Connection to salt.master.ip.addr 4506 port [tcp/unknown] succeeded!
The Nmap utility can also be used to check if these ports are open:
# nmap -sS -q -p 4505-4506 salt.master.ip.addr
Starting Nmap 6.40 ( http://nmap.org ) at 2013-12-29 19:44 CST
Nmap scan report for salt.master.ip.addr (10.0.0.10)
Host is up (0.0026s latency).
PORT STATE SERVICE
4505/tcp open unknown
4506/tcp open unknown
MAC Address: 00:11:22:AA:BB:CC (Intel)
Nmap done: 1 IP address (1 host up) scanned in 1.64 seconds
If you've opened the correct TCP ports and still aren't seeing connections, check that no additional
access control system such as SELinux or AppArmor is blocking Salt. Tools like tcptraceroute can also be
used to determine if an intermediate device or firewall is blocking the needed TCP ports.
Using salt-call
The salt-call command was originally developed for aiding in the development of new Salt modules. Since
then, many applications have been developed for running any Salt module locally on a minion. These range
from the original intent of salt-call (development assistance), to gathering more verbose output from
calls like state.apply.
When initially creating your state tree, it is generally recommended to invoke highstates by running
state.apply directly from the minion with salt-call, rather than remotely from the master. This displays
far more information about the execution than calling it remotely. For even more verbosity, increase the
loglevel using the -l argument:
# salt-call -l debug state.apply
The main difference between using salt and using salt-call is that salt-call is run from the minion, and
it only runs the selected function on that minion. By contrast, salt is run from the master, and requires
you to specify the minions on which to run the command using salt's targeting system.
Live Python Debug Output
If the minion seems to be unresponsive, a SIGUSR1 can be passed to the process to display what piece of
code is executing. This debug information can be invaluable in tracking down bugs.
To pass a SIGUSR1 to the minion, first make sure the minion is running in the foreground. Stop the
service if it is running as a daemon, and start it in the foreground like so:
# salt-minion -l debug
Then pass the signal to the minion when it seems to be unresponsive:
# killall -SIGUSR1 salt-minion
When filing an issue or sending questions to the mailing list for a problem with an unresponsive daemon,
be sure to include this information if possible.
Multiprocessing in Execution Modules
As is outlined in github issue #6300, Salt cannot use python's multiprocessing pipes and queues from
execution modules. Multiprocessing from the execution modules is perfectly viable, it is just necessary
to use Salt's event system to communicate back with the process.
The reason for this difficulty is that python attempts to pickle all objects in memory when
communicating, and it cannot pickle function objects. Since the Salt loader system creates and manages
function objects this causes the pickle operation to fail.
Salt Minion Doesn't Return Anything While Running Jobs Locally
When a command being run via Salt takes a very long time to return (package installations, certain
scripts, etc.) the minion may drop you back to the shell. In most situations the job is still running but
Salt has exceeded the set timeout before returning. Querying the job queue will provide the data of the
job but is inconvenient. This can be resolved by either manually using the -t option to set a longer
timeout when running commands (by default it is 5 seconds) or by modifying the minion configuration file:
/etc/salt/minion and setting the timeout value to change the default timeout for all commands, and then
restarting the salt-minion service.
NOTE:
Modifying the minion timeout value is not required when running commands from a Salt Master. It is
only required when running commands locally on the minion.
Running in the Foreground
A great deal of information is available via the debug logging system, if you are having issues with
minions connecting or not starting run the minion and/or master in the foreground:
salt-master -l debug
salt-minion -l debug
Anyone wanting to run Salt daemons via a process supervisor such as monit, runit, or supervisord, should
omit the -d argument to the daemons and run them in the foreground.
What Ports do the Master and Minion Need Open?
No ports need to be opened up on each minion. For the master, TCP ports 4505 and 4506 need to be open. If
you've put both your Salt master and minion in debug mode and don't see an acknowledgment that your
minion has connected, it could very well be a firewall.
You can check port connectivity from the minion with the nc command:
nc -v -z salt.master.ip 4505
nc -v -z salt.master.ip 4506
There is also a firewall configuration document that might help as well.
If you've enabled the right TCP ports on your operating system or Linux distribution's firewall and still
aren't seeing connections, check that no additional access control system such as SELinux or AppArmor is
blocking Salt.
Using salt-call
The salt-call command was originally developed for aiding in the development of new Salt modules. Since
then, many applications have been developed for running any Salt module locally on a minion. These range
from the original intent of salt-call, development assistance, to gathering more verbose output from
calls like state.apply.
When initially creating your state tree, it is generally recommended to invoke state.apply directly from
the minion with salt-call, rather than remotely from the master. This displays far more information about
the execution than calling it remotely. For even more verbosity, increase the loglevel using the -l
argument:
salt-call -l debug state.apply
The main difference between using salt and using salt-call is that salt-call is run from the minion, and
it only runs the selected function on that minion. By contrast, salt is run from the master, and requires
you to specify the minions on which to run the command using salt's targeting system.
Too many open files
The salt-master needs at least 2 sockets per host that connects to it, one for the Publisher and one for
response port. Thus, large installations may, upon scaling up the number of minions accessing a given
master, encounter:
12:45:29,289 [salt.master ][INFO ] Starting Salt worker process 38
Too many open files
sock != -1 (tcp_listener.cpp:335)
The solution to this would be to check the number of files allowed to be opened by the user running
salt-master (root by default):
[root@salt-master ~]# ulimit -n
1024
And modify that value to be at least equal to the number of minions x 2. This setting can be changed in
limits.conf as the nofile value(s), and activated upon new a login of the specified user.
So, an environment with 1800 minions, would need 1800 x 2 = 3600 as a minimum.
Salt Master Stops Responding
There are known bugs with ZeroMQ versions less than 2.1.11 which can cause the Salt master to not respond
properly. If you're running a ZeroMQ version greater than or equal to 2.1.9, you can work around the bug
by setting the sysctls net.core.rmem_max and net.core.wmem_max to 16777216. Next, set the third field in
net.ipv4.tcp_rmem and net.ipv4.tcp_wmem to at least 16777216.
You can do it manually with something like:
# echo 16777216 > /proc/sys/net/core/rmem_max
# echo 16777216 > /proc/sys/net/core/wmem_max
# echo "4096 87380 16777216" > /proc/sys/net/ipv4/tcp_rmem
# echo "4096 87380 16777216" > /proc/sys/net/ipv4/tcp_wmem
Or with the following Salt state:
net.core.rmem_max:
sysctl:
- present
- value: 16777216
net.core.wmem_max:
sysctl:
- present
- value: 16777216
net.ipv4.tcp_rmem:
sysctl:
- present
- value: 4096 87380 16777216
net.ipv4.tcp_wmem:
sysctl:
- present
- value: 4096 87380 16777216
Salt and SELinux
Currently there are no SELinux policies for Salt. For the most part Salt runs without issue when SELinux
is running in Enforcing mode. This is because when the minion executes as a daemon the type context is
changed to initrc_t. The problem with SELinux arises when using salt-call or running the minion in the
foreground, since the type context stays unconfined_t.
This problem is generally manifest in the rpm install scripts when using the pkg module. Until a full
SELinux Policy is available for Salt the solution to this issue is to set the execution context of
salt-call and salt-minion to rpm_exec_t:
# CentOS 5 and RHEL 5:
chcon -t system_u:system_r:rpm_exec_t:s0 /usr/bin/salt-minion
chcon -t system_u:system_r:rpm_exec_t:s0 /usr/bin/salt-call
# CentOS 6 and RHEL 6:
chcon system_u:object_r:rpm_exec_t:s0 /usr/bin/salt-minion
chcon system_u:object_r:rpm_exec_t:s0 /usr/bin/salt-call
This works well, because the rpm_exec_t context has very broad control over other types.
Red Hat Enterprise Linux 5
Salt requires Python 2.6 or 2.7. Red Hat Enterprise Linux 5 and its variants come with Python 2.4
installed by default. When installing on RHEL 5 from the EPEL repository this is handled for you. But, if
you run Salt from git, be advised that its dependencies need to be installed from EPEL and that Salt
needs to be run with the python26 executable.
Common YAML Gotchas
An extensive list of YAML idiosyncrasies has been compiled:
YAML Idiosyncrasies
One of Salt's strengths, the use of existing serialization systems for representing SLS data, can also
backfire. YAML is a general purpose system and there are a number of things that would seem to make sense
in an sls file that cause YAML issues. It is wise to be aware of these issues. While reports or running
into them are generally rare they can still crop up at unexpected times.
Spaces vs Tabs
YAML uses spaces, period. Do not use tabs in your SLS files! If strange errors are coming up in rendering
SLS files, make sure to check that no tabs have crept in! In Vim, after enabling search highlighting
with: :set hlsearch, you can check with the following key sequence in normal mode(you can hit ESC twice
to be sure): /, Ctrl-v, Tab, then hit Enter. Also, you can convert tabs to 2 spaces by these commands in
Vim: :set tabstop=2 expandtab and then :retab.
Indentation
The suggested syntax for YAML files is to use 2 spaces for indentation, but YAML will follow whatever
indentation system that the individual file uses. Indentation of two spaces works very well for SLS files
given the fact that the data is uniform and not deeply nested.
Nested Dictionaries
When dicts are nested within other data structures (particularly lists), the indentation logic sometimes
changes. Examples of where this might happen include context and default options from the file.managed
state:
/etc/http/conf/http.conf:
file:
- managed
- source: salt://apache/http.conf
- user: root
- group: root
- mode: 644
- template: jinja
- context:
custom_var: "override"
- defaults:
custom_var: "default value"
other_var: 123
Notice that while the indentation is two spaces per level, for the values under the context and defaults
options there is a four-space indent. If only two spaces are used to indent, then those keys will be
considered part of the same dictionary that contains the context key, and so the data will not be loaded
correctly. If using a double indent is not desirable, then a deeply-nested dict can be declared with
curly braces:
/etc/http/conf/http.conf:
file:
- managed
- source: salt://apache/http.conf
- user: root
- group: root
- mode: 644
- template: jinja
- context: {
custom_var: "override" }
- defaults: {
custom_var: "default value",
other_var: 123 }
Here is a more concrete example of how YAML actually handles these indentations, using the Python
interpreter on the command line:
>>> import yaml
>>> yaml.safe_load('''mystate:
... file.managed:
... - context:
... some: var''')
{'mystate': {'file.managed': [{'context': {'some': 'var'}}]}}
>>> yaml.safe_load('''mystate:
... file.managed:
... - context:
... some: var''')
{'mystate': {'file.managed': [{'some': 'var', 'context': None}]}}
Note that in the second example, some is added as another key in the same dictionary, whereas in the
first example, it's the start of a new dictionary. That's the distinction. context is a common example
because it is a keyword arg for many functions, and should contain a dictionary.
True/False, Yes/No, On/Off
PyYAML will load these values as boolean True or False. Un-capitalized versions will also be loaded as
booleans (true, false, yes, no, on, and off). This can be especially problematic when constructing Pillar
data. Make sure that your Pillars which need to use the string versions of these values are enclosed in
quotes. Pillars will be parsed twice by salt, so you'll need to wrap your values in multiple quotes,
including double quotation marks (" ") and single quotation marks (' '). Note that spaces are included in
the quotation type examples for clarity.
Multiple quoting examples looks like this:
- '"false"'
- "'True'"
- "'YES'"
- '"No"'
NOTE:
When using multiple quotes in this manner, they must be different. Using "" "" or '' '' won't work in
this case (spaces are included in examples for clarity).
The '%' Sign
The % symbol has a special meaning in YAML, it needs to be passed as a string literal:
cheese:
ssh_auth.present:
- user: tbortels
- source: salt://ssh_keys/chease.pub
- config: '%h/.ssh/authorized_keys'
Time Expressions
PyYAML will load a time expression as the integer value of that, assuming HH:MM. So for example, 12:00 is
loaded by PyYAML as 720. An excellent explanation for why can be found here.
To keep time expressions like this from being loaded as integers, always quote them.
NOTE:
When using a jinja load_yaml map, items must be quoted twice. For example:
{% load_yaml as wsus_schedule %}
FRI_10:
time: '"23:00"'
day: 6 - Every Friday
SAT_10:
time: '"06:00"'
day: 7 - Every Saturday
SAT_20:
time: '"14:00"'
day: 7 - Every Saturday
SAT_30:
time: '"22:00"'
day: 7 - Every Saturday
SUN_10:
time: '"06:00"'
day: 1 - Every Sunday
{% endload %}
YAML does not like Double Short Decs
If I can find a way to make YAML accept "Double Short Decs" then I will, since I think that double short
decs would be awesome. So what is a "Double Short Dec"? It is when you declare a multiple short decs in
one ID. Here is a standard short dec, it works great:
vim:
pkg.installed
The short dec means that there are no arguments to pass, so it is not required to add any arguments, and
it can save space.
YAML though, gets upset when declaring multiple short decs, for the record...
THIS DOES NOT WORK:
vim:
pkg.installed
user.present
Similarly declaring a short dec in the same ID dec as a standard dec does not work either...
ALSO DOES NOT WORK:
fred:
user.present
ssh_auth.present:
- name: AAAAB3NzaC...
- user: fred
- enc: ssh-dss
- require:
- user: fred
The correct way is to define them like this:
vim:
pkg.installed: []
user.present: []
fred:
user.present: []
ssh_auth.present:
- name: AAAAB3NzaC...
- user: fred
- enc: ssh-dss
- require:
- user: fred
Alternatively, they can be defined the "old way", or with multiple "full decs":
vim:
pkg:
- installed
user:
- present
fred:
user:
- present
ssh_auth:
- present
- name: AAAAB3NzaC...
- user: fred
- enc: ssh-dss
- require:
- user: fred
YAML supports only plain ASCII
According to YAML specification, only ASCII characters can be used.
Within double-quotes, special characters may be represented with C-style escape sequences starting with a
backslash ( \ ).
Examples:
- micro: "\u00b5"
- copyright: "\u00A9"
- A: "\x41"
- alpha: "\u0251"
- Alef: "\u05d0"
List of usable Unicode characters will help you to identify correct numbers.
Python can also be used to discover the Unicode number for a character:
repr(u"Text with wrong characters i need to figure out")
This shell command can find wrong characters in your SLS files:
find . -name '*.sls' -exec grep --color='auto' -P -n '[^\x00-\x7F]' \{} \;
Alternatively you can toggle the yaml_utf8 setting in your master configuration file. This is still an
experimental setting but it should manage the right encoding conversion in salt after yaml states
compilations.
Underscores stripped in Integer Definitions
If a definition only includes numbers and underscores, it is parsed by YAML as an integer and all
underscores are stripped. To ensure the object becomes a string, it should be surrounded by quotes.
More information here.
Here's an example:
>>> import yaml
>>> yaml.safe_load('2013_05_10')
20130510
>>> yaml.safe_load('"2013_05_10"')
'2013_05_10'
Automatic datetime conversion
If there is a value in a YAML file formatted 2014-01-20 14:23:23 or similar, YAML will automatically
convert this to a Python datetime object. These objects are not msgpack serializable, and so may break
core salt functionality. If values such as these are needed in a salt YAML file (specifically a
configuration file), they should be formatted with surrounding strings to force YAML to serialize them as
strings:
>>> import yaml
>>> yaml.safe_load('2014-01-20 14:23:23')
datetime.datetime(2014, 1, 20, 14, 23, 23)
>>> yaml.safe_load('"2014-01-20 14:23:23"')
'2014-01-20 14:23:23'
Additionally, numbers formatted like XXXX-XX-XX will also be converted (or YAML will attempt to convert
them, and error out if it doesn't think the date is a real one). Thus, for example, if a minion were to
have an ID of 4017-16-20 the minion would not start because YAML would complain that the date was out of
range. The workaround is the same, surround the offending string with quotes:
>>> import yaml
>>> yaml.safe_load('4017-16-20')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python2.7/site-packages/yaml/__init__.py", line 93, in safe_load
return load(stream, SafeLoader)
File "/usr/local/lib/python2.7/site-packages/yaml/__init__.py", line 71, in load
return loader.get_single_data()
File "/usr/local/lib/python2.7/site-packages/yaml/constructor.py", line 39, in get_single_data
return self.construct_document(node)
File "/usr/local/lib/python2.7/site-packages/yaml/constructor.py", line 43, in construct_document
data = self.construct_object(node)
File "/usr/local/lib/python2.7/site-packages/yaml/constructor.py", line 88, in construct_object
data = constructor(self, node)
File "/usr/local/lib/python2.7/site-packages/yaml/constructor.py", line 312, in construct_yaml_timestamp
return datetime.date(year, month, day)
ValueError: month must be in 1..12
>>> yaml.safe_load('"4017-16-20"')
'4017-16-20'
Keys Limited to 1024 Characters
Simple keys are limited to a single line and cannot be longer that 1024 characters. This is a limitation
from PyYaml, as seen in a comment in PyYAML's code, and applies to anything parsed by YAML in Salt.
Live Python Debug Output
If the minion or master seems to be unresponsive, a SIGUSR1 can be passed to the processes to display
where in the code they are running. If encountering a situation like this, this debug information can be
invaluable. First make sure the master of minion are running in the foreground:
salt-master -l debug
salt-minion -l debug
Then pass the signal to the master or minion when it seems to be unresponsive:
killall -SIGUSR1 salt-master
killall -SIGUSR1 salt-minion
Also under BSD and macOS in addition to SIGUSR1 signal, debug subroutine set up for SIGINFO which has an
advantage of being sent by Ctrl+T shortcut.
When filing an issue or sending questions to the mailing list for a problem with an unresponsive daemon
this information can be invaluable.
Salt 0.16.x minions cannot communicate with a 0.17.x master
As of release 0.17.1 you can no longer run different versions of Salt on your Master and Minion servers.
This is due to a protocol change for security purposes. The Salt team will continue to attempt to ensure
versions are as backwards compatible as possible.
Debugging the Master and Minion
A list of common master and minion troubleshooting steps provide a starting point for resolving issues
you may encounter.
Frequently Asked Questions
FAQ
• Frequently Asked Questions
• Is Salt open-core?
• I think I found a bug! What should I do?
• What ports should I open on my firewall?
• I'm seeing weird behavior (including but not limited to packages not installing their users properly)
• My script runs every time I run a state.apply. Why?
• When I run test.ping, why don't the Minions that aren't responding return anything? Returning False
would be helpful.
• How does Salt determine the Minion's id?
• I'm trying to manage packages/services but I get an error saying that the state is not available.
Why?
• Why aren't my custom modules/states/etc. available on my Minions?
• Module X isn't available, even though the shell command it uses is installed. Why?
• Can I run different versions of Salt on my Master and Minion?
• Does Salt support backing up managed files?
• Is it possible to deploy a file to a specific minion, without other minions having access to it?
• What is the best way to restart a Salt Minion daemon using Salt after upgrade?
• Upgrade without automatic restart
• Restart using states
• Restart using remote executions
• Salting the Salt Master
• Is Targeting using Grain Data Secure?
• Why Did the Value for a Grain Change on Its Own?
Is Salt open-core?
No. Salt is 100% committed to being open-source, including all of our APIs. It is developed under the
Apache 2.0 license, allowing it to be used in both open and proprietary projects.
To expand on this a little:
There is much argument over the actual definition of "open core". From our standpoint, Salt is open
source because
1. It is a standalone product that anyone is free to use.
2. It is developed in the open with contributions accepted from the community for the good of the
project.
3. There are no features of Salt itself that are restricted to separate proprietary products distributed
by SaltStack, Inc.
4. Because of our Apache 2.0 license, Salt can be used as the foundation for a project or even a
proprietary tool.
5. Our APIs are open and documented (any lack of documentation is an oversight as opposed to an
intentional decision by SaltStack the company) and available for use by anyone.
SaltStack the company does make proprietary products which use Salt and its libraries, like company is
free to do, but we do so via the APIs, NOT by forking Salt and creating a different, closed-source
version of it for paying customers.
I think I found a bug! What should I do?
The salt-users mailing list as well as the salt IRC channel can both be helpful resources to confirm if
others are seeing the issue and to assist with immediate debugging.
To report a bug to the Salt project, please follow the instructions in reporting a bug.
What ports should I open on my firewall?
Minions need to be able to connect to the Master on TCP ports 4505 and 4506. Minions do not need any
inbound ports open. More detailed information on firewall settings can be found here.
I'm seeing weird behavior (including but not limited to packages not installing their users properly)
This is often caused by SELinux. Try disabling SELinux or putting it in permissive mode and see if the
weird behavior goes away.
My script runs every time I run a state.apply. Why?
You are probably using cmd.run rather than cmd.wait. A cmd.wait state will only run when there has been a
change in a state that it is watching.
A cmd.run state will run the corresponding command every time (unless it is prevented from running by the
unless or onlyif arguments).
More details can be found in the documentation for the cmd states.
When I run test.ping, why don't the Minions that aren't responding return anything? Returning False would be
helpful.
When you run test.ping the Master tells Minions to run commands/functions, and listens for the return
data, printing it to the screen when it is received. If it doesn't receive anything back, it doesn't
have anything to display for that Minion.
There are a couple options for getting information on Minions that are not responding. One is to use the
verbose (-v) option when you run salt commands, as it will display "Minion did not return" for any
Minions which time out.
salt -v '*' pkg.install zsh
Another option is to use the manage.down runner:
salt-run manage.down
Also, if the Master is under heavy load, it is possible that the CLI will exit without displaying return
data for all targeted Minions. However, this doesn't mean that the Minions did not return; this only
means that the Salt CLI timed out waiting for a response. Minions will still send their return data back
to the Master once the job completes. If any expected Minions are missing from the CLI output, the
jobs.list_jobs runner can be used to show the job IDs of the jobs that have been run, and the
jobs.lookup_jid runner can be used to get the return data for that job.
salt-run jobs.list_jobs
salt-run jobs.lookup_jid 20130916125524463507
If you find that you are often missing Minion return data on the CLI, only to find it with the jobs
runners, then this may be a sign that the worker_threads value may need to be increased in the master
config file. Additionally, running your Salt CLI commands with the -t option will make Salt wait longer
for the return data before the CLI command exits. For instance, the below command will wait up to 60
seconds for the Minions to return:
salt -t 60 '*' test.ping
How does Salt determine the Minion's id?
If the Minion id is not configured explicitly (using the id parameter), Salt will determine the id based
on the hostname. Exactly how this is determined varies a little between operating systems and is
described in detail here.
I'm trying to manage packages/services but I get an error saying that the state is not available. Why?
Salt detects the Minion's operating system and assigns the correct package or service management module
based on what is detected. However, for certain custom spins and OS derivatives this detection fails. In
cases like this, an issue should be opened on our tracker, with the following information:
1. The output of the following command:
salt <minion_id> grains.items | grep os
2. The contents of /etc/lsb-release, if present on the Minion.
Why aren't my custom modules/states/etc. available on my Minions?
Custom modules are synced to Minions when saltutil.sync_modules, or saltutil.sync_all is run. Custom
modules are also synced by state.apply when run without any arguments.
Similarly, custom states are synced to Minions when state.apply, saltutil.sync_states, or
saltutil.sync_all is run.
Custom states are also synced by state.apply when run without any arguments.
Other custom types (renderers, outputters, etc.) have similar behavior, see the documentation for the
saltutil module for more information.
This reactor example can be used to automatically sync custom types when the minion connects to the
master, to help with this chicken-and-egg issue.
Module X isn't available, even though the shell command it uses is installed. Why?
This is most likely a PATH issue. Did you custom-compile the software which the module requires?
RHEL/CentOS/etc. in particular override the root user's path in /etc/init.d/functions, setting it to
/sbin:/usr/sbin:/bin:/usr/bin, making software installed into /usr/local/bin unavailable to Salt when the
Minion is started using the initscript. In version 2014.1.0, Salt will have a better solution for these
sort of PATH-related issues, but recompiling the software to install it into a location within the PATH
should resolve the issue in the meantime. Alternatively, you can create a symbolic link within the PATH
using a file.symlink state.
/usr/bin/foo:
file.symlink:
- target: /usr/local/bin/foo
Can I run different versions of Salt on my Master and Minion?
This depends on the versions. In general, it is recommended that Master and Minion versions match.
When upgrading Salt, the master(s) should always be upgraded first. Backwards compatibility for minions
running newer versions of salt than their masters is not guaranteed.
Whenever possible, backwards compatibility between new masters and old minions will be preserved.
Generally, the only exception to this policy is in case of a security vulnerability.
Recent examples of backwards compatibility breakage include the 0.17.1 release (where all backwards
compatibility was broken due to a security fix), and the 2014.1.0 release (which retained compatibility
between 2014.1.0 masters and 0.17 minions, but broke compatibility for 2014.1.0 minions and older
masters).
Does Salt support backing up managed files?
Yes. Salt provides an easy to use addition to your file.managed states that allow you to back up files
via backup_mode, backup_mode can be configured on a per state basis, or in the minion config (note that
if set in the minion config this would simply be the default method to use, you still need to specify
that the file should be backed up!).
Is it possible to deploy a file to a specific minion, without other minions having access to it?
The Salt fileserver does not yet support access control, but it is still possible to do this. As of Salt
2015.5.0, the file_tree external pillar is available, and allows the contents of a file to be loaded as
Pillar data. This external pillar is capable of assigning Pillar values both to individual minions, and
to nodegroups. See the documentation for details on how to set this up.
Once the external pillar has been set up, the data can be pushed to a minion via a file.managed state,
using the contents_pillar argument:
/etc/my_super_secret_file:
file.managed:
- user: secret
- group: secret
- mode: 600
- contents_pillar: secret_files:my_super_secret_file
In this example, the source file would be located in a directory called secret_files underneath the
file_tree path for the minion. The syntax for specifying the pillar variable is the same one used for
pillar.get, with a colon representing a nested dictionary.
WARNING:
Deploying binary contents using the file.managed state is only supported in Salt 2015.8.4 and newer.
What is the best way to restart a Salt Minion daemon using Salt after upgrade?
Updating the salt-minion package requires a restart of the salt-minion service. But restarting the
service while in the middle of a state run interrupts the process of the Minion running states and
sending results back to the Master. A common way to workaround that is to schedule restarting of the
Minion service using masterless mode after all other states have been applied. This allows the minion to
keep Minion to Master connection alive for the Minion to report the final results to the Master, while
the service is restarting in the background.
Upgrade without automatic restart
Doing the Minion upgrade seems to be a simplest state in your SLS file at first. But the operating
systems such as Debian GNU/Linux, Ubuntu and their derivatives start the service after the package
installation by default. To prevent this, we need to create policy layer which will prevent the Minion
service to restart right after the upgrade:
{%- if grains['os_family'] == 'Debian' %}
Disable starting services:
file.managed:
- name: /usr/sbin/policy-rc.d
- user: root
- group: root
- mode: 0755
- contents:
- '#!/bin/sh'
- exit 101
# do not touch if already exists
- replace: False
- prereq:
- pkg: Upgrade Salt Minion
{%- endif %}
Upgrade Salt Minion:
pkg.installed:
- name: salt-minion
- version: 2016.11.3{% if grains['os_family'] == 'Debian' %}+ds-1{% endif %}
- order: last
Enable Salt Minion:
service.enabled:
- name: salt-minion
- require:
- pkg: Upgrade Salt Minion
{%- if grains['os_family'] == 'Debian' %}
Enable starting services:
file.absent:
- name: /usr/sbin/policy-rc.d
- onchanges:
- pkg: Upgrade Salt Minion
{%- endif %}
Restart using states
Now we can apply the workaround to restart the Minion in reliable way. The following example works on
UNIX-like operating systems:
{%- if grains['os'] != 'Windows' %
Restart Salt Minion:
cmd.run:
- name: 'salt-call --local service.restart salt-minion'
- bg: True
- onchanges:
- pkg: Upgrade Salt Minion
{%- endif %}
Note that restarting the salt-minion service on Windows operating systems is not always necessary when
performing an upgrade. The installer stops the salt-minion service, removes it, deletes the contents of
the \salt\bin directory, installs the new code, re-creates the salt-minion service, and starts it (by
default). The restart step would be necessary during the upgrade process, however, if the minion config
was edited after the upgrade or installation. If a minion restart is necessary, the state above can be
edited as follows:
Restart Salt Minion:
cmd.run:
{%- if grains['kernel'] == 'Windows' %}
- name: 'C:\salt\salt-call.bat --local service.restart salt-minion'
{%- else %}
- name: 'salt-call --local service.restart salt-minion'
{%- endif %}
- bg: True
- onchanges:
- pkg: Upgrade Salt Minion
However, it requires more advanced tricks to upgrade from legacy version of Salt (before 2016.3.0) on
UNIX-like operating systems, where executing commands in the background is not supported:
Restart Salt Minion:
cmd.run:
{%- if grains['kernel'] == 'Windows' %}
- name: 'start powershell "Restart-Service -Name salt-minion"'
{%- else %}
# fork and disown the process
- name: |-
exec 0>&- # close stdin
exec 1>&- # close stdout
exec 2>&- # close stderr
nohup salt-call --local service.restart salt-minion &
{%- endif %}
Restart using remote executions
Restart the Minion from the command line:
salt -G kernel:Windows cmd.run_bg 'C:\salt\salt-call.bat --local service.restart salt-minion'
salt -C 'not G@kernel:Windows' cmd.run_bg 'salt-call --local service.restart salt-minion'
Salting the Salt Master
In order to configure a master server via states, the Salt master can also be "salted" in order to
enforce state on the Salt master as well as the Salt minions. Salting the Salt master requires a Salt
minion to be installed on the same machine as the Salt master. Once the Salt minion is installed, the
minion configuration file must be pointed to the local Salt master:
master: 127.0.0.1
Once the Salt master has been "salted" with a Salt minion, it can be targeted just like any other minion.
If the minion on the salted master is running, the minion can be targeted via any usual salt command.
Additionally, the salt-call command can execute operations to enforce state on the salted master without
requiring the minion to be running.
More information about salting the Salt master can be found in the salt-formula for salt itself:
https://github.com/saltstack-formulas/salt-formula
Is Targeting using Grain Data Secure?
Because grains can be set by users that have access to the minion configuration files on the local
system, grains are considered less secure than other identifiers in Salt. Use caution when targeting
sensitive operations or setting pillar values based on grain data.
The only grain which can be safely used is grains['id'] which contains the Minion ID.
When possible, you should target sensitive operations and data using the Minion ID. If the Minion ID of a
system changes, the Salt Minion's public key must be re-accepted by an administrator on the Salt Master,
making it less vulnerable to impersonation attacks.
Why Did the Value for a Grain Change on Its Own?
This is usually the result of an upstream change in an OS distribution that replaces or removes something
that Salt was using to detect the grain. Fortunately, when this occurs, you can use Salt to fix it with
a command similar to the following:
salt -G 'grain:ChangedValue' grains.setvals "{'grain': 'OldValue'}"
(Replacing grain, ChangedValue, and OldValue with the grain and values that you want to change / set.)
You should also file an issue describing the change so it can be fixed in Salt.
Salt Best Practices
Salt's extreme flexibility leads to many questions concerning the structure of configuration files.
This document exists to clarify these points through examples and code.
General rules
1. Modularity and clarity should be emphasized whenever possible.
2. Create clear relations between pillars and states.
3. Use variables when it makes sense but don't overuse them.
4. Store sensitive data in pillar.
5. Don't use grains for matching in your pillar top file for any sensitive pillars.
Structuring States and Formulas
When structuring Salt States and Formulas it is important to begin with the directory structure. A proper
directory structure clearly defines the functionality of each state to the user via visual inspection of
the state's name.
Reviewing the MySQL Salt Formula it is clear to see the benefits to the end-user when reviewing a sample
of the available states:
/srv/salt/mysql/files/
/srv/salt/mysql/client.sls
/srv/salt/mysql/map.jinja
/srv/salt/mysql/python.sls
/srv/salt/mysql/server.sls
This directory structure would lead to these states being referenced in a top file in the following way:
base:
'web*':
- mysql.client
- mysql.python
'db*':
- mysql.server
This clear definition ensures that the user is properly informed of what each state will do.
Another example comes from the vim-formula:
/srv/salt/vim/files/
/srv/salt/vim/absent.sls
/srv/salt/vim/init.sls
/srv/salt/vim/map.jinja
/srv/salt/vim/nerdtree.sls
/srv/salt/vim/pyflakes.sls
/srv/salt/vim/salt.sls
Once again viewing how this would look in a top file:
/srv/salt/top.sls:
base:
'web*':
- vim
- vim.nerdtree
- vim.pyflakes
- vim.salt
'db*':
- vim.absent
The usage of a clear top-level directory as well as properly named states reduces the overall complexity
and leads a user to both understand what will be included at a glance and where it is located.
In addition Formulas should be used as often as possible.
NOTE:
Formulas repositories on the saltstack-formulas GitHub organization should not be pointed to directly
from systems that automatically fetch new updates such as GitFS or similar tooling. Instead formulas
repositories should be forked on GitHub or cloned locally, where unintended, automatic changes will
not take place.
Structuring Pillar Files
Pillars are used to store secure and insecure data pertaining to minions. When designing the structure of
the /srv/pillar directory, the pillars contained within should once again be focused on clear and concise
data which users can easily review, modify, and understand.
The /srv/pillar/ directory is primarily controlled by top.sls. It should be noted that the pillar top.sls
is not used as a location to declare variables and their values. The top.sls is used as a way to include
other pillar files and organize the way they are matched based on environments or grains.
An example top.sls may be as simple as the following:
/srv/pillar/top.sls:
base:
'*':
- packages
Any number of matchers can be added to the base environment. For example, here is an expanded version of
the Pillar top file stated above:
/srv/pillar/top.sls:
base:
'*':
- packages
'web*':
- apache
- vim
Or an even more complicated example, using a variety of matchers in numerous environments:
/srv/pillar/top.sls:
base:
'*':
- apache
dev:
'os:Debian':
- match: grain
- vim
test:
'* and not G@os: Debian':
- match: compound
- emacs
It is clear to see through these examples how the top file provides users with power but when used
incorrectly it can lead to confusing configurations. This is why it is important to understand that the
top file for pillar is not used for variable definitions.
Each SLS file within the /srv/pillar/ directory should correspond to the states which it matches.
This would mean that the apache pillar file should contain data relevant to Apache. Structuring files in
this way once again ensures modularity, and creates a consistent understanding throughout our Salt
environment. Users can expect that pillar variables found in an Apache state will live inside of an
Apache pillar:
/srv/pillar/apache.sls:
apache:
lookup:
name: httpd
config:
tmpl: /etc/httpd/httpd.conf
While this pillar file is simple, it shows how a pillar file explicitly relates to the state it is
associated with.
Variable Flexibility
Salt allows users to define variables in SLS files. When creating a state variables should provide users
with as much flexibility as possible. This means that variables should be clearly defined and easy to
manipulate, and that sane defaults should exist in the event a variable is not properly defined. Looking
at several examples shows how these different items can lead to extensive flexibility.
Although it is possible to set variables locally, this is generally not preferred:
/srv/salt/apache/conf.sls:
{% set name = 'httpd' %}
{% set tmpl = 'salt://apache/files/httpd.conf' %}
include:
- apache
apache_conf:
file.managed:
- name: {{ name }}
- source: {{ tmpl }}
- template: jinja
- user: root
- watch_in:
- service: apache
When generating this information it can be easily transitioned to the pillar where data can be
overwritten, modified, and applied to multiple states, or locations within a single state:
/srv/pillar/apache.sls:
apache:
lookup:
name: httpd
config:
tmpl: salt://apache/files/httpd.conf
/srv/salt/apache/conf.sls:
{% from "apache/map.jinja" import apache with context %}
include:
- apache
apache_conf:
file.managed:
- name: {{ salt['pillar.get']('apache:lookup:name') }}
- source: {{ salt['pillar.get']('apache:lookup:config:tmpl') }}
- template: jinja
- user: root
- watch_in:
- service: apache
This flexibility provides users with a centralized location to modify variables, which is extremely
important as an environment grows.
Modularity Within States
Ensuring that states are modular is one of the key concepts to understand within Salt. When creating a
state a user must consider how many times the state could be re-used, and what it relies on to operate.
Below are several examples which will iteratively explain how a user can go from a state which is not
very modular to one that is:
/srv/salt/apache/init.sls:
httpd:
pkg.installed: []
service.running:
- enable: True
/etc/httpd/httpd.conf:
file.managed:
- source: salt://apache/files/httpd.conf
- template: jinja
- watch_in:
- service: httpd
The example above is probably the worst-case scenario when writing a state. There is a clear lack of
focus by naming both the pkg/service, and managed file directly as the state ID. This would lead to
changing multiple requires within this state, as well as others that may depend upon the state.
Imagine if a require was used for the httpd package in another state, and then suddenly it's a custom
package. Now changes need to be made in multiple locations which increases the complexity and leads to a
more error prone configuration.
There is also the issue of having the configuration file located in the init, as a user would be unable
to simply install the service and use the default conf file.
Our second revision begins to address the referencing by using - name, as opposed to direct ID
references:
/srv/salt/apache/init.sls:
apache:
pkg.installed:
- name: httpd
service.running:
- name: httpd
- enable: True
apache_conf:
file.managed:
- name: /etc/httpd/httpd.conf
- source: salt://apache/files/httpd.conf
- template: jinja
- watch_in:
- service: apache
The above init file is better than our original, yet it has several issues which lead to a lack of
modularity. The first of these problems is the usage of static values for items such as the name of the
service, the name of the managed file, and the source of the managed file. When these items are hard
coded they become difficult to modify and the opportunity to make mistakes arises. It also leads to
multiple edits that need to occur when changing these items (imagine if there were dozens of these
occurrences throughout the state!). There is also still the concern of the configuration file data living
in the same state as the service and package.
In the next example steps will be taken to begin addressing these issues. Starting with the addition of
a map.jinja file (as noted in the Formula documentation), and modification of static values:
/srv/salt/apache/map.jinja:
{% set apache = salt['grains.filter_by']({
'Debian': {
'server': 'apache2',
'service': 'apache2',
'conf': '/etc/apache2/apache.conf',
},
'RedHat': {
'server': 'httpd',
'service': 'httpd',
'conf': '/etc/httpd/httpd.conf',
},
}, merge=salt['pillar.get']('apache:lookup')) %}
/srv/pillar/apache.sls:
apache:
lookup:
config:
tmpl: salt://apache/files/httpd.conf
/srv/salt/apache/init.sls:
{% from "apache/map.jinja" import apache with context %}
apache:
pkg.installed:
- name: {{ apache.server }}
service.running:
- name: {{ apache.service }}
- enable: True
apache_conf:
file.managed:
- name: {{ apache.conf }}
- source: {{ salt['pillar.get']('apache:lookup:config:tmpl') }}
- template: jinja
- user: root
- watch_in:
- service: apache
The changes to this state now allow us to easily identify the location of the variables, as well as
ensuring they are flexible and easy to modify. While this takes another step in the right direction, it
is not yet complete. Suppose the user did not want to use the provided conf file, or even their own
configuration file, but the default apache conf. With the current state setup this is not possible. To
attain this level of modularity this state will need to be broken into two states.
/srv/salt/apache/map.jinja:
{% set apache = salt['grains.filter_by']({
'Debian': {
'server': 'apache2',
'service': 'apache2',
'conf': '/etc/apache2/apache.conf',
},
'RedHat': {
'server': 'httpd',
'service': 'httpd',
'conf': '/etc/httpd/httpd.conf',
},
}, merge=salt['pillar.get']('apache:lookup')) %}
/srv/pillar/apache.sls:
apache:
lookup:
config:
tmpl: salt://apache/files/httpd.conf
/srv/salt/apache/init.sls:
{% from "apache/map.jinja" import apache with context %}
apache:
pkg.installed:
- name: {{ apache.server }}
service.running:
- name: {{ apache.service }}
- enable: True
/srv/salt/apache/conf.sls:
{% from "apache/map.jinja" import apache with context %}
include:
- apache
apache_conf:
file.managed:
- name: {{ apache.conf }}
- source: {{ salt['pillar.get']('apache:lookup:config:tmpl') }}
- template: jinja
- user: root
- watch_in:
- service: apache
This new structure now allows users to choose whether they only wish to install the default Apache, or if
they wish, overwrite the default package, service, configuration file location, or the configuration file
itself. In addition to this the data has been broken between multiple files allowing for users to
identify where they need to change the associated data.
Storing Secure Data
Secure data refers to any information that you would not wish to share with anyone accessing a server.
This could include data such as passwords, keys, or other information.
As all data within a state is accessible by EVERY server that is connected it is important to store
secure data within pillar. This will ensure that only those servers which require this secure data have
access to it. In this example a use can go from an insecure configuration to one which is only accessible
by the appropriate hosts:
/srv/salt/mysql/testerdb.sls:
testdb:
mysql_database.present:
- name: testerdb
/srv/salt/mysql/user.sls:
include:
- mysql.testerdb
testdb_user:
mysql_user.present:
- name: frank
- password: "test3rdb"
- host: localhost
- require:
- sls: mysql.testerdb
Many users would review this state and see that the password is there in plain text, which is quite
problematic. It results in several issues which may not be immediately visible.
The first of these issues is clear to most users -- the password being visible in this state. This means
that any minion will have a copy of this, and therefore the password which is a major security concern as
minions may not be locked down as tightly as the master server.
The other issue that can be encountered is access by users on the master. If everyone has access to the
states (or their repository), then they are able to review this password. Keeping your password data
accessible by only a few users is critical for both security and peace of mind.
There is also the issue of portability. When a state is configured this way it results in multiple
changes needing to be made. This was discussed in the sections above but it is a critical idea to drive
home. If states are not portable it may result in more work later!
Fixing this issue is relatively simple, the content just needs to be moved to the associated pillar:
/srv/pillar/mysql.sls:
mysql:
lookup:
name: testerdb
password: test3rdb
user: frank
host: localhost
/srv/salt/mysql/testerdb.sls:
testdb:
mysql_database.present:
- name: {{ salt['pillar.get']('mysql:lookup:name') }}
/srv/salt/mysql/user.sls:
include:
- mysql.testerdb
testdb_user:
mysql_user.present:
- name: {{ salt['pillar.get']('mysql:lookup:user') }}
- password: {{ salt['pillar.get']('mysql:lookup:password') }}
- host: {{ salt['pillar.get']('mysql:lookup:host') }}
- require:
- sls: mysql.testerdb
Now that the database details have been moved to the associated pillar file, only machines which are
targeted via pillar will have access to these details. Access to users who should not be able to review
these details can also be prevented while ensuring that they are still able to write states which take
advantage of this information.
REMOTE EXECUTION
Running pre-defined or arbitrary commands on remote hosts, also known as remote execution, is the core
function of Salt. The following links explore modules and returners, which are two key elements of remote
execution.
Salt Execution Modules
Salt execution modules are called by the remote execution system to perform a wide variety of tasks.
These modules provide functionality such as installing packages, restarting a service, running a remote
command, transferring files, and so on.
Full list of execution modules
Contains: a list of core modules that ship with Salt.
Writing execution modules
Contains: a guide on how to write Salt modules.
Remote execution tutorial
Before continuing make sure you have a working Salt installation by following the installation and the
configuration instructions.
Stuck?
There are many ways to get help from the Salt community including our mailing list and our IRC
channel #salt.
Order your minions around
Now that you have a master and at least one minion communicating with each other you can perform commands
on the minion via the salt command. Salt calls are comprised of three main components:
salt '<target>' <function> [arguments]
SEE ALSO:
salt manpage
target
The target component allows you to filter which minions should run the following function. The default
filter is a glob on the minion id. For example:
salt '*' test.ping
salt '*.example.org' test.ping
Targets can be based on minion system information using the Grains system:
salt -G 'os:Ubuntu' test.ping
SEE ALSO:
Grains system
Targets can be filtered by regular expression:
salt -E 'virtmach[0-9]' test.ping
Targets can be explicitly specified in a list:
salt -L 'foo,bar,baz,quo' test.ping
Or Multiple target types can be combined in one command:
salt -C 'G@os:Ubuntu and webser* or E@database.*' test.ping
function
A function is some functionality provided by a module. Salt ships with a large collection of available
functions. List all available functions on your minions:
salt '*' sys.doc
Here are some examples:
Show all currently available minions:
salt '*' test.ping
Run an arbitrary shell command:
salt '*' cmd.run 'uname -a'
SEE ALSO:
the full list of modules
arguments
Space-delimited arguments to the function:
salt '*' cmd.exec_code python 'import sys; print sys.version'
Optional, keyword arguments are also supported:
salt '*' pip.install salt timeout=5 upgrade=True
They are always in the form of kwarg=argument.
Running Commands on Salt Minions
Salt can be controlled by a command line client by the root user on the Salt master. The Salt command
line client uses the Salt client API to communicate with the Salt master server. The Salt client is
straightforward and simple to use.
Using the Salt client commands can be easily sent to the minions.
Each of these commands accepts an explicit --config option to point to either the master or minion
configuration file. If this option is not provided and the default configuration file does not exist
then Salt falls back to use the environment variables SALT_MASTER_CONFIG and SALT_MINION_CONFIG.
SEE ALSO:
Configuration
Using the Salt Command
The Salt command needs a few components to send information to the Salt minions. The target minions need
to be defined, the function to call and any arguments the function requires.
Defining the Target Minions
The first argument passed to salt, defines the target minions, the target minions are accessed via their
hostname. The default target type is a bash glob:
salt '*foo.com' sys.doc
Salt can also define the target minions with regular expressions:
salt -E '.*' cmd.run 'ls -l | grep foo'
Or to explicitly list hosts, salt can take a list:
salt -L foo.bar.baz,quo.qux cmd.run 'ps aux | grep foo'
More Powerful Targets
See Targeting.
Calling the Function
The function to call on the specified target is placed after the target specification.
New in version 0.9.8.
Functions may also accept arguments, space-delimited:
salt '*' cmd.exec_code python 'import sys; print sys.version'
Optional, keyword arguments are also supported:
salt '*' pip.install salt timeout=5 upgrade=True
They are always in the form of kwarg=argument.
Arguments are formatted as YAML:
salt '*' cmd.run 'echo "Hello: $FIRST_NAME"' saltenv='{FIRST_NAME: "Joe"}'
Note: dictionaries must have curly braces around them (like the saltenv keyword argument above). This
was changed in 0.15.1: in the above example, the first argument used to be parsed as the dictionary
{'echo "Hello': '$FIRST_NAME"'}. This was generally not the expected behavior.
If you want to test what parameters are actually passed to a module, use the test.arg_repr command:
salt '*' test.arg_repr 'echo "Hello: $FIRST_NAME"' saltenv='{FIRST_NAME: "Joe"}'
Finding available minion functions
The Salt functions are self documenting, all of the function documentation can be retried from the
minions via the sys.doc() function:
salt '*' sys.doc
Compound Command Execution
If a series of commands needs to be sent to a single target specification then the commands can be sent
in a single publish. This can make gathering groups of information faster, and lowers the stress on the
network for repeated commands.
Compound command execution works by sending a list of functions and arguments instead of sending a single
function and argument. The functions are executed on the minion in the order they are defined on the
command line, and then the data from all of the commands are returned in a dictionary. This means that
the set of commands are called in a predictable way, and the returned data can be easily interpreted.
Executing compound commands if done by passing a comma delimited list of functions, followed by a comma
delimited list of arguments:
salt '*' cmd.run,test.ping,test.echo 'cat /proc/cpuinfo',,foo
The trick to look out for here, is that if a function is being passed no arguments, then there needs to
be a placeholder for the absent arguments. This is why in the above example, there are two commas right
next to each other. test.ping takes no arguments, so we need to add another comma, otherwise Salt would
attempt to pass "foo" to test.ping.
If you need to pass arguments that include commas, then make sure you add spaces around the commas that
separate arguments. For example:
salt '*' cmd.run,test.ping,test.echo 'echo "1,2,3"' , , foo
You may change the arguments separator using the --args-separator option:
salt --args-separator=:: '*' some.fun,test.echo params with , comma :: foo
CLI Completion
Shell completion scripts for the Salt CLI are available in the pkg Salt source directory.
Writing Execution Modules
Salt execution modules are the functions called by the salt command.
Modules Are Easy to Write!
Writing Salt execution modules is straightforward.
A Salt execution module is a Python or Cython module placed in a directory called _modules/ at the root
of the Salt fileserver. When using the default fileserver backend (i.e. roots <salt.fileserver.roots),
unless environments are otherwise defined in the file_roots config option, the _modules/ directory would
be located in /srv/salt/_modules on most systems.
Modules placed in _modules/ will be synced to the minions when any of the following Salt functions are
called:
• state.apply
• saltutil.sync_modules
• saltutil.sync_all
Note that a module's default name is its filename (i.e. foo.py becomes module foo), but that its name can
be overridden by using a __virtual__ function.
If a Salt module has errors and cannot be imported, the Salt minion will continue to load without issue
and the module with errors will simply be omitted.
If adding a Cython module the file must be named <modulename>.pyx so that the loader knows that the
module needs to be imported as a Cython module. The compilation of the Cython module is automatic and
happens when the minion starts, so only the *.pyx file is required.
Zip Archives as Modules
Python 2.3 and higher allows developers to directly import zip archives containing Python code. By
setting enable_zip_modules to True in the minion config, the Salt loader will be able to import .zip
files in this fashion. This allows Salt module developers to package dependencies with their modules for
ease of deployment, isolation, etc.
For a user, Zip Archive modules behave just like other modules. When executing a function from a module
provided as the file my_module.zip, a user would call a function within that module as
my_module.<function>.
Creating a Zip Archive Module
A Zip Archive module is structured similarly to a simple Python package. The .zip file contains a single
directory with the same name as the module. The module code traditionally in <module_name>.py goes in
<module_name>/__init__.py. The dependency packages are subdirectories of <module_name>/.
Here is an example directory structure for the lumberjack module, which has two library dependencies
(sleep and work) to be included.
modules $ ls -R lumberjack
__init__.py sleep work
lumberjack/sleep:
__init__.py
lumberjack/work:
__init__.py
The contents of lumberjack/__init__.py show how to import and use these included libraries.
# Libraries included in lumberjack.zip
from lumberjack import sleep, work
def is_ok(person):
''' Checks whether a person is really a lumberjack '''
return sleep.all_night(person) and work.all_day(person)
Then, create the zip:
modules $ zip -r lumberjack lumberjack
adding: lumberjack/ (stored 0%)
adding: lumberjack/__init__.py (deflated 39%)
adding: lumberjack/sleep/ (stored 0%)
adding: lumberjack/sleep/__init__.py (deflated 7%)
adding: lumberjack/work/ (stored 0%)
adding: lumberjack/work/__init__.py (deflated 7%)
modules $ unzip -l lumberjack.zip
Archive: lumberjack.zip
Length Date Time Name
-------- ---- ---- ----
0 08-21-15 20:08 lumberjack/
348 08-21-15 20:08 lumberjack/__init__.py
0 08-21-15 19:53 lumberjack/sleep/
83 08-21-15 19:53 lumberjack/sleep/__init__.py
0 08-21-15 19:53 lumberjack/work/
81 08-21-15 19:21 lumberjack/work/__init__.py
-------- -------
512 6 files
Once placed in file_roots, Salt users can distribute and use lumberjack.zip like any other module.
$ sudo salt minion1 saltutil.sync_modules
minion1:
- modules.lumberjack
$ sudo salt minion1 lumberjack.is_ok 'Michael Palin'
minion1:
True
Cross Calling Execution Modules
All of the Salt execution modules are available to each other and modules can call functions available in
other execution modules.
The variable __salt__ is packed into the modules after they are loaded into the Salt minion.
The __salt__ variable is a Python dictionary containing all of the Salt functions. Dictionary keys are
strings representing the names of the modules and the values are the functions themselves.
Salt modules can be cross-called by accessing the value in the __salt__ dict:
def foo(bar):
return __salt__['cmd.run'](bar)
This code will call the run function in the cmd module and pass the argument bar to it.
Calling Execution Modules on the Salt Master
New in version 2016.11.0.
Execution modules can now also be called via the salt-run command using the salt runner.
Preloaded Execution Module Data
When interacting with execution modules often it is nice to be able to read information dynamically about
the minion or to load in configuration parameters for a module.
Salt allows for different types of data to be loaded into the modules by the minion.
Grains Data
The values detected by the Salt Grains on the minion are available in a dict named __grains__ and can be
accessed from within callable objects in the Python modules.
To see the contents of the grains dictionary for a given system in your deployment run the grains.items()
function:
salt 'hostname' grains.items --output=pprint
Any value in a grains dictionary can be accessed as any other Python dictionary. For example, the grain
representing the minion ID is stored in the id key and from an execution module, the value would be
stored in __grains__['id'].
Module Configuration
Since parameters for configuring a module may be desired, Salt allows for configuration information from
the minion configuration file to be passed to execution modules.
Since the minion configuration file is a YAML document, arbitrary configuration data can be passed in the
minion config that is read by the modules. It is therefore strongly recommended that the values passed in
the configuration file match the module name. A value intended for the test execution module should be
named test.<value>.
The test execution module contains usage of the module configuration and the default configuration file
for the minion contains the information and format used to pass data to the modules. salt.modules.test,
conf/minion.
Strings and Unicode
An execution module author should always assume that strings fed to the module have already decoded from
strings into Unicode. In Python 2, these will be of type 'Unicode' and in Python 3 they will be of type
str. Calling from a state to other Salt sub-systems, should pass Unicode (or bytes if passing binary
data). In the rare event that a state needs to write directly to disk, Unicode should be encoded to a
string immediately before writing to disk. An author may use __salt_system_encoding__ to learn what the
encoding type of the system is. For example, 'my_string'.encode(__salt_system_encoding__').
Outputter Configuration
Since execution module functions can return different data, and the way the data is printed can greatly
change the presentation, Salt allows for a specific outputter to be set on a function-by-function basis.
This is done be declaring an __outputter__ dictionary in the global scope of the module. The
__outputter__ dictionary contains a mapping of function names to Salt outputters.
__outputter__ = {
'run': 'txt'
}
This will ensure that the txt outputter is used to display output from the run function.
Virtual Modules
Virtual modules let you override the name of a module in order to use the same name to refer to one of
several similar modules. The specific module that is loaded for a virtual name is selected based on the
current platform or environment.
For example, packages are managed across platforms using the pkg module. pkg is a virtual module name
that is an alias for the specific package manager module that is loaded on a specific system (for
example, yumpkg on RHEL/CentOS systems , and aptpkg on Ubuntu).
Virtual module names are set using the __virtual__ function and the virtual name.
__virtual__ Function
The __virtual__ function returns either a string, True, False, or False with an error string. If a string
is returned then the module is loaded using the name of the string as the virtual name. If True is
returned the module is loaded using the current module name. If False is returned the module is not
loaded. False lets the module perform system checks and prevent loading if dependencies are not met.
Since __virtual__ is called before the module is loaded, __salt__ will be unavailable as it will not have
been packed into the module at this point in time.
NOTE:
Modules which return a string from __virtual__ that is already used by a module that ships with Salt
will _override_ the stock module.
Returning Error Information from __virtual__
Optionally, Salt plugin modules, such as execution, state, returner, beacon, etc. modules may
additionally return a string containing the reason that a module could not be loaded. For example, an
execution module called cheese and a corresponding state module also called cheese, both depending on a
utility called enzymes should have __virtual__ functions that handle the case when the dependency is
unavailable.
'''
Cheese execution (or returner/beacon/etc.) module
'''
try:
import enzymes
HAS_ENZYMES = True
except ImportError:
HAS_ENZYMES = False
def __virtual__():
'''
only load cheese if enzymes are available
'''
if HAS_ENZYMES:
return 'cheese'
else:
return False, 'The cheese execution module cannot be loaded: enzymes unavailable.'
'''
Cheese state module
'''
def __virtual__():
'''
only load cheese if enzymes are available
'''
# predicate loading of the cheese state on the corresponding execution module
if 'cheese.slice' in __salt__:
return 'cheese'
else:
return False, 'The cheese state module cannot be loaded: enzymes unavailable.'
Examples
The package manager modules are among the best examples of using the __virtual__ function. A table of all
the virtual pkg modules can be found here.
Overriding Virtual Module Providers
Salt often uses OS grains (os, osrelease, os_family, etc.) to determine which module should be loaded as
the virtual module for pkg, service, etc. Sometimes this OS detection is incomplete, with new distros
popping up, existing distros changing init systems, etc. The virtual modules likely to be affected by
this are in the list below (click each item for more information):
• pkg
• service
• user
• shadow
• group
If Salt is using the wrong module for one of these, first of all, please report it on the issue tracker,
so that this issue can be resolved for a future release. To make it easier to troubleshoot, please also
provide the grains.items output, taking care to redact any sensitive information.
Then, while waiting for the SaltStack development team to fix the issue, Salt can be made to use the
correct module using the providers option in the minion config file:
providers:
service: systemd
pkg: aptpkg
The above example will force the minion to use the systemd module to provide service management, and the
aptpkg module to provide package management.
Logging Restrictions
As a rule, logging should not be done anywhere in a Salt module before it is loaded. This rule apples to
all code that would run before the __virtual__() function, as well as the code within the __virtual__()
function itself.
If logging statements are made before the virtual function determines if the module should be loaded,
then those logging statements will be called repeatedly. This clutters up log files unnecessarily.
Exceptions may be considered for logging statements made at the trace level. However, it is better to
provide the necessary information by another means. One method is to return error information in the
__virtual__() function.
__virtualname__
__virtualname__ is a variable that is used by the documentation build system to know the virtual name of
a module without calling the __virtual__ function. Modules that return a string from the __virtual__
function must also set the __virtualname__ variable.
To avoid setting the virtual name string twice, you can implement __virtual__ to return the value set for
__virtualname__ using a pattern similar to the following:
# Define the module's virtual name
__virtualname__ = 'pkg'
def __virtual__():
'''
Confine this module to Mac OS with Homebrew.
'''
if salt.utils.which('brew') and __grains__['os'] == 'MacOS':
return __virtualname__
return False
The __virtual__() function can return a True or False boolean, a tuple, or a string. If it returns a True
value, this __virtualname__ module-level attribute can be set as seen in the above example. This is the
string that the module should be referred to as.
When __virtual__() returns a tuple, the first item should be a boolean and the second should be a string.
This is typically done when the module should not load. The first value of the tuple is False and the
second is the error message to display for why the module did not load.
For example:
def __virtual__():
'''
Only load if git exists on the system
'''
if salt.utils.which('git') is None:
return (False,
'The git execution module cannot be loaded: git unavailable.')
else:
return True
Documentation
Salt execution modules are documented. The sys.doc() function will return the documentation for all
available modules:
salt '*' sys.doc
The sys.doc function simply prints out the docstrings found in the modules; when writing Salt execution
modules, please follow the formatting conventions for docstrings as they appear in the other modules.
Adding Documentation to Salt Modules
It is strongly suggested that all Salt modules have documentation added.
To add documentation add a Python docstring to the function.
def spam(eggs):
'''
A function to make some spam with eggs!
CLI Example::
salt '*' test.spam eggs
'''
return eggs
Now when the sys.doc call is executed the docstring will be cleanly returned to the calling terminal.
Documentation added to execution modules in docstrings will automatically be added to the online
web-based documentation.
Add Execution Module Metadata
When writing a Python docstring for an execution module, add information about the module using the
following field lists:
:maintainer: Thomas Hatch <thatch@saltstack.com, Seth House <shouse@saltstack.com>
:maturity: new
:depends: python-mysqldb
:platform: all
The maintainer field is a comma-delimited list of developers who help maintain this module.
The maturity field indicates the level of quality and testing for this module. Standard labels will be
determined.
The depends field is a comma-delimited list of modules that this module depends on.
The platform field is a comma-delimited list of platforms that this module is known to run on.
Log Output
You can call the logger from custom modules to write messages to the minion logs. The following code
snippet demonstrates writing log messages:
import logging
log = logging.getLogger(__name__)
log.info('Here is Some Information')
log.warning('You Should Not Do That')
log.error('It Is Busted')
Aliasing Functions
Sometimes one wishes to use a function name that would shadow a python built-in. A common example would
be set(). To support this, append an underscore to the function definition, def set_():, and use the
__func_alias__ feature to provide an alias to the function.
__func_alias__ is a dictionary where each key is the name of a function in the module, and each value is
a string representing the alias for that function. When calling an aliased function from a different
execution module, state module, or from the cli, the alias name should be used.
__func_alias__ = {
'set_': 'set',
'list_': 'list',
}
Private Functions
In Salt, Python callable objects contained within an execution module are made available to the Salt
minion for use. The only exception to this rule is a callable object with a name starting with an
underscore _.
Objects Loaded Into the Salt Minion
def foo(bar):
return bar
Objects NOT Loaded into the Salt Minion
def _foobar(baz): # Preceded with an _
return baz
cheese = {} # Not a callable Python object
Useful Decorators for Modules
Depends Decorator
When writing execution modules there are many times where some of the module will work on all hosts but
some functions have an external dependency, such as a service that needs to be installed or a binary that
needs to be present on the system.
Instead of trying to wrap much of the code in large try/except blocks, a decorator can be used.
If the dependencies passed to the decorator don't exist, then the salt minion will remove those functions
from the module on that host.
If a fallback_function is defined, it will replace the function instead of removing it
import logging
from salt.utils.decorators import depends
log = logging.getLogger(__name__)
try:
import dependency_that_sometimes_exists
except ImportError as e:
log.trace('Failed to import dependency_that_sometimes_exists: {0}'.format(e))
@depends('dependency_that_sometimes_exists')
def foo():
'''
Function with a dependency on the "dependency_that_sometimes_exists" module,
if the "dependency_that_sometimes_exists" is missing this function will not exist
'''
return True
def _fallback():
'''
Fallback function for the depends decorator to replace a function with
'''
return '"dependency_that_sometimes_exists" needs to be installed for this function to exist'
@depends('dependency_that_sometimes_exists', fallback_function=_fallback)
def foo():
'''
Function with a dependency on the "dependency_that_sometimes_exists" module.
If the "dependency_that_sometimes_exists" is missing this function will be
replaced with "_fallback"
'''
return True
In addition to global dependencies the depends decorator also supports raw booleans.
from salt.utils.decorators import depends
HAS_DEP = False
try:
import dependency_that_sometimes_exists
HAS_DEP = True
except ImportError:
pass
@depends(HAS_DEP)
def foo():
return True
CONFIGURATION MANAGEMENT
Salt contains a robust and flexible configuration management framework, which is built on the remote
execution core. This framework executes on the minions, allowing effortless, simultaneous configuration
of tens of thousands of hosts, by rendering language specific state files. The following links provide
resources to learn more about state and renderers.
States Express the state of a host using small, easy to read, easy to understand configuration files. No
programming required.
Full list of states
Contains: list of install packages, create users, transfer files, start services, and so
on.
Pillar System
Contains: description of Salt's Pillar system.
Highstate data structure
Contains: a dry vocabulary and technical representation of the configuration format that
states represent.
Writing states
Contains: a guide on how to write Salt state modules, easily extending Salt to directly
manage more software.
NOTE:
Salt execution modules are different from state modules and cannot be called as a state in an SLS
file. In other words, this will not work:
moe:
user.rename:
- new_name: larry
- onlyif: id moe
You must use the module states to call execution modules directly. Here's an example:
rename_moe:
module.run:
- m_name: moe
- new_name: larry
- onlyif: id moe
Renderers
Renderers use state configuration files written in a variety of languages, templating engines, or
files. Salt's configuration management system is, under the hood, language agnostic.
Full list of renderers
Contains: a list of renderers. YAML is one choice, but many systems are available, from
alternative templating engines to the PyDSL language for rendering sls formulas.
Renderers
Contains: more information about renderers. Salt states are only concerned with the
ultimate highstate data structure, not how the data structure was created.
How Do I Use Salt States?
Simplicity, Simplicity, Simplicity
Many of the most powerful and useful engineering solutions are founded on simple principles. Salt States
strive to do just that: K.I.S.S. (Keep It Stupidly Simple)
The core of the Salt State system is the SLS, or SaLt State file. The SLS is a representation of the
state in which a system should be in, and is set up to contain this data in a simple format. This is
often called configuration management.
NOTE:
This is just the beginning of using states, make sure to read up on pillar Pillar next.
It is All Just Data
Before delving into the particulars, it will help to understand that the SLS file is just a data
structure under the hood. While understanding that the SLS is just a data structure isn't critical for
understanding and making use of Salt States, it should help bolster knowledge of where the real power is.
SLS files are therefore, in reality, just dictionaries, lists, strings, and numbers. By using this
approach Salt can be much more flexible. As one writes more state files, it becomes clearer exactly what
is being written. The result is a system that is easy to understand, yet grows with the needs of the
admin or developer.
The Top File
The example SLS files in the below sections can be assigned to hosts using a file called top.sls. This
file is described in-depth here.
Default Data - YAML
By default Salt represents the SLS data in what is one of the simplest serialization formats available -
YAML.
A typical SLS file will often look like this in YAML:
NOTE:
These demos use some generic service and package names, different distributions often use different
names for packages and services. For instance apache should be replaced with httpd on a Red Hat
system. Salt uses the name of the init script, systemd name, upstart name etc. based on what the
underlying service management for the platform. To get a list of the available service names on a
platform execute the service.get_all salt function.
Information on how to make states work with multiple distributions is later in the tutorial.
apache:
pkg.installed: []
service.running:
- require:
- pkg: apache
This SLS data will ensure that the package named apache is installed, and that the apache service is
running. The components can be explained in a simple way.
The first line is the ID for a set of data, and it is called the ID Declaration. This ID sets the name of
the thing that needs to be manipulated.
The second and third lines contain the state module function to be run, in the format
<state_module>.<function>. The pkg.installed state module function ensures that a software package is
installed via the system's native package manager. The service.running state module function ensures that
a given system daemon is running.
Finally, on line five, is the word require. This is called a Requisite Statement, and it makes sure that
the Apache service is only started after a successful installation of the apache package.
Adding Configs and Users
When setting up a service like an Apache web server, many more components may need to be added. The
Apache configuration file will most likely be managed, and a user and group may need to be set up.
apache:
pkg.installed: []
service.running:
- watch:
- pkg: apache
- file: /etc/httpd/conf/httpd.conf
- user: apache
user.present:
- uid: 87
- gid: 87
- home: /var/www/html
- shell: /bin/nologin
- require:
- group: apache
group.present:
- gid: 87
- require:
- pkg: apache
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://apache/httpd.conf
- user: root
- group: root
- mode: 644
This SLS data greatly extends the first example, and includes a config file, a user, a group and new
requisite statement: watch.
Adding more states is easy, since the new user and group states are under the Apache ID, the user and
group will be the Apache user and group. The require statements will make sure that the user will only be
made after the group, and that the group will be made only after the Apache package is installed.
Next, the require statement under service was changed to watch, and is now watching 3 states instead of
just one. The watch statement does the same thing as require, making sure that the other states run
before running the state with a watch, but it adds an extra component. The watch statement will run the
state's watcher function for any changes to the watched states. So if the package was updated, the
config file changed, or the user uid modified, then the service state's watcher will be run. The service
state's watcher just restarts the service, so in this case, a change in the config file will also trigger
a restart of the respective service.
Moving Beyond a Single SLS
When setting up Salt States in a scalable manner, more than one SLS will need to be used. The above
examples were in a single SLS file, but two or more SLS files can be combined to build out a State Tree.
The above example also references a file with a strange source - salt://apache/httpd.conf. That file will
need to be available as well.
The SLS files are laid out in a directory structure on the Salt master; an SLS is just a file and files
to download are just files.
The Apache example would be laid out in the root of the Salt file server like this:
apache/init.sls
apache/httpd.conf
So the httpd.conf is just a file in the apache directory, and is referenced directly.
Do not use dots in SLS file names or their directories
The initial implementation of top.sls and include-declaration followed the python import model
where a slash is represented as a period. This means that a SLS file with a period in the name
( besides the suffix period) can not be referenced. For example, webserver_1.0.sls is not
referenceable because webserver_1.0 would refer to the directory/file webserver_1/0.sls
The same applies for any subdirectories, this is especially 'tricky' when git repos are
created. Another command that typically can't render it's output is `state.show_sls` of a file
in a path that contains a dot.
But when using more than one single SLS file, more components can be added to the toolkit. Consider this
SSH example:
ssh/init.sls:
openssh-client:
pkg.installed
/etc/ssh/ssh_config:
file.managed:
- user: root
- group: root
- mode: 644
- source: salt://ssh/ssh_config
- require:
- pkg: openssh-client
ssh/server.sls:
include:
- ssh
openssh-server:
pkg.installed
sshd:
service.running:
- require:
- pkg: openssh-client
- pkg: openssh-server
- file: /etc/ssh/banner
- file: /etc/ssh/sshd_config
/etc/ssh/sshd_config:
file.managed:
- user: root
- group: root
- mode: 644
- source: salt://ssh/sshd_config
- require:
- pkg: openssh-server
/etc/ssh/banner:
file:
- managed
- user: root
- group: root
- mode: 644
- source: salt://ssh/banner
- require:
- pkg: openssh-server
NOTE:
Notice that we use two similar ways of denoting that a file is managed by Salt. In the
/etc/ssh/sshd_config state section above, we use the file.managed state declaration whereas with the
/etc/ssh/banner state section, we use the file state declaration and add a managed attribute to that
state declaration. Both ways produce an identical result; the first way -- using file.managed -- is
merely a shortcut.
Now our State Tree looks like this:
apache/init.sls
apache/httpd.conf
ssh/init.sls
ssh/server.sls
ssh/banner
ssh/ssh_config
ssh/sshd_config
This example now introduces the include statement. The include statement includes another SLS file so
that components found in it can be required, watched or as will soon be demonstrated - extended.
The include statement allows for states to be cross linked. When an SLS has an include statement it is
literally extended to include the contents of the included SLS files.
Note that some of the SLS files are called init.sls, while others are not. More info on what this means
can be found in the States Tutorial.
Extending Included SLS Data
Sometimes SLS data needs to be extended. Perhaps the apache service needs to watch additional resources,
or under certain circumstances a different file needs to be placed.
In these examples, the first will add a custom banner to ssh and the second will add more watchers to
apache to include mod_python.
ssh/custom-server.sls:
include:
- ssh.server
extend:
/etc/ssh/banner:
file:
- source: salt://ssh/custom-banner
python/mod_python.sls:
include:
- apache
extend:
apache:
service:
- watch:
- pkg: mod_python
mod_python:
pkg.installed
The custom-server.sls file uses the extend statement to overwrite where the banner is being downloaded
from, and therefore changing what file is being used to configure the banner.
In the new mod_python SLS the mod_python package is added, but more importantly the apache service was
extended to also watch the mod_python package.
Using extend with require or watch
The extend statement works differently for require or watch. It appends to, rather than
replacing the requisite component.
Understanding the Render System
Since SLS data is simply that (data), it does not need to be represented with YAML. Salt defaults to YAML
because it is very straightforward and easy to learn and use. But the SLS files can be rendered from
almost any imaginable medium, so long as a renderer module is provided.
The default rendering system is the yaml_jinja renderer. The yaml_jinja renderer will first pass the
template through the Jinja2 templating system, and then through the YAML parser. The benefit here is that
full programming constructs are available when creating SLS files.
Other renderers available are yaml_mako and yaml_wempy which each use the Mako or Wempy templating system
respectively rather than the jinja templating system, and more notably, the pure Python or py, pydsl &
pyobjects renderers. The py renderer allows for SLS files to be written in pure Python, allowing for the
utmost level of flexibility and power when preparing SLS data; while the pydsl renderer provides a
flexible, domain-specific language for authoring SLS data in Python; and the pyobjects renderer gives you
a "Pythonic" interface to building state data.
NOTE:
The templating engines described above aren't just available in SLS files. They can also be used in
file.managed states, making file management much more dynamic and flexible. Some examples for using
templates in managed files can be found in the documentation for the file state, as well as the
MooseFS example below.
Getting to Know the Default - yaml_jinja
The default renderer - yaml_jinja, allows for use of the jinja templating system. A guide to the Jinja
templating system can be found here: http://jinja.pocoo.org/docs
When working with renderers a few very useful bits of data are passed in. In the case of templating
engine based renderers, three critical components are available, salt, grains, and pillar. The salt
object allows for any Salt function to be called from within the template, and grains allows for the
Grains to be accessed from within the template. A few examples:
apache/init.sls:
apache:
pkg.installed:
{% if grains['os'] == 'RedHat'%}
- name: httpd
{% endif %}
service.running:
{% if grains['os'] == 'RedHat'%}
- name: httpd
{% endif %}
- watch:
- pkg: apache
- file: /etc/httpd/conf/httpd.conf
- user: apache
user.present:
- uid: 87
- gid: 87
- home: /var/www/html
- shell: /bin/nologin
- require:
- group: apache
group.present:
- gid: 87
- require:
- pkg: apache
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://apache/httpd.conf
- user: root
- group: root
- mode: 644
This example is simple. If the os grain states that the operating system is Red Hat, then the name of the
Apache package and service needs to be httpd.
A more aggressive way to use Jinja can be found here, in a module to set up a MooseFS distributed
filesystem chunkserver:
moosefs/chunk.sls:
include:
- moosefs
{% for mnt in salt['cmd.run']('ls /dev/data/moose*').split() %}
/mnt/moose{{ mnt[-1] }}:
mount.mounted:
- device: {{ mnt }}
- fstype: xfs
- mkmnt: True
file.directory:
- user: mfs
- group: mfs
- require:
- user: mfs
- group: mfs
{% endfor %}
/etc/mfshdd.cfg:
file.managed:
- source: salt://moosefs/mfshdd.cfg
- user: root
- group: root
- mode: 644
- template: jinja
- require:
- pkg: mfs-chunkserver
/etc/mfschunkserver.cfg:
file.managed:
- source: salt://moosefs/mfschunkserver.cfg
- user: root
- group: root
- mode: 644
- template: jinja
- require:
- pkg: mfs-chunkserver
mfs-chunkserver:
pkg.installed: []
mfschunkserver:
service.running:
- require:
{% for mnt in salt['cmd.run']('ls /dev/data/moose*') %}
- mount: /mnt/moose{{ mnt[-1] }}
- file: /mnt/moose{{ mnt[-1] }}
{% endfor %}
- file: /etc/mfschunkserver.cfg
- file: /etc/mfshdd.cfg
- file: /var/lib/mfs
This example shows much more of the available power of Jinja. Multiple for loops are used to dynamically
detect available hard drives and set them up to be mounted, and the salt object is used multiple times to
call shell commands to gather data.
Introducing the Python, PyDSL, and the Pyobjects Renderers
Sometimes the chosen default renderer might not have enough logical power to accomplish the needed task.
When this happens, the Python renderer can be used. Normally a YAML renderer should be used for the
majority of SLS files, but an SLS file set to use another renderer can be easily added to the tree.
This example shows a very basic Python SLS file:
python/django.sls:
#!py
def run():
'''
Install the django package
'''
return {'include': ['python'],
'django': {'pkg': ['installed']}}
This is a very simple example; the first line has an SLS shebang that tells Salt to not use the default
renderer, but to use the py renderer. Then the run function is defined, the return value from the run
function must be a Salt friendly data structure, or better known as a Salt HighState data structure.
Alternatively, using the pydsl renderer, the above example can be written more succinctly as:
#!pydsl
include('python', delayed=True)
state('django').pkg.installed()
The pyobjects renderer provides an "Pythonic" object based approach for building the state data. The
above example could be written as:
#!pyobjects
include('python')
Pkg.installed("django")
These Python examples would look like this if they were written in YAML:
include:
- python
django:
pkg.installed
This example clearly illustrates that; one, using the YAML renderer by default is a wise decision and
two, unbridled power can be obtained where needed by using a pure Python SLS.
Running and Debugging Salt States
Once the rules in an SLS are ready, they should be tested to ensure they work properly. To invoke these
rules, simply execute salt '*' state.apply on the command line. If you get back only hostnames with a :
after, but no return, chances are there is a problem with one or more of the sls files. On the minion,
use the salt-call command to examine the output for errors:
salt-call state.apply -l debug
This should help troubleshoot the issue. The minion can also be started in the foreground in debug mode
by running salt-minion -l debug.
Next Reading
With an understanding of states, the next recommendation is to become familiar with Salt's pillar
interface:
Pillar Walkthrough
States tutorial, part 1 - Basic Usage
The purpose of this tutorial is to demonstrate how quickly you can configure a system to be managed by
Salt States. For detailed information about the state system please refer to the full states reference.
This tutorial will walk you through using Salt to configure a minion to run the Apache HTTP server and to
ensure the server is running.
Before continuing make sure you have a working Salt installation by following the installation and the
configuration instructions.
Stuck?
There are many ways to get help from the Salt community including our mailing list and our IRC
channel #salt.
Setting up the Salt State Tree
States are stored in text files on the master and transferred to the minions on demand via the master's
File Server. The collection of state files make up the State Tree.
To start using a central state system in Salt, the Salt File Server must first be set up. Edit the master
config file (file_roots) and uncomment the following lines:
file_roots:
base:
- /srv/salt
NOTE:
If you are deploying on FreeBSD via ports, the file_roots path defaults to /usr/local/etc/salt/states.
Restart the Salt master in order to pick up this change:
pkill salt-master
salt-master -d
Preparing the Top File
On the master, in the directory uncommented in the previous step, (/srv/salt by default), create a new
file called top.sls and add the following:
base:
'*':
- webserver
The top file is separated into environments (discussed later). The default environment is base. Under the
base environment a collection of minion matches is defined; for now simply specify all hosts (*).
Targeting minions
The expressions can use any of the targeting mechanisms used by Salt — minions can be matched
by glob, PCRE regular expression, or by grains. For example:
base:
'os:Fedora':
- match: grain
- webserver
Create an sls file
In the same directory as the top file, create a file named webserver.sls, containing the following:
apache: # ID declaration
pkg: # state declaration
- installed # function declaration
The first line, called the id-declaration, is an arbitrary identifier. In this case it defines the name
of the package to be installed.
NOTE:
The package name for the Apache httpd web server may differ depending on OS or distro — for example,
on Fedora it is httpd but on Debian/Ubuntu it is apache2.
The second line, called the state-declaration, defines which of the Salt States we are using. In this
example, we are using the pkg state to ensure that a given package is installed.
The third line, called the function-declaration, defines which function in the pkg state module to call.
Renderers
States sls files can be written in many formats. Salt requires only a simple data structure and
is not concerned with how that data structure is built. Templating languages and DSLs are a
dime-a-dozen and everyone has a favorite.
Building the expected data structure is the job of Salt renderers and they are dead-simple to
write.
In this tutorial we will be using YAML in Jinja2 templates, which is the default format. The
default can be changed by editing renderer in the master configuration file.
Install the package
Next, let's run the state we created. Open a terminal on the master and run:
salt '*' state.apply
Our master is instructing all targeted minions to run state.apply. When this function is executed without
any SLS targets, a minion will download the top file and attempt to match the expressions within it. When
the minion does match an expression the modules listed for it will be downloaded, compiled, and executed.
NOTE:
This action is referred to as a "highstate", and can be run using the state.highstate function.
However, to make the usage easier to understand ("highstate" is not necessarily an intuitive name), a
state.apply function was added in version 2015.5.0, which when invoked without any SLS names will
trigger a highstate. state.highstate still exists and can be used, but the documentation (as can be
seen above) has been updated to reference state.apply, so keep the following in mind as you read the
documentation:
• state.apply invoked without any SLS names will run state.highstate
• state.apply invoked with SLS names will run state.sls
Once completed, the minion will report back with a summary of all actions taken and all changes made.
WARNING:
If you have created custom grain modules, they will not be available in the top file until after the
first highstate. To make custom grains available on a minion's first highstate, it is recommended to
use this example to ensure that the custom grains are synced when the minion starts.
SLS File Namespace
Note that in the example above, the SLS file webserver.sls was referred to simply as webserver.
The namespace for SLS files when referenced in top.sls or an include-declaration follows a few
simple rules:
1. The .sls is discarded (i.e. webserver.sls becomes webserver).
2.
Subdirectories can be used for better organization.
a. Each subdirectory is represented with a dot (following the Python import model) in Salt
states and on the command line . webserver/dev.sls on the filesystem is referred to as
webserver.dev in Salt
b. Because slashes are represented as dots, SLS files can not contain dots in the name
(other than the dot for the SLS suffix). The SLS file webserver_1.0.sls can not be
matched, and webserver_1.0 would match the directory/file webserver_1/0.sls
3. A file called init.sls in a subdirectory is referred to by the path of the directory. So,
webserver/init.sls is referred to as webserver.
4. If both webserver.sls and webserver/init.sls happen to exist, webserver/init.sls will be ignored
and webserver.sls will be the file referred to as webserver.
Troubleshooting Salt
If the expected output isn't seen, the following tips can help to narrow down the problem.
Turn up logging
Salt can be quite chatty when you change the logging setting to debug:
salt-minion -l debug
Run the minion in the foreground
By not starting the minion in daemon mode (-d) one can view any output from the minion as it
works:
salt-minion
Increase the default timeout value when running salt. For example, to change the default timeout to 60
seconds:
salt -t 60
For best results, combine all three:
salt-minion -l debug # On the minion
salt '*' state.apply -t 60 # On the master
Next steps
This tutorial focused on getting a simple Salt States configuration working. Part 2 will build on this
example to cover more advanced sls syntax and will explore more of the states that ship with Salt.
States tutorial, part 2 - More Complex States, Requisites
NOTE:
This tutorial builds on topics covered in part 1. It is recommended that you begin there.
In the last part of the Salt States tutorial we covered the basics of installing a package. We will now
modify our webserver.sls file to have requirements, and use even more Salt States.
Call multiple States
You can specify multiple state-declaration under an id-declaration. For example, a quick modification to
our webserver.sls to also start Apache if it is not running:
apache:
pkg.installed: []
service.running:
- require:
- pkg: apache
Try stopping Apache before running state.apply once again and observe the output.
NOTE:
For those running RedhatOS derivatives (Centos, AWS), you will want to specify the service name to be
httpd. More on state service here, service state. With the example above, just add "- name: httpd"
above the require line and with the same spacing.
Require other states
We now have a working installation of Apache so let's add an HTML file to customize our website. It isn't
exactly useful to have a website without a webserver so we don't want Salt to install our HTML file until
Apache is installed and running. Include the following at the bottom of your webserver/init.sls file:
apache:
pkg.installed: []
service.running:
- require:
- pkg: apache
/var/www/index.html: # ID declaration
file: # state declaration
- managed # function
- source: salt://webserver/index.html # function arg
- require: # requisite declaration
- pkg: apache # requisite reference
line 7 is the id-declaration. In this example it is the location we want to install our custom HTML file.
(Note: the default location that Apache serves may differ from the above on your OS or distro. /srv/www
could also be a likely place to look.)
Line 8 the state-declaration. This example uses the Salt file state.
Line 9 is the function-declaration. The managed function will download a file from the master and install
it in the location specified.
Line 10 is a function-arg-declaration which, in this example, passes the source argument to the managed
function.
Line 11 is a requisite-declaration.
Line 12 is a requisite-reference which refers to a state and an ID. In this example, it is referring to
the ID declaration from our example in part 1. This declaration tells Salt not to install the HTML file
until Apache is installed.
Next, create the index.html file and save it in the webserver directory:
<!DOCTYPE html>
<html>
<head><title>Salt rocks</title></head>
<body>
<h1>This file brought to you by Salt</h1>
</body>
</html>
Last, call state.apply again and the minion will fetch and execute the highstate as well as our HTML file
from the master using Salt's File Server:
salt '*' state.apply
Verify that Apache is now serving your custom HTML.
require vs. watch
There are two requisite-declaration, “require”, and “watch”. Not every state supports “watch”.
The service state does support “watch” and will restart a service based on the watch condition.
For example, if you use Salt to install an Apache virtual host configuration file and want to
restart Apache whenever that file is changed you could modify our Apache example from earlier
as follows:
/etc/httpd/extra/httpd-vhosts.conf:
file.managed:
- source: salt://webserver/httpd-vhosts.conf
apache:
pkg.installed: []
service.running:
- watch:
- file: /etc/httpd/extra/httpd-vhosts.conf
- require:
- pkg: apache
If the pkg and service names differ on your OS or distro of choice you can specify each one separately
using a name-declaration which explained in Part 3.
Next steps
In part 3 we will discuss how to use includes, extends, and templating to make a more complete State Tree
configuration.
States tutorial, part 3 - Templating, Includes, Extends
NOTE:
This tutorial builds on topics covered in part 1 and part 2. It is recommended that you begin there.
This part of the tutorial will cover more advanced templating and configuration techniques for sls files.
Templating SLS modules
SLS modules may require programming logic or inline execution. This is accomplished with module
templating. The default module templating system used is Jinja2 and may be configured by changing the
renderer value in the master config.
All states are passed through a templating system when they are initially read. To make use of the
templating system, simply add some templating markup. An example of an sls module with templating markup
may look like this:
{% for usr in ['moe','larry','curly'] %}
{{ usr }}:
user.present
{% endfor %}
This templated sls file once generated will look like this:
moe:
user.present
larry:
user.present
curly:
user.present
Here's a more complex example:
# Comments in yaml start with a hash symbol.
# Since jinja rendering occurs before yaml parsing, if you want to include jinja
# in the comments you may need to escape them using 'jinja' comments to prevent
# jinja from trying to render something which is not well-defined jinja.
# e.g.
# {# iterate over the Three Stooges using a {% for %}..{% endfor %} loop
# with the iterator variable {{ usr }} becoming the state ID. #}
{% for usr in 'moe','larry','curly' %}
{{ usr }}:
group:
- present
user:
- present
- gid_from_name: True
- require:
- group: {{ usr }}
{% endfor %}
Using Grains in SLS modules
Often times a state will need to behave differently on different systems. Salt grains objects are made
available in the template context. The grains can be used from within sls modules:
apache:
pkg.installed:
{% if grains['os'] == 'RedHat' %}
- name: httpd
{% elif grains['os'] == 'Ubuntu' %}
- name: apache2
{% endif %}
Using Environment Variables in SLS modules
You can use salt['environ.get']('VARNAME') to use an environment variable in a Salt state.
MYENVVAR="world" salt-call state.template test.sls
Create a file with contents from an environment variable:
file.managed:
- name: /tmp/hello
- contents: {{ salt['environ.get']('MYENVVAR') }}
Error checking:
{% set myenvvar = salt['environ.get']('MYENVVAR') %}
{% if myenvvar %}
Create a file with contents from an environment variable:
file.managed:
- name: /tmp/hello
- contents: {{ salt['environ.get']('MYENVVAR') }}
{% else %}
Fail - no environment passed in:
test.fail_without_changes
{% endif %}
Calling Salt modules from templates
All of the Salt modules loaded by the minion are available within the templating system. This allows data
to be gathered in real time on the target system. It also allows for shell commands to be run easily from
within the sls modules.
The Salt module functions are also made available in the template context as salt:
The following example illustrates calling the group_to_gid function in the file execution module with a
single positional argument called some_group_that_exists.
moe:
user.present:
- gid: {{ salt['file.group_to_gid']('some_group_that_exists') }}
One way to think about this might be that the gid key is being assigned a value equivelent to the
following python pseudo-code:
import salt.modules.file
file.group_to_gid('some_group_that_exists')
Note that for the above example to work, some_group_that_exists must exist before the state file is
processed by the templating engine.
Below is an example that uses the network.hw_addr function to retrieve the MAC address for eth0:
salt['network.hw_addr']('eth0')
To examine the possible arguments to each execution module function, one can examine the module reference
documentation </ref/modules/all>:
Advanced SLS module syntax
Lastly, we will cover some incredibly useful techniques for more complex State trees.
Include declaration
A previous example showed how to spread a Salt tree across several files. Similarly, requisites span
multiple files by using an include-declaration. For example:
python/python-libs.sls:
python-dateutil:
pkg.installed
python/django.sls:
include:
- python.python-libs
django:
pkg.installed:
- require:
- pkg: python-dateutil
Extend declaration
You can modify previous declarations by using an extend-declaration. For example the following modifies
the Apache tree to also restart Apache when the vhosts file is changed:
apache/apache.sls:
apache:
pkg.installed
apache/mywebsite.sls:
include:
- apache.apache
extend:
apache:
service:
- running
- watch:
- file: /etc/httpd/extra/httpd-vhosts.conf
/etc/httpd/extra/httpd-vhosts.conf:
file.managed:
- source: salt://apache/httpd-vhosts.conf
Using extend with require or watch
The extend statement works differently for require or watch. It appends to, rather than
replacing the requisite component.
Name declaration
You can override the id-declaration by using a name-declaration. For example, the previous example is a
bit more maintainable if rewritten as follows:
apache/mywebsite.sls:
include:
- apache.apache
extend:
apache:
service:
- running
- watch:
- file: mywebsite
mywebsite:
file.managed:
- name: /etc/httpd/extra/httpd-vhosts.conf
- source: salt://apache/httpd-vhosts.conf
Names declaration
Even more powerful is using a names-declaration to override the id-declaration for multiple states at
once. This often can remove the need for looping in a template. For example, the first example in this
tutorial can be rewritten without the loop:
stooges:
user.present:
- names:
- moe
- larry
- curly
Next steps
In part 4 we will discuss how to use salt's file_roots to set up a workflow in which states can be
"promoted" from dev, to QA, to production.
States tutorial, part 4
NOTE:
This tutorial builds on topics covered in part 1, part 2, and part 3. It is recommended that you
begin there.
This part of the tutorial will show how to use salt's file_roots to set up a workflow in which states can
be "promoted" from dev, to QA, to production.
Salt fileserver path inheritance
Salt's fileserver allows for more than one root directory per environment, like in the below example,
which uses both a local directory and a secondary location shared to the salt master via NFS:
# In the master config file (/etc/salt/master)
file_roots:
base:
- /srv/salt
- /mnt/salt-nfs/base
Salt's fileserver collapses the list of root directories into a single virtual environment containing all
files from each root. If the same file exists at the same relative path in more than one root, then the
top-most match "wins". For example, if /srv/salt/foo.txt and /mnt/salt-nfs/base/foo.txt both exist, then
salt://foo.txt will point to /srv/salt/foo.txt.
NOTE:
When using multiple fileserver backends, the order in which they are listed in the fileserver_backend
parameter also matters. If both roots and git backends contain a file with the same relative path, and
roots appears before git in the fileserver_backend list, then the file in roots will "win", and the
file in gitfs will be ignored.
A more thorough explanation of how Salt's modular fileserver works can be found here. We recommend
reading this.
Environment configuration
Configure a multiple-environment setup like so:
file_roots:
base:
- /srv/salt/prod
qa:
- /srv/salt/qa
- /srv/salt/prod
dev:
- /srv/salt/dev
- /srv/salt/qa
- /srv/salt/prod
Given the path inheritance described above, files within /srv/salt/prod would be available in all
environments. Files within /srv/salt/qa would be available in both qa, and dev. Finally, the files within
/srv/salt/dev would only be available within the dev environment.
Based on the order in which the roots are defined, new files/states can be placed within /srv/salt/dev,
and pushed out to the dev hosts for testing.
Those files/states can then be moved to the same relative path within /srv/salt/qa, and they are now
available only in the dev and qa environments, allowing them to be pushed to QA hosts and tested.
Finally, if moved to the same relative path within /srv/salt/prod, the files are now available in all
three environments.
Requesting files from specific fileserver environments
See here for documentation on how to request files from specific environments.
Practical Example
As an example, consider a simple website, installed to /var/www/foobarcom. Below is a top.sls that can
be used to deploy the website:
/srv/salt/prod/top.sls:
base:
'web*prod*':
- webserver.foobarcom
qa:
'web*qa*':
- webserver.foobarcom
dev:
'web*dev*':
- webserver.foobarcom
Using pillar, roles can be assigned to the hosts:
/srv/pillar/top.sls:
base:
'web*prod*':
- webserver.prod
'web*qa*':
- webserver.qa
'web*dev*':
- webserver.dev
/srv/pillar/webserver/prod.sls:
webserver_role: prod
/srv/pillar/webserver/qa.sls:
webserver_role: qa
/srv/pillar/webserver/dev.sls:
webserver_role: dev
And finally, the SLS to deploy the website:
/srv/salt/prod/webserver/foobarcom.sls:
{% if pillar.get('webserver_role', '') %}
/var/www/foobarcom:
file.recurse:
- source: salt://webserver/src/foobarcom
- env: {{ pillar['webserver_role'] }}
- user: www
- group: www
- dir_mode: 755
- file_mode: 644
{% endif %}
Given the above SLS, the source for the website should initially be placed in
/srv/salt/dev/webserver/src/foobarcom.
First, let's deploy to dev. Given the configuration in the top file, this can be done using state.apply:
salt --pillar 'webserver_role:dev' state.apply
However, in the event that it is not desirable to apply all states configured in the top file (which
could be likely in more complex setups), it is possible to apply just the states for the foobarcom
website, by invoking state.apply with the desired SLS target as an argument:
salt --pillar 'webserver_role:dev' state.apply webserver.foobarcom
Once the site has been tested in dev, then the files can be moved from
/srv/salt/dev/webserver/src/foobarcom to /srv/salt/qa/webserver/src/foobarcom, and deployed using the
following:
salt --pillar 'webserver_role:qa' state.apply webserver.foobarcom
Finally, once the site has been tested in qa, then the files can be moved from
/srv/salt/qa/webserver/src/foobarcom to /srv/salt/prod/webserver/src/foobarcom, and deployed using the
following:
salt --pillar 'webserver_role:prod' state.apply webserver.foobarcom
Thanks to Salt's fileserver inheritance, even though the files have been moved to within /srv/salt/prod,
they are still available from the same salt:// URI in both the qa and dev environments.
Continue Learning
The best way to continue learning about Salt States is to read through the reference documentation and to
look through examples of existing state trees. Many pre-configured state trees can be found on GitHub in
the saltstack-formulas collection of repositories.
If you have any questions, suggestions, or just want to chat with other people who are using Salt, we
have a very active community and we'd love to hear from you.
In addition, by continuing to the Orchestrate Runner docs, you can learn about the powerful orchestration
of which Salt is capable.
State System Reference
Salt offers an interface to manage the configuration or "state" of the Salt minions. This interface is a
fully capable mechanism used to enforce the state of systems from a central manager.
Mod Aggregate State Runtime Modifications
New in version 2014.7.0.
The mod_aggregate system was added in the 2014.7.0 release of Salt and allows for runtime modification of
the executing state data. Simply put, it allows for the data used by Salt's state system to be changed on
the fly at runtime, kind of like a configuration management JIT compiler or a runtime import system. All
in all, it makes Salt much more dynamic.
How it Works
The best example is the pkg state. One of the major requests in Salt has long been adding the ability to
install all packages defined at the same time. The mod_aggregate system makes this a reality. While
executing Salt's state system, when a pkg state is reached the mod_aggregate function in the state module
is called. For pkg this function scans all of the other states that are slated to run, and picks up the
references to name and pkgs, then adds them to pkgs in the first state. The result is a single call to
yum, apt-get, pacman, etc as part of the first package install.
How to Use it
NOTE:
Since this option changes the basic behavior of the state runtime, after it is enabled states should
be executed using test=True to ensure that the desired behavior is preserved.
In config files
The first way to enable aggregation is with a configuration option in either the master or minion
configuration files. Salt will invoke mod_aggregate the first time it encounters a state module that has
aggregate support.
If this option is set in the master config it will apply to all state runs on all minions, if set in the
minion config it will only apply to said minion.
Enable for all states:
state_aggregate: True
Enable for only specific state modules:
state_aggregate:
- pkg
In states
The second way to enable aggregation is with the state-level aggregate keyword. In this configuration,
Salt will invoke the mod_aggregate function the first time it encounters this keyword. Any additional
occurrences of the keyword will be ignored as the aggregation has already taken place.
The following example will trigger mod_aggregate when the lamp_stack state is processed resulting in a
single call to the underlying package manager.
lamp_stack:
pkg.installed:
- pkgs:
- php
- mysql-client
- aggregate: True
memcached:
pkg.installed:
- name: memcached
Adding mod_aggregate to a State Module
Adding a mod_aggregate routine to an existing state module only requires adding an additional function to
the state module called mod_aggregate.
The mod_aggregate function just needs to accept three parameters and return the low data to use. Since
mod_aggregate is working on the state runtime level it does need to manipulate low data.
The three parameters are low, chunks, and running. The low option is the low data for the state execution
which is about to be called. The chunks is the list of all of the low data dictionaries which are being
executed by the runtime and the running dictionary is the return data from all of the state executions
which have already be executed.
This example, simplified from the pkg state, shows how to create mod_aggregate functions:
def mod_aggregate(low, chunks, running):
'''
The mod_aggregate function which looks up all packages in the available
low chunks and merges them into a single pkgs ref in the present low data
'''
pkgs = []
# What functions should we aggregate?
agg_enabled = [
'installed',
'latest',
'removed',
'purged',
]
# The `low` data is just a dict with the state, function (fun) and
# arguments passed in from the sls
if low.get('fun') not in agg_enabled:
return low
# Now look into what other things are set to execute
for chunk in chunks:
# The state runtime uses "tags" to track completed jobs, it may
# look familiar with the _|-
tag = salt.utils.gen_state_tag(chunk)
if tag in running:
# Already ran the pkg state, skip aggregation
continue
if chunk.get('state') == 'pkg':
if '__agg__' in chunk:
continue
# Check for the same function
if chunk.get('fun') != low.get('fun'):
continue
# Pull out the pkg names!
if 'pkgs' in chunk:
pkgs.extend(chunk['pkgs'])
chunk['__agg__'] = True
elif 'name' in chunk:
pkgs.append(chunk['name'])
chunk['__agg__'] = True
if pkgs:
if 'pkgs' in low:
low['pkgs'].extend(pkgs)
else:
low['pkgs'] = pkgs
# The low has been modified and needs to be returned to the state
# runtime for execution
return low
Altering States
NOTE:
This documentation has been moved here.
File State Backups
In 0.10.2 a new feature was added for backing up files that are replaced by the file.managed and
file.recurse states. The new feature is called the backup mode. Setting the backup mode is easy, but it
can be set in a number of places.
The backup_mode can be set in the minion config file:
backup_mode: minion
Or it can be set for each file:
/etc/ssh/sshd_config:
file.managed:
- source: salt://ssh/sshd_config
- backup: minion
Backed-up Files
The files will be saved in the minion cachedir under the directory named file_backup. The files will be
in the location relative to where they were under the root filesystem and be appended with a timestamp.
This should make them easy to browse.
Interacting with Backups
Starting with version 0.17.0, it will be possible to list, restore, and delete previously-created
backups.
Listing
The backups for a given file can be listed using file.list_backups:
# salt foo.bar.com file.list_backups /tmp/foo.txt
foo.bar.com:
----------
0:
----------
Backup Time:
Sat Jul 27 2013 17:48:41.738027
Location:
/var/cache/salt/minion/file_backup/tmp/foo.txt_Sat_Jul_27_17:48:41_738027_2013
Size:
13
1:
----------
Backup Time:
Sat Jul 27 2013 17:48:28.369804
Location:
/var/cache/salt/minion/file_backup/tmp/foo.txt_Sat_Jul_27_17:48:28_369804_2013
Size:
35
Restoring
Restoring is easy using file.restore_backup, just pass the path and the numeric id found with
file.list_backups:
# salt foo.bar.com file.restore_backup /tmp/foo.txt 1
foo.bar.com:
----------
comment:
Successfully restored /var/cache/salt/minion/file_backup/tmp/foo.txt_Sat_Jul_27_17:48:28_369804_2013 to /tmp/foo.txt
result:
True
The existing file will be backed up, just in case, as can be seen if file.list_backups is run again:
# salt foo.bar.com file.list_backups /tmp/foo.txt
foo.bar.com:
----------
0:
----------
Backup Time:
Sat Jul 27 2013 18:00:19.822550
Location:
/var/cache/salt/minion/file_backup/tmp/foo.txt_Sat_Jul_27_18:00:19_822550_2013
Size:
53
1:
----------
Backup Time:
Sat Jul 27 2013 17:48:41.738027
Location:
/var/cache/salt/minion/file_backup/tmp/foo.txt_Sat_Jul_27_17:48:41_738027_2013
Size:
13
2:
----------
Backup Time:
Sat Jul 27 2013 17:48:28.369804
Location:
/var/cache/salt/minion/file_backup/tmp/foo.txt_Sat_Jul_27_17:48:28_369804_2013
Size:
35
NOTE:
Since no state is being run, restoring a file will not trigger any watches for the file. So, if you
are restoring a config file for a service, it will likely still be necessary to run a service.restart.
Deleting
Deleting backups can be done using file.delete_backup:
# salt foo.bar.com file.delete_backup /tmp/foo.txt 0
foo.bar.com:
----------
comment:
Successfully removed /var/cache/salt/minion/file_backup/tmp/foo.txt_Sat_Jul_27_18:00:19_822550_2013
result:
True
Understanding State Compiler Ordering
NOTE:
This tutorial is an intermediate level tutorial. Some basic understanding of the state system and
writing Salt Formulas is assumed.
Salt's state system is built to deliver all of the power of configuration management systems without
sacrificing simplicity. This tutorial is made to help users understand in detail just how the order is
defined for state executions in Salt.
This tutorial is written to represent the behavior of Salt as of version 0.17.0.
Compiler Basics
To understand ordering in depth some very basic knowledge about the state compiler is very helpful. No
need to worry though, this is very high level!
High Data and Low Data
When defining Salt Formulas in YAML the data that is being represented is referred to by the compiler as
High Data. When the data is initially loaded into the compiler it is a single large python dictionary,
this dictionary can be viewed raw by running:
salt '*' state.show_highstate
This "High Data" structure is then compiled down to "Low Data". The Low Data is what is matched up to
create individual executions in Salt's configuration management system. The low data is an ordered list
of single state calls to execute. Once the low data is compiled the evaluation order can be seen.
The low data can be viewed by running:
salt '*' state.show_lowstate
NOTE:
The state execution module contains MANY functions for evaluating the state system and is well worth a
read! These routines can be very useful when debugging states or to help deepen one's understanding of
Salt's state system.
As an example, a state written thusly:
apache:
pkg.installed:
- name: httpd
service.running:
- name: httpd
- watch:
- file: apache_conf
- pkg: apache
apache_conf:
file.managed:
- name: /etc/httpd/conf.d/httpd.conf
- source: salt://apache/httpd.conf
Will have High Data which looks like this represented in json:
{
"apache": {
"pkg": [
{
"name": "httpd"
},
"installed",
{
"order": 10000
}
],
"service": [
{
"name": "httpd"
},
{
"watch": [
{
"file": "apache_conf"
},
{
"pkg": "apache"
}
]
},
"running",
{
"order": 10001
}
],
"__sls__": "blah",
"__env__": "base"
},
"apache_conf": {
"file": [
{
"name": "/etc/httpd/conf.d/httpd.conf"
},
{
"source": "salt://apache/httpd.conf"
},
"managed",
{
"order": 10002
}
],
"__sls__": "blah",
"__env__": "base"
}
}
The subsequent Low Data will look like this:
[
{
"name": "httpd",
"state": "pkg",
"__id__": "apache",
"fun": "installed",
"__env__": "base",
"__sls__": "blah",
"order": 10000
},
{
"name": "httpd",
"watch": [
{
"file": "apache_conf"
},
{
"pkg": "apache"
}
],
"state": "service",
"__id__": "apache",
"fun": "running",
"__env__": "base",
"__sls__": "blah",
"order": 10001
},
{
"name": "/etc/httpd/conf.d/httpd.conf",
"source": "salt://apache/httpd.conf",
"state": "file",
"__id__": "apache_conf",
"fun": "managed",
"__env__": "base",
"__sls__": "blah",
"order": 10002
}
]
This tutorial discusses the Low Data evaluation and the state runtime.
Ordering Layers
Salt defines 2 order interfaces which are evaluated in the state runtime and defines these orders in a
number of passes.
Definition Order
NOTE:
The Definition Order system can be disabled by turning the option state_auto_order to False in the
master configuration file.
The top level of ordering is the Definition Order. The Definition Order is the order in which states are
defined in salt formulas. This is very straightforward on basic states which do not contain include
statements or a top file, as the states are just ordered from the top of the file, but the include system
starts to bring in some simple rules for how the Definition Order is defined.
Looking back at the "Low Data" and "High Data" shown above, the order key has been transparently added to
the data to enable the Definition Order.
The Include Statement
Basically, if there is an include statement in a formula, then the formulas which are included will be
run BEFORE the contents of the formula which is including them. Also, the include statement is a list, so
they will be loaded in the order in which they are included.
In the following case:
foo.sls
include:
- bar
- baz
bar.sls
include:
- quo
baz.sls
include:
- qux
In the above case if state.apply foo were called then the formulas will be loaded in the following order:
1. quo
2. bar
3. qux
4. baz
5. foo
The order Flag
The Definition Order happens transparently in the background, but the ordering can be explicitly
overridden using the order flag in states:
apache:
pkg.installed:
- name: httpd
- order: 1
This order flag will over ride the definition order, this makes it very simple to create states that are
always executed first, last or in specific stages, a great example is defining a number of package
repositories that need to be set up before anything else, or final checks that need to be run at the end
of a state run by using order: last or order: -1.
When the order flag is explicitly set the Definition Order system will omit setting an order for that
state and directly use the order flag defined.
Lexicographical Fall-back
Salt states were written to ALWAYS execute in the same order. Before the introduction of Definition Order
in version 0.17.0 everything was ordered lexicographically according to the name of the state, then
function then id.
This is the way Salt has always ensured that states always run in the same order regardless of where they
are deployed, the addition of the Definition Order method mealy makes this finite ordering easier to
follow.
The lexicographical ordering is still applied but it only has any effect when two order statements
collide. This means that if multiple states are assigned the same order number that they will fall back
to lexicographical ordering to ensure that every execution still happens in a finite order.
NOTE:
If running with state_auto_order: False the order key is not set automatically, since the
Lexicographical order can be derived from other keys.
Requisite Ordering
Salt states are fully declarative, in that they are written to declare the state in which a system should
be. This means that components can require that other components have been set up successfully. Unlike
the other ordering systems, the Requisite system in Salt is evaluated at runtime.
The requisite system is also built to ensure that the ordering of execution never changes, but is always
the same for a given set of states. This is accomplished by using a runtime that processes states in a
completely predictable order instead of using an event loop based system like other declarative
configuration management systems.
Runtime Requisite Evaluation
The requisite system is evaluated as the components are found, and the requisites are always evaluated in
the same order. This explanation will be followed by an example, as the raw explanation may be a little
dizzying at first as it creates a linear dependency evaluation sequence.
The "Low Data" is an ordered list or dictionaries, the state runtime evaluates each dictionary in the
order in which they are arranged in the list. When evaluating a single dictionary it is checked for
requisites, requisites are evaluated in order, require then watch then prereq.
NOTE:
If using requisite in statements like require_in and watch_in these will be compiled down to require
and watch statements before runtime evaluation.
Each requisite contains an ordered list of requisites, these requisites are looked up in the list of
dictionaries and then executed. Once all requisites have been evaluated and executed then the requiring
state can safely be run (or not run if requisites have not been met).
This means that the requisites are always evaluated in the same order, again ensuring one of the core
design principals of Salt's State system to ensure that execution is always finite is intact.
Simple Runtime Evaluation Example
Given the above "Low Data" the states will be evaluated in the following order:
1. The pkg.installed is executed ensuring that the apache package is installed, it contains no requisites
and is therefore the first defined state to execute.
2. The service.running state is evaluated but NOT executed, a watch requisite is found, therefore they
are read in order, the runtime first checks for the file, sees that it has not been executed and calls
for the file state to be evaluated.
3. The file state is evaluated AND executed, since it, like the pkg state does not contain any
requisites.
4. The evaluation of the service state continues, it next checks the pkg requisite and sees that it is
met, with all requisites met the service state is now executed.
Best Practice
The best practice in Salt is to choose a method and stick with it, official states are written using
requisites for all associations since requisites create clean, traceable dependency trails and make for
the most portable formulas. To accomplish something similar to how classical imperative systems function
all requisites can be omitted and the failhard option then set to True in the master configuration, this
will stop all state runs at the first instance of a failure.
In the end, using requisites creates very tight and fine grained states, not using requisites makes full
sequence runs and while slightly easier to write, and gives much less control over the executions.
Extending External SLS Data
Sometimes a state defined in one SLS file will need to be modified from a separate SLS file. A good
example of this is when an argument needs to be overwritten or when a service needs to watch an
additional state.
The Extend Declaration
The standard way to extend is via the extend declaration. The extend declaration is a top level
declaration like include and encapsulates ID declaration data included from other SLS files. A standard
extend looks like this:
include:
- http
- ssh
extend:
apache:
file:
- name: /etc/httpd/conf/httpd.conf
- source: salt://http/httpd2.conf
ssh-server:
service:
- watch:
- file: /etc/ssh/banner
/etc/ssh/banner:
file.managed:
- source: salt://ssh/banner
A few critical things happened here, first off the SLS files that are going to be extended are included,
then the extend dec is defined. Under the extend dec 2 IDs are extended, the apache ID's file state is
overwritten with a new name and source. Then the ssh server is extended to watch the banner file in
addition to anything it is already watching.
Extend is a Top Level Declaration
This means that extend can only be called once in an sls, if it is used twice then only one of the extend
blocks will be read. So this is WRONG:
include:
- http
- ssh
extend:
apache:
file:
- name: /etc/httpd/conf/httpd.conf
- source: salt://http/httpd2.conf
# Second extend will overwrite the first!! Only make one
extend:
ssh-server:
service:
- watch:
- file: /etc/ssh/banner
The Requisite in Statement
Since one of the most common things to do when extending another SLS is to add states for a service to
watch, or anything for a watcher to watch, the requisite in statement was added to 0.9.8 to make
extending the watch and require lists easier. The ssh-server extend statement above could be more cleanly
defined like so:
include:
- ssh
/etc/ssh/banner:
file.managed:
- source: salt://ssh/banner
- watch_in:
- service: ssh-server
Rules to Extend By
There are a few rules to remember when extending states:
1. Always include the SLS being extended with an include declaration
2. Requisites (watch and require) are appended to, everything else is overwritten
3. extend is a top level declaration, like an ID declaration, cannot be declared twice in a single SLS
4. Many IDs can be extended under the extend declaration
Failhard Global Option
Normally, when a state fails Salt continues to execute the remainder of the defined states and will only
refuse to execute states that require the failed state.
But the situation may exist, where you would want all state execution to stop if a single state execution
fails. The capability to do this is called failing hard.
State Level Failhard
A single state can have a failhard set, this means that if this individual state fails that all state
execution will immediately stop. This is a great thing to do if there is a state that sets up a critical
config file and setting a require for each state that reads the config would be cumbersome. A good
example of this would be setting up a package manager early on:
/etc/yum.repos.d/company.repo:
file.managed:
- source: salt://company/yumrepo.conf
- user: root
- group: root
- mode: 644
- order: 1
- failhard: True
In this situation, the yum repo is going to be configured before other states, and if it fails to lay
down the config file, than no other states will be executed.
Global Failhard
It may be desired to have failhard be applied to every state that is executed, if this is the case, then
failhard can be set in the master configuration file. Setting failhard in the master configuration file
will result in failing hard when any minion gathering states from the master have a state fail.
This is NOT the default behavior, normally Salt will only fail states that require a failed state.
Using the global failhard is generally not recommended, since it can result in states not being executed
or even checked. It can also be confusing to see states failhard if an admin is not actively aware that
the failhard has been set.
To use the global failhard set failhard: True in the master configuration file.
Global State Arguments
NOTE:
This documentation has been moved here.
Highstate data structure definitions
The Salt State Tree
A state tree is a collection of SLS files and directories that live under the directory specified in
file_roots.
NOTE:
Directory names or filenames in the state tree cannot contain a period, with the exception of the
period in the .sls file suffix.
Top file
The main state file that instructs minions what environment and modules to use during state execution.
Configurable via state_top.
SEE ALSO:
A detailed description of the top file
Include declaration
Defines a list of Module reference strings to include in this SLS.
Occurs only in the top level of the SLS data structure.
Example:
include:
- edit.vim
- http.server
Module reference
The name of a SLS module defined by a separate SLS file and residing on the Salt Master. A module named
edit.vim is a reference to the SLS file salt://edit/vim.sls.
ID declaration
Defines an individual highstate component. Always references a value of a dictionary containing keys
referencing State declaration and Requisite declaration. Can be overridden by a Name declaration or a
Names declaration.
Occurs on the top level or under the Extend declaration.
Must be unique across entire state tree. If the same ID declaration is used twice, only the first one
matched will be used. All subsequent ID declarations with the same name will be ignored.
NOTE:
Naming gotchas
In Salt versions earlier than 0.9.7, ID declarations containing dots would result in unpredictable
output.
Extend declaration
Extends a Name declaration from an included SLS module. The keys of the extend declaration always refer
to an existing ID declaration which have been defined in included SLS modules.
Occurs only in the top level and defines a dictionary.
States cannot be extended more than once in a single state run.
Extend declarations are useful for adding-to or overriding parts of a State declaration that is defined
in another SLS file. In the following contrived example, the shown mywebsite.sls file is include -ing and
extend -ing the apache.sls module in order to add a watch declaration that will restart Apache whenever
the Apache configuration file, mywebsite changes.
include:
- apache
extend:
apache:
service:
- watch:
- file: mywebsite
mywebsite:
file.managed:
- name: /var/www/mysite
SEE ALSO:
watch_in and require_in
Sometimes it is more convenient to use the watch_in or require_in syntax instead of extending another
SLS file.
State Requisites
State declaration
A list which contains one string defining the Function declaration and any number of Function arg
declaration dictionaries.
Can, optionally, contain a number of additional components like the name override components — name and
names. Can also contain requisite declarations.
Occurs under an ID declaration.
Requisite declaration
A list containing requisite references.
Used to build the action dependency tree. While Salt states are made to execute in a deterministic order,
this order is managed by requiring and watching other Salt states.
Occurs as a list component under a State declaration or as a key under an ID declaration.
Requisite reference
A single key dictionary. The key is the name of the referenced State declaration and the value is the ID
of the referenced ID declaration.
Occurs as a single index in a Requisite declaration list.
Function declaration
The name of the function to call within the state. A state declaration can contain only a single function
declaration.
For example, the following state declaration calls the installed function in the pkg state module:
httpd:
pkg.installed: []
The function can be declared inline with the state as a shortcut. The actual data structure is compiled
to this form:
httpd:
pkg:
- installed
Where the function is a string in the body of the state declaration. Technically when the function is
declared in dot notation the compiler converts it to be a string in the state declaration list. Note that
the use of the first example more than once in an ID declaration is invalid yaml.
INVALID:
httpd:
pkg.installed
service.running
When passing a function without arguments and another state declaration within a single ID declaration,
then the long or "standard" format needs to be used since otherwise it does not represent a valid data
structure.
VALID:
httpd:
pkg.installed: []
service.running: []
Occurs as the only index in the State declaration list.
Function arg declaration
A single key dictionary referencing a Python type which is to be passed to the named Function declaration
as a parameter. The type must be the data type expected by the function.
Occurs under a Function declaration.
For example in the following state declaration user, group, and mode are passed as arguments to the
managed function in the file state module:
/etc/http/conf/http.conf:
file.managed:
- user: root
- group: root
- mode: 644
Name declaration
Overrides the name argument of a State declaration. If name is not specified the ID declaration satisfies
the name argument.
The name is always a single key dictionary referencing a string.
Overriding name is useful for a variety of scenarios.
For example, avoiding clashing ID declarations. The following two state declarations cannot both have
/etc/motd as the ID declaration:
motd_perms:
file.managed:
- name: /etc/motd
- mode: 644
motd_quote:
file.append:
- name: /etc/motd
- text: "Of all smells, bread; of all tastes, salt."
Another common reason to override name is if the ID declaration is long and needs to be referenced in
multiple places. In the example below it is much easier to specify mywebsite than to specify
/etc/apache2/sites-available/mywebsite.com multiple times:
mywebsite:
file.managed:
- name: /etc/apache2/sites-available/mywebsite.com
- source: salt://mywebsite.com
a2ensite mywebsite.com:
cmd.wait:
- unless: test -L /etc/apache2/sites-enabled/mywebsite.com
- watch:
- file: mywebsite
apache2:
service.running:
- watch:
- file: mywebsite
Names declaration
Expands the contents of the containing State declaration into multiple state declarations, each with its
own name.
For example, given the following state declaration:
python-pkgs:
pkg.installed:
- names:
- python-django
- python-crypto
- python-yaml
Once converted into the lowstate data structure the above state declaration will be expanded into the
following three state declarations:
python-django:
pkg.installed
python-crypto:
pkg.installed
python-yaml:
pkg.installed
Other values can be overridden during the expansion by providing an additional dictionary level.
New in version 2014.7.0.
ius:
pkgrepo.managed:
- humanname: IUS Community Packages for Enterprise Linux 6 - $basearch
- gpgcheck: 1
- baseurl: http://mirror.rackspace.com/ius/stable/CentOS/6/$basearch
- gpgkey: http://dl.iuscommunity.org/pub/ius/IUS-COMMUNITY-GPG-KEY
- names:
- ius
- ius-devel:
- baseurl: http://mirror.rackspace.com/ius/development/CentOS/6/$basearch
Large example
Here is the layout in yaml using the names of the highdata structure components.
<Include Declaration>:
- <Module Reference>
- <Module Reference>
<Extend Declaration>:
<ID Declaration>:
[<overrides>]
# standard declaration
<ID Declaration>:
<State Module>:
- <Function>
- <Function Arg>
- <Function Arg>
- <Function Arg>
- <Name>: <name>
- <Requisite Declaration>:
- <Requisite Reference>
- <Requisite Reference>
# inline function and names
<ID Declaration>:
<State Module>.<Function>:
- <Function Arg>
- <Function Arg>
- <Function Arg>
- <Names>:
- <name>
- <name>
- <name>
- <Requisite Declaration>:
- <Requisite Reference>
- <Requisite Reference>
# multiple states for single id
<ID Declaration>:
<State Module>:
- <Function>
- <Function Arg>
- <Name>: <name>
- <Requisite Declaration>:
- <Requisite Reference>
<State Module>:
- <Function>
- <Function Arg>
- <Names>:
- <name>
- <name>
- <Requisite Declaration>:
- <Requisite Reference>
Include and Exclude
Salt SLS files can include other SLS files and exclude SLS files that have been otherwise included. This
allows for an SLS file to easily extend or manipulate other SLS files.
Include
When other SLS files are included, everything defined in the included SLS file will be added to the state
run. When including define a list of SLS formulas to include:
include:
- http
- libvirt
The include statement will include SLS formulas from the same environment that the including SLS formula
is in. But the environment can be explicitly defined in the configuration to override the running
environment, therefore if an SLS formula needs to be included from an external environment named "dev"
the following syntax is used:
include:
- dev: http
NOTE: include does not simply inject the states where you place it in the SLS file. If you need to
guarantee order of execution, consider using requisites.
Do not use dots in SLS file names or their directories
The initial implementation of top.sls and include-declaration followed the python import model
where a slash is represented as a period. This means that a SLS file with a period in the name
( besides the suffix period) can not be referenced. For example, webserver_1.0.sls is not
referenceable because webserver_1.0 would refer to the directory/file webserver_1/0.sls
The same applies for any subdirectories, this is especially 'tricky' when git repos are
created. Another command that typically can't render it's output is `state.show_sls` of a file
in a path that contains a dot.
Relative Include
In Salt 0.16.0, the capability to include SLS formulas which are relative to the running SLS formula was
added. Simply precede the formula name with a .:
include:
- .virt
- .virt.hyper
In Salt 2015.8, the ability to include SLS formulas which are relative to the parents of the running SLS
formula was added. In order to achieve this, precede the formula name with more than one . (dot). Much
like Python's relative import abilities, two or more leading dots represent a relative include of the
parent or parents of the current package, with each . representing one level after the first.
The following SLS configuration, if placed within example.dev.virtual, would result in example.http and
base being included respectively:
include:
- ..http
- ...base
Exclude
The exclude statement, added in Salt 0.10.3, allows an SLS to hard exclude another SLS file or a specific
id. The component is excluded after the high data has been compiled, so nothing should be able to
override an exclude.
Since the exclude can remove an id or an sls the type of component to exclude needs to be defined. An
exclude statement that verifies that the running highstate does not contain the http sls and the
/etc/vimrc id would look like this:
exclude:
- sls: http
- id: /etc/vimrc
NOTE:
The current state processing flow checks for duplicate IDs before processing excludes. An error occurs
if duplicate IDs are present even if one of the IDs is targeted by an exclude.
State System Layers
The Salt state system is comprised of multiple layers. While using Salt does not require an understanding
of the state layers, a deeper understanding of how Salt compiles and manages states can be very
beneficial.
Function Call
The lowest layer of functionality in the state system is the direct state function call. State executions
are executions of single state functions at the core. These individual functions are defined in state
modules and can be called directly via the state.single command.
salt '*' state.single pkg.installed name='vim'
Low Chunk
The low chunk is the bottom of the Salt state compiler. This is a data representation of a single
function call. The low chunk is sent to the state caller and used to execute a single state function.
A single low chunk can be executed manually via the state.low command.
salt '*' state.low '{name: vim, state: pkg, fun: installed}'
The passed data reflects what the state execution system gets after compiling the data down from sls
formulas.
Low State
The Low State layer is the list of low chunks "evaluated" in order. To see what the low state looks like
for a highstate, run:
salt '*' state.show_lowstate
This will display the raw lowstate in the order which each low chunk will be evaluated. The order of
evaluation is not necessarily the order of execution, since requisites are evaluated at runtime.
Requisite execution and evaluation is finite; this means that the order of execution can be ascertained
with 100% certainty based on the order of the low state.
High Data
High data is the data structure represented in YAML via SLS files. The High data structure is created by
merging the data components rendered inside sls files (or other render systems). The High data can be
easily viewed by executing the state.show_highstate or state.show_sls functions. Since this data is a
somewhat complex data structure, it may be easier to read using the json, yaml, or pprint outputters:
salt '*' state.show_highstate --out yaml
salt '*' state.show_sls edit.vim --out pprint
SLS
Above "High Data", the logical layers are no longer technically required to be executed, or to be
executed in a hierarchy. This means that how the High data is generated is optional and very flexible.
The SLS layer allows for many mechanisms to be used to render sls data from files or to use the
fileserver backend to generate sls and file data from external systems.
The SLS layer can be called directly to execute individual sls formulas.
NOTE:
SLS Formulas have historically been called "SLS files". This is because a single SLS was only
constituted in a single file. Now the term "SLS Formula" better expresses how a compartmentalized SLS
can be expressed in a much more dynamic way by combining pillar and other sources, and the SLS can be
dynamically generated.
To call a single SLS formula named edit.vim, execute state.apply and pass edit.vim as an argument:
salt '*' state.apply edit.vim
HighState
Calling SLS directly logically assigns what states should be executed from the context of the calling
minion. The Highstate layer is used to allow for full contextual assignment of what is executed where to
be tied to groups of, or individual, minions entirely from the master. This means that the environment of
a minion, and all associated execution data pertinent to said minion, can be assigned from the master
without needing to execute or configure anything on the target minion. This also means that the minion
can independently retrieve information about its complete configuration from the master.
To execute the highstate use state.apply:
salt '*' state.apply
Orchestrate
The orchestrate layer expresses the highest functional layer of Salt's automated logic systems. The
Overstate allows for stateful and functional orchestration of routines from the master. The orchestrate
defines in data execution stages which minions should execute states, or functions, and in what order
using requisite logic.
The Orchestrate Runner
NOTE:
This documentation has been moved here.
Ordering States
The way in which configuration management systems are executed is a hotly debated topic in the
configuration management world. Two major philosophies exist on the subject, to either execute in an
imperative fashion where things are executed in the order in which they are defined, or in a declarative
fashion where dependencies need to be mapped between objects.
Imperative ordering is finite and generally considered easier to write, but declarative ordering is much
more powerful and flexible but generally considered more difficult to create.
Salt has been created to get the best of both worlds. States are evaluated in a finite order, which
guarantees that states are always executed in the same order, and the states runtime is declarative,
making Salt fully aware of dependencies via the requisite system.
State Auto Ordering
Salt always executes states in a finite manner, meaning that they will always execute in the same order
regardless of the system that is executing them. But in Salt 0.17.0, the state_auto_order option was
added. This option makes states get evaluated in the order in which they are defined in sls files,
including the top.sls file.
The evaluation order makes it easy to know what order the states will be executed in, but it is important
to note that the requisite system will override the ordering defined in the files, and the order option
described below will also override the order in which states are defined in sls files.
If the classic ordering is preferred (lexicographic), then set state_auto_order to False in the master
configuration file. Otherwise, state_auto_order defaults to True.
Requisite Statements
NOTE:
The behavior of requisites changed in version 0.9.7 of Salt. This documentation applies to requisites
in version 0.9.7 and later.
Often when setting up states any single action will require or depend on another action. Salt allows for
the building of relationships between states with requisite statements. A requisite statement ensures
that the named state is evaluated before the state requiring it. There are three types of requisite
statements in Salt, require, watch, and prereq.
These requisite statements are applied to a specific state declaration:
httpd:
pkg.installed: []
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/httpd.conf
- require:
- pkg: httpd
In this example, the require requisite is used to declare that the file /etc/httpd/conf/httpd.conf should
only be set up if the pkg state executes successfully.
The requisite system works by finding the states that are required and executing them before the state
that requires them. Then the required states can be evaluated to see if they have executed correctly.
Require statements can refer to any state defined in Salt. The basic examples are pkg, service, and file,
but any used state can be referenced.
In addition to state declarations such as pkg, file, etc., sls type requisites are also recognized, and
essentially allow 'chaining' of states. This provides a mechanism to ensure the proper sequence for
complex state formulas, especially when the discrete states are split or groups into separate sls files:
include:
- network
httpd:
pkg.installed: []
service.running:
- require:
- pkg: httpd
- sls: network
In this example, the httpd service running state will not be applied (i.e., the httpd service will not be
started) unless both the httpd package is installed AND the network state is satisfied.
NOTE:
Requisite matching
Requisites match on both the ID Declaration and the name parameter. Therefore, if using the pkgs or
sources argument to install a list of packages in a pkg state, it's important to note that it is
impossible to match an individual package in the list, since all packages are installed as a single
state.
Multiple Requisites
The requisite statement is passed as a list, allowing for the easy addition of more requisites. Both
requisite types can also be separately declared:
httpd:
pkg.installed: []
service.running:
- enable: True
- watch:
- file: /etc/httpd/conf/httpd.conf
- require:
- pkg: httpd
- user: httpd
- group: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/httpd.conf
- require:
- pkg: httpd
user.present: []
group.present: []
In this example, the httpd service is only going to be started if the package, user, group, and file are
executed successfully.
Requisite Documentation
For detailed information on each of the individual requisites, please look here.
The Order Option
Before using the order option, remember that the majority of state ordering should be done with a
requisite-declaration, and that a requisite declaration will override an order option, so a state with
order option should not require or required by other states.
The order option is used by adding an order number to a state declaration with the option order:
vim:
pkg.installed:
- order: 1
By adding the order option to 1 this ensures that the vim package will be installed in tandem with any
other state declaration set to the order 1.
Any state declared without an order option will be executed after all states with order options are
executed.
But this construct can only handle ordering states from the beginning. Certain circumstances will
present a situation where it is desirable to send a state to the end of the line. To do this, set the
order to last:
vim:
pkg.installed:
- order: last
Running States in Parallel
Introduced in Salt version 2017.7.0 it is now possible to run select states in parallel. This is
accomplished very easily by adding the parallel: True option to your state declaration:
nginx:
service.running:
- parallel: True
Now nginx will be started in a seperate process from the normal state run and will therefore not block
additional states.
Parallel States and Requisites
Parallel States still honor requisites. If a given state requires another state that has been run in
parallel then the state runtime will wait for the required state to finish.
Given this example:
sleep 10:
cmd.run:
- parallel: True
nginx:
service.running:
- parallel: True
- require:
- cmd: sleep 10
sleep 5:
cmd.run:
- parallel: True
The sleep 10 will be started first, then the state system will block on starting nginx until the sleep 10
completes. Once nginx has been ensured to be running then the sleep 5 will start.
This means that the order of evaluation of Salt States and requisites are still honored, and given that
in the above case, parallel: True does not actually speed things up.
To run the above state much faster make sure that the sleep 5 is evaluated before the nginx state
Now both of the sleep calls will be started in parallel and nginx will still wait for the state it
requires, but while it waits the sleep 5 state will also complete.
Things to be Careful of
Parallel States do not prevent you from creating parallel conflicts on your system. This means that if
you start multiple package installs using Salt then the package manager will block or fail. If you
attempt to manage the same file with multiple states in parallel then the result can produce an
unexpected file.
Make sure that the states you choose to run in parallel do not conflict, or else, like in any parallel
programming environment, the outcome may not be what you expect. Doing things like just making all states
run in parallel will almost certainly result in unexpected behavior.
With that said, running states in parallel should be safe the vast majority of the time and the most
likely culprit for unexpected behavior is running multiple package installs in parallel.
State Providers
New in version 0.9.8.
Salt predetermines what modules should be mapped to what uses based on the properties of a system. These
determinations are generally made for modules that provide things like package and service management.
Sometimes in states, it may be necessary to use an alternative module to provide the needed
functionality. For instance, an very old Arch Linux system may not be running systemd, so instead of
using the systemd service module, you can revert to the default service module:
httpd:
service.running:
- enable: True
- provider: service
In this instance, the basic service module (which manages sysvinit-based services) will replace the
systemd module which is used by default on Arch Linux.
This change only affects this one state though. If it is necessary to make this override for most or
every service, it is better to just override the provider in the minion config file, as described here.
Also, keep in mind that this only works for states with an identically-named virtual module (pkg,
service, etc.).
Arbitrary Module Redirects
The provider statement can also be used for more powerful means, instead of overwriting or extending the
module used for the named service an arbitrary module can be used to provide certain functionality.
emacs:
pkg.installed:
- provider:
- cmd: customcmd
In this example, the state is being instructed to use a custom module to invoke commands.
Arbitrary module redirects can be used to dramatically change the behavior of a given state.
Requisites and Other Global State Arguments
Requisites
The Salt requisite system is used to create relationships between states. The core idea being that, when
one state is dependent somehow on another, that inter-dependency can be easily defined. These
dependencies are expressed by declaring the relationships using state names and ID's or names. The
generalized form of a requisite target is <state name> : <ID or name>. The specific form is defined as a
Requisite Reference
Requisites come in two types: Direct requisites (such as require), and requisite_ins (such as
require_in). The relationships are directional: a direct requisite requires something from another state.
However, a requisite_in inserts a requisite into the targeted state pointing to the targeting state. The
following example demonstrates a direct requisite:
vim:
pkg.installed: []
/etc/vimrc:
file.managed:
- source: salt://edit/vimrc
- require:
- pkg: vim
In the example above, the file /etc/vimrc depends on the vim package.
Requisite_in statements are the opposite. Instead of saying "I depend on something", requisite_ins say
"Someone depends on me":
vim:
pkg.installed:
- require_in:
- file: /etc/vimrc
/etc/vimrc:
file.managed:
- source: salt://edit/vimrc
So here, with a requisite_in, the same thing is accomplished as in the first example, but the other way
around. The vim package is saying "/etc/vimrc depends on me". This will result in a require being
inserted into the /etc/vimrc state which targets the vim state.
In the end, a single dependency map is created and everything is executed in a finite and predictable
order.
Requisite matching
Requisites need two pieces of information for matching: The state module name – e.g. pkg –, and the
identifier – e.g. vim –, which can be either the ID (the first line in the stanza) or the - name
parameter.
- require:
- pkg: vim
Omitting state module in requisites
New in version 2016.3.0.
In version 2016.3.0, the state module name was made optional. If the state module is omitted, all states
matching the ID will be required, regardless of which module they are using.
- require:
- vim
State target matching
In order to understand how state targets are matched, it is helpful to know how the state compiler is
working. Consider the following example:
Deploy server package:
file.managed:
- name: /usr/local/share/myapp.tar.xz
- source: salt://myapp.tar.xz
Extract server package:
archive.extracted:
- name: /usr/local/share/myapp
- source: /usr/local/share/myapp.tar.xz
- archive_format: tar
- onchanges:
- file: Deploy server package
The first formula is converted to a dictionary which looks as follows (represented as YAML, some
properties omitted for simplicity) as High Data:
Deploy server package:
file:
- managed
- name: /usr/local/share/myapp.tar.xz
- source: salt://myapp.tar.xz
The file.managed format used in the formula is essentially syntactic sugar: at the end, the target is
file, which is used in the Extract server package state above.
Identifier matching
Requisites match on both the ID Declaration and the name parameter. This means that, in the "Deploy
server package" example above, a require requisite would match with Deploy server package or
/usr/local/share/myapp.tar.xz, so either of the following versions for "Extract server package" works:
# (Archive arguments omitted for simplicity)
# Match by ID declaration
Extract server package:
archive.extracted:
- onchanges:
- file: Deploy server package
# Match by name parameter
Extract server package:
archive.extracted:
- onchanges:
- file: /usr/local/share/myapp.tar.xz
Requisite overview
┌──────────────────┬─────────────────────┬─────────────────────┬─────────────────────┬─────────────────────┐
│ │ state is only │ state is only │ order │ │
│ name of │ executed if target │ executed if target │ │ comment │
│ │ execution │ has │ 1.target 2.state │ or │
│ requisite │ │ │ (default) │ │
│ │ result is │ changes │ │ description │
├──────────────────┼─────────────────────┼─────────────────────┼─────────────────────┼─────────────────────┤
│ require │ success │ │ default │ state will always │
│ │ │ │ │ execute unless │
│ │ │ │ │ target fails │
├──────────────────┼─────────────────────┼─────────────────────┼─────────────────────┼─────────────────────┤
│ watch │ success │ │ default │ like require, but │
│ │ │ │ │ adds additional │
│ │ │ │ │ behaviour │
│ │ │ │ │ (mod_watch) │
├──────────────────┼─────────────────────┼─────────────────────┼─────────────────────┼─────────────────────┤
│ prereq │ success │ has changes (run │ switched │ like onchanges, │
│ │ │ individually as │ │ except order │
│ │ │ dry-run) │ │ │
├──────────────────┼─────────────────────┼─────────────────────┼─────────────────────┼─────────────────────┤
│ onchanges │ success │ has changes │ default │ execute state if │
│ │ │ │ │ target execution │
│ │ │ │ │ result is success │
│ │ │ │ │ and target has │
│ │ │ │ │ changes │
├──────────────────┼─────────────────────┼─────────────────────┼─────────────────────┼─────────────────────┤
│ onfail │ failed │ │ default │ Only requisite │
│ │ │ │ │ where state exec. │
│ │ │ │ │ if target fails │
└──────────────────┴─────────────────────┴─────────────────────┴─────────────────────┴─────────────────────┘
In this table, the following short form of terms is used:
• state (= dependent state): state containing requisite
• target (= state target) : state referenced by requisite
Direct Requisite and Requisite_in types
There are several direct requisite statements that can be used in Salt:
• require
• watch
• prereq
• use
• onchanges
• onfail
Each direct requisite also has a corresponding requisite_in:
• require_in
• watch_in
• prereq_in
• use_in
• onchanges_in
• onfail_in
All of the requisites define specific relationships and always work with the dependency logic defined
above.
require
The use of require demands that the required state executes before the dependent state. The state
containing the require requisite is defined as the dependent state. The state specified in the require
statement is defined as the required state. If the required state's execution succeeds, the dependent
state will then execute. If the required state's execution fails, the dependent state will not execute.
In the first example above, the file /etc/vimrc will only execute after the vim package is installed
successfully.
Require an Entire SLS File
As of Salt 0.16.0, it is possible to require an entire sls file. Do this first by including the sls file
and then setting a state to require the included sls file:
include:
- foo
bar:
pkg.installed:
- require:
- sls: foo
This will add all of the state declarations found in the given sls file. This means that every state in
sls foo will be required. This makes it very easy to batch large groups of states easily in any requisite
statement.
watch
watch statements are used to add additional behavior when there are changes in other states.
NOTE:
If a state should only execute when another state has changes, and otherwise do nothing, the new
onchanges requisite should be used instead of watch. watch is designed to add additional behavior when
there are changes, but otherwise the state executes normally.
The state containing the watch requisite is defined as the watching state. The state specified in the
watch statement is defined as the watched state. When the watched state executes, it will return a
dictionary containing a key named "changes". Here are two examples of state return dictionaries, shown in
json for clarity:
{
"local": {
"file_|-/tmp/foo_|-/tmp/foo_|-directory": {
"comment": "Directory /tmp/foo updated",
"__run_num__": 0,
"changes": {
"user": "bar"
},
"name": "/tmp/foo",
"result": true
}
}
}
{
"local": {
"pkgrepo_|-salt-minion_|-salt-minion_|-managed": {
"comment": "Package repo 'salt-minion' already configured",
"__run_num__": 0,
"changes": {},
"name": "salt-minion",
"result": true
}
}
}
If the "result" of the watched state is True, the watching state will execute normally, and if it is
False, the watching state will never run. This part of watch mirrors the functionality of the require
requisite.
If the "result" of the watched state is True and the "changes" key contains a populated dictionary
(changes occurred in the watched state), then the watch requisite can add additional behavior. This
additional behavior is defined by the mod_watch function within the watching state module. If the
mod_watch function exists in the watching state module, it will be called in addition to the normal
watching state. The return data from the mod_watch function is what will be returned to the master in
this case; the return data from the main watching function is discarded.
If the "changes" key contains an empty dictionary, the watch requisite acts exactly like the require
requisite (the watching state will execute if "result" is True, and fail if "result" is False in the
watched state).
NOTE:
Not all state modules contain mod_watch. If mod_watch is absent from the watching state module, the
watch requisite behaves exactly like a require requisite.
A good example of using watch is with a service.running state. When a service watches a state, then the
service is reloaded/restarted when the watched state changes, in addition to Salt ensuring that the
service is running.
ntpd:
service.running:
- watch:
- file: /etc/ntp.conf
file.managed:
- name: /etc/ntp.conf
- source: salt://ntp/files/ntp.conf
prereq
New in version 0.16.0.
prereq allows for actions to be taken based on the expected results of a state that has not yet been
executed. The state containing the prereq requisite is defined as the pre-requiring state. The state
specified in the prereq statement is defined as the pre-required state.
When a prereq requisite is evaluated, the pre-required state reports if it expects to have any changes.
It does this by running the pre-required single state as a test-run by enabling test=True. This test-run
will return a dictionary containing a key named "changes". (See the watch section above for examples of
"changes" dictionaries.)
If the "changes" key contains a populated dictionary, it means that the pre-required state expects
changes to occur when the state is actually executed, as opposed to the test-run. The pre-requiring state
will now actually run. If the pre-requiring state executes successfully, the pre-required state will then
execute. If the pre-requiring state fails, the pre-required state will not execute.
If the "changes" key contains an empty dictionary, this means that changes are not expected by the
pre-required state. Neither the pre-required state nor the pre-requiring state will run.
The best way to define how prereq operates is displayed in the following practical example: When a
service should be shut down because underlying code is going to change, the service should be off-line
while the update occurs. In this example, graceful-down is the pre-requiring state and site-code is the
pre-required state.
graceful-down:
cmd.run:
- name: service apache graceful
- prereq:
- file: site-code
site-code:
file.recurse:
- name: /opt/site_code
- source: salt://site/code
In this case the apache server will only be shutdown if the site-code state expects to deploy fresh code
via the file.recurse call. The site-code deployment will only be executed if the graceful-down run
completes successfully.
onfail
New in version 2014.7.0.
The onfail requisite allows for reactions to happen strictly as a response to the failure of another
state. This can be used in a number of ways, such as executing a second attempt to set up a service or
begin to execute a separate thread of states because of a failure.
The onfail requisite is applied in the same way as require as watch:
primary_mount:
mount.mounted:
- name: /mnt/share
- device: 10.0.0.45:/share
- fstype: nfs
backup_mount:
mount.mounted:
- name: /mnt/share
- device: 192.168.40.34:/share
- fstype: nfs
- onfail:
- mount: primary_mount
NOTE:
Beginning in the 2016.11.0 release of Salt, onfail uses OR logic for multiple listed onfail
requisites. Prior to the 2016.11.0 release, onfail used AND logic. See Issue #22370 for more
information.
onchanges
New in version 2014.7.0.
The onchanges requisite makes a state only apply if the required states generate changes, and if the
watched state's "result" is True. This can be a useful way to execute a post hook after changing aspects
of a system.
If a state has multiple onchanges requisites then the state will trigger if any of the watched states
changes.
NOTE:
One easy-to-make mistake is to use onchanges_in when onchanges is supposed to be used. For example,
the below configuration is not correct:
myservice:
pkg.installed:
- name: myservice
file.managed:
- name: /etc/myservice/myservice.conf
- source: salt://myservice/files/myservice.conf
- mode: 600
cmd.run:
- name: /usr/libexec/myservice/post-changes-hook.sh
- onchanges_in:
- file: /etc/myservice/myservice.conf
This will set up a requisite relationship in which the cmd.run state always executes, and the
file.managed state only executes if the cmd.run state has changes (which it always will, since the
cmd.run state includes the command results as changes).
It may semantically seem like the cmd.run state should only run when there are changes in the file
state, but remember that requisite relationships involve one state watching another state, and a
requisite_in does the opposite: it forces the specified state to watch the state with the
requisite_in.
The correct usage would be:
myservice:
pkg.installed:
- name: myservice
file.managed:
- name: /etc/myservice/myservice.conf
- source: salt://myservice/files/myservice.conf
- mode: 600
cmd.run:
- name: /usr/libexec/myservice/post-changes-hook.sh
- onchanges:
- file: /etc/myservice/myservice.conf
use
The use requisite is used to inherit the arguments passed in another id declaration. This is useful when
many files need to have the same defaults.
/etc/foo.conf:
file.managed:
- source: salt://foo.conf
- template: jinja
- mkdirs: True
- user: apache
- group: apache
- mode: 755
/etc/bar.conf
file.managed:
- source: salt://bar.conf
- use:
- file: /etc/foo.conf
The use statement was developed primarily for the networking states but can be used on any states in
Salt. This makes sense for the networking state because it can define a long list of options that need to
be applied to multiple network interfaces.
The use statement does not inherit the requisites arguments of the targeted state. This means also a
chain of use requisites would not inherit inherited options.
runas
New in version 2017.7.0.
The runas global option is used to set the user which will be used to run the command in the cmd.run
module.
django:
pip.installed:
- name: django >= 1.6, <= 1.7
- runas: daniel
- require:
- pkg: python-pip
In the above state, the pip command run by cmd.run will be run by the daniel user.
runas_password
New in version 2017.7.2.
The runas_password global option is used to set the password used by the runas global option. This is
required by cmd.run on Windows when runas is specified. It will be set when runas_password is defined in
the state.
run_script:
cmd.run:
- name: Powershell -NonInteractive -ExecutionPolicy Bypass -File C:\\Temp\\script.ps1
- runas: frank
- runas_password: supersecret
In the above state, the Powershell script run by cmd.run will be run by the frank user with the password
supersecret.
The _in versions of requisites
All of the requisites also have corresponding requisite_in versions, which do the reverse of their normal
counterparts. The examples below all use require_in as the example, but note that all of the _in
requisites work the same way: They result in a normal requisite in the targeted state, which targets the
state which has defines the requisite_in. Thus, a require_in causes the target state to require the
targeting state. Similarly, a watch_in causes the target state to watch the targeting state. This pattern
continues for the rest of the requisites.
If a state declaration needs to be required by another state declaration then require_in can accommodate
it. Therefore, these two sls files would be the same in the end:
Using require
httpd:
pkg.installed: []
service.running:
- require:
- pkg: httpd
Using require_in
httpd:
pkg.installed:
- require_in:
- service: httpd
service.running: []
The require_in statement is particularly useful when assigning a require in a separate sls file. For
instance it may be common for httpd to require components used to set up PHP or mod_python, but the HTTP
state does not need to be aware of the additional components that require it when it is set up:
http.sls
httpd:
pkg.installed: []
service.running:
- require:
- pkg: httpd
php.sls
include:
- http
php:
pkg.installed:
- require_in:
- service: httpd
mod_python.sls
include:
- http
mod_python:
pkg.installed:
- require_in:
- service: httpd
Now the httpd server will only start if php or mod_python are first verified to be installed. Thus
allowing for a requisite to be defined "after the fact".
Fire Event Notifications
New in version 2015.8.0.
The fire_event option in a state will cause the minion to send an event to the Salt Master upon
completion of that individual state.
The following example will cause the minion to send an event to the Salt Master with a tag of
salt/state_result/20150505121517276431/dasalt/nano and the result of the state will be the data field of
the event. Notice that the name of the state gets added to the tag.
nano_stuff:
pkg.installed:
- name: nano
- fire_event: True
In the following example instead of setting fire_event to True, fire_event is set to an arbitrary string,
which will cause the event to be sent with this tag:
salt/state_result/20150505121725642845/dasalt/custom/tag/nano/finished
nano_stuff:
pkg.installed:
- name: nano
- fire_event: custom/tag/nano/finished
Altering States
The state altering system is used to make sure that states are evaluated exactly as the user expects. It
can be used to double check that a state preformed exactly how it was expected to, or to make 100% sure
that a state only runs under certain conditions. The use of unless or onlyif options help make states
even more stateful. The check_cmd option helps ensure that the result of a state is evaluated correctly.
Reload
reload_modules is a boolean option that forces salt to reload its modules after a state finishes.
reload_pillar and reload_grains can also be set. See Reloading Modules.
Unless
New in version 2014.7.0.
The unless requisite specifies that a state should only run when any of the specified commands return
False. The unless requisite operates as NAND and is useful in giving more granular control over when a
state should execute.
NOTE: Under the hood unless calls cmd.retcode with python_shell=True. This means the commands referenced
by unless will be parsed by a shell, so beware of side-effects as this shell will be run with the same
privileges as the salt-minion. Also be aware that the boolean value is determined by the shell's concept
of True and False, rather than Python's concept of True and False.
vim:
pkg.installed:
- unless:
- rpm -q vim-enhanced
- ls /usr/bin/vim
In the example above, the state will only run if either the vim-enhanced package is not installed
(returns False) or if /usr/bin/vim does not exist (returns False). The state will run if both commands
return False.
However, the state will not run if both commands return True.
Unless checks are resolved for each name to which they are associated.
For example:
deploy_app:
cmd.run:
- names:
- first_deploy_cmd
- second_deploy_cmd
- unless: ls /usr/bin/vim
In the above case, some_check will be run prior to _each_ name -- once for first_deploy_cmd and a second
time for second_deploy_cmd.
Onlyif
New in version 2014.7.0.
The onlyif requisite specifies that if each command listed in onlyif returns True, then the state is run.
If any of the specified commands return False, the state will not run.
NOTE: Under the hood onlyif calls cmd.retcode with python_shell=True. This means the commands referenced
by onlyif will be parsed by a shell, so beware of side-effects as this shell will be run with the same
privileges as the salt-minion. Also be aware that the boolean value is determined by the shell's concept
of True and False, rather than Python's concept of True and False.
stop-volume:
module.run:
- name: glusterfs.stop_volume
- m_name: work
- onlyif:
- gluster volume status work
- order: 1
remove-volume:
module.run:
- name: glusterfs.delete
- m_name: work
- onlyif:
- gluster volume info work
- watch:
- cmd: stop-volume
The above example ensures that the stop_volume and delete modules only run if the gluster commands return
a 0 ret value.
Listen/Listen_in
New in version 2014.7.0.
listen and its counterpart listen_in trigger mod_wait functions for states, when those states succeed and
result in changes, similar to how watch its counterpart watch_in. Unlike watch and watch_in, listen, and
listen_in will not modify the order of states and can be used to ensure your states are executed in the
order they are defined. All listen/listen_in actions will occur at the end of a state run, after all
states have completed.
restart-apache2:
service.running:
- name: apache2
- listen:
- file: /etc/apache2/apache2.conf
configure-apache2:
file.managed:
- name: /etc/apache2/apache2.conf
- source: salt://apache2/apache2.conf
This example will cause apache2 to be restarted when the apache2.conf file is changed, but the apache2
restart will happen at the end of the state run.
restart-apache2:
service.running:
- name: apache2
configure-apache2:
file.managed:
- name: /etc/apache2/apache2.conf
- source: salt://apache2/apache2.conf
- listen_in:
- service: apache2
This example does the same as the above example, but puts the state argument on the file resource, rather
than the service resource.
check_cmd
New in version 2014.7.0.
Check Command is used for determining that a state did or did not run as expected.
NOTE: Under the hood check_cmd calls cmd.retcode with python_shell=True. This means the commands
referenced by unless will be parsed by a shell, so beware of side-effects as this shell will be run with
the same privileges as the salt-minion.
comment-repo:
file.replace:
- name: /etc/yum.repos.d/fedora.repo
- pattern: ^enabled=0
- repl: enabled=1
- check_cmd:
- ! grep 'enabled=0' /etc/yum.repos.d/fedora.repo
This will attempt to do a replace on all enabled=0 in the .repo file, and replace them with enabled=1.
The check_cmd is just a bash command. It will do a grep for enabled=0 in the file, and if it finds any,
it will return a 0, which will be inverted by the leading !, causing check_cmd to set the state as
failed. If it returns a 1, meaning it didn't find any enabled=0, it will be inverted by the leading !,
returning a 0, and declaring the function succeeded.
NOTE: This requisite check_cmd functions differently than the check_cmd of the file.managed state.
Overriding Checks
There are two commands used for the above checks.
mod_run_check is used to check for onlyif and unless. If the goal is to override the global check for
these to variables, include a mod_run_check in the salt/states/ file.
mod_run_check_cmd is used to check for the check_cmd options. To override this one, include a
mod_run_check_cmd in the states file for the state.
Retrying States
New in version 2017.7.0.
The retry option in a state allows it to be executed multiple times until a desired result is obtained or
the maximum number of attempts have been made.
The retry option can be configured by the attempts, until, interval, and splay parameters.
The attempts parameter controls the maximum number of times the state will be run. If not specified or
if an invalid value is specified, attempts will default to 2.
The until parameter defines the result that is required to stop retrying the state. If not specified or
if an invalid value is specified, until will default to True
The interval parameter defines the amount of time, in seconds, that the system will wait between
attempts. If not specified or if an invalid value is specified, interval will default to 30.
The splay parameter allows the interval to be additionally spread out. If not specified or if an invalid
value is specified, splay defaults to 0 (i.e. no splaying will occur).
The following example will run the pkg.installed state until it returns True or it has been run 5 times.
Each attempt will be 60 seconds apart and the interval will be splayed up to an additional 10 seconds:
my_retried_state:
pkg.installed:
- name: nano
- retry:
attempts: 5
until: True
interval: 60
splay: 10
The following example will run the pkg.installed state with all the defaults for retry. The state will
run up to 2 times, each attempt being 30 seconds apart, or until it returns True.
install_nano:
pkg.installed:
- name: nano
- retry: True
The following example will run the file.exists state every 30 seconds up to 15 times or until the file
exists (i.e. the state returns True).
wait_for_file:
file.exists:
- name: /path/to/file
- retry:
attempts: 15
interval: 30
Return data from a retried state
When a state is retried, the returned output is as follows:
The result return value is the result from the final run. For example, imagine a state set to retry up
to three times or until True. If the state returns False on the first run and then True on the second,
the result of the state will be True.
The started return value is the started from the first run.
The duration return value is the total duration of all attempts plus the retry intervals.
The comment return value will include the result and comment from all previous attempts.
For example:
wait_for_file:
file.exists:
- name: /path/to/file
- retry:
attempts: 10
interval: 2
splay: 5
Would return similar to the following. The state result in this case is False (file.exist was run 10
times with a 2 second interval, but the file specified did not exist on any run).
ID: wait_for_file
Function: file.exists
Result: False
Comment: Attempt 1: Returned a result of "False", with the following comment: "Specified path /path/to/file does not exist"
Attempt 2: Returned a result of "False", with the following comment: "Specified path /path/to/file does not exist"
Attempt 3: Returned a result of "False", with the following comment: "Specified path /path/to/file does not exist"
Attempt 4: Returned a result of "False", with the following comment: "Specified path /path/to/file does not exist"
Attempt 5: Returned a result of "False", with the following comment: "Specified path /path/to/file does not exist"
Attempt 6: Returned a result of "False", with the following comment: "Specified path /path/to/file does not exist"
Attempt 7: Returned a result of "False", with the following comment: "Specified path /path/to/file does not exist"
Attempt 8: Returned a result of "False", with the following comment: "Specified path /path/to/file does not exist"
Attempt 9: Returned a result of "False", with the following comment: "Specified path /path/to/file does not exist"
Specified path /path/to/file does not exist
Started: 09:08:12.903000
Duration: 47000.0 ms
Changes:
Startup States
Sometimes it may be desired that the salt minion execute a state run when it is started. This alleviates
the need for the master to initiate a state run on a new minion and can make provisioning much easier.
As of Salt 0.10.3 the minion config reads options that allow for states to be executed at startup. The
options are startup_states, sls_list, and top_file.
The startup_states option can be passed one of a number of arguments to define how to execute states. The
available options are:
highstate
Execute state.apply
sls Read in the sls_list option and execute the named sls files
top Read in the top_file option and execute states based on that top file on the Salt Master
Examples:
Execute state.apply to run the highstate when starting the minion:
startup_states: highstate
Execute the sls files edit.vim and hyper:
startup_states: sls
sls_list:
- edit.vim
- hyper
State Testing
Executing a Salt state run can potentially change many aspects of a system and it may be desirable to
first see what a state run is going to change before applying the run.
Salt has a test interface to report on exactly what will be changed, this interface can be invoked on any
of the major state run functions:
salt '*' state.apply test=True
salt '*' state.apply mysls test=True
salt '*' state.single test=True
The test run is mandated by adding the test=True option to the states. The return information will show
states that will be applied in yellow and the result is reported as None.
Default Test
If the value test is set to True in the minion configuration file then states will default to being
executed in test mode. If this value is set then states can still be run by calling test=False:
salt '*' state.apply test=False
salt '*' state.apply mysls test=False
salt '*' state.single test=False
The Top File
Introduction
Most infrastructures are made up of groups of machines, each machine in the group performing a role
similar to others. Those groups of machines work in concert with each other to create an application
stack.
To effectively manage those groups of machines, an administrator needs to be able to create roles for
those groups. For example, a group of machines that serve front-end web traffic might have roles which
indicate that those machines should all have the Apache webserver package installed and that the Apache
service should always be running.
In Salt, the file which contains a mapping between groups of machines on a network and the configuration
roles that should be applied to them is called a top file.
Top files are named top.sls by default and they are so-named because they always exist in the "top" of a
directory hierarchy that contains state files. That directory hierarchy is called a state tree.
A Basic Example
Top files have three components:
• Environment: A state tree directory containing a set of state files to configure systems.
• Target: A grouping of machines which will have a set of states applied to them.
• State files: A list of state files to apply to a target. Each state file describes one or more states
to be configured and enforced on the targeted machines.
The relationship between these three components is nested as follows:
• Environments contain targets
• Targets contain states
Putting these concepts together, we can describe a scenario in which all minions with an ID that begins
with web have an apache state applied to them:
base: # Apply SLS files from the directory root for the 'base' environment
'web*': # All minions with a minion_id that begins with 'web'
- apache # Apply the state file named 'apache.sls'
Environments
Environments are directory hierarchies which contain a top file and a set of state files.
Environments can be used in many ways, however there is no requirement that they be used at all. In fact,
the most common way to deploy Salt is with a single environment, called base. It is recommended that
users only create multiple environments if they have a use case which specifically calls for multiple
versions of state trees.
Getting Started with Top Files
Each environment is defined inside a salt master configuration variable called, file_roots .
In the most common single-environment setup, only the base environment is defined in file_roots along
with only one directory path for the state tree.
file_roots:
base:
- /srv/salt
In the above example, the top file will only have a single environment to pull from.
Next is a simple single-environment top file placed in /srv/salt/top.sls, illustrating that for the
environment called base, all minions will have the state files named core.sls and edit.sls applied to
them.
base:
'*':
- core
- edit
Assuming the file_roots configuration from above, Salt will look in the /srv/salt directory for core.sls
and edit.sls.
Multiple Environments
In some cases, teams may wish to create versioned state trees which can be used to test Salt
configurations in isolated sets of systems such as a staging environment before deploying states into
production.
For this case, multiple environments can be used to accomplish this task.
To create multiple environments, the file_roots option can be expanded:
file_roots:
dev:
- /srv/salt/dev
qa:
- /srv/salt/qa
prod:
- /srv/salt/prod
In the above, we declare three environments: dev, qa and prod. Each environment has a single directory
assigned to it.
Our top file references the environments:
dev:
'webserver*':
- webserver
'db*':
- db
qa:
'webserver*':
- webserver
'db*':
- db
prod:
'webserver*':
- webserver
'db*':
- db
As seen above, the top file now declares the three environments and for each, target expressions are
defined to map minions to state files. For example, all minions which have an ID beginning with the
string webserver will have the webserver state from the requested environment assigned to it.
In this manner, a proposed change to a state could first be made in a state file in /srv/salt/dev and
then be applied to development webservers before moving the state into QA by copying the state file into
/srv/salt/qa.
Choosing an Environment to Target
The top file is used to assign a minion to an environment unless overridden using the methods described
below. The environment in the top file must match valid fileserver environment (a.k.a. saltenv) in order
for any states to be applied to that minion. When using the default fileserver backend, environments are
defined in file_roots.
The states that will be applied to a minion in a given environment can be viewed using the state.show_top
function.
Minions may be pinned to a particular environment by setting the environment value in the minion
configuration file. In doing so, a minion will only request files from the environment to which it is
assigned.
The environment may also be dynamically selected at runtime by passing it to the salt, salt-call or
salt-ssh command. This is most commonly done with functions in the state module by using the saltenv
argument. For example, to run a highstate on all minions, using only the top file and SLS files in the
prod environment, run: salt '*' state.highstate saltenv=prod.
NOTE:
Not all functions accept saltenv as an argument, see the documentation for an individual function
documentation to verify.
Shorthand
If you assign only one SLS to a system, as in this example, a shorthand is also available:
base:
'*': global
dev:
'webserver*': webserver
'db*': db
qa:
'webserver*': webserver
'db*': db
prod:
'webserver*': webserver
'db*': db
Advanced Minion Targeting
In the examples above, notice that all of the target expressions are globs. The default match type in top
files (since version 2014.7.0) is actually the compound matcher, not the glob matcher as in the CLI.
A single glob, when passed through the compound matcher, acts the same way as matching by glob, so in
most cases the two are indistinguishable. However, there is an edge case in which a minion ID contains
whitespace. While it is not recommended to include spaces in a minion ID, Salt will not stop you from
doing so. However, since compound expressions are parsed word-by-word, if a minion ID contains spaces it
will fail to match. In this edge case, it will be necessary to explicitly use the glob matcher:
base:
'minion 1':
- match: glob
- foo
The available match types which can be set for a target expression in the top file are:
┌──────────────┬───────────────────────────────────────┐
│ Match Type │ Description │
├──────────────┼───────────────────────────────────────┤
│ glob │ Full minion ID or glob expression to │
│ │ match multiple minions (e.g. │
│ │ minion123 or minion*) │
├──────────────┼───────────────────────────────────────┤
│ pcre │ Perl-compatible regular expression │
│ │ (PCRE) matching a minion ID (e.g. │
│ │ web[0-3].domain.com) │
├──────────────┼───────────────────────────────────────┤
│ grain │ Match a grain, optionally using │
│ │ globbing (e.g. kernel:Linux or │
│ │ kernel:*BSD) │
├──────────────┼───────────────────────────────────────┤
│ grain_pcre │ Match a grain using PCRE (e.g. │
│ │ kernel:(Free|Open)BSD) │
├──────────────┼───────────────────────────────────────┤
│ list │ Comma-separated list of minions (e.g. │
│ │ minion1,minion2,minion3) │
├──────────────┼───────────────────────────────────────┤
│ pillar │ Pillar match, optionally using │
│ │ globbing (e.g. role:webserver or │
│ │ role:web*) │
├──────────────┼───────────────────────────────────────┤
│ pillar_pcre │ Pillar match using PCRE (e.g. │
│ │ role:web(server|proxy) │
├──────────────┼───────────────────────────────────────┤
│ pillar_exact │ Pillar match with no globbing or PCRE │
│ │ (e.g. role:webserver) │
├──────────────┼───────────────────────────────────────┤
│ ipcidr │ Subnet or IP address (e.g. │
│ │ 172.17.0.0/16 or 10.2.9.80) │
├──────────────┼───────────────────────────────────────┤
│ data │ Match values kept in the minion's │
│ │ datastore (created using the data │
│ │ execution module) │
├──────────────┼───────────────────────────────────────┤
│ range │ Range cluster │
├──────────────┼───────────────────────────────────────┤
│ compound │ Complex expression combining multiple │
│ │ match types (see here) │
├──────────────┼───────────────────────────────────────┤
│ nodegroup │ Pre-defined compound expressions in │
│ │ the master config file (see here) │
└──────────────┴───────────────────────────────────────┘
Below is a slightly more complex top file example, showing some of the above match types:
# All files will be taken from the file path specified in the base
# environment in the ``file_roots`` configuration value.
base:
# All minions which begin with the strings 'nag1' or any minion with
# a grain set called 'role' with the value of 'monitoring' will have
# the 'server.sls' state file applied from the 'nagios/' directory.
'nag1* or G@role:monitoring':
- nagios.server
# All minions get the following three state files applied
'*':
- ldap-client
- networking
- salt.minion
# All minions which have an ID that begins with the phrase
# 'salt-master' will have an SLS file applied that is named
# 'master.sls' and is in the 'salt' directory, underneath
# the root specified in the ``base`` environment in the
# configuration value for ``file_roots``.
'salt-master*':
- salt.master
# Minions that have an ID matching the following regular
# expression will have the state file called 'web.sls' in the
# nagios/mon directory applied. Additionally, minions matching
# the regular expression will also have the 'server.sls' file
# in the apache/ directory applied.
# NOTE!
#
# Take note of the 'match' directive here, which tells Salt
# to treat the target string as a regex to be matched!
'^(memcache|web).(qa|prod).loc$':
- match: pcre
- nagios.mon.web
- apache.server
# Minions that have a grain set indicating that they are running
# the Ubuntu operating system will have the state file called
# 'ubuntu.sls' in the 'repos' directory applied.
#
# Again take note of the 'match' directive here which tells
# Salt to match against a grain instead of a minion ID.
'os:Ubuntu':
- match: grain
- repos.ubuntu
# Minions that are either RedHat or CentOS should have the 'epel.sls'
# state applied, from the 'repos/' directory.
'os:(RedHat|CentOS)':
- match: grain_pcre
- repos.epel
# The three minions with the IDs of 'foo', 'bar' and 'baz' should
# have 'database.sls' applied.
'foo,bar,baz':
- match: list
- database
# Any minion for which the pillar key 'somekey' is set and has a value
# of that key matching 'abc' will have the 'xyz.sls' state applied.
'somekey:abc':
- match: pillar
- xyz
How Top Files Are Compiled
When a highstate is executed and an environment is specified (either using the environment config option
or by passing the saltenv when executing the highstate), then that environment's top file is the only top
file used to assign states to minions, and only states from the specified environment will be run.
The remainder of this section applies to cases in which a highstate is executed without an environment
specified.
With no environment specified, the minion will look for a top file in each environment, and each top file
will be processed to determine the SLS files to run on the minions. By default, the top files from each
environment will be merged together. In configurations with many environments, such as with GitFS where
each branch and tag is treated as a distinct environment, this may cause unexpected results as SLS files
from older tags cause defunct SLS files to be included in the highstate. In cases like this, it can be
helpful to set top_file_merging_strategy to same to force each environment to use its own top file.
top_file_merging_strategy: same
Another option would be to set state_top_saltenv to a specific environment, to ensure that any top files
in other environments are disregarded:
state_top_saltenv: base
With GitFS, it can also be helpful to simply manage each environment's top file separately, and/or
manually specify the environment when executing the highstate to avoid any complicated merging scenarios.
gitfs_env_whitelist and gitfs_env_blacklist can also be used to hide unneeded branches and tags from
GitFS to reduce the number of top files in play.
When using multiple environments, it is not necessary to create a top file for each environment. The
easiest-to-maintain approach is to use a single top file placed in the base environment. This is often
infeasible with GitFS though, since branching/tagging can easily result in extra top files. However, when
only the default (roots) fileserver backend is used, a single top file in the base environment is the
most common way of configuring a highstate.
The following minion configuration options affect how top files are compiled when no environment is
specified, it is recommended to follow the below four links to learn more about how these options work:
• state_top_saltenv
• top_file_merging_strategy
• env_order
• default_top
Top File Compilation Examples
For the scenarios below, assume the following configuration:
/etc/salt/master:
file_roots:
base:
- /srv/salt/base
dev:
- /srv/salt/dev
qa:
- /srv/salt/qa
/srv/salt/base/top.sls:
base:
'*':
- base1
dev:
'*':
- dev1
qa:
'*':
- qa1
/srv/salt/dev/top.sls:
base:
'minion1':
- base2
dev:
'minion2':
- dev2
qa:
'*':
- qa1
- qa2
NOTE:
For the purposes of these examples, there is no top file in the qa environment.
Scenario 1 - dev Environment Specified
In this scenario, the highstate was either invoked with saltenv=dev or the minion has environment: dev
set in the minion config file. The result will be that only the dev2 SLS from the dev environment will be
part of the highstate, and it will be applied to minion2, while minion1 will have no states applied to
it.
If the base environment were specified, the result would be that only the base1 SLS from the base
environment would be part of the highstate, and it would be applied to all minions.
If the qa environment were specified, the highstate would exit with an error.
Scenario 2 - No Environment Specified, top_file_merging_strategy is merge
In this scenario, assuming that the base environment's top file was evaluated first, the base1, dev1, and
qa1 states would be applied to all minions. If, for instance, the qa environment is not defined in
/srv/salt/base/top.sls, then because there is no top file for the qa environment, no states from the qa
environment would be applied.
Scenario 3 - No Environment Specified, top_file_merging_strategy is same
Changed in version 2016.11.0: In prior versions, "same" did not quite work as described below (see here).
This has now been corrected. It was decided that changing something like top file handling in a point
release had the potential to unexpectedly impact users' top files too much, and it would be better to
make this correction in a feature release.
In this scenario, base1 from the base environment is applied to all minions. Additionally, dev2 from the
dev environment is applied to minion2.
If default_top is unset (or set to base, which happens to be the default), then qa1 from the qa
environment will be applied to all minions. If default_top were set to dev, then both qa1 and qa2 from
the qa environment would be applied to all minions.
Scenario 4 - No Environment Specified, top_file_merging_strategy is merge_all
New in version 2016.11.0.
In this scenario, all configured states in all top files are applied. From the base environment, base1
would be applied to all minions, with base2 being applied only to minion1. From the dev environment, dev1
would be applied to all minions, with dev2 being applied only to minion2. Finally, from the qa
environment, both the qa1 and qa2 states will be applied to all minions. Note that the qa1 states would
not be applied twice, even though qa1 appears twice.
SLS Template Variable Reference
The template engines available to sls files and file templates come loaded with a number of context
variables. These variables contain information and functions to assist in the generation of templates.
See each variable below for its availability -- not all variables are available in all templating
contexts.
Salt
The salt variable is available to abstract the salt library functions. This variable is a python
dictionary containing all of the functions available to the running salt minion. It is available in all
salt templates.
{% for file in salt['cmd.run']('ls -1 /opt/to_remove').splitlines() %}
/opt/to_remove/{{ file }}:
file.absent
{% endfor %}
Opts
The opts variable abstracts the contents of the minion's configuration file directly to the template. The
opts variable is a dictionary. It is available in all templates.
{{ opts['cachedir'] }}
The config.get function also searches for values in the opts dictionary.
Pillar
The pillar dictionary can be referenced directly, and is available in all templates:
{{ pillar['key'] }}
Using the pillar.get function via the salt variable is generally recommended since a default can be
safely set in the event that the value is not available in pillar and dictionaries can be traversed
directly:
{{ salt['pillar.get']('key', 'failover_value') }}
{{ salt['pillar.get']('stuff:more:deeper') }}
Grains
The grains dictionary makes the minion's grains directly available, and is available in all templates:
{{ grains['os'] }}
The grains.get function can be used to traverse deeper grains and set defaults:
{{ salt['grains.get']('os') }}
saltenv
The saltenv variable is available in only in sls files when gathering the sls from an environment.
{{ saltenv }}
sls
The sls variable contains the sls reference value, and is only available in the actual SLS file (not in
any files referenced in that SLS). The sls reference value is the value used to include the sls in top
files or via the include option.
{{ sls }}
slspath
The slspath variable contains the path to the current sls file. The value of slspath in files referenced
in the current sls depends on the reference method. For jinja includes slspath is the path to the current
file. For salt includes slspath is the path to the included file.
{{ slspath }}
State Modules
State Modules are the components that map to actual enforcement and management of Salt states.
States are Easy to Write!
State Modules should be easy to write and straightforward. The information passed to the SLS data
structures will map directly to the states modules.
Mapping the information from the SLS data is simple, this example should illustrate:
/etc/salt/master: # maps to "name"
file.managed: # maps to <filename>.<function> - e.g. "managed" in https://github.com/saltstack/salt/tree/develop/salt/states/file.py
- user: root # one of many options passed to the manage function
- group: root
- mode: 644
- source: salt://salt/master
Therefore this SLS data can be directly linked to a module, function, and arguments passed to that
function.
This does issue the burden, that function names, state names and function arguments should be very human
readable inside state modules, since they directly define the user interface.
Keyword Arguments
Salt passes a number of keyword arguments to states when rendering them, including the
environment, a unique identifier for the state, and more. Additionally, keep in mind that the
requisites for a state are part of the keyword arguments. Therefore, if you need to iterate
through the keyword arguments in a state, these must be considered and handled appropriately.
One such example is in the pkgrepo.managed state, which needs to be able to handle arbitrary
keyword arguments and pass them to module execution functions. An example of how these keyword
arguments can be handled can be found here.
Using Custom State Modules
Place your custom state modules inside a _states directory within the file_roots specified by the master
config file. These custom state modules can then be distributed in a number of ways. Custom state modules
are distributed when state.apply is run, or by executing the saltutil.sync_states or saltutil.sync_all
functions.
Any custom states which have been synced to a minion, that are named the same as one of Salt's default
set of states, will take the place of the default state with the same name. Note that a state's default
name is its filename (i.e. foo.py becomes state foo), but that its name can be overridden by using a
__virtual__ function.
Cross Calling Execution Modules from States
As with Execution Modules, State Modules can also make use of the __salt__ and __grains__ data. See cross
calling execution modules.
It is important to note that the real work of state management should not be done in the state module
unless it is needed. A good example is the pkg state module. This module does not do any package
management work, it just calls the pkg execution module. This makes the pkg state module completely
generic, which is why there is only one pkg state module and many backend pkg execution modules.
On the other hand some modules will require that the logic be placed in the state module, a good example
of this is the file module. But in the vast majority of cases this is not the best approach, and writing
specific execution modules to do the backend work will be the optimal solution.
Cross Calling State Modules
All of the Salt state modules are available to each other and state modules can call functions available
in other state modules.
The variable __states__ is packed into the modules after they are loaded into the Salt minion.
The __states__ variable is a Python dictionary containing all of the state modules. Dictionary keys are
strings representing the names of the modules and the values are the functions themselves.
Salt state modules can be cross-called by accessing the value in the __states__ dict:
ret = __states__['file.managed'](name='/tmp/myfile', source='salt://myfile')
This code will call the managed function in the file state module and pass the arguments name and source
to it.
Return Data
A State Module must return a dict containing the following keys/values:
• name: The same value passed to the state as "name".
• changes: A dict describing the changes made. Each thing changed should be a key, with its value being
another dict with keys called "old" and "new" containing the old/new values. For example, the pkg
state's changes dict has one key for each package changed, with the "old" and "new" keys in its
sub-dict containing the old and new versions of the package. For example, the final changes dictionary
for this scenario would look something like this:
ret['changes'].update({'my_pkg_name': {'old': '',
'new': 'my_pkg_name-1.0'}})
• result: A tristate value. True if the action was successful, False if it was not, or None if the state
was run in test mode, test=True, and changes would have been made if the state was not run in test
mode.
┌────────────────────┬───────────┬───────────┐
│ │ live mode │ test mode │
├────────────────────┼───────────┼───────────┤
│ no changes │ True │ True │
├────────────────────┼───────────┼───────────┤
│ successful changes │ True │ None │
├────────────────────┼───────────┼───────────┤
│ failed changes │ False │ None │
└────────────────────┴───────────┴───────────┘
NOTE:
Test mode does not predict if the changes will be successful or not.
• comment: A string containing a summary of the result.
The return data can also, include the pchanges key, this stands for predictive changes. The pchanges key
informs the State system what changes are predicted to occur.
NOTE:
States should not return data which cannot be serialized such as frozensets.
Test State
All states should check for and support test being passed in the options. This will return data about
what changes would occur if the state were actually run. An example of such a check could look like this:
# Return comment of changes if test.
if __opts__['test']:
ret['result'] = None
ret['comment'] = 'State Foo will execute with param {0}'.format(bar)
return ret
Make sure to test and return before performing any real actions on the minion.
NOTE:
Be sure to refer to the result table listed above and displaying any possible changes when writing
support for test. Looking for changes in a state is essential to test=true functionality. If a state
is predicted to have no changes when test=true (or test: true in a config file) is used, then the
result of the final state should not be None.
Watcher Function
If the state being written should support the watch requisite then a watcher function needs to be
declared. The watcher function is called whenever the watch requisite is invoked and should be generic to
the behavior of the state itself.
The watcher function should accept all of the options that the normal state functions accept (as they
will be passed into the watcher function).
A watcher function typically is used to execute state specific reactive behavior, for instance, the
watcher for the service module restarts the named service and makes it useful for the watcher to make the
service react to changes in the environment.
The watcher function also needs to return the same data that a normal state function returns.
Mod_init Interface
Some states need to execute something only once to ensure that an environment has been set up, or certain
conditions global to the state behavior can be predefined. This is the realm of the mod_init interface.
A state module can have a function called mod_init which executes when the first state of this type is
called. This interface was created primarily to improve the pkg state. When packages are installed the
package metadata needs to be refreshed, but refreshing the package metadata every time a package is
installed is wasteful. The mod_init function for the pkg state sets a flag down so that the first, and
only the first, package installation attempt will refresh the package database (the package database can
of course be manually called to refresh via the refresh option in the pkg state).
The mod_init function must accept the Low State Data for the given executing state as an argument. The
low state data is a dict and can be seen by executing the state.show_lowstate function. Then the mod_init
function must return a bool. If the return value is True, then the mod_init function will not be executed
again, meaning that the needed behavior has been set up. Otherwise, if the mod_init function returns
False, then the function will be called the next time.
A good example of the mod_init function is found in the pkg state module:
def mod_init(low):
'''
Refresh the package database here so that it only needs to happen once
'''
if low['fun'] == 'installed' or low['fun'] == 'latest':
rtag = __gen_rtag()
if not os.path.exists(rtag):
open(rtag, 'w+').write('')
return True
else:
return False
The mod_init function in the pkg state accepts the low state data as low and then checks to see if the
function being called is going to install packages, if the function is not going to install packages then
there is no need to refresh the package database. Therefore if the package database is prepared to
refresh, then return True and the mod_init will not be called the next time a pkg state is evaluated,
otherwise return False and the mod_init will be called next time a pkg state is evaluated.
Log Output
You can call the logger from custom modules to write messages to the minion logs. The following code
snippet demonstrates writing log messages:
import logging
log = logging.getLogger(__name__)
log.info('Here is Some Information')
log.warning('You Should Not Do That')
log.error('It Is Busted')
Strings and Unicode
A state module author should always assume that strings fed to the module have already decoded from
strings into Unicode. In Python 2, these will be of type 'Unicode' and in Python 3 they will be of type
str. Calling from a state to other Salt sub-systems, such as execution modules should pass Unicode (or
bytes if passing binary data). In the rare event that a state needs to write directly to disk, Unicode
should be encoded to a string immediately before writing to disk. An author may use
__salt_system_encoding__ to learn what the encoding type of the system is. For example,
'my_string'.encode(__salt_system_encoding__').
Full State Module Example
The following is a simplistic example of a full state module and function. Remember to call out to
execution modules to perform all the real work. The state module should only perform "before" and "after"
checks.
1. Make a custom state module by putting the code into a file at the following path:
/srv/salt/_states/my_custom_state.py.
2. Distribute the custom state module to the minions:
salt '*' saltutil.sync_states
3. Write a new state to use the custom state by making a new state file, for instance
/srv/salt/my_custom_state.sls.
4. Add the following SLS configuration to the file created in Step 3:
human_friendly_state_id: # An arbitrary state ID declaration.
my_custom_state: # The custom state module name.
- enforce_custom_thing # The function in the custom state module.
- name: a_value # Maps to the ``name`` parameter in the custom function.
- foo: Foo # Specify the required ``foo`` parameter.
- bar: False # Override the default value for the ``bar`` parameter.
Example state module
import salt.exceptions
def enforce_custom_thing(name, foo, bar=True):
'''
Enforce the state of a custom thing
This state module does a custom thing. It calls out to the execution module
``my_custom_module`` in order to check the current system and perform any
needed changes.
name
The thing to do something to
foo
A required argument
bar : True
An argument with a default value
'''
ret = {
'name': name,
'changes': {},
'result': False,
'comment': '',
'pchanges': {},
}
# Start with basic error-checking. Do all the passed parameters make sense
# and agree with each-other?
if bar == True and foo.startswith('Foo'):
raise salt.exceptions.SaltInvocationError(
'Argument "foo" cannot start with "Foo" if argument "bar" is True.')
# Check the current state of the system. Does anything need to change?
current_state = __salt__['my_custom_module.current_state'](name)
if current_state == foo:
ret['result'] = True
ret['comment'] = 'System already in the correct state'
return ret
# The state of the system does need to be changed. Check if we're running
# in ``test=true`` mode.
if __opts__['test'] == True:
ret['comment'] = 'The state of "{0}" will be changed.'.format(name)
ret['pchanges'] = {
'old': current_state,
'new': 'Description, diff, whatever of the new state',
}
# Return ``None`` when running with ``test=true``.
ret['result'] = None
return ret
# Finally, make the actual change and return the result.
new_state = __salt__['my_custom_module.change_state'](name, foo)
ret['comment'] = 'The state of "{0}" was changed!'.format(name)
ret['changes'] = {
'old': current_state,
'new': new_state,
}
ret['result'] = True
return ret
State Management
State management, also frequently called Software Configuration Management (SCM), is a program that puts
and keeps a system into a predetermined state. It installs software packages, starts or restarts services
or puts configuration files in place and watches them for changes.
Having a state management system in place allows one to easily and reliably configure and manage a few
servers or a few thousand servers. It allows configurations to be kept under version control.
Salt States is an extension of the Salt Modules that we discussed in the previous remote execution
tutorial. Instead of calling one-off executions the state of a system can be easily defined and then
enforced.
Understanding the Salt State System Components
The Salt state system is comprised of a number of components. As a user, an understanding of the SLS and
renderer systems are needed. But as a developer, an understanding of Salt states and how to write the
states is needed as well.
NOTE:
States are compiled and executed only on minions that have been targeted. To execute functions
directly on masters, see runners.
Salt SLS System
The primary system used by the Salt state system is the SLS system. SLS stands for SaLt State.
The Salt States are files which contain the information about how to configure Salt minions. The states
are laid out in a directory tree and can be written in many different formats.
The contents of the files and the way they are laid out is intended to be as simple as possible while
allowing for maximum flexibility. The files are laid out in states and contains information about how the
minion needs to be configured.
SLS File Layout
SLS files are laid out in the Salt file server.
A simple layout can look like this:
top.sls
ssh.sls
sshd_config
users/init.sls
users/admin.sls
salt/master.sls
web/init.sls
The top.sls file is a key component. The top.sls files is used to determine which SLS files should be
applied to which minions.
The rest of the files with the .sls extension in the above example are state files.
Files without a .sls extensions are seen by the Salt master as files that can be downloaded to a Salt
minion.
States are translated into dot notation. For example, the ssh.sls file is seen as the ssh state and the
users/admin.sls file is seen as the users.admin state.
Files named init.sls are translated to be the state name of the parent directory, so the web/init.sls
file translates to the web state.
In Salt, everything is a file; there is no "magic translation" of files and file types. This means that a
state file can be distributed to minions just like a plain text or binary file.
SLS Files
The Salt state files are simple sets of data. Since SLS files are just data they can be represented in a
number of different ways.
The default format is YAML generated from a Jinja template. This allows for the states files to have all
the language constructs of Python and the simplicity of YAML.
State files can then be complicated Jinja templates that translate down to YAML, or just plain and simple
YAML files.
The State files are simply common data structures such as dictionaries and lists, constructed using a
templating language such as YAML.
Here is an example of a Salt State:
vim:
pkg.installed: []
salt:
pkg.latest:
- name: salt
service.running:
- names:
- salt-master
- salt-minion
- require:
- pkg: salt
- watch:
- file: /etc/salt/minion
/etc/salt/minion:
file.managed:
- source: salt://salt/minion
- user: root
- group: root
- mode: 644
- require:
- pkg: salt
This short stanza will ensure that vim is installed, Salt is installed and up to date, the salt-master
and salt-minion daemons are running and the Salt minion configuration file is in place. It will also
ensure everything is deployed in the right order and that the Salt services are restarted when the
watched file updated.
The Top File
The top file controls the mapping between minions and the states which should be applied to them.
The top file specifies which minions should have which SLS files applied and which environments they
should draw those SLS files from.
The top file works by specifying environments on the top-level.
Each environment contains target expressions to match minions. Finally, each target expression contains a
list of Salt states to apply to matching minions:
base:
'*':
- salt
- users
- users.admin
'saltmaster.*':
- match: pcre
- salt.master
This above example uses the base environment which is built into the default Salt setup.
The base environment has target expressions. The first one matches all minions, and the SLS files below
it apply to all minions.
The second expression is a regular expression that will match all minions with an ID matching
saltmaster.* and specifies that for those minions, the salt.master state should be applied.
IMPORTANT:
Since version 2014.7.0, the default matcher (when one is not explicitly defined as in the second
expression in the above example) is the compound matcher. Since this matcher parses individual words
in the expression, minion IDs containing spaces will not match properly using this matcher. Therefore,
if your target expression is designed to match a minion ID containing spaces, it will be necessary to
specify a different match type (such as glob). For example:
base:
'test minion':
- match: glob
- foo
- bar
- baz
A full table of match types available in the top file can be found here.
Reloading Modules
Some Salt states require that specific packages be installed in order for the module to load. As an
example the pip state module requires the pip package for proper name and version parsing.
In most of the common cases, Salt is clever enough to transparently reload the modules. For example, if
you install a package, Salt reloads modules because some other module or state might require just that
package which was installed.
On some edge-cases salt might need to be told to reload the modules. Consider the following state file
which we'll call pep8.sls:
python-pip:
cmd.run:
- name: |
easy_install --script-dir=/usr/bin -U pip
- cwd: /
pep8:
pip.installed:
- require:
- cmd: python-pip
The above example installs pip using easy_install from setuptools and installs pep8 using pip, which, as
told earlier, requires pip to be installed system-wide. Let's execute this state:
salt-call state.apply pep8
The execution output would be something like:
----------
State: - pip
Name: pep8
Function: installed
Result: False
Comment: State pip.installed found in sls pep8 is unavailable
Changes:
Summary
------------
Succeeded: 1
Failed: 1
------------
Total: 2
If we executed the state again the output would be:
----------
State: - pip
Name: pep8
Function: installed
Result: True
Comment: Package was successfully installed
Changes: pep8==1.4.6: Installed
Summary
------------
Succeeded: 2
Failed: 0
------------
Total: 2
Since we installed pip using cmd, Salt has no way to know that a system-wide package was installed.
On the second execution, since the required pip package was installed, the state executed correctly.
NOTE:
Salt does not reload modules on every state run because doing so would greatly slow down state
execution.
So how do we solve this edge-case? reload_modules!
reload_modules is a boolean option recognized by salt on all available states which forces salt to reload
its modules once a given state finishes.
The modified state file would now be:
python-pip:
cmd.run:
- name: |
easy_install --script-dir=/usr/bin -U pip
- cwd: /
- reload_modules: true
pep8:
pip.installed:
- require:
- cmd: python-pip
Let's run it, once:
salt-call state.apply pep8
The output is:
----------
State: - pip
Name: pep8
Function: installed
Result: True
Comment: Package was successfully installed
Changes: pep8==1.4.6: Installed
Summary
------------
Succeeded: 2
Failed: 0
------------
Total: 2
UTILITY MODULES - CODE REUSE IN CUSTOM MODULES
New in version 2015.5.0.
Changed in version 2016.11.0: These can now be synced to the Master for use in custom Runners, and in
custom execution modules called within Pillar SLS files.
When extending Salt by writing custom (state modules), execution modules, etc., sometimes there is a need
for a function to be available to more than just one kind of custom module. For these cases, Salt
supports what are called "utility modules". These modules are like normal execution modules, but instead
of being invoked in Salt code using __salt__, the __utils__ prefix is used instead.
For example, assuming the following simple utility module, saved to salt://_utils/foo.py
# -*- coding: utf-8 -*-
'''
My utils module
---------------
This module contains common functions for use in my other custom types.
'''
def bar():
return 'baz'
Once synced to a minion, this function would be available to other custom Salt types like so:
# -*- coding: utf-8 -*-
'''
My awesome execution module
---------------------------
'''
def observe_the_awesomeness():
'''
Prints information from my utility module
CLI Example:
.. code-block:: bash
salt '*' mymodule.observe_the_awesomeness
'''
return __utils__['foo.bar']()
Utility modules, like any other kind of Salt extension, support using a __virtual__ function to
conditionally load them, or load them under a different namespace. For instance, if the utility module
above were named salt://_utils/mymodule.py it could be made to be loaded as the foo utility module with a
__virtual__ function.
# -*- coding: utf-8 -*-
'''
My utils module
---------------
This module contains common functions for use in my other custom types.
'''
def __virtual__():
'''
Load as a different name
'''
return 'foo'
def bar():
return 'baz'
Also you could even write your utility modules in object oriented fashion:
# -*- coding: utf-8 -*-
'''
My OOP-style utils module
-------------------------
This module contains common functions for use in my other custom types.
'''
class Foo(object):
def __init__(self):
pass
def bar(self):
return 'baz'
And import them into other custom modules:
# -*- coding: utf-8 -*-
'''
My awesome execution module
---------------------------
'''
import mymodule
def observe_the_awesomeness():
'''
Prints information from my utility module
CLI Example:
.. code-block:: bash
salt '*' mymodule.observe_the_awesomeness
'''
foo = mymodule.Foo()
return foo.bar()
These are, of course, contrived examples, but they should serve to show some of the possibilities opened
up by writing utility modules. Keep in mind though that states still have access to all of the execution
modules, so it is not necessary to write a utility module to make a function available to both a state
and an execution module. One good use case for utility modules is one where it is necessary to invoke the
same function from a custom outputter/returner, as well as an execution module.
Utility modules placed in salt://_utils/ will be synced to the minions when any of the following Salt
functions are called:
• state.apply
• saltutil.sync_utils
• saltutil.sync_all
To sync to the Master, use either of the following:
• saltutil.sync_utils
• saltutil.sync_all
EVENTS & REACTOR
Event System
The Salt Event System is used to fire off events enabling third party applications or external processes
to react to behavior within Salt.
The event system is comprised of a two primary components:
• The event sockets which publishes events.
• The event library which can listen to events and send events into the salt system.
Event types
Salt Master Events
These events are fired on the Salt Master event bus. This list is not comprehensive.
Authentication events
salt/auth
Fired when a minion performs an authentication check with the master.
Variables
• id -- The minion ID.
• act -- The current status of the minion key: accept, pend, reject.
• pub -- The minion public key.
NOTE:
Minions fire auth events on fairly regular basis for a number of reasons. Writing reactors to
respond to events through the auth cycle can lead to infinite reactor event loops (minion tries
to auth, reactor responds by doing something that generates another auth event, minion sends
auth event, etc.). Consider reacting to salt/key or salt/minion/<MID>/start or firing a custom
event tag instead.
Start events
salt/minion/<MID>/start
Fired every time a minion connects to the Salt master.
Variables
id -- The minion ID.
Key events
salt/key
Fired when accepting and rejecting minions keys on the Salt master. These happen as a result of
actions undertaken by the salt-key command.
Variables
• id -- The minion ID.
• act -- The new status of the minion key: accept, delete,
WARNING:
If a master is in auto_accept mode, salt/key events will not be fired when the keys are accepted. In
addition, pre-seeding keys (like happens through Salt-Cloud) will not cause firing of these events.
Job events
salt/job/<JID>/new
Fired as a new job is sent out to minions.
Variables
• jid -- The job ID.
• tgt -- The target of the job: *, a minion ID, G@os_family:RedHat, etc.
• tgt_type -- The type of targeting used: glob, grain, compound, etc.
• fun -- The function to run on minions: test.ping, network.interfaces, etc.
• arg -- A list of arguments to pass to the function that will be called.
• minions -- A list of minion IDs that Salt expects will return data for this job.
• user -- The name of the user that ran the command as defined in Salt's Publisher ACL or
external auth.
salt/job/<JID>/ret/<MID>
Fired each time a minion returns data for a job.
Variables
• id -- The minion ID.
• jid -- The job ID.
• retcode -- The return code for the job.
• fun -- The function the minion ran. E.g., test.ping.
• return -- The data returned from the execution module.
salt/job/<JID>/prog/<MID>/<RUN NUM>
Fired each time a each function in a state run completes execution. Must be enabled using the
state_events option.
Variables
• data -- The data returned from the state module function.
• id -- The minion ID.
• jid -- The job ID.
Runner Events
salt/run/<JID>/new
Fired as a runner begins execution
Variables
• jid -- The job ID.
• fun -- The name of the runner function, with runner. prepended to it (e.g.
runner.jobs.lookup_jid)
• fun_args -- The arguments passed to the runner function (e.g. ['20160829225914848058'])
• user -- The user who executed the runner (e.g. root)
salt/run/<JID>/ret
Fired when a runner function returns
Variables
• jid -- The job ID.
• fun -- The name of the runner function, with runner. prepended to it (e.g.
runner.jobs.lookup_jid)
• fun_args -- The arguments passed to the runner function (e.g. ['20160829225914848058'])
• return -- The data returned by the runner function
salt/run/<JID>/args
New in version 2016.11.0.
Fired by the state.orchestrate runner
Variables
• name -- The ID declaration for the orchestration job (i.e. the line above salt.state,
salt.function, salt.runner, etc.)
• type -- The type of orchestration job being run (e.g. state)
• tgt -- The target expression (e.g. *). Included for state and function types only.
• args -- The args passed to the orchestration job. Note: for state and function types,
also includes a tgt_type value which shows what kind of match (glob, pcre, etc.) was
used. This value was named expr_form in the 2016.11 release cycle but has been renamed
to tgt_type in 2017.7.0 for consistency with other events.
Presence Events
salt/presence/present
Events fired on a regular interval about currently connected, newly connected, or recently
disconnected minions. Requires the presence_events setting to be enabled.
Variables
present -- A list of minions that are currently connected to the Salt master.
salt/presence/change
Fired when the Presence system detects new minions connect or disconnect.
Variables
• new -- A list of minions that have connected since the last presence event.
• lost -- A list of minions that have disconnected since the last presence event.
Cloud Events
Unlike other Master events, salt-cloud events are not fired on behalf of a Salt Minion. Instead,
salt-cloud events are fired on behalf of a VM. This is because the minion-to-be may not yet exist to fire
events to or also may have been destroyed.
This behavior is reflected by the name variable in the event data for salt-cloud events as compared to
the id variable for Salt Minion-triggered events.
salt/cloud/<VM NAME>/creating
Fired when salt-cloud starts the VM creation process.
Variables
• name -- the name of the VM being created.
• event -- description of the event.
• provider -- the cloud provider of the VM being created.
• profile -- the cloud profile for the VM being created.
salt/cloud/<VM NAME>/deploying
Fired when the VM is available and salt-cloud begins deploying Salt to the new VM.
Variables
• name -- the name of the VM being created.
• event -- description of the event.
• kwargs -- options available as the deploy script is invoked: conf_file, deploy_command,
display_ssh_output, host, keep_tmp, key_filename, make_minion, minion_conf, name,
parallel, preseed_minion_keys, script, script_args, script_env, sock_dir, start_action,
sudo, tmp_dir, tty, username
salt/cloud/<VM NAME>/requesting
Fired when salt-cloud sends the request to create a new VM.
Variables
• event -- description of the event.
• location -- the location of the VM being requested.
• kwargs -- options available as the VM is being requested: Action, ImageId, InstanceType,
KeyName, MaxCount, MinCount, SecurityGroup.1
salt/cloud/<VM NAME>/querying
Fired when salt-cloud queries data for a new instance.
Variables
• event -- description of the event.
• instance_id -- the ID of the new VM.
salt/cloud/<VM NAME>/tagging
Fired when salt-cloud tags a new instance.
Variables
• event -- description of the event.
• tags -- tags being set on the new instance.
salt/cloud/<VM NAME>/waiting_for_ssh
Fired while the salt-cloud deploy process is waiting for ssh to become available on the new
instance.
Variables
• event -- description of the event.
• ip_address -- IP address of the new instance.
salt/cloud/<VM NAME>/deploy_script
Fired once the deploy script is finished.
Variables
event -- description of the event.
salt/cloud/<VM NAME>/created
Fired once the new instance has been fully created.
Variables
• name -- the name of the VM being created.
• event -- description of the event.
• instance_id -- the ID of the new instance.
• provider -- the cloud provider of the VM being created.
• profile -- the cloud profile for the VM being created.
salt/cloud/<VM NAME>/destroying
Fired when salt-cloud requests the destruction of an instance.
Variables
• name -- the name of the VM being created.
• event -- description of the event.
• instance_id -- the ID of the new instance.
salt/cloud/<VM NAME>/destroyed
Fired when an instance has been destroyed.
Variables
• name -- the name of the VM being created.
• event -- description of the event.
• instance_id -- the ID of the new instance.
Listening for Events
Salt's Event Bus is used heavily within Salt and it is also written to integrate heavily with existing
tooling and scripts. There is a variety of ways to consume it.
From the CLI
The quickest way to watch the event bus is by calling the state.event runner:
salt-run state.event pretty=True
That runner is designed to interact with the event bus from external tools and shell scripts. See the
documentation for more examples.
Remotely via the REST API
Salt's event bus can be consumed salt.netapi.rest_cherrypy.app.Events as an HTTP stream from external
tools or services.
curl -SsNk https://salt-api.example.com:8000/events?token=05A3
From Python
Python scripts can access the event bus only as the same system user that Salt is running as.
The event system is accessed via the event library and can only be accessed by the same system user that
Salt is running as. To listen to events a SaltEvent object needs to be created and then the get_event
function needs to be run. The SaltEvent object needs to know the location that the Salt Unix sockets are
kept. In the configuration this is the sock_dir option. The sock_dir option defaults to
"/var/run/salt/master" on most systems.
The following code will check for a single event:
import salt.config
import salt.utils.event
opts = salt.config.client_config('/etc/salt/master')
event = salt.utils.event.get_event(
'master',
sock_dir=opts['sock_dir'],
transport=opts['transport'],
opts=opts)
data = event.get_event()
Events will also use a "tag". Tags allow for events to be filtered by prefix. By default all events will
be returned. If only authentication events are desired, then pass the tag "salt/auth".
The get_event method has a default poll time assigned of 5 seconds. To change this time set the "wait"
option.
The following example will only listen for auth events and will wait for 10 seconds instead of the
default 5.
data = event.get_event(wait=10, tag='salt/auth')
To retrieve the tag as well as the event data, pass full=True:
evdata = event.get_event(wait=10, tag='salt/job', full=True)
tag, data = evdata['tag'], evdata['data']
Instead of looking for a single event, the iter_events method can be used to make a generator which will
continually yield salt events.
The iter_events method also accepts a tag but not a wait time:
for data in event.iter_events(tag='salt/auth'):
print(data)
And finally event tags can be globbed, such as they can be in the Reactor, using the fnmatch library.
import fnmatch
import salt.config
import salt.utils.event
opts = salt.config.client_config('/etc/salt/master')
sevent = salt.utils.event.get_event(
'master',
sock_dir=opts['sock_dir'],
transport=opts['transport'],
opts=opts)
while True:
ret = sevent.get_event(full=True)
if ret is None:
continue
if fnmatch.fnmatch(ret['tag'], 'salt/job/*/ret/*'):
do_something_with_job_return(ret['data'])
Firing Events
It is possible to fire events on either the minion's local bus or to fire events intended for the master.
To fire a local event from the minion on the command line call the event.fire execution function:
salt-call event.fire '{"data": "message to be sent in the event"}' 'tag'
To fire an event to be sent up to the master from the minion call the event.send execution function.
Remember YAML can be used at the CLI in function arguments:
salt-call event.send 'myco/mytag/success' '{success: True, message: "It works!"}'
If a process is listening on the minion, it may be useful for a user on the master to fire an event to
it:
# Job on minion
import salt.utils.event
event = salt.utils.event.MinionEvent(**__opts__)
for evdata in event.iter_events(tag='customtag/'):
return evdata # do your processing here...
salt minionname event.fire '{"data": "message for the minion"}' 'customtag/african/unladen'
Firing Events from Python
From Salt execution modules
Events can be very useful when writing execution modules, in order to inform various processes on the
master when a certain task has taken place. This is easily done using the normal cross-calling syntax:
# /srv/salt/_modules/my_custom_module.py
def do_something():
'''
Do something and fire an event to the master when finished
CLI Example::
salt '*' my_custom_module:do_something
'''
# do something!
__salt__['event.send']('myco/my_custom_module/finished', {
'finished': True,
'message': "The something is finished!",
})
From Custom Python Scripts
Firing events from custom Python code is quite simple and mirrors how it is done at the CLI:
import salt.client
caller = salt.client.Caller()
caller.sminion.functions['event.send'](
'myco/myevent/success',
{
'success': True,
'message': "It works!",
}
)
Beacons
Beacons let you use the Salt event system to monitor non-Salt processes. The beacon system allows the
minion to hook into a variety of system processes and continually monitor these processes. When monitored
activity occurs in a system process, an event is sent on the Salt event bus that can be used to trigger a
reactor.
Salt beacons can currently monitor and send Salt events for many system activities, including:
• file system changes
• system load
• service status
• shell activity, such as user login
• network and disk usage
See beacon modules for a current list.
NOTE:
Salt beacons are an event generation mechanism. Beacons leverage the Salt reactor system to make
changes when beacon events occur.
Configuring Beacons
Salt beacons do not require any changes to the system components that are being monitored, everything is
configured using Salt.
Beacons are typically enabled by placing a beacons: top level block in /etc/salt/minion or any file in
/etc/salt/minion.d/ such as /etc/salt/minion.d/beacons.conf:
beacons:
inotify:
/etc/important_file: {}
/opt: {}
The beacon system, like many others in Salt, can also be configured via the minion pillar, grains, or
local config file.
NOTE:
The inotify beacon only works on OSes that have inotify kernel support. Currently this excludes
FreeBSD, macOS, and Windows.
Beacon Monitoring Interval
Beacons monitor on a 1-second interval by default. To set a different interval, provide an interval
argument to a beacon. The following beacons run on 5- and 10-second intervals:
beacons:
inotify:
/etc/important_file: {}
/opt: {}
interval: 5
disable_during_state_run: True
load:
1m:
- 0.0
- 2.0
5m:
- 0.0
- 1.5
15m:
- 0.1
- 1.0
interval: 10
Avoiding Event Loops
It is important to carefully consider the possibility of creating a loop between a reactor and a beacon.
For example, one might set up a beacon which monitors whether a file is read which in turn fires a
reactor to run a state which in turn reads the file and re-fires the beacon.
To avoid these types of scenarios, the disable_during_state_run argument may be set. If a state run is in
progress, the beacon will not be run on its regular interval until the minion detects that the state run
has completed, at which point the normal beacon interval will resume.
beacons:
inotify:
/etc/important_file: {}
disable_during_state_run: True
NOTE:
For beacon writers: If you need extra stuff to happen, like closing file handles for the
disable_during_state_run to actually work, you can add a close() function to the beacon to run those
extra things. See the inotify beacon.
Beacon Example
This example demonstrates configuring the inotify beacon to monitor a file for changes, and then restores
the file to its original contents if a change was made.
NOTE:
The inotify beacon requires Pyinotify on the minion, install it using salt myminion pkg.install
python-inotify.
Create Watched File
Create the file named /etc/important_file and add some simple content:
important_config: True
Add Beacon Configs to Minion
On the Salt minion, add the following configuration to /etc/salt/minion.d/beacons.conf:
beacons:
inotify:
/etc/important_file:
mask:
- modify
disable_during_state_run: True
Save the configuration file and restart the minion service. The beacon is now set up to notify salt upon
modifications made to the file.
NOTE:
The disable_during_state_run: True parameter prevents the inotify beacon from generating reactor
events due to salt itself modifying the file.
View Events on the Master
On your Salt master, start the event runner using the following command:
salt-run state.event pretty=true
This runner displays events as they are received by the master on the Salt event bus. To test the beacon
you set up in the previous section, make and save a modification to /etc/important_file. You'll see an
event similar to the following on the event bus:
salt/beacon/larry/inotify//etc/important_file {
"_stamp": "2015-09-09T15:59:37.972753",
"data": {
"change": "IN_IGNORED",
"id": "larry",
"path": "/etc/important_file"
},
"tag": "salt/beacon/larry/inotify//etc/important_file"
}
This indicates that the event is being captured and sent correctly. Now you can create a reactor to take
action when this event occurs.
Create a Reactor
This reactor reverts the file named /etc/important_file to the contents provided by salt each time it is
modified.
Reactor SLS
On your Salt master, create a file named /srv/reactor/revert.sls.
NOTE:
If the /srv/reactor directory doesn't exist, create it.
mkdir -p /srv/reactor
Add the following to /srv/reactor/revert.sls:
revert-file:
local.state.apply:
- tgt: {{ data['data']['id'] }}
- arg:
- maintain_important_file
NOTE:
In addition to setting disable_during_state_run: True for an inotify beacon whose reaction is to
modify the watched file, it is important to ensure the state applied is also idempotent.
NOTE:
The expression {{ data['data']['id'] }} is correct as it matches the event structure shown above.
State SLS
Create the state sls file referenced by the reactor sls file. This state file will be located at
/srv/salt/maintain_important_file.sls.
important_file:
file.managed:
- name: /etc/important_file
- contents: |
important_config: True
Master Config
Configure the master to map the inotify beacon event to the revert reaction in
/etc/salt/master.d/reactor.conf:
reactor:
- salt/beacon/*/inotify//etc/important_file:
- /srv/reactor/revert.sls
NOTE:
You can have only one top level reactor section, so if one already exists, add this code to the
existing section. See here to learn more about reactor SLS syntax.
Start the Salt Master in Debug Mode
To help with troubleshooting, start the Salt master in debug mode:
service salt-master stop
salt-master -l debug
When debug logging is enabled, event and reactor data are displayed so you can discover syntax and other
issues.
Trigger the Reactor
On your minion, make and save another change to /etc/important_file. On the Salt master, you'll see debug
messages that indicate the event was received and the state.apply job was sent. When you inspect the file
on the minion, you'll see that the file contents have been restored to important_config: True.
All beacons are configured using a similar process of enabling the beacon, writing a reactor SLS (and
state SLS if needed), and mapping a beacon event to the reactor SLS.
Writing Beacon Plugins
Beacon plugins use the standard Salt loader system, meaning that many of the constructs from other plugin
systems holds true, such as the __virtual__ function.
The important function in the Beacon Plugin is the beacon function. When the beacon is configured to run,
this function will be executed repeatedly by the minion. The beacon function therefore cannot block and
should be as lightweight as possible. The beacon also must return a list of dicts, each dict in the list
will be translated into an event on the master.
Beacons may also choose to implement a __validate__ function which takes the beacon configuration as an
argument and ensures that it is valid prior to continuing. This function is called automatically by the
Salt loader when a beacon is loaded.
Please see the inotify beacon as an example.
The beacon Function
The beacons system will look for a function named beacon in the module. If this function is not present
then the beacon will not be fired. This function is called on a regular basis and defaults to being
called on every iteration of the minion, which can be tens to hundreds of times a second. This means that
the beacon function cannot block and should not be CPU or IO intensive.
The beacon function will be passed in the configuration for the executed beacon. This makes it easy to
establish a flexible configuration for each called beacon. This is also the preferred way to ingest the
beacon's configuration as it allows for the configuration to be dynamically updated while the minion is
running by configuring the beacon in the minion's pillar.
The Beacon Return
The information returned from the beacon is expected to follow a predefined structure. The returned value
needs to be a list of dictionaries (standard python dictionaries are preferred, no ordered dicts are
needed).
The dictionaries represent individual events to be fired on the minion and master event buses. Each dict
is a single event. The dict can contain any arbitrary keys but the 'tag' key will be extracted and added
to the tag of the fired event.
The return data structure would look something like this:
[{'changes': ['/foo/bar'], 'tag': 'foo'},
{'changes': ['/foo/baz'], 'tag': 'bar'}]
Calling Execution Modules
Execution modules are still the preferred location for all work and system interaction to happen in Salt.
For this reason the __salt__ variable is available inside the beacon.
Please be careful when calling functions in __salt__, while this is the preferred means of executing
complicated routines in Salt not all of the execution modules have been written with beacons in mind.
Watch out for execution modules that may be CPU intense or IO bound. Please feel free to add new
execution modules and functions to back specific beacons.
Distributing Custom Beacons
Custom beacons can be distributed to minions using saltutil, see Dynamic Module Distribution.
Reactor System
Salt's Reactor system gives Salt the ability to trigger actions in response to an event. It is a simple
interface to watching Salt's event bus for event tags that match a given pattern and then running one or
more commands in response.
This system binds sls files to event tags on the master. These sls files then define reactions. This
means that the reactor system has two parts. First, the reactor option needs to be set in the master
configuration file. The reactor option allows for event tags to be associated with sls reaction files.
Second, these reaction files use highdata (like the state system) to define reactions to be executed.
Event System
A basic understanding of the event system is required to understand reactors. The event system is a
local ZeroMQ PUB interface which fires salt events. This event bus is an open system used for sending
information notifying Salt and other systems about operations.
The event system fires events with a very specific criteria. Every event has a tag. Event tags allow for
fast top-level filtering of events. In addition to the tag, each event has a data structure. This data
structure is a dictionary, which contains information about the event.
Mapping Events to Reactor SLS Files
Reactor SLS files and event tags are associated in the master config file. By default this is
/etc/salt/master, or /etc/salt/master.d/reactor.conf.
New in version 2014.7.0: Added Reactor support for salt:// file paths.
In the master config section 'reactor:' is a list of event tags to be matched and each event tag has a
list of reactor SLS files to be run.
reactor: # Master config section "reactor"
- 'salt/minion/*/start': # Match tag "salt/minion/*/start"
- /srv/reactor/start.sls # Things to do when a minion starts
- /srv/reactor/monitor.sls # Other things to do
- 'salt/cloud/*/destroyed': # Globs can be used to match tags
- /srv/reactor/destroy/*.sls # Globs can be used to match file names
- 'myco/custom/event/tag': # React to custom event tags
- salt://reactor/mycustom.sls # Reactor files can come from the salt fileserver
NOTE:
In the above example, salt://reactor/mycustom.sls refers to the base environment. To pull this file
from a different environment, use the querystring syntax (e.g.
salt://reactor/mycustom.sls?saltenv=reactor).
Reactor SLS files are similar to State and Pillar SLS files. They are by default YAML + Jinja templates
and are passed familiar context variables. Click here for more detailed information on the variables
availble in Jinja templating.
Here is the SLS for a simple reaction:
{% if data['id'] == 'mysql1' %}
highstate_run:
local.state.apply:
- tgt: mysql1
{% endif %}
This simple reactor file uses Jinja to further refine the reaction to be made. If the id in the event
data is mysql1 (in other words, if the name of the minion is mysql1) then the following reaction is
defined. The same data structure and compiler used for the state system is used for the reactor system.
The only difference is that the data is matched up to the salt command API and the runner system. In
this example, a command is published to the mysql1 minion with a function of state.apply, which performs
a highstate. Similarly, a runner can be called:
{% if data['data']['custom_var'] == 'runit' %}
call_runit_orch:
runner.state.orchestrate:
- args:
- mods: orchestrate.runit
{% endif %}
This example will execute the state.orchestrate runner and intiate an execution of the runit orchestrator
located at /srv/salt/orchestrate/runit.sls.
Types of Reactions
┌────────┬───────────────────────────────────────┐
│ Name │ Description │
├────────┼───────────────────────────────────────┤
│ local │ Runs a remote-execution function on │
│ │ targeted minions │
├────────┼───────────────────────────────────────┤
│ runner │ Executes a runner function │
├────────┼───────────────────────────────────────┤
│ wheel │ Executes a wheel function on the │
│ │ master │
├────────┼───────────────────────────────────────┤
│ caller │ Runs a remote-execution function on a │
│ │ masterless minion │
└────────┴───────────────────────────────────────┘
NOTE:
The local and caller reaction types will be renamed for the Oxygen release. These reaction types were
named after Salt's internal client interfaces, and are not intuitively named. Both local and caller
will continue to work in Reactor SLS files, but for the Oxygen release the documentation will be
updated to reflect the new preferred naming.
Where to Put Reactor SLS Files
Reactor SLS files can come both from files local to the master, and from any of backends enabled via the
fileserver_backend config option. Files placed in the Salt fileserver can be referenced using a salt://
URL, just like they can in State SLS files.
It is recommended to place reactor and orchestrator SLS files in their own uniquely-named subdirectories
such as orch/, orchestrate/, react/, reactor/, etc., to keep them organized.
Writing Reactor SLS
The different reaction types were developed separately and have historically had different methods for
passing arguments. For the 2017.7.2 release a new, unified configuration schema has been introduced,
which applies to all reaction types.
The old config schema will continue to be supported, and there is no plan to deprecate it at this time.
Local Reactions
A local reaction runs a remote-execution function on the targeted minions.
The old config schema required the positional and keyword arguments to be manually separated by the user
under arg and kwarg parameters. However, this is not very user-friendly, as it forces the user to
distinguish which type of argument is which, and make sure that positional arguments are ordered
properly. Therefore, the new config schema is recommended if the master is running a supported release.
The below two examples are equivalent:
──────────────────────────────────────────────────────────────────────────────
Supported in 2017.7.2 and later Supported in all releases
──────────────────────────────────────────────────────────────────────────────
install_zsh: install_zsh:
local.state.single: local.state.single:
- tgt: 'kernel:Linux' - tgt: 'kernel:Linux'
- tgt_type: grain - tgt_type: grain
- args: - arg:
- fun: pkg.installed - pkg.installed
- name: zsh - zsh
- fromrepo: updates - kwarg:
fromrepo: updates
┌──────────────────────────────────────┬─────────────────────────────────────┐
│ │ │
--
ORCHESTRATION
Orchestrate Runner
Executing states or highstate on a minion is perfect when you want to ensure that minion configured and
running the way you want. Sometimes however you want to configure a set of minions all at once.
For example, if you want to set up a load balancer in front of a cluster of web servers you can ensure
the load balancer is set up first, and then the same matching configuration is applied consistently
across the whole cluster.
Orchestration is the way to do this.
The Orchestrate Runner
New in version 0.17.0.
NOTE:
Orchestrate Deprecates OverState
The Orchestrate Runner (originally called the state.sls runner) offers all the functionality of the
OverState, but with some advantages:
• All requisites available in states can be used.
• The states/functions will also work on salt-ssh minions.
The Orchestrate Runner replaced the OverState system in Salt 2015.8.0.
The orchestrate runner generalizes the Salt state system to a Salt master context. Whereas the
state.sls, state.highstate, et al. functions are concurrently and independently executed on each Salt
minion, the state.orchestrate runner is executed on the master, giving it a master-level view and control
over requisites, such as state ordering and conditionals. This allows for inter minion requisites, like
ordering the application of states on different minions that must not happen simultaneously, or for
halting the state run on all minions if a minion fails one of its states.
The state.sls, state.highstate, et al. functions allow you to statefully manage each minion and the
state.orchestrate runner allows you to statefully manage your entire infrastructure.
Writing SLS Files
Orchestrate SLS files are stored in the same location as State SLS files. This means that both file_roots
and gitfs_remotes impact what SLS files are available to the reactor and orchestrator.
It is recommended to keep reactor and orchestrator SLS files in their own uniquely named subdirectories
such as _orch/, orch/, _orchestrate/, react/, _reactor/, etc. This will avoid duplicate naming and will
help prevent confusion.
Executing the Orchestrate Runner
The Orchestrate Runner command format is the same as for the state.sls function, except that since it is
a runner, it is executed with salt-run rather than salt. Assuming you have a state.sls file called
/srv/salt/orch/webserver.sls the following command, run on the master, will apply the states defined in
that file.
salt-run state.orchestrate orch.webserver
NOTE:
state.orch is a synonym for state.orchestrate
Changed in version 2014.1.1: The runner function was renamed to state.orchestrate to avoid confusion with
the state.sls execution function. In versions 0.17.0 through 2014.1.0, state.sls must be used.
Masterless Orchestration
New in version 2016.11.0.
To support salt orchestration on masterless minions, the Orchestrate Runner is available as an execution
module. The syntax for masterless orchestration is exactly the same, but it uses the salt-call command
and the minion configuration must contain the file_mode: local option. Alternatively, use salt-call
--local on the command line.
salt-call --local state.orchestrate orch.webserver
NOTE:
Masterless orchestration supports only the salt.state command in an sls file; it does not (currently)
support the salt.function command.
Examples
Function
To execute a function, use salt.function:
# /srv/salt/orch/cleanfoo.sls
cmd.run:
salt.function:
- tgt: '*'
- arg:
- rm -rf /tmp/foo
salt-run state.orchestrate orch.cleanfoo
If you omit the "name" argument, the ID of the state will be the default name, or in the case of
salt.function, the execution module function to run. You can specify the "name" argument to avoid
conflicting IDs:
copy_some_file:
salt.function:
- name: file.copy
- tgt: '*'
- arg:
- /path/to/file
- /tmp/copy_of_file
- kwarg:
remove_existing: true
State
To execute a state, use salt.state.
# /srv/salt/orch/webserver.sls
install_nginx:
salt.state:
- tgt: 'web*'
- sls:
- nginx
salt-run state.orchestrate orch.webserver
Highstate
To run a highstate, set highstate: True in your state config:
# /srv/salt/orch/web_setup.sls
webserver_setup:
salt.state:
- tgt: 'web*'
- highstate: True
salt-run state.orchestrate orch.web_setup
Runner
To execute another runner, use salt.runner. For example to use the cloud.profile runner in your
orchestration state additional options to replace values in the configured profile, use this:
# /srv/salt/orch/deploy.sls
create_instance:
salt.runner:
- name: cloud.profile
- prof: cloud-centos
- provider: cloud
- instances:
- server1
- opts:
minion:
master: master1
To get a more dynamic state, use jinja variables together with inline pillar data. Using the same
example but passing on pillar data, the state would be like this.
# /srv/salt/orch/deploy.sls
{% set servers = salt['pillar.get']('servers', 'test') %}
{% set master = salt['pillar.get']('master', 'salt') %}
create_instance:
salt.runner:
- name: cloud.profile
- prof: cloud-centos
- provider: cloud
- instances:
- {{ servers }}
- opts:
minion:
master: {{ master }}
To execute with pillar data.
salt-run state.orch orch.deploy pillar='{"servers": "newsystem1",
"master": "mymaster"}'
More Complex Orchestration
Many states/functions can be configured in a single file, which when combined with the full suite of
requisites, can be used to easily configure complex orchestration tasks. Additionally, the
states/functions will be executed in the order in which they are defined, unless prevented from doing so
by any requisites, as is the default in SLS files since 0.17.0.
bootstrap_servers:
salt.function:
- name: cmd.run
- tgt: 10.0.0.0/24
- tgt_type: ipcidr
- arg:
- bootstrap
storage_setup:
salt.state:
- tgt: 'role:storage'
- tgt_type: grain
- sls: ceph
- require:
- salt: webserver_setup
webserver_setup:
salt.state:
- tgt: 'web*'
- highstate: True
Given the above setup, the orchestration will be carried out as follows:
1. The shell command bootstrap will be executed on all minions in the 10.0.0.0/24 subnet.
2. A Highstate will be run on all minions whose ID starts with "web", since the storage_setup state
requires it.
3. Finally, the ceph SLS target will be executed on all minions which have a grain called role with a
value of storage.
NOTE:
Remember, salt-run is always executed on the master.
SALT SSH
Getting Started
Salt SSH is very easy to use, simply set up a basic roster file of the systems to connect to and run
salt-ssh commands in a similar way as standard salt commands.
• Salt ssh is considered production ready in version 2014.7.0
• Python is required on the remote system (unless using the -r option to send raw ssh commands)
• On many systems, the salt-ssh executable will be in its own package, usually named salt-ssh
• The Salt SSH system does not supersede the standard Salt communication systems, it simply offers an
SSH-based alternative that does not require ZeroMQ and a remote agent. Be aware that since all
communication with Salt SSH is executed via SSH it is substantially slower than standard Salt with
ZeroMQ.
• At the moment fileserver operations must be wrapped to ensure that the relevant files are delivered
with the salt-ssh commands. The state module is an exception, which compiles the state run on the
master, and in the process finds all the references to salt:// paths and copies those files down in the
same tarball as the state run. However, needed fileserver wrappers are still under development.
Salt SSH Roster
The roster system in Salt allows for remote minions to be easily defined.
NOTE:
See the SSH roster docs for more details.
Simply create the roster file, the default location is /etc/salt/roster:
web1: 192.168.42.1
This is a very basic roster file where a Salt ID is being assigned to an IP address. A more elaborate
roster can be created:
web1:
host: 192.168.42.1 # The IP addr or DNS hostname
user: fred # Remote executions will be executed as user fred
passwd: foobarbaz # The password to use for login, if omitted, keys are used
sudo: True # Whether to sudo to root, not enabled by default
web2:
host: 192.168.42.2
NOTE:
sudo works only if NOPASSWD is set for user in /etc/sudoers: fred ALL=(ALL) NOPASSWD: ALL
Deploy ssh key for salt-ssh
By default, salt-ssh will generate key pairs for ssh, the default path will be
/etc/salt/pki/master/ssh/salt-ssh.rsa. The key generation happens when you run salt-ssh for the first
time.
You can use ssh-copy-id, (the OpenSSH key deployment tool) to deploy keys to your servers.
ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa.pub user@server.demo.com
One could also create a simple shell script, named salt-ssh-copy-id.sh as follows:
#!/bin/bash
if [ -z $1 ]; then
echo $0 user@host.com
exit 0
fi
ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa.pub $1
NOTE:
Be certain to chmod +x salt-ssh-copy-id.sh.
./salt-ssh-copy-id.sh user@server1.host.com
./salt-ssh-copy-id.sh user@server2.host.com
Once keys are successfully deployed, salt-ssh can be used to control them.
Alternatively ssh agent forwarding can be used by setting the priv to agent-forwarding.
Calling Salt SSH
NOTE:
salt-ssh on RHEL/CentOS 5
The salt-ssh command requires at least python 2.6, which is not installed by default on RHEL/CentOS 5.
An easy workaround in this situation is to use the -r option to run a raw shell command that installs
python26:
salt-ssh centos-5-minion -r 'yum -y install epel-release ; yum -y install python26'
NOTE:
salt-ssh on systems with Python 3.x
Salt, before the 2017.7.0 release, does not support Python 3.x which is the default on for example the
popular 16.04 LTS release of Ubuntu. An easy workaround for this scenario is to use the -r option
similar to the example above:
salt-ssh ubuntu-1604-minion -r 'apt update ; apt install -y python-minimal'
The salt-ssh command can be easily executed in the same way as a salt command:
salt-ssh '*' test.ping
Commands with salt-ssh follow the same syntax as the salt command.
The standard salt functions are available! The output is the same as salt and many of the same flags are
available. Please see http://docs.saltstack.com/ref/cli/salt-ssh.html for all of the available options.
Raw Shell Calls
By default salt-ssh runs Salt execution modules on the remote system, but salt-ssh can also execute raw
shell commands:
salt-ssh '*' -r 'ifconfig'
States Via Salt SSH
The Salt State system can also be used with salt-ssh. The state system abstracts the same interface to
the user in salt-ssh as it does when using standard salt. The intent is that Salt Formulas defined for
standard salt will work seamlessly with salt-ssh and vice-versa.
The standard Salt States walkthroughs function by simply replacing salt commands with salt-ssh.
Targeting with Salt SSH
Due to the fact that the targeting approach differs in salt-ssh, only glob and regex targets are
supported as of this writing, the remaining target systems still need to be implemented.
NOTE:
By default, Grains are settable through salt-ssh. By default, these grains will not be persisted
across reboots.
See the "thin_dir" setting in Roster documentation for more details.
Configuring Salt SSH
Salt SSH takes its configuration from a master configuration file. Normally, this file is in
/etc/salt/master. If one wishes to use a customized configuration file, the -c option to Salt SSH
facilitates passing in a directory to look inside for a configuration file named master.
Minion Config
New in version 2015.5.1.
Minion config options can be defined globally using the master configuration option ssh_minion_opts. It
can also be defined on a per-minion basis with the minion_opts entry in the roster.
Running Salt SSH as non-root user
By default, Salt read all the configuration from /etc/salt/. If you are running Salt SSH with a regular
user you have to modify some paths or you will get "Permission denied" messages. You have to modify two
parameters: pki_dir and cachedir. Those should point to a full path writable for the user.
It's recommended not to modify /etc/salt for this purpose. Create a private copy of /etc/salt for the
user and run the command with -c /new/config/path.
Define CLI Options with Saltfile
If you are commonly passing in CLI options to salt-ssh, you can create a Saltfile to automatically use
these options. This is common if you're managing several different salt projects on the same server.
So you can cd into a directory that has a Saltfile with the following YAML contents:
salt-ssh:
config_dir: path/to/config/dir
ssh_max_procs: 30
ssh_wipe: True
Instead of having to call salt-ssh --config-dir=path/to/config/dir --max-procs=30 --wipe \* test.ping you
can call salt-ssh \* test.ping.
Boolean-style options should be specified in their YAML representation.
NOTE:
The option keys specified must match the destination attributes for the options specified in the
parser salt.utils.parsers.SaltSSHOptionParser. For example, in the case of the --wipe command line
option, its dest is configured to be ssh_wipe and thus this is what should be configured in the
Saltfile. Using the names of flags for this option, being wipe: True or w: True, will not work.
NOTE:
For the Saltfile to be automatically detected it needs to be named Saltfile with a capital S and be
readable by the user running salt-ssh.
At last you can create ~/.salt/Saltfile and salt-ssh will automatically load it by default.
Debugging salt-ssh
One common approach for debugging salt-ssh is to simply use the tarball that salt ships to the remote
machine and call salt-call directly.
To determine the location of salt-call, simply run salt-ssh with the -ltrace flag and look for a line
containing the string, SALT_ARGV. This contains the salt-call command that salt-ssh attempted to execute.
It is recommended that one modify this command a bit by removing the -l quiet, --metadata and --output
json to get a better idea of what's going on the target system.
Salt Rosters
Salt rosters are pluggable systems added in Salt 0.17.0 to facilitate the salt-ssh system. The roster
system was created because salt-ssh needs a means to identify which systems need to be targeted for
execution.
SEE ALSO:
all-salt.roster
NOTE:
The Roster System is not needed or used in standard Salt because the master does not need to be
initially aware of target systems, since the Salt Minion checks itself into the master.
Since the roster system is pluggable, it can be easily augmented to attach to any existing systems to
gather information about what servers are presently available and should be attached to by salt-ssh. By
default the roster file is located at /etc/salt/roster.
How Rosters Work
The roster system compiles a data structure internally referred to as targets. The targets is a list of
target systems and attributes about how to connect to said systems. The only requirement for a roster
module in Salt is to return the targets data structure.
Targets Data
The information which can be stored in a roster target is the following:
<Salt ID>: # The id to reference the target system with
host: # The IP address or DNS name of the remote host
user: # The user to log in as
passwd: # The password to log in with
# Optional parameters
port: # The target system's ssh port number
sudo: # Boolean to run command via sudo
sudo_user: # Str: Set this to execute Salt as a sudo user other than root.
# This user must be in the same system group as the remote user
# that is used to login and is specified above. Alternatively,
# the user must be a super-user.
tty: # Boolean: Set this option to True if sudo is also set to
# True and requiretty is also set on the target system
priv: # File path to ssh private key, defaults to salt-ssh.rsa
# The priv can also be set to agent-forwarding to not specify
# a key, but use ssh agent forwarding
timeout: # Number of seconds to wait for response when establishing
# an SSH connection
minion_opts: # Dictionary of minion opts
thin_dir: # The target system's storage directory for Salt
# components. Defaults to /tmp/salt-<hash>.
cmd_umask: # umask to enforce for the salt-call command. Should be in
# octal (so for 0o077 in YAML you would do 0077, or 63)
Target Defaults
The roster_defaults dictionary in the master config is used to set the default login variables for
minions in the roster so that the same arguments do not need to be passed with commandline arguments.
roster_defaults:
user: daniel
sudo: True
priv: /root/.ssh/id_rsa
tty: True
thin_dir
Salt needs to upload a standalone environment to the target system, and this defaults to
/tmp/salt-<hash>. This directory will be cleaned up per normal systems operation.
If you need a persistent Salt environment, for instance to set persistent grains, this value will need to
be changed.
SALT CLOUD
Configuration
Salt Cloud provides a powerful interface to interact with cloud hosts. This interface is tightly
integrated with Salt, and new virtual machines are automatically connected to your Salt master after
creation.
Since Salt Cloud is designed to be an automated system, most configuration is done using the following
YAML configuration files:
• /etc/salt/cloud: The main configuration file, contains global settings that apply to all cloud hosts.
See Salt Cloud Configuration.
• /etc/salt/cloud.providers.d/*.conf: Contains settings that configure a specific cloud host, such as
credentials, region settings, and so on. Since configuration varies significantly between each cloud
host, a separate file should be created for each cloud host. In Salt Cloud, a provider is synonymous
with a cloud host (Amazon EC2, Google Compute Engine, Rackspace, and so on). See Provider Specifics.
• /etc/salt/cloud.profiles.d/*.conf: Contains settings that define a specific VM type. A profile defines
the systems specs and image, and any other settings that are specific to this VM type. Each specific VM
type is called a profile, and multiple profiles can be defined in a profile file. Each profile
references a parent provider that defines the cloud host in which the VM is created (the provider
settings are in the provider configuration explained above). Based on your needs, you might define
different profiles for web servers, database servers, and so on. See VM Profiles.
Configuration Inheritance
Configuration settings are inherited in order from the cloud config => providers => profile. [image]
For example, if you wanted to use the same image for all virtual machines for a specific provider, the
image name could be placed in the provider file. This value is inherited by all profiles that use that
provider, but is overridden if a image name is defined in the profile.
Most configuration settings can be defined in any file, the main difference being how that setting is
inherited.
QuickStart
The Salt Cloud Quickstart walks you through defining a provider, a VM profile, and shows you how to
create virtual machines using Salt Cloud.
Note that if you installed Salt via Salt Bootstrap, it may not have automatically installed salt-cloud
for you. Use your distribution's package manager to install the salt-cloud package from the same repo
that you used to install Salt. These repos will automatically be setup by Salt Bootstrap.
Alternatively, the -L option can be passed to the Salt Bootstrap script when installing Salt. The -L
option will install salt-cloud and the required libcloud package.
Using Salt Cloud
salt-cloud
Provision virtual machines in the cloud with Salt
Synopsis
salt-cloud -m /etc/salt/cloud.map
salt-cloud -m /etc/salt/cloud.map NAME
salt-cloud -m /etc/salt/cloud.map NAME1 NAME2
salt-cloud -p PROFILE NAME
salt-cloud -p PROFILE NAME1 NAME2 NAME3 NAME4 NAME5 NAME6
Description
Salt Cloud is the system used to provision virtual machines on various public clouds via a cleanly
controlled profile and mapping system.
Options
--version
Print the version of Salt that is running.
--versions-report
Show program's dependencies and version number, and then exit
-h, --help
Show the help message and exit
-c CONFIG_DIR, --config-dir=CONFIG_dir
The location of the Salt configuration directory. This directory contains the configuration files
for Salt master and minions. The default location on most systems is /etc/salt.
Execution Options
-L LOCATION, --location=LOCATION
Specify which region to connect to.
-a ACTION, --action=ACTION
Perform an action that may be specific to this cloud provider. This argument requires one or more
instance names to be specified.
-f <FUNC-NAME> <PROVIDER>, --function=<FUNC-NAME> <PROVIDER>
Perform an function that may be specific to this cloud provider, that does not apply to an
instance. This argument requires a provider to be specified (i.e.: nova).
-p PROFILE, --profile=PROFILE
Select a single profile to build the named cloud VMs from. The profile must be defined in the
specified profiles file.
-m MAP, --map=MAP
Specify a map file to use. If used without any other options, this option will ensure that all of
the mapped VMs are created. If the named VM already exists then it will be skipped.
-H, --hard
When specifying a map file, the default behavior is to ensure that all of the VMs specified in the
map file are created. If the --hard option is set, then any VMs that exist on configured cloud
providers that are not specified in the map file will be destroyed. Be advised that this can be a
destructive operation and should be used with care.
-d, --destroy
Pass in the name(s) of VMs to destroy, salt-cloud will search the configured cloud providers for
the specified names and destroy the VMs. Be advised that this is a destructive operation and
should be used with care. Can be used in conjunction with the -m option to specify a map of VMs to
be deleted.
-P, --parallel
Normally when building many cloud VMs they are executed serially. The -P option will run each
cloud vm build in a separate process allowing for large groups of VMs to be build at once.
Be advised that some cloud provider's systems don't seem to be well suited for this influx of vm
creation. When creating large groups of VMs watch the cloud provider carefully.
-u, --update-bootstrap
Update salt-bootstrap to the latest stable bootstrap release.
-y, --assume-yes
Default yes in answer to all confirmation questions.
-k, --keep-tmp
Do not remove files from /tmp/ after deploy.sh finishes.
--show-deploy-args
Include the options used to deploy the minion in the data returned.
--script-args=SCRIPT_ARGS
Script arguments to be fed to the bootstrap script when deploying the VM.
Query Options
-Q, --query
Execute a query and return some information about the nodes running on configured cloud providers
-F, --full-query
Execute a query and print out all available information about all cloud VMs. Can be used in
conjunction with -m to display only information about the specified map.
-S, --select-query
Execute a query and print out selected information about all cloud VMs. Can be used in
conjunction with -m to display only information about the specified map.
--list-providers
Display a list of configured providers.
--list-profiles
New in version 2014.7.0.
Display a list of configured profiles. Pass in a cloud provider to view the provider's associated
profiles, such as digital_ocean, or pass in all to list all the configured profiles.
Cloud Providers Listings
--list-locations=LIST_LOCATIONS
Display a list of locations available in configured cloud providers. Pass the cloud provider that
available locations are desired on, aka "linode", or pass "all" to list locations for all
configured cloud providers
--list-images=LIST_IMAGES
Display a list of images available in configured cloud providers. Pass the cloud provider that
available images are desired on, aka "linode", or pass "all" to list images for all configured
cloud providers
--list-sizes=LIST_SIZES
Display a list of sizes available in configured cloud providers. Pass the cloud provider that
available sizes are desired on, aka "AWS", or pass "all" to list sizes for all configured cloud
providers
Cloud Credentials
--set-password=<USERNAME> <PROVIDER>
Configure password for a cloud provider and save it to the keyring. PROVIDER can be specified
with or without a driver, for example: "--set-password bob rackspace" or more specific
"--set-password bob rackspace:openstack" DEPRECATED!
Output Options
--out Pass in an alternative outputter to display the return of data. This outputter can be any of the
available outputters:
grains, highstate, json, key, overstatestage, pprint, raw, txt, yaml
Some outputters are formatted only for data returned from specific functions; for instance, the
grains outputter will not work for non-grains data.
If an outputter is used that does not support the data passed into it, then Salt will fall back on
the pprint outputter and display the return data using the Python pprint standard library module.
NOTE:
If using --out=json, you will probably want --static as well. Without the static option, you
will get a separate JSON string per minion which makes JSON output invalid as a whole. This is
due to using an iterative outputter. So if you want to feed it to a JSON parser, use --static
as well.
--out-indent OUTPUT_INDENT, --output-indent OUTPUT_INDENT
Print the output indented by the provided value in spaces. Negative values disable indentation.
Only applicable in outputters that support indentation.
--out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE
Write the output to the specified file.
--out-file-append, --output-file-append
Append the output to the specified file.
--no-color
Disable all colored output
--force-color
Force colored output
NOTE:
When using colored output the color codes are as follows:
green denotes success, red denotes failure, blue denotes changes and success and yellow denotes
a expected future change in configuration.
--state-output=STATE_OUTPUT, --state_output=STATE_OUTPUT
Override the configured state_output value for minion output. One of 'full', 'terse', 'mixed',
'changes' or 'filter'. Default: 'none'.
--state-verbose=STATE_VERBOSE, --state_verbose=STATE_VERBOSE
Override the configured state_verbose value for minion output. Set to True or False. Default:
none.
Examples
To create 4 VMs named web1, web2, db1, and db2 from specified profiles:
salt-cloud -p fedora_rackspace web1 web2 db1 db2
To read in a map file and create all VMs specified therein:
salt-cloud -m /path/to/cloud.map
To read in a map file and create all VMs specified therein in parallel:
salt-cloud -m /path/to/cloud.map -P
To delete any VMs specified in the map file:
salt-cloud -m /path/to/cloud.map -d
To delete any VMs NOT specified in the map file:
salt-cloud -m /path/to/cloud.map -H
To display the status of all VMs specified in the map file:
salt-cloud -m /path/to/cloud.map -Q
See also
salt-cloud(7) salt(7) salt-master(1) salt-minion(1)
Salt Cloud basic usage
Salt Cloud needs, at least, one configured Provider and Profile to be functional.
Creating a VM
To create a VM with salt cloud, use command:
salt-cloud -p <profile> name_of_vm
Assuming there is a profile configured as following:
fedora_rackspace:
provider: my-rackspace-config
image: Fedora 17
size: 256 server
script: bootstrap-salt
Then, the command to create new VM named fedora_http_01 is:
salt-cloud -p fedora_rackspace fedora_http_01
Destroying a VM
To destroy a created-by-salt-cloud VM, use command:
salt-cloud -d name_of_vm
For example, to delete the VM created on above example, use:
salt-cloud -d fedora_http_01
VM Profiles
Salt cloud designates virtual machines inside the profile configuration file. The profile configuration
file defaults to /etc/salt/cloud.profiles and is a yaml configuration. The syntax for declaring profiles
is simple:
fedora_rackspace:
provider: my-rackspace-config
image: Fedora 17
size: 256 server
script: bootstrap-salt
It should be noted that the script option defaults to bootstrap-salt, and does not normally need to be
specified. Further examples in this document will not show the script option.
A few key pieces of information need to be declared and can change based on the cloud provider. A number
of additional parameters can also be inserted:
centos_rackspace:
provider: my-rackspace-config
image: CentOS 6.2
size: 1024 server
minion:
master: salt.example.com
append_domain: webs.example.com
grains:
role: webserver
The image must be selected from available images. Similarly, sizes must be selected from the list of
sizes. To get a list of available images and sizes use the following command:
salt-cloud --list-images openstack
salt-cloud --list-sizes openstack
Some parameters can be specified in the main Salt cloud configuration file and then are applied to all
cloud profiles. For instance if only a single cloud provider is being used then the provider option can
be declared in the Salt cloud configuration file.
Multiple Configuration Files
In addition to /etc/salt/cloud.profiles, profiles can also be specified in any file matching
cloud.profiles.d/*conf which is a sub-directory relative to the profiles configuration file(with the
above configuration file as an example, /etc/salt/cloud.profiles.d/*.conf). This allows for more
extensible configuration, and plays nicely with various configuration management tools as well as version
control systems.
Larger Example
rhel_ec2:
provider: my-ec2-config
image: ami-e565ba8c
size: t1.micro
minion:
cheese: edam
ubuntu_ec2:
provider: my-ec2-config
image: ami-7e2da54e
size: t1.micro
minion:
cheese: edam
ubuntu_rackspace:
provider: my-rackspace-config
image: Ubuntu 12.04 LTS
size: 256 server
minion:
cheese: edam
fedora_rackspace:
provider: my-rackspace-config
image: Fedora 17
size: 256 server
minion:
cheese: edam
cent_linode:
provider: my-linode-config
image: CentOS 6.2 64bit
size: Linode 512
cent_gogrid:
provider: my-gogrid-config
image: 12834
size: 512MB
cent_joyent:
provider: my-joyent-config
image: centos-7
size: g4-highram-16G
Cloud Map File
A number of options exist when creating virtual machines. They can be managed directly from profiles and
the command line execution, or a more complex map file can be created. The map file allows for a number
of virtual machines to be created and associated with specific profiles. The map file is designed to be
run once to create these more complex scenarios using salt-cloud.
Map files have a simple format, specify a profile and then a list of virtual machines to make from said
profile:
fedora_small:
- web1
- web2
- web3
fedora_high:
- redis1
- redis2
- redis3
cent_high:
- riak1
- riak2
- riak3
This map file can then be called to roll out all of these virtual machines. Map files are called from the
salt-cloud command with the -m option:
$ salt-cloud -m /path/to/mapfile
Remember, that as with direct profile provisioning the -P option can be passed to create the virtual
machines in parallel:
$ salt-cloud -m /path/to/mapfile -P
NOTE:
Due to limitations in the GoGrid API, instances cannot be provisioned in parallel with the GoGrid
driver. Map files will work with GoGrid, but the -P argument should not be used on maps referencing
GoGrid instances.
A map file can also be enforced to represent the total state of a cloud deployment by using the --hard
option. When using the hard option any vms that exist but are not specified in the map file will be
destroyed:
$ salt-cloud -m /path/to/mapfile -P -H
Be careful with this argument, it is very dangerous! In fact, it is so dangerous that in order to use it,
you must explicitly enable it in the main configuration file.
enable_hard_maps: True
A map file can include grains and minion configuration options:
fedora_small:
- web1:
minion:
log_level: debug
grains:
cheese: tasty
omelet: du fromage
- web2:
minion:
log_level: warn
grains:
cheese: more tasty
omelet: with peppers
Any top level data element from your profile may be overridden in the map file:
fedora_small:
- web1:
size: t2.micro
- web2:
size: t2.nano
As of Salt 2017.7.0, nested elements are merged, and can can be specified individually without having to
repeat the complete definition for each top level data element. In this example a separate MAC is
assigned to each VMware instance while inheriting device parameters for for disk and network
configuration:
nyc-vm:
- db1:
devices:
network:
Network Adapter 1:
mac: '44:44:44:44:44:41'
- db2:
devices:
network:
Network Adapter 1:
mac: '44:44:44:44:44:42'
A map file may also be used with the various query options:
$ salt-cloud -m /path/to/mapfile -Q
{'ec2': {'web1': {'id': 'i-e6aqfegb',
'image': None,
'private_ips': [],
'public_ips': [],
'size': None,
'state': 0}},
'web2': {'Absent'}}
...or with the delete option:
$ salt-cloud -m /path/to/mapfile -d
The following virtual machines are set to be destroyed:
web1
web2
Proceed? [N/y]
WARNING:
Specifying Nodes with Maps on the Command Line Specifying the name of a node or nodes with the maps
options on the command line is not supported. This is especially important to remember when using
--destroy with maps; salt-cloud will ignore any arguments passed in which are not directly relevant to
the map file. When using ``--destroy`` with a map, every node in the map file will be deleted! Maps
don't provide any useful information for destroying individual nodes, and should not be used to
destroy a subset of a map.
Setting up New Salt Masters
Bootstrapping a new master in the map is as simple as:
fedora_small:
- web1:
make_master: True
- web2
- web3
Notice that ALL bootstrapped minions from the map will answer to the newly created salt-master.
To make any of the bootstrapped minions answer to the bootstrapping salt-master as opposed to the newly
created salt-master, as an example:
fedora_small:
- web1:
make_master: True
minion:
master: <the local master ip address>
local_master: True
- web2
- web3
The above says the minion running on the newly created salt-master responds to the local master, ie, the
master used to bootstrap these VMs.
Another example:
fedora_small:
- web1:
make_master: True
- web2
- web3:
minion:
master: <the local master ip address>
local_master: True
The above example makes the web3 minion answer to the local master, not the newly created master.
Using Direct Map Data
When using modules that access the CloudClient directly (notably, the cloud execution and runner
modules), it is possible to pass in the contents of a map file, rather than a path to the location of the
map file.
Normally when using these modules, the path to the map file is passed in using:
salt-run cloud.map_run /path/to/cloud.map
To pass in the actual map data, use the map_data argument:
salt-run cloud.map_run map_data='{"centos7": [{"saltmaster": {"minion": \
{"transport": "tcp"}, "make_master": true, "master": {"transport": \
"tcp"}}}, {"minion001": {"minion": {"transport": "tcp"}}}]}'
Cloud Actions
Once a VM has been created, there are a number of actions that can be performed on it. The "reboot"
action can be used across all providers, but all other actions are specific to the cloud provider. In
order to perform an action, you may specify it from the command line, including the name(s) of the VM to
perform the action on:
$ salt-cloud -a reboot vm_name
$ salt-cloud -a reboot vm1 vm2 vm2
Or you may specify a map which includes all VMs to perform the action on:
$ salt-cloud -a reboot -m /path/to/mapfile
The following is an example list of actions currently supported by salt-cloud:
all providers:
- reboot
ec2:
- start
- stop
joyent:
- stop
linode:
- start
- stop
Another useful reference for viewing more salt-cloud actions is the Salt Cloud Feature Matrix.
Cloud Functions
Cloud functions work much the same way as cloud actions, except that they don't perform an operation on a
specific instance, and so do not need a machine name to be specified. However, since they perform an
operation on a specific cloud provider, that provider must be specified.
$ salt-cloud -f show_image ec2 image=ami-fd20ad94
There are three universal salt-cloud functions that are extremely useful for gathering information about
instances on a provider basis:
• list_nodes: Returns some general information about the instances for the given provider.
• list_nodes_full: Returns all information about the instances for the given provider.
• list_nodes_select: Returns select information about the instances for the given provider.
$ salt-cloud -f list_nodes linode
$ salt-cloud -f list_nodes_full linode
$ salt-cloud -f list_nodes_select linode
Another useful reference for viewing salt-cloud functions is the Salt Cloud Feature Matrix.
Core Configuration
Install Salt Cloud
Salt Cloud is now part of Salt proper. It was merged in as of Salt version 2014.1.0.
On Ubuntu, install Salt Cloud by using following command:
sudo add-apt-repository ppa:saltstack/salt
sudo apt-get update
sudo apt-get install salt-cloud
If using Salt Cloud on macOS, curl-ca-bundle must be installed. Presently, this package is not available
via brew, but it is available using MacPorts:
sudo port install curl-ca-bundle
Salt Cloud depends on apache-libcloud. Libcloud can be installed via pip with pip install
apache-libcloud.
Installing Salt Cloud for development
Installing Salt for development enables Salt Cloud development as well, just make sure apache-libcloud is
installed as per above paragraph.
See these instructions: Installing Salt for development.
Core Configuration
A number of core configuration options and some options that are global to the VM profiles can be set in
the cloud configuration file. By default this file is located at /etc/salt/cloud.
Thread Pool Size
When salt cloud is operating in parallel mode via the -P argument, you can control the thread pool size
by specifying the pool_size parameter with a positive integer value.
By default, the thread pool size will be set to the number of VMs that salt cloud is operating on.
pool_size: 10
Minion Configuration
The default minion configuration is set up in this file. Minions created by salt-cloud derive their
configuration from this file. Almost all parameters found in Configuring the Salt Minion can be used
here.
minion:
master: saltmaster.example.com
In particular, this is the location to specify the location of the salt master and its listening port, if
the port is not set to the default.
Similar to most other settings, Minion configuration settings are inherited across configuration files.
For example, the master setting might be contained in the main cloud configuration file as demonstrated
above, but additional settings can be placed in the provider or profile:
ec2-web:
size: t1.micro
minion:
environment: test
startup_states: sls
sls_list:
- web
Cloud Configuration Syntax
The data specific to interacting with public clouds is set up here.
Cloud provider configuration settings can live in several places. The first is in /etc/salt/cloud:
# /etc/salt/cloud
providers:
my-aws-migrated-config:
id: HJGRYCILJLKJYG
key: 'kdjgfsgm;woormgl/aserigjksjdhasdfgn'
keyname: test
securitygroup: quick-start
private_key: /root/test.pem
driver: ec2
Cloud provider configuration data can also be housed in /etc/salt/cloud.providers or any file matching
/etc/salt/cloud.providers.d/*.conf. All files in any of these locations will be parsed for cloud provider
data.
Using the example configuration above:
# /etc/salt/cloud.providers
# or could be /etc/salt/cloud.providers.d/*.conf
my-aws-config:
id: HJGRYCILJLKJYG
key: 'kdjgfsgm;woormgl/aserigjksjdhasdfgn'
keyname: test
securitygroup: quick-start
private_key: /root/test.pem
driver: ec2
NOTE:
Salt Cloud provider configurations within /etc/cloud.provider.d/ should not specify the providers
starting key.
It is also possible to have multiple cloud configuration blocks within the same alias block. For
example:
production-config:
- id: HJGRYCILJLKJYG
key: 'kdjgfsgm;woormgl/aserigjksjdhasdfgn'
keyname: test
securitygroup: quick-start
private_key: /root/test.pem
driver: ec2
- user: example_user
apikey: 123984bjjas87034
driver: rackspace
However, using this configuration method requires a change with profile configuration blocks. The
provider alias needs to have the provider key value appended as in the following example:
rhel_aws_dev:
provider: production-config:ec2
image: ami-e565ba8c
size: t1.micro
rhel_aws_prod:
provider: production-config:ec2
image: ami-e565ba8c
size: High-CPU Extra Large Instance
database_prod:
provider: production-config:rackspace
image: Ubuntu 12.04 LTS
size: 256 server
Notice that because of the multiple entries, one has to be explicit about the provider alias and name,
from the above example, production-config: ec2.
This data interactions with the salt-cloud binary regarding its --list-location, --list-images, and
--list-sizes which needs a cloud provider as an argument. The argument used should be the configured
cloud provider alias. If the provider alias has multiple entries, <provider-alias>: <provider-name>
should be used.
To allow for a more extensible configuration, --providers-config, which defaults to
/etc/salt/cloud.providers, was added to the cli parser. It allows for the providers' configuration to be
added on a per-file basis.
Pillar Configuration
It is possible to configure cloud providers using pillars. This is only used when inside the cloud
module. You can setup a variable called cloud that contains your profile and provider to pass that
information to the cloud servers instead of having to copy the full configuration to every minion. In
your pillar file, you would use something like this:
cloud:
ssh_key_name: saltstack
ssh_key_file: /root/.ssh/id_rsa
update_cachedir: True
diff_cache_events: True
change_password: True
providers:
my-nova:
identity_url: https://identity.api.rackspacecloud.com/v2.0/
compute_region: IAD
user: myuser
api_key: apikey
tenant: 123456
driver: nova
my-openstack:
identity_url: https://identity.api.rackspacecloud.com/v2.0/tokens
user: user2
apikey: apikey2
tenant: 654321
compute_region: DFW
driver: openstack
compute_name: cloudServersOpenStack
profiles:
ubuntu-nova:
provider: my-nova
size: performance1-8
image: bb02b1a3-bc77-4d17-ab5b-421d89850fca
script_args: git develop
ubuntu-openstack:
provider: my-openstack
size: performance1-8
image: bb02b1a3-bc77-4d17-ab5b-421d89850fca
script_args: git develop
Cloud Configurations
Scaleway
To use Salt Cloud with Scaleway, you need to get an access key and an API token. API tokens are unique
identifiers associated with your Scaleway account. To retrieve your access key and API token, log-in to
the Scaleway control panel, open the pull-down menu on your account name and click on "My Credentials"
link.
If you do not have API token you can create one by clicking the "Create New Token" button on the right
corner.
my-scaleway-config:
access_key: 15cf404d-4560-41b1-9a0c-21c3d5c4ff1f
token: a7347ec8-5de1-4024-a5e3-24b77d1ba91d
driver: scaleway
NOTE:
In the cloud profile that uses this provider configuration, the syntax for the provider required field
would be provider: my-scaleway-config.
Rackspace
Rackspace cloud requires two configuration options; a user and an apikey:
my-rackspace-config:
user: example_user
apikey: 123984bjjas87034
driver: rackspace
NOTE:
In the cloud profile that uses this provider configuration, the syntax for the provider required field
would be provider: my-rackspace-config.
Amazon AWS
A number of configuration options are required for Amazon AWS including id, key, keyname, securitygroup,
and private_key:
my-aws-quick-start:
id: HJGRYCILJLKJYG
key: 'kdjgfsgm;woormgl/aserigjksjdhasdfgn'
keyname: test
securitygroup: quick-start
private_key: /root/test.pem
driver: ec2
my-aws-default:
id: HJGRYCILJLKJYG
key: 'kdjgfsgm;woormgl/aserigjksjdhasdfgn'
keyname: test
securitygroup: default
private_key: /root/test.pem
driver: ec2
NOTE:
In the cloud profile that uses this provider configuration, the syntax for the provider required field
would be either provider: my-aws-quick-start or provider: my-aws-default.
Linode
Linode requires a single API key, but the default root password also needs to be set:
my-linode-config:
apikey: asldkgfakl;sdfjsjaslfjaklsdjf;askldjfaaklsjdfhasldsadfghdkf
password: F00barbaz
ssh_pubkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKHEOLLbeXgaqRQT9NBAopVz366SdYc0KKX33vAnq+2R user@host
ssh_key_file: ~/.ssh/id_ed25519
driver: linode
The password needs to be 8 characters and contain lowercase, uppercase, and numbers.
NOTE:
In the cloud profile that uses this provider configuration, the syntax for the provider required field
would be provider: my-linode-config
Joyent Cloud
The Joyent cloud requires three configuration parameters: The username and password that are used to log
into the Joyent system, as well as the location of the private SSH key associated with the Joyent
account. The SSH key is needed to send the provisioning commands up to the freshly created virtual
machine.
my-joyent-config:
user: fred
password: saltybacon
private_key: /root/joyent.pem
driver: joyent
NOTE:
In the cloud profile that uses this provider configuration, the syntax for the provider required field
would be provider: my-joyent-config
GoGrid
To use Salt Cloud with GoGrid, log into the GoGrid web interface and create an API key. Do this by
clicking on "My Account" and then going to the API Keys tab.
The apikey and the sharedsecret configuration parameters need to be set in the configuration file to
enable interfacing with GoGrid:
my-gogrid-config:
apikey: asdff7896asdh789
sharedsecret: saltybacon
driver: gogrid
NOTE:
In the cloud profile that uses this provider configuration, the syntax for the provider required field
would be provider: my-gogrid-config.
OpenStack
OpenStack configuration differs between providers, and at the moment several options need to be
specified. This module has been officially tested against the HP and the Rackspace implementations, and
some examples are provided for both.
# For HP
my-openstack-hp-config:
identity_url:
'https://region-a.geo-1.identity.hpcloudsvc.com:35357/v2.0/'
compute_name: Compute
compute_region: 'az-1.region-a.geo-1'
tenant: myuser-tenant1
user: myuser
ssh_key_name: mykey
ssh_key_file: '/etc/salt/hpcloud/mykey.pem'
password: mypass
driver: openstack
# For Rackspace
my-openstack-rackspace-config:
identity_url: 'https://identity.api.rackspacecloud.com/v2.0/tokens'
compute_name: cloudServersOpenStack
protocol: ipv4
compute_region: DFW
user: myuser
tenant: 5555555
password: mypass
driver: openstack
If you have an API key for your provider, it may be specified instead of a password:
my-openstack-hp-config:
apikey: 901d3f579h23c8v73q9
my-openstack-rackspace-config:
apikey: 901d3f579h23c8v73q9
NOTE:
In the cloud profile that uses this provider configuration, the syntax for the provider required field
would be either provider: my-openstack-hp-config or provider: my-openstack-rackspace-config.
You will certainly need to configure the user, tenant, and either password or apikey.
If your OpenStack instances only have private IP addresses and a CIDR range of private addresses are not
reachable from the salt-master, you may set your preference to have Salt ignore it:
my-openstack-config:
ignore_cidr: 192.168.0.0/16
For in-house OpenStack Essex installation, libcloud needs the service_type :
my-openstack-config:
identity_url: 'http://control.openstack.example.org:5000/v2.0/'
compute_name : Compute Service
service_type : compute
DigitalOcean
Using Salt for DigitalOcean requires a client_key and an api_key. These can be found in the DigitalOcean
web interface, in the "My Settings" section, under the API Access tab.
my-digitalocean-config:
driver: digital_ocean
personal_access_token: xxx
location: New York 1
NOTE:
In the cloud profile that uses this provider configuration, the syntax for the provider required field
would be provider: my-digital-ocean-config.
Parallels
Using Salt with Parallels requires a user, password and URL. These can be obtained from your cloud
provider.
my-parallels-config:
user: myuser
password: xyzzy
url: https://api.cloud.xmission.com:4465/paci/v1.0/
driver: parallels
NOTE:
In the cloud profile that uses this provider configuration, the syntax for the provider required field
would be provider: my-parallels-config.
Proxmox
Using Salt with Proxmox requires a user, password, and URL. These can be obtained from your cloud host.
Both PAM and PVE users can be used.
my-proxmox-config:
driver: proxmox
user: saltcloud@pve
password: xyzzy
url: your.proxmox.host
NOTE:
In the cloud profile that uses this provider configuration, the syntax for the provider required field
would be provider: my-proxmox-config.
LXC
The lxc driver uses saltify to install salt and attach the lxc container as a new lxc minion. As soon as
we can, we manage baremetal operation over SSH. You can also destroy those containers via this driver.
devhost10-lxc:
target: devhost10
driver: lxc
And in the map file:
devhost10-lxc:
provider: devhost10-lxc
from_container: ubuntu
backing: lvm
sudo: True
size: 3g
ip: 10.0.3.9
minion:
master: 10.5.0.1
master_port: 4506
lxc_conf:
- lxc.utsname: superlxc
NOTE:
In the cloud profile that uses this provider configuration, the syntax for the provider required field
would be provider: devhost10-lxc.
Saltify
The Saltify driver is a new, experimental driver designed to install Salt on a remote machine, virtual or
bare metal, using SSH. This driver is useful for provisioning machines which are already installed, but
not Salted. For more information about using this driver and for configuration examples, please see the
Gettting Started with Saltify documentation.
Extending Profiles and Cloud Providers Configuration
As of 0.8.7, the option to extend both the profiles and cloud providers configuration and avoid
duplication was added. The extends feature works on the current profiles configuration, but, regarding
the cloud providers configuration, only works in the new syntax and respective configuration files, i.e.
/etc/salt/salt/cloud.providers or /etc/salt/cloud.providers.d/*.conf.
NOTE:
Extending cloud profiles and providers is not recursive. For example, a profile that is extended by a
second profile is possible, but the second profile cannot be extended by a third profile.
Also, if a profile (or provider) is extending another profile and each contains a list of values, the
lists from the extending profile will override the list from the original profile. The lists are not
merged together.
Extending Profiles
Some example usage on how to use extends with profiles. Consider /etc/salt/salt/cloud.profiles
containing:
development-instances:
provider: my-ec2-config
size: t1.micro
ssh_username: ec2_user
securitygroup:
- default
deploy: False
Amazon-Linux-AMI-2012.09-64bit:
image: ami-54cf5c3d
extends: development-instances
Fedora-17:
image: ami-08d97e61
extends: development-instances
CentOS-5:
provider: my-aws-config
image: ami-09b61d60
extends: development-instances
The above configuration, once parsed would generate the following profiles data:
[{'deploy': False,
'image': 'ami-08d97e61',
'profile': 'Fedora-17',
'provider': 'my-ec2-config',
'securitygroup': ['default'],
'size': 't1.micro',
'ssh_username': 'ec2_user'},
{'deploy': False,
'image': 'ami-09b61d60',
'profile': 'CentOS-5',
'provider': 'my-aws-config',
'securitygroup': ['default'],
'size': 't1.micro',
'ssh_username': 'ec2_user'},
{'deploy': False,
'image': 'ami-54cf5c3d',
'profile': 'Amazon-Linux-AMI-2012.09-64bit',
'provider': 'my-ec2-config',
'securitygroup': ['default'],
'size': 't1.micro',
'ssh_username': 'ec2_user'},
{'deploy': False,
'profile': 'development-instances',
'provider': 'my-ec2-config',
'securitygroup': ['default'],
'size': 't1.micro',
'ssh_username': 'ec2_user'}]
Pretty cool right?
Extending Providers
Some example usage on how to use extends within the cloud providers configuration. Consider
/etc/salt/salt/cloud.providers containing:
my-develop-envs:
- id: HJGRYCILJLKJYG
key: 'kdjgfsgm;woormgl/aserigjksjdhasdfgn'
keyname: test
securitygroup: quick-start
private_key: /root/test.pem
location: ap-southeast-1
availability_zone: ap-southeast-1b
driver: ec2
- user: myuser@mycorp.com
password: mypass
ssh_key_name: mykey
ssh_key_file: '/etc/salt/ibm/mykey.pem'
location: Raleigh
driver: ibmsce
my-productions-envs:
- extends: my-develop-envs:ibmsce
user: my-production-user@mycorp.com
location: us-east-1
availability_zone: us-east-1
The above configuration, once parsed would generate the following providers data:
'providers': {
'my-develop-envs': [
{'availability_zone': 'ap-southeast-1b',
'id': 'HJGRYCILJLKJYG',
'key': 'kdjgfsgm;woormgl/aserigjksjdhasdfgn',
'keyname': 'test',
'location': 'ap-southeast-1',
'private_key': '/root/test.pem',
'driver': 'aws',
'securitygroup': 'quick-start'
},
{'location': 'Raleigh',
'password': 'mypass',
'driver': 'ibmsce',
'ssh_key_file': '/etc/salt/ibm/mykey.pem',
'ssh_key_name': 'mykey',
'user': 'myuser@mycorp.com'
}
],
'my-productions-envs': [
{'availability_zone': 'us-east-1',
'location': 'us-east-1',
'password': 'mypass',
'driver': 'ibmsce',
'ssh_key_file': '/etc/salt/ibm/mykey.pem',
'ssh_key_name': 'mykey',
'user': 'my-production-user@mycorp.com'
}
]
}
Windows Configuration
Spinning up Windows Minions
It is possible to use Salt Cloud to spin up Windows instances, and then install Salt on them. This
functionality is available on all cloud providers that are supported by Salt Cloud. However, it may not
necessarily be available on all Windows images.
Requirements
Salt Cloud makes use of impacket and winexe to set up the Windows Salt Minion installer.
impacket is usually available as either the impacket or the python-impacket package, depending on the
distribution. More information on impacket can be found at the project home:
• impacket project home
winexe is less commonly available in distribution-specific repositories. However, it is currently being
built for various distributions in 3rd party channels:
• RPMs at pbone.net
• openSUSE Build Service
Optionally WinRM can be used instead of winexe if the python module pywinrm is available and WinRM is
supported on the target Windows version. Information on pywinrm can be found at the project home:
• pywinrm project home
Additionally, a copy of the Salt Minion Windows installer must be present on the system on which Salt
Cloud is running. This installer may be downloaded from saltstack.com:
• SaltStack Download Area
Firewall Settings
Because Salt Cloud makes use of smbclient and winexe, port 445 must be open on the target image. This
port is not generally open by default on a standard Windows distribution, and care must be taken to use
an image in which this port is open, or the Windows firewall is disabled.
If supported by the cloud provider, a PowerShell script may be used to open up this port automatically,
using the cloud provider's userdata. The following script would open up port 445, and apply the changes:
<powershell>
New-NetFirewallRule -Name "SMB445" -DisplayName "SMB445" -Protocol TCP -LocalPort 445
Set-Item (dir wsman:\localhost\Listener\*\Port -Recurse).pspath 445 -Force
Restart-Service winrm
</powershell>
For EC2, this script may be saved as a file, and specified in the provider or profile configuration as
userdata_file. For instance:
my-ec2-config:
# Pass userdata to the instance to be created
userdata_file: /etc/salt/windows-firewall.ps1
NOTE:
From versions 2016.11.0 and 2016.11.3, this file was passed through the master's renderer to template
it. However, this caused issues with non-YAML data, so templating is no longer performed by default.
To template the userdata_file, add a userdata_template option to the cloud profile:
my-ec2-config:
# Pass userdata to the instance to be created
userdata_file: /etc/salt/windows-firewall.ps1
userdata_template: jinja
If no userdata_template is set in the cloud profile, then the master configuration will be checked for
a userdata_template value. If this is not set, then no templating will be performed on the
userdata_file.
To disable templating in a cloud profile when a userdata_template has been set in the master
configuration file, simply set userdata_template to False in the cloud profile:
my-ec2-config:
# Pass userdata to the instance to be created
userdata_file: /etc/salt/windows-firewall.ps1
userdata_template: False
If you are using WinRM on EC2 the HTTPS port for the WinRM service must also be enabled in your userdata.
By default EC2 Windows images only have insecure HTTP enabled. To enable HTTPS and basic authentication
required by pywinrm consider the following userdata example:
<powershell>
New-NetFirewallRule -Name "SMB445" -DisplayName "SMB445" -Protocol TCP -LocalPort 445
New-NetFirewallRule -Name "WINRM5986" -DisplayName "WINRM5986" -Protocol TCP -LocalPort 5986
winrm quickconfig -q
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}'
winrm set winrm/config '@{MaxTimeoutms="1800000"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
$SourceStoreScope = 'LocalMachine'
$SourceStorename = 'Remote Desktop'
$SourceStore = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $SourceStorename, $SourceStoreScope
$SourceStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
$cert = $SourceStore.Certificates | Where-Object -FilterScript {
$_.subject -like '*'
}
$DestStoreScope = 'LocalMachine'
$DestStoreName = 'My'
$DestStore = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $DestStoreName, $DestStoreScope
$DestStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$DestStore.Add($cert)
$SourceStore.Close()
$DestStore.Close()
winrm create winrm/config/listener?Address=*+Transport=HTTPS `@`{Hostname=`"($certId)`"`;CertificateThumbprint=`"($cert.Thumbprint)`"`}
Restart-Service winrm
</powershell>
No certificate store is available by default on EC2 images and creating one does not seem possible
without an MMC (cannot be automated). To use the default EC2 Windows images the above copies the RDP
store.
Configuration
Configuration is set as usual, with some extra configuration settings. The location of the Windows
installer on the machine that Salt Cloud is running on must be specified. This may be done in any of the
regular configuration files (main, providers, profiles, maps). For example:
Setting the installer in /etc/salt/cloud.providers:
my-softlayer:
driver: softlayer
user: MYUSER1138
apikey: 'e3b68aa711e6deadc62d5b76355674beef7cc3116062ddbacafe5f7e465bfdc9'
minion:
master: saltmaster.example.com
win_installer: /root/Salt-Minion-2014.7.0-AMD64-Setup.exe
win_username: Administrator
win_password: letmein
smb_port: 445
The default Windows user is Administrator, and the default Windows password is blank.
If WinRM is to be used use_winrm needs to be set to True. winrm_port can be used to specify a custom port
(must be HTTPS listener).
Auto-Generated Passwords on EC2
On EC2, when the win_password is set to auto, Salt Cloud will query EC2 for an auto-generated password.
This password is expected to take at least 4 minutes to generate, adding additional time to the deploy
process.
When the EC2 API is queried for the auto-generated password, it will be returned in a message encrypted
with the specified keyname. This requires that the appropriate private_key file is also specified. Such a
profile configuration might look like:
windows-server-2012:
provider: my-ec2-config
image: ami-c49c0dac
size: m1.small
securitygroup: windows
keyname: mykey
private_key: /root/mykey.pem
userdata_file: /etc/salt/windows-firewall.ps1
win_installer: /root/Salt-Minion-2014.7.0-AMD64-Setup.exe
win_username: Administrator
win_password: auto
Cloud Provider Specifics
Getting Started With Aliyun ECS
The Aliyun ECS (Elastic Computer Service) is one of the most popular public cloud hosts in China. This
cloud host can be used to manage aliyun instance using salt-cloud.
http://www.aliyun.com/
Dependencies
This driver requires the Python requests library to be installed.
Configuration
Using Salt for Aliyun ECS requires aliyun access key id and key secret. These can be found in the aliyun
web interface, in the "User Center" section, under "My Service" tab.
# Note: This example is for /etc/salt/cloud.providers or any file in the
# /etc/salt/cloud.providers.d/ directory.
my-aliyun-config:
# aliyun Access Key ID
id: wDGEwGregedg3435gDgxd
# aliyun Access Key Secret
key: GDd45t43RDBTrkkkg43934t34qT43t4dgegerGEgg
location: cn-qingdao
driver: aliyun
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider definitions was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile definitions. Cloud provider
definitions now use driver to refer to the Salt cloud module that provides the underlying
functionality to connect to a cloud host, while cloud profiles continue to use provider to refer to
provider configurations that you define.
Profiles
Cloud Profiles
Set up an initial profile at /etc/salt/cloud.profiles or in the /etc/salt/cloud.profiles.d/ directory:
aliyun_centos:
provider: my-aliyun-config
size: ecs.t1.small
location: cn-qingdao
securitygroup: G1989096784427999
image: centos6u3_64_20G_aliaegis_20130816.vhd
Sizes can be obtained using the --list-sizes option for the salt-cloud command:
# salt-cloud --list-sizes my-aliyun-config
my-aliyun-config:
----------
aliyun:
----------
ecs.c1.large:
----------
CpuCoreCount:
8
InstanceTypeId:
ecs.c1.large
MemorySize:
16.0
...SNIP...
Images can be obtained using the --list-images option for the salt-cloud command:
# salt-cloud --list-images my-aliyun-config
my-aliyun-config:
----------
aliyun:
----------
centos5u8_64_20G_aliaegis_20131231.vhd:
----------
Architecture:
x86_64
Description:
ImageId:
centos5u8_64_20G_aliaegis_20131231.vhd
ImageName:
CentOS 5.8 64位
ImageOwnerAlias:
system
ImageVersion:
1.0
OSName:
CentOS 5.8 64位
Platform:
CENTOS5
Size:
20
Visibility:
public
...SNIP...
Locations can be obtained using the --list-locations option for the salt-cloud command:
my-aliyun-config:
----------
aliyun:
----------
cn-beijing:
----------
LocalName:
北京
RegionId:
cn-beijing
cn-hangzhou:
----------
LocalName:
杭州
RegionId:
cn-hangzhou
cn-hongkong:
----------
LocalName:
香港
RegionId:
cn-hongkong
cn-qingdao:
----------
LocalName:
青岛
RegionId:
cn-qingdao
Security Group can be obtained using the -f list_securitygroup option for the salt-cloud command:
# salt-cloud --location=cn-qingdao -f list_securitygroup my-aliyun-config
my-aliyun-config:
----------
aliyun:
----------
G1989096784427999:
----------
Description:
G1989096784427999
SecurityGroupId:
G1989096784427999
NOTE:
Aliyun ECS REST API documentation is available from Aliyun ECS API.
Getting Started With Azure
New in version 2014.1.0.
Azure is a cloud service by Microsoft providing virtual machines, SQL services, media services, and more.
This document describes how to use Salt Cloud to create a virtual machine on Azure, with Salt installed.
More information about Azure is located at http://www.windowsazure.com/.
Dependencies
• Microsoft Azure SDK for Python >= 1.0.2
• The python-requests library, for Python < 2.7.9.
• A Microsoft Azure account
• OpenSSL (to generate the certificates)
• Salt
NOTE:
The Azure driver is currently being updated to work with the new version of the Python Azure SDK,
1.0.0. However until that process is complete, this driver will not work with Azure 1.0.0. Please be
sure you're running on a minimum version of 0.10.2 and less than version 1.0.0.
See Issue #27980 for more information.
Configuration
Set up the provider config at /etc/salt/cloud.providers.d/azure.conf:
# Note: This example is for /etc/salt/cloud.providers.d/azure.conf
my-azure-config:
driver: azure
subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
certificate_path: /etc/salt/azure.pem
# Set up the location of the salt master
#
minion:
master: saltmaster.example.com
# Optional
management_host: management.core.windows.net
The certificate used must be generated by the user. OpenSSL can be used to create the management
certificates. Two certificates are needed: a .cer file, which is uploaded to Azure, and a .pem file,
which is stored locally.
To create the .pem file, execute the following command:
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/salt/azure.pem -out /etc/salt/azure.pem
To create the .cer file, execute the following command:
openssl x509 -inform pem -in /etc/salt/azure.pem -outform der -out /etc/salt/azure.cer
After creating these files, the .cer file will need to be uploaded to Azure via the "Upload a Management
Certificate" action of the "Management Certificates" tab within the "Settings" section of the management
portal.
Optionally, a management_host may be configured, if necessary for the region.
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider definitions was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile definitions. Cloud provider
definitions now use driver to refer to the Salt cloud module that provides the underlying
functionality to connect to a cloud host, while cloud profiles continue to use provider to refer to
provider configurations that you define.
Cloud Profiles
Set up an initial profile at /etc/salt/cloud.profiles:
azure-ubuntu:
provider: my-azure-config
image: 'b39f27a8b8c64d52b05eac6a62ebad85__Ubuntu-12_04_3-LTS-amd64-server-20131003-en-us-30GB'
size: Small
location: 'East US'
ssh_username: azureuser
ssh_password: verybadpass
slot: production
media_link: 'http://portalvhdabcdefghijklmn.blob.core.windows.net/vhds'
virtual_network_name: azure-virtual-network
subnet_name: azure-subnet
These options are described in more detail below. Once configured, the profile can be realized with a
salt command:
salt-cloud -p azure-ubuntu newinstance
This will create an salt minion instance named newinstance in Azure. If the command was executed on the
salt-master, its Salt key will automatically be signed on the master.
Once the instance has been created with salt-minion installed, connectivity to it can be verified with
Salt:
salt newinstance test.ping
Profile Options
The following options are currently available for Azure.
provider
The name of the provider as configured in /etc/salt/cloud.providers.d/azure.conf.
image
The name of the image to use to create a VM. Available images can be viewed using the following command:
salt-cloud --list-images my-azure-config
size
The name of the size to use to create a VM. Available sizes can be viewed using the following command:
salt-cloud --list-sizes my-azure-config
location
The name of the location to create a VM in. Available locations can be viewed using the following
command:
salt-cloud --list-locations my-azure-config
affinity_group
The name of the affinity group to create a VM in. Either a location or an affinity_group may be
specified, but not both. See Affinity Groups below.
ssh_username
The user to use to log into the newly-created VM to install Salt.
ssh_password
The password to use to log into the newly-created VM to install Salt.
slot
The environment to which the hosted service is deployed. Valid values are staging or production. When set
to production, the resulting URL of the new VM will be <vm_name>.cloudapp.net. When set to staging, the
resulting URL will contain a generated hash instead.
media_link
This is the URL of the container that will store the disk that this VM uses. Currently, this container
must already exist. If a VM has previously been created in the associated account, a container should
already exist. In the web interface, go into the Storage area and click one of the available storage
selections. Click the Containers link, and then copy the URL from the container that will be used. It
generally looks like:
http://portalvhdabcdefghijklmn.blob.core.windows.net/vhds
service_name
The name of the service in which to create the VM. If this is not specified, then a service will be
created with the same name as the VM.
virtual_network_name
Optional. The name of the virtual network for the VM to join. If this is not specified, then no virtual
network will be joined.
subnet_name
Optional. The name of the subnet in the virtual network for the VM to join. Requires that a
virtual_network_name is specified.
Show Instance
This action is a thin wrapper around --full-query, which displays details on a single instance only. In
an environment with several machines, this will save a user from having to sort through all instance
data, just to examine a single instance.
salt-cloud -a show_instance myinstance
Destroying VMs
There are certain options which can be specified in the global cloud configuration file (usually
/etc/salt/cloud) which affect Salt Cloud's behavior when a VM is destroyed.
cleanup_disks
New in version 2015.8.0.
Default is False. When set to True, Salt Cloud will wait for the VM to be destroyed, then attempt to
destroy the main disk that is associated with the VM.
cleanup_vhds
New in version 2015.8.0.
Default is False. Requires cleanup_disks to be set to True. When also set to True, Salt Cloud will ask
Azure to delete the VHD associated with the disk that is also destroyed.
cleanup_services
New in version 2015.8.0.
Default is False. Requires cleanup_disks to be set to True. When also set to True, Salt Cloud will wait
for the disk to be destroyed, then attempt to remove the service that is associated with the VM. Because
the disk belongs to the service, the disk must be destroyed before the service can be.
Managing Hosted Services
New in version 2015.8.0.
An account can have one or more hosted services. A hosted service is required in order to create a VM.
However, as mentioned above, if a hosted service is not specified when a VM is created, then one will
automatically be created with the name of the name. The following functions are also available.
create_service
Create a hosted service. The following options are available.
name
Required. The name of the hosted service to create.
label
Required. A label to apply to the hosted service.
description
Optional. A longer description of the hosted service.
location
Required, if affinity_group is not set. The location in which to create the hosted service. Either the
location or the affinity_group must be set, but not both.
affinity_group
Required, if location is not set. The affinity group in which to create the hosted service. Either the
location or the affinity_group must be set, but not both.
extended_properties
Optional. Dictionary containing name/value pairs of hosted service properties. You can have a maximum of
50 extended property name/value pairs. The maximum length of the Name element is 64 characters, only
alphanumeric characters and underscores are valid in the Name, and the name must start with a letter.
The value has a maximum length of 255 characters.
CLI Example
The following example illustrates creating a hosted service.
salt-cloud -f create_service my-azure name=my-service label=my-service location='West US'
show_service
Return details about a specific hosted service. Can also be called with get_service.
salt-cloud -f show_storage my-azure name=my-service
list_services
List all hosted services associates with the subscription.
salt-cloud -f list_services my-azure-config
delete_service
Delete a specific hosted service.
salt-cloud -f delete_service my-azure name=my-service
Managing Storage Accounts
New in version 2015.8.0.
Salt Cloud can manage storage accounts associated with the account. The following functions are
available. Deprecated marked as deprecated are marked as such as per the SDK documentation, but are still
included for completeness with the SDK.
create_storage
Create a storage account. The following options are supported.
name
Required. The name of the storage account to create.
label
Required. A label to apply to the storage account.
description
Optional. A longer description of the storage account.
location
Required, if affinity_group is not set. The location in which to create the storage account. Either the
location or the affinity_group must be set, but not both.
affinity_group
Required, if location is not set. The affinity group in which to create the storage account. Either the
location or the affinity_group must be set, but not both.
extended_properties
Optional. Dictionary containing name/value pairs of storage account properties. You can have a maximum
of 50 extended property name/value pairs. The maximum length of the Name element is 64 characters, only
alphanumeric characters and underscores are valid in the Name, and the name must start with a letter. The
value has a maximum length of 255 characters.
geo_replication_enabled
Deprecated. Replaced by the account_type parameter.
account_type
Specifies whether the account supports locally-redundant storage, geo-redundant storage, zone-redundant
storage, or read access geo-redundant storage. Possible values are:
• Standard_LRS
• Standard_ZRS
• Standard_GRS
• Standard_RAGRS
CLI Example
The following example illustrates creating a storage account.
salt-cloud -f create_storage my-azure name=my-storage label=my-storage location='West US'
list_storage
List all storage accounts associates with the subscription.
salt-cloud -f list_storage my-azure-config
show_storage
Return details about a specific storage account. Can also be called with get_storage.
salt-cloud -f show_storage my-azure name=my-storage
update_storage
Update details concerning a storage account. Any of the options available in create_storage can be used,
but the name cannot be changed.
salt-cloud -f update_storage my-azure name=my-storage label=my-storage
delete_storage
Delete a specific storage account.
salt-cloud -f delete_storage my-azure name=my-storage
show_storage_keys
Returns the primary and secondary access keys for the specified storage account.
salt-cloud -f show_storage_keys my-azure name=my-storage
regenerate_storage_keys
Regenerate storage account keys. Requires a key_type ("primary" or "secondary") to be specified.
salt-cloud -f regenerate_storage_keys my-azure name=my-storage key_type=primary
Managing Disks
New in version 2015.8.0.
When a VM is created, a disk will also be created for it. The following functions are available for
managing disks. Deprecated marked as deprecated are marked as such as per the SDK documentation, but are
still included for completeness with the SDK.
show_disk
Return details about a specific disk. Can also be called with get_disk.
salt-cloud -f show_disk my-azure name=my-disk
list_disks
List all disks associates with the account.
salt-cloud -f list_disks my-azure
update_disk
Update details for a disk. The following options are available.
name
Required. The name of the disk to update.
has_operating_system
Deprecated.
label
Required. The label for the disk.
media_link
Deprecated. The location of the disk in the account, including the storage container that it is in. This
should not need to be changed.
new_name
Deprecated. If renaming the disk, the new name.
os
Deprecated.
CLI Example
The following example illustrates updating a disk.
salt-cloud -f update_disk my-azure name=my-disk label=my-disk
delete_disk
Delete a specific disk.
salt-cloud -f delete_disk my-azure name=my-disk
Managing Service Certificates
New in version 2015.8.0.
Stored at the cloud service level, these certificates are used by your deployed services. For more
information on service certificates, see the following link:
• Manage Certificates
The following functions are available.
list_service_certificates
List service certificates associated with the account.
salt-cloud -f list_service_certificates my-azure
show_service_certificate
Show the data for a specific service certificate associated with the account. The name, thumbprint, and
thumbalgorithm can be obtained from list_service_certificates. Can also be called with
get_service_certificate.
salt-cloud -f show_service_certificate my-azure name=my_service_certificate \
thumbalgorithm=sha1 thumbprint=0123456789ABCDEF
add_service_certificate
Add a service certificate to the account. This requires that a certificate already exists, which is then
added to the account. For more information on creating the certificate itself, see:
• Create a Service Certificate for Azure
The following options are available.
name
Required. The name of the hosted service that the certificate will belong to.
data
Required. The base-64 encoded form of the pfx file.
certificate_format
Required. The service certificate format. The only supported value is pfx.
password
The certificate password.
salt-cloud -f add_service_certificate my-azure name=my-cert \
data='...CERT_DATA...' certificate_format=pfx password=verybadpass
delete_service_certificate
Delete a service certificate from the account. The name, thumbprint, and thumbalgorithm can be obtained
from list_service_certificates.
salt-cloud -f delete_service_certificate my-azure \
name=my_service_certificate \
thumbalgorithm=sha1 thumbprint=0123456789ABCDEF
Managing Management Certificates
New in version 2015.8.0.
A Azure management certificate is an X.509 v3 certificate used to authenticate an agent, such as Visual
Studio Tools for Windows Azure or a client application that uses the Service Management API, acting on
behalf of the subscription owner to manage subscription resources. Azure management certificates are
uploaded to Azure and stored at the subscription level. The management certificate store can hold up to
100 certificates per subscription. These certificates are used to authenticate your Windows Azure
deployment.
For more information on management certificates, see the following link.
• Manage Certificates
The following functions are available.
list_management_certificates
List management certificates associated with the account.
salt-cloud -f list_management_certificates my-azure
show_management_certificate
Show the data for a specific management certificate associated with the account. The name, thumbprint,
and thumbalgorithm can be obtained from list_management_certificates. Can also be called with
get_management_certificate.
salt-cloud -f show_management_certificate my-azure name=my_management_certificate \
thumbalgorithm=sha1 thumbprint=0123456789ABCDEF
add_management_certificate
Management certificates must have a key length of at least 2048 bits and should reside in the Personal
certificate store. When the certificate is installed on the client, it should contain the private key of
the certificate. To upload to the certificate to the Microsoft Azure Management Portal, you must export
it as a .cer format file that does not contain the private key. For more information on creating
management certificates, see the following link:
• Create and Upload a Management Certificate for Azure
The following options are available.
public_key
A base64 representation of the management certificate public key.
thumbprint
The thumb print that uniquely identifies the management certificate.
data
The certificate's raw data in base-64 encoded .cer format.
salt-cloud -f add_management_certificate my-azure public_key='...PUBKEY...' \
thumbprint=0123456789ABCDEF data='...CERT_DATA...'
delete_management_certificate
Delete a management certificate from the account. The thumbprint can be obtained from
list_management_certificates.
salt-cloud -f delete_management_certificate my-azure thumbprint=0123456789ABCDEF
Virtual Network Management
New in version 2015.8.0.
The following are functions for managing virtual networks.
list_virtual_networks
List input endpoints associated with the deployment.
salt-cloud -f list_virtual_networks my-azure service=myservice deployment=mydeployment
Managing Input Endpoints
New in version 2015.8.0.
Input endpoints are used to manage port access for roles. Because endpoints cannot be managed by the
Azure Python SDK, Salt Cloud uses the API directly. With versions of Python before 2.7.9, the
requests-python package needs to be installed in order for this to work. Additionally, the following
needs to be set in the master's configuration file:
backend: requests
The following functions are available.
list_input_endpoints
List input endpoints associated with the deployment
salt-cloud -f list_input_endpoints my-azure service=myservice deployment=mydeployment
show_input_endpoint
Show an input endpoint associated with the deployment
salt-cloud -f show_input_endpoint my-azure service=myservice \
deployment=mydeployment name=SSH
add_input_endpoint
Add an input endpoint to the deployment. Please note that there may be a delay before the changes show
up. The following options are available.
service
Required. The name of the hosted service which the VM belongs to.
deployment
Required. The name of the deployment that the VM belongs to. If the VM was created with Salt Cloud, the
deployment name probably matches the VM name.
role
Required. The name of the role that the VM belongs to. If the VM was created with Salt Cloud, the role
name probably matches the VM name.
name
Required. The name of the input endpoint. This typically matches the port that the endpoint is set to.
For instance, port 22 would be called SSH.
port
Required. The public (Internet-facing) port that is used for the endpoint.
local_port
Optional. The private port on the VM itself that will be matched with the port. This is typically the
same as the port. If this value is not specified, it will be copied from port.
protocol
Required. Either tcp or udp.
enable_direct_server_return
Optional. If an internal load balancer exists in the account, it can be used with a direct server return.
The default value is False. Please see the following article for an explanation of this option.
• Load Balancing for Azure Infrastructure Services
timeout_for_tcp_idle_connection
Optional. The default value is 4. Please see the following article for an explanation of this option.
• Configurable Idle Timeout for Azure Load Balancer
CLI Example
The following example illustrates adding an input endpoint.
salt-cloud -f add_input_endpoint my-azure service=myservice \
deployment=mydeployment role=myrole name=HTTP local_port=80 \
port=80 protocol=tcp enable_direct_server_return=False \
timeout_for_tcp_idle_connection=4
update_input_endpoint
Updates the details for a specific input endpoint. All options from add_input_endpoint are supported.
salt-cloud -f update_input_endpoint my-azure service=myservice \
deployment=mydeployment role=myrole name=HTTP local_port=80 \
port=80 protocol=tcp enable_direct_server_return=False \
timeout_for_tcp_idle_connection=4
delete_input_endpoint
Delete an input endpoint from the deployment. Please note that there may be a delay before the changes
show up. The following items are required.
CLI Example
The following example illustrates deleting an input endpoint.
service
The name of the hosted service which the VM belongs to.
deployment
The name of the deployment that the VM belongs to. If the VM was created with Salt Cloud, the deployment
name probably matches the VM name.
role
The name of the role that the VM belongs to. If the VM was created with Salt Cloud, the role name
probably matches the VM name.
name
The name of the input endpoint. This typically matches the port that the endpoint is set to. For
instance, port 22 would be called SSH.
salt-cloud -f delete_input_endpoint my-azure service=myservice \
deployment=mydeployment role=myrole name=HTTP
Managing Affinity Groups
New in version 2015.8.0.
Affinity groups allow you to group your Azure services to optimize performance. All services and VMs
within an affinity group will be located in the same region. For more information on Affinity groups, see
the following link:
• Create an Affinity Group in the Management Portal
The following functions are available.
list_affinity_groups
List input endpoints associated with the account
salt-cloud -f list_affinity_groups my-azure
show_affinity_group
Show an affinity group associated with the account
salt-cloud -f show_affinity_group my-azure service=myservice \
deployment=mydeployment name=SSH
create_affinity_group
Create a new affinity group. The following options are supported.
name
Required. The name of the new affinity group.
location
Required. The region in which the affinity group lives.
label
Required. A label describing the new affinity group.
description
Optional. A longer description of the affinity group.
salt-cloud -f create_affinity_group my-azure name=my_affinity_group \
label=my-affinity-group location='West US'
update_affinity_group
Update an affinity group's properties
salt-cloud -f update_affinity_group my-azure name=my_group label=my_group
delete_affinity_group
Delete a specific affinity group associated with the account
salt-cloud -f delete_affinity_group my-azure name=my_affinity_group
Managing Blob Storage
New in version 2015.8.0.
Azure storage containers and their contents can be managed with Salt Cloud. This is not as elegant as
using one of the other available clients in Windows, but it benefits Linux and Unix users, as there are
fewer options available on those platforms.
Blob Storage Configuration
Blob storage must be configured differently than the standard Azure configuration. Both a storage_account
and a storage_key must be specified either through the Azure provider configuration (in addition to the
other Azure configuration) or via the command line.
storage_account: mystorage
storage_key: ffhj334fDSGFEGDFGFDewr34fwfsFSDFwe==
storage_account
This is one of the storage accounts that is available via the list_storage function.
storage_key
Both a primary and a secondary storage_key can be obtained by running the show_storage_keys function.
Either key may be used.
Blob Functions
The following functions are made available through Salt Cloud for managing blog storage.
make_blob_url
Creates the URL to access a blob
salt-cloud -f make_blob_url my-azure container=mycontainer blob=myblob
container
Name of the container.
blob
Name of the blob.
account
Name of the storage account. If not specified, derives the host base from the provider configuration.
protocol
Protocol to use: 'http' or 'https'. If not specified, derives the host base from the provider
configuration.
host_base
Live host base URL. If not specified, derives the host base from the provider configuration.
list_storage_containers
List containers associated with the storage account
salt-cloud -f list_storage_containers my-azure
create_storage_container
Create a storage container
salt-cloud -f create_storage_container my-azure name=mycontainer
name
Name of container to create.
meta_name_values
Optional. A dict with name_value pairs to associate with the container as metadata.
Example:{'Category':'test'}
blob_public_access
Optional. Possible values include: container, blob
fail_on_exist
Specify whether to throw an exception when the container exists.
show_storage_container
Show a container associated with the storage account
salt-cloud -f show_storage_container my-azure name=myservice
name
Name of container to show.
show_storage_container_metadata
Show a storage container's metadata
salt-cloud -f show_storage_container_metadata my-azure name=myservice
name
Name of container to show.
lease_id
If specified, show_storage_container_metadata only succeeds if the container's lease is active and
matches this ID.
set_storage_container_metadata
Set a storage container's metadata
salt-cloud -f set_storage_container my-azure name=mycontainer \
x_ms_meta_name_values='{"my_name": "my_value"}'
name
Name of existing container. meta_name_values ```````````` A dict containing name, value for metadata.
Example: {'category':'test'} lease_id ```` If specified, set_storage_container_metadata only succeeds if
the container's lease is active and matches this ID.
show_storage_container_acl
Show a storage container's acl
salt-cloud -f show_storage_container_acl my-azure name=myservice
name
Name of existing container.
lease_id
If specified, show_storage_container_acl only succeeds if the container's lease is active and matches
this ID.
set_storage_container_acl
Set a storage container's acl
salt-cloud -f set_storage_container my-azure name=mycontainer
name
Name of existing container.
signed_identifiers
SignedIdentifers instance
blob_public_access
Optional. Possible values include: container, blob
lease_id
If specified, set_storage_container_acl only succeeds if the container's lease is active and matches this
ID.
delete_storage_container
Delete a container associated with the storage account
salt-cloud -f delete_storage_container my-azure name=mycontainer
name
Name of container to create.
fail_not_exist
Specify whether to throw an exception when the container exists.
lease_id
If specified, delete_storage_container only succeeds if the container's lease is active and matches this
ID.
lease_storage_container
Lease a container associated with the storage account
salt-cloud -f lease_storage_container my-azure name=mycontainer
name
Name of container to create.
lease_action
Required. Possible values: acquire|renew|release|break|change
lease_id
Required if the container has an active lease.
lease_duration
Specifies the duration of the lease, in seconds, or negative one (-1) for a lease that never expires. A
non-infinite lease can be between 15 and 60 seconds. A lease duration cannot be changed using renew or
change. For backwards compatibility, the default is 60, and the value is only used on an acquire
operation.
lease_break_period
Optional. For a break operation, this is the proposed duration of seconds that the lease should continue
before it is broken, between 0 and 60 seconds. This break period is only used if it is shorter than the
time remaining on the lease. If longer, the time remaining on the lease is used. A new lease will not be
available before the break period has expired, but the lease may be held for longer than the break
period. If this header does not appear with a break operation, a fixed-duration lease breaks after the
remaining lease period elapses, and an infinite lease breaks immediately.
proposed_lease_id
Optional for acquire, required for change. Proposed lease ID, in a GUID string format.
list_blobs
List blobs associated with the container
salt-cloud -f list_blobs my-azure container=mycontainer
container
The name of the storage container
prefix
Optional. Filters the results to return only blobs whose names begin with the specified prefix.
marker
Optional. A string value that identifies the portion of the list to be returned with the next list
operation. The operation returns a marker value within the response body if the list returned was not
complete. The marker value may then be used in a subsequent call to request the next set of list items.
The marker value is opaque to the client.
maxresults
Optional. Specifies the maximum number of blobs to return, including all BlobPrefix elements. If the
request does not specify maxresults or specifies a value greater than 5,000, the server will return up to
5,000 items. Setting maxresults to a value less than or equal to zero results in error response code 400
(Bad Request).
include
Optional. Specifies one or more datasets to include in the response. To specify more than one of these
options on the URI, you must separate each option with a comma. Valid values are:
snapshots:
Specifies that snapshots should be included in the
enumeration. Snapshots are listed from oldest to newest in
the response.
metadata:
Specifies that blob metadata be returned in the response.
uncommittedblobs:
Specifies that blobs for which blocks have been uploaded,
but which have not been committed using Put Block List
(REST API), be included in the response.
copy:
Version 2012-02-12 and newer. Specifies that metadata
related to any current or previous Copy Blob operation
should be included in the response.
delimiter
Optional. When the request includes this parameter, the operation returns a BlobPrefix element in the
response body that acts as a placeholder for all blobs whose names begin with the same substring up to
the appearance of the delimiter character. The delimiter may be a single character or a string.
show_blob_service_properties
Show a blob's service properties
salt-cloud -f show_blob_service_properties my-azure
set_blob_service_properties
Sets the properties of a storage account's Blob service, including Windows Azure Storage Analytics. You
can also use this operation to set the default request version for all incoming requests that do not have
a version specified.
salt-cloud -f set_blob_service_properties my-azure
properties
a StorageServiceProperties object.
timeout
Optional. The timeout parameter is expressed in seconds.
show_blob_properties
Returns all user-defined metadata, standard HTTP properties, and system properties for the blob.
salt-cloud -f show_blob_properties my-azure container=mycontainer blob=myblob
container
Name of existing container.
blob
Name of existing blob.
lease_id
Required if the blob has an active lease.
set_blob_properties
Set a blob's properties
salt-cloud -f set_blob_properties my-azure
container
Name of existing container.
blob
Name of existing blob.
blob_cache_control
Optional. Modifies the cache control string for the blob.
blob_content_type
Optional. Sets the blob's content type.
blob_content_md5
Optional. Sets the blob's MD5 hash.
blob_content_encoding
Optional. Sets the blob's content encoding.
blob_content_language
Optional. Sets the blob's content language.
lease_id
Required if the blob has an active lease.
blob_content_disposition
Optional. Sets the blob's Content-Disposition header. The Content-Disposition response header field
conveys additional information about how to process the response payload, and also can be used to attach
additional metadata. For example, if set to attachment, it indicates that the user-agent should not
display the response, but instead show a Save As dialog with a filename other than the blob name
specified.
put_blob
Upload a blob
salt-cloud -f put_blob my-azure container=base name=top.sls blob_path=/srv/salt/top.sls
salt-cloud -f put_blob my-azure container=base name=content.txt blob_content='Some content'
container
Name of existing container.
name
Name of existing blob.
blob_path
The path on the local machine of the file to upload as a blob. Either this or blob_content must be
specified.
blob_content
The actual content to be uploaded as a blob. Either this or blob_path must me specified.
cache_control
Optional. The Blob service stores this value but does not use or modify it.
content_language
Optional. Specifies the natural languages used by this resource.
content_md5
Optional. An MD5 hash of the blob content. This hash is used to verify the integrity of the blob during
transport. When this header is specified, the storage service checks the hash that has arrived with the
one that was sent. If the two hashes do not match, the operation will fail with error code 400 (Bad
Request).
blob_content_type
Optional. Set the blob's content type.
blob_content_encoding
Optional. Set the blob's content encoding.
blob_content_language
Optional. Set the blob's content language.
blob_content_md5
Optional. Set the blob's MD5 hash.
blob_cache_control
Optional. Sets the blob's cache control.
meta_name_values
A dict containing name, value for metadata.
lease_id
Required if the blob has an active lease.
get_blob
Download a blob
salt-cloud -f get_blob my-azure container=base name=top.sls local_path=/srv/salt/top.sls
salt-cloud -f get_blob my-azure container=base name=content.txt return_content=True
container
Name of existing container.
name
Name of existing blob.
local_path
The path on the local machine to download the blob to. Either this or return_content must be specified.
return_content
Whether or not to return the content directly from the blob. If specified, must be True or False. Either
this or the local_path must be specified.
snapshot
Optional. The snapshot parameter is an opaque DateTime value that, when present, specifies the blob
snapshot to retrieve.
lease_id
Required if the blob has an active lease.
progress_callback
callback for progress with signature function(current, total) where current is the number of bytes
transferred so far, and total is the size of the blob.
max_connections
Maximum number of parallel connections to use when the blob size exceeds 64MB. Set to 1 to download the
blob chunks sequentially. Set to 2 or more to download the blob chunks in parallel. This uses more
system resources but will download faster.
max_retries
Number of times to retry download of blob chunk if an error occurs.
retry_wait
Sleep time in secs between retries.
Getting Started With Azure ARM
New in version 2016.11.0.
Azure is a cloud service by Microsoft providing virtual machines, SQL services, media services, and more.
Azure ARM (aka, the Azure Resource Manager) is a next generatiom version of the Azure portal and API.
This document describes how to use Salt Cloud to create a virtual machine on Azure ARM, with Salt
installed.
More information about Azure is located at http://www.windowsazure.com/.
Dependencies
• Microsoft Azure SDK for Python >= 2.0rc6
• Microsoft Azure Storage SDK for Python >= 0.32
• The python-requests library, for Python < 2.7.9.
• A Microsoft Azure account
• Salt
Installation Tips
Because the azure library requires the cryptography library, which is compiled on-the-fly by pip, you may
need to install the development tools for your operating system.
Before you install azure with pip, you should make sure that the required libraries are installed.
Debian
For Debian and Ubuntu, the following command will ensure that the required dependencies are installed:
sudo apt-get install build-essential libssl-dev libffi-dev python-dev
Red Hat
For Fedora and RHEL-derivatives, the following command will ensure that the required dependencies are
installed:
sudo yum install gcc libffi-devel python-devel openssl-devel
Configuration
Set up the provider config at /etc/salt/cloud.providers.d/azurearm.conf:
# Note: This example is for /etc/salt/cloud.providers.d/azurearm.conf
my-azurearm-config:
driver: azurearm
master: salt.example.com
subscription_id: 01234567-890a-bcde-f012-34567890abdc
# https://apps.dev.microsoft.com/#/appList
username: <username>@<subdomain>.onmicrosoft.com
password: verybadpass
location: westus
resource_group: my_rg
# Optional
network_resource_group: my_net_rg
cleanup_disks: True
cleanup_vhds: True
cleanup_data_disks: True
cleanup_interfaces: True
custom_data: 'This is custom data'
expire_publisher_cache: 604800 # 7 days
expire_offer_cache: 518400 # 6 days
expire_sku_cache: 432000 # 5 days
expire_version_cache: 345600 # 4 days
expire_group_cache: 14400 # 4 hours
expire_interface_cache: 3600 # 1 hour
expire_network_cache: 3600 # 1 hour
Cloud Profiles
Set up an initial profile at /etc/salt/cloud.profiles:
azure-ubuntu:
provider: my-azure-config
image: Canonical|UbuntuServer|14.04.5-LTS|14.04.201612050
size: Standard_D1_v2
location: eastus
ssh_username: azureuser
ssh_password: verybadpass
azure-win2012:
provider: my-azure-config
image: MicrosoftWindowsServer|WindowsServer|2012-R2-Datacenter|latest
size: Standard_D1_v2
location: westus
win_username: azureuser
win_password: verybadpass
These options are described in more detail below. Once configured, the profile can be realized with a
salt command:
salt-cloud -p azure-ubuntu newinstance
This will create an salt minion instance named newinstance in Azure. If the command was executed on the
salt-master, its Salt key will automatically be signed on the master.
Once the instance has been created with salt-minion installed, connectivity to it can be verified with
Salt:
salt newinstance test.ping
Profile Options
The following options are currently available for Azure ARM.
provider
The name of the provider as configured in /etc/salt/cloud.providers.d/azure.conf.
image
Required. The name of the image to use to create a VM. Available images can be viewed using the following
command:
salt-cloud --list-images my-azure-config
As you will see in --list-images, image names are comprised of the following fields, separated by the
pipe (|) character:
publisher: For example, Canonical or MicrosoftWindowsServer
offer: For example, UbuntuServer or WindowsServer
sku: Such as 14.04.5-LTS or 2012-R2-Datacenter
version: Such as 14.04.201612050 or latest
It is possible to specify the URL of a custom image that you have access to, such as:
https://<mystorage>.blob.core.windows.net/system/Microsoft.Compute/Images/<mystorage>/template-osDisk.01234567-890a-bcdef0123-4567890abcde.vhd
size
Required. The name of the size to use to create a VM. Available sizes can be viewed using the following
command:
salt-cloud --list-sizes my-azure-config
location
Required. The name of the location to create a VM in. Available locations can be viewed using the
following command:
salt-cloud --list-locations my-azure-config
ssh_username
Required for Linux. The user to use to log into the newly-created Linux VM to install Salt.
ssh_password
Required for Linux. The password to use to log into the newly-created Linux VM to install Salt.
win_username
Required for Windows. The user to use to log into the newly-created Windows VM to install Salt.
win_password
Required for Windows. The password to use to log into the newly-created Windows VM to install Salt.
win_installer
Required for Windows. The path to the Salt installer to be uploaded.
resource_group
Required. The resource group that all VM resources (VM, network interfaces, etc) will be created in.
network_resource_group
Optional. If specified, then the VM will be connected to the network resources in this group, rather than
the group that it was created in. The VM interfaces and IPs will remain in the configured resource_group
with the VM.
network
Required. The virtual network that the VM will be spun up in.
subnet
Optional. The subnet inside the virtual network that the VM will be spun up in. Default is default.
iface_name
Optional. The name to apply to the VM's network interface. If not supplied, the value will be set to <VM
name>-iface0.
cleanup_disks
Optional. Default is False. If set to True, disks will be cleaned up when the VM that they belong to is
deleted.
cleanup_vhds
Optional. Default is False. If set to True, VHDs will be cleaned up when the VM and disk that they belong
to are deleted. Requires cleanup_disks to be set to True.
cleanup_data_disks
Optional. Default is False. If set to True, data disks (non-root volumes) will be cleaned up whtn the VM
that they are attached to is deleted. Requires cleanup_disks to be set to True.
cleanup_interfaces
Optional. Default is False. Normally when a VM is deleted, its associated interfaces and IPs are
retained. This is useful if you expect the deleted VM to be recreated with the same name and network
settings. If you would like interfaces and IPs to be deleted when their associated VM is deleted, set
this to True.
userdata
Optional. Any custom cloud data that needs to be specified. How this data is used depends on the
operating system and image that is used. For instance, Linux images that use cloud-init will import this
data for use with that program. Some Windows images will create a file with a copy of this data, and
others will ignore it. If a Windows image creates a file, then the location will depend upon the version
of Windows. This will be ignored if the userdata_file is specified.
userdata_file
Optional. The path to a file to be read and submitted to Azure as user data. How this is used depends on
the operating system that is being deployed. If used, any userdata setting will be ignored.
wait_for_ip_timeout
Optional. Default is 600. When waiting for a VM to be created, Salt Cloud will attempt to connect to the
VM's IP address until it starts responding. This setting specifies the maximum time to wait for a
response.
wait_for_ip_interval
Optional. Default is 10. How long to wait between attempts to connect to the VM's IP.
wait_for_ip_interval_multiplier
Optional. Default is 1. Increase the interval by this multiplier after each request; helps with
throttling.
expire_publisher_cache
Optional. Default is 604800. When fetching image data using --list-images, a number of web calls need to
be made to the Azure ARM API. This is normally very fast when performed using a VM that exists inside
Azure itself, but can be very slow when made from an external connection.
By default, the publisher data will be cached, and only updated every 604800 seconds (7 days). If you
need the publisher cache to be updated at a different frequency, change this setting. Setting it to 0
will turn off the publisher cache.
expire_offer_cache
Optional. Default is 518400. See expire_publisher_cache for details on why this exists.
By default, the offer data will be cached, and only updated every 518400 seconds (6 days). If you need
the offer cache to be updated at a different frequency, change this setting. Setting it to 0 will turn
off the publiser cache.
expire_sku_cache
Optional. Default is 432000. See expire_publisher_cache for details on why this exists.
By default, the sku data will be cached, and only updated every 432000 seconds (5 days). If you need the
sku cache to be updated at a different frequency, change this setting. Setting it to 0 will turn off the
sku cache.
expire_version_cache
Optional. Default is 345600. See expire_publisher_cache for details on why this exists.
By default, the version data will be cached, and only updated every 345600 seconds (4 days). If you need
the version cache to be updated at a different frequency, change this setting. Setting it to 0 will turn
off the version cache.
expire_group_cache
Optional. Default is 14400. See expire_publisher_cache for details on why this exists.
By default, the resource group data will be cached, and only updated every 14400 seconds (4 hours). If
you need the resource group cache to be updated at a different frequency, change this setting. Setting it
to 0 will turn off the resource group cache.
expire_interface_cache
Optional. Default is 3600. See expire_publisher_cache for details on why this exists.
By default, the interface data will be cached, and only updated every 3600 seconds (1 hour). If you need
the interface cache to be updated at a different frequency, change this setting. Setting it to 0 will
turn off the interface cache.
expire_network_cache
Optional. Default is 3600. See expire_publisher_cache for details on why this exists.
By default, the network data will be cached, and only updated every 3600 seconds (1 hour). If you need
the network cache to be updated at a different frequency, change this setting. Setting it to 0 will turn
off the network cache.
Other Options
Other options relevant to Azure ARM.
storage_account
Required for actions involving an Azure storage account.
storage_key
Required for actions involving an Azure storage account.
Show Instance
This action is a thin wrapper around --full-query, which displays details on a single instance only. In
an environment with several machines, this will save a user from having to sort through all instance
data, just to examine a single instance.
salt-cloud -a show_instance myinstance
Getting Started with CloudStack
CloudStack is one the most popular cloud projects. It's an open source project to build public and/or
private clouds. You can use Salt Cloud to launch CloudStack instances.
Dependencies
• Libcloud >= 0.13.2
Configuration
Using Salt for CloudStack, requires an API key and a secret key along with the API address endpoint
information.
# Note: This example is for /etc/salt/cloud.providers or any file in the
# /etc/salt/cloud.providers.d/ directory.
exoscale:
driver: cloudstack
host: api.exoscale.ch
path: /compute
apikey: EXOAPIKEY
secretkey: EXOSECRETKEYINYOURACCOUNT
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider definitions was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile definitions. Cloud provider
definitions now use driver to refer to the Salt cloud module that provides the underlying
functionality to connect to a cloud host, while cloud profiles continue to use provider to refer to
provider configurations that you define.
Profiles
Cloud Profiles
Set up an initial profile at /etc/salt/cloud.profiles or in the /etc/salt/cloud.profiles.d/ directory:
exoscale-ubuntu:
provider: exoscale-config
image: Ubuntu 16.04
size: Small
location: ch-gva-2
Locations can be obtained using the --list-locations option for the salt-cloud command:
# salt-cloud --list-locations exoscale-config
exoscale:
----------
cloudstack:
----------
ch-dk-2:
----------
country:
Unknown
driver:
id:
91e5e9e4-c9ed-4b76-bee4-427004b3baf9
name:
ch-dk-2
ch-gva-2:
----------
country:
Unknown
driver:
id:
1128bd56-b4d9-4ac6-a7b9-c715b187ce11
name:
ch-gva-2
Sizes can be obtained using the --list-sizes option for the salt-cloud command:
# salt-cloud --list-sizes exoscale
exoscale:
----------
cloudstack:
----------
Extra-large:
----------
bandwidth:
0
disk:
0
driver:
extra:
----------
cpu:
4
get_uuid:
id:
350dc5ea-fe6d-42ba-b6c0-efb8b75617ad
name:
Extra-large
price:
0
ram:
16384
uuid:
edb4cd4ae14bbf152d451b30c4b417ab095a5bfe
...SNIP...
Images can be obtained using the --list-images option for the salt-cloud command:
# salt-cloud --list-images exoscale
exoscale:
----------
cloudstack:
----------
Linux CentOS 6.6 64-bit:
----------
driver:
extra:
----------
displaytext:
Linux CentOS 6.6 64-bit 10G Disk (2014-12-01-bac8e0)
format:
QCOW2
hypervisor:
KVM
os:
Other PV (64-bit)
size:
10737418240
get_uuid:
id:
aa69ae64-1ea9-40af-8824-c2c3344e8d7c
name:
Linux CentOS 6.6 64-bit
uuid:
f26b4f54ec8591abdb6b5feb3b58f720aa438fee
...SNIP...
CloudStack specific settings
security_group
New in version next-release.
You can specifiy a list of security groups (by name or id) that should be assigned to the VM.
exoscale:
provider: cloudstack
security_group:
- default
- salt-master
Getting Started With DigitalOcean
DigitalOcean is a public cloud host that specializes in Linux instances.
Configuration
Using Salt for DigitalOcean requires a personal_access_token, an ssh_key_file, and at least one SSH key
name in ssh_key_names. More ssh_key_names can be added by separating each key with a comma. The
personal_access_token can be found in the DigitalOcean web interface in the "Apps & API" section. The SSH
key name can be found under the "SSH Keys" section.
# Note: This example is for /etc/salt/cloud.providers or any file in the
# /etc/salt/cloud.providers.d/ directory.
my-digitalocean-config:
driver: digital_ocean
personal_access_token: xxx
ssh_key_file: /path/to/ssh/key/file
ssh_key_names: my-key-name,my-key-name-2
location: New York 1
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider definitions was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile definitions. Cloud provider
definitions now use driver to refer to the Salt cloud module that provides the underlying
functionality to connect to a cloud host, while cloud profiles continue to use provider to refer to
provider configurations that you define.
Profiles
Cloud Profiles
Set up an initial profile at /etc/salt/cloud.profiles or in the /etc/salt/cloud.profiles.d/ directory:
digitalocean-ubuntu:
provider: my-digitalocean-config
image: 14.04 x64
size: 512MB
location: New York 1
private_networking: True
backups_enabled: True
ipv6: True
create_dns_record: True
userdata_file: /etc/salt/cloud.userdata.d/setup
Locations can be obtained using the --list-locations option for the salt-cloud command:
# salt-cloud --list-locations my-digitalocean-config
my-digitalocean-config:
----------
digital_ocean:
----------
Amsterdam 1:
----------
available:
False
features:
[u'backups']
name:
Amsterdam 1
sizes:
[]
slug:
ams1
...SNIP...
Sizes can be obtained using the --list-sizes option for the salt-cloud command:
# salt-cloud --list-sizes my-digitalocean-config
my-digitalocean-config:
----------
digital_ocean:
----------
512MB:
----------
cost_per_hour:
0.00744
cost_per_month:
5.0
cpu:
1
disk:
20
id:
66
memory:
512
name:
512MB
slug:
None
...SNIP...
Images can be obtained using the --list-images option for the salt-cloud command:
# salt-cloud --list-images my-digitalocean-config
my-digitalocean-config:
----------
digital_ocean:
----------
10.1:
----------
created_at:
2015-01-20T20:04:34Z
distribution:
FreeBSD
id:
10144573
min_disk_size:
20
name:
10.1
public:
True
...SNIP...
Profile Specifics:
ssh_username
If using a FreeBSD image from Digital Ocean, you'll need to set the ssh_username setting to freebsd in
your profile configuration.
digitalocean-freebsd:
provider: my-digitalocean-config
image: 10.2
size: 512MB
ssh_username: freebsd
userdata_file
New in version 2016.11.6.
Use userdata_file to specify the userdata file to upload for use with cloud-init if available.
my-openstack-config:
# Pass userdata to the instance to be created
userdata_file: /etc/salt/cloud-init/packages.yml
my-do-config:
# Pass userdata to the instance to be created
userdata_file: /etc/salt/cloud-init/packages.yml
userdata_template: jinja
If no userdata_template is set in the cloud profile, then the master configuration will be checked for a
userdata_template value. If this is not set, then no templating will be performed on the userdata_file.
To disable templating in a cloud profile when a userdata_template has been set in the master
configuration file, simply set userdata_template to False in the cloud profile:
my-do-config:
# Pass userdata to the instance to be created
userdata_file: /etc/salt/cloud-init/packages.yml
userdata_template: False
Miscellaneous Information
NOTE:
DigitalOcean's concept of Applications is nothing more than a pre-configured instance (same as a
normal Droplet). You will find examples such Docker 0.7 Ubuntu 13.04 x64 and Wordpress on Ubuntu 12.10
when using the --list-images option. These names can be used just like the rest of the standard
instances when specifying an image in the cloud profile configuration.
NOTE:
If your domain's DNS is managed with DigitalOcean, and your minion name matches your DigitalOcean
managed DNS domain, you can automatically create A and AAA records for newly created droplets. Use
create_dns_record: True in your config to enable this. Adding delete_dns_record: True to also delete
records when a droplet is destroyed is optional. Due to limitations in salt-cloud design, the destroy
code does not have access to the VM config data. WHETHER YOU ADD create_dns_record: True OR NOT,
salt-cloud WILL attempt to delete your DNS records if the minion name matches. This will prevent
advertising any recycled IP addresses for destroyed minions.
NOTE:
If you need to perform the bootstrap using the local interface for droplets, this can be done by
setting ssh_interface: private in your config. By default the salt-cloud script would run on the
public interface however if firewall is preventing the connection to the Droplet over the public
interface you might need to set this option to connect via private interface. Also, to use this
feature private_networking: True must be set in the config.
NOTE:
Additional documentation is available from DigitalOcean.
Getting Started With Dimension Data Cloud
Dimension Data are a global IT Services company and form part of the NTT Group. Dimension Data provide
IT-as-a-Service to customers around the globe on their cloud platform (Compute as a Service). The CaaS
service is available either on one of the public cloud instances or as a private instance on premises.
http://cloud.dimensiondata.com/
CaaS has its own non-standard
`API`_
, SaltStack provides a wrapper on top of this
`API`_
with common methods with other IaaS solutions and Public cloud providers. Therefore, you can use the
Dimension Data module to communicate with both the public and private clouds.
Dependencies
This driver requires the Python apache-libcloud and netaddr library to be installed.
Configuration
When you instantiate a driver you need to pass the following arguments to the driver constructor:
• user_id - Your Dimension Data Cloud username
• key - Your Dimension Data Cloud password
• region - The region key, one of the possible region keys
Possible regions:
• dd-na : Dimension Data North America (USA)
• dd-eu : Dimension Data Europe
• dd-af : Dimension Data Africa
• dd-au : Dimension Data Australia
• dd-latam : Dimension Data Latin America
• dd-ap : Dimension Data Asia Pacific
• dd-canada : Dimension Data Canada region
# Note: This example is for /etc/salt/cloud.providers or any file in the
# /etc/salt/cloud.providers.d/ directory.
my-dimensiondata-config:
user_id: my_username
key: myPassword!
region: dd-na
driver: dimensiondata
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider definitions was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile definitions. Cloud provider
definitions now use driver to refer to the Salt cloud module that provides the underlying
functionality to connect to a cloud host, while cloud profiles continue to use provider to refer to
provider configurations that you define.
Profiles
Cloud Profiles
Dimension Data images have an inbuilt size configuration, there is no list of sizes (although, if the
command --list-sizes is run a default will be returned).
Images can be obtained using the --list-images option for the salt-cloud command:
# salt-cloud --list-images my-dimensiondata-config
my-dimensiondata-config:
----------
dimensiondata:
----------
CSfM SharePoint 2013 Trial:
----------
driver:
extra:
----------
OS_displayName:
WIN2012R2S/64
OS_type:
None
cpu:
created:
2015-03-19T18:36:06.000Z
description:
Windows 2012 R2 Standard 64-bit installed with SharePoint 2013 and Visual Studio 2013 Pro (Trial Version)
location:
memoryGb:
12
osImageKey:
T-WIN-2012R2-STD-SP2013-VS2013-64-4-12-100
get_uuid:
id:
0df4677e-d380-4e9b-9469-b529ee0214c5
name:
CSfM SharePoint 2013 Trial
uuid:
28c077f1be970ee904541407b377e3ff87a9ac69
CentOS 5 32-bit 2 CPU:
----------
driver:
extra:
----------
OS_displayName:
CENTOS5/32
OS_type:
None
cpu:
created:
2015-10-21T14:52:29.000Z
description:
CentOS Release 5.11 32-bit
location:
memoryGb:
4
osImageKey:
T-CENT-5-32-2-4-10
get_uuid:
id:
a8046bd1-04ea-4668-bf32-bf8d5540faed
name:
CentOS 5 32-bit 2 CPU
uuid:
4d7dd59929fed6f4228db861b609da64997773a7
...SNIP...
Locations can be obtained using the --list-locations option for the salt-cloud command:
my-dimensiondata-config:
----------
dimensiondata:
----------
Australia - Melbourne:
----------
country:
Australia
driver:
id:
AU2
name:
Australia - Melbourne
Australia - Melbourne MCP2:
----------
country:
Australia
driver:
id:
AU10
name:
Australia - Melbourne MCP2
Australia - Sydney:
----------
country:
Australia
driver:
id:
AU1
name:
Australia - Sydney
Australia - Sydney MCP2:
----------
country:
Australia
driver:
id:
AU9
name:
Australia - Sydney MCP2
New Zealand:
----------
country:
New Zealand
driver:
id:
AU8
name:
New Zealand
New_Zealand:
----------
country:
New Zealand
driver:
id:
AU11
name:
New_Zealand
NOTE:
Dimension Data Cloud REST API documentation is available from Dimension Data MCP 2.
Getting Started With AWS EC2
Amazon EC2 is a very widely used public cloud platform and one of the core platforms Salt Cloud has been
built to support.
Previously, the suggested driver for AWS EC2 was the aws driver. This has been deprecated in favor of the
ec2 driver. Configuration using the old aws driver will still function, but that driver is no longer in
active development.
Dependencies
This driver requires the Python requests library to be installed.
Configuration
The following example illustrates some of the options that can be set. These parameters are discussed in
more detail below.
# Note: This example is for /etc/salt/cloud.providers or any file in the
# /etc/salt/cloud.providers.d/ directory.
my-ec2-southeast-public-ips:
# Set up the location of the salt master
#
minion:
master: saltmaster.example.com
# Set up grains information, which will be common for all nodes
# using this provider
grains:
node_type: broker
release: 1.0.1
# Specify whether to use public or private IP for deploy script.
#
# Valid options are:
# private_ips - The salt-cloud command is run inside the EC2
# public_ips - The salt-cloud command is run outside of EC2
#
ssh_interface: public_ips
# Optionally configure the Windows credential validation number of
# retries and delay between retries. This defaults to 10 retries
# with a one second delay betwee retries
win_deploy_auth_retries: 10
win_deploy_auth_retry_delay: 1
# Set the EC2 access credentials (see below)
#
id: 'use-instance-role-credentials'
key: 'use-instance-role-credentials'
# Make sure this key is owned by root with permissions 0400.
#
private_key: /etc/salt/my_test_key.pem
keyname: my_test_key
securitygroup: default
# Optionally configure default region
# Use salt-cloud --list-locations <provider> to obtain valid regions
#
location: ap-southeast-1
availability_zone: ap-southeast-1b
# Configure which user to use to run the deploy script. This setting is
# dependent upon the AMI that is used to deploy. It is usually safer to
# configure this individually in a profile, than globally. Typical users
# are:
#
# Amazon Linux -> ec2-user
# RHEL -> ec2-user
# CentOS -> ec2-user
# Ubuntu -> ubuntu
# Debian -> admin
#
ssh_username: ec2-user
# Optionally add an IAM profile
iam_profile: 'arn:aws:iam::123456789012:instance-profile/ExampleInstanceProfile'
driver: ec2
my-ec2-southeast-private-ips:
# Set up the location of the salt master
#
minion:
master: saltmaster.example.com
# Specify whether to use public or private IP for deploy script.
#
# Valid options are:
# private_ips - The salt-master is also hosted with EC2
# public_ips - The salt-master is hosted outside of EC2
#
ssh_interface: private_ips
# Optionally configure the Windows credential validation number of
# retries and delay between retries. This defaults to 10 retries
# with a one second delay betwee retries
win_deploy_auth_retries: 10
win_deploy_auth_retry_delay: 1
# Set the EC2 access credentials (see below)
#
id: 'use-instance-role-credentials'
key: 'use-instance-role-credentials'
# Make sure this key is owned by root with permissions 0400.
#
private_key: /etc/salt/my_test_key.pem
keyname: my_test_key
# This one should NOT be specified if VPC was not configured in AWS to be
# the default. It might cause an error message which says that network
# interfaces and an instance-level security groups may not be specified
# on the same request.
#
securitygroup: default
# Optionally configure default region
#
location: ap-southeast-1
availability_zone: ap-southeast-1b
# Configure which user to use to run the deploy script. This setting is
# dependent upon the AMI that is used to deploy. It is usually safer to
# configure this individually in a profile, than globally. Typical users
# are:
#
# Amazon Linux -> ec2-user
# RHEL -> ec2-user
# CentOS -> ec2-user
# Ubuntu -> ubuntu
#
ssh_username: ec2-user
# Optionally add an IAM profile
iam_profile: 'my other profile name'
driver: ec2
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider definitions was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile definitions. Cloud provider
definitions now use driver to refer to the Salt cloud module that provides the underlying
functionality to connect to a cloud host, while cloud profiles continue to use provider to refer to
provider configurations that you define.
Access Credentials
The id and key settings may be found in the Security Credentials area of the AWS Account page:
https://portal.aws.amazon.com/gp/aws/securityCredentials
Both are located in the Access Credentials area of the page, under the Access Keys tab. The id setting is
labeled Access Key ID, and the key setting is labeled Secret Access Key.
Note: if either id or key is set to 'use-instance-role-credentials' it is assumed that Salt is running on
an AWS instance, and the instance role credentials will be retrieved and used. Since both the id and key
are required parameters for the AWS ec2 provider, it is recommended to set both to
'use-instance-role-credentials' for this functionality.
A "static" and "permanent" Access Key ID and Secret Key can be specified, but this is not recommended.
Instance role keys are rotated on a regular basis, and are the recommended method of specifying AWS
credentials.
Windows Deploy Timeouts
For Windows instances, it may take longer than normal for the instance to be ready. In these
circumstances, the provider configuration can be configured with a win_deploy_auth_retries and/or a
win_deploy_auth_retry_delay setting, which default to 10 retries and a one second delay between retries.
These retries and timeouts relate to validating the Administrator password once AWS provides the
credentials via the AWS API.
Key Pairs
In order to create an instance with Salt installed and configured, a key pair will need to be created.
This can be done in the EC2 Management Console, in the Key Pairs area. These key pairs are unique to a
specific region. Keys in the us-east-1 region can be configured at:
https://console.aws.amazon.com/ec2/home?region=us-east-1#s=KeyPairs
Keys in the us-west-1 region can be configured at
https://console.aws.amazon.com/ec2/home?region=us-west-1#s=KeyPairs
...and so on. When creating a key pair, the browser will prompt to download a pem file. This file must be
placed in a directory accessible by Salt Cloud, with permissions set to either 0400 or 0600.
Security Groups
An instance on EC2 needs to belong to a security group. Like key pairs, these are unique to a specific
region. These are also configured in the EC2 Management Console. Security groups for the us-east-1 region
can be configured at:
https://console.aws.amazon.com/ec2/home?region=us-east-1#s=SecurityGroups
...and so on.
A security group defines firewall rules which an instance will adhere to. If the salt-master is
configured outside of EC2, the security group must open the SSH port (usually port 22) in order for Salt
Cloud to install Salt.
IAM Profile
Amazon EC2 instances support the concept of an instance profile, which is a logical container for the IAM
role. At the time that you launch an EC2 instance, you can associate the instance with an instance
profile, which in turn corresponds to the IAM role. Any software that runs on the EC2 instance is able to
access AWS using the permissions associated with the IAM role.
Scaffolding the profile is a 2-step configuration process:
1. Configure an IAM Role from the IAM Management Console.
2. Attach this role to a new profile. It can be done with the AWS CLI:
> aws iam create-instance-profile --instance-profile-name PROFILE_NAME
> aws iam add-role-to-instance-profile --instance-profile-name PROFILE_NAME --role-name ROLE_NAME
Once the profile is created, you can use the PROFILE_NAME to configure your cloud profiles.
Cloud Profiles
Set up an initial profile at /etc/salt/cloud.profiles:
base_ec2_private:
provider: my-ec2-southeast-private-ips
image: ami-e565ba8c
size: t2.micro
ssh_username: ec2-user
base_ec2_public:
provider: my-ec2-southeast-public-ips
image: ami-e565ba8c
size: t2.micro
ssh_username: ec2-user
base_ec2_db:
provider: my-ec2-southeast-public-ips
image: ami-e565ba8c
size: m1.xlarge
ssh_username: ec2-user
volumes:
- { size: 10, device: /dev/sdf }
- { size: 10, device: /dev/sdg, type: io1, iops: 1000 }
- { size: 10, device: /dev/sdh, type: io1, iops: 1000 }
- { size: 10, device: /dev/sdi, tags: {"Environment": "production"} }
# optionally add tags to profile:
tag: {'Environment': 'production', 'Role': 'database'}
# force grains to sync after install
sync_after_install: grains
base_ec2_vpc:
provider: my-ec2-southeast-public-ips
image: ami-a73264ce
size: m1.xlarge
ssh_username: ec2-user
script: /etc/salt/cloud.deploy.d/user_data.sh
network_interfaces:
- DeviceIndex: 0
PrivateIpAddresses:
- Primary: True
#auto assign public ip (not EIP)
AssociatePublicIpAddress: True
SubnetId: subnet-813d4bbf
SecurityGroupId:
- sg-750af413
del_root_vol_on_destroy: True
del_all_vol_on_destroy: True
volumes:
- { size: 10, device: /dev/sdf }
- { size: 10, device: /dev/sdg, type: io1, iops: 1000 }
- { size: 10, device: /dev/sdh, type: io1, iops: 1000 }
tag: {'Environment': 'production', 'Role': 'database'}
sync_after_install: grains
The profile can now be realized with a salt command:
# salt-cloud -p base_ec2 ami.example.com
# salt-cloud -p base_ec2_public ami.example.com
# salt-cloud -p base_ec2_private ami.example.com
This will create an instance named ami.example.com in EC2. The minion that is installed on this instance
will have an id of ami.example.com. If the command was executed on the salt-master, its Salt key will
automatically be signed on the master.
Once the instance has been created with salt-minion installed, connectivity to it can be verified with
Salt:
# salt 'ami.example.com' test.ping
Required Settings
The following settings are always required for EC2:
# Set the EC2 login data
my-ec2-config:
id: HJGRYCILJLKJYG
key: 'kdjgfsgm;woormgl/aserigjksjdhasdfgn'
keyname: test
securitygroup: quick-start
private_key: /root/test.pem
driver: ec2
Optional Settings
EC2 allows a userdata file to be passed to the instance to be created. This functionality was added to
Salt in the 2015.5.0 release.
my-ec2-config:
# Pass userdata to the instance to be created
userdata_file: /etc/salt/my-userdata-file
NOTE:
From versions 2016.11.0 and 2016.11.3, this file was passed through the master's renderer to template
it. However, this caused issues with non-YAML data, so templating is no longer performed by default.
To template the userdata_file, add a userdata_template option to the cloud profile:
my-ec2-config:
# Pass userdata to the instance to be created
userdata_file: /etc/salt/my-userdata-file
userdata_template: jinja
If no userdata_template is set in the cloud profile, then the master configuration will be checked for
a userdata_template value. If this is not set, then no templating will be performed on the
userdata_file.
To disable templating in a cloud profile when a userdata_template has been set in the master
configuration file, simply set userdata_template to False in the cloud profile:
my-ec2-config:
# Pass userdata to the instance to be created
userdata_file: /etc/salt/my-userdata-file
userdata_template: False
EC2 allows a location to be set for servers to be deployed in. Availability zones exist inside regions,
and may be added to increase specificity.
my-ec2-config:
# Optionally configure default region
location: ap-southeast-1
availability_zone: ap-southeast-1b
EC2 instances can have a public or private IP, or both. When an instance is deployed, Salt Cloud needs to
log into it via SSH to run the deploy script. By default, the public IP will be used for this. If the
salt-cloud command is run from another EC2 instance, the private IP should be used.
my-ec2-config:
# Specify whether to use public or private IP for deploy script
# private_ips or public_ips
ssh_interface: public_ips
Many EC2 instances do not allow remote access to the root user by default. Instead, another user must be
used to run the deploy script using sudo. Some common usernames include ec2-user (for Amazon Linux),
ubuntu (for Ubuntu instances), admin (official Debian) and bitnami (for images provided by Bitnami).
my-ec2-config:
# Configure which user to use to run the deploy script
ssh_username: ec2-user
Multiple usernames can be provided, in which case Salt Cloud will attempt to guess the correct username.
This is mostly useful in the main configuration file:
my-ec2-config:
ssh_username:
- ec2-user
- ubuntu
- admin
- bitnami
Multiple security groups can also be specified in the same fashion:
my-ec2-config:
securitygroup:
- default
- extra
EC2 instances can be added to an AWS Placement Group by specifying the placementgroup option:
my-ec2-config:
placementgroup: my-aws-placement-group
Your instances may optionally make use of EC2 Spot Instances. The following example will request that
spot instances be used and your maximum bid will be $0.10. Keep in mind that different spot prices may be
needed based on the current value of the various EC2 instance sizes. You can check current and past spot
instance pricing via the EC2 API or AWS Console.
my-ec2-config:
spot_config:
spot_price: 0.10
By default, the spot instance type is set to 'one-time', meaning it will be launched and, if it's ever
terminated for whatever reason, it will not be recreated. If you would like your spot instances to be
relaunched after a termination (by your or AWS), set the type to 'persistent'.
NOTE: Spot instances are a great way to save a bit of money, but you do run the risk of losing your spot
instances if the current price for the instance size goes above your maximum bid.
The following parameters may be set in the cloud configuration file to control various aspects of the
spot instance launching:
• wait_for_spot_timeout: seconds to wait before giving up on spot instance launch (default=600)
• wait_for_spot_interval: seconds to wait in between polling requests to determine if a spot instance is
available (default=30)
• wait_for_spot_interval_multiplier: a multiplier to add to the interval in between requests, which is
useful if AWS is throttling your requests (default=1)
• wait_for_spot_max_failures: maximum number of failures before giving up on launching your spot instance
(default=10)
If you find that you're being throttled by AWS while polling for spot instances, you can set the
following in your core cloud configuration file that will double the polling interval after each request
to AWS.
wait_for_spot_interval: 1
wait_for_spot_interval_multiplier: 2
See the AWS Spot Instances documentation for more information.
Block device mappings enable you to specify additional EBS volumes or instance store volumes when the
instance is launched. This setting is also available on each cloud profile. Note that the number of
instance stores varies by instance type. If more mappings are provided than are supported by the
instance type, mappings will be created in the order provided and additional mappings will be ignored.
Consult the AWS documentation for a listing of the available instance stores, and device names.
my-ec2-config:
block_device_mappings:
- DeviceName: /dev/sdb
VirtualName: ephemeral0
- DeviceName: /dev/sdc
VirtualName: ephemeral1
You can also use block device mappings to change the size of the root device at the provisioning time.
For example, assuming the root device is '/dev/sda', you can set its size to 100G by using the following
configuration.
my-ec2-config:
block_device_mappings:
- DeviceName: /dev/sda
Ebs.VolumeSize: 100
Ebs.VolumeType: gp2
Ebs.SnapshotId: dummy0
- DeviceName: /dev/sdb
# required for devices > 2TB
Ebs.VolumeType: gp2
Ebs.VolumeSize: 3001
Existing EBS volumes may also be attached (not created) to your instances or you can create new EBS
volumes based on EBS snapshots. To simply attach an existing volume use the volume_id parameter.
device: /dev/xvdj
volume_id: vol-12345abcd
Or, to create a volume from an EBS snapshot, use the snapshot parameter.
device: /dev/xvdj
snapshot: snap-abcd12345
Note that volume_id will take precedence over the snapshot parameter.
Tags can be set once an instance has been launched.
my-ec2-config:
tag:
tag0: value
tag1: value
Setting up a Master inside EC2
Salt Cloud can configure Salt Masters as well as Minions. Use the make_master setting to use this
functionality.
my-ec2-config:
# Optionally install a Salt Master in addition to the Salt Minion
make_master: True
When creating a Salt Master inside EC2 with make_master: True, or when the Salt Master is already located
and configured inside EC2, by default, minions connect to the master's public IP address during Salt
Cloud's provisioning process. Depending on how your security groups are defined, the minions may or may
not be able to communicate with the master. In order to use the master's private IP in EC2 instead of the
public IP, set the salt_interface to private_ips.
my-ec2-config:
# Optionally set the IP configuration to private_ips
salt_interface: private_ips
Modify EC2 Tags
One of the features of EC2 is the ability to tag resources. In fact, under the hood, the names given to
EC2 instances by salt-cloud are actually just stored as a tag called Name. Salt Cloud has the ability to
manage these tags:
salt-cloud -a get_tags mymachine
salt-cloud -a set_tags mymachine tag1=somestuff tag2='Other stuff'
salt-cloud -a del_tags mymachine tag1,tag2,tag3
It is possible to manage tags on any resource in EC2 with a Resource ID, not just instances:
salt-cloud -f get_tags my_ec2 resource_id=af5467ba
salt-cloud -f set_tags my_ec2 resource_id=af5467ba tag1=somestuff
salt-cloud -f del_tags my_ec2 resource_id=af5467ba tag1,tag2,tag3
Rename EC2 Instances
As mentioned above, EC2 instances are named via a tag. However, renaming an instance by renaming its tag
will cause the salt keys to mismatch. A rename function exists which renames both the instance, and the
salt keys.
salt-cloud -a rename mymachine newname=yourmachine
Rename on Destroy
When instances on EC2 are destroyed, there will be a lag between the time that the action is sent, and
the time that Amazon cleans up the instance. During this time, the instance still retains a Name tag,
which will cause a collision if the creation of an instance with the same name is attempted before the
cleanup occurs. In order to avoid such collisions, Salt Cloud can be configured to rename instances when
they are destroyed. The new name will look something like:
myinstance-DEL20f5b8ad4eb64ed88f2c428df80a1a0c
In order to enable this, add rename_on_destroy line to the main configuration file:
my-ec2-config:
rename_on_destroy: True
Listing Images
Normally, images can be queried on a cloud provider by passing the --list-images argument to Salt Cloud.
This still holds true for EC2:
salt-cloud --list-images my-ec2-config
However, the full list of images on EC2 is extremely large, and querying all of the available images may
cause Salt Cloud to behave as if frozen. Therefore, the default behavior of this option may be modified,
by adding an owner argument to the provider configuration:
owner: aws-marketplace
The possible values for this setting are amazon, aws-marketplace, self, <AWS account ID> or all. The
default setting is amazon. Take note that all and aws-marketplace may cause Salt Cloud to appear as if
it is freezing, as it tries to handle the large amount of data.
It is also possible to perform this query using different settings without modifying the configuration
files. To do this, call the avail_images function directly:
salt-cloud -f avail_images my-ec2-config owner=aws-marketplace
EC2 Images
The following are lists of available AMI images, generally sorted by OS. These lists are on 3rd-party
websites, are not managed by Salt Stack in any way. They are provided here as a reference for those who
are interested, and contain no warranty (express or implied) from anyone affiliated with Salt Stack. Most
of them have never been used, much less tested, by the Salt Stack team.
• Arch Linux
• FreeBSD
• Fedora
• CentOS
• Ubuntu
• Debian
• OmniOS
• All Images on Amazon
show_image
This is a function that describes an AMI on EC2. This will give insight as to the defaults that will be
applied to an instance using a particular AMI.
$ salt-cloud -f show_image ec2 image=ami-fd20ad94
show_instance
This action is a thin wrapper around --full-query, which displays details on a single instance only. In
an environment with several machines, this will save a user from having to sort through all instance
data, just to examine a single instance.
$ salt-cloud -a show_instance myinstance
ebs_optimized
This argument enables switching of the EbsOptimized setting which default to 'false'. Indicates whether
the instance is optimized for EBS I/O. This optimization provides dedicated throughput to Amazon EBS and
an optimized configuration stack to provide optimal Amazon EBS I/O performance. This optimization isn't
available with all instance types. Additional usage charges apply when using an EBS-optimized instance.
This setting can be added to the profile or map file for an instance.
If set to True, this setting will enable an instance to be EbsOptimized
ebs_optimized: True
This can also be set as a cloud provider setting in the EC2 cloud configuration:
my-ec2-config:
ebs_optimized: True
del_root_vol_on_destroy
This argument overrides the default DeleteOnTermination setting in the AMI for the EBS root volumes for
an instance. Many AMIs contain 'false' as a default, resulting in orphaned volumes in the EC2 account,
which may unknowingly be charged to the account. This setting can be added to the profile or map file for
an instance.
If set, this setting will apply to the root EBS volume
del_root_vol_on_destroy: True
This can also be set as a cloud provider setting in the EC2 cloud configuration:
my-ec2-config:
del_root_vol_on_destroy: True
del_all_vols_on_destroy
This argument overrides the default DeleteOnTermination setting in the AMI for the not-root EBS volumes
for an instance. Many AMIs contain 'false' as a default, resulting in orphaned volumes in the EC2
account, which may unknowingly be charged to the account. This setting can be added to the profile or map
file for an instance.
If set, this setting will apply to any (non-root) volumes that were created by salt-cloud using the
'volumes' setting.
The volumes will not be deleted under the following conditions * If a volume is detached before
terminating the instance * If a volume is created without this setting and attached to the instance
del_all_vols_on_destroy: True
This can also be set as a cloud provider setting in the EC2 cloud configuration:
my-ec2-config:
del_all_vols_on_destroy: True
The setting for this may be changed on all volumes of an existing instance using one of the following
commands:
salt-cloud -a delvol_on_destroy myinstance
salt-cloud -a keepvol_on_destroy myinstance
salt-cloud -a show_delvol_on_destroy myinstance
The setting for this may be changed on a volume on an existing instance using one of the following
commands:
salt-cloud -a delvol_on_destroy myinstance device=/dev/sda1
salt-cloud -a delvol_on_destroy myinstance volume_id=vol-1a2b3c4d
salt-cloud -a keepvol_on_destroy myinstance device=/dev/sda1
salt-cloud -a keepvol_on_destroy myinstance volume_id=vol-1a2b3c4d
salt-cloud -a show_delvol_on_destroy myinstance device=/dev/sda1
salt-cloud -a show_delvol_on_destroy myinstance volume_id=vol-1a2b3c4d
EC2 Termination Protection
EC2 allows the user to enable and disable termination protection on a specific instance. An instance with
this protection enabled cannot be destroyed. The EC2 driver adds a show_term_protect action to the
regular EC2 functionality.
salt-cloud -a show_term_protect mymachine
salt-cloud -a enable_term_protect mymachine
salt-cloud -a disable_term_protect mymachine
Alternate Endpoint
Normally, EC2 endpoints are build using the region and the service_url. The resulting endpoint would
follow this pattern:
ec2.<region>.<service_url>
This results in an endpoint that looks like:
ec2.us-east-1.amazonaws.com
There are other projects that support an EC2 compatibility layer, which this scheme does not account for.
This can be overridden by specifying the endpoint directly in the main cloud configuration file:
my-ec2-config:
endpoint: myendpoint.example.com:1138/services/Cloud
Volume Management
The EC2 driver has several functions and actions for management of EBS volumes.
Creating Volumes
A volume may be created, independent of an instance. A zone must be specified. A size or a snapshot may
be specified (in GiB). If neither is given, a default size of 10 GiB will be used. If a snapshot is
given, the size of the snapshot will be used.
The following parameters may also be set (when providing a snapshot OR size):
• type: choose between standard (magnetic disk), gp2 (SSD), or io1 (provisioned IOPS).
(default=standard)
• iops: the number of IOPS (only applicable to io1 volumes) (default varies on volume size)
• encrypted: enable encryption on the volume (default=false)
salt-cloud -f create_volume ec2 zone=us-east-1b
salt-cloud -f create_volume ec2 zone=us-east-1b size=10
salt-cloud -f create_volume ec2 zone=us-east-1b snapshot=snap12345678
salt-cloud -f create_volume ec2 size=10 type=standard
salt-cloud -f create_volume ec2 size=10 type=gp2
salt-cloud -f create_volume ec2 size=10 type=io1 iops=1000
Attaching Volumes
Unattached volumes may be attached to an instance. The following values are required; name or
instance_id, volume_id, and device.
salt-cloud -a attach_volume myinstance volume_id=vol-12345 device=/dev/sdb1
Show a Volume
The details about an existing volume may be retrieved.
salt-cloud -a show_volume myinstance volume_id=vol-12345
salt-cloud -f show_volume ec2 volume_id=vol-12345
Detaching Volumes
An existing volume may be detached from an instance.
salt-cloud -a detach_volume myinstance volume_id=vol-12345
Deleting Volumes
A volume that is not attached to an instance may be deleted.
salt-cloud -f delete_volume ec2 volume_id=vol-12345
Managing Key Pairs
The EC2 driver has the ability to manage key pairs.
Creating a Key Pair
A key pair is required in order to create an instance. When creating a key pair with this function, the
return data will contain a copy of the private key. This private key is not stored by Amazon, will not
be obtainable past this point, and should be stored immediately.
salt-cloud -f create_keypair ec2 keyname=mykeypair
Importing a Key Pair
salt-cloud -f import_keypair ec2 keyname=mykeypair file=/path/to/id_rsa.pub
Show a Key Pair
This function will show the details related to a key pair, not including the private key itself (which is
not stored by Amazon).
salt-cloud -f show_keypair ec2 keyname=mykeypair
Delete a Key Pair
This function removes the key pair from Amazon.
salt-cloud -f delete_keypair ec2 keyname=mykeypair
Launching instances into a VPC
Simple launching into a VPC
In the amazon web interface, identify the id or the name of the subnet into which your image should be
created. Then, edit your cloud.profiles file like so:-
profile-id:
provider: provider-name
subnetid: subnet-XXXXXXXX
image: ami-XXXXXXXX
size: m1.medium
ssh_username: ubuntu
securitygroupid:
- sg-XXXXXXXX
securitygroupname:
- AnotherSecurityGroup
- AndThirdSecurityGroup
Note that 'subnetid' takes precedence over 'subnetname', but 'securitygroupid' and 'securitygroupname'
are merged toghether to generate a single list for SecurityGroups of instances.
Specifying interface properties
New in version 2014.7.0.
Launching into a VPC allows you to specify more complex configurations for the network interfaces of your
virtual machines, for example:-
profile-id:
provider: provider-name
image: ami-XXXXXXXX
size: m1.medium
ssh_username: ubuntu
# Do not include either 'subnetid', 'subnetname', 'securitygroupid' or
# 'securitygroupname' here if you are going to manually specify
# interface configuration
#
network_interfaces:
- DeviceIndex: 0
SubnetId: subnet-XXXXXXXX
SecurityGroupId:
- sg-XXXXXXXX
# Uncomment this line if you would like to set an explicit private
# IP address for the ec2 instance
#
# PrivateIpAddress: 192.168.1.66
# Uncomment this to associate an existing Elastic IP Address with
# this network interface:
#
# associate_eip: eipalloc-XXXXXXXX
# You can allocate more than one IP address to an interface. Use the
# 'ip addr list' command to see them.
#
# SecondaryPrivateIpAddressCount: 2
# Uncomment this to allocate a new Elastic IP Address to this
# interface (will be associated with the primary private ip address
# of the interface
#
# allocate_new_eip: True
# Uncomment this instead to allocate a new Elastic IP Address to
# both the primary private ip address and each of the secondary ones
#
allocate_new_eips: True
# Uncomment this if you're creating NAT instances. Allows an instance
# to accept IP packets with destinations other than itself.
# SourceDestCheck: False
- DeviceIndex: 1
subnetname: XXXXXXXX-Subnet
securitygroupname:
- XXXXXXXX-SecurityGroup
- YYYYYYYY-SecurityGroup
Note that it is an error to assign a 'subnetid', 'subnetname', 'securitygroupid' or 'securitygroupname'
to a profile where the interfaces are manually configured like this. These are both really properties of
each network interface, not of the machine itself.
Getting Started With GoGrid
GoGrid is a public cloud host that supports Linux and Windows.
Configuration
To use Salt Cloud with GoGrid log into the GoGrid web interface and create an API key. Do this by
clicking on "My Account" and then going to the API Keys tab.
The apikey and the sharedsecret configuration parameters need to be set in the configuration file to
enable interfacing with GoGrid:
# Note: This example is for /etc/salt/cloud.providers or any file in the
# /etc/salt/cloud.providers.d/ directory.
my-gogrid-config:
driver: gogrid
apikey: asdff7896asdh789
sharedsecret: saltybacon
NOTE:
A Note about using Map files with GoGrid:
Due to limitations in the GoGrid API, instances cannot be provisioned in parallel with the GoGrid
driver. Map files will work with GoGrid, but the -P argument should not be used on maps referencing
GoGrid instances.
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider definitions was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile definitions. Cloud provider
definitions now use driver to refer to the Salt cloud module that provides the underlying
functionality to connect to a cloud host, while cloud profiles continue to use provider to refer to
provider configurations that you define.
Profiles
Cloud Profiles
Set up an initial profile at /etc/salt/cloud.profiles or in the /etc/salt/cloud.profiles.d/ directory:
gogrid_512:
provider: my-gogrid-config
size: 512MB
image: CentOS 6.2 (64-bit) w/ None
Sizes can be obtained using the --list-sizes option for the salt-cloud command:
# salt-cloud --list-sizes my-gogrid-config
my-gogrid-config:
----------
gogrid:
----------
512MB:
----------
bandwidth:
None
disk:
30
driver:
get_uuid:
id:
512MB
name:
512MB
price:
0.095
ram:
512
uuid:
bde1e4d7c3a643536e42a35142c7caac34b060e9
...SNIP...
Images can be obtained using the --list-images option for the salt-cloud command:
# salt-cloud --list-images my-gogrid-config
my-gogrid-config:
----------
gogrid:
----------
CentOS 6.4 (64-bit) w/ None:
----------
driver:
extra:
----------
get_uuid:
id:
18094
name:
CentOS 6.4 (64-bit) w/ None
uuid:
bfd4055389919e01aa6261828a96cf54c8dcc2c4
...SNIP...
Assigning IPs
New in version 2015.8.0.
The GoGrid API allows IP addresses to be manually assigned. Salt Cloud supports this functionality by
allowing an IP address to be specified using the assign_public_ip argument. This likely makes the most
sense inside a map file, but it may also be used inside a profile.
gogrid_512:
provider: my-gogrid-config
size: 512MB
image: CentOS 6.2 (64-bit) w/ None
assign_public_ip: 11.38.257.42
Getting Started With Google Compute Engine
Google Compute Engine (GCE) is Google-infrastructure as a service that lets you run your large-scale
computing workloads on virtual machines. This document covers how to use Salt Cloud to provision and
manage your virtual machines hosted within Google's infrastructure.
You can find out more about GCE and other Google Cloud Platform services at https://cloud.google.com.
Dependencies
• LibCloud >= 1.0.0
Changed in version 2017.7.0.
• A Google Cloud Platform account with Compute Engine enabled
• A registered Service Account for authorization
• Oh, and obviously you'll need salt
Google Compute Engine Setup
1. Sign up for Google Cloud Platform
Go to https://cloud.google.com and use your Google account to sign up for Google Cloud Platform and
complete the guided instructions.
2. Create a Project
Next, go to the console at https://cloud.google.com/console and create a new Project. Make sure to
select your new Project if you are not automatically directed to the Project.
Projects are a way of grouping together related users, services, and billing. You may opt to create
multiple Projects and the remaining instructions will need to be completed for each Project if you
wish to use GCE and Salt Cloud to manage your virtual machines.
3. Enable the Google Compute Engine service
In your Project, either just click Compute Engine to the left, or go to the APIs & auth section and
APIs link and enable the Google Compute Engine service.
4. Create a Service Account
To set up authorization, navigate to APIs & auth section and then the Credentials link and click the
CREATE NEW CLIENT ID button. Select Service Account and click the Create Client ID button. This will
automatically download a .json file, which may or may not be used in later steps, depending on your
version of libcloud.
Look for a new Service Account section in the page and record the generated email address for the
matching key/fingerprint. The email address will be used in the service_account_email_address of the
/etc/salt/cloud.providers or the /etc/salt/cloud.providers.d/*.conf file.
5. Key Format
NOTE:
If you are using libcloud >= 0.17.0 it is recommended that you use the JSON format file you
downloaded above and skip to the Provider Configuration section below, using the JSON file in place
of 'NEW.pem' in the documentation.
If you are using an older version of libcloud or are unsure of the version you have, please follow
the instructions below to generate and format a new P12 key.
In the new Service Account section, click Generate new P12 key, which will automatically download a
.p12 private key file. The .p12 private key needs to be converted to a format compatible with
libcloud. This new Google-generated private key was encrypted using notasecret as a passphrase. Use
the following command and record the location of the converted private key and record the location for
use in the service_account_private_key of the /etc/salt/cloud file:
openssl pkcs12 -in ORIG.p12 -passin pass:notasecret \
-nodes -nocerts | openssl rsa -out NEW.pem
Provider Configuration
Set up the provider cloud config at /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/*.conf:
gce-config:
# Set up the Project name and Service Account authorization
project: "your-project-id"
service_account_email_address: "123-a5gt@developer.gserviceaccount.com"
service_account_private_key: "/path/to/your/NEW.pem"
# Set up the location of the salt master
minion:
master: saltmaster.example.com
# Set up grains information, which will be common for all nodes
# using this provider
grains:
node_type: broker
release: 1.0.1
driver: gce
NOTE:
The value provided for project must not contain underscores or spaces and is labeled as "Project ID"
on the Google Developers Console.
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider definitions was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile definitions. Cloud provider
definitions now use driver to refer to the Salt cloud module that provides the underlying
functionality to connect to a cloud host, while cloud profiles continue to use provider to refer to
provider configurations that you define.
Profile Configuration
Set up an initial profile at /etc/salt/cloud.profiles or /etc/salt/cloud.profiles.d/*.conf:
my-gce-profile:
image: centos-6
size: n1-standard-1
location: europe-west1-b
network: default
subnetwork: default
tags: '["one", "two", "three"]'
metadata: '{"one": "1", "2": "two"}'
use_persistent_disk: True
delete_boot_pd: False
deploy: True
make_master: False
provider: gce-config
The profile can be realized now with a salt command:
salt-cloud -p my-gce-profile gce-instance
This will create an salt minion instance named gce-instance in GCE. If the command was executed on the
salt-master, its Salt key will automatically be signed on the master.
Once the instance has been created with a salt-minion installed, connectivity to it can be verified with
Salt:
salt gce-instance test.ping
GCE Specific Settings
Consult the sample profile below for more information about GCE specific settings. Some of them are
mandatory and are properly labeled below but typically also include a hard-coded default.
Initial Profile
Set up an initial profile at /etc/salt/cloud.profiles or /etc/salt/cloud.profiles.d/gce.conf:
my-gce-profile:
image: centos-6
size: n1-standard-1
location: europe-west1-b
network: default
subnetwork: default
tags: '["one", "two", "three"]'
metadata: '{"one": "1", "2": "two"}'
use_persistent_disk: True
delete_boot_pd: False
ssh_interface: public_ips
external_ip: "ephemeral"
image
Image is used to define what Operating System image should be used to for the instance. Examples are
Debian 7 (wheezy) and CentOS 6. Required.
size
A 'size', in GCE terms, refers to the instance's 'machine type'. See the on-line documentation for a
complete list of GCE machine types. Required.
location
A 'location', in GCE terms, refers to the instance's 'zone'. GCE has the notion of both Regions (e.g.
us-central1, europe-west1, etc) and Zones (e.g. us-central1-a, us-central1-b, etc). Required.
network
Use this setting to define the network resource for the instance. All GCE projects contain a network
named 'default' but it's possible to use this setting to create instances belonging to a different
network resource.
subnetwork
Use this setting to define the subnetwork an instance will be created in. This requires that the network
your instance is created under has a mode of 'custom' or 'auto'. Additionally, the subnetwork your
instance is created under is associated with the location you provide.
New in version 2017.7.0.
tags
GCE supports instance/network tags and this setting allows you to set custom tags. It should be a list of
strings and must be parse-able by the python ast.literal_eval() function to convert it to a python list.
metadata
GCE supports instance metadata and this setting allows you to set custom metadata. It should be a hash of
key/value strings and parse-able by the python ast.literal_eval() function to convert it to a python
dictionary.
use_persistent_disk
Use this setting to ensure that when new instances are created, they will use a persistent disk to
preserve data between instance terminations and re-creations.
delete_boot_pd
In the event that you wish the boot persistent disk to be permanently deleted when you destroy an
instance, set delete_boot_pd to True.
ssh_interface
New in version 2015.5.0.
Specify whether to use public or private IP for deploy script.
Valid options are:
• private_ips: The salt-master is also hosted with GCE
• public_ips: The salt-master is hosted outside of GCE
external_ip
Per instance setting: Used a named fixed IP address to this host.
Valid options are:
• ephemeral: The host will use a GCE ephemeral IP
• None: No external IP will be configured on this host.
Optionally, pass the name of a GCE address to use a fixed IP address. If the address does not already
exist, it will be created.
ex_disk_type
GCE supports two different disk types, pd-standard and pd-ssd. The default disk type setting is
pd-standard. To specify using an SSD disk, set pd-ssd as the value.
New in version 2014.7.0.
ip_forwarding
GCE instances can be enabled to use IP Forwarding. When set to True, this options allows the instance to
send/receive non-matching src/dst packets. Default is False.
New in version 2015.8.1.
Profile with scopes
Scopes can be specified by setting the optional ex_service_accounts key in your cloud profile. The
following example enables the bigquery scope.
my-gce-profile:
image: centos-6
ssh_username: salt
size: f1-micro
location: us-central1-a
network: default
subnetwork: default
tags: '["one", "two", "three"]'
metadata: '{"one": "1", "2": "two",
"sshKeys": ""}'
use_persistent_disk: True
delete_boot_pd: False
deploy: False
make_master: False
provider: gce-config
ex_service_accounts:
- scopes:
- bigquery
Email can also be specified as an (optional) parameter.
my-gce-profile:
...snip
ex_service_accounts:
- scopes:
- bigquery
email: default
There can be multiple entries for scopes since ex-service_accounts accepts a list of dictionaries. For
more information refer to the libcloud documentation on specifying service account scopes.
SSH Remote Access
GCE instances do not allow remote access to the root user by default. Instead, another user must be used
to run the deploy script using sudo. Append something like this to /etc/salt/cloud.profiles or
/etc/salt/cloud.profiles.d/*.conf:
my-gce-profile:
...
# SSH to GCE instances as gceuser
ssh_username: gceuser
# Use the local private SSH key file located here
ssh_keyfile: /etc/cloud/google_compute_engine
If you have not already used this SSH key to login to instances in this GCE project you will also need to
add the public key to your projects metadata at https://cloud.google.com/console. You could also add it
via the metadata setting too:
my-gce-profile:
...
metadata: '{"one": "1", "2": "two",
"sshKeys": "gceuser:ssh-rsa <Your SSH Public Key> gceuser@host"}'
Single instance details
This action is a thin wrapper around --full-query, which displays details on a single instance only. In
an environment with several machines, this will save a user from having to sort through all instance
data, just to examine a single instance.
salt-cloud -a show_instance myinstance
Destroy, persistent disks, and metadata
As noted in the provider configuration, it's possible to force the boot persistent disk to be deleted
when you destroy the instance. The way that this has been implemented is to use the instance metadata to
record the cloud profile used when creating the instance. When destroy is called, if the instance
contains a salt-cloud-profile key, it's value is used to reference the matching profile to determine if
delete_boot_pd is set to True.
Be aware that any GCE instances created with salt cloud will contain this custom salt-cloud-profile
metadata entry.
List various resources
It's also possible to list several GCE resources similar to what can be done with other providers. The
following commands can be used to list GCE zones (locations), machine types (sizes), and images.
salt-cloud --list-locations gce
salt-cloud --list-sizes gce
salt-cloud --list-images gce
Persistent Disk
The Compute Engine provider provides functions via salt-cloud to manage your Persistent Disks. You can
create and destroy disks as well as attach and detach them from running instances.
Create
When creating a disk, you can create an empty disk and specify its size (in GB), or specify either an
'image' or 'snapshot'.
salt-cloud -f create_disk gce disk_name=pd location=us-central1-b size=200
Delete
Deleting a disk only requires the name of the disk to delete
salt-cloud -f delete_disk gce disk_name=old-backup
Attach
Attaching a disk to an existing instance is really an 'action' and requires both an instance name and
disk name. It's possible to use this ation to create bootable persistent disks if necessary. Compute
Engine also supports attaching a persistent disk in READ_ONLY mode to multiple instances at the same time
(but then cannot be attached in READ_WRITE to any instance).
salt-cloud -a attach_disk myinstance disk_name=pd mode=READ_WRITE boot=yes
Detach
Detaching a disk is also an action against an instance and only requires the name of the disk. Note that
this does not safely sync and umount the disk from the instance. To ensure no data loss, you must first
make sure the disk is unmounted from the instance.
salt-cloud -a detach_disk myinstance disk_name=pd
Show disk
It's also possible to look up the details for an existing disk with either a function or an action.
salt-cloud -a show_disk myinstance disk_name=pd
salt-cloud -f show_disk gce disk_name=pd
Create snapshot
You can take a snapshot of an existing disk's content. The snapshot can then in turn be used to create
other persistent disks. Note that to prevent data corruption, it is strongly suggested that you unmount
the disk prior to taking a snapshot. You must name the snapshot and provide the name of the disk.
salt-cloud -f create_snapshot gce name=backup-20140226 disk_name=pd
Delete snapshot
You can delete a snapshot when it's no longer needed by specifying the name of the snapshot.
salt-cloud -f delete_snapshot gce name=backup-20140226
Show snapshot
Use this function to look up information about the snapshot.
salt-cloud -f show_snapshot gce name=backup-20140226
Networking
Compute Engine supports multiple private networks per project. Instances within a private network can
easily communicate with each other by an internal DNS service that resolves instance names. Instances
within a private network can also communicate with either directly without needing special routing or
firewall rules even if they span different regions/zones.
Networks also support custom firewall rules. By default, traffic between instances on the same private
network is open to all ports and protocols. Inbound SSH traffic (port 22) is also allowed but all other
inbound traffic is blocked.
Create network
New networks require a name and CIDR range if they don't have a 'mode'. Optionally, 'mode' can be
provided. Supported modes are 'auto', 'custom', 'legacy'. Optionally, 'description' can be provided to
add an extra note to your network. New instances can be created and added to this network by setting the
network name during create. It is not possible to add/remove existing instances to a network.
salt-cloud -f create_network gce name=mynet cidr=10.10.10.0/24
salt-cloud -f create_network gce name=mynet mode=auto description=some optional info.
Changed in version 2017.7.0.
Destroy network
Destroy a network by specifying the name. If a resource is currently using the target network an
exception will be raised.
salt-cloud -f delete_network gce name=mynet
Show network
Specify the network name to view information about the network.
salt-cloud -f show_network gce name=mynet
Create subnetwork
New subnetworks require a name, region, and CIDR range. Optionally, 'description' can be provided to add
an extra note to your subnetwork. New instances can be created and added to this subnetwork by setting
the subnetwork name during create. It is not possible to add/remove existing instances to a subnetwork.
salt-cloud -f create_subnetwork gce name=mynet network=mynet region=us-central1 cidr=10.0.10.0/24
salt-cloud -f create_subnetwork gce name=mynet network=mynet region=us-central1 cidr=10.10.10.0/24 description=some info about my subnet.
New in version 2017.7.0.
Destroy subnetwork
Destroy a subnetwork by specifying the name and region. If a resource is currently using the target
subnetwork an exception will be raised.
salt-cloud -f delete_subnetwork gce name=mynet region=us-central1
New in version 2017.7.0.
Show subnetwork
Specify the subnetwork name to view information about the subnetwork.
salt-cloud -f show_subnetwork gce name=mynet
New in version 2017.7.0.
Create address
Create a new named static IP address in a region.
salt-cloud -f create_address gce name=my-fixed-ip region=us-central1
Delete address
Delete an existing named fixed IP address.
salt-cloud -f delete_address gce name=my-fixed-ip region=us-central1
Show address
View details on a named address.
salt-cloud -f show_address gce name=my-fixed-ip region=us-central1
Create firewall
You'll need to create custom firewall rules if you want to allow other traffic than what is described
above. For instance, if you run a web service on your instances, you'll need to explicitly allow HTTP
and/or SSL traffic. The firewall rule must have a name and it will use the 'default' network unless
otherwise specified with a 'network' attribute. Firewalls also support instance tags for
source/destination
salt-cloud -f create_fwrule gce name=web allow=tcp:80,tcp:443,icmp
Delete firewall
Deleting a firewall rule will prevent any previously allowed traffic for the named firewall rule.
salt-cloud -f delete_fwrule gce name=web
Show firewall
Use this function to review an existing firewall rule's information.
salt-cloud -f show_fwrule gce name=web
Load Balancer
Compute Engine possess a load-balancer feature for splitting traffic across multiple instances. Please
reference the documentation for a more complete description.
The load-balancer functionality is slightly different than that described in Google's documentation. The
concept of TargetPool and ForwardingRule are consolidated in salt-cloud/libcloud. HTTP Health Checks are
optional.
HTTP Health Check
HTTP Health Checks can be used as a means to toggle load-balancing across instance members, or to detect
if an HTTP site is functioning. A common use-case is to set up a health check URL and if you want to
toggle traffic on/off to an instance, you can temporarily have it return a non-200 response. A non-200
response to the load-balancer's health check will keep the LB from sending any new traffic to the "down"
instance. Once the instance's health check URL beings returning 200-responses, the LB will again start
to send traffic to it. Review Compute Engine's documentation for allowable parameters. You can use the
following salt-cloud functions to manage your HTTP health checks.
salt-cloud -f create_hc gce name=myhc path=/ port=80
salt-cloud -f delete_hc gce name=myhc
salt-cloud -f show_hc gce name=myhc
Load-balancer
When creating a new load-balancer, it requires a name, region, port range, and list of members. There are
other optional parameters for protocol, and list of health checks. Deleting or showing details about the
LB only requires the name.
salt-cloud -f create_lb gce name=lb region=... ports=80 members=w1,w2,w3
salt-cloud -f delete_lb gce name=lb
salt-cloud -f show_lb gce name=lb
You can also create a load balancer using a named fixed IP addressby specifying the name of the address.
If the address does not exist yet it will be created.
salt-cloud -f create_lb gce name=my-lb region=us-central1 ports=234 members=s1,s2,s3 address=my-lb-ip
Attach and Detach LB
It is possible to attach or detach an instance from an existing load-balancer. Both the instance and
load-balancer must exist before using these functions.
salt-cloud -f attach_lb gce name=lb member=w4
salt-cloud -f detach_lb gce name=lb member=oops
Getting Started With HP Cloud
HP Cloud is a major public cloud platform and uses the libcloud openstack driver. The current version of
OpenStack that HP Cloud uses is Havana. When an instance is booted, it must have a floating IP added to
it in order to connect to it and further below you will see an example that adds context to this
statement.
Set up a cloud provider configuration file
To use the openstack driver for HP Cloud, set up the cloud provider configuration file as in the example
shown below:
/etc/salt/cloud.providers.d/hpcloud.conf:
hpcloud-config:
# Set the location of the salt-master
#
minion:
master: saltmaster.example.com
# Configure HP Cloud using the OpenStack plugin
#
identity_url: https://region-b.geo-1.identity.hpcloudsvc.com:35357/v2.0/tokens
compute_name: Compute
protocol: ipv4
# Set the compute region:
#
compute_region: region-b.geo-1
# Configure HP Cloud authentication credentials
#
user: myname
tenant: myname-project1
password: xxxxxxxxx
# keys to allow connection to the instance launched
#
ssh_key_name: yourkey
ssh_key_file: /path/to/key/yourkey.priv
driver: openstack
The subsequent example that follows is using the openstack driver.
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider definitions was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile definitions. Cloud provider
definitions now use driver to refer to the Salt cloud module that provides the underlying
functionality to connect to a cloud host, while cloud profiles continue to use provider to refer to
provider configurations that you define.
Compute Region
Originally, HP Cloud, in its OpenStack Essex version (1.0), had 3 availability zones in one region, US
West (region-a.geo-1), which each behaved each as a region.
This has since changed, and the current OpenStack Havana version of HP Cloud (1.1) now has simplified
this and now has two regions to choose from:
region-a.geo-1 -> US West
region-b.geo-1 -> US East
Authentication
The user is the same user as is used to log into the HP Cloud management UI. The tenant can be found in
the upper left under "Project/Region/Scope". It is often named the same as user albeit with a -project1
appended. The password is of course what you created your account with. The management UI also has other
information such as being able to select US East or US West.
Set up a cloud profile config file
The profile shown below is a know working profile for an Ubuntu instance. The profile configuration file
is stored in the following location:
/etc/salt/cloud.profiles.d/hp_ae1_ubuntu.conf:
hp_ae1_ubuntu:
provider: hp_ae1
image: 9302692b-b787-4b52-a3a6-daebb79cb498
ignore_cidr: 10.0.0.1/24
networks:
- floating: Ext-Net
size: standard.small
ssh_key_file: /root/keys/test.key
ssh_key_name: test
ssh_username: ubuntu
Some important things about the example above:
• The image parameter can use either the image name or image ID which you can obtain by running in the
example below (this case US East):
# salt-cloud --list-images hp_ae1
• The parameter ignore_cidr specifies a range of addresses to ignore when trying to connect to the
instance. In this case, it's the range of IP addresses used for an private IP of the instance.
• The parameter networks is very important to include. In previous versions of Salt Cloud, this is what
made it possible for salt-cloud to be able to attach a floating IP to the instance in order to connect
to the instance and set up the minion. The current version of salt-cloud doesn't require it, though
having it is of no harm either. Newer versions of salt-cloud will use this, and without it, will
attempt to find a list of floating IP addresses to use regardless.
• The ssh_key_file and ssh_key_name are the keys that will make it possible to connect to the instance to
set up the minion
• The ssh_username parameter, in this case, being that the image used will be ubuntu, will make it
possible to not only log in but install the minion
Launch an instance
To instantiate a machine based on this profile (example):
# salt-cloud -p hp_ae1_ubuntu ubuntu_instance_1
After several minutes, this will create an instance named ubuntu_instance_1 running in HP Cloud in the US
East region and will set up the minion and then return information about the instance once completed.
Manage the instance
Once the instance has been created with salt-minion installed, connectivity to it can be verified with
Salt:
# salt ubuntu_instance_1 ping
SSH to the instance
Additionally, the instance can be accessed via SSH using the floating IP assigned to it
# ssh ubuntu@<floating ip>
Using a private IP
Alternatively, in the cloud profile, using the private IP to log into the instance to set up the minion
is another option, particularly if salt-cloud is running within the cloud on an instance that is on the
same network with all the other instances (minions)
The example below is a modified version of the previous example. Note the use of ssh_interface:
hp_ae1_ubuntu:
provider: hp_ae1
image: 9302692b-b787-4b52-a3a6-daebb79cb498
size: standard.small
ssh_key_file: /root/keys/test.key
ssh_key_name: test
ssh_username: ubuntu
ssh_interface: private_ips
With this setup, salt-cloud will use the private IP address to ssh into the instance and set up the
salt-minion
Getting Started With Joyent
Joyent is a public cloud host that supports SmartOS, Linux, FreeBSD, and Windows.
Dependencies
This driver requires the Python requests library to be installed.
Configuration
The Joyent cloud requires three configuration parameters. The user name and password that are used to log
into the Joyent system, and the location of the private ssh key associated with the Joyent account. The
ssh key is needed to send the provisioning commands up to the freshly created virtual machine.
# Note: This example is for /etc/salt/cloud.providers or any file in the
# /etc/salt/cloud.providers.d/ directory.
my-joyent-config:
driver: joyent
user: fred
password: saltybacon
private_key: /root/mykey.pem
keyname: mykey
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider definitions was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile definitions. Cloud provider
definitions now use driver to refer to the Salt cloud module that provides the underlying
functionality to connect to a cloud host, while cloud profiles continue to use provider to refer to
provider configurations that you define.
Profiles
Cloud Profiles
Set up an initial profile at /etc/salt/cloud.profiles or in the /etc/salt/cloud.profiles.d/ directory:
joyent_512:
provider: my-joyent-config
size: g4-highcpu-512M
image: ubuntu-16.04
Sizes can be obtained using the --list-sizes option for the salt-cloud command:
# salt-cloud --list-sizes my-joyent-config
my-joyent-config:
----------
joyent:
----------
g4-highcpu-512M:
----------
default:
False
description:
Compute Optimized 512M RAM - 1 vCPU - 10 GB Disk
disk:
10240
group:
Compute Optimized
id:
14aea8fc-d0f8-11e5-bfe4-a7458dbc6c99
lwps:
4000
memory:
512
name:
g4-highcpu-512M
swap:
2048
vcpus:
0
version:
1.0.3
...SNIP...
Images can be obtained using the --list-images option for the salt-cloud command:
# salt-cloud --list-images my-joyent-config
my-joyent-config:
----------
joyent:
----------
base:
----------
description:
A 32-bit SmartOS image with just essential packages
installed. Ideal for users who are comfortabl e with
setting up their own environment and tools.
files:
|_
----------
compression:
gzip
sha1:
b00a77408ddd9aeac85085b68b1cd22a07353956
size:
106918297
homepage:
http://wiki.joyent.com/jpc2/Base+Instance
id:
00aec452-6e81-11e4-8474-ebfec9a1a911
name:
base
os:
smartos
owner:
9dce1460-0c4c-4417-ab8b-25ca478c5a78
public:
True
published_at:
2014-11-17T17:41:46Z
requirements:
----------
state:
active
type:
smartmachine
version:
14.3.0
...SNIP...
SmartDataCenter
This driver can also be used with the Joyent SmartDataCenter project. More details can be found at:
Using SDC requires that an api_host_suffix is set. The default value for this is .api.joyentcloud.com.
All characters, including the leading ., should be included:
api_host_suffix: .api.myhostname.com
Miscellaneous Configuration
The following configuration items can be set in either provider or profile confuration files.
use_ssl
When set to True (the default), attach https:// to any URL that does not already have http:// or https://
included at the beginning. The best practice is to leave the protocol out of the URL, and use this
setting to manage it.
verify_ssl
When set to True (the default), the underlying web library will verify the SSL certificate. This should
only be set to False for debugging.`
Getting Started With Libvirt
Libvirt is a toolkit to interact with the virtualization capabilities of recent versions of Linux (and
other OSes). This driver Salt cloud provider is currently geared towards libvirt with qemu-kvm.
http://www.libvirt.org/
Dependencies
• libvirt >= 1.2.18 (older might work)
Provider Configuration
For every KVM host a provider needs to be set up. The provider currently maps to one libvirt daemon (e.g.
one KVM host).
Set up the provider cloud configuration file at /etc/salt/cloud.providers or
/etc/salt/cloud.providers.d/*.conf.
# Set up a provider with qemu+ssh protocol
kvm-via-ssh:
driver: libvirt
url: qemu+ssh://user@kvm.company.com/system?socket=/var/run/libvirt/libvirt-sock
# Or connect to a local libvirt instance
local-kvm:
driver: libvirt
url: qemu:///system
Cloud Profiles
Virtual machines get cloned from so called Cloud Profiles. Profiles can be set up at
/etc/salt/cloud.profiles or /etc/salt/cloud.profiles.d/*.conf:
• Configure a profile to be used:
centos7:
# points back at provider configuration
provider: local-kvm
base_domain: base-centos7-64
ip_source: ip-learning
ssh_username: root
password: my-very-secret-password
# /tmp is mounted noexec.. do workaround
deploy_command: sh /tmp/.saltcloud/deploy.sh
script_args: -F
# grains to add to the minion
grains:
clones-are-awesome: true
# override minion settings
minion:
master: 192.168.16.1
master_port: 5506
The profile can be realized now with a salt command:
# salt-cloud -p centos7 my-centos7-clone
This will create an instance named my-centos7-clone on the cloud host. Also the minion id will be set to
my-centos7-clone.
If the command was executed on the salt-master, its Salt key will automatically be signed on the master.
Once the instance has been created with salt-minion installed, connectivity to it can be verified with
Salt:
# salt my-centos7-clone test.ping
Required Settings
The following settings are always required for libvirt:
centos7:
provider: local-kvm
# the domain to clone
base_domain: base-centos7-64
# how to obtain the IP address of the cloned instance
# ip-learning or qemu-agent
ip_source: ip-learning
The ip_source setting controls how the IP address of the cloned instance is determined. When using
ip-learning the IP is requested from libvirt. This needs a recent libvirt version and may only work for
NAT networks. Another option is to use qemu-agent this requires that the qemu-agent is installed and
configured to run at startup in the base domain.
Optional Settings
# Username and password
ssh_username: root
password: my-secret-password
# Cloning strategy: full or quick
clone_strategy: quick
The clone_strategy controls how the clone is done. In case of full the disks are copied creating a
standalone clone. If quick is used the disks of the base domain are used as backing disks for the clone.
This results in nearly instantaneous clones at the expense of slower write performance. The quick
strategy has a number of requirements:
• The disks must be of type qcow2
• The base domain must be turned off
• The base domain must not change after creating the clone
Getting Started With Linode
Linode is a public cloud host with a focus on Linux instances.
Starting with the 2015.8.0 release of Salt, the Linode driver uses Linode's native REST API. There are no
external dependencies required to use the Linode driver, other than a Linode account.
Provider Configuration
Linode requires a single API key, but the default root password for new instances also needs to be set.
The password needs to be eight characters and contain lowercase, uppercase, and numbers.
Set up the provider cloud configuration file at /etc/salt/cloud.providers or
/etc/salt/cloud.providers.d/*.conf.
my-linode-config:
apikey: 'asldkgfakl;sdfjsjaslfjaklsdjf;askldjfaaklsjdfhasldsadfghdkf'
password: 'F00barbaz'
driver: linode
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider definitions was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile definitions. Cloud provider
definitions now use driver to refer to the Salt cloud module that provides the underlying
functionality to connect to a cloud host, while cloud profiles continue to use provider to refer to
provider configurations that you define.
Profile Configuration
Linode profiles require a provider, size, image, and location. Set up an initial profile at
/etc/salt/cloud.profiles or in the /etc/salt/cloud.profiles.d/ directory:
linode_1024:
provider: my-linode-config
size: Linode 2048
image: CentOS 7
location: London, England, UK
The profile can be realized now with a salt command:
salt-cloud -p linode_1024 linode-instance
This will create an salt minion instance named linode-instance in Linode. If the command was executed on
the salt-master, its Salt key will automatically be signed on the master.
Once the instance has been created with a salt-minion installed, connectivity to it can be verified with
Salt:
salt linode-instance test.ping
Listing Sizes
Sizes can be obtained using the --list-sizes option for the salt-cloud command:
# salt-cloud --list-sizes my-linode-config
my-linode-config:
----------
linode:
----------
Linode 1024:
----------
AVAIL:
----------
10:
500
2:
500
3:
500
4:
500
6:
500
7:
500
8:
500
9:
500
CORES:
1
DISK:
24
HOURLY:
0.015
LABEL:
Linode 1024
...SNIP...
Listing Images
Images can be obtained using the --list-images option for the salt-cloud command:
# salt-cloud --list-images my-linode-config
my-linode-config:
----------
linode:
----------
Arch Linux 2015.02:
----------
CREATE_DT:
2015-02-20 14:17:16.0
DISTRIBUTIONID:
138
IS64BIT:
1
LABEL:
Arch Linux 2015.02
MINIMAGESIZE:
800
REQUIRESPVOPSKERNEL:
1
...SNIP...
Listing Locations
Locations can be obtained using the --list-locations option for the salt-cloud command:
# salt-cloud --list-locations my-linode-config
my-linode-config:
----------
linode:
----------
Atlanta, GA, USA:
----------
ABBR:
atlanta
DATACENTERID:
4
LOCATION:
Atlanta, GA, USA
...SNIP...
Linode Specific Settings
There are several options outlined below that can be added to either the Linode provider of profile
configuration files. Some options are mandatory and are properly labeled below but typically also include
a hard-coded default.
image
Image is used to define what Operating System image should be used for the instance. Examples are Ubuntu
14.04 LTS and CentOS 7. This option should be specified in the profile config. Required.
location
Location is used to define which Linode data center the instance will reside in. Required.
size
Size is used to define the instance's "plan type" which includes memory, storage, and price. Required.
assign_private_ip
New in version 2016.3.0.
Assigns a private IP address to a Linode when set to True. Default is False.
ssh_interface
New in version 2016.3.0.
Specify whether to use a public or private IP for the deploy script. Valid options are:
• public_ips: The salt-master is hosted outside of Linode. Default.
• private_ips: The salt-master is also hosted within Linode.
If specifying private_ips, the Linodes must be hosted within the same data center and have the Network
Helper enabled on your entire account. The instance that is running the Salt-Cloud provisioning command
must also have a private IP assigned to it.
Newer accounts created on Linode have the Network Helper setting enabled by default, account-wide. Legacy
accounts do not have this setting enabled by default. To enable the Network Helper on your Linode
account, please see Linode's Network Helper documentation.
If you're running into problems, be sure to restart the instance that is running Salt Cloud after adding
its own private IP address or enabling the Network Helper.
clonefrom
Setting the clonefrom option to a specified instance enables the new instance to be cloned from the named
instance instead of being created from scratch. If using the clonefrom option, it is likely a good idea
to also specify script_args: -C if a minion is already installed on the to-be-cloned instance. See the
Cloning section below for more information.
Cloning
To clone a Linode, add a profile with a clonefrom key, and a script_args: -C. clonefrom should be the
name of the Linode that is the source for the clone. script_args: -C passes a -C to the salt-bootstrap
script, which only configures the minion and doesn't try to install a new copy of salt-minion. This way
the minion gets new keys and the keys get pre-seeded on the master, and the /etc/salt/minion file has the
right minion 'id:' declaration.
Cloning requires a post 2015-02-01 salt-bootstrap.
It is safest to clone a stopped machine. To stop a machine run
salt-cloud -a stop machine_to_clone
To create a new machine based on another machine, add an entry to your linode cloud profile that looks
like this:
li-clone:
provider: my-linode-config
clonefrom: machine_to_clone
script_args: -C -F
Then run salt-cloud as normal, specifying -p li-clone. The profile name can be anything; It doesn't have
to be li-clone.
clonefrom: is the name of an existing machine in Linode from which to clone. Script_args: -C -F is
necessary to avoid re-deploying Salt via salt-bootstrap. -C will just re-deploy keys so the new minion
will not have a duplicate key or minion_id on the Master, and -F will force a rewrite of the Minion
config file on the new Minion. If -F isn't provided, the new Minion will have the machine_to_clone's
Minion ID, instead of its own Minion ID, which can cause problems.
NOTE:
Pull Request #733 to the salt-bootstrap repo makes the -F argument non-necessary. Once that change is
released into a stable version of the Bootstrap Script, the -C argument will be sufficient for the
script_args setting.
If the machine_to_clone does not have Salt installed on it, refrain from using the script_args: -C -F
altogether, because the new machine will need to have Salt installed.
Getting Started With LXC
The LXC module is designed to install Salt in an LXC container on a controlled and possibly remote
minion.
In other words, Salt will connect to a minion, then from that minion:
• Provision and configure a container for networking access
• Use those modules to deploy salt and re-attach to master.
• lxc runner
• lxc module
• seed
Limitations
• You can only act on one minion and one provider at a time.
• Listing images must be targeted to a particular LXC provider (nothing will be outputted with all)
Operation
Salt's LXC support does use lxc.init via the lxc.cloud_init_interface and seeds the minion via
seed.mkconfig.
You can provide to those lxc VMs a profile and a network profile like if you were directly using the
minion module.
Order of operation:
• Create the LXC container on the desired minion (clone or template)
• Change LXC config options (if any need to be changed)
• Start container
• Change base passwords if any
• Change base DNS configuration if necessary
• Wait for LXC container to be up and ready for ssh
• Test SSH connection and bailout in error
• Upload deploy script and seeds, then re-attach the minion.
Provider configuration
Here is a simple provider configuration:
# Note: This example goes in /etc/salt/cloud.providers or any file in the
# /etc/salt/cloud.providers.d/ directory.
devhost10-lxc:
target: devhost10
driver: lxc
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider definitions was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile definitions. Cloud provider
definitions now use driver to refer to the Salt cloud module that provides the underlying
functionality to connect to a cloud host, while cloud profiles continue to use provider to refer to
provider configurations that you define.
Profile configuration
Please read tutorial-lxc before anything else. And specially tutorial-lxc-profiles.
Here are the options to configure your containers:
target Host minion id to install the lxc Container into
lxc_profile
Name of the profile or inline options for the LXC vm creation/cloning, please see
tutorial-lxc-profiles-container.
network_profile
Name of the profile or inline options for the LXC vm network settings, please see
tutorial-lxc-profiles-network.
nic_opts
Totally optional. Per interface new-style configuration options mappings which will override
any profile default option:
eth0: {'mac': '00:16:3e:01:29:40',
'gateway': None, (default)
'link': 'br0', (default)
'gateway': None, (default)
'netmask': '', (default)
'ip': '22.1.4.25'}}
password
password for root and sysadmin users
dnsservers
List of DNS servers to use. This is optional.
minion minion configuration (see Minion Configuration in Salt Cloud)
bootstrap_delay
specify the time to wait (in seconds) between container creation and salt bootstrap execution.
It is useful to ensure that all essential services have started before the bootstrap script is
executed. By default there's no wait time between container creation and bootstrap unless you
are on systemd where we wait that the system is no more in starting state.
bootstrap_shell
shell for bootstraping script (default: /bin/sh)
script defaults to salt-boostrap
script_args
arguments which are given to the bootstrap script. the {0} placeholder will be replaced by the
path which contains the minion config and key files, eg:
script_args="-c {0}"
Using profiles:
# Note: This example would go in /etc/salt/cloud.profiles or any file in the
# /etc/salt/cloud.profiles.d/ directory.
devhost10-lxc:
provider: devhost10-lxc
lxc_profile: foo
network_profile: bar
minion:
master: 10.5.0.1
master_port: 4506
Using inline profiles (eg to override the network bridge):
devhost11-lxc:
provider: devhost10-lxc
lxc_profile:
clone_from: foo
network_profile:
etho:
link: lxcbr0
minion:
master: 10.5.0.1
master_port: 4506
Using a lxc template instead of a clone:
devhost11-lxc:
provider: devhost10-lxc
lxc_profile:
template: ubuntu
# options:
# release: trusty
network_profile:
etho:
link: lxcbr0
minion:
master: 10.5.0.1
master_port: 4506
Static ip:
# Note: This example would go in /etc/salt/cloud.profiles or any file in the
# /etc/salt/cloud.profiles.d/ directory.
devhost10-lxc:
provider: devhost10-lxc
nic_opts:
eth0:
ipv4: 10.0.3.9
minion:
master: 10.5.0.1
master_port: 4506
DHCP:
# Note: This example would go in /etc/salt/cloud.profiles or any file in the
# /etc/salt/cloud.profiles.d/ directory.
devhost10-lxc:
provider: devhost10-lxc
minion:
master: 10.5.0.1
master_port: 4506
Driver Support
• Container creation
• Image listing (LXC templates)
• Running container information (IP addresses, etc.)
Getting Started with OpenNebula
OpenNebula is an open-source solution for the comprehensive management of virtualized data centers to
enable the mixed use of private, public, and hybrid IaaS clouds.
Dependencies
The driver requires Python's lxml library to be installed. It also requires an OpenNebula installation
running version 4.12 or greater.
Configuration
The following example illustrates some of the options that can be set. These parameters are discussed in
more detail below.
# Note: This example is for /etc/salt/cloud.providers or any file in the
# /etc/salt/cloud.providers.d/ directory.
my-opennebula-provider:
# Set up the location of the salt master
#
minion:
master: saltmaster.example.com
# Define xml_rpc setting which Salt-Cloud uses to connect to the OpenNebula API. Required.
#
xml_rpc: http://localhost:2633/RPC2
# Define the OpenNebula access credentials. This can be the main "oneadmin" user that OpenNebula uses as the
# OpenNebula main admin, or it can be a user defined in the OpenNebula instance. Required.
#
user: oneadmin
password: JHGhgsayu32jsa
# Define the private key location that is used by OpenNebula to access new VMs. This setting is required if
# provisioning new VMs or accessing VMs previously created with the associated public key.
#
private_key: /path/to/private/key
driver: opennebula
Access Credentials
The Salt Cloud driver for OpenNebula was written using OpenNebula's native XML RPC API. Every interaction
with OpenNebula's API requires a username and password to make the connection from the machine running
Salt Cloud to API running on the OpenNebula instance. Based on the access credentials passed in,
OpenNebula filters the commands that the user can perform or the information for which the user can
query. For example, the images that a user can view with a --list-images command are the images that the
connected user and the connected user's groups can access.
Key Pairs
Salt Cloud needs to be able to access a virtual machine in order to install the Salt Minion by using a
public/private key pair. The virtual machine will need to be seeded with the public key, which is laid
down by the OpenNebula template. Salt Cloud then uses the corresponding private key, provided by the
private_key setting in the cloud provider file, to SSH into the new virtual machine.
To seed the virtual machine with the public key, the public key must be added to the OpenNebula template.
If using the OpenNebula web interface, navigate to the template, then click Update. Click the Context
tab. Under the Network & SSH section, click Add SSH Contextualization and paste the public key in the
Public Key box. Don't forget to save your changes by clicking the green Update button.
NOTE:
The key pair must not have a pass-phrase.
Cloud Profiles
Set up an initial profile at either /etc/salt/cloud.profiles or the /etc/salt/cloud.profiles.d/
directory.
my-opennebula-profile:
provider: my-opennebula-provider
image: Ubuntu-14.04
The profile can now be realized with a salt command:
salt-cloud -p my-opennebula-profile my-new-vm
This will create a new instance named my-new-vm in OpenNebula. The minion that is installed on this
instance will have a minion id of my-new-vm. If the command was executed on the salt-master, its Salt key
will automatically be signed on the master.
Once the instance has been created with salt-minion installed, connectivity to it can be verified with
Salt:
salt my-new-vm test.ping
OpenNebula uses an image --> template --> virtual machine paradigm where the template draws on the image,
or disk, and virtual machines are created from templates. Because of this, there is no need to define a
size in the cloud profile. The size of the virtual machine is defined in the template.
Change Disk Size
You can now change the size of a VM on creation by cloning an image and expanding the size. You can
accomplish this by the following cloud profile settings below.
my-opennebula-profile:
provider: my-opennebula-provider
image: Ubuntu-14.04
disk:
disk0:
disk_type: clone
size: 8096
image: centos7-base-image-v2
disk1:
disk_type: volatile
type: swap
size: 4096
disk2:
disk_type: volatile
size: 4096
type: fs
format: ext3
There are currently two different disk_types a user can use: volatile and clone. Clone which is required
when specifying devices will clone an image in open nebula and will expand it to the size specified in
the profile settings. By default this will clone the image attached to the template specified in the
profile but a user can add the image argument under the disk definition.
For example the profile below will not use Ubuntu-14.04 for the cloned disk image. It will use the
centos7-base-image image:
my-opennebula-profile:
provider: my-opennebula-provider
image: Ubuntu-14.04
disk:
disk0:
disk_type: clone
size: 8096
image: centos7-base-image
If you want to use the image attached to the template set in the profile you can simply remove the image
argument as show below. The profile below will clone the image Ubuntu-14.04 and expand the disk to 8GB.:
my-opennebula-profile:
provider: my-opennebula-provider
image: Ubuntu-14.04
disk:
disk0:
disk_type: clone
size: 8096
A user can also currently specify swap or fs disks. Below is an example of this profile setting:
my-opennebula-profile:
provider: my-opennebula-provider
image: Ubuntu-14.04
disk:
disk0:
disk_type: clone
size: 8096
disk1:
disk_type: volatile
type: swap
size: 4096
disk2:
disk_type: volatile
size: 4096
type: fs
format: ext3
The example above will attach both a swap disk and a ext3 filesystem with a size of 4GB. To note if you
define other disks you have to define the image disk to clone because the template will write over the
entire 'DISK=[]' template definition on creation.
Required Settings
The following settings are always required for OpenNebula:
my-opennebula-config:
xml_rpc: http://localhost:26633/RPC2
user: oneadmin
password: JHGhgsayu32jsa
driver: opennebula
Required Settings for VM Deployment
The settings defined in the Required Settings section are required for all interactions with OpenNebula.
However, when deploying a virtual machine via Salt Cloud, an additional setting, private_key, is also
required:
my-opennebula-config:
private_key: /path/to/private/key
Listing Images
Images can be queried on OpenNebula by passing the --list-images argument to Salt Cloud:
salt-cloud --list-images opennebula
Listing Locations
In OpenNebula, locations are defined as hosts. Locations, or "hosts", can be querried on OpenNebula by
passing the --list-locations argument to Salt Cloud:
salt-cloud --list-locations opennebula
Listing Sizes
Sizes are defined by templates in OpenNebula. As such, the --list-sizes call returns an empty dictionary
since there are no sizes to return.
Additional OpenNebula API Functionality
The Salt Cloud driver for OpenNebula was written using OpenNebula's native XML RPC API. As such, many
--function and --action calls were added to the OpenNebula driver to enhance support for an OpenNebula
infrastructure with additional control from Salt Cloud. See the OpenNebula function definitions for more
information.
Access via DNS entry instead of IP
Some OpenNebula installations do not assign IP addresses to new VMs, instead they establish the new VM's
hostname based on OpenNebula's name of the VM, and then allocate an IP out of DHCP with dynamic DNS
attaching the hostname. This driver supports this behavior by adding the entry fqdn_base to the driver
configuration or the OpenNebula profile with a value matching the base fully-qualified domain. For
example:
# Note: This example is for /etc/salt/cloud.providers or any file in the
# /etc/salt/cloud.providers.d/ directory.
my-opennebula-provider:
[...]
fqdn_base: corp.example.com
[...]
Getting Started With OpenStack
OpenStack is one the most popular cloud projects. It's an open source project to build public and/or
private clouds. You can use Salt Cloud to launch OpenStack instances.
Dependencies
• Libcloud >= 0.13.2
Configuration
• Using the new format, set up the cloud configuration at /etc/salt/cloud.providers or
/etc/salt/cloud.providers.d/openstack.conf:
my-openstack-config:
# Set the location of the salt-master
#
minion:
master: saltmaster.example.com
# Configure the OpenStack driver
#
identity_url: http://identity.youopenstack.com/v2.0/tokens
compute_name: nova
protocol: ipv4
compute_region: RegionOne
# Configure Openstack authentication credentials
#
user: myname
password: 123456
# tenant is the project name
tenant: myproject
driver: openstack
# skip SSL certificate validation (default false)
insecure: false
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider definitions was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile definitions. Cloud provider
definitions now use driver to refer to the Salt cloud module that provides the underlying
functionality to connect to a cloud host, while cloud profiles continue to use provider to refer to
provider configurations that you define.
Using nova client to get information from OpenStack
One of the best ways to get information about OpenStack is using the novaclient python package (available
in pypi as python-novaclient). The client configuration is a set of environment variables that you can
get from the Dashboard. Log in and then go to Project -> Access & security -> API Access and download the
"OpenStack RC file". Then:
source /path/to/your/rcfile
nova credentials
nova endpoints
In the nova endpoints output you can see the information about compute_region and compute_name.
Compute Region
It depends on the OpenStack cluster that you are using. Please, have a look at the previous sections.
Authentication
The user and password is the same user as is used to log into the OpenStack Dashboard.
Profiles
Here is an example of a profile:
openstack_512:
provider: my-openstack-config
size: m1.tiny
image: cirros-0.3.1-x86_64-uec
ssh_key_file: /tmp/test.pem
ssh_key_name: test
ssh_interface: private_ips
The following list explains some of the important properties.
size can be one of the options listed in the output of nova flavor-list.
image can be one of the options listed in the output of nova image-list.
ssh_key_file
The SSH private key that the salt-cloud uses to SSH into the VM after its first booted in order to
execute a command or script. This private key's public key must be the openstack public key
inserted into the authorized_key's file of the VM's root user account.
ssh_key_name
The name of the openstack SSH public key that is inserted into the authorized_keys file of the
VM's root user account. Prior to using this public key, you must use openstack commands or the
horizon web UI to load that key into the tenant's account. Note that this openstack tenant must be
the one you defined in the cloud provider.
ssh_interface
This option allows you to create a VM without a public IP. If this option is omitted and the VM
does not have a public IP, then the salt-cloud waits for a certain period of time and then
destroys the VM. With the nova drive, private cloud networks can be defined here.
For more information concerning cloud profiles, see here.
change_password
If no ssh_key_file is provided, and the server already exists, change_password will use the api to change
the root password of the server so that it can be bootstrapped.
change_password: True
userdata_file
Use userdata_file to specify the userdata file to upload for use with cloud-init if available.
my-openstack-config:
# Pass userdata to the instance to be created
userdata_file: /etc/salt/cloud-init/packages.yml
NOTE:
As of the 2016.11.4 release, this file can be templated. To use templating, simply specify a
userdata_template option in the cloud profile:
my-openstack-config:
# Pass userdata to the instance to be created
userdata_file: /etc/salt/cloud-init/packages.yml
userdata_template: jinja
If no userdata_template is set in the cloud profile, then the master configuration will be checked for
a userdata_template value. If this is not set, then no templating will be performed on the
userdata_file.
To disable templating in a cloud profile when a userdata_template has been set in the master
configuration file, simply set userdata_template to False in the cloud profile:
my-openstack-config:
# Pass userdata to the instance to be created
userdata_file: /etc/salt/cloud-init/packages.yml
userdata_template: False
Getting Started With Parallels
Parallels Cloud Server is a product by Parallels that delivers a cloud hosting solution. The PARALLELS
module for Salt Cloud enables you to manage instances hosted using PCS. Further information can be found
at:
http://www.parallels.com/products/pcs/
• Using the old format, set up the cloud configuration at /etc/salt/cloud:
# Set up the location of the salt master
#
minion:
master: saltmaster.example.com
# Set the PARALLELS access credentials (see below)
#
PARALLELS.user: myuser
PARALLELS.password: badpass
# Set the access URL for your PARALLELS host
#
PARALLELS.url: https://api.cloud.xmission.com:4465/paci/v1.0/
• Using the new format, set up the cloud configuration at /etc/salt/cloud.providers or
/etc/salt/cloud.providers.d/parallels.conf:
my-parallels-config:
# Set up the location of the salt master
#
minion:
master: saltmaster.example.com
# Set the PARALLELS access credentials (see below)
#
user: myuser
password: badpass
# Set the access URL for your PARALLELS provider
#
url: https://api.cloud.xmission.com:4465/paci/v1.0/
driver: parallels
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider definitions was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile definitions. Cloud provider
definitions now use driver to refer to the Salt cloud module that provides the underlying
functionality to connect to a cloud host, while cloud profiles continue to use provider to refer to
provider configurations that you define.
Access Credentials
The user, password, and url will be provided to you by your cloud host. These are all required in order
for the PARALLELS driver to work.
Cloud Profiles
Set up an initial profile at /etc/salt/cloud.profiles or /etc/salt/cloud.profiles.d/parallels.conf:
parallels-ubuntu:
provider: my-parallels-config
image: ubuntu-12.04-x86_64
The profile can be realized now with a salt command:
# salt-cloud -p parallels-ubuntu myubuntu
This will create an instance named myubuntu on the cloud host. The minion that is installed on this
instance will have an id of myubuntu. If the command was executed on the salt-master, its Salt key will
automatically be signed on the master.
Once the instance has been created with salt-minion installed, connectivity to it can be verified with
Salt:
# salt myubuntu test.ping
Required Settings
The following settings are always required for PARALLELS:
• Using the old cloud configuration format:
PARALLELS.user: myuser
PARALLELS.password: badpass
PARALLELS.url: https://api.cloud.xmission.com:4465/paci/v1.0/
• Using the new cloud configuration format:
my-parallels-config:
user: myuser
password: badpass
url: https://api.cloud.xmission.com:4465/paci/v1.0/
driver: parallels
Optional Settings
Unlike other cloud providers in Salt Cloud, Parallels does not utilize a size setting. This is because
Parallels allows the end-user to specify a more detailed configuration for their instances than is
allowed by many other cloud hosts. The following options are available to be used in a profile, with
their default settings listed.
# Description of the instance. Defaults to the instance name.
desc: <instance_name>
# How many CPU cores, and how fast they are (in MHz)
cpu_number: 1
cpu_power: 1000
# How many megabytes of RAM
ram: 256
# Bandwidth available, in kbps
bandwidth: 100
# How many public IPs will be assigned to this instance
ip_num: 1
# Size of the instance disk (in GiB)
disk_size: 10
# Username and password
ssh_username: root
password: <value from PARALLELS.password>
# The name of the image, from ``salt-cloud --list-images parallels``
image: ubuntu-12.04-x86_64
Getting Started With ProfitBricks
ProfitBricks provides an enterprise-grade Infrastructure as a Service (IaaS) solution that can be managed
through a browser-based "Data Center Designer" (DCD) tool or via an easy to use API. A unique feature of
the ProfitBricks platform is that it allows you to define your own settings for cores, memory, and disk
size without being tied to a particular server size.
Dependencies
• profitbricks >= 3.0.0
Configuration
• Using the new format, set up the cloud configuration at /etc/salt/cloud.providers or
/etc/salt/cloud.providers.d/profitbricks.conf:
my-profitbricks-config:
driver: profitbricks
# Set the location of the salt-master
#
minion:
master: saltmaster.example.com
# Configure ProfitBricks authentication credentials
#
username: user@domain.com
password: 123456
# datacenter is the UUID of a pre-existing virtual data center.
datacenter: 9e6709a0-6bf9-4bd6-8692-60349c70ce0e
# Connect to public LAN ID 1.
public_lan: 1
ssh_public_key: /path/to/id_rsa.pub
ssh_private_key: /path/to/id_rsa
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider definitions was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile definitions. Cloud provider
definitions now use driver to refer to the Salt cloud module that provides the underlying
functionality to connect to a cloud host, while cloud profiles continue to use provider to refer to
provider configurations that you define.
Virtual Data Center
ProfitBricks uses the concept of Virtual Data Centers. These are logically separated from one another and
allow you to have a self-contained environment for all servers, volumes, networking, snapshots, and so
forth.
A list of existing virtual data centers can be retrieved with the following command:
salt-cloud -f list_datacenters my-profitbricks-config
Authentication
The username and password are the same as those used to log into the ProfitBricks "Data Center Designer".
Profiles
Here is an example of a profile:
profitbricks_staging
provider: my-profitbricks-config
size: Micro Instance
image: 2f98b678-6e7e-11e5-b680-52540066fee9
cores: 2
ram: 4096
public_lan: 1
private_lan: 2
ssh_public_key: /path/to/id_rsa.pub
ssh_private_key: /path/to/id_rsa
ssh_interface: private_lan
profitbricks_production:
provider: my-profitbricks-config
image: Ubuntu-15.10-server-2016-05-01
disk_type: SSD
disk_size: 40
cores: 8
cpu_family: INTEL_XEON
ram: 32768
public_lan: 1
private_lan: 2
public_firewall_rules:
Allow SSH:
protocol: TCP
source_ip: 1.2.3.4
port_range_start: 22
port_range_end: 22
Allow Ping:
protocol: ICMP
icmp_type: 8
ssh_public_key: /path/to/id_rsa.pub
ssh_private_key: /path/to/id_rsa
ssh_interface: private_lan
volumes:
db_data:
disk_size: 500
db_log:
disk_size: 50
disk_type: HDD
disk_availability_zone: ZONE_3
The following list explains some of the important properties.
size Can be one of the options listed in the output of the following command:
salt-cloud --list-sizes my-profitbricks
image Can be one of the options listed in the output of the following command:
salt-cloud --list-images my-profitbricks
disk_size
This option allows you to override the size of the disk as defined by the size. The disk size is
set in gigabytes (GB).
disk_type
This option allow the disk type to be set to HDD or SSD. The default is HDD.
disk_availability_zone
This option will provision the volume in the specified availability_zone.
cores This option allows you to override the number of CPU cores as defined by the size.
ram This option allows you to override the amount of RAM defined by the size. The value must be a
multiple of 256, e.g. 256, 512, 768, 1024, and so forth.
availability_zone
This options specifies in which availability zone the server should be built. Zones include ZONE_1
and ZONE_2. The default is AUTO.
public_lan
This option will connect the server to the specified public LAN. If no LAN exists, then a new
public LAN will be created. The value accepts a LAN ID (integer).
public_firewall_rules
This option allows for a list of firewall rules assigned to the public network interface.
Firewall Rule Name:
protocol: <protocol> (TCP, UDP, ICMP) source_mac: <source-mac> source_ip: <source-ip>
target_ip: <target-ip> port_range_start: <port-range-start> port_range_end:
<port-range-end> icmp_type: <icmp-type> icmp_code: <icmp-code>
nat This option will enable NAT on the private NIC.
private_lan
This option will connect the server to the specified private LAN. If no LAN exists, then a new
private LAN will be created. The value accepts a LAN ID (integer).
private_firewall_rules
This option allows for a list of firewall rules assigned to the private network interface.
Firewall Rule Name:
protocol: <protocol> (TCP, UDP, ICMP) source_mac: <source-mac> source_ip: <source-ip>
target_ip: <target-ip> port_range_start: <port-range-start> port_range_end:
<port-range-end> icmp_type: <icmp-type> icmp_code: <icmp-code>
ssh_private_key
Full path to the SSH private key file.
ssh_public_key
Full path to the SSH public key file.
ssh_interface
This option will use the private LAN IP for node connections (such as bootstrapping the node)
instead of the public LAN IP. The value accepts 'private_lan'.
cpu_family
This option allow the CPU family to be set to AMD_OPTERON or INTEL_XEON. The default is
AMD_OPTERON.
volumes:
This option allows a list of additional volumes by name that will be created and attached to the
server. Each volume requires 'disk_size' and, optionally, 'disk_type'. The default is HDD.
deploy Set to False if Salt should not be installed on the node.
wait_for_timeout
The timeout to wait in seconds for provisioning resources such as servers. The default
wait_for_timeout is 15 minutes.
For more information concerning cloud profiles, see here.
Getting Started With Proxmox
Proxmox Virtual Environment is a complete server virtualization management solution, based on OpenVZ(in
Proxmox up to 3.4)/LXC(from Proxmox 4.0 and up) and full virtualization with KVM. Further information
can be found at:
http://www.proxmox.org/
Dependencies
• IPy >= 0.81
• requests >= 2.2.1
Please note: This module allows you to create OpenVZ/LXC containers and KVM VMs, but installing Salt on
it will only be done on containers rather than a KVM virtual machine.
• Set up the cloud configuration at /etc/salt/cloud.providers or
/etc/salt/cloud.providers.d/proxmox.conf:
my-proxmox-config:
# Set up the location of the salt master
#
minion:
master: saltmaster.example.com
# Set the PROXMOX access credentials (see below)
#
user: myuser@pve
password: badpass
# Set the access URL for your PROXMOX host
#
url: your.proxmox.host
driver: proxmox
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider definitions was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile definitions. Cloud provider
definitions now use driver to refer to the Salt cloud module that provides the underlying
functionality to connect to a cloud host, while cloud profiles continue to use provider to refer to
provider configurations that you define.
Access Credentials
The user, password, and url will be provided to you by your cloud host. These are all required in order
for the PROXMOX driver to work.
Cloud Profiles
Set up an initial profile at /etc/salt/cloud.profiles or /etc/salt/cloud.profiles.d/proxmox.conf:
• Configure a profile to be used:
proxmox-ubuntu:
provider: my-proxmox-config
image: local:vztmpl/ubuntu-12.04-standard_12.04-1_amd64.tar.gz
technology: lxc
# host needs to be set to the configured name of the proxmox host
# and not the ip address or FQDN of the server
host: myvmhost
ip_address: 192.168.100.155
password: topsecret
The profile can be realized now with a salt command:
# salt-cloud -p proxmox-ubuntu myubuntu
This will create an instance named myubuntu on the cloud host. The minion that is installed on this
instance will have a hostname of myubuntu. If the command was executed on the salt-master, its Salt key
will automatically be signed on the master.
Once the instance has been created with salt-minion installed, connectivity to it can be verified with
Salt:
# salt myubuntu test.ping
Required Settings
The following settings are always required for PROXMOX:
• Using the new cloud configuration format:
my-proxmox-config:
driver: proxmox
user: saltcloud@pve
password: xyzzy
url: your.proxmox.host
Optional Settings
Unlike other cloud providers in Salt Cloud, Proxmox does not utilize a size setting. This is because
Proxmox allows the end-user to specify a more detailed configuration for their instances, than is allowed
by many other cloud providers. The following options are available to be used in a profile, with their
default settings listed.
# Description of the instance.
desc: <instance_name>
# How many CPU cores, and how fast they are (in MHz)
cpus: 1
cpuunits: 1000
# How many megabytes of RAM
memory: 256
# How much swap space in MB
swap: 256
# Whether to auto boot the vm after the host reboots
onboot: 1
# Size of the instance disk (in GiB)
disk: 10
# Host to create this vm on
host: myvmhost
# Nameservers. Defaults to host
nameserver: 8.8.8.8 8.8.4.4
# Username and password
ssh_username: root
password: <value from PROXMOX.password>
# The name of the image, from ``salt-cloud --list-images proxmox``
image: local:vztmpl/ubuntu-12.04-standard_12.04-1_amd64.tar.gz
# Whether or not to verify the SSL cert on the Proxmox host
verify_ssl: False
# Network interfaces, netX
net0: name=eth0,bridge=vmbr0,ip=dhcp
QEMU
Some functionnalities works differently if you use 'qemu' as technology. In order to create a new VM with
qemu, you need to specificy some more information. You can also clone a qemu template which already is
on your Proxmox server.
QEMU profile file (for a new VM):
proxmox-win7:
# Image of the new VM
image: image.iso # You can get all your available images using 'salt-cloud --list-images provider_name' (Ex: 'salt-cloud --list-images my-proxmox-config')
# Technology used to create the VM ('qemu', 'openvz'(on Proxmox <4.x) or 'lxc'(on Proxmox 4.x+))
technology: qemu
# Proxmox node name
host: node_name
# Proxmox password
password: your_password
# Workaround https://github.com/saltstack/salt/issues/27821
size: ''
# RAM size (MB)
memory: 2048
# OS Type enum (other / wxp / w2k / w2k3 / w2k8 / wvista / win7 / win8 / l24 / l26 / solaris)
ostype: win7
# Hard disk location
sata0: <location>:<size>, format=<qcow2/vmdk/raw>, size=<size>GB #Example: local:120,format=qcow2,size=120GB
#CD/DVD Drive
ide2: <content_location>,media=cdrom #Example: local:iso/name.iso,media=cdrom
# Network Device
net0:<model>,bridge=<bridge> #Example: e1000,bridge=vmbr0
# Enable QEMU Guest Agent (0 / 1)
agent: 1
# VM name
name: Test
More information about these parameters can be found on Proxmox API (‐
http://pve.proxmox.com/pve2-api-doc/) under the 'POST' method of nodes/{node}/qemu
QEMU profile file (for a clone):
proxmox-win7:
# Enable Clone
clone: True
# New VM description
clone_description: 'description'
# New VM name
clone_name: 'name'
# New VM format (qcow2 / raw / vmdk)
clone_format: qcow2
# Full clone (1) or Link clone (0)
clone_full: 0
# VMID of Template to clone
clone_from: ID
# Technology used to create the VM ('qemu' or 'lxc')
technology: qemu
# Proxmox node name
host: node_name
# Proxmox password
password: your_password
# Workaround https://github.com/saltstack/salt/issues/27821
size: ''
More information can be found on Proxmox API under the 'POST' method of /nodes/{node}/qemu/{vmid}/clone
NOTE:
The Proxmox API offers a lot more options and parameters, which are not yet supported by this
salt-cloud 'overlay'. Feel free to add your contribution by forking the github repository and
modifying the following file: salt/salt/cloud/clouds/proxmox.py An easy way to support more
parameters for VM creation would be to add the names of the optional parameters in the 'create_nodes(
vm_
)' function, under the 'qemu' technology. But it requires you to dig into the code ...
Getting Started With Rackspace
Rackspace is a major public cloud platform which may be configured using either the openstack driver.
Dependencies
• Libcloud >= 0.13.2
Configuration
To use the openstack driver (recommended), set up the cloud configuration at
/etc/salt/cloud.providers or /etc/salt/cloud.providers.d/rackspace.conf:
my-rackspace-config:
# Set the location of the salt-master
#
minion:
master: saltmaster.example.com
# Configure Rackspace using the OpenStack plugin
#
identity_url: 'https://identity.api.rackspacecloud.com/v2.0/tokens'
compute_name: cloudServersOpenStack
protocol: ipv4
# Set the compute region:
#
compute_region: DFW
# Configure Rackspace authentication credentials
#
user: myname
tenant: 123456
apikey: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
driver: openstack
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider definitions was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile definitions. Cloud provider
definitions now use driver to refer to the Salt cloud module that provides the underlying
functionality to connect to a cloud host, while cloud profiles continue to use provider to refer to
provider configurations that you define.
Compute Region
Rackspace currently has six compute regions which may be used:
DFW -> Dallas/Forth Worth
ORD -> Chicago
SYD -> Sydney
LON -> London
IAD -> Northern Virginia
HKG -> Hong Kong
Note: Currently the LON region is only available with a UK account, and UK accounts cannot access other
regions
Authentication
The user is the same user as is used to log into the Rackspace Control Panel. The tenant and apikey can
be found in the API Keys area of the Control Panel. The apikey will be labeled as API Key (and may need
to be generated), and tenant will be labeled as Cloud Account Number.
An initial profile can be configured in /etc/salt/cloud.profiles or
/etc/salt/cloud.profiles.d/rackspace.conf:
openstack_512:
provider: my-rackspace-config
size: 512 MB Standard
image: Ubuntu 12.04 LTS (Precise Pangolin)
To instantiate a machine based on this profile:
# salt-cloud -p openstack_512 myinstance
This will create a virtual machine at Rackspace with the name myinstance. This operation may take
several minutes to complete, depending on the current load at the Rackspace data center.
Once the instance has been created with salt-minion installed, connectivity to it can be verified with
Salt:
# salt myinstance test.ping
RackConnect Environments
Rackspace offers a hybrid hosting configuration option called RackConnect that allows you to use a
physical firewall appliance with your cloud servers. When this service is in use the public_ip assigned
by nova will be replaced by a NAT ip on the firewall. For salt-cloud to work properly it must use the
newly assigned "access ip" instead of the Nova assigned public ip. You can enable that capability by
adding this to your profiles:
openstack_512:
provider: my-openstack-config
size: 512 MB Standard
image: Ubuntu 12.04 LTS (Precise Pangolin)
rackconnect: True
Managed Cloud Environments
Rackspace offers a managed service level of hosting. As part of the managed service level you have the
ability to choose from base of lamp installations on cloud server images. The post build process for
both the base and the lamp installations used Chef to install things such as the cloud monitoring agent
and the cloud backup agent. It also takes care of installing the lamp stack if selected. In order to
prevent the post installation process from stomping over the bootstrapping you can add the below to your
profiles.
openstack_512:
provider: my-rackspace-config
size: 512 MB Standard
image: Ubuntu 12.04 LTS (Precise Pangolin)
managedcloud: True
First and Next Generation Images
Rackspace provides two sets of virtual machine images, first, and next generation. As of 0.8.9 salt-cloud
will default to using the next generation images. To force the use of first generation images, on the
profile configuration please add:
FreeBSD-9.0-512:
provider: my-rackspace-config
size: 512 MB Standard
image: FreeBSD 9.0
force_first_gen: True
Private Subnets
By default salt-cloud will not add Rackspace private networks to new servers. To enable a private network
to a server instantiated by salt cloud, add the following section to the provider file (typically
/etc/salt/cloud.providers.d/rackspace.conf)
networks:
- fixed:
# This is the private network
- private-network-id
# This is Rackspace's "PublicNet"
- 00000000-0000-0000-0000-000000000000
# This is Rackspace's "ServiceNet"
- 11111111-1111-1111-1111-111111111111
To get the Rackspace private network ID, go to Networking, Networks and hover over the private network
name.
The order of the networks in the above code block does not map to the order of the ethernet devices on
newly created servers. Public IP will always be first ( eth0 ) followed by servicenet ( eth1 ) and then
private networks.
Enabling the private network per above gives the option of using the private subnet for all master-minion
communication, including the bootstrap install of salt-minion. To enable the minion to use the private
subnet, update the master: line in the minion: section of the providers file. To configure the master to
only listen on the private subnet IP, update the interface: line in the /etc/salt/master file to be the
private subnet IP of the salt master.
Getting Started With Scaleway
Scaleway is the first IaaS host worldwide to offer an ARM based cloud. It’s the ideal platform for
horizontal scaling with BareMetal SSD servers. The solution provides on demand resources: it comes with
on-demand SSD storage, movable IPs , images, security group and an Object Storage solution.
https://scaleway.com
Configuration
Using Salt for Scaleway, requires an access key and an API token. API tokens are unique identifiers
associated with your Scaleway account. To retrieve your access key and API token, log-in to the Scaleway
control panel, open the pull-down menu on your account name and click on "My Credentials" link.
If you do not have API token you can create one by clicking the "Create New Token" button on the right
corner.
# Note: This example is for /etc/salt/cloud.providers or any file in the
# /etc/salt/cloud.providers.d/ directory.
my-scaleway-config:
access_key: 15cf404d-4560-41b1-9a0c-21c3d5c4ff1f
token: a7347ec8-5de1-4024-a5e3-24b77d1ba91d
driver: scaleway
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider definitions was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile definitions. Cloud provider
definitions now use driver to refer to the Salt cloud module that provides the underlying
functionality to connect to a cloud host, while cloud profiles continue to use provider to refer to
provider configurations that you define.
Profiles
Cloud Profiles
Set up an initial profile at /etc/salt/cloud.profiles or in the /etc/salt/cloud.profiles.d/ directory:
scaleway-ubuntu:
provider: my-scaleway-config
image: Ubuntu Trusty (14.04 LTS)
Images can be obtained using the --list-images option for the salt-cloud command:
#salt-cloud --list-images my-scaleway-config
my-scaleway-config:
----------
scaleway:
----------
069fd876-eb04-44ab-a9cd-47e2fa3e5309:
----------
arch:
arm
creation_date:
2015-03-12T09:35:45.764477+00:00
default_bootscript:
{u'kernel': {u'dtb': u'', u'title': u'Pimouss 3.2.34-30-std', u'id': u'cfda4308-cd6f-4e51-9744-905fc0da370f', u'path': u'kernel/pimouss-uImage-3.2.34-30-std'}, u'title': u'3.2.34-std #30 (stable)', u'id': u'c5af0215-2516-4316-befc-5da1cfad609c', u'initrd': {u'path': u'initrd/c1-uInitrd', u'id': u'1be14b1b-e24c-48e5-b0b6-7ba452e42b92', u'title': u'C1 initrd'}, u'bootcmdargs': {u'id': u'd22c4dde-e5a4-47ad-abb9-d23b54d542ff', u'value': u'ip=dhcp boot=local root=/dev/nbd0 USE_XNBD=1 nbd.max_parts=8'}, u'organization': u'11111111-1111-4111-8111-111111111111', u'public': True}
extra_volumes:
[]
id:
069fd876-eb04-44ab-a9cd-47e2fa3e5309
modification_date:
2015-04-24T12:02:16.820256+00:00
name:
Ubuntu Vivid (15.04)
organization:
a283af0b-d13e-42e1-a43f-855ffbf281ab
public:
True
root_volume:
{u'name': u'distrib-ubuntu-vivid-2015-03-12_10:32-snapshot', u'id': u'a6d02e63-8dee-4bce-b627-b21730f35a05', u'volume_type': u'l_ssd', u'size': 50000000000L}
...
Execute a query and return all information about the nodes running on configured cloud providers using
the -Q option for the salt-cloud command:
# salt-cloud -F
[INFO ] salt-cloud starting
[INFO ] Starting new HTTPS connection (1): api.scaleway.com
my-scaleway-config:
----------
scaleway:
----------
salt-manager:
----------
creation_date:
2015-06-03T08:17:38.818068+00:00
hostname:
salt-manager
...
NOTE:
Additional documentation about Scaleway can be found at https://www.scaleway.com/docs.
Getting Started With Saltify
The Saltify driver is a new, experimental driver for installing Salt on existing machines (virtual or
bare metal).
Dependencies
The Saltify driver has no external dependencies.
Configuration
Because the Saltify driver does not use an actual cloud provider host, it has a simple provider
configuration. The only thing that is required to be set is the driver name, and any other potentially
useful information, like the location of the salt-master:
# Note: This example is for /etc/salt/cloud.providers file or any file in
# the /etc/salt/cloud.providers.d/ directory.
my-saltify-config:
minion:
master: 111.222.333.444
provider: saltify
Profiles
Saltify requires a profile to be configured for each machine that needs Salt installed. The initial
profile can be set up at /etc/salt/cloud.profiles or in the /etc/salt/cloud.profiles.d/ directory. Each
profile requires both an ssh_host and an ssh_username key parameter as well as either an key_filename or
a password.
Profile configuration example:
# /etc/salt/cloud.profiles.d/saltify.conf
salt-this-machine:
ssh_host: 12.34.56.78
ssh_username: root
key_filename: '/etc/salt/mysshkey.pem'
provider: my-saltify-config
The machine can now be "Salted" with the following command:
salt-cloud -p salt-this-machine my-machine
This will install salt on the machine specified by the cloud profile, salt-this-machine, and will give
the machine the minion id of my-machine. If the command was executed on the salt-master, its Salt key
will automatically be signed on the master.
Once a salt-minion has been successfully installed on the instance, connectivity to it can be verified
with Salt:
salt my-machine test.ping
Using Map Files
The settings explained in the section above may also be set in a map file. An example of how to use the
Saltify driver with a map file follows:
# /etc/salt/saltify-map
make_salty:
- my-instance-0:
ssh_host: 12.34.56.78
ssh_username: root
password: very-bad-password
- my-instance-1:
ssh_host: 44.33.22.11
ssh_username: root
password: another-bad-pass
Note: When using a cloud map with the Saltify driver, the name of the profile to use, in this case
make_salty, must be defined in a profile config. For example:
# /etc/salt/cloud.profiles.d/saltify.conf
make_salty:
provider: my-saltify-config
The machines listed in the map file can now be "Salted" by applying the following salt map command:
salt-cloud -m /etc/salt/saltify-map
This command will install salt on the machines specified in the map and will give each machine their
minion id of my-instance-0 and my-instance-1, respectively. If the command was executed on the
salt-master, its Salt key will automatically be signed on the master.
Connectivity to the new "Salted" instances can now be verified with Salt:
salt 'my-instance-*' test.ping
Credential Verification
Because the Saltify driver does not actually create VM's, unlike other salt-cloud drivers, it has special
behaviour when the deploy option is set to False. When the cloud configuration specifies deploy: False,
the Saltify driver will attept to authenticate to the target node(s) and return True for each one that
succeeds. This can be useful to verify ports, protocols, services and credentials are correctly
configured before a live deployment.
Return values:
• True: Credential verification succeeded
• False: Credential verification succeeded
• None: Credential verification was not attempted.
NOTE:
This feature is not available for Windows targets.
Getting Started With SoftLayer
SoftLayer is a public cloud host, and baremetal hardware hosting service.
Dependencies
The SoftLayer driver for Salt Cloud requires the softlayer package, which is available at PyPI:
https://pypi.python.org/pypi/SoftLayer
This package can be installed using pip or easy_install:
# pip install softlayer
# easy_install softlayer
Configuration
Set up the cloud config at /etc/salt/cloud.providers:
# Note: These examples are for /etc/salt/cloud.providers
my-softlayer:
# Set up the location of the salt master
minion:
master: saltmaster.example.com
# Set the SoftLayer access credentials (see below)
user: MYUSER1138
apikey: 'e3b68aa711e6deadc62d5b76355674beef7cc3116062ddbacafe5f7e465bfdc9'
driver: softlayer
my-softlayer-hw:
# Set up the location of the salt master
minion:
master: saltmaster.example.com
# Set the SoftLayer access credentials (see below)
user: MYUSER1138
apikey: 'e3b68aa711e6deadc62d5b76355674beef7cc3116062ddbacafe5f7e465bfdc9'
driver: softlayer_hw
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider definitions was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile definitions. Cloud provider
definitions now use driver to refer to the Salt cloud module that provides the underlying
functionality to connect to a cloud host, while cloud profiles continue to use provider to refer to
provider configurations that you define.
Access Credentials
The user setting is the same user as is used to log into the SoftLayer Administration area. The apikey
setting is found inside the Admin area after logging in:
• Hover over the Account menu item.
• Click the Users link.
• Find the API Key column and click View.
Profiles
Cloud Profiles
Set up an initial profile at /etc/salt/cloud.profiles:
base_softlayer_ubuntu:
provider: my-softlayer
image: UBUNTU_LATEST
cpu_number: 1
ram: 1024
disk_size: 100
local_disk: True
hourly_billing: True
domain: example.com
location: sjc01
# Optional
max_net_speed: 1000
private_vlan: 396
private_network: True
private_ssh: True
# May be used _instead_of_ image
global_identifier: 320d8be5-46c0-dead-cafe-13e3c51
Most of the above items are required; optional items are specified below.
image
Images to build an instance can be found using the --list-images option:
# salt-cloud --list-images my-softlayer
The setting used will be labeled as template.
cpu_number
This is the number of CPU cores that will be used for this instance. This number may be dependent upon
the image that is used. For instance:
Red Hat Enterprise Linux 6 - Minimal Install (64 bit) (1 - 4 Core):
----------
name:
Red Hat Enterprise Linux 6 - Minimal Install (64 bit) (1 - 4 Core)
template:
REDHAT_6_64
Red Hat Enterprise Linux 6 - Minimal Install (64 bit) (5 - 100 Core):
----------
name:
Red Hat Enterprise Linux 6 - Minimal Install (64 bit) (5 - 100 Core)
template:
REDHAT_6_64
Note that the template (meaning, the image option) for both of these is the same, but the names suggests
how many CPU cores are supported.
ram
This is the amount of memory, in megabytes, that will be allocated to this instance.
disk_size
The amount of disk space that will be allocated to this image, in gigabytes.
base_softlayer_ubuntu:
disk_size: 100
Using Multiple Disks
New in version 2015.8.1.
SoftLayer allows up to 5 disks to be specified for a virtual machine upon creation. Multiple disks can be
specified either as a list or a comma-delimited string. The first disk_size specified in the string or
list will be the first disk size assigned to the VM.
List Example:
base_softlayer_ubuntu:
disk_size: ['100', '20', '20']
String Example:
base_softlayer_ubuntu:
disk_size: '100, 20, 20'
local_disk
When true the disks for the computing instance will be provisioned on the host which it runs, otherwise
SAN disks will be provisioned.
hourly_billing
When true the computing instance will be billed on hourly usage, otherwise it will be billed on a monthly
basis.
domain
The domain name that will be used in the FQDN (Fully Qualified Domain Name) for this instance. The domain
setting will be used in conjunction with the instance name to form the FQDN.
use_fqdn
If set to True, the Minion will be identified by the FQDN (Fully Qualified Domain Name) which is a result
of combining the domain configuration value and the Minion name specified either via the CLI or a map
file rather than only using the short host name, or Minion ID. Default is False.
New in version 2016.3.0.
For example, if the value of domain is example.com and a new VM was created via the CLI with salt-cloud
-p base_softlayer_ubuntu my-vm, the resulting Minion ID would be my-vm.example.com.
NOTE:
When enabling the use_fqdn setting, the Minion ID will be the FQDN and will interact with salt
commands with the FQDN instead of the short hostname. However, due to the way the SoftLayer API is
constructed, some Salt Cloud functions such as listing nodes or destroying VMs will only list the
short hostname of the VM instead of the FQDN.
Example output displaying the SoftLayer hostname quirk mentioned in the note above (note the Minion ID is
my-vm.example.com, but the VM to be destroyed is listed with its short hostname, my-vm):
# salt-key -L
Accepted Keys:
my-vm.example.com
Denied Keys:
Unaccepted Keys:
Rejected Keys:
#
#
# salt my-vm.example.com test.ping
my-vm.example.com:
True
#
#
# salt-cloud -d my-vm.example.com
[INFO ] salt-cloud starting
[INFO ] POST https://api.softlayer.com/xmlrpc/v3.1/SoftLayer_Account
The following virtual machines are set to be destroyed:
softlayer-config:
softlayer:
my-vm
Proceed? [N/y] y
... proceeding
[INFO ] Destroying in non-parallel mode.
[INFO ] POST https://api.softlayer.com/xmlrpc/v3.1/SoftLayer_Account
[INFO ] POST https://api.softlayer.com/xmlrpc/v3.1/SoftLayer_Virtual_Guest
softlayer-config:
----------
softlayer:
----------
my-vm:
True
location
Images to build an instance can be found using the --list-locations option:
# salt-cloud --list-location my-softlayer
max_net_speed
Specifies the connection speed for the instance's network components. This setting is optional. By
default, this is set to 10.
post_uri
Specifies the uri location of the script to be downloaded and run after the instance is provisioned.
New in version 2015.8.1.
Example:
base_softlayer_ubuntu:
post_uri: 'https://SOMESERVERIP:8000/myscript.sh'
public_vlan
If it is necessary for an instance to be created within a specific frontend VLAN, the ID for that VLAN
can be specified in either the provider or profile configuration.
This ID can be queried using the list_vlans function, as described below. This setting is optional.
If this setting is set to None, salt-cloud will connect to the private ip of the server.
NOTE:
If this setting is not provided and the server is not built with a public vlan, private_ssh or
private_wds will need to be set to make sure that salt-cloud attempts to connect to the private ip.
private_vlan
If it is necessary for an instance to be created within a specific backend VLAN, the ID for that VLAN can
be specified in either the provider or profile configuration.
This ID can be queried using the list_vlans function, as described below. This setting is optional.
private_network
If a server is to only be used internally, meaning it does not have a public VLAN associated with it,
this value would be set to True. This setting is optional. The default is False.
private_ssh or private_wds
Whether to run the deploy script on the server using the public IP address or the private IP address. If
set to True, Salt Cloud will attempt to SSH or WinRM into the new server using the private IP address.
The default is False. This settiong is optional.
global_identifier
When creating an instance using a custom template, this option is set to the corresponding value obtained
using the list_custom_images function. This option will not be used if an image is set, and if an image
is not set, it is required.
The profile can be realized now with a salt command:
# salt-cloud -p base_softlayer_ubuntu myserver
Using the above configuration, this will create myserver.example.com.
Once the instance has been created with salt-minion installed, connectivity to it can be verified with
Salt:
# salt 'myserver.example.com' test.ping
Cloud Profiles
Set up an initial profile at /etc/salt/cloud.profiles:
base_softlayer_hw_centos:
provider: my-softlayer-hw
# CentOS 6.0 - Minimal Install (64 bit)
image: 13963
# 2 x 2.0 GHz Core Bare Metal Instance - 2 GB Ram
size: 1921
# 500GB SATA II
hdd: 1267
# San Jose 01
location: 168642
domain: example.com
# Optional
vlan: 396
port_speed: 273
banwidth: 248
Most of the above items are required; optional items are specified below.
image
Images to build an instance can be found using the --list-images option:
# salt-cloud --list-images my-softlayer-hw
A list of id`s and names will be provided. The `name will describe the operating system and architecture.
The id will be the setting to be used in the profile.
size
Sizes to build an instance can be found using the --list-sizes option:
# salt-cloud --list-sizes my-softlayer-hw
A list of id`s and names will be provided. The `name will describe the speed and quantity of CPU cores,
and the amount of memory that the hardware will contain. The id will be the setting to be used in the
profile.
hdd
There is currently only one size of hard disk drive (HDD) that is available for hardware instances on
SoftLayer:
1267: 500GB SATA II
The hdd setting in the profile should be 1267. Other sizes may be added in the future.
location
Locations to build an instance can be found using the --list-images option:
# salt-cloud --list-locations my-softlayer-hw
A list of IDs and names will be provided. The location will describe the location in human terms. The id
will be the setting to be used in the profile.
domain
The domain name that will be used in the FQDN (Fully Qualified Domain Name) for this instance. The domain
setting will be used in conjunction with the instance name to form the FQDN.
vlan
If it is necessary for an instance to be created within a specific VLAN, the ID for that VLAN can be
specified in either the provider or profile configuration.
This ID can be queried using the list_vlans function, as described below.
port_speed
Specifies the speed for the instance's network port. This setting refers to an ID within the SoftLayer
API, which sets the port speed. This setting is optional. The default is 273, or, 100 Mbps Public &
Private Networks. The following settings are available:
• 273: 100 Mbps Public & Private Networks
• 274: 1 Gbps Public & Private Networks
• 21509: 10 Mbps Dual Public & Private Networks (up to 20 Mbps)
• 21513: 100 Mbps Dual Public & Private Networks (up to 200 Mbps)
• 2314: 1 Gbps Dual Public & Private Networks (up to 2 Gbps)
• 272: 10 Mbps Public & Private Networks
bandwidth
Specifies the network bandwidth available for the instance. This setting refers to an ID within the
SoftLayer API, which sets the bandwidth. This setting is optional. The default is 248, or, 5000 GB
Bandwidth. The following settings are available:
• 248: 5000 GB Bandwidth
• 129: 6000 GB Bandwidth
• 130: 8000 GB Bandwidth
• 131: 10000 GB Bandwidth
• 36: Unlimited Bandwidth (10 Mbps Uplink)
• 125: Unlimited Bandwidth (100 Mbps Uplink)
Actions
The following actions are currently supported by the SoftLayer Salt Cloud driver.
show_instance
This action is a thin wrapper around --full-query, which displays details on a single instance only. In
an environment with several machines, this will save a user from having to sort through all instance
data, just to examine a single instance.
$ salt-cloud -a show_instance myinstance
Functions
The following functions are currently supported by the SoftLayer Salt Cloud driver.
list_vlans
This function lists all VLANs associated with the account, and all known data from the SoftLayer API
concerning those VLANs.
$ salt-cloud -f list_vlans my-softlayer
$ salt-cloud -f list_vlans my-softlayer-hw
The id returned in this list is necessary for the vlan option when creating an instance.
list_custom_images
This function lists any custom templates associated with the account, that can be used to create a new
instance.
$ salt-cloud -f list_custom_images my-softlayer
The globalIdentifier returned in this list is necessary for the global_identifier option when creating an
image using a custom template.
Optional Products for SoftLayer HW
The softlayer_hw driver supports the ability to add optional products, which are supported by SoftLayer's
API. These products each have an ID associated with them, that can be passed into Salt Cloud with the
optional_products option:
softlayer_hw_test:
provider: my-softlayer-hw
# CentOS 6.0 - Minimal Install (64 bit)
image: 13963
# 2 x 2.0 GHz Core Bare Metal Instance - 2 GB Ram
size: 1921
# 500GB SATA II
hdd: 1267
# San Jose 01
location: 168642
domain: example.com
optional_products:
# MySQL for Linux
- id: 28
# Business Continuance Insurance
- id: 104
These values can be manually obtained by looking at the source of an order page on the SoftLayer web
interface. For convenience, many of these values are listed here:
Public Secondary IP Addresses
• 22: 4 Public IP Addresses
• 23: 8 Public IP Addresses
Primary IPv6 Addresses
• 17129: 1 IPv6 Address
Public Static IPv6 Addresses
• 1481: /64 Block Static Public IPv6 Addresses
OS-Specific Addon
• 17139: XenServer Advanced for XenServer 6.x
• 17141: XenServer Enterprise for XenServer 6.x
• 2334: XenServer Advanced for XenServer 5.6
• 2335: XenServer Enterprise for XenServer 5.6
• 13915: Microsoft WebMatrix
• 21276: VMware vCenter 5.1 Standard
Control Panel Software
• 121: cPanel/WHM with Fantastico and RVskin
• 20778: Parallels Plesk Panel 11 (Linux) 100 Domain w/ Power Pack
• 20786: Parallels Plesk Panel 11 (Windows) 100 Domain w/ Power Pack
• 20787: Parallels Plesk Panel 11 (Linux) Unlimited Domain w/ Power Pack
• 20792: Parallels Plesk Panel 11 (Windows) Unlimited Domain w/ Power Pack
• 2340: Parallels Plesk Panel 10 (Linux) 100 Domain w/ Power Pack
• 2339: Parallels Plesk Panel 10 (Linux) Unlimited Domain w/ Power Pack
• 13704: Parallels Plesk Panel 10 (Windows) Unlimited Domain w/ Power Pack
Database Software
• 29: MySQL 5.0 for Windows
• 28: MySQL for Linux
• 21501: Riak 1.x
• 20893: MongoDB
• 30: Microsoft SQL Server 2005 Express
• 92: Microsoft SQL Server 2005 Workgroup
• 90: Microsoft SQL Server 2005 Standard
• 94: Microsoft SQL Server 2005 Enterprise
• 1330: Microsoft SQL Server 2008 Express
• 1340: Microsoft SQL Server 2008 Web
• 1337: Microsoft SQL Server 2008 Workgroup
• 1334: Microsoft SQL Server 2008 Standard
• 1331: Microsoft SQL Server 2008 Enterprise
• 2179: Microsoft SQL Server 2008 Express R2
• 2173: Microsoft SQL Server 2008 Web R2
• 2183: Microsoft SQL Server 2008 Workgroup R2
• 2180: Microsoft SQL Server 2008 Standard R2
• 2176: Microsoft SQL Server 2008 Enterprise R2
Anti-Virus & Spyware Protection
• 594: McAfee VirusScan Anti-Virus - Windows
• 414: McAfee Total Protection - Windows
Insurance
• 104: Business Continuance Insurance
Monitoring
• 55: Host Ping
• 56: Host Ping and TCP Service Monitoring
Notification
• 57: Email and Ticket
Advanced Monitoring
• 2302: Monitoring Package - Basic
• 2303: Monitoring Package - Advanced
• 2304: Monitoring Package - Premium Application
Response
• 58: Automated Notification
• 59: Automated Reboot from Monitoring
• 60: 24x7x365 NOC Monitoring, Notification, and Response
Intrusion Detection & Protection
• 413: McAfee Host Intrusion Protection w/Reporting
Hardware & Software Firewalls
• 411: APF Software Firewall for Linux
• 894: Microsoft Windows Firewall
• 410: 10Mbps Hardware Firewall
• 409: 100Mbps Hardware Firewall
• 408: 1000Mbps Hardware Firewall
Getting Started with VEXXHOST
VEXXHOST is a cloud computing host which provides Canadian cloud computing services which are based in
Monteral and use the libcloud OpenStack driver. VEXXHOST currently runs the Havana release of OpenStack.
When provisioning new instances, they automatically get a public IP and private IP address. Therefore,
you do not need to assign a floating IP to access your instance after it's booted.
Cloud Provider Configuration
To use the openstack driver for the VEXXHOST public cloud, you will need to set up the cloud provider
configuration file as in the example below:
/etc/salt/cloud.providers.d/vexxhost.conf: In order to use the VEXXHOST public cloud, you will need to
setup a cloud provider configuration file as in the example below which uses the OpenStack driver.
my-vexxhost-config:
# Set the location of the salt-master
#
minion:
master: saltmaster.example.com
# Configure VEXXHOST using the OpenStack plugin
#
identity_url: http://auth.api.thenebulacloud.com:5000/v2.0/tokens
compute_name: nova
# Set the compute region:
#
compute_region: na-yul-nhs1
# Configure VEXXHOST authentication credentials
#
user: your-tenant-id
password: your-api-key
tenant: your-tenant-name
# keys to allow connection to the instance launched
#
ssh_key_name: yourkey
ssh_key_file: /path/to/key/yourkey.priv
driver: openstack
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider definitions was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile definitions. Cloud provider
definitions now use driver to refer to the Salt cloud module that provides the underlying
functionality to connect to a cloud host, while cloud profiles continue to use provider to refer to
provider configurations that you define.
Authentication
All of the authentication fields that you need can be found by logging into your VEXXHOST customer
center. Once you've logged in, you will need to click on "CloudConsole" and then click on "API
Credentials".
Cloud Profile Configuration
In order to get the correct image UUID and the instance type to use in the cloud profile, you can run the
following command respectively:
# salt-cloud --list-images=vexxhost-config
# salt-cloud --list-sizes=vexxhost-config
Once you have that, you can go ahead and create a new cloud profile. This profile will build an Ubuntu
12.04 LTS nb.2G instance.
/etc/salt/cloud.profiles.d/vh_ubuntu1204_2G.conf:
vh_ubuntu1204_2G:
provider: my-vexxhost-config
image: 4051139f-750d-4d72-8ef0-074f2ccc7e5a
size: nb.2G
Provision an instance
To create an instance based on the sample profile that we created above, you can run the following
salt-cloud command.
# salt-cloud -p vh_ubuntu1204_2G vh_instance1
Typically, instances are provisioned in under 30 seconds on the VEXXHOST public cloud. After the
instance provisions, it will be set up a minion and then return all the instance information once it's
complete.
Once the instance has been setup, you can test connectivity to it by running the following command:
# salt vh_instance1 test.ping
You can now continue to provision new instances and they will all automatically be set up as minions of
the master you've defined in the configuration file.
Getting Started With Virtualbox
The Virtualbox cloud module allows you to manage a local Virtualbox hypervisor. Remote hypervisors may
come later on.
Dependencies
The virtualbox module for Salt Cloud requires the Virtualbox SDK which is contained in a virtualbox
installation from
https://www.virtualbox.org/wiki/Downloads
Configuration
The Virtualbox cloud module just needs to use the virtualbox driver for now. Virtualbox will be run as
the running user.
/etc/salt/cloud.providers or /etc/salt/cloud.providers.d/virtualbox.conf:
virtualbox-config:
driver: virtualbox
Profiles
Set up an initial profile at /etc/salt/cloud.profiles or /etc/salt/cloud.profiles.d/virtualbox.conf:
virtualbox-test:
provider: virtualbox-config
clonefrom: VM_to_clone_from
# Optional
power_on: True
deploy: True
ssh_username: a_username
password: a_password
sudo: a_username
sudo_password: a_password
# Example minion config
minion:
master: localhost
make_master: True
clonefrom Mandatory
Enter the name of the VM/template to clone from.
So far only machines can only be cloned and automatically provisioned by Salt Cloud.
Provisioning
In order to provision when creating a new machine power_on and deploy have to be True.
Furthermore to connect to the VM ssh_username and password will have to be set.
sudo and sudo_password are the credentials for getting root access in order to deploy salt
Actions
start Attempt to boot a VM by name. VMs should have unique names in order to boot the correct one.
stop Attempt to stop a VM. This is akin to a force shutdown or 5 second press.
Functions
show_image
Show all available information about a VM given by the image parameter
$ salt-cloud -f show_image virtualbox image=my_vm_name
Getting Started With VMware
New in version 2015.5.4.
Author: Nitin Madhok <nmadhok@clemson.edu>
The VMware cloud module allows you to manage VMware ESX, ESXi, and vCenter.
Dependencies
The vmware module for Salt Cloud requires the pyVmomi package, which is available at PyPI:
https://pypi.python.org/pypi/pyvmomi
This package can be installed using pip or easy_install:
pip install pyvmomi
easy_install pyvmomi
NOTE:
Version 6.0 of pyVmomi has some problems with SSL error handling on certain versions of Python. If
using version 6.0 of pyVmomi, the machine that you are running the proxy minion process from must have
either Python 2.7.9 or newer This is due to an upstream dependency in pyVmomi 6.0 that is not
supported in Python version 2.6 to 2.7.8. If the version of Python running the salt-cloud command is
not in the supported range, you will need to install an earlier version of pyVmomi. See Issue #29537
for more information.
NOTE:
pyVmomi doesn't expose the ability to specify the locale when connecting to VMware. This causes
parsing issues when connecting to an instance of VMware running under a non-English locale. Until this
feature is added upstream Issue #38402 contains a workaround.
Configuration
The VMware cloud module needs the vCenter or ESX/ESXi URL, username and password to be set up in the
cloud configuration at /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/vmware.conf:
my-vmware-config:
driver: vmware
user: 'DOMAIN\user'
password: 'verybadpass'
url: '10.20.30.40'
vcenter01:
driver: vmware
user: 'DOMAIN\user'
password: 'verybadpass'
url: 'vcenter01.domain.com'
protocol: 'https'
port: 443
vcenter02:
driver: vmware
user: 'DOMAIN\user'
password: 'verybadpass'
url: 'vcenter02.domain.com'
protocol: 'http'
port: 80
esx01:
driver: vmware
user: 'admin'
password: 'verybadpass'
url: 'esx01.domain.com'
NOTE:
Optionally, protocol and port can be specified if the vCenter server is not using the defaults.
Default is protocol: https and port: 443.
NOTE:
Changed in version 2015.8.0.
The provider parameter in cloud provider configuration was renamed to driver. This change was made to
avoid confusion with the provider parameter that is used in cloud profile configuration. Cloud
provider configuration now uses driver to refer to the salt-cloud driver that provides the underlying
functionality to connect to a cloud provider, while cloud profile configuration continues to use
provider to refer to the cloud provider configuration that you define.
Profiles
Set up an initial profile at /etc/salt/cloud.profiles or /etc/salt/cloud.profiles.d/vmware.conf:
vmware-centos6.5:
provider: vcenter01
clonefrom: test-vm
## Optional arguments
num_cpus: 4
memory: 8GB
devices:
cd:
CD/DVD drive 1:
device_type: datastore_iso_file
iso_path: "[nap004-1] vmimages/tools-isoimages/linux.iso"
CD/DVD drive 2:
device_type: client_device
mode: atapi
controller: IDE 2
CD/DVD drive 3:
device_type: client_device
mode: passthrough
controller: IDE 3
disk:
Hard disk 1:
size: 30
Hard disk 2:
size: 20
controller: SCSI controller 2
Hard disk 3:
size: 5
controller: SCSI controller 3
datastore: smalldiskdatastore
network:
Network adapter 1:
name: 10.20.30-400-Test
switch_type: standard
ip: 10.20.30.123
gateway: [10.20.30.110]
subnet_mask: 255.255.255.128
domain: example.com
Network adapter 2:
name: 10.30.40-500-Dev-DHCP
adapter_type: e1000
switch_type: distributed
mac: '00:16:3e:e8:19:0f'
Network adapter 3:
name: 10.40.50-600-Prod
adapter_type: vmxnet3
switch_type: distributed
ip: 10.40.50.123
gateway: [10.40.50.110]
subnet_mask: 255.255.255.128
domain: example.com
scsi:
SCSI controller 1:
type: lsilogic
SCSI controller 2:
type: lsilogic_sas
bus_sharing: virtual
SCSI controller 3:
type: paravirtual
bus_sharing: physical
ide:
IDE 2
IDE 3
domain: example.com
dns_servers:
- 123.127.255.240
- 123.127.255.241
- 123.127.255.242
resourcepool: Resources
cluster: Prod
datastore: HUGE-DATASTORE-Cluster
folder: Development
datacenter: DC1
host: c4212n-002.domain.com
template: False
power_on: True
extra_config:
mem.hotadd: 'yes'
guestinfo.foo: bar
guestinfo.domain: foobar.com
guestinfo.customVariable: customValue
deploy: True
customization: True
private_key: /root/.ssh/mykey.pem
ssh_username: cloud-user
password: veryVeryBadPassword
minion:
master: 123.127.193.105
file_map:
/path/to/local/custom/script: /path/to/remote/script
/path/to/local/file: /path/to/remote/file
/srv/salt/yum/epel.repo: /etc/yum.repos.d/epel.repo
hardware_version: 10
image: centos64Guest
#For Windows VM
win_username: Administrator
win_password: administrator
win_organization_name: ABC-Corp
plain_text: True
win_installer: /root/Salt-Minion-2015.8.4-AMD64-Setup.exe
win_user_fullname: Windows User
provider
Enter the name that was specified when the cloud provider config was created.
clonefrom
Enter the name of the VM/template to clone from. If not specified, the VM will be created without
cloning.
num_cpus
Enter the number of vCPUS that you want the VM/template to have. If not specified, the current
VM/template's vCPU count is used.
cores_per_socket
New in version 2016.11.0.
Enter the number of cores per vCPU that you want the VM/template to have. If not specified, this
will default to 1.
NOTE:
Cores per socket should be less than or equal to the total number of vCPUs assigned to the
VM/template.
memory Enter the memory size (in MB or GB) that you want the VM/template to have. If not specified, the
current VM/template's memory size is used. Example memory: 8GB or memory: 8192MB.
devices
Enter the device specifications here. Currently, the following devices can be created or
reconfigured:
cd Enter the CD/DVD drive specification here. If the CD/DVD drive doesn't exist, it will be
created with the specified configuration. If the CD/DVD drive already exists, it will be
reconfigured with the specifications. The following options can be specified per CD/DVD
drive:
device_type
Specify how the CD/DVD drive should be used. Currently supported types are
client_device and datastore_iso_file. Default is device_type: client_device
iso_path
Enter the path to the iso file present on the datastore only if device_type:
datastore_iso_file. The syntax to specify this is iso_path: "[datastoreName]
vmimages/tools-isoimages/linux.iso". This field is ignored if device_type:
client_device
mode Enter the mode of connection only if device_type: client_device. Currently supported
modes are passthrough and atapi. This field is ignored if device_type:
datastore_iso_file. Default is mode: passthrough
controller
Specify the IDE controller label to which this drive should be attached. This
should be specified only when creating both the specified IDE controller as well as
the CD/DVD drive at the same time.
disk Enter the disk specification here. If the hard disk doesn't exist, it will be created with
the provided size. If the hard disk already exists, it will be expanded if the provided
size is greater than the current size of the disk.
size Enter the size of disk in GB
thin_provision
Specifies whether the disk should be thin provisioned or not. Default is
thin_provision: False.
controller
Specify the SCSI controller label to which this disk should be attached. This
should be specified only when creating both the specified SCSI controller as well as
the hard disk at the same time.
datastore
The name of a valid datastore should you wish the new disk to be in a datastore
other than the default for the VM.
network
Enter the network adapter specification here. If the network adapter doesn't exist, a new
network adapter will be created with the specified network name, type and other
configuration. If the network adapter already exists, it will be reconfigured with the
specifications. The following additional options can be specified per network adapter (See
example above):
name Enter the network name you want the network adapter to be mapped to.
adapter_type
Enter the network adapter type you want to create. Currently supported types are
vmxnet, vmxnet2, vmxnet3, e1000 and e1000e. If no type is specified, by default
vmxnet3 will be used.
switch_type
Enter the type of switch to use. This decides whether to use a standard switch
network or a distributed virtual portgroup. Currently supported types are standard
for standard portgroups and distributed for distributed virtual portgroups.
ip Enter the static IP you want the network adapter to be mapped to. If the network
specified is DHCP enabled, you do not have to specify this.
gateway
Enter the gateway for the network as a list. If the network specified is DHCP
enabled, you do not have to specify this.
subnet_mask
Enter the subnet mask for the network. If the network specified is DHCP enabled, you
do not have to specify this.
domain Enter the domain to be used with the network adapter. If the network specified is
DHCP enabled, you do not have to specify this.
mac Enter the MAC for this network adapter. If not specified an address will be selected
automatically.
scsi Enter the SCSI controller specification here. If the SCSI controller doesn't exist, a new
SCSI controller will be created of the specified type. If the SCSI controller already
exists, it will be reconfigured with the specifications. The following additional options
can be specified per SCSI controller:
type Enter the SCSI controller type you want to create. Currently supported types are
lsilogic, lsilogic_sas and paravirtual. Type must be specified when creating a new
SCSI controller.
bus_sharing
Specify this if sharing of virtual disks between virtual machines is desired. The
following can be specified:
virtual
Virtual disks can be shared between virtual machines on the same server.
physical
Virtual disks can be shared between virtual machines on any server.
no Virtual disks cannot be shared between virtual machines.
ide Enter the IDE controller specification here. If the IDE controller doesn't exist, a new IDE
controller will be created. If the IDE controller already exists, no further changes to it
will me made.
domain Enter the global domain name to be used for DNS. If not specified and if the VM name is a FQDN,
domain is set to the domain from the VM name. Default is local.
dns_servers
Enter the list of DNS servers to use in order of priority.
resourcepool
Enter the name of the resourcepool to which the new virtual machine should be attached. This
determines what compute resources will be available to the clone.
NOTE:
• For a clone operation from a virtual machine, it will use the same resourcepool as the
original virtual machine unless specified.
• For a clone operation from a template to a virtual machine, specifying either this or cluster
is required. If both are specified, the resourcepool value will be used.
• For a clone operation to a template, this argument is ignored.
cluster
Enter the name of the cluster whose resource pool the new virtual machine should be attached to.
NOTE:
• For a clone operation from a virtual machine, it will use the same cluster's resourcepool as
the original virtual machine unless specified.
• For a clone operation from a template to a virtual machine, specifying either this or
resourcepool is required. If both are specified, the resourcepool value will be used.
• For a clone operation to a template, this argument is ignored.
datastore
Enter the name of the datastore or the datastore cluster where the virtual machine should be
located on physical storage. If not specified, the current datastore is used.
NOTE:
• If you specify a datastore cluster name, DRS Storage recommendation is automatically applied.
• If you specify a datastore name, DRS Storage recommendation is disabled.
folder Enter the name of the folder that will contain the new virtual machine.
NOTE:
• For a clone operation from a VM/template, the new VM/template will be added to the same
folder that the original VM/template belongs to unless specified.
• If both folder and datacenter are specified, the folder value will be used.
datacenter
Enter the name of the datacenter that will contain the new virtual machine.
NOTE:
• For a clone operation from a VM/template, the new VM/template will be added to the same
folder that the original VM/template belongs to unless specified.
• If both folder and datacenter are specified, the folder value will be used.
host Enter the name of the target host where the virtual machine should be registered.
If not specified:
NOTE:
• If resource pool is not specified, current host is used.
• If resource pool is specified, and the target pool represents a stand-alone host, the host is
used.
• If resource pool is specified, and the target pool represents a DRS-enabled cluster, a host
selected by DRS is used.
• If resource pool is specified and the target pool represents a cluster without DRS enabled,
an InvalidArgument exception be thrown.
template
Specifies whether the new virtual machine should be marked as a template or not. Default is
template: False.
power_on
Specifies whether the new virtual machine should be powered on or not. If template: True is set,
this field is ignored. Default is power_on: True.
extra_config
Specifies the additional configuration information for the virtual machine. This describes a set
of modifications to the additional options. If the key is already present, it will be reset with
the new value provided. Otherwise, a new option is added. Keys with empty values will be removed.
deploy Specifies if salt should be installed on the newly created VM. Default is True so salt will be
installed using the bootstrap script. If template: True or power_on: False is set, this field is
ignored and salt will not be installed.
wait_for_ip_timeout
When deploy: True, this timeout determines the maximum time to wait for VMware tools to be
installed on the virtual machine. If this timeout is reached, an attempt to determine the client's
IP will be made by resolving the VM's name. By lowering this value a salt bootstrap can be fully
automated for systems that are not built with VMware tools. Default is wait_for_ip_timeout: 1200.
customization
Specify whether the new virtual machine should be customized or not. If customization: False is
set, the new virtual machine will not be customized. Default is customization: True.
private_key
Specify the path to the private key to use to be able to ssh to the VM.
ssh_username
Specify the username to use in order to ssh to the VM. Default is root
password
Specify a password to use in order to ssh to the VM. If private_key is specified, you do not need
to specify this.
minion Specify custom minion configuration you want the salt minion to have. A good example would be to
specify the master as the IP/DNS name of the master.
file_map
Specify file/files you want to copy to the VM before the bootstrap script is run and salt is
installed. A good example of using this would be if you need to put custom repo files on the
server in case your server will be in a private network and cannot reach external networks.
hardware_version
Specify the virtual hardware version for the vm/template that is supported by the host.
image Specify the guest id of the VM. For a full list of supported values see the VMware vSphere
documentation:
http://pubs.vmware.com/vsphere-60/topic/com.vmware.wssdk.apiref.doc/vim.vm.GuestOsDescriptor.GuestOsIdentifier.html
NOTE:
For a clone operation, this argument is ignored.
win_username
Specify windows vm administrator account.
NOTE:
Windows template should have "administrator" account.
win_password
Specify windows vm administrator account password.
NOTE:
During network configuration (if network specified), it is used to specify new administrator
password for the machine.
win_organization_name
Specify windows vm user's organization. Default organization name is Organization
VMware vSphere documentation:
https://www.vmware.com/support/developer/vc-sdk/visdk25pubs/ReferenceGuide/vim.vm.customization.UserData.html
win_user_fullname
Specify windows vm user's fullname. Default fullname is Windows User
VMware vSphere documentation:
https://www.vmware.com/support/developer/vc-sdk/visdk25pubs/ReferenceGuide/vim.vm.customization.UserData.html
plain_text
Flag to specify whether or not the password is in plain text, rather than encrypted. VMware
vSphere documentation:
https://www.vmware.com/support/developer/vc-sdk/visdk25pubs/ReferenceGuide/vim.vm.customization.Password.html
win_installer
Specify windows minion client installer path
Cloning a VM
Cloning VMs/templates is the easiest and the preferred way to work with VMs using the VMware driver.
NOTE:
Cloning operations are unsupported on standalone ESXi hosts, a vCenter server will be required.
Example of a minimal profile:
my-minimal-clone:
provider: vcenter01
clonefrom: 'test-vm'
When cloning a VM, all the profile configuration parameters are optional and the configuration gets
inherited from the clone.
Example to add/resize a disk:
my-disk-example:
provider: vcenter01
clonefrom: 'test-vm'
devices:
disk:
Hard disk 1:
size: 30
Depending on the configuration of the VM that is getting cloned, the disk in the resulting clone will
differ.
NOTE:
• If the VM has no disk named 'Hard disk 1' an empty disk with the specified size will be added to the
clone.
• If the VM has a disk named 'Hard disk 1' and the size specified is larger than the original disk, an
empty disk with the specified size will be added to the clone.
• If the VM has a disk named 'Hard disk 1' and the size specified is smaller than the original disk,
an empty disk with the original size will be added to the clone.
Example to reconfigure the memory and number of vCPUs:
my-disk-example:
provider: vcenter01
clonefrom: 'test-vm'
memory: 16GB
num_cpus: 8
Cloning a Template
Cloning a template works similar to cloning a VM except for the fact that a resource pool or cluster must
be specified additionally in the profile.
Example of a minimal profile:
my-template-clone:
provider: vcenter01
clonefrom: 'test-template'
cluster: 'Prod'
Cloning from a Snapshot
New in version 2016.3.5.
Cloning from a snapshot requires that one of the supported options be set in the cloud profile.
Supported options are createNewChildDiskBacking, moveChildMostDiskBacking,
moveAllDiskBackingsAndAllowSharing and moveAllDiskBackingsAndDisallowSharing.
Example of a minimal profile:
my-template-clone:
provider: vcenter01
clonefrom: 'salt_vm'
snapshot:
disk_move_type: createNewChildDiskBacking
# these types are also supported
# disk_move_type: moveChildMostDiskBacking
# disk_move_type: moveAllDiskBackingsAndAllowSharing
# disk_move_type: moveAllDiskBackingsAndDisallowSharing
Creating a VM
New in version 2016.3.0.
Creating a VM from scratch means that more configuration has to be specified in the profile because there
is no place to inherit configuration from.
NOTE:
Unlike most cloud drivers that use prepared images, creating VMs using VMware cloud driver needs an
installation method that requires no human interaction. For Example: preseeded ISO, kickstart URL or
network PXE boot.
Example of a minimal profile:
my-minimal-profile:
provider: esx01
datastore: esx01-datastore
resourcepool: Resources
folder: vm
NOTE:
The example above contains the minimum required configuration needed to create a VM from scratch. The
resulting VM will only have 1 VCPU, 32MB of RAM and will not have any storage or networking.
Example of a complete profile:
my-complete-example:
provider: esx01
datastore: esx01-datastore
resourcepool: Resources
folder: vm
num_cpus: 2
memory: 8GB
image: debian7_64Guest
devices:
scsi:
SCSI controller 0:
type: lsilogic_sas
ide:
IDE 0: {}
IDE 1: {}
disk:
Hard disk 0:
controller: 'SCSI controller 0'
size: 20
mode: 'independent_nonpersistent'
cd:
CD/DVD drive 0:
controller: 'IDE 0'
device_type: datastore_iso_file
iso_path: '[esx01-datastore] debian-8-with-preseed.iso'
network:
Network adapter 0:
name: 'VM Network'
swith_type: standard
NOTE:
Depending on VMware ESX/ESXi version, an exact match for image might not be available. In such cases,
the closest match to another image should be used. In the example above, a Debian 8 VM is created
using the image debian7_64Guest which is for a Debian 7 guest.
Specifying disk backing mode
New in version 2016.3.5.
Disk backing mode can now be specified when cloning a VM. This option can be set in the cloud profile as
shown in example below:
my-vm:
provider: esx01
datastore: esx01-datastore
resourcepool: Resources
folder: vm
devices:
disk:
Hard disk 1:
mode: 'independent_nonpersistent'
size: 42
Hard disk 2:
mode: 'independent_nonpersistent'
Miscellaneous Options
Miscellaneous Salt Cloud Options
This page describes various miscellaneous options available in Salt Cloud
Deploy Script Arguments
Custom deploy scripts are unlikely to need custom arguments to be passed to them, but salt-bootstrap has
been extended quite a bit, and this may be necessary. script_args can be specified in either the profile
or the map file, to pass arguments to the deploy script:
ec2-amazon:
provider: my-ec2-config
image: ami-1624987f
size: t1.micro
ssh_username: ec2-user
script: bootstrap-salt
script_args: -c /tmp/
This has also been tested to work with pipes, if needed:
script_args: | head
Selecting the File Transport
By default, Salt Cloud uses SFTP to transfer files to Linux hosts. However, if SFTP is not available, or
specific SCP functionality is needed, Salt Cloud can be configured to use SCP instead.
file_transport: sftp
file_transport: scp
Sync After Install
Salt allows users to create custom modules, grains, and states which can be synchronised to minions to
extend Salt with further functionality.
This option will inform Salt Cloud to synchronise your custom modules, grains, states or all these to the
minion just after it has been created. For this to happen, the following line needs to be added to the
main cloud configuration file:
sync_after_install: all
The available options for this setting are:
modules
grains
states
all
Setting Up New Salt Masters
It has become increasingly common for users to set up multi-hierarchal infrastructures using Salt Cloud.
This sometimes involves setting up an instance to be a master in addition to a minion. With that in mind,
you can now lay down master configuration on a machine by specifying master options in the profile or map
file.
make_master: True
This will cause Salt Cloud to generate master keys for the instance, and tell salt-bootstrap to install
the salt-master package, in addition to the salt-minion package.
The default master configuration is usually appropriate for most users, and will not be changed unless
specific master configuration has been added to the profile or map:
master:
user: root
interface: 0.0.0.0
Setting Up a Salt Syndic with Salt Cloud
In addition to setting up new Salt Masters, syndics can also be provisioned using Salt Cloud. In order to
set up a Salt Syndic via Salt Cloud, a Salt Master needs to be installed on the new machine and a master
configuration file needs to be set up using the make_master setting. This setting can be defined either
in a profile config file or in a map file:
make_master: True
To install the Salt Syndic, the only other specification that needs to be configured is the syndic_master
key to specify the location of the master that the syndic will be reporting to. This modification needs
to be placed in the master setting, which can be configured either in the profile, provider, or
/etc/salt/cloud config file:
master:
syndic_master: 123.456.789 # may be either an IP address or a hostname
Many other Salt Syndic configuration settings and specifications can be passed through to the new syndic
machine via the master configuration setting. See the syndic documentation for more information.
SSH Port
By default ssh port is set to port 22. If you want to use a custom port in provider, profile, or map
blocks use ssh_port option.
New in version 2015.5.0.
ssh_port: 2222
SSH Port
By default ssh port is set to port 22. If you want to use a custom port in provider, profile, or map
blocks use ssh_port option.
ssh_port: 2222
Delete SSH Keys
When Salt Cloud deploys an instance, the SSH pub key for the instance is added to the known_hosts file
for the user that ran the salt-cloud command. When an instance is deployed, a cloud host generally
recycles the IP address for the instance. When Salt Cloud attempts to deploy an instance using a
recycled IP address that has previously been accessed from the same machine, the old key in the
known_hosts file will cause a conflict.
In order to mitigate this issue, Salt Cloud can be configured to remove old keys from the known_hosts
file when destroying the node. In order to do this, the following line needs to be added to the main
cloud configuration file:
delete_sshkeys: True
Keeping /tmp/ Files
When Salt Cloud deploys an instance, it uploads temporary files to /tmp/ for salt-bootstrap to put in
place. After the script has run, they are deleted. To keep these files around (mostly for debugging
purposes), the --keep-tmp option can be added:
salt-cloud -p myprofile mymachine --keep-tmp
For those wondering why /tmp/ was used instead of /root/, this had to be done for images which require
the use of sudo, and therefore do not allow remote root logins, even for file transfers (which makes
/root/ unavailable).
Hide Output From Minion Install
By default Salt Cloud will stream the output from the minion deploy script directly to STDOUT. Although
this can been very useful, in certain cases you may wish to switch this off. The following config option
is there to enable or disable this output:
display_ssh_output: False
Connection Timeout
There are several stages when deploying Salt where Salt Cloud needs to wait for something to happen. The
VM getting it's IP address, the VM's SSH port is available, etc.
If you find that the Salt Cloud defaults are not enough and your deployment fails because Salt Cloud did
not wait log enough, there are some settings you can tweak.
Note
All settings should be provided in lowercase All values should be provided in seconds
You can tweak these settings globally, per cloud provider, or event per profile definition.
wait_for_ip_timeout
The amount of time Salt Cloud should wait for a VM to start and get an IP back from the cloud host.
Default: varies by cloud provider ( between 5 and 25 minutes)
wait_for_ip_interval
The amount of time Salt Cloud should sleep while querying for the VM's IP. Default: varies by cloud
provider ( between .5 and 10 seconds)
ssh_connect_timeout
The amount of time Salt Cloud should wait for a successful SSH connection to the VM. Default: varies by
cloud provider (between 5 and 15 minutes)
wait_for_passwd_timeout
The amount of time until an ssh connection can be established via password or ssh key. Default: varies
by cloud provider (mostly 15 seconds)
wait_for_passwd_maxtries
The number of attempts to connect to the VM until we abandon. Default: 15 attempts
wait_for_fun_timeout
Some cloud drivers check for an available IP or a successful SSH connection using a function, namely,
SoftLayer, and SoftLayer-HW. So, the amount of time Salt Cloud should retry such functions before
failing. Default: 15 minutes.
wait_for_spot_timeout
The amount of time Salt Cloud should wait before an EC2 Spot instance is available. This setting is only
available for the EC2 cloud driver. Default: 10 minutes
Salt Cloud Cache
Salt Cloud can maintain a cache of node data, for supported providers. The following options manage this
functionality.
update_cachedir
On supported cloud providers, whether or not to maintain a cache of nodes returned from a --full-query.
The data will be stored in msgpack format under
<SALT_CACHEDIR>/cloud/active/<DRIVER>/<PROVIDER>/<NODE_NAME>.p. This setting can be True or False.
diff_cache_events
When the cloud cachedir is being managed, if differences are encountered between the data that is
returned live from the cloud host and the data in the cache, fire events which describe the changes. This
setting can be True or False.
Some of these events will contain data which describe a node. Because some of the fields returned may
contain sensitive data, the cache_event_strip_fields configuration option exists to strip those fields
from the event return.
cache_event_strip_fields:
- password
- priv_key
The following are events that can be fired based on this data.
salt/cloud/minionid/cache_node_new
A new node was found on the cloud host which was not listed in the cloud cachedir. A dict describing the
new node will be contained in the event.
salt/cloud/minionid/cache_node_missing
A node that was previously listed in the cloud cachedir is no longer available on the cloud host.
salt/cloud/minionid/cache_node_diff
One or more pieces of data in the cloud cachedir has changed on the cloud host. A dict containing both
the old and the new data will be contained in the event.
SSH Known Hosts
Normally when bootstrapping a VM, salt-cloud will ignore the SSH host key. This is because it does not
know what the host key is before starting (because it doesn't exist yet). If strict host key checking is
turned on without the key in the known_hosts file, then the host will never be available, and cannot be
bootstrapped.
If a provider is able to determine the host key before trying to bootstrap it, that provider's driver can
add it to the known_hosts file, and then turn on strict host key checking. This can be set up in the main
cloud configuration file (normally /etc/salt/cloud) or in the provider-specific configuration file:
known_hosts_file: /path/to/.ssh/known_hosts
If this is not set, it will default to /dev/null, and strict host key checking will be turned off.
It is highly recommended that this option is not set, unless the user has verified that the provider
supports this functionality, and that the image being used is capable of providing the necessary
information. At this time, only the EC2 driver supports this functionality.
SSH Agent
New in version 2015.5.0.
If the ssh key is not stored on the server salt-cloud is being run on, set ssh_agent, and salt-cloud will
use the forwarded ssh-agent to authenticate.
ssh_agent: True
File Map Upload
New in version 2014.7.0.
The file_map option allows an arbitrary group of files to be uploaded to the target system before running
the deploy script. This functionality requires a provider uses salt.utils.cloud.bootstrap(), which is
currently limited to the ec2, gce, openstack and nova drivers.
The file_map can be configured globally in /etc/salt/cloud, or in any cloud provider or profile file. For
example, to upload an extra package or a custom deploy script, a cloud profile using file_map might look
like:
ubuntu14:
provider: ec2-config
image: ami-98aa1cf0
size: t1.micro
ssh_username: root
securitygroup: default
file_map:
/local/path/to/custom/script: /remote/path/to/use/custom/script
/local/path/to/package: /remote/path/to/store/package
Troubleshooting Steps
Troubleshooting Salt Cloud
This page describes various steps for troubleshooting problems that may arise while using Salt Cloud.
Virtual Machines Are Created, But Do Not Respond
Are TCP ports 4505 and 4506 open on the master? This is easy to overlook on new masters. Information on
how to open firewall ports on various platforms can be found here.
Generic Troubleshooting Steps
This section describes a set of instructions that are useful to a large number of situations, and are
likely to solve most issues that arise.
Debug Mode
Frequently, running Salt Cloud in debug mode will reveal information about a deployment which would
otherwise not be obvious:
salt-cloud -p myprofile myinstance -l debug
Keep in mind that a number of messages will appear that look at first like errors, but are in fact
intended to give developers factual information to assist in debugging. A number of messages that appear
will be for cloud providers that you do not have configured; in these cases, the message usually is
intended to confirm that they are not configured.
Salt Bootstrap
By default, Salt Cloud uses the Salt Bootstrap script to provision instances:
This script is packaged with Salt Cloud, but may be updated without updating the Salt package:
salt-cloud -u
The Bootstrap Log
If the default deploy script was used, there should be a file in the /tmp/ directory called
bootstrap-salt.log. This file contains the full output from the deployment, including any errors that may
have occurred.
Keeping Temp Files
Salt Cloud uploads minion-specific files to instances once they are available via SSH, and then executes
a deploy script to put them into the correct place and install Salt. The --keep-tmp option will instruct
Salt Cloud not to remove those files when finished with them, so that the user may inspect them for
problems:
salt-cloud -p myprofile myinstance --keep-tmp
By default, Salt Cloud will create a directory on the target instance called /tmp/.saltcloud/. This
directory should be owned by the user that is to execute the deploy script, and should have permissions
of 0700.
Most cloud hosts are configured to use root as the default initial user for deployment, and as such, this
directory and all files in it should be owned by the root user.
The /tmp/.saltcloud/ directory should the following files:
• A deploy.sh script. This script should have permissions of 0755.
• A .pem and .pub key named after the minion. The .pem file should have permissions of 0600. Ensure that
the .pem and .pub files have been properly copied to the /etc/salt/pki/minion/ directory.
• A file called minion. This file should have been copied to the /etc/salt/ directory.
• Optionally, a file called grains. This file, if present, should have been copied to the /etc/salt/
directory.
Unprivileged Primary Users
Some cloud hosts, most notably EC2, are configured with a different primary user. Some common examples
are ec2-user, ubuntu, fedora, and bitnami. In these cases, the /tmp/.saltcloud/ directory and all files
in it should be owned by this user.
Some cloud hosts, such as EC2, are configured to not require these users to provide a password when using
the sudo command. Because it is more secure to require sudo users to provide a password, other hosts are
configured that way.
If this instance is required to provide a password, it needs to be configured in Salt Cloud. A password
for sudo to use may be added to either the provider configuration or the profile configuration:
sudo_password: mypassword
/tmp/ is Mounted as noexec
It is more secure to mount the /tmp/ directory with a noexec option. This is uncommon on most cloud
hosts, but very common in private environments. To see if the /tmp/ directory is mounted this way, run
the following command:
mount | grep tmp
The if the output of this command includes a line that looks like this, then the /tmp/ directory is
mounted as noexec:
tmpfs on /tmp type tmpfs (rw,noexec)
If this is the case, then the deploy_command will need to be changed in order to run the deploy script
through the sh command, rather than trying to execute it directly. This may be specified in either the
provider or the profile config:
deploy_command: sh /tmp/.saltcloud/deploy.sh
Please note that by default, Salt Cloud will place its files in a directory called /tmp/.saltcloud/. This
may be also be changed in the provider or profile configuration:
tmp_dir: /tmp/.saltcloud/
If this directory is changed, then the deploy_command need to be changed in order to reflect the tmp_dir
configuration.
Executing the Deploy Script Manually
If all of the files needed for deployment were successfully uploaded to the correct locations, and
contain the correct permissions and ownerships, the deploy script may be executed manually in order to
check for other issues:
cd /tmp/.saltcloud/
./deploy.sh
Extending Salt Cloud
Writing Cloud Driver Modules
Salt Cloud runs on a module system similar to the main Salt project. The modules inside saltcloud exist
in the salt/cloud/clouds directory of the salt source.
There are two basic types of cloud modules. If a cloud host is supported by libcloud, then using it is
the fastest route to getting a module written. The Apache Libcloud project is located at:
http://libcloud.apache.org/
Not every cloud host is supported by libcloud. Additionally, not every feature in a supported cloud host
is necessarily supported by libcloud. In either of these cases, a module can be created which does not
rely on libcloud.
All Driver Modules
The following functions are required by all driver modules, whether or not they are based on libcloud.
The __virtual__() Function
This function determines whether or not to make this cloud module available upon execution. Most often,
it uses get_configured_provider() to determine if the necessary configuration has been set up. It may
also check for necessary imports, to decide whether to load the module. In most cases, it will return a
True or False value. If the name of the driver used does not match the filename, then that name should be
returned instead of True. An example of this may be seen in the Azure module:
https://github.com/saltstack/salt/tree/develop/salt/cloud/clouds/msazure.py
The get_configured_provider() Function
This function uses config.is_provider_configured() to determine wither all required information for this
driver has been configured. The last value in the list of required settings should be followed by a
comma.
Libcloud Based Modules
Writing a cloud module based on libcloud has two major advantages. First of all, much of the work has
already been done by the libcloud project. Second, most of the functions necessary to Salt have already
been added to the Salt Cloud project.
The create() Function
The most important function that does need to be manually written is the create() function. This is what
is used to request a virtual machine to be created by the cloud host, wait for it to become available,
and then (optionally) log in and install Salt on it.
A good example to follow for writing a cloud driver module based on libcloud is the module provided for
Linode:
https://github.com/saltstack/salt/tree/develop/salt/cloud/clouds/linode.py
The basic flow of a create() function is as follows:
• Send a request to the cloud host to create a virtual machine.
• Wait for the virtual machine to become available.
• Generate kwargs to be used to deploy Salt.
• Log into the virtual machine and deploy Salt.
• Return a data structure that describes the newly-created virtual machine.
At various points throughout this function, events may be fired on the Salt event bus. Four of these
events, which are described below, are required. Other events may be added by the user, where
appropriate.
When the create() function is called, it is passed a data structure called vm_. This dict contains a
composite of information describing the virtual machine to be created. A dict called __opts__ is also
provided by Salt, which contains the options used to run Salt Cloud, as well as a set of configuration
and environment variables.
The first thing the create() function must do is fire an event stating that it has started the create
process. This event is tagged salt/cloud/<vm name>/creating. The payload contains the names of the VM,
profile, and provider.
A set of kwargs is then usually created, to describe the parameters required by the cloud host to request
the virtual machine.
An event is then fired to state that a virtual machine is about to be requested. It is tagged as
salt/cloud/<vm name>/requesting. The payload contains most or all of the parameters that will be sent to
the cloud host. Any private information (such as passwords) should not be sent in the event.
After a request is made, a set of deploy kwargs will be generated. These will be used to install Salt on
the target machine. Windows options are supported at this point, and should be generated, even if the
cloud host does not currently support Windows. This will save time in the future if the host does
eventually decide to support Windows.
An event is then fired to state that the deploy process is about to begin. This event is tagged
salt/cloud/<vm name>/deploying. The payload for the event will contain a set of deploy kwargs, useful for
debugging purposed. Any private data, including passwords and keys (including public keys) should be
stripped from the deploy kwargs before the event is fired.
If any Windows options have been passed in, the salt.utils.cloud.deploy_windows() function will be
called. Otherwise, it will be assumed that the target is a Linux or Unix machine, and the
salt.utils.cloud.deploy_script() will be called.
Both of these functions will wait for the target machine to become available, then the necessary port to
log in, then a successful login that can be used to install Salt. Minion configuration and keys will then
be uploaded to a temporary directory on the target by the appropriate function. On a Windows target, the
Windows Minion Installer will be run in silent mode. On a Linux/Unix target, a deploy script
(bootstrap-salt.sh, by default) will be run, which will auto-detect the operating system, and install
Salt using its native package manager. These do not need to be handled by the developer in the cloud
module.
The salt.utils.cloud.validate_windows_cred() function has been extended to take the number of retries and
retry_delay parameters in case a specific cloud host has a delay between providing the Windows
credentials and the credentials being available for use. In their create() function, or as a
sub-function called during the creation process, developers should use the win_deploy_auth_retries and
win_deploy_auth_retry_delay parameters from the provider configuration to allow the end-user the ability
to customize the number of tries and delay between tries for their particular host.
After the appropriate deploy function completes, a final event is fired which describes the virtual
machine that has just been created. This event is tagged salt/cloud/<vm name>/created. The payload
contains the names of the VM, profile, and provider.
Finally, a dict (queried from the provider) which describes the new virtual machine is returned to the
user. Because this data is not fired on the event bus it can, and should, return any passwords that were
returned by the cloud host. In some cases (for example, Rackspace), this is the only time that the
password can be queried by the user; post-creation queries may not contain password information
(depending upon the host).
The libcloudfuncs Functions
A number of other functions are required for all cloud hosts. However, with libcloud-based modules, these
are all provided for free by the libcloudfuncs library. The following two lines set up the imports:
from salt.cloud.libcloudfuncs import * # pylint: disable=W0614,W0401
from salt.utils import namespaced_function
And then a series of declarations will make the necessary functions available within the cloud module.
get_size = namespaced_function(get_size, globals())
get_image = namespaced_function(get_image, globals())
avail_locations = namespaced_function(avail_locations, globals())
avail_images = namespaced_function(avail_images, globals())
avail_sizes = namespaced_function(avail_sizes, globals())
script = namespaced_function(script, globals())
destroy = namespaced_function(destroy, globals())
list_nodes = namespaced_function(list_nodes, globals())
list_nodes_full = namespaced_function(list_nodes_full, globals())
list_nodes_select = namespaced_function(list_nodes_select, globals())
show_instance = namespaced_function(show_instance, globals())
If necessary, these functions may be replaced by removing the appropriate declaration line, and then
adding the function as normal.
These functions are required for all cloud modules, and are described in detail in the next section.
Non-Libcloud Based Modules
In some cases, using libcloud is not an option. This may be because libcloud has not yet included the
necessary driver itself, or it may be that the driver that is included with libcloud does not contain all
of the necessary features required by the developer. When this is the case, some or all of the functions
in libcloudfuncs may be replaced. If they are all replaced, the libcloud imports should be absent from
the Salt Cloud module.
A good example of a non-libcloud driver is the DigitalOcean driver:
https://github.com/saltstack/salt/tree/develop/salt/cloud/clouds/digital_ocean.py
The create() Function
The create() function must be created as described in the libcloud-based module documentation.
The get_size() Function
This function is only necessary for libcloud-based modules, and does not need to exist otherwise.
The get_image() Function
This function is only necessary for libcloud-based modules, and does not need to exist otherwise.
The avail_locations() Function
This function returns a list of locations available, if the cloud host uses multiple data centers. It is
not necessary if the cloud host uses only one data center. It is normally called using the
--list-locations option.
salt-cloud --list-locations my-cloud-provider
The avail_images() Function
This function returns a list of images available for this cloud provider. There are not currently any
known cloud providers that do not provide this functionality, though they may refer to images by a
different name (for example, "templates"). It is normally called using the --list-images option.
salt-cloud --list-images my-cloud-provider
The avail_sizes() Function
This function returns a list of sizes available for this cloud provider. Generally, this refers to a
combination of RAM, CPU, and/or disk space. This functionality may not be present on some cloud
providers. For example, the Parallels module breaks down RAM, CPU, and disk space into separate options,
whereas in other providers, these options are baked into the image. It is normally called using the
--list-sizes option.
salt-cloud --list-sizes my-cloud-provider
The script() Function
This function builds the deploy script to be used on the remote machine. It is likely to be moved into
the salt.utils.cloud library in the near future, as it is very generic and can usually be copied
wholesale from another module. An excellent example is in the Azure driver.
The destroy() Function
This function irreversibly destroys a virtual machine on the cloud provider. Before doing so, it should
fire an event on the Salt event bus. The tag for this event is salt/cloud/<vm name>/destroying. Once the
virtual machine has been destroyed, another event is fired. The tag for that event is salt/cloud/<vm
name>/destroyed.
This function is normally called with the -d options:
salt-cloud -d myinstance
The list_nodes() Function
This function returns a list of nodes available on this cloud provider, using the following fields:
• id (str)
• image (str)
• size (str)
• state (str)
• private_ips (list)
• public_ips (list)
No other fields should be returned in this function, and all of these fields should be returned, even if
empty. The private_ips and public_ips fields should always be of a list type, even if empty, and the
other fields should always be of a str type. This function is normally called with the -Q option:
salt-cloud -Q
The list_nodes_full() Function
All information available about all nodes should be returned in this function. The fields in the
list_nodes() function should also be returned, even if they would not normally be provided by the cloud
provider. This is because some functions both within Salt and 3rd party will break if an expected field
is not present. This function is normally called with the -F option:
salt-cloud -F
The list_nodes_select() Function
This function returns only the fields specified in the query.selection option in /etc/salt/cloud. Because
this function is so generic, all of the heavy lifting has been moved into the salt.utils.cloud library.
A function to call list_nodes_select() still needs to be present. In general, the following code can be
used as-is:
def list_nodes_select(call=None):
'''
Return a list of the VMs that are on the provider, with select fields
'''
return salt.utils.cloud.list_nodes_select(
list_nodes_full('function'), __opts__['query.selection'], call,
)
However, depending on the cloud provider, additional variables may be required. For instance, some
modules use a conn object, or may need to pass other options into list_nodes_full(). In this case, be
sure to update the function appropriately:
def list_nodes_select(conn=None, call=None):
'''
Return a list of the VMs that are on the provider, with select fields
'''
if not conn:
conn = get_conn() # pylint: disable=E0602
return salt.utils.cloud.list_nodes_select(
list_nodes_full(conn, 'function'),
__opts__['query.selection'],
call,
)
This function is normally called with the -S option:
salt-cloud -S
The show_instance() Function
This function is used to display all of the information about a single node that is available from the
cloud provider. The simplest way to provide this is usually to call list_nodes_full(), and return just
the data for the requested node. It is normally called as an action:
salt-cloud -a show_instance myinstance
Actions and Functions
Extra functionality may be added to a cloud provider in the form of an --action or a --function. Actions
are performed against a cloud instance/virtual machine, and functions are performed against a cloud
provider.
Actions
Actions are calls that are performed against a specific instance or virtual machine. The show_instance
action should be available in all cloud modules. Actions are normally called with the -a option:
salt-cloud -a show_instance myinstance
Actions must accept a name as a first argument, may optionally support any number of kwargs as
appropriate, and must accept an argument of call, with a default of None.
Before performing any other work, an action should normally verify that it has been called correctly. It
may then perform the desired feature, and return useful information to the user. A basic action looks
like:
def show_instance(name, call=None):
'''
Show the details from EC2 concerning an AMI
'''
if call != 'action':
raise SaltCloudSystemExit(
'The show_instance action must be called with -a or --action.'
)
return _get_node(name)
Please note that generic kwargs, if used, are passed through to actions as kwargs and not **kwargs. An
example of this is seen in the Functions section.
Functions
Functions are called that are performed against a specific cloud provider. An optional function that is
often useful is show_image, which describes an image in detail. Functions are normally called with the -f
option:
salt-cloud -f show_image my-cloud-provider image='Ubuntu 13.10 64-bit'
A function may accept any number of kwargs as appropriate, and must accept an argument of call with a
default of None.
Before performing any other work, a function should normally verify that it has been called correctly. It
may then perform the desired feature, and return useful information to the user. A basic function looks
like:
def show_image(kwargs, call=None):
'''
Show the details from EC2 concerning an AMI
'''
if call != 'function':
raise SaltCloudSystemExit(
'The show_image action must be called with -f or --function.'
)
params = {'ImageId.1': kwargs['image'],
'Action': 'DescribeImages'}
result = query(params)
log.info(result)
return result
Take note that generic kwargs are passed through to functions as kwargs and not **kwargs.
Cloud deployment scripts
Salt Cloud works primarily by executing a script on the virtual machines as soon as they become
available. The script that is executed is referenced in the cloud profile as the script. In older
versions, this was the os argument. This was changed in 0.8.2.
A number of legacy scripts exist in the deploy directory in the saltcloud source tree. The preferred
method is currently to use the salt-bootstrap script. A stable version is included with each release
tarball starting with 0.8.4. The most updated version can be found at:
https://github.com/saltstack/salt-bootstrap
Note that, somewhat counter-intuitively, this script is referenced as bootstrap-salt in the
configuration.
You can specify a deploy script in the cloud configuration file (/etc/salt/cloud by default):
script: bootstrap-salt
Or in a provider:
my-provider:
# snip...
script: bootstrap-salt
Or in a profile:
my-profile:
provider: my-provider
# snip...
script: bootstrap-salt
If you do not specify a script argument in your cloud configuration file, provider configuration or
profile configuration, the "bootstrap-salt" script will be used by default.
Other Generic Deploy Scripts
If you want to be assured of always using the latest Salt Bootstrap script, there are a few generic
templates available in the deploy directory of your saltcloud source tree:
curl-bootstrap
curl-bootstrap-git
python-bootstrap
wget-bootstrap
wget-bootstrap-git
These are example scripts which were designed to be customized, adapted, and refit to meet your needs.
One important use of them is to pass options to the salt-bootstrap script, such as updating to specific
git tags.
Custom Deploy Scripts
If the Salt Bootstrap script does not meet your needs, you may write your own. The script should be
written in shell and is a Jinja template. Deploy scripts need to execute a number of functions to do a
complete salt setup. These functions include:
1. Install the salt minion. If this can be done via system packages this method is HIGHLY preferred.
2. Add the salt minion keys before the minion is started for the first time. The minion keys are
available as strings that can be copied into place in the Jinja template under the dict named "vm".
3. Start the salt-minion daemon and enable it at startup time.
4. Set up the minion configuration file from the "minion" data available in the Jinja template.
A good, well commented example of this process is the Fedora deployment script:
https://github.com/saltstack/salt-cloud/blob/master/saltcloud/deploy/Fedora.sh
A number of legacy deploy scripts are included with the release tarball. None of them are as functional
or complete as Salt Bootstrap, and are still included for academic purposes.
Custom deploy scripts are picked up from /etc/salt/cloud.deploy.d by default, but you can change the
location of deploy scripts with the cloud configuration deploy_scripts_search_path. Additionally, if your
deploy script has the extension .sh, you can leave out the extension in your configuration.
For example, if your custom deploy script is located in /etc/salt/cloud.deploy.d/my_deploy.sh, you could
specify it in a cloud profile like this:
my-profile:
provider: my-provider
# snip...
script: my_deploy
You're also free to use the full path to the script if you like. Using full paths, your script doesn't
have to live inside /etc/salt/cloud.deploy.d or whatever you've configured with
deploy_scripts_search_path.
Post-Deploy Commands
Once a minion has been deployed, it has the option to run a salt command. Normally, this would be the
state.apply, which would finish provisioning the VM. Another common option (for testing) is to use
test.ping. This is configured in the main cloud config file:
start_action: state.apply
This is currently considered to be experimental functionality, and may not work well with all cloud
hosts. If you experience problems with Salt Cloud hanging after Salt is deployed, consider using Startup
States instead:
http://docs.saltstack.com/ref/states/startup.html
Skipping the Deploy Script
For whatever reason, you may want to skip the deploy script altogether. This results in a VM being spun
up much faster, with absolutely no configuration. This can be set from the command line:
salt-cloud --no-deploy -p micro_aws my_instance
Or it can be set from the main cloud config file:
deploy: False
Or it can be set from the provider's configuration:
RACKSPACE.user: example_user
RACKSPACE.apikey: 123984bjjas87034
RACKSPACE.deploy: False
Or even on the VM's profile settings:
ubuntu_aws:
provider: my-ec2-config
image: ami-7e2da54e
size: t1.micro
deploy: False
The default for deploy is True.
In the profile, you may also set the script option to None:
script: None
This is the slowest option, since it still uploads the None deploy script and executes it.
Updating Salt Bootstrap
Salt Bootstrap can be updated automatically with salt-cloud:
salt-cloud -u
salt-cloud --update-bootstrap
Bear in mind that this updates to the latest stable version from:
https://bootstrap.saltstack.com/stable/bootstrap-salt.sh
To update Salt Bootstrap script to the develop version, run the following command on the Salt minion host
with salt-cloud installed:
salt-call config.gather_bootstrap_script 'https://bootstrap.saltstack.com/develop/bootstrap-salt.sh'
Or just download the file manually:
curl -L 'https://bootstrap.saltstack.com/develop' > /etc/salt/cloud.deploy.d/bootstrap-salt.sh
Keeping /tmp/ Files
When Salt Cloud deploys an instance, it uploads temporary files to /tmp/ for salt-bootstrap to put in
place. After the script has run, they are deleted. To keep these files around (mostly for debugging
purposes), the --keep-tmp option can be added:
salt-cloud -p myprofile mymachine --keep-tmp
For those wondering why /tmp/ was used instead of /root/, this had to be done for images which require
the use of sudo, and therefore do not allow remote root logins, even for file transfers (which makes
/root/ unavailable).
Deploy Script Arguments
Custom deploy scripts are unlikely to need custom arguments to be passed to them, but salt-bootstrap has
been extended quite a bit, and this may be necessary. script_args can be specified in either the profile
or the map file, to pass arguments to the deploy script:
aws-amazon:
provider: my-ec2-config
image: ami-1624987f
size: t1.micro
ssh_username: ec2-user
script: bootstrap-salt
script_args: -c /tmp/
This has also been tested to work with pipes, if needed:
script_args: | head
Using Salt Cloud from Salt
Using the Salt Modules for Cloud
In addition to the salt-cloud command, Salt Cloud can be called from Salt, in a variety of different
ways. Most users will be interested in either the execution module or the state module, but it is also
possible to call Salt Cloud as a runner.
Because the actual work will be performed on a remote minion, the normal Salt Cloud configuration must
exist on any target minion that needs to execute a Salt Cloud command. Because Salt Cloud now supports
breaking out configuration into individual files, the configuration is easily managed using Salt's own
file.managed state function. For example, the following directories allow this configuration to be
managed easily:
/etc/salt/cloud.providers.d/
/etc/salt/cloud.profiles.d/
Minion Keys
Keep in mind that when creating minions, Salt Cloud will create public and private minion keys, upload
them to the minion, and place the public key on the machine that created the minion. It will not attempt
to place any public minion keys on the master, unless the minion which was used to create the instance is
also the Salt Master. This is because granting arbitrary minions access to modify keys on the master is a
serious security risk, and must be avoided.
Execution Module
The cloud module is available to use from the command line. At the moment, almost every standard Salt
Cloud feature is available to use. The following commands are available:
list_images
This command is designed to show images that are available to be used to create an instance using Salt
Cloud. In general they are used in the creation of profiles, but may also be used to create an instance
directly (see below). Listing images requires a provider to be configured, and specified:
salt myminion cloud.list_images my-cloud-provider
list_sizes
This command is designed to show sizes that are available to be used to create an instance using Salt
Cloud. In general they are used in the creation of profiles, but may also be used to create an instance
directly (see below). This command is not available for all cloud providers; see the provider-specific
documentation for details. Listing sizes requires a provider to be configured, and specified:
salt myminion cloud.list_sizes my-cloud-provider
list_locations
This command is designed to show locations that are available to be used to create an instance using Salt
Cloud. In general they are used in the creation of profiles, but may also be used to create an instance
directly (see below). This command is not available for all cloud providers; see the provider-specific
documentation for details. Listing locations requires a provider to be configured, and specified:
salt myminion cloud.list_locations my-cloud-provider
query
This command is used to query all configured cloud providers, and display all instances associated with
those accounts. By default, it will run a standard query, returning the following fields:
id The name or ID of the instance, as used by the cloud provider.
image The disk image that was used to create this instance.
private_ips
Any public IP addresses currently assigned to this instance.
public_ips
Any private IP addresses currently assigned to this instance.
size The size of the instance; can refer to RAM, CPU(s), disk space, etc., depending on the cloud
provider.
state The running state of the instance; for example, running, stopped, pending, etc. This state is
dependent upon the provider.
This command may also be used to perform a full query or a select query, as described below. The
following usages are available:
salt myminion cloud.query
salt myminion cloud.query list_nodes
salt myminion cloud.query list_nodes_full
full_query
This command behaves like the query command, but lists all information concerning each instance as
provided by the cloud provider, in addition to the fields returned by the query command.
salt myminion cloud.full_query
select_query
This command behaves like the query command, but only returned select fields as defined in the
/etc/salt/cloud configuration file. A sample configuration for this section of the file might look like:
query.selection:
- id
- key_name
This configuration would only return the id and key_name fields, for those cloud providers that support
those two fields. This would be called using the following command:
salt myminion cloud.select_query
profile
This command is used to create an instance using a profile that is configured on the target minion.
Please note that the profile must be configured before this command can be used with it.
salt myminion cloud.profile ec2-centos64-x64 my-new-instance
Please note that the execution module does not run in parallel mode. Using multiple minions to create
instances can effectively perform parallel instance creation.
create
This command is similar to the profile command, in that it is used to create a new instance. However, it
does not require a profile to be pre-configured. Instead, all of the options that are normally
configured in a profile are passed directly to Salt Cloud to create the instance:
salt myminion cloud.create my-ec2-config my-new-instance \
image=ami-1624987f size='t1.micro' ssh_username=ec2-user \
securitygroup=default delvol_on_destroy=True
Please note that the execution module does not run in parallel mode. Using multiple minions to create
instances can effectively perform parallel instance creation.
destroy
This command is used to destroy an instance or instances. This command will search all configured
providers and remove any instance(s) which matches the name(s) passed in here. The results of this
command are non-reversable and should be used with caution.
salt myminion cloud.destroy myinstance
salt myminion cloud.destroy myinstance1,myinstance2
action
This command implements both the action and the function commands used in the standard salt-cloud
command. If one of the standard action commands is used, an instance name must be provided. If one of the
standard function commands is used, a provider configuration must be named.
salt myminion cloud.action start instance=myinstance
salt myminion cloud.action show_image provider=my-ec2-config \
image=ami-1624987f
The actions available are largely dependent upon the module for the specific cloud provider. The
following actions are available for all cloud providers:
list_nodes
This is a direct call to the query function as described above, but is only performed against a
single cloud provider. A provider configuration must be included.
list_nodes_select
This is a direct call to the full_query function as described above, but is only performed against
a single cloud provider. A provider configuration must be included.
list_nodes_select
This is a direct call to the select_query function as described above, but is only performed
against a single cloud provider. A provider configuration must be included.
show_instance
This is a thin wrapper around list_nodes, which returns the full information about a single
instance. An instance name must be provided.
State Module
A subset of the execution module is available through the cloud state module. Not all functions are
currently included, because there is currently insufficient code for them to perform statefully. For
example, a command to create an instance may be issued with a series of options, but those options cannot
currently be statefully managed. Additional states to manage these options will be released at a later
time.
cloud.present
This state will ensure that an instance is present inside a particular cloud provider. Any option that is
normally specified in the cloud.create execution module and function may be declared here, but only the
actual presence of the instance will be managed statefully.
my-instance-name:
cloud.present:
- provider: my-ec2-config
- image: ami-1624987f
- size: 't1.micro'
- ssh_username: ec2-user
- securitygroup: default
- delvol_on_destroy: True
cloud.profile
This state will ensure that an instance is present inside a particular cloud provider. This function
calls the cloud.profile execution module and function, but as with cloud.present, only the actual
presence of the instance will be managed statefully.
my-instance-name:
cloud.profile:
- profile: ec2-centos64-x64
cloud.absent
This state will ensure that an instance (identified by name) does not exist in any of the cloud providers
configured on the target minion. Please note that this state is non-reversable and may be considered
especially destructive when issued as a cloud state.
my-instance-name:
cloud.absent
Runner Module
The cloud runner module is executed on the master, and performs actions using the configuration and Salt
modules on the master itself. This means that any public minion keys will also be properly accepted by
the master.
Using the functions in the runner module is no different than using those in the execution module,
outside of the behavior described in the above paragraph. The following functions are available inside
the runner:
• list_images
• list_sizes
• list_locations
• query
• full_query
• select_query
• profile
• destroy
• action
Outside of the standard usage of salt-run itself, commands are executed as usual:
salt-run cloud.profile ec2-centos64-x86_64 my-instance-name
CloudClient
The execution, state, and runner modules ultimately all use the CloudClient library that ships with Salt.
To use the CloudClient library locally (either on the master or a minion), create a client object and
issue a command against it:
import salt.cloud
import pprint
client = salt.cloud.CloudClient('/etc/salt/cloud')
nodes = client.query()
pprint.pprint(nodes)
Reactor
Examples of using the reactor with Salt Cloud are available in the ec2-autoscale-reactor and
salt-cloud-reactor formulas.
Feature Comparison
Feature Matrix
A number of features are available in most cloud hosts, but not all are available everywhere. This may be
because the feature isn't supported by the cloud host itself, or it may only be that the feature has not
yet been added to Salt Cloud. In a handful of cases, it is because the feature does not make sense for a
particular cloud provider (Saltify, for instance).
This matrix shows which features are available in which cloud hosts, as far as Salt Cloud is concerned.
This is not a comprehensive list of all features available in all cloud hosts, and should not be used to
make business decisions concerning choosing a cloud host. In most cases, adding support for a feature to
Salt Cloud requires only a little effort.
Legacy Drivers
Both AWS and Rackspace are listed as "Legacy". This is because those drivers have been replaced by other
drivers, which are generally the preferred method for working with those hosts.
The EC2 driver should be used instead of the AWS driver, when possible. The OpenStack driver should be
used instead of the Rackspace driver, unless the user is dealing with instances in "the old cloud" in
Rackspace.
Note for Developers
When adding new features to a particular cloud host, please make sure to add the feature to this table.
Additionally, if you notice a feature that is not properly listed here, pull requests to fix them is
appreciated.
Standard Features
These are features that are available for almost every cloud host.
┌───────────┬──────────┬────────────┬─────────┬─────┬────────┬────────┬────────┬───────────┬───────────┬───────────┬─────────┬───────────┬───────────┬────────┐
├───────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├───────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├───────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├───────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├───────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├───────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├───────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├───────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
└───────────┴──────────┴────────────┴─────────┴─────┴────────┴────────┴────────┴───────────┴───────────┴───────────┴─────────┴───────────┴───────────┴────────┘
Actions
These are features that are performed on a specific instance, and require an instance name to be passed
in. For example:
# salt-cloud -a attach_volume ami.example.com
┌────────────────────────┬──────────┬────────────┬─────────┬─────┬────────┬────────┬────────┬───────────┬───────────┬───────────┬─────────┬───────────┬───────────┬────────┐
├────────────────────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├────────────────────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├────────────────────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├────────────────────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├────────────────────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├────────────────────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├────────────────────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├────────────────────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├────────────────────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├────────────────────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├────────────────────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├────────────────────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├────────────────────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├────────────────────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├────────────────────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├────────────────────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├────────────────────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
├────────────────────────┼──────────┼────────────┼─────────┼─────┼────────┼────────┼────────┼───────────┼───────────┼───────────┼─────────┼───────────┼───────────┼────────┤
└────────────────────────┴──────────┴────────────┴─────────┴─────┴────────┴────────┴────────┴───────────┴───────────┴───────────┴─────────┴───────────┴───────────┴────────┘
Functions
These are features that are performed against a specific cloud provider, and require the name of the
provider to be passed in. For example:
# salt-cloud -f list_images my_digitalocean
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Functions AWS CloudStack Digital EC2 GoGrid JoyEnt Linode OpenStack Parallels Rackspace Saltify Softlayer Softlayer Aliyun
(Legacy) Ocean (Legacy) Hardware
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
block_device_mappings Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
create_keypair Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
create_volume Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
delete_key Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
delete_keypair Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
delete_volume Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
get_image Yes Yes Yes Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
get_ip Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
get_key Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
get_keyid Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
get_keypair Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
get_networkid Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
get_node Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
get_password Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
get_size Yes Yes Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
get_spot_config Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
get_subnetid Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
iam_profile Yes Yes Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
import_key Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
key_list Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
keyname Yes Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
list_availability_zones Yes Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
list_custom_images Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
list_keys Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
list_nodes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
list_nodes_full Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
list_nodes_select Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
list_vlans Yes Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
rackconnect Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
reboot Yes Yes Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
reformat_node Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
securitygroup Yes Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
securitygroupid Yes Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
show_image Yes Yes Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
show_key Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
show_keypair Yes Yes
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
show_volume Yes Yes
┌─────────────────────────┬──────────┬────────────┬─────────┬─────┬────────┬────────┬────────┬───────────┬───────────┬───────────┬─────────┬───────────┬───────────┬────────┐
│ Tutorials │ │ │ │ │ │ │ │ │ │ │ │ │ │ │
│ Salt Cloud Quickstart │ │ │ │ │ │ │ │ │ │ │ │ │ │ │
--
SALT PROXY MINION
Proxy minions are a developing Salt feature that enables controlling devices that, for whatever reason,
cannot run a standard salt-minion. Examples include network gear that has an API but runs a proprietary
OS, devices with limited CPU or memory, or devices that could run a minion, but for security reasons,
will not.
Proxy minions are not an "out of the box" feature. Because there are an infinite number of controllable
devices, you will most likely have to write the interface yourself. Fortunately, this is only as
difficult as the actual interface to the proxied device. Devices that have an existing Python module
(PyUSB for example) would be relatively simple to interface. Code to control a device that has an HTML
REST-based interface should be easy. Code to control your typical housecat would be excellent source
material for a PhD thesis.
Salt proxy-minions provide the 'plumbing' that allows device enumeration and discovery, control, status,
remote execution, and state management.
See the Proxy Minion Walkthrough for an end-to-end demonstration of a working REST-based proxy minion.
See the Proxy Minion SSH Walkthrough for an end-to-end demonstration of a working SSH proxy minion.
See Proxyminion States to configure and run salt-proxy on a remote minion. Specify all your master side
proxy (pillar) configuration and use this state to remotely configure proxies on one or more minions.
See Proxyminion Beacon to help with easy configuration and management of salt-proxy processes.
New in 2017.7.0
The proxy_merge_grains_in_module configuration variable introduced in 2016.3, has been changed,
defaulting to True.
The connection with the remote device is kept alive by default, when the module implements the alive
function and proxy_keep_alive is set to True. The polling interval is set using the
proxy_keep_alive_interval option which defaults to 1 minute.
The developers are also able to use the proxy_always_alive, when designing a proxy module flexible enough
to open the connection with the remote device only when required.
New in 2016.11.0
Proxy minions now support configuration files with names ending in '
*
.conf' and placed in /etc/salt/proxy.d.
Proxy minions can now be configured in /etc/salt/proxy or /etc/salt/proxy.d instead of just pillar.
Configuration format is the same as it would be in pillar.
New in 2016.3
The deprecated config option enumerate_proxy_minions has been removed.
As mentioned in earlier documentation, the add_proxymodule_to_opts configuration variable defaults to
False in this release. This means if you have proxymodules or other code looking in
__opts__['proxymodule'] you will need to set this variable in your /etc/salt/proxy file, or modify your
code to use the __proxy__ injected variable.
The __proxyenabled__ directive now only applies to grains and proxy modules themselves. Standard
execution modules and state modules are not prevented from loading for proxy minions.
Enhancements in grains processing have made the __proxyenabled__ directive somewhat redundant in dynamic
grains code. It is still required, but best practices for the __virtual__ function in grains files have
changed. It is now recommended that the __virtual__ functions check to make sure they are being loaded
for the correct proxytype, example below:
def __virtual__():
'''
Only work on proxy
'''
try:
if salt.utils.is_proxy() and \
__opts__['proxy']['proxytype'] == 'ssh_sample':
return __virtualname__
except KeyError:
pass
return False
The try/except block above exists because grains are processed very early in the proxy minion startup
process, sometimes earlier than the proxy key in the __opts__ dictionary is populated.
Grains are loaded so early in startup that no dunder dictionaries are present, so __proxy__, __salt__,
etc. are not available. Custom grains located in /srv/salt/_grains and in the salt install grains
directory can now take a single argument, proxy, that is identical to __proxy__. This enables patterns
like
def get_ip(proxy):
'''
Ask the remote device what IP it has
'''
return {'ip':proxy['proxymodulename.get_ip']()}
Then the grain ip will contain the result of calling the get_ip() function in the proxymodule called
proxymodulename.
Proxy modules now benefit from including a function called initialized(). This function should return
True if the proxy's init() function has been successfully called. This is needed to make grains
processing easier.
Finally, if there is a function called grains in the proxymodule, it will be executed on proxy-minion
startup and its contents will be merged with the rest of the proxy's grains. Since older proxy-minions
might have used other methods to call such a function and add its results to grains, this is config-gated
by a new proxy configuration option called proxy_merge_grains_in_module. This defaults to True in the
2017.7.0 release.
New in 2015.8.2
BREAKING CHANGE: Adding the proxymodule variable to __opts__ is deprecated. The proxymodule variable
has been moved a new globally-injected variable called __proxy__. A related configuration option called
add_proxymodule_to_opts has been added and defaults to True. In the next major release, 2016.3.0, this
variable will default to False.
In the meantime, proxies that functioned under 2015.8.0 and .1 should continue to work under 2015.8.2.
You should rework your proxy code to use __proxy__ as soon as possible.
The rest_sample example proxy minion has been updated to use __proxy__.
This change was made because proxymodules are a LazyLoader object, but LazyLoaders cannot be serialized.
__opts__ gets serialized, and so things like saltutil.sync_all and state.highstate would throw
exceptions.
Support has been added to Salt's loader allowing custom proxymodules to be placed in salt://_proxy.
Proxy minions that need these modules will need to be restarted to pick up any changes. A corresponding
utility function, saltutil.sync_proxymodules, has been added to sync these modules to minions.
In addition, a salt.utils helper function called is_proxy() was added to make it easier to tell when the
running minion is a proxy minion.
New in 2015.8
Starting with the 2015.8 release of Salt, proxy processes are no longer forked off from a controlling
minion. Instead, they have their own script salt-proxy which takes mostly the same arguments that the
standard Salt minion does with the addition of --proxyid. This is the id that the salt-proxy will use to
identify itself to the master. Proxy configurations are still best kept in Pillar and their format has
not changed.
This change allows for better process control and logging. Proxy processes can now be listed with
standard process management utilities (ps from the command line). Also, a full Salt minion is no longer
required (though it is still strongly recommended) on machines hosting proxies.
Getting Started
The following diagram may be helpful in understanding the structure of a Salt installation that includes
proxy-minions: [image]
The key thing to remember is the left-most section of the diagram. Salt's nature is to have a minion
connect to a master, then the master may control the minion. However, for proxy minions, the target
device cannot run a minion.
After the proxy minion is started and initiates its connection to the 'dumb' device, it connects back to
the salt-master and for all intents and purposes looks like just another minion to the Salt master.
To create support for a proxied device one needs to create four things:
1. The proxy_connection_module (located in salt/proxy).
2. The grains support code (located in salt/grains).
3. Salt modules specific to the controlled device.
4. Salt states specific to the controlled device.
Configuration parameters
Proxy minions require no configuration parameters in /etc/salt/master.
Salt's Pillar system is ideally suited for configuring proxy-minions (though they can be configured in
/etc/salt/proxy as well). Proxies can either be designated via a pillar file in pillar_roots, or through
an external pillar. External pillars afford the opportunity for interfacing with a configuration
management system, database, or other knowledgeable system that that may already contain all the details
of proxy targets. To use static files in pillar_roots, pattern your files after the following examples,
which are based on the diagram above:
/srv/pillar/top.sls
base:
dumbdevice1:
- dumbdevice1
dumbdevice2:
- dumbdevice2
dumbdevice3:
- dumbdevice3
dumbdevice4:
- dumbdevice4
dumbdevice5:
- dumbdevice5
dumbdevice6:
- dumbdevice6
dumbdevice7:
- dumbdevice7
/srv/pillar/dumbdevice1.sls
proxy:
proxytype: networkswitch
host: 172.23.23.5
username: root
passwd: letmein
/srv/pillar/dumbdevice2.sls
proxy:
proxytype: networkswitch
host: 172.23.23.6
username: root
passwd: letmein
/srv/pillar/dumbdevice3.sls
proxy:
proxytype: networkswitch
host: 172.23.23.7
username: root
passwd: letmein
/srv/pillar/dumbdevice4.sls
proxy:
proxytype: i2c_lightshow
i2c_address: 1
/srv/pillar/dumbdevice5.sls
proxy:
proxytype: i2c_lightshow
i2c_address: 2
/srv/pillar/dumbdevice6.sls
proxy:
proxytype: 433mhz_wireless
/srv/pillar/dumbdevice7.sls
proxy:
proxytype: sms_serial
deventry: /dev/tty04
Note the contents of each minioncontroller key may differ widely based on the type of device that the
proxy-minion is managing.
In the above example
• dumbdevices 1, 2, and 3 are network switches that have a management interface available at a particular
IP address.
• dumbdevices 4 and 5 are very low-level devices controlled over an i2c bus. In this case the devices
are physically connected to machine 'minioncontroller2', and are addressable on the i2c bus at their
respective i2c addresses.
• dumbdevice6 is a 433 MHz wireless transmitter, also physically connected to minioncontroller2
• dumbdevice7 is an SMS gateway connected to machine minioncontroller3 via a serial port.
Because of the way pillar works, each of the salt-proxy processes that fork off the proxy minions will
only see the keys specific to the proxies it will be handling.
Proxies can be configured in /etc/salt/proxy or with files in /etc/salt/proxy.d as of Salt's 2016.11.0
release.
Also, in general, proxy-minions are lightweight, so the machines that run them could conceivably control
a large number of devices. To run more than one proxy from a single machine, simply start an additional
proxy process with --proxyid set to the id to which you want the proxy to bind. It is possible for the
proxy services to be spread across many machines if necessary, or intentionally run on machines that need
to control devices because of some physical interface (e.g. i2c and serial above). Another reason to
divide proxy services might be security. In more secure environments only certain machines may have a
network path to certain devices.
Proxymodules
A proxy module encapsulates all the code necessary to interface with a device. Proxymodules are located
inside the salt.proxy module, or can be placed in the _proxy directory in your file_roots (default is
/srv/salt/_proxy. At a minimum a proxymodule object must implement the following functions:
__virtual__(): This function performs the same duty that it does for other types of Salt modules. Logic
goes here to determine if the module can be loaded, checking for the presence of Python modules on which
the proxy depends. Returning False will prevent the module from loading.
init(opts): Perform any initialization that the device needs. This is a good place to bring up a
persistent connection to a device, or authenticate to create a persistent authorization token.
initialized(): Returns True if init() was successfully called.
shutdown(): Code to cleanly shut down or close a connection to a controlled device goes here. This
function must exist, but can contain only the keyword pass if there is no shutdown logic required.
ping(): While not required, it is highly recommended that this function also be defined in the
proxymodule. The code for ping should contact the controlled device and make sure it is really available.
alive(opts): Another optional function, it is used together with the proxy_keep_alive option (default:
True). This function should return a boolean value corresponding to the state of the connection. If the
connection is down, will try to restart (shutdown followed by init). The polling frequency is controlled
using the proxy_keep_alive_interval option, in minutes.
grains(): Rather than including grains in /srv/salt/_grains or in the standard install directories for
grains, grains can be computed and returned by this function. This function will be called automatically
if proxy_merge_grains_in_module is set to True in /etc/salt/proxy. This variable defaults to True in the
release code-named 2017.7.0.
Pre 2015.8 the proxymodule also must have an id() function. 2015.8 and following don't use this function
because the proxy's id is required on the command line.
Here is an example proxymodule used to interface to a very simple REST server. Code for the server is in
the salt-contrib GitHub repository
This proxymodule enables "service" enumeration, starting, stopping, restarting, and status; "package"
installation, and a ping.
# -*- coding: utf-8 -*-
'''
This is a simple proxy-minion designed to connect to and communicate with
the bottle-based web service contained in https://github.com/saltstack/salt-contrib/tree/master/proxyminion_rest_example
'''
from __future__ import absolute_import
# Import python libs
import logging
import salt.utils.http
HAS_REST_EXAMPLE = True
# This must be present or the Salt loader won't load this module
__proxyenabled__ = ['rest_sample']
# Variables are scoped to this module so we can have persistent data
# across calls to fns in here.
GRAINS_CACHE = {}
DETAILS = {}
# Want logging!
log = logging.getLogger(__file__)
# This does nothing, it's here just as an example and to provide a log
# entry when the module is loaded.
def __virtual__():
'''
Only return if all the modules are available
'''
log.debug('rest_sample proxy __virtual__() called...')
return True
def _complicated_function_that_determines_if_alive():
return True
# Every proxy module needs an 'init', though you can
# just put DETAILS['initialized'] = True here if nothing
# else needs to be done.
def init(opts):
log.debug('rest_sample proxy init() called...')
DETAILS['initialized'] = True
# Save the REST URL
DETAILS['url'] = opts['proxy']['url']
# Make sure the REST URL ends with a '/'
if not DETAILS['url'].endswith('/'):
DETAILS['url'] += '/'
def alive(opts):
'''
This function returns a flag with the connection state.
It is very useful when the proxy minion establishes the communication
via a channel that requires a more elaborated keep-alive mechanism, e.g.
NETCONF over SSH.
'''
log.debug('rest_sample proxy alive() called...')
return _complicated_function_that_determines_if_alive()
def initialized():
'''
Since grains are loaded in many different places and some of those
places occur before the proxy can be initialized, return whether
our init() function has been called
'''
return DETAILS.get('initialized', False)
def grains():
'''
Get the grains from the proxied device
'''
if not DETAILS.get('grains_cache', {}):
r = salt.utils.http.query(DETAILS['url']+'info', decode_type='json', decode=True)
DETAILS['grains_cache'] = r['dict']
return DETAILS['grains_cache']
def grains_refresh():
'''
Refresh the grains from the proxied device
'''
DETAILS['grains_cache'] = None
return grains()
def fns():
return {'details': 'This key is here because a function in '
'grains/rest_sample.py called fns() here in the proxymodule.'}
def service_start(name):
'''
Start a "service" on the REST server
'''
r = salt.utils.http.query(DETAILS['url']+'service/start/'+name, decode_type='json', decode=True)
return r['dict']
def service_stop(name):
'''
Stop a "service" on the REST server
'''
r = salt.utils.http.query(DETAILS['url']+'service/stop/'+name, decode_type='json', decode=True)
return r['dict']
def service_restart(name):
'''
Restart a "service" on the REST server
'''
r = salt.utils.http.query(DETAILS['url']+'service/restart/'+name, decode_type='json', decode=True)
return r['dict']
def service_list():
'''
List "services" on the REST server
'''
r = salt.utils.http.query(DETAILS['url']+'service/list', decode_type='json', decode=True)
return r['dict']
def service_status(name):
'''
Check if a service is running on the REST server
'''
r = salt.utils.http.query(DETAILS['url']+'service/status/'+name, decode_type='json', decode=True)
return r['dict']
def package_list():
'''
List "packages" installed on the REST server
'''
r = salt.utils.http.query(DETAILS['url']+'package/list', decode_type='json', decode=True)
return r['dict']
def package_install(name, **kwargs):
'''
Install a "package" on the REST server
'''
cmd = DETAILS['url']+'package/install/'+name
if kwargs.get('version', False):
cmd += '/'+kwargs['version']
else:
cmd += '/1.0'
r = salt.utils.http.query(cmd, decode_type='json', decode=True)
return r['dict']
def fix_outage():
r = salt.utils.http.query(DETAILS['url']+'fix_outage')
return r
def uptodate(name):
'''
Call the REST endpoint to see if the packages on the "server" are up to date.
'''
r = salt.utils.http.query(DETAILS['url']+'package/remove/'+name, decode_type='json', decode=True)
return r['dict']
def package_remove(name):
'''
Remove a "package" on the REST server
'''
r = salt.utils.http.query(DETAILS['url']+'package/remove/'+name, decode_type='json', decode=True)
return r['dict']
def package_status(name):
'''
Check the installation status of a package on the REST server
'''
r = salt.utils.http.query(DETAILS['url']+'package/status/'+name, decode_type='json', decode=True)
return r['dict']
def ping():
'''
Is the REST server up?
'''
r = salt.utils.http.query(DETAILS['url']+'ping', decode_type='json', decode=True)
try:
return r['dict'].get('ret', False)
except Exception:
return False
def shutdown(opts):
'''
For this proxy shutdown is a no-op
'''
log.debug('rest_sample proxy shutdown() called...')
Grains are data about minions. Most proxied devices will have a paltry amount of data as compared to a
typical Linux server. By default, a proxy minion will have several grains taken from the host. Salt
core code requires values for kernel, os, and os_family--all of these are forced to be proxy for
proxy-minions.
To add others to your proxy minion for a particular device, create a file in salt/grains named
[proxytype].py and place inside it the different functions that need to be run to collect the data you
are interested in. Here's an example. Note the function below called proxy_functions. It demonstrates
how a grains function can take a single argument, which will be set to the value of __proxy__. Dunder
variables are not yet injected into Salt processes at the time grains are loaded, so this enables us to
get a handle to the proxymodule so we can cross-call the functions therein used to commmunicate with the
controlled device.
Note that as of 2016.3, grains values can also be calculated in a function called grains() in the
proxymodule itself. This might be useful if a proxymodule author wants to keep all the code for the
proxy interface in the same place instead of splitting it between the proxy and grains directories.
This function will only be called automatically if the configuration variable
proxy_merge_grains_in_module is set to True in the proxy configuration file (default /etc/salt/proxy).
This variable defaults to True in the release code-named 2017.7.0.
The __proxyenabled__ directive
In previous versions of Salt the __proxyenabled__ directive controlled loading of all Salt modules for
proxies (e.g. grains, execution modules, state modules). From 2016.3 on, the only modules that respect
__proxyenabled__ are grains and proxy modules. These modules need to be told which proxy they work with.
__proxyenabled__ is a list, and can contain a single '*' to indicate a grains module works with all
proxies.
Example from salt/grains/rest_sample.py:
# -*- coding: utf-8 -*-
'''
Generate baseline proxy minion grains
'''
from __future__ import absolute_import
import salt.utils
__proxyenabled__ = ['rest_sample']
__virtualname__ = 'rest_sample'
def __virtual__():
try:
if salt.utils.is_proxy() and __opts__['proxy']['proxytype'] == 'rest_sample':
return __virtualname__
except KeyError:
pass
return False
Salt Proxy Minion End-to-End Example
The following is walkthrough that documents how to run a sample REST service and configure one or more
proxy minions to talk to and control it.
1. Ideally, create a Python virtualenv in which to run the REST service. This is not strictly required,
but without a virtualenv you will need to install bottle via pip globally on your system
2. Clone https://github.com/saltstack/salt-contrib and copy the contents of the directory
proxyminion_rest_example somewhere on a machine that is reachable from the machine on which you want
to run the salt-proxy. This machine needs Python 2.7 or later.
3. Install bottle version 0.12.8 via pip or easy_install
pip install bottle==0.12.8
4. Run python rest.py --help for usage
5. Start the REST API on an appropriate port and IP.
6. Load the REST service's status page in your browser by going to the IP/port combination (e.g.
http://127.0.0.1:8000)
7. You should see a page entitled "Salt Proxy Minion" with two sections, one for "services" and one for
"packages" and you should see a log entry in the terminal where you started the REST process
indicating that the index page was retrieved.
[image]
Now, configure your salt-proxy.
1. Edit /etc/salt/proxy and add an entry for your master's location
master: localhost
2. On your salt-master, ensure that pillar is configured properly. Select an ID for your proxy (in this
example we will name the proxy with the letter 'p' followed by the port the proxy is answering on).
In your pillar topfile, place an entry for your proxy:
base:
'p8000':
- p8000
This says that Salt's pillar should load some values for the proxy p8000 from the file
/srv/pillar/p8000.sls (if you have not changed your default pillar_roots)
3. In the pillar root for your base environment, create this file:
p8000.sls
---------
proxy:
proxytype: rest_sample
url: http://<IP your REST listens on>:port
In other words, if your REST service is listening on port 8000 on 127.0.0.1 the 'url' key above should
say url: http://127.0.0.1:8000
4. Make sure your salt-master is running.
5. Start the salt-proxy in debug mode
salt-proxy --proxyid=p8000 -l debug
6. Accept your proxy's key on your salt-master
salt-key -y -a p8000
The following keys are going to be accepted:
Unaccepted Keys:
p8000
Key for minion p8000 accepted.
7. Now you should be able to ping your proxy. When you ping, you should see a log entry in the terminal
where the REST service is running.
salt p8000 test.ping
8. The REST service implements a degenerately simple pkg and service provider as well as a small set of
grains. To "install" a package, use a standard pkg.install. If you pass '==' and a verrsion number
after the package name then the service will parse that and accept that as the package's version.
9. Try running salt p8000 grains.items to see what grains are available. You can target proxies via
grains if you like.
10.
You can also start and stop the available services (apache, redbull, and postgresql with
service.start, etc.
11.
States can be written to target the proxy. Feel free to experiment with them.
SSH Proxymodules
See above for a general introduction to writing proxy modules. All of the guidelines that apply to REST
are the same for SSH. This sections specifically talks about the SSH proxy module and explains the
working of the example proxy module ssh_sample.
Here is a simple example proxymodule used to interface to a device over SSH. Code for the SSH shell is
in the salt-contrib GitHub repository
This proxymodule enables "package" installation.
# -*- coding: utf-8 -*-
'''
This is a simple proxy-minion designed to connect to and communicate with
a server that exposes functionality via SSH.
This can be used as an option when the device does not provide
an api over HTTP and doesn't have the python stack to run a minion.
'''
from __future__ import absolute_import
# Import python libs
import json
import logging
# Import Salt's libs
from salt.utils.vt_helper import SSHConnection
from salt.utils.vt import TerminalException
# This must be present or the Salt loader won't load this module
__proxyenabled__ = ['ssh_sample']
DETAILS = {}
# Want logging!
log = logging.getLogger(__file__)
# This does nothing, it's here just as an example and to provide a log
# entry when the module is loaded.
def __virtual__():
'''
Only return if all the modules are available
'''
log.info('ssh_sample proxy __virtual__() called...')
return True
def init(opts):
'''
Required.
Can be used to initialize the server connection.
'''
try:
DETAILS['server'] = SSHConnection(host=__opts__['proxy']['host'],
username=__opts__['proxy']['username'],
password=__opts__['proxy']['password'])
# connected to the SSH server
out, err = DETAILS['server'].sendline('help')
except TerminalException as e:
log.error(e)
return False
def shutdown(opts):
'''
Disconnect
'''
DETAILS['server'].close_connection()
def parse(out):
'''
Extract json from out.
Parameter
out: Type string. The data returned by the
ssh command.
'''
jsonret = []
in_json = False
for ln_ in out.split('\n'):
if '{' in ln_:
in_json = True
if in_json:
jsonret.append(ln_)
if '}' in ln_:
in_json = False
return json.loads('\n'.join(jsonret))
def package_list():
'''
List "packages" by executing a command via ssh
This function is called in response to the salt command
..code-block::bash
salt target_minion pkg.list_pkgs
'''
# Send the command to execute
out, err = DETAILS['server'].sendline('pkg_list')
# "scrape" the output and return the right fields as a dict
return parse(out)
def package_install(name, **kwargs):
'''
Install a "package" on the REST server
'''
cmd = 'pkg_install ' + name
if 'version' in kwargs:
cmd += '/'+kwargs['version']
else:
cmd += '/1.0'
# Send the command to execute
out, err = DETAILS['server'].sendline(cmd)
# "scrape" the output and return the right fields as a dict
return parse(out)
def package_remove(name):
'''
Remove a "package" on the REST server
'''
cmd = 'pkg_remove ' + name
# Send the command to execute
out, err = DETAILS['server'].sendline(cmd)
# "scrape" the output and return the right fields as a dict
return parse(out)
Connection Setup
The init() method is responsible for connection setup. It uses the host, username and password config
variables defined in the pillar data. The prompt kwarg can be passed to SSHConnection if your SSH
server's prompt differs from the example's prompt (Cmd). Instantiating the SSHConnection class
establishes an SSH connection to the ssh server (using Salt VT).
Command execution
The package_* methods use the SSH connection (established in init()) to send commands out to the SSH
server. The sendline() method of SSHConnection class can be used to send commands out to the server. In
the above example we send commands like pkg_list or pkg_install. You can send any SSH command via this
utility.
Output parsing
Output returned by sendline() is a tuple of strings representing the stdout and the stderr respectively.
In the toy example shown we simply scrape the output and convert it to a python dictionary, as shown in
the parse method. You can tailor this method to match your parsing logic.
Connection teardown
The shutdown method is responsible for calling the close_connection() method of SSHConnection class. This
ends the SSH connection to the server.
For more information please refer to class SSHConnection.
Salt Proxy Minion SSH End-to-End Example
The following is walkthrough that documents how to run a sample SSH service and configure one or more
proxy minions to talk to and control it.
1. This walkthrough uses a custom SSH shell to provide an end to end example. Any other shells can be
used too.
2. Setup the proxy command shell as shown
https://github.com/saltstack/salt-contrib/tree/master/proxyminion_ssh_example
Now, configure your salt-proxy.
1. Edit /etc/salt/proxy and add an entry for your master's location
master: localhost
multiprocessing: False
2. On your salt-master, ensure that pillar is configured properly. Select an ID for your proxy (in this
example we will name the proxy with the letter 'p' followed by the port the proxy is answering on).
In your pillar topfile, place an entry for your proxy:
base:
'p8000':
- p8000
This says that Salt's pillar should load some values for the proxy p8000 from the file
/srv/pillar/p8000.sls (if you have not changed your default pillar_roots)
3. In the pillar root for your base environment, create this file:
p8000.sls
---------
proxy:
proxytype: ssh_sample
host: saltyVM
username: salt
password: badpass
4. Make sure your salt-master is running.
5. Start the salt-proxy in debug mode
salt-proxy --proxyid=p8000 -l debug
6. Accept your proxy's key on your salt-master
salt-key -y -a p8000
The following keys are going to be accepted:
Unaccepted Keys:
p8000
Key for minion p8000 accepted.
7. Now you should be able to run commands on your proxy.
salt p8000 pkg.list_pkgs
8. The SSH shell implements a degenerately simple pkg. To "install" a package, use a standard
pkg.install. If you pass '==' and a verrsion number after the package name then the service will
parse that and accept that as the package's version.
New in version 2015.8.3.
Proxy Minion Beacon
The salt proxy beacon is meant to facilitate configuring multiple proxies on one or many minions. This
should simplify configuring and managing multiple salt-proxy processes.
1. On your salt-master, ensure that pillar is configured properly. Select an ID for your proxy (in this
example we will name the proxy 'p8000'). In your pillar topfile, place an entry for your proxy:
base:
'p8000':
- p8000
This says that Salt's pillar should load some values for the proxy p8000 from the file
/srv/pillar/p8000.sls (if you have not changed your default pillar_roots)
2. In the pillar root for your base environment, create this file:
p8000.sls
---------
proxy:
# set proxytype for your proxymodule
proxytype: ssh_sample
host: saltyVM
username: salt
password: badpass
This should complete the proxy setup for p8000
3. Configure the salt_proxy beacon
beacons:
salt_proxy:
- p8000: {}
Once this beacon is configured it will automatically start the salt-proxy process. If the salt-proxy
process is terminated the beacon will re-start it.
4. Accept your proxy's key on your salt-master
salt-key -y -a p8000
The following keys are going to be accepted:
Unaccepted Keys:
p8000
Key for minion p8000 accepted.
5. Now you should be able to run commands on your proxy.
salt p8000 pkg.list_pkgs
New in version 2015.8.2.
Proxy Minion States
Salt proxy state can be used to deploy, configure and run a salt-proxy instance on your minion. Configure
proxy settings on the master side and the state configures and runs salt-proxy on the remote end.
1. On your salt-master, ensure that pillar is configured properly. Select an ID for your proxy (in this
example we will name the proxy 'p8000'). In your pillar topfile, place an entry for your proxy:
base:
'p8000':
- p8000
This says that Salt's pillar should load some values for the proxy p8000 from the file
/srv/pillar/p8000.sls (if you have not changed your default pillar_roots)
2. In the pillar root for your base environment, create this file:
p8000.sls
---------
proxy:
# set proxytype for your proxymodule
proxytype: ssh_sample
host: saltyVM
username: salt
password: badpass
3. Create the following state in your state tree (let's name it salt_proxy.sls)
salt-proxy-configure:
salt_proxy.configure_proxy:
- proxyname: p8000
- start: True # start the process if it isn't running
4. Make sure your salt-master and salt-minion are running.
5. Run the state salt_proxy on the minion where you want to run salt-proxy
Example using state.sls to configure and run salt-proxy
# salt device_minion state.sls salt_proxy
This starts salt-proxy on device_minion
6. Accept your proxy's key on your salt-master
salt-key -y -a p8000
The following keys are going to be accepted:
Unaccepted Keys:
p8000
Key for minion p8000 accepted.
7. Now you should be able to run commands on your proxy.
salt p8000 pkg.list_pkgs
ESXi Proxy Minion
New in version 2015.8.4.
NOTE:
This tutorial assumes basic knowledge of Salt. To get up to speed, check out the Salt Walkthrough.
This tutorial also assumes a basic understanding of Salt Proxy Minions. If you're unfamiliar with
Salt's Proxy Minion system, please read the Salt Proxy Minion documentation and the Salt Proxy Minion
End-to-End Example tutorial.
The third assumption that this tutorial makes is that you also have a basic understanding of ESXi
hosts. You can learn more about ESXi hosts on VMware's various resources.
Salt's ESXi Proxy Minion allows a VMware ESXi host to be treated as an individual Salt Minion, without
installing a Salt Minion on the ESXi host.
Since an ESXi host may not necessarily run on an OS capable of hosting a Python stack, the ESXi host
can't run a regular Salt Minion directly. Therefore, Salt's Proxy Minion functionality enables you to
designate another machine to host a proxy process that "proxies" communication from the Salt Master to
the ESXi host. The master does not know or care that the ESXi target is not a "real" Salt Minion.
More in-depth conceptual reading on Proxy Minions can be found in the Proxy Minion section of Salt's
documentation.
Salt's ESXi Proxy Minion was added in the 2015.8.4 release of Salt.
NOTE:
Be aware that some functionality for the ESXi Proxy Minion may depend on the type of license attached
the ESXi host(s).
For example, certain services are only available to manipulate service state or policies with a VMware
vSphere Enterprise or Enterprise Plus license, while others are available with a Standard license. The
ntpd service is restricted to an Enterprise Plus license, while ssh is available via the Standard
license.
Please see the vSphere Comparison page for more information.
Dependencies
Manipulation of the ESXi host via a Proxy Minion requires the machine running the Proxy Minion process to
have the ESXCLI package (and all of it's dependencies) and the pyVmomi Python Library to be installed.
ESXi Password
The ESXi Proxy Minion uses VMware's API to perform tasks on the host as if it was a regular Salt Minion.
In order to access the API that is already running on the ESXi host, the ESXi host must have a username
and password that is used to log into the host. The username is usually root. Before Salt can access the
ESXi host via VMware's API, a default password must be set on the host.
pyVmomi
The pyVmomi Python library must be installed on the machine that is running the proxy process. pyVmomi
can be installed via pip:
pip install pyVmomi
NOTE:
Version 6.0 of pyVmomi has some problems with SSL error handling on certain versions of Python. If
using version 6.0 of pyVmomi, the machine that you are running the proxy minion process from must have
either Python 2.6, Python 2.7.9, or newer. This is due to an upstream dependency in pyVmomi 6.0 that
is not supported in Python version 2.7 to 2.7.8. If the version of Python running the proxy process is
not in the supported range, you will need to install an earlier version of pyVmomi. See Issue #29537
for more information.
Based on the note above, to install an earlier version of pyVmomi than the version currently listed in
PyPi, run the following:
pip install pyVmomi==5.5.0.2014.1.1
The 5.5.0.2014.1.1 is a known stable version that the original ESXi Proxy Minion was developed against.
ESXCLI
Currently, about a third of the functions used for the ESXi Proxy Minion require the ESXCLI package be
installed on the machine running the Proxy Minion process.
The ESXCLI package is also referred to as the VMware vSphere CLI, or vCLI. VMware provides vCLI package
installation instructions for vSphere 5.5 and vSphere 6.0.
Once all of the required dependencies are in place and the vCLI package is installed, you can check to
see if you can connect to your ESXi host by running the following command:
esxcli -s <host-location> -u <username> -p <password> system syslog config get
If the connection was successful, ESXCLI was successfully installed on your system. You should see
output related to the ESXi host's syslog configuration.
Configuration
There are several places where various configuration values need to be set in order for the ESXi Proxy
Minion to run and connect properly.
Proxy Config File
On the machine that will be running the Proxy Minon process(es), a proxy config file must be in place.
This file should be located in the /etc/salt/ directory and should be named proxy. If the file is not
there by default, create it.
This file should contain the location of your Salt Master that the Salt Proxy will connect to.
Example Proxy Config File:
# /etc/salt/proxy
master: <salt-master-location>
Pillar Profiles
Proxy minions get their configuration from Salt's Pillar. Every proxy must have a stanza in Pillar and a
reference in the Pillar top-file that matches the Proxy ID. At a minimum for communication with the ESXi
host, the pillar should look like this:
proxy:
proxytype: esxi
host: <ip or dns name of esxi host>
username: <ESXi username>
passwords:
- first_password
- second_password
- third_password
Some other optional settings are protocol and port. These can be added to the pillar configuration.
proxytype
The proxytype key and value pair is critical, as it tells Salt which interface to load from the proxy
directory in Salt's install hierarchy, or from /srv/salt/_proxy on the Salt Master (if you have created
your own proxy module, for example). To use this ESXi Proxy Module, set this to esxi.
host
The location, or ip/dns, of the ESXi host. Required.
username
The username used to login to the ESXi host, such as root. Required.
passwords
A list of passwords to be used to try and login to the ESXi host. At least one password in this list is
required.
The proxy integration will try the passwords listed in order. It is configured this way so you can have a
regular password and the password you may be updating for an ESXi host either via the
vsphere.update_host_password execution module function or via the esxi.password_present state function.
This way, after the password is changed, you should not need to restart the proxy minion--it should just
pick up the new password provided in the list. You can then change pillar at will to move that password
to the front and retire the unused ones.
Use-case/reasoning for using a list of passwords: You are setting up an ESXi host for the first time, and
the host comes with a default password. You know that you'll be changing this password during your
initial setup from the default to a new password. If you only have one password option, and if you have a
state changing the password, any remote execution commands or states that run after the password change
will not be able to run on the host until the password is updated in Pillar and the Proxy Minion process
is restarted.
This allows you to use any number of potential fallback passwords.
NOTE:
When a password is changed on the host to one in the list of possible passwords, the further down on
the list the password is, the longer individual commands will take to return. This is due to the
nature of pyVmomi's login system. We have to wait for the first attempt to fail before trying the next
password on the list.
This scenario is especially true, and even slower, when the proxy minion first starts. If the correct
password is not the first password on the list, it may take up to a minute for test.ping to respond
with a True result. Once the initial authorization is complete, the responses for commands will be a
little faster.
To avoid these longer waiting periods, SaltStack recommends moving the correct password to the top of
the list and restarting the proxy minion at your earliest convenience.
protocol
If the ESXi host is not using the default protocol, set this value to an alternate protocol. Default is
https. For example:
port
If the ESXi host is not using the default port, set this value to an alternate port. Default is 443.
Example Configuration Files
An example of all of the basic configurations that need to be in place before starting the Proxy Minion
processes includes the Proxy Config File, Pillar Top File, and any individual Proxy Minion Pillar files.
In this example, we'll assuming there are two ESXi hosts to connect to. Therefore, we'll be creating two
Proxy Minion config files, one config for each ESXi host.
Proxy Config File:
# /etc/salt/proxy
master: <salt-master-location>
Pillar Top File:
# /srv/pillar/top.sls
base:
'esxi-1':
- esxi-1
'esxi-2':
- esxi-2
Pillar Config File for the first ESXi host, esxi-1:
# /srv/pillar/esxi-1.sls
proxy:
proxytype: esxi
host: esxi-1.example.com
username: 'root'
passwords:
- bad-password-1
- backup-bad-password-1
Pillar Config File for the second ESXi host, esxi-2:
# /srv/pillar/esxi-2.sls
proxy:
proxytype: esxi
host: esxi-2.example.com
username: 'root'
passwords:
- bad-password-2
- backup-bad-password-2
Starting the Proxy Minion
Once all of the correct configuration files are in place, it is time to start the proxy processes!
1. First, make sure your Salt Master is running.
2. Start the first Salt Proxy, in debug mode, by giving the Proxy Minion process and ID that matches the
config file name created in the Configuration section.
salt-proxy --proxyid='esxi-1' -l debug
1. Accept the esxi-1 Proxy Minion's key on the Salt Master:
# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
esxi-1
Rejected Keys:
#
# salt-key -a esxi-1
The following keys are going to be accepted:
Unaccepted Keys:
esxi-1
Proceed? [n/Y] y
Key for minion esxi-1 accepted.
1. Repeat for the second Salt Proxy, this time we'll run the proxy process as a daemon, as an example.
salt-proxy --proxyid='esxi-2' -d
1. Accept the esxi-2 Proxy Minion's key on the Salt Master:
# salt-key -L
Accepted Keys:
esxi-1
Denied Keys:
Unaccepted Keys:
esxi-2
Rejected Keys:
#
# salt-key -a esxi-1
The following keys are going to be accepted:
Unaccepted Keys:
esxi-2
Proceed? [n/Y] y
Key for minion esxi-1 accepted.
1. Check and see if your Proxy Minions are responding:
# salt 'esxi-*' test.ping
esxi-1:
True
esxi-3:
True
Executing Commands
Now that you've configured your Proxy Minions and have them responding successfully to a test.ping, we
can start executing commands against the ESXi hosts via Salt.
It's important to understand how this particular proxy works, and there are a couple of important pieces
to be aware of in order to start running remote execution and state commands against the ESXi host via a
Proxy Minion: the vSphere Execution Module, the ESXi Execution Module, and the ESXi State Module.
vSphere Execution Module
The Salt.modules.vsphere is a standard Salt execution module that does the bulk of the work for the ESXi
Proxy Minion. If you pull up the docs for it you'll see that almost every function in the module takes
credentials (username and password) and a target host argument. When credentials and a host aren't
passed, Salt runs commands through pyVmomi or ESXCLI against the local machine. If you wanted, you could
run functions from this module on any machine where an appropriate version of pyVmomi and ESXCLI are
installed, and that machine would reach out over the network and communicate with the ESXi host.
You'll notice that most of the functions in the vSphere module require a host, username, and password.
These parameters are contained in the Pillar files and passed through to the function via the proxy
process that is already running. You don't need to provide these parameters when you execute the
commands. See the Running Remote Execution Commands section below for an example.
ESXi Execution Module
In order for the Pillar information set up in the Configuration section above to be passed to the
function call in the vSphere Execution Module, the salt.modules.esxi execution module acts as a "shim"
between the vSphere execution module functions and the proxy process.
The "shim" takes the authentication credentials specified in the Pillar files and passes them through to
the host, username, password, and optional protocol and port options required by the vSphere Execution
Module functions.
If the function takes more positional, or keyword, arguments you can append them to the call. It's this
shim that speaks to the ESXi host through the proxy, arranging for the credentials and hostname to be
pulled from the Pillar section for the ESXi Proxy Minion.
Because of the presence of the shim, to lookup documentation for what functions you can use to interface
with the ESXi host, you'll want to look in salt.modules.vsphere instead of salt.modules.esxi.
Running Remote Execution Commands
To run commands from the Salt Master to execute, via the ESXi Proxy Minion, against the ESXi host, you
use the esxi.cmd <vsphere-function-name> syntax to call functions located in the vSphere Execution
Module. Both args and kwargs needed for various vsphere execution module functions must be passed through
in a kwarg- type manor. For example:
salt 'esxi-*' esxi.cmd system_info
salt 'exsi-*' esxi.cmd get_service_running service_name='ssh'
ESXi State Module
The ESXi State Module functions similarly to other state modules. The "shim" provided by the ESXi
Execution Module passes the necessary host, username, and password credentials through, so those options
don't need to be provided in the state. Other than that, state files are written and executed just like
any other Salt state. See the salt.modules.esxi state for ESXi state functions.
The follow state file is an example of how to configure various pieces of an ESXi host including enabling
SSH, uploading and SSH key, configuring a coredump network config, syslog, ntp, enabling VMotion,
resetting a host password, and more.
# /srv/salt/configure-esxi.sls
configure-host-ssh:
esxi.ssh_configured:
- service_running: True
- ssh_key_file: /etc/salt/ssh_keys/my_key.pub
- service_policy: 'automatic'
- service_restart: True
- certificate_verify: True
configure-host-coredump:
esxi.coredump_configured:
- enabled: True
- dump_ip: 'my-coredump-ip.example.com'
configure-host-syslog:
esxi.syslog_configured:
- syslog_configs:
loghost: ssl://localhost:5432,tcp://10.1.0.1:1514
default-timeout: 120
- firewall: True
- reset_service: True
- reset_syslog_config: True
- reset_configs: loghost,default-timeout
configure-host-ntp:
esxi.ntp_configured:
- service_running: True
- ntp_servers:
- 192.174.1.100
- 192.174.1.200
- service_policy: 'automatic'
- service_restart: True
configure-vmotion:
esxi.vmotion_configured:
- enabled: True
configure-host-vsan:
esxi.vsan_configured:
- enabled: True
- add_disks_to_vsan: True
configure-host-password:
esxi.password_present:
- password: 'new-bad-password'
States are called via the ESXi Proxy Minion just as they would on a regular minion. For example:
salt 'esxi-*' state.sls configure-esxi test=true
salt 'esxi-*' state.sls configure-esxi
Relevant Salt Files and Resources
• ESXi Proxy Minion
• ESXi Execution Module
• ESXi State Module
• Salt Proxy Minion Docs
• Salt Proxy Minion End-to-End Example
• vSphere Execution Module
SALT VIRT
The Salt Virt cloud controller capability was initially added to Salt in version 0.14.0 as an alpha
technology.
The initial Salt Virt system supports core cloud operations:
• Virtual machine deployment
• Inspection of deployed VMs
• Virtual machine migration
• Network profiling
• Automatic VM integration with all aspects of Salt
• Image Pre-seeding
Many features are currently under development to enhance the capabilities of the Salt Virt systems.
NOTE:
It is noteworthy that Salt was originally developed with the intent of using the Salt communication
system as the backbone to a cloud controller. This means that the Salt Virt system is not an
afterthought, simply a system that took the back seat to other development. The original attempt to
develop the cloud control aspects of Salt was a project called butter. This project never took off,
but was functional and proves the early viability of Salt to be a cloud controller.
WARNING:
Salt Virt does not work with KVM that is running in a VM. KVM must be running on the base hardware.
Salt Virt Tutorial
A tutorial about how to get Salt Virt up and running has been added to the tutorial section:
Cloud Controller Tutorial
The Salt Virt Runner
The point of interaction with the cloud controller is the virt runner. The virt runner comes with
routines to execute specific virtual machine routines.
Reference documentation for the virt runner is available with the runner module documentation:
Virt Runner Reference
Based on Live State Data
The Salt Virt system is based on using Salt to query live data about hypervisors and then using the data
gathered to make decisions about cloud operations. This means that no external resources are required to
run Salt Virt, and that the information gathered about the cloud is live and accurate.
Deploy from Network or Disk
Virtual Machine Disk Profiles
Salt Virt allows for the disks created for deployed virtual machines to be finely configured. The
configuration is a simple data structure which is read from the config.option function, meaning that the
configuration can be stored in the minion config file, the master config file, or the minion's pillar.
This configuration option is called virt.disk. The default virt.disk data structure looks like this:
virt.disk:
default:
- system:
size: 8192
format: qcow2
model: virtio
NOTE:
The format and model does not need to be defined, Salt will default to the optimal format used by the
underlying hypervisor, in the case of kvm this it is qcow2 and virtio.
This configuration sets up a disk profile called default. The default profile creates a single system
disk on the virtual machine.
Define More Profiles
Many environments will require more complex disk profiles and may require more than one profile, this can
be easily accomplished:
virt.disk:
default:
- system:
size: 8192
database:
- system:
size: 8192
- data:
size: 30720
web:
- system:
size: 1024
- logs:
size: 5120
This configuration allows for one of three profiles to be selected, allowing virtual machines to be
created with different storage needs of the deployed vm.
Virtual Machine Network Profiles
Salt Virt allows for the network devices created for deployed virtual machines to be finely configured.
The configuration is a simple data structure which is read from the config.option function, meaning that
the configuration can be stored in the minion config file, the master config file, or the minion's
pillar.
This configuration option is called virt.nic. By default the virt.nic option is empty but defaults to a
data structure which looks like this:
virt.nic:
default:
eth0:
bridge: br0
model: virtio
NOTE:
The model does not need to be defined, Salt will default to the optimal model used by the underlying
hypervisor, in the case of kvm this model is virtio
This configuration sets up a network profile called default. The default profile creates a single
Ethernet device on the virtual machine that is bridged to the hypervisor's br0 interface. This default
setup does not require setting up the virt.nic configuration, and is the reason why a default install
only requires setting up the br0 bridge device on the hypervisor.
Define More Profiles
Many environments will require more complex network profiles and may require more than one profile, this
can be easily accomplished:
virt.nic:
dual:
eth0:
bridge: service_br
eth1:
bridge: storage_br
single:
eth0:
bridge: service_br
triple:
eth0:
bridge: service_br
eth1:
bridge: storage_br
eth2:
bridge: dmz_br
all:
eth0:
bridge: service_br
eth1:
bridge: storage_br
eth2:
bridge: dmz_br
eth3:
bridge: database_br
dmz:
eth0:
bridge: service_br
eth1:
bridge: dmz_br
database:
eth0:
bridge: service_br
eth1:
bridge: database_br
This configuration allows for one of six profiles to be selected, allowing virtual machines to be created
which attach to different network depending on the needs of the deployed vm.
Salt as a Cloud Controller
In Salt 0.14.0, an advanced cloud control system were introduced, allow private cloud vms to be managed
directly with Salt. This system is generally referred to as Salt Virt.
The Salt Virt system already exists and is installed within Salt itself, this means that besides setting
up Salt, no additional salt code needs to be deployed.
NOTE:
The libvirt python module and the certtool binary are required.
The main goal of Salt Virt is to facilitate a very fast and simple cloud. The cloud that can scale and is
fully featured. Salt Virt comes with the ability to set up and manage complex virtual machine networking,
powerful image and disk management, as well as virtual machine migration with and without shared storage.
This means that Salt Virt can be used to create a cloud from a blade center and a SAN, but can also
create a cloud out of a swarm of Linux Desktops without a single shared storage system. Salt Virt can
make clouds from truly commodity hardware, but can also stand up the power of specialized hardware as
well.
Setting up Hypervisors
The first step to set up the hypervisors involves getting the correct software installed and setting up
the hypervisor network interfaces.
Installing Hypervisor Software
Salt Virt is made to be hypervisor agnostic but currently the only fully implemented hypervisor is KVM
via libvirt.
The required software for a hypervisor is libvirt and kvm. For advanced features install libguestfs or
qemu-nbd.
NOTE:
Libguestfs and qemu-nbd allow for virtual machine images to be mounted before startup and get
pre-seeded with configurations and a salt minion
This sls will set up the needed software for a hypervisor, and run the routines to set up the libvirt pki
keys.
NOTE:
Package names and setup used is Red Hat specific, different package names will be required for
different platforms
libvirt:
pkg.installed: []
file.managed:
- name: /etc/sysconfig/libvirtd
- contents: 'LIBVIRTD_ARGS="--listen"'
- require:
- pkg: libvirt
virt.keys:
- require:
- pkg: libvirt
service.running:
- name: libvirtd
- require:
- pkg: libvirt
- network: br0
- libvirt: libvirt
- watch:
- file: libvirt
libvirt-python:
pkg.installed: []
libguestfs:
pkg.installed:
- pkgs:
- libguestfs
- libguestfs-tools
Hypervisor Network Setup
The hypervisors will need to be running a network bridge to serve up network devices for virtual
machines, this formula will set up a standard bridge on a hypervisor connecting the bridge to eth0:
eth0:
network.managed:
- enabled: True
- type: eth
- bridge: br0
br0:
network.managed:
- enabled: True
- type: bridge
- proto: dhcp
- require:
- network: eth0
Virtual Machine Network Setup
Salt Virt comes with a system to model the network interfaces used by the deployed virtual machines; by
default a single interface is created for the deployed virtual machine and is bridged to br0. To get
going with the default networking setup, ensure that the bridge interface named br0 exists on the
hypervisor and is bridged to an active network device.
NOTE:
To use more advanced networking in Salt Virt, read the Salt Virt Networking document:
Salt Virt Networking
Libvirt State
One of the challenges of deploying a libvirt based cloud is the distribution of libvirt certificates.
These certificates allow for virtual machine migration. Salt comes with a system used to auto deploy
these certificates. Salt manages the signing authority key and generates keys for libvirt clients on the
master, signs them with the certificate authority and uses pillar to distribute them. This is managed via
the libvirt state. Simply execute this formula on the minion to ensure that the certificate is in place
and up to date:
NOTE:
The above formula includes the calls needed to set up libvirt keys.
libvirt_keys:
virt.keys
Getting Virtual Machine Images Ready
Salt Virt, requires that virtual machine images be provided as these are not generated on the fly.
Generating these virtual machine images differs greatly based on the underlying platform.
Virtual machine images can be manually created using KVM and running through the installer, but this
process is not recommended since it is very manual and prone to errors.
Virtual Machine generation applications are available for many platforms:
kiwi: (openSUSE, SLES, RHEL, CentOS)
https://suse.github.io/kiwi/
vm-builder:
https://wiki.debian.org/VMBuilder
SEE ALSO:
vmbuilder-formula
Once virtual machine images are available, the easiest way to make them available to Salt Virt is to
place them in the Salt file server. Just copy an image into /srv/salt and it can now be used by Salt
Virt.
For purposes of this demo, the file name centos.img will be used.
Existing Virtual Machine Images
Many existing Linux distributions distribute virtual machine images which can be used with Salt Virt.
Please be advised that NONE OF THESE IMAGES ARE SUPPORTED BY SALTSTACK.
CentOS
These images have been prepared for OpenNebula but should work without issue with Salt Virt, only the raw
qcow image file is needed: http://wiki.centos.org/Cloud/OpenNebula
Fedora Linux
Images for Fedora Linux can be found here: http://fedoraproject.org/en/get-fedora#clouds
openSUSE
http://download.opensuse.org/repositories/openSUSE:/Leap:/42.1:/Images/images
(look for JeOS-for-kvm-and-xen variant)
SUSE
https://www.suse.com/products/server/jeos
Ubuntu Linux
Images for Ubuntu Linux can be found here: http://cloud-images.ubuntu.com/
Using Salt Virt
With hypervisors set up and virtual machine images ready, Salt can start issuing cloud commands using the
virt runner.
Start by running a Salt Virt hypervisor info command:
salt-run virt.host_info
This will query the running hypervisor(s) for stats and display useful information such as the number of
cpus and amount of memory.
You can also list all VMs and their current states on all hypervisor nodes:
salt-run virt.list
Now that hypervisors are available a virtual machine can be provisioned. The virt.init routine will
create a new virtual machine:
salt-run virt.init centos1 2 512 salt://centos.img
The Salt Virt runner will now automatically select a hypervisor to deploy the new virtual machine on.
Using salt:// assumes that the CentOS virtual machine image is located in the root of the file-server on
the master. When images are cloned (i.e. copied locatlly after retrieval from the file server) the
destination directory on the hypervisor minion is determined by the virt.images config option; by default
this is /srv/salt/salt-images/.
When a VM is initialized using virt.init the image is copied to the hypervisor using cp.cache_file and
will be mounted and seeded with a minion. Seeding includes setting pre-authenticated keys on the new
machine. A minion will only be installed if one can not be found on the image using the default arguments
to seed.apply.
NOTE:
The biggest bottleneck in starting VMs is when the Salt Minion needs to be installed. Making sure that
the source VM images already have Salt installed will GREATLY speed up virtual machine deployment.
You can also deploy an image on a particular minion by directly calling the virt execution module with an
absolute image path. This can be quite handy for testing:
salt 'hypervisor*' virt.init centos1 2 512 image=/var/lib/libvirt/images/centos.img
Now that the new VM has been prepared, it can be seen via the virt.query command:
salt-run virt.query
This command will return data about all of the hypervisors and respective virtual machines.
Now that the new VM is booted it should have contacted the Salt Master, a test.ping will reveal if the
new VM is running.
QEMU copy on write support
For fast image cloning you can use the qcow disk image format. Pass the enable_qcow flag and a .qcow2
image path to virt.init:
salt 'hypervisor*' virt.init centos1 2 512 image=/var/lib/libvirt/images/centos.qcow2 enable_qcow=True start=False
NOTE:
Beware that attempting to boot a qcow image too quickly after cloning can result in a race condition
where libvirt may try to boot the machine before image seeding has completed. For that reason it is
recommended to also pass start=False to virt.init.
Also know that you must not modify the original base image without first making a copy and then
rebasing all overlay images onto it. See the qemu-img rebase usage docs.
Migrating Virtual Machines
Salt Virt comes with full support for virtual machine migration, and using the libvirt state in the above
formula makes migration possible.
A few things need to be available to support migration. Many operating systems turn on firewalls when
originally set up, the firewall needs to be opened up to allow for libvirt and kvm to cross communicate
and execution migration routines. On Red Hat based hypervisors in particular port 16514 needs to be
opened on hypervisors:
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 16514 -j ACCEPT
NOTE:
More in-depth information regarding distribution specific firewall settings can read in:
Opening the Firewall up for Salt
Salt also needs the virt.tunnel option to be turned on. This flag tells Salt to run migrations securely
via the libvirt TLS tunnel and to use port 16514. Without virt.tunnel libvirt tries to bind to random
ports when running migrations.
To turn on virt.tunnel simple apply it to the master config file:
virt.tunnel: True
Once the master config has been updated, restart the master and send out a call to the minions to refresh
the pillar to pick up on the change:
salt \* saltutil.refresh_modules
Now, migration routines can be run! To migrate a VM, simply run the Salt Virt migrate routine:
salt-run virt.migrate centos <new hypervisor>
VNC Consoles
Although not enabled by default, Salt Virt can also set up VNC consoles allowing for remote visual
consoles to be opened up. When creating a new VM using virt.init pass the enable_vnc=True parameter to
have a console configured for the new VM.
The information from a virt.query routine will display the vnc console port for the specific vms:
centos
CPU: 2
Memory: 524288
State: running
Graphics: vnc - hyper6:5900
Disk - vda:
Size: 2.0G
File: /srv/salt-images/ubuntu2/system.qcow2
File Format: qcow2
Nic - ac:de:48:98:08:77:
Source: br0
Type: bridge
The line Graphics: vnc - hyper6:5900 holds the key. First the port named, in this case 5900, will need to
be available in the hypervisor's firewall. Once the port is open, then the console can be easily opened
via vncviewer:
vncviewer hyper6:5900
By default there is no VNC security set up on these ports, which suggests that keeping them firewalled
and mandating that SSH tunnels be used to access these VNC interfaces. Keep in mind that activity on a
VNC interface that is accessed can be viewed by any other user that accesses that same VNC interface, and
any other user logging in can also operate with the logged in user on the virtual machine.
Conclusion
Now with Salt Virt running, new hypervisors can be seamlessly added just by running the above states on
new bare metal machines, and these machines will be instantly available to Salt Virt.
COMMAND LINE REFERENCE
salt-call
salt-call
Synopsis
salt-call [options]
Description
The salt-call command is used to run module functions locally on a minion instead of executing them from
the master. Salt-call is used to run a Standalone Minion, and was originally created for troubleshooting.
The Salt Master is contacted to retrieve state files and other resources during execution unless the
--local option is specified.
NOTE:
salt-call commands execute from the current user's shell context, while salt commands execute from the
system's default context.
Options
--version
Print the version of Salt that is running.
--versions-report
Show program's dependencies and version number, and then exit
-h, --help
Show the help message and exit
-c CONFIG_DIR, --config-dir=CONFIG_dir
The location of the Salt configuration directory. This directory contains the configuration files
for Salt master and minions. The default location on most systems is /etc/salt.
--hard-crash
Raise any original exception rather than exiting gracefully Default: False
-g, --grains
Return the information generated by the Salt grains
-m MODULE_DIRS, --module-dirs=MODULE_DIRS
Specify an additional directory to pull modules from. Multiple directories can be provided by
passing -m /--module-dirs multiple times.
-d, --doc, --documentation
Return the documentation for the specified module or for all modules if none are specified
--master=MASTER
Specify the master to use. The minion must be authenticated with the master. If this option is
omitted, the master options from the minion config will be used. If multi masters are set up the
first listed master that responds will be used.
--return RETURNER
Set salt-call to pass the return data to one or many returner interfaces. To use many returner
interfaces specify a comma delimited list of returners.
--local
Run salt-call locally, as if there was no master running.
--file-root=FILE_ROOT
Set this directory as the base file root.
--pillar-root=PILLAR_ROOT
Set this directory as the base pillar root.
--retcode-passthrough
Exit with the salt call retcode and not the salt binary retcode
--metadata
Print out the execution metadata as well as the return. This will print out the outputter data,
the return code, etc.
--id=ID
Specify the minion id to use. If this option is omitted, the id option from the minion config will
be used.
--skip-grains
Do not load grains.
--refresh-grains-cache
Force a refresh of the grains cache
Logging Options
Logging options which override any settings defined on the configuration files.
-l LOG_LEVEL, --log-level=LOG_LEVEL
Console logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/minion.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
Output Options
--out Pass in an alternative outputter to display the return of data. This outputter can be any of the
available outputters:
grains, highstate, json, key, overstatestage, pprint, raw, txt, yaml
Some outputters are formatted only for data returned from specific functions; for instance, the
grains outputter will not work for non-grains data.
If an outputter is used that does not support the data passed into it, then Salt will fall back on
the pprint outputter and display the return data using the Python pprint standard library module.
NOTE:
If using --out=json, you will probably want --static as well. Without the static option, you
will get a separate JSON string per minion which makes JSON output invalid as a whole. This is
due to using an iterative outputter. So if you want to feed it to a JSON parser, use --static
as well.
--out-indent OUTPUT_INDENT, --output-indent OUTPUT_INDENT
Print the output indented by the provided value in spaces. Negative values disable indentation.
Only applicable in outputters that support indentation.
--out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE
Write the output to the specified file.
--out-file-append, --output-file-append
Append the output to the specified file.
--no-color
Disable all colored output
--force-color
Force colored output
NOTE:
When using colored output the color codes are as follows:
green denotes success, red denotes failure, blue denotes changes and success and yellow denotes
a expected future change in configuration.
--state-output=STATE_OUTPUT, --state_output=STATE_OUTPUT
Override the configured state_output value for minion output. One of 'full', 'terse', 'mixed',
'changes' or 'filter'. Default: 'none'.
--state-verbose=STATE_VERBOSE, --state_verbose=STATE_VERBOSE
Override the configured state_verbose value for minion output. Set to True or False. Default:
none.
See also
salt(1) salt-master(1) salt-minion(1)
salt
salt
Synopsis
salt '*' [ options ] sys.doc
salt -E '.*' [ options ] sys.doc cmd
salt -G 'os:Arch.*' [ options ] test.ping
salt -C 'G@os:Arch.* and webserv* or G@kernel:FreeBSD' [ options ] test.ping
Description
Salt allows for commands to be executed across a swath of remote systems in parallel. This means that
remote systems can be both controlled and queried with ease.
Options
--version
Print the version of Salt that is running.
--versions-report
Show program's dependencies and version number, and then exit
-h, --help
Show the help message and exit
-c CONFIG_DIR, --config-dir=CONFIG_dir
The location of the Salt configuration directory. This directory contains the configuration files
for Salt master and minions. The default location on most systems is /etc/salt.
-t TIMEOUT, --timeout=TIMEOUT
The timeout in seconds to wait for replies from the Salt minions. The timeout number specifies how
long the command line client will wait to query the minions and check on running jobs. Default: 5
-s, --static
By default as of version 0.9.8 the salt command returns data to the console as it is received from
minions, but previous releases would return data only after all data was received. Use the static
option to only return the data with a hard timeout and after all minions have returned. Without
the static option, you will get a separate JSON string per minion which makes JSON output invalid
as a whole.
--async
Instead of waiting for the job to run on minions only print the job id of the started execution
and complete.
--state-output=STATE_OUTPUT
New in version 0.17.
Override the configured state_output value for minion output. One of full, terse, mixed, changes
or filter. Default: full.
--subset=SUBSET
Execute the routine on a random subset of the targeted minions. The minions will be verified that
they have the named function before executing. The SUBSET argument is the count of the minions to
target.
-v VERBOSE, --verbose
Turn on verbosity for the salt call, this will cause the salt command to print out extra data like
the job id.
--hide-timeout
Instead of showing the return data for all minions. This option prints only the online minions
which could be reached.
-b BATCH, --batch-size=BATCH
Instead of executing on all targeted minions at once, execute on a progressive set of minions.
This option takes an argument in the form of an explicit number of minions to execute at once, or
a percentage of minions to execute on.
-a EAUTH, --auth=EAUTH
Pass in an external authentication medium to validate against. The credentials will be prompted
for. The options are auto, keystone, ldap, pam, and stormpath. Can be used with the -T option.
-T, --make-token
Used in conjunction with the -a option. This creates a token that allows for the authenticated
user to send commands without needing to re-authenticate.
--return=RETURNER
Choose an alternative returner to call on the minion, if an alternative returner is used then the
return will not come back to the command line but will be sent to the specified return system.
The options are carbon, cassandra, couchbase, couchdb, elasticsearch, etcd, hipchat, local,
local_cache, memcache, mongo, mysql, odbc, postgres, redis, sentry, slack, sms, smtp, sqlite3,
syslog, and xmpp.
-d, --doc, --documentation
Return the documentation for the module functions available on the minions
--args-separator=ARGS_SEPARATOR
Set the special argument used as a delimiter between command arguments of compound commands. This
is useful when one wants to pass commas as arguments to some of the commands in a compound
command.
Logging Options
Logging options which override any settings defined on the configuration files.
-l LOG_LEVEL, --log-level=LOG_LEVEL
Console logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/master.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
Target Selection
The default matching that Salt utilizes is shell-style globbing around the minion id. See
https://docs.python.org/2/library/fnmatch.html#module-fnmatch.
-E, --pcre
The target expression will be interpreted as a PCRE regular expression rather than a shell glob.
-L, --list
The target expression will be interpreted as a comma-delimited list; example:
server1.foo.bar,server2.foo.bar,example7.quo.qux
-G, --grain
The target expression matches values returned by the Salt grains system on the minions. The target
expression is in the format of '<grain value>:<glob expression>'; example: 'os:Arch*'
This was changed in version 0.9.8 to accept glob expressions instead of regular expression. To use
regular expression matching with grains, use the --grain-pcre option.
--grain-pcre
The target expression matches values returned by the Salt grains system on the minions. The target
expression is in the format of '<grain value>:< regular expression>'; example: 'os:Arch.*'
-N, --nodegroup
Use a predefined compound target defined in the Salt master configuration file.
-R, --range
Instead of using shell globs to evaluate the target, use a range expression to identify targets.
Range expressions look like %cluster.
Using the Range option requires that a range server is set up and the location of the range server
is referenced in the master configuration file.
-C, --compound
Utilize many target definitions to make the call very granular. This option takes a group of
targets separated by and or or. The default matcher is a glob as usual. If something other than a
glob is used, preface it with the letter denoting the type; example: 'webserv* and G@os:Debian or
E@db*' Make sure that the compound target is encapsulated in quotes.
-I, --pillar
Instead of using shell globs to evaluate the target, use a pillar value to identify targets. The
syntax for the target is the pillar key followed by a glob expression: "role:production*"
-S, --ipcidr
Match based on Subnet (CIDR notation) or IPv4 address.
Output Options
--out Pass in an alternative outputter to display the return of data. This outputter can be any of the
available outputters:
grains, highstate, json, key, overstatestage, pprint, raw, txt, yaml
Some outputters are formatted only for data returned from specific functions; for instance, the
grains outputter will not work for non-grains data.
If an outputter is used that does not support the data passed into it, then Salt will fall back on
the pprint outputter and display the return data using the Python pprint standard library module.
NOTE:
If using --out=json, you will probably want --static as well. Without the static option, you
will get a separate JSON string per minion which makes JSON output invalid as a whole. This is
due to using an iterative outputter. So if you want to feed it to a JSON parser, use --static
as well.
--out-indent OUTPUT_INDENT, --output-indent OUTPUT_INDENT
Print the output indented by the provided value in spaces. Negative values disable indentation.
Only applicable in outputters that support indentation.
--out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE
Write the output to the specified file.
--out-file-append, --output-file-append
Append the output to the specified file.
--no-color
Disable all colored output
--force-color
Force colored output
NOTE:
When using colored output the color codes are as follows:
green denotes success, red denotes failure, blue denotes changes and success and yellow denotes
a expected future change in configuration.
--state-output=STATE_OUTPUT, --state_output=STATE_OUTPUT
Override the configured state_output value for minion output. One of 'full', 'terse', 'mixed',
'changes' or 'filter'. Default: 'none'.
--state-verbose=STATE_VERBOSE, --state_verbose=STATE_VERBOSE
Override the configured state_verbose value for minion output. Set to True or False. Default:
none.
See also
salt(7) salt-master(1) salt-minion(1)
salt-cloud
salt-cp
salt-cp
Copy a file or files to one or more minions
Synopsis
salt-cp '*' [ options ] SOURCE [SOURCE2 SOURCE3 ...] DEST
salt-cp -E '.*' [ options ] SOURCE [SOURCE2 SOURCE3 ...] DEST
salt-cp -G 'os:Arch.*' [ options ] SOURCE [SOURCE2 SOURCE3 ...] DEST
Description
salt-cp copies files from the master to all of the Salt minions matched by the specified target
expression.
NOTE:
salt-cp uses Salt's publishing mechanism. This means the privacy of the contents of the file on the
wire is completely dependent upon the transport in use. In addition, if the master or minion is
running with debug logging, the contents of the file will be logged to disk.
In addition, this tool is less efficient than the Salt fileserver when copying larger files. It is
recommended to instead use cp.get_file to copy larger files to minions. However, this requires the
file to be located within one of the fileserver directories.
Changed in version 2016.3.7,2016.11.6,2017.7.0: Compression support added, disable with -n. Also, if the
destination path ends in a path separator (i.e. /, or \ on Windows, the desitination will be assumed to
be a directory. Finally, recursion is now supported, allowing for entire directories to be copied.
Changed in version 2016.11.7,2017.7.2: Reverted back to the old copy mode to preserve backward
compatibility. The new functionality added in 2016.6.6 and 2017.7.0 is now available using the -C or
--chunked CLI arguments. Note that compression, recursive copying, and support for copying large files is
only available in chunked mode.
Options
--version
Print the version of Salt that is running.
--versions-report
Show program's dependencies and version number, and then exit
-h, --help
Show the help message and exit
-c CONFIG_DIR, --config-dir=CONFIG_dir
The location of the Salt configuration directory. This directory contains the configuration files
for Salt master and minions. The default location on most systems is /etc/salt.
-t TIMEOUT, --timeout=TIMEOUT
The timeout in seconds to wait for replies from the Salt minions. The timeout number specifies how
long the command line client will wait to query the minions and check on running jobs. Default: 5
Logging Options
Logging options which override any settings defined on the configuration files.
-l LOG_LEVEL, --log-level=LOG_LEVEL
Console logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/master.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
Target Selection
The default matching that Salt utilizes is shell-style globbing around the minion id. See
https://docs.python.org/2/library/fnmatch.html#module-fnmatch.
-E, --pcre
The target expression will be interpreted as a PCRE regular expression rather than a shell glob.
-L, --list
The target expression will be interpreted as a comma-delimited list; example:
server1.foo.bar,server2.foo.bar,example7.quo.qux
-G, --grain
The target expression matches values returned by the Salt grains system on the minions. The target
expression is in the format of '<grain value>:<glob expression>'; example: 'os:Arch*'
This was changed in version 0.9.8 to accept glob expressions instead of regular expression. To use
regular expression matching with grains, use the --grain-pcre option.
--grain-pcre
The target expression matches values returned by the Salt grains system on the minions. The target
expression is in the format of '<grain value>:< regular expression>'; example: 'os:Arch.*'
-N, --nodegroup
Use a predefined compound target defined in the Salt master configuration file.
-R, --range
Instead of using shell globs to evaluate the target, use a range expression to identify targets.
Range expressions look like %cluster.
Using the Range option requires that a range server is set up and the location of the range server
is referenced in the master configuration file.
-C, --chunked
Use new chunked mode to copy files. This mode supports large files, recursive directories copying
and compression.
New in version 2016.11.7,2017.7.2.
-n, --no-compression
Disable gzip compression in chunked mode.
New in version 2016.3.7,2016.11.6,2017.7.0.
See also
salt(1) salt-master(1) salt-minion(1)
salt-extend
salt-extend
A utilty to generate extensions to the Salt source-code. This is used for :
• Adding new execution modules, state modules
• Adding unit tests to existing modules
• Adding integration tests to existing modules
Synopsis
salt-extend --help
Description
salt-extend is a templating tool for extending SaltStack. If you're looking to add a module to SaltStack,
then the salt-extend utility can guide you through the process.
You can use Salt Extend to quickly create templated modules for adding new behaviours to some of the
module subsystems within Salt.
Salt Extend takes a template directory and merges it into a SaltStack source code directory.
See also: Salt Extend.
Options
--extension, -e
The extension type you want to develop, e.g. module, module_unit, state
--salt-directory, -o
The path to the salt installation, defaults to .
--name, -n
The module name for the new module
--description, -d
A description of the new extension
--no-merge
Don't merge the new module into the Salt source directory specified by --salt-directory, save to a
temporary directory and print the directory path
--debug
Print debug messages to stdout
See also
salt-api(1) salt-call(1) salt-cloud(1) salt-cp(1) salt-key(1) salt-main(1) salt-master(1) salt-minion(1)
salt-run(1) salt-ssh(1) salt-syndic(1)
salt-key
salt-key
Synopsis
salt-key [ options ]
Description
Salt-key executes simple management of Salt server public keys used for authentication.
On initial connection, a Salt minion sends its public key to the Salt master. This key must be accepted
using the salt-key command on the Salt master.
Salt minion keys can be in one of the following states:
• unaccepted: key is waiting to be accepted.
• accepted: key was accepted and the minion can communicate with the Salt master.
• rejected: key was rejected using the salt-key command. In this state the minion does not receive any
communication from the Salt master.
• denied: key was rejected automatically by the Salt master. This occurs when a minion has a duplicate
ID, or when a minion was rebuilt or had new keys generated and the previous key was not deleted from
the Salt master. In this state the minion does not receive any communication from the Salt master.
To change the state of a minion key, use -d to delete the key and then accept or reject the key.
Options
--version
Print the version of Salt that is running.
--versions-report
Show program's dependencies and version number, and then exit
-h, --help
Show the help message and exit
-c CONFIG_DIR, --config-dir=CONFIG_dir
The location of the Salt configuration directory. This directory contains the configuration files
for Salt master and minions. The default location on most systems is /etc/salt.
-u USER, --user=USER
Specify user to run salt-key
--hard-crash
Raise any original exception rather than exiting gracefully. Default is False.
-q, --quiet
Suppress output
-y, --yes
Answer 'Yes' to all questions presented, defaults to False
--rotate-aes-key=ROTATE_AES_KEY
Setting this to False prevents the master from refreshing the key session when keys are deleted or
rejected, this lowers the security of the key deletion/rejection operation. Default is True.
Logging Options
Logging options which override any settings defined on the configuration files.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/minion.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
Output Options
--out Pass in an alternative outputter to display the return of data. This outputter can be any of the
available outputters:
grains, highstate, json, key, overstatestage, pprint, raw, txt, yaml
Some outputters are formatted only for data returned from specific functions; for instance, the
grains outputter will not work for non-grains data.
If an outputter is used that does not support the data passed into it, then Salt will fall back on
the pprint outputter and display the return data using the Python pprint standard library module.
NOTE:
If using --out=json, you will probably want --static as well. Without the static option, you
will get a separate JSON string per minion which makes JSON output invalid as a whole. This is
due to using an iterative outputter. So if you want to feed it to a JSON parser, use --static
as well.
--out-indent OUTPUT_INDENT, --output-indent OUTPUT_INDENT
Print the output indented by the provided value in spaces. Negative values disable indentation.
Only applicable in outputters that support indentation.
--out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE
Write the output to the specified file.
--out-file-append, --output-file-append
Append the output to the specified file.
--no-color
Disable all colored output
--force-color
Force colored output
NOTE:
When using colored output the color codes are as follows:
green denotes success, red denotes failure, blue denotes changes and success and yellow denotes
a expected future change in configuration.
--state-output=STATE_OUTPUT, --state_output=STATE_OUTPUT
Override the configured state_output value for minion output. One of 'full', 'terse', 'mixed',
'changes' or 'filter'. Default: 'none'.
--state-verbose=STATE_VERBOSE, --state_verbose=STATE_VERBOSE
Override the configured state_verbose value for minion output. Set to True or False. Default:
none.
Actions
-l ARG, --list=ARG
List the public keys. The args pre, un, and unaccepted will list unaccepted/unsigned keys. acc or
accepted will list accepted/signed keys. rej or rejected will list rejected keys. Finally, all
will list all keys.
-L, --list-all
List all public keys. (Deprecated: use --list all)
-a ACCEPT, --accept=ACCEPT
Accept the specified public key (use --include-all to match rejected keys in addition to pending
keys). Globs are supported.
-A, --accept-all
Accepts all pending keys.
-r REJECT, --reject=REJECT
Reject the specified public key (use --include-all to match accepted keys in addition to pending
keys). Globs are supported.
-R, --reject-all
Rejects all pending keys.
--include-all
Include non-pending keys when accepting/rejecting.
-p PRINT, --print=PRINT
Print the specified public key.
-P, --print-all
Print all public keys
-d DELETE, --delete=DELETE
Delete the specified key. Globs are supported.
-D, --delete-all
Delete all keys.
-f FINGER, --finger=FINGER
Print the specified key's fingerprint.
-F, --finger-all
Print all keys' fingerprints.
Key Generation Options
--gen-keys=GEN_KEYS
Set a name to generate a keypair for use with salt
--gen-keys-dir=GEN_KEYS_DIR
Set the directory to save the generated keypair. Only works with 'gen_keys_dir' option; default
is the current directory.
--keysize=KEYSIZE
Set the keysize for the generated key, only works with the '--gen-keys' option, the key size must
be 2048 or higher, otherwise it will be rounded up to 2048. The default is 2048.
--gen-signature
Create a signature file of the master's public-key named master_pubkey_signature. The signature
can be sent to a minion in the master's auth-reply and enables the minion to verify the master's
public-key cryptographically. This requires a new signing-key-pair which can be auto-created with
the --auto-create parameter.
--priv=PRIV
The private-key file to create a signature with
--signature-path=SIGNATURE_PATH
The path where the signature file should be written
--pub=PUB
The public-key file to create a signature for
--auto-create
Auto-create a signing key-pair if it does not yet exist
See also
salt(7) salt-master(1) salt-minion(1)
salt-master
salt-master
The Salt master daemon, used to control the Salt minions
Synopsis
salt-master [ options ]
Description
The master daemon controls the Salt minions
Options
--version
Print the version of Salt that is running.
--versions-report
Show program's dependencies and version number, and then exit
-h, --help
Show the help message and exit
-c CONFIG_DIR, --config-dir=CONFIG_dir
The location of the Salt configuration directory. This directory contains the configuration files
for Salt master and minions. The default location on most systems is /etc/salt.
-u USER, --user=USER
Specify user to run salt-master
-d, --daemon
Run salt-master as a daemon
--pid-file PIDFILE
Specify the location of the pidfile. Default: /var/run/salt-master.pid
Logging Options
Logging options which override any settings defined on the configuration files.
-l LOG_LEVEL, --log-level=LOG_LEVEL
Console logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/master.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
See also
salt(1) salt(7) salt-minion(1)
salt-minion
salt-minion
The Salt minion daemon, receives commands from a remote Salt master.
Synopsis
salt-minion [ options ]
Description
The Salt minion receives commands from the central Salt master and replies with the results of said
commands.
Options
--version
Print the version of Salt that is running.
--versions-report
Show program's dependencies and version number, and then exit
-h, --help
Show the help message and exit
-c CONFIG_DIR, --config-dir=CONFIG_dir
The location of the Salt configuration directory. This directory contains the configuration files
for Salt master and minions. The default location on most systems is /etc/salt.
-u USER, --user=USER
Specify user to run salt-minion
-d, --daemon
Run salt-minion as a daemon
--pid-file PIDFILE
Specify the location of the pidfile. Default: /var/run/salt-minion.pid
Logging Options
Logging options which override any settings defined on the configuration files.
-l LOG_LEVEL, --log-level=LOG_LEVEL
Console logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/minion.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
See also
salt(1) salt(7) salt-master(1)
salt-proxy
salt-proxy
Receives commands from a Salt master and proxies these commands to devices that are unable to run a full
minion.
Synopsis
salt-proxy [ options ]
Description
The Salt proxy minion receives commands from a Salt master, transmits appropriate commands to devices
that are unable to run a minion, and replies with the results of said commands.
Options
--proxyid
The minion id that this proxy will assume. This is required.
--version
Print the version of Salt that is running.
--versions-report
Show program's dependencies and version number, and then exit
-h, --help
Show the help message and exit
-c CONFIG_DIR, --config-dir=CONFIG_dir
The location of the Salt configuration directory. This directory contains the configuration
files for Salt master and minions. The default location on most systems is /etc/salt.
-u USER, --user=USER
Specify user to run salt-proxy
-d, --daemon
Run salt-proxy as a daemon
--pid-file PIDFILE
Specify the location of the pidfile. Default: /var/run/salt-proxy-<id>.pid
Logging Options
Logging options which override any settings defined on the configuration files.
-l LOG_LEVEL, --log-level=LOG_LEVEL
Console logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/minion.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
See also
salt(1) salt(7) salt-master(1) salt-minion(1)
salt-run
salt-run
Execute a Salt runner
Synopsis
salt-run RUNNER
Description
salt-run is the frontend command for executing Salt Runners. Salt runners are simple modules used to
execute convenience functions on the master
Options
--version
Print the version of Salt that is running.
--versions-report
Show program's dependencies and version number, and then exit
-h, --help
Show the help message and exit
-c CONFIG_DIR, --config-dir=CONFIG_dir
The location of the Salt configuration directory. This directory contains the configuration files
for Salt master and minions. The default location on most systems is /etc/salt.
-t TIMEOUT, --timeout=TIMEOUT
The timeout in seconds to wait for replies from the Salt minions. The timeout number specifies how
long the command line client will wait to query the minions and check on running jobs. Default: 1
--hard-crash
Raise any original exception rather than exiting gracefully. Default is False.
-d, --doc, --documentation
Display documentation for runners, pass a module or a runner to see documentation on only that
module/runner.
Logging Options
Logging options which override any settings defined on the configuration files.
-l LOG_LEVEL, --log-level=LOG_LEVEL
Console logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/master.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
See also
salt(1) salt-master(1) salt-minion(1)
salt-ssh
salt-ssh
Synopsis
salt-ssh '*' [ options ] sys.doc
salt-ssh -E '.*' [ options ] sys.doc cmd
Description
Salt SSH allows for salt routines to be executed using only SSH for transport
Options
--version
Print the version of Salt that is running.
--versions-report
Show program's dependencies and version number, and then exit
-h, --help
Show the help message and exit
-c CONFIG_DIR, --config-dir=CONFIG_dir
The location of the Salt configuration directory. This directory contains the configuration files
for Salt master and minions. The default location on most systems is /etc/salt.
--hard-crash
Raise any original exception rather than exiting gracefully. Default: False.
-r, --raw, --raw-shell
Execute a raw shell command.
--roster
Define which roster system to use, this defines if a database backend, scanner, or custom roster
system is used. Default is the flat file roster.
--roster-file
Define an alternative location for the default roster file location. The default roster file is
called roster and is found in the same directory as the master config file.
New in version 2014.1.0.
--refresh, --refresh-cache
Force a refresh of the master side data cache of the target's data. This is needed if a target's
grains have been changed and the auto refresh timeframe has not been reached.
--max-procs
Set the number of concurrent minions to communicate with. This value defines how many processes
are opened up at a time to manage connections, the more running process the faster communication
should be, default is 25.
--extra-filerefs=EXTRA_FILEREFS
Pass in extra files to include in the state tarball.
--min-extra-modules=MIN_EXTRA_MODS
One or comma-separated list of extra Python modulesto be included into Minimal Salt.
--thin-extra-modules=THIN_EXTRA_MODS
One or comma-separated list of extra Python modulesto be included into Thin Salt.
-v, --verbose
Turn on command verbosity, display jid.
-s, --static
Return the data from minions as a group after they all return.
-w, --wipe
Remove the deployment of the salt files when done executing.
-W, --rand-thin-dir
Select a random temp dir to deploy on the remote system. The dir will be cleaned after the
execution.
-t, --regen-thin, --thin
Trigger a thin tarball regeneration. This is needed if custom grains/modules/states have been
added or updated.
--python2-bin=PYTHON2_BIN
Path to a python2 binary which has salt installed.
--python3-bin=PYTHON3_BIN
Path to a python3 binary which has salt installed.
--jid=JID
Pass a JID to be used instead of generating one.
Authentication Options
--priv=SSH_PRIV
Specify the SSH private key file to be used for authentication.
-i, --ignore-host-keys
By default ssh host keys are honored and connections will ask for approval. Use this option to
disable StrictHostKeyChecking.
--no-host-keys
Fully ignores ssh host keys which by default are honored and connections would ask for approval.
Useful if the host key of a remote server has changed and would still error with
--ignore-host-keys.
--user=SSH_USER
Set the default user to attempt to use when authenticating.
--passwd
Set the default password to attempt to use when authenticating.
--askpass
Interactively ask for the SSH password with no echo - avoids password in process args and stored
in history.
--key-deploy
Set this flag to attempt to deploy the authorized ssh key with all minions. This combined with
--passwd can make initial deployment of keys very fast and easy.
--identities-only
Use the only authentication identity files configured in the ssh_config files. See IdentitiesOnly
flag in man ssh_config.
--sudo Run command via sudo.
Scan Roster Options
--scan-ports=SSH_SCAN_PORTS
Comma-separated list of ports to scan in the scan roster.
--scan-timeout=SSH_SCAN_TIMEOUT
Scanning socket timeout for the scan roster.
Logging Options
Logging options which override any settings defined on the configuration files.
-l LOG_LEVEL, --log-level=LOG_LEVEL
Console logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/ssh.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
Target Selection
The default matching that Salt utilizes is shell-style globbing around the minion id. See
https://docs.python.org/2/library/fnmatch.html#module-fnmatch.
-E, --pcre
The target expression will be interpreted as a PCRE regular expression rather than a shell glob.
Output Options
--out Pass in an alternative outputter to display the return of data. This outputter can be any of the
available outputters:
grains, highstate, json, key, overstatestage, pprint, raw, txt, yaml
Some outputters are formatted only for data returned from specific functions; for instance, the
grains outputter will not work for non-grains data.
If an outputter is used that does not support the data passed into it, then Salt will fall back on
the pprint outputter and display the return data using the Python pprint standard library module.
NOTE:
If using --out=json, you will probably want --static as well. Without the static option, you
will get a separate JSON string per minion which makes JSON output invalid as a whole. This is
due to using an iterative outputter. So if you want to feed it to a JSON parser, use --static
as well.
--out-indent OUTPUT_INDENT, --output-indent OUTPUT_INDENT
Print the output indented by the provided value in spaces. Negative values disable indentation.
Only applicable in outputters that support indentation.
--out-file=OUTPUT_FILE, --output-file=OUTPUT_FILE
Write the output to the specified file.
--out-file-append, --output-file-append
Append the output to the specified file.
--no-color
Disable all colored output
--force-color
Force colored output
NOTE:
When using colored output the color codes are as follows:
green denotes success, red denotes failure, blue denotes changes and success and yellow denotes
a expected future change in configuration.
--state-output=STATE_OUTPUT, --state_output=STATE_OUTPUT
Override the configured state_output value for minion output. One of 'full', 'terse', 'mixed',
'changes' or 'filter'. Default: 'none'.
--state-verbose=STATE_VERBOSE, --state_verbose=STATE_VERBOSE
Override the configured state_verbose value for minion output. Set to True or False. Default:
none.
See also
salt(7) salt-master(1) salt-minion(1)
salt-syndic
salt-syndic
The Salt syndic daemon, a special minion that passes through commands from a higher master
Synopsis
salt-syndic [ options ]
Description
The Salt syndic daemon, a special minion that passes through commands from a higher master.
Options
--version
Print the version of Salt that is running.
--versions-report
Show program's dependencies and version number, and then exit
-h, --help
Show the help message and exit
-c CONFIG_DIR, --config-dir=CONFIG_dir
The location of the Salt configuration directory. This directory contains the configuration files
for Salt master and minions. The default location on most systems is /etc/salt.
-u USER, --user=USER
Specify user to run salt-syndic
-d, --daemon
Run salt-syndic as a daemon
--pid-file PIDFILE
Specify the location of the pidfile. Default: /var/run/salt-syndic.pid
Logging Options
Logging options which override any settings defined on the configuration files.
-l LOG_LEVEL, --log-level=LOG_LEVEL
Console logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/master.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
See also
salt(1) salt-master(1) salt-minion(1)
salt-api
salt-api
Start interfaces used to remotely connect to the salt master
Synopsis
salt-api
Description
The Salt API system manages network api connectors for the Salt Master
Options
--version
Print the version of Salt that is running.
--versions-report
Show program's dependencies and version number, and then exit
-h, --help
Show the help message and exit
-c CONFIG_DIR, --config-dir=CONFIG_dir
The location of the Salt configuration directory. This directory contains the configuration files
for Salt master and minions. The default location on most systems is /etc/salt.
-d, --daemon
Run the salt-api as a daemon
--pid-file=PIDFILE
Specify the location of the pidfile. Default: /var/run/salt-api.pid
Logging Options
Logging options which override any settings defined on the configuration files.
-l LOG_LEVEL, --log-level=LOG_LEVEL
Console logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/api.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
See also
salt-api(7) salt(7) salt-master(1)
spm
spm
Salt Package Manager
Synopsis
spm <command> [<argument>]
Description
spm is the frontend command for managing Salt packages. Packages normally only include formulas, meaning
a group of SLS files that install into the file_roots on the Salt Master, but Salt modules can also be
installed.
Options
-y, --assume-yes
Assume yes instead of prompting the other whether or not to proceed with a particular command.
Default is False.
-f, --force
When presented with a course of action that spm would normally refuse to perform, that action will
be performed anyway. This is often destructive, and should be used with caution.
Logging Options
Logging options which override any settings defined on the configuration files.
-l LOG_LEVEL, --log-level=LOG_LEVEL
Console logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
--log-file=LOG_FILE
Log file path. Default: /var/log/salt/spm.
--log-file-level=LOG_LEVEL_LOGFILE
Logfile logging log level. One of all, garbage, trace, debug, info, warning, error, quiet.
Default: warning.
Commands
update_repo
Connect to remote repositories locally configured on the system and download their metadata.
install
Install a package from a configured SPM repository. Requires a package name.
remove Remove an installed package from the system. Requires a package name.
info List information about an installed package. Requires a package name.
files List files belonging to an installed package. Requires a package name.
local Perform one of the above options (except for remove) on a package file, instead of on a package in
a repository, or an installed package. Requires a valid path to a local file on the system.
build Build a package from a directory containing a FORMULA file. Requires a valid path to a local
directory on the system.
create_repo
Scan a directory for valid SPM package files and build an SPM-METADATA file in that directory
which describes them.
See also
salt(1) salt-master(1) salt-minion(1)
SALT MODULE REFERENCE
This section contains a list of the Python modules that are used to extend the various subsystems within
Salt.
auth modules
────────────────────────────────────────────────────────
auto An "Always Approved" eauth interface
to test against, not intended for
────────────────────────────────────────────────────────
django Provide authentication using Django
Web Framework
────────────────────────────────────────────────────────
keystone Provide authentication using
OpenStack Keystone
────────────────────────────────────────────────────────
ldap Provide authentication using simple
LDAP binds
────────────────────────────────────────────────────────
mysql Provide authentication using MySQL.
────────────────────────────────────────────────────────
pam Authenticate against PAM
────────────────────────────────────────────────────────
pki Authenticate via a PKI certificate.
────────────────────────────────────────────────────────
rest Provide authentication using a REST
call
────────────────────────────────────────────────────────
sharedsecret Provide authentication using
configured shared secret
────────────────────────────────────────────────────────
stormpath Provide authentication using
Stormpath.
────────────────────────────────────────────────────────
yubico Provide authentication using YubiKey.
┌──────────────┬───────────────────────────────────────┐
│ │ │
salt.auth.auto │ │ │
--
APIS
Python client API
Salt provides several entry points for interfacing with Python applications. These entry points are
often referred to as *Client() APIs. Each client accesses different parts of Salt, either from the master
or from a minion. Each client is detailed below.
SEE ALSO:
There are many ways to access Salt programmatically.
Salt can be used from CLI scripts as well as via a REST interface.
See Salt's outputter system to retrieve structured data from Salt as JSON, or as shell-friendly text,
or many other formats.
See the state.event runner to utilize Salt's event bus from shell scripts.
Salt's netapi module provides access to Salt externally via a REST interface. Review the netapi
module documentation for more information.
Salt's opts dictionary
Some clients require access to Salt's opts dictionary. (The dictionary representation of the master or
minion config files.)
A common pattern for fetching the opts dictionary is to defer to environment variables if they exist or
otherwise fetch the config from the default location.
salt.config.client_config(path, env_var='SALT_CLIENT_CONFIG', defaults=None)
Load Master configuration data
Usage:
import salt.config
master_opts = salt.config.client_config('/etc/salt/master')
Returns a dictionary of the Salt Master configuration file with necessary options needed to
communicate with a locally-running Salt Master daemon. This function searches for client specific
configurations and adds them to the data from the master configuration.
This is useful for master-side operations like LocalClient.
salt.config.minion_config(path, env_var='SALT_MINION_CONFIG', defaults=None, cache_minion_id=False,
ignore_config_errors=True, minion_id=None, role='minion')
Reads in the minion configuration file and sets up special options
This is useful for Minion-side operations, such as the Caller class, and manually running the
loader interface.
import salt.config
minion_opts = salt.config.minion_config('/etc/salt/minion')
Salt's Loader Interface
Modules in the Salt ecosystem are loaded into memory using a custom loader system. This allows modules to
have conditional requirements (OS, OS version, installed libraries, etc) and allows Salt to inject
special variables (__salt__, __opts__, etc).
Most modules can be manually loaded. This is often useful in third-party Python apps or when writing
tests. However some modules require and expect a full, running Salt system underneath. Notably modules
that facilitate master-to-minion communication such as the mine, publish, and peer execution modules. The
error KeyError: 'master_uri' is a likely indicator for this situation. In those instances use the Caller
class to execute those modules instead.
Each module type has a corresponding loader function.
salt.loader.minion_mods(opts, context=None, utils=None, whitelist=None, initial_load=False,
loaded_base_name=None, notify=False, static_modules=None, proxy=None)
Load execution modules
Returns a dictionary of execution modules appropriate for the current system by evaluating the
__virtual__() function in each module.
Parameters
• opts (dict) -- The Salt options dictionary
• context (dict) -- A Salt context that should be made present inside generated modules in
__context__
• utils (dict) -- Utility functions which should be made available to Salt modules in
__utils__. See utils_dirs in salt.config for additional information about configuration.
• whitelist (list) -- A list of modules which should be whitelisted.
• initial_load (bool) -- Deprecated flag! Unused.
• loaded_base_name (str) -- A string marker for the loaded base name.
• notify (bool) -- Flag indicating that an event should be fired upon completion of module
loading.
import salt.config
import salt.loader
__opts__ = salt.config.minion_config('/etc/salt/minion')
__grains__ = salt.loader.grains(__opts__)
__opts__['grains'] = __grains__
__utils__ = salt.loader.utils(__opts__)
__salt__ = salt.loader.minion_mods(__opts__, utils=__utils__)
__salt__['test.ping']()
salt.loader.raw_mod(opts, name, functions, mod='modules')
Returns a single module loaded raw and bypassing the __virtual__ function
import salt.config
import salt.loader
__opts__ = salt.config.minion_config('/etc/salt/minion')
testmod = salt.loader.raw_mod(__opts__, 'test', None)
testmod['test.ping']()
salt.loader.states(opts, functions, utils, serializers, whitelist=None, proxy=None)
Returns the state modules
Parameters
• opts (dict) -- The Salt options dictionary
• functions (dict) -- A dictionary of minion modules, with module names as keys and funcs
as values.
import salt.config
import salt.loader
__opts__ = salt.config.minion_config('/etc/salt/minion')
statemods = salt.loader.states(__opts__, None, None)
salt.loader.grains(opts, force_refresh=False, proxy=None)
Return the functions for the dynamic grains and the values for the static grains.
Since grains are computed early in the startup process, grains functions do not have __salt__ or
__proxy__ available. At proxy-minion startup, this function is called with the proxymodule
LazyLoader object so grains functions can communicate with their controlled device.
import salt.config
import salt.loader
__opts__ = salt.config.minion_config('/etc/salt/minion')
__grains__ = salt.loader.grains(__opts__)
print __grains__['id']
salt.loader.grain_funcs(opts, proxy=None)
Returns the grain functions
import salt.config
import salt.loader
__opts__ = salt.config.minion_config('/etc/salt/minion')
grainfuncs = salt.loader.grain_funcs(__opts__)
Salt's Client Interfaces
LocalClient
class salt.client.LocalClient(c_path='/etc/salt/master', mopts=None, skip_perm_errors=False,
io_loop=None, keep_loop=False, auto_reconnect=False)
The interface used by the salt CLI tool on the Salt Master
LocalClient is used to send a command to Salt minions to execute execution modules and return the
results to the Salt Master.
Importing and using LocalClient must be done on the same machine as the Salt Master and it must be
done using the same user that the Salt Master is running as. (Unless external_auth is configured
and authentication credentials are included in the execution).
NOTE:
The LocalClient uses a Tornado IOLoop, this can create issues when using the LocalClient inside
an existing IOLoop. If creating the LocalClient in partnership with another IOLoop either
create the IOLoop before creating the LocalClient, or when creating the IOLoop use
ioloop.current() which will return the ioloop created by LocalClient.
import salt.client
local = salt.client.LocalClient()
local.cmd('*', 'test.fib', [10])
cmd(tgt, fun, arg=(), timeout=None, tgt_type='glob', ret='', jid='', full_return=False,
kwarg=None, **kwargs)
Synchronously execute a command on targeted minions
The cmd method will execute and wait for the timeout period for all minions to reply, then
it will return all minion data at once.
>>> import salt.client
>>> local = salt.client.LocalClient()
>>> local.cmd('*', 'cmd.run', ['whoami'])
{'jerry': 'root'}
With extra keyword arguments for the command function to be run:
local.cmd('*', 'test.arg', ['arg1', 'arg2'], kwarg={'foo': 'bar'})
Compound commands can be used for multiple executions in a single publish. Function names
and function arguments are provided in separate lists but the index values must correlate
and an empty list must be used if no arguments are required.
>>> local.cmd('*', [
'grains.items',
'sys.doc',
'cmd.run',
],
[
[],
[],
['uptime'],
])
Parameters
• tgt (string or list) -- Which minions to target for the execution. Default is
shell glob. Modified by the tgt_type option.
• fun (string or list of strings) --
The module and function to call on the specified minions of the form
module.function. For example test.ping or grains.items.
Compound commands
Multiple functions may be called in a single publish by passing a list of
commands. This can dramatically lower overhead and speed up the application
communicating with Salt.
This requires that the arg param is a list of lists. The fun list and the
arg list must correlate by index meaning a function that does not take
arguments must still have a corresponding empty list at the expected index.
• arg (list or list-of-lists) -- A list of arguments to pass to the remote function.
If the function takes no arguments arg may be omitted except when executing a
compound command.
• timeout -- Seconds to wait after the last minion returns but before all minions
return.
• tgt_type --
The type of tgt. Allowed values:
• glob - Bash glob completion - Default
• pcre - Perl style regular expression
• list - Python list of hosts
• grain - Match based on a grain comparison
• grain_pcre - Grain comparison with a regex
• pillar - Pillar data comparison
• pillar_pcre - Pillar data comparison with a regex
• nodegroup - Match on nodegroup
• range - Use a Range server for matching
• compound - Pass a compound match string
• ipcidr - Match based on Subnet (CIDR notation) or IPv4 address.
Changed in version 2017.7.0: Renamed from expr_form to tgt_type
• ret -- The returner to use. The value passed can be single returner, or a comma
delimited list of returners to call in order on the minions
• kwarg -- A dictionary with keyword arguments for the function.
• full_return -- Output the job return only (default) or the full return including
exit code and other job metadata.
• kwargs --
Optional keyword arguments. Authentication credentials may be passed when using
external_auth.
For example: local.cmd('*', 'test.ping', username='saltdev', password='saltdev',
eauth='pam'). Or: local.cmd('*', 'test.ping',
token='5871821ea51754fdcea8153c1c745433')
Returns
A dictionary with the result of the execution, keyed by minion ID. A compound
command will return a sub-dictionary keyed by function name.
cmd_async(tgt, fun, arg=(), tgt_type='glob', ret='', jid='', kwarg=None, **kwargs)
Asynchronously send a command to connected minions
The function signature is the same as cmd() with the following exceptions.
Returns
A job ID or 0 on failure.
>>> local.cmd_async('*', 'test.sleep', [300])
'20131219215921857715'
cmd_batch(tgt, fun, arg=(), tgt_type='glob', ret='', kwarg=None, batch='10%', **kwargs)
Iteratively execute a command on subsets of minions at a time
The function signature is the same as cmd() with the following exceptions.
Parameters
batch -- The batch identifier of systems to execute on
Returns
A generator of minion returns
>>> returns = local.cmd_batch('*', 'state.highstate', batch='10%')
>>> for ret in returns:
... print(ret)
{'jerry': {...}}
{'dave': {...}}
{'stewart': {...}}
cmd_iter(tgt, fun, arg=(), timeout=None, tgt_type='glob', ret='', kwarg=None, **kwargs)
Yields the individual minion returns as they come in
The function signature is the same as cmd() with the following exceptions.
Returns
A generator yielding the individual minion returns
>>> ret = local.cmd_iter('*', 'test.ping')
>>> for i in ret:
... print(i)
{'jerry': {'ret': True}}
{'dave': {'ret': True}}
{'stewart': {'ret': True}}
cmd_iter_no_block(tgt, fun, arg=(), timeout=None, tgt_type='glob', ret='', kwarg=None,
show_jid=False, verbose=False, **kwargs)
Yields the individual minion returns as they come in, or None
when no returns are available.
The function signature is the same as cmd() with the following exceptions.
Returns
A generator yielding the individual minion returns, or None when no returns are
available. This allows for actions to be injected in between minion returns.
>>> ret = local.cmd_iter_no_block('*', 'test.ping')
>>> for i in ret:
... print(i)
None
{'jerry': {'ret': True}}
{'dave': {'ret': True}}
None
{'stewart': {'ret': True}}
cmd_subset(tgt, fun, arg=(), tgt_type='glob', ret='', kwarg=None, sub=3, cli=False,
progress=False, **kwargs)
Execute a command on a random subset of the targeted systems
The function signature is the same as cmd() with the following exceptions.
Parameters
sub -- The number of systems to execute on
>>> SLC.cmd_subset('*', 'test.ping', sub=1)
{'jerry': True}
get_cli_returns(jid, minions, timeout=None, tgt='*', tgt_type='glob', verbose=False,
show_jid=False, **kwargs)
Starts a watcher looking at the return data for a specified JID
Returns
all of the information for the JID
get_event_iter_returns(jid, minions, timeout=None)
Gather the return data from the event system, break hard when timeout is reached.
run_job(tgt, fun, arg=(), tgt_type='glob', ret='', timeout=None, jid='', kwarg=None, listen=False,
**kwargs)
Asynchronously send a command to connected minions
Prep the job directory and publish a command to any targeted minions.
Returns
A dictionary of (validated) pub_data or an empty dictionary on failure. The pub_data
contains the job ID and a list of all minions that are expected to return data.
>>> local.run_job('*', 'test.sleep', [300])
{'jid': '20131219215650131543', 'minions': ['jerry']}
Salt Caller
class salt.client.Caller(c_path='/etc/salt/minion', mopts=None)
Caller is the same interface used by the salt-call command-line tool on the Salt Minion.
Changed in version 2015.8.0: Added the cmd method for consistency with the other Salt clients.
The existing function and sminion.functions interfaces still exist but have been removed from the
docs.
Importing and using Caller must be done on the same machine as a Salt Minion and it must be done
using the same user that the Salt Minion is running as.
Usage:
import salt.client
caller = salt.client.Caller()
caller.cmd('test.ping')
Note, a running master or minion daemon is not required to use this class. Running salt-call
--local simply sets file_client to 'local'. The same can be achieved at the Python level by
including that setting in a minion config file.
New in version 2014.7.0: Pass the minion config as the mopts dictionary.
import salt.client
import salt.config
__opts__ = salt.config.minion_config('/etc/salt/minion')
__opts__['file_client'] = 'local'
caller = salt.client.Caller(mopts=__opts__)
cmd(fun, *args, **kwargs)
Call an execution module with the given arguments and keyword arguments
Changed in version 2015.8.0: Added the cmd method for consistency with the other Salt
clients. The existing function and sminion.functions interfaces still exist but have been
removed from the docs.
caller.cmd('test.arg', 'Foo', 'Bar', baz='Baz')
caller.cmd('event.send', 'myco/myevent/something',
data={'foo': 'Foo'}, with_env=['GIT_COMMIT'], with_grains=True)
RunnerClient
class salt.runner.RunnerClient(opts)
The interface used by the salt-run CLI tool on the Salt Master
It executes runner modules which run on the Salt Master.
Importing and using RunnerClient must be done on the same machine as the Salt Master and it must
be done using the same user that the Salt Master is running as.
Salt's external_auth can be used to authenticate calls. The eauth user must be authorized to
execute runner modules: (@runner). Only the master_call() below supports eauth.
async(fun, low, user='UNKNOWN', pub=None)
Execute the function in a multiprocess and return the event tag to use to watch for the
return
cmd(fun, arg=None, pub_data=None, kwarg=None, print_event=True, full_return=False)
Execute a function
cmd_async(low)
Execute a runner function asynchronously; eauth is respected
This function requires that external_auth is configured and the user is authorized to
execute runner functions: (@runner).
runner.eauth_async({
'fun': 'jobs.list_jobs',
'username': 'saltdev',
'password': 'saltdev',
'eauth': 'pam',
})
cmd_sync(low, timeout=None, full_return=False)
Execute a runner function synchronously; eauth is respected
This function requires that external_auth is configured and the user is authorized to
execute runner functions: (@runner).
runner.eauth_sync({
'fun': 'jobs.list_jobs',
'username': 'saltdev',
'password': 'saltdev',
'eauth': 'pam',
})
WheelClient
class salt.wheel.WheelClient(opts=None)
An interface to Salt's wheel modules
Wheel modules interact with various parts of the Salt Master.
Importing and using WheelClient must be done on the same machine as the Salt Master and it must be
done using the same user that the Salt Master is running as. Unless external_auth is configured
and the user is authorized to execute wheel functions: (@wheel).
Usage:
import salt.config
import salt.wheel
opts = salt.config.master_config('/etc/salt/master')
wheel = salt.wheel.WheelClient(opts)
async(fun, low, user='UNKNOWN', pub=None)
Execute the function in a multiprocess and return the event tag to use to watch for the
return
cmd(fun, arg=None, pub_data=None, kwarg=None, print_event=True, full_return=False)
Execute a function
>>> wheel.cmd('key.finger', ['jerry'])
{'minions': {'jerry': '5d:f6:79:43:5e:d4:42:3f:57:b8:45:a8:7e:a4:6e:ca'}}
cmd_async(low)
Execute a function asynchronously; eauth is respected
This function requires that external_auth is configured and the user is authorized
>>> wheel.cmd_async({
'fun': 'key.finger',
'match': 'jerry',
'eauth': 'auto',
'username': 'saltdev',
'password': 'saltdev',
})
{'jid': '20131219224744416681', 'tag': 'salt/wheel/20131219224744416681'}
cmd_sync(low, timeout=None, full_return=False)
Execute a wheel function synchronously; eauth is respected
This function requires that external_auth is configured and the user is authorized to
execute runner functions: (@wheel).
>>> wheel.cmd_sync({
'fun': 'key.finger',
'match': 'jerry',
'eauth': 'auto',
'username': 'saltdev',
'password': 'saltdev',
})
{'minions': {'jerry': '5d:f6:79:43:5e:d4:42:3f:57:b8:45:a8:7e:a4:6e:ca'}}
CloudClient
class salt.cloud.CloudClient(path=None, opts=None, config_dir=None, pillars=None)
The client class to wrap cloud interactions
action(fun=None, cloudmap=None, names=None, provider=None, instance=None, kwargs=None)
Execute a single action via the cloud plugin backend
Examples:
client.action(fun='show_instance', names=['myinstance'])
client.action(fun='show_image', provider='my-ec2-config',
kwargs={'image': 'ami-10314d79'}
)
create(provider, names, **kwargs)
Create the named VMs, without using a profile
Example:
client.create(provider='my-ec2-config', names=['myinstance'],
image='ami-1624987f', size='t1.micro', ssh_username='ec2-user',
securitygroup='default', delvol_on_destroy=True)
destroy(names)
Destroy the named VMs
extra_action(names, provider, action, **kwargs)
Perform actions with block storage devices
Example:
client.extra_action(names=['myblock'], action='volume_create',
provider='my-nova', kwargs={'voltype': 'SSD', 'size': 1000}
)
client.extra_action(names=['salt-net'], action='network_create',
provider='my-nova', kwargs={'cidr': '192.168.100.0/24'}
)
full_query(query_type='list_nodes_full')
Query all instance information
list_images(provider=None)
List all available images in configured cloud systems
list_locations(provider=None)
List all available locations in configured cloud systems
list_sizes(provider=None)
List all available sizes in configured cloud systems
low(fun, low)
Pass the cloud function and low data structure to run
map_run(path=None, **kwargs)
Pass in a location for a map to execute
min_query(query_type='list_nodes_min')
Query select instance information
profile(profile, names, vm_overrides=None, **kwargs)
Pass in a profile to create, names is a list of vm names to allocate
vm_overrides is a special dict that will be per node options overrides
Example:
>>> client= salt.cloud.CloudClient(path='/etc/salt/cloud')
>>> client.profile('do_512_git', names=['minion01',])
{'minion01': {u'backups_active': 'False',
u'created_at': '2014-09-04T18:10:15Z',
u'droplet': {u'event_id': 31000502,
u'id': 2530006,
u'image_id': 5140006,
u'name': u'minion01',
u'size_id': 66},
u'id': '2530006',
u'image_id': '5140006',
u'ip_address': '107.XXX.XXX.XXX',
u'locked': 'True',
u'name': 'minion01',
u'private_ip_address': None,
u'region_id': '4',
u'size_id': '66',
u'status': 'new'}}
query(query_type='list_nodes')
Query basic instance information
select_query(query_type='list_nodes_select')
Query select instance information
SSHClient
class salt.client.ssh.client.SSHClient(c_path='/etc/salt/master', mopts=None,
disable_custom_roster=False)
Create a client object for executing routines via the salt-ssh backend
New in version 2015.5.0.
cmd(tgt, fun, arg=(), timeout=None, tgt_type='glob', kwarg=None, **kwargs)
Execute a single command via the salt-ssh subsystem and return all routines at once
New in version 2015.5.0.
cmd_iter(tgt, fun, arg=(), timeout=None, tgt_type='glob', ret='', kwarg=None, **kwargs)
Execute a single command via the salt-ssh subsystem and return a generator
New in version 2015.5.0.
netapi modules
Introduction to netapi modules
netapi modules provide API-centric access to Salt. Usually externally-facing services such as REST or
WebSockets, XMPP, XMLRPC, etc.
In general netapi modules bind to a port and start a service. They are purposefully open-ended. A single
module can be configured to run as well as multiple modules simultaneously.
netapi modules are enabled by adding configuration to your Salt Master config file and then starting the
salt-api daemon. Check the docs for each module to see external requirements and configuration settings.
Communication with Salt and Salt satellite projects is done using Salt's own Python API. A list of
available client interfaces is below.
salt-api
Prior to Salt's 2014.7.0 release, netapi modules lived in the separate sister projected
salt-api. That project has been merged into the main Salt project.
SEE ALSO:
The full list of netapi modules
Client interfaces
Salt's client interfaces expose executing functions by crafting a dictionary of values that are mapped to
function arguments. This allows calling functions simply by creating a data structure. (And this is
exactly how much of Salt's own internals work!)
class salt.netapi.NetapiClient(opts)
Provide a uniform method of accessing the various client interfaces in Salt in the form of
low-data data structures. For example:
>>> client = NetapiClient(__opts__)
>>> lowstate = {'client': 'local', 'tgt': '*', 'fun': 'test.ping', 'arg': ''}
>>> client.run(lowstate)
local(*args, **kwargs)
Run execution modules synchronously
See salt.client.LocalClient.cmd() for all available parameters.
Sends a command from the master to the targeted minions. This is the same interface that
Salt's own CLI uses. Note the arg and kwarg parameters are sent down to the minion(s) and
the given function, fun, is called with those parameters.
Returns
Returns the result from the execution module
local_async(*args, **kwargs)
Run execution modules asynchronously
Wraps salt.client.LocalClient.run_job().
Returns
job ID
local_subset(*args, **kwargs)
Run execution modules against subsets of minions
New in version 2016.3.0.
Wraps salt.client.LocalClient.cmd_subset()
runner(fun, timeout=None, full_return=False, **kwargs)
Run runner modules <all-salt.runners> synchronously
Wraps salt.runner.RunnerClient.cmd_sync().
Note that runner functions must be called using keyword arguments. Positional arguments
are not supported.
Returns
Returns the result from the runner module
runner_async(fun, **kwargs)
Run runner modules <all-salt.runners> asynchronously
Wraps salt.runner.RunnerClient.cmd_async().
Note that runner functions must be called using keyword arguments. Positional arguments
are not supported.
Returns
event data and a job ID for the executed function.
ssh(*args, **kwargs)
Run salt-ssh commands synchronously
Wraps salt.client.ssh.client.SSHClient.cmd_sync().
Returns
Returns the result from the salt-ssh command
wheel(fun, **kwargs)
Run wheel modules synchronously
Wraps salt.wheel.WheelClient.master_call().
Note that wheel functions must be called using keyword arguments. Positional arguments are
not supported.
Returns
Returns the result from the wheel module
wheel_async(fun, **kwargs)
Run wheel modules asynchronously
Wraps salt.wheel.WheelClient.master_call().
Note that wheel functions must be called using keyword arguments. Positional arguments are
not supported.
Returns
Returns the result from the wheel module
HTTP Modules
This tutorial demonstrates using the various HTTP modules available in Salt. These modules wrap the
Python tornado, urllib2, and requests libraries, extending them in a manner that is more consistent with
Salt workflows.
The salt.utils.http Library
This library forms the core of the HTTP modules. Since it is designed to be used from the minion as an
execution module, in addition to the master as a runner, it was abstracted into this multi-use library.
This library can also be imported by 3rd-party programs wishing to take advantage of its extended
functionality.
Core functionality of the execution, state, and runner modules is derived from this library, so common
usages between them are described here. Documentation specific to each module is described below.
This library can be imported with:
import salt.utils.http
Configuring Libraries
This library can make use of either tornado, which is required by Salt, urllib2, which ships with Python,
or requests, which can be installed separately. By default, tornado will be used. In order to switch to
urllib2, set the following variable:
backend: urllib2
In order to switch to requests, set the following variable:
backend: requests
This can be set in the master or minion configuration file, or passed as an option directly to any
http.query() functions.
salt.utils.http.query()
This function forms a basic query, but with some add-ons not present in the tornado, urllib2, and
requests libraries. Not all functionality currently available in these libraries has been added, but can
be in future iterations.
HTTPS Request Methods
A basic query can be performed by calling this function with no more than a single URL:
salt.utils.http.query('http://example.com')
By default the query will be performed with a GET method. The method can be overridden with the method
argument:
salt.utils.http.query('http://example.com/delete/url', 'DELETE')
When using the POST method (and others, such as PUT), extra data is usually sent as well. This data can
be sent directly, in whatever format is required by the remote server (XML, JSON, plain text, etc).
salt.utils.http.query(
'http://example.com/delete/url',
method='POST',
data=json.loads(mydict)
)
Data Formatting and Templating
Bear in mind that the data must be sent pre-formatted; this function will not format it for you. However,
a templated file stored on the local system may be passed through, along with variables to populate it
with. To pass through only the file (untemplated):
salt.utils.http.query(
'http://example.com/post/url',
method='POST',
data_file='/srv/salt/somefile.xml'
)
To pass through a file that contains jinja + yaml templating (the default):
salt.utils.http.query(
'http://example.com/post/url',
method='POST',
data_file='/srv/salt/somefile.jinja',
data_render=True,
template_dict={'key1': 'value1', 'key2': 'value2'}
)
To pass through a file that contains mako templating:
salt.utils.http.query(
'http://example.com/post/url',
method='POST',
data_file='/srv/salt/somefile.mako',
data_render=True,
data_renderer='mako',
template_dict={'key1': 'value1', 'key2': 'value2'}
)
Because this function uses Salt's own rendering system, any Salt renderer can be used. Because Salt's
renderer requires __opts__ to be set, an opts dictionary should be passed in. If it is not, then the
default __opts__ values for the node type (master or minion) will be used. Because this library is
intended primarily for use by minions, the default node type is minion. However, this can be changed to
master if necessary.
salt.utils.http.query(
'http://example.com/post/url',
method='POST',
data_file='/srv/salt/somefile.jinja',
data_render=True,
template_dict={'key1': 'value1', 'key2': 'value2'},
opts=__opts__
)
salt.utils.http.query(
'http://example.com/post/url',
method='POST',
data_file='/srv/salt/somefile.jinja',
data_render=True,
template_dict={'key1': 'value1', 'key2': 'value2'},
node='master'
)
Headers
Headers may also be passed through, either as a header_list, a header_dict, or as a header_file. As with
the data_file, the header_file may also be templated. Take note that because HTTP headers are normally
syntactically-correct YAML, they will automatically be imported as an a Python dict.
salt.utils.http.query(
'http://example.com/delete/url',
method='POST',
header_file='/srv/salt/headers.jinja',
header_render=True,
header_renderer='jinja',
template_dict={'key1': 'value1', 'key2': 'value2'}
)
Because much of the data that would be templated between headers and data may be the same, the
template_dict is the same for both. Correcting possible variable name collisions is up to the user.
Authentication
The query() function supports basic HTTP authentication. A username and password may be passed in as
username and password, respectively.
salt.utils.http.query(
'http://example.com',
username='larry',
password=`5700g3543v4r`,
)
Cookies and Sessions
Cookies are also supported, using Python's built-in cookielib. However, they are turned off by default.
To turn cookies on, set cookies to True.
salt.utils.http.query(
'http://example.com',
cookies=True
)
By default cookies are stored in Salt's cache directory, normally /var/cache/salt, as a file called
cookies.txt. However, this location may be changed with the cookie_jar argument:
salt.utils.http.query(
'http://example.com',
cookies=True,
cookie_jar='/path/to/cookie_jar.txt'
)
By default, the format of the cookie jar is LWP (aka, lib-www-perl). This default was chosen because it
is a human-readable text file. If desired, the format of the cookie jar can be set to Mozilla:
salt.utils.http.query(
'http://example.com',
cookies=True,
cookie_jar='/path/to/cookie_jar.txt',
cookie_format='mozilla'
)
Because Salt commands are normally one-off commands that are piped together, this library cannot normally
behave as a normal browser, with session cookies that persist across multiple HTTP requests. However, the
session can be persisted in a separate cookie jar. The default filename for this file, inside Salt's
cache directory, is cookies.session.p. This can also be changed.
salt.utils.http.query(
'http://example.com',
persist_session=True,
session_cookie_jar='/path/to/jar.p'
)
The format of this file is msgpack, which is consistent with much of the rest of Salt's internal
structure. Historically, the extension for this file is .p. There are no current plans to make this
configurable.
Proxy
If the tornado backend is used (tornado is the default), proxy information configured in proxy_host,
proxy_port, proxy_username, and proxy_password from the __opts__ dictionary will be used. Normally these
are set in the minion configuration file.
proxy_host: proxy.my-domain
proxy_port: 31337
proxy_username: charon
proxy_password: obolus
salt.utils.http.query(
'http://example.com',
opts=__opts__,
backend='tornado'
)
Return Data
NOTE:
Return data encoding
If decode is set to True, query() will attempt to decode the return data. decode_type defaults to
auto. Set it to a specific encoding, xml, for example, to override autodetection.
Because Salt's http library was designed to be used with REST interfaces, query() will attempt to decode
the data received from the remote server when decode is set to True. First it will check the
Content-type header to try and find references to XML. If it does not find any, it will look for
references to JSON. If it does not find any, it will fall back to plain text, which will not be decoded.
JSON data is translated into a dict using Python's built-in json library. XML is translated using
salt.utils.xml_util, which will use Python's built-in XML libraries to attempt to convert the XML into a
dict. In order to force either JSON or XML decoding, the decode_type may be set:
salt.utils.http.query(
'http://example.com',
decode_type='xml'
)
Once translated, the return dict from query() will include a dict called dict.
If the data is not to be translated using one of these methods, decoding may be turned off.
salt.utils.http.query(
'http://example.com',
decode=False
)
If decoding is turned on, and references to JSON or XML cannot be found, then this module will default to
plain text, and return the undecoded data as text (even if text is set to False; see below).
The query() function can return the HTTP status code, headers, and/or text as required. However, each
must individually be turned on.
salt.utils.http.query(
'http://example.com',
status=True,
headers=True,
text=True
)
The return from these will be found in the return dict as status, headers and text, respectively.
Writing Return Data to Files
It is possible to write either the return data or headers to files, as soon as the response is received
from the server, but specifying file locations via the text_out or headers_out arguments. text and
headers do not need to be returned to the user in order to do this.
salt.utils.http.query(
'http://example.com',
text=False,
headers=False,
text_out='/path/to/url_download.txt',
headers_out='/path/to/headers_download.txt',
)
SSL Verification
By default, this function will verify SSL certificates. However, for testing or debugging purposes, SSL
verification can be turned off.
salt.utils.http.query(
'https://example.com',
verify_ssl=False,
)
CA Bundles
The requests library has its own method of detecting which CA (certificate authority) bundle file to use.
Usually this is implemented by the packager for the specific operating system distribution that you are
using. However, urllib2 requires a little more work under the hood. By default, Salt will try to
auto-detect the location of this file. However, if it is not in an expected location, or a different path
needs to be specified, it may be done so using the ca_bundle variable.
salt.utils.http.query(
'https://example.com',
ca_bundle='/path/to/ca_bundle.pem',
)
Updating CA Bundles
The update_ca_bundle() function can be used to update the bundle file at a specified location. If the
target location is not specified, then it will attempt to auto-detect the location of the bundle file. If
the URL to download the bundle from does not exist, a bundle will be downloaded from the cURL website.
CAUTION: The target and the source should always be specified! Failure to specify the target may result
in the file being written to the wrong location on the local system. Failure to specify the source may
cause the upstream URL to receive excess unnecessary traffic, and may cause a file to be download which
is hazardous or does not meet the needs of the user.
salt.utils.http.update_ca_bundle(
target='/path/to/ca-bundle.crt',
source='https://example.com/path/to/ca-bundle.crt',
opts=__opts__,
)
The opts parameter should also always be specified. If it is, then the target and the source may be
specified in the relevant configuration file (master or minion) as ca_bundle and ca_bundle_url,
respectively.
ca_bundle: /path/to/ca-bundle.crt
ca_bundle_url: https://example.com/path/to/ca-bundle.crt
If Salt is unable to auto-detect the location of the CA bundle, it will raise an error.
The update_ca_bundle() function can also be passed a string or a list of strings which represent files on
the local system, which should be appended (in the specified order) to the end of the CA bundle file.
This is useful in environments where private certs need to be made available, and are not otherwise
reasonable to add to the bundle file.
salt.utils.http.update_ca_bundle(
opts=__opts__,
merge_files=[
'/etc/ssl/private_cert_1.pem',
'/etc/ssl/private_cert_2.pem',
'/etc/ssl/private_cert_3.pem',
]
)
Test Mode
This function may be run in test mode. This mode will perform all work up until the actual HTTP request.
By default, instead of performing the request, an empty dict will be returned. Using this function with
TRACE logging turned on will reveal the contents of the headers and POST data to be sent.
Rather than returning an empty dict, an alternate test_url may be passed in. If this is detected, then
test mode will replace the url with the test_url, set test to True in the return data, and perform the
rest of the requested operations as usual. This allows a custom, non-destructive URL to be used for
testing when necessary.
Execution Module
The http execution module is a very thin wrapper around the salt.utils.http library. The opts can be
passed through as well, but if they are not specified, the minion defaults will be used as necessary.
Because passing complete data structures from the command line can be tricky at best and dangerous (in
terms of execution injection attacks) at worse, the data_file, and header_file are likely to see more use
here.
All methods for the library are available in the execution module, as kwargs.
salt myminion http.query http://example.com/restapi method=POST \
username='larry' password='5700g3543v4r' headers=True text=True \
status=True decode_type=xml data_render=True \
header_file=/tmp/headers.txt data_file=/tmp/data.txt \
header_render=True cookies=True persist_session=True
Runner Module
Like the execution module, the http runner module is a very thin wrapper around the salt.utils.http
library. The only significant difference is that because runners execute on the master instead of a
minion, a target is not required, and default opts will be derived from the master config, rather than
the minion config.
All methods for the library are available in the runner module, as kwargs.
salt-run http.query http://example.com/restapi method=POST \
username='larry' password='5700g3543v4r' headers=True text=True \
status=True decode_type=xml data_render=True \
header_file=/tmp/headers.txt data_file=/tmp/data.txt \
header_render=True cookies=True persist_session=True
State Module
The state module is a wrapper around the runner module, which applies stateful logic to a query. All
kwargs as listed above are specified as usual in state files, but two more kwargs are available to apply
stateful logic. A required parameter is match, which specifies a pattern to look for in the return text.
By default, this will perform a string comparison of looking for the value of match in the return text.
In Python terms this looks like:
if match in html_text:
return True
If more complex pattern matching is required, a regular expression can be used by specifying a
match_type. By default this is set to string, but it can be manually set to pcre instead. Please note
that despite the name, this will use Python's re.search() rather than re.match().
Therefore, the following states are valid:
http://example.com/restapi:
http.query:
- match: 'SUCCESS'
- username: 'larry'
- password: '5700g3543v4r'
- data_render: True
- header_file: /tmp/headers.txt
- data_file: /tmp/data.txt
- header_render: True
- cookies: True
- persist_session: True
http://example.com/restapi:
http.query:
- match_type: pcre
- match: '(?i)succe[ss|ed]'
- username: 'larry'
- password: '5700g3543v4r'
- data_render: True
- header_file: /tmp/headers.txt
- data_file: /tmp/data.txt
- header_render: True
- cookies: True
- persist_session: True
In addition to, or instead of a match pattern, the status code for a URL can be checked. This is done
using the status argument:
http://example.com/:
http.query:
- status: '200'
If both are specified, both will be checked, but if only one is True and the other is False, then False
will be returned. In this case, the comments in the return data will contain information for
troubleshooting.
Because this is a monitoring state, it will return extra data to code that expects it. This data will
always include text and status. Optionally, headers and dict may also be requested by setting the headers
and decode arguments to True, respectively.
Writing netapi modules
netapi modules, put simply, bind a port and start a service. They are purposefully open-ended and can be
used to present a variety of external interfaces to Salt, and even present multiple interfaces at once.
SEE ALSO:
The full list of netapi modules
Configuration
All netapi configuration is done in the Salt master config and takes a form similar to the following:
rest_cherrypy:
port: 8000
debug: True
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/certs/localhost.key
The __virtual__ function
Like all module types in Salt, netapi modules go through Salt's loader interface to determine if they
should be loaded into memory and then executed.
The __virtual__ function in the module makes this determination and should return False or a string that
will serve as the name of the module. If the module raises an ImportError or any other errors, it will
not be loaded.
The start function
The start() function will be called for each netapi module that is loaded. This function should contain
the server loop that actually starts the service. This is started in a multiprocess.
Multiple instances
New in version 2016.11.0.
rest_cherrypy and rest_tornado support running multiple instances by copying and renaming entire
directory of those. To start the copied multiple netapi modules, add configuration blocks for the copied
netapi modules in the Salt Master config. The name of each added configuration block must match with the
name of each directory of the copied netapi module.
Inline documentation
As with the rest of Salt, it is a best-practice to include liberal inline documentation in the form of a
module docstring and docstrings on any classes, methods, and functions in your netapi module.
Loader “magic” methods
The loader makes the __opts__ data structure available to any function in a netapi module.
ARCHITECTURE
If you are used to configuration management tools that require you to plan down to the last detail before
you install anything, you are probably wondering why this section doesn't appear before the installation
instructions. With Salt, you can switch to a high availability architecture at any time, and add
additional components to scale your deployment as you go.
Since a single Salt master can manage thousands of systems, we usually recommend that you start by
deploying a single Salt master, and then modifying your deployment as needed for redundancy, geographical
distribution, and scale.
High Availability Features in Salt
Salt supports several features for high availability and fault tolerance. Brief documentation for these
features is listed alongside their configuration parameters in Configuration file examples.
Multimaster
Salt minions can connect to multiple masters at one time by configuring the master configuration
parameter as a YAML list of all the available masters. By default, all masters are "hot", meaning that
any master can direct commands to the Salt infrastructure.
In a multimaster configuration, each master must have the same cryptographic keys, and minion keys must
be accepted on all masters separately. The contents of file_roots and pillar_roots need to be kept in
sync with processes external to Salt as well
A tutorial on setting up multimaster with "hot" masters is here:
Multimaster Tutorial
Multimaster with Failover
Changing the master_type parameter from str to failover will cause minions to connect to the first
responding master in the list of masters. Every master_alive_interval seconds the minions will check to
make sure the current master is still responding. If the master does not respond, the minion will
attempt to connect to the next master in the list. If the minion runs out of masters, the list will be
recycled in case dead masters have been restored. Note that master_alive_interval must be present in the
minion configuration, or else the recurring job to check master status will not get scheduled.
Failover can be combined with PKI-style encrypted keys, but PKI is NOT REQUIRED to use failover.
Multimaster with PKI and Failover is discussed in this tutorial
master_type: failover can be combined with master_shuffle: True to spread minion connections across all
masters (one master per minion, not each minion connecting to all masters). Adding Salt Syndics into the
mix makes it possible to create a load-balanced Salt infrastructure. If a master fails, minions will
notice and select another master from the available list.
Syndic
Salt's Syndic feature is a way to create differing infrastructure topologies. It is not strictly an HA
feature, but can be treated as such.
With the syndic, a Salt infrastructure can be partitioned in such a way that certain masters control
certain segments of the infrastructure, and "Master of Masters" nodes can control multiple segments
underneath them.
Syndics are covered in depth in Salt Syndic.
Syndic with Multimaster
New in version 2015.5.0.
Syndic with Multimaster lets you connect a syndic to multiple masters to provide an additional layer of
redundancy in a syndic configuration.
Syndics are covered in depth in Salt Syndic.
Salt Syndic
The most basic or typical Salt topology consists of a single Master node controlling a group of Minion
nodes. An intermediate node type, called Syndic, when used offers greater structural flexibility and
scalability in the construction of Salt topologies than topologies constructed only out of Master and
Minion node types.
A Syndic node can be thought of as a special passthrough Minion node. A Syndic node consists of a
salt-syndic daemon and a salt-master daemon running on the same system. The salt-master daemon running
on the Syndic node controls a group of lower level Minion nodes and the salt-syndic daemon connects
higher level Master node, sometimes called a Master of Masters.
The salt-syndic daemon relays publications and events between the Master node and the local salt-master
daemon. This gives the Master node control over the Minion nodes attached to the salt-master daemon
running on the Syndic node.
Configuring the Syndic
To setup a Salt Syndic you need to tell the Syndic node and its Master node about each other. If your
Master node is located at 10.10.0.1, then your configurations would be:
On the Syndic node:
# /etc/salt/master
syndic_master: 10.10.0.1 # may be either an IP address or a hostname
# /etc/salt/minion
# id is shared by the salt-syndic daemon and a possible salt-minion daemon
# on the Syndic node
id: my_syndic
On the Master node:
# /etc/salt/master
order_masters: True
The syndic_master option tells the Syndic node where to find the Master node in the same way that the
master option tells a Minion node where to find a Master node.
The id option is used by the salt-syndic daemon to identify with the Master node and if unset will
default to the hostname or IP address of the Syndic just as with a Minion.
The order_masters option configures the Master node to send extra information with its publications that
is needed by Syndic nodes connected directly to it.
NOTE:
Each Syndic must provide its own file_roots directory. Files will not be automatically transferred
from the Master node.
Configuring the Syndic with Multimaster
New in version 2015.5.0.
Syndic with Multimaster lets you connect a syndic to multiple masters to provide an additional layer of
redundancy in a syndic configuration.
Higher level masters should first be configured in a multimaster configuration. See Multimaster
Tutorial.
On the syndic, the syndic_master option is populated with a list of the higher level masters.
Since each syndic is connected to each master, jobs sent from any master are forwarded to minions that
are connected to each syndic. If the master_id value is set in the master config on the higher level
masters, job results are returned to the master that originated the request in a best effort fashion.
Events/jobs without a master_id are returned to any available master.
Running the Syndic
The salt-syndic daemon is a separate process that needs to be started in addition to the salt-master
daemon running on the Syndic node. Starting the salt-syndic daemon is the same as starting the other
Salt daemons.
The Master node in many ways sees the Syndic as an ordinary Minion node. In particular, the Master will
need to accept the Syndic's Minion key as it would for any other Minion.
On the Syndic node:
# salt-syndic
or
# service salt-syndic start
On the Master node:
# salt-key -a my_syndic
The Master node will now be able to control the Minion nodes connected to the Syndic. Only the Syndic
key will be listed in the Master node's key registry but this also means that key activity between the
Syndic's Minions and the Syndic does not encumber the Master node. In this way, the Syndic's key on the
Master node can be thought of as a placeholder for the keys of all the Minion and Syndic nodes beneath
it, giving the Master node a clear, high level structural view on the Salt cluster.
On the Master node:
# salt-key -L
Accepted Keys:
my_syndic
Denied Keys:
Unaccepted Keys:
Rejected Keys:
# salt '*' test.ping
minion_1:
True
minion_2:
True
minion_4:
True
minion_3:
True
Topology
A Master node (a node which is itself not a Syndic to another higher level Master node) must run a
salt-master daemon and optionally a salt-minion daemon.
A Syndic node must run salt-syndic and salt-master daemons and optionally a salt-minion daemon.
A Minion node must run a salt-minion daemon.
When a salt-master daemon issues a command, it will be received by the Syndic and Minion nodes directly
connected to it. A Minion node will process the command in the way it ordinarily would. On a Syndic
node, the salt-syndic daemon will relay the command to the salt-master daemon running on the Syndic node,
which then propagates the command to the Minions and Syndics connected to it.
When events and job return data are generated by salt-minion daemons, they are aggregated by the
salt-master daemon they are connected to, which salt-master daemon then relays the data back through its
salt-syndic daemon until the data reaches the Master or Syndic node that issued the command.
Syndic wait
syndic_wait is a master configuration file setting that specifies the number of seconds the Salt client
should wait for additional syndics to check in with their lists of expected minions before giving up.
This value defaults to 5 seconds.
The syndic_wait setting is necessary because the higher-level master does not have a way of knowing which
minions are below the syndics. The higher-level master has its own list of expected minions and the
masters below them have their own lists as well, so the Salt client does not how long to wait for all
returns. The syndic_wait option allows time for all minions to return to the Salt client.
NOTE:
To reduce the amount of time the CLI waits for Minions to respond, install a Minion on the Syndic or
tune the value of the syndic_wait configuration.
While it is possible to run a Syndic without a Minion installed on the same system, it is recommended,
for a faster CLI response time, to do so. Without a Minion installed on the Syndic node, the timeout
value of syndic_wait increases significantly - about three-fold. With a Minion installed on the Syndic,
the CLI timeout resides at the value defined in syndic_wait.
NOTE:
If you have a very large infrastructure or many layers of Syndics, you may find that the CLI doesn't
wait long enough for the Syndics to return their events. If you think this is the case, you can set
the syndic_wait value in the Master configs on the Master or Syndic nodes from which commands are
executed. The default value is 5, and should work for the majority of deployments.
In order for a Master or Syndic node to return information from Minions that are below their Syndics, the
CLI requires a short wait time in order to allow the Syndics to gather responses from their Minions. This
value is defined in the syndic_wait config option and has a default of five seconds.
Syndic config options
These are the options that can be used to configure a Syndic node. Note that other than id, Syndic
config options are placed in the Master config on the Syndic node.
• id: Syndic id (shared by the salt-syndic daemon with a potential salt-minion daemon on the same
system)
• syndic_master: Master node IP address or hostname
• syndic_master_port: Master node ret_port
• syndic_log_file: path to the logfile (absolute or not)
• syndic_pidfile: path to the pidfile (absolute or not)
• syndic_wait: time in seconds to wait on returns from this syndic
Minion Data Cache
Beginning with Salt 2016.11.0, the Pluggable Minion Data Cache was introduced. The minion data cache
contains the Salt Mine data, minion grains, and minion pillar information cached on the Salt Master. By
default, Salt uses the localfs cache module, but other external data stores can be used instead.
Using a pluggable minion cache modules allows for the data stored on a Salt Master about Salt Minions to
be replicated on other Salt Masters the Minion is connected to. Please see the Minion Data Cache
documentation for more information and configuration examples.
Using Salt at scale
The focus of this tutorial will be building a Salt infrastructure for handling large numbers of minions.
This will include tuning, topology, and best practices.
For how to install the Salt Master please go here: Installing saltstack
NOTE:
This tutorial is intended for large installations, although these same settings won't hurt, it may not
be worth the complexity to smaller installations.
When used with minions, the term 'many' refers to at least a thousand and 'a few' always means 500.
For simplicity reasons, this tutorial will default to the standard ports used by Salt.
The Master
The most common problems on the Salt Master are:
1. too many minions authing at once
2. too many minions re-authing at once
3. too many minions re-connecting at once
4. too many minions returning at once
5. too few resources (CPU/HDD)
The first three are all "thundering herd" problems. To mitigate these issues we must configure the
minions to back-off appropriately when the Master is under heavy load.
The fourth is caused by masters with little hardware resources in combination with a possible bug in
ZeroMQ. At least that's what it looks like till today (Issue 118651, Issue 5948, Mail thread)
To fully understand each problem, it is important to understand, how Salt works.
Very briefly, the Salt Master offers two services to the minions.
• a job publisher on port 4505
• an open port 4506 to receive the minions returns
All minions are always connected to the publisher on port 4505 and only connect to the open return port
4506 if necessary. On an idle Master, there will only be connections on port 4505.
Too many minions authing
When the Minion service is first started up, it will connect to its Master's publisher on port 4505. If
too many minions are started at once, this can cause a "thundering herd". This can be avoided by not
starting too many minions at once.
The connection itself usually isn't the culprit, the more likely cause of master-side issues is the
authentication that the Minion must do with the Master. If the Master is too heavily loaded to handle the
auth request it will time it out. The Minion will then wait acceptance_wait_time to retry. If
acceptance_wait_time_max is set then the Minion will increase its wait time by the acceptance_wait_time
each subsequent retry until reaching acceptance_wait_time_max.
Too many minions re-authing
This is most likely to happen in the testing phase of a Salt deployment, when all Minion keys have
already been accepted, but the framework is being tested and parameters are frequently changed in the
Salt Master's configuration file(s).
The Salt Master generates a new AES key to encrypt its publications at certain events such as a Master
restart or the removal of a Minion key. If you are encountering this problem of too many minions
re-authing against the Master, you will need to recalibrate your setup to reduce the rate of events like
a Master restart or Minion key removal (salt-key -d).
When the Master generates a new AES key, the minions aren't notified of this but will discover it on the
next pub job they receive. When the Minion receives such a job it will then re-auth with the Master.
Since Salt does minion-side filtering this means that all the minions will re-auth on the next command
published on the master-- causing another "thundering herd". This can be avoided by setting the
random_reauth_delay: 60
in the minions configuration file to a higher value and stagger the amount of re-auth attempts.
Increasing this value will of course increase the time it takes until all minions are reachable via Salt
commands.
Too many minions re-connecting
By default the zmq socket will re-connect every 100ms which for some larger installations may be too
quick. This will control how quickly the TCP session is re-established, but has no bearing on the auth
load.
To tune the minions sockets reconnect attempts, there are a few values in the sample configuration file
(default values)
recon_default: 1000
recon_max: 5000
recon_randomize: True
• recon_default: the default value the socket should use, i.e. 1000. This value is in milliseconds.
(1000ms = 1 second)
• recon_max: the max value that the socket should use as a delay before trying to reconnect This value is
in milliseconds. (5000ms = 5 seconds)
• recon_randomize: enables randomization between recon_default and recon_max
To tune this values to an existing environment, a few decision have to be made.
1. How long can one wait, before the minions should be online and reachable via Salt?
2. How many reconnects can the Master handle without a syn flood?
These questions can not be answered generally. Their answers depend on the hardware and the
administrators requirements.
Here is an example scenario with the goal, to have all minions reconnect within a 60 second time-frame on
a Salt Master service restart.
recon_default: 1000
recon_max: 59000
recon_randomize: True
Each Minion will have a randomized reconnect value between 'recon_default' and 'recon_default +
recon_max', which in this example means between 1000ms and 60000ms (or between 1 and 60 seconds). The
generated random-value will be doubled after each attempt to reconnect (ZeroMQ default behavior).
Lets say the generated random value is 11 seconds (or 11000ms).
reconnect 1: wait 11 seconds
reconnect 2: wait 22 seconds
reconnect 3: wait 33 seconds
reconnect 4: wait 44 seconds
reconnect 5: wait 55 seconds
reconnect 6: wait time is bigger than 60 seconds (recon_default + recon_max)
reconnect 7: wait 11 seconds
reconnect 8: wait 22 seconds
reconnect 9: wait 33 seconds
reconnect x: etc.
With a thousand minions this will mean
1000/60 = ~16
round about 16 connection attempts a second. These values should be altered to values that match your
environment. Keep in mind though, that it may grow over time and that more minions might raise the
problem again.
Too many minions returning at once
This can also happen during the testing phase, if all minions are addressed at once with
$ salt * disk.usage
it may cause thousands of minions trying to return their data to the Salt Master open port 4506. Also
causing a flood of syn-flood if the Master can't handle that many returns at once.
This can be easily avoided with Salt's batch mode:
$ salt * disk.usage -b 50
This will only address 50 minions at once while looping through all addressed minions.
Too few resources
The masters resources always have to match the environment. There is no way to give good advise without
knowing the environment the Master is supposed to run in. But here are some general tuning tips for
different situations:
The Master is CPU bound
Salt uses RSA-Key-Pairs on the masters and minions end. Both generate 4096 bit key-pairs on first start.
While the key-size for the Master is currently not configurable, the minions keysize can be configured
with different key-sizes. For example with a 2048 bit key:
keysize: 2048
With thousands of decryptions, the amount of time that can be saved on the masters end should not be
neglected. See here for reference: Pull Request 9235 how much influence the key-size can have.
Downsizing the Salt Master's key is not that important, because the minions do not encrypt as many
messages as the Master does.
In installations with large or with complex pillar files, it is possible for the master to exhibit poor
performance as a result of having to render many pillar files at once. This exhibit itself in a number of
ways, both as high load on the master and on minions which block on waiting for their pillar to be
delivered to them.
To reduce pillar rendering times, it is possible to cache pillars on the master. To do this, see the set
of master configuration options which are prefixed with pillar_cache.
NOTE:
Caching pillars on the master may introduce security considerations. Be certain to read caveats
outlined in the master configuration file to understand how pillar caching may affect a master's
ability to protect sensitive data!
The Master is disk IO bound
By default, the Master saves every Minion's return for every job in its job-cache. The cache can then be
used later, to lookup results for previous jobs. The default directory for this is:
cachedir: /var/cache/salt
and then in the /proc directory.
Each job return for every Minion is saved in a single file. Over time this directory can grow quite
large, depending on the number of published jobs. The amount of files and directories will scale with the
number of jobs published and the retention time defined by
keep_jobs: 24
250 jobs/day * 2000 minions returns = 500,000 files a day
If no job history is needed, the job cache can be disabled:
job_cache: False
If the job cache is necessary there are (currently) 2 options:
• ext_job_cache: this will have the minions store their return data directly into a returner (not sent
through the Master)
• master_job_cache (New in 2014.7.0): this will make the Master store the job data using a returner
(instead of the local job cache on disk).
If a master has many accepted keys, it may take a long time to publish a job because the master much
first determine the matching minions and deliver that information back to the waiting client before the
job can be published.
To mitigate this, a key cache may be enabled. This will reduce the load on the master to a single file
open instead of thousands or tens of thousands.
This cache is updated by the maintanence process, however, which means that minions with keys that are
accepted may not be targeted by the master for up to sixty seconds by default.
To enable the master key cache, set key_cache: 'sched' in the master configuration file.
Multi Master Tutorial
As of Salt 0.16.0, the ability to connect minions to multiple masters has been made available. The
multi-master system allows for redundancy of Salt masters and facilitates multiple points of
communication out to minions. When using a multi-master setup, all masters are running hot, and any
active master can be used to send commands out to the minions.
NOTE:
If you need failover capabilities with multiple masters, there is also a MultiMaster-PKI setup
available, that uses a different topology MultiMaster-PKI with Failover Tutorial
In 0.16.0, the masters do not share any information, keys need to be accepted on both masters, and shared
files need to be shared manually or use tools like the git fileserver backend to ensure that the
file_roots are kept consistent.
Beginning with Salt 2016.11.0, the Pluggable Minion Data Cache was introduced. The minion data cache
contains the Salt Mine data, minion grains, and minion pillar information cached on the Salt Master. By
default, Salt uses the localfs cache module, but other external data stores can be used instead.
Using a pluggable minion cache modules allows for the data stored on a Salt Master about Salt Minions to
be replicated on other Salt Masters the Minion is connected to. Please see the Minion Data Cache
documentation for more information and configuration examples.
Summary of Steps
1. Create a redundant master server
2. Copy primary master key to redundant master
3. Start redundant master
4. Configure minions to connect to redundant master
5. Restart minions
6. Accept keys on redundant master
Prepping a Redundant Master
The first task is to prepare the redundant master. If the redundant master is already running, stop it.
There is only one requirement when preparing a redundant master, which is that masters share the same
private key. When the first master was created, the master's identifying key pair was generated and
placed in the master's pki_dir. The default location of the master's key pair is /etc/salt/pki/master/.
Take the private key, master.pem, and copy it to the same location on the redundant master. Do the same
for the master's public key, master.pub. Assuming that no minions have yet been connected to the new
redundant master, it is safe to delete any existing key in this location and replace it.
NOTE:
There is no logical limit to the number of redundant masters that can be used.
Once the new key is in place, the redundant master can be safely started.
Configure Minions
Since minions need to be master-aware, the new master needs to be added to the minion configurations.
Simply update the minion configurations to list all connected masters:
master:
- saltmaster1.example.com
- saltmaster2.example.com
Now the minion can be safely restarted.
NOTE:
If the ipc_mode for the minion is set to TCP (default in Windows), then each minion in the
multi-minion setup (one per master) needs its own tcp_pub_port and tcp_pull_port.
If these settings are left as the default 4510/4511, each minion object will receive a port 2 higher
than the previous. Thus the first minion will get 4510/4511, the second will get 4512/4513, and so on.
If these port decisions are unacceptable, you must configure tcp_pub_port and tcp_pull_port with lists
of ports for each master. The length of these lists should match the number of masters, and there
should not be overlap in the lists.
Now the minions will check into the original master and also check into the new redundant master. Both
masters are first-class and have rights to the minions.
NOTE:
Minions can automatically detect failed masters and attempt to reconnect to reconnect to them quickly.
To enable this functionality, set master_alive_interval in the minion config and specify a number of
seconds to poll the masters for connection status.
If this option is not set, minions will still reconnect to failed masters but the first command sent
after a master comes back up may be lost while the minion authenticates.
Sharing Files Between Masters
Salt does not automatically share files between multiple masters. A number of files should be shared or
sharing of these files should be strongly considered.
Minion Keys
Minion keys can be accepted the normal way using salt-key on both masters. Keys accepted, deleted, or
rejected on one master will NOT be automatically managed on redundant masters; this needs to be taken
care of by running salt-key on both masters or sharing the
/etc/salt/pki/master/{minions,minions_pre,minions_rejected} directories between masters.
NOTE:
While sharing the /etc/salt/pki/master directory will work, it is strongly discouraged, since allowing
access to the master.pem key outside of Salt creates a SERIOUS security risk.
File_Roots
The file_roots contents should be kept consistent between masters. Otherwise state runs will not always
be consistent on minions since instructions managed by one master will not agree with other masters.
The recommended way to sync these is to use a fileserver backend like gitfs or to keep these files on
shared storage.
IMPORTANT:
If using gitfs/git_pillar with the cachedir shared between masters using GlusterFS, nfs, or another
network filesystem, and the masters are running Salt 2015.5.9 or later, it is strongly recommended not
to turn off gitfs_global_lock/git_pillar_global_lock as doing so will cause lock files to be removed
if they were created by a different master.
Pillar_Roots
Pillar roots should be given the same considerations as file_roots.
Master Configurations
While reasons may exist to maintain separate master configurations, it is wise to remember that each
master maintains independent control over minions. Therefore, access controls should be in sync between
masters unless a valid reason otherwise exists to keep them inconsistent.
These access control options include but are not limited to:
• external_auth
• publisher_acl
• peer
• peer_run
Multi-Master-PKI Tutorial With Failover
This tutorial will explain, how to run a salt-environment where a single minion can have multiple masters
and fail-over between them if its current master fails.
The individual steps are
• setup the master(s) to sign its auth-replies
• setup minion(s) to verify master-public-keys
• enable multiple masters on minion(s)
• enable master-check on minion(s)
Please note, that it is advised to have good knowledge of the salt- authentication and
communication-process to understand this tutorial. All of the settings described here, go on top of
the default authentication/communication process.
Motivation
The default behaviour of a salt-minion is to connect to a master and accept the masters public key. With
each publication, the master sends his public-key for the minion to check and if this public-key ever
changes, the minion complains and exits. Practically this means, that there can only be a single master
at any given time.
Would it not be much nicer, if the minion could have any number of masters (1:n) and jump to the next
master if its current master died because of a network or hardware failure?
NOTE:
There is also a MultiMaster-Tutorial with a different approach and topology than this one, that might
also suite your needs or might even be better suited Multi-Master Tutorial
It is also desirable, to add some sort of authenticity-check to the very first public key a minion
receives from a master. Currently a minions takes the first masters public key for granted.
The Goal
Setup the master to sign the public key it sends to the minions and enable the minions to verify this
signature for authenticity.
Prepping the master to sign its public key
For signing to work, both master and minion must have the signing and/or verification settings enabled.
If the master signs the public key but the minion does not verify it, the minion will complain and exit.
The same happens, when the master does not sign but the minion tries to verify.
The easiest way to have the master sign its public key is to set
master_sign_pubkey: True
After restarting the salt-master service, the master will automatically generate a new key-pair
master_sign.pem
master_sign.pub
A custom name can be set for the signing key-pair by setting
master_sign_key_name: <name_without_suffix>
The master will then generate that key-pair upon restart and use it for creating the public keys
signature attached to the auth-reply.
The computation is done for every auth-request of a minion. If many minions auth very often, it is
advised to use conf_master:master_pubkey_signature and conf_master:master_use_pubkey_signature settings
described below.
If multiple masters are in use and should sign their auth-replies, the signing key-pair master_sign.* has
to be copied to each master. Otherwise a minion will fail to verify the masters public when connecting to
a different master than it did initially. That is because the public keys signature was created with a
different signing key-pair.
Prepping the minion to verify received public keys
The minion must have the public key (and only that one!) available to be able to verify a signature it
receives. That public key (defaults to master_sign.pub) must be copied from the master to the minions
pki-directory.
/etc/salt/pki/minion/master_sign.pub
DO NOT COPY THE master_sign.pem FILE. IT MUST STAY ON THE MASTER AND
ONLY THERE!
When that is done, enable the signature checking in the minions configuration
verify_master_pubkey_sign: True
and restart the minion. For the first try, the minion should be run in manual debug mode.
salt-minion -l debug
Upon connecting to the master, the following lines should appear on the output:
[DEBUG ] Attempting to authenticate with the Salt Master at 172.16.0.10
[DEBUG ] Loaded minion key: /etc/salt/pki/minion/minion.pem
[DEBUG ] salt.crypt.verify_signature: Loading public key
[DEBUG ] salt.crypt.verify_signature: Verifying signature
[DEBUG ] Successfully verified signature of master public key with verification public key master_sign.pub
[INFO ] Received signed and verified master pubkey from master 172.16.0.10
[DEBUG ] Decrypting the current master AES key
If the signature verification fails, something went wrong and it will look like this
[DEBUG ] Attempting to authenticate with the Salt Master at 172.16.0.10
[DEBUG ] Loaded minion key: /etc/salt/pki/minion/minion.pem
[DEBUG ] salt.crypt.verify_signature: Loading public key
[DEBUG ] salt.crypt.verify_signature: Verifying signature
[DEBUG ] Failed to verify signature of public key
[CRITICAL] The Salt Master server's public key did not authenticate!
In a case like this, it should be checked, that the verification pubkey (master_sign.pub) on the minion
is the same as the one on the master.
Once the verification is successful, the minion can be started in daemon mode again.
For the paranoid among us, its also possible to verify the publication whenever it is received from the
master. That is, for every single auth-attempt which can be quite frequent. For example just the start of
the minion will force the signature to be checked 6 times for various things like auth, mine, highstate,
etc.
If that is desired, enable the setting
always_verify_signature: True
Multiple Masters For A Minion
Configuring multiple masters on a minion is done by specifying two settings:
• a list of masters addresses
• what type of master is defined
master:
- 172.16.0.10
- 172.16.0.11
- 172.16.0.12
master_type: failover
This tells the minion that all the master above are available for it to connect to. When started with
this configuration, it will try the master in the order they are defined. To randomize that order, set
master_shuffle: True
The master-list will then be shuffled before the first connection attempt.
The first master that accepts the minion, is used by the minion. If the master does not yet know the
minion, that counts as accepted and the minion stays on that master.
For the minion to be able to detect if its still connected to its current master enable the check for it
master_alive_interval: <seconds>
If the loss of the connection is detected, the minion will temporarily remove the failed master from the
list and try one of the other masters defined (again shuffled if that is enabled).
Testing the setup
At least two running masters are needed to test the failover setup.
Both masters should be running and the minion should be running on the command line in debug mode
salt-minion -l debug
The minion will connect to the first master from its master list
[DEBUG ] Attempting to authenticate with the Salt Master at 172.16.0.10
[DEBUG ] Loaded minion key: /etc/salt/pki/minion/minion.pem
[DEBUG ] salt.crypt.verify_signature: Loading public key
[DEBUG ] salt.crypt.verify_signature: Verifying signature
[DEBUG ] Successfully verified signature of master public key with verification public key master_sign.pub
[INFO ] Received signed and verified master pubkey from master 172.16.0.10
[DEBUG ] Decrypting the current master AES key
A test.ping on the master the minion is currently connected to should be run to test connectivity.
If successful, that master should be turned off. A firewall-rule denying the minions packets will also do
the trick.
Depending on the configured conf_minion:master_alive_interval, the minion will notice the loss of the
connection and log it to its logfile.
[INFO ] Connection to master 172.16.0.10 lost
[INFO ] Trying to tune in to next master from master-list
The minion will then remove the current master from the list and try connecting to the next master
[INFO ] Removing possibly failed master 172.16.0.10 from list of masters
[WARNING ] Master ip address changed from 172.16.0.10 to 172.16.0.11
[DEBUG ] Attempting to authenticate with the Salt Master at 172.16.0.11
If everything is configured correctly, the new masters public key will be verified successfully
[DEBUG ] Loaded minion key: /etc/salt/pki/minion/minion.pem
[DEBUG ] salt.crypt.verify_signature: Loading public key
[DEBUG ] salt.crypt.verify_signature: Verifying signature
[DEBUG ] Successfully verified signature of master public key with verification public key master_sign.pub
the authentication with the new master is successful
[INFO ] Received signed and verified master pubkey from master 172.16.0.11
[DEBUG ] Decrypting the current master AES key
[DEBUG ] Loaded minion key: /etc/salt/pki/minion/minion.pem
[INFO ] Authentication with master successful!
and the minion can be pinged again from its new master.
Performance Tuning
With the setup described above, the master computes a signature for every auth-request of a minion. With
many minions and many auth-requests, that can chew up quite a bit of CPU-Power.
To avoid that, the master can use a pre-created signature of its public-key. The signature is saved as a
base64 encoded string which the master reads once when starting and attaches only that string to
auth-replies.
Enabling this also gives paranoid users the possibility, to have the signing key-pair on a different
system than the actual salt-master and create the public keys signature there. Probably on a system with
more restrictive firewall rules, without internet access, less users, etc.
That signature can be created with
salt-key --gen-signature
This will create a default signature file in the master pki-directory
/etc/salt/pki/master/master_pubkey_signature
It is a simple text-file with the binary-signature converted to base64.
If no signing-pair is present yet, this will auto-create the signing pair and the signature file in one
call
salt-key --gen-signature --auto-create
Telling the master to use the pre-created signature is done with
master_use_pubkey_signature: True
That requires the file 'master_pubkey_signature' to be present in the masters pki-directory with the
correct signature.
If the signature file is named differently, its name can be set with
master_pubkey_signature: <filename>
With many masters and many public-keys (default and signing), it is advised to use the salt-masters
hostname for the signature-files name. Signatures can be easily confused because they do not provide any
information about the key the signature was created from.
Verifying that everything works is done the same way as above.
How the signing and verification works
The default key-pair of the salt-master is
/etc/salt/pki/master/master.pem
/etc/salt/pki/master/master.pub
To be able to create a signature of a message (in this case a public-key), another key-pair has to be
added to the setup. Its default name is:
master_sign.pem
master_sign.pub
The combination of the master.* and master_sign.* key-pairs give the possibility of generating
signatures. The signature of a given message is unique and can be verified, if the public-key of the
signing-key-pair is available to the recipient (the minion).
The signature of the masters public-key in master.pub is computed with
master_sign.pem
master.pub
M2Crypto.EVP.sign_update()
This results in a binary signature which is converted to base64 and attached to the auth-reply send to
the minion.
With the signing-pairs public-key available to the minion, the attached signature can be verified with
master_sign.pub
master.pub
M2Cryptos EVP.verify_update().
When running multiple masters, either the signing key-pair has to be present on all of them, or the
master_pubkey_signature has to be pre-computed for each master individually (because they all have
different public-keys).
DO NOT PUT THE SAME master.pub ON ALL MASTERS FOR EASE OF USE.
MINION DATA CACHE
New in version 2016.11.0.
The Minion data cache contains the Salt Mine data, minion grains and minion pillar information cached on
the Salt Master. By default, Salt uses the localfs cache module to save the data in a msgpack file on the
Salt Master.
Pluggable Data Cache
While the default Minion data cache is the localfs cache, other external data stores can also be used to
store this data such as the consul module. To configure a Salt Master to use a different data store, the
cache setting needs to be established:
cache: consul
The pluggable data cache streamlines using various Salt topologies such as a Multi-Master or Salt Syndics
configuration by allowing the data stored on the Salt Master about a Salt Minion to be available to other
Salt Syndics or Salt Masters that a Salt Minion is connected to.
Additional minion data cache modules can be easily created by modeling the custom data store after one of
the existing cache modules.
See cache modules for a current list.
Configuring the Minion Data Cache
The default localfs Minion data cache module doesn't require any configuration. External data cache
modules with external data stores such as Consul require a configuration setting in the master config.
Here's an example config for Consul:
consul.host: 127.0.0.1
consul.port: 8500
consul.token: None
consul.scheme: http
consul.consistency: default
consul.dc: dc1
consul.verify: True
cache: consul
WINDOWS
This section contains details on the Windows Package Manager, and specific information you need to use
Salt on Windows.
Windows Software Repository
NOTE:
In 2015.8.0 and later, the Windows Software Repository cache is compiled on the Salt Minion, which
enables pillar, grains and other things to be available during compilation time. To support this new
functionality, a next-generation (ng) package repository was created. See the Changes in Version
2015.8.0 for details.
The SaltStack Windows Software Repository provides a package manager and software repository similar to
what is provided by yum and apt on Linux. This repository enables the installation of software using the
installers on remote Windows systems.
In many senses, the operation is similar to that of the other package managers salt is aware of:
• the pkg.installed and similar states work on Windows.
• the pkg.install and similar module functions work on Windows.
High level differences to yum and apt are:
• The repository metadata (SLS files) is hosted through either salt or git.
• Packages can be downloaded from within the salt repository, a git repository or from http(s) or ftp
urls.
• No dependencies are managed. Dependencies between packages needs to be managed manually.
Requirements:
• GitPython 0.3 or later, or pygit2 0.20.3 with libgit 0.20.0 or later installed on your Salt master. The
Windows package definitions are downloaded and updated using Git.
Configuration
Populate the Repository
The SLS files used to install Windows packages are not distributed by default with Salt. Run the
following command to initialize the repository on your Salt master:
salt-run winrepo.update_git_repos
Sync Repo to Windows Minions
Run pkg.refresh_db on each of your Windows minions to synchronize the package repository.
salt -G 'os:windows' pkg.refresh_db
Install Windows Software
After completing the configuration steps, you are ready to manage software on your Windows minions.
Show Installed Packages
salt -G 'os:windows' pkg.list_pkgs
Install a Package
You can query the available version of a package using the Salt pkg module.
salt winminion pkg.list_available firefox
winminion:
- 15.0.1
- 16.0.2
- 17.0.1
As you can see, there are three versions of Firefox available for installation. You can refer a software
package by its name or its full_name surround by single quotes.
salt winminion pkg.install 'firefox'
The above line will install the latest version of Firefox.
salt winminion pkg.install 'firefox' version=16.0.2
The above line will install version 16.0.2 of Firefox.
If a different version of the package is already installed it will be replaced with the version in the
winrepo (only if the package itself supports live updating).
You can also specify the full name:
salt winminion pkg.install 'Mozilla Firefox 17.0.1 (x86 en-US)'
Uninstall Windows Software
Uninstall software using the pkg module:
salt winminion pkg.remove firefox
salt winminion pkg.purge firefox
NOTE:
pkg.purge just executes pkg.remove on Windows. At some point in the future pkg.purge may direct the
installer to remove all configs and settings for software packages that support that option.
Repository Location
Salt maintains a repository of SLS files to install a large number of Windows packages:
• 2015.8.0 and later minions: https://github.com/saltstack/salt-winrepo-ng
• Earlier releases: https://github.com/saltstack/salt-winrepo
By default, these repositories are mirrored to /srv/salt/win/repo-ng and /srv/salt/win/repo.
This location can be changed in the master config file by setting the winrepo_dir_ng and winrepo_dir
options.
Maintaining Windows Repo Definitions in Git Repositories
Windows software package definitions can be hosted in one or more Git repositories. The default
repositories are hosted on GitHub by SaltStack. These include software definition files for various open
source software projects. These software definition files are .sls files. There are two default
repositories: salt-winrepo and salt-winrepo-ng. salt-winrepo contains software definition files for older
minions (older than 2015.8.0). salt-winrepo-ng is for newer minions (2015.8.0 and newer).
Each software definition file contains all the information salt needs to install that software on a
minion including the HTTP or FTP locations of the installer files, required command-line switches for
silent install, etc. Anyone is welcome to send a pull request to this repo to add new package
definitions. The repos can be browsed here: salt-winrepo salt-winrepo-ng
NOTE:
The newer software definition files are run through the salt's parser which allows for the use of
jinja.
Configure which git repositories the master can search for package definitions by modifying or extending
the winrepo_remotes and winrepo_remotes_ng options.
IMPORTANT:
winrepo_remotes was called win_gitrepos in Salt versions earlier than 2015.8.0
Package definitions are pulled down from the online repository by running the winrepo.update_git_repos
runner. This command is run on the master:
salt-run winrepo.update_git_repos
This will pull down the software definition files for older minions (salt-winrepo) and new minions
(salt-winrepo-ng). They are stored in the file_roots under win/repo/salt-winrepo and
win/repo-ng/salt-winrepo-ng respectively.
IMPORTANT:
If you have customized software definition files that aren't maintained in a repository, those should
be stored under win/repo for older minions and win/repo-ng for newer minions. The reason for this is
that the contents of win/repo/salt-winrepo and win/repo-ng/salt-winrepo-ng are wiped out every time
you run a winrepo.update_git_repos.
Additionally, when you run winrepo.genrepo and pkg.refresh_db the entire contents under win/repo and
win/repo-ng, to include all subdirectories, are used to create the msgpack file.
The next step (if you have older minions) is to create the msgpack file for the repo (winrepo.p). This is
done by running the winrepo.genrepo runner. This is also run on the master:
salt-run winrepo.genrepo
NOTE:
If you have only 2015.8.0 and newer minions, you no longer need to run salt-run winrepo.genrepo on the
master.
Finally, you need to refresh the minion database by running the pkg.refresh_db command. This is run on
the master as well:
salt '*' pkg.refresh_db
On older minions (older than 2015.8.0) this will copy the winrepo.p file down to the minion. On newer
minions (2015.8.0 and newer) this will copy all the software definition files (.sls) down to the minion
and then create the msgpack file (winrepo.p) locally. The reason this is done locally is because the
jinja needs to be parsed using the minion's grains.
IMPORTANT:
Every time you modify the software definition files on the master, either by running salt-run
winrepo.update_git_repos, modifying existing files, or by creating your own, you need to refresh the
database on your minions. For older minions, that means running salt-run winrepo.genrepo and then salt
'*' pkg.refresh_db. For newer minions (2015.8.0 and newer) it is just salt '*' pkg.refresh_db.
NOTE:
If the winrepo.genrepo or the pkg.refresh_db fails, it is likely a problem with the jinja in one of
the software definition files. This will cause the operations to stop. You'll need to fix the syntax
in order for the msgpack file to be created successfully.
To disable one of the repos, set it to an empty list [] in the master config. For example, to disable
winrepo_remotes set the following in the master config file:
winrepo_remotes: []
Creating a Package Definition SLS File
The package definition file is a yaml file that contains all the information needed to install a piece of
software using salt. It defines information about the package to include version, full name, flags
required for the installer and uninstaller, whether or not to use the windows task scheduler to install
the package, where to find the installation package, etc.
Take a look at this example for Firefox:
firefox:
'17.0.1':
installer: 'salt://win/repo/firefox/English/Firefox Setup 17.0.1.exe'
full_name: Mozilla Firefox 17.0.1 (x86 en-US)
locale: en_US
reboot: False
install_flags: '-ms'
uninstaller: '%ProgramFiles(x86)%/Mozilla Firefox/uninstall/helper.exe'
uninstall_flags: '/S'
'16.0.2':
installer: 'salt://win/repo/firefox/English/Firefox Setup 16.0.2.exe'
full_name: Mozilla Firefox 16.0.2 (x86 en-US)
locale: en_US
reboot: False
install_flags: '-ms'
uninstaller: '%ProgramFiles(x86)%/Mozilla Firefox/uninstall/helper.exe'
uninstall_flags: '/S'
'15.0.1':
installer: 'salt://win/repo/firefox/English/Firefox Setup 15.0.1.exe'
full_name: Mozilla Firefox 15.0.1 (x86 en-US)
locale: en_US
reboot: False
install_flags: '-ms'
uninstaller: '%ProgramFiles(x86)%/Mozilla Firefox/uninstall/helper.exe'
uninstall_flags: '/S'
Each software definition file begins with a package name for the software. As in the example above
firefox. The next line is indented two spaces and contains the version to be defined. As in the example
above, a software definition file can define multiple versions for the same piece of software. The lines
following the version are indented two more spaces and contain all the information needed to install that
package.
WARNING:
The package name and the full_name must be unique to all other packages in the software repository.
The version line is the version for the package to be installed. It is used when you need to install a
specific version of a piece of software.
WARNING:
The version must be enclosed in quotes, otherwise the yaml parser will remove trailing zeros.
NOTE:
There are unique situations where previous versions are unavailable. Take Google Chrome for example.
There is only one url provided for a standalone installation of Google Chrome. (‐
https://dl.google.com/edgedl/chrome/install/GoogleChromeStandaloneEnterprise.msi) When a new version
is released, the url just points to the new version. To handle situations such as these, set the
version to latest. Salt will install the version of Chrome at the URL and report that version. Here's
an example:
chrome:
latest:
full_name: 'Google Chrome'
installer: 'https://dl.google.com/edgedl/chrome/install/GoogleChromeStandaloneEnterprise.msi'
install_flags: '/qn /norestart'
uninstaller: 'https://dl.google.com/edgedl/chrome/install/GoogleChromeStandaloneEnterprise.msi'
uninstall_flags: '/qn /norestart'
msiexec: True
locale: en_US
reboot: False
Available parameters are as follows:
param str full_name
The Full Name for the software as shown in "Programs and Features" in the control panel. You can
also get this information by installing the package manually and then running pkg.list_pkgs.
Here's an example of the output from pkg.list_pkgs:
salt 'test-2008' pkg.list_pkgs
test-2008
----------
7-Zip 9.20 (x64 edition):
9.20.00.0
Microsoft .NET Framework 4 Client Profile:
4.0.30319,4.0.30319
Microsoft .NET Framework 4 Extended:
4.0.30319,4.0.30319
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022:
9.0.21022
Mozilla Firefox 17.0.1 (x86 en-US):
17.0.1
Mozilla Maintenance Service:
17.0.1
NSClient++ (x64):
0.3.8.76
Notepad++:
6.4.2
Salt Minion 0.16.0:
0.16.0
Notice the Full Name for Firefox: Mozilla Firefox 17.0.0 (x86 en-US). That's exactly what's in the
full_name parameter in the software definition file.
If any of the software insalled on the machine matches one of the software definition files in the
repository the full_name will be automatically renamed to the package name. The example below shows the
pkg.list_pkgs for a machine that already has Mozilla Firefox 17.0.1 installed.
test-2008:
----------
7zip:
9.20.00.0
Microsoft .NET Framework 4 Client Profile:
4.0.30319,4.0.30319
Microsoft .NET Framework 4 Extended:
4.0.30319,4.0.30319
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022:
9.0.21022
Mozilla Maintenance Service:
17.0.1
Notepad++:
6.4.2
Salt Minion 0.16.0:
0.16.0
firefox:
17.0.1
nsclient:
0.3.9.328
IMPORTANT:
The version number and full_name need to match the output from pkg.list_pkgs so that the status can be
verified when running highstate.
NOTE:
It is still possible to successfully install packages using pkg.install even if they don't match. This
can make troubleshooting difficult so be careful.
param str installer
The path to the .exe or .msi to use to install the package. This can be a path or a URL. If it is
a URL or a salt path (salt://), the package will be cached locally and then executed. If it is a
path to a file on disk or a file share, it will be executed directly.
param str install_flags
Any flags that need to be passed to the installer to make it perform a silent install. These can
often be found by adding /? or /h when running the installer from the command-line. A great
resource for finding these silent install flags can be found on the WPKG project's wiki:
Salt will not return if the installer is waiting for user input so these are important.
param str uninstaller
The path to the program used to uninstall this software. This can be the path to the same exe or
msi used to install the software. It can also be a GUID. You can find this value in the registry
under the following keys:
• Software\Microsoft\Windows\CurrentVersion\Uninstall
• Software\Wow6432None\Microsoft\Windows\CurrentVersion\Uninstall
param str uninstall_flags
Any flags that need to be passed to the uninstaller to make it perform a silent uninstall. These
can often be found by adding /? or /h when running the uninstaller from the command-line. A great
resource for finding these silent install flags can be found on the WPKG project's wiki:
Salt will not return if the uninstaller is waiting for user input so these are important.
Here are some examples of installer and uninstaller settings:
7zip:
'9.20.00.0':
installer: salt://win/repo/7zip/7z920-x64.msi
full_name: 7-Zip 9.20 (x64 edition)
reboot: False
install_flags: '/qn /norestart'
msiexec: True
uninstaller: '{23170F69-40C1-2702-0920-000001000000}'
uninstall_flags: '/qn /norestart'
Alternatively the uninstaller can also simply repeat the URL of the msi file.
7zip:
'9.20.00.0':
installer: salt://win/repo/7zip/7z920-x64.msi
full_name: 7-Zip 9.20 (x64 edition)
reboot: False
install_flags: '/qn /norestart'
msiexec: True
uninstaller: salt://win/repo/7zip/7z920-x64.msi
uninstall_flags: '/qn /norestart'
param msiexec
This tells salt to use msiexec /i to install the package and msiexec /x to uninstall. This is for
.msi installations. Possible options are: True, False or path to msiexec on your system
7zip:
'9.20.00.0':
installer: salt://win/repo/7zip/7z920-x64.msi full_name: 7-Zip 9.20 (x64 edition)
reboot: False install_flags: '/qn /norestart' msiexec:
'C:WindowsSystem32msiexec.exe' uninstaller: salt://win/repo/7zip/7z920-x64.msi
uninstall_flags: '/qn /norestart'
param str arch
This selects which msiexec.exe to use. Possible values: x86, x64
param bool allusers
This parameter is specific to .msi installations. It tells msiexec to install the software for all
users. The default is True.
param bool cache_dir
If true when installer URL begins with salt://, the entire directory where the installer resides
will be recursively cached. This is useful for installers that depend on other files in the same
directory for installation.
param str cache_file
When installer URL begins with salt://, this indicates single file to copy down for use with the
installer. Copied to the same location as the installer. Use this over cache_dir if there are many
files in the directory and you only need a specific file and don't want to cache additional files
that may reside in the installer directory.
Here's an example for a software package that has dependent files:
sqlexpress:
'12.0.2000.8':
installer: 'salt://win/repo/sqlexpress/setup.exe'
full_name: Microsoft SQL Server 2014 Setup (English)
reboot: False
install_flags: '/ACTION=install /IACCEPTSQLSERVERLICENSETERMS /Q'
cache_dir: True
param bool use_scheduler
If true, windows will use the task scheduler to run the installation. This is useful for running
the salt installation itself as the installation process kills any currently running instances of
salt.
param str source_hash
This tells salt to compare a hash sum of the installer
to the provided hash sum before execution. The value can be formatted as hash_algorithm=hash_sum, or it
can be a URI to a file containing the hash sum. For a list of supported algorithms, see the hashlib
documentation.
Here's an example of source_hash usage:
messageanalyzer:
'4.0.7551.0':
full_name: 'Microsoft Message Analyzer'
installer: 'salt://win/repo/messageanalyzer/MessageAnalyzer64.msi'
install_flags: '/quiet /norestart'
uninstaller: '{1CC02C23-8FCD-487E-860C-311EC0A0C933}'
uninstall_flags: '/quiet /norestart'
msiexec: True
source_hash: 'sha1=62875ff451f13b10a8ff988f2943e76a4735d3d4'
param bool reboot
Not implemented
param str local
Not implemented
Examples can be found at https://github.com/saltstack/salt-winrepo-ng
Managing Windows Software on a Standalone Windows Minion
The Windows Package Repository functions similar in a standalone environment, with a few differences in
the configuration.
To replace the winrepo runner that is used on the Salt master, an execution module exists to provide the
same functionality to standalone minions. The functions are named the same as the ones in the runner, and
are used in the same way; the only difference is that salt-call is used instead of salt-run:
salt-call winrepo.update_git_repos
salt-call winrepo.genrepo
salt-call pkg.refresh_db
After executing the previous commands the repository on the standalone system is ready to use.
Custom Location for Repository SLS Files
If file_roots has not been modified in the minion configuration, then no additional configuration needs
to be added to the minion configuration. The winrepo.genrepo function from the winrepo execution module
will by default look for the filename specified by winrepo_cachefile within C:\salt\srv\salt\win\repo.
If the file_roots parameter has been modified, then winrepo_dir must be modified to fall within that
path, at the proper relative path. For example, if the base environment in file_roots points to D:\foo,
and winrepo_source_dir is salt://win/repo, then winrepo_dir must be set to D:\foo\win\repo to ensure that
winrepo.genrepo puts the cachefile into right location.
Config Options for Minions 2015.8.0 and Later
The winrepo_source_dir config parameter (default: salt://win/repo) controls where pkg.refresh_db looks
for the cachefile (default: winrepo.p). This means that the default location for the winrepo cachefile
would be salt://win/repo/winrepo.p. Both winrepo_source_dir and winrepo_cachefile can be adjusted to
match the actual location of this file on the Salt fileserver.
Config Options for Minions Before 2015.8.0
If connected to a master, the minion will by default look for the winrepo cachefile (the file generated
by the winrepo.genrepo runner) at salt://win/repo/winrepo.p. If the cachefile is in a different path on
the salt fileserver, then win_repo_cachefile will need to be updated to reflect the proper location.
Changes in Version 2015.8.0
Git repository management for the Windows Software Repository has changed in version 2015.8.0, and
several master/minion config parameters have been renamed to make their naming more consistent with each
other.
For a list of the winrepo config options, see here for master config options, and here for configuration
options for masterless Windows minions.
On the master, the winrepo.update_git_repos runner has been updated to use either pygit2 or GitPython to
checkout the git repositories containing repo data. If pygit2 or GitPython is installed, existing winrepo
git checkouts should be removed after upgrading to 2015.8.0, to allow them to be checked out again by
running winrepo.update_git_repos.
If neither GitPython nor pygit2 are installed, then Salt will fall back to the pre-existing behavior for
winrepo.update_git_repos, and a warning will be logged in the master log.
NOTE:
Standalone Windows minions do not support the new GitPython/pygit2 functionality, and will instead use
the git.latest state to keep repositories up-to-date. More information on how to use the Windows
Software Repo on a standalone minion can be found here.
Config Parameters Renamed
Many of the legacy winrepo configuration parameters have changed in version 2015.8.0 to make the naming
more consistent. The old parameter names will still work, but a warning will be logged indicating that
the old name is deprecated.
Below are the parameters which have changed for version 2015.8.0:
Master Config
┌──────────────────────────┬───────────────────┐
│ Old Name │ New Name │
├──────────────────────────┼───────────────────┤
│ win_repo │ winrepo_dir │
├──────────────────────────┼───────────────────┤
│ win_repo_mastercachefile │ winrepo_cachefile │
├──────────────────────────┼───────────────────┤
│ win_gitrepos │ winrepo_remotes │
└──────────────────────────┴───────────────────┘
NOTE:
winrepo_cachefile is no longer used by 2015.8.0 and later minions, and the winrepo_dir setting is
replaced by winrepo_dir_ng for 2015.8.0 and later minions.
See here for detailed information on all master config options for the Windows Repo.
Minion Config
┌────────────────────┬───────────────────┐
│ Old Name │ New Name │
├────────────────────┼───────────────────┤
│ win_repo │ winrepo_dir │
├────────────────────┼───────────────────┤
│ win_repo_cachefile │ winrepo_cachefile │
├────────────────────┼───────────────────┤
│ win_gitrepos │ winrepo_remotes │
└────────────────────┴───────────────────┘
See here for detailed information on all minion config options for the Windows Repo.
pygit2/GitPython Support for Maintaining Git Repos
The winrepo.update_git_repos runner (and the corresponding remote execution function for standalone
minions) now makes use of the same underlying code used by the Git Fileserver Backend and Git External
Pillar to maintain and update its local clones of git repositories. If a compatible version of either
pygit2 (0.20.3 and later) or GitPython (0.3.0 or later) is installed, then Salt will use it instead of
the old method (which invokes the git.latest state).
NOTE:
If compatible versions of both pygit2 and GitPython are installed, then Salt will prefer pygit2, to
override this behavior use the winrepo_provider configuration parameter:
winrepo_provider: gitpython
The winrepo execution module (discussed above in the Managing Windows Software on a Standalone Windows
Minion section) does not yet officially support the new pygit2/GitPython functionality, but if either
pygit2 or GitPython is installed into Salt's bundled Python then it should work. However, it should be
considered experimental at this time.
To minimize potential issues, it is a good idea to remove any winrepo git repositories that were checked
out by the old (pre-2015.8.0) winrepo code when upgrading the master to 2015.8.0 or later, and run
winrepo.update_git_repos to clone them anew after the master is started.
Additional added features include the ability to access authenticated git repositories (NOTE: pygit2
only), and to set per-remote config settings. An example of this would be the following:
winrepo_remotes:
- https://github.com/saltstack/salt-winrepo.git
- git@github.com:myuser/myrepo.git:
- pubkey: /path/to/key.pub
- privkey: /path/to/key
- passphrase: myaw3s0m3pa$$phr4$3
- https://github.com/myuser/privaterepo.git:
- user: mygithubuser
- password: CorrectHorseBatteryStaple
NOTE:
Per-remote configuration settings work in the same fashion as they do in gitfs, with global parameters
being overridden by their per-remote counterparts (for instance, setting winrepo_passphrase would set
a global passphrase for winrepo that would apply to all SSH-based remotes, unless overridden by a
passphrase per-remote parameter).
See here for more a more in-depth explanation of how per-remote configuration works in gitfs, the same
principles apply to winrepo.
There are a couple other changes in how Salt manages git repos using pygit2/GitPython. First of all, a
clean argument has been added to the winrepo.update_git_repos runner, which (if set to True) will tell
the runner to dispose of directories under the winrepo_dir which are not explicitly configured. This
prevents the need to manually remove these directories when a repo is removed from the config file. To
clean these old directories, just pass clean=True, like so:
salt-run winrepo.update_git_repos clean=True
However, if a mix of git and non-git Windows Repo definition files are being used, then this should not
be used, as it will remove the directories containing non-git definitions.
The other major change is that collisions between repo names are now detected, and the
winrepo.update_git_repos runner will not proceed if any are detected. Consider the following
configuration:
winrepo_remotes:
- https://foo.com/bar/baz.git
- https://mydomain.tld/baz.git
- https://github.com/foobar/baz
The winrepo.update_git_repos runner will refuse to update repos here, as all three of these repos would
be checked out to the same directory. To work around this, a per-remote parameter called name can be used
to resolve these conflicts:
winrepo_remotes:
- https://foo.com/bar/baz.git
- https://mydomain.tld/baz.git:
- name: baz_junior
- https://github.com/foobar/baz:
- name: baz_the_third
Troubleshooting
Incorrect name/version
If the package seems to install properly, but salt reports a failure then it is likely you have a version
or full_name mismatch.
Check the exact full_name and version used by the package. Use pkg.list_pkgs to check that the names and
version exactly match what is installed.
Changes to sls files not being picked up
Ensure you have (re)generated the repository cache file (for older minions) and then updated the
repository cache on the relevant minions:
salt-run winrepo.genrepo
salt winminion pkg.refresh_db
Packages management under Windows 2003
On Windows server 2003, you need to install optional Windows component "wmi windows installer provider"
to have full list of installed packages. If you don't have this, salt-minion can't report some installed
software.
How Success and Failure are Reported
The install state/module function of the Windows package manager works roughly as follows:
1. Execute pkg.list_pkgs and store the result
2. Check if any action needs to be taken. (i.e. compare required package and version against
pkg.list_pkgs results)
3. If so, run the installer command.
4. Execute pkg.list_pkgs and compare to the result stored from before installation.
5. Success/Failure/Changes will be reported based on the differences between the original and final
pkg.list_pkgs results.
If there are any problems in using the package manager it is likely due to the data in your sls files not
matching the difference between the pre and post pkg.list_pkgs results.
Windows-specific Behaviour
Salt is capable of managing Windows systems, however due to various differences between the operating
systems, there are some things you need to keep in mind.
This document will contain any quirks that apply across Salt or generally across multiple module
functions. Any Windows-specific behavior for particular module functions will be documented in the module
function documentation. Therefore this document should be read in conjunction with the module function
documentation.
Group parameter for files
Salt was originally written for managing Unix-based systems, and therefore the file module functions were
designed around that security model. Rather than trying to shoehorn that model on to Windows, Salt
ignores these parameters and makes non-applicable module functions unavailable instead.
One of the commonly ignored parameters is the group parameter for managing files. Under Windows, while
files do have a 'primary group' property, this is rarely used. It generally has no bearing on
permissions unless intentionally configured and is most commonly used to provide Unix compatibility (e.g.
Services For Unix, NFS services).
Because of this, any file module functions that typically require a group, do not under Windows. Attempts
to directly use file module functions that operate on the group (e.g. file.chgrp) will return a
pseudo-value and cause a log message to appear. No group parameters will be acted on.
If you do want to access and change the 'primary group' property and understand the implications, use the
file.get_pgid or file.get_pgroup functions or the pgroup parameter on the file.chown module function.
Dealing with case-insensitive but case-preserving names
Windows is case-insensitive, but however preserves the case of names and it is this preserved form that
is returned from system functions. This causes some issues with Salt because it assumes case-sensitive
names. These issues generally occur in the state functions and can cause bizarre looking errors.
To avoid such issues, always pretend Windows is case-sensitive and use the right case for names, e.g.
specify user=Administrator instead of user=administrator.
Follow issue 11801 for any changes to this behavior.
Dealing with various username forms
Salt does not understand the various forms that Windows usernames can come in, e.g. username,
mydomain\username, username@mydomain.tld can all refer to the same user. In fact, Salt generally only
considers the raw username value, i.e. the username without the domain or host information.
Using these alternative forms will likely confuse Salt and cause odd errors to happen. Use only the raw
username value in the correct case to avoid problems.
Follow issue 11801 for any changes to this behavior.
Specifying the None group
Each Windows system has built-in _None_ group. This is the default 'primary group' for files for users
not on a domain environment.
Unfortunately, the word _None_ has special meaning in Python - it is a special value indicating
'nothing', similar to null or nil in other languages.
To specify the None group, it must be specified in quotes, e.g. ./salt '*' file.chpgrp C:\path\to\file
"'None'".
Symbolic link loops
Under Windows, if any symbolic link loops are detected or if there are too many levels of symlinks
(defaults to 64), an error is always raised.
For some functions, this behavior is different to the behavior on Unix platforms. In general, avoid
symlink loops on either platform.
DEVELOPING SALT
Overview
In its most typical use, Salt is a software application in which clients, called "minions" can be
commanded and controlled from a central command server called a "master".
Commands are normally issued to the minions (via the master) by calling a client script simply called,
'salt'.
Salt features a pluggable transport system to issue commands from a master to minions. The default
transport is ZeroMQ.
Salt Client
Overview
The salt client is run on the same machine as the Salt Master and communicates with the salt-master to
issue commands and to receive the results and display them to the user.
The primary abstraction for the salt client is called 'LocalClient'.
When LocalClient wants to publish a command to minions, it connects to the master by issuing a request to
the master's ReqServer (TCP: 4506)
The LocalClient system listens to responses for its requests by listening to the master event bus
publisher (master_event_pub.ipc).
Salt Master
Overview
The salt-master daemon runs on the designated Salt master and performs functions such as authenticating
minions, sending, and receiving requests from connected minions and sending and receiving requests and
replies to the 'salt' CLI.
Moving Pieces
When a Salt master starts up, a number of processes are started, all of which are called 'salt-master' in
a process-list but have various role categories.
Among those categories are:
• Publisher
• EventPublisher
• MWorker
Publisher
The Publisher process is responsible for sending commands over the designated transport to connected
minions. The Publisher is bound to the following:
• TCP: port 4505
• IPC: publish_pull.ipc
Each salt minion establishes a connection to the master Publisher.
EventPublisher
The EventPublisher publishes events onto the event bus. It is bound to the following:
• IPC: master_event_pull.ipc
• IPC: master_event_pub.ipc
MWorker
Worker processes manage the back-end operations for the Salt Master.
The number of workers is equivalent to the number of 'worker_threads' specified in the master
configuration and is always at least one.
Workers are bound to the following:
• IPC: workers.ipc
ReqServer
The Salt request server takes requests and distributes them to available MWorker processes for
processing. It also receives replies back from minions.
The ReqServer is bound to the following:
• TCP: 4506
• IPC: workers.ipc
Each salt minion establishes a connection to the master ReqServer.
Job Flow
The Salt master works by always publishing commands to all connected minions and the minions decide if
the command is meant for them by checking themselves against the command target.
The typical lifecycle of a salt job from the perspective of the master might be as follows:
1. A command is issued on the CLI. For example, 'salt my_minion test.ping'.
2) The 'salt' command uses LocalClient to generate a request to the salt master by connecting to the
ReqServer on TCP:4506 and issuing the job.
3) The salt-master ReqServer sees the request and passes it to an available MWorker over workers.ipc.
4) A worker picks up the request and handles it. First, it checks to ensure that the requested user has
permissions to issue the command. Then, it sends the publish command to all connected minions. For the
curious, this happens in ClearFuncs.publish().
5) The worker announces on the master event bus that it is about to publish a job to connected minions.
This happens by placing the event on the master event bus (master_event_pull.ipc) where the
EventPublisher picks it up and distributes it to all connected event listeners on master_event_pub.ipc.
6) The message to the minions is encrypted and sent to the Publisher via IPC on publish_pull.ipc.
7) Connected minions have a TCP session established with the Publisher on TCP port 4505 where they await
commands. When the Publisher receives the job over publish_pull, it sends the jobs across the wire to the
minions for processing.
8) After the minions receive the request, they decrypt it and perform any requested work, if they
determine that they are targeted to do so.
9) When the minion is ready to respond, it publishes the result of its job back to the master by sending
the encrypted result back to the master on TCP 4506 where it is again picked up by the ReqServer and
forwarded to an available MWorker for processing. (Again, this happens by passing this message across
workers.ipc to an available worker.)
10) When the MWorker receives the job it decrypts it and fires an event onto the master event bus
(master_event_pull.ipc). (Again for the curious, this happens in AESFuncs._return().
11) The EventPublisher sees this event and re-publishes it on the bus to all connected listeners of the
master event bus (on master_event_pub.ipc). This is where the LocalClient has been waiting, listening to
the event bus for minion replies. It gathers the job and stores the result.
12) When all targeted minions have replied or the timeout has been exceeded, the salt client displays the
results of the job to the user on the CLI.
Salt Minion
Overview
The salt-minion is a single process that sits on machines to be managed by Salt. It can either operate as
a stand-alone daemon which accepts commands locally via 'salt-call' or it can connect back to a master
and receive commands remotely.
When starting up, salt minions connect _back_ to a master defined in the minion config file. The connect
to two ports on the master:
•
TCP: 4505
This is the connection to the master Publisher. It is on this port that the minion receives
jobs from the master.
•
TCP: 4506
This is the connection to the master ReqServer. It is on this port that the minion sends job
results back to the master.
Event System
Similar to the master, a salt-minion has its own event system that operates over IPC by default. The
minion event system operates on a push/pull system with IPC files at minion_event_<unique_id>_pub.ipc and
minion_event_<unique_id>_pull.ipc.
The astute reader might ask why have an event bus at all with a single-process daemon. The answer is that
the salt-minion may fork other processes as required to do the work without blocking the main salt-minion
process and this necessitates a mechanism by which those processes can communicate with each other.
Secondarily, this provides a bus by which any user with sufficient permissions can read or write to the
bus as a common interface with the salt minion.
Job Flow
When a salt minion starts up, it attempts to connect to the Publisher and the ReqServer on the salt
master. It then attempts to authenticate and once the minion has successfully authenticated, it simply
listens for jobs.
Jobs normally come either come from the 'salt-call' script run by a local user on the salt minion or they
can come directly from a master.
Master Job Flow
1) A master publishes a job that is received by a minion as outlined by the master's job flow above.
2) The minion is polling its receive socket that's connected to the master Publisher (TCP 4505 on
master). When it detects an incoming message, it picks it up from the socket and decrypts it.
3) A new minion process or thread is created and provided with the contents of the decrypted message. The
_thread_return() method is provided with the contents of the received message.
4) The new minion thread is created. The _thread_return() function starts up and actually calls out to
the requested function contained in the job.
5. The requested function runs and returns a result. [Still in thread.]
6) The result of the function that's run is encrypted and returned to the master's ReqServer (TCP 4506 on
master). [Still in thread.]
7) Thread exits. Because the main thread was only blocked for the time that it took to initialize the
worker thread, many other requests could have been received and processed during this time.
A Note on ClearFuncs vs. AESFuncs
A common source of confusion is determining when messages are passed in the clear and when they are
passed using encryption. There are two rules governing this behaviour:
1) ClearFuncs is used for intra-master communication and during the initial authentication handshake
between a minion and master during the key exhange.
2. AESFuncs is used everywhere else.
Contributing
There is a great need for contributions to Salt and patches are welcome! The goal here is to make
contributions clear, make sure there is a trail for where the code has come from, and most importantly,
to give credit where credit is due!
There are a number of ways to contribute to Salt development.
For details on how to contribute documentation improvements please review Writing Salt Documentation.
Salt Coding Style
SaltStack has its own coding style guide that informs contributors on various coding approaches. Please
review the Salt Coding Style documentation for information about Salt's particular coding patterns.
Within the Salt Coding Style documentation, there is a section about running Salt's .pylintrc file.
SaltStack recommends running the .pylintrc file on any files you are changing with your code contribution
before submitting a pull request to Salt's repository. Please see the Linting documentation for more
information.
Sending a GitHub pull request
Sending pull requests on GitHub is the preferred method for receiving contributions. The workflow advice
below mirrors GitHub's own guide and is well worth reading.
1. Fork saltstack/salt on GitHub.
2. Make a local clone of your fork.
git clone git@github.com:my-account/salt.git
cd salt
3. Add saltstack/salt as a git remote.
git remote add upstream https://github.com/saltstack/salt.git
4. Create a new branch in your clone.
NOTE:
A branch should have one purpose. For example, "Fix bug X," or "Add feature Y". Multiple unrelated
fixes and/or features should be isolated into separate branches.
If you're working on a bug or documentation fix, create your branch from the oldest release branch
that contains the bug or requires the documentation update. See Which Salt Branch?.
git fetch upstream
git checkout -b fix-broken-thing upstream/2016.11
If you're working on a feature, create your branch from the develop branch.
git fetch upstream
git checkout -b add-cool-feature upstream/develop
5. Edit and commit changes to your branch.
vim path/to/file1 path/to/file2
git diff
git add path/to/file1 path/to/file2
git commit
Write a short, descriptive commit title and a longer commit message if necessary.
NOTE:
If your change fixes a bug or implements a feature already filed in the issue tracker, be sure to
reference the issue number in the commit message body.
Fix broken things in file1 and file2
Fixes #31337
# Please enter the commit message for your changes. Lines starting
# with '#' will be ignored, and an empty message aborts the commit.
# On branch fix-broken-thing
# Changes to be committed:
# modified: path/to/file1
# modified: path/to/file2
If you get stuck, there are many introductory Git resources on http://help.github.com.
6. Push your locally-committed changes to your GitHub fork.
git push -u origin fix-broken-thing
or
git push -u origin add-cool-feature
NOTE:
You may want to rebase before pushing to work out any potential conflicts:
git fetch upstream
git rebase upstream/2016.11 fix-broken-thing
git push -u origin fix-broken-thing
or
git fetch upstream
git rebase upstream/develop add-cool-feature
git push -u origin add-cool-feature
If you do rebase, and the push is rejected with a (non-fast-forward) comment, then run git status.
You will likely see a message about the branches diverging:
On branch fix-broken-thing
Your branch and 'origin/fix-broken-thing' have diverged,
and have 1 and 2 different commits each, respectively.
(use "git pull" to merge the remote branch into yours)
nothing to commit, working tree clean
Do NOT perform a git pull or git merge here. Instead, add --force to the end of the git push
command to get the changes pushed to your fork. Pulling or merging, while they will resolve the
non-fast-forward issue, will likely add extra commits to the pull request which were not part of
your changes.
7. Find the branch on your GitHub salt fork.
https://github.com/my-account/salt/branches/fix-broken-thing
8. Open a new pull request.
Click on Pull Request on the right near the top of the page,
https://github.com/my-account/salt/pull/new/fix-broken-thing
1. If your branch is a fix for a release branch, choose that as the base branch (e.g. 2016.11),
https://github.com/my-account/salt/compare/saltstack:2016.11...fix-broken-thing
If your branch is a feature, choose develop as the base branch,
https://github.com/my-account/salt/compare/saltstack:develop...add-cool-feature
2. Review that the proposed changes are what you expect.
3. Write a descriptive comment. Include links to related issues (e.g. 'Fixes #31337.') in the
comment field.
4. Click Create pull request.
9. Salt project members will review your pull request and automated tests will run on it.
If you recognize any test failures as being related to your proposed changes or if a reviewer asks for
modifications:
1. Make the new changes in your local clone on the same local branch.
2. Push the branch to GitHub again using the same commands as before.
3. New and updated commits will be added to the pull request automatically.
4. Feel free to add a comment to the discussion.
NOTE:
Jenkins
Pull request against saltstack/salt are automatically tested on a variety of operating systems and
configurations. On average these tests take 30 minutes. Depending on your GitHub notification
settings you may also receive an email message about the test results.
Test progress and results can be found at http://jenkins.saltstack.com/.
Salt's Branch Topology
There are three different kinds of branches in use: develop, main release branches, and dot release
branches.
• All feature work should go into the develop branch.
• Bug fixes and documentation changes should go into the oldest supported main release branch affected by
the the bug or documentation change. Main release branches are named after a year and month, such as
2016.11 and 2017.7.
• Hot fixes, as determined by SaltStack's release team, should be submitted against dot release branches.
Dot release branches are named after a year, month, and version. Examples include 2016.11.8 and
2017.7.2.
NOTE:
GitHub will open pull requests against Salt's main branch, develop, byndefault. Be sure to check which
branch is selected when creating the pull request.
The Develop Branch
The develop branch is unstable and bleeding-edge. Pull requests containing feature additions or
non-bug-fix changes should be made against the develop branch.
NOTE:
If you have a bug fix or documentation change and have already forked your working branch from develop
and do not know how to rebase your commits against another branch, then submit it to develop anyway.
SaltStack's development team will be happy to back-port it to the correct branch.
Please make sure you let the maintainers know that the pull request needs to be back-ported.
Main Release Branches
The current release branch is the most recent stable release. Pull requests containing bug fixes or
documentation changes should be made against the main release branch that is affected.
The branch name will be a date-based name such as 2016.11.
Bug fixes are made on this branch so that dot release branches can be cut from the main release branch
without introducing surprises and new features. This approach maximizes stability.
Dot Release Branches
Prior to tagging an official release, a branch will be created when the SaltStack release team is ready
to tag. The dot release branch is created from a main release branch. The dot release branch will be the
same name as the tag minus the v. For example, the 2017.7.1 dot release branch was created from the
2017.7 main release branch. The v2017.7.1 release was tagged at the HEAD of the 2017.7.1 branch.
This branching strategy will allow for more stability when there is a need for a re-tag during the
testing phase of the release process and further increases stability.
Once the dot release branch is created, the fixes required for a given release, as determined by the
SaltStack release team, will be added to this branch. All commits in this branch will be merged forward
into the main release branch as well.
Merge Forward Process
The Salt repository follows a "Merge Forward" policy. The merge-forward behavior means that changes
submitted to older main release branches will automatically be "merged-forward" into the newer branches.
For example, a pull request is merged into 2016.11. Then, the entire 2016.11 branch is merged-forward
into the 2017.7 branch, and the 2017.7 branch is merged-forward into the develop branch.
This process makes is easy for contributors to make only one pull-request against an older branch, but
allows the change to propagate to all main release branches.
The merge-forward work-flow applies to all main release branches and the operation runs continuously.
Merge-Forwards for Dot Release Branches
The merge-forward policy applies to dot release branches as well, but has a slightly different behavior.
If a change is submitted to a dot release branch, the dot release branch will be merged into its parent
main release branch.
For example, a pull request is merged into the 2017.7.2 release branch. Then, the entire 2017.7.2 branch
is merged-forward into the 2017.7 branch. From there, the merge forward process continues as normal.
The only way in which dot release branches differ from main release branches in regard to merge-forwards,
is that once a dot release branch is created from the main release branch, the dot release branch does
not receive merge forwards.
NOTE:
The merge forward process for dot release branches is one-way: dot release branch --> main release
branch.
Closing GitHub issues from commits
This "merge-forward" strategy requires that the magic keywords to close a GitHub issue appear in the
commit message text directly. Only including the text in a pull request will not close the issue.
GitHub will close the referenced issue once the commit containing the magic text is merged into the
default branch (develop). Any magic text input only into the pull request description will not be seen at
the Git-level when those commits are merged-forward. In other words, only the commits are merged-forward
and not the pull request text.
Backporting Pull Requests
If a bug is fixed on develop and the bug is also present on a currently-supported release branch, it will
need to be back-ported to an applicable branch.
NOTE:
Most Salt contributors can skip these instructions
These instructions do not need to be read in order to contribute to the Salt project! The SaltStack
team will back-port fixes on behalf of contributors in order to keep the contribution process easy.
These instructions are intended for frequent Salt contributors, advanced Git users, SaltStack
employees, or independent souls who wish to back-port changes themselves.
It is often easiest to fix a bug on the oldest supported release branch and then merge that branch
forward into develop (as described earlier in this document). When that is not possible the fix must be
back-ported, or copied, into any other affected branches.
These steps assume a pull request #1234 has been merged into develop. And upstream is the name of the
remote pointing to the main Salt repo.
1. Identify the oldest supported release branch that is affected by the bug.
2. Create a new branch for the back-port by reusing the same branch from the original pull request.
Name the branch bp-<NNNN> and use the number of the original pull request.
git fetch upstream refs/pull/1234/head:bp-1234
git checkout bp-1234
3. Find the parent commit of the original pull request.
The parent commit of the original pull request must be known in order to rebase onto a release branch.
The easiest way to find this is on GitHub.
Open the original pull request on GitHub and find the first commit in the list of commits. Select and
copy the SHA for that commit. The parent of that commit can be specified by appending ~1 to the end.
4. Rebase the new branch on top of the release branch.
• <release-branch> is the branch identified in step #1.
• <orig-base> is the SHA identified in step #3 -- don't forget to add ~1 to the end!
git rebase --onto <release-branch> <orig-base> bp-1234
Note, release branches prior to 2016.11 will not be able to make use of rebase and must use
cherry-picking instead.
5. Push the back-port branch to GitHub and open a new pull request.
Opening a pull request for the back-port allows for the test suite and normal code-review process.
git push -u origin bp-1234
Keeping Salt Forks in Sync
Salt advances quickly. It is therefore critical to pull upstream changes from upstream into your fork on
a regular basis. Nothing is worse than putting hard work into a pull request only to see bunches of merge
conflicts because it has diverged too far from upstream.
SEE ALSO:
GitHub Fork a Repo Guide
The following assumes origin is the name of your fork and upstream is the name of the main saltstack/salt
repository.
1. View existing remotes.
git remote -v
2. Add the upstream remote.
# For ssh github
git remote add upstream git@github.com:saltstack/salt.git
# For https github
git remote add upstream https://github.com/saltstack/salt.git
3. Pull upstream changes into your clone.
git fetch upstream
4. Update your copy of the develop branch.
git checkout develop
git merge --ff-only upstream/develop
If Git complains that a fast-forward merge is not possible, you have local commits.
• Run git pull --rebase origin develop to rebase your changes on top of the upstream changes.
• Or, run git branch <branch-name> to create a new branch with your commits. You will then need to
reset your develop branch before updating it with the changes from upstream.
If Git complains that local files will be overwritten, you have changes to files in your working
directory. Run git status to see the files in question.
5. Update your fork.
git push origin develop
6. Repeat the previous two steps for any other branches you work with, such as the current release
branch.
Posting patches to the mailing list
Patches will also be accepted by email. Format patches using git format-patch and send them to the
salt-users mailing list. The contributor will then get credit for the patch, and the Salt community will
have an archive of the patch and a place for discussion.
Issue and Pull Request Labeling System
SaltStack uses several labeling schemes to help facilitate code contributions and bug resolution. See the
Labels and Milestones documentation for more information.
Mentionbot
SaltStack runs a mention-bot which notifies contributors who might be able to help review incoming
pull-requests based on their past contribution to files which are being changed.
If you do not wish to receive these notifications, please add your GitHub handle to the blacklist line in
the .mention-bot file located in the root of the Salt repository.
GPG Verification
SaltStack has enabled GPG Probot to enforce GPG signatures for all commits included in a Pull Request.
In order for the GPG verification status check to pass, every contributor in the pull request must:
• Set up a GPG key on local machine
• Sign all commits in the pull request with key
• Link key with GitHub account
This applies to all commits in the pull request.
GitHub hosts a number of help articles for creating a GPG key, using the GPG key with git locally, and
linking the GPG key to your GitHub account. Once these steps are completed, the commit signing
verification will look like the example in GitHub's GPG Signature Verification feature announcement.
Deprecating Code
Salt should remain backwards compatible, though sometimes, this backwards compatibility needs to be
broken because a specific feature and/or solution is no longer necessary or required. At first one might
think, let me change this code, it seems that it's not used anywhere else so it should be safe to remove.
Then, once there's a new release, users complain about functionality which was removed and they where
using it, etc. This should, at all costs, be avoided, and, in these cases, that specific code should be
deprecated.
In order to give users enough time to migrate from the old code behavior to the new behavior, the
deprecation time frame should be carefully determined based on the significance and complexity of the
changes required by the user.
Salt feature releases are based on the Periodic Table. Any new features going into the develop branch
will be named after the next element in the Periodic Table. For example, Beryllium was the feature
release name of the develop branch before the 2015.8 branch was tagged. At that point in time, any new
features going into the develop branch after 2015.8 was branched were part of the Boron feature release.
A deprecation warning should be in place for at least two major releases before the deprecated code and
its accompanying deprecation warning are removed. More time should be given for more complex changes.
For example, if the current release under development is Sodium, the deprecated code and associated
warnings should remain in place and warn for at least Aluminum.
To help in this deprecation task, salt provides salt.utils.warn_until. The idea behind this helper
function is to show the deprecation warning to the user until salt reaches the provided version. Once
that provided version is equaled salt.utils.warn_until will raise a RuntimeError making salt stop its
execution. This stoppage is unpleasant and will remind the developer that the deprecation limit has been
reached and that the code can then be safely removed.
Consider the following example:
def some_function(bar=False, foo=None):
if foo is not None:
salt.utils.warn_until(
'Aluminum',
'The \'foo\' argument has been deprecated and its '
'functionality removed, as such, its usage is no longer '
'required.'
)
Development begins on the Aluminum release when the Magnesium branch is forked from the develop branch.
Once this occurs, all uses of the warn_until function targeting Aluminum, along with the code they are
warning about should be removed from the code.
Dunder Dictionaries
Salt provides several special "dunder" dictionaries as a convenience for Salt development. These include
__opts__, __context__, __salt__, and others. This document will describe each dictionary and detail where
they exist and what information and/or functionality they provide.
__opts__
Available in
• All loader modules
The __opts__ dictionary contains all of the options passed in the configuration file for the master or
minion.
NOTE:
In many places in salt, instead of pulling raw data from the __opts__ dict, configuration data should
be pulled from the salt get functions such as config.get, aka - __salt__['config.get']('foo:bar') The
get functions also allow for dict traversal via the : delimiter. Consider using get functions
whenever using __opts__ or __pillar__ and __grains__ (when using grains for configuration data)
The configuration file data made available in the __opts__ dictionary is the configuration data relative
to the running daemon. If the modules are loaded and executed by the master, then the master
configuration data is available, if the modules are executed by the minion, then the minion configuration
is available. Any additional information passed into the respective configuration files is made available
__salt__
Available in
• Execution Modules
• State Modules
• Returners
• Runners
__salt__ contains the execution module functions. This allows for all functions to be called as they have
been set up by the salt loader.
__salt__['cmd.run']('fdisk -l')
__salt__['network.ip_addrs']()
NOTE:
When used in runners, __salt__ references other runner modules, and not execution modules.
__grains__
Available in
• Execution Modules
• State Modules
• Returners
• External Pillar
The __grains__ dictionary contains the grains data generated by the minion that is currently being worked
with. In execution modules, state modules and returners this is the grains of the minion running the
calls, when generating the external pillar the __grains__ is the grains data from the minion that the
pillar is being generated for.
__pillar__
Available in
• Execution Modules
• State Modules
• Returners
The __pillar__ dictionary contains the pillar for the respective minion.
__context__
__context__ exists in state modules and execution modules.
During a state run the __context__ dictionary persists across all states that are run and then is
destroyed when the state ends.
When running an execution module __context__ persists across all module executions until the modules are
refreshed; such as when saltutil.sync_all or state.apply are executed.
A great place to see how to use __context__ is in the cp.py module in salt/modules/cp.py. The fileclient
authenticates with the master when it is instantiated and then is used to copy files to the minion.
Rather than create a new fileclient for each file that is to be copied down, one instance of the
fileclient is instantiated in the __context__ dictionary and is reused for each file. Here is an example
from salt/modules/cp.py:
if not 'cp.fileclient' in __context__:
__context__['cp.fileclient'] = salt.fileclient.get_file_client(__opts__)
NOTE:
Because __context__ may or may not have been destroyed, always be sure to check for the existence of
the key in __context__ and generate the key before using it.
External Pillars
Salt provides a mechanism for generating pillar data by calling external pillar interfaces. This document
will describe an outline of an ext_pillar module.
Location
Salt expects to find your ext_pillar module in the same location where it looks for other python modules.
If the extension_modules option in your Salt master configuration is set, Salt will look for a pillar
directory under there and load all the modules it finds. Otherwise, it will look in your Python
site-packages salt/pillar directory.
Configuration
The external pillars that are called when a minion refreshes its pillars is controlled by the ext_pillar
option in the Salt master configuration. You can pass a single argument, a list of arguments or a
dictionary of arguments to your pillar:
ext_pillar:
- example_a: some argument
- example_b:
- argumentA
- argumentB
- example_c:
keyA: valueA
keyB: valueB
The Module
Imports and Logging
Import modules your external pillar module needs. You should first include generic modules that come with
stock Python:
import logging
And then start logging. This is an idiomatic way of setting up logging in Salt:
log = logging.getLogger(__name__)
Finally, load modules that are specific to what you are doing. You should catch import errors and set a
flag that the __virtual__ function can use later.
try:
import weird_thing
EXAMPLE_A_LOADED = True
except ImportError:
EXAMPLE_A_LOADED = False
Options
If you define an __opts__ dictionary, it will be merged into the __opts__ dictionary handed to the
ext_pillar function later. This is a good place to put default configuration items. The convention is to
name things modulename.option.
__opts__ = { 'example_a.someconfig': 137 }
Initialization
If you define an __init__ function, it will be called with the following signature:
def __init__( __opts__ ):
# Do init work here
Note: The __init__ function is ran every time a particular minion causes the external pillar to be
called, so don't put heavy initialization code here. The __init__ functionality is a side-effect of the
Salt loader, so it may not be as useful in pillars as it is in other Salt items.
__virtual__
If you define a __virtual__ function, you can control whether or not this module is visible. If it
returns False then Salt ignores this module. If it returns a string, then that string will be how Salt
identifies this external pillar in its ext_pillar configuration. If you're not renaming the module,
simply return True in the __virtual__ function, which is the same as if this function did not exist,
then, the name Salt's ext_pillar will use to identify this module is its conventional name in Python.
This is useful to write modules that can be installed on all Salt masters, but will only be visible if a
particular piece of software your module requires is installed.
# This external pillar will be known as `example_a`
def __virtual__():
if EXAMPLE_A_LOADED:
return True
return False
# This external pillar will be known as `something_else`
__virtualname__ = 'something_else'
def __virtual__():
if EXAMPLE_A_LOADED:
return __virtualname__
return False
ext_pillar
This is where the real work of an external pillar is done. If this module is active and has a function
called ext_pillar, whenever a minion updates its pillar this function is called.
How it is called depends on how it is configured in the Salt master configuration. The first argument is
always the current pillar dictionary, this contains pillar items that have already been added, starting
with the data from pillar_roots, and then from any already-ran external pillars.
Using our example above:
ext_pillar( id, pillar, 'some argument' ) # example_a
ext_pillar( id, pillar, 'argumentA', 'argumentB' ) # example_b
ext_pillar( id, pillar, keyA='valueA', keyB='valueB' } ) # example_c
In the example_a case, pillar will contain the items from the pillar_roots, in example_b pillar will
contain that plus the items added by example_a, and in example_c pillar will contain that plus the items
added by example_b. In all three cases, id will contain the ID of the minion making the pillar request.
This function should return a dictionary, the contents of which are merged in with all of the other
pillars and returned to the minion. Note: this function is called once for each minion that fetches its
pillar data.
def ext_pillar( minion_id, pillar, *args, **kwargs ):
my_pillar = {'external_pillar': {}}
my_pillar['external_pillar'] = get_external_pillar_dictionary()
return my_pillar
You can call pillar with the dictionary's top name to retrieve its data. From above example,
'external_pillar' is the top dictionary name. Therefore:
salt-call '*' pillar.get external_pillar
You shouldn't just add items to pillar and return that, since that will cause Salt to merge data that
already exists. Rather, just return the items you are adding or changing. You could, however, use pillar
in your module to make some decision based on pillar data that already exists.
This function has access to some useful globals:
__opts__
A dictionary of mostly Salt configuration options. If you had an __opts__ dictionary defined in
your module, those values will be included.
__salt__
A dictionary of Salt module functions, useful so you don't have to duplicate functions that
already exist. E.g. __salt__['cmd.run']( 'ls -l' ) Note, runs on the master
__grains__
A dictionary of the grains of the minion making this pillar call.
Example configuration
As an example, if you wanted to add external pillar via the cmd_json external pillar, add something like
this to your master config:
ext_pillar:
- cmd_json: 'echo {\"arg\":\"value\"}'
Reminder
Just as with traditional pillars, external pillars must be refreshed in order for minions to see any
fresh data:
salt '*' saltutil.refresh_pillar
Installing Salt for development
Clone the repository using:
git clone https://github.com/saltstack/salt
NOTE:
tags
Just cloning the repository is enough to work with Salt and make contributions. However, fetching
additional tags from git is required to have Salt report the correct version for itself. To do this,
first add the git repository as an upstream source:
git remote add upstream https://github.com/saltstack/salt
Fetching tags is done with the git 'fetch' utility:
git fetch --tags upstream
Create a new virtualenv:
virtualenv /path/to/your/virtualenv
Avoid making your virtualenv path too long.
On Arch Linux, where Python 3 is the default installation of Python, use the virtualenv2 command instead
of virtualenv.
On Gentoo you must use --system-site-packages to enable pkg and portage_config functionality
NOTE:
Using system Python modules in the virtualenv
To use already-installed python modules in virtualenv (instead of having pip download and compile new
ones), run virtualenv --system-site-packages Using this method eliminates the requirement to install
the salt dependencies again, although it does assume that the listed modules are all installed in the
system PYTHONPATH at the time of virtualenv creation.
NOTE:
Python development package
Be sure to install python devel package in order to install required Python modules. In Debian/Ubuntu
run sudo apt-get install -y python-dev. In RedHat based system install python-devel
Activate the virtualenv:
source /path/to/your/virtualenv/bin/activate
Install Salt (and dependencies) into the virtualenv:
pip install pyzmq PyYAML pycrypto msgpack-python jinja2 psutil futures tornado
pip install -e ./salt # the path to the salt git clone from above
NOTE:
Installing psutil
Python header files are required to build this module, otherwise the pip install will fail. If your
distribution separates binaries and headers into separate packages, make sure that you have the
headers installed. In most Linux distributions which split the headers into their own package, this
can be done by installing the python-dev or python-devel package. For other platforms, the package
will likely be similarly named.
NOTE:
Installing dependencies on macOS.
You can install needed dependencies on macOS using homebrew or macports. See macOS Installation
WARNING:
Installing on RedHat-based Distros
If installing from pip (or from source using setup.py install), be advised that the yum-utils package
is needed for Salt to manage packages on RedHat-based systems.
Running a self-contained development version
During development it is easiest to be able to run the Salt master and minion that are installed in the
virtualenv you created above, and also to have all the configuration, log, and cache files contained in
the virtualenv as well.
The /path/to/your/virtualenv referenced multiple times below is also available in the variable
$VIRTUAL_ENV once the virtual environment is activated.
Copy the master and minion config files into your virtualenv:
mkdir -p /path/to/your/virtualenv/etc/salt/pki/{master,minion}
cp ./salt/conf/master ./salt/conf/minion /path/to/your/virtualenv/etc/salt/
Edit the master config file:
1. Uncomment and change the user: root value to your own user.
2. Uncomment and change the root_dir: / value to point to /path/to/your/virtualenv.
3. Uncomment and change the pki_dir: /etc/salt/pki/master value to point to
/path/to/your/virtualenv/etc/salt/pki/master
4. If you are running version 0.11.1 or older, uncomment, and change the pidfile:
/var/run/salt-master.pid value to point to /path/to/your/virtualenv/salt-master.pid.
5. If you are also running a non-development version of Salt you will have to change the publish_port and
ret_port values as well.
Edit the minion config file:
1. Repeat the edits you made in the master config for the user and root_dir values as well as any port
changes.
2. Uncomment and change the pki_dir: /etc/salt/pki/minion value to point to
/path/to/your/virtualenv/etc/salt/pki/minion
3. If you are running version 0.11.1 or older, uncomment, and change the pidfile:
/var/run/salt-minion.pid value to point to /path/to/your/virtualenv/salt-minion.pid.
4. Uncomment and change the master: salt value to point at localhost.
5. Uncomment and change the id: value to something descriptive like "saltdev". This isn't strictly
necessary but it will serve as a reminder of which Salt installation you are working with.
6. If you changed the ret_port value in the master config because you are also running a non-development
version of Salt, then you will have to change the master_port value in the minion config to match.
NOTE:
Using salt-call with a Standalone Minion
If you plan to run salt-call with this self-contained development environment in a masterless setup,
you should invoke salt-call with -c /path/to/your/virtualenv/etc/salt so that salt can find the minion
config file. Without the -c option, Salt finds its config files in /etc/salt.
Start the master and minion, accept the minion's key, and verify your local Salt installation is working:
cd /path/to/your/virtualenv
salt-master -c ./etc/salt -d
salt-minion -c ./etc/salt -d
salt-key -c ./etc/salt -L
salt-key -c ./etc/salt -A
salt -c ./etc/salt '*' test.ping
Running the master and minion in debug mode can be helpful when developing. To do this, add -l debug to
the calls to salt-master and salt-minion. If you would like to log to the console instead of to the log
file, remove the -d.
NOTE:
Too long socket path?
Once the minion starts, you may see an error like the following:
zmq.core.error.ZMQError: ipc path "/path/to/your/virtualenv/
var/run/salt/minion/minion_event_7824dcbcfd7a8f6755939af70b96249f_pub.ipc"
is longer than 107 characters (sizeof(sockaddr_un.sun_path)).
This means that the path to the socket the minion is using is too long. This is a system limitation,
so the only workaround is to reduce the length of this path. This can be done in a couple different
ways:
1. Create your virtualenv in a path that is short enough.
2. Edit the sock_dir minion config variable and reduce its length. Remember that this path is relative
to the value you set in root_dir.
NOTE: The socket path is limited to 107 characters on Solaris and Linux, and 103 characters on
BSD-based systems.
NOTE:
File descriptor limits
Ensure that the system open file limit is raised to at least 2047:
# check your current limit
ulimit -n
# raise the limit. persists only until reboot
# use 'limit descriptors 2047' for c-shell
ulimit -n 2047
To set file descriptors on macOS, refer to the macOS Installation instructions.
Changing Default Paths
Instead of updating your configuration files to point to the new root directory and having to pass the
new configuration directory path to all of Salt's CLI tools, you can explicitly tweak the default system
paths that Salt expects:
GENERATE_SALT_SYSPATHS=1 pip install --global-option='--salt-root-dir=/path/to/your/virtualenv/' \
-e ./salt # the path to the salt git clone from above
You can now call all of Salt's CLI tools without explicitly passing the configuration directory.
Additional Options
If you want to distribute your virtualenv, you probably don't want to include Salt's clone .git/
directory, and, without it, Salt won't report the accurate version. You can tell setup.py to generate the
hardcoded version information which is distributable:
GENERATE_SALT_SYSPATHS=1 WRITE_SALT_VERSION=1 pip install --global-option='--salt-root-dir=/path/to/your/virtualenv/' \
-e ./salt # the path to the salt git clone from above
Instead of passing those two environmental variables, you can just pass a single one which will trigger
the other two:
MIMIC_SALT_INSTALL=1 pip install --global-option='--salt-root-dir=/path/to/your/virtualenv/' \
-e ./salt # the path to the salt git clone from above
This last one will grant you an editable salt installation with hardcoded system paths and version
information.
Installing Salt from the Python Package Index
If you are installing using easy_install, you will need to define a USE_SETUPTOOLS environment variable,
otherwise dependencies will not be installed:
USE_SETUPTOOLS=1 easy_install salt
Editing and previewing the documentation
You need sphinx-build command to build the docs. In Debian/Ubuntu this is provided in the python-sphinx
package. Sphinx can also be installed to a virtualenv using pip:
pip install Sphinx==1.3.1
Change to salt documentation directory, then:
cd doc; make html
• This will build the HTML docs. Run make without any arguments to see the available make targets, which
include html, man, and text.
• The docs then are built within the docs/_build/ folder. To update the docs after making changes, run
make again.
• The docs use reStructuredText for markup. See a live demo at http://rst.ninjs.org/.
• The help information on each module or state is culled from the python code that runs for that piece.
Find them in salt/modules/ or salt/states/.
• To build the docs on Arch Linux, the python2-sphinx package is required. Additionally, it is necessary
to tell make where to find the proper sphinx-build binary, like so:
make SPHINXBUILD=sphinx-build2 html
• To build the docs on RHEL/CentOS 6, the python-sphinx10 package must be installed from EPEL, and the
following make command must be used:
make SPHINXBUILD=sphinx-build html
Once you've updated the documentation, you can run the following command to launch a simple Python HTTP
server to see your changes:
cd _build/html; python -m SimpleHTTPServer
Running unit and integration tests
Run the test suite with following command:
./setup.py test
See here for more information regarding the test suite.
Issue and Pull Request Labeling System
SaltStack uses several labeling schemes to help facilitate code contributions and bug resolution. See the
Labels and Milestones documentation for more information.
GitHub Labels and Milestones
SaltStack uses several label categories, as well as milestones, to triage incoming issues and pull
requests in the GitHub issue tracker. Labels are used to sort issues by type, priority, severity,
status, functional area, functional group, and targeted release and pull requests by status, functional
area, functional group, type of change, and test status. Milestones are used to indicate whether an
issue is fully triaged or is scheduled to be fixed by SaltStack in an upcoming sprint.
Milestones
All issues are assigned to a milestone, whereas pull requests are almost never assigned to a milestone as
the mean lifetime of pull requests is short enough that there is no need to track them temporally.
SaltStack uses milestones to indicate which issues are blocked on submitter or upstream actions, are
approved, or are scheduled to be fixed or implemented in an upcoming sprint. If an issue is not attached
to a sprint milestone, you are welcome to work on it at your own desire and convenience. If it is
attached to a sprint milestone and you have already begun working on it or have a solution in mind or
have other ideas related to the issue, you are encouraged to coordinate with the assignee via the GitHub
issue tracker to create the best possible solution or implementation.
Approved
The issue has been validated and has all necessary information.
Blocked
The issue is waiting on actions by parties outside of SaltStack, such as receiving more
information from the submitter or resolution of an upstream issue. This milestone is usually
applied in conjunction with the labels Info Needed, Question, Expected Behavior, Won't Fix For
Now, or Upstream Bug.
Under Review
The issue is having further validation done by a SaltStack engineer.
<Sprint>
The issue is being actively worked on by a SaltStack engineer. Sprint milestones names are
constructed from the chemical symbol of the next release's codename and the number of sprints
until that release is made. For example, if the next release codename is Neon and there are five
sprints until that release, the corresponding sprint milestone will be called Ne 5. See
<version-numbers> for a discussion of Salt's release codenames.
Labels
Labels are used to sort and describe issues and pull requests. Some labels are usually reserved for one
or the other, though most labels may be applied to both.
New issues will receive at least one label and a milestone, and new pull requests will receive at least
one label. Except for the functional area and functional group label categories, issues will generally
receive only up to one label per category.
Type
Issues are categorized into one of several types. Type labels are almost never used for pull requests.
GitHub treats pull requests like issues in many ways, so a pull request could be considered an issue with
an implicit Pull Request type label applied.
Feature
The issue is a request for new functionality including changes, enhancements, refactors, etc.
Bug The issue documents broken, incorrect, or confusing behavior. This label is always accompanied by
a severity label.
Duplicate
The issue is a duplicate of another feature request or bug report.
Upstream Bug
The issue is a result of an upstream issue.
Question
The issue is more of a question than a request for new features or a report of broken features,
but can sometimes lead to further discussion or changes of confusing or incongruous behavior or
documentation.
Expected Behavior
The issue is a bug report of intended functionality.
Priority
An issue's priority is relative to its functional area. If a bug report, for example, about gitfs
indicates that all users of gitfs will encounter this bug, then a P1 label will be applied, even though
users who are not using gitfs will not encounter the bug. If a feature is requested by many users, it
may be given a high priority.
P1 The issue will be seen by all users.
P2 The issue will be seen by most users.
P3 The issue will be seen by about half of users.
P4 The issue will not be seen by most users. Usually the issue is a very specific use case or corner
case.
Severity
Severity labels are almost always only applied to issues labeled Bug.
Blocker
The issue is blocking an impending release.
Critical
The issue causes data loss, crashes or hangs salt processes, makes the system unresponsive, etc.
High Severity
The issue reports incorrect functionality, bad functionality, a confusing user experience, etc.
Medium Severity
The issue reports cosmetic items, formatting, spelling, colors, etc.
Functional Area
Many major components of Salt have corresponding GitHub labels. These labels are applied to all issues
and pull requests as is reasonably appropriate. They are useful in organizing issues and pull requests
according to the source code relevant to issues or the source code changed by pull requests.
• Execution Module
• File Servers
• Grains
• Multi-Master
• Packaging Related to packaging of Salt, not Salt's support for package management.
• Pillar
• RAET
• Returners
• Runners
• SPM
• Salt-API
• Salt-Cloud
• Salt-SSH
• Salt-Syndic
• State Module
• Tests
• Transport
• Windows
• ZMQ
Functional Group
These labels sort issues and pull requests according to the internal SaltStack engineering teams.
Core The issue or pull request relates to code that is central or existential to Salt itself.
Platform
The issue or pull request relates to support and integration with various platforms like
traditional operating systems as well as containers, platform-based utilities like filesystems,
command schedulers, etc., and system-based applications like webservers, databases, etc.
RIoT The issue or pull request relates to support and integration with various abstract systems like
cloud providers, hypervisors, API-based services, etc.
Console
The issue or pull request relates to the SaltStack enterprise console.
Documentation
The issue or pull request relates to documentation.
Status
Status labels are used to define and track the state of issues and pull requests. Not all potential
statuses correspond to a label, but some statuses are common enough that labels have been created for
them. If an issue has not been moved beyond the Blocked milestone, it is very likely that it will only
have a status label.
Bugfix - back-port
The pull request needs to be back-ported to an older release branch. This is done by recreating
the pull request against that branch. Once the back-port is completed, this label is replaced
with a Bugfix - [Done] back-ported label. Normally, new features should go into the develop and
bug fixes into the oldest supported release branch, see <which-salt-branch>.
Bugfix - [Done] back-ported
The pull request has been back-ported to an older branch.
Cannot Reproduce
The issue is a bug and has been reviewed by a SaltStack engineer, but it cannot be replicated with
the provided information and context. Those involved with the bug will need to work through
additional ideas until the bug can be isolated and verified.
Confirmed
The issue is a bug and has been confirmed by a SaltStack engineer, who often documents a minimal
working example that reproduces the bug.
Fixed Pending Verification
The issue is a bug and has been fixed by one or more pull requests, which should link to the
issue. Closure of the issue is contingent upon confirmation of resolution from the submitter. If
the submitter reports a negative confirmation, this label is removed. If no response is given
after a few weeks, then the issue will be assumed fixed and closed.
Info Needed
The issue needs more information before it can be verified and resolved. For a feature request
this may include a description of the use cases. Almost all bug reports need to include at least
the versions of salt and its dependencies, the system type and version, commands used, debug logs,
error messages, and relevant configs.
Pending Changes
The pull request needs additional changes before it can be merged.
Pending Discussion
The issue or pull request needs more discussion before it can be closed or merged. The status of
the issue or pull request is not clear or apparent enough for definite action to be taken, or
additional input from SaltStack, the submitter, or another party has been requested.
If the issue is not a pull request, once the discussion has arrived at a cogent conclusion, this
label will be removed and the issue will be accepted. If it is a pull request, the results of the
discussion may require additional changes and thus, a Pending Changes label.
Won't Fix for Now
The issue is legitimate, but it is not something the SaltStack team is currently able or willing
to fix or implement. Issues having this label may be revisited in the future.
Type of Change
Every pull request should receive a change label. These labels measure the quantity of change as well as
the significance of the change. The amount of change and the importance of the code area changed are
considered, but often the depth of secondary code review required and the potential repercussions of the
change may also advise the label choice.
Core code areas include: state compiler, crypto engine, master and minion and syndic daemons, transport,
pillar rendering, loader, transport layer, event system, salt.utils, client, cli, logging, netapi, runner
engine, templating engine, top file compilation, file client, file server, mine, salt-ssh, test runner,
etc.
Non-core code usually constitutes the specific set of plugins for each of the several plugin layers of
Salt: execution modules, states, runners, returners, clouds, etc.
Minor Change
• Less than 64 lines changed, or
• Less than 8 core lines changed
Medium Change
• Less than 256 lines changed, or
• Less than 64 core lines changed
Master Change
• More than 256 lines changed, or
• More than 64 core lines changed
Expert Change
• Needs specialized, in-depth review
Test Status
These labels relate to the status of the automated tests that run on pull requests. If the tests on a
pull request fail and are not overridden by one of these labels, the pull request submitter needs to
update the code and/or tests so that the tests pass and the pull request can be merged.
Lint The pull request has passed all tests except for the code lint checker.
Tests Passed
The pull request has passed all tests even though some test results are negative. Sometimes the
automated testing infrastructure will encounter internal errors unrelated to the code change in
the pull request that cause test runs to fail. These errors can be caused by cloud host and
network issues and also Jenkins issues like erroneously accumulating workspace artifacts, resource
exhaustion, and bugs that arise from long running Jenkins processes.
Other
These labels indicate miscellaneous issue types or statuses that are common or important enough to be
tracked and sorted with labels.
Awesome
The pull request implements an especially well crafted solution, or a very difficult but necessary
change.
Help Wanted
The issue appears to have a simple solution. Issues having this label should be a good starting
place for new contributors to Salt.
Needs Testcase
The issue or pull request relates to a feature that needs test coverage. The pull request
containing the tests should reference the issue or pull request having this label, whereupon the
label should be removed.
Regression
The issue is a bug that breaks functionality known to work in previous releases.
Story The issue is used by a SaltStack engineer to track progress on multiple related issues in a single
place.
Stretch
The issue is an optional goal for the current sprint but may not be delivered.
ZD The issue is related to a Zendesk customer support ticket.
<Release>
The issue is scheduled to be implemented by <Release>. See <version-numbers> for a discussion of
Salt's release codenames.
Logging Internals
TODO
Modular Systems
When first working with Salt, it is not always clear where all of the modular components are and what
they do. Salt comes loaded with more modular systems than many users are aware of, making Salt very easy
to extend in many places.
The most commonly used modular systems are execution modules and states. But the modular systems extend
well beyond the more easily exposed components and are often added to Salt to make the complete system
more flexible.
Execution Modules
Execution modules make up the core of the functionality used by Salt to interact with client systems. The
execution modules create the core system management library used by all Salt systems, including states,
which interact with minion systems.
Execution modules are completely open ended in their execution. They can be used to do anything required
on a minion, from installing packages to detecting information about the system. The only restraint in
execution modules is that the defined functions always return a JSON serializable object.
For a list of all built in execution modules, click here
For information on writing execution modules, see this page.
Interactive Debugging
Sometimes debugging with print() and extra logs sprinkled everywhere is not the best strategy.
IPython is a helpful debug tool that has an interactive python environment which can be embedded in
python programs.
First the system will require IPython to be installed.
# Debian
apt-get install ipython
# Arch Linux
pacman -Syu ipython2
# RHEL/CentOS (via EPEL)
yum install python-ipython
Now, in the troubling python module, add the following line at a location where the debugger should be
started:
test = 'test123'
import IPython; IPython.embed_kernel()
After running a Salt command that hits that line, the following will show up in the log file:
[CRITICAL] To connect another client to this kernel, use:
[IPKernelApp] --existing kernel-31271.json
Now on the system that invoked embed_kernel, run the following command from a shell:
# NOTE: use ipython2 instead of ipython for Arch Linux
ipython console --existing
This provides a console that has access to all the vars and functions, and even supports tab-completion.
print(test)
test123
To exit IPython and continue running Salt, press Ctrl-d to logout.
State Modules
State modules are used to define the state interfaces used by Salt States. These modules are restrictive
in that they must follow a number of rules to function properly.
NOTE:
State modules define the available routines in sls files. If calling an execution module directly is
desired, take a look at the module state.
Auth
The auth module system allows for external authentication routines to be easily added into Salt. The auth
function needs to be implemented to satisfy the requirements of an auth module. Use the pam module as an
example.
Fileserver
The fileserver module system is used to create fileserver backends used by the Salt Master. These modules
need to implement the functions used in the fileserver subsystem. Use the gitfs module as an example.
Grains
Grain modules define extra routines to populate grains data. All defined public functions will be
executed and MUST return a Python dict object. The dict keys will be added to the grains made available
to the minion.
Output
The output modules supply the outputter system with routines to display data in the terminal. These
modules are very simple and only require the output function to execute. The default system outputter is
the nested module.
Pillar
Used to define optional external pillar systems. The pillar generated via the filesystem pillar is passed
into external pillars. This is commonly used as a bridge to database data for pillar, but is also the
backend to the libvirt state used to generate and sign libvirt certificates on the fly.
Renderers
Renderers are the system used to render sls files into salt highdata for the state compiler. They can be
as simple as the py renderer and as complex as stateconf and pydsl.
Returners
Returners are used to send data from minions to external sources, commonly databases. A full returner
will implement all routines to be supported as an external job cache. Use the redis returner as an
example.
Runners
Runners are purely master-side execution sequences.
Tops
Tops modules are used to convert external data sources into top file data for the state system.
Wheel
The wheel system is used to manage master side management routines. These routines are primarily intended
for the API to enable master configuration.
Package Providers
This page contains guidelines for writing package providers.
Package Functions
One of the most important features of Salt is package management. There is no shortage of package
managers, so in the interest of providing a consistent experience in pkg states, there are certain
functions that should be present in a package provider. Note that these are subject to change as new
features are added or existing features are enhanced.
list_pkgs
This function should declare an empty dict, and then add packages to it by calling pkg_resource.add_pkg,
like so:
__salt__['pkg_resource.add_pkg'](ret, name, version)
The last thing that should be done before returning is to execute pkg_resource.sort_pkglist. This
function does not presently do anything to the return dict, but will be used in future versions of Salt.
__salt__['pkg_resource.sort_pkglist'](ret)
list_pkgs returns a dictionary of installed packages, with the keys being the package names and the
values being the version installed. Example return data:
{'foo': '1.2.3-4',
'bar': '5.6.7-8'}
latest_version
Accepts an arbitrary number of arguments. Each argument is a package name. The return value for a package
will be an empty string if the package is not found or if the package is up-to-date. The only case in
which a non-empty string is returned is if the package is available for new installation (i.e. not
already installed) or if there is an upgrade available.
If only one argument was passed, this function return a string, otherwise a dict of name/version pairs is
returned.
This function must also accept **kwargs, in order to receive the fromrepo and repo keyword arguments from
pkg states. Where supported, these arguments should be used to find the install/upgrade candidate in the
specified repository. The fromrepo kwarg takes precedence over repo, so if both of those kwargs are
present, the repository specified in fromrepo should be used. However, if repo is used instead of
fromrepo, it should still work, to preserve backwards compatibility with older versions of Salt.
version
Like latest_version, accepts an arbitrary number of arguments and returns a string if a single package
name was passed, or a dict of name/value pairs if more than one was passed. The only difference is that
the return values are the currently-installed versions of whatever packages are passed. If the package is
not installed, an empty string is returned for that package.
upgrade_available
Deprecated and destined to be removed. For now, should just do the following:
return __salt__['pkg.latest_version'](name) != ''
install
The following arguments are required and should default to None:
1. name (for single-package pkg states)
2. pkgs (for multiple-package pkg states)
3. sources (for binary package file installation)
The first thing that this function should do is call pkg_resource.parse_targets (see below). This
function will convert the SLS input into a more easily parsed data structure. pkg_resource.parse_targets
may need to be modified to support your new package provider, as it does things like parsing package
metadata which cannot be done for every package management system.
pkg_params, pkg_type = __salt__['pkg_resource.parse_targets'](name,
pkgs,
sources)
Two values will be returned to the install function. The first of them will be a dictionary. The keys of
this dictionary will be package names, though the values will differ depending on what kind of
installation is being done:
• If name was provided (and pkgs was not), then there will be a single key in the dictionary, and its
value will be None. Once the data has been returned, if the version keyword argument was provided, then
it should replace the None value in the dictionary.
• If pkgs was provided, then name is ignored, and the dictionary will contain one entry for each package
in the pkgs list. The values in the dictionary will be None if a version was not specified for the
package, and the desired version if specified. See the Multiple Package Installation Options section of
the pkg.installed state for more info.
• If sources was provided, then name is ignored, and the dictionary values will be the path/URI for the
package.
The second return value will be a string with two possible values: repository or file. The install
function can use this value (if necessary) to build the proper command to install the targeted
package(s).
Both before and after the installing the target(s), you should run list_pkgs to obtain a list of the
installed packages. You should then return the output of salt.utils.compare_dicts()
return salt.utils.compare_dicts(old, new)
remove
Removes the passed package and return a list of the packages removed.
Package Repo Functions
There are some functions provided by pkg which are specific to package repositories, and not to packages
themselves. When writing modules for new package managers, these functions should be made available as
stated below, in order to provide compatibility with the pkgrepo state.
All repo functions should accept a basedir option, which defines which directory repository configuration
should be found in. The default for this is dictated by the repo manager that is being used, and rarely
needs to be changed.
basedir = '/etc/yum.repos.d'
__salt__['pkg.list_repos'](basedir)
list_repos
Lists the repositories that are currently configured on this system.
__salt__['pkg.list_repos']()
Returns a dictionary, in the following format:
{'reponame': 'config_key_1': 'config value 1',
'config_key_2': 'config value 2',
'config_key_3': ['list item 1 (when appropriate)',
'list item 2 (when appropriate)]}
get_repo
Displays all local configuration for a specific repository.
__salt__['pkg.get_repo'](repo='myrepo')
The information is formatted in much the same way as list_repos, but is specific to only one repo.
{'config_key_1': 'config value 1',
'config_key_2': 'config value 2',
'config_key_3': ['list item 1 (when appropriate)',
'list item 2 (when appropriate)]}
del_repo
Removes the local configuration for a specific repository. Requires a repo argument, which must match the
locally configured name. This function returns a string, which informs the user as to whether or not the
operation was a success.
__salt__['pkg.del_repo'](repo='myrepo')
mod_repo
Modify the local configuration for one or more option for a configured repo. This is also the way to
create new repository configuration on the local system; if a repo is specified which does not yet exist,
it will be created.
The options specified for this function are specific to the system; please refer to the documentation for
your specific repo manager for specifics.
__salt__['pkg.mod_repo'](repo='myrepo', url='http://myurl.com/repo')
Low-Package Functions
In general, the standard package functions as describes above will meet your needs. These functions use
the system's native repo manager (for instance, yum or the apt tools). In most cases, the repo manager is
actually separate from the package manager. For instance, yum is usually a front-end for rpm, and apt is
usually a front-end for dpkg. When possible, the package functions that use those package managers
directly should do so through the low package functions.
It is normal and sane for pkg to make calls to lowpkgs, but lowpkg must never make calls to pkg. This is
affects functions which are required by both pkg and lowpkg, but the technique in pkg is more performant
than what is available to lowpkg. When this is the case, the lowpkg function that requires that technique
must still use the lowpkg version.
list_pkgs
Returns a dict of packages installed, including the package name and version. Can accept a list of
packages; if none are specified, then all installed packages will be listed.
installed = __salt__['lowpkg.list_pkgs']('foo', 'bar')
Example output:
{'foo': '1.2.3-4',
'bar': '5.6.7-8'}
verify
Many (but not all) package management systems provide a way to verify that the files installed by the
package manager have or have not changed. This function accepts a list of packages; if none are
specified, all packages will be included.
installed = __salt__['lowpkg.verify']('httpd')
Example output:
{'/etc/httpd/conf/httpd.conf': {'mismatch': ['size', 'md5sum', 'mtime'],
'type': 'config'}}
file_list
Lists all of the files installed by all packages specified. If not packages are specified, then all files
for all known packages are returned.
installed = __salt__['lowpkg.file_list']('httpd', 'apache')
This function does not return which files belong to which packages; all files are returned as one giant
list (hence the file_list function name. However, This information is still returned inside of a dict, so
that it can provide any errors to the user in a sane manner.
{'errors': ['package apache is not installed'],
'files': ['/etc/httpd',
'/etc/httpd/conf',
'/etc/httpd/conf.d',
'...SNIP...']}
file_dict
Lists all of the files installed by all packages specified. If not packages are specified, then all files
for all known packages are returned.
installed = __salt__['lowpkg.file_dict']('httpd', 'apache', 'kernel')
Unlike file_list, this function will break down which files belong to which packages. It will also return
errors in the same manner as file_list.
{'errors': ['package apache is not installed'],
'packages': {'httpd': ['/etc/httpd',
'/etc/httpd/conf',
'...SNIP...'],
'kernel': ['/boot/.vmlinuz-2.6.32-279.el6.x86_64.hmac',
'/boot/System.map-2.6.32-279.el6.x86_64',
'...SNIP...']}}
Pull Requests
Salt is a large software project with many developers working together. We encourage all Salt users to
contribute new features, bug fixes and documentation fixes. For those who haven't contributed to a large
software project before we encourage you to consider the following questions when preparing a pull
request.
This isn't an exhaustive list and these aren't necessarily hard and fast rules, but these are things we
consider when reviewing a pull request.
• Does this change work on all platforms? In cases where it does not, is an appropriate and
easy-to-understand reason presented to the user? Is it documented as-such? Have we thought about all
the possible ways this code might be used and accounted as best we can for them?
• Will this code work on versions of all Python we support? Will it work on future versions?
• Are Python reserved keywords used? Are variables named in a way that will make it easy for the next
person to understand what's going on?
• Does this code present a security risk in any way? What is the worst possible thing that an attacker
could do with this code? If dangerous cases are possible, is it appropriate to document them? If so,
has this been done? Would this change pass muster with a professional security audit? Is it obvious to
a person using this code what the risks are?
• Is it readable? Does it conform to our style guide? Is the code documented such that the next person
who comes along will be able to read and understand it? Most especially, are edge-cases documented to
avoid regressions? Will it be immediately evident to the next person who comes along why this change
was made?
• If appropriate, has the person who wrote the code which is being modified been notified and included in
the process?
• What are the performance implications of this change? Is there a more efficient way to structure the
logic and if so, does making the change balance itself against readability in a sensible way? Do the
performance characteristics of the code change based on the way it is being invoked (i.e., through an
API or various command-line tools.) Will it be easy to profile this change if it might be a problem?
• Are caveats considered and documented in the change?
• Will the code scale? More critically, will it scale in both directions? Salt runs in data-centers and
on Raspberry Pi installations in the Sahara. It needs to work on big servers and tiny devices.
• Is appropriate documentation written both in public-facing docs and in-line? How will the user know
how to use this? What will they do if it doesn't work as expected? Is this something a new user will
understand? Can a user know all they need to about this functionality by reading the public docs?
• Is this a change in behavior? If so, is it in the appropriate branch? Are deprecation warnings
necessary? Have those changes been fully documented? Have we fully thought through what implications a
change in behavior might have?
• How has the code been tested? If appropriate are there automated tests which cover this? Is it likely
to regress? If so, how has the potential of that regression been mitigated? What is the plan for
ensuring that this code works going forward?
• If it's asynchronous code, what is the potential for a race condition?
• Is this code an original work? If it's borrowed from another project or found online are the
appropriate licensing/attribution considerations handled?
• Is the reason for the change fully explained in the PR? If not for review, this is necessary so that
somebody in the future can go back and figure out why it was necessary.
• Is the intended behavior of the change clear? How will that behavior be known to future contributors
and to users?
• Does this code handle errors in a reasonable way? Have we gone back through the stack as much as
possible to make sure that an error cannot be raised that we do not account for? Are errors tested for
as well as proper functionality?
• If the code relies on external libraries, do we properly handle old versions of them? Do we require a
specific version and if so is this version check implemented? Is the library available on the same
platforms that module in question claims to support? If the code was written and tested against a
particular library, have we documented that fact?
• Can this code freeze/hang/crash a running daemon? Can it stall a state run? Are there infinite loops?
Are appropriate timeouts implemented?
• Is the function interface well documented? If argument types can not be inferred by introspection, are
they documented?
• Are resources such as file-handles cleaned-up after they are used?
• Is it possible that a reference-cycle exists between objects that will leak memory?
• Has the code been linted and does it pass all tests?
• Does the change fully address the problem or is it limited to a small surface area? By this, I mean
that it should be clear that the submitter has looked for other cases in the function or module where
the given case might also be addressed. If additional changes are necessary are they documented in the
code as a FIXME or the PR and in Github as an issue to be tracked?
• Will the code throw errors/warnings/stacktraces to the console during normal operation?
• Has all the debugging been removed?
• Does the code log any sensitive data? Does it show sensitive data in process lists? Does it store
sensitive data to disk and if so, does it do so in a secure manner? Are there potential race conditions
in between writing the data to disk and setting the appropriate permissions?
• Is it clear from the solution that the problem is well-understood? How can somebody who has never seen
the problem feel confident that this proposed change is the best one?
• What's hard-coded that might not need to be? Are we making sensible decisions for the user and allowing
them to tune and change things where appropriate?
• Are utility functions used where appropriate? Does this change re-implement something we already have
code for?
• Is the right thing being fixed? There are cases where it's appropriate to fix a test and cases where
it's appropriate to fix the code that's under test. Which is best for the user? Is this change a
shortcut or a solution that will be solid in the months and years to come?
• How will this code react to changes elsewhere in the code base? What is it coupled to and have we fully
thought through how best to present a coherent interface to consumers of a given function or method?
• Does this PR try to fix too many bugs/problems at once?
• Should this be split into multiple PRs to make them easier to test and reason about?
Reporting Bugs
Salt uses GitHub to track open issues and feature requests.
To file a bug, please navigate to the new issue page for the Salt project.
In an issue report, please include the following information:
• The output of salt --versions-report from the relevant machines. This can also be gathered remotely
by using salt <my_tgt> test.versions_report.
• A description of the problem including steps taken to cause the issue to occur and the expected
behaviour.
• Any steps taken to attempt to remediate the problem.
• Any configuration options set in a configuration file that may be relevant.
• A reproduceable test case. This may be as simple as an SLS file that illustrates a problem or it may
be a link to a repository that contains a number of SLS files that can be used together to
re-produce a problem. If the problem is transitory, any information that can be used to try and
reproduce the problem is helpful.
• [Optional] The output of each salt component (master/minion/CLI) running with the -ldebug flag set.
NOTE:
Please be certain to scrub any logs or SLS files for sensitive data!
Salt Topology
Salt is based on a powerful, asynchronous, network topology using ZeroMQ. Many ZeroMQ systems are in
place to enable communication. The central idea is to have the fastest communication possible.
Servers
The Salt Master runs 2 network services. First is the ZeroMQ PUB system. This service by default runs on
port 4505 and can be configured via the publish_port option in the master configuration.
Second is the ZeroMQ REP system. This is a separate interface used for all bi-directional communication
with minions. By default this system binds to port 4506 and can be configured via the ret_port option in
the master.
PUB/SUB
The commands sent out via the salt client are broadcast out to the minions via ZeroMQ PUB/SUB. This is
done by allowing the minions to maintain a connection back to the Salt Master and then all connections
are informed to download the command data at once. The command data is kept extremely small (usually less
than 1K) so it is not a burden on the network.
Return
The PUB/SUB system is a one way communication, so once a publish is sent out the PUB interface on the
master has no further communication with the minion. The minion, after running the command, then sends
the command's return data back to the master via the ret_port.
Translating Documentation
If you wish to help translate the Salt documentation to your language, please head over to the Transifex
website and signup for an account.
Once registered, head over to the Salt Translation Project, and either click on Request Language if you
can't find yours, or, select the language for which you wish to contribute and click Join Team.
Transifex provides some useful reading resources on their support domain, namely, some useful articles
directed to translators.
Building A Localized Version of the Documentation
While you're working on your translation on Transifex, you might want to have a look at how it's
rendering.
Install The Transifex Client
To interact with the Transifex web service you will need to install the transifex-client:
pip install transifex-client
Configure The Transifex Client
Once installed, you will need to set it up on your computer. We created a script to help you with that:
.scripts/setup-transifex-config
Download Remote Translations
There's a little script which simplifies the download process of the translations(which isn't that
complicated in the first place). So, let's assume you're translating pt_PT, Portuguese(Portugal). To
download the translations, execute from the doc/ directory of your Salt checkout:
make download-translations SPHINXLANG=pt_PT
To download pt_PT, Portuguese(Portugal), and nl, Dutch, you can use the helper script directly:
.scripts/download-translation-catalog pt_PT nl
Build Localized Documentation
After the download process finishes, which might take a while, the next step is to build a localized
version of the documentation. Following the pt_PT example above:
make html SPHINXLANG=pt_PT
View Localized Documentation
Open your browser, point it to the local documentation path and check the localized output you've just
build.
Developing Salt Tutorial
This tutorial assumes you have:
• a web browser
• a GitHub account (<my_account>)
• a command line (CLI)
• git
• a text editor
Fork
In your browser, navigate to the saltstack/salt GitHub repository.
Click on Fork (https://github.com/saltstack/salt/#fork-destination-box).
NOTE:
If you have more than one GitHub presence, for example if you are a member of a team, GitHub will ask
you into which area to clone Salt. If you don't know where, then select your personal GitHub account.
Clone
In your CLI, navigate to the directory into which you want clone the Salt codebase and submit the
following command:
$ git clone https://github.com/<my_account>/salt.git
where <my_account> is the name of your GitHub account. After the clone has completed, add SaltStack as a
second remote and fetch any changes from upstream.
$ cd salt
$ git remote add upstream https://github.com/saltstack/salt.git
$ git fetch upstream
For this tutorial, we will be working off from the develop branch, which is the default branch for the
SaltStack GitHub project. This branch needs to track upstream/develop so that we will get all upstream
changes when they happen.
$ git checkout develop
$ git branch --set-upstream-to upstream/develop
Fetch
Fetch any upstream changes on the develop branch and sync them to your local copy of the branch with a
single command:
$ git pull --rebase
NOTE:
For an explanation on pull vs pull --rebase and other excellent points, see this article by Mislav
Marohnić.
Branch
Now we are ready to get to work. Consult the sprint beginner bug list and select an execution module
whose __virtual__ function needs to be updated. I'll select the alternatives module.
Create a new branch off from develop. Be sure to name it something short and descriptive.
$ git checkout -b virt_ret
Edit
Edit the file you have selected, and verify that the changes are correct.
$ vim salt/modules/alternatives.py
$ git diff
diff --git a/salt/modules/alternatives.py b/salt/modules/alternatives.py
index 1653e5f..30c0a59 100644
--- a/salt/modules/alternatives.py
+++ b/salt/modules/alternatives.py
@@ -30,7 +30,7 @@ def __virtual__():
'''
if os.path.isdir('/etc/alternatives'):
return True
- return False
+ return (False, 'Cannot load alternatives module: /etc/alternatives dir not found')
def _get_cmd():
Commit
Stage and commit the changes. Write a descriptive commit summary, but try to keep it less than 50
characters. Review your commit.
$ git add salt/modules/alternatives.py
$ git commit -m 'modules.alternatives: __virtual__ return err msg'
$ git show
NOTE:
If you need more room to describe the changes in your commit, run git commit (without the -m, message,
option) and you will be presented with an editor. The first line is the commit summary and should
still be 50 characters or less. The following paragraphs you create are free form and will be
preserved as part of the commit.
Push
Push your branch to your GitHub account. You will likely need to enter your GitHub username and
password.
$ git push origin virt_ret
Username for 'https://github.com': <my_account>
Password for 'https://<my_account>@github.com':
NOTE:
If authentication over https does not work, you can alternatively setup ssh keys. Once you have done
this, you may need add the keys to your git repository configuration
$ git config ssh.key ~/.ssh/<key_name>
where <key_name> is the file name of the private key you created.
Merge
In your browser, navigate to the new pull request page on the saltstack/salt GitHub repository and click
on compare across forks. Select <my_account> from the list of head forks and the branch you are wanting
to merge into develop (virt_ret in this case).
When you have finished reviewing the changes, click Create pull request.
If your pull request contains only a single commit, the title and comment will be taken from that
commit's summary and message, otherwise the branch name is used for the title. Edit these fields as
necessary and click Create pull request.
NOTE:
Although these instructions seem to be the official pull request procedure on github's website, here
are two alternative methods that are simpler.
• If you navigate to your clone of salt, https://github.com/<my_account>/salt, depending on how old
your branch is or how recently you pushed updates on it, you may be presented with a button to
create a pull request with your branch.
• I find it easiest to edit the following URL:
https://github.com/saltstack/salt/compare/develop...<my_account>:virt_ret
Resources
GitHub offers many great tutorials on various aspects of the git- and GitHub-centric development
workflow:
https://help.github.com/
There are many topics covered by the Salt Developer documentation:
https://docs.saltstack.com/en/latest/topics/development/index.html
The contributing documentation presents more details on specific contributing topics:
https://docs.saltstack.com/en/latest/topics/development/contributing.html
Salt Extend
salt-extend is a templating tool for extending SaltStack. If you're looking to add a module to SaltStack,
then the salt-extend utility can guide you through the process.
You can use Salt Extend to quickly create templated modules for adding new behaviours to some of the
module subsystems within Salt.
Salt Extend takes a template directory and merges it into a SaltStack source code directory.
Command line usage
See salt-extend
Choosing a template
The following templates are available:
module
Creates a new execution module within salt/modules/{{module_name}}.py
module_unit
Creates a new execution module unit test suite within tests/unit/modules/test_{{module_name}}.py
state
Creates a new state module within salt/states/{{module_name}}.py
state_unit
Creates a new state module unit test suite within tests/unit/states/test_{{module_name}}.py
Adding templates
1. Create a directory under <src>/templates
2. Create a file template.yml containing properties for
• description - a description of the template
• questions - a collection of additional questions to ask the user, the name of the item will be used
as the key in the context dictionary within the jinja template.
• question - The question to ask the user, as a string
• default - (optional) the default value, can contain Jinja2 template syntax and has access to the
default context properties
Example template.yml
description: "Execution module"
questions:
depending_libraries:
question: "What libraries does this module depend upon?"
virtual_name:
question: "What module virtual name to use?"
default: "{{module_name}}"
3. Create the files within <src>/templates/<your template> to match the target
NOTE:
File names can contain Jinja 2 template syntax, e.g. '{{module_name}}.py}}'
Example file in the template directory
print('Hello {{module_name}}')
__virtual__ = '{{__virtual_name__}}'
Default context properties
The default context provides the following properties
• description - A description of the template
• short_description - A short description of the module as entered by the user
• version - The version name of the next release
• module_name - The module name as entered by the user
• release_date - The current date in the format YYYY-MM-DD
• year - The current year in the format YYYY
As well as any additional properties entered from the questions section of template.yml
API
SaltStack Extend
A templating tool for extending SaltStack.
Takes a template directory and merges it into a SaltStack source code directory. This tool uses Jinja2
for templating.
This tool is accessed using salt-extend
codeauthor
:email:`Anthony Shaw <anthonyshaw@apache.org>`
salt.utils.extend.apply_template(template_dir, output_dir, context)
Apply the template from the template directory to the output using the supplied context dict.
Parameters
• src (str) -- The source path
• dst (str) -- The destination path
• context (dict) -- The dictionary to inject into the Jinja template as context
salt.utils.extend.run(extension=None, name=None, description=None, salt_dir=None, merge=False,
temp_dir=None)
A template factory for extending the salt ecosystem
Parameters
• extension (str) -- The extension type, e.g. 'module', 'state', if omitted, user will be
prompted
• name (str) -- Python-friendly name for the module, if omitted, user will be prompted
• description (str) -- A description of the extension, if omitted, user will be prompted
• salt_dir (str) -- The targeted Salt source directory
• merge (bool) -- Merge with salt directory, False to keep separate, True to merge trees.
• temp_dir (str) -- The directory for generated code, if omitted, system temp will be used
Salt's Test Suite
Salt comes with a powerful integration and unit test suite allowing for the fully automated run of
integration and/or unit tests from a single interface.
To learn the basics of how Salt's test suite works, be sure to check out the Salt's Test Suite: An
Introduction tutorial.
Test Directory Structure
Salt's test suite is located in the tests directory in the root of Salt's codebase. The test suite is
divided into two main groups:
• Integration Tests
• Unit Tests
Within each of these groups, the directory structure roughly mirrors the structure of Salt's own
codebase. Notice that there are directories for states, modules, runners, output, and more in each
testing group.
The files that are housed in the modules directory of either the unit or the integration testing factions
contain respective integration or unit test files for Salt execution modules.
Integration Tests
The Integration section of Salt's test suite start up a number of Salt daemons to test functionality in a
live environment. These daemons include two Salt Masters, one Syndic, and two Minions. This allows the
Syndic interface to be tested and Master/Minion communication to be verified. All of the integration
tests are executed as live Salt commands sent through the started daemons.
Integration tests are particularly good at testing modules, states, and shell commands, among other
segments of Salt's ecosystem. By utilizing the integration test daemons, integration tests are easy to
write. They are also SaltStack's generally preferred method of adding new tests.
The discussion in the Integration vs. Unit section of the testing tutorial is beneficial in learning why
you might want to write integration tests vs. unit tests. Both testing arenas add value to Salt's test
suite and you should consider adding both types of tests if possible and appropriate when contributing to
Salt.
• Integration Test Documentation
Unit Tests
Unit tests do not spin up any Salt daemons, but instead find their value in testing singular
implementations of individual functions. Instead of testing against specific interactions, unit tests
should be used to test a function's logic as well as any return or raises statements. Unit tests also
rely heavily on mocking external resources.
The discussion in the Integration vs. Unit section of the testing tutorial is useful in determining when
you should consider writing unit tests instead of, or in addition to, integration tests when contributing
to Salt.
• Unit Test Documentation
Running The Tests
There are requirements, in addition to Salt's requirements, which need to be installed in order to run
the test suite. Install one of the lines below, depending on the relevant Python version:
pip install -r requirements/dev_python27.txt
pip install -r requirements/dev_python34.txt
To be able to run integration tests which utilizes ZeroMQ transport, you also need to install additional
requirements for it. Make sure you have installed the C/C++ compiler and development libraries and header
files needed for your Python version.
This is an example for RedHat-based operating systems:
yum install gcc gcc-c++ python-devel
pip install -r requirements/zeromq.txt
On Debian, Ubuntu or their derivatives run the following commands:
apt-get install build-essential python-dev
pip install -r requirements/zeromq.txt
This will install the latest pycrypto and pyzmq (with bundled libzmq) Python modules required for running
integration tests suite.
Once all requirements are installed, use runtests.py script to run all of the tests included in Salt's
test suite:
python tests/runtests.py
For more information about options you can pass the test runner, see the --help option:
python tests/runtests.py --help
An alternative way of invoking the test suite is available in setup.py:
./setup.py test
Running Test Subsections
Instead of running the entire test suite all at once, which can take a long time, there are several ways
to run only specific groups of tests or individual tests:
• Run unit tests only: python tests/runtests.py --unit-tests
• Run unit and integration tests for states: python tests/runtests.py --state
• Run integration tests for an individual module: python tests/runtests.py -n integration.modules.virt
• Run unit tests for an individual module: python tests/runtests.py -n unit.modules.virt_test
• Run an individual test by using the class and test name (this example is for the
test_default_kvm_profile test in the integration.module.virt): python tests/runtests.py -n
integration.module.virt.VirtTest.test_default_kvm_profile
For more specific examples of how to run various test subsections or individual tests, please see the
Test Selection Options documentation or the Running Specific Tests section of the Salt's Test Suite: An
Introduction tutorial.
Running Unit Tests Without Integration Test Daemons
Since the unit tests do not require a master or minion to execute, it is often useful to be able to run
unit tests individually, or as a whole group, without having to start up the integration testing daemons.
Starting up the master, minion, and syndic daemons takes a lot of time before the tests can even start
running and is unnecessary to run unit tests. To run unit tests without invoking the integration test
daemons, simply run the runtests.py script with --unit argument:
python tests/runtests.py --unit
All of the other options to run individual tests, entire classes of tests, or entire test modules still
apply.
Running Destructive Integration Tests
Salt is used to change the settings and behavior of systems. In order to effectively test Salt's
functionality, some integration tests are written to make actual changes to the underlying system. These
tests are referred to as "destructive tests". Some examples of destructive tests are changes may be
testing the addition of a user or installing packages. By default, destructive tests are disabled and
will be skipped.
Generally, destructive tests should clean up after themselves by attempting to restore the system to its
original state. For instance, if a new user is created during a test, the user should be deleted after
the related test(s) have completed. However, no guarantees are made that test clean-up will complete
successfully. Therefore, running destructive tests should be done with caution.
NOTE:
Running destructive tests will change the underlying system. Use caution when running destructive
tests.
To run tests marked as destructive, set the --run-destructive flag:
python tests/runtests.py --run-destructive
Running Cloud Provider Tests
Salt's testing suite also includes integration tests to assess the successful creation and deletion of
cloud instances using Salt-Cloud for providers supported by Salt-Cloud.
The cloud provider tests are off by default and run on sample configuration files provided in
tests/integration/files/conf/cloud.providers.d/. In order to run the cloud provider tests, valid
credentials, which differ per provider, must be supplied. Each credential item that must be supplied is
indicated by an empty string value and should be edited by the user before running the tests. For
example, DigitalOcean requires a client key and an api key to operate. Therefore, the default cloud
provider configuration file for DigitalOcean looks like this:
digitalocean-config:
driver: digital_ocean
client_key: ''
api_key: ''
location: New York 1
As indicated by the empty string values, the client_key and the api_key must be provided:
digitalocean-config:
driver: digital_ocean
client_key: wFGEwgregeqw3435gDger
api_key: GDE43t43REGTrkilg43934t34qT43t4dgegerGEgg
location: New York 1
NOTE:
When providing credential information in cloud provider configuration files, do not include the single
quotes.
Once all of the valid credentials for the cloud provider have been supplied, the cloud provider tests can
be run by setting the --cloud-provider-tests flag:
./tests/runtests.py --cloud-provider-tests
Running The Tests In A Docker Container
The test suite can be executed under a docker container using the --docked option flag. The docker
container must be properly configured on the system invoking the tests and the container must have access
to the internet.
Here's a simple usage example:
python tests/runtests.py --docked=ubuntu-12.04 -v
The full docker container repository can also be provided:
python tests/runtests.py --docked=salttest/ubuntu-12.04 -v
The SaltStack team is creating some containers which will have the necessary dependencies pre-installed.
Running the test suite on a container allows destructive tests to run without making changes to the main
system. It also enables the test suite to run under a different distribution than the one the main system
is currently using.
The current list of test suite images is on Salt's docker repository.
Custom docker containers can be provided by submitting a pull request against Salt's docker Salt test
containers repository.
Automated Test Runs
SaltStack maintains a Jenkins server to allow for the execution of tests across supported platforms. The
tests executed from Salt's Jenkins server create fresh virtual machines for each test run, then execute
destructive tests on the new, clean virtual machine.
SaltStack's Jenkins server continuously runs the entire test suite, including destructive tests, on an
array of various supported operating systems throughout the day. Each actively supported branch of Salt's
repository runs the tests located in the respective branch's code. Each set of branch tests also includes
a pylint run. These branch tests help ensure the viability of Salt code at any given point in time as
pull requests are merged into branches throughout the day.
In addition to branch tests, SaltStack's Jenkins server also runs tests on pull requests. These pull
request tests include a smaller set of virtual machines that run on the branch tests. The pull request
tests, like the branch tests, include a pylint test as well.
When a pull request is submitted to Salt's repository on GitHub, the suite of pull request tests are
started by Jenkins. These tests are used to gauge the pull request's viability to merge into Salt's
codebase. If these initial tests pass, the pull request can then merged into the Salt branch by one of
Salt's core developers, pending their discretion. If the initial tests fail, core developers may request
changes to the pull request. If the failure is unrelated to the changes in question, core developers may
merge the pull request despite the initial failure.
As soon as the pull request is merged, the changes will be added to the next branch test run on Jenkins.
For a full list of currently running test environments, go to http://jenkins.saltstack.com.
Using Salt-Cloud on Jenkins
For testing Salt on Jenkins, SaltStack uses Salt-Cloud to spin up virtual machines. The script using
Salt-Cloud to accomplish this is open source and can be found here:
https://github.com/saltstack/salt/blob/develop/tests/jenkins.py
Writing Tests
The salt testing infrastructure is divided into two classes of tests, integration tests and unit tests.
These terms may be defined differently in other contexts, but for Salt they are defined this way:
• Unit Test: Tests which validate isolated code blocks and do not require external interfaces such as
salt-call or any of the salt daemons.
• Integration Test: Tests which validate externally accessible features.
Salt testing uses unittest2 from the python standard library and MagicMock.
• Writing integration tests
• Writing unit tests
Naming Conventions
Any function in either integration test files or unit test files that is doing the actual testing, such
as functions containing assertions, must start with test_:
def test_user_present(self):
When functions in test files are not prepended with test_, the function acts as a normal, helper function
and is not run as a test by the test suite.
Submitting New Tests
Which branch of the Salt codebase should new tests be written against? The location of where new tests
should be submitted depends largely on the reason you're writing the tests.
Tests for New Features
If you are adding new functionality to Salt, please write the tests for this new feature in the same pull
request as the new feature. New features should always be submitted to the develop branch.
If you have already submitted the new feature, but did not write tests in the original pull request that
has already been merged, please feel free to submit a new pull request containing tests. If the feature
was recently added to Salt's develop branch, then the tests should be added there as well. However, if
the feature was added to develop some time ago and is already present in one or more release branches,
please refer to the Tests for Entire Files or Functions section below for more details about where to
submit tests for functions or files that do not already have tests.
Tests to Accompany a Bugfix
If you are writing tests for code that fixes a bug in Salt, please write the test in the same pull
request as the bugfix. If you're unsure of where to submit your bugfix and accompanying test, please
review the Which Salt Branch? documentation in Salt's Contributing guide.
Tests for Entire Files or Functions
Sometimes entire files in Salt are completely untested. If you are writing tests for a file that doesn't
have any tests written for it, write your test against the earliest supported release branch that
contains the file or function you're testing.
Once your tests are submitted in a pull request and is merged into the branch in question, the tests you
wrote will be merged-forward by SaltStack core engineers and the new tests will propagate to the newer
release branches. That way the tests you wrote will apply to all current and relevant release branches,
and not just the develop branch, for example. This methodology will help protect against regressions on
older files in Salt's codebase.
There may be times when the tests you write against an older branch fail in the merge-forward process
because functionality has changed in newer release branches. In these cases, a Salt core developer may
reach out to you for advice on the tests in question if the path forward is unclear.
NOTE:
If tests are written against a file in an older release branch and then merged forward, there may be
new functionality in the file that is present in the new release branch that is untested.It would be
wise to see if new functionality could use additional testing once the test file has propagated to
newer release branches.
Test Helpers
Several Salt-specific helpers are available. A full list is available by inspecting functions exported in
tests.support.helpers.
@expensiveTest -- Designates a test which typically requires a relatively costly external resource, like
a cloud virtual machine. This decorator is not normally used by developers outside of the Salt core team.
@destructiveTest -- Marks a test as potentially destructive. It will not be run by the test runner unles
the -run-destructive test is expressly passed.
@requires_network -- Requires a network connection for the test to operate successfully. If a network
connection is not detected, the test will not run.
@requires_salt_modules -- Requires all the modules in a list of modules in order for the test to be
executed. Otherwise, the test is skipped.
@requires_system_grains -- Loads and passes the grains on the system as an keyword argument to the test
function with the name grains.
@skip_if_binaries_missing(['list', 'of', 'binaries']) -- If called from inside a test, the test will be
skipped if the binaries are not all present on the system.
@skip_if_not_root -- If the test is not executed as root, it will be skipped.
@with_system_user -- Creates and optionally destroys a system user within a test case. See
implementation details in tests.support.helpers for details.
@with_system_group -- Creates and optionally destroys a system group within a test case. See
implementation details in tests.support.helpers for details.
@with_system_user_and_group -- Creates and optionally destroys a system user and group within a test
case. See implementation details in tests.support.helpers for details.
raet
# RAET # Reliable Asynchronous Event Transport Protocol
SEE ALSO:
RAET Overview
Protocol
Layering:
OSI Layers
7: Application: Format: Data (Stack to Application interface buffering etc) 6: Presentation: Format: Data
(Encrypt-Decrypt convert to machine independent format) 5: Session: Format: Data (Interhost
communications. Authentication. Groups) 4: Transport: Format: Segments (Reliable delivery of Message,
Transactions, Segmentation, Error checking) 3: Network: Format: Packets/Datagrams (Addressing Routing) 2:
Link: Format: Frames ( Reliable per frame communications connection, Media access controller ) 1:
Physical: Bits (Transceiver communication connection not reliable)
Link is hidden from Raet Network is IP host address and Udp Port Transport is Raet transactions, service
kind, tail error checking, Could include header signing as part of transport reliable delivery
serialization of header Session is session id key exchange for signing. Grouping is Road (like 852
channel) Presentation is Encrypt Decrypt body Serialize Deserialize Body Application is body data
dictionary
Header signing spans both the Transport and Session layers.
Header
JSON Header (Tradeoff some processing speed for extensibility, ease of use, readability)
Body initially JSON but support for "packed" binary body
Packet
Header ASCII Safe JSON Header termination: Empty line given by double pair of carriage return linefeed
/r/n/r/n 10 13 10 13 ADAD 1010 1101 1010 1101
In json carriage return and newline characters cannot appear in a json encoded string unless they are
escaped with backslash, so the 4 byte combination is illegal in valid json that does not have multi-byte
unicode characters.
These means the header must be ascii safe so no multibyte utf-8 strings allowed in header.
Following Header Terminator is variable length signature block. This is binary and the length is provided
in the header.
Following the signature block is the packet body or data. This may either be JSON or packed binary. The
format is given in the json header
Finally is an optional tail block for error checking or encryption details
Header Fields
In UDP header
sh = source host sp = source port dh = destination host dp = destination port
In RAET Header
hk = header kind hl = header length
vn = version number
sd = Source Device ID dd = Destination Device ID cf = Corresponder Flag mf = Multicast Flag
si = Session ID ti = Transaction ID
sk = Service Kind pk = Packet Kind bf = Burst Flag (Send all Segments or Ordered packets without
interleaved acks)
oi = Order Index dt = DateTime Stamp
sn = Segment Number sc = Segment Count
pf = Pending Segment Flag af = All Flag (Resent all Segments not just one)
nk = Auth header kind nl = Auth header length
bk = body kind bl = body length
tk = tail kind tl = tail length
fg = flags packed (Flags) Default '00' hex string
2 byte Hex string with bits (0, 0, af, pf, 0, bf, mf, cf) Zeros are TBD flags
Session Bootstrap
Minion sends packet with SID of Zero with public key of minions Public Private Key pair Master acks
packet with SID of Zero to let minion know it received the request
Some time later Master sends packet with SID of zero that accepts the Minion
Minion
Session
Session is important for security. Want one session opened and then multiple transactions within session.
Session ID SID sid
GUID hash to guarantee uniqueness since no guarantee of nonvolatile storage or require file storage to
keep last session ID used.
Service Types or Modular Services
Four Service Types
A. One or more maybe (unacknowledged repeat) maybe means no guarantee
B.
Exactly one at most (ack with retries) (duplicate detection idempotent)
at most means fixed number of retries has finite probability of failing B1) finite retries B2)
infinite retries with exponential back-off up to a maximum delay
C.
Exactly one of sequence at most (sequence numbered)
Receiver requests retry of missing packet with same B1 or B2 retry type
D.
End to End (Application layer Request Response)
This is two B sub transactions
Initially unicast messaging Eventually support for Multicast
The use case for C) is to fragment large packets as once a UDP packet exceeds the frame size its
reliability goes way down So its more reliable to fragment large packets.
Better approach might be to have more modularity. Services Levels
1.
Maybe one or more
A.
Fire and forget
no transaction either side
B.
Repeat, no ack, no dupdet
repeat counter send side, no transaction on receive side
C.
Repeat, no Ack, dupdet
repeat counter send side, dup detection transaction receive side
2.
More or Less Once
A.
retry finite, ack no dupdet
retry timer send side, finite number of retires ack receive side no dupdet
3.
At most Once
A.
retry finite, ack, dupdet
retry timer send side, finite number of retires ack receive side dupdet
4.
Exactly once
A.
ack retry
retry timer send side, ack and duplicate detection receive side Infinite retries
with exponential backoff
5.
Sequential sequence number
A. reorder escrow
B. Segmented packets
6. request response to application layer
Service Features
1. repeats
2. ack retry transaction id
3. sequence number duplicate detection out of order detection sequencing
4. rep-req
Always include transaction id since multiple transactions on same port So get duplicate detection for
free if keep transaction alive but if use
A) Maybe one or more B1) At Least One B2) Exactly One C) One of sequence D) End to End
A) Sender creates transaction id for number of repeats but receiver does not keep transaction alive
B1) Sender creates transaction id keeps it for retries. Receiver keeps it to send ack then kills so
retry could be duplicate not detected
B2) Sender creates transaction id keeps for retries Receiver keeps tid for acks on any retires so no
duplicates.
C) Sender creates TID and Sequence Number. Receiver checks for out of order sequence and can request
retry.
D) Application layer sends response. So question is do we keep transaction open or have response be new
transaction. No because then we need a rep-req ID so might as well use the same transaction id. Just keep
alive until get response.
Little advantage to B1 vs B2 not having duplicates.
So 4 service types
A. Maybe one or more (unacknowledged repeat)
B. Exactly One (At most one) (ack with retry) (duplicate detection idempotent)
C. One of Sequence (sequence numbered)
D. End to End
Also multicast or unicast
Modular Transaction Table
Sender Side:
Transaction ID plus transaction source sender or receiver generated transaction id Repeat Counter
Retry Timer Retry Counter (finite retries) Redo Timer (infinite redos with exponential backoff)
Sequence number without acks (look for resend requests) Sequence with ack (wait for ack before
sending next in sequence) Segmentation
Receiver Side:
Nothing just accept packet Acknowledge (can delete transaction after acknowledge) No duplicate
detection Transaction timeout (keep transaction until timeout) Duplicate detection save
transaction id duplicate detection timeout Request resend of missing packet in sequence Sequence
reordering with escrow timeout wait escrow before requesting resend Unsegmentation (request
resends of missing segment)
SaltStack Git Policy
The SaltStack team follows a git policy to maintain stability and consistency with the repository.
The git policy has been developed to encourage contributions and make contributing to Salt as easy as
possible. Code contributors to SaltStack projects DO NOT NEED TO READ THIS DOCUMENT, because all
contributions come into SaltStack via a single gateway to make it as easy as possible for contributors to
give us code.
The primary rule of git management in SaltStack is to make life easy on contributors and developers to
send in code. Simplicity is always a goal!
New Code Entry
All new SaltStack code should be submitted against either the develop branch or a point release branch,
depending on the nature of the submission. Please see the Which Salt Branch? section of Salt's
Contributing documentation or the Release Branching section below for more information.
Release Branching
SaltStack maintains two types of releases, Feature Releases and Point Releases (also commonly referred to
as Bugfix Releases. A feature release is managed by incrementing the first or second release point
number, so 2015.5.5 -> 2015.8.0 signifies a feature release and 2015.8.0 -> 2015.8.1 signifies a point
release.
Feature Release Branching
Each feature release is maintained in a dedicated git branch derived from the last applicable release
commit on develop. All file changes relevant to the feature release will be completed in the develop
branch prior to the creation of the feature release branch. The feature release branch will be named
after the relevant numbers to the feature release, which constitute the first two numbers. This means
that the release branch for the 2015.8.0 series is named 2015.8.
A feature release branch is created with the following command:
# git checkout -b 2015.8 # From the develop branch
# git push origin 2015.8
Point Releases
Each point release is derived from its parent release branch. Constructing point releases is a critical
aspect of Salt development and is managed by members of the core development team. Point releases
comprise bug and security fixes. Bug fixes can be made against a point release branch in one of two ways:
the bug fix can be submitted directly against the point release branch, or an attempt can be made to
back-port the fix to the point release branch.
Bug fixes should be made against the earliest supported release branch on which the bug is present. The
Salt development team regularly merges older point release branches forward into newer point release
branches. That way, the bug fixes that are submitted to older release branches can cascade up through all
related release branches.
For more information, please see the Which Salt Branch? section of Salt's Contributing documentation.
Determining when a point release is going to be made is up to the project leader (Thomas Hatch).
Generally point releases are made every 2-4 weeks or if there is a security fix they can be made sooner.
The point release is only designated by tagging the commit on the release branch with a release number
using the existing convention (version 2015.8.1 is tagged with v2015.8.1). From the tag point a new
source tarball is generated and published to PyPI, and a release announcement is made.
Salt Conventions
Writing Salt Documentation
Salt's documentation is built using the Sphinx documentation system. It can be built in a large variety
of output formats including HTML, PDF, ePub, and manpage.
All the documentation is contained in the main Salt repository. Speaking broadly, most of the narrative
documentation is contained within the https://github.com/saltstack/salt/blob/develop/doc subdirectory and
most of the reference and API documentation is written inline with Salt's Python code and extracted using
a Sphinx extension.
Style
The Salt project recommends the IEEE style guide as a general reference for writing guidelines. Those
guidelines are not strictly enforced but rather serve as an excellent resource for technical writing
questions. The NCBI style guide is another very approachable resource.
Point-of-view
Use third-person perspective and avoid "I", "we", "you" forms of address. Identify the addressee
specifically e.g., "users should", "the compiler does", etc.
Active voice
Use active voice and present-tense. Avoid filler words.
Title capitalization
Document titles and section titles within a page should follow normal sentence capitalization rules.
Words that are capitalized as part of a regular sentence should be capitalized in a title and otherwise
left as lowercase. Punctuation can be omitted unless it aids the intent of the title (e.g., exclamation
points or question marks).
For example:
This is a main heading
======================
Paragraph.
This is an exciting sub-heading!
--------------------------------
Paragraph.
Serial Commas
According to Wikipedia: In English punctuation, a serial comma or series comma (also called Oxford comma
and Harvard comma) is a comma placed immediately before the coordinating conjunction (usually "and",
"or", or "nor") in a series of three or more terms. For example, a list of three countries might be
punctuated either as "France, Italy, and Spain" (with the serial comma), or as "France, Italy and Spain"
(without the serial comma)."
When writing a list that includes three or more items, the serial comma should always be used.
Documenting modules
Documentation for Salt's various module types is inline in the code. During the documentation build
process it is extracted and formatted into the final HTML, PDF, etc format.
Inline documentation
Python has special multi-line strings called docstrings as the first element in a function or class.
These strings allow documentation to live alongside the code and can contain special formatting. For
example:
def my_function(value):
'''
Upper-case the given value
Usage:
.. code-block:: python
val = 'a string'
new_val = myfunction(val)
print(new_val) # 'A STRING'
:param value: a string
:return: a copy of ``value`` that has been upper-cased
'''
return value.upper()
Specify a release for additions or changes
New functions or changes to existing functions should include a marker that denotes what Salt release
will be affected. For example:
def my_function(value):
'''
Upper-case the given value
.. versionadded:: 2014.7.0
<...snip...>
'''
return value.upper()
For changes to a function:
def my_function(value, strip=False):
'''
Upper-case the given value
.. versionchanged:: 2016.3.0
Added a flag to also strip whitespace from the string.
<...snip...>
'''
if strip:
return value.upper().strip()
return value.upper()
Adding module documentation to the index
Each module type has an index listing all modules of that type. For example: all-salt.modules,
all-salt.states, all-salt.renderers. New modules must be added to the index manually.
1. Edit the file for the module type: execution modules, state modules, renderer modules, etc.
2. Add the new module to the alphebetized list.
3. Build the documentation which will generate an .rst file for the new module in the same directory as
the index.rst.
4. Commit the changes to index.rst and the new .rst file and send a pull request.
Cross-references
The Sphinx documentation system contains a wide variety of cross-referencing capabilities.
Glossary entries
Link to glossary entries using the term role. A cross-reference should be added the first time a
Salt-specific term is used in a document.
A common way to encapsulate master-side functionality is by writing a
custom :term:`Runner Function`. Custom Runner Functions are easy to write.
Index entries
Sphinx automatically generates many kinds of index entries, but it is occasionally useful to manually add
items to the index.
One method is to use the index directive above the document or section that should appear in the index.
.. index:: ! Event, event bus, event system
see: Reactor; Event
Another method is to use the index role inline with the text that should appear in the index. The index
entry is created and the target text is left otherwise intact.
Information about the :index:`Salt Reactor`
-------------------------------------------
Paragraph.
Documents and sections
Each document should contain a unique top-level label of the form:
.. _my-page:
My page
=======
Paragraph.
Unique labels can be linked using the ref role. This allows cross-references to survive document renames
or movement.
For more information see :ref:`my-page`.
Note, the :doc: role should not be used to link documents together.
Modules
Cross-references to Salt modules can be added using Sphinx's Python domain roles. For example, to create
a link to the test.ping function:
A useful execution module to test active communication with a minion is the
:py:func:`test.ping <salt.modules.test.ping>` function.
Salt modules can be referenced as well:
The :py:mod:`test module <salt.modules.test>` contains many useful
functions for inspecting an active Salt connection.
The same syntax works for all modules types:
One of the workhorse state module functions in Salt is the
:py:func:`file.managed <salt.states.file.managed>` function.
Settings
Individual settings in the Salt Master or Salt Minion configuration files are cross-referenced using two
custom roles, conf_master, and conf_minion.
The :conf_minion:`minion ID <id>` setting is a unique identifier for a
single minion.
Documentation Changes and Fixes
Documentation changes and fixes should be made against the earliest supported release branch that the
update applies to. The practice of updating a release branch instead of making all documentation changes
against Salt's main, default branch, develop, is necessary in order for the docs to be as up-to-date as
possible when the docs are built.
The workflow mentioned above is also in line with the recommendations outlined in Salt's contributing
page. You can read more about how to choose where to submit documentation fixes by reading the
which-salt-branch section.
For an explanation of how to submit changes against various branches, see the github-pull-request
section. Specifically, see the section describing how to Create a new branch and the steps that follow.
Building the documentation
1. Install Sphinx using a system package manager or pip. The package name is often of the form
python-sphinx. There are no other dependencies.
2. Build the documentation using the provided Makefile or .bat file on Windows.
cd /path/to/salt/doc
make html
3. The generated documentation will be written to the doc/_build/<format> directory.
4. A useful method of viewing the HTML documentation locally is to start Python's built-in HTTP server:
cd /path/to/salt/doc/_build/html
python -m SimpleHTTPServer
Then pull up the documentation in a web browser at http://localhost:8000/.
Salt Formulas
Formulas are pre-written Salt States. They are as open-ended as Salt States themselves and can be used
for tasks such as installing a package, configuring, and starting a service, setting up users or
permissions, and many other common tasks.
All official Salt Formulas are found as separate Git repositories in the "saltstack-formulas"
organization on GitHub:
https://github.com/saltstack-formulas
As a simple example, to install the popular Apache web server (using the normal defaults for the
underlying distro) simply include the apache-formula from a top file:
base:
'web*':
- apache
Installation
Each Salt Formula is an individual Git repository designed as a drop-in addition to an existing Salt
State tree. Formulas can be installed in the following ways.
Adding a Formula as a GitFS remote
One design goal of Salt's GitFS fileserver backend was to facilitate reusable States. GitFS is a quick
and natural way to use Formulas.
1. Install and configure GitFS.
2. Add one or more Formula repository URLs as remotes in the gitfs_remotes list in the Salt Master
configuration file:
gitfs_remotes:
- https://github.com/saltstack-formulas/apache-formula
- https://github.com/saltstack-formulas/memcached-formula
We strongly recommend forking a formula repository into your own GitHub account to avoid unexpected
changes to your infrastructure.
Many Salt Formulas are highly active repositories so pull new changes with care. Plus any additions
you make to your fork can be easily sent back upstream with a quick pull request!
3. Restart the Salt master.
Adding a Formula directory manually
Formulas are simply directories that can be copied onto the local file system by using Git to clone the
repository or by downloading and expanding a tarball or zip file of the repository. The directory
structure is designed to work with file_roots in the Salt master configuration.
1. Clone or download the repository into a directory:
mkdir -p /srv/formulas
cd /srv/formulas
git clone https://github.com/saltstack-formulas/apache-formula.git
# or
mkdir -p /srv/formulas
cd /srv/formulas
wget https://github.com/saltstack-formulas/apache-formula/archive/master.tar.gz
tar xf apache-formula-master.tar.gz
2. Add the new directory to file_roots:
file_roots:
base:
- /srv/salt
- /srv/formulas/apache-formula
3. Restart the Salt Master.
Usage
Each Formula is intended to be immediately usable with sane defaults without any additional
configuration. Many formulas are also configurable by including data in Pillar; see the pillar.example
file in each Formula repository for available options.
Including a Formula in an existing State tree
Formula may be included in an existing sls file. This is often useful when a state you are writing needs
to require or extend a state defined in the formula.
Here is an example of a state that uses the epel-formula in a require declaration which directs Salt to
not install the python26 package until after the EPEL repository has also been installed:
include:
- epel
python26:
pkg.installed:
- require:
- pkg: epel
Including a Formula from a Top File
Some Formula perform completely standalone installations that are not referenced from other state files.
It is usually cleanest to include these Formula directly from a Top File.
For example the easiest way to set up an OpenStack deployment on a single machine is to include the
openstack-standalone-formula directly from a top.sls file:
base:
'myopenstackmaster':
- openstack
Quickly deploying OpenStack across several dedicated machines could also be done directly from a Top File
and may look something like this:
base:
'controller':
- openstack.horizon
- openstack.keystone
'hyper-*':
- openstack.nova
- openstack.glance
'storage-*':
- openstack.swift
Configuring Formula using Pillar
Salt Formulas are designed to work out of the box with no additional configuration. However, many Formula
support additional configuration and customization through Pillar. Examples of available options can be
found in a file named pillar.example in the root directory of each Formula repository.
Using Formula with your own states
Remember that Formula are regular Salt States and can be used with all Salt's normal state mechanisms.
Formula can be required from other States with requisites-require declarations, they can be modified
using extend, they can made to watch other states with requisites-watch-in.
The following example uses the stock apache-formula alongside a custom state to create a vhost on a
Debian/Ubuntu system and to reload the Apache service whenever the vhost is changed.
# Include the stock, upstream apache formula.
include:
- apache
# Use the watch_in requisite to cause the apache service state to reload
# apache whenever the my-example-com-vhost state changes.
my-example-com-vhost:
file:
- managed
- name: /etc/apache2/sites-available/my-example-com
- watch_in:
- service: apache
Don't be shy to read through the source for each Formula!
Reporting problems & making additions
Each Formula is a separate repository on GitHub. If you encounter a bug with a Formula please file an
issue in the respective repository! Send fixes and additions as a pull request. Add tips and tricks to
the repository wiki.
Writing Formulas
Each Formula is a separate repository in the saltstack-formulas organization on GitHub.
NOTE:
Get involved creating new Formulas
The best way to create new Formula repositories for now is to create a repository in your own account
on GitHub and notify a SaltStack employee when it is ready. We will add you to the contributors team
on the saltstack-formulas organization and help you transfer the repository over. Ping a SaltStack
employee on IRC (#salt on Freenode) or send an email to the salt-users mailing list.
There are a lot of repositories in that organization! Team members can manage which repositories they
are subscribed to on GitHub's watching page: https://github.com/watching.
Style
Maintainability, readability, and reusability are all marks of a good Salt sls file. This section
contains several suggestions and examples.
# Deploy the stable master branch unless version overridden by passing
# Pillar at the CLI or via the Reactor.
deploy_myapp:
git.latest:
- name: git@github.com/myco/myapp.git
- version: {{ salt.pillar.get('myapp:version', 'master') }}
Use a descriptive State ID
The ID of a state is used as a unique identifier that may be referenced via other states in requisites.
It must be unique across the whole state tree (it is a key in a dictionary, after all).
In addition a state ID should be descriptive and serve as a high-level hint of what it will do, or
manage, or change. For example, deploy_webapp, or apache, or reload_firewall.
Use module.function notation
So-called "short-declaration" notation is preferred for referencing state modules and state functions. It
provides a consistent pattern of module.function shared between Salt States, the Reactor, Salt Mine, the
Scheduler, as well as with the CLI.
# Do
apache:
pkg.installed:
- name: httpd
# Don't
apache:
pkg:
- installed
- name: httpd
Salt's state compiler will transform "short-decs" into the longer format when compiling the
human-friendly highstate structure into the machine-friendly lowstate structure.
Specify the name parameter
Use a unique and permanent identifier for the state ID and reserve name for data with variability.
The name declaration is a required parameter for all state functions. The state ID will implicitly be
used as name if it is not explicitly set in the state.
In many state functions the name parameter is used for data that varies such as OS-specific package
names, OS-specific file system paths, repository addresses, etc. Any time the ID of a state changes all
references to that ID must also be changed. Use a permanent ID when writing a state the first time to
future-proof that state and allow for easier refactors down the road.
Comment state files
YAML allows comments at varying indentation levels. It is a good practice to comment state files. Use
vertical whitespace to visually separate different concepts or actions.
# Start with a high-level description of the current sls file.
# Explain the scope of what it will do or manage.
# Comment individual states as necessary.
update_a_config_file:
# Provide details on why an unusual choice was made. For example:
#
# This template is fetched from a third-party and does not fit our
# company norm of using Jinja. This must be processed using Mako.
file.managed:
- name: /path/to/file.cfg
- source: salt://path/to/file.cfg.template
- template: mako
# Provide a description or explanation that did not fit within the state
# ID. For example:
#
# Update the application's last-deployed timestamp.
# This is a workaround until Bob configures Jenkins to automate RPM
# builds of the app.
cmd.run:
# FIXME: Joe needs this to run on Windows by next quarter. Switch these
# from shell commands to Salt's file.managed and file.replace state
# modules.
- name: |
touch /path/to/file_last_updated
sed -e 's/foo/bar/g' /path/to/file_environment
- onchanges:
- file: a_config_file
Be careful to use Jinja comments for commenting Jinja code and YAML comments for commenting YAML code.
# BAD EXAMPLE
# The Jinja in this YAML comment is still executed!
# {% set apache_is_installed = 'apache' in salt.pkg.list_pkgs() %}
# GOOD EXAMPLE
# The Jinja in this Jinja comment will not be executed.
{# {% set apache_is_installed = 'apache' in salt.pkg.list_pkgs() %} #}
Easy on the Jinja!
Jinja templating provides vast flexibility and power when building Salt sls files. It can also create an
unmaintainable tangle of logic and data. Speaking broadly, Jinja is best used when kept apart from the
states (as much as is possible).
Below are guidelines and examples of how Jinja can be used effectively.
Know the evaluation and execution order
High-level knowledge of how Salt states are compiled and run is useful when writing states.
The default renderer setting in Salt is Jinja piped to YAML. Each is a separate step. Each step is not
aware of the previous or following step. Jinja is not YAML aware, YAML is not Jinja aware; they cannot
share variables or interact.
• Whatever the Jinja step produces must be valid YAML.
• Whatever the YAML step produces must be a valid highstate data structure. (This is also true of the
final step for any of the alternate renderers in Salt.)
• Highstate can be thought of as a human-friendly data structure; easy to write and easy to read.
• Salt's state compiler validates the highstate and compiles it to low state.
• Low state can be thought of as a machine-friendly data structure. It is a list of dictionaries that
each map directly to a function call.
• Salt's state system finally starts and executes on each "chunk" in the low state. Remember that
requisites are evaluated at runtime.
• The return for each function call is added to the "running" dictionary which is the final output at the
end of the state run.
The full evaluation and execution order:
Jinja -> YAML -> Highstate -> low state -> execution
Avoid changing the underlying system with Jinja
Avoid calling commands from Jinja that change the underlying system. Commands run via Jinja do not
respect Salt's dry-run mode (test=True)! This is usually in conflict with the idempotent nature of Salt
states unless the command being run is also idempotent.
Inspect the local system
A common use for Jinja in Salt states is to gather information about the underlying system. The grains
dictionary available in the Jinja context is a great example of common data points that Salt itself has
already gathered. Less common values are often found by running commands. For example:
{% set is_selinux_enabled = salt.cmd.run('sestatus') == '1' %}
This is usually best done with a variable assignment in order to separate the data from the state that
will make use of the data.
Gather external data
One of the most common uses for Jinja is to pull external data into the state file. External data can
come from anywhere like API calls or database queries, but it most commonly comes from flat files on the
file system or Pillar data from the Salt Master. For example:
{% set some_data = salt.pillar.get('some_data', {'sane default': True}) %}
{# or #}
{% import_yaml 'path/to/file.yaml' as some_data %}
{# or #}
{% import_json 'path/to/file.json' as some_data %}
{# or #}
{% import_text 'path/to/ssh_key.pub' as ssh_pub_key %}
{# or #}
{% from 'path/to/other_file.jinja' import some_data with context %}
This is usually best done with a variable assignment in order to separate the data from the state that
will make use of the data.
Light conditionals and looping
Jinja is extremely powerful for programmatically generating Salt states. It is also easy to overuse. As a
rule of thumb, if it is hard to read it will be hard to maintain!
Separate Jinja control-flow statements from the states as much as is possible to create readable states.
Limit Jinja within states to simple variable lookups.
Below is a simple example of a readable loop:
{% for user in salt.pillar.get('list_of_users', []) %}
{# Ensure unique state IDs when looping. #}
{{ user.name }}-{{ loop.index }}:
user.present:
- name: {{ user.name }}
- shell: {{ user.shell }}
{% endfor %}
Avoid putting a Jinja conditionals within Salt states where possible. Readability suffers and the
correct YAML indentation is difficult to see in the surrounding visual noise. Parametrization (discussed
below) and variables are both useful techniques to avoid this. For example:
{# ---- Bad example ---- #}
apache:
pkg.installed:
{% if grains.os_family == 'RedHat' %}
- name: httpd
{% elif grains.os_family == 'Debian' %}
- name: apache2
{% endif %}
{# ---- Better example ---- #}
{% if grains.os_family == 'RedHat' %}
{% set name = 'httpd' %}
{% elif grains.os_family == 'Debian' %}
{% set name = 'apache2' %}
{% endif %}
apache:
pkg.installed:
- name: {{ name }}
{# ---- Good example ---- #}
{% set name = {
'RedHat': 'httpd',
'Debian': 'apache2',
}.get(grains.os_family) %}
apache:
pkg.installed:
- name: {{ name }}
Dictionaries are useful to effectively "namespace" a collection of variables. This is useful with
parametrization (discussed below). Dictionaries are also easily combined and merged. And they can be
directly serialized into YAML which is often easier than trying to create valid YAML through templating.
For example:
{# ---- Bad example ---- #}
haproxy_conf:
file.managed:
- name: /etc/haproxy/haproxy.cfg
- template: jinja
{% if 'external_loadbalancer' in grains.roles %}
- source: salt://haproxy/external_haproxy.cfg
{% elif 'internal_loadbalancer' in grains.roles %}
- source: salt://haproxy/internal_haproxy.cfg
{% endif %}
- context:
{% if 'external_loadbalancer' in grains.roles %}
ssl_termination: True
{% elif 'internal_loadbalancer' in grains.roles %}
ssl_termination: False
{% endif %}
{# ---- Better example ---- #}
{% load_yaml as haproxy_defaults %}
common_settings:
bind_port: 80
internal_loadbalancer:
source: salt://haproxy/internal_haproxy.cfg
settings:
bind_port: 8080
ssl_termination: False
external_loadbalancer:
source: salt://haproxy/external_haproxy.cfg
settings:
ssl_termination: True
{% endload %}
{% if 'external_loadbalancer' in grains.roles %}
{% set haproxy = haproxy_defaults['external_loadbalancer'] %}
{% elif 'internal_loadbalancer' in grains.roles %}
{% set haproxy = haproxy_defaults['internal_loadbalancer'] %}
{% endif %}
{% do haproxy.settings.update(haproxy_defaults.common_settings) %}
haproxy_conf:
file.managed:
- name: /etc/haproxy/haproxy.cfg
- template: jinja
- source: {{ haproxy.source }}
- context: {{ haproxy.settings | yaml() }}
There is still room for improvement in the above example. For example, extracting into an external file
or replacing the if-elif conditional with a function call to filter the correct data more succinctly.
However, the state itself is simple and legible, the data is separate and also simple and legible. And
those suggested improvements can be made at some future date without altering the state at all!
Avoid heavy logic and programming
Jinja is not Python. It was made by Python programmers and shares many semantics and some syntax but it
does not allow for abitrary Python function calls or Python imports. Jinja is a fast and efficient
templating language but the syntax can be verbose and visually noisy.
Once Jinja use within an sls file becomes slightly complicated -- long chains of if-elif-elif-else
statements, nested conditionals, complicated dictionary merges, wanting to use sets -- instead consider
using a different Salt renderer, such as the Python renderer. As a rule of thumb, if it is hard to read
it will be hard to maintain -- switch to a format that is easier to read.
Using alternate renderers is very simple to do using Salt's "she-bang" syntax at the top of the file. The
Python renderer must simply return the correct highstate data structure. The following example is a state
tree of two sls files, one simple and one complicated.
/srv/salt/top.sls:
base:
'*':
- common_configuration
- roles_configuration
/srv/salt/common_configuration.sls:
common_users:
user.present:
- names: [larry, curly, moe]
/srv/salt/roles_configuration:
#!py
def run():
list_of_roles = set()
# This example has the minion id in the form 'web-03-dev'.
# Easily access the grains dictionary:
try:
app, instance_number, environment = __grains__['id'].split('-')
instance_number = int(instance_number)
except ValueError:
app, instance_number, environment = ['Unknown', 0, 'dev']
list_of_roles.add(app)
if app == 'web' and environment == 'dev':
list_of_roles.add('primary')
list_of_roles.add('secondary')
elif app == 'web' and environment == 'staging':
if instance_number == 0:
list_of_roles.add('primary')
else:
list_of_roles.add('secondary')
# Easily cross-call Salt execution modules:
if __salt__['myutils.query_valid_ec2_instance']():
list_of_roles.add('is_ec2_instance')
return {
'set_roles_grains': {
'grains.present': [
{'name': 'roles'},
{'value': list(list_of_roles)},
],
},
}
Jinja Macros
In Salt sls files Jinja macros are useful for one thing and one thing only: creating mini templates that
can be reused and rendered on demand. Do not fall into the trap of thinking of macros as functions; Jinja
is not Python (see above).
Macros are useful for creating reusable, parameterized states. For example:
{% macro user_state(state_id, user_name, shell='/bin/bash', groups=[]) %}
{{ state_id }}:
user.present:
- name: {{ user_name }}
- shell: {{ shell }}
- groups: {{ groups | json() }}
{% endmacro %}
{% for user_info in salt.pillar.get('my_users', []) %}
{{ user_state('user_number_' ~ loop.index, **user_info) }}
{% endfor %}
Macros are also useful for creating one-off "serializers" that can accept a data structure and write that
out as a domain-specific configuration file. For example, the following macro could be used to write a
php.ini config file:
/srv/salt/php.sls:
php_ini:
file.managed:
- name: /etc/php.ini
- source: salt://php.ini.tmpl
- template: jinja
- context:
php_ini_settings: {{ salt.pillar.get('php_ini', {}) | json() }}
/srv/pillar/php.sls:
php_ini:
PHP:
engine: 'On'
short_open_tag: 'Off'
error_reporting: 'E_ALL & ~E_DEPRECATED & ~E_STRICT'
/srv/salt/php.ini.tmpl:
{% macro php_ini_serializer(data) %}
{% for section_name, name_val_pairs in data.items() %}
[{{ section_name }}]
{% for name, val in name_val_pairs.items() -%}
{{ name }} = "{{ val }}"
{% endfor %}
{% endfor %}
{% endmacro %}
; File managed by Salt at <{{ source }}>.
; Your changes will be overwritten.
{{ php_ini_serializer(php_ini_settings) }}
Abstracting static defaults into a lookup table
Separate data that a state uses from the state itself to increases the flexibility and reusability of a
state.
An obvious and common example of this is platform-specific package names and file system paths. Another
example is sane defaults for an application, or common settings within a company or organization.
Organizing such data as a dictionary (aka hash map, lookup table, associative array) often provides a
lightweight namespacing and allows for quick and easy lookups. In addition, using a dictionary allows for
easily merging and overriding static values within a lookup table with dynamic values fetched from
Pillar.
A strong convention in Salt Formulas is to place platform-specific data, such as package names and file
system paths, into a file named map.jinja that is placed alongside the state files.
The following is an example from the MySQL Formula. The grains.filter_by function performs a lookup on
that table using the os_family grain (by default).
The result is that the mysql variable is assigned to a subset of the lookup table for the current
platform. This allows states to reference, for example, the name of a package without worrying about the
underlying OS. The syntax for referencing a value is a normal dictionary lookup in Jinja, such as {{
mysql['service'] }} or the shorthand {{ mysql.service }}.
map.jinja:
{% set mysql = salt['grains.filter_by']({
'Debian': {
'server': 'mysql-server',
'client': 'mysql-client',
'service': 'mysql',
'config': '/etc/mysql/my.cnf',
'python': 'python-mysqldb',
},
'RedHat': {
'server': 'mysql-server',
'client': 'mysql',
'service': 'mysqld',
'config': '/etc/my.cnf',
'python': 'MySQL-python',
},
'Gentoo': {
'server': 'dev-db/mysql',
'client': 'dev-db/mysql',
'service': 'mysql',
'config': '/etc/mysql/my.cnf',
'python': 'dev-python/mysql-python',
},
}, merge=salt['pillar.get']('mysql:lookup')) %}
Values defined in the map file can be fetched for the current platform in any state file using the
following syntax:
{% from "mysql/map.jinja" import mysql with context %}
mysql-server:
pkg.installed:
- name: {{ mysql.server }}
service.running:
- name: {{ mysql.service }}
Organizing Pillar data
It is considered a best practice to make formulas expect all formula-related parameters to be placed
under second-level lookup key, within a main namespace designated for holding data for particular
service/software/etc, managed by the formula:
mysql:
lookup:
version: 5.7.11
Collecting common values
Common values can be collected into a base dictionary. This minimizes repetition of identical values in
each of the lookup_dict sub-dictionaries. Now only the values that are different from the base must be
specified by the alternates:
map.jinja:
{% set mysql = salt['grains.filter_by']({
'default': {
'server': 'mysql-server',
'client': 'mysql-client',
'service': 'mysql',
'config': '/etc/mysql/my.cnf',
'python': 'python-mysqldb',
},
'Debian': {
},
'RedHat': {
'client': 'mysql',
'service': 'mysqld',
'config': '/etc/my.cnf',
'python': 'MySQL-python',
},
'Gentoo': {
'server': 'dev-db/mysql',
'client': 'dev-db/mysql',
'python': 'dev-python/mysql-python',
},
},
merge=salt['pillar.get']('mysql:lookup'), base='default') %}
Overriding values in the lookup table
Allow static values within lookup tables to be overridden. This is a simple pattern which once again
increases flexibility and reusability for state files.
The merge argument in filter_by specifies the location of a dictionary in Pillar that can be used to
override values returned from the lookup table. If the value exists in Pillar it will take precedence.
This is useful when software or configuration files is installed to non-standard locations or on
unsupported platforms. For example, the following Pillar would replace the config value from the call
above.
mysql:
lookup:
config: /usr/local/etc/mysql/my.cnf
NOTE:
Protecting Expansion of Content with Special Characters
When templating keep in mind that YAML does have special characters for quoting, flows, and other
special structure and content. When a Jinja substitution may have special characters that will be
incorrectly parsed by YAML care must be taken. It is a good policy to use the yaml_encode or the
yaml_dquote Jinja filters:
{%- set foo = 7.7 %}
{%- set bar = none %}
{%- set baz = true %}
{%- set zap = 'The word of the day is "salty".' %}
{%- set zip = '"The quick brown fox . . ."' %}
foo: {{ foo|yaml_encode }}
bar: {{ bar|yaml_encode }}
baz: {{ baz|yaml_encode }}
zap: {{ zap|yaml_encode }}
zip: {{ zip|yaml_dquote }}
The above will be rendered as below:
foo: 7.7
bar: null
baz: true
zap: "The word of the day is \"salty\"."
zip: "\"The quick brown fox . . .\""
The filter_by function performs a simple dictionary lookup but also allows for fetching data from Pillar
and overriding data stored in the lookup table. That same workflow can be easily performed without using
filter_by; other dictionaries besides data from Pillar can also be used.
{% set lookup_table = {...} %}
{% do lookup_table.update(salt.pillar.get('my:custom:data')) %}
When to use lookup tables
The map.jinja file is only a convention within Salt Formulas. This greater pattern is useful for a wide
variety of data in a wide variety of workflows. This pattern is not limited to pulling data from a
single file or data source. This pattern is useful in States, Pillar and the Reactor, for example.
Working with a data structure instead of, say, a config file allows the data to be cobbled together from
multiple sources (local files, remote Pillar, database queries, etc), combined, overridden, and searched.
Below are a few examples of what lookup tables may be useful for and how they may be used and
represented.
Platform-specific information
An obvious pattern and one used heavily in Salt Formulas is extracting platform-specific information such
as package names and file system paths in a file named map.jinja. The pattern is explained in detail
above.
Sane defaults
Application settings can be a good fit for this pattern. Store default settings along with the states
themselves and keep overrides and sensitive settings in Pillar. Combine both into a single dictionary and
then write the application config or settings file.
The example below stores most of the Apache Tomcat server.xml file alongside the Tomcat states and then
allows values to be updated or augmented via Pillar. (This example uses the BadgerFish format for
transforming JSON to XML.)
/srv/salt/tomcat/defaults.yaml:
Server:
'@port': '8005'
'@shutdown': SHUTDOWN
GlobalNamingResources:
Resource:
'@auth': Container
'@description': User database that can be updated and saved
'@factory': org.apache.catalina.users.MemoryUserDatabaseFactory
'@name': UserDatabase
'@pathname': conf/tomcat-users.xml
'@type': org.apache.catalina.UserDatabase
# <...snip...>
/srv/pillar/tomcat.sls:
appX:
server_xml_overrides:
Server:
Service:
'@name': Catalina
Connector:
'@port': '8009'
'@protocol': AJP/1.3
'@redirectPort': '8443'
# <...snip...>
/srv/salt/tomcat/server_xml.sls:
{% import_yaml 'tomcat/defaults.yaml' as server_xml_defaults %}
{% set server_xml_final_values = salt.pillar.get(
'appX:server_xml_overrides',
default=server_xml_defaults,
merge=True)
%}
appX_server_xml:
file.serialize:
- name: /etc/tomcat/server.xml
- dataset: {{ server_xml_final_values | json() }}
- formatter: xml_badgerfish
The file.serialize state can provide a shorthand for creating some files from data structures. There are
also many examples within Salt Formulas of creating one-off "serializers" (often as Jinja macros) that
reformat a data structure to a specific config file format. For example,
`Nginx vhosts`__
or the
`php.ini`__
__: https://github.com/saltstack-formulas/nginx-formula/blob/5cad4512/nginx/ng/vhosts_config.sls __:
https://github.com/saltstack-formulas/php-formula/blob/82e2cd3a/php/ng/files/php.ini
Environment specific information
A single state can be reused when it is parameterized as described in the section below, by separating
the data the state will use from the state that performs the work. This can be the difference between
deploying Application X and Application Y, or the difference between production and development. For
example:
/srv/salt/app/deploy.sls:
{# Load the map file. #}
{% import_yaml 'app/defaults.yaml' as app_defaults %}
{# Extract the relevant subset for the app configured on the current
machine (configured via a grain in this example). #}
{% app = app_defaults.get(salt.grains.get('role') %}
{# Allow values from Pillar to (optionally) update values from the lookup
table. #}
{% do app_defaults.update(salt.pillar.get('myapp', {}) %}
deploy_application:
git.latest:
- name: {{ app.repo_url }}
- version: {{ app.version }}
- target: {{ app.deploy_dir }}
myco/myapp/deployed:
event.send:
- data:
version: {{ app.version }}
- onchanges:
- git: deploy_application
/srv/salt/app/defaults.yaml:
appX:
repo_url: git@github.com/myco/appX.git
target: /var/www/appX
version: master
appY:
repo_url: git@github.com/myco/appY.git
target: /var/www/appY
version: v1.2.3.4
Single-purpose SLS files
Each sls file in a Formula should strive to do a single thing. This increases the reusability of this
file by keeping unrelated tasks from getting coupled together.
As an example, the base Apache formula should only install the Apache httpd server and start the httpd
service. This is the basic, expected behavior when installing Apache. It should not perform additional
changes such as set the Apache configuration file or create vhosts.
If a formula is single-purpose as in the example above, other formulas, and also other states can include
and use that formula with requisites without also including undesirable or unintended side-effects.
The following is a best-practice example for a reusable Apache formula. (This skips platform-specific
options for brevity. See the full apache-formula for more.)
# apache/init.sls
apache:
pkg.installed:
[...]
service.running:
[...]
# apache/mod_wsgi.sls
include:
- apache
mod_wsgi:
pkg.installed:
[...]
- require:
- pkg: apache
# apache/conf.sls
include:
- apache
apache_conf:
file.managed:
[...]
- watch_in:
- service: apache
To illustrate a bad example, say the above Apache formula installed Apache and also created a default
vhost. The mod_wsgi state would not be able to include the Apache formula to create that dependency tree
without also installing the unneeded default vhost.
Formulas should be reusable. Avoid coupling unrelated actions together.
Parameterization
Parameterization is a key feature of Salt Formulas and also for Salt States. Parameterization allows a
single Formula to be reused across many operating systems; to be reused across production, development,
or staging environments; and to be reused by many people all with varying goals.
Writing states, specifying ordering and dependencies is the part that takes the longest to write and to
test. Filling those states out with data such as users or package names or file locations is the easy
part. How many users, what those users are named, or where the files live are all implementation details
that should be parameterized. This separation between a state and the data that populates a state creates
a reusable formula.
In the example below the data that populates the state can come from anywhere -- it can be hard-coded at
the top of the state, it can come from an external file, it can come from Pillar, it can come from an
execution function call, or it can come from a database query. The state itself doesn't change regardless
of where the data comes from. Production data will vary from development data will vary from data from
one company to another, however the state itself stays the same.
{% set user_list = [
{'name': 'larry', 'shell': 'bash'},
{'name': 'curly', 'shell': 'bash'},
{'name': 'moe', 'shell': 'zsh'},
] %}
{# or #}
{% set user_list = salt['pillar.get']('user_list') %}
{# or #}
{% load_json "default_users.json" as user_list %}
{# or #}
{% set user_list = salt['acme_utils.get_user_list']() %}
{% for user in list_list %}
{{ user.name }}:
user.present:
- name: {{ user.name }}
- shell: {{ user.shell }}
{% endfor %}
Configuration
Formulas should strive to use the defaults of the underlying platform, followed by defaults from the
upstream project, followed by sane defaults for the formula itself.
As an example, a formula to install Apache should not change the default Apache configuration file
installed by the OS package. However, the Apache formula should include a state to change or override the
default configuration file.
Pillar overrides
Pillar lookups must use the safe get() and must provide a default value. Create local variables using the
Jinja set construct to increase readability and to avoid potentially hundreds or thousands of function
calls across a large state tree.
{% from "apache/map.jinja" import apache with context %}
{% set settings = salt['pillar.get']('apache', {}) %}
mod_status:
file.managed:
- name: {{ apache.conf_dir }}
- source: {{ settings.get('mod_status_conf', 'salt://apache/mod_status.conf') }}
- template: {{ settings.get('template_engine', 'jinja') }}
Any default values used in the Formula must also be documented in the pillar.example file in the root of
the repository. Comments should be used liberally to explain the intent of each configuration value. In
addition, users should be able copy-and-paste the contents of this file into their own Pillar to make any
desired changes.
Scripting
Remember that both State files and Pillar files can easily call out to Salt execution modules and have
access to all the system grains as well.
{% if '/storage' in salt['mount.active']() %}
/usr/local/etc/myfile.conf:
file:
- symlink
- target: /storage/myfile.conf
{% endif %}
Jinja macros to encapsulate logic or conditionals are discouraged in favor of writing custom execution
modules in Python.
Repository structure
A basic Formula repository should have the following layout:
foo-formula
|-- foo/
| |-- map.jinja
| |-- init.sls
| `-- bar.sls
|-- CHANGELOG.rst
|-- LICENSE
|-- pillar.example
|-- README.rst
`-- VERSION
SEE ALSO:
template-formula
The template-formula repository has a pre-built layout that serves as the basic structure for a new
formula repository. Just copy the files from there and edit them.
README.rst
The README should detail each available .sls file by explaining what it does, whether it has any
dependencies on other formulas, whether it has a target platform, and any other installation or usage
instructions or tips.
A sample skeleton for the README.rst file:
===
foo
===
Install and configure the FOO service.
.. note::
See the full `Salt Formulas installation and usage instructions
<http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_.
Available states
================
.. contents::
:local:
``foo``
-------
Install the ``foo`` package and enable the service.
``foo.bar``
-----------
Install the ``bar`` package.
CHANGELOG.rst
The CHANGELOG.rst file should detail the individual versions, their release date and a set of bullet
points for each version highlighting the overall changes in a given version of the formula.
A sample skeleton for the CHANGELOG.rst file:
CHANGELOG.rst:
foo formula
===========
0.0.2 (2013-01-01)
- Re-organized formula file layout
- Fixed filename used for upstart logger template
- Allow for pillar message to have default if none specified
Versioning
Formula are versioned according to Semantic Versioning, http://semver.org/.
NOTE:
Given a version number MAJOR.MINOR.PATCH, increment the:
1. MAJOR version when you make incompatible API changes,
2. MINOR version when you add functionality in a backwards-compatible manner, and
3. PATCH version when you make backwards-compatible bug fixes.
Additional labels for pre-release and build metadata are available as extensions to the
MAJOR.MINOR.PATCH format.
Formula versions are tracked using Git tags as well as the VERSION file in the formula repository. The
VERSION file should contain the currently released version of the particular formula.
Testing Formulas
A smoke-test for invalid Jinja, invalid YAML, or an invalid Salt state structure can be performed by with
the state.show_sls function:
salt '*' state.show_sls apache
Salt Formulas can then be tested by running each .sls file via state.apply and checking the output for
the success or failure of each state in the Formula. This should be done for each supported platform.
SaltStack Packaging Guide
Since Salt provides a powerful toolkit for system management and automation, the package can be spit into
a number of sub-tools. While packaging Salt as a single package containing all components is perfectly
acceptable, the split packages should follow this convention.
Patching Salt For Distributions
The occasion may arise where Salt source and default configurations may need to be patched. It is
preferable if Salt is only patched to include platform specific additions or to fix release time bugs. It
is preferable that configuration settings and operations remain in the default state, as changes here
lowers the user experience for users moving across distributions.
In the event where a packager finds a need to change the default configuration it is advised to add the
files to the master.d or minion.d directories.
Source Files
Release packages should always be built from the source tarball distributed via pypi. Release packages
should NEVER use a git checkout as the source for distribution.
Single Package
Shipping Salt as a single package, where the minion, master, and all tools are together is perfectly
acceptable and practiced by distributions such as FreeBSD.
Split Package
Salt Should always be split in a standard way, with standard dependencies, this lowers cross distribution
confusion about what components are going to be shipped with specific packages. These packages can be
defined from the Salt Source as of Salt 2014.1.0:
Salt Common
The salt-common or salt package should contain the files provided by the salt python package, or all
files distributed from the salt/ directory in the source distribution packages. The documentation
contained under the doc/ directory can be a part of this package but splitting out a doc package is
preferred. Since salt-call is the entry point to utilize the libs and is useful for all salt packages it
is included in the salt-common package.
Name
• salt OR salt-common
Files
• salt/*
• man/salt.7
• scripts/salt-call
• tests/*
• man/salt-call.1
Depends
• Python 2.6-2.7
• PyYAML
• Jinja2
Salt Master
The salt-master package contains the applicable scripts, related man pages and init information for the
given platform.
Name
• salt-master
Files
• scripts/salt-master
• scripts/salt
• scripts/salt-run
• scripts/salt-key
• scripts/salt-cp
• pkg/<master init data>
• man/salt.1
• man/salt-master.1
• man/salt-run.1
• man/salt-key.1
• man/salt-cp.1
• conf/master
Depends
• Salt Common
• ZeroMQ >= 3.2
• PyZMQ >= 2.10
• PyCrypto
• M2Crypto
• Python MessagePack (Messagepack C lib, or msgpack-pure)
Salt Syndic
The Salt Syndic package can be rolled completely into the Salt Master package. Platforms which start
services as part of the package deployment need to maintain a separate salt-syndic package (primarily
Debian based platforms).
The Syndic may optionally not depend on the anything more than the Salt Master since the master will
bring in all needed dependencies, but fall back to the platform specific packaging guidelines.
Name
• salt-syndic
Files
• scripts/salt-syndic
• pkg/<syndic init data>
• man/salt-syndic.1
Depends
• Salt Common
• Salt Master
• ZeroMQ >= 3.2
• PyZMQ >= 2.10
• PyCrypto
• M2Crypto
• Python MessagePack (Messagepack C lib, or msgpack-pure)
Salt Minion
The Minion is a standalone package and should not be split beyond the salt-minion and salt-common
packages.
Name
• salt-minion
Files
• scripts/salt-minion
• pkg/<minion init data>
• man/salt-minion.1
• conf/minion
Depends
• Salt Common
• ZeroMQ >= 3.2
• PyZMQ >= 2.10
• PyCrypto
• M2Crypto
• Python MessagePack (Messagepack C lib, or msgpack-pure)
Salt SSH
Since Salt SSH does not require the same dependencies as the minion and master, it should be split out.
Name
• salt-ssh
Files
• scripts/salt-ssh
• man/salt-ssh.1
• conf/cloud*
Depends
• Salt Common
• Python MessagePack (Messagepack C lib, or msgpack-pure)
Salt Cloud
As of Salt 2014.1.0 Salt Cloud is included in the same repo as Salt. This can be split out into a
separate package or it can be included in the salt-master package.
Name
• salt-cloud
Files
• scripts/salt-cloud
• man/salt-cloud.1
Depends
• Salt Common
• apache libcloud >= 0.14.0
Salt Doc
The documentation package is very distribution optional. A completely split package will split out the
documentation, but some platform conventions do not prefer this. If the documentation is not split out,
it should be included with the Salt Common package.
Name
• salt-doc
Files
• doc/*
Optional Depends
• Salt Common
• Python Sphinx
• Make
Salt Release Process
The goal for Salt projects is to cut a new feature release every four to six months. This document
outlines the process for these releases, and the subsequent bug fix releases which follow.
Feature Release Process
When a new release is ready to be cut, the person responsible for cutting the release will follow the
following steps (written using the 0.16 release as an example):
1. All open issues on the release milestone should be moved to the next release milestone. (e.g. from the
0.16 milestone to the 0.17 milestone)
2. Release notes should be created documenting the major new features and bugfixes in the release.
3. Create an annotated tag with only the major and minor version numbers, preceded by the letter v.
(e.g. v0.16) This tag will reside on the develop branch.
4. Create a branch for the new release, using only the major and minor version numbers. (e.g. 0.16)
5. On this new branch, create an annotated tag for the first revision release, which is generally a
release candidate. It should be preceded by the letter v. (e.g. v0.16.0rc1)
6. The release should be packaged from this annotated tag and uploaded to PyPI as well as the GitHub
releases page for this tag.
7. The packagers should be notified on the salt-packagers mailing list so they can create packages for
all the major operating systems. (note that release candidates should go in the testing repositories)
8. After the packagers have been given a few days to compile the packages, the release is announced on
the salt-users mailing list.
9. Log into RTD and add the new release there. (Have to do it manually)
Maintenance and Bugfix Releases
Once a feature release branch has been cut from develop, the branch moves into a "feature freeze" state.
The new release branch enters the merge-forward chain and only bugfixes should be applied against the new
branch. Once major bugs have been fixed, a bugfix release can be cut:
1. On the release branch (i.e. 0.16), create an annotated tag for the revision release. It should be
preceded by the letter v. (e.g. v0.16.2) Release candidates are unnecessary for bugfix releases.
2. The release should be packaged from this annotated tag and uploaded to PyPI.
3. The packagers should be notified on the salt-packagers mailing list so they can create packages for
all the major operating systems.
4. After the packagers have been given a few days to compile the packages, the release is announced on
the salt-users mailing list.
For more information about the difference between the develop branch and bugfix release branches, please
refer to the Which Salt Branch? section of Salt's Contributing documentation.
Salt Coding Style
Salt is developed with a certain coding style, while the style is dominantly PEP 8 it is not completely
PEP 8. It is also noteworthy that a few development techniques are also employed which should be adhered
to. In the end, the code is made to be "Salty".
Most importantly though, we will accept code that violates the coding style and KINDLY ask the
contributor to fix it, or go ahead and fix the code on behalf of the contributor. Coding style is NEVER
grounds to reject code contributions, and is never grounds to talk down to another member of the
community (There are no grounds to treat others without respect, especially people working to improve
Salt)!!
Linting
Most Salt style conventions are codified in Salt's .pylintrc file. Salt's pylint file has two
dependencies: pylint and saltpylint. You can install these dependencies with pip:
pip install pylint
pip install saltpylint
The .pylintrc file is found in the root of the Salt project and can be passed as an argument to the
pylint program as follows:
pylint --rcfile=/path/to/salt/.pylintrc salt/dir/to/lint
Variables
Variables should be a minimum of three characters and should provide an easy-to-understand name of the
object being represented.
When keys and values are iterated over, descriptive names should be used to represent the temporary
variables.
Multi-word variables should be separated by an underscore.
Variables which are two-letter words should have an underscore appended to them to pad them to three
characters.
Strings
Salt follows a few rules when formatting strings:
Single Quotes
In Salt, all strings use single quotes unless there is a good reason not to. This means that docstrings
use single quotes, standard strings use single quotes etc.:
def foo():
'''
A function that does things
'''
name = 'A name'
return name
Formatting Strings
All strings which require formatting should use the .format string method:
data = 'some text'
more = '{0} and then some'.format(data)
Make sure to use indices or identifiers in the format brackets, since empty brackets are not supported by
python 2.6.
Please do NOT use printf formatting.
Docstring Conventions
Docstrings should always add a newline, docutils takes care of the new line and it makes the code cleaner
and more vertical:
GOOD:
def bar():
'''
Here lies a docstring with a newline after the quotes and is the salty
way to handle it! Vertical code is the way to go!
'''
return
BAD:
def baz():
'''This is not ok!'''
return
When adding a new function or state, where possible try to use a versionadded directive to denote when
the function or state was added.
def new_func(msg=''):
'''
.. versionadded:: 0.16.0
Prints what was passed to the function.
msg : None
The string to be printed.
'''
print msg
If you are uncertain what version should be used, either consult a core developer in IRC or bring this up
when opening your pull request and a core developer will add the proper version once your pull request
has been merged. Bugfixes will be available in a bugfix release (i.e. 0.17.1, the first bugfix release
for 0.17.0), while new features are held for feature releases, and this will affect what version number
should be used in the versionadded directive.
Similar to the above, when an existing function or state is modified (for example, when an argument is
added), then under the explanation of that new argument a versionadded directive should be used to note
the version in which the new argument was added. If an argument's function changes significantly, the
versionchanged directive can be used to clarify this:
def new_func(msg='', signature=''):
'''
.. versionadded:: 0.16.0
Prints what was passed to the function.
msg : None
The string to be printed. Will be prepended with 'Greetings! '.
.. versionchanged:: 0.17.1
signature : None
An optional signature.
.. versionadded 0.17.0
'''
print 'Greetings! {0}\n\n{1}'.format(msg, signature)
Dictionaries
Dictionaries should be initialized using {} instead of dict().
See here for an in-depth discussion of this topic.
Imports
Salt code prefers importing modules and not explicit functions. This is both a style and functional
preference. The functional preference originates around the fact that the module import system used by
pluggable modules will include callable objects (functions) that exist in the direct module namespace.
This is not only messy, but may unintentionally expose code python libs to the Salt interface and pose a
security problem.
To say this more directly with an example, this is GOOD:
import os
def minion_path():
path = os.path.join(self.opts['cachedir'], 'minions')
return path
This on the other hand is DISCOURAGED:
from os.path import join
def minion_path():
path = join(self.opts['cachedir'], 'minions')
return path
The time when this is changed is for importing exceptions, generally directly importing exceptions is
preferred:
This is a good way to import exceptions:
from salt.exceptions import CommandExecutionError
Absolute Imports
Although absolute imports seems like an awesome idea, please do not use it. Extra care would be
necessary all over salt's code in order for absolute imports to work as supposed. Believe it, it has been
tried before and, as a tried example, by renaming salt.modules.sysmod to salt.modules.sys, all other salt
modules which needed to import sys would have to also import absolute_import, which should be avoided.
NOTE:
An exception to this rule is the absolute_import from __future__ at the top of each file within the
Salt project. This import is necessary for Py3 compatibility. This particular import looks like this:
from __future__ import absolute_import
This import is required for all new Salt files and is a good idea to add to any custom states or
modules. However, the practice of avoiding absolute imports still applies to all other cases as to
avoid a name conflict.
Vertical is Better
When writing Salt code, vertical code is generally preferred. This is not a hard rule but more of a
guideline. As PEP 8 specifies, Salt code should not exceed 79 characters on a line, but it is preferred
to separate code out into more newlines in some cases for better readability:
import os
os.chmod(
os.path.join(self.opts['sock_dir'],
'minion_event_pub.ipc'),
448
)
Where there are more line breaks, this is also apparent when constructing a function with many arguments,
something very common in state functions for instance:
def managed(name,
source=None,
source_hash='',
user=None,
group=None,
mode=None,
template=None,
makedirs=False,
context=None,
replace=True,
defaults=None,
saltenv=None,
backup='',
**kwargs):
NOTE:
Making function and class definitions vertical is only required if the arguments are longer then 80
characters. Otherwise, the formatting is optional and both are acceptable.
Line Length
For function definitions and function calls, Salt adheres to the PEP-8 specification of at most 80
characters per line.
Non function definitions or function calls, please adopt a soft limit of 120 characters per line. If
breaking the line reduces the code readability, don't break it. Still, try to avoid passing that 120
characters limit and remember, vertical is better... unless it isn't
Indenting
Some confusion exists in the python world about indenting things like function calls, the above examples
use 8 spaces when indenting comma-delimited constructs.
The confusion arises because the pep8 program INCORRECTLY flags this as wrong, where PEP 8, the document,
cites only using 4 spaces here as wrong, as it doesn't differentiate from a new indent level.
Right:
def managed(name,
source=None,
source_hash='',
user=None)
WRONG:
def managed(name,
source=None,
source_hash='',
user=None)
Lining up the indent is also correct:
def managed(name,
source=None,
source_hash='',
user=None)
This also applies to function calls and other hanging indents.
pep8 and Flake8 (and, by extension, the vim plugin Syntastic) will complain about the double indent for
hanging indents. This is a known conflict between pep8 (the script) and the actual PEP 8 standard. It
is recommended that this particular warning be ignored with the following lines in ~/.config/flake8:
[flake8]
ignore = E226,E241,E242,E126
Make sure your Flake8/pep8 are up to date. The first three errors are ignored by default and are present
here to keep the behavior the same. This will also work for pep8 without the Flake8 wrapper -- just
replace all instances of 'flake8' with 'pep8', including the filename.
Code Churn
Many pull requests have been submitted that only churn code in the name of PEP 8. Code churn is a leading
source of bugs and is strongly discouraged. While style fixes are encouraged they should be isolated to
a single file per commit, and the changes should be legitimate, if there are any questions about whether
a style change is legitimate please reference this document and the official PEP 8 (‐
http://legacy.python.org/dev/peps/pep-0008/) document before changing code. Many claims that a change is
PEP 8 have been invalid, please double check before committing fixes.
Salt code and internals
Reference documentation on Salt's internal code.
Contents
salt.aggregation
salt.utils.aggregation
This library makes it possible to introspect dataset and aggregate nodes when it is instructed.
NOTE:
The following examples with be expressed in YAML for convenience's sake:
• !aggr-scalar will refer to Scalar python function
• !aggr-map will refer to Map python object
• !aggr-seq will refer for Sequence python object
How to instructs merging
This yaml document has duplicate keys:
foo: !aggr-scalar first
foo: !aggr-scalar second
bar: !aggr-map {first: foo}
bar: !aggr-map {second: bar}
baz: !aggr-scalar 42
but tagged values instruct Salt that overlapping values they can be merged together:
foo: !aggr-seq [first, second]
bar: !aggr-map {first: foo, second: bar}
baz: !aggr-seq [42]
Default merge strategy is keep untouched
For example, this yaml document still has duplicate keys, but does not instruct aggregation:
foo: first
foo: second
bar: {first: foo}
bar: {second: bar}
baz: 42
So the late found values prevail:
foo: second
bar: {second: bar}
baz: 42
Limitations
Aggregation is permitted between tagged objects that share the same type. If not, the default merge
strategy prevails.
For example, these examples:
foo: {first: value}
foo: !aggr-map {second: value}
bar: !aggr-map {first: value}
bar: 42
baz: !aggr-seq [42]
baz: [fail]
qux: 42
qux: !aggr-scalar fail
are interpreted like this:
foo: !aggr-map{second: value}
bar: 42
baz: [fail]
qux: !aggr-seq [fail]
Introspection
TODO: write this part
salt.utils.aggregation.aggregate(obj_a, obj_b, level=False, map_class=<class
'salt.utils.aggregation.Map'>, sequence_class=<class 'salt.utils.aggregation.Sequence'>)
Merge obj_b into obj_a.
>>> aggregate('first', 'second', True) == ['first', 'second']
True
class salt.utils.aggregation.Aggregate
Aggregation base.
class salt.utils.aggregation.Map
Map aggregation.
salt.utils.aggregation.Scalar(obj)
Shortcut for Sequence creation
>>> Scalar('foo') == Sequence(['foo'])
True
class salt.utils.aggregation.Sequence
Sequence aggregation.
Exceptions
Salt-specific exceptions should be thrown as often as possible so the various interfaces to Salt (CLI,
API, etc) can handle those errors appropriately and display error messages appropriately.
┌─────────────────┬───────────────────────────────────────┐
│ salt.exceptions │ This module is a central location for │
│ │ all salt exceptions │
└─────────────────┴───────────────────────────────────────┘
salt.exceptions
This module is a central location for all salt exceptions
exception salt.exceptions.AuthenticationError(message='')
If sha256 signature fails during decryption
exception salt.exceptions.AuthorizationError(message='')
Thrown when runner or wheel execution fails due to permissions
exception salt.exceptions.CommandExecutionError(message='', info=None)
Used when a module runs a command which returns an error and wants to show the user the output
gracefully instead of dying
exception salt.exceptions.CommandNotFoundError(message='')
Used in modules or grains when a required binary is not available
exception salt.exceptions.EauthAuthenticationError(message='')
Thrown when eauth authentication fails
exception salt.exceptions.FileLockError(msg, time_start=None, *args, **kwargs)
Used when an error occurs obtaining a file lock
exception salt.exceptions.FileserverConfigError(message='')
Used when invalid fileserver settings are detected
exception salt.exceptions.GitLockError(errno, strerror, *args, **kwargs)
Raised when an uncaught error occurs in the midst of obtaining an update/checkout lock in
salt.utils.gitfs.
NOTE: While this uses the errno param similar to an OSError, this exception class is not as
subclass of OSError. This is done intentionally, so that this exception class can be caught in a
try/except without being caught as an OSError.
exception salt.exceptions.GitRemoteError(message='')
Used by GitFS to denote a problem with the existence of the "origin" remote or part of its
configuration
exception salt.exceptions.LoaderError(message='')
Problems loading the right renderer
exception salt.exceptions.MasterExit
Rise when the master exits
exception salt.exceptions.MinionError(message='')
Minion problems reading uris such as salt:// or http://
exception salt.exceptions.NotImplemented(message='')
Used when a module runs a command which returns an error and wants to show the user the output
gracefully instead of dying
exception salt.exceptions.PkgParseError(message='')
Used when of the pkg modules cannot correctly parse the output from the CLI tool (pacman, yum,
apt, aptitude, etc)
exception salt.exceptions.PublishError(message='')
Problems encountered when trying to publish a command
exception salt.exceptions.SaltCacheError(message='')
Thrown when a problem was encountered trying to read or write from the salt cache
exception salt.exceptions.SaltClientError(message='')
Problem reading the master root key
exception salt.exceptions.SaltClientTimeout(msg, jid=None, *args, **kwargs)
Thrown when a job sent through one of the Client interfaces times out
Takes the jid as a parameter
exception salt.exceptions.SaltCloudConfigError(message='')
Raised when a configuration setting is not found and should exist.
exception salt.exceptions.SaltCloudException(message='')
Generic Salt Cloud Exception
exception salt.exceptions.SaltCloudExecutionFailure(message='')
Raised when too much failures have occurred while querying/waiting for data.
exception salt.exceptions.SaltCloudExecutionTimeout(message='')
Raised when too much time has passed while querying/waiting for data.
exception salt.exceptions.SaltCloudNotFound(message='')
Raised when some cloud provider function cannot find what's being searched.
exception salt.exceptions.SaltCloudPasswordError(message='')
Raise when virtual terminal password input failed
exception salt.exceptions.SaltCloudSystemExit(message, exit_code=1)
This exception is raised when the execution should be stopped.
exception salt.exceptions.SaltConfigurationError(message='')
Configuration error
exception salt.exceptions.SaltDaemonNotRunning(message='')
Throw when a running master/minion/syndic is not running but is needed to perform the requested
operation (e.g., eauth).
exception salt.exceptions.SaltException(message='')
Base exception class; all Salt-specific exceptions should subclass this
pack() Pack this exception into a serializable dictionary that is safe for transport via msgpack
exception salt.exceptions.SaltInvocationError(message='')
Used when the wrong number of arguments are sent to modules or invalid arguments are specified on
the command line
exception salt.exceptions.SaltMasterError(message='')
Problem reading the master root key
exception salt.exceptions.SaltNoMinionsFound(message='')
An attempt to retrieve a list of minions failed
exception salt.exceptions.SaltRenderError(message, line_num=None, buf='', marker='
<======================', trace=None)
Used when a renderer needs to raise an explicit error. If a line number and buffer string are
passed, get_context will be invoked to get the location of the error.
exception salt.exceptions.SaltReqTimeoutError(message='')
Thrown when a salt master request call fails to return within the timeout
exception salt.exceptions.SaltRunnerError(message='')
Problem in runner
exception salt.exceptions.SaltSyndicMasterError(message='')
Problem while proxying a request in the syndication master
exception salt.exceptions.SaltSystemExit(code=0, msg=None)
This exception is raised when an unsolvable problem is found. There's nothing else to do, salt
should just exit.
exception salt.exceptions.SaltWheelError(message='')
Problem in wheel
exception salt.exceptions.TimedProcTimeoutError(message='')
Thrown when a timed subprocess does not terminate within the timeout, or if the specified timeout
is not an int or a float
exception salt.exceptions.TimeoutError(message='')
Thrown when an opration cannot be completet within a given time limit.
exception salt.exceptions.TokenAuthenticationError(message='')
Thrown when token authentication fails
exception salt.exceptions.VMwareApiError(message='', info=None)
Used when representing a generic VMware API error
exception salt.exceptions.VMwareConnectionError(message='', info=None)
Used when the client fails to connect to a either a VMware vCenter server or to a ESXi host
exception salt.exceptions.VMwareObjectRetrievalError(message='', info=None)
Used when a VMware object cannot be retrieved
exception salt.exceptions.VMwareRuntimeError(message='', info=None)
Used when a runtime error is encountered when communicating with the vCenter
exception salt.exceptions.VMwareSaltError(message='', info=None)
Used when a VMware object cannot be retrieved
exception salt.exceptions.VMwareSystemError(message='', info=None)
Used when representing a generic VMware system error
salt.exceptions.get_error_message(error)
Get human readable message from Python Exception
The Salt Fileserver and Client
Introduction
Salt has a modular fileserver, and mulitple client classes which are used to interact with it. This page
serves as a developer's reference, to help explain how the fileserver and clients both work.
Fileserver
The fileserver is not a daemon, so the fileserver and client are not a true server and client in the
traditional sense. Instead, the fileserver is simply a class (salt.fileserver.Fileserver), located in
salt/fileserver/__init__.py. This class has access to the configured fileserver backends via a loader
instance, referenced as self.servers. When a request comes in from the fileclient, it will ultimately
result in a Fileserver class function being run.
The functions in this class will run corresponding functions in the configured fileserver backends to
perform the requested action. So, in summary:
1. A fileclient class makes a request...
2. which triggers the fileserver to run a function...
3. which runs a named function in each of the configured backends.
Not all of the functions will always execute on every configured backend. For instance, the find_file
function in the fileserver will stop when it finds a match, so if it finds a match for the desired path
in the first configured backend, it won't proceed and try to find the file in the next backend in the
list.
Additionally, not all backends implement all functions in the salt.fileserver.Fileserver class. For
instance, there is a function called update, which exists to update remote fileservers such as the git,
hg, and svn backends. This action has no use however in the roots backend, so it is simply not
implemented there, and thus the roots backend will be skipped if the update function is run on the
fileserver.
Backends for the fileserver are located in salt/fileserver/ (the files not named __init__.py).
Fileclient
There are three fileclient classes:
salt.fileclient.RemoteClient
This client is used when file_client is set to remote. This is how minions request files from the master.
Functions in this client will craft a payload and send it to the master via the transport channel. This
is the same way that the minion asks the minion to do other things, such as updating and requesting data
from the mine. The payload will be a dictionary with a key called cmd, and other values as needed.
Payloads sent via the transport channel are processed my an MWorker instance on the master, and the
MWorker's _handle_aes() function will execute the command. The command will be a function attribute of
the salt.master.AESFuncs class. The AESFuncs class' __setup_fileserver() function instantiates a
salt.fileserver.Fileserver instance and maps its member functions to AESFuncs attributes. This is what
makes the fileserver functions available remotely. The result of the function is returned back through
the transport channel to the minion.
Transporting files is done in chunks, the size of which is decided by the file_buffer_size config option.
If you look at the serve_file() function in any of the fileserver backends, you can see how the loc value
in the payload determines the offset so that an intermediate chunk of the file can be served. The
RemoteClient's get_file() function will loop until the end of the file is reached, retrieving one chunk
at a time.
salt.fileclient.FSClient
This client is used when file_client is set to local. This is how masterless minions request files.
This class inherits from the RemoteClient, but instead of using a transport channel (zmq, tcp, etc.), it
uses a "fake" transport channel (salt.fileserver.FSChan), which implements its own send() function.
Thus, when a function that the FSClient inherits from the RemoteClient runs self.channel.send(), it's
actually calling salt.fileserver.FSChan.send(), which calls corresponding functions in the
salt.fileserver.Fileserver() class. The result is that local file requests use the same code as remote
file requests, they just bypass sending them through an actual transport channel and instead call them on
the FSChan's Fileserver instance.
salt.fileclient.LocalClient
This client is now used exclusively by Pillar. This used to be used when file_client was set to local,
but the FSChan class was written to allow minions with file_client: local to access the full set of
backends. This class will probably be renamed at some point as it is often confused with
salt.client.LocalClient.
The cp Module
Most of the user-facing interaction with the fileclient happens via the cp module. The functions in this
module instantiate a fileclient instance (if one is not already saved to the __context__ dunder) and run
fileclient functions.
Updating the Fileserver
The master daemon spawns a process dedicated to routine maintenance tasks upon startup. This process runs
an instance of salt.master.Maintenance, which loops forever, running a series of functions and then
sleeping for a length of time determined by the loop_interval config option. One of the maintenance tasks
is to update the fileserver, and it essentially runs salt.fileserver.Fileserver.update(), which as we
know from above will run all configured backends' update() functions, if present. This is now remote
fileservers like git, hg, and svn stay up-to-date.
For the local file_client (FSClient), since it does not interact with the master, upon spawning of its
FSChan it will update the fileserver.
Salt opts dictionary
It is very common in the Salt codebase to see opts referred to in a number of contexts.
For example, it can be seen as __opts__ in certain cases, or simply as opts as an argument to a function
in others.
Simply put, this data structure is a dictionary of Salt's runtime configuration information that's passed
around in order for functions to know how Salt is configured.
When writing Python code to use specific parts of Salt, it may become necessary to initialize a copy of
opts from scratch in order to have it available for a given function.
To do so, use the utility functions available in salt.config.
As an example, here is how one might generate and print an options dictionary for a minion instance:
import salt.config
opts = salt.config.minion_config('/etc/salt/minion')
print(opts)
To generate and display opts for a master, the process is similar:
import salt.config
opts = salt.config.master_config('/etc/salt/master')
print(opts)
Unicode in Salt
Though Unicode handling in large projects can often be complex, Salt adheres to several basic rules to
help developers handle Unicode correctly.
(For a basic introduction to this problem, see Ned Batchelder's excellent intoroduction to the topic
<http://nedbatchelder.com/text/unipain/unipain.html>.
Salt's basic workflow for Unicode handling is as follows:
1) Salt should convert whatever data is passed on CLI/API to Unicode. Internally, everything that Salt
does should be Unicode unless it is printing to the screen or writing to storage.
2. Modules and various Salt pluggable systems use incoming data assuming Unicode.
2.1) For Salt modules that query an API; the module should convert the data received from the API
into Unicode.
2.2) For Salt modules that shell out to get output; the module should convert data received into
Unicode. (This does not apply if using the cmd execution module, which should handle this for you.
2.3) For Salt modules which print directly to the console (not via an outputter) or which write
directly to disk, a string should be encoded when appropriate. To handle this conversion, the
global variable __salt_system_encoding__ is available, which declares the locale of the system that
Salt is running on.
3. When a function in a Salt module returns, it should return Unicode.
4) When Salt delivers the data to an outputter or a returner, it is the job of the outputter or returner
to encode the Unicode before displaying it on the console or writing it to storage.
Salt Community Projects
This page contains links to Salt-related projects created by community members. If you come across a
useful project please add it to the list!
Hubblestack
Hubble is a modular, open-source security compliance framework built on top of SaltStack. The project
provides on-demand profile-based auditing, real-time security event notifications, automated remediation,
alerting and reporting.
http://hubblestack.io/
alkali
alkali is a collections of SaltStack states and pillar data that provide just the basics for provisioning
Linux instances that may be built upon. alkali is a starter kit of sorts, to help new users to SaltStack
get up-and-running quickly with the most commonly used, core packages.
https://github.com/zulily/alkali
buoyant
buoyant leverages docker to provide an alternative to VM-centric SaltStack development environments.
buoyant containers may be spun up nearly instantly, once an initial docker image has been built.
https://github.com/zulily/buoyant
Salt Sandbox
Salt Sandbox is a multi-VM Vagrant-based Salt development environment used for creating and testing new
Salt state modules outside of your production environment. It's also a great way to learn firsthand about
Salt and its remote execution capabilities.
https://github.com/elasticdog/salt-sandbox
Salt Vagrant Demo
A Salt Demo using Vagrant.
https://github.com/UtahDave/salt-vagrant-demo
Salt's Test Suite: An Introduction
NOTE:
This tutorial makes a couple of assumptions. The first assumption is that you have a basic knowledge
of Salt. To get up to speed, check out the Salt Walkthrough.
The second assumption is that your Salt development environment is already configured and that you
have a basic understanding of contributing to the Salt codebase. If you're unfamiliar with either of
these topics, please refer to the Installing Salt for Development and the Contributing pages,
respectively.
Salt comes with a powerful integration and unit test suite. The test suite allows for the fully automated
run of integration and/or unit tests from a single interface.
Salt's test suite is located under the tests directory in the root of Salt's code base and is divided
into two main types of tests: unit tests and integration tests. The unit and integration sub-test-suites
are located in the tests directory, which is where the majority of Salt's test cases are housed.
Getting Set Up For Tests
There are a couple of requirements, in addition to Salt's requirements, that need to be installed in
order to run Salt's test suite. You can install these additional requirements using the files located in
the salt/requirements directory, depending on your relevant version of Python:
pip install -r requirements/dev_python27.txt
pip install -r requirements/dev_python34.txt
To be able to run integration tests which utilizes ZeroMQ transport, you also need to install additional
requirements for it. Make sure you have installed the C/C++ compiler and development libraries and header
files needed for your Python version.
This is an example for RedHat-based operating systems:
yum install gcc gcc-c++ python-devel
pip install -r requirements/zeromq.txt
On Debian, Ubuntu or their derivatives run the following commands:
apt-get install build-essential python-dev
pip install -r requirements/zeromq.txt
This will install the latest pycrypto and pyzmq (with bundled libzmq) Python modules required for running
integration tests suite.
Test Directory Structure
As noted in the introduction to this tutorial, Salt's test suite is located in the tests directory in the
root of Salt's code base. From there, the tests are divided into two groups integration and unit. Within
each of these directories, the directory structure roughly mirrors the directory structure of Salt's own
codebase. For example, the files inside tests/integration/modules contains tests for the files located
within salt/modules.
NOTE:
tests/integration and tests/unit are the only directories discussed in this tutorial. With the
exception of the tests/runtests.py file, which is used below in the Running the Test Suite section,
the other directories and files located in tests are outside the scope of this tutorial.
Integration vs. Unit
Given that Salt's test suite contains two powerful, though very different, testing approaches, when
should you write integration tests and when should you write unit tests?
Integration tests use Salt masters, minions, and a syndic to test salt functionality directly and focus
on testing the interaction of these components. Salt's integration test runner includes functionality to
run Salt execution modules, runners, states, shell commands, salt-ssh commands, salt-api commands, and
more. This provides a tremendous ability to use Salt to test itself and makes writing such tests a
breeze. Integration tests are the preferred method of testing Salt functionality when possible.
Unit tests do not spin up any Salt daemons, but instead find their value in testing singular
implementations of individual functions. Instead of testing against specific interactions, unit tests
should be used to test a function's logic. Unit tests should be used to test a function's exit point(s)
such as any return or raises statements.
Unit tests are also useful in cases where writing an integration test might not be possible. While the
integration test suite is extremely powerful, unfortunately at this time, it does not cover all
functional areas of Salt's ecosystem. For example, at the time of this writing, there is not a way to
write integration tests for Proxy Minions. Since the test runner will need to be adjusted to account for
Proxy Minion processes, unit tests can still provide some testing support in the interim by testing the
logic contained inside Proxy Minion functions.
Running the Test Suite
Once all of the requirements are installed, the runtests.py file in the salt/tests directory is used to
instantiate Salt's test suite:
python tests/runtests.py [OPTIONS]
The command above, if executed without any options, will run the entire suite of integration and unit
tests. Some tests require certain flags to run, such as destructive tests. If these flags are not
included, then the test suite will only perform the tests that don't require special attention.
At the end of the test run, you will see a summary output of the tests that passed, failed, or were
skipped.
The test runner also includes a --help option that lists all of the various command line options:
python tests/runtests.py --help
You can also call the test runner as an executable:
./tests/runtests.py --help
Running Integration Tests
Salt's set of integration tests use Salt to test itself. The integration portion of the test suite
includes some built-in Salt daemons that will spin up in preparation of the test run. This list of Salt
daemon processes includes:
• 2 Salt Masters
• 2 Salt Minions
• 1 Salt Syndic
These various daemons are used to execute Salt commands and functionality within the test suite, allowing
you to write tests to assert against expected or unexpected behaviors.
A simple example of a test utilizing a typical master/minion execution module command is the test for the
test_ping function in the tests/integration/modules/test_test.py file:
def test_ping(self):
'''
test.ping
'''
self.assertTrue(self.run_function('test.ping'))
The test above is a very simple example where the test.ping function is executed by Salt's test suite
runner and is asserting that the minion returned with a True response.
Test Selection Options
If you look in the output of the --help command of the test runner, you will see a section called Tests
Selection Options. The options under this section contain various subsections of the integration test
suite such as --modules, --ssh, or --states. By selecting any one of these options, the test daemons will
spin up and the integration tests in the named subsection will run.
./tests/runtests.py --modules
NOTE:
The testing subsections listed in the Tests Selection Options of the --help output only apply to the
integration tests. They do not run unit tests.
Running Unit Tests
While ./tests/runtests.py executes the entire test suite (barring any tests requiring special flags), the
--unit flag can be used to run only Salt's unit tests. Salt's unit tests include the tests located in the
tests/unit directory.
The unit tests do not spin up any Salt testing daemons as the integration tests do and execute very
quickly compared to the integration tests.
./tests/runtests.py --unit
Running Specific Tests
There are times when a specific test file, test class, or even a single, individual test need to be
executed, such as when writing new tests. In these situations, the --name option should be used.
For running a single test file, such as the pillar module test file in the integration test directory,
you must provide the file path using . instead of / as separators and no file extension:
./tests/runtests.py --name=integration.modules.test_pillar
./tests/runtests.py -n integration.modules.test_pillar
Some test files contain only one test class while other test files contain multiple test classes. To run
a specific test class within the file, append the name of the test class to the end of the file path:
./tests/runtests.py --name=integration.modules.test_pillar.PillarModuleTest
./tests/runtests.py -n integration.modules.test_pillar.PillarModuleTest
To run a single test within a file, append both the name of the test class the individual test belongs
to, as well as the name of the test itself:
./tests/runtests.py \
--name=integration.modules.test_pillar.PillarModuleTest.test_data
./tests/runtests.py \
-n integration.modules.test_pillar.PillarModuleTest.test_data
The --name and -n options can be used for unit tests as well as integration tests. The following command
is an example of how to execute a single test found in the tests/unit/modules/test_cp.py file:
./tests/runtests.py \
-n unit.modules.test_cp.CpTestCase.test_get_template_success
Writing Tests for Salt
Once you're comfortable running tests, you can now start writing them! Be sure to review the Integration
vs. Unit section of this tutorial to determine what type of test makes the most sense for the code you're
testing.
NOTE:
There are many decorators, naming conventions, and code specifications required for Salt test files.
We will not be covering all of the these specifics in this tutorial. Please refer to the testing
documentation links listed below in the Additional Testing Documentation section to learn more about
these requirements.
In the following sections, the test examples assume the "new" test is added to a test file that is
already present and regularly running in the test suite and is written with the correct requirements.
Writing Integration Tests
Since integration tests validate against a running environment, as explained in the Running Integration
Tests section of this tutorial, integration tests are very easy to write and are generally the preferred
method of writing Salt tests.
The following integration test is an example taken from the test.py file in the tests/integration/modules
directory. This test uses the run_function method to test the functionality of a traditional execution
module command.
The run_function method uses the integration test daemons to execute a module.function command as you
would with Salt. The minion runs the function and returns. The test also uses Python's Assert Functions
to test that the minion's return is expected.
def test_ping(self):
'''
test.ping
'''
self.assertTrue(self.run_function('test.ping'))
Args can be passed in to the run_function method as well:
def test_echo(self):
'''
test.echo
'''
self.assertEqual(self.run_function('test.echo', ['text']), 'text')
The next example is taken from the tests/integration/modules/test_aliases.py file and demonstrates how to
pass kwargs to the run_function call. Also note that this test uses another salt function to ensure the
correct data is present (via the aliases.set_target call) before attempting to assert what the
aliases.get_target call should return.
def test_set_target(self):
'''
aliases.set_target and aliases.get_target
'''
set_ret = self.run_function(
'aliases.set_target',
alias='fred',
target='bob')
self.assertTrue(set_ret)
tgt_ret = self.run_function(
'aliases.get_target',
alias='fred')
self.assertEqual(tgt_ret, 'bob')
Using multiple Salt commands in this manner provides two useful benefits. The first is that it provides
some additional coverage for the aliases.set_target function. The second benefit is the call to
aliases.get_target is not dependent on the presence of any aliases set outside of this test. Tests should
not be dependent on the previous execution, success, or failure of other tests. They should be isolated
from other tests as much as possible.
While it might be tempting to build out a test file where tests depend on one another before running,
this should be avoided. SaltStack recommends that each test should test a single functionality and not
rely on other tests. Therefore, when possible, individual tests should also be broken up into singular
pieces. These are not hard-and-fast rules, but serve more as recommendations to keep the test suite
simple. This helps with debugging code and related tests when failures occur and problems are exposed.
There may be instances where large tests use many asserts to set up a use case that protects against
potential regressions.
NOTE:
The examples above all use the run_function option to test execution module functions in a traditional
master/minion environment. To see examples of how to test other common Salt components such as
runners, salt-api, and more, please refer to the Integration Test Class Examples documentation.
Destructive vs Non-destructive Tests
Since Salt is used to change the settings and behavior of systems, often, the best approach to run tests
is to make actual changes to an underlying system. This is where the concept of destructive integration
tests comes into play. Tests can be written to alter the system they are running on. This capability is
what fills in the gap needed to properly test aspects of system management like package installation.
To write a destructive test, import and use the destructiveTest decorator for the test method:
import integration
from tests.support.helpers import destructiveTest
class PkgTest(integration.ModuleCase):
@destructiveTest
def test_pkg_install(self):
ret = self.run_function('pkg.install', name='finch')
self.assertSaltTrueReturn(ret)
ret = self.run_function('pkg.purge', name='finch')
self.assertSaltTrueReturn(ret)
Writing Unit Tests
As explained in the Integration vs. Unit section above, unit tests should be written to test the logic of
a function. This includes focusing on testing return and raises statements. Substantial effort should be
made to mock external resources that are used in the code being tested.
External resources that should be mocked include, but are not limited to, APIs, function calls, external
data either globally available or passed in through function arguments, file data, etc. This practice
helps to isolate unit tests to test Salt logic. One handy way to think about writing unit tests is to
"block all of the exits". More information about how to properly mock external resources can be found in
Salt's Unit Test documentation.
Salt's unit tests utilize Python's mock class as well as MagicMock. The @patch decorator is also heavily
used when "blocking all the exits".
A simple example of a unit test currently in use in Salt is the test_get_file_not_found test in the
tests/unit/modules/test_cp.py file. This test uses the @patch decorator and MagicMock to mock the return
of the call to Salt's cp.hash_file execution module function. This ensures that we're testing the
cp.get_file function directly, instead of inadvertently testing the call to cp.hash_file, which is used
in cp.get_file.
def test_get_file_not_found(self):
'''
Test if get_file can't find the file.
'''
with patch('salt.modules.cp.hash_file', MagicMock(return_value=False)):
path = 'salt://saltines'
dest = '/srv/salt/cheese'
ret = ''
self.assertEqual(cp.get_file(path, dest), ret)
Note that Salt's cp module is imported at the top of the file, along with all of the other necessary
testing imports. The get_file function is then called directed in the testing function, instead of using
the run_function method as the integration test examples do above.
The call to cp.get_file returns an empty string when a hash_file isn't found. Therefore, the example
above is a good illustration of a unit test "blocking the exits" via the @patch decorator, as well as
testing logic via asserting against the return statement in the if clause.
There are more examples of writing unit tests of varying complexities available in the following docs:
• Simple Unit Test Example
• Complete Unit Test Example
• Complex Unit Test Example
NOTE:
Considerable care should be made to ensure that you're testing something useful in your test
functions. It is very easy to fall into a situation where you have mocked so much of the original
function that the test results in only asserting against the data you have provided. This results in a
poor and fragile unit test.
Checking for Log Messages
To test to see if a given log message has been emitted, the following pattern can be used
# Import logging handler
from tests.support.helpers import TestsLoggingHandler
# .. inside test
with TestsLoggingHandler() as handler:
for message in handler.messages:
if message.startswith('ERROR: This is the error message we seek'):
break
else:
raise AssertionError('Did not find error message')
Automated Test Runs
SaltStack maintains a Jenkins server which can be viewed at https://jenkins.saltstack.com. The tests
executed from this Jenkins server create fresh virtual machines for each test run, then execute the
destructive tests on the new, clean virtual machine. This allows for the execution of tests across
supported platforms.
Additional Testing Documentation
In addition to this tutorial, there are some other helpful resources and documentation that go into more
depth on Salt's test runner, writing tests for Salt code, and general Python testing documentation.
Please see the follow references for more information:
• Salt's Test Suite Documentation
• Integration Tests
• Unit Tests
• MagicMock
• Python Unittest
• Python's Assert Functions
RELEASE NOTES
See the version numbers page for more information about the version numbering scheme.
Latest Branch Release
Release Candidate
Previous Releases
Salt 2017.7.0 Release Notes - Codename Nitrogen
Python 3
The 2017.7 Salt Release adds initial Python 3 support.
The default Python version of Salt will remain Python 2, although Python 3 packages will be supplied for
users who want to help test this new feature.
Python 2.6 Deprecation
Salt will no longer support Python 2.6. We will provide python2.7 packages on our repo for RedHat and
CentOS 6 to ensure users can still run Salt on these platforms.
As this will impact the installation of additional dependencies for salt modules please use pip packages
if there is not a package available in a repository. You will need to install the python27-pip package to
get access to the correct pip27 executable: yum install python27-pip
Known Issues
The following salt-cloud drivers have known issues running with Python 3. These drivers will not work
with Python 3, and Python 2.7 should be used instead:
• Joyent
• When running under Python 3, users who require Unicode support should ensure that a locale is set on
their machines. Users using the C locale are advised to switch to a UTF-aware locale to ensure proper
functionality with Salt with Python 3.
Remember to update the Salt Master first
Salt's policy has always been that when upgrading, the minion should never be on a newer version than the
master. Specifically with this update, because of changes in the fileclient, the 2017.7 minion requires
a 2017.7 master.
Backwards compatiblity is still maintained, so older minions can still be used.
More information can be found in the Salt FAQ
States Added for Management of systemd Unit Masking
The service.masked and service.umasked states have been added to allow Salt to manage masking of systemd
units.
Additionally, the following functions in the systemd execution module have changed to accomodate the fact
that indefinite and runtime masks can co-exist for the same unit:
• service.masked - The return from this function has changed from previous releases. Before, False would
be returned if the unit was not masked, and the output of systemctl is-enabled <unit name> would be
returned if the unit was masked. However, since indefinite and runtime masks can exist for the same
unit at the same time, this function has been altered to accept a runtime argument. If True, the minion
will be checked for a runtime mask assigned to the named unit. If False, then the minion will be
checked for an indefinite mask. If one is found, True will be returned. If not, then False will be
returned.
• service.masked - This function used to just run systemctl is-enabled <unit name> and based on the
return from this function the corresponding mask type would be removed. However, if both runtime and
indefinite masks are set for the same unit, then systemctl is-enabled <unit name> would show just the
indefinite mask. The indefinite mask would be removed, but the runtime mask would remain. The function
has been modified to accept a runtime argument, and will attempt to remove a runtime mask if that
argument is set to True. If set to False, it will attempt to remove an indefinite mask.
These new runtime arguments default to False.
Pillar Encryption
Beginning in 2016.3.0 the CLI pillar data passed to several functions could conditionally be passed
through a renderer to be decrypted. This functionality has now been extended to pillar SLS files as well.
See here for detailed documentation on this feature.
Grains Changes
• The osmajorrelease grain has been changed from a string to an integer. State files, especially those
using a templating language like Jinja, may need to be adjusted to account for this change.
• Add ability to specify disk backing mode in the VMWare salt cloud profile.
State Module Changes
• The service.running and service.dead states now support a no_block argument which, when set to True on
systemd minions, will start/stop the service using the --no-block flag in the systemctl command. On
non-systemd minions, a warning will be issued.
• The module.run state has dropped its previous syntax with m_ prefix for reserved keywords.
Additionally, it allows running several functions in a batch.
NOTE:
It is necessary to explicitly turn on the new behavior (see below)
# Before
run_something:
module.run:
- name: mymodule.something
- m_name: 'some name'
- kwargs: {
first_arg: 'one',
second_arg: 'two',
do_stuff: 'True'
}
# After
run_something:
module.run:
- mymodule.something:
- name: some name
- first_arg: one
- second_arg: two
- do_stuff: True
Since a lot of users are already using module.run states, this new behavior must currently be
explicitly turned on, to allow users to take their time updating their SLS files. However, please keep
in mind that the new syntax will take effect in the next feature release of Salt (Oxygen) and the old
usage will no longer be supported at that time.
Another feature of the new module.run is that it allows calling many functions in a single batch, such
as:
run_something:
module.run:
- mymodule.function_without_parameters:
- mymodule.another_function:
- myparam
- my_other_param
In a rare case that you have a function that needs to be called several times but with the different
parameters, an additional feature of "tagging" is to the rescue. In order to tag a function, use a
colon delimeter. For example:
run_something:
module.run:
- mymodule.same_function:1:
- mymodule.same_function:2:
- myparam
- my_other_param
- mymodule.same_function:3:
- foo: bar
The example above will run mymodule.same_function three times with the different parameters.
To enable the new behavior for module.run, add the following to the minion config file:
use_superseded:
- module.run
• The default for the fingerprint_hash_type option used in the present function in the ssh state changed
from md5 to sha256.
Execution Module Changes
• Several functions in the systemd execution module have gained a no_block argument, which when set to
True will use --no-block in the systemctl command.
• In the solarisips pkg module, the default value for the refresh argument to the list_upgrades function
has been changed from False to True. This makes the function more consistent with all of the other pkg
modules (The other pkg.list_upgrades functions all defaulted to True).
• The functions which handle masking in the systemd module have changed. These changes are described
above alongside the information on the new states which have been added to manage masking of systemd
units.
• The pkg.list_repo_pkgs function for yum/dnf-based distros has had its default output format changed.
In prior releases, results would be organized by repository. Now, the default for each package will be
a simple list of versions. To get the old behavior, pass byrepo=True to the function.
• A pkg.list_repo_pkgs function has been added for both Debian/Ubuntu and Arch Linux-based distros.
• The system module changed its return format from "HH:MM AM/PM" to "HH:MM:SS AM/PM" for get_system_time.
• The default for the fingerprint_hash_type option used in the ssh execution module changed from md5 to
sha256.
Proxy Module Changes
The proxy_merge_grains_in_module configuration variable introduced in 2016.3, has been changed,
defaulting to True.
The connection with the remote device is kept alive by default, when the module implements the alive
function and proxy_keep_alive is set to True. The polling interval is set using the
proxy_keep_alive_interval option which defaults to 1 minute.
The developers are also able to use the proxy_always_alive, when designing a proxy module flexible enough
to open the connection with the remote device only when required.
Wildcard Versions in pkg.installed States
• The pkg.installed state now supports wildcards in package versions, for the following platforms:
• SUSE/openSUSE Leap/Thumbleweed
• Debian/Ubuntu
• RHEL/CentOS
• Arch Linux
This support also extends to any derivatives of these distros, which use the aptpkg, yumpkg, or pacman
providers for the pkg virtual module.
Using wildcards can be useful for packages where the release name is built into the version in some
way, such as for RHEL/CentOS which typically has version numbers like 1.2.34-5.el7. An example of the
usage for this would be:
mypkg:
pkg.installed:
- version: '1.2.34*'
Master Configuration Additions
• syndic_forward_all_events - Option on multi-syndic or single when connected to multiple masters to be
able to send events to all connected masters.
• eauth_acl_module - In case external auth is enabled master can get authenticate and get the
authorization list from different auth modules.
• keep_acl_in_token - Option that allows master to build ACL once for each user being authenticated and
keep it in the token.
Minion Configuration Additions
• pillarenv_from_saltenv - When set to True (default is False), the pillarenv option will take the same
value as the effective saltenv when running states. This would allow a user to run salt '*' state.apply
mysls saltenv=dev, and the SLS for both the state and pillar data would be sourced from the dev
environment, essentially the equivalent of running salt '*' state.apply mysls saltenv=dev
pillarenv=dev. Note that if pillarenv is set in the minion config file, or if pillarenv is provided on
the CLI, it will override this option.
salt-api Changes
The rest_cherrypy netapi module has recieved a few minor improvements:
• A CORS bugfix.
• A new /token convenience endpoint to generate Salt eauth tokens.
• A proof-of-concept JavaScript single-page application intended to demonstrate how to use the
Server-Sent Events stream in an application. It is available in a default install by visiting the /app
URL in a browser.
Python API Changes
expr_form Deprecation
The LocalClient's expr_form argument has been deprecated and renamed to tgt_type. This change was made
due to numerous reports of confusion among community members, since the targeting method is published to
minions as tgt_type, and appears as tgt_type in the job cache as well.
While expr_form will continue to be supported until the Fluorine release cycle (two major releases after
this one), those who are using the LocalClient (either directly, or implictly via a netapi module) are
encouraged to update their code to use tgt_type.
full_return Argument in LocalClient and RunnerClient
An full_return argument has been added to the cmd and cmd_sync methods in LocalClient and RunnerClient
which causes the return data structure to include job meta data such as retcode.
This is useful at the Python API:
>>> import salt.client
>>> client = salt.client.LocalClient()
>>> client.cmd('*', 'cmd.run', ['return 1'], full_return=True)
{'jerry': {'jid': '20170520151213898053', 'ret': '', 'retcode': 1}}
As well as from salt-api:
% curl -b /tmp/cookies.txt -sS http://localhost:8000 \
-H 'Content-type: application/json' \
-d '[{
"client": "local",
"tgt": "*",
"fun": "cmd.run",
"arg": ["return 1"],
"full_return": true
}]'
{"return": [{"jerry": {"jid": "20170520151531477653", "retcode": 1, "ret": ""}}]}
Jinja
Filters
New filters in 2017.7.0:
• to_bool
• exactly_n_true
• exactly_one_true
• quote
• regex_search
• regex_match
• uuid
• is_list
• is_iter
• min
• max
• avg
• union
• intersect
• difference
• symmetric_difference
• is_sorted
• compare_lists
• compare_dicts
• is_hex
• contains_whitespace
• substring_in_list
• check_whitelist_blacklist
• date_format
• str_to_num
• to_bytes
• json_decode_list
• json_decode_dict
• rand_str
• md5
• sha256
• sha512
• base64_encode
• base64_decode
• hmac
• http_query
• is_ip
• is_ipv4
• is_ipv6
• ipaddr
• ipv4
• ipv6
• network_hosts
• network_size
• gen_mac
• mac_str_to_bytes
• dns_check
• is_text_file
• is_binary_file
• is_empty_file
• file_hashsum
• list_files
• path_join
• which
Logs
Another new feature - although not limited to Jinja only - is being able to log debug messages directly
from the template:
{%- do salt.log.error('logging from jinja') -%}
See the logs paragraph.
Network Automation
NAPALM
Introduced in 2016.11, the modules for cross-vendor network automation have been improved, enhanced and
widenened in scope:
• Manage network devices like servers: the NAPALM modules have been transformed so they can run in both
proxy and regular minions. That means, if the operating system allows, the salt-minion package can be
installed directly on the network gear. Examples of such devices (also covered by NAPALM) include:
Arista, Cumulus, Cisco IOS-XR or Cisco Nexus.
• Not always alive: in certain less dynamic environments, maintaining the remote connection permanently
open with the network device is not always beneficial. In those particular cases, the user can select
to initialize the connection only when needed, by specifying the field always_alive: false in the proxy
configuration or using the proxy_always_alive option.
• Proxy keepalive: due to external factors, the connection with the remote device can be dropped, e.g.:
packet loss, idle time (no commands issued within a couple of minutes or seconds), or simply the device
decides to kill the process. In 2017.7.0 we have introduced the functionality to re-establish the
connection. One can disable this feature through the proxy_keep_alive option and adjust the polling
frequency speciying a custom value for proxy_keep_alive_interval, in minutes.
New modules:
• Netconfig state module - Manage the configuration of network devices using arbitrary templates and the
Salt-specific advanced templating methodologies.
• Network ACL execution module - Generate and load ACL (firewall) configuration on network devices.
• Network ACL state - Manage the firewall configuration. It only requires writing the pillar structure
correctly!
• NAPALM YANG execution module - Parse, generate and load native device configuration in a standard way,
using the OpenConfig/IETF models. This module contains also helpers for the states.
• NAPALM YANG state module - Manage the network device configuration according to the YANG models
(OpenConfig or IETF).
• NET finder - Runner to find details easily and fast. It's smart enough to know what you are looking
for. It will search in the details of the network interfaces, IP addresses, MAC address tables, ARP
tables and LLDP neighbors.
• BGP finder - Runner to search BGP neighbors details.
• NAPALM syslog - Engine to import events from the napalm-logs library into the Salt event bus. The
events are based on the syslog messages from the network devices and structured following the
OpenConfig/IETF YANG models.
• NAPALM Helpers - Generic helpers for NAPALM-related operations. For example, the Compliance report
function can be used inside the state modules to compare the expected and the existing configuration.
New functions:
• Configuration getter - Return the whole configuration of the network device.
• Optics getter - Fetches the power usage on the various transceivers installed on the network device (in
dBm).
New grains: Host, Host DNS, Username and Optional args.
Custom Refspecs in GitFS / git_pillar / winrepo
It is now possible to specify the refspecs to use when fetching from remote repositories for GitFS,
git_pillar, and winrepo. More information on how this feature works can be found here in the GitFS
Walkthrough. The git_pillar and winrepo versions of this feature work the same as their GitFS
counterpart.
git_pillar mountpoints Feature Added
See here for detailed documentation.
Big Improvements to Docker Support
The old docker state and execution modules have been moved to salt-contrib. The dockerng execution module
has been renamed to docker and now serves as Salt's official Docker execution module.
The old dockerng state module has been split into 4 state modules:
• docker_container - States to manage Docker containers
• docker_image - States to manage Docker images
• docker_volume - States to manage Docker volumes
• docker_network - States to manage Docker networks
The reason for this change was to make states and requisites more clear. For example, imagine this SLS:
myuser/appimage:
docker.image_present:
- sls: docker.images.appimage
myapp:
docker.running:
- image: myuser/appimage
- require:
- docker: myuser/appimage
The new syntax would be:
myuser/appimage:
docker_image.present:
- sls: docker.images.appimage
myapp:
docker_container.running:
- image: myuser/appimage
- require:
- docker_image: myuser/appimage
This is similar to how Salt handles MySQL, MongoDB, Zabbix, and other cases where the same execution
module is used to manage several different kinds of objects (users, databases, roles, etc.).
NOTE:
With the Moby announcement coming at this year's DockerCon, Salt's docker execution module (as well as
the state modules) work interchangably when docker is replaced with moby (e.g.
moby_container.running, moby_image.present, moby.inspect_container, etc.)
The old syntax will continue to work until the Fluorine release of Salt. The old dockerng naming will
also continue to work until that release, so no immediate changes need to be made to your SLS files
(unless you were still using the old docker states that have been moved to salt-contrib).
The docker_container.running state has undergone a significant change in how it determines whether or not
a container needs to be replaced. Rather than comparing individual arguments to their corresponding
values in the named container, a temporary container is created (but not started) using the passed
arguments. The two containers are then compared to each other to determine whether or not there are
changes, and if so, the old container is stopped and destroyed, and the temporary container is renamed
and started.
Salt still needs to translate arguments into the format which docker-py expects, but if it does not
properly do so, the skip_translate argument can be used to skip input translation on an
argument-by-argument basis, and you can then format your SLS file to pass the data in the format that the
docker-py expects. This allows you to work around any changes in Docker's API or issues with the input
translation, and continue to manage your Docker containers using Salt. Read the documentation for
skip_translate for more information.
NOTE:
When running the docker_container.running state for the first time after upgrading to 2017.7.0, your
container(s) may be replaced. The changes may show diffs for certain parameters which say that the old
value was an empty string, and the new value is None. This is due to the fact that in prior releases
Salt was passing empty strings for these values when creating the container if they were undefined in
the SLS file, where now Salt simply does not pass any arguments not explicitly defined in the SLS
file. Subsequent runs of the state should not replace the container if the configuration remains
unchanged.
New SSH Cache Roster
The SSH cache Roster has been rewritten from scratch to increase its usefulness. The new roster supports
all minion matchers, so it is now possible to target minions identically through salt and salt-ssh.
Using the new roster_order configuration syntax it's now possible to compose a roster out of any
combination of grains, pillar and mine data and even Salt SDB URLs. The new release is also fully IPv4
and IPv6 enabled and even has support for CIDR ranges.
Salt-SSH Default Options
Defaults for rosters can now be set, so that they don't have to be set on every entry in a roster or
specified from the commandline.
The new option is roster_defaults and is specified in the master config file.
roster_defaults:
user: daniel
sudo: True
priv: /root/.ssh/id_rsa
tty: True
Blacklist or Whitelist Extmod Sync
The modules that are synced to minions can now be limited.
The following configuration options have been added for the master:
• extmod_whitelist
• extmod_blacklist
and for the minion:
• extmod_whitelist
• extmod_blacklist
Additional Features
• The mine.update function has a new optional argument mine_functions that can be used to refresh mine
functions at a more specific interval than scheduled using the mine_interval option. However, this
argument can be used by explicit schedule. For example, if we need the mines for net.lldp to be
refreshed every 12 hours:
schedule:
lldp_mine_update:
function: mine.update
kwargs:
mine_functions:
net.lldp: []
hours: 12
• The salt runner has a new function: salt.execute. It is mainly a shortcut to facilitate the execution
of various functions from other runners, e.g.:
ret1 = __salt__['salt.execute']('*', 'mod.fun')
New Modules
Beacons
• salt.beacons.log
Cache
• salt.cache.redis_cache
Engines
• salt.engines.stalekey
• salt.engines.junos_syslog
• salt.engines.napalm_syslog
Execution modules
• salt.modules.apk
• salt.modules.at_solaris
• salt.modules.boto_kinesis
• salt.modules.boto3_elasticache
• salt.modules.boto3_route53
• salt.modules.capirca_acl
• salt.modules.freebsd_update
• salt.modules.grafana4
• salt.modules.heat
• salt.modules.icinga2
• salt.modules.kubernetes
• salt.modules.logmod
• salt.modules.mattermost
• salt.modules.namecheap_dns
• salt.modules.namecheap_domains
• salt.modules.namecheap_ns
• salt.modules.namecheap_users
• salt.modules.namecheap_ssl
• salt.modules.napalm
• salt.modules.napalm_acl
• salt.modules.napalm_yang_mod
• salt.modules.pdbedit
• salt.modules.solrcloud
• salt.modules.statuspage
• salt.modules.zonecfg
• salt.modules.zoneadm
Grains
• salt.grains.metadata
• salt.grains.mdata
Outputters
• salt.output.table_out
Pillar
• salt.pillar.postgres
• salt.pillar.vmware_pillar
Returners
• salt.returners.mattermost_returner
• salt.returners.highstate_return
Roster
• salt.roster.cache
Runners
• salt.runners.bgp
• salt.runners.mattermost
• salt.runners.net
SDB
• salt.sdb.yaml
• salt.sdb.tism
• salt.sdb.cache
States
• salt.states.boto_kinesis
• salt.states.boto_efs
• salt.states.boto3_elasticache
• salt.states.boto3_route53
• salt.states.docker_container
• salt.states.docker_image
• salt.states.docker_network
• salt.states.docker_volume
• salt.states.elasticsearch
• salt.states.grafana4_dashboard
• salt.states.grafana4_datasource
• salt.states.grafana4_org
• salt.states.grafana4_user
• salt.states.heat
• salt.states.icinga2
• salt.states.influxdb_continuous_query
• salt.states.influxdb_retention_policy
• salt.states.kubernetes
• salt.states.logadm
• salt.states.logrotate
• salt.states.msteams
• salt.states.netacl
• salt.states.netconfig
• salt.states.netyang
• salt.states.nix
• salt.states.pdbedit
• salt.states.solrcloud
• salt.states.statuspage
• salt.states.vault
• salt.states.win_wua
• salt.states.zone
Deprecations
General Deprecations
• Removed support for aliasing cmd.run to cmd.shell.
• Removed support for Dulwich from GitFS.
• Beacon configurations should be lists instead of dictionaries.
• The PidfileMixin has been removed. Please use DaemonMixIn instead.
• The use_pending argument was removed from the salt.utils.event.get_event function.
• The pending_tags argument was removed from the salt.utils.event.get_event function.
Configuration Option Deprecations
• The client_acl configuration option has been removed. Please use publisher_acl instead.
• The client_acl_blacklist configuration option has been removed. Please use publisher_acl_blacklist
instead.
• The win_gitrepos configuration option has been removed. Please use the winrepo_remotes option instead.
• The win_repo configuration option has been removed. Please use winrepo_dir instead.
• The win_repo_mastercachefile configuration option has been removed. Please use the winrepo_cachefile
option instead.
Module Deprecations
The git execution module had the following changes:
• The fmt argument was removed from the archive function. Please use format instead.
• The repository argument was removed from the clone function. Please use url instead.
• The is_global argument was removed from the config_set function. Please use global instead.
• The branch argument was removed from the merge function. Please use rev instead.
• The branch argument was removed from the push function. Please use rev instead.
The glusterfs execution module had the following functions removed:
• create: Please use create_volume instead.
• delete: Please use delete_volume instead.
• list_peers: Please use peer_status instead.
The htpasswd execution module had the following function removed:
• useradd_all: Please use useradd instead.
The img execution module has been removed. All of its associated functions were marked for removal in the
2017.7.0 release. The functions removed in this module are mapped as follows:
• mount_image/mnt_image: Please use mount.mount instead.
• umount_image: Please use mount.umount instead.
• bootstrap: Please use genesis.bootstrap instead.
The smartos_virt execution module had the following functions removed:
• create: Please use start instead.
• destroy Please use stop instead.
• list_vms: Please use list_domains instead.
The virt execution module had the following functions removed:
• create: Please use start instead.
• destroy Please use stop instead.
• list_vms: Please use list_domains instead.
The virtualenv_mod execution module had the following changes:
• The package_or_requirement argument was removed from both the get_resource_path and the
get_resource_content functions. Please use package instead.
• The resource_name argument was removed from both the get_resource_path and get_resource_content
functions. Please use resource instead.
The win_repo execution module had the following changes:
• The win_repo_source_dir option was removed from the win_repo module. Please use winrepo_source_dir
instead.
The xapi execution module had the following functions removed:
• create: Please use start instead.
• destroy: Please use stop instead.
• list_vms: Please use list_domains instead.
The zypper execution module had the following function removed:
• info: Please use info_available instead.
Pillar Deprecations
• Support for the raw_data argument for the file_tree ext_pillar has been removed. Please use
keep_newline instead.
• SQLite3 database connection configuration previously had keys under pillar. This legacy compatibility
has been removed.
Proxy Minion Deprecations
• The proxy_merge_grains_in_module default has been switched from False to True.
Salt-API Deprecations
• The SaltAPI.run() function has been removed. Please use the SaltAPI.start() function instead.
Salt-Cloud Deprecations
• Support for using the keyword provider in salt-cloud provider config files has been removed. Please use
driver instead. The provider keyword should now only be used in cloud profile config files.
Salt-SSH Deprecations
• The wipe_ssh option for salt-ssh has been removed. Please use the ssh_wipe option instead.
State Deprecations
The apache_conf state had the following functions removed:
• disable: Please use disabled instead.
• enable: Please use enabled instead.
The apache_module state had the following functions removed:
• disable: Please use disabled instead.
• enable: Please use enabled instead.
The apache_site state had the following functions removed:
• disable: Please use disabled instead.
• enable: Please use enabled instead.
The chocolatey state had the following functions removed:
• install: Please use installed instead.
• uninstall: Please use uninstalled instead.
The git state had the following changes:
• The config function was removed. Please use config_set instead.
• The is_global option was removed from the config_set function. Please use global instead.
• The always_fetch option was removed from the latest function, as it no longer has any effect. Please
see the 2015.8.0 release notes for more information.
• The force option was removed from the latest function. Please use force_clone instead.
• The remote_name option was removed from the latest function. Please use remote instead.
The glusterfs state had the following function removed:
• created: Please use volume_present instead.
The openvswitch_port state had the following change:
• The type option was removed from the present function. Please use tunnel_type instead.
Build Notes
Windows Installer Packages
Windows Installer packages have been patched with the following PR: 42347
Salt 2017.7.1 Release Notes
Version 2017.7.1 is a bugfix release for 2017.7.0.
Security Fix
CVE-2017-12791 Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master
Correct a flaw in minion id validation which could allow certain minions to authenticate to a master
despite not having the correct credentials. To exploit the vulnerability, an attacker must create a
salt-minion with an ID containing characters that will cause a directory traversal. Credit for
discovering the security flaw goes to: Vernhk@qq.com
Changes for v2017.7.0..v2017.7.1
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2017-07-26T01:09:40Z
Statistics:
• Total Merges: 11
• Total Issue references: 9
• Total PR references: 22
Changes:
• PR #42548: (gtmanfred) pass in empty kwarg for reactor @ 2017-07-26T00:41:20Z
• ISSUE #460: (whiteinge) Add a topic and a ref for modules/states/returners/renderers/runners | refs:
#42548
• 711b742c54 Merge pull request #42548 from gtmanfred/2017.7.1
• 0257c1dc32 pass in empty kwarg for reactor
• b948e980d2 update chunk, not kwarg in chunk
• PR #42522: (gtmanfred) pacman wildcard is only for repository installs @ 2017-07-24T20:51:05Z
• ISSUE #42519: (xuhcc) Error when installing package from file under Arch Linux | refs: #42522
• 50c1635dcc Merge pull request #42522 from gtmanfred/2017.7.1
• 7787fb9e1b pacman wildcard is only for repository installs
• PR #42508: (rallytime) Back-port #42474 to 2017.7.1 @ 2017-07-24T20:49:51Z
• PR #42474: (whiteinge) Cmd arg kwarg parsing test | refs: #42508
• PR #39646: (terminalmage) Handle deprecation of passing string args to load_args_and_kwargs | refs:
#42474
• 05c07ac049 Merge pull request #42508 from rallytime/bp-42474
• 76fb074433 Add a test.arg variant that cleans the pub kwargs by default
• 624f63648e Lint fixes
• d246a5fc61 Add back support for string kwargs
• 854e098aa0 Add LocalClient.cmd test for arg/kwarg parsing
• PR #42472: (rallytime) Back-port #42435 to 2017.7.1 @ 2017-07-24T15:11:13Z
• ISSUE #42427: (grichmond-salt) Issue Passing Variables created from load_json as Inline Pillar
Between States | refs: #42435
• PR #42435: (terminalmage) Modify our custom YAML loader to treat unicode literals as unicode strings
| refs: #42472
• 95fe2558e4 Merge pull request #42472 from rallytime/bp-42435
• 5c47af5b98 Modify our custom YAML loader to treat unicode literals as unicode strings
• PR #42473: (rallytime) Back-port #42436 to 2017.7.1 @ 2017-07-24T15:10:29Z
• ISSUE #42374: (tyhunt99) [2017.7.0] salt-run mange.versions throws exception if minion is offline or
unresponsive | refs: #42436
• PR #42436: (garethgreenaway) Fixes to versions function in manage runner | refs: #42473
• 5b99d45f54 Merge pull request #42473 from rallytime/bp-42436
• 82ed919803 Updating the versions function inside the manage runner to account for when a minion is
offline and we are unable to determine it's version.
• PR #42471: (rallytime) Back-port #42399 to 2017.7.1 @ 2017-07-24T15:09:50Z
• ISSUE #42381: (zebooka) Git.detached broken in 2017.7.0 | refs: #42399
• ISSUE #38878: (tomlaredo) [Naming consistency] git.latest "rev" option VS git.detached "ref" option |
refs: #38898
• PR #42399: (rallytime) Update old "ref" references to "rev" in git.detached state | refs: #42471
• PR #38898: (terminalmage) git.detached: rename ref to rev for consistency | refs: #42399
• 3d1a2d3f9f Merge pull request #42471 from rallytime/bp-42399
• b9a4669e5a Update old "ref" references to "rev" in git.detached state
• PR #42470: (rallytime) Back-port #42031 to 2017.7.1 @ 2017-07-24T15:09:30Z
• ISSUE #42400: (Enquier) Conflict in execution of passing pillar data to orch/reactor event executions
2017.7.0 | refs: #42031
• PR #42031: (skizunov) Fix: Reactor emits critical error | refs: #42470
• 09766bccbc Merge pull request #42470 from rallytime/bp-42031
• 0a0c6287a4 Fix: Reactor emits critical error
• PR #42469: (rallytime) Back-port #42027 to 2017.7.1 @ 2017-07-21T22:41:02Z
• ISSUE #41949: (jrporcaro) Event returner doesn't work with Windows Master | refs: #42027
• PR #42027: (gtmanfred) import salt.minion for EventReturn for Windows | refs: #42469
• d7b172a15b Merge pull request #42469 from rallytime/bp-42027
• ed612b4ee7 import salt.minion for EventReturn for Windows
• PR #42466: (rallytime) Back-port #42452 to 2017.7.1 @ 2017-07-21T19:41:24Z
• PR #42452: (Ch3LL) update windows urls to new py2/py3 naming scheme | refs: #42466
• 8777b1a825 Merge pull request #42466 from rallytime/bp-42452
• c10196f68c update windows urls to new py2/py3 naming scheme
• PR #42439: (rallytime) Back-port #42409 to 2017.7.1 @ 2017-07-21T17:38:10Z
• PR #42409: (twangboy) Add Scripts to build Py3 on Mac | refs: #42439
• fceaaf41d0 Merge pull request #42439 from rallytime/bp-42409
• 8176964b41 Remove build and dist, sign pkgs
• 2c14d92a07 Fix hard coded pip path
• 82fdd7c2e1 Add support for Py3
• 2478447246 Update Python and other reqs
• PR #42441: (rallytime) Back-port #42433 to 2017.7.1 @ 2017-07-21T17:37:01Z
• ISSUE #42403: (astronouth7303) [2017.7] Pillar empty when state is applied from orchestrate | refs:
#42433
• PR #42433: (terminalmage) Only force saltenv/pillarenv to be a string when not None | refs: #42441
• 660400560b Merge pull request #42441 from rallytime/bp-42433
• 17f347123a Only force saltenv/pillarenv to be a string when not None
Salt 2017.7.2 Release Notes
Version 2017.7.2 is a bugfix release for 2017.7.0.
Changes for v2017.7.1..v2017.7.2
Security Fix
CVE-2017-14695 Directory traversal vulnerability in minion id validation in SaltStack. Allows remote
minions with incorrect credentials to authenticate to a master via a crafted minion ID. Credit for
discovering the security flaw goes to: Julian Brost (julian@0x4a42.net)
CVE-2017-14696 Remote Denial of Service with a specially crafted authentication request. Credit for
discovering the security flaw goes to: Julian Brost (julian@0x4a42.net)
Known Issues
On 2017.7.2 when using salt-api and cherrypy version 5.6.0, issue #43581 will occur when starting the
salt-api service. We have patched the cherry-py packages for python-cherrypy-5.6.0-2 from
repo.saltstack.com. If you are using python-cherrypy-5.6.0-1 please ensure to run yum install
python-cherrypy to install the new patched version.
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2017-10-02T21:10:14Z
Statistics
• Total Merges: 328
• Total Issue references: 134
• Total PR references: 391
Changes
• PR #43868: (rallytime) Back-port #43847 to 2017.7.2 * Fix to module.run
• PR #43756: (gtmanfred) split build and install for pkg osx @ 2017-09-26T20:51:28Z
• 88414d5 Merge pull request #43756 from gtmanfred/2017.7.2
• f7df41f split build and install for pkg osx
• PR #43585: (rallytime) Back-port #43330 to 2017.7.2 @ 2017-09-19T17:33:34Z
• ISSUE #43077: (Manoj2087) Issue with deleting key via wheel | refs: #43330
• PR #43330: (terminalmage) Fix reactor regression + unify reactor config schema | refs: #43585
• 89f629233f Merge pull request #43585 from rallytime/bp-43330
• c4f693bae8 Merge branch '2017.7.2' into bp-43330
• PR #43586: (rallytime) Back-port #43526 to 2017.7.2 @ 2017-09-19T15:36:27Z
• ISSUE #43447: (UtahDave) When using Syndic with Multi Master the top level master doesn't reliably
get returns from lower minion. | refs: #43526
• PR #43526: (DmitryKuzmenko) Forward events to all masters syndic connected to | refs: #43586
• abb7fe4422 Merge pull request #43586 from rallytime/bp-43526
• e076e9b634 Forward events to all masters syndic connected to.
• 7abd07fa07 Simplify client logic
• b5f10696c2 Improve the reactor documentation
• 7a2f12b96a Include a better example for reactor in master conf file
• 531cac610e Rewrite the reactor unit tests
• 2a35ab7f39 Unify reactor configuration, fix caller reactors
• 4afb179bad Un-deprecate passing kwargs outside of 'kwarg' param
• PR #43551: (twangboy) Fix preinstall script on OSX for 2017.7.2 @ 2017-09-18T18:35:35Z
• 3d3b09302d Merge pull request #43551 from twangboy/osx_fix_preinstall_2017.7.2
• c3d9fb63f0 Merge branch '2017.7.2' into osx_fix_preinstall_2017.7.2
• PR #43509: (rallytime) Back-port #43333 to 2017.7.2 @ 2017-09-15T21:21:40Z
• ISSUE #2: (thatch45) salt job queries
• PR #43333: (damon-atkins) Docs are wrong cache_dir (bool) and cache_file (str) cannot be passed as
params + 1 bug | refs: #43509
• 24691da888 Merge pull request #43509 from rallytime/bp-43333-2017.7.2
• b3dbafb035 Update doco
• 5cdcdbf428 Update win_pkg.py
• c3e16661c3 Docs are wrong cache_dir (bool) and cache_file (str) cannot be passed on the cli (#2)
• f33395f1ee Fix logic in /etc/paths.d/salt detection
• PR #43440: (rallytime) Back-port #43421 to 2017.7.2 @ 2017-09-11T20:59:53Z
• PR #43421: (gtmanfred) Revert "Reduce fileclient.get_file latency by merging _file_find and … | refs:
#43440
• 8964cacbf8 Merge pull request #43440 from rallytime/bp-43421
• ea6e661755 Revert "Reduce fileclient.get_file latency by merging _file_find and _file_hash"
• PR #43377: (rallytime) Back-port #43193 to 2017.7.2 @ 2017-09-11T15:32:23Z
• PR #43193: (jettero) Prevent spurious "Template does not exist" error | refs: #43377
• PR #39516: (jettero) Prevent spurious "Template does not exist" error | refs: #43193
• 7fda186b18 Merge pull request #43377 from rallytime/bp-43193
• 842b07fd25 Prevent spurious "Template does not exist" error
• PR #43315: (rallytime) Back-port #43283 to 2017.7.2 @ 2017-09-05T20:04:25Z
• ISSUE #42459: (iavael) Broken ldap groups retrieval in salt.auth.ldap after upgrade to 2017.7 | refs:
#43283
• PR #43283: (DmitryKuzmenko) Fix ldap token groups auth. | refs: #43315
• 85dba1e898 Merge pull request #43315 from rallytime/bp-43283
• f29f5b0cce Fix for tests: don't require 'groups' in the eauth token.
• 56938d5bf2 Fix ldap token groups auth.
• PR #43266: (gtmanfred) switch virtualbox cloud driver to use __utils__ @ 2017-08-30T18:36:20Z
• ISSUE #43259: (mahesh21) NameError: global name '__opts__' is not defined | refs: #43266
• 26ff8088cb Merge pull request #43266 from gtmanfred/virtualbox
• 382bf92de7 switch virtualbox cloud driver to use __utils__
• PR #43073: (Mapel88) Fix bug #42936 - win_iis module container settings @ 2017-08-30T18:34:37Z
• ISSUE #43110: (Mapel88) bug in iis_module - create_cert_binding
• ISSUE #42936: (Mapel88) bug in win_iis module & state - container_setting | refs: #43073
• ee209b144c Merge pull request #43073 from Mapel88/patch-2
• b1a3d15b28 Remove trailing whitespace for linter
• 25c8190e48 Fix pylint errors
• 1eba8c4b8e Fix pylint errors
• 290d7b54af Fix plint errors
• f4f32421ab Fix plint errors
• ec20e9a19a Fix bug #43110 - win_iis module
• 009ef6686b Fix dictionary keys from string to int
• dc793f9a05 Fix bug #42936 - win_iis state
• 13404a47b5 Fix bug #42936 - win_iis module
• PR #43254: (twangboy) Fix unit.modules.test_inspect_collector on Windows @ 2017-08-30T15:46:07Z
• ec1bedc646 Merge pull request #43254 from twangboy/win_fix_test_inspect_collector
• b401340e6c Fix unit.modules.test_inspect_collector on Windows
• PR #43255: (gtmanfred) always return a dict object @ 2017-08-30T14:47:15Z
• ISSUE #43241: (mirceaulinic) Error whilst collecting napalm grains | refs: #43255
• 1fc7307735 Merge pull request #43255 from gtmanfred/2017.7
• 83b0bab34b opt_args needs to be a dict
• PR #43229: (twangboy) Bring changes from #43228 to 2017.7 @ 2017-08-30T14:26:55Z
• PR #43228: (twangboy) Win fix pkg.install | refs: #43229
• fa904ee225 Merge pull request #43229 from twangboy/win_fix_pkg.install-2017.7
• e007a1c26e Fix regex, add .
• 23ec47c74c Add _ to regex search
• b1788b1e5f Bring changes from #43228 to 2017.7
• PR #43251: (twangboy) Skips unit.modules.test_groupadd on Windows @ 2017-08-30T13:56:36Z
• 25666f88f7 Merge pull request #43251 from twangboy/win_skip_test_groupadd
• 5185071d5a Skips unit.modules.test_groupadd on Windows
• PR #43256: (twangboy) Skip mac tests for user and group @ 2017-08-30T13:18:13Z
• a8e09629b2 Merge pull request #43256 from twangboy/win_skip_mac_tests
• cec627a60b Skip mac tests for user and group
• PR #43226: (lomeroe) Fixes for issues in PR #43166 @ 2017-08-29T19:05:39Z
• ISSUE #42279: (dafyddj) win_lgpo matches multiple policies due to startswith() | refs: #43116 #43116
#43166 #43226 #43156
• PR #43166: (lomeroe) Backport #43116 to 2017.7 | refs: #43226
• PR #43156: (lomeroe) Backport #43116 to 2017.7 | refs: #43166
• PR #43116: (lomeroe) Fix 42279 in develop | refs: #43166 #43156
• PR #39773: (twangboy) Make win_file use the win_dacl salt util | refs: #43226
• ac2189c870 Merge pull request #43226 from lomeroe/fix_43166
• 0c424dc4a3 Merge branch '2017.7' into fix_43166
• 324cfd8d1e correcting bad format statement in search for policy to be disabled (fix for #43166)
verify that file exists before attempting to remove (fix for commits from #39773)
• PR #43227: (twangboy) Fix unit.fileserver.test_gitfs for Windows @ 2017-08-29T19:03:36Z
• 6199fb46dc Merge pull request #43227 from twangboy/win_fix_unit_test_gitfs
• c956d24283 Fix is_windows detection when USERNAME missing
• 869e8cc603 Fix unit.fileserver.test_gitfs for Windows
• PR #43217: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-08-28T16:36:28Z
• ISSUE #43101: (aogier) genesis.bootstrap fails if no pkg AND exclude_pkgs (which can't be a string) |
refs: #43103
• ISSUE #42642: (githubcdr) state.augeas | refs: #42669 #43202
• ISSUE #42329: (jagguli) State git.latest does not pull latest tags | refs: #42663
• PR #43202: (garethgreenaway) Reverting previous augeas module changes
• PR #43103: (aogier) genesis.bootstrap deboostrap fix
• PR #42663: (jagguli) Check remote tags before deciding to do a fetch #42329
• 6adc03e4b4 Merge pull request #43217 from rallytime/merge-2017.7
• 3911df2f4b Merge branch '2016.11' into '2017.7'
• 5308c27f9f Merge pull request #43202 from garethgreenaway/42642_2016_11_augeas_module_revert_fix
• ef7e93eb3f Reverting this change due to it breaking other uses.
• f16b7246e4 Merge pull request #43103 from aogier/43101-genesis-bootstrap
• db94f3bb1c better formatting
• e5cc667762 tests: fix a leftover and simplify some parts
• 13e5997457 lint
• 216ced69e5 allow comma-separated pkgs lists, quote args, test deb behaviour
• d8612ae006 fix debootstrap and enhance packages selection/deletion via cmdline
• 4863771428 Merge pull request #42663 from StreetHawkInc/fix_git_tag_check
• 2b5af5b59d Remove refs/tags prefix from remote tags
• 3f2e96e561 Convert set to list for serializer
• 2728e5d977 Only include new tags in changes
• 4b1df2f223 Exclude annotated tags from checks
• 389c037285 Check remote tags before deciding to do a fetch #42329
• PR #43201: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-08-25T22:56:46Z
• ISSUE #43198: (corywright)
disk.format_
needs to be aliased to disk.format | refs: #43199
• ISSUE #43143: (abulford) git.detached does not fetch if rev is missing from local | refs: #43178
• ISSUE #495: (syphernl) mysql.* without having MySQL installed/configured gives traceback | refs:
#43196
• PR #43199: (corywright) Add disk.format alias for disk.format_
• PR #43196: (gtmanfred) Pin request install to version for npm tests
• PR #43179: (terminalmage) Fix missed deprecation
• PR #43178: (terminalmage) git.detached: Fix traceback when rev is a SHA and is not present locally
• PR #43173: (Ch3LL) Add New Release Branch Strategy to Contribution Docs
• PR #43171: (terminalmage) Add warning about adding new functions to salt/utils/__init__.py
• a563a9422a Merge pull request #43201 from rallytime/merge-2017.7
• d40eba6b37 Merge branch '2016.11' into '2017.7'
• 4193e7f0a2 Merge pull request #43199 from corywright/disk-format-alias
• f00d3a9ddc Add disk.format alias for disk.format_
• 5471f9fe0c Merge pull request #43196 from gtmanfred/2016.11
• ccd2241777 Pin request install to version
• ace2715c60 Merge pull request #43178 from terminalmage/issue43143
• 2640833400 git.detached: Fix traceback when rev is a SHA and is not present locally
• 12e9507b9e Merge pull request #43179 from terminalmage/old-deprecation
• 3adf8ad04b Fix missed deprecation
• b595440d90 Merge pull request #43171 from terminalmage/salt-utils-warning
• 7b5943a31a Add warning about adding new functions to salt/utils/__init__.py
• 4f273cac4f Merge pull request #43173 from Ch3LL/add_branch_docs
• 1b24244bd3 Add New Release Branch Strategy to Contribution Docs
• PR #42997: (twangboy) Fix unit.test_test_module_names for Windows @ 2017-08-25T21:19:11Z
• ce04ab4286 Merge pull request #42997 from twangboy/win_fix_test_module_names
• 2722e9521d Use os.path.join to create paths
• PR #43006: (SuperPommeDeTerre) Try to fix #26995 @ 2017-08-25T21:16:07Z
• ISSUE #26995: (jbouse) Issue with artifactory.downloaded and snapshot artifacts | refs: #43006 #43006
• c0279e491e Merge pull request #43006 from SuperPommeDeTerre/SuperPommeDeTerre-patch-#26995
• 30dd6f5d12 Merge remote-tracking branch 'upstream/2017.7' into SuperPommeDeTerre-patch-#26995
• f42ae9b8cd Merge branch 'SuperPommeDeTerre-patch-#26995' of https://github.com/SuperPommeDeTerre/salt
into SuperPommeDeTerre-patch-#26995
• 50ee3d5682 Merge remote-tracking branch 'remotes/origin/2017.7' into SuperPommeDeTerre-patch-#26995
• 0b666e100b Fix typo.
• 1b8729b3e7 Fix for #26995
• e314102978 Fix typo.
• db11e1985b Fix for #26995
• PR #43184: (terminalmage) docker.compare_container: Perform boolean comparison when one side's value is
null/None @ 2017-08-25T18:42:11Z
• ISSUE #43162: (MorphBonehunter) docker_container.running interference with restart_policy | refs:
#43184
• b6c5314fe9 Merge pull request #43184 from terminalmage/issue43162
• 081f42ad71 docker.compare_container: Perform boolean comparison when one side's value is null/None
• PR #43165: (mirceaulinic) Improve napalm state output in debug mode @ 2017-08-24T23:05:37Z
• 688125bb4f Merge pull request #43165 from cloudflare/fix-napalm-ret
• c10717dc89 Lint and fix
• 1cd33cbaa9 Simplify the loaded_ret logic
• 0bbea6b04c Document the new compliance_report arg
• 3a906109bd Include compliance reports
• 3634055e34 Improve napalm state output in debug mode
• PR #43155: (terminalmage) Resolve image ID during container comparison @ 2017-08-24T22:09:47Z
• a6a327b1e5 Merge pull request #43155 from terminalmage/issue43001
• 0186835ebf Fix docstring in test
• a0bb654e46 Fixing lint issues
• d5b2a0be68 Resolve image ID during container comparison
• PR #43170: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-08-24T19:22:26Z
• PR #43151: (ushmodin) state.sls hangs on file.recurse with clean: True on windows
• PR #42969: (ushmodin) state.sls hangs on file.recurse with clean: True on windows | refs: #43151
• c071fd44c8 Merge pull request #43170 from rallytime/merge-2017.7
• 3daad5a3a2 Merge branch '2016.11' into '2017.7'
• 669b376abf Merge pull request #43151 from ushmodin/2016.11
• c5841e2ade state.sls hangs on file.recurse with clean: True on windows
• PR #43168: (rallytime) Back-port #43041 to 2017.7 @ 2017-08-24T19:07:23Z
• ISSUE #43040: (darcoli) gitFS ext_pillar with branch name __env__ results in empty pillars | refs:
#43041 #43041
• PR #43041: (darcoli) Do not try to match pillarenv with __env__ | refs: #43168
• 034c325a09 Merge pull request #43168 from rallytime/bp-43041
• d010b74b87 Do not try to match pillarenv with __env__
• PR #43172: (rallytime) Move new utils/__init__.py funcs to utils.files.py @ 2017-08-24T19:05:30Z
• PR #43056: (damon-atkins) safe_filename_leaf(file_basename) and safe_filepath(file_path_name) | refs:
#43172
• d48938e6b4 Merge pull request #43172 from rallytime/move-utils-funcs
• 5385c7901e Move new utils/__init__.py funcs to utils.files.py
• PR #43061: (pabloh007) Have docker.save use the image name when valid if not use image id, i… @
2017-08-24T16:32:02Z
• ISSUE #43043: (pabloh007) docker.save and docker.load problem | refs: #43061 #43061
• e60f586442 Merge pull request #43061 from pabloh007/fix-save-image-name-id
• 0ffc57d1df Have docker.save use the image name when valid if not use image id, issue when loading and
image is savid with id issue #43043
• PR #43166: (lomeroe) Backport #43116 to 2017.7 | refs: #43226 @ 2017-08-24T15:01:23Z
• ISSUE #42279: (dafyddj) win_lgpo matches multiple policies due to startswith() | refs: #43116 #43116
#43166 #43226 #43156
• PR #43156: (lomeroe) Backport #43116 to 2017.7 | refs: #43166
• PR #43116: (lomeroe) Fix 42279 in develop | refs: #43166 #43156
• 9da57543f8 Merge pull request #43166 from lomeroe/bp-43116-2017.7
• af181b3257 correct fopen calls from salt.utils for 2017.7
• f74480f11e lint fix
• ecd446fd55 track xml namespace to ensure policies w/duplicate IDs or Names do not conflict
• 9f3047c420 add additional checks for ADM policies that have the same ADMX policy ID (#42279)
• PR #43056: (damon-atkins) safe_filename_leaf(file_basename) and safe_filepath(file_path_name) | refs:
#43172 @ 2017-08-23T17:35:02Z
• 44b3caead1 Merge pull request #43056 from damon-atkins/2017.7
• 08ded1546e more lint
• 6e9c0957fb fix typo
• ee41171c9f lint fixes
• 8c864f02c7 fix missing imports
• 964cebd954 safe_filename_leaf(file_basename) and safe_filepath(file_path_name)
• PR #43146: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-08-23T16:56:10Z
• ISSUE #43036: (mcarlton00) Linux VMs in Bhyve aren't displayed properly in grains | refs: #43037
• PR #43100: (vutny) [DOCS] Add missing utils sub-dir listed for extension_modules
• PR #43037: (mcarlton00) Issue #43036 Bhyve virtual grain in Linux VMs
• PR #42986: (renner) Notify systemd synchronously (via NOTIFY_SOCKET)
• 6ca9131a23 Merge pull request #43146 from rallytime/merge-2017.7
• bcbe180fbc Merge branch '2016.11' into '2017.7'
• ae9d2b7985 Merge pull request #42986 from renner/systemd-notify
• 79c53f3f81 Fallback to systemd_notify_call() in case of socket.error
• f1765472dd Notify systemd synchronously (via NOTIFY_SOCKET)
• b420fbe618 Merge pull request #43037 from mcarlton00/fix-bhyve-grains
• 73315f0cf0 Issue #43036 Bhyve virtual grain in Linux VMs
• 0a86f2d884 Merge pull request #43100 from vutny/doc-add-missing-utils-ext
• af743ff6c3 [DOCS] Add missing utils sub-dir listed for extension_modules
• PR #43123: (twangboy) Fix unit.utils.test_which for Windows @ 2017-08-23T16:01:39Z
• 03f652159f Merge pull request #43123 from twangboy/win_fix_test_which
• ed97cff5f6 Fix unit.utils.test_which for Windows
• PR #43142: (rallytime) Back-port #43068 to 2017.7 @ 2017-08-23T15:56:48Z
• ISSUE #42505: (ikogan) selinux.fcontext_policy_present exception looking for
selinux.filetype_id_to_string | refs: #43068
• PR #43068: (ixs) Mark selinux._filetype_id_to_string as public function | refs: #43142
• 5a4fc07863 Merge pull request #43142 from rallytime/bp-43068
• efc1c8c506 Mark selinux._filetype_id_to_string as public function
• PR #43038: (twangboy) Fix unit.utils.test_url for Windows @ 2017-08-23T13:35:25Z
• 0467a0e3bf Merge pull request #43038 from twangboy/win_unit_utils_test_url
• 7f5ee55f57 Fix unit.utils.test_url for Windows
• PR #43097: (twangboy) Fix group.present for Windows @ 2017-08-23T13:19:56Z
• e9ccaa61d2 Merge pull request #43097 from twangboy/win_fix_group
• 43b0360763 Fix lint
• 9ffe315d7d Add kwargs
• 4f4e34c79f Fix group state for Windows
• PR #43115: (rallytime) Back-port #42067 to 2017.7 @ 2017-08-22T20:09:52Z
• PR #42067: (vitaliyf) Removed several uses of name.split('.')[0] in SoftLayer driver. | refs: #43115
• 8140855627 Merge pull request #43115 from rallytime/bp-42067
• 8a6ad0a9cf Fixed typo.
• 9a5ae2bba1 Removed several uses of name.split('.')[0] in SoftLayer driver.
• PR #42962: (twangboy) Fix unit.test_doc test for Windows @ 2017-08-22T18:06:23Z
• 1e1a81036c Merge pull request #42962 from twangboy/win_unit_test_doc
• 201ceae4c4 Fix lint, remove debug statement
• 37029c1a16 Fix unit.test_doc test
• PR #42995: (twangboy) Fix malformed requisite for Windows @ 2017-08-22T16:50:01Z
• d347d1cf8f Merge pull request #42995 from twangboy/win_fix_invalid_requisite
• 93390de88b Fix malformed requisite for Windows
• PR #43108: (rallytime) Back-port #42988 to 2017.7 @ 2017-08-22T16:49:27Z
• PR #42988: (thusoy) Fix broken negation in iptables | refs: #43108
• 1c7992a832 Merge pull request #43108 from rallytime/bp-42988
• 1a987cb948 Fix broken negation in iptables
• PR #43107: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-08-22T16:11:25Z
• ISSUE #42869: (abednarik) Git Module : Failed to update repository | refs: #43064
• ISSUE #42041: (lorengordon) pkg.list_repo_pkgs fails to find pkgs with spaces around yum repo enabled
value | refs: #43054
• ISSUE #15171: (JensRantil) Maximum recursion limit hit related to requisites | refs: #42985
• PR #43092: (blarghmatey) Fixed issue with silently passing all tests in Testinfra module
• PR #43064: (terminalmage) Fix race condition in git.latest
• PR #43060: (twangboy) Osx update pkg scripts
• PR #43054: (lorengordon) Uses ConfigParser to read yum config files
• PR #42985: (DmitryKuzmenko) Properly handle prereq having lost requisites.
• PR #42045: (arount) Fix: salt.modules.yumpkg: ConfigParser to read ini like files. | refs: #43054
• c6993f4a84 Merge pull request #43107 from rallytime/merge-2017.7
• 328dd6aa23 Merge branch '2016.11' into '2017.7'
• e2bf2f448e Merge pull request #42985 from DSRCorporation/bugs/15171_recursion_limit
• 651b1bab09 Properly handle prereq having lost requisites.
• e51333306c Merge pull request #43092 from mitodl/2016.11
• d4b113acdf Fixed issue with silently passing all tests in Testinfra module
• 77a443ce8e Merge pull request #43060 from twangboy/osx_update_pkg_scripts
• ef8a14cdf9 Remove /opt/salt instead of /opt/salt/bin
• 2dd62aa1da Add more information to the description
• f44f5b70dc Only stop services if they are running
• 3b62bf953c Remove salt from the path
• ebdca3a0f5 Update pkg-scripts
• 1b1b6da803 Merge pull request #43064 from terminalmage/issue42869
• 093c0c2f77 Fix race condition in git.latest
• 96e8e836d1 Merge pull request #43054 from lorengordon/fix/yumpkg/config-parser
• 3b2cb81a72 fix typo in salt.modules.yumpkg
• 38add0e4a2 break if leading comments are all fetched
• d7f65dc7a7 fix configparser import & log if error was raised
• ca1b1bb633 use configparser to parse yum repo file
• PR #42996: (twangboy) Fix unit.test_stateconf for Windows @ 2017-08-21T22:43:58Z
• f9b4976c02 Merge pull request #42996 from twangboy/win_fix_test_stateconf
• 92dc3c0ece Use os.sep for path
• PR #43024: (twangboy) Fix unit.utils.test_find for Windows @ 2017-08-21T22:38:10Z
• 19fc644c9b Merge pull request #43024 from twangboy/win_unit_utils_test_find
• fbe54c9a33 Remove unused import six (lint)
• b04d1a2f18 Fix unit.utils.test_find for Windows
• PR #43088: (gtmanfred) allow docker util to be reloaded with reload_modules @ 2017-08-21T22:14:37Z
• 1a531169fc Merge pull request #43088 from gtmanfred/2017.7
• 373a9a0be4 allow docker util to be reloaded with reload_modules
• PR #43091: (blarghmatey) Fixed issue with silently passing all tests in Testinfra module @
2017-08-21T22:06:22Z
• 83e528f0b3 Merge pull request #43091 from mitodl/2017.7
• b502560e61 Fixed issue with silently passing all tests in Testinfra module
• PR #41994: (twangboy) Fix unit.modules.test_cmdmod on Windows @ 2017-08-21T21:53:01Z
• 5482524270 Merge pull request #41994 from twangboy/win_unit_test_cmdmod
• a5f7288ad9 Skip test that uses pwd, not available on Windows
• PR #42933: (garethgreenaway) Fixes to osquery module @ 2017-08-21T20:48:31Z
• ISSUE #42873: (TheVakman) osquery Data Empty Upon Return / Reporting Not Installed | refs: #42933
• b33c4abc15 Merge pull request #42933 from garethgreenaway/42873_2017_7_osquery_fix
• 8915e62bd9 Removing an import that is not needed.
• 74bc377eb4 Updating the other function that uses cmd.run_all
• e6a4619ec1 Better approach without using python_shell=True.
• 5ac41f496d When running osquery commands through cmd.run we should pass python_shell=True to ensure
everything is formatted right. #42873
• PR #43093: (gtmanfred) Fix ec2 list_nodes_full to work on 2017.7 @ 2017-08-21T20:21:21Z
• 53c2115769 Merge pull request #43093 from gtmanfred/ec2
• c7cffb5a04 This block isn't necessary
• b7283bcc6f _vm_provider_driver isn't needed anymore
• PR #43087: (rallytime) Back-port #42174 to 2017.7 @ 2017-08-21T18:40:18Z
• ISSUE #43085: (brejoc) Patch for Kubernetes module missing from 2017.7 and 2017.7.1 | refs: #43087
• PR #42174: (mcalmer) kubernetes: provide client certificate authentication | refs: #43087
• 32f9ade4db Merge pull request #43087 from rallytime/bp-42174
• cf6563645b add support for certificate authentication to kubernetes module
• PR #43029: (terminalmage) Normalize the salt caching API @ 2017-08-21T16:54:58Z
• 882fcd846f Merge pull request #43029 from terminalmage/fix-func-alias
• f8f74a310c Update localfs cache tests to reflect changes to func naming
• c4ae79b229 Rename other refs to cache.ls with cache.list
• ee59d127e8 Normalize the salt caching API
• PR #43039: (gtmanfred) catch ImportError for kubernetes.client import @ 2017-08-21T14:32:38Z
• ISSUE #42843: (brejoc) Kubernetes module won't work with Kubernetes Python client > 1.0.2 | refs:
#42845
• PR #42845: (brejoc) API changes for Kubernetes version 2.0.0 | refs: #43039
• dbee735f6e Merge pull request #43039 from gtmanfred/kube
• 7e269cb368 catch ImportError for kubernetes.client import
• PR #43058: (rallytime) Update release version number for jenkins.run function @ 2017-08-21T14:13:34Z
• c56a8499b3 Merge pull request #43058 from rallytime/fix-release-num
• d7eef70df0 Update release version number for jenkins.run function
• PR #43051: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-08-18T17:05:57Z
• ISSUE #42992: (pabloh007) docker.save flag push does is ignored
• ISSUE #42627: (taigrrr8) salt-cp no longer works. Was working a few months back. | refs: #42890
• ISSUE #40490: (alxwr) saltstack x509 incompatible to m2crypto 0.26.0 | refs: #42760
• PR #43048: (rallytime) Back-port #43031 to 2016.11
• PR #43033: (rallytime) Back-port #42760 to 2016.11
• PR #43032: (rallytime) Back-port #42547 to 2016.11
• PR #43031: (gtmanfred) use a ruby gem that doesn't have dependencies | refs: #43048
• PR #43027: (pabloh007) Fixes ignore push flag for docker.push module issue #42992
• PR #43026: (rallytime) Back-port #43020 to 2016.11
• PR #43023: (terminalmage) Fixes/improvements to Jenkins state/module
• PR #43021: (terminalmage) Use socket.AF_INET6 to get the correct value instead of doing an OS check
• PR #43020: (gtmanfred) test with gem that appears to be abandoned | refs: #43026
• PR #43019: (rallytime) Update bootstrap script to latest stable: v2017.08.17
• PR #43014: (Ch3LL) Change AF_INET6 family for mac in test_host_to_ips | refs: #43021
• PR #43009: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11
• PR #42954: (Ch3LL) [2016.3] Bump latest and previous versions
• PR #42949: (Ch3LL) Add Security Notice to 2016.3.7 Release Notes
• PR #42942: (Ch3LL) [2016.3] Add clean_id function to salt.utils.verify.py
• PR #42890: (DmitryKuzmenko) Make chunked mode in salt-cp optional
• PR #42760: (AFriemann) Catch TypeError thrown by m2crypto when parsing missing subjects in c… | refs:
#43033
• PR #42547: (blarghmatey) Updated testinfra modules to work with more recent versions | refs: #43032
• 7b0c94768a Merge pull request #43051 from rallytime/merge-2017.7
• 153a463b86 Lint: Add missing blank line
• 84829a6f8c Merge branch '2016.11' into '2017.7'
• 43aa46f512 Merge pull request #43048 from rallytime/bp-43031
• 35e45049e2 use a ruby gem that doesn't have dependencies
• ad89ff3104 Merge pull request #43023 from terminalmage/fix-jenkins-xml-caching
• 33fd8ff939 Update jenkins.py
• fc306fc8c3 Add missing colon in if statement
• 822eabcc81 Catch exceptions raised when making changes to jenkins
• 91b583b493 Improve and correct execption raising
• f096917a0e Raise an exception if we fail to cache the config xml
• 2957467ed7 Merge pull request #43026 from rallytime/bp-43020
• 0eb15a1f67 test with gem that appears to be abandoned
• 4150b094fe Merge pull request #43033 from rallytime/bp-42760
• 3e3f7f5d8e Catch TypeError thrown by m2crypto when parsing missing subjects in certificate files.
• b124d3667e Merge pull request #43032 from rallytime/bp-42547
• ea4d7f4176 Updated testinfra modules to work with more recent versions
• a88386ad44 Merge pull request #43027 from pabloh007/fix-docker-save-push-2016-11
• d0fd949f85 Fixes ignore push flag for docker.push module issue #42992
• 51d16840bb Merge pull request #42890 from DSRCorporation/bugs/42627_salt-cp
• cfddbf1c75 Apply code review: update the doc
• afedd3b654 Typos and version fixes in the doc.
• 9fedf6012e Fixed 'test_valid_docs' test.
• 999388680c Make chunked mode in salt-cp optional (disabled by default).
• b3c253cdfa Merge pull request #43009 from rallytime/merge-2016.11
• 566ba4fe76 Merge branch '2016.3' into '2016.11'
• 13b8637d53 Merge pull request #42942 from Ch3LL/2016.3.6_follow_up
• f281e1795f move additional minion config options to 2016.3.8 release notes
• 168604ba6b remove merge conflict
• 8a07d95212 update release notes with cve number
• 149633fdca Add release notes for 2016.3.7 release
• 7a4cddcd95 Add clean_id function to salt.utils.verify.py
• bbb1b29ccb Merge pull request #42954 from Ch3LL/latest_2016.3
• b551e66744 [2016.3] Bump latest and previous versions
• 5d5edc54b7 Merge pull request #42949 from Ch3LL/2016.3.7_docs
• d75d3741f8 Add Security Notice to 2016.3.7 Release Notes
• 37c63e7cf2 Merge pull request #43021 from terminalmage/fix-network-test
• 4089b7b1bc Use socket.AF_INET6 to get the correct value instead of doing an OS check
• 8f6423247c Merge pull request #43019 from rallytime/bootstrap_2017.08.17
• 2f762b3a17 Update bootstrap script to latest stable: v2017.08.17
• ff1caeee68 Merge pull request #43014 from Ch3LL/fix_network_mac
• b8eee4401e Change AF_INET6 family for mac in test_host_to_ips
• PR #43035: (rallytime) [2017.7] Merge forward from 2017.7.1 to 2017.7 @ 2017-08-18T12:58:17Z
• PR #42948: (Ch3LL) [2017.7.1] Add clean_id function to salt.utils.verify.py | refs: #43035
• PR #42945: (Ch3LL) [2017.7] Add clean_id function to salt.utils.verify.py | refs: #43035
• d15b0ca937 Merge pull request #43035 from rallytime/merge-2017.7
• 756128a896 Merge branch '2017.7.1' into '2017.7'
• ab1b099730 Merge pull request #42948 from Ch3LL/2017.7.0_follow_up
• PR #43034: (rallytime) Back-port #43002 to 2017.7 @ 2017-08-17T23:18:16Z
• ISSUE #42989: (blbradley) GitFS GitPython performance regression in 2017.7.1 | refs: #43002 #43002
• PR #43002: (the-glu) Try to fix #42989 | refs: #43034
• bcbb973a71 Merge pull request #43034 from rallytime/bp-43002
• 350c0767dc Try to fix #42989 by doing sslVerify and refspecs for origin remote only if there is no
remotes
• PR #42958: (gtmanfred) runit module should also be loaded as runit @ 2017-08-17T22:30:23Z
• ISSUE #42375: (dragonpaw) salt.modules.*.__virtualname__ doens't work as documented. | refs: #42523
#42958
• 9182f55bbb Merge pull request #42958 from gtmanfred/2017.7
• fd6874668b runit module should also be loaded as runit
• PR #43031: (gtmanfred) use a ruby gem that doesn't have dependencies | refs: #43048 @
2017-08-17T22:26:25Z
• 5985cc4e8e Merge pull request #43031 from gtmanfred/test_gem
• ba80a7d4b5 use a ruby gem that doesn't have dependencies
• PR #43030: (rallytime) Small cleanup to dockermod.save @ 2017-08-17T22:26:00Z
• 246176b1a6 Merge pull request #43030 from rallytime/dockermod-minor-change
• d6a5e85632 Small cleanup to dockermod.save
• PR #42993: (pabloh007) Fixes ignored push flag for docker.push module issue #42992 @
2017-08-17T18:50:37Z
• ISSUE #42992: (pabloh007) docker.save flag push does is ignored
• 160001120b Merge pull request #42993 from pabloh007/fix-docker-save-push
• fe7554cfeb Fixes ignored push flag for docker.push module issue #42992
• PR #42967: (terminalmage) Fix bug in on_header callback when no Content-Type is found in headers @
2017-08-17T18:48:52Z
• ISSUE #42941: (danlsgiga) pkg.installed fails on installing from HTTPS rpm source | refs: #42967
• 9009a971b1 Merge pull request #42967 from terminalmage/issue42941
• b838460816 Fix bug in on_header callback when no Content-Type is found in headers
• PR #43016: (gtmanfred) service should return false on exception @ 2017-08-17T18:08:05Z
• ISSUE #43008: (fillarios) states.service.running always succeeds when watched state has changes |
refs: #43016
• 58f070d7a7 Merge pull request #43016 from gtmanfred/service
• 21c264fe55 service should return false on exception
• PR #43020: (gtmanfred) test with gem that appears to be abandoned | refs: #43026 @ 2017-08-17T16:40:41Z
• 973d288eca Merge pull request #43020 from gtmanfred/test_gem
• 0a1f40a664 test with gem that appears to be abandoned
• PR #42999: (garethgreenaway) Fixes to slack engine @ 2017-08-17T15:46:24Z
• 9cd0607fd4 Merge pull request #42999 from garethgreenaway/slack_engine_allow_editing_messages
• 0ece2a8f0c Fixing a bug that prevented editing Slack messages and having the commands resent to the
Slack engine.
• PR #43010: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-08-17T15:10:29Z
• ISSUE #42803: (gmcwhistler) master_type: str, not working as expected, parent salt-minion process
dies. | refs: #42848
• ISSUE #42753: (grichmond-salt) SaltReqTimeout Error on Some Minions when One Master in a Multi-Master
Configuration is Unavailable | refs: #42848
• ISSUE #42644: (stamak) nova salt-cloud -P Private IPs returned, but not public. Checking for
misidentified IPs | refs: #42940
• ISSUE #38839: (DaveOHenry) Invoking runner.cloud.action via reactor sls fails | refs: #42291
• PR #42968: (vutny) [DOCS] Fix link to Salt Cloud Feature Matrix
• PR #42959: (rallytime) Back-port #42883 to 2016.11
• PR #42952: (Ch3LL) [2016.11] Bump latest and previous versions
• PR #42950: (Ch3LL) Add Security Notice to 2016.11.7 Release Notes
• PR #42944: (Ch3LL) [2016.11] Add clean_id function to salt.utils.verify.py
• PR #42940: (gtmanfred) create new ip address before checking list of allocated ips
• PR #42919: (rallytime) Back-port #42871 to 2016.11
• PR #42918: (rallytime) Back-port #42848 to 2016.11
• PR #42883: (rallytime) Fix failing boto tests | refs: #42959
• PR #42871: (amalleo25) Update joyent.rst | refs: #42919
• PR #42861: (twangboy) Fix pkg.install salt-minion using salt-call
• PR #42848: (DmitryKuzmenko) Execute fire_master asynchronously in the main minion thread. | refs:
#42918
• PR #42836: (aneeshusa) Backport salt.utils.versions from develop to 2016.11
• PR #42835: (aneeshusa) Fix typo in utils/versions.py module | refs: #42836
• PR #42798: (s-sebastian) Update return data before calling returners
• PR #42291: (vutny) Fix #38839: remove state from Reactor runner kwags
• 31627a9163 Merge pull request #43010 from rallytime/merge-2017.7
• 8a0f948e4a Merge branch '2016.11' into '2017.7'
• 1ee9499d28 Merge pull request #42968 from vutny/doc-salt-cloud-ref
• 44ed53b1df [DOCS] Fix link to Salt Cloud Feature Matrix
• 923f9741fe Merge pull request #42291 from vutny/fix-38839
• 5f8f98a01f Fix #38839: remove state from Reactor runner kwags
• c20bc7d515 Merge pull request #42940 from gtmanfred/2016.11
• 253e216a8d fix IP address spelling
• bd63074e7a create new ip address before checking list of allocated ips
• d6496eca72 Merge pull request #42959 from rallytime/bp-42883
• c6b9ca4b9e Lint fix: add missing space
• 5597b1a30e Skip 2 failing tests in Python 3 due to upstream bugs
• a0b19bdc27 Update account id value in boto_secgroup module unit test
• 60b406e088 @mock_elb needs to be changed to @mock_elb_deprecated as well
• 6ae1111295 Replace @mock_ec2 calls with @mock_ec2_deprecated calls
• 6366e05d0d Merge pull request #42944 from Ch3LL/2016.11.6_follow_up
• 7e0a20afca Add release notes for 2016.11.7 release
• 63823f8c3e Add clean_id function to salt.utils.verify.py
• 49d339c976 Merge pull request #42952 from Ch3LL/latest_2016.11
• 74e7055d54 [2016.11] Bump latest and previous versions
• b0d2e05a79 Merge pull request #42950 from Ch3LL/2016.11.7_docs
• a6f902db40 Add Security Notice to 2016.11.77 Release Notes
• c0ff69f88c Merge pull request #42836 from lyft/backport-utils.versions-to-2016.11
• 86ce7004a2 Backport salt.utils.versions from develop to 2016.11
• 64a79dd5ac Merge pull request #42919 from rallytime/bp-42871
• 4e46c968e6 Update joyent.rst
• bea8ec1098 Merge pull request #42918 from rallytime/bp-42848
• cdb48126f7 Make lint happier.
• 62eca9b00b Execute fire_master asynchronously in the main minion thread.
• 52bce329cb Merge pull request #42861 from twangboy/win_pkg_install_salt
• 0d3789f0c6 Fix pkg.install salt-minion using salt-call
• b9f4f87aa5 Merge pull request #42798 from s-sebastian/2016.11
• 1cc86592ed Update return data before calling returners
• PR #42884: (Giandom) Convert to dict type the pillar string value passed from slack @
2017-08-16T22:30:43Z
• ISSUE #42842: (Giandom) retreive kwargs passed with slack engine | refs: #42884
• 82be9dceb6 Merge pull request #42884 from Giandom/2017.7.1-fix-slack-engine-pillar-args
• 80fd733c99 Update slack.py
• PR #42963: (twangboy) Fix unit.test_fileclient for Windows @ 2017-08-16T14:18:18Z
• 42bd553b98 Merge pull request #42963 from twangboy/win_unit_test_fileclient
• e9febe4893 Fix unit.test_fileclient
• PR #42964: (twangboy) Fix salt.utils.recursive_copy for Windows @ 2017-08-16T14:17:27Z
• 7dddeeea8d Merge pull request #42964 from twangboy/win_fix_recursive_copy
• 121cd4ef81 Fix salt.utils.recursive_copy for Windows
• PR #42946: (mirceaulinic) extension_modules should default to $CACHE_DIR/proxy/extmods @
2017-08-15T21:26:36Z
• ISSUE #42943: (mirceaulinic) extension_modules defaulting to /var/cache/minion although running under
proxy minion | refs: #42946
• 6da4d1d95e Merge pull request #42946 from cloudflare/px_extmods_42943
• 73f9135340 extension_modules should default to /proxy/extmods
• PR #42945: (Ch3LL) [2017.7] Add clean_id function to salt.utils.verify.py | refs: #43035 @
2017-08-15T18:04:20Z
• 95645d49f9 Merge pull request #42945 from Ch3LL/2017.7.0_follow_up
• dcd92042e3 remove extra doc
• 693a504ef0 update release notes with cve number
• PR #42812: (terminalmage) Update custom YAML loader tests to properly test unicode literals @
2017-08-15T17:50:22Z
• ISSUE #42427: (grichmond-salt) Issue Passing Variables created from load_json as Inline Pillar
Between States | refs: #42435
• PR #42435: (terminalmage) Modify our custom YAML loader to treat unicode literals as unicode strings
| refs: #42812
• 47ff9d5627 Merge pull request #42812 from terminalmage/yaml-loader-tests
• 9d8486a894 Add test for custom YAML loader with unicode literal strings
• a0118bcece Remove bytestrings and use textwrap.dedent for readability
• PR #42953: (Ch3LL) [2017.7] Bump latest and previous versions @ 2017-08-15T17:23:28Z
• 5d0c2198ac Merge pull request #42953 from Ch3LL/latest_2017.7
• cbecf65823 [2017.7] Bump latest and previous versions
• PR #42951: (Ch3LL) Add Security Notice to 2017.7.1 Release Notes @ 2017-08-15T16:49:56Z
• 730e71db17 Merge pull request #42951 from Ch3LL/2017.7.1_docs
• 1d8f827c58 Add Security Notice to 2017.7.1 Release Notes
• PR #42868: (carsonoid) Stub out required functions in redis_cache @ 2017-08-15T14:33:54Z
• c1c8cb9bfa Merge pull request #42868 from carsonoid/redisjobcachefix
• 885bee2a7d Stub out required functions for redis cache
• PR #42810: (amendlik) Ignore error values when listing Windows SNMP community strings @
2017-08-15T03:55:15Z
• e192d6e0af Merge pull request #42810 from amendlik/win-snmp-community
• dc20e4651b Ignore error values when listing Windows SNMP community strings
• PR #42920: (cachedout) pid_race @ 2017-08-15T03:49:10Z
• a1817f1de3 Merge pull request #42920 from cachedout/pid_race
• 5e930b8cbd If we catch the pid file in a transistory state, return None
• PR #42925: (terminalmage) Add debug logging to troubleshoot test failures @ 2017-08-15T03:47:51Z
• 11a33fe692 Merge pull request #42925 from terminalmage/f26-debug-logging
• 8165f46165 Add debug logging to troubleshoot test failures
• PR #42913: (twangboy) Change service shutdown timeouts for salt-minion service (Windows) @
2017-08-14T20:55:24Z
• a537197030 Merge pull request #42913 from twangboy/win_change_timeout
• ffb23fbe47 Remove the line that wipes out the cache
• a3becf8342 Change service shutdown timeouts
• PR #42800: (skizunov) Fix exception when master_type=disable @ 2017-08-14T20:53:38Z
• ca0555f616 Merge pull request #42800 from skizunov/develop6
• fa5822009f Fix exception when master_type=disable
• PR #42679: (mirceaulinic) Add multiprocessing option for NAPALM proxy @ 2017-08-14T20:45:06Z
• 3af264b664 Merge pull request #42679 from cloudflare/napalm-multiprocessing
• 9c4566db0c multiprocessing option tagged for 2017.7.2
• 37bca1b902 Add multiprocessing option for NAPALM proxy
• a2565ba8e5 Add new napalm option: multiprocessing
• PR #42657: (nhavens) back-port #42612 to 2017.7 @ 2017-08-14T19:42:26Z
• ISSUE #42611: (nhavens) selinux.boolean state does not return changes | refs: #42612
• PR #42612: (nhavens) fix for issue #42611 | refs: #42657
• 4fcdab3ae9 Merge pull request #42657 from nhavens/2017.7
• d73c4b55b7 back-port #42612 to 2017.7
• PR #42709: (whiteinge) Add token_expire_user_override link to auth runner docstring @
2017-08-14T19:03:06Z
• d2b6ce327a Merge pull request #42709 from whiteinge/doc-token_expire_user_override
• c7ea631558 Add more docs on the token_expire param
• 4a9f6ba44f Add token_expire_user_override link to auth runner docstring
• PR #42848: (DmitryKuzmenko) Execute fire_master asynchronously in the main minion thread. | refs:
#42918 @ 2017-08-14T18:28:38Z
• ISSUE #42803: (gmcwhistler) master_type: str, not working as expected, parent salt-minion process
dies. | refs: #42848
• ISSUE #42753: (grichmond-salt) SaltReqTimeout Error on Some Minions when One Master in a Multi-Master
Configuration is Unavailable | refs: #42848
• c6a7bf02e9 Merge pull request #42848 from DSRCorporation/bugs/42753_mmaster_timeout
• 7f5412c19e Make lint happier.
• ff66b7aaf0 Execute fire_master asynchronously in the main minion thread.
• PR #42911: (gtmanfred) cloud driver isn't a provider @ 2017-08-14T17:47:16Z
• 6a3279ea50 Merge pull request #42911 from gtmanfred/2017.7
• 99046b441f cloud driver isn't a provider
• PR #42860: (skizunov) hash_and_stat_file should return a 2-tuple @ 2017-08-14T15:44:54Z
• 4456f7383d Merge pull request #42860 from skizunov/develop7
• 5f85a03636 hash_and_stat_file should return a 2-tuple
• PR #42889: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-08-14T14:16:20Z
• ISSUE #41976: (abulford) dockerng network states do not respect test=True | refs: #41977 #41977
• ISSUE #41770: (Ch3LL) NPM v5 incompatible with salt.modules.cache_list | refs: #42856
• ISSUE #475: (thatch45) Change yaml to use C bindings | refs: #42856
• PR #42886: (sarcasticadmin) Adding missing output flags to salt cli docs
• PR #42882: (gtmanfred) make sure cmd is not run when npm isn't installed
• PR #42877: (terminalmage) Add virtual func for cron state module
• PR #42864: (whiteinge) Make syndic_log_file respect root_dir setting
• PR #42859: (terminalmage) Add note about git CLI requirement for GitPython to GitFS tutorial
• PR #42856: (gtmanfred) skip cache_clean test if npm version is >= 5.0.0
• PR #42788: (amendlik) Remove waits and retries from Saltify deployment
• PR #41977: (abulford) Fix dockerng.network_* ignoring of tests=True
• c6ca7d639f Merge pull request #42889 from rallytime/merge-2017.7
• fb7117f2ac Use salt.utils.versions.LooseVersion instead of distutils
• 29ff19c587 Merge branch '2016.11' into '2017.7'
• c15d0034fe Merge pull request #41977 from redmatter/fix-dockerng-network-ignores-test
• 1cc2aa503a Fix dockerng.network_* ignoring of tests=True
• 3b9c3c5671 Merge pull request #42886 from sarcasticadmin/adding_docs_salt_outputs
• 744bf954ff Adding missing output flags to salt cli
• e5b98c8a88 Merge pull request #42882 from gtmanfred/2016.11
• da3402a53d make sure cmd is not run when npm isn't installed
• 5962c9588b Merge pull request #42788 from amendlik/saltify-timeout
• 928b523797 Remove waits and retries from Saltify deployment
• 227ecddd13 Merge pull request #42877 from terminalmage/add-cron-state-virtual
• f1de196740 Add virtual func for cron state module
• ab9f6cef33 Merge pull request #42859 from terminalmage/gitpython-git-cli-note
• 35e05c9515 Add note about git CLI requirement for GitPython to GitFS tutorial
• 682b4a8d14 Merge pull request #42856 from gtmanfred/2016.11
• b458b89fb8 skip cache_clean test if npm version is >= 5.0.0
• 01ea854029 Merge pull request #42864 from whiteinge/syndic-log-root_dir
• 4b1f55da9c Make syndic_log_file respect root_dir setting
• PR #42898: (mirceaulinic) Minor eos doc correction @ 2017-08-14T13:42:21Z
• 4b6fe2ee59 Merge pull request #42898 from mirceaulinic/patch-11
• 93be79a135 Index eos under the installation instructions list
• f903e7bc39 Minor eos doc correction
• PR #42883: (rallytime) Fix failing boto tests | refs: #42959 @ 2017-08-11T20:29:12Z
• 1764878754 Merge pull request #42883 from rallytime/fix-boto-tests
• 6a7bf99848 Lint fix: add missing space
• 43643227c6 Skip 2 failing tests in Python 3 due to upstream bugs
• 7f46603e9c Update account id value in boto_secgroup module unit test
• 7c1d493fdd @mock_elb needs to be changed to @mock_elb_deprecated as well
• 3055e17ed5 Replace @mock_ec2 calls with @mock_ec2_deprecated calls
• PR #42885: (terminalmage) Move weird tearDown test to an actual tearDown @ 2017-08-11T19:14:42Z
• b21778efac Merge pull request #42885 from terminalmage/fix-f26-tests
• 462d653082 Move weird tearDown test to an actual tearDown
• PR #42887: (rallytime) Remove extraneous "deprecated" notation @ 2017-08-11T18:34:25Z
• ISSUE #42870: (boltronics) webutil.useradd marked as deprecated:: 2016.3.0 by mistake? | refs:
#42887
• 9868ab6f3b Merge pull request #42887 from rallytime/fix-42870
• 71e7581a2d Remove extraneous "deprecated" notation
• PR #42881: (gtmanfred) fix vmware for python 3.4.2 in salt.utils.vmware @ 2017-08-11T17:52:29Z
• da71f2a11b Merge pull request #42881 from gtmanfred/vmware
• 05ecc6ac8d fix vmware for python 3.4.2 in salt.utils.vmware
• PR #42845: (brejoc) API changes for Kubernetes version 2.0.0 | refs: #43039 @ 2017-08-11T14:04:30Z
• ISSUE #42843: (brejoc) Kubernetes module won't work with Kubernetes Python client > 1.0.2 | refs:
#42845
• c7750d5717 Merge pull request #42845 from brejoc/updates-for-kubernetes-2.0.0
• 81674aa88a Version info in :optdepends: not needed anymore
• 71995505bc Not depending on specific K8s version anymore
• d8f7d7a7c0 API changes for Kubernetes version 2.0.0
• PR #42678: (frankiexyz) Add eos.rst in the installation guide @ 2017-08-11T13:58:37Z
• 459fdedc67 Merge pull request #42678 from frankiexyz/2017.7
• 1598571f52 Add eos.rst in the installation guide
• PR #42778: (gtmanfred) make sure to use the correct out_file @ 2017-08-11T13:44:48Z
• ISSUE #42646: (gmacon) SPM fails to install multiple packages | refs: #42778
• 4ce96eb1a1 Merge pull request #42778 from gtmanfred/spm
• 7ef691e8da make sure to use the correct out_file
• PR #42857: (gtmanfred) use older name if _create_unverified_context is unvailable @
2017-08-11T13:37:59Z
• ISSUE #480: (zyluo) PEP8 types clean-up | refs: #42857
• 3d05d89e09 Merge pull request #42857 from gtmanfred/vmware
• c1f673eca4 use older name if _create_unverified_context is unvailable
• PR #42866: (twangboy) Change to GitPython version 2.1.1 @ 2017-08-11T13:23:52Z
• 7e8cfff21c Merge pull request #42866 from twangboy/osx_downgrade_gitpython
• 28053a84a6 Change GitPython version to 2.1.1
• PR #42855: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-08-10T21:40:39Z
• ISSUE #42747: (whiteinge) Outputters mutate data which can be a problem for Runners and perhaps other
things | refs: #42748
• ISSUE #42731: (infoveinx) http.query template_data render exception | refs: #42804
• ISSUE #42690: (ChristianBeer) git.latest state with remote set fails on first try | refs: #42694
• ISSUE #42683: (rgcosma) Gluster module broken in 2017.7 | refs: #42806
• ISSUE #42600: (twangboy) Unable to set 'Not Configured' using win_lgpo execution module | refs:
#42744 #42794 #42795
• PR #42851: (terminalmage) Backport #42651 to 2016.11
• PR #42838: (twangboy) Document requirements for win_pki
• PR #42829: (twangboy) Fix passing version in pkgs as shown in docs
• PR #42826: (terminalmage) Fix misspelling of "versions"
• PR #42806: (rallytime) Update doc references in glusterfs.volume_present
• PR #42805: (rallytime) Back-port #42552 to 2016.11
• PR #42804: (rallytime) Back-port #42784 to 2016.11
• PR #42795: (lomeroe) backport #42744 to 2016.11
• PR #42786: (Ch3LL) Fix typo for template_dict in http docs
• PR #42784: (gtmanfred) only read file if ret is not a string in http.query | refs: #42804
• PR #42764: (amendlik) Fix infinite loop with salt-cloud and Windows nodes
• PR #42748: (whiteinge) Workaround Orchestrate problem that highstate outputter mutates data
• PR #42744: (lomeroe) fix #42600 in develop | refs: #42794 #42795
• PR #42694: (gtmanfred) allow adding extra remotes to a repository
• PR #42651: (gtmanfred) python2- prefix for fedora 26 packages
• PR #42552: (remijouannet) update consul module following this documentation https://www.consul.… |
refs: #42805
• 3ce18637be Merge pull request #42855 from rallytime/merge-2017.7
• 08bbcf5790 Merge branch '2016.11' into '2017.7'
• 2dde1f77e9 Merge pull request #42851 from terminalmage/bp-42651
• a3da86eea8 fix syntax
• 6ecdbcec1d make sure names are correct
• f83b553d6e add py3 for versionlock
• 21934f61bb python2- prefix for fedora 26 packages
• c746f79a3a Merge pull request #42806 from rallytime/fix-42683
• 8c8640d6b8 Update doc references in glusterfs.volume_present
• 27a8a2695a Merge pull request #42829 from twangboy/win_pkg_fix_install
• 83b9b230cd Add winrepo to docs about supporting versions in pkgs
• 81fefa6e67 Add ability to pass version in pkgs list
• 3c3ac6aeb2 Merge pull request #42838 from twangboy/win_doc_pki
• f0a1d06b46 Standardize PKI Client
• 7de687aa57 Document requirements for win_pki
• b3e2ae3c58 Merge pull request #42805 from rallytime/bp-42552
• 5a91c1f2d1 update consul module following this documentation https://www.consul.io/api/acl.html
• d2ee7934ed Merge pull request #42804 from rallytime/bp-42784
• dbd29e4aaa only read file if it is not a string
• 4cbf8057b3 Merge pull request #42826 from terminalmage/fix-spelling
• 00f93142e4 Fix misspelling of "versions"
• de997edd90 Merge pull request #42786 from Ch3LL/fix_typo
• 90a2fb66a2 Fix typo for template_dict in http docs
• bf6153ebe5 Merge pull request #42795 from lomeroe/
`
bp-42744`__201611
• 695f8c1ae4 fix #42600 in develop
• 61fad97286 Merge pull request #42748 from whiteinge/save-before-output
• de60b77c82 Workaround Orchestrate problem that highstate outputter mutates data
• a4e3e7e786 Merge pull request #42764 from amendlik/cloud-win-loop
• f3dcfca4e0 Fix infinite loops on failed Windows deployments
• da85326ad4 Merge pull request #42694 from gtmanfred/2016.11
• 1a0457af51 allow adding extra remotes to a repository
• PR #42808: (terminalmage) Fix regression in yum/dnf version specification @ 2017-08-10T15:59:22Z
• ISSUE #42774: (rossengeorgiev) pkg.installed succeeds, but fails when you specify package version |
refs: #42808
• f954f4f33a Merge pull request #42808 from terminalmage/issue42774
• c69f17dd18 Add integration test for #42774
• 78d826dd14 Fix regression in yum/dnf version specification
• PR #42807: (rallytime) Update modules --> states in kubernetes doc module @ 2017-08-10T14:10:40Z
• ISSUE #42639: (amnonbc) k8s module needs a way to manage configmaps | refs: #42807
• d9b0f44885 Merge pull request #42807 from rallytime/fix-42639
• 152eb88d9f Update modules --> states in kubernetes doc module
• PR #42841: (Mapel88) Fix bug #42818 in win_iis module @ 2017-08-10T13:44:21Z
• ISSUE #42818: (Mapel88) Bug in win_iis module - "create_cert_binding" | refs: #42841
• b8c7bda68d Merge pull request #42841 from Mapel88/patch-1
• 497241fbcb Fix bug #42818 in win_iis module
• PR #42782: (rallytime) Add a cmp compatibility function utility @ 2017-08-09T22:37:29Z
• ISSUE #42697: (Ch3LL) [Python3] NameError when running salt-run manage.versions | refs: #42782
• 135f9522d0 Merge pull request #42782 from rallytime/fix-42697
• d707f94863 Update all other calls to "cmp" function
• 5605104285 Add a cmp compatibility function utility
• PR #42784: (gtmanfred) only read file if ret is not a string in http.query | refs: #42804 @
2017-08-08T17:20:13Z
• ac752223ad Merge pull request #42784 from gtmanfred/http
• d397c90e92 only read file if it is not a string
• PR #42794: (lomeroe) Backport #42744 to 2017.7 @ 2017-08-08T17:16:31Z
• ISSUE #42600: (twangboy) Unable to set 'Not Configured' using win_lgpo execution module | refs:
#42744 #42794 #42795
• PR #42744: (lomeroe) fix #42600 in develop | refs: #42794 #42795
• 44995b1abf Merge pull request #42794 from lomeroe/bp-42744
• 0acffc6df5 fix #42600 in develop
• PR #42708: (cro) Do not change the arguments of the function when memoizing @ 2017-08-08T13:47:01Z
• ISSUE #42707: (cro) Service module and state fails on FreeBSD | refs: #42708
• dcf474c47c Merge pull request #42708 from cro/dont_change_args_during_memoize
• a260e913b5 Do not change the arguments of the function when memoizing
• PR #42783: (rallytime) Sort lists before comparing them in python 3 unit test @ 2017-08-08T13:25:15Z
• PR #42206: (rallytime) [PY3] Fix test that is flaky in Python 3 | refs: #42783
• ddb671b8fe Merge pull request #42783 from rallytime/fix-flaky-py3-test
• 998834fbac Sort lists before compairing them in python 3 unit test
• PR #42721: (hibbert) Allow no ip sg @ 2017-08-07T22:07:18Z
• d69822fe93 Merge pull request #42721 from hibbert/allow_no_ip_sg
• f58256802a allow_no_ip_sg: Allow user to not supply ipaddress or securitygroups when running
boto_efs.create_mount_target
• PR #42769: (terminalmage) Fix domainname parameter input translation @ 2017-08-07T20:46:07Z
• ISSUE #42538: (marnovdm) docker_container.running issue since 2017.7.0: passing domainname gives
Error 500: json: cannot unmarshal array into Go value of type string | refs: #42769
• bf7938fbe0 Merge pull request #42769 from terminalmage/issue42538
• 665de2d1f9 Fix domainname parameter input translation
• PR #42388: (The-Loeki) pillar.items pillar_env & pillar_override are never used @ 2017-08-07T17:51:48Z
• 7bf2cdb363 Merge pull request #42388 from The-Loeki/patch-1
• 664f4b577b pillar.items pillar_env & pillar_override are never used
• PR #42770: (rallytime) [2017.7] Merge forward from 2017.7.1 to 2017.7 @ 2017-08-07T16:21:45Z
• 9a8c9ebffc Merge pull request #42770 from rallytime/merge-2017.7.1-into-2017.7
• 6d17c9d227 Merge branch '2017.7.1' into '2017.7'
• PR #42768: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-08-07T16:21:17Z
• ISSUE #42686: (gilbsgilbs) Unable to set multiple RabbitMQ tags | refs: #42693 #42693
• ISSUE #42642: (githubcdr) state.augeas | refs: #42669 #43202
• ISSUE #41433: (sbojarski) boto_cfn.present fails when reporting error for failed state | refs: #42574
• PR #42693: (gilbsgilbs) Fix RabbitMQ tags not properly set.
• PR #42669: (garethgreenaway) [2016.11] Fixes to augeas module
• PR #42655: (whiteinge) Reenable cpstats for rest_cherrypy
• PR #42629: (xiaoanyunfei) tornado api
• PR #42623: (terminalmage) Fix unicode constructor in custom YAML loader
• PR #42574: (sbojarski) Fixed error reporting in "boto_cfn.present" function.
• PR #33806: (cachedout) Work around upstream cherrypy bug | refs: #42655
• c765e528d0 Merge pull request #42768 from rallytime/merge-2017.7
• 0f75482c37 Merge branch '2016.11' into '2017.7'
• 7b2119feee Merge pull request #42669 from garethgreenaway/42642_2016_11_augeas_module_fix
• 24413084e2 Updating the call to shlex_split to pass the posix=False argument so that quotes are
preserved.
• 30725769ed Merge pull request #42629 from xiaoanyunfei/tornadoapi
• 1e13383b95 tornado api
• f0f00fcee1 Merge pull request #42655 from whiteinge/rest_cherrypy-reenable-stats
• deb6316d67 Fix lint errors
• 6bd91c8b03 Reenable cpstats for rest_cherrypy
• 21cf15f9c3 Merge pull request #42693 from gilbsgilbs/fix-rabbitmq-tags
• 78fccdc7e2 Cast to list in case tags is a tuple.
• 287b57b5c5 Fix RabbitMQ tags not properly set.
• f2b0c9b4fa Merge pull request #42574 from sbojarski/boto-cfn-error-reporting
• 5c945f10c2 Fix debug message in "boto_cfn._validate" function.
• 181a1beecc Fixed error reporting in "boto_cfn.present" function.
• bc1effc4f2 Merge pull request #42623 from terminalmage/fix-unicode-constructor
• fcf45889dd Fix unicode constructor in custom YAML loader
• PR #42651: (gtmanfred) python2- prefix for fedora 26 packages @ 2017-08-07T14:35:04Z
• 3f5827f61e Merge pull request #42651 from gtmanfred/2017.7
• 8784899942 fix syntax
• 178cc1bd81 make sure names are correct
• f179b97b52 add py3 for versionlock
• 1958d18634 python2- prefix for fedora 26 packages
• PR #42689: (hibbert) boto_efs_fix_tags: Fix #42688 invalid type for parameter tags @
2017-08-06T17:47:07Z
• ISSUE #42688: (hibbert) salt.modules.boto_efs module Invalid type for parameter Tags - type: <type
'dict'>, valid types: <type 'list'>, <type 'tuple'> | refs: #42689
• 791248e398 Merge pull request #42689 from hibbert/boto_efs_fix_tags
• 157fb28851 boto_efs_fix_tags: Fix #42688 invalid type for parameter tags
• PR #42745: (terminalmage) docker.compare_container: treat null oom_kill_disable as False @
2017-08-05T15:28:20Z
• ISSUE #42705: (hbruch) salt.states.docker_container.running replaces container on subsequent runs if
oom_kill_disable unsupported | refs: #42745
• 1b3407649b Merge pull request #42745 from terminalmage/issue42705
• 710bdf6115 docker.compare_container: treat null oom_kill_disable as False
• PR #42704: (whiteinge) Add import to work around likely multiprocessing scoping bug @
2017-08-04T23:03:13Z
• ISSUE #42649: (tehsu) local_batch no longer working in 2017.7.0, 500 error | refs: #42704
• 5d5b22021b Merge pull request #42704 from whiteinge/expr_form-warn-scope-bug
• 03b675a618 Add import to work around likely multiprocessing scoping bug
• PR #42743: (kkoppel) Fix docker.compare_container for containers with links @ 2017-08-04T16:00:33Z
• ISSUE #42741: (kkoppel) docker_container.running keeps re-creating containers with links to other
containers | refs: #42743
• 888e954e73 Merge pull request #42743 from kkoppel/fix-issue-42741
• de6d3cc0cf Update dockermod.py
• 58b997c67f Added a helper function that removes container names from container HostConfig:Links
values to enable compare_container() to make the correct decision about differences in links.
• PR #42710: (gtmanfred) use subtraction instead of or @ 2017-08-04T15:14:14Z
• ISSUE #42668: (UtahDave) Minions under syndics don't respond to MoM | refs: #42710
• ISSUE #42545: (paul-mulvihill) Salt-api failing to return results for minions connected via syndics.
| refs: #42710
• 03a7f9bbee Merge pull request #42710 from gtmanfred/syndic
• 683561a711 use subtraction instead of or
• PR #42670: (gtmanfred) render kubernetes docs @ 2017-08-03T20:30:56Z
• 005182b6a1 Merge pull request #42670 from gtmanfred/kube
• bca17902f5 add version added info
• 4bbfc751ae render kubernetes docs
• PR #42712: (twangboy) Remove master config file from minion-only installer @ 2017-08-03T20:25:02Z
• df354ddabf Merge pull request #42712 from twangboy/win_build_pkg
• 8604312a7b Remove master conf in minion install
• PR #42714: (cachedout) Set fact gathering style to 'old' for test_junos @ 2017-08-03T13:39:40Z
• bb1dfd4a42 Merge pull request #42714 from cachedout/workaround_jnpr_test_bug
• 834d6c605e Set fact gathering style to 'old' for test_junos
• PR #42481: (twangboy) Fix unit.test_crypt for Windows @ 2017-08-01T18:10:50Z
• 4c1d931654 Merge pull request #42481 from twangboy/win_unit_test_crypt
• 102509029e Remove chown mock, fix path seps
• PR #42654: (morganwillcock) Disable ZFS in the core grain for NetBSD @ 2017-08-01T17:52:36Z
• 8bcefb5e67 Merge pull request #42654 from morganwillcock/zfsgrain
• 49023deb94 Disable ZFS grain on NetBSD
• PR #42453: (gtmanfred) don't pass user to makedirs on windows @ 2017-07-31T19:57:57Z
• ISSUE #42421: (bartuss7) archive.extracted on Windows failed when dir not exist | refs: #42453
• 5baf2650fc Merge pull request #42453 from gtmanfred/makedirs
• 559d432930 fix tests
• afa7a13ce3 use logic from file.directory for makedirs
• PR #42603: (twangboy) Add runas_passwd as a global for states @ 2017-07-31T19:49:49Z
• fb81e78f71 Merge pull request #42603 from twangboy/win_fix_runas
• 0c9e40012b Remove deprecation, add logic to state.py
• 464ec34713 Fix another instance of runas_passwd
• 18d6ce4d55 Add global vars to cmd.call
• 6c71ab6f80 Remove runas and runas_password after state run
• 4ea264e3db Change to runas_password in docs
• 61aba35718 Deprecate password, make runas_password a named arg
• 41f0f75a06 Add new var to list, change to runas_password
• b9c91eba60 Add runas_passwd as a global for states
• PR #42541: (Mareo) Avoid confusing warning when using file.line @ 2017-07-31T19:41:58Z
• 75ba23c253 Merge pull request #42541 from epita/fix-file-line-warning
• 2fd172e07b Avoid confusing warning when using file.line
• PR #42625: (twangboy) Fix the list function in the win_wua execution module @ 2017-07-31T19:27:16Z
• 3d328eba80 Merge pull request #42625 from twangboy/fix_win_wua
• 1340c15ce7 Add general usage instructions
• 19f34bda55 Fix docs, formatting
• b17495c9c8 Fix problem with list when install=True
• PR #42602: (garethgreenaway) Use superseded and deprecated configuration from pillar @
2017-07-31T18:53:06Z
• ISSUE #42514: (rickh563) module.run does not work as expected in 2017.7.0 | refs: #42602
• 25094ad9b1 Merge pull request #42602 from
garethgreenaway/42514_2017_7_superseded_deprecated_from_pillar
• 2e132daa73 Slight update to formatting
• 74bae13939 Small update to something I missed in the first commit. Updating tests to also test for
pillar values.
• 928a4808dd Updating the superseded and deprecated decorators to work when specified as pillar values.
• PR #42621: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-07-28T19:45:51Z
• ISSUE #42456: (gdubroeucq) Use yum lib | refs: #42586
• ISSUE #41982: (abulford) dockerng.network_* matches too easily | refs: #41988 #41988 #42006 #42006
• PR #42586: (gdubroeucq) [Fix] yumpkg.py: add option to the command "check-update"
• PR #42515: (gtmanfred) Allow not interpreting backslashes in the repl
• PR #41988: (abulford) Fix dockerng.network_* name matching | refs: #42006
• b7cd30d3ee Merge pull request #42621 from rallytime/merge-2017.7
• 58dcb58a47 Merge branch '2016.11' into '2017.7'
• cbf752cd73 Merge pull request #42515 from gtmanfred/backslash
• cc4e45656d Allow not interpreting backslashes in the repl
• 549495831f Merge pull request #42586 from gdubroeucq/2016.11
• 9c0b5cc1d6 Remove extra newline
• d2ef4483e4 yumpkg.py: clean
• a96f7c09e0 yumpkg.py: add option to the command "check-update"
• 6b45debf28 Merge pull request #41988 from redmatter/fix-dockerng-network-matching
• 9eea796da8 Add regression tests for #41982
• 3369f0072f Fix broken unit test test_network_absent
• 0ef6cf634c Add trace logging of dockerng.networks result
• 515c612808 Fix dockerng.network_* name matching
• PR #42618: (rallytime) Back-port #41690 to 2017.7 @ 2017-07-28T19:27:11Z
• ISSUE #34245: (Talkless) ini.options_present always report state change | refs: #41690
• PR #41690: (m03) Fix issue #34245 with ini.options_present reporting changes | refs: #42618
• d48749b476 Merge pull request #42618 from rallytime/bp-41690
• 22c6a7c7ff Improve output precision
• ee4ea6b860 Fix #34245 ini.options_present reporting changes
• PR #42619: (rallytime) Back-port #42589 to 2017.7 @ 2017-07-28T19:26:36Z
• ISSUE #42588: (ixs) salt-ssh fails when using scan roster and detected minions are uncached | refs:
#42589
• PR #42589: (ixs) Fix ssh-salt calls with scan roster for uncached clients | refs: #42619
• e671242a4f Merge pull request #42619 from rallytime/bp-42589
• cd5eb93903 Fix ssh-salt calls with scan roster for uncached clients
• PR #42006: (abulford) Fix dockerng.network_* name matching @ 2017-07-28T15:52:52Z
• ISSUE #41982: (abulford) dockerng.network_* matches too easily | refs: #41988 #41988 #42006 #42006
• PR #41988: (abulford) Fix dockerng.network_* name matching | refs: #42006
• 7d385f8bdc Merge pull request #42006 from redmatter/fix-dockerng-network-matching-2017.7
• f83960c02a Lint: Remove extra line at end of file.
• c7d364ec56 Add regression tests for #41982
• d31f2913bd Fix broken unit test test_network_absent
• d42f781c64 Add trace logging of docker.networks result
• 8c00c63b55 Fix dockerng.network_* name matching
• PR #42616: (amendlik) Sync cloud modules @ 2017-07-28T15:40:36Z
• ISSUE #12587: (Katafalkas) salt-cloud custom functions/actions | refs: #42616
• ee8aee1496 Merge pull request #42616 from amendlik/sync-clouds
• ab21bd9b5b Sync cloud modules when saltutil.sync_all is run
• PR #42601: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-07-27T22:32:07Z
• ISSUE #1036125: (**)
• ISSUE #42477: (aikar) Invalid ssh_interface value prevents salt-cloud provisioning without reason of
why | refs: #42479
• ISSUE #42405: (felrivero) The documentation is incorrectly compiled (PILLAR section) | refs: #42516
• ISSUE #42403: (astronouth7303) [2017.7] Pillar empty when state is applied from orchestrate | refs:
#42433
• ISSUE #42375: (dragonpaw) salt.modules.*.__virtualname__ doens't work as documented. | refs: #42523
#42958
• ISSUE #42371: (tsaridas) Minion unresponsive after trying to failover | refs: #42387
• ISSUE #41955: (root360-AndreasUlm) rabbitmq 3.6.10 changed output => rabbitmq-module broken | refs:
#41968
• ISSUE #23516: (dkiser) BUG: cron job scheduler sporadically works | refs: #42077
• PR #42573: (rallytime) Back-port #42433 to 2016.11
• PR #42571: (twangboy) Avoid loading system PYTHON* environment vars
• PR #42551: (binocvlar) Remove '-s' (--script) argument to parted within align_check function
• PR #42527: (twangboy) Document changes to Windows Update in Windows 10/Server 2016
• PR #42523: (rallytime) Add a mention of the True/False returns with __virtual__()
• PR #42516: (rallytime) Add info about top file to pillar walk-through example to include edit.vim
• PR #42479: (gtmanfred) validate ssh_interface for ec2
• PR #42433: (terminalmage) Only force saltenv/pillarenv to be a string when not None | refs: #42573
• PR #42414: (vutny) DOCS: unify hash sum with hash type format
• PR #42387: (DmitryKuzmenko) Fix race condition in usage of weakvaluedict
• PR #42339: (isbm) Bugfix: Jobs scheduled to run at a future time stay pending for Salt minions
(bsc`#1036125`_)
• PR #42077: (vutny) Fix scheduled job run on Master if when parameter is a list | refs: #42107
• PR #41973: (vutny) Fix Master/Minion scheduled jobs based on Cron expressions | refs: #42077
• PR #41968: (root360-AndreasUlm) Fix rabbitmqctl output sanitizer for version 3.6.10
• e2dd443002 Merge pull request #42601 from rallytime/merge-2017.7
• 36a1bcf8c5 Merge branch '2016.11' into '2017.7'
• 4b16109122 Merge pull request #42339 from isbm/isbm-jobs-scheduled-in-a-future-bsc1036125
• bbba84ce2d Bugfix: Jobs scheduled to run at a future time stay pending for Salt minions
(bsc`#1036125`_)
• 6c5a7c604a Merge pull request #42077 from vutny/fix-jobs-scheduled-with-whens
• b1960cea44 Fix scheduled job run on Master if when parameter is a list
• f9cb536589 Merge pull request #42414 from vutny/unify-hash-params-format
• d1f2a93368 DOCS: unify hash sum with hash type format
• 535c922511 Merge pull request #42523 from rallytime/fix-42375
• 685c2cced6 Add information about returning a tuple with an error message
• fa466519c4 Add a mention of the True/False returns with __virtual__()
• 0df0e7e749 Merge pull request #42527 from twangboy/win_wua
• 0373791f2a Correct capatlization
• af3bcc927b Document changes to Windows Update in 10/2016
• 69b06586da Merge pull request #42551 from binocvlar/fix-lack-of-align-check-output
• c4fabaa192 Remove '-s' (--script) argument to parted within align_check function
• 9e0b4e9faf Merge pull request #42573 from rallytime/bp-42433
• 0293429e24 Only force saltenv/pillarenv to be a string when not None
• e931ed2517 Merge pull request #42571 from twangboy/win_add_pythonpath
• d55a44dd1a Avoid loading user site packages
• 9af1eb2741 Ignore any PYTHON* environment vars already on the system
• 4e2fb03a95 Add pythonpath to batch files and service
• de2f397041 Merge pull request #42387 from DSRCorporation/bugs/42371_KeyError_WeakValueDict
• e721c7eee2 Don't use key in weakvaluedict because it could lie.
• 641a9d7efd Merge pull request #41968 from root360-AndreasUlm/fix-rabbitmqctl-output-handler
• 76fd941d91 added tests for rabbitmq 3.6.10 output handler
• 3602af1e1b Fix rabbitmqctl output handler for 3.6.10
• 66fede378a Merge pull request #42479 from gtmanfred/interface
• c32c1b2803 fix pylint
• 99ec634c6b validate ssh_interface for ec2
• a925c7029a Merge pull request #42516 from rallytime/fix-42405
• e3a6717efa Add info about top file to pillar walk-through example to include edit.vim
• PR #42290: (isbm) Backport of #42270 @ 2017-07-27T22:30:05Z
• 22eea389fa Merge pull request #42290 from isbm/isbm-module_run_parambug_42270_217
• e38d432f90 Fix docs
• 1e8a56eda5 Describe function tagging
• 1d7233224b Describe function batching
• 1391a05d5e Bugfix: syntax error in the example
• 8c71257a4b Call unnamed parameters properly
• 94c97a8f25 Update and correct the error message
• ea8351362c Bugfix: args gets ignored alongside named parameters
• 74689e3462 Add ability to use tagged functions in the same set
• PR #42251: (twangboy) Fix unit.modules.test_win_ip for Windows @ 2017-07-27T19:22:03Z
• 4c20f1cfbb Merge pull request #42251 from twangboy/unit_win_test_win_ip
• 97261bfe69 Fix win_inet_pton check for malformatted ip addresses
• PR #42255: (twangboy) Fix unit.modules.test_win_system for Windows @ 2017-07-27T19:12:42Z
• 2985e4c0e6 Merge pull request #42255 from twangboy/win_unit_test_win_system
• acc0345bc8 Fix unit tests
• PR #42528: (twangboy) Namespace cmp_to_key in the pkg state for Windows @ 2017-07-27T18:30:23Z
• a573386260 Merge pull request #42528 from twangboy/win_fix_pkg_state
• a040443fa1 Move functools import inside pylint escapes
• 118d5134e2 Remove namespaced function cmp_to_key
• a02c91adda Namespace cmp_to_key in the pkg state for Windows
• PR #42534: (jmarinaro) Fixes AttributeError thrown by chocolatey state @ 2017-07-27T17:59:50Z
• ISSUE #42521: (rickh563) chocolatey.installed broken on 2017.7.0 | refs: #42534
• 62ae12bcd9 Merge pull request #42534 from jmarinaro/2017.7
• b242d2d6b5 Fixes AttributeError thrown by chocolatey state Fixes #42521
• PR #42557: (justincbeard) Fixing output so --force-color and --no-color override master and min… @
2017-07-27T17:07:33Z
• ISSUE #40354: (exc414) CentOS 6.8 Init Script - Sed unterminated address regex | refs: #42557
• ISSUE #37312: (gtmanfred) CLI flags should take overload settings in the config files | refs: #42557
• 52605c249d Merge pull request #42557 from justincbeard/bugfix_37312
• ee3bc6eb10 Fixing output so --force-color and --no-color override master and minion config color
value
• PR #42567: (skizunov) Fix disable_<tag-name> config option @ 2017-07-27T17:05:00Z
• ab33517efb Merge pull request #42567 from skizunov/develop3
• 0f0b7e3e0a Fix disable_<tag-name> config option
• PR #42577: (twangboy) Compile scripts with -E -s params for Salt on Mac @ 2017-07-26T22:44:37Z
• 30bb941179 Merge pull request #42577 from twangboy/mac_scripts
• 69d5973651 Compile scripts with -E -s params for python
• PR #42524: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-07-26T22:41:06Z
• ISSUE #42417: (clem-compilatio) salt-cloud - openstack - "no more floating IP addresses" error - but
public_ip in node | refs: #42509
• ISSUE #42413: (goten4) Invalid error message when proxy_host is set and tornado not installed | refs:
#42424
• ISSUE #42357: (Giandom) Salt pillarenv problem with slack engine | refs: #42443 #42444
• ISSUE #42198: (shengis) state sqlite3.row_absent fail with "parameters are of unsupported type" |
refs: #42200
• PR #42509: (clem-compilatio) Fix _assign_floating_ips in openstack.py
• PR #42464: (garethgreenaway) [2016.11] Small fix to modules/git.py
• PR #42443: (garethgreenaway) [2016.11] Fix to slack engine
• PR #42424: (goten4) Fix error message when tornado or pycurl is not installed
• PR #42200: (shengis) Fix #42198
• 60cd078164 Merge pull request #42524 from rallytime/merge-2017.7
• 14d8d795f6 Merge branch '2016.11' into '2017.7'
• 1bd5bbccc2 Merge pull request #42509 from clem-compilatio/fix-42417
• 72924b06b8 Fix _assign_floating_ips in openstack.py
• 4bf35a74de Merge pull request #42464 from garethgreenaway/2016_11_remove_tmp_identity_file
• ff24102d51 Uncomment the line that removes the temporary identity file.
• e2120dbd0e Merge pull request #42443 from garethgreenaway/42357_pass_args_kwargs_correctly
• 635810b3e3 Updating the slack engine in 2016.11 to pass the args and kwrags correctly to
LocalClient
• 8262cc9054 Merge pull request #42200 from shengis/sqlite3_fix_row_absent_2016.11
• 407b8f4bb3 Fix #42198 If where_args is not set, not using it in the delete request.
• d9df97e5a3 Merge pull request #42424 from goten4/2016.11
• 1c0574d05e Fix error message when tornado or pycurl is not installed
• PR #42575: (rallytime) [2017.7] Merge forward from 2017.7.1 to 2017.7 @ 2017-07-26T22:39:10Z
• 2acde837df Merge pull request #42575 from rallytime/merge-2017.7.1-into-2017.7
• 63bb0fb2c4 pass in empty kwarg for reactor
• 2868061ee4 update chunk, not kwarg in chunk
• 46715e9d94 Merge branch '2017.7.1' into '2017.7'
• PR #42555: (Ch3LL) add changelog to 2017.7.1 release notes @ 2017-07-26T14:57:43Z
• 1d93e92194 Merge pull request #42555 from Ch3LL/7.1_add_changelog
• fb69e71093 add changelog to 2017.7.1 release notes
• PR #42266: (twangboy) Fix unit.states.test_file for Windows @ 2017-07-25T20:26:32Z
• 07c2793e86 Merge pull request #42266 from twangboy/win_unit_states_test_file
• 669aaee10d Mock file exists properly
• a4231c9827 Fix ret mock for linux
• 0c484f8979 Fix unit tests on Windows
• PR #42484: (shengis) Fix a potential Exception with an explicit error message @ 2017-07-25T18:34:12Z
• df417eae17 Merge pull request #42484 from shengis/fix-explicit-error-msg-x509-sign-remote
• 0b548c72e1 Fix a potential Exception with an explicit error message
• PR #42529: (gtmanfred) Fix joyent for python3 @ 2017-07-25T16:37:48Z
• ISSUE #41720: (rallytime) [Py3] Some salt-cloud drivers do not work using Python 3 | refs: #42529
• PR #396: (mb0) add file state template context and defaults | refs: #42529
• 0f25ec76f9 Merge pull request #42529 from gtmanfred/2017.7
• b7ebb4d81a these drivers do not actually have an issue.
• e90ca7a114 use salt encoding for joyent on 2017.7
• PR #42465: (garethgreenaway) [2017.7] Small fix to modules/git.py @ 2017-07-24T17:24:55Z
• 488457c5a0 Merge pull request #42465 from garethgreenaway/2017_7_remove_tmp_identity_file
• 1920dc6079 Uncomment the line that removes the temporary identity file.
• PR #42107: (vutny) [2017.7] Fix scheduled jobs if when parameter is a list @ 2017-07-24T17:04:12Z
• ISSUE #23516: (dkiser) BUG: cron job scheduler sporadically works | refs: #42077
• PR #42077: (vutny) Fix scheduled job run on Master if when parameter is a list | refs: #42107
• PR #41973: (vutny) Fix Master/Minion scheduled jobs based on Cron expressions | refs: #42077
• 4f044999fa Merge pull request #42107 from vutny/2017.7-fix-jobs-scheduled-with-whens
• 905be493d4 [2017.7] Fix scheduled jobs if when parameter is a list
• PR #42506: (terminalmage) Add PER_REMOTE_ONLY to init_remotes call in git_pillar runner @
2017-07-24T16:59:21Z
• 6eaa0763e1 Merge pull request #42506 from terminalmage/fix-git-pillar-runner
• 6352f447ce Add PER_REMOTE_ONLY to init_remotes call in git_pillar runner
• PR #42502: (shengis) Fix azurerm query to show IPs @ 2017-07-24T15:54:45Z
• b88e645f10 Merge pull request #42502 from shengis/fix_azurerm_request_ips
• 92f1890701 Fix azurerm query to show IPs
• PR #42180: (twangboy) Fix unit.modules.test_timezone for Windows @ 2017-07-24T14:46:16Z
• c793d83d26 Merge pull request #42180 from twangboy/win_unit_test_timezone
• 832a3d86dd Skip tests that use os.symlink on Windows
• PR #42474: (whiteinge) Cmd arg kwarg parsing test @ 2017-07-24T14:13:30Z
• PR #39646: (terminalmage) Handle deprecation of passing string args to load_args_and_kwargs | refs:
#42474
• 083ff00410 Merge pull request #42474 from whiteinge/cmd-arg-kwarg-parsing-test
• 0cc0c0967a Lint fixes
• 66093738c8 Add back support for string kwargs
• 622ff5be40 Add LocalClient.cmd test for arg/kwarg parsing
• 9f4eb80d90 Add a test.arg variant that cleans the pub kwargs by default
• PR #42425: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-07-21T22:43:41Z
• ISSUE #42333: (b3hni4) Getting "invalid type of dict, a list is required" when trying to configure
engines in master config file | refs: #42352
• ISSUE #32400: (rallytime) Document Default Config Values | refs: #42319
• PR #42370: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11
• PR #42368: (twangboy) Remove build and dist directories before install (2016.11)
• PR #42360: (Ch3LL) [2016.11] Update version numbers in doc config for 2017.7.0 release
• PR #42359: (Ch3LL) [2016.3] Update version numbers in doc config for 2017.7.0 release
• PR #42356: (meaksh) Allow to check whether a function is available on the AliasesLoader wrapper
• PR #42352: (CorvinM) Multiple documentation fixes
• PR #42350: (twangboy) Fixes problem with Version and OS Release related grains on certain versions of
Python (2016.11)
• PR #42319: (rallytime) Add more documentation for config options that are missing from master/minion
docs
• c91a5e539e Merge pull request #42425 from rallytime/merge-2017.7
• ea457aa0a5 Remove ALIASES block from template util
• c673b64583 Merge branch '2016.11' into '2017.7'
• 42bb1a64ca Merge pull request #42350 from twangboy/win_fix_ver_grains_2016.11
• 8c048403d7 Detect Server OS with a desktop release name
• 0a72e56f6b Merge pull request #42356 from meaksh/2016.11-AliasesLoader-wrapper-fix
• 915d94219e Allow to check whether a function is available on the AliasesLoader wrapper
• 10eb7b7a79 Merge pull request #42368 from twangboy/win_fix_build_2016.11
• a7c910c31e Remove build and dist directories before install
• 016189f62f Merge pull request #42370 from rallytime/merge-2016.11
• 0aa5dde1de Merge branch '2016.3' into '2016.11'
• e9b0f20f8a Merge pull request #42359 from Ch3LL/doc-update-2016.3
• dc85b5edbe [2016.3] Update version numbers in doc config for 2017.7.0 release
• f06a6f1796 Merge pull request #42360 from Ch3LL/doc-update-2016.11
• b90b7a7506 [2016.11] Update version numbers in doc config for 2017.7.0 release
• e0595b0a0f Merge pull request #42319 from rallytime/config-docs
• b40f980632 Add more documentation for config options that are missing from master/minion docs
• 78940400e3 Merge pull request #42352 from CorvinM/issue42333
• 526b6ee14d Multiple documentation fixes
• PR #42444: (garethgreenaway) [2017.7] Fix to slack engine @ 2017-07-21T22:03:48Z
• ISSUE #42357: (Giandom) Salt pillarenv problem with slack engine | refs: #42443 #42444
• 10e4d9234b Merge pull request #42444 from garethgreenaway/42357_2017_7_pass_args_kwargs_correctly
• f411cfc2a9 Updating the slack engine in 2017.7 to pass the args and kwrags correctly to LocalClient
• PR #42461: (rallytime) Bump warning version from Oxygen to Fluorine in roster cache @
2017-07-21T21:33:25Z
• 723be49fac Merge pull request #42461 from rallytime/bump-roster-cache-deprecations
• c0df0137f5 Bump warning version from Oxygen to Fluorine in roster cache
• PR #42436: (garethgreenaway) Fixes to versions function in manage runner @ 2017-07-21T19:41:07Z
• ISSUE #42374: (tyhunt99) [2017.7.0] salt-run mange.versions throws exception if minion is offline or
unresponsive | refs: #42436
• 09521602c1 Merge pull request #42436 from garethgreenaway/42374_manage_runner_minion_offline
• 0fd39498c0 Updating the versions function inside the manage runner to account for when a minion is
offline and we are unable to determine it's version.
• PR #42435: (terminalmage) Modify our custom YAML loader to treat unicode literals as unicode strings |
refs: #42812 @ 2017-07-21T19:40:34Z
• ISSUE #42427: (grichmond-salt) Issue Passing Variables created from load_json as Inline Pillar
Between States | refs: #42435
• 54193ea543 Merge pull request #42435 from terminalmage/issue42427
• 31273c7ec1 Modify our custom YAML loader to treat unicode literals as unicode strings
• PR #42399: (rallytime) Update old "ref" references to "rev" in git.detached state @
2017-07-21T19:38:59Z
• ISSUE #42381: (zebooka) Git.detached broken in 2017.7.0 | refs: #42399
• ISSUE #38878: (tomlaredo) [Naming consistency] git.latest "rev" option VS git.detached "ref" option |
refs: #38898
• PR #38898: (terminalmage) git.detached: rename ref to rev for consistency | refs: #42399
• 0b3179135c Merge pull request #42399 from rallytime/fix-42381
• d9d94fe02f Update old "ref" references to "rev" in git.detached state
• PR #42031: (skizunov) Fix: Reactor emits critical error @ 2017-07-21T19:38:34Z
• ISSUE #42400: (Enquier) Conflict in execution of passing pillar data to orch/reactor event executions
2017.7.0 | refs: #42031
• bd4adb483d Merge pull request #42031 from skizunov/develop3
• 540977b4b1 Fix: Reactor emits critical error
• PR #42027: (gtmanfred) import salt.minion for EventReturn for Windows @ 2017-07-21T19:37:03Z
• ISSUE #41949: (jrporcaro) Event returner doesn't work with Windows Master | refs: #42027
• 3abf7ad7d7 Merge pull request #42027 from gtmanfred/2017.7
• fd4458b6c7 import salt.minion for EventReturn for Windows
• PR #42454: (terminalmage) Document future renaming of new rand_str jinja filter @ 2017-07-21T18:47:51Z
• 994d3dc74a Merge pull request #42454 from terminalmage/jinja-docs-2017.7
• 98b661406e Document future renaming of new rand_str jinja filter
• PR #42452: (Ch3LL) update windows urls to new py2/py3 naming scheme @ 2017-07-21T17:20:47Z
• 4480075129 Merge pull request #42452 from Ch3LL/fix_url_windows
• 3f4a918f73 update windows urls to new py2/py3 naming scheme
• PR #42411: (seedickcode) Fix file.managed check_cmd file not found - Issue #42404 @
2017-07-20T21:59:17Z
• ISSUE #42404: (gabekahen) [2017.7] file.managed with cmd_check "No such file or directory" | refs:
#42411
• ISSUE #33708: (pepinje) visudo check command leaves cache file in /tmp | refs: #42411 #38063
• PR #38063: (llua) tmp file clean up in file.manage - fix for #33708 | refs: #42411
• 33e90be1fe Merge pull request #42411 from seedickcode/check_cmd_fix
• 4ae3911f01 Fix file.managed check_cmd file not found - Issue #42404
• PR #42409: (twangboy) Add Scripts to build Py3 on Mac @ 2017-07-20T21:36:34Z
• edde31376a Merge pull request #42409 from twangboy/mac_py3_scripts
• ac0e04af72 Remove build and dist, sign pkgs
• 9d66e273c4 Fix hard coded pip path
• 7b8d6cbbd2 Add support for Py3
• aa4eed93c8 Update Python and other reqs
• PR #42433: (terminalmage) Only force saltenv/pillarenv to be a string when not None | refs: #42573 @
2017-07-20T21:32:24Z
• ISSUE #42403: (astronouth7303) [2017.7] Pillar empty when state is applied from orchestrate | refs:
#42433
• 82982f940d Merge pull request #42433 from terminalmage/issue42403
• PR #42408: (CorvinM) Fix documentation misformat in salt.states.file.replace @ 2017-07-20T00:45:43Z
• a71938cefe Merge pull request #42408 from CorvinM/file-replace-doc-fix
• 246a2b3e74 Fix documentation misformat in salt.states.file.replace
• PR #42347: (twangboy) Fixes problem with Version and OS Release related grains on certain versions of
Python @ 2017-07-19T17:05:43Z
• d385dfd19d Merge pull request #42347 from twangboy/win_fix_ver_grains
• ef1f663fc9 Detect server OS with a desktop release name
• PR #42366: (twangboy) Remove build and dist directories before install @ 2017-07-19T16:37:41Z
• eb9e4206c9 Merge pull request #42366 from twangboy/win_fix_build
• 0946002713 Add blank line after delete
• f7c0bb4f46 Remove build and dist directories before install
• PR #42373: (Ch3LL) Add initial 2017.7.1 Release Notes File @ 2017-07-19T16:28:46Z
• af7820f25d Merge pull request #42373 from Ch3LL/add_2017.7.1
• ce1c1b6d28 Add initial 2017.7.1 Release Notes File
• PR #42150: (twangboy) Fix unit.modules.test_pip for Windows @ 2017-07-19T16:01:17Z
• 59e012b485 Merge pull request #42150 from twangboy/win_unit_test_pip
• 4ee24202fc Fix unit tests for test_pip
• PR #42154: (twangboy) Fix unit.modules.test_reg_win for Windows @ 2017-07-19T16:00:38Z
• ade25c6b34 Merge pull request #42154 from twangboy/win_unit_test_reg
• 00d9a52802 Fix problem with handling REG_QWORD in list values
• PR #42182: (twangboy) Fix unit.modules.test_useradd for Windows @ 2017-07-19T15:55:33Z
• 07593675e2 Merge pull request #42182 from twangboy/win_unit_test_useradd
• 8260a71c07 Disable tests that require pwd in Windows
• PR #42364: (twangboy) Windows Package notes for 2017.7.0 @ 2017-07-18T19:24:45Z
• a175c40c1d Merge pull request #42364 from twangboy/release_notes_2017.7.0
• 96517d1355 Add note about patched windows packages
• PR #42361: (Ch3LL) [2017.7] Update version numbers in doc config for 2017.7.0 release @
2017-07-18T19:23:22Z
• 4dfe50e558 Merge pull request #42361 from Ch3LL/doc-update-2017.7
• dc5bb301f7 [2017.7] Update version numbers in doc config for 2017.7.0 release
• PR #42363: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-07-18T18:40:48Z
• ISSUE #42295: (lubyou) file.absent fails on windows if the file to be removed has the "readonly"
attribute set | refs: #42308
• ISSUE #42267: (gzcwnk) salt-ssh not creating ssh keys automatically as per documentation | refs:
#42314
• ISSUE #42240: (casselt) empty_password in user.present always changes password, even with test=True |
refs: #42289
• ISSUE #42232: (astronouth7303) Half of dnsutil refers to dig | refs: #42235
• ISSUE #42194: (jryberg) pkg version: latest are now broken, appending <package>-latest to filename |
refs: #42275
• ISSUE #42152: (dubb-b) salt-cloud errors on Rackspace driver using -out=yaml | refs: #42282
• ISSUE #42137: (kiemlicz) cmd.run with multiple commands - random order of execution | refs: #42181
• ISSUE #42116: (terminalmage) CLI pillar override regression in 2017.7.0rc1 | refs: #42119
• ISSUE #42115: (nomeelnoj) Installing EPEL repo breaks salt-cloud | refs: #42163
• ISSUE #42114: (clallen) saltenv bug in pillar.get execution module function | refs: #42121
• ISSUE #41936: (michaelkarrer81) git.latest identity does not set the correct user for the private key
file on the minion | refs: #41945
• ISSUE #41721: (sazaro) state.sysrc broken when setting the value to YES or NO | refs: #42269
• ISSUE #41116: (hrumph) FAQ has wrong instructions for upgrading Windows minion. | refs: #42264
• ISSUE #39365: (dglloyd) service.running fails if sysv script has no status command and enable: True |
refs: #39366
• ISSUE #1: (thatch45) Enable regex on the salt cli
• PR #42353: (terminalmage) is_windows is a function, not a propery/attribute
• PR #42314: (rallytime) Add clarification to salt ssh docs about key auto-generation.
• PR #42308: (lubyou) Force file removal on Windows. Fixes #42295
• PR #42289: (CorvinM) Multiple empty_password fixes for state.user
• PR #42282: (rallytime) Handle libcloud objects that throw RepresenterErrors with --out=yaml
• PR #42275: (terminalmage) pkg.installed: pack name/version into pkgs argument
• PR #42269: (rallytime) Add some clarity to "multiple quotes" section of yaml docs
• PR #42264: (rallytime) Update minion restart section in FAQ doc for windows
• PR #42262: (rallytime) Back-port #42224 to 2016.11
• PR #42261: (rallytime) Some minor doc fixes for dnsutil module so they'll render correctly
• PR #42253: (gtmanfred) Only use unassociated ips when unable to allocate
• PR #42252: (UtahDave) simple docstring updates
• PR #42235: (astronouth7303) Abolish references to dig in examples.
• PR #42224: (tdutrion) Remove duplicate instruction in Openstack Rackspace config example | refs:
#42262
• PR #42215: (twangboy) Add missing config to example
• PR #42211: (terminalmage) Only pass a saltenv in orchestration if one was explicitly passed (2016.11)
• PR #42181: (garethgreenaway) fixes to state.py for names parameter
• PR #42176: (rallytime) Back-port #42109 to 2016.11
• PR #42175: (rallytime) Back-port #39366 to 2016.11
• PR #42173: (rallytime) Back-port #37424 to 2016.11
• PR #42172: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11
• PR #42164: (Ch3LL) Fix kerberos create_keytab doc
• PR #42163: (vutny) Fix #42115: parse libcloud "rc" version correctly
• PR #42155: (phsteve) Fix docs for puppet.plugin_sync
• PR #42142: (Ch3LL) Update builds available for rc1
• PR #42141: (rallytime) Back-port #42098 to 2016.11
• PR #42140: (rallytime) Back-port #42097 to 2016.11
• PR #42123: (vutny) DOCS: describe importing custom util classes
• PR #42121: (terminalmage) Fix pillar.get when saltenv is passed
• PR #42119: (terminalmage) Fix regression in CLI pillar override for salt-call
• PR #42109: (arthurlogilab) [doc] Update aws.rst - add Debian default username | refs: #42176
• PR #42098: (twangboy) Change repo_ng to repo-ng | refs: #42141
• PR #42097: (gtmanfred) require large timediff for ipv6 warning | refs: #42140
• PR #42095: (terminalmage) Add debug logging to dockerng.login
• PR #42094: (terminalmage) Prevent command from showing in exception when output_loglevel=quiet
• PR #41945: (garethgreenaway) Fixes to modules/git.py
• PR #41543: (cri-epita) Fix user creation with empty password | refs: #42289 #42289
• PR #39366: (dglloyd) Pass sig to service.status in after_toggle | refs: #42175
• PR #38965: (toanju) salt-cloud will use list_floating_ips for OpenStack | refs: #42253
• PR #37424: (kojiromike) Avoid Early Convert ret['comment'] to String | refs: #42173
• PR #34280: (kevinanderson1) salt-cloud will use list_floating_ips for Openstack | refs: #38965
• 587138d771 Merge pull request #42363 from rallytime/merge-2017.7
• 7aa31ff030 Merge branch '2016.11' into '2017.7'
• b256001760 Merge pull request #42353 from terminalmage/fix-git-test
• 14cf6ce322 is_windows is a function, not a propery/attribute
• 866a1febb4 Merge pull request #42264 from rallytime/fix-41116
• bd638880e3 Add mono-spacing to salt-minion reference for consistency
• 30d62f43da Update minion restart section in FAQ doc for windows
• 9a707088ad Merge pull request #42275 from terminalmage/issue42194
• 663874908a pkg.installed: pack name/version into pkgs argument
• e588f235e0 Merge pull request #42269 from rallytime/fix-41721
• f2250d474a Add a note about using different styles of quotes.
• 38d9b3d553 Add some clarity to "multiple quotes" section of yaml docs
• 5aaa214a75 Merge pull request #42282 from rallytime/fix-42152
• f032223843 Handle libcloud objects that throw RepresenterErrors with --out=yaml
• fb5697a4bc Merge pull request #42308 from lubyou/42295-fix-file-absent-windows
• 026ccf401a Force file removal on Windows. Fixes #42295
• da2a8a518f Merge pull request #42314 from rallytime/fix-42267
• c406046940 Add clarification to salt ssh docs about key auto-generation.
• acadd54013 Merge pull request #41945 from garethgreenaway/41936_allow_identity_files_with_user
• 44841e5626 Moving the call to cp.get_file inside the with block to ensure the umask is preserved
when we grab the file.
• f9ba60eed8 Merge pull request #1 from terminalmage/pr-41945
• 1b6026177c Restrict set_umask to mkstemp call only
• 68549f3496 Fixing umask to we can set files as executable.
• 4949bf3ff3 Updating to swap on the new salt.utils.files.set_umask context_manager
• 8faa9f6d92 Updating PR with requested changes.
• 494765e939 Updating the git module to allow an identity file to be used when passing the user
parameter
• f90e04a2bc Merge pull request #42289 from CorvinM/bp-41543
• 357dc22f05 Fix user creation with empty password
• a91a3f81b1 Merge pull request #42123 from vutny/fix-master-utils-import
• 6bb8b8f98c Add missing doc for utils_dirs Minion config option
• f1bc58f6d5 Utils: add example of module import
• e2aa5114e4 Merge pull request #42261 from rallytime/minor-doc-fix
• 8c76bbb53d Some minor doc fixes for dnsutil module so they'll render correctly
• 3e9dfbc9cc Merge pull request #42262 from rallytime/bp-42224
• c31ded341c Remove duplicate instruction in Openstack Rackspace config example
• 7780579c36 Merge pull request #42181 from garethgreenaway/42137_backport_fix_from_2017_7
• a34970b45b Back porting the fix for 2017.7 that ensures the order of the names parameter.
• 72537868a6 Merge pull request #42253 from gtmanfred/2016.11
• 53e25760be Only use unassociated ips when unable to allocate
• b2a4698b5d Merge pull request #42252 from UtahDave/2016.11local
• e6a9563d47 simple doc updates
• 781fe13be7 Merge pull request #42235 from astronouth7303/patch-1-2016.3
• 4cb51bd03a Make note of dig partial requirement.
• 08e7d8351a Abolish references to dig in examples.
• 83cbd76f16 Merge pull request #42215 from twangboy/win_iis_docs
• c07e22041a Add missing config to example
• 274946ab00 Merge pull request #42211 from terminalmage/issue40928
• 22a18fa2ed Only pass a saltenv in orchestration if one was explicitly passed (2016.11)
• 89261cf06c Merge pull request #42173 from rallytime/bp-37424
• 01addb6053 Avoid Early Convert ret['comment'] to String
• 3b17fb7f83 Merge pull request #42175 from rallytime/bp-39366
• 53f7b987e8 Pass sig to service.status in after_toggle
• ea16f47f0a Merge pull request #42172 from rallytime/merge-2016.11
• b1fa332a11 Merge branch '2016.3' into '2016.11'
• 8fa1fa5bb1 Merge pull request #42155 from phsteve/doc-fix-puppet
• fb2cb78a31 Fix docs for puppet.plugin_sync so code-block renders properly and sync is spelled
consistently
• 6307b9873f Merge pull request #42176 from rallytime/bp-42109
• 686926daf7 Update aws.rst - add Debian default username
• 28c4e4c3b7 Merge pull request #42095 from terminalmage/docker-login-debugging
• bd27870a71 Add debug logging to dockerng.login
• 2b754bc5af Merge pull request #42119 from terminalmage/issue42116
• 9a268949e3 Add integration test for 42116
• 1bb42bb609 Fix regression when CLI pillar override is used with salt-call
• 8c0a83cbb5 Merge pull request #42121 from terminalmage/issue42114
• d14291267f Fix pillar.get when saltenv is passed
• 687992c240 Merge pull request #42094 from terminalmage/quiet-exception
• 47d61f4edf Prevent command from showing in exception when output_loglevel=quiet
• dad255160c Merge pull request #42163 from vutny/fix-42115
• b27b1e340a Fix #42115: parse libcloud "rc" version correctly
• 2a8ae2b3b6 Merge pull request #42164 from Ch3LL/fix_kerb_doc
• 7c0fb248ec Fix kerberos create_keytab doc
• 678d4d4098 Merge pull request #42141 from rallytime/bp-42098
• bd80243233 Change repo_ng to repo-ng
• c8afd7a3c9 Merge pull request #42140 from rallytime/bp-42097
• 9c4e132540 Import datetime
• 1435bf177e require large timediff for ipv6 warning
• c239664c8b Merge pull request #42142 from Ch3LL/change_builds
• e1694af39c Update builds available for rc1
• PR #42340: (isbm) Bugfix: Jobs scheduled to run at a future time stay pending for Salt … @
2017-07-18T18:13:36Z
• ISSUE #1036125: (**)
• 55b7a5cb4a Merge pull request #42340 from isbm/isbm-jobs-scheduled-in-a-future-2017.7-bsc1036125
• 774d204d65 Bugfix: Jobs scheduled to run at a future time stay pending for Salt minions
(bsc`#1036125`_)
• PR #42327: (mirceaulinic) Default skip_verify to False @ 2017-07-18T18:04:36Z
• e72616c5f1 Merge pull request #42327 from mirceaulinic/patch-10
• c830573a2c Trailing whitespaces
• c83e6fc696 Default skip_verify to False
• PR #42179: (rallytime) Fix some documentation issues found in jinja filters doc topic @
2017-07-18T18:01:57Z
• ISSUE #42151: (sjorge) Doc errors in jinja doc for develop branch | refs: #42179 #42179
• ba799b2831 Merge pull request #42179 from rallytime/fix-42151
• 798d29276e Add note about "to_bytes" jinja filter issues when using yaml_jinja renderer
• 1bbff572ab Fix some documentation issues found in jinja filters doc topic
• PR #42087: (abulford) Make result=true if Docker volume already exists @ 2017-07-17T18:41:47Z
• ISSUE #42076: (abulford) dockerng.volume_present test looks as though it would cause a change | refs:
#42086 #42086 #42087 #42087
• PR #42086: (abulford) Make result=true if Docker volume already exists | refs: #42087
• 8dbb93851d Merge pull request #42087 from redmatter/fix-dockerng-volume-present-result-2017.7
• 2e1dc95500 Make result=true if Docker volume already exists
• PR #42186: (rallytime) Use long_range function for IPv6Network hosts() function @ 2017-07-17T18:39:35Z
• ISSUE #42166: (sjorge) [2017.7.0rc1] jinja filter network_hosts fails on large IPv6 networks | refs:
#42186
• c84d6db548 Merge pull request #42186 from rallytime/fix-42166
• b8bcc0d599 Add note to various network_hosts docs about long_run for IPv6 networks
• 11862743c2 Use long_range function for IPv6Network hosts() function
• PR #42210: (terminalmage) Only pass a saltenv in orchestration if one was explicitly passed (2017.7) @
2017-07-17T18:22:39Z
• e7b79e0fd2 Merge pull request #42210 from terminalmage/issue40928-2017.7
• 771ade5d73 Only pass a saltenv in orchestration if one was explicitly passed (2017.7)
• PR #42236: (mirceaulinic) New option for napalm proxy/minion: provider @ 2017-07-17T18:19:56Z
• 0e49021b0e Merge pull request #42236 from cloudflare/napalm-provider
• 1ac69bd737 Document the provider option and rearrange the doc
• 4bf4b14161 New option for napalm proxy/minion: provider
• PR #42257: (twangboy) Fix unit.pillar.test_git for Windows @ 2017-07-17T17:51:42Z
• 3ec5bb1c2f Merge pull request #42257 from twangboy/win_unit_pillar_test_git
• 45be32666a Add error-handling function to shutil.rmtree
• PR #42258: (twangboy) Fix unit.states.test_environ for Windows @ 2017-07-17T17:50:38Z
• 36395625c2 Merge pull request #42258 from twangboy/win_unit_states_tests_environ
• 55b278c478 Mock the reg.read_value function
• PR #42265: (rallytime) Gate boto_elb tests if proper version of moto isn't installed @
2017-07-17T17:47:52Z
• 894bdd2b19 Merge pull request #42265 from rallytime/gate-moto-version
• 78cdee51d5 Gate boto_elb tests if proper version of moto isn't installed
• PR #42277: (twangboy) Fix unit.states.test_winrepo for Windows @ 2017-07-17T17:37:07Z
• baf04f2a2d Merge pull request #42277 from twangboy/win_unit_states_test_winrepo
• ed89cd0b93 Use os.sep for path seps
• PR #42309: (terminalmage) Change "TBD" in versionadded to "2017.7.0" @ 2017-07-17T17:11:45Z
• be6b211683 Merge pull request #42309 from terminalmage/fix-versionadded
• 603f5b7de6 Change "TBD" in versionadded to "2017.7.0"
• PR #42206: (rallytime) [PY3] Fix test that is flaky in Python 3 | refs: #42783 @ 2017-07-17T17:09:53Z
• acd29f9b38 Merge pull request #42206 from rallytime/fix-flaky-test
• 2be4865f48 [PY3] Fix test that is flaky in Python 3
• PR #42126: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-07-17T17:07:19Z
• 8f1cb287cf Merge pull request #42126 from rallytime/merge-2017.7
• 8b35b367b3 Merge branch '2016.11' into '2017.7'
• PR #42078: (damon-atkins) pkg.install and pkg.remove fix version number input. @ 2017-07-05T06:04:57Z
• 4780d7830a Merge pull request #42078 from damon-atkins/fix_convert_flt_str_version_on_cmd_line
• 09d37dd892 Fix comment typo
• 7167549425 Handle version=None when converted to a string it becomes 'None' parm should default to
empty string rather than None, it would fix better with existing code.
• 4fb2bb1856 Fix typo
• cf55c3361c pkg.install and pkg.remove on the command line take number version numbers, store them
within a float. However version is a string, to support versions numbers like 1.3.4
• PR #42105: (Ch3LL) Update releasecanddiate doc with new 2017.7.0rc1 Release @ 2017-07-04T03:14:42Z
• 46d575acbc Merge pull request #42105 from Ch3LL/update_rc
• d4e7b91608 Update releasecanddiate doc with new 2017.7.0rc1 Release
• PR #42099: (rallytime) Remove references in docs to pip install salt-cloud @ 2017-07-03T22:13:44Z
• ISSUE #41885: (astronouth7303) Recommended pip installation outdated? | refs: #42099
• d38548bbbd Merge pull request #42099 from rallytime/fix-41885
• c2822e05ad Remove references in docs to pip install salt-cloud
• PR #42086: (abulford) Make result=true if Docker volume already exists | refs: #42087 @
2017-07-03T15:48:33Z
• ISSUE #42076: (abulford) dockerng.volume_present test looks as though it would cause a change | refs:
#42086 #42086 #42087 #42087
• 81d606a8cb Merge pull request #42086 from redmatter/fix-dockerng-volume-present-result
• 8d549685a7 Make result=true if Docker volume already exists
• PR #42021: (gtmanfred) Set concurrent to True when running states with sudo @ 2017-06-30T21:02:15Z
• ISSUE #25842: (shikhartanwar) Running salt-minion as non-root user to execute sudo commands always
returns an error | refs: #42021
• 7160697123 Merge pull request #42021 from gtmanfred/2016.11
• 26beb18aa5 Set concurrent to True when running states with sudo
• PR #42029: (terminalmage) Mock socket.getaddrinfo in
unit.utils.network_test.NetworkTestCase.test_host_to_ips @ 2017-06-30T20:58:56Z
• b784fbbdf8 Merge pull request #42029 from terminalmage/host_to_ips
• 26f848e111 Mock socket.getaddrinfo in unit.utils.network_test.NetworkTestCase.test_host_to_ips
• PR #42055: (dmurphy18) Upgrade support for gnupg v2.1 and higher @ 2017-06-30T20:54:02Z
• e067020b9b Merge pull request #42055 from dmurphy18/handle_gnupgv21
• e20cea6350 Upgrade support for gnupg v2.1 and higher
• PR #42048: (Ch3LL) Add initial 2016.11.7 Release Notes @ 2017-06-30T16:00:05Z
• 74ba2abc48 Merge pull request #42048 from Ch3LL/add_11.7
• 1de5e008a0 Add initial 2016.11.7 Release Notes
Build Notes
Mac Installer Packages
Mac Installer packages have been patched with the following PR: 43756
Salt 2017.7.3 Release Notes
Version 2017.7.3 is a bugfix release for 2017.7.0.
Changes for v2017.7.2..v2017.7.3
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2018-01-25T20:45:09Z
Statistics:
• Total Merges: 499
• Total Issue references: 161
• Total PR references: 599
Changes:
Windows
Execution module pkg
Significate changes (PR #43708 & #45390, damon-atkins) have been made to the pkg execution module. Users
should test this release against their existing package sls definition files.
• pkg.list_available no longer defaults to refreshing the winrepo meta database.
• pkg.install without a version parameter no longer upgrades software if the software is already
installed. Use pkg.install version=latest or in a state use pkg.latest to get the old behavior.
• pkg.list_pkgs now returns multiple versions if software installed more than once.
• pkg.list_pkgs now returns 'Not Found' when the version is not found instead of '(value not set)' which
matches the contents of the sls definitions.
• pkg.remove() will wait upto 3 seconds (normally about a second) to detect changes in the registry after
removing software, improving reporting of version changes.
• pkg.remove() can remove latest software, if latest is defined in sls definition.
• Documentation was update for the execution module to match the style in new versions, some corrections
as well.
• All install/remove commands are prefix with cmd.exe shell and cmdmod is called with a command line
string instead of a list. Some sls files in saltstack/salt-winrepo-ng expected the commands to be
prefixed with cmd.exe (i.e. the use of &).
• Some execution module functions results, now behavour more like their Unix/Linux versions.
Execution module cmdmod
Windows cmdmod forcing cmd to be a list (issue #43522) resolved by "cmdmod: Don't list-ify string
commands on Windows" PR #43807. Linux/Unix OS command & arguments requires a list. Windows was being
treated the same. Windows requires commands & arguments to be a string, which this PR fixes.
• PR #45681: (damon-atkins) 2017.7.3 Release notes for Windows @ 2018-01-25T15:13:18Z
• ce41f6a6ee Merge pull request #45681 from damon-atkins/2017.7.3_win_release_notes
• 1d21f86228 Update 2017.7.3.rst
• PR #45672: (rallytime) Back-port #45667 to 2017.7.3 @ 2018-01-25T14:04:54Z
• PR #45667: (gtmanfred) default to upgrading when refreshing on archlinux | refs: #45672
• 2f303439b7 Merge pull request #45672 from rallytime/bp-45667
• 74bbaeb7ce we should default to upgrading when refreshing on archlinux
• PR #45669: (rallytime) Update man pages for 2017.7.3 release @ 2018-01-24T21:04:59Z
• 23ff1264e0 Merge pull request #45669 from rallytime/man-pages-2017.7.3
• d31b41adeb Update man pages for 2017.7.3 release
• PR #45666: (terminalmage) Fix failing pkg integration tests for releases with no '.' @
2018-01-24T17:19:10Z
• 9a17405ba6 Merge pull request #45666 from terminalmage/salt-jenkins-793
• 4a6ab729dd Fix failing pkg integration tests for releases with no '.'
• PR #45664: (rallytime) Back-port #45452 to 2017.7.3 @ 2018-01-24T15:33:13Z
• PR #45452: (adelcast) opkg.py: make owner fuction return value, instead of iterator | refs: #45664
• 0717f7a578 Merge pull request #45664 from rallytime/bp-45452
• 369720677b opkg.py: make owner function return value, instead of iterator
• PR #45649: (rallytime) Back-port #45634 to 2017.7.3 @ 2018-01-24T14:59:43Z
• PR #45634: (Ch3LL) Add different service name for Mac 10.13 test | refs: #45649
• 7934372b7b Merge pull request #45649 from rallytime/bp-45634
• 1c78fc23ea Add different service name for Mac 10.13 test
• PR #45654: (twangboy) Merge forward #45638 @ 2018-01-24T14:59:14Z
• PR #45638: (twangboy) Win fix shell info | refs: #45654
• 770f0c4664 Merge pull request #45654 from twangboy/win_fix_shell_info_2017.7.3
• 5bb01aeb8c Merge forward #45638
• PR #45653: (rallytime) Back-port #45611 to 2017.7.3 @ 2018-01-24T05:20:11Z
• PR #45611: (terminalmage) Fix unnecessary/incorrect usage of six.binary_type | refs: #45653
• 6fc293da46 Merge pull request #45653 from rallytime/bp-45611
• 0a6b06d8ea Fix unnecessary/incorrect usage of six.binary_type
• PR #45642: (rallytime) Back-port #45636 to 2017.7.3 @ 2018-01-23T22:00:30Z
• PR #45636: (Ch3LL) Fix mac service and pkg tests for 10.13 | refs: #45642
• 0a07e0d259 Merge pull request #45642 from rallytime/bp-45636
• df0ad54c9a remove unnecessary variable for test
• acb14fd43d fix pylint
• a9b12cd1ea Fix mac service and pkg tests for 10.13
• PR #45645: (rallytime) Back-port #45606 to 2017.7.3 @ 2018-01-23T21:54:45Z
• PR #45606: (terminalmage) Fix bug affecting salt-ssh when root_dir differs from the default | refs:
#45645
• f37a5b6d8d Merge pull request #45645 from rallytime/bp-45606
• d52d96f30a Fix bug affecting salt-ssh when root_dir differs from the default
• PR #45641: (rallytime) Back-port #45508 to 2017.7.3 @ 2018-01-23T21:18:39Z
• PR #45508: (frogunder) fix test_archive test for mac on 2017.7 branch | refs: #45641
• e659793c09 Merge pull request #45641 from rallytime/bp-45508
• e6917a291e fix test_archive test for mac on 2017.7 branch
• PR #45604: (rallytime) Back-port #45582 to 2017.7.3 @ 2018-01-22T16:54:15Z
• PR #45582: (terminalmage) Two salt-ssh fixes | refs: #45604
• ced3269ae8 Merge pull request #45604 from rallytime/bp-45582
• bc8a450cc7 Remove state.py utils file from thin list
• 629e6c9674 Further fixes to for salt-ssh test under heavy load
• 0dff596b59 Add salt/utils/state.py to thin tarball
• a61afda100 Pass on OSError if thin tarball already removed
• PR #45591: (gtmanfred) mark minion_blackout tests as flaky @ 2018-01-22T00:14:31Z
• 4672baa6c8 Merge pull request #45591 from gtmanfred/2017.7.3
• f7fd35fc4a test updating the minion blackout timeout to 10 seconds
• PR #45585: (rallytime) Back-port #45579 to 2017.7.3 @ 2018-01-22T00:13:59Z
• PR #45579: (terminalmage) Test suite stability fixes | refs: #45585
• 2a992f9017 Merge pull request #45585 from rallytime/bp-45579
• 0292c8345b Lint fix: use six's map
• 108d8cbeef Use correct utils path for 2017.7
• a38f4cb6d6 Restrict pyzmq optimizations to pyzmq >= 14.3.0
• 58ad558346 Fix event unpack
• PR #45573: (gtmanfred) update 2017.7.3 tests @ 2018-01-20T20:05:13Z
• 19cd97ed3b Merge pull request #45573 from gtmanfred/2017.7.3
• bd3cb47fa7 fix mock for opensuse
• 808e26e69a test simple website
• PR #45570: (gtmanfred) Fix tests for 2017.7.3 @ 2018-01-20T15:01:21Z
• e72d81ef22 Merge pull request #45570 from gtmanfred/2017.7.3
• 1f71f301ba specify checking man page path
• 2ddbcb45c1 fix pkg_resources for usage with testing pip
• 0ba39a7108 switch systemd-journald for sshd for arch service test
• PR #45538: (gtmanfred) Backport test fixes to 2017.7.3 @ 2018-01-19T14:39:44Z
• 7bc60c56d4 Merge pull request #45538 from gtmanfred/2017.7.3
• 801e0639b6 Merge branch '2017.7.3' into 2017.7.3
• PR #45533: (rallytime) Back-port #45529 to 2017.7.3 @ 2018-01-18T22:52:29Z
• PR #45529: (Ch3LL) Fix UnboundLocalError for pacman pkg installs | refs: #45533
• 8ad65e3359 Merge pull request #45533 from rallytime/bp-45529
• 6d56c64d88 Fix UnboundLocalError for pacman pkg installs
• 8d907ee1a0 fix moto version
• 1241ab5fc6 fix test boto imports
• f4b6367cf9 fix fedora pkg test
• PR #45442: (rallytime) Back-port #45399 to 2017.7.3 @ 2018-01-17T17:20:48Z
• ISSUE #45394: (dmurphy18) git.latest fails when "depth" is used with a non-default branch | refs:
#45399
• PR #45399: (terminalmage) Fix git.latest failure when rev is not the default branch | refs: #45442
• 7379f9e3e5 Merge pull request #45442 from rallytime/bp-45399
• 590a6db626 Lint: use support TMP path instead of integration TMP path
• c081b2c62c Fix git.latest failure when rev is not the default branch
• PR #45468: (twangboy) Fix some issues with reg.py @ 2018-01-16T22:23:47Z
• ee5090f69b Merge pull request #45468 from twangboy/win_reg
• a0d21c6354 Fix some issues with reg.py
• PR #45434: (rallytime) Back-port #45174 to 2017.7.3 @ 2018-01-14T12:43:16Z
• ISSUE #44913: (ari) FreeBSD packaging install performance regression | refs: #45174
• PR #45174: (eradman) Do not force pkg reinstall on FreeBSD | refs: #45434
• ef7a896eb6 Merge pull request #45434 from rallytime/bp-45174
• b310ff7ab8 Do not force pkg reinstall on FreeBSD
• PR #45395: (rallytime) Back-port #45380 to 2017.7.3 @ 2018-01-12T18:49:20Z
• PR #45380: (twangboy) Backport changes from #45308 | refs: #45395
• PR #45308: (twangboy) Fix integration.modules.test_state for Windows | refs: #45380
• c3fdd1dcc4 Merge pull request #45395 from rallytime/bp-45380
• 0356b3d56f Backport changes from #45308
• PR #45294: (gtmanfred) include backports_abc @ 2018-01-11T18:18:16Z
• ISSUE #44107: (anlutro) salt-ssh 2017.7 doesn't work with Python 3, missing backports_abc | refs:
#45294
• f7da716d32 Merge pull request #45294 from gtmanfred/2017.7
• 3633ceeaa7 Merge branch '2017.7' into 2017.7
• 29806e4496 ignore salt.ext in pylint
• 8b597a4890 include backports_abc
• PR #45381: (gtmanfred) fix module.run docs @ 2018-01-11T18:02:38Z
• ISSUE #43130: (boltronics) module.run documentation issues | refs: #45381
• f77a3e9cd4 Merge pull request #45381 from gtmanfred/module.run
• 230e899192 fix module.run docs
• PR #45368: (DmitryKuzmenko) Fixes to work with pyzmq with --enable-drafts @ 2018-01-11T17:53:16Z
• ISSUE #43995: (dragonpaw) Using zmq built with --enable-draft breaks Salt | refs: #45368
• 8efd29f4d9 Merge pull request #45368 from DSRCorporation/bugs/zmq_draft
• 7622e355cf Minor: removed a stale comment.
• 00f31bf9b5 Fixes to work with pyzmq with --enable-drafts
• PR #45371: (rallytime) Back-port #45158 to 2017.7 @ 2018-01-11T17:51:38Z
• PR #45158: (terminalmage) Fix integration.modules.test_state.StateModuleTest.test_exclude | refs:
#45371
• 22c3efda06 Merge pull request #45371 from rallytime/bp-45158
• 3565bc2bf2 Don't use include-test SLS in orch tests
• 8bc17e0d7a Fix integration.modules.test_state.StateModuleTest.test_exclude
• PR #45387: (renner) Set SHELL environment variable @ 2018-01-11T16:23:21Z
• PR #40630: (mateiw) develop: SUSE specific changes to salt-api.service | refs: #45387
• PR #40620: (mateiw) SUSE specific changes to salt-api.service | refs: #45387 #40630
• 3a0e2de995 Merge pull request #45387 from renner/patch-2
• 530ddd2d29 Set SHELL environment variable
• PR #45388: (terminalmage) Fix loader error in 2017.7 tests @ 2018-01-11T16:13:53Z
• dcf98a2260 Merge pull request #45388 from terminalmage/fix-test-loader-error
• 5473c085d9 Fix loader error in 2017.7 tests
• PR #45382: (terminalmage) Skip flaky test on 2017.7 branch @ 2018-01-11T14:23:05Z
• d15f9e1020 Merge pull request #45382 from terminalmage/salt-jenkins-686
• ff3039db6c Skip flaky test on 2017.7 branch
• PR #45369: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2018-01-10T22:14:05Z
• PR #45327: (lomeroe) Backport #44861 to 2016.11
• PR #45268: (damon-atkins) Fix pkg.install packagename version=latest i.e. if on an old version is
installed
• PR #44861: (twangboy) Fix win_lgpo for unknown values | refs: #45327
• dbe21b2c0d Merge pull request #45369 from rallytime/merge-2017.7
• f65e091df8 Merge branch '2016.11' into '2017.7'
• 0959ae4ea3 Merge pull request #45327 from lomeroe/
`
bp-44861`__2016.11
• 784139f734 Check for values other than 0 or 1
• a6db5f95f0 Merge pull request #45268 from damon-atkins/2016.11_win_pkg_pkg_install_latest
• 325a9f0f66 Update 2016.11.9.rst
• 4da9200b9c Update 2016.11.9.rst
• 126aee36ac Update 2016.11.9.rst
• 1c01967943 Update 2016.11.9.rst
• a0d89882b8 Fix pkg.install packagename version=latest i.e. if on an old version upgrade to the
latest
• PR #45379: (rhoths) Minor spelling/grammar fixes in the highstate returner documentation @
2018-01-10T20:09:52Z
• 55979b3a48 Merge pull request #45379 from rhoths/rhoths-doc-highstate-1
• afbbd492cd Minor spelling/grammar fixes in highstate returner
• PR #45358: (UtahDave) gate the minion data cache refresh events. @ 2018-01-10T17:21:05Z
• PR #45299: (garethgreenaway) [2017.7] config gate auth_events | refs: #45358
• 541e59fa75 Merge pull request #45358 from UtahDave/gate_data_cache_refresh
• 379b6cd23e should be self, not salt
• a82e158f2d gate the minion data cache refresh events.
• PR #45297: (Ch3LL) Allow macosx service state tests to check for pid return @ 2018-01-09T20:47:24Z
• fb87010461 Merge pull request #45297 from Ch3LL/mac_service_state
• 4e569b5802 Allow macosx service state tests to check for pid return
• PR #45351: (dmurphy18) Update debbuild to explicitly include source code for Debian, Ubuntu @
2018-01-09T17:21:51Z
• beedf6e815 Merge pull request #45351 from dmurphy18/upd_debbuild
• 478dc70092 Update debbuild flags
• PR #45299: (garethgreenaway) [2017.7] config gate auth_events | refs: #45358 @ 2018-01-09T15:00:30Z
• 66da9b47bc Merge pull request #45299 from garethgreenaway/config_gate_auth_events
• 9a15ec3430 Updating versionadded string. Fixing typo.
• edfc3dc078 Adding in documention for auth_events configuration option
• 3ee4eabffd Fixing small typo
• 6a28bddcc9 Adding some code to config gate if auth_events are sent
• PR #44856: (Ch3LL) Add state.running ssh integration test @ 2018-01-08T21:40:50Z
• 8d04c2b3d4 Merge pull request #44856 from Ch3LL/running_test
• 9a35a73711 add time limit to while loop
• aeb5f4e248 Add state.running ssh integration test
• PR #45295: (gtmanfred) test directory that doesn't exist @ 2018-01-08T20:59:53Z
• ISSUE #675: (akoumjian) virtualenv fails without specifying no_site_packages | refs: #45295
• d0e5e70277 Merge pull request #45295 from gtmanfred/test_directory
• e6178fe6d4 Merge branch '2017.7' into test_directory
• 24114e91c1 test was different slightly on 2017.7
• d20fc93625 test directory that doesn't exist
• PR #45302: (gtmanfred) fix proxy tests for py3 on 2017.7 @ 2018-01-08T17:41:58Z
• ISSUE #678: (pille) add watch support for directories | refs: #45302
• f49b204b75 Merge pull request #45302 from gtmanfred/proxyp3
• b295ec0429 make dummy proxy module py3 compatible
• 8736e21f65 fix starting proxy minion on py3
• e2824a7253 fix py3 tests
• PR #45279: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2018-01-08T17:26:49Z
• PR #45256: (rallytime) Back-port #45034 to 2016.11
• PR #45034: (brejoc) Fix for pidfile removal logging | refs: #45256
• eea7158e82 Merge pull request #45279 from rallytime/merge-2017.7
• 8025b14584 Merge branch '2016.11' into '2017.7'
• 1c5e905b61 Merge pull request #45256 from rallytime/bp-45034
• 68f971b38f Apply test fixes from #45034 to parsers_test.py
• 9454236694 Fix for pidfile removal logging
• PR #44853: (gtmanfred) remove not from vault utils @ 2018-01-05T17:43:18Z
• dab4a8cff3 Merge pull request #44853 from gtmanfred/vault
• bfee1cead6 set role for loading minion config
• c5af2e5048 if utils is not loaded, load it
• 6a5e0f9ac1 remove not from vault utils
• PR #45277: (rallytime) Back-port #45025 to 2017.7 @ 2018-01-05T15:35:53Z
• PR #45025: (steverweber) Fix pillar include merge order | refs: #45277
• f09d0e5fdb Merge pull request #45277 from rallytime/bp-45025
• 942c14bb29 pillar body overrides includes
• 1152202fdc fix pillar includes from merging over the current sls defines
• PR #45276: (rallytime) Back-port #45260 to 2017.7 @ 2018-01-05T14:45:40Z
• PR #45260: (gtmanfred) Make some kitchen-salt tests blue | refs: #45276
• fc84f1104f Merge pull request #45276 from rallytime/bp-45260
• 9ab1af738f switch kitchen-salt to use rsync transport to preserve symlinks
• cf98ed472e fix up symlinks
• PR #45255: (rallytime) Back-port #44427 to 2017.7 @ 2018-01-04T21:46:17Z
• ISSUE #43340: (syphernl) Upgrading Salt via Salt results in dying minions and broken dpkg | refs:
#45255
• PR #44427: (samodid) use KillMode=process for salt-minion.service | refs: #45255
• ff9880c498 Merge pull request #45255 from rallytime/bp-44427
• 6ceafbbf3a use KillMode=process for salt-minion.service
• PR #45251: (forksaber) Fix #23454 : make pydsl work with salt-ssh @ 2018-01-04T21:33:09Z
• ISSUE #23454: (HontoNoRoger) SLS rendering error with Salt-SSH (pydsl) | refs: #45251
• e715eb603f Merge pull request #45251 from forksaber/salt-ssh-pydsl
• b3660d5190 [#23454] make pydsl work with salt-ssh
• PR #45254: (Ch3LL) Add darwin value for ssh grain items tests on MacOSX @ 2018-01-04T21:31:35Z
• 2934b60d53 Merge pull request #45254 from Ch3LL/fix_mac_grain_ssh
• b4b59b89cd remove platform from salt.utils call for 2017.7
• 85e853a63d Add darwin value for ssh grain items tests on MacOSX
• PR #45135: (twangboy) Fix win_dacl problems with SIDs @ 2018-01-04T21:01:48Z
• af2d880303 Merge pull request #45135 from twangboy/win_fix_dacl
• b31e08946a Merge branch '2017.7' into win_fix_dacl
• 35a417f510 Fix win_dacl problems with SIDs
• PR #44930: (frogunder) man_spm_test @ 2018-01-04T20:58:02Z
• ISSUE #43806: (Ch3LL) Add spm man Test to Auto Test Suite | refs: #44930
• d0a3770035 Merge pull request #44930 from frogunder/man_spm
• 48e6953e1f fix_string_error
• c9fa4ed2a7 man_spm_test
• PR #45259: (Ch3LL) Fix MacOSX Service Status Check and integration test @ 2018-01-04T14:25:01Z
• 543eebf411 Merge pull request #45259 from Ch3LL/fix-mac-service-test
• 74e6ed60ea Fix MacOSX Service Status Check and integration test
• PR #45263: (sumeetisp) Updating python version for 2017.7 @ 2018-01-04T14:16:26Z
• ISSUE #1: (thatch45) Enable regex on the salt cli
• bbbd1872a7 Merge pull request #45263 from sumeetisp/2017.7
• e3a5ee3a08 Merge branch '2017.7' into 2017.7
• 71aea9a3bc Merge pull request #1 from sumeetisp/sumeetisp-python-version
• 1b4806e2b9 Updating python version
• PR #45244: (twangboy) Fix search/replace in Py3 @ 2018-01-04T14:02:22Z
• d46e1197be Merge pull request #45244 from twangboy/win_fix_portable.py
• e3a8279c01 Get path to python binary based on executable
• 03aec37040 Fix search/replace in Py3
• PR #45233: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2018-01-03T15:34:00Z
• ISSUE #27160: (martinadolfi) salt.states.mount persistence error using spaces in route | refs: #45232
#45232
• ISSUE #598: (syphernl) Explanation on how to execute interactive installs | refs: #45209
• PR #45235: (rallytime) Back-port #45209 to 2016.11
• PR #45232: (rasathus) Backport #27160 to 2016.11
• PR #45209: (gtmanfred) enable UsePAM for ssh tests | refs: #45235
• PR #44965: (gtmanfred) check if VALUE is a string_type
• eba360870a Merge pull request #45233 from rallytime/merge-2017.7
• a3d251b2cd Merge branch '2016.11' into '2017.7'
• b75f50afe3 Merge pull request #45235 from rallytime/bp-45209
• 2d0a9bbf7e enable UsePAM for ssh tests
• 5d9a1e91e9 Merge branch '2016.11' into '2017.7'
• 3ab962b01a Merge pull request #44965 from gtmanfred/2016.11
• a5d8a6340e check if VALUE is a string_type
• 40fb30f63f Merge pull request #45232 from rasathus/2016.11
• 7a2bd8f49b Merge branch '2016.11' into 2016.11
• de53c45c29 Backport #27160 to 2016.11
• PR #45175: (amendlik) Pkg uptodate @ 2018-01-02T17:38:36Z
• 693cc807e8 Merge pull request #45175 from amendlik/pkg-uptodate
• 4f514a29a7 Merge branch '2017.7' into pkg-uptodate
• PR #45226: (gtmanfred) Update kitchen to use runtests verifier on 2017.7 @ 2017-12-31T18:13:28Z
• 1b3f3ba1be Merge pull request #45226 from gtmanfred/2017.7
• 4f3b089e0e fix copying back
• f56f062a6a download xml for junit
• 7cc342a5d6 use new runtests verifier
• PR #45221: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-12-30T18:08:29Z
• ISSUE #45188: (jak3kaj) salt state status.process always returns false | refs: #45199
• ISSUE #44516: (doesitblend) Windows PY3 Minion Returns UTF16 UnicodeError | refs: #44944 #45161
• PR #45199: (gtmanfred) status.pid returns pid ids not process names
• PR #45161: (lomeroe) Backport #44944 to 2016.11
• PR #44944: (lomeroe) win_lgpo registry.pol encoding updates | refs: #45161
• 7d3a6cbc65 Merge pull request #45221 from rallytime/merge-2017.7
• 508599e159 Merge branch '2016.11' into '2017.7'
• 707ef55175 Merge pull request #45161 from lomeroe/
`
bp-44944`__2016.11
• 0a4c6b5a83 remove references to six.unichr
• f3196d795d lint fixes for static regexes
• 11b637d108 lint fixes
• c14d6282ad do not decode registry.pol file wholesale, but instead decode individual elements of the
file
• 6f52034e08 Merge pull request #45199 from gtmanfred/status
• fb07f9ea7d status.pid returns pid ids not process names
• PR #45204: (garethgreenaway) [2017.7] Fixes to osquery module & addition of unit tests @
2017-12-30T13:25:38Z
• ISSUE #45176: (thuhak) osquery execution module does't work with attrs parameter | refs: #45204
• abed378981 Merge pull request #45204 from garethgreenaway/45176_fixes_to_osquery_module
• dc933e9e24 Fixing typo
• d834bd1b6f Fixing some minor lint issues.
• 4738205154 Fixing a bug when attributes are passed to various osquery module functions.
• 66884334d9 Update states.pkg for Python3 compatibility
• 2a7d76ad6e Fail pkg.uptodate if expected packages are not upgraded
• 29ef67bac2 Test pkg.uptodate with failed upgrades
• 23ab93353b Produce changes dict for pkg.uptodate dry-run mode
• 7c67ec39d9 Add tests for pkg.uptodate state
• PR #45203: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-12-29T01:11:03Z
• ISSUE #44728: (casselt) Nodegroups can not be defined by glob with ? or seq | refs: #45118
• PR #45137: (twangboy) Catch correct error type in list_keys and list_values
• PR #45130: (rallytime) Resolve groups for salt api
• PR #45127: (twangboy) Fix issue with 1641 return code
• PR #45118: (garethgreenaway) [2016.11] Fix to allow nodegroups to include sequences
• PR #45114: (twangboy) Move pam library load to try/except block
• 5991d8ca15 Merge pull request #45203 from rallytime/merge-2017.7
• 430c913c8c Merge branch '2016.11' into '2017.7'
• d3381e27d0 Merge pull request #45118 from garethgreenaway/44728_nodegroups_seq
• 0ff811de70 Swapping import to be the old path for 2016.11
• b3e2f388f5 Fix to allow nodegroups to include sequences
• f969aca3a3 Merge pull request #45127 from twangboy/win_fix_pkg
• 14639739f2 Fix issue with 1641 return code
• dc357b39f0 Merge pull request #45137 from twangboy/win_fix_reg_tests
• b6f4ef8d73 Catch correct error type in list_keys and list_values
• 0aa1662731 Merge pull request #45130 from rallytime/api-groups
• 2dcc8df845 Resolve groups for salt api
• 7dc3cc4641 Merge pull request #45114 from twangboy/win_fix_pam
• cf5eae1f77 Move pam library load to try/except block
• PR #45201: (rallytime) [2017.7] Check for running on python3 before decoding bytes @
2017-12-28T22:59:14Z
• PR #45090: (angeloudy) fix TypeError in python 3 | refs: #45201
• 882267314f Merge pull request #45201 from rallytime/fix-jinja-template-test-failure
• b4af3bdff8 Check for running on python3 before decoding bytes
• PR #45200: (rallytime) [2017.7] Fix docstring integration test failure @ 2017-12-28T22:58:34Z
• PR #44552: (Da-Juan) pip_state: Check if available upgrades fulfill version requirements. | refs:
#45200
• 2e18398f12 Merge pull request #45200 from rallytime/fix-docstring-test-failure
• a26d4795bd [2017.7] Fix docstring integration test failure
• PR #45186: (rallytime) Back-port #44922 to 2017.7 @ 2017-12-28T19:02:51Z
• PR #44922: (dincamihai) Fix salt-master for old psutil | refs: #45186
• 67d97303b5 Merge pull request #45186 from rallytime/bp-44922
• 6970fe8103 Fix salt-master for old psutil
• PR #44624: (eliasp) Fix Traceback when using the service.enabled state on non-booted systems @
2017-12-28T10:58:43Z
• 30d7f7257a Merge pull request #44624 from eliasp/fix-upstart-utmp-exception
• 43d44e051a Do not blindly assume presence of either /var/run/utmp or /run/utmp, none of both might be
available (e.g. on non-booted systems).
• PR #45183: (twangboy) Add libnacl dependency @ 2017-12-27T22:08:32Z
• 3832e7b227 Merge pull request #45183 from twangboy/win_add_libnacl_2017.7
• b46845888d Add libnacl dependency
• PR #44966: (rcallphin) Fix bug with vault runner creating token on empty policy @ 2017-12-22T20:30:37Z
• ISSUE #44928: (rcallphin) Duplicating master token when no match for Minion policy (Vault Module) |
refs: #44966
• fbbf33574e Merge pull request #44966 from rcallphin/fix-bug-vault-empty-policy
• 7f327ab760 Lint: Remove extra whitespace
• 04ab6a5e9d Merge branch '2017.7' into fix-bug-vault-empty-policy
• 5be463bb46 Merge branch '2017.7' into fix-bug-vault-empty-policy
• 48d9cc3674 Fix bug with vault runner creating token on empty policy
• PR #44552: (Da-Juan) pip_state: Check if available upgrades fulfill version requirements. | refs:
#45200 @ 2017-12-22T19:25:17Z
• 487207f61d Merge pull request #44552 from Da-Juan/avoid_unneeded_pip_install
• 49a6a8f02e Merge branch '2017.7' into avoid_unneeded_pip_install
• 3a8e62493d pip_state: Check if available upgrades fulfill version requirements
• 62252d74d9 pip_state: Compare versions using pkg_resources.parse_version
• 5219ab974c Add list_all_versions function to pip module
• PR #45090: (angeloudy) fix TypeError in python 3 | refs: #45201 @ 2017-12-22T18:11:13Z
• 5ae26f0c09 Merge pull request #45090 from angeloudy/2017.7
• cf411f8984 Merge branch '2017.7' into 2017.7
• 177fd18671 fix TypeError in python 3
• PR #45134: (garethgreenaway) [2017.7] fix to cmd.script for cwd with space @ 2017-12-22T15:31:24Z
• ISSUE #44315: (whytewolf) cmd.* cwd does not escape spaces. 2017.7.2 | refs: #45134
• a1946730a9 Merge pull request #45134 from garethgreenaway/44315_cmd_script_cwd_with_space
• 48eafe3206 Adding some tests to tests cmd.script with cwd
• 8dfcf71b08 Adding _cmd_quote to handle cases when the current working directory for cmd.script might
have a space in it.
• PR #44964: (Giandom) added-highstate-output-to-slack-engine @ 2017-12-21T21:32:01Z
• f41adfc913 Merge pull request #44964 from Giandom/2017.7-added-highstate-output-to-slack-engine
• 4526c158f1 added-highstate-output-to-slack-engine
• 573a0a4143 added-highstate-output-to-slack-engine
• 9a6e03ce6e added-highstate-output-to-slack-engine
• PR #45124: (gtmanfred) enable using kitchen-salt with ec2 on 2017.7 @ 2017-12-21T19:11:27Z
• b49ee97938 Merge pull request #45124 from gtmanfred/2017.7
• d0586013eb fix pylint
• 59e2e56d13 chmod the xml files before trying to copy
• a5c1410e23 catch IOError when copying xml files back
• 23bd38ad66 enable using kitchen-salt on ec2
• PR #45087: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-12-20T22:24:51Z
• ISSUE #45049: (vernondcole) salt cloud module documentation is missing from the index. | refs:
#45070
• ISSUE #45036: (dijit) Quiet installation of packaged minions fails due to redistributable not being
quietly installed [py3] [Windows] | refs: #45040 #45040
• ISSUE #44820: (msteed) Custom returner breaks manage runner | refs: #44958
• ISSUE #44378: (llua) minion: infinite loop during start when schedule key is null | refs: #44385
• ISSUE #41286: (arthtux) boto_vpc.accept_vpc_peering_connection wait a object | refs: #41305
• ISSUE #41044: (pirxthepilot) user.present 'date' parameter is not applying | refs: #44078
• PR #45100: (rallytime) Back-port #45070 to 2016.11
• PR #45098: (rallytime) Back-port #45092 to 2016.11
• PR #45092: (terminalmage) Fix
integration.states.test_pip.PipStateTest.test_pip_installed_weird_install | refs: #45098
• PR #45070: (vernondcole) insert clouds modules in index | refs: #45100
• PR #45069: (rallytime) Back-port #45040 to 2016.11
• PR #45040: (dijit) Installation Fails on headless machines. | refs: #45069
• PR #45031: (terminalmage) Fix invalid exception class in mysql returner
• PR #44972: (terminalmage) Backport #44958 to 2016.11 branch
• PR #44970: (rallytime) Update bootstrap script to latest release: 2017.12.13
• PR #44969: (rallytime) Back-port #41305 to 2016.11
• PR #44958: (terminalmage) Fix a race condition in manage runner | refs: #44972
• PR #44385: (gtmanfred) schedule should be a dict in opts
• PR #44078: (rossengeorgiev) user.present: allow date param to be 0
• PR #41305: (arthtux) correct accept_vpc_peering_connection | refs: #44969
• 42e894570d Merge pull request #45087 from rallytime/merge-2017.7
• fe81e2d39a Merge branch '2016.11' into '2017.7'
• 7e128e8f15 Merge pull request #45100 from rallytime/bp-45070
• 0bdb46dab9 add clouds modules to index
• bdf93f339d Merge pull request #45098 from rallytime/bp-45092
• 80b6bd6813 Fix integration.states.test_pip.PipStateTest.test_pip_installed_weird_install
• 4f21a2bbfd Merge branch '2016.11' into '2017.7'
• 324b7d4058 Merge pull request #44078 from rossengeorgiev/fix-41044
• a81a6fe23c fix #41044; allow for date param to be 0
• 48a59761df Merge pull request #44970 from rallytime/update-bootstrap-script
• b2c8057427 Update bootstrap script to latest release: 2017.12.13
• 637fdaed58 Merge pull request #45069 from rallytime/bp-45040
• aa438e1605 Installation Fails on headless machines.
• 4d6d640381 Merge pull request #44969 from rallytime/bp-41305
• 5c4bee43dc correct accept_vpc_peering_connection
• 10de468f13 Merge pull request #45031 from terminalmage/fix-mysql-returner
• f3bd12c27c Fix invalid exception class in mysql returner
• 9a7406207f Merge pull request #44972 from terminalmage/bp-44958
• a416bf0112 No need to manually do connect_pub, use listen=True in run_job
• 3ec004bd2e Fix a race condition in manage runner
• 1032ca3290 Merge pull request #44385 from gtmanfred/schedule
• 9e15c38da2 add comma
• 855d933cb7 schedule should be a dict
• PR #45112: (Ch3LL) Fix spm big file build test to check /tmp @ 2017-12-20T22:09:21Z
• 9550e742ac Merge pull request #45112 from Ch3LL/fix-arch
• 1bd7110a14 Fix spm big file build test to check /tmp
• PR #45068: (rallytime) Back-port #44976 to 2017.7 @ 2017-12-20T16:31:22Z
• ISSUE #44303: (mwerickso) boto3_route53 module times out on retries | refs: #44976
• PR #44976: (tkwilliams) Fix bad variable name in boto3_route53 module - resolves #44303 | refs:
#45068
• 71f9c7ee49 Merge pull request #45068 from rallytime/bp-44976
• 0ca0f37805 44303 - resolves #44303
• PR #45099: (rallytime) Back-port #44983 to 2017.7 @ 2017-12-20T14:41:22Z
• ISSUE #44961: (golmaal) The archive tar function fails to untar file when dest argument is passed |
refs: #44983
• PR #44983: (golmaal) Ref:44961 - Modified archive.tar to add dest at the end of the tar cmd | refs:
#45099
• 54a33c0e1d Merge pull request #45099 from rallytime/bp-44983
• 23361de8a2 Ref:44961 - Modified archive.tar to add dest argument at the end of the tar cmd.
• PR #44650: (frogunder) add status.pid test @ 2017-12-19T16:21:09Z
• ISSUE #43533: (Ch3LL) Add status.pid Test to Auto Test Suite | refs: #44650
• e0d7b330fa Merge pull request #44650 from frogunder/status
• 904c0da893 Merge branch '2017.7' into status
• 619bd2be1e fix lint error
• d406cb07a3 add status.pid test
• PR #44944: (lomeroe) win_lgpo registry.pol encoding updates | refs: #45161 @ 2017-12-19T14:42:49Z
• ISSUE #44516: (doesitblend) Windows PY3 Minion Returns UTF16 UnicodeError | refs: #44944 #45161
• 422d8b8f1b Merge pull request #44944 from lomeroe/update_regpol_encoding
• 07d04c7bc7 lint fixes for static regexes
• d17c46ce41 lint fixes
• ab8e431729 do not decode registry.pol file wholesale, but instead decode individual elements of the
file
• PR #44938: (The-Loeki) Libcloud dns fixes @ 2017-12-18T15:47:18Z
• d9a4b9681e Merge pull request #44938 from The-Loeki/libcloud_dns_fixes
• 276e8828ae libcloud_dns: pylint fix
• c994423286 Merge branch '2017.7' into libcloud_dns_fixes
• PR #44951: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-12-16T13:16:24Z
• ISSUE #44734: (cruscio) Documentation inconsistency for minion ping_interval timing | refs: #44770
• ISSUE #44292: (andrew-regan) grains['virtual_subtype'] assignment for Docker broken on Mac | refs:
#44335
• ISSUE #4: (thatch45) pacman module
• PR #44770: (cruscio) Fix minion ping_interval documentation
• PR #44335: (gtmanfred) add docker-ce to docker subtype grains check
• 5137be01ec Merge pull request #44951 from rallytime/merge-2017.7
• a0d2dd2069 Lint fix
• 9db4179462 Merge branch '2016.11' into '2017.7'
• 68d901b12c Merge pull request #44770 from cruscio/2016.11
• e2682bf441 Fix minion ping_interval documentation
• d4ab55ec47 Merge pull request #44335 from gtmanfred/2016.11
• 3f1268d67f fix patching for python 2.6
• 1d0bd5bb32 Merge branch '2016.11' into 2016.11
• f02b02032d Merge pull request #4 from terminalmage/pr-44335
• b4eb1527a6 Add test for PR 44335
• a30af3252e add docker-ce to docker subtype grains check
• PR #44995: (twangboy) Fix unit.modules.test_file for Windows @ 2017-12-15T17:05:49Z
• 698b04779e Merge pull request #44995 from twangboy/win_fix_atomicfile
• 8316481944 Comment the salt import
• fe34f0c877 Set owner properly on Windows
• PR #44968: (gtmanfred) fix http wait for state @ 2017-12-14T20:06:01Z
• ISSUE #44934: (vernondcole) http.wait_for_successful_query does not pause for documented intervals |
refs: #44968
• 2e1a57b9bc Merge pull request #44968 from gtmanfred/http
• ca6936f6eb fix http wait for state
• c72db283d5 libcloud_dns: Further fixes to state output, pylint fixes
• e9bbc23b11 Merge branch '2017.7' into libcloud_dns_fixes
• PR #44900: (xuhcc) Fix TypeError during rbenv ruby installation when rbenv is not found @
2017-12-14T17:37:14Z
• ISSUE #44811: (xuhcc) rbenv.installed fails when rbenv installed globally | refs: #44900
• c4f0894689 Merge pull request #44900 from xuhcc/rbenv-ret-fix
• fdd8310c31 Merge branch '2017.7' into rbenv-ret-fix
• bfd0972d25 Fix TypeError during rbenv ruby installation when rbenv is not found
• PR #44974: (twangboy) Skip test_log_created on Windows @ 2017-12-14T13:59:25Z
• f0c2cf3cec Merge pull request #44974 from twangboy/win_skip_test_parsers
• 40665d7b08 Skip test_log_created on Windows
• PR #44958: (terminalmage) Fix a race condition in manage runner | refs: #44972 @ 2017-12-13T15:20:36Z
• ISSUE #44820: (msteed) Custom returner breaks manage runner | refs: #44958
• dad2d723ca Merge pull request #44958 from terminalmage/issue44820
• ef749abfc6 No need to manually do connect_pub, use listen=True in run_job
• 2ac70cfab5 Fix a race condition in manage runner
• PR #44956: (terminalmage) Avoid traceback when bogus value in pidfile @ 2017-12-13T14:30:12Z
• db58345abb Merge pull request #44956 from terminalmage/fix-get_pidfile
• d66f3a98d7 Avoid traceback when bogus value in pidfile
• PR #44945: (gtmanfred) Fix handling of effective acls @ 2017-12-12T21:49:34Z
• ISSUE #44932: (knine) ACLs Not Completely Verified | refs: #44945
• e8e3b3c8ff Merge pull request #44945 from gtmanfred/2017.7
• 66bb755751 add test for effective acls
• 0ff52a93dd use last entry in acl
• PR #44942: (rallytime) Update README with SaltConf18 info @ 2017-12-12T21:47:23Z
• 47dc7b7afb Merge pull request #44942 from rallytime/readme-saltconf-update
• d1317c44e2 Update README with SaltConf18 info
• PR #44943: (mvivaldi) Fix for the jinja documentation @ 2017-12-12T20:20:41Z
• ISSUE #44665: (mvivaldi) Documentation of salt renders jinja | refs: #44895 #44943
• 7572982419 Merge pull request #44943 from mvivaldi/filters-doc
• d23ac4eabc Fix for the jinja documentation
• PR #44832: (damon-atkins) win_pkg: Merge full copy of 2016.11 with many fixes and improvements to
2017.7 @ 2017-12-12T18:30:06Z
• ISSUE #43417: (damon-atkins) win_pkg: pkg.install and pkg.remove general issues | refs: #43708
#44832
• 465cacad83 Merge pull request #44832 from damon-atkins/2017.7_replace_with_newer_2016.11_win_pkg
• a4f0b41ba2 Should be a smaller change set since recent update from 2016.11
• 695334b201 Merge branch '2017.7_replace_with_newer_2016.11_win_pkg' of github.com:damon-atkins/salt
into 2017.7_replace_with_newer_2016.11_win_pkg
• 843e204582 Merge branch '2017.7' into 2017.7_replace_with_newer_2016.11_win_pkg
• 4b60b1ec84 Merge remote branch 'refs/remotes/upstream/2017.7' into
2017.7_replace_with_newer_2016.11_win_pkg
• b46f818a57 Raise a PR to fix 2016 issues commited here, fixed issues with merge.
• 32ef1e12ae Merge branch '2017.7' into 2017.7_replace_with_newer_2016.11_win_pkg
• 494835c3f2 I backported develop and applied a long list of fixes to 2016.11 this brings these fixes
into 2017.7 - Software was not always being removed, general if & was in the string or msi was
downloaded to uninstall the software - pkg.list_upgrades failed. Added support for 'latest' and 'Not
Found' for version_cmp() to fix this. - output fixes - pkg.list_available no longer forces a
pkg.refresh_db this is no longer required, as by default it will update if older than 6 hours - cmd
/s /c is prefixed for all commands i.e. installs and removes. - cmd are now strings, instead of a
list when using cmd.run. As windows only supports strings. And the " were being broken
• PR #44754: (twangboy) Fix inet_pton for Windows on Py3 @ 2017-12-12T14:04:20Z
• a811a92b17 Merge pull request #44754 from twangboy/win_fix_inet_pton
• 25a20109fe Merge branch '2017.7' into win_fix_inet_pton
• 849b99eb34 Merge branch '2017.7' into win_fix_inet_pton
• df1e6a202b Use salt.ext.six
• 5ac8112585 Use six to ensure unicode value
• 9b5d8c421b Handle unicode values
• PR #44931: (pkruk) add missing parenthis to keep integration with python3 @ 2017-12-12T13:49:39Z
• 53b34e24cd Merge pull request #44931 from pkruk/fix-missing-parenthis
• b1ed739b44 Merge branch '2017.7' into fix-missing-parenthis
• 4f1b1f12d2 Merge branch 'fix-missing-parenthis' of https://github.com/pkruk/salt into
fix-missing-parenthis
• 3475d3fa01 add missing parenthis to keep integration with python3
• adf38cacfb add missing parenthis to keep integration with python3
• ad55e33f57 libcloud_dns: fix state output
• a68d594e3a libcloud_dns: copy args before deleting from them
• PR #44891: (twangboy) Fix issue with unsafe path in Windows jenkins tests @ 2017-12-11T21:10:43Z
• ba6146250a Merge pull request #44891 from twangboy/win_fix_verify
• 7232579167 Allow test suite file_roots as a safe path
• PR #44921: (Ch3LL) Add test to ensure log files are created @ 2017-12-11T18:24:16Z
• 85160fd297 Merge pull request #44921 from Ch3LL/log_test
• 3bb58fb577 skip salt-key log creation test
• 6a379195bc Add test to ensure log files are created
• PR #44787: (rallytime) GroupAdd test: Add destructive test decorator to entire class @
2017-12-11T18:14:18Z
• 54d29a61cb Merge pull request #44787 from rallytime/groupadd-destructive-clean
• 817ac002b0 Add destructive test decorator to test class
• PR #44895: (mvivaldi) Jinja Filters doc @ 2017-12-11T15:32:07Z
• ISSUE #44665: (mvivaldi) Documentation of salt renders jinja | refs: #44895 #44943
• 0292e3612a Merge pull request #44895 from mvivaldi/filters-doc
• 62409d608a Added Escape Filters and Set Theory Filters in jinja documentation
• PR #44879: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-12-10T16:53:44Z
• ISSUE #44730: (msciciel) State network.routes could not add route without gateway on centos7 | refs:
#44741
• ISSUE #44530: (roaldnefs) Identifier not working in salt.states.cron when special is used | refs:
#44579
• ISSUE #44365: (icycle77) file.managed appears to ignore source_hash check | refs: #44794
• ISSUE #35777: (rallytime) Properly deprecate template context data in Fluorine | refs: #44738
• ISSUE #35523: (rallytime) Come up with a reasonable alternative for lxc.edited_conf | refs: #44738
• PR #44855: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 | refs: #44879
• PR #44852: (damon-atkins) win_pkg fix spelling typos and minion option 2016.11
• PR #44794: (terminalmage) Fix regression in file.managed when source_hash used with local file
• PR #44741: (gtmanfred) if gateway is not specified use iface
• PR #44738: (rallytime) Bump some deprecation warnings from Oxygen to Fluorine
• PR #44579: (roaldnefs) Fix bug in cron module and state - Fixes #44530
• df28f312ac Merge pull request #44879 from rallytime/merge-2017.7
• 23c5a4ca3e Merge branch '2016.11' into '2017.7'
• bb1f8dceaf Merge pull request #44579 from roaldnefs/fix-cron-identifier
• df73a4c051 Merge branch '2016.11' into fix-cron-identifier
• af0131fa1f Merge pull request #44852 from damon-atkins/2016.11_win_pkg_typo_n_fix
• 0e7c19084f Lint: Remove extra whitespace
• 7c7e21f94d Fix spelling typo, and fix backwards campatible minion option for repo location
• 88c0d66b4e Merge pull request #44794 from terminalmage/issue44365
• 3b8b6f25e6 Remove debugging line
• 153bf45b03 Fix regression in file.managed when source_hash used with local file
• c8bb9dfbbb Merge pull request #44738 from rallytime/bump-oxygen-warnings
• ead3c569e1 Bump deprecation warnings from Oxygen to Fluorine
• 88e3aab00d Merge pull request #44741 from gtmanfred/rhip
• 439dc8dce6 if gateway is not specified use iface
• 3ec4329307 Merge branch '2016.11' into fix-cron-identifier
• 99fa05a456 Fix for bug in cron state
• 97328faeac Fix for bug in cron module
• PR #44880: (UtahDave) Determine windows hardware arch correctly @ 2017-12-08T22:24:09Z
• 8e14bc3941 Merge pull request #44880 from UtahDave/2017.7local
• 6e3c7ac1ac Merge branch '2017.7' into 2017.7local
• PR #44861: (twangboy) Fix win_lgpo for unknown values | refs: #45327 @ 2017-12-08T18:52:05Z
• dc51174670 Merge pull request #44861 from twangboy/win_fix_lgpo_invalid_value
• 89f65e19ff Check for values other than 0 or 1
• PR #44621: (isbm) Bugfix: errors in external pillar causes crash, instead of report of them @
2017-12-08T18:46:56Z
• f5a143f8c5 Merge pull request #44621 from isbm/isbm-bsc1068446-2017.7
• 0d2675c4fe Use variable, instead of direct value
• 1ddc47da0a Add unit test for _get_pillar_errors when external pillar is clean and internal contains
errors
• 68480d5dc9 Add unit test for _get_pillar_errors when both external and internal pillars contains
errors
• 218a59e93b Add unit test for _get_pillar_errors when external pillar has errors and internal is clean
• 3ce19356c2 Add unit test for _get_pillar_errors when external and internal pillars are clean
• 67034139d9 Fix unit test: wrong error types in side effect
• d9359bca13 Bugfix: unit test mistakenly expects pillar errors as a string, while it is a list
• 8c2bdc696b Bugfix: do not pull '_errors' from unchecked objects
• d5e30999c7 Remove unused variable (no exception, within the try/finally block)
• aad668d559 Fix and clarify docstring.
• c2c47e4e71 Rename function from ambiguous name
• 265de8e61c Bugfix the logic according to the exact described purpose of the function.
• dae9c6aa5c Determine windows hardware arch correctly
• PR #43379: (twangboy) Fix file.managed on Windows with test=True @ 2017-12-07T21:10:43Z
• abe089ad54 Merge pull request #43379 from twangboy/win_fix_file.managed
• edcd581ca5 Merge branch '2017.7' into win_fix_file.managed
• a27bb6993a Fix py3 error
• 0ff9fa498a Fix test_directory
• 187bc1e61e Add back the try/finally blocks
• d7241d004f Fix 2 more tests
• d5dd42aebe Fix integration tests for Windows
• d56bc9aae9 Fix typo
• af5565859e Use file functions for symlink and remove
• 72ac59c991 Fix some more integration tests for Linux
• 3f0499cbc4 Fix some integration tests
• a24b964ea5 Fix unit test to handle new Exception
• e3c3845f73 Raise CommandExecutionError when file doesn't exist
• 4602f499a2 Remove loader module mixin, add linux paths
• 99b27c037f Add tests to avoid future regression
• 5c215ed8c2 Fix documentation formatting
• 6a4e77e4b9 Return empty or unmodified dict on file not found
• PR #44570: (gtmanfred) Include client mixin globals in scheduler for runner modules @
2017-12-07T20:23:33Z
• ISSUE #44565: (arthurlogilab) NameError: global name '__jid_event__' is not defined when running a
runner in the scheduler | refs: #44570
• cf4cbcd340 Merge pull request #44570 from gtmanfred/2017.7
• 7b17f9f63c Merge branch '2017.7' into 2017.7
• PR #44494: (skizunov) Fix broken beacons_before_connect feature @ 2017-12-07T18:24:49Z
• PR #38289: (skizunov) Add config options for running beacons/scheduler before connect | refs: #44494
• febb913743 Merge pull request #44494 from skizunov/develop2
• 7adcfbf8ec Merge branch '2017.7' into develop2
• PR #44512: (rallytime) Back-port #44356 to 2017.7 @ 2017-12-07T14:44:50Z
• ISSUE #44298: (skjaro) ipset state check problem | refs: #44356
• ISSUE #39552: (Xiami2012) ipset.check new implementation by @lingonl has countless critical bugs |
refs: #44356
• PR #44356: (skjaro) Fix ipset state with multiple entries and subtypes separated with comma | refs:
#44512
• 284a817565 Merge pull request #44512 from rallytime/bp-44356
• 6f92c71834 Merge branch '2017.7' into bp-44356
• 9a325146df Fix lint violation
• 5aac729855 Fix check multiple entries with subtypes separated with comma
• PR #44748: (twangboy) Fix auto login support for OSX @ 2017-12-07T14:22:23Z
• 74ee7ce541 Merge pull request #44748 from twangboy/osx_fix_auto_login
• 068e463870 Fix lint, add integration tests
• 3df886df75 Fix lint, add gtmanfreds change
• 16cb24614f Add kcpassword functionality
• PR #44842: (twangboy) Win fix lgpo unicode on Py3 issue @ 2017-12-07T14:21:14Z
• b60cca174c Merge pull request #44842 from twangboy/win_fix_lgpo
• efe77999d1 Gate log.debug statement behind successful pop
• 1c0ec79cd1 Fix py3 issue
• PR #44843: (twangboy) Fix 2 typos in lgpo module @ 2017-12-06T17:56:44Z
• bb58e2fec0 Merge pull request #44843 from twangboy/win_fix_lgpo_typo
• c8f93e6dd7 Fix 2 types, shorten line lengths for spellchecking
• PR #44827: (mz-bmcqueen) add more clone options to virtualbox and add better dhcp handling @
2017-12-06T15:02:23Z
• d6c37ea19c Merge pull request #44827 from mz-bmcqueen/2017.7
• 4ead3014b7 Merge branch '2017.7' into 2017.7
• b7ce154014 Merge branch '2017.7' of https://github.com/mz-bmcqueen/salt into 2017.7
• 2f80f431b3 Merge branch '2017.7' into 2017.7
• c2018c9021 fix pylint complaints
• c38ff74261 add more clone options to virtualbox and add better dhcp handling
• PR #44824: (Ch3LL) Add spm -y and -f arg integration tests @ 2017-12-05T21:49:32Z
• 019169ed61 Merge pull request #44824 from Ch3LL/spm_args
• d8f81d2e4d fix pylint
• 61ac5cf157 Add spm -y and -f arg integration tests
• PR #44742: (Ch3LL) Add salt-cloud action rename integration test @ 2017-12-05T17:44:50Z
• 59b930668c Merge pull request #44742 from Ch3LL/cloud_action_test
• 951d09ca2f remove unnecessary try/except block
• c329ced7ee Add salt-cloud action rename integration test
• PR #44771: (garethgreenaway) [2017.7] Back porting #44071 @ 2017-12-05T17:16:06Z
• ISSUE #42676: (mind-code) Changes in Pillar defined Beacons only apply after Minion restart | refs:
#44771
• PR #44071: (garethgreenaway) [develop] Various fixes to beacons | refs: #44771
• 10442d9211 Merge pull request #44771 from garethgreenaway/42676_backport_44071
• ec2a8b2032 Merge branch '2017.7' into 42676_backport_44071
• 180971203e Updating minion to respond to list_available events for beacons
• db6fcefe62 Adding list_available which is used by the add function to verify that a becaon exists.
• e9e0318bc6 Backporting fixes related to having beacons in pillar from #44071
• PR #44784: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-12-05T17:13:49Z
• ISSUE #44601: (rallytime) CherryPy 12.0 removed support for "engine.timeout_monitor.on" config option
| refs: #44602
• ISSUE #44556: (doesitblend) --static option doesn't return highstate output | refs: #44714
• ISSUE #44544: (creideiki) pgjsonb returner sets wrong timezone on timestamps in database when using
Python 2 | refs: #44563
• ISSUE #44423: (mtkennerly) The win_path.exists state cannot prepend to the very start of the PATH |
refs: #44424
• ISSUE #44034: (seanjnkns) salt-call pillar overrides broken in 2016.11.8 and 2017.7.2 | refs: #44483
• ISSUE #43417: (damon-atkins) win_pkg: pkg.install and pkg.remove general issues | refs: #43708
#44832
• ISSUE #41474: (dmaziuk) state.file.* line endings | refs: #44321
• ISSUE #38452: (jf) file.line with mode=delete does not preserve ownership of a file
• ISSUE #31405: (SEJeff) Salt leaves tmp file when file.managed dest file is immutable | refs: #44699
• PR #44732: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 | refs: #44784
• PR #44714: (rallytime) Allow --static option to display state runs with highstate output
• PR #44699: (jfindlay) utils/files.py remove temp file upon move failure
• PR #44604: (lorengordon) Documents the exclude argument in state execution module
• PR #44602: (rallytime) Handle timeout_monitor attribute error for new versions of CherryPy | refs:
#44614
• PR #44563: (creideiki) Send Unix timestamps to database in pgjsonb returner
• PR #44517: (whytewolf) Publish port doc missing
• PR #44489: (whytewolf) update log-granular-levels to describe what they are filtering on
• PR #44483: (terminalmage) salt-call: account for instances where __pillar__ is empty
• PR #44477: (rallytime) Back-port #44424 to 2016.11
• PR #44434: (whytewolf) add a note that describes grain rebuilding on restart and refresh
• PR #44424: (mtkennerly) Fix #44423: Handle index=None and index=0 distinctly in the win_path.exists
state | refs: #44477
• PR #44321: (gvengel) Fix file.line diff formatting.
• PR #44193: (twangboy) Fix reg.py for use with LGPO module
• PR #43863: (nicholasmhughes) Atomicfile only copies mode and not user/group perms
• PR #43708: (damon-atkins) Merge Ready : Backport develop win_pkg to 2016.11 with additional bug fixes
• PR #41279: (Ch3LL) Add fqdn and dns core grain tests
• 23d151b40a Merge pull request #44784 from rallytime/merge-2017.7-1
• 3d9eafc4bd Lint: Remove extra empty lines at end of files
• 239f3511bf Merge branch '2016.11' into '2017.7'
• 97e0cf569c Merge pull request #44699 from jfindlay/attr_file
• 9e5a40ea7c Merge branch '2016.11' into attr_file
• 5c34607f6c utils/files remove temp file upon move failure
• 7434e0afdf Merge pull request #44714 from rallytime/fix-44556
• 1bbe1abeb2 Allow --static option to display state runs with highstate output
• 998d714ee7 Merge pull request #44517 from whytewolf/publish_port_doc_missing
• 4b5855283a missed one place where i didnt chanbge master_port from my copy to publish_port
• e4610baea5 update doc to have publish port
• 6169b52749 Merge pull request #41279 from Ch3LL/add_grain_tests
• 1b64f15692 Merge branch '2016.11' into add_grain_tests
• dc6de050a9 Merge pull request #44563 from creideiki/pgjsonb-timestamps-44544
• 231e412ca4 Merge branch '2016.11' into pgjsonb-timestamps-44544
• 4369df020b Merge pull request #44602 from rallytime/fix-44601
• ff303fd060 Handle timeout_monitor/TimeoutError issues for new versions of CherryPy
• 4a4756fc37 Merge pull request #44604 from lorengordon/doc-exclude
• c4a6c40eb3 Documents the exclude argument in state execution module
• 15c445e6b9 Send Unix timestamps to database in pgjsonb
• 095f1b7d7a Merge branch '2016.11' into add_grain_tests
• 91d46d4cfc Merge pull request #44434 from whytewolf/1837
• d148e39dda change from md to rst for code reference
• 955e305bda fix bad english, as requested by cachedout
• 7256fcc1c9 update note to take into account grains_cache
• 7a2981585e Merge branch '2016.11' into 1837
• aca0405b26 add a note that describes grain rebuilding on restart and refresh
• 9ea4db4224 mock socket.getaddrinfo
• 78a07e30f4 add more fqdn tests and remove some of the mocking
• 5dbf4144ce add ipv6 in opts
• eabc1b4f9c Add fqdn and dns core grain tests
• a3bd99317f Merge pull request #44321 from gvengel/fix-file-line-diff-output
• 69a50204a6 Add newline for lint.
• ef7b6bbb81 Fixed issue with file.line on Windows running Python 2.
• 8f89c99fa5 Fix FileModuleTest setUp and tearDown to work on Windows.
• 3ac5391f5f Namespace missing functions for file.line on Windows.
• b2b8f075b9 Fixed test to work on Windows.
• 5a5a2dd026 Added integration test for issue #41474
• 24d7315f1a Fix file.line diff formatting.
• 9ca563718d Merge pull request #43708 from damon-atkins/2016.11_43417_Backport_and_Fixes
• 04d03ea6b8 Updated comment
• 1dd565e585 Merge remote branch 'upstream/2016.11' into 2016.11_43417_Backport_and_Fixes
• dd48ba2616 Merge remote branch 'upstream/2016.11' into 2016.11_43417_Backport_and_Fixes
• a0d08598bf dco fix
• 9467899fc6 Merge remote branch 'upstream/2016.11' into 2016.11_43417_Backport_and_Fixes
• 6dc180fd0e doco fixes
• 2496a42ea4 lint fix
• 2c937fbe19 Merge remote branch 'upstream/2016.11' into 2016.11_43417_Backport_and_Fixes
• c9c8c48a4d all remove/install commands are passed to cmd.exe /s /c and commands are passed as
strings to cmdmod
• 350244bd93 typo in comments and doc strings.
• ec31f5a9bd 2017.11/develop version() was ignoring saltenv setting.
• b314549a32 Backport of devlop to 2016.11 with additional bug fixes
• 68ea22188e Merge pull request #44477 from rallytime/bp-44424
• 4a9f8dcc96 Fix #44423: Handle index=None and index=0 distinctly
• 2c89050a24 Merge pull request #44483 from terminalmage/issue44034
• a9db8becea salt-call: account for instances where __pillar__ is empty
• b5c2028680 Merge pull request #44489 from whytewolf/1956_log-granular-levels
• 9cdeb4e903 update log-granular-levels to describe what they are filtering on
• ea07f9c54c Merge pull request #44193 from twangboy/win_fix_reg
• 44d6d9f46d Remove unused import (lint)
• f7502436bd Fix various issues
• 221e6e3b91 make salt.utils.to_unicode return none when passed none
• ce41acc788 Fix many issues with reg.py
• 4a19df1f7f Use six.text_type instead of str
• 1b12acd303 Check type before casting
• 03fa37b445 Cast vdata to it's proper type
• ed8da2450b Merge pull request #43863 from nicholasmhughes/fix-atomicfile-permission-copy
• ea852ec5d3 remove index use with stat module attributes
• dbeeb0e917 fixes #38452 atomicfile only copies mode and not user/group perms
• PR #44788: (kris-anderson) Example yaml of influxdb_user state @ 2017-12-04T14:28:45Z
• 4643a112e7 Merge pull request #44788 from kris-anderson/example-yaml-of-influxdb-user-state
• afd23d058c converted yaml example to use 2 spaces
• 29e410c1ea added a code-block example of how the yaml should be formatted
• PR #44735: (gracinet) Backported issue #42713 to 2017.7 @ 2017-12-04T01:43:23Z
• ISSUE #42713: (boltronics) 2017.7.0 master upgrade breaks mine data on non-glob matching on minions
• 4ebac09f60 Merge pull request #44735 from gracinet/42713_backport_2017.7
• 6806d83314 Merge branch '2017.7' into 42713_backport_2017.7
• fb586c6dce Backported issue #42713 to 2017.7
• PR #44766: (twangboy) Fix unit.utils.test_process for Windows @ 2017-12-02T13:15:53Z
• 06ce7b7328 Merge pull request #44766 from twangboy/win_fix_test_process
• a5737e8fc3 Fix lint errors
• be96de09cc Fix pickling error by decorating
• PR #44716: (rallytime) Back-port #44605 to 2017.7 @ 2017-12-01T23:12:24Z
• ISSUE #44083: (ari) timezone.system fails when /etc/localtime is missing on FreeBSD | refs: #44605
• PR #44605: (campbellmc) Add handling for FreeBSD in timezone.zone_compare | refs: #44716
• f8b8a8966d Merge pull request #44716 from rallytime/bp-44605
• 9d43221422 Correct indentation
• d6e28ebed1 Add handling for FreeBSD in method zone_compare to avoid exception when /etc/localtime
file does is absent. This is valid configuration on FreeBSD and represents UTC.
• PR #44781: (mirceaulinic) Correct the thorium runner @ 2017-12-01T22:55:52Z
• ISSUE #41869: (mirceaulinic) Thorium: unable to execute runners | refs: #44781
• 8ed6287762 Merge pull request #44781 from cloudflare/thorium-fix-41869
• 83c73a69cb Instance the Runner class instead of the RunnerClient as we're running on the Master
• b72b7c5402 Correct the thorium runner
• PR #44466: (twangboy) Fix unit.modules.test_disk for Windows @ 2017-12-01T22:31:42Z
• 52596be102 Merge pull request #44466 from twangboy/win_fix_test_disk
• 5615862f23 Fix some lint
• 627d5ab0c9 Mock salt.utils.which
• e5a96fe00f Skip test_fstype on Windows
• PR #44719: (rallytime) Back-port #44667 to 2017.7 @ 2017-12-01T15:20:49Z
• ISSUE #42763: (xuhcc) acme.cert state falsely reports about renewed certificate | refs: #44667
• PR #44667: (oarmstrong) Fix acme.cert to run certbot non-interactively | refs: #44719
• b9ad4bba2d Merge pull request #44719 from rallytime/bp-44667
• 3d85a260c4 Fix acme.cert to run certbot non-interactively
• PR #44747: (gtmanfred) use a copy so roster_defaults doesn't mangle @ 2017-12-01T15:13:48Z
• ISSUE #44744: (brmzkw) roster_defaults breaks salt-ssh globbing | refs: #44747
• d23192c492 Merge pull request #44747 from gtmanfred/roster_defaults
• 911411ed8f add unit test
• eefcfc719c use a copy so roster_defaults doesn't mangle
• PR #44717: (garethgreenaway) [2017.7] Fixes to at module @ 2017-12-01T14:37:05Z
• ISSUE #44694: (thuhak) state module at.absent does't work | refs: #44717
• 20f20ad9e1 Merge pull request #44717 from garethgreenaway/44694_at_absent_failing_to_find_jobs
• 1f2b3c5f46 Merge branch '2017.7' into 44694_at_absent_failing_to_find_jobs
• 3bb385b44e removing debugging logging
• 7f0ff5a8b0 When passing IDs on the command line convert them all the strings for later comparision.
• 99e436add4 When looking for job ids to remove based on the tag_name the comparision was comparing an
INT to a STR, so the correct job id was not being returned.
• PR #44695: (gtmanfred) pop None for runas and runas_password @ 2017-12-01T14:35:01Z
• ISSUE #44136: (dupsatou) KeyError: 'runas' after updating to latest salt in yum repo. | refs: #44695
• 6e61aa787f Merge pull request #44695 from gtmanfred/pop
• 0efb90b6f7 Merge branch '2017.7' into pop
• PR #44725: (whytewolf) document note suggesting systemd-run --scope with cmd.run_bg @
2017-11-30T19:18:06Z
• 20391c54c0 Merge pull request #44725 from whytewolf/1919_cmd.run_no_daemons
• 4b11f8d66d add quick documentation suggesting systemd-run --scope if using cmd.run_bg with systemd
• PR #44760: (mirceaulinic) Fix the grains.setvals execution function when working with proxy minions @
2017-11-30T18:27:02Z
• ISSUE #42300: (mirceaulinic) Grains state doesn't work (fine) with proxy minions | refs: #44760
• ISSUE #42074: (mirceaulinic) How to configure static grains for proxy minions | refs: #44549
• PR #44549: (mirceaulinic) Allow proxy minions to load static grains | refs: #44760
• 85451ae977 Merge pull request #44760 from cloudflare/px-grains-set-42300
• 655139d01c Different path to the static grains file when running under a proxy minion
• 3eec8dbc63 Dummy proxy: catch EOFError instead of IOError
• PR #44640: (vutny) Fix #44583: splay with cron-like scheduled jobs @ 2017-11-30T15:30:41Z
• ISSUE #44583: (creideiki) Using splay in cron schedule throws exception "unsupported operand type(s)
for +: 'NoneType' and 'int'" | refs: #44640
• 06fb80b69c Merge pull request #44640 from vutny/fix-cron-schedule-splay
• d1f247e49e Add basic unit tests for schedule util eval func
• 6ff8e75ac6 Fix #44583: splay with cron-like scheduled jobs
• PR #44712: (Ch3LL) Add pillar ssh integration tests @ 2017-11-30T15:29:33Z
• e5a1401b82 Merge pull request #44712 from Ch3LL/ssh_pillar_items
• 97ec0e6ea0 Merge branch '2017.7' into ssh_pillar_items
• c7f5af1274 Add pillar ssh integration tests
• PR #44763: (mirceaulinic) Just a small improvement to the Thorium documentation @ 2017-11-30T14:38:03Z
• 2e1c946990 Merge pull request #44763 from cloudflare/thorium-doc
• f8d69dd0ba Add thorium_roots configuration example
• 4610fb4e62 thorium_roots not thorium_roots_dir
• PR #44531: (mirceaulinic) Add deprecation notes for the NAPALM native templates @ 2017-11-30T14:18:56Z
• 8ba2df1ea0 Merge pull request #44531 from cloudflare/deprecate-napalm-tpl
• b462776d8b Add deprecation notes for the NAPALM native templates
• PR #44737: (twangboy) Skip unit.transport.test_ipc for Windows @ 2017-11-29T19:18:21Z
• 7bde48282e Merge pull request #44737 from twangboy/win_skip_test_ipc
• 4e0359b603 Skip IPC transport tests in Windows, not supported
• PR #44629: (Ch3LL) Add masterless state.highstate integration test @ 2017-11-29T19:05:23Z
• c5206113ce Merge pull request #44629 from Ch3LL/high_masterless
• 9b7421b261 Change check to the state id
• 9cc853e3d5 Add masterless state.highstate integration test
• PR #44613: (Ch3LL) Add pillar.items test for masterless @ 2017-11-29T14:43:11Z
• 2dc3e5c42a Merge pull request #44613 from Ch3LL/pillar_masterless
• 2c2e1e2332 Merge branch '2017.7' into pillar_masterless
• 69134e83ca Change order of local kwarg in run_call method
• b3b5ecc6ff Add pillar.items test for masterless
• PR #44659: (Ch3LL) Add state.sls_id to ssh wrapper and tests @ 2017-11-29T14:41:47Z
• cc05481026 Merge pull request #44659 from Ch3LL/ssh_sls_id
• 04b5a3dd4e Add state.sls_id to ssh wrapper and tests
• PR #44698: (Ch3LL) Add salt-ssh mine.get integration test @ 2017-11-28T22:15:29Z
• 642eed11e1 Merge pull request #44698 from Ch3LL/mine_ssh
• f6a72acfe3 Merge branch '2017.7' into mine_ssh
• 9e67babf85 Add teardown to remove ssh dir
• f90b4f7653 Add salt-ssh mine.get integration test
• PR #44697: (Ch3LL) Sort the show_top results for test_state_show_top test @ 2017-11-28T20:35:41Z
• 5d82df5667 Merge pull request #44697 from Ch3LL/show_top_test
• 974db59dc1 convert the assert to a union set instead
• add43c4cfe Sort the show_top results for test_state_show_top test
• PR #44608: (Ch3LL) Add jinja to ssh sls test file @ 2017-11-27T22:00:28Z
• f2f6817e86 Merge pull request #44608 from Ch3LL/ssh_jinja
• df669b551d Merge branch '2017.7' into ssh_jinja
• ca97517795 Add jinja to ssh sls test file
• PR #44663: (whytewolf) Update notes around grains topic, and salt.modules.grains and salt.state.grains
@ 2017-11-27T21:33:38Z
• ISSUE #33957: (grobinson-blockchain) grains.setval doesn't setval if set in /etc/salt/minion | refs:
#44663 #44663
• 04b97bcfad Merge pull request #44663 from
whytewolf/ZD1777_ensure_understanding_of_minion_config_over_grains_file
• c9122e4b85 fixed pylint error, and updated description on at the top the the module and state.
• 7fb208b5ad Update note in topics/grains to reflect that not all grains are ignored. only those set in
the minion config
• PR #44332: (mirceaulinic) Improve the net.load_config execution function @ 2017-11-27T21:22:18Z
• ISSUE #11: (thatch45) Add disable_modules to the config
• ISSUE #10: (thatch45) list jobs option
• ISSUE #9: (thatch45) Enable authentication modes
• 364deee6ac Merge pull request #44332 from cloudflare/improve-net-load
• cd0bac87e6 Merge branch '2017.7' into improve-net-load
• 6d861f9a74 Disable pylint warning
• 3a0945ce3d Merge pull request #11 from tonybaloney/gh_44332_clone
• 88ef9f18fc ignore lint error on import
• 25427d845e convert key iterator to list as python 3 wont index an iterator
• bce50154e5 Merge branch '2017.7' into improve-net-load
• ba4a62769c Fix trailing spaces
• 0a47a7acbf Merge pull request #10 from tonybaloney/gh_44332_clone
• ba0280e727 linting updates
• 78b90f3d0c add remaining tests
• 386c4e5791 add tests for all the getters
• f3d2d1aaaa Merge pull request #9 from tonybaloney/gh_44332_clone
• c63222358b update tests with correct assertions and mock methods on device instance
• b69c559c52 fix kwargs typo
• edea76d3f3 Improve the net.load_config function
• PR #44664: (mvivaldi) Patch 1 @ 2017-11-27T21:17:20Z
• b6a1ed06b8 Merge pull request #44664 from mvivaldi/patch-1
• 4551999ec7 Update jinja.py
• ae13d57307 Update file.py
• PR #44549: (mirceaulinic) Allow proxy minions to load static grains | refs: #44760 @
2017-11-27T20:57:09Z
• ISSUE #42074: (mirceaulinic) How to configure static grains for proxy minions | refs: #44549
• 9ea4ee1479 Merge pull request #44549 from cloudflare/fix-proxy-grains
• 7b03574ab6 Merge branch '2017.7' into fix-proxy-grains
• 0320174ea4 Add doc note regarding static grains on proxy minions
• 509d1af832 Allow proxy minions to load static grains
• PR #44572: (Ch3LL) Add watch_in integration test @ 2017-11-27T20:52:31Z
• 5ec7ea0bb5 Merge pull request #44572 from Ch3LL/watchin_test
• 0a54584ddb Merge branch '2017.7' into watchin_test
• 898c28e6d9 Merge branch '2017.7' into watchin_test
• 3df70f3fed remove iter for watch_in failure test
• ac437ddf90 add order check and remove iter
• 5f2b4f434e Add watch_in integration test
• c6733ac1ee pop None
• PR #44616: (Ch3LL) Add Non Base Environement salt:// source integration test @ 2017-11-22T16:13:54Z
• d6ccf4bb30 Merge pull request #44616 from Ch3LL/nonbase_test
• 80b71652e3 Merge branch '2017.7' into nonbase_test
• c9ba33432e Add Non Base Environement salt:// source integration test
• PR #44617: (Ch3LL) Add ssh thin_dir integration test @ 2017-11-22T16:12:51Z
• 3ace504c8c Merge pull request #44617 from Ch3LL/thindir_ssh
• 071a1bd65b Merge branch '2017.7' into thindir_ssh
• PR #44625: (Ch3LL) Add salt-key -d integration test @ 2017-11-22T03:15:23Z
• 2cd618f99b Merge pull request #44625 from Ch3LL/delete_key_test
• 443dc1e16b Merge branch '2017.7' into delete_key_test
• PR #44614: (rallytime) [2017.7] Move PR #44602 forward to 2017.7 @ 2017-11-21T21:21:06Z
• ISSUE #44601: (rallytime) CherryPy 12.0 removed support for "engine.timeout_monitor.on" config option
| refs: #44602
• PR #44602: (rallytime) Handle timeout_monitor attribute error for new versions of CherryPy | refs:
#44614
• 4f30e845ee Merge pull request #44614 from rallytime/44602-2017.7
• 628f015c1b Move TimoutError check lower down in exception list
• d26d9ff5e4 Handle timeout_monitor/TimeoutError issues for new versions of CherryPy
• 359a59dd64 Add salt-key -d integration test
• 74ededafa7 Add ssh thin_dir integration test
• 4d0806e28c Merge branch '2017.7' into develop2
• 4d0d023115 Fix broken beacons_before_connect feature
• 98536110d9 Merge branch '2017.7' into 2017.7
• PR #44571: (rallytime) Back-port #43822 to 2017.7 @ 2017-11-20T19:01:26Z
• PR #43822: (chnrxn) check_result: Correctly check the __extend__ state. | refs: #44571
• 136b9e3bc4 Merge pull request #44571 from rallytime/bp-43822
• f81bb61f2d check_result: Correctly check the __extend__ state.
• PR #44588: (rallytime) Add documentation about logging before modules are loaded @ 2017-11-20T18:43:18Z
• PR #44576: (rallytime) Remove logging from top of napalm util file | refs: #44588
• PR #44439: (mirceaulinic) Adapt napalm modules to the new library structure | refs: #44576
• bea7f65291 Merge pull request #44588 from rallytime/logging-in-virtual-funcs
• 90d1cb221d Add documentation about logging before modules are loaded
• PR #44513: (rallytime) Back-port #44472 to 2017.7 @ 2017-11-20T16:09:02Z
• PR #44472: (mephi42) nova: fix endpoint URL determination in _v3_setup() | refs: #44513
• a8044b73c3 Merge pull request #44513 from rallytime/bp-44472
• 6e00e415d3 nova: fix endpoint URL determination in _v3_setup()
• PR #44596: (roaldnefs) Fixed Mattermost module documentation @ 2017-11-19T23:30:53Z
• f55b9daa63 Merge pull request #44596 from roaldnefs/fix-mattermost-doc
• 549f4806ce Fixed documentation in Mattermost module
• PR #44528: (tkwilliams) INFRA-5978 - fix for https://github.com/saltstack/salt/issues/44290 @
2017-11-17T17:35:44Z
• f84a2b5ab1 Merge pull request #44528 from bodhi-space/infra5978
• ba1d57f5eb Merge branch '2017.7' into infra5978
• 021692b6c9 INFRA-5978 - pylint / whitespace fix
• c2210aaf7c INFRA-5978 - fix for https://github.com/saltstack/salt/issues/44290
• PR #44537: (Ch3LL) Add multiple salt-ssh state integration tests @ 2017-11-17T17:17:48Z
• 7f2dd0382c Merge pull request #44537 from Ch3LL/ssh_highlow
• b98df6de24 Add known_hosts_file to salt-ssh opts_pkg in wfuncs
• 913eedc699 Add multiple salt-ssh state integration tests
• PR #44576: (rallytime) Remove logging from top of napalm util file | refs: #44588 @
2017-11-17T14:55:13Z
• PR #44439: (mirceaulinic) Adapt napalm modules to the new library structure | refs: #44576
• 1975fb41bc Merge pull request #44576 from rallytime/remove-napalm-logging
• eb91af999e Remove logging from top of napalm util file
• PR #44575: (Ch3LL) Add service.running integration state test @ 2017-11-16T22:27:57Z
• c2c3048f46 Merge pull request #44575 from Ch3LL/ser_run_test
• 7536150567 Add service.running integration state test
• PR #44518: (twangboy) Pass root_dir to the win_verify_env function @ 2017-11-16T20:57:49Z
• 24b1d7af31 Merge pull request #44518 from twangboy/win_fix_verify_env
• 47114fdb30 Pass root_dirs to the win_verify_env function
• 3385f7faf3 fix pylint
• a2af3cb857 Include client mixin globals in scheduler for runner modules
• PR #44551: (mirceaulinic) Removes proxy minions false alarms and security risks @ 2017-11-16T15:09:14Z
• 1643bb7fd4 Merge pull request #44551 from cloudflare/annoying-tmpnam
• ce1882943d Use salt.utils.files.mkstemp() instead
• 6689bd3b2d Dont use dangerous os.tmpnam
• 2d6176b0bc Fx2 proxy minion: clean return, like all the other modules
• PR #44541: (terminalmage) Fix test to reflect changes in YAML dumper @ 2017-11-15T13:23:58Z
• ISSUE #30454: (favoretti) Using yaml serializer inside jinja template results in unicode being
prepended by '!!python/unicode' | refs: #42064 #38554 #38554 #30481
• PR #42064: (The-Loeki) utils.jinja: use utils.yamldumper for safe yaml dumping | refs: #44541
• PR #38554: (multani) Fix YAML deserialization of unicode | refs: #42064
• PR #30481: (basepi) Add yaml_safe jinja filter | refs: #38554
• 60083ac27b Merge pull request #44541 from terminalmage/fix-yaml-test
• 5b8f54084b Merge branch '2017.7' into fix-yaml-test
• PR #44538: (gtmanfred) Fix up some test kitchen stuff @ 2017-11-14T20:36:56Z
• 5c123eb551 Merge pull request #44538 from gtmanfred/kitchen
• 3e04d2d44c use kitchen-sync for copying files
• 9bc70fd31b back up to 2017.7.1 for kitchen tests
• 3b93ea058b ubuntu 14 and centos 6 should not have py3 tests
• 958e1aeb8d Fix test to reflect changes in YAML dumper
• PR #42064: (The-Loeki) utils.jinja: use utils.yamldumper for safe yaml dumping | refs: #44541 @
2017-11-13T19:45:14Z
• ISSUE #30454: (favoretti) Using yaml serializer inside jinja template results in unicode being
prepended by '!!python/unicode' | refs: #42064 #38554 #38554 #30481
• PR #38554: (multani) Fix YAML deserialization of unicode | refs: #42064
• PR #30481: (basepi) Add yaml_safe jinja filter | refs: #38554
• 27a7b607b1 Merge pull request #42064 from The-Loeki/jinja_unicode
• b1cf43c02d Merge branch '2017.7' into jinja_unicode
• 8c2ac58523 Merge branch '2017.7' into jinja_unicode
• 57dc6226a2 Merge branch '2017.7' into jinja_unicode
• 0a8346b585 Merge branch '2017.7' into jinja_unicode
• 393fe061b2 jinja utils: yaml import still necessary
• 3c9130f9f0 utils.jinja: use utils.yamldumper for safe yaml dumping
• PR #43692: (mirceaulinic) Addressing a bug in the network find runner @ 2017-11-13T19:42:24Z
• b1f14c7518 Merge pull request #43692 from cloudflare/fix-net-runner
• 02ffb4f38e Merge branch '2017.7' into fix-net-runner
• 4b2f791bd2 Check if addr is short IPv6
• 765504c137 Add all the possible keys to the result
• PR #43689: (The-Loeki) make cached pillars use pillarenv rather than saltenv @ 2017-11-13T19:30:00Z
• ISSUE #42393: (The-Loeki) pillarenv ignored with Salt Master pillar_cache: True | refs: #43689
• ISSUE #36153: (krcroft) Pillarenv doesn't allow using separate pillar environments | refs: #43689
• 1e94a5bd5f Merge pull request #43689 from The-Loeki/cached_pilarenv
• 395c0c424d Merge branch '2017.7' into cached_pilarenv
• 60e001733b make cached pillars use pillarenv rather than saltenv
• PR #43837: (twangboy) Fix unit.states.test_archive for Windows @ 2017-11-13T19:12:19Z
• f9b273a894 Merge pull request #43837 from twangboy/win_unit_test_archive
• 5505a8819a Merge branch '2017.7' into win_unit_test_archive
• b1dfe9c3c8 Format patching with statements for easier reading
• ba2f2eb788 Add Erik's changes
• 4ef1e3eb97 Fix unit.states.test_archive for Windows
• PR #44507: (Ch3LL) Increase sleep timeout for pillar refresh test @ 2017-11-13T18:29:06Z
• caa81728a0 Merge pull request #44507 from Ch3LL/pillar_time
• ffa4bddcad Increase sleep timeout for pillar refresh test
• PR #44302: (morganwillcock) Fix traceback and incorrect message when resolving an unresolvable SID @
2017-11-13T18:19:01Z
• cffea5ac71 Merge pull request #44302 from morganwillcock/badsid
• f3af106e33 Merge branch 'badsid' of https://github.com/morganwillcock/salt into badsid
• 95733fbb3b Merge branch '2017.7' into badsid
• facc2cd16e Merge branch '2017.7' into badsid
• c7cf5f6f70 Format pywintypes.error
• 9572aabb67 Fix traceback and incorrect message when resolving an unresolvable SID
• PR #44439: (mirceaulinic) Adapt napalm modules to the new library structure | refs: #44576 @
2017-11-13T17:43:24Z
• 32fc952000 Merge pull request #44439 from cloudflare/fix-napalm
• f45378af04 Lint: remove extra spaces
• c6a38258a3 Add napalm>2.0.0 note and update URLs
• 52f73835b8 Adapt napalm modules to the new library structure
• PR #44457: (twangboy) Remove wmi monkeypatching @ 2017-11-13T17:38:52Z
• ebbe5949ea Merge pull request #44457 from twangboy/win_remove_wmi_monkeypatching
• 6c872e95e6 Add back the setup_loader_modules function
• 20273e3697 No need for setup_loader_modules since we're actually importing wmi
• 8c107873cd Remove wmi monkeypatching
• PR #44490: (Ch3LL) Enable test_deploy ssh test @ 2017-11-13T17:12:48Z
• 1da1a97d7d Merge pull request #44490 from Ch3LL/ssh_ping
• e952cd6712 Enable test_deploy ssh test
• PR #44491: (Ch3LL) Add salt-ssh raw integration tests @ 2017-11-13T15:47:12Z
• 18624d6798 Merge pull request #44491 from Ch3LL/ssh_raw
• 3dc8673417 change class name to raw
• 308596ac8d Add salt-ssh raw integration tests
• PR #44492: (twangboy) Fix unit.utils.test_cloud for Windows @ 2017-11-13T15:44:31Z
• aa17bfa8e7 Merge pull request #44492 from twangboy/win_skip_mode_check
• 2f30ad93b1 Skips mode check in Windows
• PR #44484: (Ch3LL) Add orchestration tests when target exists or not @ 2017-11-10T19:24:22Z
• 5b95495e75 Merge pull request #44484 from Ch3LL/orch_test
• f3ec6df76e Add orchestration tests when target exists or not
• PR #44480: (Ch3LL) Add integration pillar command line test @ 2017-11-10T19:14:31Z
• 62c42ca6fb Merge pull request #44480 from Ch3LL/override_pillar
• 12fed1b4d8 Add integration pillar command line test
• PR #44317: (Ch3LL) Add state tests and state request system to salt-ssh @ 2017-11-10T18:28:43Z
• cc08ad2edc Merge pull request #44317 from Ch3LL/ssh_test
• 46bce3bd5e add additional parser argument for ssh integration tests
• e9231430b5 remove logic similar to cloud/proxy tests
• c731eb8ea6 add ssh dir to test runner when --ssh-tests set
• 8089a885c2 add wipe function to other run_ssh method
• 200b12ae6a change versionadded salt version
• e3ebb5e9b3 fix comment and variables
• faef0886a7 Add state tests and state request system to salt-ssh
• PR #44478: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-11-10T18:00:56Z
• ISSUE #39901: (seanjnkns) network.managed ipaddrs ignored | refs: #44260
• PR #44260: (seanjnkns) Fixes #39901 for RH/CentOS 7
• 6669035a30 Merge pull request #44478 from rallytime/merge-2017.7
• 9fcc2a70b5 Merge branch '2016.11' into '2017.7'
• a66cd67d15 Merge pull request #44260 from seanjnkns/issue-39901
• ed8cccf457 #39901: Fix pylint
• 43c81dfdee #39901: Add unit tests
• 613d500876 Merge branch '2016.11' into issue-39901
• b97e8046ca Utilize salt.utils.validate.net.* and _raise_error_iface
• 6818f3631d Fixes #39901 for RH/CentOS 7
• PR #44444: (twangboy) LGPO: Issue with Maximum Password Age @ 2017-11-10T17:26:53Z
• 60719d0683 Merge pull request #44444 from twangboy/win_lgpo_non_zero
• de6b394445 Remove unneeded functions
• ee0914f7e9 Fix some lint, remove unnecessary function
• d52a7c12db Fix typo in PasswordComplexity policy
• 44f8f43812 Fix problem where 0 isn't 0
• PR #44467: (twangboy) Fix unit.test_doc for Windows @ 2017-11-10T15:21:58Z
• 4f3a79df07 Merge pull request #44467 from twangboy/win_fix_test_doc
• 0a9e862bf4 Use regex to split
• PR #44443: (Ch3LL) Add salt-ssh grains.items test @ 2017-11-09T00:42:11Z
• ff4f13877f Merge pull request #44443 from Ch3LL/ssh_grains
• 5d1a9af4b5 Add salt-ssh grains.items test
• PR #44429: (Ch3LL) Fix orch doc from pillat.get to pillar.get @ 2017-11-07T23:06:38Z
• dcdf2d4c90 Merge pull request #44429 from Ch3LL/orch_doc
• 38ca5520f0 Fix orch doc from pillat.get to pillar.get
• PR #43817: (The-Loeki) Orchestrate runner forces pillarenv and saltenv to None @ 2017-11-07T06:00:16Z
• ISSUE #42568: (clallen) Orchestration runner doesn't populate __pillar__ based on pillarenv | refs:
#43817
• 62c4addef8 Merge pull request #43817 from The-Loeki/orch-pillarenv
• 3fd652623c orchestrate runner: retain default envs
• PR #44408: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-11-06T15:53:00Z
• ISSUE #44313: (rossengeorgiev) salt-ssh: --user option missing from the cli documentation | refs:
#44322
• PR #44383: (gtmanfred) switch salt-jenkins over to saltstack for kitchen-salt tests
• PR #44322: (rossengeorgiev) updated CLI docs for salt-ssh
• PR #44304: (jfindlay) states.cron identifier defaults to name
• PR #44173: (twangboy) Use google style docstrings in win_system.py
• 9e4708b7b9 Merge pull request #44408 from rallytime/merge-2017.7
• edbbd5fc2b Merge branch '2016.11' into '2017.7'
• 5e289f42ba Merge pull request #44383 from gtmanfred/2016kitchen
• b65f4ea4ea switch salt-jenkins over to saltstack
• cab54e34b5 Merge pull request #44173 from twangboy/win_system_docs
• 8e111b413d Fix some of the wording and grammer errors
• a12bc5ae41 Use google style docstrings
• 7aaea1d179 Merge pull request #44304 from jfindlay/cron_id
• cc038c5bec states.cron identifier defaults to name
• e4dbbde734 Merge pull request #44322 from rossengeorgiev/saltssh-docs-update
• b18f2e5a6d fix program name and description for --static
• 5b10918f02 updated CLI docs for salt-ssh
• PR #44358: (The-Loeki) Kubernetes client certificate file usage fix @ 2017-11-03T21:51:27Z
• b11da0d2da Merge pull request #44358 from The-Loeki/kube-client-cert-file
• 35a8b0bb38 Kubernetes client certificate file usage fix
• PR #44347: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-11-03T21:48:21Z
• ISSUE #44336: (corywright) Docs for archive.tar should not use leading dash for tar options | refs:
#44338 #44339
• ISSUE #44272: (gurubert) [patch] win_service.stop() fails | refs: #44295
• PR #44345: (gtmanfred) remove binding from erb template rendering
• PR #44342: (gtmanfred) render template files platforms.yml and driver.yml
• PR #44339: (corywright) Remove leading dash from options in archive.tar docs (2016.11)
• PR #44295: (gurubert) fixes issue #44272
• PR #44286: (gtmanfred) use our git repo for kitchen-salt
• 1974e52c06 Merge pull request #44347 from rallytime/merge-2017.7
• 9bad04b94b Merge branch '2016.11' into '2017.7'
• 4e6f09e3eb Merge pull request #44345 from gtmanfred/2016kitchen
• 79b8b2d0bf remove binding
• 209847c8c2 Merge pull request #44342 from gtmanfred/2016kitchen
• c50508f0b7 render template files platforms.yml and driver.yml
• 1be65224cb Merge pull request #44339 from corywright/issue-44336-fix-archive-tar-docs-2016-11
• 9c1c35a59f Remove leading dash (-) from options in archive.tar documentation
• bebc33daf5 Merge pull request #44295 from HeinleinSupport/issue44272
• f972715a45 fixes issue #44272
• e7ca9f8407 Merge pull request #44286 from gtmanfred/2016.11
• 193e715e37 use our git repo for kitchen-salt
• PR #44364: (Ch3LL) Include disk size check for test_spm_build_big_file test @ 2017-11-01T13:57:24Z
• aea9f4a115 Merge pull request #44364 from Ch3LL/fix_size_test
• 952c6bfea4 Include file size check for test_spm_build_big_file test
• PR #44273: (DmitryKuzmenko) Workaround progressbar failure if minion is behind syndic. @
2017-10-31T17:07:17Z
• ISSUE #44239: (boltronics) --progress fails when hosts routed via syndic | refs: #44273
• 609de9367a Merge pull request #44273 from DSRCorporation/bugs/44239_syndic_progress
• e1a7605623 Workaround progressbar failure if minion is behind syndic.
• PR #44350: (gtmanfred) update salt-jenkins repo to 2017.7 @ 2017-10-30T21:31:30Z
• eef6dbfa58 Merge pull request #44350 from gtmanfred/2017.7
• cf71e3d9f2 update salt-jenkins repo to 2017.7
• PR #44346: (gtmanfred) remove binding from erb template rendering (2017.7) @ 2017-10-30T20:57:19Z
• d586b3bf97 Merge pull request #44346 from gtmanfred/2017.7
• bf577c3d8b remove binding
• PR #44343: (gtmanfred) render template files platforms.yml and driver.yml (2017.7) @
2017-10-30T20:04:22Z
• 547aac6658 Merge pull request #44343 from gtmanfred/2017.7
• ec24fbc0c2 render template files platforms.yml and driver.yml
• PR #44338: (corywright) Remove leading dash from options in archive.tar docs (2017.7 and develop) @
2017-10-30T18:59:33Z
• ISSUE #44336: (corywright) Docs for archive.tar should not use leading dash for tar options | refs:
#44338 #44339
• 6e2a74c18b Merge pull request #44338 from
corywright/issue-44336-fix-archive-tar-docs-2017-7-and-newer
• 49b0abc284 Remove leading dash (-) from options in archive.tar documentation
• PR #44265: (Ch3LL) Add service.status integration test @ 2017-10-30T15:00:12Z
• 71923bed97 Merge pull request #44265 from Ch3LL/service_test
• 716aabc0bf Merge branch '2017.7' into service_test
• dd5c823210 remove skipIf import
• ff92f31cbe remove skipif for docker
• c13f37eee4 change service name depending on os
• 980c43ebc9 change skip message check to docker
• 3955537609 change skip if check to docker
• aa8875a0e2 change service name to docker
• 654071028b change service to crond
• 7911b4b3eb Add service.status integration test
• PR #44294: (nasenbaer13) Boto asg fixes, Backport of #43858 @ 2017-10-30T14:48:52Z
• PR #43858: (nasenbaer13) Boto_ASG fixes for scaling policy rate limiting and tag conversion | refs:
#44294
• 8ae9769bfb Merge pull request #44294 from eyj/boto_asg
• f5ad6aeb70 Debug log added when throttled by API
• c05d9aeced Encode tags as utf-8, retry policy readout
• PR #44312: (rallytime) Back-port #44287 to 2017.7 @ 2017-10-30T14:25:56Z
• PR #44287: (jf) Fix utils.files.guess_archive_type to recognize the "tbz" extension as well | refs:
#44312
• 68a9bebf90 Merge pull request #44312 from rallytime/bp-44287
• 4d02e61f97 Merge branch '2017.7' into bp-44287
• ba0eaae95e Fix utils.files.guess_archive_type to recognize the "tbz" extension as well (also tidy up
list of extensions)
• PR #44311: (rallytime) Back-port #44262 to 2017.7 @ 2017-10-30T14:25:35Z
• ISSUE #44258: (oarmstrong) docker_container.running recreates containers with multiple links | refs:
#44262
• PR #44262: (oarmstrong) docker_container.running sort list of links | refs: #44311
• b8854e27c0 Merge pull request #44311 from rallytime/bp-44262
• 72d617cfbe Merge branch '2017.7' into bp-44262
• ae34a15503 docker_container.running sort list of links
• PR #44314: (gtmanfred) update .kitchen.yml to run py3 tests too @ 2017-10-30T14:23:15Z
• 48df79ef77 Merge pull request #44314 from gtmanfred/2017.7
• 54265769c4 Merge branch '2017.7' into 2017.7
• PR #44316: (rallytime) Fix lint failure on 2017.7 branch @ 2017-10-27T18:36:08Z
• dbc5e224e9 Merge pull request #44316 from rallytime/fix-lint
• 6d2490f6a0 Fix lint failure on 2017.7 branch
• 39262b625e update .kitchen.yml to run py3 tests too
• PR #44279: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-10-27T16:17:19Z
• ISSUE #44155: (rhoths) file.directory with clean not triggering listener in test mode | refs: #44160
• PR #44269: (terminalmage) Fix log message in salt.utils.gitfs
• PR #44268: (twangboy) Fix typo
• PR #44259: (gtmanfred) begin switching in kitchen-salt for running the test suite
• PR #44205: (rallytime) Back-port #44177 to 2016.11
• PR #44177: (senthilkumar-e) Fixing default redis.host in documentation | refs: #44205
• PR #44160: (gtmanfred) add changes to test return
• b2b0c770a4 Merge pull request #44279 from rallytime/merge-2017.7
• 8237f45a46 Add print_function to __future__ import list
• 055b0701de Lint fix from sloppy merge conflict resolution
• 1c3cb5c6a4 Merge branch '2016.11' into '2017.7'
• 8a1ea165af Merge pull request #44259 from gtmanfred/2016.11
• 56a3ad8f68 fix pylint comments
• 4add666db1 add comment to Gemfile and move copyartifacts
• b4c8f7eb57 fix pylint
• 392fd4f837 try newest salttesting
• 79251287d0 add logging
• 38963d5a82 use transport if not set in state_file
• 10e309a64f which vagrant should go to stderr
• 9307564de0 fix output columns
• 2da22f87e1 test opennebula
• 9f38f16905 add opennebula to Gemfile
• 7465f9b27a add script for copying back artifacts
• 255118cfd7 run tests with kitchen
• 9d6bc8509b Merge pull request #44268 from twangboy/win_fix_lgpo_typo
• a6a4c10a77 Fix typo
• 0beb65a283 Merge pull request #44269 from terminalmage/fix-log-message
• bc9cd65496 Fix log message in salt.utils.gitfs
• 304dd2529d Merge pull request #44160 from gtmanfred/directory
• a7d3d668f4 missed removing changes in the next test
• ac0b5ec440 fix test
• d3d00c3e62 add changes to test return
• e10395483d Merge pull request #44205 from rallytime/bp-44177
• b9940f8521 Fixing default redis.host in documentation
• PR #44291: (Ch3LL) add saltutil.refresh_pillar test @ 2017-10-27T15:19:43Z
• bd5b9dd0aa Merge pull request #44291 from Ch3LL/pillar_test
• 34e2955445 add saltutil.refresh_pillar test
• PR #44267: (twangboy) Fix type and Py3 issues in LGPO module @ 2017-10-27T14:27:50Z
• ba17a1c4d0 Merge pull request #44267 from twangboy/win_fix_lgpo
• 5d22d34cac Use unicode_literals
• 40636397d8 Fix set for Py3
• 8f8c706426 Fix typo
• PR #44285: (Ch3LL) add spm integration tests for remove and build @ 2017-10-26T21:20:10Z
• e16707c403 Merge pull request #44285 from Ch3LL/all_spm
• 1f77f3e6a3 add skipif logic for fallocate cmd
• 03b5c4bc6d add spm integration tests for remove and build
• PR #44301: (twangboy) Fix test_pydsl on Windows @ 2017-10-26T21:14:21Z
• 6392896a22 Merge pull request #44301 from twangboy/win_fix_test_pydsl
• 6db23757bc Fix test_pydsl on Windows
• PR #44293: (UtahDave) Fix documentation grammar and spelling errors @ 2017-10-26T13:05:31Z
• 8787d02688 Merge pull request #44293 from UtahDave/fix_unittest_docs
• c919648ab4 Fix documentation grammar and spelling errors
• PR #44248: (Ch3LL) SPM tests: use _spm_build_files method during test_build setup @
2017-10-25T19:45:03Z
• 6e33743c1a Merge pull request #44248 from Ch3LL/spm_create_repo
• 0a387c2ecd fix pylint
• f383f05a93 Add SPM create_repo integration test
• PR #44253: (Ch3LL) Add multiple spm integration tests @ 2017-10-25T13:36:03Z
• bd75be24ca Merge pull request #44253 from Ch3LL/spm_install
• 9e2e785034 add spm tests to test runner
• 4729ccd32b Add multiple spm integration tests
• PR #44254: (twangboy) Fix unit.modules.test_win_groupadd for Windows @ 2017-10-25T13:33:40Z
• 75ee1ebc50 Merge pull request #44254 from twangboy/win_fix_test_win_groupadd
• 609361bf48 Fix some lint errors
• 1f44d8d5e6 Document helper functions
• b0caec320e Move _get_all_groups up to the top
• 7a3ff9387d Mock the rest of the tests
• 5ce14df82c Change how members are retrieved in win_groupadd
• 6ab82394be Set up mocking
• PR #44266: (Ch3LL) Add state, grains and service proxy tests @ 2017-10-25T13:08:50Z
• 4c23fa63bb Merge pull request #44266 from Ch3LL/proxy_tests
• e5701b472d Add state, grains and service proxy tests
• PR #44244: (mirceaulinic) Add explicit non-zero retcode to napalm config functions @
2017-10-24T09:23:40Z
• ISSUE #43187: (mirceaulinic) How to point from an execution module that a certain function failed |
refs: #44244
• c849f350ba Merge pull request #44244 from cloudflare/add-retcode
• a1f27c9f00 Add explicit non-zero retcode to napalm config functions
• PR #44228: (rklaren) Fixes #44227, make salt-cloud/libvirt cleanup after errors more robust @
2017-10-23T17:09:35Z
• ISSUE #44227: (rklaren) salt-cloud leaves a broken vm around when the salt bootstrap fails | refs:
#44228 #44228
• 195b225540 Merge pull request #44228 from rklaren/fix-salt-cloud-libvirt-cleanup-after-errors
• 7917d1e61e Incorporate review comments.
• 3a10b6aef1 Fixes #44227, make salt-cloud/libvirt cleanup after errors more robust
• PR #44008: (mtorromeo) Backport #43769 to 2017.7 @ 2017-10-23T14:19:57Z
• ISSUE #19532: (stolendog) salt-ssh running git clone with not root user | refs: #43769
• ISSUE #10582: (mtorromeo) Git ssh helper may be unable run | refs: #43769
• PR #43769: (mtorromeo) Copy git ssh-id-wrapper to /tmp only if necessary (Fixes #10582, #19532) |
refs: #44008
• 01e7bab990 Merge pull request #44008 from mtorromeo/git-noexec-fix
• a7a841d9d2 Merge branch '2017.7' into git-noexec-fix
• d177240cfc Merge branch '2017.7' into git-noexec-fix
• a63e6ca963 Copy git ssh-id-wrapper to /tmp only if necessary (Fixes #10582, Fixes #19532)
• PR #44202: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-10-23T14:18:30Z
• ISSUE #44150: (rossengeorgiev) version param in pkg.installed broken in 2016.11.8/2017.7.2 in EL6-7 |
refs: #44188
• ISSUE #44140: (vtolstov) incorrect network interfaces settings with network.managed under debian
jessie | refs: #44167
• ISSUE #43936: (oeuftete) manage.present still reports lost minion | refs: #43994
• ISSUE #43427: (tylerjones4508) Salt-Cloud There was a profile error: invalid literal for int() with
base 10: | refs: #44089
• ISSUE #38367: (tyeapple) logic error in connected_ids function of salt/utils/minions.py when using
include_localhost=True | refs: #43994
• PR #44188: (terminalmage) yumpkg: Check pkgname instead of name to see if it is a kernel pkg
• PR #44167: (garethgreenaway) Fixes to modules/debian_ip
• PR #44158: (rallytime) Back-port #44089 to 2016.11
• PR #44089: (cetanu) Catch on empty Virtualbox network addr #43427 | refs: #44158
• PR #43994: (oeuftete) Fix manage.present to show lost minions
• PR #43830: (rallytime) Back-port #43644 to 2016.11
• PR #43644: (defanator) Several fixes for RDS DB parameter group management | refs: #43830
• 85c0ef493f Merge pull request #44202 from rallytime/merge-2017.7
• 99ff7a5c12 Merge branch '2016.11' into '2017.7'
• 09ddfd0c08 Merge pull request #44167 from garethgreenaway/44140_debian_ip_fixes
• 5f7555846f When looping through the various pre, post, up and down commands put them into the
interface dict using the right internet family variable.
• 9f9e936b52 Merge pull request #43830 from rallytime/bp-43644
• 12845ae802 Several fixes for RDS DB parameter group management
• 07db6a3d8b Merge pull request #43994 from oeuftete/fix-manage-runner-presence
• f3980d7d83 Fix manage.present to show lost minions
• a07537e258 Merge pull request #44188 from terminalmage/issue44150
• 0692f442db yumpkg: Check pkgname instead of name to see if it is a kernel pkg
• 715edc0cea Merge pull request #44158 from rallytime/bp-44089
• 534faf0b7a Catch on empty Virtualbox network addr #43427
• PR #44208: (twangboy) Fix some lint in PR: 44080 @ 2017-10-20T16:42:02Z
• d7dc2bd0e8 Merge pull request #44208 from twangboy/win_fix_group.present
• 61e2e9ccda Fix some lint
• PR #43843: (twangboy) Fix unit.states.test_mount for Windows @ 2017-10-20T14:27:25Z
• c6d27ada51 Merge pull request #43843 from twangboy/win_unit_test_mount
• a862e0bf2d Remove unneeded import
• d78f27466d Fix unit.states.test_mount for Windows
• PR #44111: (anlutro) Try to correctly parse debian codename from /etc/os-release @ 2017-10-19T22:23:26Z
• 372820ea38 Merge pull request #44111 from alprs/fix-deb8-py3-oscodename
• 1e1e5a3ff6 try to correctly parse debian codename from /etc/os-release
• PR #44187: (twangboy) Fix pickling errors on Windows @ 2017-10-19T20:36:51Z
• 75136152c1 Merge pull request #44187 from twangboy/win_fix_unit_test_daemons.py
• 64d2e4f732 Fix pickling errors on Windows
• PR #44186: (garethgreenaway) [2017.7] scheduler fixes @ 2017-10-19T20:36:04Z
• ISSUE #44181: (jonans) Scheduler with multiple when values doesn't run | refs: #44186
• 7a89cd8697 Merge pull request #44186 from garethgreenaway/44181_scheduler_multiple_whens
• 7eef3b3571 Adding a copy.deepcopy to the for loop that looks for old jobs to avoid stale jobs ending
up in the list.
• PR #43896: (twangboy) Fix win_lgpo execution module @ 2017-10-19T20:13:18Z
• 1d16ae8ba7 Merge pull request #43896 from twangboy/win_fix_lgpo_scom
• 648d1b8d99 Catch CommandExecutionError
• 0040082d0a Fix pylint error
• 91258cd6a8 Fix typo
• 261dba347d Put the file.remove in a try/except/else block
• 020c2a2b85 Fix syntax error
• d5bec99126 Fix some lint
• b96186d60d Fix INSTALL_LANGUAGE
• 5471bd521f Fix problem with file handle
• 5ec58c6200 Use System Install Language as default fallback
• f9ad446019 Fix win_lgpo execution module
• PR #44080: (twangboy) Fix a regression in group.present in Windows @ 2017-10-19T20:10:44Z
• 98356b86af Merge pull request #44080 from twangboy/win_fix_group.present
• 29bc80ff87 Improve get_sam_name
• ef759a3875 Fix example in function docs for get_sam_name
• 43740c5fed Document 15 character limit
• 83f36cc2ef Account for 15 character limit in hostname
• aa278966de Remove
*
args, pass gid as a keyword
• 5230ecd7e1 Accept
*
args
• PR #44171: (Ch3LL) Add SPM Build Integration Tests @ 2017-10-19T19:49:14Z
• 5ef124bf2d Merge pull request #44171 from Ch3LL/spm_int
• cd79e9444e remove unneded kwarg
• 1541376c4f Add spm build test
• PR #44157: (benediktwerner) Added 'versionadded' tags to sensehat modules @ 2017-10-19T14:13:31Z
• 34a843252d Merge pull request #44157 from benediktwerner/2017.7
• bd825b51cc Changed sensehat versionadded from 2017.7 to 2017.7.0
• f1d3c5bbcf Added 'versionadded' tags to sensehat modules
• PR #44164: (terminalmage) Fix examples in docker_container.{stopped,absent} docstrings @
2017-10-19T14:12:37Z
• 1427c72e1e Merge pull request #44164 from terminalmage/fix-docker-docstring
• 7b46489e33 Fix examples in docker_container.{stopped,absent} docstrings
• PR #44168: (twangboy) Fix unit.test_auth for Windows @ 2017-10-19T14:12:22Z
• 77969c4161 Merge pull request #44168 from twangboy/win_skip_pam_eath
• bb1d2eb85b Skip tests that are failing on PAM eauth
• PR #44151: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-10-18T16:52:30Z
• ISSUE #44087: (mfussenegger) Using state.highstate with terse=true prevents useful error output |
refs: #44093
• ISSUE #43307: (marek-knappe) Filesystem creation is failing on newly created LV
• PR #44131: (rallytime) Back-port #44029 to 2016.11
• PR #44124: (rallytime) [2016.11] Merge forward from 2016.11.8 to 2016.11
• PR #44122: (cachedout) Add note about GPG signing to PR template
• PR #44110: (roaldnefs) Format fix code example local returner doc
• PR #44097: (gtmanfred) OpenNebula does not require the template_id to be specified
• PR #44093: (gtmanfred) don't filter if return is not a dict
• PR #44029: (msummers42) addresses issue #43307,
disk.format_
to disk.format | refs: #44131
• PR #44028: (rallytime) Back-port #44011 to 2016.11.8
• PR #44011: (Ch3LL) Security Fixes for 2016.11.8 | refs: #44028
• 88a776d9d2 Merge pull request #44151 from rallytime/merge-2017.7
• 6aa8f03a4a Merge branch '2016.11' into '2017.7'
• 0cd493b691 Merge pull request #44131 from rallytime/bp-44029
• bebf301976 fixed test addressing issue #43307,
disk.format_
to disk.format
• b4ba7ae2fc addresses issue #43307,
disk.format_
to disk.format
• 3a68e356f8 Merge pull request #44093 from gtmanfred/fix-44087
• 5455c5053b fix pylint
• f749cafa25 don't filter if return is not a dict
• c785d7a847 Merge pull request #44122 from cachedout/gpg_pr_template
• e41e3d76be Typo fix
• 37c7980880 Add note about GPG signing to PR template
• bf90ea1f51 Merge pull request #44124 from rallytime/merge-2016.11
• 59861291c8 Merge branch '2016.11.8' into '2016.11'
• 57623e2abe Merge pull request #44028 from rallytime/bp-44011
• 89e084bda3 Do not allow IDs with null bytes in decoded payloads
• 206ae23f15 Don't allow path separators in minion ID
• 13f3ffa83a Merge pull request #44097 from gtmanfred/openneb
• c29655b2c2 Merge branch '2016.11' into openneb
• bd2490b149 OpenNebula does not require the template_id to be specified
• ac3e4df964 Merge pull request #44110 from roaldnefs/fix-doc-local-returner
• efd58f7594 Merge branch '2016.11' into fix-doc-local-returner
• 881f1822f2 Format fix code example local returner doc
• PR #43933: (gtmanfred) if expect_minions is passed use that instead @ 2017-10-18T16:43:39Z
• ISSUE #43918: (mwerickso) subset argument does not work with saltmod.state | refs: #43933
• 0b47eb7242 Merge pull request #43933 from gtmanfred/2017.7
• 272dcc6ba5 add inline comment about popping expect_minions
• b615ce1762 if expect_minions is passed use that instead
• PR #44081: (skizunov) Windows: Fix usage of pkgrepo state @ 2017-10-18T16:16:46Z
• 36da1a7fac Merge pull request #44081 from skizunov/develop3
• 351d16840b Move strip_uri to salt/utils/pkg/deb.py
• f54c7a6f01 Windows: Fix usage of pkgrepo state
• PR #43913: (twangboy) Fix unit.templates.test_jinja for Windows @ 2017-10-17T21:09:05Z
• afcaa0c591 Merge pull request #43913 from twangboy/win_fix_test_jinja
• a4e2d8059d Fix unit.templates.test_jinja for Windows
• PR #43917: (twangboy) Fix unit.test_pillar for Windows @ 2017-10-17T21:06:46Z
• fc5754c6a1 Merge pull request #43917 from twangboy/win_unit_test_pillar
• 00dbba5712 Fix unit.test_pillar for Windows
• PR #44133: (cachedout) Fix typos in parallel states docs @ 2017-10-17T15:24:19Z
• 6252f82f58 Merge pull request #44133 from cachedout/fix_paralell_docs
• 8d1c1e21f0 Fix typos in paralell states docs
• PR #44135: (timfreund) Insert missing verb in gitfs walkthrough @ 2017-10-17T14:32:13Z
• 0d3f5db867 Merge pull request #44135 from timfreund/insert_missing_verb
• 9557504b75 Insert missing verb in gitfs walkthrough
• PR #44055: (nasenbaer13) Activate jid_queue also for SingleMinions to workaround (Backport) @
2017-10-16T20:14:52Z
• PR #43860: (nasenbaer13) Activate jid_queue also for SingleMinions (occurs on reconnect) | refs:
#44055
• a9700f6061 Merge pull request #44055 from eyj/jid_queue
• 4bdd5bbf6b Merge branch '2017.7' into jid_queue
• facef2227d Merge branch '2017.7' into jid_queue
• 2fedcec6bb Merge branch '2017.7' into jid_queue
• 255aa94c64 Activate jid_queue also for SingleMinions to workaround 0mq reconnection issues
• PR #44125: (rallytime) [2017.7] Merge forward from 2017.7.2 to 2017.7 @ 2017-10-16T20:02:25Z
• PR #44027: (rallytime) Back-port #44012 to 2017.7.2
• PR #44012: (Ch3LL) Security Fixes for 2017.7.2 | refs: #44027
• 2fba45cd3f Merge pull request #44125 from rallytime/merge-2017.7
• c4ae4a6b50 Merge branch '2017.7.2' into '2017.7'
• 5d719a2219 Merge pull request #44027 from rallytime/bp-44012
• f7824e41f3 Don't allow path separators in minion ID
• 44060dc9c1 Do not allow IDs with null bytes in decoded payloads
• PR #44029: (msummers42) addresses issue #43307,
disk.format_
to disk.format | refs: #44131 @ 2017-10-16T19:59:20Z
• ISSUE #43307: (marek-knappe) Filesystem creation is failing on newly created LV
• 68974aa74d Merge pull request #44029 from msummers42/2017.7
• 16e1c1dfc8 fixed test addressing issue #43307,
disk.format_
to disk.format
• 3d597db51c Merge branch '2017.7' into 2017.7
• 18fb0be96a addresses issue #43307,
disk.format_
to disk.format
• PR #44079: (skizunov) opkg: Fix usage with pkgrepo.managed @ 2017-10-16T19:58:13Z
• d0bbe65ffa Merge pull request #44079 from skizunov/develop2
• 0614d1af30 Merge branch '2017.7' into develop2
• b6b12fe495 opkg: Fix usage with pkgrepo.managed
• PR #44090: (pratik705) Fix create_attach_volumes salt-cloud action for gcp @ 2017-10-16T19:04:22Z
• 22a8253595 Merge pull request #44090 from pratik705/fix-create_attach_volumes_salt-cloud_action-GCP
• 3eefd334c5 Fixed "create_attach_volumes" salt-cloud action for GCP
• PR #44121: (benediktwerner) Fixed code snippet in unit testing documentation @ 2017-10-16T18:28:36Z
• 888e5f51a2 Merge pull request #44121 from benediktwerner/2017.7
• 1319c822bd Fixed code snippet in unit testing doc
• PR #44098: (twangboy) Return multiprocessing queue in LogSetupMock class @ 2017-10-16T18:14:30Z
• 9fe94d7843 Merge pull request #44098 from twangboy/win_mock_test_parsers
• cc43ca27af Return multiprocessing queue in LogSetupMock class
• PR #44118: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-10-16T17:01:38Z
• ISSUE #43581: (jcourington) cherrypy stats issue | refs: #44021
• PR #44092: (techhat) Made sure that unicoded data is sent to sha256()
• PR #44030: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11
• PR #44025: (dayid) Typo correction of lover to lower
• PR #44021: (whiteinge) Also catch cpstats AttributeError for bad CherryPy release ~5.6.0
• PR #44010: (Ch3LL) Security Fixes for 2016.3.8
• PR #43977: (Ch3LL) Add Security Notes to 2016.3.8 Release Notes
• PR #42655: (whiteinge) Reenable cpstats for rest_cherrypy | refs: #44021
• PR #33806: (cachedout) Work around upstream cherrypy bug | refs: #42655
• 0ee04eaf1d Merge pull request #44118 from rallytime/merge-2017.7
• bbec47afbc Merge branch '2016.11' into '2017.7'
• c960ca32c2 Merge pull request #44092 from techhat/awsunicode
• bbd9db4d00 One more encoding
• 0e8b325667 Apparently __salt_system_encoding__ is a thing
• 1e7211838d Use system encoding
• 1af21bbe5e Made sure that unicoded data is sent to sha256()
• d89c317d96 Merge pull request #44021 from whiteinge/cpstats-attribute-error
• bf14e5f578 Also catch cpstats AttributeError for bad CherryPy release ~5.6.0
• bbdabe242a Merge pull request #44025 from dayid/lover_typo
• 385980c21a Merge branch '2016.11' of https://github.com/saltstack/salt into lover_typo
• 266dc00a23 Typo correction of lover to lower
• d8f3891a5e Merge pull request #44030 from rallytime/merge-2016.11
• 53eaf0d75c Merge branch '2016.3' into '2016.11'
• 64fd839377 Merge pull request #44010 from Ch3LL/2016.3.7_follow_up
• 9a00302cd8 fix 2016.3.7 release notes merge conflict
• 63da1214db Do not allow IDs with null bytes in decoded payloads
• ee792581fc Don't allow path separators in minion ID
• 8aab65c718 fix 2016.3.7 release notes merge conflict
• bd73dcb02c Merge pull request #43977 from Ch3LL/3.8_sec
• 5fb3f5f6b1 Add Security Notes to 2016.3.8 Release Notes
• PR #44099: (twangboy) Skip Master, Minion, and Syndic parser tests @ 2017-10-16T16:07:00Z
• 28fa097b9b Merge pull request #44099 from twangboy/win_skip_test_parsers
• caf086c05a Skip Master, Minion, and Syndic parser tests
• PR #44106: (roaldnefs) Fix mattermost returner documentation @ 2017-10-16T13:12:23Z
• dbf112ead7 Merge pull request #44106 from roaldnefs/fix-doc-mattermost_returner
• b3761a0401 Fix doc indentation in mattermost_returner
• PR #44054: (nasenbaer13) Backport of missing delete_on_termination @ 2017-10-13T15:45:25Z
• PR #43859: (nasenbaer13) Add missing delete_on_termination passthrough. Adapt docs. | refs: #44054
• fd2c51b76c Merge pull request #44054 from eyj/boto_lc
• 34d4629a64 Merge branch '2017.7' into boto_lc
• 9efd63526a Adapted documentation of delete_on_termination parameter
• eb2bfd047b Add missing delete_on_termination passthrough. Adapt docs.
• PR #44076: (Ch3LL) Add spm shell tests @ 2017-10-13T14:32:19Z
• b61ed96268 Merge pull request #44076 from Ch3LL/spm_test
• d2e91c33bd Add spm shell tests
• PR #44051: (twangboy) Fix some documentation formatting issues in the win_dacl state @
2017-10-12T15:40:17Z
• e38f313ac0 Merge pull request #44051 from twangboy/win_fix_docs_dacl
• 377d6b6171 Fix some docs in the win_dacl state module
• PR #44066: (Ch3LL) Add Known CherryPy Issue to 2017.7.2 Release Notes @ 2017-10-12T15:18:25Z
• a85837d72b Merge pull request #44066 from Ch3LL/cherry_release
• 8e597fcce9 Add Known CherryPy Issue to 2017.7.2 Release Notes
• PR #43889: (CorvinM) Fix issue with using roster_defaults with flat or cloud rosters. @
2017-10-11T23:22:11Z
• ISSUE #43643: (doublez13) salt-ssh: multiple targets fails after upgrade to 2017.7 | refs: #43889
• ISSUE #43449: (ecgg) salt-ssh -L with hosts down or unreachable returns wrong results | refs: #43889
• fcab77ac7b Merge pull request #43889 from CorvinM/issue43449
• fefd28d896 Add futureproofing to roster_defaults to support roster dictionary options
• aebe76b6f8 Fix issue with using roster_defaults with flat or cloud rosters. fixes #43449 fixes #43643
• PR #44031: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-10-11T22:03:31Z
• ISSUE #43945: (bobrik) kmod.present doesn't work with compiled-in modules
• ISSUE #42947: (rossengeorgiev) Zenoss state changes production state even when test=true | refs:
#43968
• ISSUE #2291: (scott-w) Extend pkg to install from file
• PR #44023: (Ch3LL) Add 2016.11.9 Release Note File
• PR #44019: (benediktwerner) Added missing docs to the tutorial index and fixed spelling mistake
• PR #44011: (Ch3LL) Security Fixes for 2016.11.8 | refs: #44028
• PR #43991: (Ch3LL) Add Security Notes to 2016.3.8 Release Notes
• PR #43976: (Ch3LL) Add Security Notes to 2016.11.8 Release Notes
• PR #43973: (terminalmage) Fix grains.has_value when value is False
• PR #43968: (rossengeorgiev) fix zenoss state module not respecting test=true
• PR #43962: (bobrik) Report built-in modiles in kmod.available, fixes #43945
• PR #43960: (cro) Require that bindpw be non-empty when auth.ldap.anonymous is False
• PR #43955: (meaksh) Enable a new '--with-salt-version' parameter for the "setup.py" script
• PR #43916: (dereckson) Fix typo in salt-cloud scaleway documentation
• PR #43888: (rallytime) Back-port #43841 to 2016.11
• PR #43841: (austinpapp) add -n with netstat so we don't resolve IPs | refs: #43888
• PR #43776: (Ch3LL) [2016.11] Bump latest and previous versions
• 3ad1c6d1d9 Merge pull request #44031 from rallytime/merge-2017.7
• 1d4a6c3949 Lint: Fixup undefined variable errors
• 788ad0609a Merge branch '2016.11' into '2017.7'
• 0dbf41e79e Merge pull request #44011 from Ch3LL/2016.11.7_follow_up
• c0149101c0 Do not allow IDs with null bytes in decoded payloads
• 19481423dd Don't allow path separators in minion ID
• d61300df20 Merge pull request #44023 from Ch3LL/11.9rn
• 7f9015eb41 Add 2016.11.9 Release Note File
• 9ff53bf63a Merge pull request #44019 from benediktwerner/2016.11
• bc53598027 Fixed spelling mistake in salt_bootstrap tutorial
• 6c30344824 Added missing tutorial docs to the tutorial index
• 364523f5f8 Merge pull request #43955 from meaksh/2016.11-fix-2291
• a81b78381b Merge branch '2016.11' into 2016.11-fix-2291
• 44bc91bb98 Enable '--with-salt-version' parameter for setup.py script
• fec714b91d Merge pull request #43962 from bobrik/kmod-built-in
• 95ab901553 Report built-in modiles in kmod.available, fixes #43945
• e434c39c4e Merge pull request #43960 from cro/ldap_nopw_bind2
• 962a20cf4b Require that bindpw be non-empty if auth.ldap.anonymous=False
• 9df3d91d8f Release notes blurb for change to bindpw requirements
• e9dfda2177 Merge pull request #43991 from Ch3LL/3.8_sec_2
• 1977df8462 Add Security Notes to 2016.3.8 Release Notes
• 2346d2691e Merge pull request #43968 from rossengeorgiev/fix-zenoss-prod_state
• e6d31c1ea6 fix zenoss state module not respecting test=true
• 8d56a5ac45 Merge pull request #43776 from Ch3LL/2016.11.8_docs
• f72bc00000 [2016.11] Bump latest and previous versions
• 21bf71c3f5 Merge pull request #43976 from Ch3LL/11.8_sec
• f0c3184288 Add Security Notes to 2016.11.8 Release Notes
• 1d5397ab5b Merge pull request #43973 from terminalmage/fix-grains.has_value
• bf45ae6e6a Fix grains.has_value when value is False
• 9ac3f2ea7b Merge pull request #43888 from rallytime/bp-43841
• 87d676f08a add -n with netstat so we don't resolve
• f880ac4c08 Merge pull request #43916 from dereckson/fix-typo-cloud-scaleway
• 15b8b8a9f4 Fix typo in salt-cloud scaleway documentation
• PR #44045: (isbm) Bugfix: always return a string "list" on unknown job target type. @
2017-10-11T21:58:12Z
• PR #2017: (thekuffs) Add additional Esky / Freezing documentation.
• PR #2015: (thekuffs) Esky / bbfreeze support | refs: #2017
• 5db1e8c6ca Merge pull request #44045 from isbm/isbm-tgttype-fix-2017-port
• 471ff35c2f Bugfix: always return a string "list" on unknown job target type.
• PR #44026: (rallytime) Back-port #43950 to 2017.7 @ 2017-10-11T15:27:49Z
• ISSUE #43949: (arthurlogilab) [logger] [sentry] KeyError: 'SENTRY_PROJECT' | refs: #43950
• PR #43950: (arthurlogilab) [log/sentry] avoid KeyError: 'SENTRY_PROJECT' | refs: #44026
• 6c8f7fd5ec Merge pull request #44026 from rallytime/bp-43950
• a37e0bad62 [log/sentry] avoid KeyError: 'SENTRY_PROJECT'
• PR #44012: (Ch3LL) Security Fixes for 2017.7.2 | refs: #44027 @ 2017-10-10T20:04:08Z
• 369ee8a132 Merge pull request #44012 from Ch3LL/2017.7.1_follow_up
• 92e05cf1c0 Don't allow path separators in minion ID
• 70133aa305 Do not allow IDs with null bytes in decoded payloads
• PR #44024: (Ch3LL) Add 2017.7.3 Release Note File @ 2017-10-10T20:03:12Z
• 4fe029a0ab Merge pull request #44024 from Ch3LL/7.3rn
• 027f509368 Add 2017.7.3 Release Note File
• PR #43998: (unthought) Fix gce make_master @ 2017-10-10T20:01:25Z
• ISSUE #43997: (unthought) gce cloud provider breaks for make_master: True | refs: #43998
• e484d16817 Merge pull request #43998 from unthought/fix-gce-make_master
• 6e9f0fa24e Fix GCE provider: #create returns bootstrap result
• PR #44016: (terminalmage) Fix on_header callback when not redirecting and no Content-Type present @
2017-10-10T19:59:24Z
• ISSUE #44013: (DenisBY) pkgrepo.managed broken in 2017.7.2 | refs: #44016
• 82b92d54b3 Merge pull request #44016 from terminalmage/issue44013
• d594b95f92 No need to set a specific encoding if one hasn't been provided via the headers
• 425ede4b84 Fix on_header callback when not redirecting and no Content-Type present
• PR #43952: (t0fik) add requisites to stateconf ( backport #43920) @ 2017-10-10T13:03:31Z
• bd879eb66e Merge pull request #43952 from jdsieci/2017.7_add_requisites_to_stateconf
• 9994c64670 Merge branch '2017.7' into 2017.7_add_requisites_to_stateconf
• PR #43777: (Ch3LL) [2017.7] Bump latest and previous versions @ 2017-10-09T17:21:57Z
• a4358dfa36 Merge pull request #43777 from Ch3LL/2017.7.2_docs
• 410c624f7a [2017.7] Bump latest and previous versions
• PR #43978: (Ch3LL) Add Security Notes to 2017.7.2 Release Notes @ 2017-10-09T17:20:04Z
• 2a064c1a72 Merge pull request #43978 from Ch3LL/7.2_sec
• 57fd6f7bcb Add Security Notes to 2017.7.2 Release Notes
• PR #43932: (techhat) Don't try to modify dict while looping through it @ 2017-10-06T21:20:54Z
• d9530e3c52 Merge pull request #43932 from techhat/moddict
• 4a77560646 Don't try to modify dict while looping through it
• PR #43956: (terminalmage) Fix fileclient's get_url when redirecting to a redirect @
2017-10-06T21:19:41Z
• 39893a1dab Merge pull request #43956 from terminalmage/fix-get_url-redirects
• 9a4f6a260f Fix fileclient's get_url when redirecting to a redirect
• PR #43943: (twangboy) Fix unit.utils.test_utils for Windows @ 2017-10-06T19:35:24Z
• 1baf286719 Merge pull request #43943 from twangboy/win_unit_test_utils
• 254dac7723 Fix unit.utils.test_utils for Windows
• 89200ff28e rebase from 2017.7.2
• PR #43939: (terminalmage) Fix typo in log message @ 2017-10-05T23:20:04Z
• a8f1750323 Merge pull request #43939 from terminalmage/fix-typo
• 29d8cf4f26 Fix typo in log message
• PR #43910: (terminalmage) Don't put unserializable dict.keys() into state return @ 2017-10-05T20:33:47Z
• ISSUE #43909: (frogunder) state.highstate not working on py3 setup | refs: #43910
• ISSUE #43605: (cruscio) Module.Run: Passed invalid arguments to state.apply: can't serialize
dict_keys(['task.create_task']) | refs: #43910
• 1a718eb1ed Merge pull request #43910 from terminalmage/issue43605
• 042e092ac8 Don't put unserializable dict.keys() into state return
• PR #43927: (rallytime) Back-port #43907 to 2017.7 @ 2017-10-05T20:10:16Z
• ISSUE #41894: (DR3EVR8u8c) Salt-cloud can't resize root volume with public ami images | refs: #43907
• ISSUE #39257: (aig787) Using del_root_vol_on_destroy option in salt-cloud gives IndexError | refs:
#43907
• PR #43907: (richardsimko) Make sure EBS volume exists before querying | refs: #43927
• PR #33115: (rbjorklin) Fix override of ec2 volumetype | refs: #43907
• a7a59868c8 Merge pull request #43927 from rallytime/bp-43907
• f62e8ca87f Make sure volume exists before querying
• PR #43934: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-10-05T20:07:36Z
• ISSUE #43373: (rgcosma) use keyword breaks sls_id | refs: #43707
• PR #43884: (UtahDave) Update SaltConf banner per Rhett's request
• PR #43869: (terminalmage) Only join cmd if it's not a string
• PR #43707: (terminalmage) Add missing support for use/use_in requisites to state.sls_id
• 4fcd4709ea Merge pull request #43934 from rallytime/merge-2017.7
• eaca3291e2 Merge branch '2016.11' into '2017.7'
• 2ab7549d48 Merge pull request #43884 from UtahDave/2016.11local
• e3b2857285 Merge branch '2016.11' into 2016.11local
• 4b882d4272 Merge pull request #43869 from terminalmage/issue43522
• fe28b0d4fb Only join cmd if it's not a string
• 8c671fd0c1 Update SaltConf banner per Rhett's request
• a2161efda3 Merge pull request #43707 from terminalmage/issue43373
• 3ebde1895f Merge branch '2016.11' into issue43373
• e580ed4caa Merge branch '2016.11' into issue43373
• 5b3be6e8af Fix failing unit test
• f73764481b Add missing support for use/use_in requisites to state.sls_id
• PR #43886: (techhat) Fix object_to_dict in azure @ 2017-10-05T19:33:56Z
• ISSUE #43658: (kvnaveen) KeyError: 'as_dict' [DEBUG ] LazyLoaded nested.output | refs: #43886
• 7d174172a0 Merge pull request #43886 from techhat/azuredict
• 223a1eea83 Fix object_to_dict in azure
• PR #43899: (gtmanfred) enable tox for tests @ 2017-10-04T15:08:16Z
• 7038248820 Merge pull request #43899 from gtmanfred/2017.7
• 51eca1a6bd enable tox for tests
• PR #43828: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-10-04T13:10:13Z
• PR #43807: (terminalmage) cmdmod: Don't list-ify string commands on Windows
• PR #43768: (vutny) Fix Pylint deprecated option warnings
• a5abe33e1c Merge pull request #43828 from rallytime/merge-2017.7
• 2ff02e4320 Merge branch '2016.11' into '2017.7'
• 85b3aa332a Merge pull request #43807 from terminalmage/issue43522
• d8708bf698 cmdmod: Don't list-ify string commands on Windows
• ea8d273c2b Merge pull request #43768 from vutny/fix-pylint-deprecation-warnings
• f8b3fa9da1 Merge branch '2016.11' into fix-pylint-deprecation-warnings
• 651ed16ad3 Fix Pylint deprecated option warnings
• PR #43854: (keesbos) Map __env__ in git_pillar before sanity checks @ 2017-10-02T20:44:53Z
• PR #43656: (keesbos) Git pillar fixes | refs: #43854
• 36b0b1174b Merge pull request #43854 from keesbos/2017.7
• fba9c9a935 Map __env__ in git_pillar before sanity checks
• PR #43847: (cachedout) Fix to module.run @ 2017-10-02T19:25:03Z
• ISSUE #17: (thatch45) Modules need to be autodocumenting
• c81e8457b8 Merge pull request #43847 from cachedout/module_run_compare
• b11f8c8f29 Merge pull request #17 from terminalmage/pr-43847
• 93eaba7c54 Use six.iterkeys() instead of dict.keys()
• 5d56a03a67 Improve failures for module.run states
• 71780beb5a Merge branch '2017.7' into module_run_compare
• PR #43844: (garethgreenaway) [2017.7] Changes to states/file.py and states/archived.py @
2017-10-01T09:08:48Z
• ISSUE #43819: (mephi42) archive.extracted shows the http password in the comment field on failure |
refs: #43844
• dd01e0ce67 Merge pull request #43844 from garethgreenaway/43819_redact_url_additions
• c58c72aff9 When using URLs in archive.extracted, on failure the username & password is in the
exception. Calling salt.utils.url.redact_http_basic_auth to ensure the credentials are redacted.
• f0b985cbbe Merge branch 'module_run_compare' of ssh://github.com/cachedout/salt into
module_run_compare
• aefc773c2f Merge branch '2017.7' into module_run_compare
• PR #43840: (twangboy) Fix unit.states.test_augeas for Windows @ 2017-09-29T21:53:21Z
• 1f52546eab Merge pull request #43840 from twangboy/win_fix_test_augeas
• fd1d6c31de Fix unit.states.test_augeas for Windows
• PR #43801: (terminalmage) Properly handle UNC paths in salt.utils.path.readlink() @
2017-09-29T09:58:02Z
• ISSUE #43553: (dafyddj) Vagrant setup (Windows guest) broken on upgrade to 2017.7 | refs: #43801
• c6fd2cd452 Merge pull request #43801 from terminalmage/issue43553
• 66e6e89dc7 Properly handle UNC paths in salt.utils.path.readlink()
• PR #43800: (Ch3LL) Add note to nitrogen release notes about pip for cent6 @ 2017-09-28T17:36:49Z
• 7304907db6 Merge pull request #43800 from Ch3LL/update_7.0
• 50779c3b1c Add note to nitrogen release notes about pip for cent6
• PR #43779: (twangboy) Fix unit.modules.test_state for Windows @ 2017-09-28T14:27:03Z
• 6f687fdcff Merge pull request #43779 from twangboy/win_fix_test_state
• a64fe75816 Use os agnostic paths
• PR #43782: (twangboy) Fix unit.modules.test_virt for Windows @ 2017-09-28T14:25:16Z
• db0f569f7a Merge pull request #43782 from twangboy/win_fix_test_virt
• 7192332758 Fix unit.modules.test_virt for Windows
• PR #43723: (nicholasmhughes) Fix ini_manage error and change handling @ 2017-09-28T09:52:09Z
• dd4fc52f1e Merge pull request #43723 from nicholasmhughes/ini_manage-error-handling
• d68c5c4be0 prevent exception when test=True
• cfe37916c3 handling changes per section
• 1c484f6ad5 prevent exception when test=True
• PR #43781: (twangboy) Fix unit.modules.test_status for Windows @ 2017-09-28T09:06:19Z
• 5e29507c21 Merge pull request #43781 from twangboy/win_fix_test_status
• 16ae8253c1 Mock which, use os.linesep for cmd.run return
• PR #43785: (twangboy) Fix unit.modules.test_znc for Windows @ 2017-09-28T08:56:11Z
• 05c78ae649 Merge pull request #43785 from twangboy/win_fix_test_znc
• 7d90721f6b Merge branch '2017.7' into win_fix_test_znc
• 228e74c8e3 Fix unit.modules.test_znc for Windows
• PR #43786: (twangboy) Fix unit.modules.test_zypper for Windows @ 2017-09-28T08:51:59Z
• 10ddb8491c Merge pull request #43786 from twangboy/win_fix_test_zypper
• 1c05e37a66 Merge branch '2017.7' into win_fix_test_zypper
• aafec7ab0e Fix unit.modules.test_zypper for Windows
• PR #43773: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-09-28T08:48:39Z
• ISSUE #40311: (cralston0) --hide-timeout used with --output json --static produces unparseable JSON |
refs: #43772
• PR #43772: (gtmanfred) dont print Minion not responding with quiet
• PR #43747: (rallytime) Add GPG Verification section to Contributing Docs
• 9615ca32d5 Merge pull request #43773 from rallytime/merge-2017.7
• f7035ed7da Merge branch '2017.7' into merge-2017.7
• dfef4a722c Merge branch '2016.11' into '2017.7'
• 1a8cc60bb4 Merge pull request #43772 from gtmanfred/2016.11
• 0194c60960 dont print Minion not responding with quiet
• 9dee896fb9 Merge pull request #43747 from rallytime/gpg-verification
• 7a70de19f4 Merge branch '2016.11' into gpg-verification
• 23bb4a5dde Add GPG Verification section to Contributing Docs
• PR #43784: (twangboy) Fix unit.modules.test_win_service @ 2017-09-28T03:14:39Z
• 9a9cc69d55 Merge pull request #43784 from twangboy/win_fix_test_win_service
• 058e50e530 Fix unit.modules.test_win_service
• PR #43774: (The-Loeki) typo fix aka what is a 'masterarpi' @ 2017-09-27T18:52:19Z
• 1254da1df5 Merge pull request #43774 from The-Loeki/patch-1
• 84bbe85e60 typo fix aka what is a 'masterarpi'
• PR #43732: (twangboy) Skip unit.stats.test_mac_packages on Windows @ 2017-09-27T14:48:08Z
• 3f888753d4 Merge pull request #43732 from twangboy/win_skip_mac_pkg_tests
• 1c01e06097 Only skip test on Windows
• ec99a3ce3c Fix lint error
• 61f8a2f7ff Skip mac specific tests
• PR #43761: (Ch3LL) Release Notes for 2017.7.2 @ 2017-09-27T14:34:52Z
• fb86935d99 Merge pull request #43761 from Ch3LL/release_2017.7.2
• caf5795856 add mac patch notes
• 3d5fce0955 Add 2017.7.2 Release Notes
• PR #43767: (twangboy) Skip unit.modules.test_snapper on Windows @ 2017-09-27T14:10:27Z
• 5ea603cf16 Merge pull request #43767 from twangboy/win_skip_test_snapper
• b41b9c8378 Skip snapper tests on Windows
• PR #43759: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-09-27T13:30:38Z
• ISSUE #43729: (The-Loeki) Docker events engine broken on newer docker.py | refs: #43733
• ISSUE #43650: (rallytime) Review contributing documentation and the merge-forward process | refs:
#43727
• ISSUE #42706: (blarghmatey) Parallel Cache Failure | refs: #43018 #43159
• ISSUE #42082: (stamak) [salt.utils.gitfs ][CRITICAL] Invalid gitfs configuration parameter 'saltenv'
in remote git+ssh://git@ourgitserver/ourgitrepo.git. | refs: #43458
• PR #43733: (terminalmage) Allow docker_events engine to work with newer docker-py
• PR #43727: (rallytime) Revise "Contributing" docs: merge-forwards/release branches explained!
• PR #43458: (terminalmage) Fix missing PER_REMOTE_ONLY in cache.clear_git_lock runner
• PR #43018: (jubrad) Update state.py | refs: #43159 #43727
• 77c2c7cbf7 Merge pull request #43759 from rallytime/merge-2017.7
• 120f49f2c4 Merge branch '2016.11' into '2017.7'
• 1cc3ad1c8d Merge pull request #43733 from terminalmage/issue43729
• 6e5c99bda0 Allow docker_events engine to work with newer docker-py
• 5d38be4ff7 Merge pull request #43458 from terminalmage/issue42082
• 5f90812b12 Fix missing PER_REMOTE_ONLY in cache.clear_git_lock runner
• 023a563657 Merge pull request #43727 from rallytime/fix-43650
• babad12d83 Revise "Contributing" docs: merge-forwards/release branches explained!
• PR #43748: (rallytime) Add message to boto_kinesis modules if boto libs are missing @
2017-09-27T13:19:33Z
• ISSUE #43737: (syedaali) salt.loaded.int.module.boto_kinesis.__virtual__() is wrongly returning None.
It should either return True, False or a new name. If you're the developer of the module
'boto_kinesis', please fix this. | refs: #43748
• 5c203df056 Merge pull request #43748 from rallytime/fix-43737
• 5a2593dbd3 Add message to boto_kinesis modules if boto libs are missing
• PR #43731: (twangboy) Fix unit.beacons.test_status for Windows @ 2017-09-26T16:25:12Z
• 2581098595 Merge pull request #43731 from twangboy/win_unit_beacons_test_status
• dc1b36b7e2 Change expected return for Windows
• PR #43724: (brejoc) Improved delete_deployment test for kubernetes module @ 2017-09-26T16:19:31Z
• 10f3d47498 Merge pull request #43724 from brejoc/2017.7.kubernetes_delete_test
• 85b0a8c401 Improved delete_deployment test for kubernetes module
• PR #43734: (twangboy) Fix unit.modules.test_poudriere for Windows @ 2017-09-26T14:13:47Z
• 13cc27bdab Merge pull request #43734 from twangboy/win_unit_test_poudriere
• 922e60fa67 Add os agnostic paths
• PR #43742: (terminalmage) Fix incorrect value in docstring @ 2017-09-26T13:55:00Z
• 41aeee7ac8 Merge pull request #43742 from terminalmage/fix-docstring
• 553335b1c9 Fix incorrect value in docstring
• PR #41998: (twangboy) Fix unit.modules.test_environ for Windows @ 2017-09-26T12:25:48Z
• d78b9a3294 Merge pull request #41998 from twangboy/win_unit_test_environ
• d73ef44cf6 Mock with uppercase KEY
• 048e16883f Use uppercase KEY
• PR #42036: (twangboy) Fix unit.modules.test_file for Windows @ 2017-09-26T12:23:10Z
• 7fbbea3806 Merge pull request #42036 from twangboy/win_unit_test_file
• 056f3bb4c0 Use with to open temp file
• 352fe69e35 Clarify the purpose of the for loop
• b55172d5dc Split by Windows and Linux style line endings
• e20aa5c39b Fix line, use os.sep instead of os.linesep
• d5f27901e3 Fix additional bytestring issue
• 716e99c453 Fix py3 bytestring problems
• 543610570c Fix bytestring issues, fix errored tests
• 9fe83a34a5 Remove old variable declaration
• c5cf5e92c1 Fix many tests
• PR #43557: (clan) disable modify yaml constructor @ 2017-09-25T14:03:47Z
• a81d4b8d8d Merge pull request #43557 from clan/yaml
• 485471c8a7 Merge branch '2017.7' into yaml
• da15658304 remove modify yaml constructor
• PR #43566: (damon-atkins) 2017.7 update salt.utils.files.safe_filepath func @ 2017-09-25T13:58:29Z
• b5beec16e8 Merge pull request #43566 from damon-atkins/2017.7_update_safe_filename_func
• c7a652784a remove blank line at end of file
• e97651d49b Merge branch '2017.7' into 2017.7_update_safe_filename_func
• 3b4c1bbf7f Merge branch '2017.7' into 2017.7_update_safe_filename_func
• 4c88c80ef9 Merge branch '2017.7' into 2017.7_update_safe_filename_func
• 4171d11838 utils.files.safe_filepath add support to override the os default directory separator
• PR #43712: (wedge-jarrad) Ignore retcode on call to grep in selinux.py module @ 2017-09-25T13:56:17Z
• ISSUE #43711: (wedge-jarrad) fcontext_get_policy emits command error if policy doesn't exist | refs:
#43712 #43712
• 3bb337cf6a Merge pull request #43712 from wedge-jarrad/fix-43711
• 96c1ef48e6 Ignore retcode on call to grep in selinux.py module
• PR #43716: (gaborn57) Corrected custom port handling @ 2017-09-25T13:44:58Z
• ISSUE #43659: (gaborn57) unable to retrieve pillar data in postgres db | refs: #43716
• 5b7411e335 Merge pull request #43716 from gaborn57/2017.7
• 78137c0860 Corrected custom port handling
• PR #43700: (rklaren) Ensure salt-cloud with libvirt provider does not write low level errors to stderr
@ 2017-09-25T01:47:25Z
• PR #43684: (rklaren) salt-cloud libvirt updates | refs: #43700
• 6bbd50c453 Merge pull request #43700 from rklaren/fix-libvirt-stderr-spam
• 88530c4cb6 Lint fixes
• 235bec492e salt-cloud + libvirt: Mention Fedora 26 support
• 9aecf5f847 Remove stderr spam when using salt-cloud with libvirt
• PR #43702: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-09-25T01:26:20Z
• 437ac03801 Merge pull request #43702 from rallytime/merge-2017.7
• 132b1b343b Merge branch '2017.7' into merge-2017.7
• PR #43681: (terminalmage) Backport the non-fileclient changes from PR 43518 to 2017.7 @
2017-09-22T19:27:25Z
• ISSUE #38971: (morganwillcock) archive.extracted: lots of unnecessary file transferring, copying, and
hashing | refs: #43681 #43518
• PR #43518: (terminalmage) Reduce unnecessary file downloading in archive/file states | refs: #43681
• 47cd8723c6 Merge pull request #43681 from terminalmage/issue38971-2017.7
• 91edf865e2 Merge branch '2017.7' into issue38971-2017.7
• 84f34c93be Backport the non-fileclient changes from PR 43518 to 2017.7
• PR #43687: (mkurtak) yumpkg.py: install calls list_repo_pkgs only if wildcard is used in pkg name @
2017-09-22T19:23:18Z
• ISSUE #43396: (mkurtak) yumpkg pkg.installed slowed down due to wildcard namig support | refs: #43687
• 0a1c5185f5 Merge pull request #43687 from mkurtak/fix-43396
• b1e64b11fb yumpkg.py: install calls list_repo_pkgs only if wildcard in pkg name is used
• PR #43467: (DmitryKuzmenko) Bugs/43124 users regex @ 2017-09-22T19:21:09Z
• ISSUE #43124: (UtahDave) publisher_acl with regex on username not working and has no documentation |
refs: #43467
• 3a79549af4 Merge pull request #43467 from DSRCorporation/bugs/43124_users_regex
• 14bf2dd8ff Support regex in publisher_acl.
• 9fe32f8b6e Regex support for user names in external_auth config.
• PR #43670: (DmitryKuzmenko) Fix for list and contains redis cache logic. @ 2017-09-22T17:56:58Z
• ISSUE #43381: (V3XATI0N) Sharing minion data cache causes false errors in returns | refs: #43670
• PR #43648: (rallytime) Handle VPC/Subnet ID not found errors in boto_vpc module
• 0e86266b93 Merge pull request #43670 from DSRCorporation/bugs/43381_redis_cache_fix
• 1c979d5809 Update redis cache contains logic to use more efficient sismember.
• 039d236948 Fixed list and contains redis cache logic.
• 6e5cf65d65 Merge branch '2016.11' into '2017.7'
• f46c858f25 Merge pull request #43648 from rallytime/handle-boto-vpc-errors
• 54842b5012 Handle VPC/Subnet ID not found errors in boto_vpc module
• PR #43697: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-09-22T17:31:09Z
• ISSUE #42165: (arount) top_file_merging_strategy: merge does not works | refs: #43415
• ISSUE #2: (thatch45) salt job queries
• PR #43677: (terminalmage) Fix RST headers for runners (2016.11 branch)
• PR #43673: (rallytime) Back-port #43652 to 2016.11
• PR #43672: (rallytime) Back-port #43415 to 2016.11
• PR #43663: (moio) multiprocessing minion option: documentation fixes (develop) | refs: #43661
• PR #43661: (moio) multiprocessing minion option: documentation fixes (2016.11)
• PR #43652: (VertigoRay) Salt Repo has Deb 9 and 8 | refs: #43673
• PR #43646: (brejoc) Added tests for pid-file deletion in DaemonMixIn
• PR #43591: (rallytime) [2016.11] Merge forward from 2016.11.8 to 2016.11
• PR #43575: (akissa) Fix CSR not recreated if key changes
• PR #43572: (vutny) cloud.action: list_nodes_min returns all EC2 instances
• PR #43550: (twangboy) Fix preinstall script on OSX for 2016.11.8
• PR #43534: (twangboy) Fixes removal of double-quotes by shlex_split in winrepo for 2016.11
• PR #43508: (rallytime) Back-port #43333 to 2016.11.8
• PR #43434: (rallytime) Add 2016.11.8 release notes
• PR #43415: (mattLLVW) Fix env_order in state.py | refs: #43672
• PR #43333: (damon-atkins) Docs are wrong cache_dir (bool) and cache_file (str) cannot be passed as
params + 1 bug | refs: #43508
• aa47da35dd Merge pull request #43697 from rallytime/merge-2017.7
• cbae45bec4 Lint: Remove extra line at end of file
• fca4e5563a Merge branch '2016.11' into '2017.7'
• 9dba34aa06 Merge pull request #43575 from akissa/fix-csr-not-recreated-if-key-changes
• b1b4dafd39 Fix CSR not recreated if key changes
• 1d4fa48209 Merge pull request #43672 from rallytime/bp-43415
• 3fb42bc238 Fix env_order in state.py
• ff832ee607 Merge pull request #43673 from rallytime/bp-43652
• d91c47c6f0 Salt Repo has Deb 9 and 8
• 365cb9fba8 Merge pull request #43677 from terminalmage/runners-docs-2016.11
• 2fd88e94fa Fix RST headers for runners (2016.11 branch)
• be38239e5d Merge pull request #43534 from twangboy/win_fix_pkg.install_2016.11
• 1546c1ca04 Add posix=False to call to salt.utils.shlex_split
• 0d3fd3d374 Merge pull request #43661 from moio/2016.11-multiprocessing-doc-fix
• 625eabb83f multiprocessing minion option: documentation fixes
• 6b4516c025 Merge pull request #43646 from brejoc/2016.11.4-pidfile-tests
• 96f39a420b Fixed linting
• 08fba98735 Fixed several issues with the test
• 3a089e450f Added tests for pid-file deletion in DaemonMixIn
• cfb1625741 Merge pull request #43591 from rallytime/merge-2016.11
• 57b9d642c2 Merge branch '2016.11.8' into '2016.11'
• e83421694f Merge pull request #43550 from twangboy/osx_fix_preinstall_2016.11.8
• 1b0a4d39d2 Fix logic in /etc/paths.d/salt detection
• a648f75949 Merge pull request #43508 from rallytime/bp-43333
• d4981a2717 Update doco
• a7c8b9e048 Update win_pkg.py
• 1d6dc6fb72 Docs are wrong cache_dir (bool) and cache_file (str) cannot be passed on the cli (‐
#2)
• e7009877bc Merge pull request #43434 from rallytime/2016.11.8-release-notes
• 68f529ee5e Add 2016.11.8 release notes
• 8671b91f62 Merge pull request #43572 from vutny/fix-salt-cloud-list-min-instance-set
• 21966e7ce8 cloud.action: list_nodes_min returns all instances
• PR #43314: (twangboy) Fix unit.utils.test_verify for Windows @ 2017-09-21T22:26:13Z
• e6dc4d64df Merge pull request #43314 from twangboy/win_fix_unit.utils.test_verify
• 9ada7f626c Merge branch '2017.7' into win_fix_unit.utils.test_verify
• c0dc3f73ef Use sys.platform instead of salt.utils to detect Windows
• e496d28cbf Fix unit.utils.test_verify for Windows
• PR #43680: (vernondcole) correct default value for salt.cache.Cache @ 2017-09-21T20:09:36Z
• ISSUE #43599: (vernondcole) Incorrect default for salt.cache.Cache() if opts does not define "cache"
| refs: #43680
• ec34df2c27 Merge pull request #43680 from vernondcole/fix-salt.cache.Cache-default
• 292f8c79b8 correct default value for salt.cache.Cache
• PR #43530: (twangboy) Fixes removal of double-quotes by shlex_split in winrepo @ 2017-09-21T18:04:48Z
• 99d9d784b1 Merge pull request #43530 from twangboy/win_fix_pkg.install
• 7f59119f95 Merge branch '2017.7' into win_fix_pkg.install
• f146399f7a Use posix=False for shlex.split
• PR #43671: (rallytime) [2017.7] Merge forward from 2017.7.2 to 2017.7 @ 2017-09-21T16:39:49Z
• 12b5e62d81 Merge pull request #43671 from rallytime/merge-2017.7
• a401166bd5 Merge branch '2017.7.2' into '2017.7'
• PR #43676: (terminalmage) Fix RST headers for runners (2017.7 branch) @ 2017-09-21T16:36:21Z
• e3a2fbc2a3 Merge pull request #43676 from terminalmage/runners-docs-2017.7
• 9b74634b23 Fix badly-formatted RST in mattermost runner docstring
• c0a79c70a4 Fix RST headers for runners (2017.7 branch)
• PR #43235: (brejoc) Improve delete_deployment handling @ 2017-09-20T21:33:33Z
• d02953ce6a Merge pull request #43235 from
brejoc/improve-async-operation-handling-in-kubernetes-module
• 4e8da3045f Fixed logic for windows fallback
• 3b1cb884b9 Merge branch '2017.7' into improve-async-operation-handling-in-kubernetes-module
• d1b5ec098c Merge branch '2017.7' into improve-async-operation-handling-in-kubernetes-module
• 35cf69bc50 Moved exception Salt core
• 7431ec64e3 Removed unused sys import
• 0c71da95f6 Using salt method to identify MS Windows, single instead of double quotes
• 20619b24c4 Fixed test for delete_deployment
• 91076bbafa Merge branch '2017.7' into improve-async-operation-handling-in-kubernetes-module
• 7b600e2832 Added pylint-disable statements and import for salt.ext.six.moves.range
• 99fe138325 Code styling and added log message for timeout
• dcd8d4f639 Merge branch '2017.7' into improve-async-operation-handling-in-kubernetes-module
• 702a058c38 Fixed linting
• 3fe623778e Added Windows fallback
• 52b1cb8147 Compatibility with Python3.6
• 767af9bb4f Added timeout for checking the deployment
• 32d7d34fe5 First simple draft for the deletion verification
• PR #43554: (twangboy) Win fix chocolatey @ 2017-09-20T16:06:18Z
• 73cb0c27b5 Merge pull request #43554 from twangboy/win_fix_chocolatey
• e04acb6216 Merge branch '2017.7' into win_fix_chocolatey
• 56be5c35eb Improve logic for handling chocolatey states
• bcbf7b4e68 Add logic for test=True
• PR #43625: (gtmanfred) results and columns are lists for mysql returns @ 2017-09-20T15:42:59Z
• ISSUE #43598: (davidvon) Passed invalid arguments to mysql.file_query: unsupported operand type(s)
for +=: 'int' and 'tuple' | refs: #43625
• ed7eeaaafb Merge pull request #43625 from gtmanfred/2017.7
• f84b50a06b results and columns are lists for mysql returns
• PR #43587: (rallytime) Add reason to linux_acl state loading failure @ 2017-09-19T16:26:51Z
• ISSUE #43560: (smitelli) salt.states.linux_acl requires setfacl/getacl binaries but this is not
obvious | refs: #43580 #43587
• PR #43580: (garethgreenaway) Updating ACL module and state module documentation | refs: #43587
• 1bda4832ef Merge pull request #43587 from rallytime/fix-virtual
• e5297e3869 Add reason to linux_acl state loading failure
• PR #43584: (cachedout) Enhance engines docs @ 2017-09-18T20:40:57Z
• 2e19533e3c Merge pull request #43584 from cachedout/engines_doc_clarification
• 634536b0ff Merge branch '2017.7' into engines_doc_clarification
• 1a619708c1 Enhance engines docs
• PR #43519: (terminalmage) Fix incorrect handling of pkg virtual and os_family grain @
2017-09-18T20:35:01Z
• 50b134ef4c Merge pull request #43519 from terminalmage/fix-aptpkg
• 0e3c447567 Fix incorrect handling of pkg virtual and os_family grain
• PR #43520: (clan) _search_name is '' if acl type is other @ 2017-09-18T20:33:51Z
• dd953f36ae Merge pull request #43520 from clan/acl
• 54216177c1 _search_name is '' if acl type is other
• PR #43561: (wedge-jarrad) Clean up doc formatting in selinux state & module @ 2017-09-18T20:28:47Z
• ad9663a7fc Merge pull request #43561 from wedge-jarrad/selinux-doc-cleanup
• 1bd263cd51 Clean up doc formatting in selinux state & module
• PR #43580: (garethgreenaway) Updating ACL module and state module documentation | refs: #43587 @
2017-09-18T20:11:26Z
• ISSUE #43560: (smitelli) salt.states.linux_acl requires setfacl/getacl binaries but this is not
obvious | refs: #43580 #43587
• cc3d9c1a01 Merge pull request #43580 from garethgreenaway/43560_update_linux_acl_documentation
• e63fae4c91 Merge branch '2017.7' into 43560_update_linux_acl_documentation
• PR #43523: (skizunov) Add back lost logic for multifunc_ordered @ 2017-09-18T17:46:16Z
• PR #38168: (skizunov) Add support for a multi-func job using same func more than once | refs: #43523
• bf7b23316f Merge pull request #43523 from skizunov/develop2
• fb579321a9 Add back lost logic for multifunc_ordered
• 117a0ddbbc Updating the documentation to call out the requirement for the getfacl and setfacl
binaries
• 49f25b9f19 Lint
• 31d17c0124 Fix typo found by @s0undt3ch
• 5dba74d2cb Fix to module.run [WIP]
• PR #43526: (DmitryKuzmenko) Forward events to all masters syndic connected to @ 2017-09-18T16:54:46Z
• ISSUE #43447: (UtahDave) When using Syndic with Multi Master the top level master doesn't reliably
get returns from lower minion. | refs: #43526
• e29efecf4f Merge pull request #43526 from DSRCorporation/bugs/43447_syndic_events_forwarding
• 64d6109654 Merge branch '2017.7' into bugs/43447_syndic_events_forwarding
• 3b2a529385 Merge branch '2017.7' into bugs/43447_syndic_events_forwarding
• 0e4a744d95 Forward events to all masters syndic connected to.
• PR #43330: (terminalmage) Fix reactor regression + unify reactor config schema @ 2017-09-18T16:46:11Z
• ISSUE #43077: (Manoj2087) Issue with deleting key via wheel | refs: #43330
• 56b671e087 Merge pull request #43330 from terminalmage/issue43077
• a7b4e1f782 Simplify client logic
• b85c8510c7 Improve the reactor documentation
• 20f6f3cc39 Include a better example for reactor in master conf file
• 4243a2211d Rewrite the reactor unit tests
• 9db3f5ae6d Unify reactor configuration, fix caller reactors
• 34b6c3b65f Un-deprecate passing kwargs outside of 'kwarg' param
• PR #43505: (rallytime) Back-port #43483 to 2017.7 @ 2017-09-15T21:22:12Z
• ISSUE #33793: (mstarostik) states.ssh_auth adds bogus newline before newly added keys | refs: #43483
• PR #43483: (3add3287) Handle bogus newline before newly added keys | refs: #43505
• 078d5d17de Merge pull request #43505 from rallytime/bp-43483
• c68dd5b8a4 Lint: fix spacing
• 406f61ac9a Fix indentation from tabs to spaces
• 923ec62771 Copy paste typo
• 6f6619242f Fix checking for newline on end of file by properly checking the last byte of the file if
the file is non empty.
• PR #43491: (rallytime) Back-port #43465 to 2017.7 @ 2017-09-15T18:24:47Z
• ISSUE #43464: (psagers) acme.cert state: IOError on failure to create a new certificate | refs:
#43465
• PR #43465: (psagers) acme.cert: avoid IOError on failure. | refs: #43491
• a6df3f2acc Merge pull request #43491 from rallytime/bp-43465
• 3118faca0a acme.cert: avoid IOError on failure.
• PR #43492: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-09-15T18:23:49Z
• ISSUE #43386: (rajvidhimar) Scheduler's job_kwargs not working as expected. | refs: #43442 #43443
• ISSUE #43267: (brejoc) OSError - Can't delete PIDfile when not root | refs: #43366
• ISSUE #43223: (rallytime) Properly deprecate describe_route_table function in boto_vpc module | refs:
#43445
• PR #43461: (twangboy) Add /norestart switch to vcredist install
• PR #43456: (rallytime) Add Neon to version list
• PR #43445: (rallytime) Bump deprecation warning for boto_vpc.describe_route_table | refs: #43456
#43456
• PR #43442: (garethgreenaway) [2016.11] Fixes to scheduler __pub values in kwargs
• PR #43441: (meaksh) Use $HOME to get the user home directory instead using '~' char
• PR #43432: (rallytime) Back-port #43419 to 2016.11
• PR #43419: (gtmanfred) make cache dirs when spm starts | refs: #43432
• PR #43366: (brejoc) Catching error when PIDfile cannot be deleted
• 3620c15c9a Merge pull request #43492 from rallytime/merge-2017.7
• 4251ce5a27 Merge branch '2016.11' into '2017.7'
• f2b86fa2db Merge pull request #43461 from twangboy/win_norestart
• 2d269d1a76 Change all comment markers to '#'
• d80aea16cb Handle ErrorCodes returned by VCRedist installer
• fb31e9a530 Add /norestart switch to vcredist install
• 90e8ca9c36 Merge pull request #43366 from brejoc/2016.11.pidfile-fix
• 6e3eb76c79 Removed unused format argument
• daf4948b3d Catching error when PIDfile cannot be deleted
• a6c458607a Merge pull request #43442 from garethgreenaway/43386_2016_11_schedule_kwargs_pub
• e637ecbe86 Merge branch '2016.11' into 43386_2016_11_schedule_kwargs_pub
• 6114df8dc3 Adding a small check to ensure we do not continue to populate kwargs with __pub_ items
from the kwargs item.
• 3c429299f9 Merge pull request #43456 from rallytime/43445_follow_up
• 35c1d8898d Add Neon to version list
• 6db7a721c0 Merge pull request #43441 from meaksh/2016.11-salt-bash-completion-fix
• be4f26ab21 Use $HOME to get the user home directory instead using '~' char
• 05fff44a50 Merge pull request #43445 from rallytime/bump-deprecation-warning
• c91cd1c6d9 Bump deprecation warning for boto_vpc.describe_route_table
• c57dc5f0e3 Merge pull request #43432 from rallytime/bp-43419
• c471a29527 make cache dirs when spm starts
• PR #43513: (haam3r) Issue #43479 No runners.config in 2017.7 branch @ 2017-09-15T14:58:27Z
• ISSUE #43479: (haam3r) Mattermost runner failing to retrieve config values due to unavailable config
runner | refs: #43513
• 8a90c7059b Merge pull request #43513 from haam3r/2017.7
• 58f7d051c9 Issue #43479 No runners.config in 2017.7 branch
• PR #43431: (mattLLVW) Fix /etc/hosts not being modified when hostname is changed @ 2017-09-13T18:35:55Z
• ISSUE #42926: (nixjdm) network.system not setting hostname in hosts file, preventing sudo. | refs:
#43431
• c3d9e2d9b2 Merge pull request #43431 from mattLLVW/fix-hosts-deb
• c6320b1dff Merge branch '2017.7' into fix-hosts-deb
• a3b2e19149 Fix /etc/hosts not being modified when hostname is changed
• PR #43403: (twangboy) Proper timestamp conversion in redis.lastsave @ 2017-09-12T21:18:06Z
• a09f289fbb Merge pull request #43403 from twangboy/win_fix_redismod
• f6da23e1aa Properly handle timestamp conversion
• PR #43463: (twangboy) Add /norestart switch to vcredist installer @ 2017-09-12T20:29:27Z
• 0eaa5acb72 Merge pull request #43463 from twangboy/win_norestart_2017.7
• 6984b8fd60 Add /norestart to vcredist installer
• PR #43443: (garethgreenaway) [2017.7] Fixes to scheduler __pub values in kwargs @ 2017-09-12T18:14:46Z
• ISSUE #43386: (rajvidhimar) Scheduler's job_kwargs not working as expected. | refs: #43442 #43443
• 2fc237a806 Merge pull request #43443 from garethgreenaway/43386_2017_7_schedule_kwargs_pub
• a29a9855a6 Fixing typo.
• 2681b7d3fa Merge branch '2017.7' into 43386_2017_7_schedule_kwargs_pub
• PR #41547: (mirceaulinic) Override proxy minion opts with pillar data @ 2017-09-11T21:47:51Z
• ISSUE #39775: (mirceaulinic) Proxy mine_interval config ignored | refs: #41547 #41547
• 5378ac7756 Merge pull request #41547 from cloudflare/px_merge_pillar_opts
• aad39ba665 Document the new opts
• cdc0d9674a Allow disabling the mines details merge
• 732b63b0b9 Merge mine details whenever possible
• 96b31d5643 Override proxy opts with pillar data when required
• fd499887f9 Define new proxy merge pillar in opts... opts
• abab6fd91c Override minion opts with pillar data
• PR #41943: (twangboy) Fix unit.returners.test_local_cache for Windows @ 2017-09-11T21:34:03Z
• 08d102c869 Merge pull request #41943 from twangboy/win_unit_test_local_cache
• 3777b34572 Merge branch '2017.7' into win_unit_test_local_cache
• 35b79ecde6 Remove cur variable, use time.time() in comparison
• 9b61533b09 Get more accurate currnet time in local_cache
• 844e3f65bc Fix unit tests for Windows
• PR #43424: (twangboy) Fix unit.modules.test_hosts for Windows @ 2017-09-11T21:28:41Z
• 50ab79f0cb Merge pull request #43424 from twangboy/win_unit_test_hosts
• 90dcf8287c Fix unit.modules.test_hosts for Windows
• PR #42652: (skizunov) Fix loader.py's raw_mod() to look in all module dirs @ 2017-09-11T19:43:48Z
• 0f0ed5a093 Merge pull request #42652 from skizunov/develop3
• d82e406f15 Fix loader.py's raw_mod() to look in all module dirs
• PR #43438: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-09-11T18:33:39Z
• ISSUE #43387: (aogier) genesis.bootstrap debootstrap fails if no qemu specified | refs: #43390
• ISSUE #43338: (LEMNX) virtualenv never-download | refs: #43356
• ISSUE #43086: (aogier) pylint: Instance of 'tuple' has no 'extend' member (no-member) | refs: #43105
• ISSUE #2: (thatch45) salt job queries
• PR #43390: (aogier) better qemu_static parameter mangle in deboostrap management, tests
• PR #43356: (gtmanfred) never-download got readded
• PR #43333: (damon-atkins) Docs are wrong cache_dir (bool) and cache_file (str) cannot be passed as
params + 1 bug | refs: #43508
• PR #43325: (doesitblend) mine_interval option is minutes not seconds
• PR #43105: (aogier) groupadd module: string does not have attribute 'extend', plus homogeneous cmd
parm building
• ca091bc8a4 Merge pull request #43438 from rallytime/merge-2017.7
• ef7b4242c3 Merge branch '2016.11' into '2017.7'
• 57cccd75d0 Merge pull request #43390 from aogier/43387-genesis-qemu
• 496f14a7e7 forgot to mock the proper one
• 51c7a1ba00 only check if static_qemu is_executable()
• 70642e495d better qemu_static parameter mangle in deboostrap management, tests
• 6106aec696 Merge pull request #43356 from gtmanfred/2016.11
• 3f19b247f3 Add handler.messages back in for test comparison
• 9911b04208 fix test
• 3c6ae99a77 never-download got readded
• e638fac54e Merge pull request #43325 from doesitblend/salt-mine-doc-fix
• 1e94d0ac3a Lint: Remove trailing whitespace
• 51af8f8757 Fix mine_interval phrasing in default file
• ba0cdd4536 Fix phrasing for mine_interval description
• 9ff03c2d43 Update Salt Mine documentation to show that the mine_interval option is configured in
minutes.
• fc587f784a Merge pull request #43105 from aogier/43086-no-member
• 5111cf8bad Merge branch '2016.11' into 43086-no-member
• d97a680372 Merge pull request #43333 from damon-atkins/2016.11
• 92de2bb498 Update doco
• fc9c61d12e Update win_pkg.py
• c91fc14704 Merge branch '2016.11' into 2016.11
• cb3af2bbbd Docs are wrong cache_dir (bool) and cache_file (str) cannot be passed on the cli (#2)
• 42a118ff56 fixed cmd composition and unified his making across module
• 3fd59ed369 Adding a small check to ensure we do not continue to populate kwargs with
__pub_ items from the kwargs item.
• PR #43320: (twangboy) Fix unit.modules.test_alternatives for Windows @ 2017-09-11T17:28:00Z
• a9592dd3e2 Merge pull request #43320 from twangboy/win_fix_alternatives
• a909813fa5 Remove unused import (lint)
• 3ef8d714cb Fix unit tests to mock salt.utils.path.readlink
• c0d81aa1ce Use salt.utils.path.readlink
• 7c4460164b Fix alternatives for Windows
• PR #43363: (twangboy) Fix unit.modules.test_ini_manage for Windows @ 2017-09-11T17:10:31Z
• 9b89e49846 Merge pull request #43363 from twangboy/scratch_ini_tests
• a94319a082 Make sure formatting of TEST_FILE_CONTENT matches original
• 6263bc8983 Remove print statement
• 79cd3831ae Fix empty value preserved test
• 85997391f1 Is this handled the same on Linux and Windows
• PR #43421: (gtmanfred) Revert "Reduce fileclient.get_file latency by merging _file_find and … @
2017-09-11T17:07:18Z
• 673ce387c1 Merge pull request #43421 from gtmanfred/compat
• f85bf8c18f Revert "Reduce fileclient.get_file latency by merging _file_find and _file_hash"
• PR #43415: (mattLLVW) Fix env_order in state.py | refs: #43672 @ 2017-09-11T15:18:08Z
• ISSUE #42165: (arount) top_file_merging_strategy: merge does not works | refs: #43415
• 47d982fd37 Merge pull request #43415 from mattLLVW/fix-env-order
• f6313a1b2c Merge branch '2017.7' into fix-env-order
• e93a962980 Fix env_order in state.py
• PR #43422: (twangboy) Fix unit.cloud.clouds.test_ec2 for Windows @ 2017-09-11T15:17:20Z
• e89e23a32e Merge pull request #43422 from twangboy/win_unit_cloud_ec2
• 1379627334 Fix unit.cloud.clouds.test_ec2 for Windows
• PR #43423: (twangboy) Fix unit.modules.test_gem for Windows @ 2017-09-11T15:15:28Z
• 54f833ac59 Merge pull request #43423 from twangboy/win_unit_test_gem
• b2cea18d13 Fix unit.modules.test_gem for Windows
• PR #43419: (gtmanfred) make cache dirs when spm starts | refs: #43432 @ 2017-09-11T13:42:50Z
• b3116109e5 Merge pull request #43419 from gtmanfred/2017.7
• 58378866e5 make cache dirs when spm starts
• PR #43371: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-09-08T15:39:12Z
• ISSUE #43348: (9maf4you) network.managed doesn't work on CentOS 7 | refs: #43359
• ISSUE #43295: (V3XATI0N) salt.cache.redis_cache does not actually work. | refs: #43329
• ISSUE #35840: (junovitch) preserve_minion_cache is broken in 2016.3+ | refs: #42903 #42903
• PR #43361: (rallytime) Back-port #43329 to 2016.11
• PR #43360: (terminalmage) Fix failing tests in Fedora
• PR #43359: (gtmanfred) ipaddr_start ipaddr_end for el7
• PR #43329: (johnj) Fix #43295, better handling of consul initialization | refs: #43361
• PR #43247: (rallytime) Back-port various mention bot settings to 2016.11
• PR #43244: (rallytime) Update release branch section with a few more details
• PR #43206: (rallytime) Always notify tkwilliams when changes occur on boto files | refs: #43247
• PR #43183: (basepi) Add basepi to userBlacklist for mention bot | refs: #43247
• PR #42923: (rallytime) Always notify ryan-lane when changes occur on boto files | refs: #43247
• PR #42903: (junovitch) Fix 'preserve_minion_cache: True' functionality (fixes #35840)
• 9b27473763 Merge pull request #43371 from rallytime/merge-2017.7
• 7b07b58396 Merge branch '2016.11' into '2017.7'
• 0c986f5eba Merge pull request #43361 from rallytime/bp-43329
• b09e5b4379 Fix #43295, better handling of consul initialization issues
• 22287439e6 Merge pull request #42903 from junovitch/issue-35840-fix-preserve-minion-cache-2016.11
• c9d4fdbd45 Merge branch '2016.11' into issue-35840-fix-preserve-minion-cache-2016.11
• 93a68e32a5 Merge branch '2016.11' into issue-35840-fix-preserve-minion-cache-2016.11
• 079f097985 Fix 'preserve_minion_cache: True' functionality (fixes #35840)
• 4860e10757 Merge pull request #43360 from terminalmage/sj-496
• 433bca14b1 Fix KeyError in yumpkg configparser code on Python 3
• f6c16935d8 Move --showduplicates before repository-packages
• 4ba2dbe41e Merge pull request #43244 from rallytime/release-branch-clarifications
• 0d5a46dbaa Update release branch section with a few more details
• 1a012eb3d7 Merge pull request #43359 from gtmanfred/ipaddr
• 23d9abb560 ipaddr_start ipaddr_end for el7
• 8f88111be8 Merge pull request #43247 from rallytime/mentionbot-backports
• 2b85757d73 Always notify tkwilliams when changes occur on boto files
• 40b5a29f90 Add basepi to userBlacklist for mention bot
• bad8f56969 Always notify ryan-lane when changes occur on boto files
• PR #43398: (twangboy) Fix unit.modules.test_mount for Windows @ 2017-09-08T13:39:29Z
• 97f05ff603 Merge pull request #43398 from twangboy/win_fix_test_mount
• 4a8d7e522c Fix tests, Use full path to salt.utils.which
• PR #43399: (twangboy) Fix unit.modules.test_pam for Windows @ 2017-09-08T13:37:50Z
• 6a4cc5c1b0 Merge pull request #43399 from twangboy/win_fix_test_pam
• 6257aa964a Fix unit.modules.test_pam for Windows
• PR #43400: (twangboy) Fix unit.modules.test_parted for Windows @ 2017-09-08T13:37:00Z
• 2b5cfae3f8 Merge pull request #43400 from twangboy/win_unit_test_parted
• 8e3e897ee2 Fix unit.modules.test_parted for Windows
• PR #43401: (twangboy) Fix unit.modules.test_pw_group for Windows @ 2017-09-08T13:35:45Z
• 332deeb013 Merge pull request #43401 from twangboy/win_unit_test_pw_group
• 78e39a1b9d Fix unit.modules.test_pw_group for Windows
• PR #43402: (twangboy) Fix unit.modules.test_qemu_nbd for Windows @ 2017-09-08T13:34:58Z
• c0f54bfef1 Merge pull request #43402 from twangboy/win_unit_test_qemu_nbd
• 531ce8022b Fix unit.modules.test_qemu_nbd for Windows
• PR #43404: (twangboy) Fix unit.modules.test_seed for Windows @ 2017-09-08T13:32:41Z
• be88fbb45f Merge pull request #43404 from twangboy/win_unit_test_seed
• 6ceb895a84 Use os.path.join for paths
• PR #43301: (twangboy) Fix unit.test_spm for Windows @ 2017-09-08T13:24:35Z
• 612c6a8756 Merge pull request #43301 from twangboy/win_fix_unit_test_spm
• 8608a6b303 Merge branch '2017.7' into win_fix_unit_test_spm
• b8da04c04d Add Mike's changes
• f36efbd6a7 Fix unit.test_spm for Windows
• PR #43372: (skizunov) Fix system.set_system_time when no hw clock is present @ 2017-09-07T17:45:33Z
• f959113694 Merge pull request #43372 from skizunov/develop5
• 281e471853 Fix system.set_system_time when no hw clock is present
• PR #43193: (jettero) Prevent spurious "Template does not exist" error @ 2017-09-06T20:16:58Z
• PR #39516: (jettero) Prevent spurious "Template does not exist" error | refs: #43193
• 6d13535ed0 Merge pull request #43193 from jettero/template-dne-again
• cde8aed2cf Merge branch '2017.7' into template-dne-again
• PR #43159: (jubrad) Bp 43018 @ 2017-09-05T22:29:16Z
• ISSUE #42706: (blarghmatey) Parallel Cache Failure | refs: #43018 #43159
• PR #43172: (rallytime) Move new utils/__init__.py funcs to utils.files.py
• PR #43056: (damon-atkins) safe_filename_leaf(file_basename) and safe_filepath(file_path_name) | refs:
#43159 #43172
• PR #43018: (jubrad) Update state.py | refs: #43159 #43727
• 015cbc57d9 Merge pull request #43159 from jubrad/bp-43018
• 25419a56db Merge branch '2017.7' into bp-43018
• 971b4c0890 Merge branch '2017.7' into bp-43018
• 4f8e6c65e5 access safe_filename_leaf through utils.files, changed in #43172
• 42064883ea state.py remove unused urllib import
• 4957268b37 update state.py to use safe_filename_leaf
• b8ead879ed Fixing lint issues
• 446457d017 Swapping from for import
• fb80e17400 state.py: fix import and utf8 encode before quote
• 1dcf167bb7 Update state.py
• PR #43232: (terminalmage) Improve inheritance in salt.utils.gitfs @ 2017-09-05T20:37:06Z
• 6e1b541b46 Merge pull request #43232 from terminalmage/gitfs-inheritance
• 53bd3a3e23 Improve inheritance in salt.utils.gitfs
• PR #43238: (s0undt3ch) Include the line number by default on the log file format @ 2017-09-05T20:31:54Z
• 086b220091 Merge pull request #43238 from s0undt3ch/2017.7
• 630a1db3ab Include the line number by default on the log file format
• PR #43294: (twangboy) Win build scripts @ 2017-09-05T20:12:54Z
• 09dc58cde5 Merge pull request #43294 from twangboy/win_build_scripts
• 9979ccb613 Remove Py2 and Py3 in the same run
• a5d9f85db6 Modifications to build scripts
• PR #43322: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-09-05T18:21:26Z
• PR #43312: (lordcirth) cron docs: Remind user to use quotes for special strings
• PR #43290: (lordcirth) Clarify file.py docs
• PR #43277: (rallytime) Add CODEOWNERS file
• PR #43274: (terminalmage) Use six.integer_types instead of int
• PR #43271: (twangboy) Fix minor formatting issue
• 21ab306ef4 Merge pull request #43322 from rallytime/merge-2017.7
• b1062f8c15 Merge branch '2016.11' into '2017.7'
• 02867fdcd2 Merge pull request #43277 from rallytime/owners-file
• 2b4da0f0e7 Add CODEOWNERS file
• 1c1c484479 Merge pull request #43312 from lordcirth/fix-cron-docs
• ec94a13750 cron docs: Remind user to use quotes for special strings
• 0d1ed4b750 Merge pull request #43290 from lordcirth/fix-file-path-docs
• 14a4591854 file.py docs: correct group and mode
• d4214ca283 file.py docs: specify absolute paths
• 26ff89539e Merge pull request #43274 from terminalmage/fix-int-types
• d533877743 Use six.integer_types instead of int
• cf21f91fb2 Merge pull request #43271 from twangboy/win_fix_pkg.install
• 91b062f564 Fix formatting issue, spaces surrounding +
• PR #43324: (twangboy) Fix unit.modules.test_chef for Windows @ 2017-09-05T16:40:11Z
• 62429c547d Merge pull request #43324 from twangboy/fix_unit.modules.test_chef
• 5bd5ea042a Fix unit.modules.test_chef for Windows
• PR #43268: (rallytime) Back-port #43237 to 2017.7 @ 2017-09-01T18:17:13Z
• PR #43237: (timka) .utils.aws.get_location() expects a dict | refs: #43268
• 367668a0a3 Merge pull request #43268 from rallytime/bp-43237
• 047ad07da4 .utils.aws.get_location() expects a dict
• PR #43270: (rallytime) [2017.7] Merge forward from 2016.11 to 2017.7 @ 2017-09-01T18:09:46Z
• ISSUE #42279: (dafyddj) win_lgpo matches multiple policies due to startswith() | refs: #43116 #43116
#43154
• PR #43228: (twangboy) Win fix pkg.install
• PR #43191: (viktorkrivak) Fix apache.config with multiple statement
• PR #43154: (lomeroe) Backport #43116 to 2016.11
• PR #43116: (lomeroe) Fix 42279 in develop | refs: #43154
• 02504dd363 Merge pull request #43270 from rallytime/merge-2017.7
• f8b025f6dc Merge branch '2016.11' into '2017.7'
• 3a0b02f3ae Merge pull request #43228 from twangboy/win_fix_pkg.install
• 13dfabb1ce Fix regex statement, add .
• 31ff69f0ad Add underscore to regex search
• 3cf2b6575c Fix spelling
• ed030a35a5 Use regex to detect salt-minion install
• e5daff495a Fix pkg.install
• b4c689dff5 Merge pull request #43191 from viktorkrivak/fix-apache-config-multi-entity
• c15bcbe1cc Merge remote-tracking branch 'upstream/2016.11' into fix-apache-config-multi-entity
• 4164047951 Fix apache.config with multiple statement At this moment when you post more than one
statement in config only last is used. Also file is rewrited multiple times until last statement is
written. Example: salt '*' apache.config /etc/httpd/conf.d/ports.conf config="[{'Listen': '8080'},
{'Proxy': "Something"}]" Ends only with Proxy Something and ignore Listen 8080, This patch fix
this issue.
• b90e59ede9 Merge pull request #43154 from lomeroe/bp-43116-2016.11
• 8f593b0b02 verify that files exist before trying to remove them, win_file.remove raises an exception
if the file does not exist
• 33a30bac06 correcting bad format statement in search for policy to be disabled
• acc3d7ac82 correct fopen calls from salt.utils for 2016.11's utils function
• 2da1cdd109 lint fix
• 61bd12c0de track xml namespace to ensure policies w/duplicate IDs or Names do not conflict
• f232bed9f9 add additional checks for ADM policies that have the same ADMX policy ID (#42279)
• PR #43283: (DmitryKuzmenko) Fix ldap token groups auth. @ 2017-09-01T17:49:46Z
• ISSUE #42459: (iavael) Broken ldap groups retrieval in salt.auth.ldap after upgrade to 2017.7 | refs:
#43283
• ece0e393ef Merge pull request #43283 from DSRCorporation/bugs/42459_broken_ldap_groups
• 3ad6911210 Fix for tests: don't require 'groups' in the eauth token.
• 1f104cf85b Fix ldap token groups auth.
• PR #43149: (BenoitKnecht) Fix iptables.get_rules when rules contain --nfmask or --ctmask @
2017-09-01T15:57:05Z
• 4f023c4cb6 Merge pull request #43149 from BenoitKnecht/2017.7.1
• 3c1ddc9bde modules: iptables: correctly parse --nfmask/--ctmask
• PR #43265: (gtmanfred) make sure meta-data grains work on ec2 @ 2017-09-01T15:31:12Z
• ISSUE #43258: (nomeelnoj) metadata_server_grains problems | refs: #43265
• cf2b75bb86 Merge pull request #43265 from gtmanfred/2017.7
• 04dd8ebedb make sure meta-data grains work on ec2
• PR #43299: (twangboy) Fix unit.netapi.rest_cherrypy.test_tools for Windows @ 2017-09-01T15:13:43Z
• 618b221895 Merge pull request #43299 from twangboy/win_fix_netapi_cherrypy
• fd74acb603 Merge branch '2017.7' into win_fix_netapi_cherrypy
• PR #43300: (twangboy) Fix unit.netapi.rest_tornado.test_handlers for Windows @ 2017-09-01T13:10:11Z
• aee654da92 Merge pull request #43300 from twangboy/win_fix_netapi_rest_tornado
• c93d2ed386 Use os.sep instead of '/'
• 3fbf24b91a Use os.sep instead of '/'
• PR #43278: (gtmanfred) bootstrap can come from dunders @ 2017-08-31T13:31:20Z
• ISSUE #43259: (mahesh21) NameError: global name '__opts__' is not defined | refs: #43266
• PR #43266: (gtmanfred) switch virtualbox cloud driver to use __utils__ | refs: #43278
• aed2975979 Merge pull request #43278 from gtmanfred/virtualbox
• c4ae2de30f bootstrap can come from dunders
• PR #42975: (brejoc) Added unit tests for Kubernetes module @ 2017-08-30T20:30:16Z
• 479e0e06ac Merge pull request #42975 from brejoc/tests-for-kubernetes-module
• fdad9177b5 Merge branch '2017.7' into tests-for-kubernetes-module
• c227cb25ad Skipping test on ImportError
• bd76a870ce Dunder vars are now defined via setup_loader_modules
• 3c99e61637 Renamed test to match new convention
• caf78d206d Fixed imports for pytest
• c8e98c8d8a Added unit tests for Kubernetes module
• PR #43176: (terminalmage) docker_image states: Handle Hub images prefixed with "docker.io/" @
2017-08-30T20:08:13Z
• ISSUE #42935: (BenjaminSchubert) docker_image.present always ends up failing even on correct result.
| refs: #43176
• ca7df1d4cf Merge pull request #43176 from terminalmage/issue42935
• df18a89836 Lint: Remove unused import
• 7279f98e92 docker_image states: Handle Hub images prefixed with "docker.io/"
• f7c945f6e4 Prevent spurious "Template does not exist" error
Salt 2017.7.4 Release Notes
Version 2017.7.4 is a bugfix release for 2017.7.0.
Changes for v2017.7.3..v2017.7.4
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2018-02-16T16:44:38Z
Statistics:
• Total Merges: 7
• Total Issue references: 4
• Total PR references: 11
Changes:
• PR #46066: (rallytime) Pin tornado version in requirements file @ 2018-02-16T16:40:05Z
• ISSUE #45790: (bdarnell) Test with Tornado 5.0b1 | refs: #46066
• 32f3d00e44 Merge pull request #46066 from rallytime/pin-tornado
• 6dc1a3b9dc Pin tornado version in requirements file
• PR #46036: (terminalmage) git.latest: Fix regression with identity file usage @ 2018-02-16T13:57:23Z
• 85761ee650 Merge pull request #46036 from terminalmage/issue43769
• e2140d9a84 Mock the ssh.key_is_encrypted utils func
• 169924b3fe Move ssh.key_is_encrypted to a utils module temporarily
• 54f4d78f7a Only keep ssh.py in the Windows installer
• 5f04531e1b Keep ssh state and execution modules in the installer
• f2b69f703d git.latest: Fix regression with identity file usage
• PR #46009: (Ch3LL) Add 2017.7.4 Release Notes with PRs @ 2018-02-13T16:40:30Z
• 6d534c6e7e Merge pull request #46009 from Ch3LL/rn_7.4
• ac0baf4b34 Add 2017.7.4 Release Notes with PRs
• PR #45981: (gtmanfred) use local config for vault when masterless @ 2018-02-13T15:22:01Z
• ISSUE #45976: (grobinson-blockchain) 6a5e0f9 introduces regression that breaks Vault module for salt
masterless | refs: #45981
• ca76a0b328 Merge pull request #45981 from gtmanfred/2017.7.3
• 0d448457dc apparently local is not set by default
• 2a92f4bc16 use local config for vault when masterless
• PR #45953: (rallytime) Back-port #45928 to 2017.7.3 @ 2018-02-09T22:29:10Z
• ISSUE #45915: (MatthiasKuehneEllerhold) 2017.7.3: Salt-SSH & Vault Pillar: Permission denied
"minion.pem" | refs: #45928
• PR #45928: (garethgreenaway) [2017.7] Fixing vault when used with pillar over salt-ssh | refs: #45953
• 6530649dbc Merge pull request #45953 from rallytime/bp-45928-2017.7.3
• 85363189d1 Fixing vault when used with pillar over salt-ssh
• PR #45934: (rallytime) Back-port #45902 to 2017.7.3 @ 2018-02-09T16:31:08Z
• ISSUE #45893: (CrackerJackMack) archive.extracted ValueError "No path specified" in 2017.7.3 | refs:
#45902
• PR #45902: (terminalmage) Check the effective saltenv for cached archive | refs: #45934
• fb378cebb0 Merge pull request #45934 from rallytime/bp-45902
• bb83e8b345 Add regression test for issue 45893
• cdda66d759 Remove duplicated section in docstring and fix example
• 4b6351cda6 Check the effective saltenv for cached archive
• PR #45935: (rallytime) Back-port #45742 to 2017.7.3 @ 2018-02-09T14:02:26Z
• PR #45742: (marccardinal) list.copy() is not compatible with python 2.7 | refs: #45935
• 0d74151c71 Merge pull request #45935 from rallytime/bp-45742
• 6a0b5f7af3 Removed the chained copy
• ad1150fad4 list.copy() is not compatible with python 2.7
Salt 2016.11.0 Release Notes - Codename Carbon
New Features
Docker Introspection and Configuration
Major additions have been made to the Docker support in 2016.11.0. The new addition allows Salt to be
executed within a Docker container without a minion running or installed in the container. This allows
states to be run inside a container, but also all of Salt's remote execution commands to be run inside
docker containers as well. This makes container introspection simple and powerful. See the tutorial on
using this new feature here:
See Salt in Docker Containers.
Advanced Ceph Control
Our friends over at SUSE have delivered a powerful new tool to make the deployment of Ceph storage
systems using Salt very easy. These new Ceph tools allow for a storage system to be easily defined using
the new ceph.quorum state.
Thorium Additions and Improvements
The Thorium advanced reactor has undergone extensive testing and updates. These updates include many
more Thorium states, a system for automating key management, the ability to use Thorium to easily replace
old reactors and a great deal of stability and bug fixes.
State Rollback Using Snapper
Rollback has been one of the most prevalent requests for Salt. We have researched it extensively and
concluded that the only way to accomplish truly reliable rollback would be to execute it at the
filesystem layer. To accomplish this we have introduced Snapper integration into Salt States.
Snapper is a tool which allows for simple and reliable snapshots of the filesystem to be made. With the
new snapper_states option set to True in the minion config a snapshot will be made before and after every
Salt State run.
These snapshots can be viewed, managed and rolled back to via the snapper execution module.
Preserve File Perms in File States
This feature has been requested for years, the ability to set a flag and use the same file permissions
for files deployed to a minion as the permissions set to the file on the master. Just set the keep_mode
option on any file management state to True.
Ponies!
We all agreed that cowsay was just not good enough, install the ponysay command and the new pony
outputter will work. Fun for the whole family!
Additional Features
• Minions can run in stand-alone mode to use beacons and engines without having to connect to a master.
(Thanks @adelcast!)
• Added a salt runner to allow running salt modules via salt-run.
salt-run salt.cmd test.ping
# call functions with arguments and keyword arguments
salt-run salt.cmd test.arg 1 2 3 a=1
• Added SSL support to Cassandra CQL returner. SSL can be enabled by setting ssl_options for the
returner. Also added support for specifying protocol_version when establishing cluster connection.
• The mode parameter in the file.managed state, and the file_mode parameter in the file.recurse state,
can both now be set to keep and the minion will keep the mode of the file from the Salt fileserver.
This works only with files coming from sources prefixed with salt://, or files local to the minion
(i.e. those which are absolute paths, or are prefixed with file://). For example:
/etc/myapp/myapp.conf:
file.managed:
- source: salt://conf/myapp/myapp.conf
- mode: keep
/var/www/myapp:
file.recurse:
- source: salt://path/to/myapp
- dir_mode: 755
- file_mode: keep
• The junos state module is now available. It has all the functions that are present in the junos
execution module.
• The junos state module is now available. It has all the functions that are present in the junos
execution module.
• The minion data cache is a pluggable data store now. It's configurable with cache option. Default is
localfs.
• User names in client_acl support glob matching now.
New Top File Merging Strategy for States
A new strategy called merge_all has been added to provide a new way of merging top file matches when
executing a highstate. See the top_file_merging_strategy documentation for further information.
In addition, the same merging strategy was not functioning as documented. This has now been corrected.
While this is technically a bugfix, we decided to hold a change in top file merging until a feature
release to minimize user impact.
Improved Archive Extraction Support
The archive.extracted state has been overhauled. Notable changes include the following:
• When enforcing ownership (with the user and/or group arguments), the if_missing argument no longer has
any connection to which path(s) have ownership enforced. Instead, the paths are determined using the
either the newly-added archive.list function, or the newly-added enforce_ownership_on argument.
• if_missing also is no longer required to skip extraction, as Salt is now able to tell which paths would
be present if the archive were extracted. It should, in most cases, only be necessary in cases where a
semaphore file is used to conditionally skip extraction of the archive.
• Password-protected ZIP archives are now detected before extraction, and the state fails without
attempting to extract the archive if no password was specified.
• By default, a single top-level directory is enforced, to guard against 'tar-bombs'. This enforcement
can be disabled by setting enforce_toplevel to False.
• The tar_options and zip_options arguments have been deprecated in favor of a single options argument.
• The archive_format argument is now optional. The ending of the source argument is used to guess whether
it is a tar, zip or rar file. If the archive_format cannot be guessed, then it will need to be
specified, but in many cases it can now be omitted.
• Ownership enforcement is now performed irrespective of whether or not the archive needed to be
extracted. This means that the state can be re-run after the archive has been fully extracted to repair
changes to ownership.
A number of new arguments were also added. See the docs py:func:docs for the archive.extracted state
<salt.states.archive.extracted> for more information.
Additionally, the following changes have been made to the archive execution module:
• A new function (archive.list) has been added. This function lists the files/directories in an archive
file, and supports a verbose argument that gives a more detailed breakdown of which paths are files,
which are directories, and which paths are at the top level of the archive.
• A new function (archive.is_encrypted) has been added. This function will return True if the archive is
a password-protected ZIP file, False if not. If the archive is not a ZIP file, an error will be raised.
• archive.cmd_unzip now supports passing a password, bringing it to feature parity with archive.unzip.
Note that this is still not considered to be secure, and archive.unzip is recommended for dealing with
password-protected ZIP archives.
• The default value for the extract_perms argument to archive.unzip has been changed to True.
Improved Checksum Handling in file.managed, archive.extracted States
When the source_hash argument for these states refers to a file containing checksums, Salt now looks for
checksums matching the name of the source URI, as well as the file being managed. Prior releases only
looked for checksums matching the filename being managed. Additionally, a new argument (source_hash_name)
has been added, which allows the user to disambiguate ambiguous matches when more than one matching
checksum is found in the source_hash file.
A more detailed explanation of this functionality can be found in the file.managed documentation, in the
section for the new source_hash_name argument.
NOTE:
This improved functionality is also available in the 2016.3 (Boron) release cycle, starting with the
2016.3.5 release.
Config Changes
The following default config values were changed:
• gitfs_ssl_verify: Changed from False to True
• git_pillar_ssl_verify: Changed from False to True
• winrepo_ssl_verify: Changed from False to True
Grains Changes
• All core grains containing VMWare have been changed to VMware, which is the official capitalization.
Additionally, all references to VMWare in the documentation have been changed to VMware issue 30807.
Environments using versions of Salt before and after Salt 2016.11.0 should employ case-insensitive
grain matching on these grains.
{% set on_vmware = grains['virtual'].lower() == 'vmware' %}
• On Windows the cpu_model grain has been changed to provide the actual cpu model name and not the cpu
family.
Old behavior:
root@master:~# salt 'testwin200' grains.item cpu_model
testwin200:
----------
cpu_model:
Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
New behavior:
root@master:~# salt 'testwin200' grains.item cpu_model
testwin200:
----------
cpu_model:
Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz
Beacons Changes
• The loadavg beacon now outputs averages as integers instead of strings. (Via issue 31124.)
Runner Changes
• Runners can now call out to utility modules via __utils__.
• ref:Utility modules <writing-utility-modules> (placed in salt://_utils/) are now able to be synced to
the master, making it easier to use them in custom runners. A saltutil.sync_utils function has been
added to the saltutil runner to facilitate the syncing of utility modules to the master.
Pillar Changes
• Thanks to the new saltutil.sync_utils runner, it is now easier to get ref:utility modules
<writing-utility-modules> synced to the correct location on the Master so that they are available in
execution modules called from Pillar SLS files.
Junos Module Changes
• The following new functionalities were added to the junos module
• facts - Displays the facts gathered during the connection.
• shutdown - Shut down or reboot a device running Junos OS.
• install_config - Modify the configuration of a Junos device.
• install_os - Install Junos OS software package.
• zeroize - Remove all configuration information on the Routing Engines and reset all key values on a
device.
• file_copy - Copy file from proxy to the Junos device.
Network Automation: NAPALM
Beginning with 2016.11.0, network automation is included by default in the core of Salt. It is based on a
the NAPALM library and provides facilities to manage the configuration and retrieve data from network
devices running widely used operating systems such: JunOS, IOS-XR, eOS, IOS, NX-OS etc. - see the
complete list of supported devices.
The connection is established via the NAPALM proxy.
In the current release, the following modules were included:
• NAPALM grains - Select network devices based on their characteristics
• NET execution module - Networking basic features
• NTP execution module
• BGP execution module
• Routes execution module
• SNMP execution module
• Users execution module
• Probes execution module
• NTP peers management state
• SNMP configuration management state
• Users management state
Cisco NXOS Proxy Minion
Beginning with 2016.11.0, there is a proxy minion that can be used to configure nxos cisco devices over
ssh.
• Proxy Minion
• Execution Module
• State Module
Cisco Network Services Orchestrator Proxy Minion
Beginning with 2016.11.0, there is a proxy minion to use the Cisco Network Services Orchestrator as a
proxy minion.
• Proxy Minion
• Execution Module
• State Module
Junos Module Changes
• The following new functionalities were added to the junos module
• facts - Displays the facts gathered during the connection.
• shutdown - Shut down or reboot a device running Junos OS.
• install_config - Modify the configuration of a Junos device.
• install_os - Install Junos OS software package.
• zeroize - Remove all configuration information on the Routing Engines and reset all key values on a
device.
• file_copy - Copy file from proxy to the Junos device.
Returner Changes
• Any returner which implements a save_load function is now required to accept a minions keyword
argument. All returners which ship with Salt have been modified to do so.
Renderer Changes
Added the ability to restrict allowed renderers. Two new config parameters, renderer_whitelist and
renderer_blacklist are introduced for this purpose.
eAuth Changes
• External auth modules' auth method can return an ACL list for the given username instead of True. This
list should be in the same format as described in the eAuth documentation. It will be used for the user
instead of one set in master config.
Example of the auth method return that allows a user to execute functions in the test and network
modules on the minions that match the web* target and allow access to wheel and runner modules:
[{'web*': ['test.*',
'network.*']},
'@wheel',
'@runner']
• External auth is supported by salt-run and salt-key now. Note that master must be started to use them
with eAuth.
External Module Packaging
Modules may now be packaged via entry-points in setuptools. See external module packaging tutorial for
more information.
Functionality Changes
• The onfail requisite now uses OR logic instead of AND logic. issue 22370
• The consul external pillar now strips leading and trailing whitespace. issue 31165
• The win_system.py state is now case sensitive for computer names. Previously computer names set with a
state were converted to all caps. If you have a state setting computer names with lower case letters in
the name that has been applied, the computer name will be changed again to apply the case sensitive
name.
• The mac_user.list_groups function in the mac_user execution module now lists all groups for the
specified user, including groups beginning with an underscore. In previous releases, groups beginning
with an underscore were excluded from the list of groups.
• The junos.call_rpc function in the junos execution module can now be used to call any valid rpc.
Earlier it used to call only "get_software_information".
• A new option for minions called master_tries has been added. This specifies the number of times a
minion should attempt to contact a master to attempt a connection. This allows better handling of
occasional master downtime in a multi-master topology.
• The default hash_type is now sha256 instead of md5. You will need to make sure both your master and
minion share the same hash_type.
• Nodegroups consisting of a simple list of minion IDs can now also be declared as a yaml list. The below
two examples are equivalent:
# Traditional way
nodegroups:
- group1: L@host1,host2,host3
# New way (optional)
nodegroups:
- group1:
- host1
- host2
- host3
New Azure ARM Cloud Driver
A new cloud driver has been added for Azure ARM, aka, the Azure Resource Manager. The older Azure driver
is still required to work with the older Azure API. This new driver works with the newer ARM API, which
is managed via the newer Azure Portal website.
New Modules
Beacons
• salt.beacons.avahi_announce
• salt.beacons.bonjour_announce
• salt.beacons.haproxy
• salt.beacons.status
Clouds
• salt.cloud.clouds.azurearm
Engines
• salt.engines.hipchat
• salt.engines.http_logstash
Modules
• salt.modules.boto_cloudwatch_event
• salt.modules.celery
• salt.modules.ceph
• salt.modules.influx08
• salt.modules.inspectlib.entities
• salt.modules.inspectlib.fsdb
• salt.modules.inspectlib.kiwiproc
• salt.modules.inspector
• salt.modules.libcloud_dns
• salt.modules.openstack_mng
• salt.modules.servicenow
• salt.modules.testinframod
• salt.modules.win_lgpo
• salt.modules.win_pki
• salt.modules.win_psget
• salt.modules.win_snmp
• salt.modules.xbpspkg
Outputters
• salt.output.pony
Pillar
• salt.pillar.csvpillar
• salt.pillar.http_json
• salt.pillar.makostack
Returners
• salt.returners.zabbix_return
Runners
• salt.runners.auth
• salt.runners.event
• salt.runners.smartos_vmadm
• salt.runners.vistara
SDB
• salt.sdb.env
States
• salt.states.boto_cloudwatch_event
• salt.states.csf
• salt.states.ethtool
• salt.states.influxdb08_database
• salt.states.influxdb08_user
• salt.states.libcloud_dns
• salt.states.snapper
• salt.states.testinframod
• salt.states.win_lgpo
• salt.states.win_pki
• salt.states.win_snmp
Thorium
• salt.thorium.calc
• salt.thorium.key
• salt.thorium.runner
• salt.thorium.status
• salt.thorium.wheel
Deprecations
General Deprecations
• env to saltenv
All occurrences of env and some occurrences of __env__ marked for deprecation in Salt 2016.11.0 have
been removed. The new way to use the salt environment setting is with a variable called saltenv:
def fcn(msg='', env='base', refresh=True, saltenv='base', **kwargs):
has been changed to
def fcn(msg='', refresh=True, saltenv='base', **kwargs):
• If env (or __env__) is supplied as a keyword argument to a function that also accepts arbitrary
keyword arguments, then a new warning informs the user that env is no longer used if it is found.
This new warning will be removed in Salt 2017.7.0.
def fcn(msg='', refresh=True, saltenv='base', **kwargs):
# will result in a warning log message
fcn(msg='add more salt', env='prod', refresh=False)
• If env (or __env__) is supplied as a keyword argument to a function that does not accept arbitrary
keyword arguments, then python will issue an error.
def fcn(msg='', refresh=True, saltenv='base'):
# will result in a python TypeError
fcn(msg='add more salt', env='prod', refresh=False)
• If env (or __env__) is supplied as a positional argument to a function, then undefined behavior will
occur, as the removal of env and __env__ from the function's argument list changes the function's
signature.
def fcn(msg='', refresh=True, saltenv='base'):
# will result in refresh evaluating to True and saltenv likely not being a string at all
fcn('add more salt', 'prod', False)
• Deprecations in minion.py:
• The salt.minion.parse_args_and_kwargs function has been removed. Please use the
salt.minion.load_args_and_kwargs function instead.
Cloud Deprecations
• The vsphere cloud driver has been removed. Please use the vmware cloud driver instead.
• The private_ip option in the linode cloud driver is deprecated and has been removed. Use the
assign_private_ip option instead.
• The create_dns_record and delete_dns_record functions are deprecated and have been removed from the
digital_ocean driver. Use the post_dns_record function instead.
Execution Module Deprecations
• The blockdev execution module had four functions removed:
• dump
• tune
• resize2fs
• wipe
The disk module should be used instead with the same function names.
• The boto_vpc execution module had two functions removed, boto_vpc.associate_new_dhcp_options_to_vpc and
boto_vpc.associate_new_network_acl_to_subnet in favor of more concise function names,
boto_vpc.create_dhcp_options and boto_vpc.create_network_acl, respectively.
• The data execution module had getval and getvals functions removed in favor of one function, get, which
combines the functionality of the removed functions.
• File module deprecations:
• The contains_regex_multiline function was removed. Use file.search instead.
• Additional command line options for file.grep should be passed one at a time. Please do not pass
more than one in a single argument.
• The lxc execution module has the following changes:
• The run_cmd function was removed. Use lxc.run instead.
• The nic argument was removed from the lxc.init function. Use network_profile instead.
• The clone argument was removed from the lxc.init function. Use clone_from instead.
• passwords passed to the lxc.init function will be assumed to be hashed, unless
password_encrypted=False.
• The restart argument for lxc.start was removed. Use lxc.restart instead.
• The old style of defining lxc containers has been removed. Please use keys under which LXC profiles
should be configured such as lxc.container_profile.profile_name.
• The env and activate keyword arguments have been removed from the install function in the pip execution
module. The use of bin_env replaces both of these options.
• reg execution module
Functions in the reg execution module had misleading and confusing names for dealing with the Windows
registry. They failed to clearly differentiate between hives, keys, and name/value pairs. Keys were
treated like value names. There was no way to delete a key.
New functions were added in 2015.5 to properly work with the registry. They also made it possible to
edit key default values as well as delete an entire key tree recursively. With the new functions in
place, the following functions have been deprecated:
• read_key
• set_key
• create_key
• delete_key
Use the following functions instead:
• for read_key use read_value
• for set_key use set_value
• for create_key use set_value with no vname and no vdata
• for delete_key use delete_key_recursive. To delete a value, use delete_value.
• The hash_hostname option was removed from the salt.modules.ssh execution module. The hash_known_hosts
option should be used instead.
• The human_readable option was removed from the uptime function in the status execution module. The
function was also updated in 2015.8.9 to return a more complete offering of uptime information,
formatted as an easy-to-read dictionary. This updated function replaces the need for the human_readable
option.
• The persist kwarg was removed from the win_useradd execution module. This option is no longer supported
for Windows. persist is only supported as part of user management in UNIX/Linux.
• The zpool_list function in the zpool execution module was removed. Use list instead.
Outputter Module Deprecations
• The compact outputter has been removed. Set state_verbose to False instead.
Runner Module Deprecations
• The grains.cache runner no longer accepts outputter or minion as keyword arguments. Users will need to
specify an outputter using the --out option. tgt is replacing the minion kwarg.
• The fileserver runner no longer accepts the outputter keyword argument. Users will need to specify an
outputter using the --out option.
• The jobs runner no longer accepts the outputter keyword argument. Users will need to specify an
outputter using the --out option.
• virt runner module:
• The hyper kwarg was removed from the init, list, and query functions. Use the host option instead.
• The next_hyper function was removed. Use the next_host function instead.
• The hyper_info function was removed. Use the host_info function instead.
State Module Deprecations
• The env and activate keyword arguments were removed from the installed function in the pip state
module. The use of bin_env replaces both of these options.
• reg state module
The reg state module was modified to work with the new functions in the execution module. Some logic
was left in the reg.present and the reg.absent functions to handle existing state files that used the
final key in the name as the value name. That logic has been removed so you now must specify value name
(vname) and, if needed, value data (vdata).
For example, a state file that adds the version value/data pair to the Software\Salt key in the
HKEY_LOCAL_MACHINE hive used to look like this:
HKEY_LOCAL_MACHINE\\Software\\Salt\\version:
reg.present:
- value: 2016.3.1
Now it should look like this:
HKEY_LOCAL_MACHINE\\Software\\Salt
reg.present:
- vname: version
- vdata: 2016.3.1
A state file for removing the same value added above would have looked like this:
HKEY_LOCAL_MACHINE\\Software\\Salt\\version:
reg.absent:
Now it should look like this:
HKEY_LOCAL_MACHINE\\Software\\Salt
reg.absent:
- vname: version
This new structure is important as it allows salt to deal with key default values which was not
possible before. If vname is not passed, salt will work with the default value for that hivekey.
Additionally, since you could only delete a value from a the state module, a new function (key_absent)
has been added to allow you to delete a registry key and all subkeys and name/value pairs recursively.
It uses the new delete_key_recursive function.
For additional information see the documentation for the reg execution and state modules.
• lxc state module: The following functions were removed from the lxc state module:
• created: replaced by the present state.
• started: replaced by the running state.
• cloned: replaced by the present state. Use the clone_from argument to set the name of the clone
source.
• The hash_hostname option was removed from the salt.states.ssh_known_hosts state. The hash_known_hosts
option should be used instead.
• The always kwarg used in the built function of the pkgbuild state module was removed. Use force
instead.
Utils Module Deprecations
• The use of jid_dir and jid_load were removed from the salt.utils.jid. jid_dir functionality for
job_cache management was moved to the local_cache returner. jid_load data is now retrieved from the
master_job_cache.
• ip_in_subnet function in salt.utils.network.py has been removed. Use the in_subnet function instead.
• The iam utils module had two functions removed: salt.utils.iam.get_iam_region and
salt.utils.iam.get_iam_metadata in favor of the aws utils functions
salt.utils.aws.get_region_from_metadata and salt.utils.aws.creds, respectively.
Salt 2016.11.1 Release Notes
Version 2016.11.1 is a bugfix release for 2016.11.0.
Changes for v2016.11.0..v2016.11.1
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-12-09T21:54:17Z
Statistics:
• Total Merges: 89
• Total Issue references: 55
• Total PR references: 155
Changes:
• PR #38182: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2016-12-09T21:25:47Z
• PR #38177: (vutny) Correct cp.get_file_str docstring and add integration tests
• PR #38163: (Ch3LL) enabled ec2 cloud tests
• PR #38153: (vutny) Master config includes may contain errors and be safely skipped
• 23c0393 Merge pull request #38182 from rallytime/merge-2016.11
• 627242a Merge branch '2016.3' into '2016.11'
• 65b2ad7 Merge pull request #38163 from Ch3LL/enabled_ec2_cloud
• be74c45 enabled ec2 cloud tests
• b63f74e Merge pull request #38177 from vutny/fix-cp-get-file-str
• a449980 Correct cp.get_file_str docstring and add integration tests
• 7596313 Merge pull request #38153 from vutny/master-includes-error-tolerance
• cd0154e Master config includes may contain errors and be safely skipped
• PR #38158: (cachedout) Fix type problem in grains.filter_by @ 2016-12-09T21:24:40Z
• ISSUE #38094: (bartuss7) TypeError: object of type 'float' has no len() in grains.filter_by | refs:
#38158
• 8355adc Merge pull request #38158 from cachedout/issue_38094
• e8196e2 Lint, remove set literal
• 9f4ebb3 Fix type problem in grains.filter_by
• PR #38156: (terminalmage) Remove rtag when windows minion refreshes early in state @
2016-12-09T21:15:01Z
• ISSUE #38090: (jf) pkg.installed does not seem to refresh the repo database, no matter what | refs:
#38113 #38156
• 31a157d Merge pull request #38156 from terminalmage/fix-windows-refresh
• 258bd4c Remove rtag when windows minion refreshes early in state
• PR #38183: (cro) Fix bad set operations when setting up securitygroups in AWS. @ 2016-12-09T21:12:10Z
• ISSUE #37981: (tazaki) Salt-cloud ec2 vpc securitygroupid always returning default | refs: #38183
• PR #37891: (isbm) rsync port to 2015.8
• c638952 Merge pull request #38183 from cro/fix_37891
• 0527d6f Fix bad set operations when setting up securitygroups in AWS. Fixes #37891.
• fc95045 Reset socket default timeout to None (fixes daemons_tests failures) (#38181)
• PR #38181: (rallytime) Reset socket default timeout to None (fixes daemons_tests failures)
• PR #38148: (whiteinge) Remove ssh_async from NetapiClient clients; it is not implemented @
2016-12-09T18:49:42Z
• 7ccbedd Merge pull request #38148 from whiteinge/no-ssh-async-client
• cb58cd4 Remove ssh_async from NetapiClient clients; it is not implemented
• PR #38160: (terminalmage) Update information about xz-utils in archive state/module docs @
2016-12-09T18:34:03Z
• 8d4e194 Merge pull request #38160 from terminalmage/update-archive-docs
• 8e4ad3c Update information about xz-utils in archive state/module docs
• PR #38164: (techhat) Add Azure ARM docs for 2016.11.0 @ 2016-12-09T18:00:22Z
• ISSUE #38024: (Ch3LL) 2016.11.0 release notes missing azure arm reference | refs: #38164
• 05136f0 Merge pull request #38164 from techhat/azuredocs
• 71b787e Add Azure ARM docs for 2016.11.0
• PR #38173: (rallytime) Bump some win* module deprecations from Nitrogen to Oxygen @
2016-12-09T16:57:29Z
• e3c858c Merge pull request #38173 from rallytime/update-win-deprecation-versions
• 09a50b2 Bump some win* module deprecations from Nitrogen to Oxygen
• PR #38036: (terminalmage) archive.extracted: fix problems with overwrite arg @ 2016-12-08T19:08:41Z
• PR #37889: (isbm) Allow overwrite archives extraction | refs: #38036
• 827bf59 Merge pull request #38036 from terminalmage/archive-extracted-override
• a1c70c7 archive.extracted: fix problems with overwrite arg
• PR #38133: (terminalmage) Fix edge case in creation of trans tar for salt-thin @ 2016-12-08T17:47:26Z
• 50773a5 Merge pull request #38133 from terminalmage/zd1067
• 71e0bd0 Fix edge case in creation of trans tar for salt-thin
• PR #38138: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2016-12-07T20:15:56Z
• PR #38134: (rallytime) Skip daemon unit tests when running on Python 2.6
• 6026cb2 Merge pull request #38138 from rallytime/merge-2016.11
• 28b56ea Merge branch '2016.3' into '2016.11'
• 86091db Skip daemon unit tests when running on Python 2.6 (#38134)
• PR #38130: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2016-12-07T20:11:19Z
• ISSUE #38091: (tjyang) [WARNING ] salt.loaded.int.module.zenoss.__virtual__() is wrongly returning
None. | refs: #38102
• ISSUE #36707: (do3meli) slow FreeBSD sysctl module with test=true | refs: #36794
• PR #38104: (rallytime) Back-port #36794 to 2016.3
• PR #38102: (rallytime) Add False + msg tuple return if requests is missing for zenoss module
• PR #36794: (do3meli) FreeBSD sysctl module now handels config_file parameter in show method | refs:
#38104
• 90478ef Merge pull request #38130 from rallytime/merge-2016.11
• 4d7d9ab Merge branch '2016.3' into '2016.11'
• d3d98fd4 Merge pull request #38102 from rallytime/fix-38091
• 4f79d5a Add False + msg tuple return if requests is missing for zenoss module
• 8c8cbc2 Merge pull request #38104 from rallytime/bp-36794
• c906c8a Pylint fixes
• da3ebf8 FreeBSD sysctl module now handels config_file parameter in show method
• 1a42e24 Fix beacon index (#38129)
• PR #38129: (Ch3LL) Fix beacon index
• bbdfcab Add versionadded tags for network module funcs (#38127)
• PR #38127: (rallytime) Add versionadded tags for network module funcs
• PR #38043: (MTecknology) Debian networking fix @ 2016-12-07T17:32:18Z
• ISSUE #38042: (MTecknology) [2016.11.0] Invalid interfaces file produced by debian_ip module | refs:
#38043
• fd06bab Merge pull request #38043 from MTecknology/2016.11
• 6d5e132 Removing trailing whitespace from previous commit
• f882674 Adding some options that are valid for inet6 blocks.
• 81cb688 Better check for dual stack.
• 525c746 May Cthulhu take mercy on my soul for this commit.
• 300ca60 I guess this makes the previous commit a bit redundant, but I'm not sure if I want to remove
it.
• 6e7fc39 This now seems absurdly obvious, but I'm not ruling out that I'll break everything.
• 82d2b89 Rolling back unit test.
• b3edbcf Adding larger and more complete debian_ip unit test.
• 3afd7b6 Adding the valid/documented 'slaves' option.
• b6b1adc Typo: missing closing parenthesis
• 756e41c Fixing a typo; line should not be commented
• 32a1374 Corrects expected return value
• 88f9d9f Mostly whitespace & comment changes
• 41ffb8d Removing redundant line
• 3a81686 Ensure iface_dict not being populated will not produce a stacktrace
• 4de2cb2 Corrects regression in debian_ip/debian_eth.jinja
• PR #38107: (cachedout) Status beacon should raise proper exception @ 2016-12-07T17:21:49Z
• PR #38088: (dmurphy18) Updated to match formulas and allow for missing functions | refs: #38107
• 4b9a7f2 Merge pull request #38107 from cachedout/supercede_38088
• 73d7248 Change to log.debug per Tom
• da135b1 Fix docs
• 792b422 Pylint fix
• 88e03bb Fix typo
• a8ce153 Status beacon should raise proper exception
• PR #38101: (lorengordon) Clarifies file.replace behavior on symlinks @ 2016-12-07T13:27:11Z
• da8f5ac Merge pull request #38101 from lorengordon/file-replace-note
• 345990f Clarifies file.replace behavior on symlinks
• PR #38113: (terminalmage) Revert changes to refresh tag for pkg states @ 2016-12-07T13:11:14Z
• ISSUE #38090: (jf) pkg.installed does not seem to refresh the repo database, no matter what | refs:
#38113 #38156
• d47761f Merge pull request #38113 from terminalmage/issue38090
• 9f347df Revert changes to refresh tag for pkg states
• PR #38120: (Da-Juan) Fix status beacon config default values @ 2016-12-07T13:08:33Z
• ISSUE #37976: (t0nyhays) Error when status beacon fires (2016.11.0) | refs: #38120
• d4c34e0 Merge pull request #38120 from Da-Juan/2016.11
• 7e4a35e Fix status beacon config default values
• PR #38114: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2016-12-07T12:45:04Z
• ISSUE #38037: (dmurphy18) pkg.latest and yumpkg.latest_version return incorrect package versions
2016.3 and 2016.11 | refs: #38045
• ISSUE #37939: (Talkless) file.comment always report changes in test=True mode | refs: #38039
• ISSUE #35342: (morganwillcock) win_pkg: refresh_db doesn't remove cached items which have been
renamed or removed | refs: #38083
• PR #38083: (twangboy) Only delete .sls files from winrepo-ng [DO NOT MERGE FORWARD]
• PR #38059: (rallytime) Call exec_test for the Syndic daemon in tests.unit.daemons_test.py
• PR #38057: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 | refs: #38059
• PR #38045: (terminalmage) yumpkg.py: don't include non-upgrade versions found by "yum list available"
• PR #38039: (rallytime) Check to see if a line is already commented before moving on
• PR #38034: (cachedout) Modify daemons test to use multiprocessing | refs: #38059
• 6868089 Merge pull request #38114 from rallytime/merge-2016.11
• fec9dec Merge branch '2016.3' into '2016.11'
• fbc8776 Merge pull request #38083 from twangboy/fix_refresh_db
• 978af6d Remove only .sls files from the cached winrepo-ng
• 9dcfdee Merge pull request #38059 from rallytime/daemons-test-fix
• eb372b2 Add missing "not" statement: The last syndic test should assertFalse()
• 4e10f8e Call exec_test for the Syndic daemon in tests.unit.daemons_test.py
• 9cd42b9 Merge pull request #38039 from rallytime/fix-37939
• 1da7aac Update unit tests to account for additional file.search call
• 8a685b1 Check to see if a line is already commented before moving on
• f2c0455 Write an integration test demonstrating the issue
• a34a763 Merge pull request #38045 from terminalmage/issue38037
• 6528950 Simplify logic for matching desired pkg arch with actual pkg arch
• 3babbcd yumpkg.py: don't include non-upgrade versions found by "yum list available"
• PR #38109: (gtmanfred) mode needs to be an integer @ 2016-12-07T11:58:24Z
• b9920e5 Merge pull request #38109 from gtmanfred/2016.11
• 7546760 mode needs to be an integer
• PR #38103: (rallytime) Back-port #37283 to 2016.11 @ 2016-12-06T23:12:59Z
• PR #37283: (jeanpralo) Handle docker-compose up to version 1.9.0 | refs: #38103
• PR #37215: (mschneider82) removed version check | refs: #37283
• fd77dcb Merge pull request #38103 from rallytime/bp-37283
• 11944df handle up to version 1.9.0
• PR #38057: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 | refs: #38059 @
2016-12-06T23:11:41Z
• ISSUE #37945: (gstachowiak) Missing exception handling in salt.master.Maintenance. Process never
completes. | refs: #37961
• ISSUE #37867: (tobiasBora) Bug into lsb_release that crash salt | refs: #37962
• ISSUE #37737: (b-harper) python client api CloudClient multiple calls needed | refs: #37928
• ISSUE #37059: (basepi) Beacon fileserver operations cause scheduled jobs with fileserver operations
to hang | refs: #37899
• ISSUE #35088: (Modulus) salt/cloud/ec2.py encoding problems. | refs: #37912
• PR #38034: (cachedout) Modify daemons test to use multiprocessing | refs: #38059
• PR #38002: (laleocen) fix broken yaml code block
• PR #37995: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #37978: (terminalmage) Add clarifying language to ext_pillar_first docs
• PR #37964: (terminalmage) Add clarification on expr_form usage and future deprecation
• PR #37962: (cachedout) Catch possible exception from lsb_release
• PR #37961: (cachedout) Handle empty tokens safely
• PR #37950: (vutny) Set default Salt Master address for a Syndic (like for a Minion)
• PR #37929: (gtmanfred) add list_nodes_min to nova driver
• PR #37928: (techhat) Don't modify self.opts directly
• PR #37926: (kontrolld) Fixes no IPv6 functionality in /etc/sysconfig/network
• PR #37925: (kontrolld) Fix missing ipv6 options centos network
• PR #37924: (cachedout) Update test for new gem ver
• PR #37921: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #37918: (rallytime) [2015.8] Update version numbers in doc config for 2016.11.0 release
• PR #37914: (terminalmage) Update earlier release channels' docs with Carbon release notes
• PR #37912: (attiasr) fix encoding problem aws responses
• PR #37899: (DmitryKuzmenko) Clear functions context in schedule tasks for ZeroMQ.
• PR #37272: (vutny) Get default logging level and log file from default opts dict
• 5d9d6b9 Merge pull request #38057 from rallytime/merge-2016.11
• 3428840 Fix SaltKeyOptionParserTestCase test failures
• 186e2d0 Don't allow libcloud mock module injection in unit/states/libcloud_dns_test.py either
• d513a60 Do not allow libcloud to be injected as a mock value in the libcloud_dns_test
• 74a417e Update the mocked cloud configs to also include master configs
• f2c8cb1 Better merge conflict resolution from the initial merge
• 8fd53a4 Merge branch '2016.3' into '2016.11'
• 6724fe4 Modify daemons test to use multiprocessing (#38034)
• 6942d5d Merge pull request #37995 from rallytime/merge-2016.3
• b44e179 Merge branch '2015.8' into '2016.3'
• 7a7e367 Merge pull request #37978 from terminalmage/ext_pillar_first-docs
• 61ed9a8 Add clarifying language to ext_pillar_first docs
• cd66c17 fix broken yaml code block (#38002)
• 3dd45fb Merge pull request #37912 from attiasr/fix_aws_response_encoding
• ba4ec4e use Requests result encoding to encode the text
• abe4eb3 fix encoding problem aws responses
• 69a74a4 Merge pull request #37950 from vutny/fix-starting-up-syndic
• 7d9bc9a syndic_master: correct default value, documentation and example config
• 92a7c7e Set default Salt Master address for a Syndic (like for a Minion)
• 7f269bc Add clarification on expr_form usage and future deprecation (#37964)
• 1001987 Catch possible exception from lsb_release (#37962)
• 330021c Handle empty tokens safely (#37961)
• ea46639 Merge pull request #37272 from vutny/fix-getting-default-logging-opts
• e5ce523 Fix description in the Salt Syndic usage info
• 518a3dd Add unit tests for Salt parsers processing logging options
• 83d6a44 Add ssh_log_file option to master config and documentation
• c8a0915 Fix configuration example and documentation for syndic_log_file option
• e64dd3e Correct default attributes for various parser classes
• 82a2e21 Fix default usage string for Salt command line programs
• 45dffa2 Fix readding and updating logfile and pidfile config options for Salt API
• f47253c Fix reading and applying Salt Cloud default configuration
• fad5bec Work with a copy of default opts dictionaries
• b7c2481 Fix log_level_logfile config value type
• 1bd76a1 Fix setting temporary log level if CLI option omitted
• 121848c Fix obtaining log_granular_levels config setting
• 44cf07f Make CLI options take precedence for setting up logfile_logger
• 61afaf1 Fix setting option attributes when processing log_level and log_file
• 3c60e23 Fix processing of log_level_logfile config setting
• 55a0af5 Use attribute functions for getting/setting options and config values
• c25f2d0 Fix getting Salt API default logfile option
• f242237 Remove processing of unused and undocumented cli_*_log_* config options
• 2065e83 Get default logging level and file from default opts dict
• f2f957d Merge pull request #37925 from kontrolld/add-ipv6-centos-network
• ac2b477 Adding IPv6 functionality for CentOS /etc/sysconfig/network
• c07ad11 Merge pull request #37899 from DSRCorporation/bugs/37059_schedule_task_hang
• 9497748 Clear functions context in schedule tasks for ZeroMQ.
• a55519d Merge pull request #37928 from techhat/issue37737
• a09a60e Don't modify self.opts directly
• 9d17f1c Merge pull request #37929 from gtmanfred/2016.3
• c7d2c73 add list_nodes_min to nova driver
• 3bb743b Merge pull request #37926 from kontrolld/fix-ipv6-centos-network
• 3ed42e5 updated
• 3b3bc4f Fixes no IPv6 functionality in /etc/sysconfig/network
• 271170a Merge pull request #37921 from rallytime/merge-2016.3
• 523a67c Merge branch '2015.8' into '2016.3'
• 4cdc6cf Update earlier release channels' docs with Carbon release notes (#37914)
• d31491a [2015.8] Update version numbers in doc config for 2016.11.0 release (#37918)
• 6cd6429 Merge pull request #37924 from cachedout/fix_gem_states
• 894cca3 Update test for new gem ver
• 9969544 Account for case where vim install already exists and is at an older version (#38112)
• PR #38112: (rallytime) Account for case where vim install already exists and is at an older version
• PR #38021: (mateiw) Add master_tops support in salt-ssh @ 2016-12-06T14:26:22Z
• ISSUE #19502: (kt97679) salt-ssh fails to run state.highstate with custom master_tops | refs: #38021
• f8c67a9 Merge pull request #38021 from mateiw/salt-ssh_master_tops
• 65a0f10 Add/remove newlines
• 7037fa1 Add master_tops support in salt-ssh
• 1bb31bb Start release notes file for 2016.11.1 release (#38084)
• PR #38084: (rallytime) Start release notes file for 2016.11.1 release
• PR #37878: (kstreee) Makes threads avoid blocking waiting while communicating using Zeromq. @
2016-12-05T19:50:46Z
• 7829551 Merge pull request #37878 from kstreee/2016.11
• 9103878 Fixes blocking waiting through implementing a socket pool class.
• PR #37987: (rbjorklin) consul_pillar support for limiting pillar exposure via minion targeting @
2016-12-05T19:48:20Z
• PR #37985: (rbjorklin) consul_pillar support for limiting pillar exposure via minion targeting |
refs: #37987
• 0809ccd Merge pull request #37987 from rbjorklin/consul-pillar-target
• 5d0454a Ignore W1401 (anomalous-backslash-in-string)
• 2e929a5 Linting fixes
• 171cab1 Fixed possible incorrect behavior if target wasn't on start/end of str
• 7440582 consul_pillar support for limiting pillar exposure via minion targeting
• PR #38067: (terminalmage) Remove virtual funcs for archive state/module @ 2016-12-05T16:37:23Z
• ISSUE #38062: (UtahDave) archive execution module not loading on Windows in 2016.11.0 | refs: #38067
• 83dcfe8 Merge pull request #38067 from terminalmage/issue38062
• 2e0f26a Remove virtual funcs for archive state/module
• PR #38058: (rallytime) Remove initdb dependency in postgres module @ 2016-12-04T04:19:02Z
• ISSUE #38001: (tomlaredo) Regression on postgres_group.present ('postgres_group' __virtual__ returned
False) | refs: #38023
• ISSUE #37986: (marek-obuchowicz) Module postgres - wrong docs, doesn't work with debian 8.5 | refs:
#38023
• ISSUE #37935: (ipmb) Postgres module regression on 2016.11 | refs: #37946 #37993 #38023 #38058
• PR #38023: (gtmanfred) Expand error message for postgres states | refs: #38058
• PR #37993: (ticosax) Remove initdb dependency to consume postgres module. | refs: #38058
• c993367 Merge pull request #38058 from rallytime/remove-init-db-dep
• c1ceeca Remove initdb dependency in postgres module
• PR #38004: (terminalmage) Fix regression in user/group mgmt for archive.extracted @
2016-12-02T18:28:49Z
• ISSUE #37969: (lordcirth) Archive.extracted fails if -user: root is specified | refs: #38004
• 1ac53e5 Merge pull request #38004 from terminalmage/issue37969
• 23bb90a Add integration test for archive.extracted with user/group set to root
• e5ee721 Don't use simple boolean check on uid/gid
• PR #38051: (Ch3LL) add docs for hash_type change to sha256 @ 2016-12-02T18:11:36Z
• ISSUE #37941: (L4rS6) Outdated documentation for 2016.11.x | refs: #38051
• e90cbbe Merge pull request #38051 from Ch3LL/fix_hash_docs
• e95f88f add docs for hash_type change to sha256
• PR #38028: (terminalmage) Pass full_return to saltutil.runner @ 2016-12-02T09:49:31Z
• ISSUE #38000: (morganwillcock) 2016.11.0: saltutil.runner returns a different dict structure and
breaks template rendering | refs: #38028
• 1b52289 Merge pull request #38028 from terminalmage/issue38000
• 9bf13d5 Pass full_return to saltutil.runner
• PR #38044: (terminalmage) Remove debugging code @ 2016-12-02T09:43:44Z
• ISSUE #37980: (tveastman) Having 'git' in fileserver_backends and no gitfs_remotes defined causes a
crash | refs: #38044
• 41c44ff Merge pull request #38044 from terminalmage/issue37980
• f70a040 Remove debugging code
• PR #38035: (dmurphy18) Updated to return status from make_repo similar to rpmbuild.py @
2016-12-01T22:30:53Z
• 9661258 Merge pull request #38035 from dmurphy18/fix_debbuild
• 3bca96e Updated to return status from make_repo similar to rpmbuild.py
• PR #38023: (gtmanfred) Expand error message for postgres states | refs: #38058 @ 2016-12-01T22:05:06Z
• ISSUE #38001: (tomlaredo) Regression on postgres_group.present ('postgres_group' __virtual__ returned
False) | refs: #38023
• ISSUE #37986: (marek-obuchowicz) Module postgres - wrong docs, doesn't work with debian 8.5 | refs:
#38023
• ISSUE #37935: (ipmb) Postgres module regression on 2016.11 | refs: #37946 #37993 #38023 #38058
• 141b5c5 Merge pull request #38023 from gtmanfred/2016.11
• 1aa43eb Expand error message for postgres states
• ac72ee6 Revert "Updated the bins_dir to default to pg_bin #37935"
• PR #38026: (rallytime) Back-port #38015 to 2016.11 @ 2016-12-01T19:16:15Z
• PR #38015: (morsik) Typo fix | refs: #38026
• 7948642 Merge pull request #38026 from rallytime/bp-38015
• 11becf3 Typo fix
• e51448f Added Carbon release notes. Fixed sphinx errors in the file. (#38022)
• PR #38022: (DmitryKuzmenko) Added Carbon release notes. Fixed sphinx errors in the file.
• 6f34332 Adjust code examples to use the actual bootstrap-salt.sh file name (#38011)
• PR #38011: (rallytime) Adjust code examples to use the actual bootstrap-salt.sh file name
• PR #37954: (gtmanfred) use sleep from path for docker.sls_build @ 2016-11-30T18:08:45Z
• ISSUE #37940: (alex-zel) dockerng.sls_build fails on some distributions | refs: #37954
• 0a04127 Merge pull request #37954 from gtmanfred/2016.11
• 9caf0b4 use sleep from path for docker.sls_build
• PR #37993: (ticosax) Remove initdb dependency to consume postgres module. | refs: #38058 @
2016-11-30T18:08:13Z
• ISSUE #37935: (ipmb) Postgres module regression on 2016.11 | refs: #37946 #37993 #38023 #38058
• 4ef5c98 Merge pull request #37993 from ticosax/remove-initdb-requirement
• c5c7a53 Remove initdb dependency to consume postgres module.
• PR #37997: (cachedout) Update gem test for 2016.11 @ 2016-11-30T17:13:45Z
• 2e55656 Merge pull request #37997 from cachedout/gem_test_carbon
• 1d221aa Update gem test for 2016.11
• PR #37979: (terminalmage) Revert addition of pillar_roots_override_ext_pillar @ 2016-11-30T14:34:24Z
• ISSUE #36723: (white-hat) ext_pillar_first option is broken in 2016.3 | refs: #36807
• ISSUE #24501: (astehlik) Order in top.sls file is not respected for pillar data in local mode | refs:
#31316
• ISSUE #19332: (QuinnyPig) Nondeterminism in Pillar | refs: #31316
• PR #36807: (terminalmage) Fix pillar merging when ext_pillar_first is enabled | refs: #37979 #37979
• PR #31316: (kraney) Let ext_pillar_first determine the override order | refs: #37979 #37979
• ca3a948 Merge pull request #37979 from terminalmage/revert-pillar-change
• 6135dfa Revert addition of pillar_roots_override_ext_pillar
• 186b3c7 Fix RST link format (#37958) (#37970)
• PR #37970: (rallytime) Back-port #37958 to 2016.11
• PR #37958: (mirceaulinic) Fix RST link format in Carbon release notes | refs: #37970
• 6976be4 Pylint fix (#37971)
• PR #37971: (rallytime) Lint 2016.11 sooner rather than later
• PR #37955: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 | refs: #37971
• PR #37946: (scott-w) Updated the bins_dir to default to pg_bin @ 2016-11-29T16:48:27Z
• ISSUE #37935: (ipmb) Postgres module regression on 2016.11 | refs: #37946 #37993 #38023 #38058
• 36f9140 Merge pull request #37946 from scott-w/37935-fix-bin-dir
• d33d403 Restored missing initdb #37935
• a041b9f Use Salt deprecation warning #37935
• a967893 Updated the bins_dir to default to pg_bin #37935
• PR #37889: (isbm) Allow overwrite archives extraction | refs: #38036 @ 2016-11-29T16:18:57Z
• d8650c5 Merge pull request #37889 from isbm/isbm-states-archive-fix
• e67706b Document the behaviour.
• 1970814 Prevent crash during externally changed archive permissions
• 91b4257 Add overwrite option so the extraction of the archive can be always performed.
• e6958f7 Remove nonsense comment and react on generally absent path name
• PR #37869: (isbm) Input sanitation (16.11) @ 2016-11-29T16:17:16Z
• e2b9e58 Merge pull request #37869 from isbm/isbm-input-sanitation-16.11
• f9ec5d6 Use six instead of builtins
• 203dfcb Use American spelling instead
• 91ed307 Sanitise input for the keys and IDs
• 86623f9 Add a stub for ID sanitiser (at the moment same as hostname)
• 637144c Rename "general.py" to "sanitisers.py"
• f2571fc Add hostname sanitiser
• 3ae086a Add filename sanitiser
• 816b1d1 Add general sanitisers
• PR #37884: (isbm) Do not include "gpg-pubkey" packages, filtering by their name @ 2016-11-28T21:11:37Z
• e539a94 Merge pull request #37884 from isbm/isbm-zypper-gpgkey-pkg-filter
• 038374a Do not include "gpg-pubkey" packages, filtering by their name
• PR #37882: (attiasr) multiple issues in boto_rds state and module @ 2016-11-28T21:09:11Z
• eb3d81a Merge pull request #37882 from attiasr/fix_missing_tags
• 73b3c5f Add newline
• 166c42b fix boto_rds.describe
• ddd88ba fix boto_rds.describe parameters and subnetgroup_present
• bfe7f92 fix missing tags in call to boto_rds.exists
• 8f986b2 Remove release candidate doc ref from 2016.11.0 release notes (#37931)
• PR #37931: (rallytime) Remove release candidate doc ref from 2016.11.0 release notes
• PR #37930: (cachedout) Remove dictionary comprehension in netusers @ 2016-11-28T20:27:06Z
• 3d2dabc Merge pull request #37930 from cachedout/fix_comp
• 670e832 Remove dictionary comprehension in netusers
• PR #37923: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2016-11-28T19:55:03Z
• ISSUE #37870: (fj40crawler) salt.states.augeas.change returns None when test=True | refs: #37895
• ISSUE #37732: (dhaines) list_semod() (from modules/selinux.py) incompatible with policycoreutils-2.5
(RHEL 7.3) | refs: #37736
• ISSUE #37287: (AaronM-Cloudtek) salt.states.ddns.present: 'NS' record type always returns as changed
| refs: #37785
• ISSUE #32829: (tyhunt99) Dockerng appears to not be using docker registries pillar data | refs:
#36893 #36893
• PR #37916: (rallytime) [2016.3] Update version numbers in doc config for 2016.11.0 release
• PR #37907: (Talkless) Fix server trust in test run of svn.latest
• PR #37896: (toanju) rh networking: add missing values
• PR #37895: (fj40crawler) Change return value for salt/states/augeas.py to be True instead of N…
• PR #37886: (bdrung) Fix various spelling mistakes
• PR #37866: (meaksh) Backport #37149 #36938 and #36784 to 2016.3
• PR #37863: (rallytime) Back-port #36893 to 2016.3
• PR #37857: (meaksh) Backport #37149 and #36938 to 2015.8 | refs: #37866
• PR #37856: (meaksh) Backport #36784 to 2015.8 | refs: #37866
• PR #37847: (laleocen) add multiline encryption documentation to nacl
• PR #37797: (clan) check count of columns after split
• PR #37785: (AaronM-Cloudtek) respect trailing dot in ddns name parameter
• PR #37762: (twangboy) Add pre_versions to chocolatey.installed
• PR #37736: (dhaines) handle semodule version >=2.4 (#37732) and fix typo
• PR #37149: (dincamihai) Fix pkg.latest_version when latest already installed | refs: #37866 #37857
• PR #36938: (wanparo) acl.delfacl: fix position of -X option to setfacl | refs: #37866 #37857
• PR #36893: (tyhunt99) add option to force a reauth for a docker registry | refs: #37863
• PR #36784: (moio) OS grains for SLES Expanded Support | refs: #37866 #37856
• 0f8b187 Merge pull request #37923 from rallytime/merge-2016.11
• da7f551 Don't let 2016.3 doc config changes overwrite the 2016.11 changes
• dfedd11 Merge branch '2016.3' into '2016.11'
• c35ba1f Merge pull request #37916 from rallytime/doc-update-2016.3
• bd40592 [2016.3] Update version numbers in doc config for 2016.11.0 release
• e13a248 Merge pull request #37785 from Cloudtek/ddns-respect-trailing-dot
• 262e3b3 respect trailing dot in ddns name parameter
• c03b389 Merge pull request #37895 from fj40crawler/fix-augeas-return-for-test
• ddc238d Fixed augeas_test.py to match True v.s. None for test_change_in_test_mode
• ef75c45 Merge branch '2016.3' of github.com:saltstack/salt into fix-augeas-return-for-test
• b0fe0cd Change return value for salt/states/augeas.py to be True instead of None for cases where
salt is run with test=True. Fixes #37870
• fdbc31e Merge pull request #37907 from Talkless/patch-2
• 072a319 Fix server trust in test run of svn.latest
• f39fdf4 Merge pull request #37896 from toanju/2016.3
• c953041 rh networking: add missing values
• ea935c5 Merge pull request #37886 from bdrung/fix-typos
• 9a51ba5 Fix various spelling mistakes
• 371b0a8 Merge pull request #37736 from dhaines/issue-37732
• 7ef590a Update selinux.py
• 516a67e fix indexing error
• 4e49c1e fix typo
• b16f2d8 handle semodule version >=2.4 (#37732) and fix typo
• 87aeb66 Merge pull request #37797 from clan/extfs
• acf0f96 check count of columns after split
• f7c7109 Merge pull request #37762 from twangboy/fix_chocolatey_state
• 9696b6d Use keyword args instead of relying on ordering
• 398eaa0 Add pre_versions to the available arguments
• 56baa92 Merge pull request #37866 from meaksh/2016.3-bp-37149-36938-36784
• 9d8d578 Fix pkg.latest_version when latest already installed
• ffca0d4 - acl.delfacl: fix position of -X option to setfacl
• 3dfed6b Adjust linux_acl unit test argument ordering
• f185ecd core.py: quote style fixed
• 8404d13 Setting up OS grains for SLES Expanded Support (SUSE's Red Hat compatible platform)
• d0cc7f0 Merge pull request #37863 from rallytime/bp-36893
• 4c70534 Add versionadded to reauth option in dockerng module
• 5ca2c38 added documentation for the new reuth option in docker registry configuration
• 5b0c11a add option to force a reauth for a docker registry
• b17a118 add multiline encryption documentation to nacl (#37847)
• 1427115 Add a release notes reference to the docker-sls tutorial (#37927)
• PR #37927: (thatch45) Add a release notes reference to the docker-sls tutorial
• d204099 [2016.11] Update version numbers in doc config for 2016.11.0 release (#37917)
• PR #37917: (rallytime) [2016.11] Update version numbers in doc config for 2016.11.0 release
• PR #37890: (bbinet) Fix support for extra_mods='six' to add six module to a thin.tgz tarball @
2016-11-28T13:53:06Z
• ee00592 Merge pull request #37890 from bbinet/fix-genthin-six
• 7fceaa3 Fix support for extra_mods='six' to add six module to a thin.tgz tarball
• 47d21d9 Don't skip pillar compilation when master_type=='disable' (#37843)
• ISSUE #37713: (aboe76) masterless minion can't call pillar.item from pillar stack (development
branch) | refs: #37843
• PR #37843: (terminalmage) Don't skip pillar compilation when master_type=='disable'
• PR #32521: (adelcast) Fix salt-call on standalone minion case | refs: #37843
• 16ce844 Eliminate warning when 'ssl' not set (#37849)
• ISSUE #37449: (thatch45) Allow TLS connections in the Tornado TCP transport | refs: #37776 #37859
• PR #37849: (skizunov) Eliminate warning when 'ssl' not set
• PR #37776: (DmitryKuzmenko) Full TLS/SSL options support as provided by Tornado TCPServer. | refs:
#37849
• 0c607cc An example configuration for TLS/SSL. (#37859)
• ISSUE #37449: (thatch45) Allow TLS connections in the Tornado TCP transport | refs: #37776 #37859
• PR #37859: (DmitryKuzmenko) TLS example config
• 7c1cfa8 Clarify the master_type docs (#37841)
• PR #37841: (terminalmage) Clarify the master_type docs
• 2bc42b8 PY3: Fix exception when handling connect exception in TCP transport (#37831)
• PR #37831: (skizunov) PY3: Fix exception when handling connect exception in TCP transport
• PR #37829: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2016-11-22T15:26:00Z
• ISSUE #37787: (elyulka) user.present state fails to change loginclass on FreeBSD | refs: #37827
• ISSUE #37751: (freach) Documentation salt.states.dockerng.running: "privileged" property undocumented
| refs: #37789
• ISSUE #37653: (gravyboat) Salt.cron docs don't wrap @hourly and @daily correctly in quotes for the
examples | refs: #37816
• ISSUE #37383: (edwardsdanielj) Orchestration arguments (kwarg) not being interperted / How I learned
to stop worrying about documentation and love experimenting | refs: #37817
• ISSUE #31953: (sjorge) Documentation for salt.states.cron is incorrect | refs: #32157
• ISSUE #19269: (markuskramerIgitt) Undocumented feature names: of file.directory | refs: #37823
• ISSUE #15697: (arthurlogilab) keystone.user_present should not re-set the password when user exists |
refs: #37821
• ISSUE #5999: (pille) libvirt.keys does not work | refs: #37820
• PR #37827: (silenius) add missing chloginclass
• PR #37826: (rallytime) Update branch refs to more relevant branch
• PR #37823: (rallytime) Add "names" option to file state docs: point users to highstate doc examples
• PR #37822: (laleocen) add documentation for multiline encryption using nacl | refs: #37826
• PR #37821: (rallytime) Clarify keystone.user_present password state docs with default behavior
• PR #37820: (rallytime) Add some dependency documentation to libvirt docs
• PR #37817: (rallytime) Update orchestrate runner file.copy doc example
• PR #37816: (rallytime) Back-port #32157 to 2016.3
• PR #37812: (rallytime) Back-port #37790 to 2016.3
• PR #37811: (rallytime) Back-port #37789 to 2016.3
• PR #37810: (rallytime) Back-port #37775 to 2016.3
• PR #37790: (sofixa) Update cloud/proxmox.rst with more options and LXC | refs: #37812
• PR #37789: (fedusia) issue: 37751 | refs: #37811
• PR #37775: (calve) Document python argument in salt.states.virtualenv_mod | refs: #37810
• PR #37772: (bdrung) Support initializing OpenSSL 1.1
• PR #32157: (cachedout) Add quotes to cron doc | refs: #37816
• dd81d2f Merge pull request #37829 from rallytime/merge-2016.11
• 3d6d32e Merge branch '2016.3' into '2016.11'
• aa37487 add missing chloginclass (#37827)
• 0e74bad Update branch refs to more relevant branch (#37826)
• 6a9b49c Add "names" option to file state docs: point users to highstate doc examples (#37823)
• aaf587d Clarify keystone.user_present password state docs with default behavior (#37821)
• c300863 Add some dependency documentation to libvirt docs (#37820)
• 485270f Merge pull request #37772 from bdrung/openssl1.1
• 819c965 Support initializing OpenSSL 1.1
• 4910912 Update orchestrate runner file.copy doc example (#37817)
• c5d3d8b Merge pull request #37816 from rallytime/bp-32157
• d9c2971 Add quotes to cron doc
• 97e6b6a Merge pull request #37812 from rallytime/bp-37790
• ca3b6e7 Update proxmox.rst with more options and LXC
• 27703c5 Merge pull request #37811 from rallytime/bp-37789
• ba3fef4 fix comment
• a021f76 issue: 37751 Add documentation for option privileged
• adac9d7 Merge pull request #37810 from rallytime/bp-37775
• 2bed914 Document python argument in salt.states.virtualenv_mod
• c66b51b network.routes should not raise exception if no interface (#37794)
• PR #37794: (sjorge) network.routes should not raise exception if no interface
• PR #37815: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2016-11-21T20:22:49Z
• ISSUE #37742: (blaketmiller) Cannot match on nodegroup when checking minions | refs: #37763
• ISSUE #37725: (secumod) salt-call incorrectly parses master hostname:port from minion config | refs:
#37766
• PR #37766: (cachedout) Fix ip/port issue with salt-call
• PR #37763: (cachedout) Add nodegroup check to ckminions
• 628c4a3 Merge pull request #37815 from rallytime/merge-2016.11
• c6b5fd3 Merge branch '2016.3' into '2016.11'
• 7de7844 Add nodegroup check to ckminions (#37763)
• d674369 Fix ip/port issue with salt-call (#37766)
• PR #37776: (DmitryKuzmenko) Full TLS/SSL options support as provided by Tornado TCPServer. | refs:
#37849 @ 2016-11-21T20:11:52Z
• ISSUE #37449: (thatch45) Allow TLS connections in the Tornado TCP transport | refs: #37776 #37859
• 0b30b93 Merge pull request #37776 from DSRCorporation/features/37449_tls
• 6857b9b Documented new TLS/SSL settings.
• e42898f Full TLS/SSL options support as provided by Tornado TCPServer.
• PR #37773: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2016-11-18T19:18:42Z
• ISSUE #36629: (yhekma) The pillar run module does not honor saltenv | refs: #37738
• ISSUE #33709: (msummers42) Any/All Salt-SSH invocations in 2016.3.0 Fails with AttributeError:
'module' object has no attribute 'BASE_THORIUM_ROOTS_DIR' | refs: #37767
• PR #37767: (cachedout) Add thorium path to syspaths
• PR #37760: (hu-dabao) Fix couchbase returner and add couple of more features
• PR #37745: (cro) Switch default filter tag for ONE resources from user only to all resources
• PR #37738: (terminalmage) Allow pillar.get to retrieve fresh pillar data when saltenv passed
• 3835f91 Merge pull request #37773 from rallytime/merge-2016.11
• c859fc9 Merge branch '2016.3' into '2016.11'
• c62ff6b Add thorium path to syspaths (#37767)
• bff949f Merge pull request #37760 from hu-dabao/fix_cb_returner
• de372f2 1. returner no need to check whether the jid exists for external job cache setup 2. add
full_ret to return doc so that the document will be informative 3. make ttl as a config attribute
because salt-minion does not have keep_jobs attribute 4. add password into config attribute 5.
update the documents accordingly
• 1f976ac Merge pull request #37738 from terminalmage/issue36629
• da46678 Allow pillar.get to retrieve fresh pillar data when saltenv passed
• 7aee7fc Switch default filter tag for ONE resources from user only to all resources (#37745)
• PR #37764: (mirceaulinic) Doc fixes and replace feature @ 2016-11-18T03:15:31Z
• 6f0f70c Merge pull request #37764 from cloudflare/NET-UPDATE
• c3f0202 Replace feature and doc fixes
Salt 2016.11.2 Release Notes
Version 2016.11.2 is a bugfix release for 2016.11.0.
Security Fixes
CVE-2017-5192: local_batch client external authentication not respected
The LocalClient.cmd_batch() method client does not accept external_auth credentials and so access to it
from salt-api has been removed for now. This vulnerability allows code execution for
already-authenticated users and is only in effect when running salt-api as the root user.
CVE-2017-5200: Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client
Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems
were enabled.
We recommend everyone upgrade to 2016.11.2 as soon as possible.
Changes for v2016.11.1..v2016.11.2
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2017-01-20T21:19:44Z
Statistics:
• Total Merges: 155
• Total Issue references: 70
• Total PR references: 200
Changes:
• PR #38819: (twangboy) Remove Users from c:\salt [DO NOT MERGE FORWARD] @ 2017-01-20T20:17:35Z
• 4913c4f Merge pull request #38819 from twangboy/salt_perms_2016.11
• eb04ed7 Remove User from c:\salt
• PR #38815: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-01-20T18:53:01Z
• ISSUE #38629: (Arabus) Conflicting documentation about default value of pillar_opts | refs: #38792
• ISSUE #38622: (mikejford) Incorrect saltenv argument documentation in salt.modules.state | refs:
#38789
• ISSUE #38388: (johje349) No INFO logs in minion log file | refs: #38808
• ISSUE #36598: (ikkaro) CloudClient vmware driver reusing SI bug | refs: #38813
• ISSUE #10: (thatch45) list jobs option
• PR #38813: (gtmanfred) catch SIGPIPE in vmware connection
• PR #38812: (rallytime) Update pyobjects test to be a list
• PR #38809: (twangboy) Fix get_hostname to handle longer computer names
• PR #38808: (vutny) Fix #38388
• PR #38792: (rallytime) Update pillar tutorial lanuage regarding pillar_opts settings
• PR #38790: (cachedout) Fix typo in pyobjects test
• PR #38789: (rallytime) Update some saltenv refs to environment in salt.modules.state docs
• PR #38668: (terminalmage) Fix proposal for #38604
• a275b97 Merge pull request #38815 from rallytime/merge-2016.11
• ce6d1b1 Make sure we're using the opts dict mocking in parsers_test
• 315b2c8 Merge branch '2016.3' into '2016.11'
• d14f0c6 Merge pull request #38812 from rallytime/pyobjects-test
• f3e84c1 Update pyobjects test to be a list
• 50f03f8 Merge pull request #38813 from gtmanfred/2016.3
• ce3472c catch SIGPIPE in vmware connection
• 23b8b47 Merge pull request #38809 from twangboy/fix_hostname_2016.3
• d57a51f Fix tests for get_hostname
• 7ca3fd7 Fix get_hostname to handle longer computer names
• 1033bbd Merge pull request #38808 from vutny/fix-38388
• 9bd203f Fix #38388
• f3ae3cd Merge pull request #38668 from terminalmage/issue38604
• 0ea97cd Merge pull request #10 from cachedout/pr-38668
• db81afc Munge retcode into return data for batching
• a642a99 Return the ret data from batch execution instead of raw data
• c6a19a9 Merge pull request #38789 from rallytime/fix-38622
• af41fe0 Update some saltenv refs to environment in salt.modules.state docs
• e0bf700 Merge pull request #38790 from cachedout/fix_pyobjects_test_typo
• a66afb5 Fix typo in pyobjects test
• 6e9785e Merge pull request #38792 from rallytime/fix-38629
• 1e125e2 Update pillar tutorial lanuage regarding pillar_opts settings
• PR #38832: (terminalmage) archive.extracted: Identify symlinks when checking for incorrect types @
2017-01-20T18:36:15Z
• efe1bf1 Merge pull request #38832 from terminalmage/issue38711
• d10c068 Update archive state unit tests to reflect symlinks in archive.list
• d6adfb6 Identify symlinks when looking for incorrect types
• 09b9e95 archive.list: organize symlinks separately from files in verbose mode
• e6483f0 Support removing symlinks in salt.utils.rm_rf
• PR #38726: (twangboy) Add VC Redist 2008 SP1 MFC to installer @ 2017-01-19T19:13:42Z
• 10a3d8b Merge pull request #38726 from twangboy/vcredist
• f00a653 change extensions .ext to .exe
• 98c40e2 Add VC Redist 2008 SP1 MFC to installer
• PR #38810: (UtahDave) Fix beacon doc @ 2017-01-18T21:37:21Z
• d5f2d92 Merge pull request #38810 from UtahDave/fix_beacon_doc_zd1035
• dbe9edb fix reactor example.
• PR #38811: (techhat) Show a lot less data when requesting a VM @ 2017-01-18T21:08:03Z
• 88faf08 Merge pull request #38811 from techhat/sanvm
• 47c1932 Show a lot less data when requesting a VM
• a8a6215 refine the os detection in archive test (#38807)
• PR #38807: (Ch3LL) refine the os detection in archive test
• PR #38799: (aosagie) Parse ansible dynamic inventory output correctly @ 2017-01-18T15:32:47Z
• e3ca688 Merge pull request #38799 from aosagie/fix-ansible-dynamic-roster
• 26d6f69 Parse ansible dynamic inventory output correctly
• PR #38787: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-01-18T08:39:08Z
• ISSUE #38524: (rbjorklin) salt-api seems to ignore rest_timeout since 2016.11.0 | refs: #38527 #38585
• ISSUE #38479: (tyeapple) api_logfile setting takes no effect | refs: #38585
• PR #38796: (cachedout) Revert "Fixed prepending of root_dir override to the other paths"
• PR #38774: (vutny) DOCS: add C++ compiler installation on RHEL required for bundled 0mq
• PR #38749: (vutny) pkg build modules throw better exception message if keyid wasn't found
• PR #38707: (alexbleotu) Fixed prepending of root_dir override to the other paths | refs: #38796
• PR #38585: (rallytime) Follow up to PR #38527
• PR #38570: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 | refs: #38585
• PR #38560: (Ch3LL) fix api logfile | refs: #38585
• PR #38527: (rbjorklin) salt-api no longer forces the default timeout | refs: #38585 #38585 #38585
• 76df6a4 Merge pull request #38787 from rallytime/merge-2016.11
• 2aad54c Merge branch '2016.3' into '2016.11'
• 3417adc Merge pull request #38796 from saltstack/revert-38707-root_dir_fix-gh
• cb080f3 Revert "Fixed prepending of root_dir override to the other paths"
• 64d866f Merge branch '2016.3' into '2016.11'
• bab3479 Merge pull request #38585 from rallytime/follow-up-38527
• 0558720 Pylint fix: add line at end of file
• fa01367 Keep a copy of the DEFAULT_API_OPTS and restore them after the test run
• 2ad0763 Test clean up
• fd2ee7d Add some simple unit tests for salt.config.api_config function
• 3d2fefc Make sure the pidfile and log_file values are overridden by api opts
• 1f6b540 Make sure the pidfile and log_file values are overridden by api opts
• 04d307f salt-api no longer forces the default timeout
• 0fb6bb7 Merge pull request #38707 from alexbleotu/root_dir_fix-gh
• 0bac8c8 Fixed prepending of root_dir override to the other paths
• 96c9dc1 Merge pull request #38774 from vutny/dev-test-docs
• 4620dc4 DOCS: add C++ compiler installation on RHEL required for bundled 0mq
• aedfbb7 Merge pull request #38749 from vutny/pkg-build-better-exception-msg
• 53f2be5 pkg build modules throw better exception message if keyid wasn't found
• PR #38660: (techhat) Don't force salt.cache to use cachedir from opts @ 2017-01-17T18:38:35Z
• 4e6146f Merge pull request #38660 from techhat/cachedir
• be55b57 One last fix
• fc24b24 Add correct function name
• 9bbecf7 Typo fix
• 436ba28 Change getlist back to list (using _list)
• ff734fe Default to CACHE_DIR in syspaths
• 380abd3 Add cachedir args to tests
• deb08c0 Not every module will need cachedir
• 4489f7c Don't force salt.cache to use cachedir from opts
• PR #38667: (rallytime) Back-port #37982 to 2016.11 @ 2017-01-17T15:42:13Z
• ISSUE #37948: (djacobs2016) ssh_known_hosts.present is failing when checking key/host | refs: #37982
#37982
• ISSUE #33932: (folti) ssh_known_hosts.present: hashing global known hosts file makes it readable by
root only | refs: #33933
• PR #37982: (wolfpackmars2) Update ssh.py | refs: #38667
• PR #33933: (folti) ssh: keep original permissions, when hashing known_hosts | refs: #38667
• 89dc86e Merge pull request #38667 from rallytime/bp-37982
• be91e46 Update ssh.py
• PR #38759: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-01-17T15:22:01Z
• ISSUE #38674: (jackywu) There is no code to use parameter 'event_publisher_pub_hwm' in
saltstack-2016.3 | refs: #38723
• ISSUE #20: (thatch45) Sort sys.doc output
• ISSUE #19: (thatch45) Sending a faulty command kills all the minions!
• PR #38743: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #38739: (vutny) DOCS: correct examples of running test suite
• PR #38735: (vutny) DOCS: add links to File State Backups page where necessary
• PR #38731: (rallytime) Various follow up fixes
• PR #38723: (rallytime) Remove "event_publisher_pub_hwm" and "salt_event_pub_hwm" from
config/__init__.py
• PR #38720: (dereckson) Proofread jinja_to_execution_module tutorial
• PR #38693: (twangboy) Update jinja2 to 2.9.4
• PR #38669: (rallytime) Update bootstrap script verstion to latest release
• PR #38602: (terminalmage) Fix failing
unit.states.boto_vpc_test.BotoVpcRouteTableTestCase.test_present_with_routes
• PR #29294: (skizunov) ZeroMQ no longer required when transport is TCP | refs: #38723 #38723
• 751e14c Merge pull request #38759 from rallytime/merge-2016.11
• 30e8a66 Merge branch '2016.3' into '2016.11'
• 8466b34 Merge pull request #38743 from rallytime/merge-2016.3
• d24776f Merge branch '2015.8' into '2016.3'
• 6869621 Merge pull request #38731 from rallytime/merge-2015.8
• 9eb191b Pylint fix
• b910499 Various follow up fixes
• e8309a6 Add release notes for 2015.8.13
• f881f36 Merge pull request #20 from rallytime/2015.8.12_follow_up-batch-tests
• 3428232 Clean up tests and docs for batch execution
• c80b20b Merge pull request #19 from whiteinge/batchclient
• 3d8f3d1 Remove batch execution from NetapiClient and Saltnado
• 97b0f64 Lintfix
• d151666 Add explanation comment
• 62f2c87 Add docstring
• 9b0a786 Explain what it is about and how to configure that
• 5ea3579 Pick up a specified roster file from the configured locations
• 3a8614c Disable custom rosters in API
• c0e5a11 Add roster disable flag
• e9c59e9 Merge pull request #38602 from terminalmage/fix-boto-test
• 3424a10 Fix failing unit.states.boto_vpc_test.BotoVpcRouteTableTestCase.test_present_with_routes
• a642cde Merge pull request #38723 from rallytime/fix-38674
• 706c885 Remove "event_publisher_pub_hwm" and "salt_event_pub_hwm" from config/__init__.py
• fc545af Merge pull request #38669 from rallytime/update-bootstrap-script
• 78ba76e Update bootstrap script verstion to latest release
• 50d417f Merge pull request #38693 from twangboy/update_jinja
• e0c7e55 Update jinja2 to 2.9.4
• f4233bb Merge pull request #38739 from vutny/fix-runtests-doc
• b872bb6 DOCS: correct examples of running test suite
• 51d4707 DOCS: add links to File State Backups page where necessary (#38735)
• 6d3717b Proofread jinja_to_execution_module tutorial (#38720)
• PR #38778: (mirceaulinic) Fix "Error using napalm netusers" @ 2017-01-17T15:20:27Z
• ISSUE #38775: (charburns) Error using napalm netusers | refs: #38778
• bb6291d Merge pull request #38778 from cloudflare/fix-38775
• b3388f7 Fix #38775
• PR #38664: (clinta) X509 Improvements. Expose setting permissions, encrypted private keys, and combined
key and cert management in one state @ 2017-01-17T02:20:18Z
• ISSUE #38528: (MorphBonehunter) x509 make permissions configurable | refs: #38664
• ISSUE #38081: (haraldrudell) x509 state or module cannot generate password protected private keys |
refs: #38664
• 6663107 Merge pull request #38664 from clinta/x509-passphrase2
• 77c7872 pep8
• a2b20ee No mutable default args, remove unneeded import
• b48b85c bug fixes
• f62393b pep8
• c861324 change documentation
• 9a0abde expose passphrase functionality to state
• e47a93d add passphrase to execution module
• a4d6598 preserve detailed change reports
• d0ad251 combine private key and cert management
• 3d1474d cross call file.managed to get permissions options
• PR #38682: (mirceaulinic) [2016.11.2/napalm] Better error message when NotImplementedError raised @
2017-01-15T18:34:25Z
• bf6d74c Merge pull request #38682 from cloudflare/NotImplementedError-MSG
• f847639 Better error message when NotImplementedError raised
• PR #38695: (rallytime) Pass in client_args when calling influxdb execution module funcs @
2017-01-15T18:33:48Z
• ISSUE #37996: (stefan-as) influxdb_user.present does not pass client_args | refs: #38695
• df12e49 Merge pull request #38695 from rallytime/fix-37996
• 05b0975 Pass in client_args when calling influxdb execution module funcs
• PR #38651: (rallytime) Don't lose the set reference for ec2 securitygroup ids @ 2017-01-15T18:06:25Z
• ISSUE #38521: (vladvasiliu) State cloud.present on AWS: TypeError: 'NoneType' object is not iterable
| refs: #38651
• ISSUE #37981: (tazaki) Salt-cloud ec2 vpc securitygroupid always returning default | refs: #38183
• PR #38183: (cro) Fix bad set operations when setting up securitygroups in AWS. | refs: #38651
• 834e546 Merge pull request #38651 from rallytime/fix-38521
• 830c03c Don't lose the set reference for ec2 securitygroup ids
• PR #38659: (techhat) Turn None into an empty string (for minion matching) @ 2017-01-15T18:02:03Z
• ISSUE #38216: (pgrishin) salt-run: can't get cache.grains | refs: #38659
• 8b38cfe Merge pull request #38659 from techhat/issue38216
• 4073c91 Turn None into an empty string (for minion matching)
• PR #38703: (yhekma) The test option is only valid for the minion, not the master @ 2017-01-15T17:56:22Z
• 0ad5d22 Merge pull request #38703 from yhekma/docfix
• 57df3bf The test option is only valid for the minion, not the master
• PR #38718: (terminalmage) Fix for dynamic git_pillar when pillarenv is used @ 2017-01-15T14:37:30Z
• 8c1222e Merge pull request #38718 from terminalmage/zd909
• 12bbea5 Fix for dynamic git_pillar when pillarenv is used
• PR #38676: (yhekma) Removed overloading of list() @ 2017-01-15T05:42:13Z
• ISSUE #38677: (yhekma) consul cache backend broken | refs: #38676
• aae8b54 Merge pull request #38676 from yhekma/2016.11
• 3237d23 Localfs should also be changed of course
• 9d9de67 We do not want to overload the list() type because if we do, we turn this function into a
recursive one, which results in an exception because set() cannot be concatenated with str ('/')
• PR #38713: (rallytime) Add NameError to exception in avahi_announce beacon @ 2017-01-15T05:33:04Z
• ISSUE #38684: (rukender) 2016.11.1 :[ERROR][11182] Failed to import beacons avahi_announce | refs:
#38713
• c246ab4 Merge pull request #38713 from rallytime/fix-38684
• db60bed Add NameError to exception in avahi_announce beacon
• PR #38729: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-01-13T23:15:33Z
• ISSUE #38648: (ericuldall) No release file error from PPA on Ubuntu | refs: #38650
• ISSUE #38572: (COLABORATI) ppa:saltstack/salt failure | refs: #38650
• ISSUE #38087: (UtahDave) The 'data' field in the return from a minion below a syndic is wrapped in an
extra 'data' field. | refs: #38657
• ISSUE #36548: (abonillasuse) openstack auth with nova driver | refs: #38647
• ISSUE #34504: (AvinashDeluxeVR) Installation documentation for Ubuntu server and Windows minion leads
the user to use different salt versions. | refs: #38650
• PR #38657: (DmitryKuzmenko) Publish the 'data' field content for Syndic evets
• PR #38650: (rallytime) Remove the installation instructions for out-of-date community ppa
• PR #38649: (Ch3LL) fix unit.modules.file_test
• PR #38647: (gtmanfred) Allow novaclient to use keystoneauth1 sessions for authentication
• 6c14774 Merge pull request #38729 from rallytime/merge-2016.11
• 4e1e45d Merge branch '2016.3' into '2016.11'
• 7b850d4 Merge pull request #38647 from gtmanfred/nova
• 5be9b60 add documentation about using keystoneauth for v3
• 7b657ca add the ability to use keystone v2 and v3
• 5646ae1 add ability to use keystoneauth to authenitcate in nova driver
• 383768d Merge pull request #38650 from rallytime/remove-ubuntu-ppa-docs
• 30429b2 Remove the installation instructions for out-of-date community ppa
• 7d9f56e Merge pull request #38657 from DSRCorporation/bugs/38087_syndic_event_format_fix
• 594c33f Publish the 'data' field content for Syndic evets
• 8398751 Merge pull request #38649 from Ch3LL/test_apply_template
• 47f8b68 fix unit.modules.file_test
• PR #38635: (lorengordon) Sends pass-through params to state module @ 2017-01-10T20:01:59Z
• ISSUE #38631: (doitian) In Orchestration, kwargs are not passed to state.sls in masterless mode |
refs: #38635
• cfd82d1 Merge pull request #38635 from lorengordon/issue-38631
• 1466613 Sends pass-through params to state module
• PR #38640: (mirceaulinic) Import napalm_base instead of napalm @ 2017-01-10T19:58:01Z
• 017094a Merge pull request #38640 from cloudflare/NAPALM-IMPORTS
• 8f13f63 Import napalm_base instead of napalm
• PR #38661: (techhat) Add sane cache defaults for minion and cloud @ 2017-01-10T19:55:15Z
• 7966313 Merge pull request #38661 from techhat/sanedefault
• aee4064 Add a sane cache default for cloud
• c9e01a3 Add a sane cache default for minions
• PR #38645: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-01-10T19:54:06Z
• ISSUE #38558: (multani) pillar.get("...", default=var, merge=true) updates default value | refs:
#38579 #38579
• ISSUE #37355: (Firewire2002) salt-ssh - ImportError: No module named backports.ssl_match_hostname |
refs: #37358
• ISSUE #34600: (davidpsv17) Error trying a salt-ssh test.ping | refs: #37358
• ISSUE #27355: (jerob) salt ssh error with debian 7 on target | refs: #37358
• PR #38626: (cachedout) Revert "Fix/workaround for issue #37355"
• PR #38618: (rallytime) Back-port #38579 to 2016.3
• PR #38579: (zwo-bot) Fix #38558 - pillar.get with default= ...,merge=true influence subsequent calls
of pillar.get | refs: #38618
• PR #37358: (Firewire2002) Fix/workaround for issue #37355 | refs: #38626
• PR #35390: (alexandr-orlov) Returns back missed proper grains dictionary for file module
• b0ed91c Merge pull request #38645 from rallytime/merge-2016.11
• 7a668e9 Merge branch '2016.3' into '2016.11'
• 74ddc71 Merge pull request #38626 from saltstack/revert-37358-2016.3.3_issue37355
• e912ac9 Revert "Fix/workaround for issue #37355"
• 5e58b32 Merge pull request #37358 from Firewire2002/2016.3.3_issue37355
• 910da18 fixed typo
• 4fbc5dd fixed wrong renamed variable and spaces
• 92366e6 issue #37355
• 7dc87ab issue #37355
• 2878180 issue #37355
• 6c2fe61 Merge pull request #35390 from alexandr-orlov/2016.3
• cd5ae17 fxd missed proper grains dictionary
• 2579cfa Merge pull request #38618 from rallytime/bp-38579
• 2052ece Add copy import
• 2c8845a add test for pillar.get() + default value
• c2f98d2 ticket 38558: add unit test, deepcopy() only if necessary
• 30ae0a1 added deepcopy of default if merge=True
• PR #38627: (cachedout) Pr 38476 @ 2017-01-06T22:05:45Z
• PR #38476: (amendlik) Key fingerprints | refs: #38627
• d67f693 Merge pull request #38627 from cachedout/pr-38476
• 2a423ff Add changes to raetkey
• 55ad9d6 Add hash_type argument to MultiKeyCLI.finger_all function
• c868126 Add hash_type argument to key module fingerprint functions
• d0f4c30 Add hash_type argument to wheel fingerprint functions
• e558ddc Add finger_master function to wheel.key module
• PR #38610: (yue9944882) Fix #38595 - Unexpected error log from redis retuner in master's log @
2017-01-06T21:47:21Z
• ISSUE #38595: (yue9944882) Redis ext job cache occurred error | refs: #38610 #38610
• b13cd13 Merge pull request #38610 from yue9944882/2016.11
• 54325cf Fix #38595 - Unexpected error log from redis retuner in master's log
• PR #38406: (alex-zel) Fix eauth error with openLDAP/389 directory server groups @ 2017-01-06T21:40:30Z
• ISSUE #36148: (alex-zel) Eauth error with openLDAP groups | refs: #38406 #38406
• 179d385 Merge pull request #38406 from alex-zel/fix-eauth-groups-permissions
• 6b9e9d8 Fix eauth error with openLDAP/389 directory server groups
• PR #38619: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-01-06T17:51:19Z
• ISSUE #37498: (githubcdr) service.restart salt-minion fails on Ubuntu 14.04.5 LTS | refs: #38587
• PR #38601: (terminalmage) pillar.get: Raise exception when merge=True and default is not a dict
• PR #38600: (terminalmage) Avoid errors when sudo_user is set (2016.3 branch)
• PR #38598: (terminalmage) Avoid errors when sudo_user is set | refs: #38599 #38600
• PR #38589: (tobithiel) State Gem: fix incorrect warning about missing rvm/rbenv
• PR #38587: (rallytime) Change daemontools __virtualname__ from service to daemontools
• PR #38567: (pass-by-value) Create queue if one doesn't exist
• 82e9b3d Merge pull request #38619 from rallytime/merge-2016.11
• 0efb2d8 Merge branch '2016.3' into '2016.11'
• da676ce Merge pull request #38601 from terminalmage/pillar-get
• 8613d72 pillar.get: Raise exception when merge=True and default is not a dict
• 224fc77 Merge pull request #38600 from terminalmage/issue38459-2016.3
• 8a45b13 Avoid errors when sudo_user is set
• a376970 Merge pull request #38589 from tobithiel/fix_rvm_rbenv_warning
• 9ec470b State Gem: fix incorrect warning about missing rvm/rbenv
• 02e6a78 Merge pull request #38567 from pass-by-value/pgjsonb_queue_changes_2016.3
• 67879eb Create queue if one doesn't exist
• 0889cbd Merge pull request #38587 from rallytime/fix-37498
• 2a58809 Change daemontools __virtualname__ from service to daemontools
• PR #38612: (sjorge) network.ifacestartswith throws exception on Solaris-like platforms @
2017-01-06T17:20:32Z
• f64e003 Merge pull request #38612 from sjorge/2016.11-solaris-ifacestartswith
• 26fae54 network.ifacestartswith throws exception on Solaris-like platforms
• PR #38615: (sjorge) add note related to issue #37027 @ 2017-01-06T16:38:34Z
• ISSUE #37027: (sjorge) Solaris FQDN/UQDN and documentation/consistancy | refs: #38615 #38615
• 5820cee Merge pull request #38615 from sjorge/2016.11-solarisdocs
• fbdd32f add note related to issue #37027
• PR #38598: (terminalmage) Avoid errors when sudo_user is set | refs: #38599 #38600 @
2017-01-05T23:16:22Z
• a27fdb4 Merge pull request #38598 from terminalmage/issue38459
• b37f7ff Avoid errors when sudo_user is set
• PR #38599: (terminalmage) archive.extracted: Prevent traceback when state.single cannot be run @
2017-01-05T23:16:11Z
• PR #38598: (terminalmage) Avoid errors when sudo_user is set | refs: #38599 #38600
• d6b7019 Merge pull request #38599 from terminalmage/archive-results-handling
• 9aceb81 archive.extracted: Prevent traceback when state.single cannot be run
• PR #38520: (basdusee) Fix issue #38517, added time.sleep(1) at line 227 in slack.py @
2017-01-05T20:35:08Z
• ISSUE #38517: (basdusee) Slack.py engine 100% CPU load due to missing time.sleep(1) | refs: #38520
• d486b42 Merge pull request #38520 from basdusee/fix-issue-38517
• e3a883c Small fix on the fix regarding indentation
• 8adeae6 Fix issue #38517, added time.sleep(1) at line 227 in slack.py engine.
• PR #38577: (mirceaulinic) Fix function headers as per #38499 @ 2017-01-05T18:41:33Z
• ISSUE #38485: (wasabi222) bgp.config not working | refs: #38499
• PR #38499: (mirceaulinic) Fix #38485 | refs: #38577
• 0706cde Merge pull request #38577 from cloudflare/PREP-2016.11.2
• 62bee3c Fix function headers as per #38499
• PR #38578: (mirceaulinic) [2016.11] Port 5123f11 from develop into 2016.11.2 @ 2017-01-05T18:11:12Z
• 55d1747 Merge pull request #38578 from cloudflare/PORT-5123f1
• dea7866 Update net.load_template doc: 2016.11.2
• PR #38584: (rallytime) Allow memusage beacon to load on Windows @ 2017-01-05T18:08:30Z
• ISSUE #38462: (g-shockfx) Can`t add beacon memusage on Windows | refs: #38584 #38584
• be69baf Merge pull request #38584 from rallytime/fix-38462
• 1fe945d Allow memusage beacon to load on Windows
• PR #38570: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 | refs: #38585 @
2017-01-05T14:28:38Z
• ISSUE #38353: (Ch3LL) salt-cloud gce specifying | refs: #38542 #38542
• ISSUE #38187: (curiositycasualty) username/password saved as cleartext when using URIs with
user:pass@ format | refs: #38541
• ISSUE #30454: (favoretti) Using yaml serializer inside jinja template results in unicode being
prepended by '!!python/unicode' | refs: #38554 #38554 #30481
• PR #38562: (rallytime) Update arch installation docs with correct package name
• PR #38560: (Ch3LL) fix api logfile | refs: #38585
• PR #38554: (multani) Fix YAML deserialization of unicode
• PR #38542: (Ch3LL) fix gce image bug
• PR #38541: (techhat) Strip user:pass from cached URLs
• PR #38536: (UtahDave) add note about pyVmomi locale workaround
• PR #38531: (rallytime) Back-port #33601 to 2016.3
• PR #33601: (mchugh19) Fix slack engine to run on python2.6 | refs: #38531
• PR #30481: (basepi) Add yaml_safe jinja filter | refs: #38554
• 14b643f Merge pull request #38570 from rallytime/merge-2016.11
• 30f14d1 Merge branch '2016.3' into '2016.11'
• 7b74436 Merge pull request #38562 from rallytime/arch-install-docs
• 8b1897a Update arch installation docs with correct package name
• 0186070 Merge pull request #38560 from Ch3LL/fix_api_log
• 1b45e96 fix api logfile
• 0056620 Merge pull request #38531 from rallytime/bp-33601
• c36cb39 remove the unnecessary double trigger
• 3841449 fix spacing lint error
• 8c1defc Remove uncessary type from alias commands. Deduplicate alias handling to autodetect
function selection. Add error reporting to slack connectivty problems. Cleanup slack's unicode
conversion
• c2f23bc Fix slack engine to run on python2.6
• 50242c7 Merge pull request #38541 from techhat/issue38187
• eae3a43 Strip user:pass from cached URLs
• 325dc56 Merge pull request #38554 from multani/fix/30454
• 2e7f743 yaml: support unicode serialization/deserialization
• df76113 jinja: test the "yaml" filter with ordered dicts
• f7712d4 Revert "Add yaml_safe filter"
• 4ddbc2e add note about pyVmomi locale workaround (#38536)
• 1c951d1 fix gce image bug (#38542)
• PR #38509: (mostafahussein) Stop request from being processed if bad ip @ 2017-01-04T20:05:44Z
• 9a1550d Merge pull request #38509 from mostafahussein/2016.11
• 8847289 remove commented code
• 420817a Stop request from being processed if bad ip
• PR #38522: (kkoppel) Fix usage of salt.utils.http.query in slack_notify.call_hook @
2017-01-04T20:04:57Z
• ISSUE #38518: (kkoppel) slack_notify.call_hook returns tracebacks | refs: #38522
• bc07d42 Merge pull request #38522 from kkoppel/fix-issue-38518
• ff1e7f0 Fix usage of salt.utils.http.query in slack_notify.call_hook
• PR #38527: (rbjorklin) salt-api no longer forces the default timeout | refs: #38585 #38585 #38585 @
2017-01-04T17:10:15Z
• ISSUE #38524: (rbjorklin) salt-api seems to ignore rest_timeout since 2016.11.0 | refs: #38527 #38585
• 42fef27 Merge pull request #38527 from rbjorklin/api-timeout-fix
• 0202f68 salt-api no longer forces the default timeout
• PR #38529: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-01-04T17:06:57Z
• ISSUE #38472: (jinm) file.managed Unable to manage file: 'hash_type' (2016.3.4) | refs: #38503
• ISSUE #38449: (swalladge) Parsing issues in list_tab (salt/modules/cron.py) | refs: #38487
• ISSUE #38438: (jf) file.line with mode=delete breaks on empty file | refs: #38467
• ISSUE #38282: (sash-kan) file.managed fails when file (which contains utf-characters in the name)
exists | refs: #38415
• ISSUE #38209: (limited) Accepting a minion causes tornado to exit | refs: #38474
• ISSUE #37684: (thusoy) State execution duration is timezone-dependent | refs: #38491
• PR #38503: (jinm) Hash type fallback for file management
• PR #38491: (gtmanfred) Use UTC for timing in case timezone changes
• PR #38487: (gtmanfred) Fix crontab issues with spaces
• PR #38474: (cachedout) Allow an existing ioloop to be passed to salt-key
• PR #38467: (gtmanfred) file.line fail with mode=delete
• PR #38457: (bshelton229) Stops git.latest checking for local changes in a bare repo
• PR #38434: (slinn0) Make sysctl.persist fail when failing to set a value into the running kernel
• PR #38421: (rallytime) Update deprecation notices to the correct version
• PR #38420: (rallytime) Removed various deprecation notices from salt/modules/* files | refs: #38421
• PR #38419: (Ch3LL) fix scsci docs example
• PR #38415: (terminalmage) file.managed: Fix failure when filename contains unicode chars
• PR #38385: (dragon788) Use unambigous long names with double dashes
• 1895eb7 Merge pull request #38529 from rallytime/merge-2016.11
• 85f4702 Merge branch '2016.3' into '2016.11'
• ec60f9c Merge pull request #38487 from gtmanfred/2016.3
• 048b9f6 add test
• c480c11 allow spaces in cron env
• c529ec8 allow crons to have multiple spaces
• c5ba11b Merge pull request #38491 from gtmanfred/timing
• 79368c7 Use UTC for timing in case timezone changes
• 86f0aa0 Merge pull request #38503 from jinm/issue_38472_jinm
• 0cd9df2 Hash type fallback for file management
• ed2ba4b Merge pull request #38457 from bshelton229/git-latest-head-bug
• 558e7a7 Stops git.latest checking for local changes in a bare repo
• 36e21b2 Merge pull request #38385 from dragon788/2016.3-double-dash
• 86c4b56 Newline for lint compat
• 9d9b686 Address review comments, consistency of quotes
• df9bd5e Use unambigous long names with double dashes
• 59f2560 Merge pull request #38474 from cachedout/key_loop
• de50453 Allow an existing ioloop to be passed to salt-key
• 3d0c752 Merge pull request #38467 from gtmanfred/2016.3
• 7b7c6b3 file.line fail with mode=delete
• 940025d Merge pull request #38434 from slinn0/issue_38433_fixes
• 22af87a Fixes for https://github.com/saltstack/salt/issues/38433
• e5eb512 Update deprecation notices to the correct version (#38421)
• 9ce5331 file.managed: Fix failure when filename contains unicode chars (#38415)
• 2cdb59d Merge pull request #38419 from Ch3LL/fix_doc_scsi
• 234043b fix scsci docs example
• PR #38539: (twangboy) Fix DSC LCM Config int checks @ 2017-01-04T16:56:27Z
• ec4f118 Merge pull request #38539 from twangboy/dsc_int_checks
• 5657fd1 Add repr flag for str
• aea4219 Fix DSC LCM Config int checks
• PR #38549: (meaksh) Adding multiple SUBVOLUME support and some fixes to the Snapper module @
2017-01-04T15:32:30Z
• 53449c8 Merge pull request #38549 from meaksh/2016.11-snapper-multiple-subvolumen-support
• ef26e93 Some fixes and pylint
• 1e6ba45 Fixes pre/post snapshot order to get the inverse status
• 68d5475 Fixing Snapper unit tests for SUBVOLUME support
• e9919a9 Removing possible double '/' from the file paths
• 8b4f87f Updating and fixing the documentation
• edea452 Raises "CommandExecutionError" if snapper command fails
• 3841e11 Only include diff in the state response if include_diff is True
• 7803e77 Adds multiple SUBVOLUME support to the Snapper module
• d43beab Move boto_vpc.describe_route_table deprecation version to Oxygen (#38545)
• PR #38545: (rallytime) Move boto_vpc.describe_route_table deprecation version to Oxygen
• PR #38471: (twangboy) Fix Problem with win_service module @ 2017-01-01T20:30:21Z
• 5e80104 Merge pull request #38471 from twangboy/fix_win_service
• 810471b Fix problem with some services getting access denied
• PR #38499: (mirceaulinic) Fix #38485 | refs: #38577 @ 2017-01-01T17:42:15Z
• ISSUE #38485: (wasabi222) bgp.config not working | refs: #38499
• 0a09049 Merge pull request #38499 from cloudflare/FIX-38485
• 1801813 Fix #38485
• PR #38501: (mvdwalle) Do not assume every object is a server @ 2017-01-01T17:37:57Z
• 13f0b80 Merge pull request #38501 from mvdwalle/fix-gogrid-list-password
• bd7dee9 Do not assume every object is a server
• PR #38461: (anlutro) Improvements/fixes to kapacitor task change detection @ 2016-12-29T17:08:47Z
• aa0c843 Merge pull request #38461 from alprs/fix-kapacitor_changes
• 52721e9 clean up and fix tests
• 8648775 if task is not defined, it's not up to date
• c3ab954 improvements/fixes to kapacitor task change detection
• PR #38473: (twangboy) Change OSX/OS X to macOS where possible @ 2016-12-29T16:35:11Z
• 2c51eb9 Merge pull request #38473 from twangboy/osx_to_macos
• e96bfe8 Change OSX/OS X to macOS where possible
• PR #38412: (bbinet) Update PillarStack stack.py to latest upstream version @ 2016-12-28T19:28:40Z
• 2497fb5 Merge pull request #38412 from bbinet/pillarstack-updates
• b66b4bd Fix lint violations in stack.py
• 6a30fe6 Update PillarStack stack.py to latest upstream version
• PR #38456: (twangboy) Gate Windows Specific Salt Utils @ 2016-12-28T18:44:33Z
• 5395d32 Merge pull request #38456 from twangboy/gate_win_utils
• d34d110 Fix lint, fix boto module
• c201111 Gate Windows Utils
• PR #38428: (gqgunhed) fixed typo: lq command-line syntax @ 2016-12-27T15:42:02Z
• 7c77991 Merge pull request #38428 from gqgunhed/fix_lq_typo
• d79d682 fixed typo: lq command-line syntax
• PR #38444: (lorengordon) Adds new import required for extract_hash @ 2016-12-27T15:37:20Z
• ISSUE #38443: (lorengordon) 2016.11 breaks file.managed on Windows | refs: #38444
• ISSUE #34101: (windoverwater) archive.extracted breakage due to 2016.3.0 upgrade from 2015.8.10 |
refs: #37368
• PR #37368: (terminalmage) Overhaul archive.extracted state | refs: #38444
• f5984d0 Merge pull request #38444 from lorengordon/issue-38443
• b2925ad Adds new import required for extract_hash
• PR #38167: (cachedout) Kill pkg_resources for CLI tools [DO NOT MERGE] @ 2016-12-22T22:11:22Z
• ISSUE #38071: (luochun-95) remote execute is very slow | refs: #38167
• 4c4f07c Merge pull request #38167 from cachedout/no_pkg_resources
• ec69017 Remove debugging
• f28e33b Remove from all but salt cli
• bb3af72 Remove from salt-call
• c676846 Kill pkg_resources for CLI tools
• PR #38417: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2016-12-22T19:00:44Z
• ISSUE #38372: (fanirama) Issue with cron.file. Source: salt://path/to/crontab_file not found | refs:
#38398
• PR #38407: (terminalmage) Improve pillar documentation
• PR #38398: (terminalmage) Fix call to file.get_managed in cron.file state
• PR #38390: (meaksh) Add "try-restart" to fix autorestarting on SUSE systems
• PR #38382: (heewa) Fix http.query when result has no text
• PR #38221: (UtahDave) Fix default returner
• 2fc8c15 Merge pull request #38417 from rallytime/merge-2016.11
• efb8a8d Merge branch '2016.3' into '2016.11'
• 2725352 Improve pillar documentation (#38407)
• 423b1fd Merge pull request #38398 from terminalmage/issue38372
• c80dbaa Fix call to file.get_managed in cron.file state
• 5a33d1e Fix http.query when result has no text (#38382)
• b74b5c7 Merge pull request #38390 from
meaksh/2016.3-fix-try-restart-for-autorestarting-on-SUSE-systems
• de6ec05 add try-restart to fix autorestarting on SUSE systems
• 2c3a397 Merge pull request #38221 from UtahDave/fix_default_returner
• 3856407 remove a blank line to satisfy linter
• 9c248aa validate return opt, remove default.
• 8bb37f9 specify allowed types and default for "returner"
• 11863a4 add examples of default minion returners
• e7c6012 add support for default returners using return
• PR #38342: (scthi) Bugfix ext pillar nodegroups @ 2016-12-22T16:47:42Z
• bbc149c Merge pull request #38342 from scthi/bugfix-ext-pillar-nodegroups
• dba315c ext-pillar nodegroups works for all minions now.
• PR #38403: (terminalmage) git_pillar: Document the transition from env to saltenv in the jinja context
@ 2016-12-22T16:34:48Z
• 453476d Merge pull request #38403 from terminalmage/document-saltenv
• 0a72e0f git_pillar: Document the transition from env to saltenv in the jinja context
• PR #38354: (gmacon) Use --all when calling pip.py @ 2016-12-20T20:40:21Z
• ISSUE #38253: (gmacon) There was no error installing package 'setuptools' although it does not show
when calling 'pip.freeze'. | refs: #38354
• 12436ef Merge pull request #38354 from gmacon/pip-freeze-all
• dca24b2 Use --all when calling pip.py
• PR #38348: (rallytime) Update autodoc topics for new modules added in 2016.11 @ 2016-12-20T20:36:20Z
• 68430b1 Merge pull request #38348 from rallytime/mod-docs-2016.11
• b31c241 Add __iter__ and next options to doc/conf.py
• b8c1609 Revert "Move import/error messaging logic for snapper module into __virtual__()"
• 640db5b Move import/error messaging logic for snapper module into __virtual__()
• 366271f Add snapper to state index doc module list
• 135d254 Remove netapi autodoc files: they should not be added as their doc structure is different
• 0006139 Update autodoc topics for new modules added in 2016.11
• PR #38377: (DmitryKuzmenko) Implementation and docs for Consul key-value store plugin for minion data
cache. @ 2016-12-20T20:36:02Z
• 6ee7b2b Merge pull request #38377 from DSRCorporation/features/consul_cache
• 6fb4430 Configuration options and documentation for Consul data cache plugin.
• dad748f Data cache plugin configuration documentation.
• c7209cd Consul data cache plugin.
• PR #38373: (rallytime) Back-port #38212 to 2016.11 @ 2016-12-20T20:35:09Z
• PR #38212: (disaster123) ZMQ: add an option for zmq.BACKLOG to salt master (zmq_backlog) | refs:
#38373
• f6d1b55 Merge pull request #38373 from rallytime/bp-38212
• 52fc6da ZMQ: add an option for zmq.BACKLOG to salt master (zmq_backlog)
• PR #38374: (mirceaulinic) NAPALM proxy module: Fix optional_args key issue @ 2016-12-20T20:34:59Z
• 69c3f19 Merge pull request #38374 from cloudflare/FIX-NAPALM-PROXY
• 4416931 Fix optional_args key issue
• PR #38073: (ezh) 2016.11 @ 2016-12-20T14:51:11Z
• ISSUE #38048: (ezh) [2016.11.0] Salt-cloud throws TypeError exception | refs: #38073
• 530f495 Merge pull request #38073 from doublescoring/2016.11
• 42d3d26 [38073] Fix test assertion
• 9b37ead Fix broken os.write without string.encode
• PR #38344: (bbinet) Fix influxdb_database.present state @ 2016-12-20T13:57:45Z
• 67908d5 Merge pull request #38344 from bbinet/fix-influx-createdb
• c6b075d Fix influxdb_database.present state
• PR #38358: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2016-12-20T00:11:48Z
• ISSUE #12788: (whiteinge) Comb through docs to replace :doc: roles with :ref: | refs: #38320
• PR #38320: (rallytime) Cleanup doc internal markup references
• PR #38312: (cro) Backport feature allowing proxy config to live in pillar OR /etc/salt/proxy
• PR #38288: (terminalmage) archive.extracted: don't try to cache local sources (2016.3 branch)
• 04d6898 Merge pull request #38358 from rallytime/merge-2016.11
• c6e191a Remove doc markup references from 2016.11 branch
• 5130589 Merge branch '2016.3' into '2016.11'
• 09d9cff Merge pull request #38288 from terminalmage/archive-extracted-local-source-2016.3
• 845e3d0 Update tests to reflect change in cache behavior
• 5a08d7c archive.extracted: don't try to cache local sources (2016.3 branch)
• bf37667 Merge pull request #38312 from cro/proxy_config_in_cfg
• 2006c40 Typo
• 689d95b Backport feature allowing proxy config to live in pillar OR /etc/salt/proxy.
• c83db5a Merge pull request #38320 from rallytime/cleanup-doc-refs
• 62978cb Don't check the doc/conf.py file for doc markup refs
• 770e732 Add a unit test to search for new doc markup refs
• 5c42a36 Remove ":doc:" references from all doc/topics/installation/* files
• 23bce1c Remove ":doc:" references from all doc/topics/releases/* files
• 4aafa41 Remove ":doc:" references from a bunch of doc/* files
• 02bfe79 Remove more ":doc:" references from doc/* files
• 6e32267 Remove ":doc:" references in salt/* files
• 79231a5 archive.extracted: don't try to cache local sources (#38285)
• PR #38285: (terminalmage) archive.extracted: don't try to cache local sources
• PR #37947: (vutny) Fix salt-minion initscript for RHEL5 (SysV) to pick up proper python version @
2016-12-19T21:03:50Z
• 1341494 Merge pull request #37947 from vutny/fix-rhel5-minion-init
• c94e798 SysV init script for rpm: get and show unique PIDs only
• 8ff68c4 Fix initscript for RHEL5 (SysV) to pick up proper python version
• PR #38106: (techhat) "test" is not necessarily in opts, for thorium @ 2016-12-19T14:40:32Z
• 4d072ca Merge pull request #38106 from techhat/stateget
• 5edc16f "test" is not necessarily in opts, for thorium
• PR #38333: (amendlik) Suppress errors when checking if an alternative exists @ 2016-12-19T13:40:49Z
• a01fade Merge pull request #38333 from amendlik/states-alternatives
• 8bfcd5b Adjust alternatives test for updated error message
• 09dee3c Suppress errors when checking if an alternative exists
• PR #38340: (ewapptus) Backport PR #38251: Fixed nested orchestrate not respecting failures @
2016-12-19T13:31:16Z
• PR #38251: (ewapptus) Fixed nested orchestrate not respecting failures | refs: #38340
• 15d3b47 Merge pull request #38340 from ewapptus/bp-38251
• 266e0a4 Fixed nested orchestrate not respecting failures
• PR #38229: (mcalmer) provide kwargs of sls_build to dockerng.create @ 2016-12-18T13:13:10Z
• ecd441d Merge pull request #38229 from mcalmer/dockerng-sls_build-kwargs
• e7292fa make it explicit that we want to delete these keys
• 4c71013 use default values for pop() to prevent KeyError raised
• 455c183 provide kwargs to dockerng.create to provide all features to sls_build as well
• PR #38309: (ewapptus) Backport PR #37333: Fixed state.salt.runner() reporting success on exceptions @
2016-12-18T12:39:53Z
• ISSUE #36204: (sv852) Salt-Cloud: salt.runners.cloud.create exits with True on Python process
(ec2.py) exception | refs: #37333
• PR #37333: (benediktwerner) Fixed state.salt.runner() reporting success on exceptions | refs: #38309
• d2ce9c3 Merge pull request #38309 from ewapptus/bp-37333
• a2b1259 Fixed display of errors
• 14a39f9 Fixed state.salt.runner return value on exceptions
• PR #38323: (rallytime) Update the Cloud Provider Specifics links in cloud docs @ 2016-12-18T12:30:49Z
• ebb9f6c Merge pull request #38323 from rallytime/update-cloud-provider-links
• 022caf2 Update the Cloud Provider Specifics links in cloud docs
• PR #38324: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2016-12-18T12:30:26Z
• ISSUE #38290: (dragon788) Need to use machine automation friendly output | refs: #38313
• ISSUE #38174: (NickDubelman) [syndic] Why can't a syndic node signal when all of it's minions have
returned? | refs: #38279
• ISSUE #32400: (rallytime) Document Default Config Values | refs: #38279
• PR #38313: (dragon788) 2016.3 chocolatey fix
• PR #38281: (mikejford) Add nick to args for create_multi
• PR #38279: (rallytime) Add docs for syndic_wait setting
• 5bd7471 Merge pull request #38324 from rallytime/merge-2016.11
• 5940db5 Merge branch '2016.3' into '2016.11'
• 6367ca7 Add nick to args for create_multi (#38281)
• 235682b Merge pull request #38313 from dragon788/2016.3-chocolatey-fix
• 1f5fc17 Use machine readable output for list
• cdbd2fb Added limit-output to eliminate false packages
• 9e78ddc Merge pull request #38279 from rallytime/fix-38174
• 4a62d01 Add docs for syndic_wait setting
• PR #38325: (rallytime) Back-port #38247 to 2016.11 @ 2016-12-18T12:28:41Z
• ISSUE #38246: (martintamare) Windows Minion unable to start via nssm | refs: #38247
• PR #38247: (martintamare) fix(win_function): handle other language | refs: #38325
• 83523d2 Merge pull request #38325 from rallytime/bp-38247
• 4b6c543 fix(win_functions): syntax
• e602f17 fix(win_function): handle other language
• PR #38326: (yopito) fix runit init support (grain init) in 2016.11 @ 2016-12-18T12:07:25Z
• ISSUE #30195: (Vaelatern) Add Void Linux support in Salt | refs: #38326 #31262
• PR #31262: (Vaelatern) Add support for Void Linux | refs: #38326
• 54a2bb9 Merge pull request #38326 from yopito/fix-runit-init-support
• 25b91bb fix detection of runit as init system (grain init)
• 9e35f5d Add azurearm module to doc index (#38322)
• PR #38322: (rallytime) Add azurearm module to doc index
• PR #38305: (dereckson) Avoid normalization call for normalized mode value @ 2016-12-16T17:31:25Z
• 1e4f299 Merge pull request #38305 from dereckson/fix-mode-extraneous-normalization
• 573ac35 Avoid normalization call for normalized mode value
• 05e423a Improve documentation for archive.extracted in 2016.11 (#38291)
• PR #38291: (terminalmage) Improve documentation for archive.extracted in 2016.11
• PR #38298: (rallytime) Back-port #37967 to 2016.11 @ 2016-12-16T15:20:04Z
• ISSUE #37966: (Cybolic) salt-cloud EC2 instance can't be initiated | refs: #37967
• PR #37967: (Cybolic) Fixed faulty logic preventing instance initialisation. | refs: #38298
• 3cf0135 Merge pull request #38298 from rallytime/bp-37967
• 42d367f Fixed faulty logic preventing instance initialisation.
• PR #38076: (ezh) Fix decoding of broken string from remote sources @ 2016-12-15T19:05:25Z
• ISSUE #38070: (ezh) [2016.11.0] Salt-cloud throws UnicodeDecodeError exception | refs: #38076 #38076
• ISSUE #2016: (seanchannel) status.custom failing on any arguments
• f4f0036 Merge pull request #38076 from doublescoring/fix-2016.11-38070
• 70c8db5 Fix decoding of broken string from remote sources
• PR #38278: (rallytime) Back-port #38207 to 2016.11 @ 2016-12-15T18:09:27Z
• PR #38207: (tsaridas) remove empty strings from list but not ones with one empty space char | refs:
#38278
• PR #38188: (tsaridas) fix for push_dir in different OS | refs: #38203 #38207 #38207
• 2ccab22 Merge pull request #38278 from rallytime/bp-38207
• 5e8bf57 python3 compatibility and fix pylint
• e0df047 remove empty strings from list but not ones with one empty space char
• PR #38277: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2016-12-15T18:09:10Z
• PR #38256: (rallytime) [2016.3] Bump latest release version to 2016.11.1
• PR #38254: (terminalmage) Also check if pillarenv is in opts
• PR #38248: (meaksh) Successfully exit of salt-api child processes when SIGTERM is received
• a748e84 Merge pull request #38277 from rallytime/merge-2016.11
• 49a3355 Merge branch '2016.3' into '2016.11'
• fc9e1df Merge pull request #38248 from meaksh/salt-api-successfully-close-child-processes
• ee6eae9 Successfully exit of salt-api child processes when SIGTERM.
• 3c718ed Merge pull request #38254 from terminalmage/check-pillarenv
• fa9ad31 Also check if pillarenv is in opts
• 6b9060c [2016.3] Bump latest release version to 2016.11.1 (#38256)
• PR #38232: (rallytime) Strip final 'e' in key cmd to correct "deleteed" misspelling @
2016-12-15T10:38:49Z
• ISSUE #38231: (tjuup) Typo: salt-key deleteed | refs: #38232
• 0af343e Merge pull request #38232 from rallytime/fix-38231
• 26e1ee3 Strip final 'e' in key cmd to correct "deleteed" misspelling
• PR #38236: (gtmanfred) SELINUXTYPE should not be changed @ 2016-12-15T10:37:06Z
• ISSUE #38200: (sebw) selinux.mode doesn't return any output and doesn't persist | refs: #38236
• 6c1ca9d Merge pull request #38236 from gtmanfred/2016.11
• d1b070c clean up selinux unit test
• 96eabd4 SELINUXTYPE should not be changed
• PR #38262: (terminalmage) Fix archive.extracted when --strip or --strip-components is in the options @
2016-12-15T08:57:18Z
• ISSUE #38228: (vquiering) archive.extracted with options and user/group | refs: #38262
• fd32dc3 Merge pull request #38262 from terminalmage/issue38228
• 6442f8a Add tests for --strip/--strip-components
• c502e68 Detect --strip/--strip-components in tar options and handle properly
• e957705 Add strip_components arg to archive.list
• PR #38264: (mirceaulinic) Port #37862 into 2016.11 @ 2016-12-15T08:51:20Z
• PR #37862: (mirceaulinic) [2016.11.1] Docstring fixes and new features for napalm_network | refs:
#38264
• b232bd8 Merge pull request #38264 from cloudflare/PORT-37862
• 28bbb73 Import from napalm_base instead of napalm
• 0a675af Vice-versa docstring
• 09c5017 More docfix
• 215b8f3 Lint cleanup
• 56a8fa3 Add 2016.11.2 release notes (#38260)
• PR #38260: (rallytime) Add 2016.11.2 release notes
• 702d462 [2016.11] Bump latest release version to 2016.11.1 (#38257)
• PR #38257: (rallytime) [2016.11] Bump latest release version to 2016.11.1
• 82b1b77 Correct an inaccurate warning when top_file_merging_strategy == merge_all (#38233)
• PR #38233: (terminalmage) Correct an inaccurate warning when top_file_merging_strategy == merge_all
• PR #38234: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2016-12-13T18:28:02Z
• PR #38224: (whiteinge) Allow CORS OPTIONS requests to be unauthenticated
• PR #38223: (whiteinge) Add root_dir to salt-api file paths
• PR #38213: (rallytime) Skip test_cert_info tls unit test on pyOpenSSL upstream errors
• PR #38198: (vutny) Add missing requirements for running unit tests: libcloud and boto3
• PR #37272: (vutny) Get default logging level and log file from default opts dict | refs: #38223
• ba62fcf Merge pull request #38234 from rallytime/merge-2016.11
• 6a327d1 Merge branch '2016.3' into '2016.11'
• 004e46a Merge pull request #38198 from vutny/unit-tests-require-libcloud-boto3
• a6098ba Remove note about SaltTesting installation, now it is in the requirements
• 004bff1 Add missing requirements for running unit tests: libcloud and boto3
• 9d497bc Merge pull request #38213 from rallytime/skip-tls-test
• bdb807f Skip test_cert_info tls unit test on pyOpenSSL upstream errors
• 203109d Merge pull request #38224 from whiteinge/cors-options-unauthed
• de4d322 Allow CORS OPTIONS requests to be unauthenticated
• 721a5fe Merge pull request #38223 from whiteinge/salt-api-root_dirs
• bfbf390 Add root_dir to salt-api file paths
• PR #38205: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2016-12-12T18:13:18Z
• ISSUE #38162: (747project) git_pillar does not detect changes to remote repository when told to
update | refs: #38191
• PR #38194: (vutny) Document the requirements for running ZeroMQ-based integration tests
• PR #38191: (terminalmage) Clarify the fact that git_pillar.update does not fast-forward
• PR #38185: (rallytime) Back-port #38181 to 2016.3
• PR #38181: (rallytime) Reset socket default timeout to None (fixes daemons_tests failures) | refs:
#38185
• 7ead1ed Merge pull request #38205 from rallytime/merge-2016.11
• e31f97c Merge branch '2016.3' into '2016.11'
• 70f7d22 Merge pull request #38191 from terminalmage/issue38162
• 1ae543a Clarify the fact that git_pillar.update does not fast-forward
• 28171cb Merge pull request #38194 from vutny/integration-test-requirements-doc
• e9f419f Document the requirements for running ZeroMQ-based integration tests
• a4ef037 Merge pull request #38185 from rallytime/bp-38181
• 609f814 Reset socket default timeout to None (fixes daemons_tests failures)
• PR #38203: (rallytime) Back-port #38188 to 2016.11 @ 2016-12-12T17:48:51Z
• PR #38188: (tsaridas) fix for push_dir in different OS | refs: #38203 #38207 #38207
• 669409d Merge pull request #38203 from rallytime/bp-38188
• 50d3200 removing not needed join
• 7af708e fix for push_dir in different OS
Salt 2016.11.3 Release Notes
Version 2016.11.3 is a bugfix release for 2016.11.0.
Changes for v2016.11.2..v2016.11.3
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2017-02-22T23:01:16Z
Statistics:
• Total Merges: 139
• Total Issue references: 78
• Total PR references: 217
Changes:
• PR #39536: (twangboy) Namespace 'status' functions in 'win_status' @ 2017-02-21T23:45:31Z
• PR #39005: (cro) Ungate the status.py module and raise unsupported errors in functions not executable
on Windows. | refs: #39536
• 40f72db Merge pull request #39536 from twangboy/fix_win_status
• d5453e2 Remove unused import (lint)
• 837c32e Remove list2cmdline
• c258cb3 Streamline wmic command returns for easier parsing
• 6d2cf81 Fix 'ping_master' function
• d946d10 Namespace 'status' functions in 'win_status'
• PR #39534: (rallytime) Fix breakage in aptpkg and dpkg execution modules @ 2017-02-21T20:31:15Z
• PR #39418: (anlutro) Allow aptpkg.info_installed on package names that aren't installed | refs:
#39534
• dc8f578 Merge pull request #39534 from rallytime/fix-pkg-function-specs
• d34a8fe Fix breakage in aptpkg and dpkg execution modules
• 1d0d7b2 Upgrade SaltTesting to run test suite for 2016.11 and add SaltPyLint (#39521)
• ISSUE #34712: (richardscollin) Salt Test Suite Error - develop | refs: #37366
• PR #39521: (vutny) Upgrade SaltTesting to run test suite for 2016.11 and add SaltPyLint
• PR #37366: (eradman) dev_python*.txt: use current SaltTesting and SaltPyLint modules | refs: #39521
• PR #39370: (twangboy) Gate win_osinfo and winservice @ 2017-02-17T23:53:58Z
• e4c7168 Merge pull request #39370 from twangboy/gate_win_utils
• 167cdb3 Gate windows specific imports, add __virtual__
• e67387d Add option to return a Non instantiated class
• 315b0cc Clarify return value for win_osinfo
• 994314e Fix more docs
• 2bbe3cb Fix some docs
• 4103563 Merge branch 'gate_win_utils' of https://github.com/twangboy/salt into gate_win_utils
• 24c1bd0 Remove extra newlines
• 82a86ce Add helper function for winservice
• 0051b5a Put the win_osinfo classes in a helper function
• 4e08534 Gate win_osinfo and winservice better
• PR #39486: (twangboy) Remove orphaned function list_configurable_policies @ 2017-02-17T22:21:50Z
• a3e71b6 Merge pull request #39486 from twangboy/win_remove_orphaned
• 1328055 Remove orphaned function list_configurable_policies
• PR #39418: (anlutro) Allow aptpkg.info_installed on package names that aren't installed | refs: #39534
@ 2017-02-17T18:34:19Z
• 87b269f Merge pull request #39418 from alprs/fix-aptpkg_info_nonexistent_pkg
• 246bf1e add failhard argument to various apt pkg functions
• PR #39438: (mirceaulinic) file.get_managed: refetch source when file hashsum is changed @
2017-02-17T17:58:29Z
• e816d6c Merge pull request #39438 from cloudflare/fix_39422
• 8453800 file.get_managed: refetch cached file when hashsum chnaged
• PR #39432: (dmaziuk) Quick and dirty fix for GECOS fields with more than 3 commas @
2017-02-17T17:57:30Z
• ISSUE #39203: (dmaziuk) salt.users gecos field | refs: #39432 #39432
• a5fe8f0 Merge pull request #39432 from dmaziuk/issue39203
• 41c0463 Remove #
• 4f877c6 Quick and dirty fix for GECOS fields with more than 3 commas
• PR #39484: (corywright) The Reactor docs should use pillar='{}' instead of 'pillar={}' @
2017-02-17T17:50:57Z
• 3665229 Merge pull request #39484 from corywright/fix-reactor-docs-pillar-keyword-args
• cc90d0d The Reactor docs should use pillar='{}' instead of 'pillar={}'
• PR #39456: (twangboy) Add salt icon to buildenv directory @ 2017-02-16T22:47:58Z
• 2e3a9c5 Merge pull request #39456 from twangboy/win_fix_icon
• 8dd915d Add salt icon to buildenv directory
• PR #39462: (twangboy) Use url_path instead of url_data.path @ 2017-02-16T22:44:18Z
• 63adc03 Merge pull request #39462 from twangboy/win_fix_fileclient
• a96bc13 Use url_path instead of url_data.path
• PR #39458: (rallytime) Fix more warnings in doc build @ 2017-02-16T21:45:52Z
• e9b034f Merge pull request #39458 from rallytime/fixup-more-doc-build-warnings
• e698bc3 Fix more warnings in doc build
• PR #39437: (sakateka) Fixes about saltfile @ 2017-02-16T20:32:15Z
• e4f8c2b Merge pull request #39437 from sakateka/fixes_about_saltfile
• ab68524 less pylint: salt/utils/parsers.py
• 9e7d9dc Revert "pylint: salt/utils/parsers.py"
• f3f129c document ~/.salt/Saltfile
• 33f3614 pylint: salt/utils/parsers.py
• 0f36e10 expand config_dir and '~/.salt/Saltfile' as last resort
• 1acf00d add 2016.11.3 changelog to release notes (#39451)
• PR #39451: (Ch3LL) add 2016.11.3 changelog to release notes
• PR #39448: (gtmanfred) Add release notes for cisco proxy minions added in Carbon @ 2017-02-16T17:29:48Z
• ISSUE #38032: (meggiebot) Add missing Carbon docs | refs: #39448
• 8e2cbd2 Merge pull request #39448 from gtmanfred/2016.11
• 3172e88 Add release notes for cisco proxy minions added in Carbon
• PR #39428: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-02-16T00:01:15Z
• PR #39409: (terminalmage) salt.fileserver.roots: Fix regression in symlink_list
• PR #39400: (meaksh) Prevents 'OSError' exception in case certain job cache path doesn't exist
• PR #39380: (joe-niland) Quote numeric user names so pwd.getpwnam handles them properly
• PR #39362: (dincamihai) Add cp.push test
• PR #39339: (cro) Add link to external pillar documentation for clarification.
• PR #39337: (terminalmage) Don't re-walk the roots fileserver in symlink_list() | refs: #39409
• PR #39316: (terminalmage) Document the upstream RedHat bug with their pygit2 package
• PR #39300: (terminalmage) Replace more usage of str.format in the loader
• PR #39227: (terminalmage) Loader optimzation | refs: #39300
• 070904b Merge pull request #39428 from rallytime/merge-2016.11
• 2acb188 Change path value from a tuple to a list
• 6d78adb Merge branch '2016.3' into '2016.11'
• 4ff13ac salt.fileserver.roots: Fix regression in symlink_list (#39409)
• 8b8ab8e Merge pull request #39362 from dincamihai/cp-push-test-2016.3
• 91383c5 Add cp.push test
• 4b726f9 Merge pull request #39380 from joe-niland/quote-numeric-usernames
• c2edfdd Quote numeric user names so pwd.getpwnam handles them properly
• 1116d32 Merge pull request #39400 from meaksh/2016.3-fix-local-cache-issue
• e7e559e Prevents 'OSError' exception in case path doesn't exist
• 6c854da Merge pull request #39300 from terminalmage/loader-optimization
• d3e5d15 Replace more usage of str.format in the loader
• 5286b5f Merge pull request #39337 from terminalmage/issue34428
• a7d2135 Don't re-walk the roots fileserver in symlink_list()
• ce781de Merge pull request #39339 from cro/pillar_filetree_doc
• 410810c Clarification on external pillar usage.
• fa30143 Document the upstream RedHat bug with their pygit2 package (#39316)
• PR #39429: (rallytime) Back-port #39364 to 2016.11 @ 2017-02-15T21:27:21Z
• ISSUE #39360: (bbinet) file.symlink should not try to set ownership to root:root | refs: #39364
• PR #39364: (gtmanfred) set default user variable to the user cmd runs as | refs: #39429
• 54a572e Merge pull request #39429 from rallytime/bp-39364
• 157f4dc set default user variable to the user cmd runs as
• PR #39424: (twangboy) Fix problem with too many connection attempts in Windows @ 2017-02-15T18:51:35Z
• 881ebf2 Merge pull request #39424 from twangboy/win_fix_dos
• d3f7dd7 Add sleep to eval_master
• PR #39419: (The-Loeki) Backport Salt-SSH IPv6 fixes to 2016.11 @ 2017-02-15T17:33:13Z
• ISSUE #30561: (jfindlay) salt-ssh fails with IPv6 address | refs: #39419 #38831
• ISSUE #22984: (tomasfejfar) salt-ssh problem possibly related to ipv6 | refs: #39419 #38831
• PR #38877: (The-Loeki) Salt-SSH client: Don't overwrite self.host w/IPv6 brackets | refs: #39419
#39419
• PR #38831: (The-Loeki) Salt-SSH deal with raw IPv6 addresses | refs: #39419 #39419 #38877
• 4787235 Merge pull request #39419 from The-Loeki/bp-ssh-ipv6
• 4fc5626 Don't overwrite self.host w/IPv6 brackets
• dd12234 Salt-SSH deal with raw IPv6 addresses
• PR #39379: (terminalmage) win_pkg: remove all installed versions when no explicit version passed @
2017-02-14T18:41:28Z
• 878946d Merge pull request #39379 from terminalmage/issue34821
• fd9ab8e Remove extra newline
• 5871825 win_pkg: remove all installed versions when no explicit version passed
• PR #39392: (anlutro) Make sure OrderedDict order is preserved in nested output @ 2017-02-14T17:50:15Z
• caffef8 Merge pull request #39392 from alprs/fix-nested_output_ordered_dict
• 625a770 make sure OrderedDict order is preserved in output
• PR #39378: (dmurphy18) Update make_repo in debbuild.py execution module to utilize timeout @
2017-02-14T17:10:15Z
• f2459e3 Merge pull request #39378 from dmurphy18/deb_pkg_fix
• 4bd47cc Updated all make_repo loops to use timeout value for retries
• PR #39369: (rallytime) Back-port #37338 to 2016.11 @ 2017-02-13T21:41:19Z
• ISSUE #39358: (Kimamisa) Backport the RDS fix in Carbon | refs: #39369
• PR #37338: (bailsman) Fix wait_status in boto_rds.create() | refs: #39369
• 99554d9 Merge pull request #39369 from rallytime/bp-37338
• 2e7f6e8 Fix wait_status in boto_rds.create()
• PR #39303: (kstreee) Removes a redundant test case after removed 'batch' in 'netapi'. @
2017-02-13T19:55:46Z
• 03ab8b1 Merge pull request #39303 from kstreee/fix-testcase-rm-batch-in-netapi
• 51972d0 Removes a redundant test case after removed 'batch' in 'netapi'.
• PR #39315: (Ch3LL) improve salt-run salt.cmd test @ 2017-02-13T19:00:14Z
• 60640f7 Merge pull request #39315 from Ch3LL/fix_run_salt_test
• b3cbc5a improve salt-run salt.cmd test
• PR #39311: (morganwillcock) win_system: return False from a skipped reboot @ 2017-02-13T18:59:11Z
• ISSUE #39243: (morganwillcock) win_system.reboot: can return True without rebooting | refs: #39311
• 2ca63a9 Merge pull request #39311 from morganwillcock/skip-reboot
• 0f3abb6 Clarify success for shutdown function
• dcb4d05 win_system: return False from a skipped reboot
• PR #39346: (joe-niland) Ignore non-HTTP IIS bindings @ 2017-02-13T18:18:36Z
• 082105f Merge pull request #39346 from joe-niland/handle-iis-bindings
• 8d5afdb win_iis module: list_sites - when retrieving bindings, ignore bindigs whose protocols do not
have host headers
• PR #39361: (gtmanfred) make sure both variables are strings. @ 2017-02-13T17:20:17Z
• ISSUE #39321: (mgresser) Grain matching failing where grain value is an INT | refs: #39361
• a3a9a8e Merge pull request #39361 from gtmanfred/2016.11
• ee2275a make sure both variables are strings.
• 2021f5b Add creation/configuration of Salt PKI dirs to hacking docs (#39341)
• PR #39341: (eliasp) Add creation/configuration of Salt PKI dirs to hacking docs
• PR #39317: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-02-10T23:07:32Z
• ISSUE #39220: (lvg01) state file.line skips leading spaces in content with mode:ensure and
indent:False | refs: #39221 #39221 #39221 #39221
• ISSUE #38595: (yue9944882) Redis ext job cache occurred error | refs: #38610 #38610
• ISSUE #36913: (terminalmage) Support custom refspecs in GitFS | refs: #39210
• PR #39313: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #39299: (rallytime) Back-port #38610 to 2016.3
• PR #39297: (cro) Add doc to recommend pgjsonb for master job caches
• PR #39296: (sergeizv) Whitespace fix in docs Makefile
• PR #39295: (sergeizv) Fix typo
• PR #39294: (sergeizv) Fix link in proxyminion guide
• PR #39293: (sergeizv) Grammar fix
• PR #39286: (terminalmage) Allow minion/CLI saltenv/pillarenv to override master when compiling pillar
• PR #39280: (terminalmage) Add warning for Dulwich removal
• PR #39221: (lvg01) Fix bug 39220
• PR #39210: (terminalmage) salt.utils.gitfs: remove dulwich support, make refspecs configurable |
refs: #39280
• PR #38610: (yue9944882) Fix #38595 - Unexpected error log from redis retuner in master's log | refs:
#39299
• ce1f01f Merge pull request #39317 from rallytime/merge-2016.11
• c1df446 Merge branch '2016.3' into '2016.11'
• 9de559f Merge pull request #39313 from rallytime/merge-2016.3
• 0b8dddf Merge branch '2015.8' into '2016.3'
• fc551bc Merge pull request #39293 from sergeizv/grammar-fix
• 70f2b58 Rewrap paragraph
• e6ab517 Grammar fix
• 8a1b456 Merge pull request #39295 from sergeizv/typo-fix
• 5d9f36d Fix typo
• cfaafec Merge pull request #39296 from sergeizv/whitespace-fix
• 1d4c1dc Whitespace fix in docs Makefile
• 0b4dcf4 Merge pull request #39294 from sergeizv/fix-link
• 04bde6e Fix link in proxyminion guide
• dd3ca0e Fix #38595 - Unexpected error log from redis retuner in master's log (#39299)
• f16027d Merge pull request #39297 from cro/pg_returner_docs
• 28bac64 Typo
• 19fedcd Add doc to recommend pgjsonb for master job caches
• 77e50ed Merge pull request #39286 from terminalmage/fix-pillarenv-precedence
• 3cb9833 Allow minion/CLI saltenv/pillarenv to override master when compiling pillar
• 5244041 Merge pull request #39221 from lvg01/fix-bug-39220
• e8a41d6 Removes to early content stripping (stripping is already done when needed with ident:true),
fixes #39220
• a4b169e Fixed wrong logic, fixes #39220
• 5a27207 Add warning for Dulwich removal (#39280)
• PR #38464: (ezh) [38451] Fix file.replace 2016.11 @ 2017-02-09T23:07:49Z
• ISSUE #38451: (ezh) 2016.11 file.replace has multiple errors under python 3 | refs: #38464
• ISSUE #2016: (seanchannel) status.custom failing on any arguments
• c3c621a Merge pull request #38464 from doublescoring/fix-2016.11-38451
• 81f0337 [38451] Fix few bugs after review
• 1bdab25 [38451] Fix pylint W1699(incompatible-py3-code)
• 3bfc654 [38451] Fix file.replace to make it suitable to python 3
• PR #39291: (terminalmage) Add note about using saltenv jinja var in pillar top files @
2017-02-09T21:43:50Z
• 6365211 Merge pull request #39291 from terminalmage/pillar-docs
• fbd551e Add note about using saltenv jinja var in pillar top files
• PR #39281: (twangboy) Require VCRedist on 2008R2 and below instead of 2008 @ 2017-02-09T17:59:57Z
• a496ec2 Merge pull request #39281 from twangboy/win_installer
• ef50787 Capitalize the 'r' for 2008R2
• 1b6bd63 Require VCRedist on 2008R2 and below instead of 2008
• PR #39264: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-02-09T17:10:14Z
• ISSUE #38856: (fhaynes) salt-cloud throws an exception when ec2 does not return encoding | refs:
#39228
• ISSUE #38697: (fboismenu) On Windows, ip.get_all_interfaces returns at most 2 DNS/WINS Servers |
refs: #38793
• ISSUE #37174: (mikeadamz) The State execution failed to record the order in which all states were
executed spam while running pkg.upgrade from orchestration runner | refs: #39206
• ISSUE #33536: (murzick) pkgrepo.managed does not disable a yum repo with "disabled: True" | refs:
#35055
• ISSUE #33187: (usbportnoy) Deploy to jboss TypeError at boss7.py:469 | refs: #39170
• PR #39260: (terminalmage) Update jsonschema tests to reflect change in jsonschema 2.6.0
• PR #39251: (terminalmage) Better handling of enabled/disabled arguments in pkgrepo.managed
• PR #39232: (terminalmage) Avoid recursion in s3/svn ext_pillars
• PR #39231: (terminalmage) Add clarification for jenkins execution module
• PR #39230: (rallytime) Fix the win_ip_test failures
• PR #39228: (gtmanfred) default to utf8 encoding if not specified
• PR #39227: (terminalmage) Loader optimzation | refs: #39300
• PR #39209: (terminalmage) Sort the return list from the fileserver.envs runner
• PR #39206: (cachedout) Ignore empty dicts in highstate outputter
• PR #39202: (rallytime) [2016.3] Pylint fix
• PR #39199: (rallytime) Back-port #39170 to 2016.3
• PR #39197: (cachedout) Pr 38793
• PR #39170: (grep4linux) Added missing source_hash_name argument in get_managed function | refs:
#39199
• PR #38793: (fboismenu) Fix for #38697 | refs: #39197 #39230
• PR #35055: (galet) #33536 pkgrepo.managed does not disable a yum repo with "disabled: True" | refs:
#39251
• db6140a Merge pull request #39264 from rallytime/merge-2016.11
• a9c2c10 Pylint fix
• f6aad99 Merge branch '2016.3' into '2016.11'
• 1b9217d Update jsonschema tests to reflect change in jsonschema 2.6.0 (#39260)
• c1d16cc Better handling of enabled/disabled arguments in pkgrepo.managed (#39251)
• 8e88f71 Merge pull request #39227 from terminalmage/loader-optimization
• c750662 Loader optimzation
• bc89b29 Merge pull request #39228 from gtmanfred/2016.3
• afee047 default to utf8 encoding if not specified
• d9b0671 Merge pull request #39231 from terminalmage/clarify-jenkins-depends
• ad1b125 Add clarification for jenkins execution module
• ddcff89 Merge pull request #39232 from terminalmage/issue21342
• c88896c Avoid recursion in s3/svn ext_pillars
• ef4e437 Fix the win_ip_test failures (#39230)
• df5f934 Merge pull request #39199 from rallytime/bp-39170
• c129905 Added missing source_hash_name argument in get_managed function Additional fix to #33187
Customer was still seeing errors, this should now work. Tested with 2015.8.13 and 2016.11.2
• 2621c11 Merge pull request #39206 from cachedout/issue_issue_37174
• be31e05 Ignore empty dicts in highstate outputter
• dd44045 Merge pull request #39209 from terminalmage/sorted-envs
• e6dda4a Sort the return list from the fileserver.envs runner
• 7bed687 [2016.3] Pylint fix (#39202)
• ab76054 Merge pull request #39197 from cachedout/pr-38793
• f3d35fb Lint fixes
• 624f25b Fix for #38697
• PR #39276: (gtmanfred) _device_mismatch_ignored will never be True @ 2017-02-09T17:05:28Z
• ISSUE #39269: (alexharrington) Remount forced with lizardfs fuse filesystem due to device mismatch |
refs: #39276
• ISSUE #39106: (carsten-AEI) CVMFS fuse mount gets remounted every time | refs: #39276
• 304eb19 Merge pull request #39276 from gtmanfred/2016.11
• 6635a9f _device_mismatch_ignored will never be True
• PR #39238: (dmurphy18) Update disk fstype, inodeusage, percent and mount.active functions for AIX
support @ 2017-02-08T21:53:32Z
• 7611698 Merge pull request #39238 from dmurphy18/fix_aix_disk_mount
• a8a519c Removed space for pylint
• 8fa0ffa Updates due to code review comments
• 97c59a8 Updated mount functionality for active on AIX
• 1a32b2c Updated disk functionality for fstype, inodeuage and percent on AIX
• PR #39233: (rallytime) Various doc updates to fix warnings in doc build @ 2017-02-08T19:29:53Z
• 99bfa7d Merge pull request #39233 from rallytime/fixup-more-doc-build-warnings
• 2f74dcf Various doc updates to fix warnings in doc build
• PR #39237: (axmetishe) fix rds subnet group creation @ 2017-02-08T19:04:31Z
• 59e927b Merge pull request #39237 from axmetishe/2016.11
• 6f4be8b fix rds subnet group creation
• 84ff638 [2016.11] Merge forward from 2016.3 to 2016.11 (#39234)
• PR #39234: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11
• fd3284f Put legacy git_pillar on a deprecation path for Oxygen (#39225)
• PR #39225: (terminalmage) Put legacy git_pillar on a deprecation path for Oxygen
• PR #39180: (morganwillcock) setup.py: Remove global options from install command @ 2017-02-07T16:20:49Z
• ISSUE #39078: (morganwillcock) setup.py: cannot install without setting global options | refs: #39180
• 19c3d90 Merge pull request #39180 from morganwillcock/setup
• d7e0509 Remove global options from Install
• PR #38863: (hujunya) fix django auth not work @ 2017-02-07T15:43:00Z
• a0907bc Merge pull request #38863 from hujunya/fix_django_auth
• 2a99ff4 check if django_auth_path has been in sys.path
• 933ebf1 fix pylint violations
• 6b5a7f4 fix django auth not work
• PR #39198: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-02-06T21:01:56Z
• PR #39173: (rallytime) Restore "Salt Community" doc section
• PR #39166: (Ch3LL) fix boto ec2 module create_image doc
• PR #30770: (jacobhammons) Doc restructuring, organization, and cleanup | refs: #39173
• PR #10792: (cachedout) Documentation overhaul | refs: #39173
• c3e541e Merge pull request #39198 from rallytime/merge-2016.11
• 7ea5f7f Merge branch '2016.3' into '2016.11'
• fa45cbc Merge pull request #39166 from Ch3LL/fix_boto_ec2_docs
• 90af696 fix boto ec2 module create_image doc
• a40cb46 Merge pull request #39173 from rallytime/restore-community-docs
• 5aeddf4 Restore "Salt Community" doc section
• PR #39063: (mirceaulinic) Avoid KeyError: 'multiprocessing' in the master logs @ 2017-02-06T19:37:35Z
• ISSUE #39059: (mirceaulinic) KeyError: 'multiprocessing' in the master logs (proxy minions) | refs:
#39063
• 2a85d73 Merge pull request #39063 from cloudflare/ISS-39059
• 7118eff Avoid KeyError: 'multiprocessing'
• PR #39083: (lomeroe) Backport #36336 to 2016.11 @ 2017-02-06T18:50:52Z
• ISSUE #38782: (lomeroe) win_lgpo unable to find some Administrative Template policies | refs: #39083
#39090 #38783
• ISSUE #38761: (DaveOHenry) Cannot apply state that contains lgpo.set | refs: #39083 #39088
• ISSUE #38689: (lomeroe) win_lgpo state fails to set single policy due to case sensitive check | refs:
#39083 #39084 #38690
• ISSUE #38100: (skjaro) Problem with win_lgpo.py in salt 2016.11.0 | refs: #38779 #39083 #39089
• ISSUE #21485: (lorengordon) Feature Request: Manage Windows Local Security Policy Settings | refs:
#36336
• PR #36336: (lomeroe) add additional static policies to computer configuration policy class | refs:
#39083
• 91c25bd Merge pull request #39083 from lomeroe/bp-36336
• 03e5319 Merge branch '2016.11' into bp-36336
• 981ec89 update command line example to correct policy name
• e2574da Fix/Add documentation, 80 char line lengths
• 5e94a30 add additional static policies to computer configuration policy class duplicate code
cleanup/misc code efficiencies
• PR #39153: (nicholasmhughes) Fix selinux.mode state config file handling @ 2017-02-06T18:37:34Z
• 3045507 Merge pull request #39153 from nicholasmhughes/fix-selinux.mode-config-predictability
• 8d8ba9c added the new getconfig function to the test
• a6a24e1 Addressed edge case when attempting to set the config file to 'Disabled'. The state should
only check the file, since the in-memory setting won't disappear until after reboot.
• 6858658 The selinux.mode state only checked the current status of SELinux in memory (getenforce) when
determining if changes needed to be made. The /etc/selinux/config file could have a different value,
and it would not be changed. This commit enhances idempotency of the state in regards to both the
in-memory and configuration file enforcement of SELinux.
• PR #39159: (clinta) Csr crl passphrase @ 2017-02-06T18:36:05Z
• ISSUE #38081: (haraldrudell) x509 state or module cannot generate password protected private keys |
refs: #39159
• 7b5eb17 Merge pull request #39159 from clinta/csr-crl-passphrase
• cf548ac Remove unnecessary pass
• 4ebf7a3 Remove unnecessary pass statement
• 6a80469 fix csr bugs and pep8
• 36dcf5f only overwrite if overwrite option is specified
• 403000d recreate cert on bad password
• 6497094 passphrase for crl
• 3ef809f passphrase for csr
• PR #39162: (meaksh) Adding more function to Snapper module @ 2017-02-06T18:33:53Z
• b240468 Merge pull request #39162 from meaksh/snapper-module-improvements
• f950732 pylint fixes
• aa2f990 Removing extra spaces
• 9d6a33f Adds 'snapper.create_config' unit tests
• d38ed50 Adds 'snapper.modify_snapshots' unit tests
• d5496cc Adds 'snapper.delete_snapshots' unit tests
• 3eecb60 Snapper: Adding support for creating configurations
• 041e54d Snapper: Adding support for snapshot metadata modification
• eaf5de9 Snapper: Adding support for deleting snapshots
• PR #39171: (techhat) Raise an error for a disk size that is too small @ 2017-02-06T18:19:46Z
• ISSUE #38370: (tjyang) Salt-Cloud: There was a query error: Required field "deviceChange" not
provided (not @optional) | refs: #39171
• 6f9251e Merge pull request #39171 from techhat/issue38370
• ec57a39 Typo
• 2ed2932 Clean up debug logs
• 6712826 Raise an error for a disk size that is too small
• PR #39179: (mcalmer) fix error parsing @ 2017-02-06T17:57:00Z
• 036f36d Merge pull request #39179 from mcalmer/fix-dockerng-error-parsing
• 6750ccd fix error parsing
• PR #39189: (morganwillcock) Fix NetBSD sockstat parsing @ 2017-02-06T17:28:08Z
• 30f8315 Merge pull request #39189 from morganwillcock/sockstat
• 344d13e Fix NetBSD sockstat example
• 64b6931 Fix NetBSD sockstat parsing
• PR #39141: (UtahDave) Don't overwrite the minion_ids var that was passed @ 2017-02-03T20:56:25Z
• ISSUE #38003: (morganwillcock) salt.runners.cache functions seem to ignore minion targeting parameter
| refs: #39141 #39141
• 6a97041 Merge pull request #39141 from UtahDave/fix_cache_lookup_ZD1187
• 0340614 return all minions' grains if no tgt
• f833bf3 Don't overwrite the minion_ids var that was passed
• PR #39164: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-02-03T17:57:07Z
• ISSUE #39118: (bobrik) Minion ipv6 option is not documented
• ISSUE #38704: (nasenbaer13) Archive extracted fails when another state run is queued | refs: #38705
• ISSUE #2016: (seanchannel) status.custom failing on any arguments
• ISSUE #3: (thatch45) libvirt module
• ISSUE #1: (thatch45) Enable regex on the salt cli
• PR #39146: (gtmanfred) update vmware getting started doc
• PR #39145: (garethgreenaway) [2016.3] Fix when targeting via pillar with Salt syndic
• PR #39131: (bobrik) Clarify ipv6 option for minion and interface for master, closes #39118
• PR #39116: (terminalmage) Don't abort pillar.get with merge=True if default is None
• PR #39077: (terminalmage) Apply fix from #38705 to 2016.3 branch
• PR #38804: (alexbleotu) Second attempt to fix prepending of root_dir to paths
• PR #38705: (nasenbaer13) Fix for #38704 archive extracted and dockerio states | refs: #39076
• d19cee7 Merge pull request #39164 from rallytime/merge-2016.11
• 6504bb6 Merge branch '2016.3' into '2016.11'
• 9de08af Apply fix from #38705 to 2016.3 branch (#39077)
• da3053e update vmware getting started doc (#39146)
• e78ca0f Fixing a weird edge case when using salt syndics and targetting via pillar. Without this
fix the master of masters ends up in an infinite loop since the data returned from the minions is
differently structured than if a sync was not in use. (#39145)
• cd8077a Merge pull request #38804 from alexbleotu/root_dir_`fix-2016`_.3-gh
• b3bdd3b Add missing whiteline
• c7715ac Merge pull request #3 from cro/ab_rootdirfix
• e8cbafa When running testsuite, salt.syspaths.ROOT_DIR is often empty.
• b12dd44 Merge pull request #1 from cro/ab_rootdirfix
• bffc537 Remove extra if statements (rstrip will check for the presence anyway).
• 97521b3 Second attempt to fix prepending of root_dir to paths
• 6ffeda3 Clarify ipv6 option for minion and interface for master, closes #39118 (#39131)
• 646b9ea Don't abort pillar.get with merge=True if default is None (#39116)
• PR #39152: (twangboy) Remove files not needed by salt-minion @ 2017-02-03T17:11:11Z
• ed12512 Merge pull request #39152 from twangboy/win_installer
• 5ff8a14 Fix problem deleting files
• 4524dd4 Remove files not needed by salt-minion
• 8c0dc91 correct issue when running get with return_not_configured=True (#39085)
• ISSUE #38691: (lomeroe) win_lgpo module throws a key error when run with return_not_configured=True |
refs: #39085
• PR #39085: (lomeroe) Backport #38666 to 2016.11
• 26eea61 have _in_range_inclusive function attempt to convert a string to an int for the test (allow
string based numbers to be verified to be in range). Specifically, this allows the CachedLogonsCount
policy to be set (stored in the registry as a REG_SZ and specified as a string number when passed to
the module) (#39086)
• PR #39086: (lomeroe) Backport #38165 to 2016.11
• PR #38165: (lomeroe) have _in_range_inclusive function attempt to convert a string to an i… | refs:
#39086
• PR #38970: (gtmanfred) when using local_cache we have to pass the list of minions @
2017-02-02T19:24:39Z
• ISSUE #38241: (frogunder) mine.get and salt-ssh gives error message | refs: #38970
• 4eec641 Merge pull request #38970 from gtmanfred/2016.11
• ebb9df3 when using local_cache we have to pass the list of minions
• 75da6f4 Fix archive.list on Windows (#39128)
• ISSUE #39110: (morganwillcock) archive.extracted: 2016.11.2 returns state failure for some zip
formats, if already extracted | refs: #39128
• PR #39128: (terminalmage) Fix archive.list on Windows
• f2c309a Back-port #36714 to 2016.11 (#39133)
• ISSUE #36712: (dmitrievav) s3.put function does not create s3 bucket | refs: #36714
• PR #39133: (rallytime) Back-port #36714 to 2016.11
• PR #36714: (dmitrievav) s3.put can't create s3 bucket | refs: #39133
• 8b34fcd correct checking of policy_class to compare with lower() version of the specified string (‐
#39084)
• ISSUE #38689: (lomeroe) win_lgpo state fails to set single policy due to case sensitive check | refs:
#39083 #39084 #38690
• PR #39084: (lomeroe) Backport #38690 to 2016.11
• PR #38690: (lomeroe) correct checking of policy_class to compare with lower() version of t… | refs:
#39084
• 8ce928f Backport #38779 to 2016.11 (#39089)
• ISSUE #38100: (skjaro) Problem with win_lgpo.py in salt 2016.11.0 | refs: #38779 #39083 #39089
• PR #39089: (lomeroe) Backport #38779 to 2016.11
• PR #38779: (lomeroe) win_lgpo handle errors when 'encoding="unicode"' exists in ADMX file | refs:
#39089
• 8a00ecf update adml text search to use 'starts-with' as some policies text has trailing spaces (#39090)
• ISSUE #38782: (lomeroe) win_lgpo unable to find some Administrative Template policies | refs: #39083
#39090 #38783
• PR #39090: (lomeroe) Backport #38783 to 2016.11
• PR #38783: (lomeroe) Perform a "starts-with" search to match ADML text names | refs: #39090
• 9dccb9f correctly handle scenario when "storeAsText" is True on a decimal/longDecimal element object (‐
#39088)
• ISSUE #38761: (DaveOHenry) Cannot apply state that contains lgpo.set | refs: #39083 #39088
• PR #39088: (lomeroe) Backport #37262 to 2016.11
• PR #37262: (lomeroe) correct issues in win_lgpo module | refs: #39088
• PR #39122: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-02-01T21:41:59Z
• PR #39091: (terminalmage) Run test_valid_docs in batches
• PR #39081: (terminalmage) Move fileclient tests to tests/integration/fileserver/fileclient_test.py
• PR #39067: (rallytime) Bump openstack deprecation notice to Oxygen
• 50d72da Merge pull request #39122 from rallytime/merge-2016.11
• a782b00 Merge branch '2016.3' into '2016.11'
• cc9b69b Merge pull request #39091 from terminalmage/update-test-valid-docs
• d76f038 add debug logging for batch vars
• b4afea2 Don't fail test if data is empty
• b3a5d54 Account for trimmed value in 'salt -d' output
• 909916c Run test_valid_docs in batches
• bcee3d1 Move fileclient tests to tests/integration/fileserver/fileclient_test.py (#39081)
• 122422b Bump openstack deprecation notice to Oxygen (#39067)
• PR #39087: (lomeroe) Backport #37375 to 2016.11 @ 2017-02-01T19:02:58Z
• PR #37375: (lomeroe) add updating gpt.ini file when ADM template policies are modified (gp… | refs:
#39087
• f8a6863 Merge pull request #39087 from lomeroe/bp-37375
• c3aaa53 _in_range_inclusive class method incorrectly called isinstance
• ce263f9 set_computer_policy and set_user_policy call "set" by the original function name (set)
instead of the aliased function name set_
• ff7d74b correct tool extension guid for user registry policies
• 08f0078 spelling correction
• 5fc4048 add updating gpt.ini file when ADM template policies are modified (gpt.ini file must exist
with proper data for ADM policies to apply)
• PR #39094: (rallytime) Add a bunch of missing doc module references @ 2017-02-01T18:56:27Z
• c4c6e70 Merge pull request #39094 from rallytime/doc-build-warnings
• b866427 Add a bunch of missing doc module references
• PR #39108: (janhorstmann) [Bugfix] Fix state x509.crl_managed @ 2017-02-01T18:32:43Z
• d302bb7 Merge pull request #39108 from janhorstmann/fix-x509-state
• 9f5c532 [Bugfix] Fix state x509.crl_managed
• PR #39107: (mirceaulinic) Check if data['return'] is dict type @ 2017-02-01T18:21:46Z
• ISSUE #39100: (whytewolf) salt-run fileserver.update Exception | refs: #39107
• ISSUE #39098: (dougofthemoment) state.event runner fails with TypeError: argument of type 'NoneType'
is not iterable | refs: #39107
• ISSUE #38638: (mirceaulinic) salt.cmd runner raises TypeError when function returns bool | refs:
#39107
• bf61ec9 Merge pull request #39107 from cloudflare/FIX-38638
• 7c34815 Check if data['return'] is dict type
• cac0bec Update primary bonding option in rh_ip.py (#39069)
• ISSUE #39065: (jak3kaj) primary bonding option is not applied | refs: #39068 #39069
• PR #39069: (jak3kaj) Update primary bonding option in rh_ip.py
• a0861f0 Update primary bonding option in debian_ip.py (#39068)
• ISSUE #39065: (jak3kaj) primary bonding option is not applied | refs: #39068 #39069
• PR #39068: (jak3kaj) Update primary bonding option in debian_ip.py
• PR #39076: (terminalmage) Re-submit PR #38705 against 2016.11 branch @ 2017-01-31T20:11:55Z
• ISSUE #38704: (nasenbaer13) Archive extracted fails when another state run is queued | refs: #38705
• PR #38705: (nasenbaer13) Fix for #38704 archive extracted and dockerio states | refs: #39076
• 9836d7d Merge pull request #39076 from terminalmage/pr-38705
• 15db8d4 Fix for #38704 archive extracted and dockerio states
• PR #39058: (sergeizv) Fix salt.modules.linux_lvm.fullversion @ 2017-01-31T19:01:12Z
• ISSUE #39057: (sergeizv) modules.linux_lvm.fullversion provides incomplete info | refs: #39058
• 86b4b77 Merge pull request #39058 from sergeizv/fix-lvm-fullversion
• e46c89f Fix salt.modules.linux_lvm.fullversion
• fb7ef99 Fix mock emulating lvm version
• PR #39066: (techhat) 127.0.0.0/8 is all loopback @ 2017-01-31T18:43:22Z
• ISSUE #39051: (afletch) salt.roster.cache / salt.utils.cloud is_public_ip - incorrect public IP
address | refs: #39066
• 721b245 Merge pull request #39066 from techhat/issue39051
• ea43bb8 127.0.0.0/8 is all loopback
• PR #39071: (sergeizv) Fix modules.linux_lvm.pvcreate on existing LVM PVs @ 2017-01-31T18:36:54Z
• ISSUE #39070: (sergeizv) modules.linux_lvm.pvcreate misbehaves if all submitted devices are already
LVM PVs | refs: #39071
• c54d9f4 Merge pull request #39071 from sergeizv/fix-lvm-pvcreate
• f1e3e86 Fix modules.linux_lvm.pvcreate on existing LVM PVs
• 0f84ca2 Add test for modules.linux_lvm.pvcreate on existing LVM PVs
• 3967992 Fix test for modules.linux_lvm.pvcreate
• PR #39048: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-01-31T15:55:49Z
• ISSUE #38753: (alexbleotu) __proxy__ dunder is not injected when invoking the salt variable in sls
files | refs: #38899 #38900 #38829
• ISSUE #38557: (alexbleotu) Proxy not working on develop | refs: #38829
• ISSUE #38265: (mirceaulinic) __utils__ object not available in proxy module | refs: #38899 #38900
#38829 #38829
• ISSUE #32918: (mirceaulinic) Proxy minions reconnection | refs: #38829
• PR #39047: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #39046: (rallytime) Add 2015.8.14 release notes file
• PR #39045: (rallytime) Add 2016.3.6 release notes file
• PR #39042: (rallytime) [2016.3] Update release numbers for doc build
• PR #39038: (rallytime) Update 2016.3.5 release notes
• PR #39037: (rallytime) Update 2015.8.13 release notes
• PR #39030: (rallytime) Back-port #38972 to 2016.3
• PR #39028: (terminalmage) Clarify delimiter argument
• PR #38972: (rallytime) Add CLI Example for rest_sample_utils.get_test_string function | refs: #39030
• PR #38899: (cro) Enable __proxy__ availability in states, highstate, and utils. Enable __utils__ for
proxies. | refs: #38900
• PR #38829: (cro) MANY dunder variable fixes for proxies + proxy keepalive from @mirceaulinic | refs:
#38899 #38900
• PR #37864: (mirceaulinic) Proxy keepalive feature | refs: #38829
• 88b171f Merge pull request #39048 from rallytime/merge-2016.11
• b2b3989 Merge branch '2016.3' into '2016.11'
• a24af5a Merge pull request #39047 from rallytime/merge-2016.3
• b732a1f Merge branch '2015.8' into '2016.3'
• 56ccae6 Add 2015.8.14 release notes file (#39046)
• 5943fe6 Update 2015.8.13 release notes (#39037)
• fef1b11 Add 2016.3.6 release notes file (#39045)
• 7c43f4a [2016.3] Update release numbers for doc build (#39042)
• ff32459 Update 2016.3.5 release notes (#39038)
• 5b09dc4 Merge pull request #39028 from terminalmage/clarify-delimiter-argument
• f29ef07 Clarify delimiter argument
• 1ff359f Add CLI Example for rest_sample_utils.get_test_string function (#39030)
• f13fb9e Enable __proxy__ availability in states, highstate, and utils. Enable __utils__
availability in proxies. (#38899)
• 92a542f Add CLI Examples so tests will pass (#39035)
• PR #39035: (cro) Add CLI Examples so tests will pass
• 0943872 Add 2016.11.3 release notes file (#39044)
• PR #39044: (rallytime) Add 2016.11.3 release notes file
• 27081d6 [2016.11] Update release numbers for doc build (#39040)
• PR #39040: (rallytime) [2016.11] Update release numbers for doc build
• 424e684 Update 2016.11.2 release notes (#39039)
• PR #39039: (rallytime) Update 2016.11.2 release notes
• a7fc02e Ungate the status.py module and raise unsupported errors in functions not executable on
Windows. (#39005)
• PR #39005: (cro) Ungate the status.py module and raise unsupported errors in functions not executable
on Windows. | refs: #39536
• PR #39012: (terminalmage) Fix "invalid lexer" errors in docs build @ 2017-01-28T06:47:45Z
• e70904c Merge pull request #39012 from terminalmage/invalid-lexer
• 868001b Fix "invalid lexer" errors in docs build
• PR #39003: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-01-28T00:09:09Z
• ISSUE #37938: (johje349) Memory leak in Reactor | refs: #38951
• ISSUE #34780: (joehoyle) S3fs broken in 2016.3.1 | refs: #38982
• ISSUE #33890: (hvnsweeting) salt memleak when running state.sls | refs: #38951
• PR #39000: (rallytime) Skip the test_badload test until Jenkins move is complete
• PR #38995: (terminalmage) Fix pillar.item docstring
• PR #38989: (anlutro) Documentation: fix SLS in environment variable examples
• PR #38982: (rallytime) Set response when using "GET" method in s3 utils
• PR #38951: (DmitryKuzmenko) Keep the only one record per module-function in depends decorator.
• cea0f32 Merge pull request #39003 from rallytime/merge-2016.11
• 76e9508 Merge branch '2016.3' into '2016.11'
• da96221 Merge pull request #38951 from DSRCorporation/bugs/37938_fix_depends_decorator_memleak
• 0b18f34 Keep the only one record per module-function in depends decorator.
• 85165ed Merge pull request #38982 from rallytime/fix-34780
• 1583c55 Set response when using "GET" method in s3 utils
• cfdbc99 Merge pull request #38989 from alprs/docfix-state_pt3_environ
• 52a9ad1 fix SLS in environment variable examples
• 55e4d25 Merge pull request #39000 from rallytime/skip-badload-test
• 4b3ff0f Skip the test_badload test until Jenkins move is complete
• fe054eb Merge pull request #38995 from terminalmage/fix-pillar.item-docstring
• 06d094d Fix pillar.item docstring
• PR #38908: (bobrik) Deprecate show_diff for file.serialize to mimic file.managed, closes #38853 @
2017-01-27T17:15:37Z
• ISSUE #38853: (bobrik) file.serialize still expects show_diff instead of show_changes
• 58543d5 Merge pull request #38908 from bobrik/show-changes-for-serialize
• e0af212 Remove unnecessary blank lines
• a08c1ca Deprecate show_diff for file.serialize to mimic file.managed, closes #38853
• PR #38978: (sjorge) fixes saltstack/salt-bootstrap`#1021`_ @ 2017-01-27T17:05:10Z
• ISSUE #1021: (SEJeff) Document needing the "RHEL Server Optional" channel for installing on RHEL6 |
refs: #38978
• 4b75dfa Merge pull request #38978 from sjorge/2016.11-bootstrap
• 26eb35f fixes salt/salt-bootstrap`#1021`_
• PR #38991: (isbm) Isbm zypper state unknown pkg crash @ 2017-01-27T16:59:38Z
• b40f369 Merge pull request #38991 from isbm/isbm-zypper-state-unknown-pkg-crash
• 35f620e Prevent crash on unknown to the repo package
• PR #38979: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-01-26T22:56:13Z
• ISSUE #38540: (amendlik) API wheel client throws exception and success=true | refs: #38925
• ISSUE #38537: (amendlik) API client wheel_async always returns status 500 | refs: #38925
• ISSUE #35777: (rallytime) Properly deprecate template context data in Oxygen | refs: #38948
• ISSUE #34551: (mbom2004) salt.engines.logstash not loading | refs: #38950
• PR #38973: (rallytime) Handle changing "is_default" value in moto package for boto test mock
• PR #38952: (terminalmage) Make the ext_pillars available to pillar.ext tunable
• PR #38950: (mbom2004) Fixed Logstash Engine in file logstash.py
• PR #38948: (rallytime) Bump the template context deprecation version to Oxygen
• PR #38946: (rallytime) Back-port #37632 to 2016.3
• PR #38926: (gtmanfred) add note about pysss for pam eauth
• PR #38925: (terminalmage) Fix two wheel issues in netapi
• PR #38917: (twangboy) Update Jinja2 to 2.9.4
• PR #38913: (Adaephon-GH) Ignore plist files without Label key
• PR #37632: (twangboy) Fix versions report for Windows Server platforms | refs: #38946
• 3e76662 Merge pull request #38979 from rallytime/merge-2016.11
• fdaa5ac Merge branch '2016.3' into '2016.11'
• b66b6f6 Merge pull request #38950 from mbom2004/2016.3
• c09f39d Remove unused json import
• 249efa3 Fixed Logstash Engine in file logstash.py
• a6c6e47 Handle changing "is_default" value in moto package for boto test mock (#38973)
• b965b5d Merge pull request #38952 from terminalmage/zd1168
• 6b014e5 Rename on_demand_pillar to on_demand_ext_pillar
• d216f90 Document new on_demand_pillar option and add to config template
• 426b20f Add documentation for on-demand pillar to pillar.ext docstring
• 7b10274 Make on-demand ext_pillars tunable
• d54723c Add on_demand_pillar config option
• 2c4ad85 Merge pull request #38948 from rallytime/bump-template-context-deprecation
• 749e003 Bump the template context deprecation version to Oxygen
• e4514ca Merge pull request #38946 from rallytime/bp-37632
• ee37cda Fix some lint
• c08071e Fix versions report for server OSs
• 953a203 Merge pull request #38913 from Adaephon-GH/patch-1
• e2f4a16 Removing trailing whitespace
• 616292c Ignore plist files without Label key
• 826dce1 Merge pull request #38917 from twangboy/update_jinja_mac
• 62e608b Update Jinja2 to 2.9.4
• b27733c Merge pull request #38925 from terminalmage/issue38540
• 76392fc Fix traceback when a netapi module uses wheel_async
• bd4474f Fix 'success' value for wheel commands
• 618596f Merge pull request #38926 from gtmanfred/2016.3
• 9cae953 add note about pysss for pam eauth
• PR #38937: (arthru) Fix smtp ret require gnupg @ 2017-01-26T20:08:16Z
• 0660cc3 Merge pull request #38937 from HashBangDev/fix-smtp-ret-require-gnupg
• 399556b Remove trailing whitespace
• f308d13 log an error on gnupg absence instead of raising an exception
• 0427879 fails if gpgowner is set in smtp returner config but the installation lacks gnupg module
• 27449c5 smtp returner does not require gnupg to be installed
• PR #38955: (techhat) Do a better job at error detection in runners @ 2017-01-26T20:00:18Z
• ISSUE #38816: (grichmond-salt) Errors in cloud runners are not reliably being captured as failures.
| refs: #38955
• d947c5c Merge pull request #38955 from techhat/issue38816
• ea8654f Typo
• 94050ff Watch out for bools
• 0142b0b Do a better job at error detection in runners
• PR #38953: (thatch45) fix an issue where thorium would remove keys of reattaching minions @
2017-01-26T19:15:59Z
• 04a5b05 Merge pull request #38953 from thatch45/thorium_keyfix
• 68e96b1 This is faster and cleaner
• 13d28a3 fix an issue where thorium would remove keys of reattaching minions
• 6b28a58 Add CLI Example for rest_sample_utils.get_test_string function (#38972)
• PR #38972: (rallytime) Add CLI Example for rest_sample_utils.get_test_string function | refs: #39030
• PR #38957: (mcalmer) Fix timezone handling for rpm installtime @ 2017-01-26T18:41:15Z
• 27166fa Merge pull request #38957 from mcalmer/fix-rpm-install_date-timezone
• c7da9f8 Fix timezone handling for rpm installtime
• PR #38965: (toanju) salt-cloud will use list_floating_ips for OpenStack @ 2017-01-26T16:44:12Z
• PR #34280: (kevinanderson1) salt-cloud will use list_floating_ips for Openstack | refs: #38965
• ec690a0 Merge pull request #38965 from toanju/2016.11
• 1253ce9 salt-cloud will use list_floating_ips for OpenStack
• PR #38949: (clinta) Use signing passphrase as public passphrase when generating self-sign… @
2017-01-25T20:20:58Z
• d906e8f Merge pull request #38949 from clinta/x509-passphrase-bug
• c8697e3 Use signing passphrase as public passphrase when generating self-signed certificates
• PR #38929: (MTecknology) Fix psutil regressions in 2016.11 @ 2017-01-25T20:17:41Z
• de3b2cc Merge pull request #38929 from MTecknology/2016.11
• 73a8c6d Load core grains only if required.
• 4966011 Modules might still be needed, even if psutil loads.
• fb0432f Fixes a regression with old versions of python-psutil.
• PR #38940: (isbm) Isbm sanitizers fix and unit test @ 2017-01-25T20:15:56Z
• 3ec806c Merge pull request #38940 from isbm/isbm-sanitizers-fix-and-unit-test
• a112b79 Fix typo
• 47a1691 Add unit test
• 046c543 Fix leading dots on sanitized hostname
• PR #38944: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-01-25T19:44:42Z
• ISSUE #38825: (IshMalik) file.managed multiple sources for redundency failure | refs: #38847
• ISSUE #38798: (ripta) match.compound fails to match when pillar data is used | refs: #38823
• ISSUE #37413: (Snarfingcode666) Salt-cloud vmware missing reboot command | refs: #38889 #38890
• ISSUE #36121: (Ashald) TemplateNotFound/Unable to cache file | refs: #38875
• PR #38890: (cro) Backport #38887 to 2016.3: Enable resetting a VM via salt-cloud & VMware driver
• PR #38883: (techhat) Don't require text_out path to exist
• PR #38875: (terminalmage) Reactor: fix traceback when salt:// path is nonexistent
• PR #38867: (mchugh19) Touch deploy.sh before use | refs: #38883
• PR #38851: (terminalmage) Support docker-py 2.0 in dockerng
• PR #38847: (terminalmage) Catch MinionError in file.source_list
• PR #38844: (cachedout) Fix memory leak in HTTP client
• PR #38833: (Ch3LL) add 2016.3.5 changelog to release notes
• PR #38823: (gtmanfred) pass pillar to compound matcher in match module
• PR #32026: (techhat) Don't require the decode_out file to already exist | refs: #38883
• e420763 Merge pull request #38944 from rallytime/merge-2016.11
• ee33a53 Merge branch '2016.3' into '2016.11'
• 405d86a Merge pull request #38847 from terminalmage/issue38825
• 11a4780 Use log.exception() instead
• e40fac5 Catch MinionError in file.source_list
• b5df104 Merge pull request #38875 from terminalmage/issue36121
• fbc4d2a reactor: ensure glob_ref is a string
• 2e443d7 cp.cache_file: add note re: return for nonexistent salt:// path
• e9ebec4 Merge pull request #38890 from cro/vmware_reset_vm_20163
• 0146562 Call correct function for resetting a VM
• c3fbfcd Merge pull request #38883 from techhat/dontrequire
• 67bc4d6 Don't require text_out path to exist
• 6430a45 Merge pull request #38851 from terminalmage/docker-py-2.0
• 3c061b2 Support docker-py 2.0 in dockerng
• ac8008d Merge pull request #38844 from cachedout/http_memory_leak
• c46bf85 Fix memory leak in HTTP client
• dfe6dfe Merge pull request #38823 from gtmanfred/2016.3
• f0a71e8 pass pillar to compound matcher in match module
• a04ab86 Merge pull request #38833 from Ch3LL/add_release_notes_2016.3.5
• 374dc1a skip 2016.3.5 due to :doc: references
• 31f324c add 2016.3.5 changelog to release notes
• PR #38900: (cro) Enable __proxy__ availability in states, highstate, and utils. Enable __utils__ for
proxies. @ 2017-01-25T19:36:48Z
• ISSUE #38753: (alexbleotu) __proxy__ dunder is not injected when invoking the salt variable in sls
files | refs: #38899 #38900 #38829
• ISSUE #38557: (alexbleotu) Proxy not working on develop | refs: #38829
• ISSUE #38265: (mirceaulinic) __utils__ object not available in proxy module | refs: #38899 #38900
#38829 #38829
• ISSUE #32918: (mirceaulinic) Proxy minions reconnection | refs: #38829
• PR #38899: (cro) Enable __proxy__ availability in states, highstate, and utils. Enable __utils__ for
proxies. | refs: #38900
• PR #38829: (cro) MANY dunder variable fixes for proxies + proxy keepalive from @mirceaulinic | refs:
#38899 #38900
• PR #37864: (mirceaulinic) Proxy keepalive feature | refs: #38829
• bd4889a Merge pull request #38900 from cro/px_dunder_201611
• 9a86fdd Remove extra call to salt.loader.utils.
• f4ba897 Resolve merge conflict
• PR #38918: (thatch45) Thorium typos @ 2017-01-25T19:00:40Z
• f94b879 Merge pull request #38918 from thatch45/thorium_typos
• 0b4aca9 fix some minor typos in the thorium docs
• 58a18e2 Add test= True to the master so that thorium does not stack trace
• PR #38919: (cachedout) Correctly pass subset to cmd_subset @ 2017-01-25T18:59:16Z
• ISSUE #38543: (amendlik) salt --subset returns wrong number of minions | refs: #38919
• 32fbb94 Merge pull request #38919 from cachedout/issue_38543
• a555de7 Correctly pass subset to cmd_subset
• PR #38922: (twangboy) Fix 64bit detection, vcredist only on <= 2008 @ 2017-01-25T18:47:41Z
• 6b3c738 Merge pull request #38922 from twangboy/fix_vcredist
• 214e1cc Fix 64bit detection, vcredist only on <= 2008
• PR #38923: (DmitryKuzmenko) Fixed broken __schedule_return handler. @ 2017-01-25T18:45:30Z
• ISSUE #38371: (syphernl) [2016.11.1] Scheduled highstates not returning to master | refs: #38923
• PR #36202: (hu-dabao) for 36049, log current connected master and make status module more useful and
efficient | refs: #38923 #38923
• 9546585 Merge pull request #38923 from DSRCorporation/bugs/38371_fix_schedule_return
• b18f675 Fixed broken __schedule_return handler.
• PR #38927: (l2ol33rt) Adding explicit install of python-systemd in jessie-backports on Debian Guide @
2017-01-25T18:21:18Z
• 828e9bd Merge pull request #38927 from l2ol33rt/debian_doc_fix
• 9cc9c61 Adding explicit call to python-systemd in jessie-backports
• PR #38889: (cro) Backport #38887 to 2016.11: Call correct function for resetting a VM @
2017-01-24T15:20:29Z
• ISSUE #37413: (Snarfingcode666) Salt-cloud vmware missing reboot command | refs: #38889 #38890
• 5ff5e97 Merge pull request #38889 from cro/vmware_reset_vm_201611
• 76a9920 Call correct function for resetting a VM
• PR #38891: (UtahDave) Proper function parameter default @ 2017-01-24T15:06:09Z
• 53d0aa8 Merge pull request #38891 from UtahDave/fix_cassandra_protocol_version
• c475609 Proper function parameter default
• PR #38904: (terminalmage) Add top file merging docs to the master config file documentation @
2017-01-24T14:59:26Z
• c680ee3 Merge pull request #38904 from terminalmage/docs
• 42a3652 Add top file merging docs to the master config file documentation
• PR #38885: (meaksh) Increasing timeouts for running integrations tests @ 2017-01-23T18:59:50Z
• 41a3055 Merge pull request #38885 from meaksh/2016.11-fix-tests-issues
• 4311b0b Increasing timeouts for running integrations tests
• PR #38639: (isbm) Isbm disable custom roster for api 2016.11 @ 2017-01-23T18:59:11Z
• bde6d3e Merge pull request #38639 from isbm/isbm-disable-custom-roster-for-api-2016.11
• ffbd450 Explain what it is about and how to configure that
• PR #38859: (alxwr) fix parsing of sockstat -4 @ 2017-01-23T16:47:22Z
• ec59ae6 Merge pull request #38859 from alxwr/2016.11
• 30fe564 fix parsing of sockstat -4
• PR #38850: (techhat) Strip .p from cache file names @ 2017-01-23T16:28:46Z
• 5fe6db6 Merge pull request #38850 from techhat/stripcache
• 109cb62 Remove .p from test
• 534aa3f Strip .p from cache file names
Salt 2016.11.4 Release Notes
Version 2016.11.4 is a bugfix release for 2016.11.0.
AIX Fixes
Added module execution support for user and group Added module execution support for timezone Added
module execution support for network and status Added module execution support for beacon.status Added
module execution support for disk.iostat
Minion Data Cache Fixes
Added Memcache booster for the minion data cache. Memcache is an additional cache layer that keeps a
limited amount of data fetched from the minion data cache for a limited period of time in memory that
makes cache operations faster. It doesn't make much sence for the localfs cache driver but helps for more
complex drivers like consul. For more details see memcache_expire_seconds and other memcache_* options
in the master config reverence.
Docker Fixes
• Docker authentication has been re-organized. Instead of attempting a login for each push/pull (which
was unnecessary), a new function called dockerng.login has been added, which authenticates to the
registry and adds the credential token to the ~/.docker/config.json. After upgrading, if you have not
already performed a docker login on the minion using the docker CLI, you will need to run
dockerng.login to login. This only needs to be done once.
• A bug in resolving the tag name for images in a custom registry (where a colon can appear in the image
name, e.g. myregistry.com:5000/image:tagname) has been fixed. In previous releases, Salt would use the
colon to separate the tag name from the image name, and if there was no colon, the default tag name of
latest would be assumed. However, this caused custom registry images to be misidentified when no
explicit tag name was passed (e.g. myregistry.com:5000/image). To work around this in earlier releases,
simply specify the tag name.
Salt-Cloud Fixes
2016.11.0 added support for templating userdata files for the ec2 driver, using the renderer option from
the master config file. However, as the default renderer first evaluates jinja templating, followed by
loading the data as a YAML dictionary, this results in unpredictable results when userdata files are
comprised of non-YAML data (which they generally are).
2016.11.4 fixes this by only templating the userdata_file when it is explicitly configured to do so. This
is done by adding a new optional parameter to the cloud profile called userdata_template. This option is
used in the same way as the template argument in file.managed states, it is simply set to the desired
templating renderer:
my-ec2-config:
# Pass userdata to the instance to be created
userdata_file: /etc/salt/my-userdata-file
userdata_template: jinja
If no userdata_template option is set in the cloud profile, then salt-cloud will check for the presence
of the master configuration parameter userdata_renderer. If this is also not set, then no templating will
be performed on the userdata_file.
In addition, the other cloud drivers which support setting a userdata_file (azurearm, nova, and
openstack) have had templating support added to bring them to feature parity with the ec2 driver's
implementation of the userdata_file option.
Changes for v2016.11.3..v2016.11.4
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2017-04-14T21:14:03Z
Statistics:
• Total Merges: 275
• Total Issue references: 98
• Total PR references: 334
Changes:
• PR #40685: (Ch3LL) Fix errno code for filecache test for other operating systems. @
2017-04-14T16:54:25Z
• 77028a6 Merge pull request #40685 from Ch3LL/fix_mac_file
• 9ea6e8b remove io and change to EROFS
• 688791f remove try-except and change errno
• e30afc4 add exception type
• acf333d change errno code for fileclient test
• PR #40689: (jbadson) Fixes bug that prevents syslog returner from working under Python 2.6 @
2017-04-14T10:45:13Z
• ISSUE #40688: (jbadson) Syslog returner does not work with Python 2.6 | refs: #40689 #40689
• bc70772 Merge pull request #40689 from jbadson/fix-syslog-returner
• e5a3a7d Fixes bug that prevents syslog returner from working under Python 2.6
• PR #40690: (thor) Fixes #40658: even clearer and working(!) Tomcat version handling @
2017-04-14T10:44:02Z
• ISSUE #40658: (sebw) State tomcat.war_deployed regression when WAR filename contains version | refs:
#40690
• 983d35a Merge pull request #40690 from thor/2016.11-tomcat
• 09145ea Fixes unindexed strfmt curly braces for python 2.6
• b78fc46 Fixes #40658: clearer version handling
• PR #40686: (twangboy) Fix 'salt-minion' service for Win 10 Creators Update 1703 @ 2017-04-13T20:00:12Z
• 3cd9a50 Merge pull request #40686 from twangboy/fix_service
• b6ac4aa Fix service for win10 update
• PR #40675: (gtmanfred) use loader for getting war version @ 2017-04-13T19:58:30Z
• ad4d683 Merge pull request #40675 from gtmanfred/2016.11
• a61fc82 use loader for war extraction
• PR #40680: (rallytime) Back-port #40598 to 2016.11 @ 2017-04-13T19:58:16Z
• ISSUE #38497: (chrisLeeTW) local_batch client ignore external auth | refs: #40598
• PR #40598: (mchugh19) Ensure batch uses passed eauth token or credentials | refs: #40680
• 7ea526f Merge pull request #40680 from rallytime/bp-40598
• cc1643e Fix netapi lint
• e790930 re-add batch support to cherrypy saltapi
• 6eec04b pop out of kwargs
• 260dd84 Create eauth dict for passing into batch class
• 5fb8190 Ensure batch uses passed eauth token or credentials
• PR #40681: (cachedout) Allow status beacon to run on all operating systems @ 2017-04-13T19:33:10Z
• db68df2 Merge pull request #40681 from cachedout/status_beacon
• ecbb0d1 Allow status beacon to run on all operating systems
• PR #40678: (Ch3LL) fix test_fstype test for mac @ 2017-04-13T19:20:32Z
• 39dd6e2 Merge pull request #40678 from Ch3LL/fix_mac_fstype
• 6072498 fix test_fstype test for mac
• PR #40665: (rallytime) Back-port #35665 to 2016.11 @ 2017-04-12T21:06:36Z
• PR #35665: (sthrasher) Speed up /jobs for salt-api when run under cherrypy. | refs: #40665
• 6df76f6 Merge pull request #40665 from rallytime/bp-35665
• 0f897b2 Switch from comprehension to logic used in jobs runner. This makes it easier to deal with
potential unicode in returns.
• 78dd629 Fix compat issues with /jobs return values.
• 4778bc7 Speed up /jobs for salt-api when run under cherrypy.
• PR #40666: (gtmanfred) make sure userdata is always defined in ec2 @ 2017-04-12T21:06:00Z
• 3e41a24 Merge pull request #40666 from gtmanfred/userdata
• 5e92fd0 make sure userdata is always defined in ec2
• PR #40662: (twangboy) Backport msi-conformant-version function @ 2017-04-12T18:49:23Z
• b245abb Merge pull request #40662 from twangboy/backport_msi_versioning
• 8258328 Backport msi-conformant-version function
• PR #40551: (terminalmage) Fix four issues in archive.extracted state @ 2017-04-12T18:37:52Z
• ISSUE #39868: (amontalban) archive.extracted issue when source_hash_update=True and extracted files
does not exist | refs: #40551 #40551
• 92b5f03 Merge pull request #40551 from terminalmage/issue39868
• a722ca9 archive.extracted: also cleanup fileclient's cached location
• 5ea1f60 Fix mocking in unit tests
• 8dfa51f Moar fixes for source_hash_update
• 7103707 Remove unnecessary versionadded lines
• a717881 Just get a hash for the source archive
• 9da4eb1 Check hash of cached source against source_hash before downloading archive
• ad24faa Fix three issues in archive.extracted state
• PR #40637: (twangboy) Add unicode_literals import @ 2017-04-12T16:55:03Z
• 0638418 Merge pull request #40637 from twangboy/fix_unicode_issues
• 021783d Add unicode_literals import
• PR #40651: (twangboy) Fix status.diskusage for Windows on Py3 @ 2017-04-12T16:21:29Z
• 491661f Merge pull request #40651 from twangboy/fix_diskusage_py3
• 7c5079e Correct capitalization problem with api call
• PR #40631: (gtmanfred) if grain is defined as None still convert in append @ 2017-04-12T16:19:16Z
• ISSUE #40624: (sumeetisp) Issue - grains.append | refs: #40631
• 3aabd85 Merge pull request #40631 from gtmanfred/grains
• b0bd99c add comment and unit test
• b21bc75 if grain is defined as None still convert in append
• PR #40629: (aabognah) Fixing issue # 40167 @ 2017-04-11T22:45:08Z
• ISSUE #40167: (alias454) file.replace diff results output showing additional characters | refs:
#40629
• 3737289 Merge pull request #40629 from aabognah/fix-bug-40167
• 28f7744 Fixing issue # 40167 with file.replace where the diff output does not display correctly.
• PR #40646: (twangboy) Keep network.py execution module @ 2017-04-11T22:03:02Z
• 2a22bea Merge pull request #40646 from twangboy/fix_win_network
• 0f7a81c Keep network.py execution module
• PR #40645: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-04-11T20:59:13Z
• ISSUE #39778: (Talkless) pkgrepo.managed state always report changes with test=True on APT system |
refs: #40571
• PR #40638: (rallytime) Back-port #40571 to 2016.3
• PR #40571: (terminalmage) pkgrepo.managed: properly handle comments for debian | refs: #40638
• e1f5a5d Merge pull request #40645 from rallytime/merge-2016.11
• 8de6497 Merge branch '2016.3' into '2016.11'
• 2ae9eaa Merge pull request #40638 from rallytime/bp-40571
• 2d1c4be pkgrepo.managed: properly handle comments for debian
• PR #40642: (DmitryKuzmenko) Correctly resolve relative cache path to absolute. @ 2017-04-11T20:43:57Z
• ISSUE #40594: (anlutro) salt-ssh file.recurse adds a lot of unwanted directories | refs: #40642
#40642
• ISSUE #38458: (duk3luk3) salt-ssh uses sudo to create cache dir, later fails to access it | refs:
#40442
• PR #40442: (gtmanfred) allow file_client to figure out cachedir | refs: #40642 #40642
• 6c4ae3c Merge pull request #40642 from DSRCorporation/bugs/40594_ssh_cachedir
• 055256c Correctly resolve relative cache path to absolute.
• PR #40609: (gtmanfred) stat_file when keep is set, instead of mirroring all file permissions @
2017-04-11T18:48:47Z
• ISSUE #40075: (afletch) salt-ssh temporary files - insecure permissions | refs: #40609
• 8492cef Merge pull request #40609 from gtmanfred/2016.11
• 6e34c2b stat file when placing it on server instead of caching
• PR #40620: (mateiw) SUSE specific changes to salt-api.service @ 2017-04-11T14:45:00Z
• 05ac613 Merge pull request #40620 from mateiw/2016.11-suse-saltapi-service
• ee911a7 suse specific changes to salt-api.service
• PR #40614: (gtmanfred) add retries on authentications of the salt minion reconnecting @
2017-04-10T22:42:16Z
• ISSUE #39463: (githubcdr) Transport TCP minions don't reconnect/recover | refs: #40614
• b0a2414 Merge pull request #40614 from gtmanfred/tcp
• a86b101 add retries on authentications of the salt minion reconnecting
• PR #40606: (kaszuba) Use correct exec_driver in dockerng.sls module @ 2017-04-10T22:25:31Z
• f7e121a Merge pull request #40606 from kaszuba/fix-dockerng-sls
• 3a0d61f Use correct exec_driver in dockerng.sls module
• PR #40615: (rallytime) Call out to _pki_minions() once, rather than in a loop in _check_list_minions()
@ 2017-04-10T22:22:18Z
• ISSUE #39863: (daswathn) Salt-Master not responding when the list of minions are high after upgrade
to 2016.11.2 | refs: #40615
• PR #34920: (cachedout) Key cache | refs: #40615
• b6cf948 Merge pull request #40615 from rallytime/fix-39863
• 1a9f03a Call out to _pki_minions() once, rather than in a loop in _check_list_minions()
• PR #40588: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-04-07T19:30:14Z
• PR #40567: (terminalmage) Allow pillar.get to merge list as well as dictionaries
• PR #40562: (terminalmage) Fix dockerng _get_client() regression | refs: #40563 #40563
• PR #40552: (terminalmage) Don't use __opts__.get() for hash_type
• PR #40548: (Ch3LL) Fix vultrpy
• PR #40481: (terminalmage) Backport auth and custom registry fixes from #40480 to 2016.3 branch |
refs: #40562 #40563
• 4fa58be Merge pull request #40588 from rallytime/merge-2016.11
• 5a419b8 Merge branch '2016.3' into '2016.11'
• 83f6d3d Merge pull request #40567 from terminalmage/fix-pillar-get-merge-lists
• cb4db56 Allow pillar.get to merge list as well as dictionaries
• a8304cd Merge pull request #40552 from terminalmage/fix-hash-type-refs
• 8c61f33 Don't use __opts__.get() for hash_type
• 705e1d8 Merge pull request #40562 from terminalmage/fix-get-client
• 7f1ef72 Fix dockerng _get_client() regression
• 00f8ef0 Merge pull request #40548 from Ch3LL/fix_vultrpy
• 7710355 check for salt install fail on vultur test
• aae3d14 fix vultr cloud race condition to match on 0*
• PR #40575: (rallytime) Back-port #40559 to 2016.11 @ 2017-04-07T15:42:26Z
• PR #40559: (jinm) Fix v3 for https://github.com/saltstack/salt/issues/38472 | refs: #40575
• 3d07f63 Merge pull request #40575 from rallytime/bp-40559
• 8280e52 Fix v3 for https://github.com/saltstack/salt/issues/38472
• PR #40576: (rallytime) Back-port #40573 to 2016.11 @ 2017-04-07T15:20:11Z
• PR #40573: (ardakuyumcu) Fix typo in IAM state for managed policies | refs: #40576
• 9041ca2 Merge pull request #40576 from rallytime/bp-40573
• 1218080 Fix typo in IAM state for managed policies
• PR #40563: (terminalmage) Merge-forward 2016.3 -> 2016.11 @ 2017-04-07T15:08:20Z
• ISSUE #40279: (pstengel) Salt fails to enable/disable services using systemd | refs: #40306
• ISSUE #39892: (The-Loeki) Salt-SSH reflects certain minion's opts as master opts for rendering |
refs: #40534
• ISSUE #31363: (eykd) git.latest with force_clone fails when it can't create a target directory that
already exists
• PR #40562: (terminalmage) Fix dockerng _get_client() regression | refs: #40563 #40563
• PR #40534: (terminalmage) Check master's ssh_minion_opts for fileserver/pillar values and ignore them
• PR #40505: (gtmanfred) update docs for logging handlers
• PR #40481: (terminalmage) Backport auth and custom registry fixes from #40480 to 2016.3 branch |
refs: #40562 #40563
• PR #40480: (terminalmage) Improved Docker auth handling and other misc. Docker improvements
• PR #40306: (terminalmage) Don't use context caching for gathering systemd services
• f8bc423 Merge pull request #40563 from terminalmage/merge-2016.3-2016.11
• 0c608d7 Add client_args_mock back to test
• a7a78da remove unused imports
• a6d68f5 Merge remote-tracking branch 'upstream/2016.3' into merge-2016.3-2016.11
• 0918311 Don't mark files that already were deleted as errors
• 51d88a1 Merge branch 'zer0def-fix-31363' into 2016.3
• 7f3cbd5 Merge branch 'fix-31363' of https://github.com/zer0def/salt into zer0def-fix-31363
• 3c750c2 Changed rm_rf's argument to actually remove intended file. (refs #31363)
• 9ed85f3 Remove directory content instead of directory itself when using force_clone in git.latest
state. (refs #31363)
• cfba4cb Merge pull request #40534 from terminalmage/issue39892
• ad88c58 Check master's ssh_minion_opts for fileserver/pillar values and ignore them
• 8da27c9 Merge pull request #40306 from terminalmage/issue40279
• 57ace1f Merge branch 'issue40279' of https://github.com/terminalmage/salt into issue40279
• 8bcdf1a Remove unused import for lint
• 808ad76 systemd.py: when getting all services, don't repeat gathering of systemd services
• 2d219af Don't use context caching for gathering systemd services
• 97caac4 Merge pull request #40481 from terminalmage/docker-auth-handling-2016.3
• dcef1e0 Make sure we keep the cached client when clearing context
• 1e2a04c Backport auth and custom registry fixes from #40480 to 2016.3 branch
• e62603d Merge pull request #40505 from gtmanfred/2016.3
• 6e2f908 update docs for logging handlers
• PR #40571: (terminalmage) pkgrepo.managed: properly handle comments for debian | refs: #40638 @
2017-04-06T21:55:46Z
• ISSUE #39778: (Talkless) pkgrepo.managed state always report changes with test=True on APT system |
refs: #40571
• fd757ff Merge pull request #40571 from terminalmage/issue39778
• 1916104 pkgrepo.managed: properly handle comments for debian
• PR #40572: (rallytime) Clean out kwargs dict in cloud.action before calling cloud driver function @
2017-04-06T21:53:40Z
• ISSUE #40278: (UtahDave) cloud.action giving errors on 2016.11.1 | refs: #40572
• b1698e8 Merge pull request #40572 from rallytime/fix-40278
• c978486 Clean out kwargs dict in cloud.action before calling cloud driver function
• PR #39882: (smarsching) Fix handling of trailing newlines on Windows @ 2017-04-06T21:12:24Z
• ISSUE #39842: (smarsching) File module removes trailing newline on Windows | refs: #39882
• 62d8ad2 Merge pull request #39882 from smarsching/issue-39842
• d485d1a Fix context for _splitlines_preserving_trailing_newline.
• 76cb7bf Fix trailing newlines on Windows (#39842).
• PR #40451: (isbm) Fileclient testcase (2016.11) @ 2017-04-06T19:53:31Z
• ae13de6 Merge pull request #40451 from isbm/isbm-fileclient-testcase-2016.11
• 74c6555 Add space before in-lint comment for lint
• 35fcb8b Fix race condition on cache directory creation
• aba9449 Lintfix (Py3 code compat)
• 9f9dc6e Add unit test case for fileclient
• PR #40564: (techhat) Update Azure ARM docs @ 2017-04-06T18:17:32Z
• ISSUE #40084: (podstava) profile fields in azurearm salt-cloud need to be actualized to sources |
refs: #40564
• 74366c5 Merge pull request #40564 from techhat/azuredocs
• 08d071b Update Azure ARM docs
• PR #40543: (rallytime) Add the "fingerprint_hash_type" option to ssh state and module @
2017-04-05T21:21:16Z
• ISSUE #40005: (vutny) ssh_known_hosts.present does not support SHA256 key fingerprints | refs: #40543
• cb9dcb1 Merge pull request #40543 from rallytime/fix-40005
• 1ef81e6 Add the "fingerprint_hash_type" option to ssh state and module
• PR #40540: (DmitryKuzmenko) A quick fix for Cache has no 'list' attribute. @ 2017-04-05T18:50:18Z
• PR #40494: (rallytime) [develop] Merge forward from 2016.11 to develop | refs: #40540 #40540
• 3f06955 Merge pull request #40540 from DSRCorporation/bugs/40494_merge_forward_cache_list_fix
• c0fd563 A quick fix for Cache has no 'list' attribute.
• PR #40464: (terminalmage) salt-cloud: Do not pass userdata_file through yaml renderer @
2017-04-05T17:32:07Z
• ISSUE #32662: (anlutro) salt-cloud: allow templating of EC2 userdata, similar to deploy script |
refs: #32698
• PR #32698: (techhat) Allow EC2 userdata to be templated | refs: #40464
• 28fc048 Merge pull request #40464 from terminalmage/userdata-renderer
• 84ee693 Nova and openstack don't accept base64-encoded userdata
• 73f4c43 Allow for userdata_template to be disabled in a cloud_profile
• 78b4798 Update compile_template test to use StringIO
• 5f7c561 Properly handle renderers which return StringIO objects
• d551b0d Bring in salt.utils.stringio from develop branch
• 6a6ef0a Move userdata templating to salt.utils.cloud
• b440d0c Update 2016.11.4 release notes for userdata_renderer -> userdata_template
• a6183d9 Preserve windows newlines in salt.template.compile_template()
• 04f02df Try to read compiled template as StringIO
• 79cc253b Only template the userdata_file if explicitly configured to do so
• b580654 Update cloud docs to reflect userdata_renderer -> userdata_template
• a6064fb Rename userdata_renderer -> userdata_template in master config docs
• 50f2b28 Remove userdata_renderer value
• cc2186f Add templating support for other cloud drivers that support userdata_file
• be8d34c ec2: Add support for using userdata_renderer to template userdata_file
• eddbd41 Openstack did not have templating support for userdata_file before 2016.11.4
• a85a416 Add userdata_renderer fix info to 2016.11.4 release notes
• 1111887 Add documentation for userdata_renderer
• 9ee2dcf Add userdata_renderer master config param
• PR #40530: (dmurphy18) Update release information for 2016.11.4 for additional AIX support @
2017-04-05T16:20:22Z
• 990bde4 Merge pull request #40530 from dmurphy18/aix_docupd
• fd93caf Added further support for functionality on AIX for 2016.11.4
• 17b5891 Update release information for new AIX support
• PR #40528: (dmurphy18) Allow for nightly build designations in Salt versions @ 2017-04-04T20:34:26Z
• 4d93269 Merge pull request #40528 from dmurphy18/salt_nightlybuild
• d62a119 Allow for nightly build designations in Salt versions
• PR #40465: (rallytime) Artifactory Execution & State Module: Fixup Error Handling @
2017-04-04T20:12:21Z
• ISSUE #37699: (gstachowiak) Artifactory state. Incorrect timeout error reporting. | refs: #40465
• 0ed3852 Merge pull request #40465 from rallytime/fix-37699
• 8f084f7 Update unit test to look for actual string comment
• ef664b4 Artifactory State: Only wrap main function call to module in try/except and wrap exc comment
in str()
• f1015e3 Artifactory Module: catch URLErrors as well as HTTPErrors
• PR #40497: (DmitryKuzmenko) Memcache documentation and minor updates. @ 2017-04-04T19:55:18Z
• ISSUE #39275: (yhekma) Cache backend gets hit a lot | refs: #40429 #40497
• PR #40429: (DmitryKuzmenko) MemCache - a minion data cache booster. | refs: #40468 #40468 #40497
• 7a04ed2 Merge pull request #40497 from DSRCorporation/features/39275_memcache
• 82c45b1 Memcache documentation and minor updates.
• PR #40504: (rallytime) Group checks for failhard setting in () in state.check_failhard function @
2017-04-04T19:53:48Z
• ISSUE #38683: (gstachowiak) require/order/failhard combination error | refs: #40504
• d654de5 Merge pull request #40504 from rallytime/fix-38683
• ede4c28 Group checks for failhard setting in () in state.check_failhard function
• PR #40503: (thatch45) first pass at adding support for pycryptodome installed as @ 2017-04-04T19:39:02Z
• 4d5d7d9 Merge pull request #40503 from thatch45/2016.11
• e21fd54 fix lint on the lint ignores...
• 6011324 pycryptodome adds RSA to the key header which the openssl
• 206dec6 fix the cryptodome version lookup for the versions report
• d3b7709 good catch
• 31c6a10 first pass at adding support for pycryptodome installed as
• PR #40525: (dmurphy18) Add support for disk.iostat on AIX @ 2017-04-04T19:31:41Z
• 0dd92c6 Merge pull request #40525 from dmurphy18/aix_dskiostat
• 7125372 Added support on AIX for disk.iostat
• PR #40496: (rallytime) Back-port #40415 to 2016.11 @ 2017-04-04T17:19:39Z
• PR #40415: (defanator) Fix boto_vpc.create_route() to work with interface_id | refs: #40496
• a6291b1 Merge pull request #40496 from rallytime/bp-40415
• f8b3006 Fix boto_vpc.create_route() to work with interface_id
• PR #40468: (techhat) Add __func_alias__ back in @ 2017-04-04T17:02:43Z
• ISSUE #39275: (yhekma) Cache backend gets hit a lot | refs: #40429 #40497
• PR #40429: (DmitryKuzmenko) MemCache - a minion data cache booster. | refs: #40468 #40468 #40497
• 3eb8e0b Merge pull request #40468 from techhat/cachealias
• 6ec0baa Swap around aliases
• 76e54a2 Add __func_alias__ back in
• PR #39109: (bdrung) Fix top_file_merging_strategy warning if env_order is set @ 2017-04-04T14:20:56Z
• ISSUE #29104: (adithep) Merging Order warning | refs: #39109
• 8c0befa Merge pull request #39109 from bdrung/fix-merge-order-warning
• fbf8fcf Simplify _get_envs() by using list comprehensions
• 74a3b06 Fix top_file_merging_strategy warning if env_order is set
• ec219b5 Remove duplicate client_envs variable definitions
• 85b9bb4 Fix label for RST link
• 16e19ea Merge branch 'thatch45-rand_m_doc' into 2016.11
• 6279f7c fix do to pre correct on python randome function
• 66b9515 Fix up the doc for failover clarity
• PR #40495: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-04-03T18:36:16Z
• ISSUE #37322: (kiemlicz) master_tops generating improper top file | refs: #40427
• PR #40427: (terminalmage) Clarify the master_tops documentation
• 02a1f64 Merge pull request #40495 from rallytime/merge-2016.11
• 8111909 Merge branch '2016.3' into '2016.11'
• 3d45a00 Merge pull request #40427 from terminalmage/clarify-master-tops-docs
• bda781d Grammar fix
• 0d7b0c4 Improve the master_tops documentation
• d27340a Add saltutil.sync_tops runner func
• PR #40466: (dmurphy18) Support for execution module status on AIX @ 2017-04-01T00:28:51Z
• ac82972 Merge pull request #40466 from dmurphy18/aix_status
• 7c0b30d Support for AIX
• PR #40429: (DmitryKuzmenko) MemCache - a minion data cache booster. | refs: #40468 #40468 #40497 @
2017-03-31T20:21:00Z
• ISSUE #39275: (yhekma) Cache backend gets hit a lot | refs: #40429 #40497
• fdb0250 Merge pull request #40429 from DSRCorporation/features/39275_memcache
• 4475d17 In-memory minion data cache.
• PR #40442: (gtmanfred) allow file_client to figure out cachedir | refs: #40642 #40642 @
2017-03-31T20:14:27Z
• ISSUE #38458: (duk3luk3) salt-ssh uses sudo to create cache dir, later fails to access it | refs:
#40442
• 31d4e69 Merge pull request #40442 from gtmanfred/salt-ssh
• 8367735 allow file_client to figure out cachedir
• PR #40456: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-03-31T17:51:11Z
• ISSUE #39854: (Foxlik) quoted space in authorized_keys confuses ssh.py | refs: #39855
• PR #40379: (rallytime) Create a unit test for the _replace_auth_key function in the ssh module
• PR #40371: (terminalmage) Fix path handling for masterless gitfs on Windows
• PR #39855: (Foxlik) Use regular expression instead of split when replacing authorized_keys | refs:
#40379
• 0cfcd18 Merge pull request #40456 from rallytime/merge-2016.11
• 0da4c46 Merge branch '2016.3' into '2016.11'
• c26f4cc Merge pull request #40371 from terminalmage/pr-40344
• a8bcaa7 Force use of posixpath when joining salt fileserver paths in gitfs
• cafa08d Add ability for salt.utils.path_join to force the use of posixpath
• df9df82 Merge pull request #40379 from rallytime/tests-for-39855
• 96259d6 Lint fix
• 4f7ac14 Create a unit test for the _replace_auth_key function in the ssh module
• PR #40443: (gtmanfred) prepend ssh_log_file with root_dir @ 2017-03-31T09:23:46Z
• 8617be9 Merge pull request #40443 from gtmanfred/sshlog
• 7f6046d prepend ssh_log_file with root_dir
• PR #40376: (nmadhok) Backporting changes in vmware cloud driver from develop branch to 2016.11 branch @
2017-03-30T22:35:13Z
• 132d8b7 Merge pull request #40376 from nmadhok/2016.11
• dd62310 Adding unit tests for vmware_test
• 36edf0a Add additional VMware related exceptions
• 034ef30 Remove old vmware unit tests
• 7c14488 Backporting changes in vmware cloud driver from develop branch to 2016.11 branch
• PR #40387: (redbaron4) More complete fix for 39692 @ 2017-03-30T22:29:05Z
• ISSUE #39692: (djsly) tuned module and state are broken on 7.3 families. | refs: #39719 #39768
#40387 #40387
• dfaa670 Merge pull request #40387 from redbaron4/fix-39692
• 77a40a0 Lint fixes
• 8c1adfa More complete fix for 39692
• PR #40404: (roaldnefs) Fix for fixtures in the djangomod module @ 2017-03-30T22:26:09Z
• ISSUE #7287: (dragozov) django.loaddata treats fixture list as arguments and prepends "--" for each |
refs: #40404 #40404
• 313d216 Merge pull request #40404 from roaldnefs/fix-djangomod-loaddata
• 92285cb Fix for fixtures in the djangomod module
• PR #40416: (lorengordon) Adds some missing file functions on Windows @ 2017-03-30T22:22:44Z
• 5379899 Merge pull request #40416 from lorengordon/win-file-funcs
• 8edaf25 Adds some missing file functions on Windows
• PR #40418: (lorengordon) Closes handle to temporary file before returning the path @
2017-03-30T22:22:03Z
• ISSUE #40417: (lorengordon) temp.file does not close the file handle | refs: #40418
• 1f5d6b8 Merge pull request #40418 from lorengordon/close-temp-file
• 7baf280 Closes handle to temporary file before returning the path
• PR #40430: (twangboy) Fix logic for __virtual__ in win_dsc and win_psget @ 2017-03-30T22:06:16Z
• 5c78d55 Merge pull request #40430 from twangboy/fix_virtual
• 08e95ce Add logging on __virtual__ failures
• 43ecb1a Fix logic for __virtual__
• PR #40431: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-03-30T21:37:39Z
• ISSUE #40396: (aesdana) rabbitmq module fails on version comparison if version contains
debian_revision | refs: #40407
• PR #40424: (terminalmage) Fix open filehandles
• PR #40407: (aesdana) Added split to cut off debian_revision from rabbitmq-server version
• PR #40399: (terminalmage) Add docker-py version to the versions report
• PR #40391: (Ch3LL) initial commit of the 2016.3.7 release notes
• PR #40368: (Ch3LL) [2016.3] Bump previous version to 2016.3.6
• b855f29 Merge pull request #40431 from rallytime/merge-2016.11
• d5576d7 Merge branch '2016.3' into '2016.11'
• b6770fd Merge pull request #40407 from aesdana/fix_rabbitmq_version_check
• 4c0763f Added split to cut off debian_revision from rabbitmq-server version Fixes #40396
• d4fb45d Merge pull request #40424 from terminalmage/fix-open-filehandle
• 6625126 Fix open filehandles
• 8708096 Merge pull request #40399 from terminalmage/docker-py_version
• 14c6575 Add docker-py version to the versions report
• ff1266b Merge pull request #40391 from Ch3LL/2016.3.7_release_notes
• f532ec5 initial 2016.3.7 release notes
• 96bf942 Merge pull request #40368 from Ch3LL/bump_version_3
• a02fa7d [2016.3] Bump previous version to 2016.3.6
• PR #40401: (roaldnefs) fix Ubuntu notation in docs/faq.rst @ 2017-03-29T20:28:31Z
• 7d900d3 Merge pull request #40401 from roaldnefs/fix-doc-faq
• 21f161f fix Ubuntu notation in docs/faq.rst
• PR #40390: (rallytime) Back-port #37795 to 2016.11 @ 2017-03-29T19:05:12Z
• ISSUE #29028: (kevins9) state.sls fails to render state with pillar data: Jinja variable 'dict
object' has no attribute | refs: #37795
• PR #37795: (jettero) please tell me where is the “error: 'dict' object has no …” | refs: #40390
• 70a3f96 Merge pull request #40390 from rallytime/bp-37795
• 1ba1557 Pylint fix
• ec65924 please tell me where is the "error: 'dict' object has no attribute 'seek'" ??
• PR #40395: (rallytime) Handle AttributeError for dockerng_mod.docker attempt fails and docker is
installed @ 2017-03-29T17:47:11Z
• f8fbfff Merge pull request #40395 from rallytime/catch-attribute-error-docker-test
• 99c8dcc Handle AttributeError for dockerng_mod.docker attempt fails and docker is installed
• PR #40362: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-03-28T22:50:32Z
• PR #40264: (meaksh) Makes sure "gather_job_timeout" is an Integer
• d7d3d68 Merge pull request #40362 from rallytime/merge-2016.11
• 4f1543c Merge branch '2016.3' into '2016.11'
• 1381f97 Merge pull request #40264 from meaksh/2016.3-gather_job_timeout-fix
• 68dccae Makes sure "gather_job_timeout" is an integer
• PR #40372: (zer0def) Fixes related to cache directory argument changes in pip>=6. @
2017-03-28T22:48:41Z
• 2febd05 Merge pull request #40372 from zer0def/pip-cache-fixes
• d68067f Merge remote-tracking branch 'main/2016.11' into pip-cache-fixes
• 4f23a23 Fixed the test_install_download_cache_argument_in_resulting_command to accommodate introduced
cache directory argument fixes and renamed it to
test_install_download_cache_dir_arguments_in_resulting_command.
• 9d0f94e Fixed unnecessary API changes introduced with suggested changes.
• PR #40369: (Ch3LL) [2016.11] Bump previous version to 2016.3.6 @ 2017-03-28T18:50:39Z
• 6162698 Merge pull request #40369 from Ch3LL/bump_version_11
• 7597d96 [2016.11] Bump previous version to 2016.3.6
• PR #40333: (gtmanfred) fix some test=True comments @ 2017-03-28T16:11:01Z
• ISSUE #40322: (Whissi) ssh_auth.absent: Wrong comment when test=True | refs: #40333
• ISSUE #40321: (Whissi) state.alternatives: Wrong comment when test=True | refs: #40333
• 2d2cb5b Merge pull request #40333 from gtmanfred/2016.11
• 5596620 fix some test=True comments
• PR #40347: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-03-28T02:39:31Z
• PR #40345: (twangboy) Fix osx build
• PR #40338: (UtahDave) Upstream cherrypy moved to Github from Bitbucket
• bb37f13 Merge pull request #40347 from rallytime/merge-2016.11
• e77e86d Merge branch '2016.3' into '2016.11'
• 17ab1da Merge pull request #40345 from twangboy/fix_osx_build
• 3207d67 Fix osx build
• 7ab1049 Merge pull request #40338 from UtahDave/fix_cherrypy_ssl_error_link
• 280b501 Upstream cherrypy moved to Github from Bitbucket
• PR #40346: (cachedout) Revert "Fixes related to cache directory argument changes in pip>=6." @
2017-03-27T23:17:29Z
• PR #40332: (zer0def) Fixes related to cache directory argument changes in pip>=6. | refs: #40346
• a572b46 Merge pull request #40346 from saltstack/revert-40332-pip-cache-fixes
• b4753d1 Revert "Fixes related to cache directory argument changes in pip>=6."
• PR #40326: (L4rS6) Update mount state documentation (Fixes: #40296) @ 2017-03-27T23:15:53Z
• ISSUE #40296: (L4rS6) Wrong documentation in mount.mounted | refs: #40326
• a91bab8 Merge pull request #40326 from L4rS6/update-mount-state-doc
• a717c52 Update mount state documentation (Fixes: #40296)
• PR #40328: (L4rS6) Fixes wrong compared extra_mount_ignore_fs_keys key. @ 2017-03-27T23:14:22Z
• ca2980c Merge pull request #40328 from L4rS6/fix-mount-state-extra-ignore-fs-key
• f0f68b9 Fixes wrong compared extra_mount_ignore_fs_keys key.
• PR #40329: (isbm) Merge tops (backport) @ 2017-03-27T23:13:47Z
• 3a6c5d0 Merge pull request #40329 from isbm/isbm-merge-tops-201611
• a762c9e Merge output from master_tops
• PR #40285: (rallytime) Dockerng unit tests fixes: isolate global variables @ 2017-03-27T23:05:03Z
• 2b7b2f1 Merge pull request #40285 from rallytime/docker-test-fixes
• 0f263a5 Mock out the get_client_args mocks in the dockerng module tests more aggressively
• f1352fe Add one more dockerng.version mock that was missed previously
• 0d31d2c Add a couple more patches for docker.version information
• a9c5eeb Clean up dockerng unit tests to avoid global variables and fixup some patching
• PR #40341: (twangboy) Fix service.create, fix docs @ 2017-03-27T21:46:19Z
• 01efc84 Merge pull request #40341 from twangboy/fix_win_service
• 6736457 Docs for create
• 652cf08 Fix service.create, fix docs
• PR #40332: (zer0def) Fixes related to cache directory argument changes in pip>=6. | refs: #40346 @
2017-03-27T21:01:15Z
• 8eabcca Merge pull request #40332 from zer0def/pip-cache-fixes
• 7976840 Fixes related to cache directory changes in pip>=6.
• PR #40337: (Ch3LL) Add archive.extracted with use_cmd_unzip argument @ 2017-03-27T21:00:23Z
• ceba1b9 Merge pull request #40337 from Ch3LL/add_unzip_test
• 8b21b4c add use_cmd_unzip test
• PR #40312: (rallytime) Update minion data cache documentation @ 2017-03-27T20:56:55Z
• a192597 Merge pull request #40312 from rallytime/cache-docs
• 5363e0b Update minion data cache documentation
• PR #40315: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-03-27T15:11:25Z
• PR #40300: (meaksh) Fixes 'timeout' and 'gather_job_timeout' kwargs parameters for 'local_batch'
client
• 7f16754 Merge pull request #40315 from rallytime/merge-2016.11
• c65d602 Merge branch '2016.3' into '2016.11'
• 7c21153 Merge pull request #40300 from meaksh/2016.3-adding-timeouts-parameters-to-cmd_batch
• 9174e6f Fixes testing opts dict for batch unit tests
• b1de79a Adds custom 'timeout' and 'gather_job_timeout' to 'local_batch' client
• PR #40313: (techhat) Add minimum and maximum to calls to calc @ 2017-03-27T14:54:15Z
• a9a73bf Merge pull request #40313 from techhat/calcref
• 7106a86 Use named kwargs
• 822f3b8 Add minimum and maximum to calls to calc
• PR #40277: (eldadru) Fixing boto_rds.py delete() wait_for_deletion, if statement was inco… @
2017-03-24T22:29:25Z
• ISSUE #40247: (eldadru) boto_rds.delete wait_for_deletion checks rds status incorrectly and always
loop until timeout | refs: #40277
• 9d0762d Merge pull request #40277 from eldadru/Fix-40247-boto_rds-delete-wait-for-deletion-failure
• 3c15a32 Fixing boto_rds.py delete() wait_for_deletion, if statement was incorrectly checking the
return value of boto_rds.py exists() method.
• PR #40280: (bewing) Clean up temporary file in net.load_template @ 2017-03-24T22:27:04Z
• PR #40273: (bewing) Clean up temporary file in net.load_template | refs: #40280
• 6c29c81 Merge pull request #40280 from bewing/bp_40273
• f028e93 Clean up temporary file in net.load_template
• PR #40310: (gtmanfred) add warning when no host/dns record is found for fqdn_ip @ 2017-03-24T21:55:20Z
• ISSUE #37972: (ebauman) salt-run execution for master with no AAAA record adds significant execution
time | refs: #40310
• 839b620 Merge pull request #40310 from gtmanfred/2016.11
• cff027d add warning when no host/dns record is found for fqdn
• PR #40288: (dmurphy18) Execution module network support for AIX @ 2017-03-24T20:10:36Z
• eb86d55 Merge pull request #40288 from dmurphy18/aix_network
• b53a95d Further update to us in similar to review comments
• 59c0bdc Updated for review comments
• 031c945 Execution module network support for AIX
• PR #40308: (rallytime) Back-port #38835 to 2016.11 @ 2017-03-24T19:00:46Z
• PR #38835: (UtahDave) Cache docs | refs: #40308
• 4928026 Merge pull request #40308 from rallytime/bp-38835
• 3ba50d3 add info about what is cached
• 77e8f6a fix config example
• 61f2fa9 Add documentation for the Minion data cache
• PR #40287: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-03-24T16:50:23Z
• ISSUE #40251: (sergeizv) Cloud roster doesn't work | refs: #40201
• ISSUE #40219: (Azidburn) Broken pkg.installed with sources | refs: #40265
• ISSUE #31005: (jfindlay) cloud roster not working | refs: #40201
• PR #40275: (UtahDave) remove reference to auth_minion.
• PR #40265: (terminalmage) Fix two mod_aggregate bugs in pkg states
• PR #40260: (lubyou) Use win32api.FormatMessage to cover more system codes
• PR #40201: (sergeizv) Cloud roster fixes
• 12a9fc4 Merge pull request #40287 from rallytime/merge-2016.11
• 7741536 Merge branch '2016.3' into '2016.11'
• 0e2d52c Merge pull request #40260 from lubyou/fix-join_domain
• 1cb15d1 use win32api.FormatMessage() to get the error message for the system code
• 0c62bb3 Merge pull request #40275 from UtahDave/2016.3local
• 9f0c980 remove reference to auth_minion.
• 57ce474 Merge pull request #40265 from terminalmage/issue40219
• 1a731e0 Pop off the version when aggregating pkg states
• 0055fda Properly aggregate version when passed with name
• 62d76f5 Don't aggregate both name/pkgs and sources in pkg states
• b208630 Merge pull request #40201 from sergeizv/cloud-roster-fixes-2016.3
• d87b377 cloud roster: Don't stop if minion wasn't found in cloud cache index
• a6865e0 cloud roster: Check whether show_instance succeeded on node
• 1b45c8e cloud roster: Check provider and profile configs for ssh_username
• a18250b cloud roster: Return proper target name
• 637930b cloud roster: Fix extracting instance's info
• dd1d3aa cloud roster: Work with custom conf dir
• PR #40250: (techhat) Add wait_for_fun() to set_tags() @ 2017-03-23T16:42:13Z
• PR #40225: (techhat) Add wait_for_fun() to set_tags() | refs: #40239 #40250
• b7f9100 Merge pull request #40250 from techhat/settags
• baff7a0 Add wait_for_fun() to set_tags()
• PR #40255: (lomeroe) backport #40253 @ 2017-03-23T16:36:44Z
• ISSUE #39976: (peterhirn) win_lgpo missing policies, eg. Prevent the usage of OneDrive for file
storage | refs: #40253 #40255
• PR #40253: (lomeroe) correct method of getting 'text' of the XML object to compare to the … | refs:
#40255
• 904e144 Merge pull request #40255 from lomeroe/fix_39976_2016.11
• 0e9f582 backport #40253
• PR #40240: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-03-23T14:14:11Z
• ISSUE #40203: (frogunder) 2016.3.6. Minion don't connect to older master. | refs: #40206
• ISSUE #40149: (jettero) Error 2 encountered trying to check sysvinit scripts: No such file or
directory | refs: #40226
• ISSUE #39854: (Foxlik) quoted space in authorized_keys confuses ssh.py | refs: #39855
• PR #40237: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 | refs: #40240
• PR #40232: (rallytime) Update release notes for 2016.3.6
• PR #40226: (terminalmage) Fix wrong errno in systemd.py
• PR #40221: (rallytime) Back-port #39179 to 2016.3
• PR #40206: (cro) Leave sign_pub_messages off by default.
• PR #40196: (twangboy) Update dependencies for PyOpenSSL
• PR #40193: (rallytime) Back-port #40117 to 2016.3
• PR #40184: (terminalmage) Link to minion start reactor example from FAQ.
• PR #40117: (narendraingale2) Fix force remove | refs: #40193
• PR #39855: (Foxlik) Use regular expression instead of split when replacing authorized_keys | refs:
#40379
• PR #39179: (mcalmer) fix error parsing | refs: #40221
• 720a362 Merge pull request #40240 from rallytime/merge-2016.11
• 5c5b74b Merge branch '2016.3' into '2016.11'
• 35ced60 Merge pull request #40226 from terminalmage/issue40149
• 2a8df93 Fix wrong errno in systemd.py
• 24c4ae9 Merge pull request #40232 from rallytime/update-release-notes
• 2ead188 Update release notes for 2016.3.6
• c59ae9a Merge pull request #39855 from Foxlik/use_regex_to_compare_authorized_keys
• d46845a Add newline at end of file
• d4a3c8a Use regular expression instead of split when replacing authorized_keys
• fd10430 Merge pull request #40221 from rallytime/bp-39179
• 07dc2de fix error parsing
• a27a2cc Merge pull request #40206 from cro/sign_pub_take2
• 01048de leave sign_pub_messages off on minion by default.
• a82b005 Leave sign_pub_messages off by default.
• d1abb4c Merge pull request #40193 from rallytime/bp-40117
• cf18579 More optimization.
• 5a08266 Removed debug statemnt
• f557f7c Added fix for issue 39393
• bb62278 Reverting changes.
• a9107cd Added if condition for broken link.
• 0f1ff4d Merge pull request #40196 from twangboy/win_fix_deps
• 6761527 Update dependencies for PyOpenSSL
• b050151 Merge pull request #40184 from terminalmage/link-reactor-example
• a42be82 Link to minion start reactor example from FAQ.
• PR #40231: (rallytime) Back-port #40030 to 2016.11 @ 2017-03-22T23:14:40Z
• ISSUE #39445: (systemtrap) state file.copy for directories does not set ownership recursively | refs:
#40030
• PR #40030: (narendraingale2) Added changes for fix_39445 | refs: #40231
• c403762 Merge pull request #40231 from rallytime/bp-40030
• 4d1c687 Using lchown insted of chown.
• 52b3d98 Added changes for fix_39445
• PR #40239: (cachedout) Revert "Add wait_for_fun() to set_tags()" @ 2017-03-22T22:59:16Z
• PR #40225: (techhat) Add wait_for_fun() to set_tags() | refs: #40239 #40250
• e39f5cb Merge pull request #40239 from saltstack/revert-40225-waitforfun
• 95bdab8 Revert "Add wait_for_fun() to set_tags()"
• PR #40225: (techhat) Add wait_for_fun() to set_tags() | refs: #40239 #40250 @ 2017-03-22T18:15:35Z
• 11d2f5a Merge pull request #40225 from techhat/waitforfun
• 89b5010 Add wait_for_fun() to set_tags()
• PR #40172: (dmurphy18) Fix solaris network @ 2017-03-22T17:41:56Z
• c8cfbb7 Merge pull request #40172 from dmurphy18/fix_solaris_network
• a6218b9 Updated use of tail on Solaris and Sun-like OS
• 90e6a1d Further update to support correct tail in network for Solaris
• 5b6d33d Fix use of correct tail on Solaris for active_tcp
• PR #40210: (rallytime) Skip flaky test for now @ 2017-03-22T16:34:41Z
• e9a4e85 Merge pull request #40210 from rallytime/test-skip
• 0ba773d Skip flaky test for now
• PR #40209: (sofixa) change InfluxDB get_version to expect status code 204 @ 2017-03-21T21:42:26Z
• ISSUE #40204: (sofixa) InfluxDB returner present on salt-minion(installed via salt-bootstrap and
updated via apt-get) has a bug | refs: #40209
• 0b00489 Merge pull request #40209 from sofixa/2016.11
• e1cc723 change InfluxDB get_version to expect status code 204
• PR #40202: (cro) Revert "Add special token to insert the minion id into the default_include path" @
2017-03-21T21:37:33Z
• ISSUE #39775: (mirceaulinic) Proxy mine_interval config ignored | refs: #39776 #39935
• PR #39935: (cro) Add special token to insert the minion id into the default_include path | refs:
#40202
• 66bc680 Merge pull request #40202 from saltstack/revert-39935-namespace_proxy_cfg
• bb71710 Revert "Add special token to insert the minion id into the default_include path"
• PR #40199: (whiteinge) Ponysay emergency hotfix @ 2017-03-21T21:10:21Z
• d8f0b79 Merge pull request #40199 from whiteinge/ponysay-emergency-hotfix
• 85ea61b Add depends note
• 5a271ac Fix ponysay outputter hardcoded path
• PR #40194: (terminalmage) Change imports for dockerng tests @ 2017-03-21T19:34:55Z
• 82cee58 Merge pull request #40194 from terminalmage/fix-docker-test-imports
• 6caedb0 Change imports for dockerng tests
• PR #40189: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-03-21T18:02:51Z
• PR #40182: (terminalmage) Add support for "stopped" state to dockerng's mod_watch
• PR #40171: (Ch3LL) additional PRs/issues for 2016.3.6 release notes
• PR #40159: (cro) Turn on sign_pub_messages by default.
• PR #40122: (meaksh) Adding "pkg.install downloadonly=True" support to yum/dnf execution module
• PR #40120: (sergeizv) gce: Exclude GCENodeDriver objects from _expand_node result
• 0b512f9 Merge pull request #40189 from rallytime/merge-2016.11
• a55c413 Merge branch '2016.3' into '2016.11'
• d4e6c58 Merge pull request #40182 from terminalmage/dockerng-mod_watch-stopped
• 4629a26 Add support for "stopped" state to dockerng's mod_watch
• a0b4082 Merge pull request #40171 from Ch3LL/2016.3.6_release
• 9c6d8d8 additional PRs/issues for 2016.3.6 release notes
• 33ba782 Merge pull request #40120 from sergeizv/gce-expand-node-fix
• 9d0fbe7 gce: Exclude GCENodeDriver objects from _expand_node result
• 4884397 Merge pull request #40122 from meaksh/2016.3-yum-downloadonly-support
• 067f3f7 Adding downloadonly support to yum/dnf module
• 60e1d4e Merge pull request #40159 from cro/sign_pub
• e663b76 Fix small syntax error
• 0a0f46f Turn on sign_pub_messages by default. Make sure messages with no 'sig' are dropped with
error when sign_pub_messages is True.
• PR #40034: (sp1r) Disallow modification of jobs from pillar with schedule execution module @
2017-03-21T16:36:34Z
• ISSUE #39779: (sp1r) Pillar scheduling is broken | refs: #40034
• ISSUE #38523: (MorphBonehunter) schedule not changed on pillar update after minion restart | refs:
#40034
• ISSUE #36134: (Ch3LL) carbon: multi-master with failover does not failover when master goes down |
refs: #36437
• PR #36437: (DmitryKuzmenko) Keep the schedule jobs in ONE place. | refs: #40034 #40034
• d9cb222 Merge pull request #40034 from sp1r/fix-pillar-scheduling
• 595f786 fix evaluating jobs when "pillar" is missing in opts
• 9d5db19 fix initial data structure for schedule tests
• d3a2489 schedule tests to ensure pillar jobs are not modified
• 27385ff added a check ensuring schedule is a dict before merging
• 14d7191 Fixes #39779
• PR #40160: (eldadru) Fix this issue: https://github.com/saltstack/salt/issues/40073, descr… @
2017-03-20T21:37:43Z
• 257c862 Merge pull request #40160 from eldadru/fix-issue-40073-boto-rds-describe-empty-dict
• 954c871 Fix this issue: https://github.com/saltstack/salt/issues/40073, describe return dictionary
returned empty , probably as result of incorrect past merge (see discussion on issue)
• PR #40162: (rallytime) Make sure the tornado web server is stopped at the end of the test class @
2017-03-20T20:35:21Z
• aec5041 Merge pull request #40162 from rallytime/archive-integration-test-fixes
• dd193cc Make sure the tornado web server is stopped at the end of the test class
• PR #40158: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-03-20T20:34:23Z
• ISSUE #39995: (frogunder) Head of Develop - Multimaster error | refs: #40141
• ISSUE #39118: (bobrik) Minion ipv6 option is not documented | refs: #39289
• PR #40141: (bobrik) Use the first address if cannot connect to any
• PR #40123: (twangboy) Adds support for inet_pton in Windows to network util
• PR #39289: (bobrik) Autodetect IPv6 connectivity from minion to master | refs: #39766 #40141
• 461e15f Merge pull request #40158 from rallytime/merge-2016.11
• 88f3ebd Remove extra "connect" kwarg caught by linter
• f4d4768 Merge branch '2016.3' into '2016.11'
• 28e4fc1 Merge pull request #40123 from twangboy/win_fix_network
• 06dfd55 Adds support for inet_pton in Windows to network util
• 35ddb79 Merge pull request #40141 from bobrik/fallback-resolve
• af1545d Use the first address if cannot connect to any
• PR #40165: (rallytime) Don't try to run the dockerng unit tests if docker-py is missing @
2017-03-20T20:33:19Z
• b235f09 Merge pull request #40165 from rallytime/gate-docker-unit-tests
• f32d8a8 Don't try to run the dockerng unit tests if docker-py is missing
• PR #40085: (mirceaulinic) VRF arg and better doc for ping and traceroute @ 2017-03-20T19:48:57Z
• db9fb58 Merge pull request #40085 from cloudflare/fix-ping-tr
• 6cbdd61 Strip trailing whitespaces
• 897a2a3 VRF arg and better doc for ping and traceroute
• PR #40095: (skizunov) dns_check should not try to connect when connect=False @ 2017-03-17T17:31:42Z
• 3bac06f Merge pull request #40095 from skizunov/develop2
• 880790f dns_check should not try to connect when connect=False
• PR #40096: (skizunov) When building up the 'master_uri_list', do not try to connect @
2017-03-17T17:13:41Z
• 31da90e Merge pull request #40096 from skizunov/develop3
• eb9a0a6 When building up the 'master_uri_list', do not try to connect
• PR #40111: (eldadru) Fixing simple issue 40081 - the key parameter of the method create ov… @
2017-03-17T17:00:03Z
• 5303386 Merge pull request #40111 from
eldadru/fix-issue-40081-boto-rds-create-overwritten-key-parameter
• 78b5d11 Fixing simple issue 40081 - the key parameter of the method create overwritten by internal
loop.
• PR #40118: (rallytime) Add CLI Example for dockerng.get_client_args @ 2017-03-17T16:34:13Z
• d2e376e Merge pull request #40118 from rallytime/cli-example
• bb496bb Add CLI Example for dockerng.get_client_args
• PR #40097: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-03-17T15:17:08Z
• PR #40090: (rallytime) Back-port #40056 to 2016.3
• PR #40059: (terminalmage) Fix traceback when virtualenv.managed is invoked with nonexistent user
• PR #40057: (cachedout) More mentionbot blacklists
• PR #40056: (thatch45) update mention bot blacklist | refs: #40090
• baef500 Merge pull request #40097 from rallytime/merge-2016.11
• ef1ff38 Merge branch '2016.3' into '2016.11'
• 116201f Merge pull request #40059 from terminalmage/fix-virtualenv-traceback
• e3cfd29 Fix traceback when virtualenv.managed is invoked with nonexistent user
• a01b52b Merge pull request #40090 from rallytime/bp-40056
• ae012db update mention bot blacklist
• d1570bb Merge pull request #40057 from cachedout/ollie_blacklist
• 0ac2e83 Merge branch '2016.3' into ollie_blacklist
• 5592c68 More mentionbot blacklists
• PR #40077: (mirceaulinic) Fix #39771 (Empty __proxy__ dunder inside scheduler) @ 2017-03-16T20:56:02Z
• ISSUE #39771: (mirceaulinic) Empty __proxy__ dunder inside scheduler
• 9ef3e07 Merge pull request #40077 from cloudflare/fix-39771
• cd319e7 Add proxy kwarg to scheduler
• c6e6dd1 ProxyMinion: correctly build the scheduler
• PR #40088: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-03-16T19:58:44Z
• ISSUE #40036: (oogali) UnboundLocalError: local variable 'ifcfg' referenced before assignment | refs:
#40053
• ISSUE #40011: (tsaridas) salt-minion does not shutdown properly 2016.11.3 rh6 | refs: #40041
• PR #40070: (Ch3LL) update 2016.3.6 release notes with additional PR's
• PR #40053: (gtmanfred) Update rh_ip.py
• PR #40041: (terminalmage) Fix transposed lines in salt.utils.process
• PR #40038: (velom) correctly parse "pkg_name===version" from pip freeze
• PR #40018: (meaksh) Allow overriding 'timeout' and 'gather_job_timeout' to 'manage.up' runner call |
refs: #40072
• b12720a Merge pull request #40088 from rallytime/merge-2016.11
• 626bd03 Merge branch '2016.3' into '2016.11'
• d36bdb1 Merge pull request #40070 from Ch3LL/2016.3.6_release
• a1f8b49 update 2016.3.6 release notes with additional PR's
• 8dcffc7 Merge pull request #40018 from meaksh/2016.3-handling-timeouts-for-manage.up-runner
• 9f5c3b7 Allow setting custom timeouts for 'manage.up' and 'manage.status'
• 2102d9c Allow setting 'timeout' and 'gather_job_timeout' via kwargs
• 22fc529 Merge pull request #40038 from velom/fix-pip-freeze-parsing
• 3fae91d correctly parse "pkg_name===version" from pip freeze
• 3584f93 Merge pull request #40053 from saltstack/rh_ip_patch
• 219947a Update rh_ip.py
• 837432d Merge pull request #40041 from terminalmage/issue40011
• 5b5d1b3 Fix transposed lines in salt.utils.process
• PR #40055: (rallytime) Update "yaml" code-block references with "jinja" where needed @
2017-03-16T16:30:38Z
• 703ab23 Merge pull request #40055 from rallytime/doc-build-warnings
• 72d16c9 Update "yaml" code-block references with "jinja" where needed
• PR #40072: (meaksh) [2016.11] Allow overriding 'timeout' and 'gather_job_timeout' to 'manage.up' runner
call @ 2017-03-16T15:31:46Z
• PR #40018: (meaksh) Allow overriding 'timeout' and 'gather_job_timeout' to 'manage.up' runner call |
refs: #40072
• e73a1d0 Merge pull request #40072 from meaksh/2016.11-handling-timeouts-for-manage.up-runner
• 40246d3 Allow setting custom timeouts for 'manage.up' and 'manage.status'
• ad232fd Allow setting 'timeout' and 'gather_job_timeout' via kwargs
• PR #40045: (terminalmage) Fix error when chhome is invoked by user.present state in Windows @
2017-03-15T19:00:41Z
• 2f28ec2 Merge pull request #40045 from terminalmage/fix-windows-user-present
• 359af3b Fix error when chhome is invoked by user.present state in Windows
• PR #40047: (rallytime) Back-port #40000 to 2016.11 @ 2017-03-15T17:47:37Z
• PR #40000: (skizunov) Fix exception in salt-call when master_type is 'disable' | refs: #40047
• 4067625 Merge pull request #40047 from rallytime/bp-40000
• 11766c7 Fix exception in salt-call when master_type is 'disable'
• PR #40023: (jeanpralo) We need to match on .p not just strip '.p' otherwise it will remove a… @
2017-03-14T23:14:56Z
• 86f7195 Merge pull request #40023 from jeanpralo/fix-minions-cant-finish-by-char-p
• d7b0c8a We need to match on .p not just strip '.p' otherwise it will remove any p from the string
even if we have no dot
• PR #40025: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-03-14T23:14:33Z
• ISSUE #39942: (Foxlik) Web Documentation not in sync with release 2016.11.3 | refs: #39994
• PR #40021: (Ch3LL) 2016.3.6 release notes with change log
• PR #40016: (terminalmage) Attempt to fix failing grains tests in 2016.3
• PR #39994: (rallytime) Add a versionadded tag for dockerng ulimits addition
• PR #39988: (terminalmage) Add comment explaining change from #39973
• PR #39980: (vutny) [2016.3] Allow using bg kwarg for cmd.run state function
• PR #39973: (terminalmage) Don't use docker.Client instance from context if missing attributes
• 277bd17 Merge pull request #40025 from rallytime/merge-2016.11
• 029f28b Merge branch '2016.3' into '2016.11'
• ee7f3b1 Merge pull request #40021 from Ch3LL/2016.3.6_release
• f3e7e4f Add 2016.3.6 Release Notes
• 26895b7 Merge pull request #40016 from terminalmage/fix-grains-test
• 0ec81a4 Fixup a syntax error
• 5d84b40 Attempt to fix failing grains tests in 2016.3
• 0c61d06 Merge pull request #39980 from vutny/cmd-run-state-bg
• a81dc9d [2016.3] Allow using bg kwarg for cmd.run state function
• b042484 Merge pull request #39994 from rallytime/ulimits-dockerng-version
• 37bd800 Add a versionadded tag for dockerng ulimits addition
• e125c94 Merge pull request #39988 from terminalmage/dockerng-timeout
• bd2519e Add comment explaining change from #39973
• PR #40020: (dmurphy18) Full support for execution module timezone on AIX @ 2017-03-14T21:05:31Z
• 8db74fb Merge pull request #40020 from dmurphy18/aix_timezone
• aabbbff Full support to execution module timezone on AIX
• 16d5c7c WIP: timezone support for AIX
• PR #39924: (dmurphy18) Add AIX support for user and group execution modules @ 2017-03-14T21:04:02Z
• 60066da Merge pull request #39924 from dmurphy18/salt_aix_fixMar
• 5077c98 Updated changes file for added AIX support
• 8e107bd WIP: support for useradd on AIX
• 2f87d72 WIP: group support for AIX
• PR #40010: (jettero) S3 bucket path broken @ 2017-03-14T19:01:01Z
• cd73eaf Merge pull request #40010 from jettero/s3-bucket-path-broken
• acee5bf clarify this, because it messes people up in the mailing lists, and myself briefly before I
thought about it
• 8102ac8 same here
• 21b79e0 In order for the heredoc to be correct, bucket and path have to default to '', not None
• PR #39991: (terminalmage) Document the fact that the checksum type can be omitted in file.managed
states @ 2017-03-14T15:58:11Z
• 61f1fb0 Merge pull request #39991 from terminalmage/source_hash-docs
• 537fc36 Document the fact that the checksum type can be omitted in file.managed states
• PR #39984: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-03-13T18:30:16Z
• PR #39973: (terminalmage) Don't use docker.Client instance from context if missing attributes
• 53d14d8 Merge pull request #39984 from rallytime/merge-2016.11
• ef6f4b1 Merge branch '2016.3' into '2016.11'
• cd0336e Merge pull request #39973 from terminalmage/dockerng-timeout
• 869416e Don't use docker.Client instance from context if missing attributes
• PR #39967: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-03-10T23:45:33Z
• PR #39962: (cachedout) Disable mention bot delay on 2016.3
• PR #39937: (cachedout) Fix --non-gpg-checks in zypper module
• 31c0074 Merge pull request #39967 from rallytime/merge-2016.11
• 3022466 Merge branch '2016.3' into '2016.11'
• 282c607 Merge pull request #39962 from cachedout/disable_mentionbot_delay_3
• 7a638f2 Disable mention bot delay on 2016.3
• 1e0c88a Merge pull request #39937 from cachedout/gpg_zypper
• 13ed0d1 Fix --non-gpg-checks in zypper module
• PR #39963: (cachedout) Mention bot delay disable for 2016.11 @ 2017-03-10T20:25:25Z
• 269a2fd Merge pull request #39963 from cachedout/disable_mentionbot_delay_11
• 5fcea05 Mention bot delay disable for 2016.11
• PR #39952: (vutny) Fix #7997: describe how to upgrade Salt Minion in a proper way @
2017-03-10T18:41:57Z
• ISSUE #7997: (shantanub) Proper way to upgrade salt-minions / salt-master packages without losing
minion connectivity | refs: #39952
• 6350b07 Merge pull request #39952 from vutny/doc-faq-minion-upgrade-restart
• d989d74 Fix #7997: describe how to upgrade Salt Minion in a proper way
• PR #39935: (cro) Add special token to insert the minion id into the default_include path | refs: #40202
@ 2017-03-10T17:51:55Z
• ISSUE #39775: (mirceaulinic) Proxy mine_interval config ignored | refs: #39776 #39935
• dc7d4f4 Merge pull request #39935 from cro/namespace_proxy_cfg
• e4aef54 Add special token to insert the minion id into the default_include path
• PR #39936: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-03-10T17:05:04Z
• ISSUE #39782: (sergeizv) salt-cloud show_instance action fails on EC2 instances | refs: #39784
• ISSUE #39622: (drawsmcgraw) boto_vpc.create_subnet does not properly assign tags | refs: #39624
• ISSUE #39336: (GevatterGaul) salt-minion fails with IPv6 | refs: #39766
• ISSUE #39333: (jagguli) Not Available error - Scheduling custom runner functions | refs: #39791
• ISSUE #39119: (frogunder) Head of 2016.3 - Salt-Master uses 90 seconds to restart | refs: #39796
• ISSUE #39118: (bobrik) Minion ipv6 option is not documented | refs: #39289
• ISSUE #38514: (githubcdr) Unable to schedule runners | refs: #39791
• ISSUE #33162: (jfindlay) Key error with salt.utils.cloud.cache_node and EC2 | refs: #33164 #39784
• ISSUE #22080: (The-Loeki) CIDR matching for IPv6 / improve IPv6 support in utils.network | refs:
#39919
• PR #39929: (terminalmage) Scrap event-based approach for refreshing grains (2016.3 branch)
• PR #39919: (The-Loeki) CIDR matching supports IPv6, update docs
• PR #39899: (techhat) Update cleanup function for azure
• PR #39871: (terminalmage) Squelch warning for pygit2 import
• PR #39826: (cachedout) Add group func to yubikey auth
• PR #39820: (ni3mm4nd) Add missing apostrophe in Beacons topic documentation
• PR #39819: (terminalmage) Improve the Top File matching docs
• PR #39796: (cachedout) Stop the process manager when it no longer has processes to manage
• PR #39794: (cachedout) Clean up errors which might be thrown when the monitor socket shuts down
• PR #39791: (gtmanfred) load runners if role is master
• PR #39784: (sergeizv) Fix 39782
• PR #39766: (rallytime) Restore ipv6 connectivity and "master: <ip>:<port>" support
• PR #39624: (drawsmcgraw) Address issue 39622
• PR #39289: (bobrik) Autodetect IPv6 connectivity from minion to master | refs: #39766 #40141
• PR #33164: (jfindlay) cloud.clouds.ec2: cache each named node | refs: #39784 #39784
• PR #25021: (GideonRed) Introduce ip:port minion config | refs: #39766
• 9503a1d Merge pull request #39936 from rallytime/merge-2016.11
• c8b5d39 Merge branch '2016.3' into '2016.11'
• 4526fc6 Merge pull request #39929 from terminalmage/pr-39770-2016.3
• cf0100d Scrap event-based approach for refreshing grains
• 111110c Merge pull request #39919 from The-Loeki/patch-1
• 170cbad CIDR matching supports IPv6, update docs
• caf10e9 Merge pull request #39899 from techhat/cleanupdisks
• baf4579 Update cleanup function for azure
• fcf95f3 Merge pull request #39871 from terminalmage/squelch-import-warning
• 2b2ec69 Squelch warning for pygit2 import
• f223fa8 Merge pull request #39794 from cachedout/clean_monitor_socket_shutdown
• 2e683e7 Clean up errors which might be thrown when the monitor socket shuts down
• 4002dc1 Merge pull request #39819 from terminalmage/top-file-matching-docs
• 7178e77 Improve the Top File matching docs
• c08aaeb Merge pull request #39820 from ni3mm4nd/beacons_topic_doc_typo
• 804b120 Add missing apostrophe
• cbd2a4e Merge pull request #39826 from cachedout/yubikey_fix
• 6125eff Add group func to yubikey auth
• f575ef4 Merge pull request #39624 from drawsmcgraw/39622
• 13da50b Fix indention lint errors
• 5450263 Address issue 39622
• 1f3619c Merge pull request #39796 from cachedout/master_shutdown
• e31d46c Stop the process manager when it no longer has processes to manage
• 53341cf Merge pull request #39791 from gtmanfred/2016.3
• 3ab4f84 load runners if role is master
• c234c25 Merge pull request #39784 from sergeizv/fix-39782
• b71c3fe Revert "cloud.clouds.ec2: cache each named node (#33164)"
• 4ee59be Merge pull request #39766 from rallytime/fix-ipv6-connection
• 65b2396 Restore ipv6 connectivity and "master: <ip>:<port>" support
• PR #39932: (rallytime) Cherry-pick the beacon fixes made in #39930 to 2016.11 @ 2017-03-10T00:21:09Z
• ISSUE #38121: (Da-Juan) Beacon configuration doesn't work as a list | refs: #39932 #39930
• PR #39930: (s0undt3ch) Moar Py3 and a fix for #38121 | refs: #39932
• 899e037 Merge pull request #39932 from rallytime/cp-beacon-fixes
• 4a52cca Pylint fixes
• 4627c4e Code cleanup and make sure the beacons config file is deleted after testing
• c7fc09f Support the new list configuration format.
• be06df9 Remove *args, **kwargs. Not needed, not useful.
• 4a24282 These tests aren't even using mock!
• 6408b12 These tests are not destructive
• 50e51b5 The beacons configuration is now a list. Handle it!
• PR #39933: (hkrist) Fixed rawfile_json returner output format. @ 2017-03-10T00:20:52Z
• 2e68ede Merge pull request #39933 from hkrist/fix-rawfile_json_returner-format
• 4d0ddcd Fixed rawfile_json returner output format. It outputted python object instead of standard
json.
• PR #39934: (dmurphy18) Correct comment lines output from execution module's host.list_hosts @
2017-03-10T00:20:14Z
• fb0dc33 Merge pull request #39934 from dmurphy18/fix_host_list
• e7b9a45 Correct comment lines output got list_hosts
• PR #39900: (twangboy) Namespace the line function properly in win_file @ 2017-03-09T22:19:12Z
• a6f88d0 Merge pull request #39900 from twangboy/win_fix_line
• 462bdec Namespace the line function properly in win_file
• PR #39910: (rallytime) Back-port #37743 to 2016.11 @ 2017-03-09T22:16:58Z
• ISSUE #37741: (discountbin) Check in file.replace state for ignore_if_missing | refs: #37743 #39910
• PR #37743: (discountbin) Adding check for ignore_if_missing param when calling _check_file. | refs:
#39910
• 77ecff4 Merge pull request #39910 from rallytime/bp-37743
• ca306c0 Replace pass with updated comment for return
• 1a78878 Adding check for ignore_if_missing param when calling _check_file.
• PR #39770: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-03-09T22:00:17Z
• ISSUE #33187: (usbportnoy) Deploy to jboss TypeError at boss7.py:469 | refs: #39761
• PR #39761: (cachedout) Properly display error in jboss7 state
• PR #39728: (rallytime) [2016.3] Bump latest release version to 2016.11.3
• PR #39619: (terminalmage) Add a function to simply refresh the grains
• c2d4d17 Merge pull request #39770 from rallytime/merge-2016.11
• dbaea3d Remove extra refresh reference that snuck in
• d9f48ac Don't shadow refresh_pillar
• d86b03d Remove manual refresh code from minion.py
• a7e419e Scrap event-based approach for refreshing grains
• 776a943 Merge branch '2016.3' into '2016.11'
• a24da31 Merge pull request #39761 from cachedout/issue_33187
• c2df29e Properly display error in jboss7 state
• 0888bc3 Merge pull request #39728 from rallytime/update-release-ver-2016.3
• c9bc8af [2016.3] Bump latest release version to 2016.11.3
• b52dbee Merge pull request #39619 from terminalmage/zd1207
• c7dfb49 Fix mocking for grains refresh
• 7e0ced3 Properly hand proxy minions
• 692c456 Add a function to simply refresh the grains
• PR #39872: (techhat) Add installation tips for azurearm driver @ 2017-03-07T23:18:04Z
• 801ff28 Merge pull request #39872 from techhat/fixdocs
• 35440c5 Add installation tips for azure
• 2a1ae0b Change example master in azure docs
• PR #39837: (terminalmage) Fix regression in archive.extracted when it runs file.directory @
2017-03-07T04:09:51Z
• 6d0f15c Merge pull request #39837 from terminalmage/more-issue39751
• 0285ff3 Fix regression in archive.extracted when it runs file.directory
• PR #39858: (techhat) Reorder keys that were being declared in the wrong place @ 2017-03-07T03:51:56Z
• 68752a2 Merge pull request #39858 from techhat/statuskey
• 507a4f7 Reorder keys that were being declared in the wrong place
• PR #39862: (rallytime) Back-port #38943 to 2016.11 @ 2017-03-07T03:34:40Z
• ISSUE #38830: (danielmotaleite) salt-ssh: vault fails to use config | refs: #38943
• PR #38943: (thatch45) When we generate the pillar we should send in the master opts | refs: #39862
• 49c8faa Merge pull request #39862 from rallytime/bp-38943
• e21b16c try it with a different init sequence
• 92cac0f make it a deepcopy
• 58cb8cd make sure to copy the top dict reference since we are moding it
• a0b671e When we generate the pillar we should send in the master opts
• PR #39852: (rallytime) Back-port #39651 to 2016.11 @ 2017-03-06T21:18:34Z
• PR #39651: (DennisHarper) Checking Instance when calling a function that can return None | refs:
#39852
• 8ecc719 Merge pull request #39852 from rallytime/bp-39651
• bb5ddbe Checking instance exists in master._get_cached_minion_data when cache.fetch returns None
• 79f2a7c Update __init__.py
• e2a2329 Checking instance exists in master._get_cached_minion_data when cache.fetch returns None
• 8387742 Update __init__.py
• ff6f63e Checking instance exists in master._get_cached_minion_data when cache.fetch returns None
• 855f875 Checking instance exists in master._get_cached_minion_data when cache.fetch returns None
• PR #39851: (rallytime) Back-port #39104 to 2016.11 @ 2017-03-06T21:17:43Z
• ISSUE #39052: (githubcdr) Minion restart very slow since 2016.11.2 | refs: #39104
• PR #39104: (githubcdr) Do not use name resolving for --notrim check | refs: #39851
• 897275a Merge pull request #39851 from rallytime/bp-39104
• 6539dbd Do not use name resolving for --notrim check
• PR #39799: (Ch3LL) Fix deleteed message when key is deleted @ 2017-03-03T05:17:43Z
• ISSUE #38231: (tjuup) Typo: salt-key deleteed | refs: #39799
• d0440e2 Merge pull request #39799 from Ch3LL/fix_salt_key_msg
• 8346682 Fix deleteed message when key is deleted
• PR #39472: (whiteinge) Update _reformat_low to not run kwarg dicts through parse_input @
2017-03-02T17:46:20Z
• ISSUE #38962: (gstachowiak) Broken /jobs in salt-api in salt 2016.11.1 (Carbon) | refs: #39472
• PR #32005: (Ashald) Bugfix: RunnerClient keyword argument values processing
• 9f70ad7 Merge pull request #39472 from whiteinge/_reformat_low-update
• d11f538 Add RunnerClient test for old/new-style arg/kwarg parsing
• ec377ab Re-enable skipped RunnerClient tests
• 27f7fd9 Update _reformat_low to run arg through parse_input
• 5177153 Revert parse_input change from #32005
• PR #39727: (terminalmage) salt.modules.state: check gathered pillar for errors instead of in-memory
pillar @ 2017-03-02T17:06:43Z
• 7dfc4b5 Merge pull request #39727 from terminalmage/issue39627
• 3bb0ebd Update tests for PR 39727
• c334b59 salt.modules.state: check gathered pillar for errors instead of in-memory pillar
• 97dd8a1 Ensure that ext_pillar begins with pillar_override if ext_pillar_first is True
• f951266 Add log message for successful makostack processing
• PR #39776: (mirceaulinic) WIP: Save _schedule.conf under <proxy ID> dir @ 2017-03-02T16:27:45Z
• ISSUE #39775: (mirceaulinic) Proxy mine_interval config ignored | refs: #39776 #39935
• 965f474 Merge pull request #39776 from cloudflare/proxy-schedule
• 35b8b8f Save _schedule.conf under <minion ID> dir
• PR #39788: (cachedout) Disable one API test that is flaky @ 2017-03-02T16:17:31Z
• 555f147 Merge pull request #39788 from cachedout/disable_api_test
• 523e377 Disable one API test that is flaky
• PR #39762: (terminalmage) Fix regression in file.get_managed @ 2017-03-02T02:59:34Z
• 793979c Merge pull request #39762 from terminalmage/issue39751
• 64db0b8 Add integration tests for remote file sources
• f9f894d Fix regression in file.get_managed when skip_verify=True
• 28651a6 Remove next(iter()) extraction
• PR #39767: (rallytime) Back-port #38316 to 2016.11 @ 2017-03-02T02:54:57Z
• ISSUE #35088: (Modulus) salt/cloud/ec2.py encoding problems. | refs: #37912
• PR #38316: (mlalpho) salt utils aws encoding fix | refs: #39767
• PR #37912: (attiasr) fix encoding problem aws responses | refs: #38316 #38316
• 91a9337 Merge pull request #39767 from rallytime/bp-38316
• 1dcf018 requests api says Response.encoding can sometimes be None
http://docs.python-requests.org/en/master/api/#requests.Response.encoding and result.text.encode()
doesn't accept None and expects a string.
• PR #39768: (rallytime) Back-port #39719 to 2016.11 @ 2017-03-02T02:54:40Z
• ISSUE #39692: (djsly) tuned module and state are broken on 7.3 families. | refs: #39719 #39768
#40387 #40387
• PR #39719: (Seb-Solon) Support new version of tuned-adm binary | refs: #39768
• 4a01bd6 Merge pull request #39768 from rallytime/bp-39719
• d7cb70f Enh: Support new version of tuned-adm binary
• PR #39760: (Ch3LL) Initial 2016.11.4 Release Notes Doc @ 2017-03-01T18:43:39Z
• 780457f Merge pull request #39760 from Ch3LL/2016.11.4_notes
• 1853c99 add initial 2016.11.4 release notes
• PR #39731: (twangboy) Add docs for Kwargs in pkg.refresh_db @ 2017-02-28T22:02:59Z
• 0147f78 Merge pull request #39731 from twangboy/win_pkg_docs
• 423e6f7 Add docs for Kwargs in pkg.refresh_db
• PR #39734: (garethgreenaway) Missing parameter in the schedule.add function @ 2017-02-28T20:43:08Z
• ISSUE #39710: (huangfupeng) schedule.add parameter can not use “after“ | refs: #39734
• fce2d18 Merge pull request #39734 from garethgreenaway/39710_missing_schedule_add_parameter
• 63eb610 Per #39710, missing parameter in the schedule.add function
• PR #39729: (rallytime) [2016.11] Bump latest release version to 2016.11.3 @ 2017-02-28T18:08:25Z
• 7b4865c Merge pull request #39729 from rallytime/update-release-ver-2016.11
• b5a7111 [2016.11] Bump latest release version to 2016.11.3
• PR #39721: (vutny) DOCS: add 2nd level header for advanced targeting methods @ 2017-02-28T17:57:46Z
• 47e494f Merge pull request #39721 from vutny/doc-targeting
• 1d86cf1 DOCS: add 2nd level header for advanced targeting methods
• PR #39711: (alankrita) Fix error in Saltstack's rest auth "Authentication module threw 'status' " @
2017-02-28T15:56:09Z
• ISSUE #39683: (alankrita) Error in Saltstack's rest auth "Authentication module threw 'status' " |
refs: #39711
• d39b679 Merge pull request #39711 from alankrita/fix-rest-eauth
• ee42656 Fix error in Saltstack's rest auth "Authentication module threw 'status' "
• PR #39699: (techhat) Strip shabang line from rendered HTTP data @ 2017-02-28T00:05:01Z
• 3940321 Merge pull request #39699 from techhat/httpshabang
• 559eb93 Strip shabang line from rendered HTTP data
• PR #39694: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-02-27T22:13:49Z
• ISSUE #39482: (bobrik) file.managed and file mode don't mention default mode | refs: #39487
• ISSUE #39169: (blueyed) Using batch-mode with salt.state in orchestration runner considers all
minions to have failed | refs: #39641 #39641
• PR #39641: (smarsching) Return runner return code in a way compatible with check_state_result
• PR #39633: (terminalmage) Fix misspelled argument in salt.modules.systemd.disable()
• PR #39613: (terminalmage) Fix inaccurate documentation
• PR #39487: (bobrik) Document default permission modes for file module
• 00f121e Merge pull request #39694 from rallytime/merge-2016.11
• 756f1de Merge branch '2016.3' into '2016.11'
• 3f8b5e6 Merge pull request #39487 from bobrik/mode-docs
• 41ef69b Document default permission modes for file module
• f7389bf Merge pull request #39641 from smarsching/issue-39169-2016.3
• 88c2d9a Fix return data structure for runner (issue #39169).
• fc970b6 Merge pull request #39633 from terminalmage/fix-systemd-typo
• ca54541 Add missing unit test for disable func
• 17109e1 Fix misspelled argument in salt.modules.systemd.disable()
• 53e78d6 Merge pull request #39613 from terminalmage/fix-docs
• 9342eda Fix inaccurate documentation
• PR #39643: (drawsmcgraw) issue 39642 - boto_vpc.nat_gateway_present should accept parameter al… @
2017-02-27T20:19:09Z
• ISSUE #39642: (drawsmcgraw) boto_vpc.nat_gateway_present does not honor the allocation_id parameter
like the module does | refs: #39643 #39643
• 2c919e3 Merge pull request #39643 from drawsmcgraw/39642
• 56d9adf issue 39642 - boto_vpc.nat_gateway_present should accept parameter allocation_id.
• PR #39666: (terminalmage) Rewrite the test_valid_docs test @ 2017-02-26T20:14:33Z
• df013c5 Merge pull request #39666 from terminalmage/test_valid_docs
• 5a3c099 Rewrite the tests_valid_docs test
• PR #39662: (The-Loeki) Py3 compat: Force minions to be a list for local serialized caches @
2017-02-26T02:36:46Z
• a29a7be Merge pull request #39662 from The-Loeki/py3cachefix
• b02ef98 Add comment
• 0fe5c90 Py3 compat: Force minions to be a list for local serialized caches
• PR #39644: (vutny) Improve and align dockerng execution module docs @ 2017-02-25T04:16:28Z
• bd6efd1 Merge pull request #39644 from vutny/dockerng-docs
• c4988e8 Improve and align dockerng execution module docs
• PR #39516: (jettero) Prevent spurious "Template does not exist" error @ 2017-02-24T23:41:36Z
• fffab54 Merge pull request #39516 from jettero/give-pillarenv-tops-similar-treatment
• 8fe48fa prevent billions of inexplicable lines of this:
• PR #39654: (skizunov) Fix issue where compile_pillar failure causes minion to exit @
2017-02-24T22:47:52Z
• be9629b Merge pull request #39654 from skizunov/develop2
• 9f80bbc Fix issue where compile_pillar failure causes minion to exit
• PR #39653: (cachedout) Use salt's ordereddict for comparison @ 2017-02-24T22:46:24Z
• e63cbba Merge pull request #39653 from cachedout/26_odict
• 91eb721 Use salt's ordereddict for comparison
• PR #39609: (gtmanfred) initialize the Client stuff in FSClient @ 2017-02-24T18:50:55Z
• ISSUE #38836: (toanctruong) file.managed with S3 Source errors out with obscure message | refs:
#39589 #39609
• 0bc6027 Merge pull request #39609 from gtmanfred/2016.11
• 0820620 initialize the Client stuff in FSClient
• PR #39615: (skizunov) Bonjour/Avahi beacons: Make sure TXT record length is valid @
2017-02-24T18:47:05Z
• 28035c0 Merge pull request #39615 from skizunov/develop2
• b1c7e9b Bonjour/Avahi beacons: Make sure TXT record length is valid
• PR #39617: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-02-24T16:07:55Z
• PR #39600: (vutny) state.file: drop non-relevant examples for source_hash parameter
• PR #39584: (cachedout) A note in the docs about mentionbot
• PR #39583: (cachedout) Add empty blacklist to mention bot
• e9410fb Merge pull request #39617 from rallytime/merge-2016.11
• 1362289 Merge branch '2016.3' into '2016.11'
• 4e2b852 Merge pull request #39600 from vutny/state-file-docs
• 9b0427c state.file: drop non-relevant examples for source_hash parameter
• ed83420 Merge pull request #39584 from cachedout/mentionbot_docs
• 652044b A note in the docs about mentionbot
• d3e50b4 Merge pull request #39583 from cachedout/mentionbot_blacklist
• 62491c9 Add empty blacklist to mention bot
• PR #39505: (cachedout) Threadsafety option for context dictionaries @ 2017-02-23T19:38:13Z
• ISSUE #38758: (bobrik) Remote state execution is much slower on 2016.11.1 compared to 2016.3.4 |
refs: #39505
• ISSUE #33575: (anlutro) File states seem slower in 2016.3, especially on first cache retrieval |
refs: #33896
• ISSUE #29643: (matthayes) Can't get batch mode and --failhard to work as expected | refs: #31164
• ISSUE #28569: (andrejohansson) Reactor alert on highstate fail | refs: #31164
• PR #37378: (skizunov) Fix __context__ to properly sandbox | refs: #39505
• PR #33896: (DmitryKuzmenko) Don't deep copy context dict values. | refs: #39505
• PR #31164: (DmitryKuzmenko) Issues/29643 fix invalid retcode | refs: #33896
• 0d31201 Merge pull request #39505 from cachedout/issue_38758
• 1dba2f9 Add warning in docs
• 9cf654b Threadsafety option for context dictionaries
• PR #39507: (joe-niland) Detect IIS version and vary certificate association command depending on
version @ 2017-02-23T19:15:40Z
• c0d4357 Merge pull request #39507 from joe-niland/iis-7-cert-binding
• c94f0b8 Fix additional issue whereby existing certificate bindings were not found in IIS 7.5, due to
the fact that IIS earlier than 8 doesn't support SNI
• 18effe0 Detect IIS version and vary certificate association command depending on version
• PR #39565: (terminalmage) states.file.patch/modules.file.check_hash: use hash length to determine type
@ 2017-02-23T19:14:28Z
• e6f5e8a Merge pull request #39565 from terminalmage/issue39512
• cbdf905 Update test to reflect new state comment
• 650dbac states.file.patch/modules.file.check_hash: use hash length to determine type
• PR #39591: (mcalmer) fix case in os_family for Suse @ 2017-02-23T19:07:17Z
• 53e22b8 Merge pull request #39591 from mcalmer/fix-case-in-os_family
• 81bd96e fix case in os_family for Suse
• PR #39592: (skazi0) Ensure user/group/file_mode after line edit @ 2017-02-23T18:40:05Z
• ISSUE #38452: (jf) file.line with mode=delete does not preserve ownership of a file | refs: #39592
• aee43f7 Merge pull request #39592 from skazi0/line-user-fix
• baf84b4 Ensure user/group/file_mode after line edit
• PR #39596: (ticosax) Reduce scope of try except StopIteration wrapping @ 2017-02-23T18:16:17Z
• 6ab4151 Merge pull request #39596 from ticosax/reduce-scope-catehed-exception
• 54cdacb Reduce scope of try except StopIteration wrapping
• PR #39610: (rallytime) Back-port #39589 to 2016.11 @ 2017-02-23T17:48:03Z
• ISSUE #38836: (toanctruong) file.managed with S3 Source errors out with obscure message | refs:
#39589 #39609
• PR #39589: (MasterNayru) Allow masterless minions to pull files from S3 | refs: #39610
• b1c3b84 Merge pull request #39610 from rallytime/bp-39589
• 83ec174 Set utils property explicitly for FSClient
• 3889006 Allow masterless minions to pull files from S3
• PR #39606: (rallytime) [2016.11] Pylint: add missing import @ 2017-02-23T16:39:55Z
• fe15ed9 Merge pull request #39606 from rallytime/lint-2016.11
• 7116434 [2016.11] Pylint: add missing import
• PR #39573: (thatch45) Added a few more comments to the ssl docs @ 2017-02-23T02:17:13Z
• PR #39554: (DmitryKuzmenko) Cosmetic: support bool value for 'ssl' config option. | refs: #39573
• PR #39528: (thatch45) Add better ssl option docs | refs: #39554
• 5987c4e Merge pull request #39573 from thatch45/ssl_docs
• b230c35 This should be good to go now
• PR #39577: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-02-23T02:10:12Z
• ISSUE #39118: (bobrik) Minion ipv6 option is not documented | refs: #39289
• ISSUE #30802: (kjelle) Missing ulimits on docker.running / dockerng.running | refs: #39562
• PR #39579: (rallytime) [2016.3] Pylint: Remove unused import
• PR #39578: (cachedout) Add mention-bot configuration
• PR #39569: (s0undt3ch) Don't use our own six dictionary fixes in this branch
• PR #39562: (terminalmage) Add ulimits to dockerng state/exec module
• PR #39544: (terminalmage) dockerng.get_client_args: Fix path for endpoint config for some versions of
docker-py
• PR #39542: (twangboy) Gate ssh_known_hosts state against Windows
• PR #39508: (dincamihai) Openscap
• PR #39289: (bobrik) Autodetect IPv6 connectivity from minion to master | refs: #39766 #40141
• b8e321c Merge pull request #39577 from rallytime/merge-2016.11
• 397c756 Merge branch '2016.3' into '2016.11'
• 8352e6b Merge pull request #39579 from rallytime/fix-lint
• 65889e1 [2016.3] Pylint: Remove unused import
• 43dba32 Merge pull request #39578 from cachedout/2016.3
• 344499e Add mention-bot configuration
• c52cecd Fix syntax error leftover from incomplete merge-conflict resolution
• 7b9b3f7 Merge branch '2016.3' into '2016.11'
• 8f7a0f9 Merge pull request #39542 from twangboy/gate_ssh_known_hosts
• c90a52e Remove expensive check
• 6d645ca Add __virtual__ function
• c109658 Merge pull request #39289 from bobrik/autodetect-ipv6
• 2761a1b Move new kwargs to the end of argument list
• 0df6b92 Narrow down connection exception to socket.error
• e8a2cc0 Do no try to connect to salt master in syndic config test
• af95786 Properly log address that failed to resolve or pass connection check
• 9a34fbe Actually connect to master instead of checking route availability
• c494839 Avoid bare exceptions in dns_check
• 29f3766 Rewrite dns_check to try to connect to address
• 55965ce Autodetect IPv6 connectivity from minion to master
• 3fb928b Merge pull request #39569 from s0undt3ch/2016.3
• 49da135 Don't use our own six dictionary fixes in this branch
• 91e3319 Merge pull request #39508 from dincamihai/openscap
• 9fedb84 Always return oscap's stderr
• 0ecde2c Include oscap returncode in response
• fbe2194 Merge pull request #39562 from terminalmage/issue30802
• c503740 Add ulimits to dockerng state/exec module
• da42040 Try the docker-py 2.0 client name first
• 01d4a84 dockerng.get_client_args: Fix path for endpoint config for some versions of docker-py (‐
#39544)
• PR #39574: (Ch3LL) Update 2016.11.3 release notes @ 2017-02-23T00:10:23Z
• cff9334 Merge pull request #39574 from Ch3LL/update_release_notes
• c0f8c35 fix reference to set in docs
• 663f6f1 add additional PRs to 2016.11.3 release notes
• PR #39528: (thatch45) Add better ssl option docs | refs: #39554 @ 2017-02-22T18:29:47Z
• b492f70 Merge pull request #39528 from thatch45/ssl_docs
• c357e37 Add minion config
• 539bb2a Add better ssl option docs
• PR #39532: (amontalban) Fix case when /etc/localtime is a file and it is not updated @
2017-02-22T18:28:54Z
• ISSUE #35869: (amontalban) timezone.system state fails on FreeBSD when /etc/localtime does not exists
| refs: #39532
• 0dad49c Merge pull request #39532 from amontalban/corner_case_35869
• f0d3c16 Fix case when /etc/localtime is a file and it is not updated
• PR #39540: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-02-22T18:24:01Z
• ISSUE #39444: (clem-compilatio) salt-cloud - IPv6 and IPv4 private_ips - preferred_ip sends False to
is_public_ip | refs: #39464
• ISSUE #39304: (Auha) boto_s3_bucket documentation dependency clarification | refs: #39405
• ISSUE #38762: (oz123) Configuration information for custom returners | refs: #39411
• PR #39498: (terminalmage) Resubmit PR #39483 against 2016.3 branch
• PR #39497: (terminalmage) Two dockerng compatibility fixes
• PR #39464: (gtmanfred) skip false values from preferred_ip
• PR #39460: (cachedout) Fix mocks in win_disim tests
• PR #39431: (UtahDave) Fix grains.setval performance
• PR #39426: (morganwillcock) win_dism: Return failure when package path does not exist
• PR #39423: (dincamihai) Openscap module
• PR #39421: (terminalmage) Update docs on upstream EPEL7 pygit2/libgit2 issues
• PR #39411: (rallytime) Update external_cache docs with other configuration options
• PR #39405: (rallytime) Update :depends: docs for boto states and modules
• 9cfaf3b Merge pull request #39540 from rallytime/merge-2016.11
• 49fe4e8 Merge branch '2016.11' into '2016.11'
• c613d19 Merge branch '2016.3' into '2016.11'
• dff35b5 Merge pull request #39498 from terminalmage/pr-39483
• 20b097a dockerng: compare sets instead of lists of security_opt
• 6418e72 Merge pull request #39497 from terminalmage/docker-compat-fixes
• cbd0270 docker: make docker-exec the default execution driver
• a6a17d5 Handle docker-py 2.0's new host_config path
• 9c4292f Merge pull request #39423 from dincamihai/openscap
• 9d13422 OpenSCAP module
• 7dd2502 Merge pull request #39464 from gtmanfred/2016.3
• f829d6f skip false values from preferred_ip
• db359ff Merge pull request #39460 from cachedout/win_dism_test_fix
• e652a45 Fix mocks in win_disim tests
• 9dbfba9 Merge pull request #39426 from morganwillcock/dism
• a7d5118 Return failure when package path does not exist
• 5616270 Merge pull request #39431 from UtahDave/fix_grains.setval_performance
• 391bbec add docs
• 709c197 allow sync_grains to be disabled on grains.setval
• 239e16e Merge pull request #39405 from rallytime/fix-39304
• bd1fe03 Update :depends: docs for boto states and modules
• 415102f Merge pull request #39411 from rallytime/fix-38762
• e13febe Update external_cache docs with other configuration options
• 7e1803b Update docs on upstream EPEL7 pygit2/libgit2 issues (#39421)
• PR #39554: (DmitryKuzmenko) Cosmetic: support bool value for 'ssl' config option. | refs: #39573 @
2017-02-22T16:59:03Z
• PR #39528: (thatch45) Add better ssl option docs | refs: #39554
• 56fe2f1 Merge pull request #39554 from DSRCorporation/bugs/ssl_bool
• 7a6fc11 Cosmetic: support bool value for 'ssl' config option.
• PR #39560: (vutny) [CLOUD] Log error when private/public IP was not detected @ 2017-02-22T16:49:46Z
• cf37f83 Merge pull request #39560 from vutny/cloud-detect-ips
• 567bb50 [CLOUD] Log error when private/public IP was not detected
Salt 2016.11.5 Release Notes
Version 2016.11.5 is a bugfix release for 2016.11.0.
Changes for v2016.11.4..v2016.11.5
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2017-05-09T21:00:57Z
Statistics:
• Total Merges: 83
• Total Issue references: 31
• Total PR references: 99
Changes:
Patched Packages
Due to the critical nature of issue #41230 we have decided to patch the 2016.11.5 packages with PR
#41244. This issue affects all calls to a salt-minion if there is an ipv6 nameserver set on the minion's
host. The patched packages on repo.saltstack.com will divert from the v2016.11.5 tag and pypi packages
due to the additional PR applied to the packages.
• PR #41244: (cachedout) Fix ipv6 nameserver grains @ 2017-05-15T17:55:39Z
• ISSUE #41230: (RealKelsar) 2016.11.5 IPv6 nameserver in resolv.conf leads to minion exception | refs:
#41244 #41244
• ISSUE #40912: (razed11) IPV6 Warning when ipv6 set to False | refs: #40934
• PR #40934: (gtmanfred) Only display IPvX warning if role is master | refs: #41244 #41244
• 53d5b3e Merge pull request #41244 from cachedout/fix_ipv6_nameserver_grains
• f745db1 Lint
• 6e1ab69 Partial revert of #40934
• 88f49f9 Revert "Only display IPvX warning if role is master"
• PR #41173: (twangboy) Add silent action to MsgBox for Path Actions @ 2017-05-10T17:22:18Z
• ISSUE #41099: (lomeroe) Windows 2016.11.4 minion installer silent mode issue | refs: #41173
• 96918dc Add silent action to MsgBox for Path Actions
• PR #41134: (twangboy) Fix pkg.install on Windows on 2016.11 @ 2017-05-09T15:10:19Z
• a10f014 Merge pull request #41134 from twangboy/fix_get_msiexec
• d808a60 Remove redundant if statement
• b4d6d5a Fix for version_num of None and Latest
• 0f31822 Fix problem when use_msiexec is a bool
• PR #41102: (gtmanfred) don't pass jid to list_jobs @ 2017-05-08T17:45:40Z
• ISSUE #41100: (frogunder) Exception occurred in runner jobs.list_jobs | refs: #41102
• 4ecab68 Merge pull request #41102 from gtmanfred/2016.11
• 83057d0 don't pass jid to list_jobs
• ffe4bc3 update unit test to reflect new behavior
• 482a5e3 Merge branch 'L4rS6-fix-file-blockreplace-diff-in-test-mode' into 2016.11
• 505cb45 Merge branch 'fix-file-blockreplace-diff-in-test-mode' of https://github.com/L4rS6/salt into
L4rS6-fix-file-blockreplace-diff-in-test-mode
• de9f66b show chanages in file.blockreplace function in testing mode. also used same programming style
as in file.managed function: (ret['changes']['diff'] = ret['pchanges']['diff'])
• PR #41103: (lorengordon) Adds a get_route() function to win_network.py @ 2017-05-06T06:19:42Z
• 2af89be Merge pull request #41103 from lorengordon/win.get_route
• 93ce564 Adds test for win_network.get_route
• b9cbbc0 Adds a get_route() function to win_network.py
• PR #41098: (rallytime) Back-port #41088 to 2016.11 @ 2017-05-05T19:04:03Z
• PR #41088: (sjorge) Fix docs for zfs state module | refs: #41098
• 2f9b5a4 Merge pull request #41098 from rallytime/bp-41088
• dc6cd2e Fix docs for zfs state module
• PR #41097: (rallytime) Back-port #41079 to 2016.11 @ 2017-05-05T19:03:43Z
• PR #41079: (brd) Remove an extra colon that is causing rendering issues | refs: #41097
• 2123001 Merge pull request #41097 from rallytime/bp-41079
• 845b49c Remove and extra colon that is causing rendering issues
• PR #41093: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-05-05T17:22:09Z
• PR #41083: (rallytime) Git state: head_ref should be head_rev in "latest" function
• ff6fa2b Merge pull request #41093 from rallytime/merge-2016.11
• a670eaa Merge branch '2016.3' into '2016.11'
• 247400c Merge pull request #41083 from rallytime/git-state-fix
• b85ee48 Git state: head_ref should be head_rev in "latest" function
• PR #41084: (rallytime) Skip the test_salt_documentation_arguments_not_assumed test for Arch @
2017-05-04T21:56:29Z
• PR #41074: (rallytime) Skip integration.shell.matcher.MatchTest.test_salt_documentation test for Arch
| refs: #41084
• 4c2e636 Merge pull request #41084 from rallytime/disable-matcher-test-arch
• da811fe Skip the correct test for the matcher tests in Arch
• b9d1ce9 Revert "Skip integration.shell.matcher.MatchTest.test_salt_documentation test for Arch"
• PR #41069: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-05-04T20:34:58Z
• ISSUE #40835: (willkil) non-root: module.mac_system.__virtual__() is wrongly returning None | refs:
#41048
• PR #41070: (rallytime) Pylint: remove extra line in mac_system module
• PR #41048: (willkil) mac_system: return False for non-root user | refs: #41070
• 1179720 Merge pull request #41069 from rallytime/merge-2016.11
• 08c5891 Merge branch '2016.3' into '2016.11'
• 6941809 Merge pull request #41070 from rallytime/lint-2016.3
• 486e2ba Pylint: remove extra line in mac_system module
• db70b2d Pylint: remove extra line in mac_system module
• 855d157 Merge branch '2016.3' into '2016.11'
• 3101694 Merge pull request #41048 from willkil/mac_system_non_root
• b65b82a mac_system: return False for non-root user
• PR #41074: (rallytime) Skip integration.shell.matcher.MatchTest.test_salt_documentation test for Arch |
refs: #41084 @ 2017-05-04T19:26:16Z
• 9d638ab Merge pull request #41074 from rallytime/disable-matcher-test-arch
• 9eb482d Skip integration.shell.matcher.MatchTest.test_salt_documentation test for Arch
• PR #41078: (Ch3LL) Add 2016.11.5 release notes and change log @ 2017-05-04T19:00:58Z
• 72c854d Merge pull request #41078 from Ch3LL/add_2016.11.5_release
• 96ed815 Add 2016.11.5 release notes and change log
• PR #40879: (peter-funktionIT) Update win_pki.py @ 2017-05-04T16:12:00Z
• eac8401 Merge pull request #40879 from peter-funktionIT/2016.11
• 80fa9e5 Update win_pki.py
• a48b05f Update win_pki.py
• 3a4e6d9 Update win_pki.py
• PR #41036: (terminalmage) Do not force effective saltenv when running states via orchestration @
2017-05-04T15:44:14Z
• ISSUE #40928: (sokratisg) Orchestration runner, highstate and environment question | refs: #41036
• 547a973 Merge pull request #41036 from terminalmage/issue40928
• 72ef34c Do not force effective saltenv when running states via orchestration
• PR #41039: (terminalmage) Look for currently-running python's pip first @ 2017-05-04T15:43:52Z
• 6e2458e Merge pull request #41039 from terminalmage/improve-pip-bin
• effe8b9 Look for currently-running python's pip first
• PR #41049: (Ch3LL) fix integration wheel test_gen test @ 2017-05-04T15:33:59Z
• ff39613 Merge pull request #41049 from Ch3LL/fix_wheel_test
• ba22382 fix integration wheel test_gen test
• PR #41054: (terminalmage) Update package targets for Arch pkg tests @ 2017-05-04T14:59:42Z
• 4e4b351 Merge pull request #41054 from terminalmage/salt-jenkins-315
• ee493ba Update package targets for Arch pkg tests
• PR #41046: (twangboy) Fix pkg.remove @ 2017-05-04T14:58:57Z
• 62dff52 Merge pull request #41046 from twangboy/fix_pkg_remove
• 2af38e5 Use target instead of version_num
• PR #41045: (terminalmage) Clarify gitfs docs @ 2017-05-03T22:24:55Z
• 2b47b7b Merge pull request #41045 from terminalmage/clarify-gitfs-docs
• c757eda Clarify gitfs docs
• PR #41032: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-05-03T19:31:58Z
• PR #41011: (terminalmage) Use proposed docker-py reload_config() function
• 819007c Merge pull request #41032 from rallytime/merge-2016.11
• d26fd0b Merge branch '2016.3' into '2016.11'
• b00acb0 Merge pull request #41011 from terminalmage/docker-refresh-credentials
• b8d1dcc Use proposed docker-py reload_config() func
• PR #41007: (jleproust) Recognize LVM2 pv with empty vg as orphan @ 2017-05-03T18:24:51Z
• ISSUE #35699: (jleproust) LVM state fails to add new device, volume group name is empty string |
refs: #41007
• d7fbd38 Merge pull request #41007 from jleproust/fix_lvm_empty_vg
• 3b9a845 Recognize LVM2 pv with empty vg as orphan
• PR #41029: (rallytime) Back-port #38565 to 2016.11 @ 2017-05-03T17:05:10Z
• PR #38565: (drawsmcgraw) Update management of ip addresses for salt cloud azurearm module | refs:
#41029
• 4eab962 Merge pull request #41029 from rallytime/bp-38565
• 2df93ae Update management of ip addresses. - Assign static, private IP addresses. - Ability to not
assign a public IP to a VM.
• PR #41012: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-05-02T22:06:40Z
• PR #40952: (terminalmage) Fix documentation for docker login function in pre-nitrogen release
branches
• PR #40724: (cro) Minion key revoke cfg
• 97500f0 Merge pull request #41012 from rallytime/merge-2016.11
• fc756c5 Merge branch '2016.3' into '2016.11'
• 19894f6 Merge pull request #40724 from cro/minion_key_revoke_cfg
• cbc7019 Change message level when minion requests key revoke and feature is turned off.
• 65ea899 Add allow_minion_key_revoke config option
• 8920495 Add config option to prevent minions from revoking their own keys.
• 129859f Merge pull request #40952 from terminalmage/fix-dockerng.login-docs
• dfbbeb5 Fix documentation for docker login function in pre-nitrogen release branches
• PR #40726: (benediktwerner) Fixed minion keys remaining pending after auto signing and fixed typo
(Resubmitted to 2016.3) @ 2017-05-02T16:57:34Z
• e210eae Merge pull request #40726 from
benediktwerner/fix-minions-remain-pending-after-autosign-and-typo
• 82c144e Fixed minion keys remaining pending after auto signing and fixed typo
• PR #40960: (danlsgiga) Fix consul module "AttributeError: 'dict' object has no attribute 'json'" @
2017-05-02T16:16:57Z
• 4f342e2 Merge pull request #40960 from danlsgiga/2016.11
• 6e4cc6d Fix consul module "AttributeError: 'dict' object has no attribute 'json'"
• PR #40963: (twangboy) Fix fullname parameter for add function @ 2017-05-02T16:08:59Z
• c3b329b Merge pull request #40963 from twangboy/fix_win_useradd
• 5371b6b Fix fullname parameter for add function
• PR #40995: (twangboy) Remove unused code fragments @ 2017-05-02T15:31:58Z
• d79c033 Merge pull request #40995 from twangboy/remove_utils
• 8c01aac Remove unused code fragments
• PR #40991: (rallytime) Back-port #40982 to 2016.11 @ 2017-05-01T22:31:30Z
• ISSUE #40981: (ezh) docker-events engine is broken with modern docker | refs: #40982
• PR #40982: (ezh) Fix docker_events field handling | refs: #40991
• c616287 Merge pull request #40991 from rallytime/bp-40982
• 8fcb720 Fix docker_events field handling
• PR #40987: (gtmanfred) get sudo_password correctly @ 2017-05-01T19:39:55Z
• ISSUE #40965: (weirdbricks) salt-cloud sudo failing | refs: #40987
• 3fb2492 Merge pull request #40987 from gtmanfred/2016.11
• 2ed694c get sudo_password correctly
• PR #40992: (gtmanfred) fix bug in status.netdev @ 2017-05-01T19:38:35Z
• ISSUE #40988: (santzi) status.netdev tx_bytes is always zero | refs: #40992
• ecbac13 Merge pull request #40992 from gtmanfred/netdev
• a9eed7f fix bug in status.netdev
• PR #40993: (gtmanfred) smtp state can use profile or sender @ 2017-05-01T19:35:47Z
• ISSUE #40976: (sjorge) smtp.send_msg state oddities | refs: #40993
• d852320 Merge pull request #40993 from gtmanfred/smtp
• 068ebfd smtp state can use profile or sender
• PR #40958: (rallytime) Back-port #40939 to 2016.11 @ 2017-04-28T18:01:17Z
• PR #40939: (Ch3LL) Allow vmware to query deploy arg from opts | refs: #40958
• fc26fb8 Merge pull request #40958 from rallytime/bp-40939
• 3e93948 allow vmware to query deploy arg from opts
• PR #40957: (rallytime) Back-port #38115 to 2016.11 @ 2017-04-28T18:01:02Z
• ISSUE #34640: (nevins-b) utils.shlex_split removing quotes which are required for augeas | refs:
#34643
• PR #38115: (cro) Revert "fix augeas module so shlex doesn't strip quotes" | refs: #40957
• PR #34643: (nevins-b) fix augeas module so shlex doesn't strip quotes | refs: #38115
• a586e12 Merge pull request #40957 from rallytime/bp-38115
• eb88917 Revert "fix augeas module so shlex doesn't strip quotes"
• PR #40905: (rkgrunt) Fixed issue with parsing of master minion returns when batching is en… @
2017-04-28T17:52:32Z
• ISSUE #40635: (promorphus) Orchestrate + Batches returns false failed information | refs: #40905
#40905
• 00a15eb Merge pull request #40905 from rkgrunt/40635
• 4f9c92a Fixed issue with parsing of master minion returns when batching is enabled.
• PR #40954: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-04-28T16:41:49Z
• ISSUE #36644: (b1naryth1ef) env_vars not properly validated/casted to strings w/
virtualenv.manage/pip.install | refs: #36706
• PR #40930: (rallytime) Back-port #40811 to 2016.3
• PR #40927: (terminalmage) Add documentation for PyYAML's loading of time expressions
• PR #40891: (terminalmage) Fix two issues with pip.install
• PR #40811: (UtahDave) get config_dir based off conf_file if __opts__['config_dir'] doesn't exist |
refs: #40930
• PR #36706: (siccrusher) Add basic sanity checks for env_vars in pip.install function | refs: #40891
#40891
• bb50d4f Merge pull request #40954 from rallytime/merge-2016.11
• 7f31e41 Merge branch '2016.3' into '2016.11'
• 55a3995 Merge pull request #40930 from rallytime/bp-40811
• 3ccb553 get config_dir based off conf_file
• 7bc01be Merge pull request #40927 from terminalmage/docs
• 8c078f1 Add additional note about quoting within load_yaml
• 123b5cd Add documentation for PyYAML's loading of time expressions
• 7eab9c6 Merge pull request #40891 from terminalmage/pip-installed
• 75e6bc0 Fix two issues with pip.install
• PR #40751: (rallytime) Use Salt's SaltYamlSafeLoader and SafeOrderedDumper classes for yaml.load/dump @
2017-04-28T12:56:06Z
• ISSUE #39531: (ypid) Use yaml.safe_* instaed of yaml.load / yaml.dump / … | refs: #40751
• 909d519 Merge pull request #40751 from rallytime/fix-39531
• 85dc416 Don't change the salt.utils.jinja yaml Dumper class
• 4fe6ac9 Add extra line for lint
• 55cfa12 Use salt.utils.yamldumper with SafeOderedDumper as the Dumper in yaml.dump
• 62c4d37 Use salt.utils.yamlloader with SaltYamlSafeLoader as the Loader with yaml.load
• PR #40861: (DmitryKuzmenko) Don't run status.master while minion is failing-over. @
2017-04-28T12:14:56Z
• ISSUE #37307: (szjur) Minions run every job twice and open 2 connections to the same syndic -
apparently after reconnection between masters | refs: #40861
• 18fdd8c Merge pull request #40861 from DSRCorporation/bugs/37307_minion_run_jobs_twice
• f0d46d0 Don't run status.master while minion is failing-over.
• PR #40923: (terminalmage) aptpkg: fix temp pkg unhold when version is specified @ 2017-04-28T11:59:54Z
• 62cb7b1 Merge pull request #40923 from terminalmage/aptpkg-install-fix-unhold
• 6dda4f2 aptpkg: fix temp pkg unhold when version is specified
• PR #40933: (gtmanfred) allow master_port to be a string @ 2017-04-28T11:54:58Z
• ISSUE #40908: (nicksloan) If master_port is a string the minion cannot connect and prints an
unhelpful error message | refs: #40933
• ISSUE #39118: (bobrik) Minion ipv6 option is not documented | refs: #39289
• PR #39289: (bobrik) Autodetect IPv6 connectivity from minion to master | refs: #40933
• 9d92ba7 Merge pull request #40933 from gtmanfred/2016.11
• 194423c allow master_port to be a string
• PR #40934: (gtmanfred) Only display IPvX warning if role is master @ 2017-04-28T11:53:50Z
• ISSUE #40912: (razed11) IPV6 Warning when ipv6 set to False | refs: #40934
• d5e0b8b Merge pull request #40934 from gtmanfred/ipv6
• 7855cd6 Only display IPvX warning if role is master
• PR #40935: (gtmanfred) Attempt to connect to public ip address in softlayer @ 2017-04-28T11:43:57Z
• ISSUE #40881: (stamak) 2016.11 SoftLayer salt-cloud driver connects on private IP instead of public
IP | refs: #40935
• 8fdfe4e Merge pull request #40935 from gtmanfred/softlayer
• d6eb114 Attempt to connect to public ip address in softlayer
• PR #40936: (terminalmage) Add dockerng fixes to 2016.11.4 release notes @ 2017-04-27T19:54:16Z
• 7404309 Merge pull request #40936 from terminalmage/release_notes
• e494ae4 Add dockerng fixes to 2016.11.4 release notes
• PR #40929: (rallytime) Back-port #37696 to 2016.11 @ 2017-04-27T17:43:26Z
• ISSUE #33093: (gtmanfred) [salt-cloud][nova] race condition when assigning floating ips to cloud
servers | refs: #37696
• PR #37696: (SolarisYan) if vm state is not ACTIVE, it will fail | refs: #40929
• a622518 Merge pull request #40929 from rallytime/bp-37696
• 1a28722 Pylint fix
• 8e0a986 if vm state is not ACTIVE, associate floating ip to it will fail.So we should wait for state
of vm is ACTIVE,then associate the assigned floating ip to it
• PR #40921: (corywright) Make salt.auth.rest heading consistent with all other salt.auth documentation @
2017-04-27T17:36:47Z
• f88ce8e Merge pull request #40921 from corywright/consistent-salt-auth-headings
• 2995a05 Make salt.auth.rest heading consistent with all other salt.auth documentation
• PR #40752: (Enquier) Add ability to specify a custom SSL certificate or disable SSL verification in
KeystoneAuth v3 @ 2017-04-27T17:29:09Z
• ISSUE #37824: (dxiri) SSLError Trying to use v3 API of Openstack Newton as provider. | refs: #40752
• ISSUE #5: (thatch45) cmd module
• 26be306 Merge pull request #40752 from Enquier/nova_ssl_2
• 817f492 fixing lint errors in keystone auth error
• f683636 fix trailing whitespace
• 4a70b8c fixing minor error in security_groups security groups parser had incorrect split action which
caused errors
• c9d6f8e adding note in documentation
• c24dfe3 adding support for cacert verification
• bfaf5e3 Merge pull request #5 from saltstack/2016.11
• PR #40894: (senthilkumar-e) Fix for broken /jobs/<jid> in 2016.11.4 @ 2017-04-27T11:33:00Z
• ISSUE #40845: (e-senthilkumar) /jobs call is broken in 2016.11.4 | refs: #40894
• 0f2ec1e Merge pull request #40894 from senthilkumar-e/broken_jobs_api_fix
• 2f55b26 Fixing the pylint issue
• fb607ba Fix for broken /jobs/<jid> in 2016.11.4
• PR #40876: (BenoitKnecht) states: sqlite3: fix table_present with multi-line schema @
2017-04-26T15:21:19Z
• ea55c15 Merge pull request #40876 from BenoitKnecht/fix-sqlite3-table-present-with-multiline-schema
• 2ca627d states: sqlite3: fix table_present with multi-line schema
• PR #40742: (clinta) Fix #40741 @ 2017-04-25T22:52:06Z
• ISSUE #40741: (clinta) Regression in 2016.11.3. File.managed downloads every time. | refs: #40742
• e09bafd Merge pull request #40742 from clinta/40741
• 72bf5af Set sfn if cached_sum == source_sum
• PR #40859: (skizunov) Fix TCP Transport to work with Tornado 4.5 @ 2017-04-25T04:29:00Z
• 5249496 Merge pull request #40859 from skizunov/develop2
• 958ecda Fix TCP Transport to work with Tornado 4.5
• PR #40862: (gtmanfred) status should be an int @ 2017-04-24T23:11:31Z
• ca80f28 Merge pull request #40862 from gtmanfred/2016.11
• 87ec1da status should be an int
• PR #40865: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-04-24T23:06:28Z
• PR #40854: (Ch3LL) [2016.3] Bump latest release version to 2016.11.4
• PR #40822: (lordcirth) rsync.py: Don't return changes when clean
• c953419 Merge pull request #40865 from rallytime/merge-2016.11
• 53ad315 Merge branch '2016.3' into '2016.11'
• 2a71dc3 Merge pull request #40854 from Ch3LL/11.4_release_2016.3
• 889540a [2016.3] Bump latest release version to 2016.11.4
• b5f67f0 Merge pull request #40822 from lordcirth/fix-rsync-changes
• 1b304bb Extra space before inline comment
• ea4592d rsync.py: Don't return changes when clean
• PR #40855: (Ch3LL) [2016.11] Bump latest release version to 2016.11.4 @ 2017-04-24T17:37:47Z
• 7861f12 Merge pull request #40855 from Ch3LL/11.4_release_2016.11
• e7b6043 [2016.11] Bump latest release version to 2016.11.4
• PR #40817: (isbm) Some UT for cloud @ 2017-04-23T10:01:40Z
• 25b62ae Merge pull request #40817 from isbm/isbm-skip-false-values-from-preferred-ip-201611
• 7c5714b Describe debug information
• e0210ff Reformat idents, fix typos
• fb777e3 PEP8: fix unused variable
• b2e85de Fix lint, typos and readability
• 116c96a Fix UT parameter changes
• 61558f0 Lintfix E0602
• ed84420 Add unit test for node ip filtering
• 82582cf Skip test, if libcloud is not around
• f005d53 Fix name error exception
• b668e60 Move out nested function for testing purposes
• 5e574a2 Add unit test for nova connector
• 181d078 Lintfix
• 8e9ce1a Move out nested function to be unit-testable
• cd43805 Add initial unit test for openstack cloud module
• 177f314 Add fake preferred IP function for testing
• d1aeb13 Move out openstack's nested function to be testable
• PR #40824: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-04-21T20:03:10Z
• ISSUE #38914: (hgfischer) Uppercase checksums are not accepted by archive.extracted | refs: #40754
• PR #40754: (lordcirth) file.manage_file: uppercase checksums now work
• 50ddf21 Merge pull request #40824 from rallytime/merge-2016.11
• f31f951 Merge branch '2016.3' into '2016.11'
• 3b9ebeb Merge pull request #40754 from lordcirth/fix-uppercase-checksums
• c80c792 remove too many newlines for lint
• a7d8f37 file.manage_file: uppercase checksums now work
• PR #40811: (UtahDave) get config_dir based off conf_file if __opts__['config_dir'] doesn't exist |
refs: #40930 @ 2017-04-21T17:44:42Z
• d6e26d1 Merge pull request #40811 from UtahDave/2016.11local
• 9f6e2e9 get config_dir based off conf_file
• PR #40820: (gtmanfred) remove deprecated firstgen rackspace cloud driver @ 2017-04-21T17:42:19Z
• ddedf05 Merge pull request #40820 from gtmanfred/2016.11
• b60a8d0 remove rackspace from index
• 559aa1d remove deprecated firstgen rackspace cloud driver
• PR #40797: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-04-20T19:42:04Z
• ISSUE #40790: (a-powell) s3.query util buffering objects to memory | refs: #40791
• PR #40791: (a-powell) S3 util get memory fix
• 2ab4248 Merge pull request #40797 from rallytime/merge-2016.11
• 22500a7 Merge branch '2016.3' into '2016.11'
• 623e2eb Merge pull request #40791 from a-powell/s3-util-get-memory-fix
• 36f6521 Merge remote-tracking branch 'upstream/2016.3' into s3-util-get-memory-fix
• 04637cd Fixing objects being loaded into memory when performing a GET request with a local file
specified.
• PR #40800: (rallytime) Back-port #40720 to 2016.11 @ 2017-04-20T19:41:41Z
• PR #40720: (oeuftete) Call tornado.httputil.url_concat compatibly | refs: #40800
• ced839f Merge pull request #40800 from rallytime/bp-40720
• 6c0124a Call tornado.httputil.url_concat compatibly
• PR #40785: (alexproca) win_pkg: backport 2016.11 add msiexec override to enable selection of 32 or 64
msiexec.exe @ 2017-04-20T16:45:14Z
• ISSUE #19137: (jeffclay) MSI installer(s) for windows minion | refs: #40716
• PR #40716: (alexproca) win_pkg: add msiexec override to enable selection of 32 or 64 msiexec.exe |
refs: #40785
• 5388ffa Merge pull request #40785 from alexproca/backport-winexec-selection
• 91cafd5 Add option to select 32 or 64 version of msiexec
• PR #40796: (terminalmage) Fix inaccurate nodegroup docs @ 2017-04-20T16:08:22Z
• f0f135c Merge pull request #40796 from terminalmage/fix-nodegroup-docs
• f99259a Fix inaccurate nodegroup docs
• PR #40769: (rallytime) Back-port #40760 to 2016.11 @ 2017-04-19T20:23:22Z
• ISSUE #40737: (jf) Fix consul_pillar documentation: 'root=' canNOT start with a slash | refs: #40760
• PR #40760: (jf) Fix 'root=/...' references in consul_pillar documentation: 'keys should not start
with a forward slash'! | refs: #40769
• d8f7855 Merge pull request #40769 from rallytime/bp-40760
• 71ac15f Fix 'root=/...' references in consul_pillar documentation: 'keys should not start with a
forward slash'!
• PR #40756: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-04-19T17:47:51Z
• ISSUE #40712: (idokaplan) user.update - account_disabled | refs: #40721
• PR #40721: (gtmanfred) unset the bitwise instead of toggle
• 61f8de4 Merge pull request #40756 from rallytime/merge-2016.11
• 0e08732 Merge branch '2016.3' into '2016.11'
• f4f3ee6 Merge pull request #40721 from gtmanfred/2016.3
• 58b8885 unset the bitwise instead of toggle
• PR #40735: (rallytime) Handle stacktraces in cloud.action function in module and runner @
2017-04-18T20:05:06Z
• ISSUE #29602: (multani) cloud.action start raises "got an unexpected keyword argument 'kwargs'" |
refs: #40735
• 3557b51 Merge pull request #40735 from rallytime/handle-cloud-traces
• 87154a9 Use log.error instead of log.err
• b35bf91 Handle stacktraces in cloud.action function in module and runner
• PR #40745: (cro) Backport Add support for specifying a datastore for new disks. PR #36457 @
2017-04-18T20:00:51Z
• e700d81 Merge pull request #40745 from cro/vmware_disk_datastore_bp
• 1460f82 Remove leftover conflict markers (oops! :-/ )
• b26be65 Remove leftover conflict markers (oops! :-/ )
• 096f063 Remove leftover conflict markers (oops! :-/ )
• d24078d Add docs for "datastore" param for disks
• 500d6b2 Document validity of a datastore key inside a disk definition.
• 7608b10 Add support for specifying a datastore for new disks.
• PR #40740: (cro) Backport pr #39802 to add random_startup_delay @ 2017-04-18T19:47:55Z
• PR #39802: (cachedout) A random startup delay option for minions | refs: #40740
• 78dbab0 Merge pull request #40740 from cro/minion_delay_start
• 2ab95b7 Set minion test to use default opts
• 785e606 Add requested docs
• 8ab321f A random startup delay option for minions
• PR #40728: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-04-17T21:13:15Z
• ISSUE #37787: (elyulka) user.present state fails to change loginclass on FreeBSD | refs: #40714
• PR #40719: (rallytime) Back-port #40714 to 2016.3
• PR #40718: (terminalmage) Fix copypasta in the pw_user docstring
• PR #40714: (woodsb02) Make salt.modules.pw_user.get_loginclass return string rather than dict | refs:
#40719
• a48ecc4 Merge pull request #40728 from rallytime/merge-2016.11
• 0a5e05a Merge branch '2016.3' into '2016.11'
• bf8bb0f Merge pull request #40719 from rallytime/bp-40714
• d6c4362 Make salt.modules.pw_user.get_loginclass return string rather than dict
• 4145d33 Merge pull request #40718 from terminalmage/fix-docstring
• 14e8b85 Fix copypasta in the pw_user docstring
• PR #40707: (gtmanfred) Use markers when s3 bucket list is truncated @ 2017-04-17T16:45:21Z
• ISSUE #36967: (gmykhailiuta) S3fs objects list gets truncated | refs: #40707
• c5cbfc2 Merge pull request #40707 from gtmanfred/2016.11
• 1932f72 Use markers when s3 bucket list is truncated
Salt 2016.11.6 Release Notes
Version 2016.11.6 is a bugfix release for 2016.11.0.
Changes for v2016.11.5..v2016.11.6
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2017-06-21T21:12:22Z
Statistics:
• Total Merges: 137
• Total Issue references: 65
• Total PR references: 167
Changes:
• PR #41861: (twangboy) Fix problems with get_rule and delete_rule @ 2017-06-20T20:37:23Z
• afc61ffe63 Merge pull request #41861 from twangboy/fix_win_firewall
• 78892074f5 Fix problems with get_rule and delete_rule
• PR #41787: (skizunov) Fix #41778 @ 2017-06-20T20:11:23Z
• ISSUE #41778: (frogunder) 2016.11.6 - TCP Transport gives Exception | refs: #41787 #41787
• PR #41436: (skizunov) TCP transport: Fix occasional errors when using salt command | refs: #41787
#41787 #41787
• 938d4fddf1 Merge pull request #41787 from skizunov/develop3
• 2ffd20cede Fix #41778
• PR #41812: (skizunov) TCP: Fix salt-master in bad state if remote side closed connection @
2017-06-20T19:46:53Z
• 03b6ae5ea8 Merge pull request #41812 from skizunov/develop4
• 736420eb83 TCP: Fix salt-master in bad state if remote side closed connection
• PR #41857: (dmurphy18) Modified support for deprecated netstat being removed by utilizing ss @
2017-06-20T18:46:27Z
• cf2252bcea Merge pull request #41857 from dmurphy18/netstat_fix
• 017fbdbc53 Modified support for deprecated netstat being removed by utilizing ss
• PR #41837: (rallytime) Add fingerpint_hash_type option to ssh_auth state and related functions @
2017-06-20T18:14:53Z
• ISSUE #40878: (joewreschnig) SSH modules spam warning about MD5 fingerprints when there aren't any |
refs: #41837 #41837
• ISSUE #40005: (vutny) ssh_known_hosts.present does not support SHA256 key fingerprints | refs: #40543
• PR #40543: (rallytime) Add the "fingerprint_hash_type" option to ssh state and module | refs: #41837
• 12ec5f9f23 Merge pull request #41837 from rallytime/fix-40878
• 48ff5d2a62 Add fingerpint_hash_type option to ssh_auth state and related functions
• PR #41839: (cro) Extend proxy to jinja @ 2017-06-19T23:03:00Z
• e7fc30f482 Merge pull request #41839 from cro/extend_proxy_to_jinja
• 172d3520ea Merge branch 'extend_proxy_to_jinja' of github.com:cro/salt into extend_proxy_to_jinja
• 2e4a0633da Extend __proxy__ to jinja as proxy (like __salt__->salt)
• 2ffad2af35 Extend __proxy__ to jinja as proxy (like __salt__->salt)
• PR #41786: (whiteinge) Runner arg parsing regressions @ 2017-06-19T23:00:07Z
• ISSUE #41733: (sumeetisp) Salt Rest Api call | refs: #41786
• ISSUE #40845: (e-senthilkumar) /jobs call is broken in 2016.11.4 | refs: #41786
• ISSUE #38962: (gstachowiak) Broken /jobs in salt-api in salt 2016.11.1 (Carbon) | refs: #39472
• PR #39472: (whiteinge) Update _reformat_low to not run kwarg dicts through parse_input | refs: #41786
• 58387b127a Merge pull request #41786 from whiteinge/runner-arg-parsing-regressions
• bf15c0bb5f Restore sending __current_eauth_* through to the function
• 6be975da2c Fix regressions from not calling load_args_and_kwargs
• 9d1cc1a176 Add test to check that runners ignore invalid kwargs
• PR #41776: (gtmanfred) npm 5.0.0 added a second line after fsevents @ 2017-06-19T16:53:43Z
• be0e9abedb Merge pull request #41776 from gtmanfred/2016.11
• 733a2279ca npm 5.0.0 added a second line after fsevents
• PR #41783: (rallytime) Add a bunch of config options to the various master/minion files that are
missing @ 2017-06-19T16:42:54Z
• ISSUE #32400: (rallytime) Document Default Config Values | refs: #41783
• d94d4e4d19 Merge pull request #41783 from rallytime/config-doc-updates
• c828ad803a Add a bunch of config options to the various master/minion files that are missing
• PR #41816: (twangboy) Upgrade psutil to version 5.2.2 @ 2017-06-17T01:51:29Z
• 2c681887d3 Merge pull request #41816 from twangboy/update_psutil_req
• 8b4e3ad77d Upgrade psutil to version 5.2.2
• PR #41803: (terminalmage) Don't log an error when no top.sls is found @ 2017-06-16T22:49:08Z
• ISSUE #41785: (UtahDave) Using master tops without a top.sls file causes extra errors in minion log |
refs: #41803
• 3e5fe7ca4b Merge pull request #41803 from terminalmage/issue41785
• f9f4d49f05 Don't log an error when no top.sls is found
• PR #41801: (terminalmage) Don't take hostname from name param when creating docker container (2016.11
branch) @ 2017-06-16T17:02:02Z
• d12bc4ee68 Merge pull request #41801 from terminalmage/issue41781-2016.11
• 8236d3e1c3 Don't take hostname from name param when creating docker container (2016.11 branch)
• PR #41768: (rallytime) Manually back-port the changes in PR #41615 @ 2017-06-15T20:41:45Z
• PR #41615: (Ch3LL) Fix get_hwclock_aix test on MacOSX | refs: #41768
• 87e2e72d94 Merge pull request #41768 from rallytime/bp-41615
• b6cc0b6bf0 Manually backport the changes in PR #41615
• PR #41740: (terminalmage) Fix spurious error when glob/regex used in publisher_acl @
2017-06-15T15:14:56Z
• 36cb223ab2 Merge pull request #41740 from terminalmage/zd1532
• e5f3d08751 Fix spurious error when glob/regex used in publisher_acl
• PR #41749: (terminalmage) Fix bug in pkg_resource.parse_targets when version passed @
2017-06-15T15:05:52Z
• 126a36747b Merge pull request #41749 from terminalmage/parse_targets
• 698806fb09 No need to manually create pkg_params dict when name and version passed
• 7484bcc6c6 parse_targets: include version in packed return data
• PR #41753: (rallytime) Back-port #41449 to 2016.11 @ 2017-06-14T22:16:10Z
• PR #41449: (sebw) Fix state "svn.latest" diff output in test mode | refs: #41753
• 2c24012ded Merge pull request #41753 from rallytime/bp-41449
• fae41c2875 Adjusting SVN unit test
• eac6b151eb Improved SVN output in test mode
• PR #41750: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-06-14T22:15:41Z
• PR #41695: (xiaoanyunfei) fix max RecursionError, Ellipsis
• PR #41585: (cro) Sign_minion_messages support
• e685858269 Merge pull request #41750 from rallytime/merge-2016.11
• 89834e49c2 Merge branch '2016.3' into '2016.11'
• c5a79a1ea6 Merge pull request #41695 from xiaoanyunfei/fixRecursion
• c54fde69a0 fix spell error
• bc855b4711 fix swallow exception
• c0b1f57fc0 add exception
• aacf9f0a44 fix maximum recursion depth exceeded
• 4b43ba3366 Merge pull request #41585 from cro/sign_minion_messages
• 628f709c3c Correct test--caching requires files on disk but the test just supplies what would
have been read from disk.
• 687872a488 Lint
• dadf4b851c Add documentation to the example master and minion configuration files. Move minion
event signing to a saner place. Enable dropping messages when signature does not verify or when
minion is not adding the signature to its payloads.
• e44673cdae Add caching of key.
• c3917d1e91 Fat finger fix.
• 3b9326fda7 Sign_minion_messages support
• PR #41756: (Ch3LL) Add Change Log to 2016.11.6 Release Notes @ 2017-06-14T20:57:08Z
• 36cc8f1e35 Merge pull request #41756 from Ch3LL/2016.11.6_release
• fa368f21ac Add Change Log to 2016.11.6 Release Notes
• PR #41692: (rallytime) Add boto and boto3 version dependencies to boto_vpc state docs @
2017-06-14T19:05:07Z
• ISSUE #40155: (grichmond-salt) State module boto_vpc not working with boto 2 | refs: #41692
• edcafc6a26 Merge pull request #41692 from rallytime/fix-40155
• 539c1b0692 Add boto and boto3 version dependencies to boto_vpc state docs
• PR #40902: (lorengordon) Removes duplicates when merging pillar lists and adds pillar.get override for
pillar_merge_lists @ 2017-06-14T18:39:09Z
• ISSUE #39918: (kivoli) Enabling list merging leads to multiplying of unique list items | refs: #40902
• bdaeb55a77 Merge pull request #40902 from lorengordon/pillar-get-merge-lists
• 6e35673fe3 Preserves order when removing duplicates
• 18eda7084c Updates list merge tests to check for sorted, unique lists
• 74bf91f99e Sorts the list when removing duplicates
• 26a4b1b17f Adds pillar.get param to control list merge/overwrite behavior
• ed04bae94c Removes duplicate values when merging lists
• PR #41723: (rallytime) Support apache-libcloud work-around for issue #32743 for versions older than
2.0.0 @ 2017-06-14T17:13:38Z
• ISSUE #32743: (tonybaloney) Issue with salt-cloud on OpenSUSE | refs: #41723 #41723
• PR #40837: (tonybaloney) Upgrade apache-libcloud package dependency for 2.0 | refs: #41723 #41723
• 203ec6730f Merge pull request #41723 from rallytime/libcloud-support
• 1e9a06000b Bump version check down to 1.4.0 and use distutils.version lib
• a30f654b04 Support apache-libcloud work-around for issue #32743 for versions older than 2.0.0
• PR #41655: (Enquier) Allow Nova cloud module to set a specific floating ip address @
2017-06-14T16:44:05Z
• ISSUE #41654: (Enquier) Nova Cloud module doesn't work for python-novaclient 8.0.0+ | refs: #41655
• 62dbf5083c Merge pull request #41655 from Enquier/nova-cloud-set_ip_address
• 293bc64158 Removed empty debug log
• 3d9871fe11 Cleaning up, removing debugging tests
• c78e5feea9 Fixing error message
• 404dffb6b8 Debugging variable format
• 6fa3b976a5 removing string call
• 005995e1b0 modifying variable calls
• 9e5e7a38ec Testing variable changes
• 05e240f37f Debugging Format of floating_ip variable
• 366aca00a8 Adding Max version check for Nova since Cloud no longer operates at higher versions
• 6f66c9d10c Fixing response of floating_ip_show to align with other floating ip's. Spelling fix
• 58459adbe8 Adding ability to set a Floating IP by a specific IP address
• PR #41731: (terminalmage) Clarify that archive_format is required pre-2016.11.0 @ 2017-06-14T15:05:21Z
• 82eab84883 Merge pull request #41731 from terminalmage/docs
• d3f4ea1a84 Clarify that archive_format is required pre-2016.11.0
• PR #41663: (skizunov) Don't invoke lspci if enable_lspci is False @ 2017-06-13T21:19:42Z
• b6d27beac2 Merge pull request #41663 from skizunov/develop3
• 154d6ce59e Don't invoke lspci if enable_lspci is False
• PR #41693: (rallytime) Document available kwargs for ec2.create_volume function @ 2017-06-13T19:51:10Z
• ISSUE #40446: (sumeetisp) [Documentation] include list of kwargs for ec2.create_volume in cloud
driver | refs: #41693
• 46b8d5dc4b Merge pull request #41693 from rallytime/fix-40446
• 569eb2bf7e Document available kwargs for ec2.create_volume function
• PR #41696: (terminalmage) Handle a few edge/corner cases with non-string input to cmd.run @
2017-06-13T18:48:56Z
• ISSUE #41691: (jdonofrio728) Can't pass integers as cmd.run environment variables | refs: #41696
• aab55d304a Merge pull request #41696 from terminalmage/issue41691
• 0623e40d33 Apparently some funcs are passing tuples to cmd.run_*
• cdbfb94cfe Handle a few edge/corner cases with non-string input to cmd.run
• PR #41697: (terminalmage) Resubmit #41545 against 2016.11 branch @ 2017-06-13T16:10:37Z
• 97897d7a7a Merge pull request #41697 from terminalmage/pr-41545
• faaacf88bf Use error name instead of error number
• 7eacda5cbf Make print_cli resilient on slow systems
• PR #41711: (rallytime) Update deprecated version info in manage.bootstrap func for root_user @
2017-06-13T16:04:32Z
• ISSUE #40605: (sumeetisp) Salt-run manage.bootstrap | refs: #41711
• 09260d7c08 Merge pull request #41711 from rallytime/fix-40605
• 903c2ffca5 Update deprecated version info in manage.bootstrap fucn for root_user
• PR #41658: (garethgreenaway) Fixes to the salt scheduler @ 2017-06-13T16:00:57Z
• ISSUE #39668: (mirceaulinic) Master scheduled job not recorded on the event bus | refs: #41658
• d563b3e345 Merge pull request #41658 from garethgreenaway/39668_schedule_runners_fire_events
• d688a1cd88 Enable jobs scheduled on the master to fire their return data to the event bus
• PR #41706: (twangboy) Add missing batch files @ 2017-06-13T15:32:53Z
• 3c3b9343b7 Merge pull request #41706 from twangboy/batch_files
• 0d4be0220b Add batch files for master
• PR #41710: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-06-13T15:11:38Z
• ISSUE #41688: (yannj-fr) Parted module command "mkfs" fails creating swap | refs: #41689
• ISSUE #37322: (kiemlicz) master_tops generating improper top file | refs: #41707
• PR #41707: (terminalmage) Update version in master-tops docs
• PR #41689: (yannj-fr) Fix #41688 : fix mkfs command linux-swap support
• 1afc4adc5a Merge pull request #41710 from rallytime/merge-2016.11
• 5150916556 Merge branch '2016.3' into '2016.11'
• 5058b0de1f Merge pull request #41707 from terminalmage/master-tops-docs
• 6ec9dfb7f3 Update version in master-tops docs
• 1c1964d807 Merge pull request #41689 from yannj-fr/fix-41688
• a47eddccd2 Fix #41688 : fix mkfs command linux-swap support
• PR #41702: (gtmanfred) npm 5 and greater requires --force for cache clean @ 2017-06-12T23:21:56Z
• 5d763b9b7f Merge pull request #41702 from gtmanfred/2016.11
• 8bd19fcc17 fix version number
• 0fa380f75c npm 5 and greater requires --force for cache clean
• PR #41704: (rallytime) Back-port #41670 to 2016.11 @ 2017-06-12T23:20:31Z
• ISSUE #41668: (yannj-fr) Parted modules mkfs command does not work with NTFS | refs: #41670
• PR #41670: (yannj-fr) fixes #41668 ntfs case problem in parted module | refs: #41704
• f6519e7f80 Merge pull request #41704 from rallytime/bp-41670
• 8afc8792d1 fixes #41668 ntfs case problem in parted module
• PR #41700: (terminalmage) roots: return actual link destination when listing symlinks @
2017-06-12T22:07:03Z
• ISSUE #39939: (martinschipper) Relative symlinks are changed with file.recurse 2016.11.3 | refs:
#41700
• 0b89377dce Merge pull request #41700 from terminalmage/issue39939
• bdbb265a0b roots: return actual link destination when listing symlinks
• PR #41699: (rallytime) Remove note about version incompatibility with salt-cloud @ 2017-06-12T19:44:28Z
• 7cf47f9651 Merge pull request #41699 from rallytime/troubleshooting-doc-update
• c91ca5f809 Remove note about version incompatibility with salt-cloud
• PR #41694: (rallytime) Add ipcidr options to "Allowed Values" list in LocalClient expr_form docs @
2017-06-12T19:06:16Z
• ISSUE #40410: (DarrenDai) Targeting Minions by IP Range via restful API doesn't work | refs: #41694
• d68a6316b8 Merge pull request #41694 from rallytime/fix-40410
• 6de9da1d5d Add ipcidr options to "Allowed Values" list in LocalClient expr_form docs
• PR #41659: (lubyou) Use re.escape to escape paths before handing them to re.match @
2017-06-12T18:10:53Z
• ISSUE #41365: (lubyou) file.managed chokes on windows paths when source_hash is set to the URI of a
file that contains source hash strings | refs: #41659
• 80d4a3ab98 Merge pull request #41659 from lubyou/41365-fix-file-managed
• d49a1579b0 Use re.escape to escape paths, before handing them to re.match
• ac240facca use correct variable
• c777eba2c1 Use re.escape to escape paths, before handing them to re.match
• PR #41661: (whiteinge) Add note about avoiding the -i flag for the /keys endpoint @
2017-06-09T15:03:40Z
• 564d5fd9d3 Merge pull request #41661 from whiteinge/rest_cherrypy-keys-headers
• a66ffc9d3e Add note about avoiding the -i flag for the /keys endpoint
• PR #41660: (garethgreenaway) Fix to modules/aptpkg.py for unheld @ 2017-06-09T14:53:23Z
• ISSUE #41651: (Sakorah) pkg.installed fails when unholding and test=true | refs: #41660
• 38424f3e3e Merge pull request #41660 from garethgreenaway/41651_fixing_aptpkg_held_unheld_with_test
• 30da2370a4 Fix when test=True and packages were being set to unheld.
• PR #41656: (rallytime) Back-port #41575 to 2016.11 @ 2017-06-08T22:43:23Z
• PR #41575: (dschaller) Fix 41562 | refs: #41656
• a308b960d8 Merge pull request #41656 from rallytime/bp-41575
• 4374e6b034 Replace "tbd" with release version information
• 81413896d1 Lint: Add index numbers to format {} calls
• 384570384e only list top level npm modules during {un)install
• PR #41456: (bdrung) Fix pkgrepo.managed always return changes for test=true @ 2017-06-08T18:21:05Z
• e6d37b5f3e Merge pull request #41456 from bdrung/fix-pkgrepo.managed-changes-check
• d3ce7bf05f Fix pkgrepo.managed always return changes for test=true
• 1592687294 Document aptpkg architectures parameter
• PR #41530: (gtmanfred) Set default for consul_pillar to None @ 2017-06-08T18:13:15Z
• ISSUE #41478: (jf) security / information leak with consul pillar when subsitution values are not
present | refs: #41530
• 721e5b6cb9 Merge pull request #41530 from gtmanfred/2016.11
• 2a4633ce16 Set default for consul_pillar to None
• PR #41638: (gtmanfred) don't overwrite args if they are passed to the script @ 2017-06-08T17:48:48Z
• ISSUE #41629: (lubyou) salt.states.cmd.script: Parameter "args" is overwritten if "name/id" contains
spaces | refs: #41638
• 8926d1c731 Merge pull request #41638 from gtmanfred/cmdscript
• 6c7d68b97d don't overwrite args if they are passed to the script
• PR #41639: (dmurphy18) Update notrim check, netstat takes minutes if large number connections @
2017-06-07T23:03:24Z
• ecb09b8694 Merge pull request #41639 from dmurphy18/minion_netstat_check
• 7ab3319090 Update notrim check, netstat takes minutes if large number connections - 260K
• PR #41611: (garethgreenaway) Additional fixes to states/saltmod.py @ 2017-06-07T22:58:24Z
• ISSUE #38894: (amendlik) salt.runner and salt.wheel ignore test=True | refs: #41309 #41611
• 2913a33b27 Merge pull request #41611 from garethgreenaway/41309_right_return_res
• fda41ede76 Updating result values to be None for test cases.
• 003f2d9323 Following the documentation, when passed the test=True argument the runner and wheel
functions should return a result value of False.
• PR #41637: (gtmanfred) never run bg for onlyif or unless cmd states @ 2017-06-07T17:37:47Z
• ISSUE #41626: (ruiaylin) When onlyif and bg are used together the | refs: #41637
• 334a5fc2a0 Merge pull request #41637 from gtmanfred/cmd
• 40fb6c6249 never run bg for onlyif or unless cmd states
• PR #41255: (lordcirth) linux_syctl.default_config(): only return path, don't create it @
2017-06-07T14:13:07Z
• 34dd9ea862 Merge pull request #41255 from lordcirth/fix-sysctl-test-11
• 0089be4440 linux_sysctl: use dirname() as suggested
• 262d95e41d linux_syctl.default_config(): only return path, don't create it
• 277232b3ac linux_sysctl.persist(): create config dir if needed
• PR #41616: (rallytime) Back-port #41551 to 2016.11 @ 2017-06-06T22:44:09Z
• ISSUE #35481: (giany) global_identifier does not work when using Softlayer driver | refs: #41551
#41551
• PR #41551: (darenjacobs) Update __init__.py | refs: #41616
• 4cf577771b Merge pull request #41616 from rallytime/bp-41551
• 53bca96328 Update __init__.py
• PR #41552: (Enquier) Adding logic so that update_floatingip can dissassociate floatingip's @
2017-06-06T18:25:56Z
• 846ca54688 Merge pull request #41552 from Enquier/neutron-floatingip-remove
• aeed51c1e3 Adding port=None default and documentation
• fcce05e1e4 Adding logic so that update_floatingip can dissassociate floatingip's Previously
update_floatingip would cause an error if port is set to None.
• PR #41569: (gtmanfred) Check all entries in result @ 2017-06-06T18:18:17Z
• b720ecb732 Merge pull request #41569 from gtmanfred/fix_test_result_check
• 19ea5481b6 remove test that never passed
• e2a4d5e1e2 Check all entries in result
• PR #41599: (garethgreenaway) Fixes to modules/archive.py @ 2017-06-06T18:02:14Z
• ISSUE #41540: (UtahDave) archive.extracted fails on second run | refs: #41599 #41599
• d9546c6283 Merge pull request #41599 from garethgreenaway/41540_fixes_to_archive_module
• 66a136e6d8 Fixing issues raised in #41540 when a zip file is created on a Windows system. The issue
has two parts, first directories that end up in the archive end up in the results of aarchive.list
twice as they show up as both files and directories because of the logic to handle the fact that
Windows doesn't mark them as directories. This issue shows up when an extraction is run a second
time since the module verified the file types and the subdirectory is not a file. The second issue
is related to permissions, if Salt is told to extract permissions (which is the default) then the
directory and files end up being unreadable since the permissions are not available. This change
sets the permissions to what the default umask for the user running Salt is.
• PR #41453: (peter-funktionIT) Update win_pki.py @ 2017-06-06T17:15:55Z
• ISSUE #40950: (idokaplan) Import certificate | refs: #41383 #41453
• PR #41383: (peter-funktionIT) Update win_pki.py | refs: #41453
• 10ac80ee96 Merge pull request #41453 from peter-funktionIT/fix_win_pki_state_import_cert
• d146fd029c Update win_pki.py
• ef8e3ef569 Update win_pki.py
• PR #41557: (dmurphy18) Add symbolic link for salt-proxy service similar to other serivce files @
2017-06-06T17:13:52Z
• 3335fcbc7d Merge pull request #41557 from dmurphy18/fix-proxy-service
• ffe492d6a9 Add symbolic link salt-proxy service similar to other service files
• PR #41597: (rallytime) Back-port #41533 to 2016.11 @ 2017-06-06T15:15:09Z
• PR #41533: (svinota) unit tests: add pyroute2 interface dict test | refs: #41597
• 65ed230f45 Merge pull request #41597 from rallytime/bp-41533
• 535b8e8d8e Update new pyroute2 unit test to conform with 2016.11 branch standards
• 5c86dee73c unit tests: test_pyroute2 -- add skipIf
• 026b39493f unit tests: add encoding clause into test_pyroute2
• 9ab203d54b unit tests: fix absolute imports in test_pyroute2
• 1f507cfa7a unit tests: add pyroute2 interface dict test
• PR #41596: (rallytime) Back-port #41487 to 2016.11 @ 2017-06-06T02:44:17Z
• PR #41487: (svinota) clean up change attribute from interface dict | refs: #41596
• bf8aed153d Merge pull request #41596 from rallytime/bp-41487
• 7b497d9ec6 clean up change attribute from interface dict
• PR #41509: (seanjnkns) Add keystone V3 API support for keystone.endpoint_present|absent @
2017-06-03T03:01:05Z
• ISSUE #41435: (seanjnkns) 2016.11: Keystone.endpoint_present overwrites all interfaces | refs: #41509
• cc6c98a8d8 Merge pull request #41509 from seanjnkns/fix-keystone-v3-endpoint_present
• 095e5949a3 Fix unit tests for PR #41509
• eb7ef3c856 Add keystone V3 API support for keystone.endpoint_present|get, endpoint_absent|delete.
• PR #41539: (gtmanfred) allow digest to be empty in create_crl @ 2017-06-02T17:00:04Z
• ISSUE #38061: (Ch3LL) x509.crl_managed ValueError when digest is not specified in the module | refs:
#41539
• 0a08649637 Merge pull request #41539 from gtmanfred/x509
• 0989be8919 allow digest to be empty in create_crl
• PR #41561: (terminalmage) Redact HTTP basic authentication in archive.extracted @ 2017-06-02T15:33:14Z
• ISSUE #41154: (mephi42) archive.extracted outputs password embedded in archive URL | refs: #41561
• 3ae8336895 Merge pull request #41561 from terminalmage/issue41154
• cbf8acbafc Redact HTTP basic authentication in archive.extracted
• PR #41436: (skizunov) TCP transport: Fix occasional errors when using salt command | refs: #41787
#41787 #41787 @ 2017-06-01T16:37:43Z
• 39840bfe4e Merge pull request #41436 from skizunov/develop2
• 07d5862773 unit.transport.tcp_test: Clean up channel after use
• 4b6aec7154 Preserve original IO Loop on cleanup
• 892c6d4d24 TCP transport: Fix occasional errors when using salt command
• PR #41337: (Foxlik) Fix #41335 - list index out of range on empty line in authorized_keys @
2017-05-31T19:59:17Z
• ISSUE #41335: (syphernl) [2016.11.5] ssh_auth.present: IndexError: list index out of range | refs:
#41337
• 06ed4f077b Merge pull request #41337 from Foxlik/2016.11
• 916fecb64f modify ssh_test.py, to check empty lines and comments in authorized_keys #41335
• 011d6d65e7 Fix #41335 - list index out of range on empty line in authorized_keys
• PR #41512: (twangboy) Use psutil where possible in win_status.py @ 2017-05-31T19:56:00Z
• 1ace72d871 Merge pull request #41512 from twangboy/fix_win_status
• 582d09b484 Get psutil import
• fd88bb277f Remove unused imports (lint)
• 41a39dff00 Use psutil where possible
• PR #41490: (t0fik) Backport of SELinux module installation and removal @ 2017-05-31T19:38:00Z
• 683cc5f414 Merge pull request #41490 from jdsieci/2016.11_selinux
• e2fbada1c1 Backport of SELinux module installation and removal
• PR #41522: (jettero) Sadly, you can't have '.'s and '$'s in dict keys in a mongodb doc. @
2017-05-31T15:55:24Z
• 2e7e84b8f2 Merge pull request #41522 from jettero/mongodb-keys-are-stupid
• 12648f5439 dang, thought I already got that. Apparently only got the bottom one. This should do it.
• 7c4a763518 ugh, forgot about this lint too. This one looks especially terrible.
• c973988d8d forgot about the linter pass ⦠fixed
• da0d9e4045 Sadly, you can't have '.'s and '$'s in dict keys in a mongodb doc.
• PR #41506: (gtmanfred) check for integer types @ 2017-05-31T00:48:21Z
• ISSUE #41504: (mtkennerly) Can't set REG_DWORD registry value larger than 0x7FFFFFFF | refs: #41506
• 30ad4fd9a0 Merge pull request #41506 from gtmanfred/2016.11
• 5fe2e9bbf5 check for integer types
• PR #41469: (Ch3LL) Fix keep_jobs keyerror in redis returner @ 2017-05-30T18:37:42Z
• 06ef17dec3 Merge pull request #41469 from Ch3LL/fix_redis_error
• 8ee1251a3a Fix keep_jobs keyerror in redis returner
• PR #41473: (twangboy) Fix win_firewall execution and state modules @ 2017-05-30T18:35:24Z
• 7a09b2b678 Merge pull request #41473 from twangboy/fix_win_firewall
• e503b455c3 Fix lint error
• d3f0f8bcd2 Fix win_firewall execution and state modules
• PR #41499: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-05-30T18:06:03Z
• PR #41439: (terminalmage) base64 encode binary data sent using salt-cp
• f635cb11c4 Merge pull request #41499 from rallytime/merge-2016.11
• 20d893d397 Merge branch '2016.3' into '2016.11'
• 964b1ee027 Merge pull request #41439 from terminalmage/salt-cp-base64
• ebf6cc78c7 base64 encode binary data sent using salt-cp
• PR #41464: (rallytime) Back-port #39850 to 2016.11 @ 2017-05-26T21:22:44Z
• ISSUE #35874: (epcim) keystone.endpoint_present deletes RegionOne endpoints
• PR #39850: (epcim) Fix endpoint handling per region | refs: #41464
• 83f1e48241 Merge pull request #41464 from rallytime/bp-39850
• 9b84b751b2 Pylint fixes
• 6db8915021 Endpoint handling per region, fixes #35874 - extend tests for multiple regions - region
arg by default set to None - print verbose changes to be exec.
• PR #41443: (UtahDave) use proper arg number @ 2017-05-26T20:36:37Z
• 960c5767fa Merge pull request #41443 from UtahDave/fix_args_masterpy
• dfbdc275ca use proper arg number
• PR #41350: (lorengordon) Supports quoted values in /etc/sysconfig/network @ 2017-05-26T16:22:03Z
• ISSUE #41341: (lorengordon) TypeError traceback in network.system with retain_settings=True | refs:
#41350
• 88c28c18c3 Merge pull request #41350 from lorengordon/issue-41341
• f2f6da7039 Supports quoted values in /etc/sysconfig/network
• PR #41398: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-05-26T15:17:49Z
• ISSUE #41234: (non7top) rpm fails to detect already installed packages | refs: #41265
• ISSUE #16592: (spo0nman) salt-cp fails with large files, cp.get_file succeeds | refs: #41216
• ISSUE #22: (thatch45) Make as many modules as we can think of
• PR #41316: (Ch3LL) [2016.3] Bump latest release version to 2016.11.5
• PR #41265: (terminalmage) yumpkg: fix latest_version() when showdupesfromrepos=1 set in /etc/yum.conf
• PR #41216: (terminalmage) Make salt-cp work with larger files
• 824f2d3b69 Merge pull request #41398 from rallytime/merge-2016.11
• 2941e9c923 Merge pull request #22 from terminalmage/merge-2016.11
• 087a958afc base64 encode binary data sent using salt-cp
• 503f925275 Add missing import
• d2d9a3d29f Merge branch '2016.3' into '2016.11'
• d617c9fe72 Merge pull request #41265 from terminalmage/issue41234
• edf552fe9a Update PKG_TARGETS for RHEL-based distros
• 0ecc7b9b20 yumpkg: fix latest_version() when showdupesfromrepos=1 set in /etc/yum.conf
• 26bd914580 Merge pull request #41316 from Ch3LL/update_latest_2016.3
• 520740d862 [2016.13] Bump latest release version to 2016.11.5
• 18898b7d1f Merge pull request #41216 from terminalmage/issue16592
• 0e15fdbb1a Update salt-cp integration test to reflect recent changes
• 10dc695cc4 Make salt-cp work with larger files
• c078180539 Make KeyErrors more specific when interpreting returns
• fc401c9eb4 Add generator functions for reading files
• PR #41442: (UtahDave) use proper arg number @ 2017-05-26T13:42:50Z
• ec08064b99 Merge pull request #41442 from UtahDave/fix_args
• 0324833c9e use proper arg number
• PR #41397: (Enquier) Updating Nova/Neutron modules to support KeystoneAuth and SSLVerify @
2017-05-25T21:16:14Z
• ISSUE #37824: (dxiri) SSLError Trying to use v3 API of Openstack Newton as provider. | refs: #41397
#40752
• ISSUE #36548: (abonillasuse) openstack auth with nova driver | refs: #38647
• PR #40752: (Enquier) Add ability to specify a custom SSL certificate or disable SSL verification in
KeystoneAuth v3 | refs: #41397
• PR #38647: (gtmanfred) Allow novaclient to use keystoneauth1 sessions for authentication | refs:
#41397
• 22096d9213 Merge pull request #41397 from Enquier/neutron-ssl-verify
• d25dcf61d5 Small error in nova that was preventing execution
• 0e7a1009ed Updated module docs to include changes made
• 05e0192665 Adding missing os_auth_system
• 4e0f4981e4 allow service_type to be specified default is now 'network'
• 991e84343f Added non-profile and defaults for Neutron
• c93f112c9b Updating Nova Module to include use_keystone Auth
• 66ab1e5184 Re-adding neutron dependency check
• cce07eefc2 Updating Neutron module to suport KeystoneAuth
• PR #41409: (garethgreenaway) Fixes to ipc transport @ 2017-05-25T21:06:27Z
• ISSUE #34460: (Ch3LL) Receive an error when using salt-api to call a runner | refs: #41409
• 14a58cf536 Merge pull request #41409 from garethgreenaway/34460_fixes_ipc_transport
• 5613b72dfe Updating the exception variable to be more in line with the rest of the exception code
• 41eee8b333 Fixing a potential lint issue
• 760d561dfa Fixing a potential lint issue
• c11bcd0d12 Changing the approaching and including an except for the action socket.error exception,
then logging a trace log if error number is 0 and an error log otherwise.
• 3f950596f4 Fixing lint issues.
• f3a6531a69 On occasion an exception will occur which results in the event not returning properly,
even though the wire_bytes is correctly populated. In this situation, we log to trace and continue.
#34460
• PR #41421: (UtahDave) Correct doc to actually blacklist a module @ 2017-05-25T21:01:46Z
• 824428700d Merge pull request #41421 from UtahDave/fix_blacklist_docs
• 5eb27571a0 Correct doc to actually blacklist a module
• PR #41431: (terminalmage) Fix regression in state orchestration @ 2017-05-25T18:44:53Z
• ISSUE #41353: (rmarchei) Orchestrate runner needs saltenv on 2016.11.5 | refs: #41431
• b98d5e00d4 Merge pull request #41431 from terminalmage/issue41353
• 16eae64cca Fix regression in state orchestration
• PR #41429: (ricohouse) Issue #41338: Return false when compare config fails @ 2017-05-25T17:18:02Z
• ISSUE #41338: (ricohouse) Exception not raised when running config compare and the device (Juniper)
returns error | refs: #41429
• eeff3dd7fb Merge pull request #41429 from ricohouse/fix-compare-bug
• 9b61665c4c Issue #41338: Return false when compare config fails
• PR #41414: (Ch3LL) Update bootstrap script verstion to latest release(v2017.05.24) @
2017-05-24T19:51:49Z
• 561a416cf3 Merge pull request #41414 from Ch3LL/update_bootstrap
• d8c03eef60 Update bootstrap script verstion to latest release(v2017.05.24)
• PR #41336: (mcalmer) fix setting and getting locale on SUSE systems @ 2017-05-24T17:46:08Z
• 88fd3c0ed9 Merge pull request #41336 from mcalmer/fix-locale-on-SUSE
• f30f5c8a25 fix unit tests
• 428baa9bce fix setting and getting locale on SUSE systems
• PR #41393: (rallytime) Back-port #41235 to 2016.11 @ 2017-05-24T16:08:56Z
• PR #41235: (moio) rest_cherrypy: remove sleep call | refs: #41393
• 4265959647 Merge pull request #41393 from rallytime/bp-41235
• c79c0e3f43 rest_cherrypy: remove sleep call
• PR #41394: (rallytime) Back-port #41243 to 2016.11 @ 2017-05-24T16:00:17Z
• PR #41243: (arif-ali) Remove the keys that don't exist in the new change | refs: #41394
• 83f54694f9 Merge pull request #41394 from rallytime/bp-41243
• a5351302af Lint fix
• 05fadc0af3 Remove the keys that don't exist in the new change
• PR #41401: (bdrung) Add documentation key to systemd service files @ 2017-05-24T15:49:54Z
• 3a45ac30f0 Merge pull request #41401 from bdrung/systemd-service-documentation-key
• 3f7f30895d Add documentation key to systemd service files
• PR #41404: (bdrung) Fix typos @ 2017-05-24T14:42:44Z
• d34333c30b Merge pull request #41404 from bdrung/fix-typos
• 33a7f8b2ec Fix typos
• PR #41388: (bdrung) Do not require sphinx-build for cleaning docs @ 2017-05-23T19:32:41Z
• 3083764195 Merge pull request #41388 from bdrung/clean-doc-without-sphinx
• 5b79a0a9f8 Do not require sphinx-build for cleaning docs
• PR #41364: (automate-solutions) Fix issue #41362 invalid parameter used: KeyName.1 instead of KeyName @
2017-05-23T17:32:10Z
• ISSUE #41362: (automate-solutions) On AWS EC2: salt-cloud -f delete_keypair ec2 keyname=mykeypair
doesn't delete the keypair
• 842875e590 Merge pull request #41364 from automate-solutions/fix-issue-41362
• cfd8eb7a87 Set DescribeKeyPairs back to KeyName.1 according to documentation
• 6a82ddc6fc Fix issue #41362 invalid parameter used: KeyName.1 instead of KeyName
• PR #41383: (peter-funktionIT) Update win_pki.py | refs: #41453 @ 2017-05-23T17:26:43Z
• ISSUE #40950: (idokaplan) Import certificate | refs: #41383 #41453
• 92f94e66bc Merge pull request #41383 from peter-funktionIT/fix-win_pki-get_cert_file
• 4d9bd06176 Update win_pki.py
• PR #41113: (cro) Rescue proxy_auto_tests PR from git rebase hell @ 2017-05-22T17:05:07Z
• PR #39575: (cro) WIP: Proxy auto test, feedback appreciated | refs: #41113
• 1ba95684a9 Merge pull request #41113 from cro/proxy_auto_test2
• 19db038b99 Fix test--use proxy_config instead of minion_config
• 7749ceadb6 Change default proxy minion opts so only the proxy-specific ones are listed, and the rest
are taken from DEFAULT_MINION_OPTS.
• 106394c80c Lint.
• 3be90cc9f4 Rescue proxy_auto_tests PR from git rebase hell
• PR #41360: (cro) Sysrc on FreeBSD, YAML overeager to coerce to bool and int @ 2017-05-22T15:54:31Z
• 375892d910 Merge pull request #41360 from cro/sysrc_fix
• 6db31ce52a Fix problem with sysrc on FreeBSD, YAML overeager to coerce to bool and int.
• PR #41372: (terminalmage) Don't use intermediate file when listing contents of tar.xz file @
2017-05-22T15:36:45Z
• ISSUE #41190: (jheidbrink) Cannot extract tar.xz archive when it exceeds size of /tmp | refs: #41372
• 01b71c75c1 Merge pull request #41372 from terminalmage/issue41190
• 1f08936d9c Remove unused import
• 68cb897520 Replace reference to fileobj
• 788874408a Remove '*' from mode
• 3d4b833627 Don't use intermediate file when listing contents of tar.xz file
• PR #41373: (alex-zel) Allow HTTP authentication to ES. @ 2017-05-22T15:32:09Z
• 5edfcf972c Merge pull request #41373 from alex-zel/patch-3
• 3192eab128 Allow HTTP authentication to ES.
• PR #41287: (garethgreenaway) Fix to consul cache @ 2017-05-19T18:32:56Z
• ISSUE #40748: (djhaskin987) Consul backend minion cache does not work | refs: #41287
• 29bd7f48b7 Merge pull request #41287 from garethgreenaway/40748_2016_11_consul
• 5039fe12fb Removing chdir as it is no needed with this change
• 4550c3ce49 Updating the code that is pulling in the list of cached minions to use self.cache.list
instead of relying on checking the local file system, which only works for the localfs cache method.
#40748
• PR #41309: (garethgreenaway) Adding test argument for runners & wheel orchestration modules @
2017-05-19T18:26:09Z
• ISSUE #38894: (amendlik) salt.runner and salt.wheel ignore test=True | refs: #41309 #41611
• 672aaa88d3 Merge pull request #41309 from garethgreenaway/38894_allowing_test_argument
• e1a88e8bf7 Allowing test=True to be passed for salt.runner and salt.wheel when used with
orchestration
• PR #41319: (lomeroe) backport #41307 to 2016.11, properly pack version numbers into single @
2017-05-19T18:25:00Z
• ISSUE #41306: (lomeroe) win_lgpo does not properly pack group policy version number in gpt.ini |
refs: #41319 #41307
• PR #41307: (lomeroe) properly pack/unpack the verison numbers into a number | refs: #41319
• 140b0427e1 Merge pull request #41319 from lomeroe/bp_41307
• 4f0aa577a5 backport 41307 to 2016.11, properly pack version numbers into single number
• PR #41327: (Ch3LL) Add 2016.11.6 Release Notes @ 2017-05-19T18:05:09Z
• 6bdb7cca7d Merge pull request #41327 from Ch3LL/add_2016.11.6_release
• e5fc0aeb9c Add 2016.11.6 Release Notes
• PR #41329: (lorengordon) Corrects versionadded for win_network.get_route @ 2017-05-19T17:47:57Z
• 1faffd3932 Merge pull request #41329 from lorengordon/doc-fix
• 3c471247f0 Corrects versionadded for win_network.get_route
• PR #41322: (Ch3LL) Add patched packages warning to 2016.11.5 release notes @ 2017-05-18T21:53:26Z
• 6ca65592da Merge pull request #41322 from Ch3LL/fix_release_2016.11.5_notes
• 9a1bf4205f fix url refs in rst
• cde008ff77 Add patched packages warning to 2016.11.5 release notes
• PR #41208: (pkazmierczak) Fix: zypper handling of multiple version packages @ 2017-05-18T15:44:26Z
• 9f359d841f Merge pull request #41208 from pkazmierczak/pkazmierczak-zypper-multiple-ver-pkgs
• d411a91676 Reverted back to cascading with statements for python 2.6 compat
• 7204013653 Compacted with statements in the unit test.
• 6c4c08042c Added unit tests and copied the behavior to .upgrade method, too.
• 5f952007f6 Fix: zypper handling of multiple version packages
• PR #41317: (Ch3LL) [2016.11] Bump latest release version to 2016.11.5 @ 2017-05-18T15:34:13Z
• bcef99adb6 Merge pull request #41317 from Ch3LL/update_latest_2016.11
• cdb072c207 [2016.11] Bump latest release version to 2016.11.5
• PR #41232: (axmetishe) Add basic auth for SPM @ 2017-05-17T19:08:56Z
• b8ddd7ee08 Merge pull request #41232 from axmetishe/2016.11
• 76104f23b4 Add basic auth for SPM
• PR #41236: (BenoitKnecht) states: cron: show correct changes when using special @ 2017-05-17T18:51:58Z
• 7bdb66d969 Merge pull request #41236 from BenoitKnecht/2016.11
• 33211d032e states: cron: show correct changes when using special
• PR #41269: (isbm) Bugfix: Unable to use "127" as hostname for the Minion ID @ 2017-05-17T18:31:15Z
• 1c1e092f56 Merge pull request #41269 from isbm/isbm-minion-id-127-name
• 5168ef8959 Add unit test for hostname can be started from 127
• 0d0354198b Harden to 127. IP part
• d9c8324a6b Unit test for accepting hosts names as 127
• 65b03c667b Bugfix: unable to use 127 as hostname
• PR #41289: (garethgreenaway) Fixing consul cache @ 2017-05-17T16:54:12Z
• d0fa31d4ca Merge pull request #41289 from garethgreenaway/2016_11_5_fix_consul_cache_ls
• 780a28c9a0 Swapping the order in the func_alias so the ls function is available.
• PR #41303: (lomeroe) backport #41301 -- properly convert packed string to decimal values @
2017-05-17T16:32:22Z
• ISSUE #41291: (lomeroe) win_lgpo does not properly convert large decimal values in regpol data |
refs: #41301 #41303
• PR #41301: (lomeroe) properly convert packed string to decimal values | refs: #41303
• 6566648948 Merge pull request #41303 from lomeroe/bp-41301
• f4b93f9d9a properly convert packed string to decimal values
• PR #41283: (terminalmage) Backport #41251 to 2016.11 @ 2017-05-16T18:01:17Z
• ISSUE #41231: (kaihowl) PR #30777 misses an update to the documentation for pkg.installed and
hold:true | refs: #41251
• ISSUE #30733: (ealphonse) version-controlled packages with hold: True can no longer be upgraded by
salt | refs: #30777
• PR #41251: (abednarik) Update apt module regarding upgrade against hold packages.
• PR #30777: (abednarik) Fix update apt hold pkgs | refs: #41251
• 44598617be Merge pull request #41283 from terminalmage/bp-41251
• ed03ca534f Update apt module regarding upgrade against hold packages.
• PR #41181: (gtmanfred) add resolving extra flags to yum upgrade @ 2017-05-16T04:07:47Z
• d8e9676fcf Merge pull request #41181 from gtmanfred/2016.11
• 2ca71713b1 use six and clean_kwargs
• c9bf09a5a1 add resolving extra flags to yum upgrade
• PR #41220: (rallytime) Back-port #40246 to 2016.11 @ 2017-05-15T17:59:38Z
• ISSUE #40177: (eldadru) libcloud_dns state "global name '__salt__' is not defined" in salt.cmd runner
| refs: #40246 #40246
• PR #40246: (tonybaloney) Fix libcloud_dns state module bug | refs: #41220
• 75942235f0 Merge pull request #41220 from rallytime/bp-40246
• 79f1bb2bba Remove unused/duplicate imports leftover from merge-conflict resolution
• 2f610680e5 remove unused imports
• 9b7de2e7d7 fix unit tests
• 49d94559ab linting
• 4b260a4594 linting
• 41d1adab5f fix up tests
• b3822e03fc add fixes for incorrectly importing modules directly instead of using __salt__
• PR #41244: (cachedout) Fix ipv6 nameserver grains @ 2017-05-15T17:55:39Z
• ISSUE #41230: (RealKelsar) 2016.11.5 IPv6 nameserver in resolv.conf leads to minion exception | refs:
#41244 #41244
• ISSUE #40912: (razed11) IPV6 Warning when ipv6 set to False | refs: #40934
• PR #40934: (gtmanfred) Only display IPvX warning if role is master | refs: #41244 #41244
• 53d5b3e816 Merge pull request #41244 from cachedout/fix_ipv6_nameserver_grains
• f745db1a43 Lint
• 6e1ab69710 Partial revert of #40934
• 88f49f9146 Revert "Only display IPvX warning if role is master"
• PR #41242: (pprkut) Fix changing a mysql user to unix socket authentication. @ 2017-05-15T17:00:06Z
• 895fe582eb Merge pull request #41242 from M2Mobi/mysql_socket_auth
• 7d8359766d Fix changing a mysql user to unix socket authentication.
• PR #41101: (terminalmage) Fix "latest" keyword for version specification when used with aggregation @
2017-05-15T16:52:35Z
• ISSUE #40940: (djhaskin987) When state_aggregate is set to True, the latest keyword doesn't work with
pkg.installed | refs: #41101
• 50d8fde123 Merge pull request #41101 from terminalmage/issue40940
• 7fe64219ae Add rtag check to integration test for pkg.refresh_db
• 88a08aa3bf Add comments to explain what removing the rtag file actually does
• 92011dbe5f Fix "latest" keyword for version specification when used with aggregation
• PR #41146: (terminalmage) gitfs: Backport performance fixes for getting tree objects @
2017-05-12T17:35:47Z
• ISSUE #34775: (babilen) Please allow users to disable branch environment mapping in GitFS | refs:
#41144
• PR #41144: (terminalmage) gitfs: Add two new options to affect saltenv mapping | refs: #41146
• 049712ba53 Merge pull request #41146 from terminalmage/backport-get_tree-performance-improvement
• f9d6734afe gitfs: Backport performance fixes for getting tree objects
• PR #41161: (The-Loeki) gpg renderer: fix gpg_keydir always reverting to default @ 2017-05-12T17:19:07Z
• ISSUE #41135: (shallot) gpg renderer doesn't seem to work with salt-ssh, tries to execute gpg on the
minion? | refs: #41161
• 4215a0b99d Merge pull request #41161 from The-Loeki/2016.11
• 24946fef18 gpg renderer: fix gpg_keydir always reverting to default
• PR #41163: (onlyanegg) Elasticsearch - pass hosts and profile to index_exists() @ 2017-05-12T17:18:06Z
• ISSUE #41162: (onlyanegg) Elasticsearch module functions should pass hosts and profile to
index_exists() | refs: #41163
• 5b10fc58ba Merge pull request #41163 from onlyanegg/elasticsearch-pass_profile_to_index_exists
• 7f512c701b Pass hosts and profile to index_exists() method
• PR #41186: (jmarinaro) Fix package name collisions in chocolatey state @ 2017-05-12T17:01:31Z
• ISSUE #41185: (jmarinaro) package name collisions in chocolatey state | refs: #41186
• d433cf850d Merge pull request #41186 from jmarinaro/fix-chocolatey-package-collision
• 229f3bf9f3 apply changes to uninstalled function
• ffd4c7ef04 Fix package name collisions in chocolatey state
• PR #41189: (github-abcde) utils/minions.py: Fixed case where data is an empty dict resulting in… @
2017-05-12T16:32:25Z
• bb5ef41ce0 Merge pull request #41189 from github-abcde/utils-minions-fix
• 853dc5406c utils/minions.py: Fixed case where data is an empty dict resulting in errors.
• PR #41104: (Ch3LL) Add test to query results of /jobs call in api @ 2017-05-10T20:11:08Z
• b136b15330 Merge pull request #41104 from Ch3LL/add_jobs_test
• dac16583b7 add test to query results of /jobs call in api
• PR #41170: (lomeroe) Backport #41081 to 2016.11 @ 2017-05-10T19:58:52Z
• PR #41081: (lomeroe) Update win_dns_client to use reg.read_value and set_value | refs: #41170
• ca18b4df93 Merge pull request #41170 from lomeroe/bp-41081
• 2af89f2165 update mock data
• b7fa115a59 update win_dns_client tests with correct module names
• 4d05a22675 Update win_dns_client to use reg.read_value and set_value
• PR #41173: (twangboy) Add silent action to MsgBox for Path Actions @ 2017-05-10T19:57:06Z
• d7ec37b003 Merge pull request #41173 from twangboy/fix_installer
• 24b11ffdc2 Add release notes
• 96918dcfa6 Add silent action to MsgBox for Path Actions
• PR #41158: (Ch3LL) 2016.11.5 release notes: add additional commits @ 2017-05-09T22:41:40Z
• 88e93b7fe5 Merge pull request #41158 from Ch3LL/update_2016.11.5
• 28371aa035 2016.11.5 release notes: add additional commits
• PR #41148: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-05-09T20:23:28Z
• PR #41123: (terminalmage) Add note on lack of support for VSTS in older libssh2 releases.
• PR #41122: (terminalmage) gitfs: refresh env cache during update in masterless
• PR #41090: (bbinet) rdurations should be floats so that they can be summed when profiling
• d2ae7deff2 Merge pull request #41148 from rallytime/merge-2016.11
• aba35e20dd Merge branch '2016.3' into '2016.11'
• 2969153097 Merge pull request #41122 from terminalmage/masterless-env_cache-fix
• be732f0577 gitfs: refresh env cache during update in masterless
• b8f0a4f108 Merge pull request #41123 from terminalmage/gitfs-vsts-note
• f6a16956a0 Add note on lack of support for VSTS in older libssh2 releases.
• 8f79b6f537 Merge pull request #41090 from bbinet/rdurations_float
• fd48a63653 rdurations should be floats so that they can be summed when profiling
• PR #41147: (rallytime) Back-port #39676 to 2016.11 @ 2017-05-09T18:40:44Z
• PR #39676: (F30) Fix comments about the "hash_type" option | refs: #41147
• 2156395b2e Merge pull request #41147 from rallytime/bp-39676
• 5b55fb2452 Fix comments about the "hash_type" option
• PR #40852: (isbm) Isbm fix coregrains constants bsc`#1032931`_ @ 2017-05-09T18:35:46Z
• ISSUE #1032931: (**)
• a2f359fa13 Merge pull request #40852 from isbm/isbm-fix-coregrains-constants-bsc`#1032931`_
• f3b12a3f5b Do not use multiple variables in "with" statement as of lint issues
• 35a8d99934 Disable the test for a while
• 76cb1b7150 Rewrite test case for using no patch decorators
• f71af0b625 Fix lint issues
• 0e6abb3e37 Add UT on set_hw_clock on Gentoo
• a2b1d4638c Add UT for set_hwclock on Debian
• 5356a0821a Bugfix: use correct grain name for SUSE platform
• 88e8184702 Add UT set_hwclock on SUSE
• 0cd590f927 Fix UT names
• bee94ade63 Add UT for set_hwclock on RedHat
• dfe2610d05 Add UT for set_hwclock on Arch
• d000a8a6f5 Add UT for set_hwclock on solaris
• d2614aedaa Fix docstrings
• 6d782191dc Add UT for set_hwclock on AIX
• d303e0dd8a Add UT for AIX on get_hwclock
• 86f2d83781 Add UT on Solaris
• c3cafed6d5 Add UT for Debian on get_hwclock
• d337c09357 Add UT for RedHat/SUSE platforms on get_hwclock
• 501a59ca7e Bugfix: use correct grain for SUSE and RedHat platform
• f25dc5c56c Add UT for get_hwclock on SUSE platform
• 08e00c865c Remove dead code
• 1216a0bf12 Add UT for get_hwclock on UTC/localtime
• 39332c71d3 Remove duplicate code
• 58676c568d Add UT for Debian on set_zone
• 1b9ce37b1b Add UT for gentoo on set_zone
• cf7f766a68 Bugfix: use correct os_family grain value for SUSE series
• 6ed9be985e Adjust UT to use correct grain for SUSE series
• ce4c836a60 Add UT for set_zone on SUSE series
• 155a498b49 Doc fix
• a40876cdac Remove unnecessary mock patch
• ffab2db213 Fix doc for RH UT
• 72388f7ae2 Add UT for RedHat's set_zone
• 11595d3a42 Refactor with setup/teardown
• ce6a06de98 Bugfix: use correct grain constant for platform
• 28072c9e41 Adjust the test so it is using the right grain for SUSE systems
• 7a0e4be4f8 Add unit test for get_zone and various platforms
• PR #41111: (terminalmage) Allow "ssl_verify: False" to work with pygit2 @ 2017-05-09T17:56:12Z
• ISSUE #41105: (terminalmage) ssl_verify gitfs/git_pillar option does not work with pygit2 | refs:
#41111
• 6fa41dc89d Merge pull request #41111 from terminalmage/issue41105
• 8c6410e3cd Add notices about ssl_verify only working in 0.23.2 and newer
• 98ce829729 Support ssl_verify in pygit2
• f73c4b7167 Add http(s) auth config docs for GitPython
• PR #41008: (cro) Look in /opt//lib instead of just /opt/local/lib on Illumos distros. @
*2017-05-09T16:56:00Z
• 81add1b944 Merge pull request #41008 from cro/rsax_smos
• a4f7aa145e Look for libcrypto in both /opt/tools and /opt/local on Illumos-based distros.
• PR #41124: (gtmanfred) add user_data to digitalocean @ 2017-05-09T16:47:42Z
• c649725e9b Merge pull request #41124 from gtmanfred/do
• 2370d9316b add user_data to digital ocean
• PR #41127: (tmeneau) Fix incorrect service.running state response when enable=None and init script
returns 0 @ 2017-05-09T16:43:35Z
• ISSUE #41125: (tmeneau) service.running returns True if enable=None and init script returns 0 | refs:
#41127
• d0a3fcf33a Merge pull request #41127 from xetus-oss/fix-41125-service-running
• d8766562c9 fix incorrect service.running success response
Salt 2016.11.7 Release Notes
Version 2016.11.7 is a bugfix release for 2016.11.0.
Changes for v2016.11.6..v2016.11.7
Security Fix
CVE-2017-12791 Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master
Correct a flaw in minion id validation which could allow certain minions to authenticate to a master
despite not having the correct credentials. To exploit the vulnerability, an attacker must create a
salt-minion with an ID containing characters that will cause a directory traversal. Credit for
discovering the security flaw goes to: Vernhk@qq.com
Salt 2016.11.8 Release Notes
Version 2016.11.8 is a bugfix release for 2016.11.0.]
Anonymous Binds and LDAP/Active Directory
When auth.ldap.anonymous is set to False, the bind password can no longer be empty.
Changes for v2016.11.7..v2016.11.8
Security Fix
CVE-2017-14695 Directory traversal vulnerability in minion id validation in SaltStack. Allows remote
minions with incorrect credentials to authenticate to a master via a crafted minion ID. Credit for
discovering the security flaw goes to: Julian Brost (julian@0x4a42.net)
CVE-2017-14696 Remote Denial of Service with a specially crafted authentication request. Credit for
discovering the security flaw goes to: Julian Brost (julian@0x4a42.net)
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2017-09-11T14:52:27Z
Statistics:
• Total Merges: 169
• Total Issue references: 70
• Total PR references: 206
Changes:
• PR #43271: (twangboy) Fix minor formatting issue @ 2017-08-30T18:35:12Z
• cf21f91 Merge pull request #43271 from twangboy/win_fix_pkg.install
• 91b062f Fix formatting issue, spaces surrounding +
• PR #43228: (twangboy) Win fix pkg.install @ 2017-08-30T14:26:21Z
• 3a0b02f Merge pull request #43228 from twangboy/win_fix_pkg.install
• 13dfabb Fix regex statement, add .
• 31ff69f Add underscore to regex search
• 3cf2b65 Fix spelling
• ed030a3 Use regex to detect salt-minion install
• e5daff4 Fix pkg.install
• PR #43191: (viktorkrivak) Fix apache.config with multiple statement @ 2017-08-28T18:13:44Z
• b4c689d Merge pull request #43191 from viktorkrivak/fix-apache-config-multi-entity
• c15bcbe Merge remote-tracking branch 'upstream/2016.11' into fix-apache-config-multi-entity
• 4164047 Fix apache.config with multiple statement At this moment when you post more than one
statement in config only last is used. Also file is rewrited multiple times until last statement is
written. Example: salt '*' apache.config /etc/httpd/conf.d/ports.conf config="[{'Listen': '8080'},
{'Proxy': "Something"}]" Ends only with Proxy Something and ignore Listen 8080, This patch fix
this issue.
• PR #43154: (lomeroe) Backport #43116 to 2016.11 @ 2017-08-28T16:40:41Z
• ISSUE #42279: (dafyddj) win_lgpo matches multiple policies due to startswith() | refs: #43116 #43116
#43154
• PR #43116: (lomeroe) Fix 42279 in develop | refs: #43154
• b90e59e Merge pull request #43154 from lomeroe/bp-43116-2016.11
• 8f593b0 verify that files exist before trying to remove them, win_file.remove raises an exception if
the file does not exist
• 33a30ba correcting bad format statement in search for policy to be disabled
• acc3d7a correct fopen calls from salt.utils for 2016.11's utils function
• 2da1cdd lint fix
• 61bd12c track xml namespace to ensure policies w/duplicate IDs or Names do not conflict
• f232bed add additional checks for ADM policies that have the same ADMX policy ID (#42279)
• PR #43202: (garethgreenaway) Reverting previous augeas module changes @ 2017-08-28T13:14:27Z
• ISSUE #42642: (githubcdr) state.augeas | refs: #42669 #43202
• 5308c27 Merge pull request #43202 from garethgreenaway/42642_2016_11_augeas_module_revert_fix
• ef7e93e Reverting this change due to it breaking other uses.
• PR #43103: (aogier) genesis.bootstrap deboostrap fix @ 2017-08-25T20:48:23Z
• ISSUE #43101: (aogier) genesis.bootstrap fails if no pkg AND exclude_pkgs (which can't be a string) |
refs: #43103
• f16b724 Merge pull request #43103 from aogier/43101-genesis-bootstrap
• db94f3b better formatting
• e5cc667 tests: fix a leftover and simplify some parts
• 13e5997 lint
• 216ced6 allow comma-separated pkgs lists, quote args, test deb behaviour
• d8612ae fix debootstrap and enhance packages selection/deletion via cmdline
• PR #42663: (jagguli) Check remote tags before deciding to do a fetch #42329 @ 2017-08-25T20:14:32Z
• ISSUE #42329: (jagguli) State git.latest does not pull latest tags | refs: #42663
• 4863771 Merge pull request #42663 from StreetHawkInc/fix_git_tag_check
• 2b5af5b Remove refs/tags prefix from remote tags
• 3f2e96e Convert set to list for serializer
• 2728e5d Only include new tags in changes
• 4b1df2f Exclude annotated tags from checks
• 389c037 Check remote tags before deciding to do a fetch #42329
• PR #43199: (corywright) Add disk.format alias for disk.format_ @ 2017-08-25T19:21:07Z
• ISSUE #43198: (corywright)
disk.format_
needs to be aliased to disk.format | refs: #43199
• 4193e7f Merge pull request #43199 from corywright/disk-format-alias
• f00d3a9 Add disk.format alias for disk.format_
• PR #43196: (gtmanfred) Pin request install to version for npm tests @ 2017-08-25T18:43:06Z
• ISSUE #495: (syphernl) mysql.* without having MySQL installed/configured gives traceback | refs:
#43196
• 5471f9f Merge pull request #43196 from gtmanfred/2016.11
• ccd2241 Pin request install to version
• PR #43178: (terminalmage) git.detached: Fix traceback when rev is a SHA and is not present locally @
2017-08-25T13:58:37Z
• ISSUE #43143: (abulford) git.detached does not fetch if rev is missing from local | refs: #43178
• ace2715 Merge pull request #43178 from terminalmage/issue43143
• 2640833 git.detached: Fix traceback when rev is a SHA and is not present locally
• PR #43179: (terminalmage) Fix missed deprecation @ 2017-08-24T22:52:34Z
• 12e9507 Merge pull request #43179 from terminalmage/old-deprecation
• 3adf8ad Fix missed deprecation
• PR #43171: (terminalmage) Add warning about adding new functions to salt/utils/__init__.py @
2017-08-24T19:10:23Z
• b595440 Merge pull request #43171 from terminalmage/salt-utils-warning
• 7b5943a Add warning about adding new functions to salt/utils/__init__.py
• PR #43173: (Ch3LL) Add New Release Branch Strategy to Contribution Docs @ 2017-08-24T19:04:56Z
• 4f273ca Merge pull request #43173 from Ch3LL/add_branch_docs
• 1b24244 Add New Release Branch Strategy to Contribution Docs
• PR #43151: (ushmodin) state.sls hangs on file.recurse with clean: True on windows @
2017-08-23T17:25:33Z
• PR #42969: (ushmodin) state.sls hangs on file.recurse with clean: True on windows | refs: #43151
• 669b376 Merge pull request #43151 from ushmodin/2016.11
• c5841e2 state.sls hangs on file.recurse with clean: True on windows
• PR #42986: (renner) Notify systemd synchronously (via NOTIFY_SOCKET) @ 2017-08-22T16:52:56Z
• ae9d2b7 Merge pull request #42986 from renner/systemd-notify
• 79c53f3 Fallback to systemd_notify_call() in case of socket.error
• f176547 Notify systemd synchronously (via NOTIFY_SOCKET)
• PR #43037: (mcarlton00) Issue #43036 Bhyve virtual grain in Linux VMs @ 2017-08-22T16:43:40Z
• ISSUE #43036: (mcarlton00) Linux VMs in Bhyve aren't displayed properly in grains | refs: #43037
• b420fbe Merge pull request #43037 from mcarlton00/fix-bhyve-grains
• 73315f0 Issue #43036 Bhyve virtual grain in Linux VMs
• PR #43100: (vutny) [DOCS] Add missing utils sub-dir listed for extension_modules @ 2017-08-22T15:40:09Z
• 0a86f2d Merge pull request #43100 from vutny/doc-add-missing-utils-ext
• af743ff [DOCS] Add missing utils sub-dir listed for extension_modules
• PR #42985: (DmitryKuzmenko) Properly handle prereq having lost requisites. @ 2017-08-21T22:49:39Z
• ISSUE #15171: (JensRantil) Maximum recursion limit hit related to requisites | refs: #42985
• e2bf2f4 Merge pull request #42985 from DSRCorporation/bugs/15171_recursion_limit
• 651b1ba Properly handle prereq having lost requisites.
• PR #43092: (blarghmatey) Fixed issue with silently passing all tests in Testinfra module @
2017-08-21T20:22:08Z
• e513333 Merge pull request #43092 from mitodl/2016.11
• d4b113a Fixed issue with silently passing all tests in Testinfra module
• PR #43060: (twangboy) Osx update pkg scripts @ 2017-08-21T20:06:12Z
• 77a443c Merge pull request #43060 from twangboy/osx_update_pkg_scripts
• ef8a14c Remove /opt/salt instead of /opt/salt/bin
• 2dd62aa Add more information to the description
• f44f5b7 Only stop services if they are running
• 3b62bf9 Remove salt from the path
• ebdca3a Update pkg-scripts
• PR #43064: (terminalmage) Fix race condition in git.latest @ 2017-08-21T14:29:52Z
• ISSUE #42869: (abednarik) Git Module : Failed to update repository | refs: #43064
• 1b1b6da Merge pull request #43064 from terminalmage/issue42869
• 093c0c2 Fix race condition in git.latest
• PR #43054: (lorengordon) Uses ConfigParser to read yum config files @ 2017-08-18T20:49:44Z
• ISSUE #42041: (lorengordon) pkg.list_repo_pkgs fails to find pkgs with spaces around yum repo enabled
value | refs: #43054
• PR #42045: (arount) Fix: salt.modules.yumpkg: ConfigParser to read ini like files. | refs: #43054
• 96e8e83 Merge pull request #43054 from lorengordon/fix/yumpkg/config-parser
• 3b2cb81 fix typo in salt.modules.yumpkg
• 38add0e break if leading comments are all fetched
• d7f65dc fix configparser import & log if error was raised
• ca1b1bb use configparser to parse yum repo file
• PR #43048: (rallytime) Back-port #43031 to 2016.11 @ 2017-08-18T12:56:04Z
• PR #43031: (gtmanfred) use a ruby gem that doesn't have dependencies | refs: #43048
• 43aa46f Merge pull request #43048 from rallytime/bp-43031
• 35e4504 use a ruby gem that doesn't have dependencies
• PR #43023: (terminalmage) Fixes/improvements to Jenkins state/module @ 2017-08-18T01:33:10Z
• ad89ff3 Merge pull request #43023 from terminalmage/fix-jenkins-xml-caching
• 33fd8ff Update jenkins.py
• fc306fc Add missing colon in if statement
• 822eabc Catch exceptions raised when making changes to jenkins
• 91b583b Improve and correct execption raising
• f096917 Raise an exception if we fail to cache the config xml
• PR #43026: (rallytime) Back-port #43020 to 2016.11 @ 2017-08-17T23:19:46Z
• PR #43020: (gtmanfred) test with gem that appears to be abandoned | refs: #43026
• 2957467 Merge pull request #43026 from rallytime/bp-43020
• 0eb15a1 test with gem that appears to be abandoned
• PR #43033: (rallytime) Back-port #42760 to 2016.11 @ 2017-08-17T22:24:43Z
• ISSUE #40490: (alxwr) saltstack x509 incompatible to m2crypto 0.26.0 | refs: #42760
• PR #42760: (AFriemann) Catch TypeError thrown by m2crypto when parsing missing subjects in c… | refs:
#43033
• 4150b09 Merge pull request #43033 from rallytime/bp-42760
• 3e3f7f5 Catch TypeError thrown by m2crypto when parsing missing subjects in certificate files.
• PR #43032: (rallytime) Back-port #42547 to 2016.11 @ 2017-08-17T21:53:50Z
• PR #42547: (blarghmatey) Updated testinfra modules to work with more recent versions | refs: #43032
• b124d36 Merge pull request #43032 from rallytime/bp-42547
• ea4d7f4 Updated testinfra modules to work with more recent versions
• PR #43027: (pabloh007) Fixes ignore push flag for docker.push module issue #42992 @
2017-08-17T19:55:37Z
• ISSUE #42992: (pabloh007) docker.save flag push does is ignored
• a88386a Merge pull request #43027 from pabloh007/fix-docker-save-push-2016-11
• d0fd949 Fixes ignore push flag for docker.push module issue #42992
• PR #42890: (DmitryKuzmenko) Make chunked mode in salt-cp optional @ 2017-08-17T18:37:44Z
• ISSUE #42627: (taigrrr8) salt-cp no longer works. Was working a few months back. | refs: #42890
• 51d1684 Merge pull request #42890 from DSRCorporation/bugs/42627_salt-cp
• cfddbf1 Apply code review: update the doc
• afedd3b Typos and version fixes in the doc.
• 9fedf60 Fixed 'test_valid_docs' test.
• 9993886 Make chunked mode in salt-cp optional (disabled by default).
• PR #43009: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-08-17T18:00:09Z
• PR #42954: (Ch3LL) [2016.3] Bump latest and previous versions
• PR #42949: (Ch3LL) Add Security Notice to 2016.3.7 Release Notes
• PR #42942: (Ch3LL) [2016.3] Add clean_id function to salt.utils.verify.py
• b3c253c Merge pull request #43009 from rallytime/merge-2016.11
• 566ba4f Merge branch '2016.3' into '2016.11'
• 13b8637 Merge pull request #42942 from Ch3LL/2016.3.6_follow_up
• f281e17 move additional minion config options to 2016.3.8 release notes
• 168604b remove merge conflict
• 8a07d95 update release notes with cve number
• 149633f Add release notes for 2016.3.7 release
• 7a4cddc Add clean_id function to salt.utils.verify.py
• bbb1b29 Merge pull request #42954 from Ch3LL/latest_2016.3
• b551e66 [2016.3] Bump latest and previous versions
• 5d5edc5 Merge pull request #42949 from Ch3LL/2016.3.7_docs
• d75d374 Add Security Notice to 2016.3.7 Release Notes
• PR #43021: (terminalmage) Use socket.AF_INET6 to get the correct value instead of doing an OS check @
2017-08-17T17:57:09Z
• PR #43014: (Ch3LL) Change AF_INET6 family for mac in test_host_to_ips | refs: #43021
• 37c63e7 Merge pull request #43021 from terminalmage/fix-network-test
• 4089b7b Use socket.AF_INET6 to get the correct value instead of doing an OS check
• PR #43019: (rallytime) Update bootstrap script to latest stable: v2017.08.17 @ 2017-08-17T17:56:41Z
• 8f64232 Merge pull request #43019 from rallytime/bootstrap_2017.08.17
• 2f762b3 Update bootstrap script to latest stable: v2017.08.17
• PR #43014: (Ch3LL) Change AF_INET6 family for mac in test_host_to_ips | refs: #43021 @
2017-08-17T16:17:51Z
• ff1caeee Merge pull request #43014 from Ch3LL/fix_network_mac
• b8eee44 Change AF_INET6 family for mac in test_host_to_ips
• PR #42968: (vutny) [DOCS] Fix link to Salt Cloud Feature Matrix @ 2017-08-16T13:16:16Z
• 1ee9499 Merge pull request #42968 from vutny/doc-salt-cloud-ref
• 44ed53b [DOCS] Fix link to Salt Cloud Feature Matrix
• PR #42291: (vutny) Fix #38839: remove state from Reactor runner kwags @ 2017-08-15T23:01:08Z
• ISSUE #38839: (DaveOHenry) Invoking runner.cloud.action via reactor sls fails | refs: #42291
• 923f974 Merge pull request #42291 from vutny/fix-38839
• 5f8f98a Fix #38839: remove state from Reactor runner kwags
• PR #42940: (gtmanfred) create new ip address before checking list of allocated ips @
2017-08-15T21:47:18Z
• ISSUE #42644: (stamak) nova salt-cloud -P Private IPs returned, but not public. Checking for
misidentified IPs | refs: #42940
• c20bc7d Merge pull request #42940 from gtmanfred/2016.11
• 253e216 fix IP address spelling
• bd63074 create new ip address before checking list of allocated ips
• PR #42959: (rallytime) Back-port #42883 to 2016.11 @ 2017-08-15T21:25:48Z
• PR #42883: (rallytime) Fix failing boto tests | refs: #42959
• d6496ec Merge pull request #42959 from rallytime/bp-42883
• c6b9ca4 Lint fix: add missing space
• 5597b1a Skip 2 failing tests in Python 3 due to upstream bugs
• a0b19bd Update account id value in boto_secgroup module unit test
• 60b406e @mock_elb needs to be changed to @mock_elb_deprecated as well
• 6ae1111 Replace @mock_ec2 calls with @mock_ec2_deprecated calls
• PR #42944: (Ch3LL) [2016.11] Add clean_id function to salt.utils.verify.py @ 2017-08-15T18:06:12Z
• 6366e05 Merge pull request #42944 from Ch3LL/2016.11.6_follow_up
• 7e0a20a Add release notes for 2016.11.7 release
• 63823f8 Add clean_id function to salt.utils.verify.py
• PR #42952: (Ch3LL) [2016.11] Bump latest and previous versions @ 2017-08-15T17:23:02Z
• 49d339c Merge pull request #42952 from Ch3LL/latest_2016.11
• 74e7055 [2016.11] Bump latest and previous versions
• PR #42950: (Ch3LL) Add Security Notice to 2016.11.7 Release Notes @ 2017-08-15T16:50:23Z
• b0d2e05 Merge pull request #42950 from Ch3LL/2016.11.7_docs
• a6f902d Add Security Notice to 2016.11.77 Release Notes
• PR #42836: (aneeshusa) Backport salt.utils.versions from develop to 2016.11 @ 2017-08-14T20:56:54Z
• PR #42835: (aneeshusa) Fix typo in utils/versions.py module | refs: #42836
• c0ff69f Merge pull request #42836 from lyft/backport-utils.versions-to-2016.11
• 86ce700 Backport salt.utils.versions from develop to 2016.11
• PR #42919: (rallytime) Back-port #42871 to 2016.11 @ 2017-08-14T20:44:00Z
• PR #42871: (amalleo25) Update joyent.rst | refs: #42919
• 64a79dd Merge pull request #42919 from rallytime/bp-42871
• 4e46c96 Update joyent.rst
• PR #42918: (rallytime) Back-port #42848 to 2016.11 @ 2017-08-14T20:43:43Z
• ISSUE #42803: (gmcwhistler) master_type: str, not working as expected, parent salt-minion process
dies. | refs: #42848
• ISSUE #42753: (grichmond-salt) SaltReqTimeout Error on Some Minions when One Master in a Multi-Master
Configuration is Unavailable | refs: #42848
• PR #42848: (DmitryKuzmenko) Execute fire_master asynchronously in the main minion thread. | refs:
#42918
• bea8ec1 Merge pull request #42918 from rallytime/bp-42848
• cdb4812 Make lint happier.
• 62eca9b Execute fire_master asynchronously in the main minion thread.
• PR #42861: (twangboy) Fix pkg.install salt-minion using salt-call @ 2017-08-14T19:07:22Z
• 52bce32 Merge pull request #42861 from twangboy/win_pkg_install_salt
• 0d3789f Fix pkg.install salt-minion using salt-call
• PR #42798: (s-sebastian) Update return data before calling returners @ 2017-08-14T15:51:30Z
• b9f4f87 Merge pull request #42798 from s-sebastian/2016.11
• 1cc8659 Update return data before calling returners
• PR #41977: (abulford) Fix dockerng.network_* ignoring of tests=True @ 2017-08-11T18:37:20Z
• ISSUE #41976: (abulford) dockerng network states do not respect test=True | refs: #41977 #41977
• c15d003 Merge pull request #41977 from redmatter/fix-dockerng-network-ignores-test
• 1cc2aa5 Fix dockerng.network_* ignoring of tests=True
• PR #42886: (sarcasticadmin) Adding missing output flags to salt cli docs @ 2017-08-11T18:35:19Z
• 3b9c3c5 Merge pull request #42886 from sarcasticadmin/adding_docs_salt_outputs
• 744bf95 Adding missing output flags to salt cli
• PR #42882: (gtmanfred) make sure cmd is not run when npm isn't installed @ 2017-08-11T17:53:14Z
• e5b98c8 Merge pull request #42882 from gtmanfred/2016.11
• da3402a make sure cmd is not run when npm isn't installed
• PR #42788: (amendlik) Remove waits and retries from Saltify deployment @ 2017-08-11T15:38:05Z
• 5962c95 Merge pull request #42788 from amendlik/saltify-timeout
• 928b523 Remove waits and retries from Saltify deployment
• PR #42877: (terminalmage) Add virtual func for cron state module @ 2017-08-11T15:33:09Z
• 227ecdd Merge pull request #42877 from terminalmage/add-cron-state-virtual
• f1de196 Add virtual func for cron state module
• PR #42859: (terminalmage) Add note about git CLI requirement for GitPython to GitFS tutorial @
2017-08-11T14:53:03Z
• ab9f6ce Merge pull request #42859 from terminalmage/gitpython-git-cli-note
• 35e05c9 Add note about git CLI requirement for GitPython to GitFS tutorial
• PR #42856: (gtmanfred) skip cache_clean test if npm version is >= 5.0.0 @ 2017-08-11T13:39:20Z
• ISSUE #41770: (Ch3LL) NPM v5 incompatible with salt.modules.cache_list | refs: #42856
• ISSUE #475: (thatch45) Change yaml to use C bindings | refs: #42856
• 682b4a8 Merge pull request #42856 from gtmanfred/2016.11
• b458b89 skip cache_clean test if npm version is >= 5.0.0
• PR #42864: (whiteinge) Make syndic_log_file respect root_dir setting @ 2017-08-11T13:28:21Z
• 01ea854 Merge pull request #42864 from whiteinge/syndic-log-root_dir
• 4b1f55d Make syndic_log_file respect root_dir setting
• PR #42851: (terminalmage) Backport #42651 to 2016.11 @ 2017-08-10T18:02:39Z
• PR #42651: (gtmanfred) python2- prefix for fedora 26 packages
• 2dde1f7 Merge pull request #42851 from terminalmage/bp-42651
• a3da86e fix syntax
• 6ecdbce make sure names are correct
• f83b553 add py3 for versionlock
• 21934f6 python2- prefix for fedora 26 packages
• PR #42806: (rallytime) Update doc references in glusterfs.volume_present @ 2017-08-10T14:10:16Z
• ISSUE #42683: (rgcosma) Gluster module broken in 2017.7 | refs: #42806
• c746f79 Merge pull request #42806 from rallytime/fix-42683
• 8c8640d Update doc references in glusterfs.volume_present
• PR #42829: (twangboy) Fix passing version in pkgs as shown in docs @ 2017-08-10T14:07:24Z
• 27a8a26 Merge pull request #42829 from twangboy/win_pkg_fix_install
• 83b9b23 Add winrepo to docs about supporting versions in pkgs
• 81fefa6 Add ability to pass version in pkgs list
• PR #42838: (twangboy) Document requirements for win_pki @ 2017-08-10T13:59:46Z
• 3c3ac6a Merge pull request #42838 from twangboy/win_doc_pki
• f0a1d06 Standardize PKI Client
• 7de687a Document requirements for win_pki
• PR #42805: (rallytime) Back-port #42552 to 2016.11 @ 2017-08-09T22:37:56Z
• PR #42552: (remijouannet) update consul module following this documentation https://www.consul.… |
refs: #42805
• b3e2ae3 Merge pull request #42805 from rallytime/bp-42552
• 5a91c1f update consul module following this documentation https://www.consul.io/api/acl.html
• PR #42804: (rallytime) Back-port #42784 to 2016.11 @ 2017-08-09T22:37:40Z
• ISSUE #42731: (infoveinx) http.query template_data render exception | refs: #42804
• PR #42784: (gtmanfred) only read file if ret is not a string in http.query | refs: #42804
• d2ee793 Merge pull request #42804 from rallytime/bp-42784
• dbd29e4 only read file if it is not a string
• PR #42826: (terminalmage) Fix misspelling of "versions" @ 2017-08-09T19:39:43Z
• 4cbf805 Merge pull request #42826 from terminalmage/fix-spelling
• 00f9314 Fix misspelling of "versions"
• PR #42786: (Ch3LL) Fix typo for template_dict in http docs @ 2017-08-08T18:14:50Z
• de997ed Merge pull request #42786 from Ch3LL/fix_typo
• 90a2fb6 Fix typo for template_dict in http docs
• PR #42795: (lomeroe) backport #42744 to 2016.11 @ 2017-08-08T17:17:15Z
• ISSUE #42600: (twangboy) Unable to set 'Not Configured' using win_lgpo execution module | refs:
#42744 #42795
• PR #42744: (lomeroe) fix #42600 in develop | refs: #42795
• bf6153e Merge pull request #42795 from lomeroe/
`
bp-42744`__201611
• 695f8c1 fix #42600 in develop
• PR #42748: (whiteinge) Workaround Orchestrate problem that highstate outputter mutates data @
2017-08-07T21:11:33Z
• ISSUE #42747: (whiteinge) Outputters mutate data which can be a problem for Runners and perhaps other
things | refs: #42748
• 61fad97 Merge pull request #42748 from whiteinge/save-before-output
• de60b77 Workaround Orchestrate problem that highstate outputter mutates data
• PR #42764: (amendlik) Fix infinite loop with salt-cloud and Windows nodes @ 2017-08-07T20:47:07Z
• a4e3e7e Merge pull request #42764 from amendlik/cloud-win-loop
• f3dcfca Fix infinite loops on failed Windows deployments
• PR #42694: (gtmanfred) allow adding extra remotes to a repository @ 2017-08-07T18:08:11Z
• ISSUE #42690: (ChristianBeer) git.latest state with remote set fails on first try | refs: #42694
• da85326 Merge pull request #42694 from gtmanfred/2016.11
• 1a0457a allow adding extra remotes to a repository
• PR #42669: (garethgreenaway) [2016.11] Fixes to augeas module @ 2017-08-06T17:58:03Z
• ISSUE #42642: (githubcdr) state.augeas | refs: #42669 #43202
• 7b2119f Merge pull request #42669 from garethgreenaway/42642_2016_11_augeas_module_fix
• 2441308 Updating the call to shlex_split to pass the posix=False argument so that quotes are
preserved.
• PR #42629: (xiaoanyunfei) tornado api @ 2017-08-03T22:21:20Z
• 3072576 Merge pull request #42629 from xiaoanyunfei/tornadoapi
• 1e13383 tornado api
• PR #42655: (whiteinge) Reenable cpstats for rest_cherrypy @ 2017-08-03T20:44:10Z
• PR #33806: (cachedout) Work around upstream cherrypy bug | refs: #42655
• f0f00fc Merge pull request #42655 from whiteinge/rest_cherrypy-reenable-stats
• deb6316 Fix lint errors
• 6bd91c8 Reenable cpstats for rest_cherrypy
• PR #42693: (gilbsgilbs) Fix RabbitMQ tags not properly set. @ 2017-08-03T20:23:08Z
• ISSUE #42686: (gilbsgilbs) Unable to set multiple RabbitMQ tags | refs: #42693 #42693
• 21cf15f Merge pull request #42693 from gilbsgilbs/fix-rabbitmq-tags
• 78fccdc Cast to list in case tags is a tuple.
• 287b57b Fix RabbitMQ tags not properly set.
• PR #42574: (sbojarski) Fixed error reporting in "boto_cfn.present" function. @ 2017-08-01T17:55:29Z
• ISSUE #41433: (sbojarski) boto_cfn.present fails when reporting error for failed state | refs: #42574
• f2b0c9b Merge pull request #42574 from sbojarski/boto-cfn-error-reporting
• 5c945f1 Fix debug message in "boto_cfn._validate" function.
• 181a1be Fixed error reporting in "boto_cfn.present" function.
• PR #42623: (terminalmage) Fix unicode constructor in custom YAML loader @ 2017-07-31T19:25:18Z
• bc1effc Merge pull request #42623 from terminalmage/fix-unicode-constructor
• fcf4588 Fix unicode constructor in custom YAML loader
• PR #42515: (gtmanfred) Allow not interpreting backslashes in the repl @ 2017-07-28T16:00:09Z
• cbf752c Merge pull request #42515 from gtmanfred/backslash
• cc4e456 Allow not interpreting backslashes in the repl
• PR #42586: (gdubroeucq) [Fix] yumpkg.py: add option to the command "check-update" @
2017-07-27T23:52:00Z
• ISSUE #42456: (gdubroeucq) Use yum lib | refs: #42586
• 5494958 Merge pull request #42586 from gdubroeucq/2016.11
• 9c0b5cc Remove extra newline
• d2ef448 yumpkg.py: clean
• a96f7c0 yumpkg.py: add option to the command "check-update"
• PR #41988: (abulford) Fix dockerng.network_* name matching @ 2017-07-27T21:25:06Z
• ISSUE #41982: (abulford) dockerng.network_* matches too easily | refs: #41988 #41988
• 6b45deb Merge pull request #41988 from redmatter/fix-dockerng-network-matching
• 9eea796 Add regression tests for #41982
• 3369f00 Fix broken unit test test_network_absent
• 0ef6cf6 Add trace logging of dockerng.networks result
• 515c612 Fix dockerng.network_* name matching
• PR #42339: (isbm) Bugfix: Jobs scheduled to run at a future time stay pending for Salt minions
(bsc`#1036125`_) @ 2017-07-27T19:05:51Z
• ISSUE #1036125: (**)
• 4b16109 Merge pull request #42339 from isbm/isbm-jobs-scheduled-in-a-future-bsc1036125
• bbba84c Bugfix: Jobs scheduled to run at a future time stay pending for Salt minions (bsc`#1036125`_)
• PR #42077: (vutny) Fix scheduled job run on Master if when parameter is a list @ 2017-07-27T19:04:23Z
• ISSUE #23516: (dkiser) BUG: cron job scheduler sporadically works | refs: #42077
• PR #41973: (vutny) Fix Master/Minion scheduled jobs based on Cron expressions | refs: #42077
• 6c5a7c6 Merge pull request #42077 from vutny/fix-jobs-scheduled-with-whens
• b1960ce Fix scheduled job run on Master if when parameter is a list
• PR #42414: (vutny) DOCS: unify hash sum with hash type format @ 2017-07-27T18:48:40Z
• f9cb536 Merge pull request #42414 from vutny/unify-hash-params-format
• d1f2a93 DOCS: unify hash sum with hash type format
• PR #42523: (rallytime) Add a mention of the True/False returns with __virtual__() @
2017-07-27T18:13:07Z
• ISSUE #42375: (dragonpaw) salt.modules.*.__virtualname__ doens't work as documented. | refs: #42523
• 535c922 Merge pull request #42523 from rallytime/fix-42375
• 685c2cc Add information about returning a tuple with an error message
• fa46651 Add a mention of the True/False returns with __virtual__()
• PR #42527: (twangboy) Document changes to Windows Update in Windows 10/Server 2016 @
2017-07-27T17:45:38Z
• 0df0e7e Merge pull request #42527 from twangboy/win_wua
• 0373791 Correct capatlization
• af3bcc9 Document changes to Windows Update in 10/2016
• PR #42551: (binocvlar) Remove '-s' (--script) argument to parted within align_check function @
2017-07-27T17:35:31Z
• 69b0658 Merge pull request #42551 from binocvlar/fix-lack-of-align-check-output
• c4fabaa Remove '-s' (--script) argument to parted within align_check function
• PR #42573: (rallytime) Back-port #42433 to 2016.11 @ 2017-07-27T13:51:21Z
• ISSUE #42403: (astronouth7303) [2017.7] Pillar empty when state is applied from orchestrate | refs:
#42433
• PR #42433: (terminalmage) Only force saltenv/pillarenv to be a string when not None | refs: #42573
• 9e0b4e9 Merge pull request #42573 from rallytime/bp-42433
• 0293429 Only force saltenv/pillarenv to be a string when not None
• PR #42571: (twangboy) Avoid loading system PYTHON* environment vars @ 2017-07-26T22:48:55Z
• e931ed2 Merge pull request #42571 from twangboy/win_add_pythonpath
• d55a44d Avoid loading user site packages
• 9af1eb2 Ignore any PYTHON* environment vars already on the system
• 4e2fb03 Add pythonpath to batch files and service
• PR #42387: (DmitryKuzmenko) Fix race condition in usage of weakvaluedict @ 2017-07-25T20:57:42Z
• ISSUE #42371: (tsaridas) Minion unresponsive after trying to failover | refs: #42387
• de2f397 Merge pull request #42387 from DSRCorporation/bugs/42371_KeyError_WeakValueDict
• e721c7e Don't use key in weakvaluedict because it could lie.
• PR #41968: (root360-AndreasUlm) Fix rabbitmqctl output sanitizer for version 3.6.10 @
2017-07-25T19:12:36Z
• ISSUE #41955: (root360-AndreasUlm) rabbitmq 3.6.10 changed output => rabbitmq-module broken | refs:
#41968
• 641a9d7 Merge pull request #41968 from root360-AndreasUlm/fix-rabbitmqctl-output-handler
• 76fd941 added tests for rabbitmq 3.6.10 output handler
• 3602af1 Fix rabbitmqctl output handler for 3.6.10
• PR #42479: (gtmanfred) validate ssh_interface for ec2 @ 2017-07-25T18:37:18Z
• ISSUE #42477: (aikar) Invalid ssh_interface value prevents salt-cloud provisioning without reason of
why | refs: #42479
• 66fede3 Merge pull request #42479 from gtmanfred/interface
• c32c1b2 fix pylint
• 99ec634 validate ssh_interface for ec2
• PR #42516: (rallytime) Add info about top file to pillar walk-through example to include edit.vim @
2017-07-25T17:01:12Z
• ISSUE #42405: (felrivero) The documentation is incorrectly compiled (PILLAR section) | refs: #42516
• a925c70 Merge pull request #42516 from rallytime/fix-42405
• e3a6717 Add info about top file to pillar walk-through example to include edit.vim
• PR #42509: (clem-compilatio) Fix _assign_floating_ips in openstack.py @ 2017-07-24T17:14:13Z
• ISSUE #42417: (clem-compilatio) salt-cloud - openstack - "no more floating IP addresses" error - but
public_ip in node | refs: #42509
• 1bd5bbc Merge pull request #42509 from clem-compilatio/fix-42417
• 72924b0 Fix _assign_floating_ips in openstack.py
• PR #42464: (garethgreenaway) [2016.11] Small fix to modules/git.py @ 2017-07-21T21:28:57Z
• 4bf35a7 Merge pull request #42464 from garethgreenaway/2016_11_remove_tmp_identity_file
• ff24102 Uncomment the line that removes the temporary identity file.
• PR #42443: (garethgreenaway) [2016.11] Fix to slack engine @ 2017-07-21T15:48:57Z
• ISSUE #42357: (Giandom) Salt pillarenv problem with slack engine | refs: #42443
• e2120db Merge pull request #42443 from garethgreenaway/42357_pass_args_kwargs_correctly
• 635810b Updating the slack engine in 2016.11 to pass the args and kwrags correctly to LocalClient
• PR #42200: (shengis) Fix #42198 @ 2017-07-21T14:47:29Z
• ISSUE #42198: (shengis) state sqlite3.row_absent fail with "parameters are of unsupported type" |
refs: #42200
• 8262cc9 Merge pull request #42200 from shengis/sqlite3_fix_row_absent_2016.11
• 407b8f4 Fix #42198 If where_args is not set, not using it in the delete request.
• PR #42424: (goten4) Fix error message when tornado or pycurl is not installed @ 2017-07-20T21:53:40Z
• ISSUE #42413: (goten4) Invalid error message when proxy_host is set and tornado not installed | refs:
#42424
• d9df97e Merge pull request #42424 from goten4/2016.11
• 1c0574d Fix error message when tornado or pycurl is not installed
• PR #42350: (twangboy) Fixes problem with Version and OS Release related grains on certain versions of
Python (2016.11) @ 2017-07-19T17:07:26Z
• 42bb1a6 Merge pull request #42350 from twangboy/win_fix_ver_grains_2016.11
• 8c04840 Detect Server OS with a desktop release name
• PR #42356: (meaksh) Allow to check whether a function is available on the AliasesLoader wrapper @
2017-07-19T16:56:41Z
• 0a72e56 Merge pull request #42356 from meaksh/2016.11-AliasesLoader-wrapper-fix
• 915d942 Allow to check whether a function is available on the AliasesLoader wrapper
• PR #42368: (twangboy) Remove build and dist directories before install (2016.11) @ 2017-07-19T16:47:28Z
• 10eb7b7 Merge pull request #42368 from twangboy/win_fix_build_2016.11
• a7c910c Remove build and dist directories before install
• PR #42370: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-07-18T22:39:41Z
• PR #42359: (Ch3LL) [2016.3] Update version numbers in doc config for 2017.7.0 release
• 016189f Merge pull request #42370 from rallytime/merge-2016.11
• 0aa5dde Merge branch '2016.3' into '2016.11'
• e9b0f20 Merge pull request #42359 from Ch3LL/doc-update-2016.3
• dc85b5e [2016.3] Update version numbers in doc config for 2017.7.0 release
• PR #42360: (Ch3LL) [2016.11] Update version numbers in doc config for 2017.7.0 release @
2017-07-18T19:23:30Z
• f06a6f1 Merge pull request #42360 from Ch3LL/doc-update-2016.11
• b90b7a7 [2016.11] Update version numbers in doc config for 2017.7.0 release
• PR #42319: (rallytime) Add more documentation for config options that are missing from master/minion
docs @ 2017-07-18T18:02:32Z
• ISSUE #32400: (rallytime) Document Default Config Values | refs: #42319
• e0595b0 Merge pull request #42319 from rallytime/config-docs
• b40f980 Add more documentation for config options that are missing from master/minion docs
• PR #42352: (CorvinM) Multiple documentation fixes @ 2017-07-18T15:10:37Z
• ISSUE #42333: (b3hni4) Getting "invalid type of dict, a list is required" when trying to configure
engines in master config file | refs: #42352
• 7894040 Merge pull request #42352 from CorvinM/issue42333
• 526b6ee Multiple documentation fixes
• PR #42353: (terminalmage) is_windows is a function, not a propery/attribute @ 2017-07-18T14:38:51Z
• b256001 Merge pull request #42353 from terminalmage/fix-git-test
• 14cf6ce is_windows is a function, not a propery/attribute
• PR #42264: (rallytime) Update minion restart section in FAQ doc for windows @ 2017-07-17T17:40:40Z
• ISSUE #41116: (hrumph) FAQ has wrong instructions for upgrading Windows minion. | refs: #42264
• 866a1fe Merge pull request #42264 from rallytime/fix-41116
• bd63888 Add mono-spacing to salt-minion reference for consistency
• 30d62f4 Update minion restart section in FAQ doc for windows
• PR #42275: (terminalmage) pkg.installed: pack name/version into pkgs argument @ 2017-07-17T17:38:39Z
• ISSUE #42194: (jryberg) pkg version: latest are now broken, appending <package>-latest to filename |
refs: #42275
• 9a70708 Merge pull request #42275 from terminalmage/issue42194
• 6638749 pkg.installed: pack name/version into pkgs argument
• PR #42269: (rallytime) Add some clarity to "multiple quotes" section of yaml docs @
2017-07-17T17:38:18Z
• ISSUE #41721: (sazaro) state.sysrc broken when setting the value to YES or NO | refs: #42269
• e588f23 Merge pull request #42269 from rallytime/fix-41721
• f2250d4 Add a note about using different styles of quotes.
• 38d9b3d Add some clarity to "multiple quotes" section of yaml docs
• PR #42282: (rallytime) Handle libcloud objects that throw RepresenterErrors with --out=yaml @
2017-07-17T17:36:35Z
• ISSUE #42152: (dubb-b) salt-cloud errors on Rackspace driver using -out=yaml | refs: #42282
• 5aaa214 Merge pull request #42282 from rallytime/fix-42152
• f032223 Handle libcloud objects that throw RepresenterErrors with --out=yaml
• PR #42308: (lubyou) Force file removal on Windows. Fixes #42295 @ 2017-07-17T17:12:13Z
• ISSUE #42295: (lubyou) file.absent fails on windows if the file to be removed has the "readonly"
attribute set | refs: #42308
• fb5697a Merge pull request #42308 from lubyou/42295-fix-file-absent-windows
• 026ccf4 Force file removal on Windows. Fixes #42295
• PR #42314: (rallytime) Add clarification to salt ssh docs about key auto-generation. @
2017-07-17T14:07:49Z
• ISSUE #42267: (gzcwnk) salt-ssh not creating ssh keys automatically as per documentation | refs:
#42314
• da2a8a5 Merge pull request #42314 from rallytime/fix-42267
• c406046 Add clarification to salt ssh docs about key auto-generation.
• PR #41945: (garethgreenaway) Fixes to modules/git.py @ 2017-07-14T17:46:10Z
• ISSUE #41936: (michaelkarrer81) git.latest identity does not set the correct user for the private key
file on the minion | refs: #41945
• ISSUE #1: (thatch45) Enable regex on the salt cli
• acadd54 Merge pull request #41945 from garethgreenaway/41936_allow_identity_files_with_user
• 44841e5 Moving the call to cp.get_file inside the with block to ensure the umask is preserved when we
grab the file.
• f9ba60e Merge pull request #1 from terminalmage/pr-41945
• 1b60261 Restrict set_umask to mkstemp call only
• 68549f3 Fixing umask to we can set files as executable.
• 4949bf3 Updating to swap on the new salt.utils.files.set_umask context_manager
• 8faa9f6 Updating PR with requested changes.
• 494765e Updating the git module to allow an identity file to be used when passing the user parameter
• PR #42289: (CorvinM) Multiple empty_password fixes for state.user @ 2017-07-14T16:14:02Z
• ISSUE #42240: (casselt) empty_password in user.present always changes password, even with test=True |
refs: #42289
• PR #41543: (cri-epita) Fix user creation with empty password | refs: #42289 #42289
• f90e04a Merge pull request #42289 from CorvinM/bp-41543
• 357dc22 Fix user creation with empty password
• PR #42123: (vutny) DOCS: describe importing custom util classes @ 2017-07-12T15:53:24Z
• a91a3f8 Merge pull request #42123 from vutny/fix-master-utils-import
• 6bb8b8f Add missing doc for utils_dirs Minion config option
• f1bc58f Utils: add example of module import
• PR #42261: (rallytime) Some minor doc fixes for dnsutil module so they'll render correctly @
2017-07-11T23:14:53Z
• e2aa511 Merge pull request #42261 from rallytime/minor-doc-fix
• 8c76bbb Some minor doc fixes for dnsutil module so they'll render correctly
• PR #42262: (rallytime) Back-port #42224 to 2016.11 @ 2017-07-11T23:14:25Z
• PR #42224: (tdutrion) Remove duplicate instruction in Openstack Rackspace config example | refs:
#42262
• 3e9dfbc Merge pull request #42262 from rallytime/bp-42224
• c31ded3 Remove duplicate instruction in Openstack Rackspace config example
• PR #42181: (garethgreenaway) fixes to state.py for names parameter @ 2017-07-11T21:21:32Z
• ISSUE #42137: (kiemlicz) cmd.run with multiple commands - random order of execution | refs: #42181
• 7780579 Merge pull request #42181 from garethgreenaway/42137_backport_fix_from_2017_7
• a34970b Back porting the fix for 2017.7 that ensures the order of the names parameter.
• PR #42253: (gtmanfred) Only use unassociated ips when unable to allocate @ 2017-07-11T20:53:51Z
• PR #38965: (toanju) salt-cloud will use list_floating_ips for OpenStack | refs: #42253
• PR #34280: (kevinanderson1) salt-cloud will use list_floating_ips for Openstack | refs: #38965
• 7253786 Merge pull request #42253 from gtmanfred/2016.11
• 53e2576 Only use unassociated ips when unable to allocate
• PR #42252: (UtahDave) simple docstring updates @ 2017-07-11T20:48:33Z
• b2a4698 Merge pull request #42252 from UtahDave/2016.11local
• e6a9563 simple doc updates
• PR #42235: (astronouth7303) Abolish references to dig in examples. @ 2017-07-10T20:06:11Z
• ISSUE #42232: (astronouth7303) Half of dnsutil refers to dig | refs: #42235
• 781fe13 Merge pull request #42235 from astronouth7303/patch-1-2016.3
• 4cb51bd Make note of dig partial requirement.
• 08e7d83 Abolish references to dig in examples.
• PR #42215: (twangboy) Add missing config to example @ 2017-07-07T20:18:44Z
• 83cbd76 Merge pull request #42215 from twangboy/win_iis_docs
• c07e220 Add missing config to example
• PR #42211: (terminalmage) Only pass a saltenv in orchestration if one was explicitly passed (2016.11) @
2017-07-07T20:16:35Z
• 274946a Merge pull request #42211 from terminalmage/issue40928
• 22a18fa Only pass a saltenv in orchestration if one was explicitly passed (2016.11)
• PR #42173: (rallytime) Back-port #37424 to 2016.11 @ 2017-07-07T16:39:59Z
• PR #37424: (kojiromike) Avoid Early Convert ret['comment'] to String | refs: #42173
• 89261cf Merge pull request #42173 from rallytime/bp-37424
• 01addb6 Avoid Early Convert ret['comment'] to String
• PR #42175: (rallytime) Back-port #39366 to 2016.11 @ 2017-07-06T19:51:47Z
• ISSUE #39365: (dglloyd) service.running fails if sysv script has no status command and enable: True |
refs: #39366
• PR #39366: (dglloyd) Pass sig to service.status in after_toggle | refs: #42175
• 3b17fb7 Merge pull request #42175 from rallytime/bp-39366
• 53f7b98 Pass sig to service.status in after_toggle
• PR #42172: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-07-06T18:16:29Z
• PR #42155: (phsteve) Fix docs for puppet.plugin_sync
• ea16f47 Merge pull request #42172 from rallytime/merge-2016.11
• b1fa332 Merge branch '2016.3' into '2016.11'
• 8fa1fa5 Merge pull request #42155 from phsteve/doc-fix-puppet
• fb2cb78 Fix docs for puppet.plugin_sync so code-block renders properly and sync is spelled
consistently
• PR #42176: (rallytime) Back-port #42109 to 2016.11 @ 2017-07-06T18:15:35Z
• PR #42109: (arthurlogilab) [doc] Update aws.rst - add Debian default username | refs: #42176
• 6307b98 Merge pull request #42176 from rallytime/bp-42109
• 686926d Update aws.rst - add Debian default username
• PR #42095: (terminalmage) Add debug logging to dockerng.login @ 2017-07-06T17:13:05Z
• 28c4e4c Merge pull request #42095 from terminalmage/docker-login-debugging
• bd27870 Add debug logging to dockerng.login
• PR #42119: (terminalmage) Fix regression in CLI pillar override for salt-call @ 2017-07-06T17:02:52Z
• ISSUE #42116: (terminalmage) CLI pillar override regression in 2017.7.0rc1 | refs: #42119
• 2b754bc Merge pull request #42119 from terminalmage/issue42116
• 9a26894 Add integration test for 42116
• 1bb42bb Fix regression when CLI pillar override is used with salt-call
• PR #42121: (terminalmage) Fix pillar.get when saltenv is passed @ 2017-07-06T16:52:34Z
• ISSUE #42114: (clallen) saltenv bug in pillar.get execution module function | refs: #42121
• 8c0a83c Merge pull request #42121 from terminalmage/issue42114
• d142912 Fix pillar.get when saltenv is passed
• PR #42094: (terminalmage) Prevent command from showing in exception when output_loglevel=quiet @
2017-07-06T16:18:09Z
• 687992c Merge pull request #42094 from terminalmage/quiet-exception
• 47d61f4 Prevent command from showing in exception when output_loglevel=quiet
• PR #42163: (vutny) Fix #42115: parse libcloud "rc" version correctly @ 2017-07-06T16:15:07Z
• ISSUE #42115: (nomeelnoj) Installing EPEL repo breaks salt-cloud | refs: #42163
• dad2551 Merge pull request #42163 from vutny/fix-42115
• b27b1e3 Fix #42115: parse libcloud "rc" version correctly
• PR #42164: (Ch3LL) Fix kerberos create_keytab doc @ 2017-07-06T15:55:33Z
• 2a8ae2b Merge pull request #42164 from Ch3LL/fix_kerb_doc
• 7c0fb24 Fix kerberos create_keytab doc
• PR #42141: (rallytime) Back-port #42098 to 2016.11 @ 2017-07-06T15:11:49Z
• PR #42098: (twangboy) Change repo_ng to repo-ng | refs: #42141
• 678d4d4 Merge pull request #42141 from rallytime/bp-42098
• bd80243 Change repo_ng to repo-ng
• PR #42140: (rallytime) Back-port #42097 to 2016.11 @ 2017-07-06T15:11:29Z
• PR #42097: (gtmanfred) require large timediff for ipv6 warning | refs: #42140
• c8afd7a Merge pull request #42140 from rallytime/bp-42097
• 9c4e132 Import datetime
• 1435bf1 require large timediff for ipv6 warning
• PR #42142: (Ch3LL) Update builds available for rc1 @ 2017-07-05T21:11:56Z
• c239664 Merge pull request #42142 from Ch3LL/change_builds
• e1694af Update builds available for rc1
• PR #42078: (damon-atkins) pkg.install and pkg.remove fix version number input. @ 2017-07-05T06:04:57Z
• 4780d78 Merge pull request #42078 from damon-atkins/fix_convert_flt_str_version_on_cmd_line
• 09d37dd Fix comment typo
• 7167549 Handle version=None when converted to a string it becomes 'None' parm should default to
empty string rather than None, it would fix better with existing code.
• 4fb2bb1 Fix typo
• cf55c33 pkg.install and pkg.remove on the command line take number version numbers, store them within
a float. However version is a string, to support versions numbers like 1.3.4
• PR #42105: (Ch3LL) Update releasecanddiate doc with new 2017.7.0rc1 Release @ 2017-07-04T03:14:42Z
• 46d575a Merge pull request #42105 from Ch3LL/update_rc
• d4e7b91 Update releasecanddiate doc with new 2017.7.0rc1 Release
• PR #42099: (rallytime) Remove references in docs to pip install salt-cloud @ 2017-07-03T22:13:44Z
• ISSUE #41885: (astronouth7303) Recommended pip installation outdated? | refs: #42099
• d38548b Merge pull request #42099 from rallytime/fix-41885
• c2822e0 Remove references in docs to pip install salt-cloud
• PR #42086: (abulford) Make result=true if Docker volume already exists @ 2017-07-03T15:48:33Z
• ISSUE #42076: (abulford) dockerng.volume_present test looks as though it would cause a change | refs:
#42086 #42086
• 81d606a Merge pull request #42086 from redmatter/fix-dockerng-volume-present-result
• 8d54968 Make result=true if Docker volume already exists
• PR #42021: (gtmanfred) Set concurrent to True when running states with sudo @ 2017-06-30T21:02:15Z
• ISSUE #25842: (shikhartanwar) Running salt-minion as non-root user to execute sudo commands always
returns an error | refs: #42021
• 7160697 Merge pull request #42021 from gtmanfred/2016.11
• 26beb18 Set concurrent to True when running states with sudo
• PR #42029: (terminalmage) Mock socket.getaddrinfo in
unit.utils.network_test.NetworkTestCase.test_host_to_ips @ 2017-06-30T20:58:56Z
• b784fbb Merge pull request #42029 from terminalmage/host_to_ips
• 26f848e Mock socket.getaddrinfo in unit.utils.network_test.NetworkTestCase.test_host_to_ips
• PR #42055: (dmurphy18) Upgrade support for gnupg v2.1 and higher @ 2017-06-30T20:54:02Z
• e067020 Merge pull request #42055 from dmurphy18/handle_gnupgv21
• e20cea6 Upgrade support for gnupg v2.1 and higher
• PR #42048: (Ch3LL) Add initial 2016.11.7 Release Notes @ 2017-06-30T16:00:05Z
• 74ba2ab Merge pull request #42048 from Ch3LL/add_11.7
• 1de5e00 Add initial 2016.11.7 Release Notes
• PR #42024: (leeclemens) doc: Specify versionadded for SELinux policy install/uninstall @
2017-06-29T23:29:50Z
• ca4e619 Merge pull request #42024 from leeclemens/doc/selinux
• b63a3c0 doc: Specify versionadded for SELinux policy install/uninstall
• PR #42030: (whiteinge) Re-add msgpack to mocked imports @ 2017-06-29T20:47:59Z
• PR #42028: (whiteinge) Revert "Allow docs to be built under Python 3" | refs: #42030
• PR #41961: (cachedout) Allow docs to be built under Python 3 | refs: #42028
• 50856d0 Merge pull request #42030 from whiteinge/revert-py3-doc-chagnes-pt-2
• 18dfa98 Re-add msgpack to mocked imports
• PR #42028: (whiteinge) Revert "Allow docs to be built under Python 3" | refs: #42030 @
2017-06-29T19:47:46Z
• PR #41961: (cachedout) Allow docs to be built under Python 3 | refs: #42028
• 53031d2 Merge pull request #42028 from saltstack/revert-41961-py3_doc
• 5592e6e Revert "Allow docs to be built under Python 3"
• PR #42017: (lorengordon) Fixes typo "nozerconf" -> "nozeroconf" @ 2017-06-29T17:30:48Z
• ISSUE #42013: (dusto) Misspelled nozeroconf in salt/modules/rh_ip.py | refs: #42017
• 1416bf7 Merge pull request #42017 from lorengordon/issue-42013
• b6cf5f2 Fixes typo nozerconf -> nozeroconf
• PR #41906: (terminalmage) Better support for numeric saltenvs @ 2017-06-29T17:19:33Z
• 0ebb50b Merge pull request #41906 from terminalmage/numeric-saltenv
• 2d798de Better support for numeric saltenvs
• PR #41995: (terminalmage) Temporarily set the umask before writing an auth token @ 2017-06-29T01:09:48Z
• 6a3c03c Merge pull request #41995 from terminalmage/token-umask
• 4f54b00 Temporarily set the umask before writing an auth token
• PR #41999: (terminalmage) Update IP address for
unit.utils.network_test.NetworkTestCase.test_host_to_ips @ 2017-06-29T01:01:31Z
• e3801b0 Merge pull request #41999 from terminalmage/fix-network-test
• fb6a933 Update IP address for unit.utils.network_test.NetworkTestCase.test_host_to_ips
• PR #41991: (Da-Juan) Accept a list for state_aggregate global setting @ 2017-06-29T00:58:59Z
• ISSUE #18659: (whiteinge) mod_aggregate not working for list-form configuration | refs: #41991
• a7f3892 Merge pull request #41991 from Da-Juan/fix-state_aggregate-list
• c9075b8 Accept a list for state_aggregate setting
• PR #41993: (UtahDave) change out salt support link to SaltConf link @ 2017-06-29T00:55:20Z
• 7424f87 Merge pull request #41993 from UtahDave/2016.11local
• bff050a change out salt support link to SaltConf link
• PR #41987: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 @ 2017-06-28T20:19:11Z
• PR #41981: (Ch3LL) [2016.3] Bump latest release version to 2016.11.6
• 3b9ccf0 Merge pull request #41987 from rallytime/merge-2016.11
• 48867c4 Merge branch '2016.3' into '2016.11'
• c589eae Merge pull request #41981 from Ch3LL/11.6_3
• 2516ae1 [2016.3] Bump latest release version to 2016.11.6
• PR #41985: (rallytime) Back-port #41780 to 2016.11 @ 2017-06-28T20:18:57Z
• PR #41780: (ferringb) Fix salt.util.render_jinja_tmpl usage for when not used in an environmnet |
refs: #41985
• 768339d Merge pull request #41985 from rallytime/bp-41780
• 8f8d3a4 Fix salt.util.render_jinja_tmpl usage for when not used in an environment.
• PR #41986: (rallytime) Back-port #41820 to 2016.11 @ 2017-06-28T20:18:43Z
• ISSUE #34963: (craigafinch) Incorrect behavior or documentation for comments in
salt.states.pkgrepo.managed | refs: #41820
• PR #41820: (nhavens) Fix yum repo file comments to work as documented in pkgrepo.managed | refs:
#41986
• bd9090c Merge pull request #41986 from rallytime/bp-41820
• 72320e3 Fix yum repo file comments to work as documented in pkgrepo.managed
• PR #41973: (vutny) Fix Master/Minion scheduled jobs based on Cron expressions | refs: #42077 @
2017-06-28T16:39:02Z
• a31da52 Merge pull request #41973 from vutny/fix-croniter-scheduled-jobs
• 148788e Fix Master/Minion scheduled jobs based on Cron expressions
• PR #41980: (Ch3LL) [2016.11] Bump latest release version to 2016.11.6 @ 2017-06-28T15:35:11Z
• 689ff93 Merge pull request #41980 from Ch3LL/11.6_11
• fe4f571 [2016.11] Bump latest release version to 2016.11.6
• PR #41961: (cachedout) Allow docs to be built under Python 3 | refs: #42028 @ 2017-06-27T21:11:54Z
• 82b1eb2 Merge pull request #41961 from cachedout/py3_doc
• 7aacddf Allow docs to be built under Python 3
• PR #41948: (davidjb) Fix Composer state's name docs; formatting @ 2017-06-27T17:51:29Z
• PR #41933: (davidjb) Fix Composer state's name docs and improve formatting | refs: #41948
• f0eb51d Merge pull request #41948 from davidjb/patch-9
• 0e4b3d9 Fix Composer state's name docs; formatting
• PR #41914: (vutny) archive.extracted: fix hash sum verification for local archives @
2017-06-26T17:59:27Z
• e28e10d Merge pull request #41914 from vutny/fix-archive-extracted-local-file-hash
• 54910fe archive.extracted: fix hash sum verification for local archives
• PR #41912: (Ch3LL) Allow pacman module to run on Manjaro @ 2017-06-26T15:35:20Z
• 76ad6ff Merge pull request #41912 from Ch3LL/fix_manjaro
• e4dd72a Update os_name_map in core grains for new manjaro systems
• aa7c839 Allow pacman module to run on Manjaro
• PR #41516: (kstreee) Implements MessageClientPool to avoid blocking waiting for zeromq and tcp
communications. @ 2017-06-26T14:41:38Z
• ISSUE #38093: (DmitryKuzmenko) Make threads avoid blocking waiting while communicating using TCP
transport. | refs: #41516 #41516
• PR #37878: (kstreee) Makes threads avoid blocking waiting while communicating using Zeromq. | refs:
#41516 #41516
• ff67d47 Merge pull request #41516 from kstreee/fix-blocking-waiting-tcp-connection
• df96969 Removes redundant closing statements.
• 94b9ea5 Implements MessageClientPool to avoid blocking waiting for zeromq and tcp communications.
• PR #41888: (Ch3LL) Add additional commits to 2016.11.6 release notes @ 2017-06-22T16:19:00Z
• c90cb67 Merge pull request #41888 from Ch3LL/change_release
• 4e1239d Add additional commits to 2016.11.6 release notes
• PR #41882: (Ch3LL) Add pycryptodome to crypt_test @ 2017-06-21T19:51:10Z
• 4a32644 Merge pull request #41882 from Ch3LL/fix_crypt_test
• 6f70dbd Add pycryptodome to crypt_test
• PR #41877: (Ch3LL) Fix netstat and routes test @ 2017-06-21T16:16:58Z
• 13df29e Merge pull request #41877 from Ch3LL/fix_netstat_test
• d2076a6 Patch salt.utils.which for test_route test
• 51f7e10 Patch salt.utils.which for test_netstat test
• PR #41566: (morganwillcock) win_certutil: workaround for reading serial numbers with non-English
languages @ 2017-06-21T15:40:29Z
• ISSUE #41367: (lubyou) certutil.add_store does not work on non english windows versions or on Windows
10 (localised or English) | refs: #41566
• 66f8c83 Merge pull request #41566 from morganwillcock/certutil
• c337d52 Fix test data for test_get_serial, and a typo
• 7f69613 test and lint fixes
• 8ee4843 Suppress output of crypt context and be more specifc with whitespace vs. serial
• 61f817d Match serials based on output position (fix for non-English languages)
• PR #41679: (terminalmage) Prevent unnecessary duplicate pillar compilation @ 2017-06-21T15:32:42Z
• 4d0f5c4 Merge pull request #41679 from terminalmage/get-top-file-envs
• a916e8d Improve normalization of saltenv/pillarenv usage for states
• 02f293a Update state unit tests to reflect recent changes
• b7e5c11 Don't compile pillar data when getting top file envs
• 8d6fdb7 Don't compile pillar twice for salt-call
• d2abfbf Add initial_pillar argument to salt.state
• 70186de salt.pillar: rename the "pillar" argument to "pillar_override"
• PR #41853: (vutny) Fix master side scheduled jobs to return events @ 2017-06-20T22:06:29Z
• ISSUE #39668: (mirceaulinic) Master scheduled job not recorded on the event bus | refs: #41658
• ISSUE #12653: (pengyao) salt schedule doesn't return jobs result info to master | refs: #41853
• PR #41695: (xiaoanyunfei) fix max RecursionError, Ellipsis | refs: #41853
• PR #41658: (garethgreenaway) Fixes to the salt scheduler | refs: #41853
• 29b0acc Merge pull request #41853 from vutny/fix-master-schedule-event
• e206c38 Fix master side scheduled jobs to return events
Salt 2016.11.9 Release Notes
Version 2016.11.9 is a bugfix release for 2016.11.0.]
Windows
Execution module pkg
Significate changes (PR #43708, damon-atkins) have been made to the pkg execution module. Users should
test this release against their existing package sls definition files.
• pkg.list_available no longer defaults to refreshing the winrepo meta database.
• pkg.install without a version parameter no longer upgrades software if the software is already
installed. Use pkg.install version=latest or in a state use pkg.latest to get the old behavior.
• Documentation was update for the execution module to match the style in new versions, some corrections
as well.
• All install/remove commands are prefix with cmd.exe shell and cmdmod is called with a command line
string instead of a list. Some sls files in saltstack/salt-winrepo-ng expected the commands to be
prefixed with cmd.exe (i.e. the use of &).
• Some execution module functions results, now behavour more like their Unix/Linux versions.
Execution module cmdmod
Windows cmdmod forcing cmd to be a list (issue #43522) resolved by "cmdmod: Don't list-ify string
commands on Windows" PR #43807. Linux/Unix OS command & arguments requires a list. Windows was being
treated the same. Windows requires commands & arguments to be a string, which this PR fixes.
Salt 2016.3.0 Release Notes - Codename Boron
Known Issues
WARNING:
Some Salt Masters may need to apply a patch for Default Job Cache to prevent a possible crash
An issue exists that prevents the Salt master from cleaning the default job cache. This issue can
cause an overconsumption of resources resulting in a crash. 2016.3.0 Salt masters should apply the
patch in
:PR:`33555`
. This issue will be addressed in 2016.3.1.
• issue 33516: When upgrading from 2015.8.10 to 2016.3.0 on centos7/redhat7 salt-minion must be restarted
twice.
• issue 33517: SPM does not work on amazon linux 2015 in 2016.3.0.
Backwards-incompatible Changes
• The default path for the extension_modules master config option has been changed. Prior to this
release, the location was a directory named extmods in the Salt cachedir. On most platforms, this would
put the extension_modules directory in /var/cache/salt/extmods. It has been moved one directory down,
into the master cachedir. On most platforms, this is /var/cache/salt/master/extmods. Most users won't
have to worry about this, but those who have been manually placing custom runners into
/var/cache/salt/extmods/runners, or outputters into /var/cache/salt/extmods/output, etc. will be
affected by this. To transition, it is recommended not to simply move the extmods directory into
/var/cache/salt/master, but to copy the custom modules into the salt fileserver under salt://_runners,
salt://_output, etc. and sync them using the functions in the new saltutil runner.
• The pkg.check_db function has been removed for yum/dnf.
Core Changes
• The onchanges requisite now fires if any watched state changes. issue 19592.
• The ext_pillar functions must now accept a minion ID as the first argument. This stops the deprecation
path started in Salt 0.17.x. Before this minion ID first argument was introduced, the minion ID could
be retrieved accessing __opts__['id'] losing the reference to the master ID initially set in opts. This
is no longer the case, __opts__['id'] will be kept as the master ID.
• Custom types can now be synced to the master using the new saltutil runner. Before, these needed to
manually be placed under the extension_modules directory. This allows custom modules to easily be
synced to the master to make them available when compiling Pillar data. Just place custom runners into
salt://_runners, custom outputters into salt://_output, etc. and use the functions from the saltutil
runner to sync them.
• The client_acl configuration options were renamed to publisher_acl.
• Added a new --config-dump option (issue 26639).
• TCP Transport presence events were updated to work with a NAT (PR 30629).
• A minion_pillar_cache setting was added to save rendered pillar data to cachedir for later use when
file_client is set to local (PR 30428).
• Added the ability for binary data (such as a license key) to be distributed via pillar using the
file.managed (issue 9569).
• Scheduled jobs now include success and retcode (issue 24237).
• The saltversioninfo grain was changed from a string to a list to enable reading values by index. (PR
30082).
• A pillar_merge_lists option was added to enable recursively merging pillar lists by aggregating them
instead of replacing them (PR 30062).
• Grain values reported by Debian 8 (jessie) when lsb-release is installed were updated for consistency
(PR 28649).
• A new option for minions called master_tries has been added. This specifies the number of times a
minion should attempt to contact a master to attempt a connection. This allows better handling of
occasional master downtime in a multi-master topology.
• The default directory for deploying the salt-thin tarball has changed for salt-ssh. It is now /var/tmp
instead of /tmp. Users may also wish to delete any directories in /tmp ending with _salt/. (issue
32771)
External Module Packaging
Modules may now be packaged via entry-points in setuptools. See external module packaging tutorial for
more information.
Cloud Changes
• Refactored the OpenNebula driver and added numerous --function and --action commands to enhance Salt
support for image, template, security group, virtual network and virtual machine management in
OpenNebula.
• Added execution/state modules to support the deployment of AWS cognito identity pools (PR 31094).
• Added ability to set tags and listener policies on a AWS ELB (PR 27552).
Platform Changes
• Renamed modules related to macOS. The following module filenames were changed. The virtual name
remained unchanged.
• PR #30558: renamed osxdesktop.py to mac_desktop.py
• PR #30557: renamed macports.py to mac_ports.py
• PR #30556: renamed darwin_sysctl.py to mac_sysctl.py
• PR #30555: renamed brew.py to mac_brew.py
• PR #30552: renamed darwin_pkgutil.py to mac_pkgutil.py
Package Support
• Ubuntu Xenial: Packages for Ubuntu Xenial (16.04) are available for 2016.3.0 and onwards. See
repo.saltstack.com for more information. Note that Xenial comes with Debian's packaged version of Salt
2015.8.8 and official repo.saltstack.com packages are available for 2015.8 releases beginning with Salt
2015.8.11.
Proxy Minion Changes
The deprecated config option enumerate_proxy_minions has been removed.
As mentioned in earlier documentation, the add_proxymodule_to_opts configuration variable defaults to
False in this release. This means if you have proxymodules or other code looking in
__opts__['proxymodule'] you will need to set this variable in your /etc/salt/proxy file, or modify your
code to use the __proxy__ injected variable.
The __proxyenabled__ directive now only applies to grains and proxy modules themselves. Standard
execution modules and state modules are not prevented from loading for proxy minions.
Support has been added to Salt's loader allowing custom proxymodules to be placed in salt://_proxy.
Proxy minions that need these modules will need to be restarted to pick up any changes. A corresponding
utility function, saltutil.sync_proxymodules, has been added to sync these modules to minions.
Enhancements in grains processing have made the __proxyenabled__ directive somewhat redundant in dynamic
grains code. It is still required, but best practices for the __virtual__ function in grains files have
changed. It is now recommended that the __virtual__ functions check to make sure they are being loaded
for the correct proxytype, example below:
def __virtual__():
'''
Only work on proxy
'''
try:
if salt.utils.is_proxy() and \
__opts__['proxy']['proxytype'] == 'ssh_sample':
return __virtualname__
except KeyError:
pass
return False
The try/except block above exists because grains are processed very early in the proxy minion startup
process, sometimes earlier than the proxy key in the __opts__ dictionary is populated.
Grains are loaded so early in startup that no dunder dictionaries are present, so __proxy__, __salt__,
etc. are not available. Custom grains located in /srv/salt/_grains and in the salt install grains
directory can now take a single argument, proxy, that is identical to __proxy__. This enables patterns
like
def get_ip(proxy):
'''
Ask the remote device what IP it has
'''
return {'ip':proxy['proxymodulename.get_ip']()}
Then the grain ip will contain the result of calling the get_ip() function in the proxymodule called
proxymodulename.
Proxy modules now benefit from including a function called initialized(). This function should return
True if the proxy's init() function has been successfully called. This is needed to make grains
processing easier.
Finally, if there is a function called grains in the proxymodule, it will be executed on proxy-minion
startup and its contents will be merged with the rest of the proxy's grains. Since older proxy-minions
might have used other methods to call such a function and add its results to grains, this is config-gated
by a new proxy configuration option called proxy_merge_grains_in_module. This defaults to False in this
release. It will default to True in the release after next. The next release is codenamed Carbon, the
following is Nitrogen.
The example proxy minions rest_sample and ssh_sample have been updated to reflect these changes.
Syndic Updates
A major performance and management issue was found and fixed in the syndic. This makes the Salt Syndic
substantially more reliable and performant. Please make sure that the syndic and the master of masters
which syndics attach to are updated, otherwise the syndic fixes alone can cause minor performance issues
with older master of masters. Please update masters first, then syndics. Minions do not need to be
updated for this fix to work.
Module Changes
• file execution module: show_diff is deprecated in favor of show_changes. (PR 30988)
• reg execution module:
• Removed the following deprecated functions from the reg module (PR 30956):
• read_key
• set_key
• create_key
• delete_key
• Removed force parameter from reg state module
• Fixed virtual function in state
• Improved error information for reg.delete_value function
• jboss7 execution module: deployed function was decoupled from Artifactory by removing
Artifactory-specific functionality. Note that the changes in some of the function arguments break
existing state files, see issue 30515 and PR 3080 for details.
• pkg state module: The wait function was removed, the functionality was replaced with the onchanges
requisite (PR 30297).
• firewalld state module: A permanent argument was added add_port. Note that permanent defaults to True,
which changes previous behavior (PR 30275). A bind function was also added that allows binding zones to
interfaces and sources (PR 29497).
• journald beacon module: The event string was updated to include a tag. Note this might impact existing
reactors based on this beacon. (PR 30116).
• postgres_privileges state module: The default value of the prepend argument was changed from None to
public.
• zenoss execution module: The add_device function was updated with a default value of 1000 for
prod_state to match the documentation (PR 28924).
• The etcd execution module, state module, returner module, and util module were refactor (PR 28599).
This refactor changes error returns for several functions (primarily edge cases):
• get: Used to return '' on key-not-found. Now returns None.
• set: Used to return '' on issues setting keys. Now returns None.
• ls: Used to return {path: {}} on key-not-found. Now returns None.
• Tree: Used to return {} on key-not-found. Now returns None.
• smartos_virt execution module: Updated to use most of the new smartos_vmadm (PR 28284).
• apache_conf state module, apache_module state module, and apache_site state module: the enable and
disable functions were renamed to enabled and disabled, respectively. In PR 33562, these functions
were readded and properly deprecated and will be removed in Salt 2017.7.0. This fix will be available
in 2016.3.1. As a workaround, try
apache_module.enable{{ 'd' if grains.saltversioninfo == [2016, 3, 0] else '' }}
New Features
Thorium - Provisional New Reactor
The 2016.3 release introduces the new Thorium Reactor. This reactor is an experimental new feature that
implements a flow programming interface using the salt state system as the engine. This means that the
Thorium reactor uses a classic state tree approach to create a reactor that can aggregate event data from
multiple sources and make aggregate decisions about executing reactions.
This feature is both experimental and provisional, it may be removed and APIs may be changed. This system
should be considered as ambitious as the Salt State System in that the scope of adding a programmable
logic engine of this scale into the event systems is non trivial.
See Thorium Complex Reactor.
Improved Mac OS Support
Improved Solaris Support
A lot of work was done to improve support for SmartOS. This work also resulted in improvements for
Solaris and illumos as SmartOS.
• rewrite of vmadm module (SmartOS)
• rewrite of imgadm module (SmartOS)
• deprecation of virt module in favor of vmadm (SmartOS)
• implemented smartos state (SmartOS)
• improved zpool module add SmartOS, illumos and Solaris support
• improved zfs module add SmartOS, illumos and Solaris support
• implemented zpool state
• implemented zfs state implemented solaris_system system module to provide better Solaris support (PR
30519)
• other minor fixes to grains, localmod, ...
Tornado Transport
IMPORTANT:
The Tornado Transport wire protocol was changed in 2016.3, making it incompatible with 2015.8 (PR
29339).
Windows DSC Integration (Experiemental)
Dimension Data Cloud Support
A SaltStack Cloud driver for Dimension Data Public Cloud, provides the driver functionality to service
automation for any of the Dimension Data Public Cloud locations:
• Deploy new virtual machines
• List and query virtual machine images
• Destroy and query virtual machines
Documentation of the Dimension Data SaltStack integration is found on developer.dimensiondata.com
Minion Blackout
During a blackout, minions will not execute any remote execution commands, except for
saltutil.refresh_pillar. Blackouts are enabled using a special pillar key, minion_blackout set to True.
See Minion Blackout.
Splunk Returner
A Splunk Returner that uses HTTP Event Collector is now available (PR 30718).
SQLCipher Pillar Module
Support was added for retrieving pillar data via queries to SQLCiper databases (PR 29782).
New Modules
The following list contains a link to the new modules added in this release.
Beacons
• beacons.adb
• beacons.glxinfo
• beacons.memusage
• beacons.network_settings
• beacons.proxy_example
• beacons.salt_proxy
Engines
• engines.docker_events
• engines.redis_sentinel
• engines.slack
• engines.sqs_events
• engines.thorium
Execution Modules
• modules.bcache
• modules.beacons
• modules.boto_cloudtrail
• modules.boto_datapipeline
• modules.boto_iot
• modules.boto_lambda
• modules.boto_s3_bucket
• modules.chronos
• modules.cytest
• modules.dockercompose
• modules.dsc
• modules.ethtool
• modules.github
• modules.infoblox
• modules.iwtools
• modules.jenkins
• modules.linux_ip
• modules.mac_assistive
• modules.mac_brew
• modules.mac_defaults
• modules.mac_desktop
• modules.mac_keychain
• modules.mac_pkgutil
• modules.mac_ports
• modules.mac_power
• modules.mac_service
• modules.mac_shadow
• modules.mac_softwareupdate
• modules.mac_sysctl
• modules.mac_system
• modules.mac_timezone
• modules.mac_xattr
• modules.marathon
• modules.minion
• modules.openvswitch
• modules.opkg
• modules.philips_hue
• modules.proxy
• modules.pushbullet
• modules.restartcheck
• modules.s6
• modules.salt_proxy
• modules.ssh_package
• modules.ssh_service
• modules.sysfs
• modules.vboxmanage
• modules.win_certutil
• modules.win_dism
• modules.win_dism
• modules.win_license
• modules.win_iis
• modules.win_task
• modules.zabbix
Pillar
• pillar.http_yaml
• pillar.stack
Proxy
• proxy.chronos
• proxy.junos
• proxy.marathon
• proxy.phillips_hue
• proxy.ssh_sample
Roster
• roster.range
States
• states.apache_conf
• states.apache_site
• states.boto_cloudtrail
• states.boto_datapipeline
• states.boto_iot
• states.boto_lamda
• states.boto_s3_bucket
• states.chocolatey
• states.chronos_job
• states.firewall
• states.github
• states.gpg
• states.grafana_dashboard
• states.grafana_datasource
• states.infoblox
• states.jenkins
• states.mac_assistive
• states.mac_defaults
• states.mac_keychain
• states.mac_xattr
• states.marathon_app
• states.openvswitch_bridge
• states.openvswitch_port
• states.postgres_cluster
• states.proxy
• states.salt_proxy
• states.virt
• states.win_certutil
• states.win_dism
• states.win_license
• states.zabbix_host
• states.zabbix_hostgroup
• states.zabbix_user
• states.zabbix_usergroup
Salt 2016.3.1 Release Notes
Version 2016.3.1 is a bugfix release for 2016.3.0.
Final Release of Debian 7 Packages
Regular security support for Debian 7 ended on April 25th 2016. As a result, 2016.3.1 and 2015.8.10 will
be the last Salt releases for which Debian 7 packages are created.
Changes for v2016.3.0..v2016.3.1
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-06-08T22:43:50Z
Total Merges: 87
Changes:
• PR #33866: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #33860: (cachedout) Allow socket closes when the socket is disconnected
• b183a36 Set master and cloud to log level warning (#33861)
• PR #33698: (opdude) Vsphere fixes
• PR #33771: (twangboy) Additional functionality to win_dism.py
• PR #33851: (ticosax) [dockerng] Add support for edge case when Cmd and Entrypoint can't be blanked
• PR #33821: (cachedout) Restore default log level to warning
• PR #33767: (amontalban) Fix #33604 implementation when 'geom disk list' does not output rotat…
• PR #33806: (cachedout) Work around upstream cherrypy bug
• PR #33776: (danslimmon) Fixed ACL user comparison. Resolves #33754.
• PR #33763: (abednarik) Insert --no-refresh before install in Zypper.
• PR #33764: (terminalmage) Merge instead of update pillar overrides
• PR #33772: (danslimmon) Fixed spelling of "through"
• PR #33651: (cachedout) Restore grains context to renderers
• PR #33757: (cachedout) Reminder not to return non-serializable data from states
• PR #33670: (rallytime) Handle non-ascii package names in state.format_log
• PR #33723: (rallytime) Back-port #33641 to 2016.3
• PR #33748: (ticosax) HostConfig has been introduced by docker api version 1.15
• PR #33745: (eliasp) Typo (privilages → privileges)
• PR #33562: (jfindlay) states.apache_*: readd and deprecate enable and disable
• PR #33659: (danslimmon) Added test mode to states.dockerng. Resolves #33632.
• PR #33696: (clburlison) Update mac native package for upcoming release
• PR #33710: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• e87c310 backport #33599 to 2016.3 (#33682)
• 377556a Undo __repr__() and __str__() parts of d5a7dcc (#33688)
• 778b290 Remove explicit PW column default from mysql_user (#33690)
• PR #33680: (rallytime) Back-port #32942 to 2016.3
• PR #33677: (twangboy) Pass kwargs to cmd.run
• PR #33648: (terminalmage) salt.modules.pkgng: Fix incorrect usage of _pkg()
• PR #33646: (jfindlay) Fix more tmp paths on MacOS
• PR #33656: (cachedout) Fix indentation error in minion.py
• PR #33637: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• b7230bd Back-port #33613 to 2016.3 (#33638)
• PR #33606: (danslimmon) Fixed ini.options_absent. Resolves #33590.
• PR #33604: (kev009) Fix #33578 disks grain
• 259529e Use correct state name in libvirt formula doc (#33631)
• PR #33603: (sjorge) allow esky packages to be build on base64 2015Q4
• PR #33576: (tomlaredo) Fix #33565 (typo causes invalid syntax)
• PR #33549: (thatch45) Fix for #33530
• PR #33538: (anlutro) Fix a KeyError if group is provided but not user in cmd states
• PR #33550: (jacobhammons) Fixes display of thorium docs
• PR #33509: (twangboy) Detect System Architecture for Mac Build
• PR #33522: (jfindlay) rework modules.mac_brew.latest_version to work around brew version inconsistency
• PR #33519: (jacobhammons) New doc site layout, 2016.3.0 release note known issue additions
• PR #33508: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #33505: (twangboy) Fix build script where pip didn't work
• PR #33076: (cachedout) Avoid second grains load on windows multiprocessing
Salt 2016.3.2 Release Notes
Version 2016.3.2 is a bugfix release for 2016.3.0.
Returner Changes
• Any returner which implements a save_load function is now required to accept a minions keyword
argument. All returners which ship with Salt have been modified to do so.
Changes for v2016.3.1..2016.3.2
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-07-27T15:47:45Z
Statistics:
• Total Merges: 198
Changes:
• PR #34946: (anlutro) Fix virtualenv behavior when requirements files are in subdirectories
• PR #34957: (sjmh) Don't fall through to checking auth entries
• PR #34971: (cachedout) Increase timeout for grains test
• PR #34951: (vutny) Fix #34873
• PR #34935: (rallytime) Avoid UnboundLocalError in beacons module
• PR #34956: (cachedout) Increase all run_script timeouts to 30s
• PR #34933: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34916: (cachedout) Master performance improvement
• PR #34911: (cachedout) Backport #34906
• PR #34906: (cachedout) Set timeout for run_salt in test suite
• PR #34898: (hrumph) Stop multiple refreshes during call to pkg.list_upgrades
• PR #34915: (abednarik) Update service_rh provider to exclude XenServer >= 7.
• PR #34926: (rallytime) Lint #34923
• PR #34923: (eliasp) Handle exception when no Slack API key was provided
• PR #34910: (cachedout) Fix grains error on proxy minions
• PR #34864: (jmacfar) Check for version in list of installed versions
• PR #34902: (rallytime) Back-port #34878 to 2016.3
• PR #34878: (abednarik) Add VirtuozzoLinux is yumpkg enable list.
• PR #34901: (rallytime) Add VirtuozzoLinux to the list of enabled distros for rpm.py
• PR #34900: (rallytime) Add VirtuozzoLinux to enabled platforms list in rh_service.py
• PR #34887: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34869: (terminalmage) Fail git.latest states with uncommitted changes when force_reset=False
• PR #34862: (thatch45) Fix salt-ssh cacheing issue
• PR #34859: (cachedout) Fix wheel test
• PR #34632: (eliasp) Try to create the log directory when not present yet
• PR #34854: (rallytime) Remove string_types import from state compiler
• PR #34865: (thatch45) This needs discussion, since this breaks SUSE
• PR #34858: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34847: (cachedout) Add an option to skip the verification of client_acl users
• PR #34833: (rallytime) Back-port #28521 to 2015.8
• PR #34828: (thatch45) Fix #34648
• PR #34827: (thatch45) fix beacon list to include all beacons being processed
• PR #34823: (rallytime) Back-port #25276 to 2015.8
• PR #34822: (thatch45) Fix salt-ssh state.high and state.low
• PR #28521: (gongled) SPM: packaging doesn't work in Python 2.6. Fixed.
• PR #25276: (jacobhammons) copy spm.1 man page during setup
• PR #34852: (rallytime) Skip GCE unit tests - causes test suite to hang
• PR #34844: (vutny) Fix getting total available memory without psutil installed
• PR #34837: (thatch45) Fix #34345
• PR #34838: (thatch45) Check if a valid value is passed to unlyif/unless
• PR #34840: (thatch45) update the state wrapper to include show_low_sls
• PR #34842: (sjorge) 2016.3 zpool cleanup and fixes
• PR #34770: (aphor) zpool state module needs support for disk vdev #34762
• PR #34825: (thatch45) keep this beacon from stack tracing at the loader
• PR #34824: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34818: (jtand) Skip mysql state test if mysqladmin is not available
• PR #34803: (junovitch) salt/state.py: set
`chunk['order'] = 0' with `order: first'; fixes `#24744`_
• PR #34642: (jtand) Check that mysqladmin exists before running mysql integration tests
• PR #34670: (isbm) Add "osmajorrelease" grain (2016.3)
• PR #34683: (cachedout) Fix publisher leak
• PR #34791: (sjorge) salt.state.zpool tweaks
• PR #34784: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34773: (randomed) Bugfix: Startup states on minions are not being written to mysql returner
• PR #34754: (cachedout) Disable test
• PR #34751: (cachedout) Remove unnedeed config test
• PR #34741: (rallytime) Back-port #34726 to 2015.8
• PR #34726: (martinhoefling) Always loop over updated keys in non recursive update
• PR #34606: (isbm) Bugfix: Exit on configuration read (backport)
• PR #34756: (jacobhammons) Rebuild man pages
• PR #34746: (rallytime) Update azure lib dep to match the one in cloud.clouds.msazure
• PR #34744: (jtand) Test valid docs fix
• PR #34740: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34721: (rallytime) Add output_file option to master config docs
• PR #34607: (isbm) Bugfix: Exit on configuration read (backport)
• PR #34739: (cachedout) Remove unnedeed config test
• PR #34607: (isbm) Bugfix: Exit on configuration read (backport)
• PR #34722: (rallytime) Various spelling fixes
• PR #34714: (sjmh) Fix ldap auth for function matches
• PR #34720: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34695: (isbm) Bugfix: Zypper pkg.list_products returns False on some empty values (2015.8)
• PR #34689: (Azidburn) fix second run problems with pkg.installed using sources
• PR #34682: (jfindlay) update 2015.8.11 release notes
• PR #34707: (rallytime) Add versionadded to "special" option in cron.present state
• PR #34696: (isbm) Bugfix: Zypper pkg.list_products returns False on some empty values (2016.3)
• PR #34702: (farcaller) Fixed dockerng.list_tags
• PR #34681: (rallytime) Back-port #34549 to 2016.3
• PR #34549: (Inveracity) fixes multiple values in mof configuration
• PR #34679: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34676: (cachedout) Revert "Modify lodaer global test to use populated dunders"
• PR #34651: (rallytime) Lint 34644
• PR #34647: (cachedout) Adjust the mine test a little bit to give it a better chance of success
• PR #34644: (cachedout) Cleanup loader errors
• PR #34642: (jtand) Check that mysqladmin exists before running mysql integration tests
• PR #34618: (jtand) Network state integration test test=True
• PR #34601: (lorengordon) Clarifies the proper way to reference states
• PR #34605: (gtmanfred) catch error if no dns domains exist
• PR #34557: (jacobweinstock) handle jboss cli expression type in the parsing of output
• PR #34652: (rallytime) Spelling fixes found in sqlite3 pillar docs
• PR #34565: (Ch3LL) add num_cpus grain to freebsd
• PR #34621: (jtand) Suse Leap doesn't have 'man'
• PR #34619: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34617: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #34593: (rallytime) Back-port #33851 to 2015.8
• PR #34592: (jtand) Update github IP for ssh state integration tests
• PR #34591: (jtand) Gate docker unit test to check for docker
• PR #34590: (oeuftete) [2015.8] dockerng: When sorting list actual_data, make it a list
• PR #34584: (rallytime) [2015.5] Avoid circular imports when calling salt.utils functions
• PR #34560: (terminalmage) Add a bunch of documentation on getting files from other environments
• PR #34545: (terminalmage) Handle cases where Docker Remote API returns an empty ExecutionDriver
• PR #34531: (terminalmage) Support ignore_epoch argument in version comparisons
• PR #33851: (ticosax) [dockerng] Add support for edge case when Cmd and Entrypoint can't be blanked
• PR #34585: (rallytime) [2016.3] Avoid salt.utils circular imports when using "from"
• PR #34616: (jacobhammons) Adds a mock required for the network settings beacon
• PR #34553: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34546: (rallytime) Rename unit.states.boto_secgroup to unit.states.boto_secgroup_test
• PR #34537: (rallytime) Rename tests.unit.simple to tests.unit.simple_test
• PR #34527: (rallytime) [2015.8] Update bootstrap script to latest stable
• PR #34521: (cachedout) Prevent many errors in the test suite in loader tests
• PR #34518: (terminalmage) Fix pkg.latest integration test for non-LTS ubuntu
• PR #34507: (AAbouZaid) Fix wrong order of retention_policy_exists.
• PR #34569: (eliasp) Minor doc fixes for PostgreSQL states
• PR #34524: (terminalmage) yumpkg: Avoid spurious logging in pkg.upgrade
• PR #34490: (cachedout) Fix master crash on ctl-c for long-running job
• PR #34520: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34513: (cachedout) Lower the log level for modules which cannot be loaded to trace
• PR #34505: (terminalmage) Improve top file merging documentation
• PR #34503: (rallytime) Rename some unit test files by adding _test
• PR #34498: (rallytime) Use -O in the wget example in the bootstrap tutorial for the develop branch
• PR #34492: (zer0def) Gracefully handle non-XML output in GlusterFS execution module.
• PR #34489: (jtand) Use skipTest for network state integration test
• PR #34488: (rallytime) Update dnsmasq.get_config docs to use correct config_file param.
• PR #34499: (gtmanfred) remove unnecessary block parsing ip addrs for nova
• PR #34468: (twangboy) Use Python 2.7.12 for Windows Build
• PR #34493: (twangboy) Use Python 2.7.12 for Mac Build
• PR #34486: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34467: (rallytime) Back-port #34457 to 2015.8
• PR #34462: (terminalmage) Use --always when available to git describe
• PR #34457: (ryan-lane) Only access key metadata if we found key metadata
• PR #34455: (cro) Forgot reference to inotify
• PR #34432: (twangboy) Fix file.append
• PR #34429: (terminalmage) Skip version checking for targeted packages in pkg.latest state
• PR #34459: (terminalmage) Ignore retcode when formatting highstate output
• PR #34463: (terminalmage) states/git: pass required cwd parameter to git.describe.
• PR #34466: (rallytime) Back-port #34436 to 2016.3
• PR #34436: (artxki) Fix #34395 Nonfunctional default_password in states.postgres_user.present
• PR #34453: (jtand) Arch linux does not have osrelease or osmajorrelease grains
• PR #34456: (thatch45) Be more careful when making the SMinion
• PR #34452: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34451: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #34435: (cachedout) Backport change to integraiton test suite
• PR #34426: (cro) Document that inotify is Linux only
• PR #34401: (terminalmage) Use rpmdev-vercmp as a fallback for version comparison on RHEL5
• PR #34366: (steverweber) Update service.py
• PR #34427: (twangboy) Automated signing fixes for Ubuntu 16.04, 14.04, 12.04 (for dmurphy)
• PR #34400: (cachedout) Fix uninitialized value
• PR #34404: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34392: (cro) Clarify that salt-cloud doesn't get installed by bootstrap
• PR #34377: (terminalmage) Optimize pkg integration tests and add a couple new tests
• PR #34373: (jtand) Network state integration test
• PR #34292: (twangboy) Fix runas function for System Account
• PR #34388: (rallytime) Back-port #34378 to 2016.3
• PR #34378: (adelcast) network_settings.py: fix documentation
• PR #34352: (cro) Esxi dvs
• PR #34386: (rallytime) Beacon network docs
• PR #34376: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34368: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #34344: (rallytime) Back-port #34324 to 2015.8
• PR #34342: (rallytime) Back-port #34316 to 2015.8
• PR #34324: (cachedout) Test custom grains matcher
• PR #34316: (edgan) Making salt-ssh pass proper return codes for jinja rendering errors
• PR #34252: (gtmanfred) return list of nodes for lxc driver when called directly
• PR #34365: (sjorge) fixes computenode_* grains on SmartOS compute nodes
• PR #34353: (cro) Remove proxy check and additional GetConnection--this makes the proxy…
• PR #34348: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34339: (terminalmage) Revert py3modernize lint changes
• PR #34335: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #34325: (terminalmage) Remove unnecessarily-disabled sanity check
• PR #34323: (jacobhammons) Doc clarifications to file modules, addition of new profile log lev…
• PR #34319: (rallytime) Back-port #34244 to 2015.8
• PR #34313: (rallytime) [2015.5] Update to latest bootstrap script v2016.06.27
• PR #34312: (rallytime) [2015.8] Update to latest bootstrap script v2016.06.27
• PR #34307: (rallytime) Fix test example in integration testing docs
• PR #34306: (ghedo) Fix iptables.flush state: Do not force 'filter' table when flushing
• PR #34244: (the-glu) Typo in dockerio doc
• PR #34343: (rallytime) Back-port #34256 to 2016.3
• PR #34256: (tmehlinger) detect running from master in State.event method
• PR #34338: (themalkolm) Add listen/listen_in support to stateconf.py
• PR #34283: (sjorge) 2016.3 mount vfstab support
• PR #34322: (Ch3LL) add osmajorrelease grain for raspbian
• PR #34337: (clinta) Change merge-if-exists logic to properly report changes
• PR #34300: (vutny) Make apache.configfile state handle the Options list correctly
• PR #34333: (rallytime) Back-port #33734 to 2016.3
• PR #34304: (rallytime) Back-port #33734 to 2016.3
• PR #33734: (glomium) modules/rabbitmq.py version checking had a logical error
• PR #34330: (clinta) fix #34329
• PR #34318: (rallytime) Back-port #32182 to 2016.3
• PR #32182: (dongweiming) Fix psutil.cpu_times unpack error
• PR #34311: (rallytime) [2016.3] Update to latest bootstrap script v2016.06.27
• PR #34284: (rallytime) Don't require 'domain' to be present before checking fqdn_ip* grains
• PR #34296: (sjorge) 2016.3 status module now works on Solaris like platforms
• PR #34281: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34274: (clinta) Don't escape source before calling managed
• PR #34258: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #34257: (rallytime) Use 'config_dir' setting instead of CONFIG_DIR in gpg renderer
• PR #34233: (thegoodduke) ipset: fix the comment containing blank
• PR #34232: (thegoodduke) ipset: fix commont containing blank
• PR #34225: (richardscollin) Fix win_system.set_system_date_time
• PR #34271: (opdude) Fixed symlinks on windows where the slashes don't match
• PR #34254: (sjorge) Fix for #14915
• PR #34259: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34136: (meaksh) Fixed behavior for SUSE OS grains in 2015.8
• PR #34134: (meaksh) Fixed behavior for SUSE OS grains in 2016.3
• PR #34093: (terminalmage) Catch CommandExecutionError in pkg states
• PR #33903: (meaksh) Fetching grains['os'] from /etc/os-release on SUSE systems if it is possible
• PR #34134: (meaksh) Fixed behavior for SUSE OS grains in 2016.3
• PR #33903: (meaksh) Fetching grains['os'] from /etc/os-release on SUSE systems if it is possible
• PR #34159: (christoe) Fixes to the win_task module
• PR #34223: (peterdemin) Fixed typo in filtering LDAP's potential_ous
• PR #34239: (vutny) file.find module: fix handling of broken symlinks
• PR #34229: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34218: (terminalmage) Fix a pair of gitfs bugs
• PR #34208: (lomeroe) fix regression from #33681 which causes pulling a list of s3 objects …
• PR #34206: (terminalmage) Change target for dockerng assuming default status to Nitrogen release
• PR #34188: (terminalmage) Clarify pkg.list_repo_pkgs docstring for held packages
• PR #34182: (rallytime) Handle child PIDs differently depending on the availability of psutils
• PR #33942: (cachedout) ZD 762
• PR #33681: (rallytime) Back-port #33599 to 2015.8
• PR #33599: (lomeroe) Fix s3 large file download
• PR #34214: (rallytime) Update saltutil.wheel docs to specify remote vs local minion behavior
• PR #34209: (lomeroe) fix regression in s3.query from #33682
• PR #33682: (lomeroe) backport #33599 to 2016.3
• PR #33599: (lomeroe) Fix s3 large file download
• PR #34222: (cachedout) Lint 34200
• PR #34200: (secumod) Fix parted module set CLI example
• PR #34197: (eliasp) Make module.ssh.recv_known_host() more resilient against hosts not returning a key
• PR #34201: (DarkKnightCZ) Suffix temp file with .sr1 and add mandatory argument when executing
PowerShell script
• PR #34198: (DarkKnightCZ) Don't use binary mode for cmdmod.exec_code
• PR #34198: (DarkKnightCZ) Don't use binary mode for cmdmod.exec_code
• PR #34172: (dmurphy18) Support for building with local packages on Debian and Ubuntu
• PR #34194: (vutny) Correct the docstrings formatting in pkgbuild modules and state
• PR #34056: (vutny) Make rpmbuild module work on non-RPM based GNU/Linux systems
• PR #34186: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34184: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #34179: (terminalmage) Raise the correct exception when gitfs lockfile is empty
• PR #34178: (terminalmage) Remove unnecesssary comment
• PR #34176: (rallytime) Back-port #34103 to 2015.8
• PR #34175: (rallytime) Back-port #34128 to 2015.8
• PR #34174: (rallytime) Back-port #34066 to 2015.8
• PR #34165: (mcalmer) fix salt --summary to count not responding minions correctly
• PR #34141: (jtand) Fixed boto_vpc_test failure
• PR #34128: (bebehei) doc: add missing dot
• PR #34103: (morganwillcock) Fix diskusage beacon
• PR #34077: (rallytime) Add some grains targeting tests
• PR #34066: (complexsplit) Typo fix
• PR #33474: (cachedout) Fix diskusage beacon
• PR #34173: (rallytime) Update docs to match log_level default
• PR #34095: (rallytime) Back-port #32396 to 2016.3
• PR #32396: (eradman) Unbreak cron.file
• PR #34108: (l2ol33rt) Make dockerng.absent state honor test=true
• PR #34133: (rallytime) Back-port #34057 to 2016.3
• PR #34057: (ajacoutot) _active_mounts_openbsd: unbreak output for special filesystems
• PR #34156: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34142: (isbm) Move log message from INFO to DEBUG.
• PR #34100: (terminalmage) Update documentation on "refresh" behavior in pkg states
• PR #34072: (jfindlay) modules.pkg int tests: skip refresh_db upon error
• PR #34110: (garethgreenaway) Fixes to git module & state module related to identity file
• PR #34138: (rallytime) Update package dep note to systemd-python for RHEL7 install
• PR #34166: (vutny) Fix YAML indentation in Apache state docstrings
• PR #34098: (terminalmage) Restore old refresh logic
• PR #34087: (bbinet) Encourage to report issues to upstream PillarStack project
• PR #34075: (jfindlay) modules.inspectlib.kiwiproc: import gate lxml
• PR #34056: (vutny) Make rpmbuild module work on non-RPM based GNU/Linux systems
• PR #34073: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34069: (rallytime) Add a test to check for disconnected minion messaging
• PR #34051: (tegbert) Fixed a bug in the consul.py module that was preventing services
• PR #34048: (terminalmage) RFC: proposed fix for multiple fileserver updates in masterless runs
• PR #34045: (jacobhammons) Updated latest release version
• PR #34030: (vutny) More YAML indentation fixes in state module examples
• PR #34020: (twangboy) Always make changes to minion config if set (2015.8)
• PR #34018: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #34011: (rallytime) Back-port #33948 and #34009 to 2015.8
• PR #34009: (rallytime) Back-port #33948 to 2016.3 + add log message
• PR #34005: (rallytime) Lint fix for #34000
• PR #34003: (vutny) states.file: fix indentation in YAML examples
• PR #34002: (lorengordon) Remove loader test for pam module
• PR #34000: (cachedout) Fix incorrectly written test
• PR #33990: (jacobhammons) Adds links to several current Salt-related projects
• PR #33985: (rallytime) Write some more simple batch command tests
• PR #33984: (jfindlay) Add docs and tests to disk state
• PR #33983: (twangboy) Clarify the account_exists parameter
• PR #33953: (whiteinge) Add loader.utils() example to calling minion_mods
• PR #33951: (jfindlay) modules.gem int tests: more fixes
• PR #33948: (cachedout) Save an entire minion cache traversal on each master pub
• PR #33904: (rallytime) Back-port #33806 to 2015.5
• PR #33880: (terminalmage) pkg.uptodate: Pass kwargs to pkg.list_upgrades
• PR #33806: (cachedout) Work around upstream cherrypy bug
• PR #33684: (jfindlay) add acl unit tests
• PR #34010: (terminalmage) Do not cache remote files if they are already cached
• PR #34009: (rallytime) Back-port #33948 to 2016.3 + add log message
• PR #33948: (cachedout) Save an entire minion cache traversal on each master pub
• PR #33941: (cachedout) Don't call os.getppid() on Windows
• PR #34067: (jacobhammons) Fixes doc refresh bug on chrome mobile.
• PR #34050: (rallytime) Back-port #34026 to 2016.3
• PR #34026: (bensherman) removed method that doesn't exist
• PR #33987: (isbm) inspectlib cleanup
• PR #34042: (sjorge) fix #34038
• PR #34025: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34044: (jacobhammons) Updated latest release to 2016.3.1
• PR #34014: (jnhmcknight) fix launch config creation params
• PR #34021: (twangboy) Always make changes to minion config if set (2016.3)
• PR #34031: (eliasp) states.postgres_privileges expects a real list, not a comma-separated string
• PR #33995: (jacobhammons) Understanding Jinja topic, Jinja doc issues.
• PR #33900: (amendlik) Document sudo policy for gitfs post-recieve hook
• PR #33980: (twangboy) Use full path to python.exe
• PR #33993: (s0undt3ch) Call sys.exit() instead of exit()
• PR #33976: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #33962: (jacobhammons) Adds a "Generated on <timestamp>" line to the html footer
• PR #33952: (rallytime) Add base argument to salt-ssh grains wrapper for filter_by func
• PR #33946: (rallytime) Back-port #33698 to 2015.8
• PR #33942: (cachedout) ZD 762
• PR #33698: (opdude) Vsphere fixes
• PR #33912: (abalashov) utils/schedule.py:handle_func() - Fix for accessing returner configur…
• PR #33945: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #33936: (rallytime) Add connecting_settings to boto_elb state attributes list
• PR #33917: (techhat) Wait for up to a minute for sync_after_install
• PR #33888: (jfindlay) random.org checks
• PR #33877: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #33833: (terminalmage) Support syncing pillar modules to masterless minions
• PR #33829: (terminalmage) Update versionchanged directive
• PR #33814: (terminalmage) Support extraction of XZ archives in archive.extracted state
• PR #33778: (sodium-chloride) Fix minor docstring issues
• PR #33765: (cachedout) Correct issue with ping on rotate with minion cache
• PR #33726: (jtand) glance.warn_until shouldn't be checked for a doc string
• PR #33611: (rolffokkens) 2015.5
• PR #33960: (mecarus) Fix mongo get_load to return full mongo record instead of non-existant 'load' key
• PR #33961: (jacobhammons) 2016.3.0 known issues update
• PR #33908: (ticosax) [boto_lambda] handle omitted Permissions parameter
• PR #33896: (DmitryKuzmenko) Don't deep copy context dict values.
• PR #33905: (rallytime) Back-port #33847 to 2016.3
• PR #33910: (cachedout) Ensure tht pillar have freshest grains
• PR #33870: (rallytime) Add note about Xenial packages to 2016.3.0 release notes
• PR #33847: (whiteinge) Add docs for arg/kwarg eauth matching
• PR #33076: (cachedout) Avoid second grains load on windows multiprocessing
• PR #29153: (DmitryKuzmenko) ACL limit args
Salt 2016.3.3 Release Notes
Version 2016.3.3 is a bugfix release for 2016.3.0.
Known Issues
issue 36055: Salt Cloud events (salt/cloud) are not generated on the master event bus when provisioning
cloud systems.
Bootstrap Issue #973: python-futures is not installed when installing from a git tag on RedHat-based
distributions. Python futures is needed when running Salt with the TCP transport. This is fixed on the
develop branch of the salt-bootstrap repo and the fix will be included in the upcoming release of
salt-bootstrap, but is a bug in the bootstrap release that ships with this version of Salt. Please see
the salt-bootstrap repo for more information on how to update your bootstrap version.
Changes for v2016.3.2..2016.3.3
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-08-19T16:17:34Z
Total Merges: 134
Changes:
• PR #35580: (twangboy) Fix mac_service attempts to parse non-plist files
• PR #35586: (hu-dabao) Fix 35420, add run_on_start in build_schedule_item
• PR #35583: (terminalmage) Fix localemod tests
• PR #35579: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35577: (terminalmage) Unit file changes for 2015.8.12, 2016.3.3
• PR #35571: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35566: (rallytime) Back-port #35545 to 2015.8
• PR #35546: (whiteinge) Salt api eauth fail gracefully
• PR #35545: (hu-dabao) fix-35384, fix cmd.run unless
• PR #35540: (rallytime) Whitespace fix for 2015.8
• PR #35525: (UtahDave) add missing glob import
• PR #35510: (terminalmage) Better systemd integration
• PR #35492: (terminalmage) Clarify config.get docstring
• PR #35483: (gtmanfred) use __utils__ in salt.cloud
• PR #35573: (rallytime) Back-port #33337 to 2016.3
• PR #33337: (mzupan) adding the () to make changes work
• PR #35572: (terminalmage) Fix poor formatting in pkg state docs
• PR #35545: (hu-dabao) fix-35384, fix cmd.run unless
• PR #35489: (rallytime) Back-port #35463 to 2016.3
• PR #35463: (skizunov) Make auth_timeout user configurable again
• PR #35538: (thatch45) Treat python XML as an optdep
• PR #35526: (thatch45) Always deploy the thin to /var/tmp
• PR #35522: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35513: (cachedout) Might be a good idea to be able to download the software we make
• PR #35512: (cachedout) Fixup 35419
• PR #35508: (terminalmage) Add Carbon to versionadded for git.diff
• PR #35497: (deepakhj) Fixes spacing in requirements files
• PR #35302: (Ch3LL) Add job cache test
• PR #35516: (rallytime) Back-port #34441 to 2016.3
• PR #34441: (markuskramerIgitt) Copy and delete silently, do not list each file
• PR #35517: (rallytime) Back-port #34502 to 2016.3
• PR #34502: (markuskramerIgitt) Windows installer build scripts will exit on error
• PR #35429: (tankywoo) Fix iptables target options with no arguments
• PR #35495: (rallytime) Use correct deprecated notation instead of a warning for apache_module.enable
state function.
• PR #35498: (rallytime) Add supported templates list to all template doc references in file state
• PR #35406: (rallytime) Provide links to the renderers in the template docs
• PR #35360: (rallytime) Add all template registery templates to file.managed docs
• PR #35487: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35486: (rallytime) Update bootstrap script to latest stable (2016.08.16)
• PR #35476: (cachedout) Fixup SSH bug where sudo without sudo user would break
• PR #35471: (terminalmage) win_pkg: Fix traceback when package is not installed
• PR #35460: (rallytime) [2015.8] Update bootstrap script to latest stable (2016.08.15)
• PR #35459: (thatch45) Ensure that output for salt-ssh gets back
• PR #35453: (theothergraham) fixes #34279 - disk cache ttl expiry
• PR #35451: (isbm) Bugfix: zypper mod repo unchanged
• PR #35448: (isbm) Add ignore_repo_failure option to suppress zypper's exit code 106 on …
• PR #35413: (cachedout) Resolve path issues with cp.push
• PR #35446: (cachedout) Make salt-client aware of edge-case where saltutil might be broken
• PR #35449: (dkruger) aptpkg will specify --install-recommends if enabled by the SLS
• PR #35467: (rallytime) Back-port #33518 to 2016.3
• PR #35235: (rallytime) Back-port #33518 to 2016.3
• PR #33518: (tonybaloney) Fix libcloud bug #33367
• PR #35461: (rallytime) [2016.3] Update bootstrap script to latest stable (2016.08.15)
• PR #35456: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35442: (cachedout) Fix cp.push_dir pushing empty dirs
• PR #35436: (cachedout) Minor doc fixup
• PR #35132: (sjorge) fixes , causing lots of mayham (onchange) with 2016.3.2 for me
• PR #35447: (ticosax) [dockerng] RepoTags can be also be None with docker 1.12
• PR #35308: (farcaller) Actually fixed dockerng.list_tags
• PR #34702: (farcaller) Fixed dockerng.list_tags
• PR #35427: (cachedout) Correct errant call to argspec from master. Fix ext_job_cache.
• PR #35428: (cachedout) Resolve stacktrace logged by highstate outputter if sls cannot be found
• PR #35412: (s0undt3ch) Only allow one sync read to happen at a time.
• PR #35406: (rallytime) Provide links to the renderers in the template docs
• PR #35360: (rallytime) Add all template registery templates to file.managed docs
• PR #35393: (deniszh) No need to run ddns update every time
• PR #35407: (hu-dabao) [Fix-35094] None will not be added to grains which generate [none]
• PR #35411: (eliasp) modules.event.send(): Prevent backtrace for masterless Minions
• PR #35395: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35394: (rallytime) Back-port #34573 to 2015.8
• PR #35359: (terminalmage) Clean up open filehandles
• PR #35357: (twangboy) Fix file.recurse with clean: True on Windows (2015.8)
• PR #35339: (isbm) Bugfix: Prevent continuous restart, if a dependency wasn't installed
• PR #34573: (cedwards) Update freebsd.rst
• PR #35373: (cachedout) Raise SaltRenderError on bad requisite
• PR #35352: (twangboy) Fix file.recurse with clean: True on Windows (2016.3)
• PR #35356: (jfindlay) document log levels and warn on all logging below info
• PR #35358: (twangboy) Update libsodium deps
• PR #35360: (rallytime) Add all template registery templates to file.managed docs
• PR #35362: (rallytime) Correct deprecation version tags
• PR #35361: (rallytime) Blockdev deprecations
• PR #25267: (jfindlay) Disk module improvements
• PR #24893: (The-Loeki) Contribution: Disk module improvements
• PR #35347: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35325: (kev009) Fix freebsd netstat route on fbsd 10+
• PR #35323: (thatch45) Fix issue with bad error check in salt-vt
• PR #35309: (terminalmage) file.recurse: Do not convert octal mode string to int
• PR #35301: (bobrik) Pass port to ssh.check_known_host, closes #35264
• PR #35334: (cachedout) Restore random_master functionality
• PR #35331: (hu-dabao) fix 35165, salt-run jobs.exit_success jid is broken
• PR #35318: (rallytime) Remove legacy compat docs in mysql pillar since the code was removed already
• PR #30913: (jtand) Deprecated code removed.
• PR #35329: (hu-dabao) sys.doc will skip all not connected minions
• PR #35306: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35290: (terminalmage) Resolve a couple bugs in orchestration output
• PR #35229: (lubyou) Ignore import error for pwd module in mac_shadow
• PR #35227: (isbm) Isbm osfinger ubuntu fix
• PR #35286: (hu-dabao) fix 34425, a bug that sys.doc cannot output format
• PR #35275: (rallytime) Back-port #35213 to 2016.3
• PR #35213: (gtmanfred) add identity v3 support to openstack driver
• PR #35278: (dmurphy18) Increase timeout for siging to 10 seconds when signing rpm packages
• PR #35276: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35271: (bobrik) Default state_output_profile to True everywhere, closes #35166
• PR #35249: (terminalmage) Fix regression in git.latest
• PR #35245: (rallytime) Back-port #35039 to 2015.8
• PR #35241: (terminalmage) Ensure max recursion in gitfs results in no blob object being returned.
• PR #35240: (derekmaciel) Backport #35225 to 2015.8
• PR #35236: (rallytime) Back-port #35119 to 2015.8
• PR #35233: (terminalmage) Do not attempt to get fqdn_ip{4,6} grains when ipv{4,6} grains are empty
• PR #35225: (derekmaciel) Add missing documentation for pkg.installed
• PR #35211: (cachedout) Alternative sudo users for salt-ssh
• PR #35202: (multani) doc: fix broken links in the test documentation page
• PR #35119: (derekmaciel) Assume two EVRs are equal if E and V are equal but one R is missing.
• PR #35039: (whiteinge) Add saltenv support to module.run
• PR #35274: (rallytime) Lint fixes for 2016.3 branch
• PR #35232: (theredcat) fix rabbitmq version detection using a package-agnostic version
• PR #35269: (meaksh) Checksum validation for zypper pkg.download in 2016.3 and develop
• PR #35197: (vutny) Make pkgbuild.repo state recognize createrepo command return code
• PR #35178: (cro) Add append_minionid_config_dirs option
• PR #35259: (cachedout) Fixup 35253
• PR #35253: (abednarik) Fix disk.wipe missing option.
• PR #35253: (abednarik) Fix disk.wipe missing option.
• PR #35206: (hu-dabao) Make the log level back to warning for unclassified exc
• PR #35196: (isbm) Deprecate status.uptime one version later
• PR #35207: (eliasp) Handle exceptions in _get_virtual() and in _get_virtual() consumers
• PR #35232: (theredcat) fix rabbitmq version detection using a package-agnostic version
• PR #35244: (rallytime) Back-port #31677 to 2016.3
• PR #31677: (miihael) Return correct value for services that must be enabled in Systemd
• PR #35182: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35174: (rallytime) Back-port #35146 to 2015.8
• PR #35173: (rallytime) Back-port #35135 to 2015.8
• PR #35146: (cachedout) Don't discard running beacons config when listing becaons
• PR #35145: (jacobhammons) doc version update to 2015.8.11, updates to release notes
• PR #35135: (rallytime) Add missing CLI Examples to aws_sqs module funcs
• PR #34827: (thatch45) fix beacon list to include all beacons being processed
• PR #35150: (rallytime) Start release notes for 2016.3.3
• PR #35157: (hu-dabao) master returned from func should be a string as designed so far
• PR #35147: (jacobhammons) doc version updated to 2016.3.2
• PR #35136: (s0undt3ch) Don't restart processes if the manager is not set to restart them
• PR #35133: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35114: (terminalmage) Add clarification docs on a common git_pillar misconfiguration
• PR #35043: (rallytime) Start release notes file for 2015.8.12
• PR #34768: (hrumph) Fixes #34767
• PR #35120: (kstreee) The '_handle_event_socket_recv' function in Salt Api is missing first data of
stream.
• PR #35131: (rallytime) Back-port #35011 to 2016.3
• PR #35011: (nishigori) Fix docstring for code-block of rst
• PR #35110: (hu-dabao) Do not return job status back to master for master_alive and master_failback
schedules
• PR #35104: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35066: (jfindlay) returners.postgres_local_cache: do not log in __virtual__
• PR #35050: (terminalmage) [orchestration] Properly handle runner/wheel funcs which accept a 'saltdev'
argument
• PR #35026: (cachedout) Expressly deny a minion if a key cannot be found
• PR #35024: (bobrik) Cache systemd unit update check per unit, closes #34927
• PR #35105: (rallytime) Update 2016.3.0 release notes with repo.saltstack.com Xenial pkg availability
• PR #33870: (rallytime) Add note about Xenial packages to 2016.3.0 release notes
• PR #35059: (vutny) Add fun_args field to events generated by execution of Master modules
• PR #34955: (lubyou) force dism to always output english text
• PR #35078: (jacobweinstock) added missing non-keyword argument skip_verify to __get_artifact func…
• PR #35008: (hu-dabao) Fix multimaster failover on more than two masters and failback behaviour
• PR #35055: (galet) #33536 pkgrepo.managed does not disable a yum repo with "disabled: True"
• PR #35039: (whiteinge) Add saltenv support to module.run
• PR #35046: (eliasp) Prevent backtrace in salt.states.network
• PR #35054: (lubyou) Only fail user lookup is the user parameter is required
• PR #35029: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35000: (rallytime) Back-port #33875 and #34999 to 2015.8
• PR #34994: (rallytime) Back-port #34835 to 2015.8
• PR #34835: (thatch45) Make the mine and publish combine minion and master opts in salt-ssh
• PR #33875: (jmesquita) Fix naive fileserver map diff algorithm
• PR #35021: (terminalmage) Don't add '.' to strerror when passed string ends in ? or !
• PR #34983: (eliasp) modules.slack.post_message: Allow sending messages to direct-message …
• PR #34996: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34991: (cachedout) SSH timeout
• PR #34976: (cachedout) Refine errors in client
• PR #34831: (thatch45) If the thin does not match, then redeploy, don't error
• PR #34987: (eliasp) salt.states.slack: check correct result attribute
• PR #34835: (thatch45) Make the mine and publish combine minion and master opts in salt-ssh
• PR #34988: (rallytime) Update release notes with new changes
• PR #34946: (anlutro) Fix virtualenv behavior when requirements files are in subdirectories
• PR #34957: (sjmh) Don't fall through to checking auth entries
• PR #34971: (cachedout) Increase timeout for grains test
• PR #34951: (vutny) Fix #34873
• PR #34935: (rallytime) Avoid UnboundLocalError in beacons module
• PR #34894: (rallytime) [develop] Merge forward from 2016.3 to develop
• PR #34956: (cachedout) Increase all run_script timeouts to 30s
• PR #34933: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34916: (cachedout) Master performance improvement
• PR #34911: (cachedout) Backport #34906
• PR #34906: (cachedout) Set timeout for run_salt in test suite
• PR #34898: (hrumph) Stop multiple refreshes during call to pkg.list_upgrades
• PR #34606: (isbm) Bugfix: Exit on configuration read (backport)
• PR #34915: (abednarik) Update service_rh provider to exclude XenServer >= 7.
• PR #34926: (rallytime) Lint #34923
• PR #34923: (eliasp) Handle exception when no Slack API key was provided
• PR #34910: (cachedout) Fix grains error on proxy minions
• PR #34864: (jmacfar) Check for version in list of installed versions
• PR #34902: (rallytime) Back-port #34878 to 2016.3
• PR #34878: (abednarik) Add VirtuozzoLinux is yumpkg enable list.
• PR #34901: (rallytime) Add VirtuozzoLinux to the list of enabled distros for rpm.py
• PR #34900: (rallytime) Add VirtuozzoLinux to enabled platforms list in rh_service.py
• PR #34887: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34869: (terminalmage) Fail git.latest states with uncommitted changes when force_reset=False
• PR #34862: (thatch45) Fix salt-ssh cacheing issue
• PR #34859: (cachedout) Fix wheel test
• PR #34632: (eliasp) Try to create the log directory when not present yet
• PR #34854: (rallytime) Remove string_types import from state compiler
• PR #34865: (thatch45) This needs discussion, since this breaks SUSE
• PR #34858: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #34847: (cachedout) Add an option to skip the verification of client_acl users
• PR #34833: (rallytime) Back-port #28521 to 2015.8
• PR #34828: (thatch45) Fix #34648
• PR #34827: (thatch45) fix beacon list to include all beacons being processed
• PR #34823: (rallytime) Back-port #25276 to 2015.8
• PR #34822: (thatch45) Fix salt-ssh state.high and state.low
• PR #28521: (gongled) SPM: packaging doesn't work in Python 2.6. Fixed.
• PR #25276: (jacobhammons) copy spm.1 man page during setup
• PR #34852: (rallytime) Skip GCE unit tests - causes test suite to hang
Salt 2016.3.4 Release Notes
Version 2016.3.4 is a bugfix release for 2016.3.0.
Known Issues
The Salt Minion does not clean up files in /tmp when rendering templates. This potentially results in
either running out of disk space or running out of inodes. Please see Issue #37541 for more information.
This bug was fixed with Pull Request #37540, which will be available in the 2016.3.5 release of Salt.
The release of the bootstrap-salt.sh script that is included with 2016.3.4 release has a bug in it that
fails to install salt correctly for git installs using tags in the 2015.5 branch. This bug has not been
fixed in the salt-bootstrap repository yet, but the previous bootstrap release (v2016.08.16) does not
contain this bug.
Changes
• The disk.wipe execution module function has been modified so that it correctly wipes a disk.
• Add ability to clone from a snapshot to the VMWare salt-cloud driver.
• Add ability to specify disk backing mode in the VMWare salt cloud profile.
Changes for v2016.3.3..v2016.3.4
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-10-27T16:10:53Z
Total Merges: 274
Changes:
• PR #37282: (thatch45) add cpub to raet event for compat
• PR #37278: (jfindlay) update 2016.3.4 release notes
• PR #37252: (vutny) Set logging level to 'info' for message about init system detection
• 47290d8 Update man pages for the 2016.3 branch (#37259)
• PR #37257: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #37254: (DmitryKuzmenko) Bugs/37191 minion hangs
• PR #37218: (darkalia) Issue #37187 Do not parse first /proc/1/cmdline binary if it's not
*
b…
• PR #37239: (Ch3LL) Fix cloud tests timeout
• PR #37244: (rallytime) Update bootstrap release to 2016.10.25
• PR #37245: (rallytime) Back-port #36334 to 2016.3
• PR #37233: (rallytime) Back-port #37154 to 2016.3
• PR #37232: (rallytime) Back-port #37153 to 2016.3
• PR #37228: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #37213: (cachedout) More salttesting fixes
• PR #37207: (cachedout) Correct documentation for mine_functions
• PR #37208: (cachedout) Give multimion a process manager and its own destroy method
• PR #37206: (cachedout) Address transport test hang
• PR #37179: (isbm) Fix Salt-API ssh crash (2016.3)
• PR #37183: (gtmanfred) load tags should reference the actual load tags
• PR #37188: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• d7e28d2 Pylint fix for 2016.3 (#37186)
• PR #37175: (cachedout) Fix test hang
• PR #37144: (DmitryKuzmenko) Bugs/36866 salt minion communication broken 2016.3
• PR #37158: (jfindlay) add mock for status.uptime unit test
• PR #37161: (rallytime) Back-port #37098 to 2016.3
• PR #37159: (rallytime) Back-port #37107 to 2016.3
• PR #37163: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• 2bc5ded Allow the minion test daemons a couple of tries to connect to the master (#37150)
• ec7ad9e Add note about salt-bootstrap known issue for 2016.3.4 (#37152)
• PR #37135: (AaronM-Cloudtek) Fix example signing policy in salt.states.x509 docs
• PR #37140: (vutny) pkgbuild.repo: fix GPG signing with use_passphrase=False
• PR #37071: (vutny) pkgbuild.repo: add timeout parameter for waiting passphrase prompt
• PR #37115: (DmitryKuzmenko) Backport/36720 fix race condition
• PR #37119: (jfindlay) log.setup: only assign user if defined
• f22c686 fix digital ocean image name in profile (#37126)
• 4263849 add 2016.3.4 release notes (#37125)
• PR #37120: (rallytime) Back-port #36246 to 2016.3
• PR #37103: (cachedout) Remove unnecessary sleep from unit.utils.process_test.TestProcessMana…
• PR #36823: (terminalmage) Update debian systemd unit files to use default KillMode, Type=notify
• PR #37030: (isbm) Fix status.uptime for Solaris 9, 10 and 11.
• PR #37101: (rallytime) [2016.3] Merge forward from 2016.3 to carbon
• PR #36958: (twangboy) Fix bug where cmd.powershell fails to return
• PR #37086: (cachedout) Make salt-call a first-class citizen for multi-master
• PR #36898: (clinta) X509 fixes
• PR #37025: (cro) Make salt.utils.minion._check_cmdline work on OSes without /proc.
• PR #37050: (twangboy) Fix service state for Windows (DO NOT MERGE FORWARD)
• PR #37076: (jfindlay) Document proxy settings
• PR #37081: (terminalmage) Fix archive.extracted remote source_hash verification
• PR #37064: (cachedout) Unify job check in scheduler
• PR #37072: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #37049: (terminalmage) Further clarification on new grains docs from #37028
• PR #37057: (rallytime) [2016.3] Update salt.utils.cloud references to __utils__ for cache funcs
• PR #36977: (twangboy) Remove whitespace from string commands
• PR #37048: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #37028: (damon-atkins) Update topics/grains doco, about considerations before adding a Grain
• PR #37012: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• 519e1dc opkg: Support ignore_epoch argument in version comparisons (#37007)
• PR #36808: (gtmanfred) allow for closing stuff in beacons
• a02868b Make helper funcs private (#36993)
• PR #36986: (jfindlay) modules.archive.unzip: zipfile is stdlib
• PR #36981: (rallytime) Skip pkg.upgrades test on distros other that Suse in 2016.3
• PR #36755: (terminalmage) systemd.py: check retcode for service availability in systemd >= 231
• PR #36750: (terminalmage) Add the CLI client and pub_data as class attributes
• PR #36241: (hrumph) Fixes #36240
• PR #36950: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #36948: (rallytime) Back-port #36943 to 2016.3
• PR #36946: (rallytime) Back-port #36892 to 2016.3
• PR #36945: (rallytime) Back-port #35199 to 2016.3
• 7565ed6 Fix versionadded (#36949)
• 4d8fb03 return opennebula errors to user (#36930)
• PR #36929: (rallytime) [yumpkg] Skip test_pkg_upgrade_has_pending_upgrades if there are no upgrades
• 288f437 [2016.3] Remove "Targeting with Executions" section from docs (#36926)
• PR #36915: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• 0ebf7a4 modules: debian_ip: override params early to fix diff (#36820)
• a23ce84 states.schedule: splay is not ordereddict (#36894)
• PR #36885: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• 1c0ba80 salt-ssh: Try "command -v" before falling back to "which" (#36889)
• 85eea4d fileclient: Change queryarg comparison from None to simple boolean check (#36830)
• PR #36853: (rallytime) Back-port #33939 to 2016.3
• PR #36852: (rallytime) Back-port #36743 to 2016.3
• PR #36844: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #36835: (jfindlay) unify and expand beacon documentation
• PR #36789: (maximeguillet) Fix behavior of psql -c option with postgresql 9.6
• PR #36797: (cachedout) Error on reaction with missing SLS file
• PR #36803: (gtmanfred) do not load libvirt pillar if certtool is unavailable
• PR #36815: (BenoitKnecht) Fix glance.image_present state
• PR #36754: (terminalmage) Base rpmdev-vercmp comparison result on retcode
• PR #36785: (cachedout) Fixup merge forward #36728
• PR #36768: (gtmanfred) add __utils__ to vultr cloud provider
• PR #36764: (cachedout) Another bit of detection for failed pip tests
• PR #36747: (jfindlay) modules.archive integration tests: check for gzip, rar
• PR #36744: (cachedout) Fix issue where test suite could hang on shutdown
• PR #36696: (cro) pass __proxy__ in state.sls_id
• PR #36716: (vutny) salt.modules.ini_manage: fix creating options in empty file
• PR #36724: (rallytime) Back-port #36628 to 2016.3
• PR #36725: (rallytime) Back-port #36643 to 2016.3
• PR #36726: (rallytime) Back-port #36722 to 2016.3
• 48d2b01 fix python26 archive zip module (#36719)
• PR #36699: (cachedout) Fix error in test
• PR #36670: (jackywu) fix bug for including loopback addr
• PR #36694: (lorengordon) Exposes ignore_if_missing to file.replace state module
• PR #36686: (jfindlay) log levels doc: try long form table
• PR #36690: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #36680: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #36659: (terminalmage) Support dynamic env in new-style git_pillar
• PR #36538: (clinta) daemon-reload on call to service.avaliable
• PR #36616: (cro) Zypper fix test
• PR #36621: (terminalmage) Fix shadowed builtins
• PR #36636: (rallytime) Back-port #36618 to 2016.3
• PR #36648: (jfindlay) Integration tests for archive execution module
• PR #36650: (rallytime) Revert "Pr 36386"
• PR #36646: (rallytime) Provide an error message when invalid transport is set
• PR #36635: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #36620: (rallytime) Don't allow mercurial states to return True with errors
• PR #36622: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #36520: (twangboy) Fix cmd.script runas for Windows
• PR #36564: (DmitryKuzmenko) Improve and fix _check_cache_minions
• PR #36606: (danlsgiga) Add support for ACL Tokens in consul_pillar with the option consul.token
• PR #36613: (slinn0) Remove file.check_managed_changes when not needed (backport of PR #36589 to
2016.3)
• PR #36609: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #36595: (cachedout) Remove tests which no longer apply
• PR #36594: (cachedout) Update boostrap docs to recent versions of Ubuntu
• PR #36585: (twangboy) Add pyOpenSSL to req file for Windows
• f205d5f Fix salt.utils.rm_rf to delete files too (#36572)
• PR #36495: (cro) Fix pkg.upgrade for zypper
• PR #36539: (jfindlay) Prefer archive.cmd_unzip
• PR #36546: (rallytime) Mercurial Module: Pass the identity_path portion as own arg
• PR #36555: (DmitryKuzmenko) Bugs/35480 master shutdown
• PR #36542: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• 5548ed7 Back-port #36435 to 2016.3 (#36532)
• fe377b3 Be explicit about the salt.utils.templates import (#36535)
• fcc50c9 Wrap the entire GrainsAppendTestCase class with destructiveTest (#36537)
• PR #36529: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #36483: (dmurphy18) Isolate sun IPv6 fix to Sun OS only
• PR #36280: (alertedsnake) Feature/2016.3 better postgresql grants
• PR #36508: (twangboy) Fix chocolatey
• PR #36519: (terminalmage) Rewrite minionfs walkthrough
• PR #36505: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #36496: (cachedout) Add repr to namespacedict
• PR #36474: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #36478: (rallytime) Add the "bash" option to the "code-block"directive.
• PR #36484: (terminalmage) Fix for temp files being left over by salt-cloud execution
• PR #36486: (terminalmage) Improve the rebase docs in contributing guidelines
• PR #36455: (twangboy) Update docs for Windows
• PR #36459: (cachedout) Pr 36426
• PR #36442: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #36310: (thatch45) Fix bug where the client will destroy the loop
• PR #36394: (oba11) fix accound_id in boto_iam and get_region in boto_sns
• PR #36424: (jfindlay) skip some mac_timezone tests
• PR #36428: (terminalmage) A couple fixes for Antergos Linux
• PR #36425: (whiteinge) Check for dictionary explicitly since we're accessing it as one
• PR #36199: (thatch45) skip all failhards if test=True
• PR #36418: (rallytime) Back-port #36246 to 2016.3
• PR #36419: (rallytime) Back-port #36329 to 2016.3
• PR #36420: (rallytime) Back-port #36365 to 2016.3
• PR #36413: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #36305: (gtmanfred) cache query args with url as well
• PR #36389: (cachedout) Pr 36386
• 5737b1c Update versionadded and release notes (#36352)
• PR #36369: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• fbbe9ec Quote postgres privilege target names (#36249)
• 9451141 set __virtualname__ to 'service' (#36330)
• fee3be4 Use infoblox_* values if present in arguments (#36339)
• 19eb848 remove help message from glance module (#36345)
• a4bbd5e Add resize2fs unit test from blockdev_test to disk_test (#36346)
• PR #36350: (terminalmage) Add note about yumpkg.check_db removal in Boron
• PR #36344: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• 3a37fe5 merge error overwrites correct ssh_host with stale data in ip_address (#36312)
• PR #36299: (rallytime) Gate the pkg.group_installed state test: not all pkg modules have group_install
• b3aac0e Back-port #36273 to 2016.3 (#36295)
• 7296179 Back-port #36124 to 2016.3 (#36296)
• PR #36297: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• 7684ebd Filter out pub kwargs from cloud runner (#36178)
• PR #36238: (pass-by-value) Add ability to clone from a snapshot to salt-cloud vmware driver
• a0bbb0f Integration tests fixes for 2016.3 (#36263)
• PR #36264: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35688: (cachedout) Splat serializer default configs into the serializer kwargs
• PR #36025: (mirceaulinic) Potential fix for #36021
• 449c298 Fix timezones states on OS X (#36183)
• PR #36235: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #36137: (cachedout) Allow highstate outputter to show all results
• 1b12940 Docs clarification for module sync and state.apply (#36217)
• PR #36184: (DmitryKuzmenko) Disable signal handling while handling signal
• PR #36203: (xiaoanyunfei) fix owner of MultiprocessingLoggingQueue
• b586ed7 if the backend stack traces when it should return an empty string (#36193)
• PR #36188: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35907: (rallytime) Catch CommandExecutionError when the group in group_installed doesn't exist
• PR #36068: (rallytime) Remove grains type deprecation warning from 2016.3
• PR #36152: (cachedout) Remove unnecessary unpack
• PR #36158: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• 3445a33 Remove unclosed backticks in walkthrough doc (#36170)
• PR #36161: (jacobhammons) Adds #36055 to release notes
• PR #36139: (meaksh) Fixing unit tests for 2016.3
• PR #36143: (multani) doc: fix doc formatting for salt.states.mount
• PR #36070: (rallytime) Use __utils__ instead of salt.utils.cloud in opennebula driver
• PR #36089: (terminalmage) Support running git states / remote exec funcs as a different user in Windows
• PR #35923: (kstreee) Fixes a bug that Ctrl-c not working on Salt CLI.
• PR #36078: (thatch45) Failhard test=True fix
• PR #34529: (Ch3LL) Add skip_verify for archive.extracted
• PR #36073: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• a86e36c Add docs for new kwargs added to the wheel key module (#36040)
• 2934fc1 Doc cherrypy deemphasize urlencoded (#36047)
• PR #36039: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• 1d90c42 Back-port #35824 to 2016.3 (#36038)
• 65b6734 catch unicode encoding errors in json outputter (#36033)
• 822481e modules.service: Do not default to OpenRC on Gentoo, also allow systemd (#36010)
• b68d293 fix redis_return's clean_old_jobs. (#36014)
• 95591c2 Add documentation about salt_interface to EC2 docs (#36015)
• PR #36019: (meaksh) Back-port #36000 to 2016.3
• b9fc51a Fix error when profiling is turned on and minions don't return (#36028)
• 20a361d Add include_* kwargs to the
*
_dict key functions (#36030)
• PR #36024: (DmitryKuzmenko) Don't subscribe to events if not sure it would read them.
• PR #36023: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #36004: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35952: (twangboy) Load UserProfile when using RunAs (2016.3)
• PR #35959: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35955: (jacobhammons) Version docs to 2016.3.3
• 9910b9c Fix incremental doc builds - OS X, postgres returner, tcp transport doc updates (#35865)
• 24f9d33 Speed up FreeBSD pkg install process for pkg.latest since pkg command by default tries to
update repository DB on each search: (#35904)
• b87e4f1 Salt Cloud: add centos default user for official CentOS AMIs (#35931)
• 580e0d4 Mention that docker image names must be given with repository (#35926)
• PR #35868: (rallytime) Add more helpful return messages for drac runner
• PR #35903: (rallytime) [2016.3] Merge forward from 2015.8 into 2016.3
• PR #35855: (vutny) [REGRESSION] salt-cloud: fix path to Salt Master socket dir
• PR #35881: (whiteinge) Add fail-safe in case Salt gives us data we can't serialize
• 9679266 Add engines to list of extension module options in master config docs (#35864)
• 40bcb7d Fix IAM roles statement to be boto version specific in sqs_events (#35861)
• ee45a88 Fix doc formatting for sqs_events engine example config (#35860)
• PR #35859: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35849: (theredcat) Fix potential infinite loop with no error when using recursive makedirs
• PR #35682: (vutny) [BACKPORT] Fix empty fun_agrs field in Reactor generated events
• PR #35792: (DmitryKuzmenko) Reconnect syndic to event bus if master disappeared.
• PR #35817: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• b89f455 fix 34241, webutil.useradd_all is deprecated (#35788)
• 2be5daf Bump the deprecation warning in pkgrepo state to Nitrogen (#35810)
• 083d836 Fix misuse of HTTP credentials in modjk execution module (#35796)
• 0247867 Adds mock for tornado.locks (#35807)
• e4dfc21 Trivial documentation spelling fix (#35800)
• PR #35763: (isbm) Sphinx crash: documentation config fix
• cd90052 Documentation spelling fixes (#35773)
• PR #35767: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35753: (rallytime) Fixup the unit.client_test.LocalClientTestCase.test_cmd_subset from #35720
• dab8428 Add versionadded for enabled function in apache_module state (#35732)
• PR #35737: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35729: (cachedout) Remove docs mocks for msgpack and psutils
• PR #35628: (jf) Fix user.present state reporting for groups when remove_groups=false
• PR #35696: (xiaoanyunfei) fix maximum recursion depth bug
• PR #35720: (hu-dabao) fix 20575, make subset really return random subset
• PR #35700: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• PR #35634: (hu-dabao) fix 34922, StopIteration should not throw exception out
• PR #35679: (twangboy) Revert to vcredist 12 (2013)
• PR #35662: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
• 64974c8 Backport #35627 to 2016.3 (#35661)
• PR #35615: (hu-dabao) fix 35591, verify the acl file exist before proceed
• PR #35485: (cro) Cassandra returner bugfixes and documentation.
• PR #35520: (morganwillcock) Check for all success return codes in win_dism state
• PR #35616: (xbglowx) Remove duplicate auth_tries in minion docs
• PR #35552: (DmitryKuzmenko) Syndic fix: don't strip 'retcode' and 'success' from events.
• PR #35559: (Jlin317) Fix highstate outputter when it's given multiple results
• PR #35605: (rallytime) Back-port #32739 to 2016.3
• PR #35606: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3
Salt 2016.3.5 Release Notes
Version 2016.3.5 is a bugfix release for 2016.3.0.
Security Fixes
CVE-2017-5192: local_batch client external authentication not respected
The LocalClient.cmd_batch() method client does not accept external_auth credentials and so access to it
from salt-api has been removed for now. This vulnerability allows code execution for
already-authenticated users and is only in effect when running salt-api as the root user.
CVE-2017-5200: Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client
Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems
were enabled.
We recommend everyone on the 2016.3 branch upgrade to a patched release as soon as possible.
Improved Checksum Handling in file.managed, archive.extracted States
When the source_hash argument for these states refers to a file containing checksums, Salt now looks for
checksums matching the name of the source URI, as well as the file being managed. Prior releases only
looked for checksums matching the filename being managed. Additionally, a new argument (source_hash_name)
has been added, which allows the user to disambiguate ambiguous matches when more than one matching
checksum is found in the source_hash file.
A more detailed explanation of this functionality can be found in the file.managed documentation, in the
section for the new source_hash_name argument.
Changes for v2016.3.4..v2016.3.5
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2017-01-19T22:38:51Z
Statistics:
• Total Merges: 189
• Total Issue references: 119
• Total PR references: 288
Changes:
• PR #38812: (rallytime) Update pyobjects test to be a list @ 2017-01-18T21:06:01Z
• d14f0c6 Merge pull request #38812 from rallytime/pyobjects-test
• f3e84c1 Update pyobjects test to be a list
• PR #38813: (gtmanfred) catch SIGPIPE in vmware connection @ 2017-01-18T21:05:42Z
• ISSUE #36598: (ikkaro) CloudClient vmware driver reusing SI bug | refs: #38813
• 50f03f8 Merge pull request #38813 from gtmanfred/2016.3
• ce3472c catch SIGPIPE in vmware connection
• PR #38809: (twangboy) Fix get_hostname to handle longer computer names @ 2017-01-18T19:32:00Z
• 23b8b47 Merge pull request #38809 from twangboy/fix_hostname_2016.3
• d57a51f Fix tests for get_hostname
• 7ca3fd7 Fix get_hostname to handle longer computer names
• PR #38808: (vutny) Fix #38388 @ 2017-01-18T18:19:36Z
• ISSUE #38388: (johje349) No INFO logs in minion log file | refs: #38808
• 1033bbd Merge pull request #38808 from vutny/fix-38388
• 9bd203f Fix #38388
• PR #38668: (terminalmage) Fix proposal for #38604 @ 2017-01-18T17:53:09Z
• ISSUE #10: (thatch45) list jobs option
• f3ae3cd Merge pull request #38668 from terminalmage/issue38604
• 0ea97cd Merge pull request #10 from cachedout/pr-38668
• db81afc Munge retcode into return data for batching
• a642a99 Return the ret data from batch execution instead of raw data
• PR #38789: (rallytime) Update some saltenv refs to environment in salt.modules.state docs @
2017-01-18T15:39:22Z
• ISSUE #38622: (mikejford) Incorrect saltenv argument documentation in salt.modules.state | refs:
#38789
• c6a19a9 Merge pull request #38789 from rallytime/fix-38622
• af41fe0 Update some saltenv refs to environment in salt.modules.state docs
• PR #38790: (cachedout) Fix typo in pyobjects test @ 2017-01-18T15:38:57Z
• e0bf700 Merge pull request #38790 from cachedout/fix_pyobjects_test_typo
• a66afb5 Fix typo in pyobjects test
• PR #38792: (rallytime) Update pillar tutorial lanuage regarding pillar_opts settings @
2017-01-18T15:38:19Z
• ISSUE #38629: (Arabus) Conflicting documentation about default value of pillar_opts | refs: #38792
• 6e9785e Merge pull request #38792 from rallytime/fix-38629
• 1e125e2 Update pillar tutorial lanuage regarding pillar_opts settings
• PR #38796: (cachedout) Revert "Fixed prepending of root_dir override to the other paths" @
2017-01-17T23:18:18Z
• PR #38707: (alexbleotu) Fixed prepending of root_dir override to the other paths | refs: #38796
• 3417adc Merge pull request #38796 from saltstack/revert-38707-root_dir_fix-gh
• cb080f3 Revert "Fixed prepending of root_dir override to the other paths"
• PR #38585: (rallytime) Follow up to PR #38527 @ 2017-01-17T18:40:01Z
• ISSUE #38524: (rbjorklin) salt-api seems to ignore rest_timeout since 2016.11.0 | refs: #38585 #38527
• ISSUE #38479: (tyeapple) api_logfile setting takes no effect | refs: #38585
• PR #38570: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 | refs: #38585
• PR #38560: (Ch3LL) fix api logfile | refs: #38585
• PR #38527: (rbjorklin) salt-api no longer forces the default timeout | refs: #38585 #38585 #38585
• bab3479 Merge pull request #38585 from rallytime/follow-up-38527
• 0558720 Pylint fix: add line at end of file
• fa01367 Keep a copy of the DEFAULT_API_OPTS and restore them after the test run
• 2ad0763 Test clean up
• fd2ee7d Add some simple unit tests for salt.config.api_config function
• 3d2fefc Make sure the pidfile and log_file values are overridden by api opts
• 1f6b540 Make sure the pidfile and log_file values are overridden by api opts
• 04d307f salt-api no longer forces the default timeout
• PR #38707: (alexbleotu) Fixed prepending of root_dir override to the other paths | refs: #38796 @
2017-01-17T15:40:13Z
• 0fb6bb7 Merge pull request #38707 from alexbleotu/root_dir_fix-gh
• 0bac8c8 Fixed prepending of root_dir override to the other paths
• PR #38774: (vutny) DOCS: add C++ compiler installation on RHEL required for bundled 0mq @
2017-01-17T15:21:00Z
• 96c9dc1 Merge pull request #38774 from vutny/dev-test-docs
• 4620dc4 DOCS: add C++ compiler installation on RHEL required for bundled 0mq
• PR #38749: (vutny) pkg build modules throw better exception message if keyid wasn't found @
2017-01-17T02:13:08Z
• aedfbb7 Merge pull request #38749 from vutny/pkg-build-better-exception-msg
• 53f2be5 pkg build modules throw better exception message if keyid wasn't found
• PR #38743: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3 @ 2017-01-17T01:46:01Z
• ISSUE #20: (thatch45) Sort sys.doc output
• ISSUE #19: (thatch45) Sending a faulty command kills all the minions!
• PR #38731: (rallytime) Various follow up fixes
• PR #38602: (terminalmage) Fix failing
unit.states.boto_vpc_test.BotoVpcRouteTableTestCase.test_present_with_routes
• 8466b34 Merge pull request #38743 from rallytime/merge-2016.3
• d24776f Merge branch '2015.8' into '2016.3'
• 6869621 Merge pull request #38731 from rallytime/merge-2015.8
• 9eb191b Pylint fix
• b910499 Various follow up fixes
• e8309a6 Add release notes for 2015.8.13
• f881f36 Merge pull request #20 from rallytime/2015.8.12_follow_up-batch-tests
• 3428232 Clean up tests and docs for batch execution
• c80b20b Merge pull request #19 from whiteinge/batchclient
• 3d8f3d1 Remove batch execution from NetapiClient and Saltnado
• 97b0f64 Lintfix
• d151666 Add explanation comment
• 62f2c87 Add docstring
• 9b0a786 Explain what it is about and how to configure that
• 5ea3579 Pick up a specified roster file from the configured locations
• 3a8614c Disable custom rosters in API
• c0e5a11 Add roster disable flag
• e9c59e9 Merge pull request #38602 from terminalmage/fix-boto-test
• 3424a10 Fix failing unit.states.boto_vpc_test.BotoVpcRouteTableTestCase.test_present_with_routes
• PR #38723: (rallytime) Remove "event_publisher_pub_hwm" and "salt_event_pub_hwm" from
config/__init__.py @ 2017-01-15T18:36:14Z
• ISSUE #38674: (jackywu) There is no code to use parameter 'event_publisher_pub_hwm' in
saltstack-2016.3 | refs: #38723
• PR #29294: (skizunov) ZeroMQ no longer required when transport is TCP | refs: #38723 #38723
• a642cde Merge pull request #38723 from rallytime/fix-38674
• 706c885 Remove "event_publisher_pub_hwm" and "salt_event_pub_hwm" from config/__init__.py
• PR #38669: (rallytime) Update bootstrap script verstion to latest release @ 2017-01-15T18:03:27Z
• fc545af Merge pull request #38669 from rallytime/update-bootstrap-script
• 78ba76e Update bootstrap script verstion to latest release
• PR #38693: (twangboy) Update jinja2 to 2.9.4 @ 2017-01-15T14:40:46Z
• 50d417f Merge pull request #38693 from twangboy/update_jinja
• e0c7e55 Update jinja2 to 2.9.4
• PR #38739: (vutny) DOCS: correct examples of running test suite @ 2017-01-15T14:35:47Z
• f4233bb Merge pull request #38739 from vutny/fix-runtests-doc
• b872bb6 DOCS: correct examples of running test suite
• 51d4707 DOCS: add links to File State Backups page where necessary (#38735)
• PR #38735: (vutny) DOCS: add links to File State Backups page where necessary
• 6d3717b Proofread jinja_to_execution_module tutorial (#38720)
• PR #38720: (dereckson) Proofread jinja_to_execution_module tutorial
• PR #38647: (gtmanfred) Allow novaclient to use keystoneauth1 sessions for authentication @
2017-01-10T17:48:26Z
• ISSUE #36548: (abonillasuse) openstack auth with nova driver | refs: #38647
• 7b850d4 Merge pull request #38647 from gtmanfred/nova
• 5be9b60 add documentation about using keystoneauth for v3
• 7b657ca add the ability to use keystone v2 and v3
• 5646ae1 add ability to use keystoneauth to authenitcate in nova driver
• PR #38650: (rallytime) Remove the installation instructions for out-of-date community ppa @
2017-01-10T17:47:45Z
• ISSUE #38648: (ericuldall) No release file error from PPA on Ubuntu | refs: #38650
• ISSUE #38572: (COLABORATI) ppa:saltstack/salt failure | refs: #38650
• ISSUE #34504: (AvinashDeluxeVR) Installation documentation for Ubuntu server and Windows minion leads
the user to use different salt versions. | refs: #38650
• 383768d Merge pull request #38650 from rallytime/remove-ubuntu-ppa-docs
• 30429b2 Remove the installation instructions for out-of-date community ppa
• PR #38657: (DmitryKuzmenko) Publish the 'data' field content for Syndic evets @ 2017-01-10T16:59:33Z
• ISSUE #38087: (UtahDave) The 'data' field in the return from a minion below a syndic is wrapped in an
extra 'data' field. | refs: #38657
• 7d9f56e Merge pull request #38657 from DSRCorporation/bugs/38087_syndic_event_format_fix
• 594c33f Publish the 'data' field content for Syndic evets
• PR #38649: (Ch3LL) fix unit.modules.file_test @ 2017-01-10T16:44:45Z
• 8398751 Merge pull request #38649 from Ch3LL/test_apply_template
• 47f8b68 fix unit.modules.file_test
• PR #38626: (cachedout) Revert "Fix/workaround for issue #37355" @ 2017-01-06T21:28:09Z
• ISSUE #37355: (Firewire2002) salt-ssh - ImportError: No module named backports.ssl_match_hostname |
refs: #37358
• ISSUE #34600: (davidpsv17) Error trying a salt-ssh test.ping | refs: #37358
• ISSUE #27355: (jerob) salt ssh error with debian 7 on target | refs: #37358
• PR #37358: (Firewire2002) Fix/workaround for issue #37355 | refs: #38626
• 74ddc71 Merge pull request #38626 from saltstack/revert-37358-2016.3.3_issue37355
• e912ac9 Revert "Fix/workaround for issue #37355"
• PR #37358: (Firewire2002) Fix/workaround for issue #37355 | refs: #38626 @ 2017-01-06T18:58:47Z
• ISSUE #37355: (Firewire2002) salt-ssh - ImportError: No module named backports.ssl_match_hostname |
refs: #37358
• ISSUE #34600: (davidpsv17) Error trying a salt-ssh test.ping | refs: #37358
• ISSUE #27355: (jerob) salt ssh error with debian 7 on target | refs: #37358
• 5e58b32 Merge pull request #37358 from Firewire2002/2016.3.3_issue37355
• 910da18 fixed typo
• 4fbc5dd fixed wrong renamed variable and spaces
• 92366e6 issue #37355
• 7dc87ab issue #37355
• 2878180 issue #37355
• PR #35390: (alexandr-orlov) Returns back missed proper grains dictionary for file module @
2017-01-06T18:02:13Z
• 6c2fe61 Merge pull request #35390 from alexandr-orlov/2016.3
• cd5ae17 fxd missed proper grains dictionary
• PR #38618: (rallytime) Back-port #38579 to 2016.3 @ 2017-01-06T17:37:56Z
• ISSUE #38558: (multani) pillar.get("...", default=var, merge=true) updates default value | refs:
#38579 #38579
• PR #38579: (zwo-bot) Fix #38558 - pillar.get with default= ...,merge=true influence subsequent calls
of pillar.get | refs: #38618
• 2579cfa Merge pull request #38618 from rallytime/bp-38579
• 2052ece Add copy import
• 2c8845a add test for pillar.get() + default value
• c2f98d2 ticket 38558: add unit test, deepcopy() only if necessary
• 30ae0a1 added deepcopy of default if merge=True
• PR #38601: (terminalmage) pillar.get: Raise exception when merge=True and default is not a dict @
2017-01-05T23:15:51Z
• da676ce Merge pull request #38601 from terminalmage/pillar-get
• 8613d72 pillar.get: Raise exception when merge=True and default is not a dict
• PR #38600: (terminalmage) Avoid errors when sudo_user is set (2016.3 branch) @ 2017-01-05T20:57:09Z
• PR #38598: (terminalmage) Avoid errors when sudo_user is set | refs: #38600
• 224fc77 Merge pull request #38600 from terminalmage/issue38459-2016.3
• 8a45b13 Avoid errors when sudo_user is set
• PR #38589: (tobithiel) State Gem: fix incorrect warning about missing rvm/rbenv @ 2017-01-05T20:12:15Z
• a376970 Merge pull request #38589 from tobithiel/fix_rvm_rbenv_warning
• 9ec470b State Gem: fix incorrect warning about missing rvm/rbenv
• PR #38567: (pass-by-value) Create queue if one doesn't exist @ 2017-01-05T18:46:11Z
• 02e6a78 Merge pull request #38567 from pass-by-value/pgjsonb_queue_changes_2016.3
• 67879eb Create queue if one doesn't exist
• PR #38587: (rallytime) Change daemontools __virtualname__ from service to daemontools @
2017-01-05T18:06:01Z
• ISSUE #37498: (githubcdr) service.restart salt-minion fails on Ubuntu 14.04.5 LTS | refs: #37748
#38587
• 0889cbd Merge pull request #38587 from rallytime/fix-37498
• 2a58809 Change daemontools __virtualname__ from service to daemontools
• PR #38562: (rallytime) Update arch installation docs with correct package name @ 2017-01-04T20:04:28Z
• 7b74436 Merge pull request #38562 from rallytime/arch-install-docs
• 8b1897a Update arch installation docs with correct package name
• PR #38560: (Ch3LL) fix api logfile | refs: #38585 @ 2017-01-04T19:03:17Z
• 0186070 Merge pull request #38560 from Ch3LL/fix_api_log
• 1b45e96 fix api logfile
• PR #38531: (rallytime) Back-port #33601 to 2016.3 @ 2017-01-04T16:56:53Z
• PR #33601: (mchugh19) Fix slack engine to run on python2.6 | refs: #38531
• 0056620 Merge pull request #38531 from rallytime/bp-33601
• c36cb39 remove the unnecessary double trigger
• 3841449 fix spacing lint error
• 8c1defc Remove uncessary type from alias commands. Deduplicate alias handling to autodetect function
selection. Add error reporting to slack connectivty problems. Cleanup slack's unicode conversion
• c2f23bc Fix slack engine to run on python2.6
• PR #38541: (techhat) Strip user:pass from cached URLs @ 2017-01-04T15:39:57Z
• ISSUE #38187: (curiositycasualty) username/password saved as cleartext when using URIs with
user:pass@ format | refs: #38541
• 50242c7 Merge pull request #38541 from techhat/issue38187
• eae3a43 Strip user:pass from cached URLs
• PR #38554: (multani) Fix YAML deserialization of unicode @ 2017-01-04T15:31:16Z
• ISSUE #30454: (favoretti) Using yaml serializer inside jinja template results in unicode being
prepended by '!!python/unicode' | refs: #38554 #38554 #30481
• PR #30481: (basepi) Add yaml_safe jinja filter | refs: #38554
• 325dc56 Merge pull request #38554 from multani/fix/30454
• 2e7f743 yaml: support unicode serialization/deserialization
• df76113 jinja: test the "yaml" filter with ordered dicts
• f7712d4 Revert "Add yaml_safe filter"
• 4ddbc2e add note about pyVmomi locale workaround (#38536)
• PR #38536: (UtahDave) add note about pyVmomi locale workaround
• 1c951d1 fix gce image bug (#38542)
• ISSUE #38353: (Ch3LL) salt-cloud gce specifying | refs: #38542 #38542
• PR #38542: (Ch3LL) fix gce image bug
• PR #38487: (gtmanfred) Fix crontab issues with spaces @ 2017-01-01T20:33:29Z
• ISSUE #38449: (swalladge) Parsing issues in list_tab (salt/modules/cron.py) | refs: #38487
• ec60f9c Merge pull request #38487 from gtmanfred/2016.3
• 048b9f6 add test
• c480c11 allow spaces in cron env
• c529ec8 allow crons to have multiple spaces
• PR #38491: (gtmanfred) Use UTC for timing in case timezone changes @ 2017-01-01T20:30:57Z
• ISSUE #37684: (thusoy) State execution duration is timezone-dependent | refs: #38491
• c5ba11b Merge pull request #38491 from gtmanfred/timing
• 79368c7 Use UTC for timing in case timezone changes
• PR #38503: (jinm) Hash type fallback for file management @ 2017-01-01T17:36:51Z
• ISSUE #38472: (jinm) file.managed Unable to manage file: 'hash_type' (2016.3.4) | refs: #38503
• 86f0aa0 Merge pull request #38503 from jinm/issue_38472_jinm
• 0cd9df2 Hash type fallback for file management
• PR #38457: (bshelton229) Stops git.latest checking for local changes in a bare repo @
2016-12-30T14:28:47Z
• ed2ba4b Merge pull request #38457 from bshelton229/git-latest-head-bug
• 558e7a7 Stops git.latest checking for local changes in a bare repo
• PR #38385: (dragon788) Use unambigous long names with double dashes @ 2016-12-29T17:10:48Z
• 36e21b2 Merge pull request #38385 from dragon788/2016.3-double-dash
• 86c4b56 Newline for lint compat
• 9d9b686 Address review comments, consistency of quotes
• df9bd5e Use unambigous long names with double dashes
• PR #38474: (cachedout) Allow an existing ioloop to be passed to salt-key @ 2016-12-29T16:28:51Z
• ISSUE #38209: (limited) Accepting a minion causes tornado to exit | refs: #38474
• 59f2560 Merge pull request #38474 from cachedout/key_loop
• de50453 Allow an existing ioloop to be passed to salt-key
• PR #38467: (gtmanfred) file.line fail with mode=delete @ 2016-12-28T20:00:33Z
• ISSUE #38438: (jf) file.line with mode=delete breaks on empty file | refs: #38467
• 3d0c752 Merge pull request #38467 from gtmanfred/2016.3
• 7b7c6b3 file.line fail with mode=delete
• PR #38434: (slinn0) Make sysctl.persist fail when failing to set a value into the running kernel @
2016-12-27T15:37:53Z
• 940025d Merge pull request #38434 from slinn0/issue_38433_fixes
• 22af87a Fixes for https://github.com/saltstack/salt/issues/38433
• e5eb512 Update deprecation notices to the correct version (#38421)
• PR #38421: (rallytime) Update deprecation notices to the correct version
• PR #38420: (rallytime) Removed various deprecation notices from salt/modules/* files | refs: #38421
• 9ce5331 file.managed: Fix failure when filename contains unicode chars (#38415)
• ISSUE #38282: (sash-kan) file.managed fails when file (which contains utf-characters in the name)
exists | refs: #38415
• PR #38415: (terminalmage) file.managed: Fix failure when filename contains unicode chars
• PR #38419: (Ch3LL) fix scsci docs example @ 2016-12-22T18:57:51Z
• 2cdb59d Merge pull request #38419 from Ch3LL/fix_doc_scsi
• 234043b fix scsci docs example
• 2725352 Improve pillar documentation (#38407)
• PR #38407: (terminalmage) Improve pillar documentation
• PR #38398: (terminalmage) Fix call to file.get_managed in cron.file state @ 2016-12-22T16:46:14Z
• ISSUE #38372: (fanirama) Issue with cron.file. Source: salt://path/to/crontab_file not found | refs:
#38398
• 423b1fd Merge pull request #38398 from terminalmage/issue38372
• c80dbaa Fix call to file.get_managed in cron.file state
• 5a33d1e Fix http.query when result has no text (#38382)
• PR #38382: (heewa) Fix http.query when result has no text
• PR #38390: (meaksh) Add "try-restart" to fix autorestarting on SUSE systems @ 2016-12-21T16:06:24Z
• b74b5c7 Merge pull request #38390 from
meaksh/2016.3-fix-try-restart-for-autorestarting-on-SUSE-systems
• de6ec05 add try-restart to fix autorestarting on SUSE systems
• PR #38221: (UtahDave) Fix default returner @ 2016-12-20T20:34:36Z
• 2c3a397 Merge pull request #38221 from UtahDave/fix_default_returner
• 3856407 remove a blank line to satisfy linter
• 9c248aa validate return opt, remove default.
• 8bb37f9 specify allowed types and default for "returner"
• 11863a4 add examples of default minion returners
• e7c6012 add support for default returners using return
• PR #38288: (terminalmage) archive.extracted: don't try to cache local sources (2016.3 branch) @
2016-12-18T13:07:11Z
• 09d9cff Merge pull request #38288 from terminalmage/archive-extracted-local-source-2016.3
• 845e3d0 Update tests to reflect change in cache behavior
• 5a08d7c archive.extracted: don't try to cache local sources (2016.3 branch)
• PR #38312: (cro) Backport feature allowing proxy config to live in pillar OR /etc/salt/proxy @
2016-12-18T12:39:01Z
• bf37667 Merge pull request #38312 from cro/proxy_config_in_cfg
• 2006c40 Typo
• 689d95b Backport feature allowing proxy config to live in pillar OR /etc/salt/proxy.
• PR #38320: (rallytime) Cleanup doc internal markup references @ 2016-12-18T12:31:28Z
• ISSUE #12788: (whiteinge) Comb through docs to replace :doc: roles with :ref: | refs: #38320
• c83db5a Merge pull request #38320 from rallytime/cleanup-doc-refs
• 62978cb Don't check the doc/conf.py file for doc markup refs
• 770e732 Add a unit test to search for new doc markup refs
• 5c42a36 Remove ":doc:" references from all doc/topics/installation/* files
• 23bce1c Remove ":doc:" references from all doc/topics/releases/* files
• 4aafa41 Remove ":doc:" references from a bunch of doc/* files
• 02bfe79 Remove more ":doc:" references from doc/* files
• 6e32267 Remove ":doc:" references in salt/* files
• 6367ca7 Add nick to args for create_multi (#38281)
• PR #38281: (mikejford) Add nick to args for create_multi
• PR #38313: (dragon788) 2016.3 chocolatey fix @ 2016-12-16T17:20:39Z
• ISSUE #38290: (dragon788) Need to use machine automation friendly output | refs: #38313
• 235682b Merge pull request #38313 from dragon788/2016.3-chocolatey-fix
• 1f5fc17 Use machine readable output for list
• cdbd2fb Added limit-output to eliminate false packages
• PR #38279: (rallytime) Add docs for syndic_wait setting @ 2016-12-15T18:30:31Z
• ISSUE #38174: (NickDubelman) [syndic] Why can't a syndic node signal when all of it's minions have
returned? | refs: #38279
• ISSUE #32400: (rallytime) Document Default Config Values | refs: #38279
• 9e78ddc Merge pull request #38279 from rallytime/fix-38174
• 4a62d01 Add docs for syndic_wait setting
• PR #38248: (meaksh) Successfully exit of salt-api child processes when SIGTERM is received @
2016-12-15T09:16:27Z
• fc9e1df Merge pull request #38248 from meaksh/salt-api-successfully-close-child-processes
• ee6eae9 Successfully exit of salt-api child processes when SIGTERM.
• PR #38254: (terminalmage) Also check if pillarenv is in opts @ 2016-12-15T09:10:24Z
• 3c718ed Merge pull request #38254 from terminalmage/check-pillarenv
• fa9ad31 Also check if pillarenv is in opts
• 6b9060c [2016.3] Bump latest release version to 2016.11.1 (#38256)
• PR #38256: (rallytime) [2016.3] Bump latest release version to 2016.11.1
• PR #38198: (vutny) Add missing requirements for running unit tests: libcloud and boto3 @
2016-12-13T14:12:20Z
• 004e46a Merge pull request #38198 from vutny/unit-tests-require-libcloud-boto3
• a6098ba Remove note about SaltTesting installation, now it is in the requirements
• 004bff1 Add missing requirements for running unit tests: libcloud and boto3
• PR #38213: (rallytime) Skip test_cert_info tls unit test on pyOpenSSL upstream errors @
2016-12-13T12:05:01Z
• 9d497bc Merge pull request #38213 from rallytime/skip-tls-test
• bdb807f Skip test_cert_info tls unit test on pyOpenSSL upstream errors
• PR #38224: (whiteinge) Allow CORS OPTIONS requests to be unauthenticated @ 2016-12-13T12:02:30Z
• 203109d Merge pull request #38224 from whiteinge/cors-options-unauthed
• de4d322 Allow CORS OPTIONS requests to be unauthenticated
• PR #38223: (whiteinge) Add root_dir to salt-api file paths @ 2016-12-13T07:44:19Z
• PR #37272: (vutny) Get default logging level and log file from default opts dict | refs: #38223
• 721a5fe Merge pull request #38223 from whiteinge/salt-api-root_dirs
• bfbf390 Add root_dir to salt-api file paths
• PR #38191: (terminalmage) Clarify the fact that git_pillar.update does not fast-forward @
2016-12-12T09:45:48Z
• ISSUE #38162: (747project) git_pillar does not detect changes to remote repository when told to
update | refs: #38191
• 70f7d22 Merge pull request #38191 from terminalmage/issue38162
• 1ae543a Clarify the fact that git_pillar.update does not fast-forward
• PR #38194: (vutny) Document the requirements for running ZeroMQ-based integration tests @
2016-12-12T09:42:11Z
• 28171cb Merge pull request #38194 from vutny/integration-test-requirements-doc
• e9f419f Document the requirements for running ZeroMQ-based integration tests
• PR #38185: (rallytime) Back-port #38181 to 2016.3 @ 2016-12-09T22:27:44Z
• PR #38181: (rallytime) Reset socket default timeout to None (fixes daemons_tests failures) | refs:
#38185
• a4ef037 Merge pull request #38185 from rallytime/bp-38181
• 609f814 Reset socket default timeout to None (fixes daemons_tests failures)
• PR #38163: (Ch3LL) enabled ec2 cloud tests @ 2016-12-09T18:01:57Z
• 65b2ad7 Merge pull request #38163 from Ch3LL/enabled_ec2_cloud
• be74c45 enabled ec2 cloud tests
• PR #38177: (vutny) Correct cp.get_file_str docstring and add integration tests @ 2016-12-09T16:55:35Z
• b63f74e Merge pull request #38177 from vutny/fix-cp-get-file-str
• a449980 Correct cp.get_file_str docstring and add integration tests
• PR #38153: (vutny) Master config includes may contain errors and be safely skipped @
2016-12-08T17:43:34Z
• 7596313 Merge pull request #38153 from vutny/master-includes-error-tolerance
• cd0154e Master config includes may contain errors and be safely skipped
• 86091db Skip daemon unit tests when running on Python 2.6 (#38134)
• PR #38134: (rallytime) Skip daemon unit tests when running on Python 2.6
• PR #38102: (rallytime) Add False + msg tuple return if requests is missing for zenoss module @
2016-12-07T13:24:37Z
• ISSUE #38091: (tjyang) [WARNING ] salt.loaded.int.module.zenoss.__virtual__() is wrongly returning
None. | refs: #38102
• d3d98fd4 Merge pull request #38102 from rallytime/fix-38091
• 4f79d5a Add False + msg tuple return if requests is missing for zenoss module
• PR #38104: (rallytime) Back-port #36794 to 2016.3 @ 2016-12-07T13:23:48Z
• ISSUE #36707: (do3meli) slow FreeBSD sysctl module with test=true | refs: #36794
• PR #36794: (do3meli) FreeBSD sysctl module now handels config_file parameter in show method | refs:
#38104
• 8c8cbc2 Merge pull request #38104 from rallytime/bp-36794
• c906c8a Pylint fixes
• da3ebf8 FreeBSD sysctl module now handels config_file parameter in show method
• PR #38083: (twangboy) Only delete .sls files from winrepo-ng [DO NOT MERGE FORWARD] @
2016-12-06T14:13:35Z
• ISSUE #35342: (morganwillcock) win_pkg: refresh_db doesn't remove cached items which have been
renamed or removed | refs: #38083
• fbc8776 Merge pull request #38083 from twangboy/fix_refresh_db
• 978af6d Remove only .sls files from the cached winrepo-ng
• PR #38059: (rallytime) Call exec_test for the Syndic daemon in tests.unit.daemons_test.py @
2016-12-04T04:18:41Z
• PR #38057: (rallytime) [2016.11] Merge forward from 2016.3 to 2016.11 | refs: #38059
• PR #38034: (cachedout) Modify daemons test to use multiprocessing | refs: #38059
• 9dcfdee Merge pull request #38059 from rallytime/daemons-test-fix
• eb372b2 Add missing "not" statement: The last syndic test should assertFalse()
• 4e10f8e Call exec_test for the Syndic daemon in tests.unit.daemons_test.py
• PR #38039: (rallytime) Check to see if a line is already commented before moving on @
2016-12-02T20:08:35Z
• ISSUE #37939: (Talkless) file.comment always report changes in test=True mode | refs: #38039
• 9cd42b9 Merge pull request #38039 from rallytime/fix-37939
• 1da7aac Update unit tests to account for additional file.search call
• 8a685b1 Check to see if a line is already commented before moving on
• f2c0455 Write an integration test demonstrating the issue
• PR #38045: (terminalmage) yumpkg.py: don't include non-upgrade versions found by "yum list available" @
2016-12-02T20:07:38Z
• ISSUE #38037: (dmurphy18) pkg.latest and yumpkg.latest_version return incorrect package versions
2016.3 and 2016.11 | refs: #38045
• a34a763 Merge pull request #38045 from terminalmage/issue38037
• 6528950 Simplify logic for matching desired pkg arch with actual pkg arch
• 3babbcd yumpkg.py: don't include non-upgrade versions found by "yum list available"
• 6724fe4 Modify daemons test to use multiprocessing (#38034)
• PR #38034: (cachedout) Modify daemons test to use multiprocessing | refs: #38059
• PR #37995: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3 @ 2016-11-30T20:12:55Z
• PR #37978: (terminalmage) Add clarifying language to ext_pillar_first docs
• 6942d5d Merge pull request #37995 from rallytime/merge-2016.3
• b44e179 Merge branch '2015.8' into '2016.3'
• 7a7e367 Merge pull request #37978 from terminalmage/ext_pillar_first-docs
• 61ed9a8 Add clarifying language to ext_pillar_first docs
• cd66c17 fix broken yaml code block (#38002)
• PR #38002: (laleocen) fix broken yaml code block
• PR #37912: (attiasr) fix encoding problem aws responses @ 2016-11-30T18:10:30Z
• ISSUE #35088: (Modulus) salt/cloud/ec2.py encoding problems. | refs: #37912
• 3dd45fb Merge pull request #37912 from attiasr/fix_aws_response_encoding
• ba4ec4e use Requests result encoding to encode the text
• abe4eb3 fix encoding problem aws responses
• PR #37950: (vutny) Set default Salt Master address for a Syndic (like for a Minion) @
2016-11-30T18:09:04Z
• 69a74a4 Merge pull request #37950 from vutny/fix-starting-up-syndic
• 7d9bc9a syndic_master: correct default value, documentation and example config
• 92a7c7e Set default Salt Master address for a Syndic (like for a Minion)
• 7f269bc Add clarification on expr_form usage and future deprecation (#37964)
• PR #37964: (terminalmage) Add clarification on expr_form usage and future deprecation
• 1001987 Catch possible exception from lsb_release (#37962)
• ISSUE #37867: (tobiasBora) Bug into lsb_release that crash salt | refs: #37962
• PR #37962: (cachedout) Catch possible exception from lsb_release
• 330021c Handle empty tokens safely (#37961)
• ISSUE #37945: (gstachowiak) Missing exception handling in salt.master.Maintenance. Process never
completes. | refs: #37961
• PR #37961: (cachedout) Handle empty tokens safely
• PR #37272: (vutny) Get default logging level and log file from default opts dict | refs: #38223 @
2016-11-28T23:04:20Z
• ea46639 Merge pull request #37272 from vutny/fix-getting-default-logging-opts
• e5ce523 Fix description in the Salt Syndic usage info
• 518a3dd Add unit tests for Salt parsers processing logging options
• 83d6a44 Add ssh_log_file option to master config and documentation
• c8a0915 Fix configuration example and documentation for syndic_log_file option
• e64dd3e Correct default attributes for various parser classes
• 82a2e21 Fix default usage string for Salt command line programs
• 45dffa2 Fix readding and updating logfile and pidfile config options for Salt API
• f47253c Fix reading and applying Salt Cloud default configuration
• fad5bec Work with a copy of default opts dictionaries
• b7c2481 Fix log_level_logfile config value type
• 1bd76a1 Fix setting temporary log level if CLI option omitted
• 121848c Fix obtaining log_granular_levels config setting
• 44cf07f Make CLI options take precedence for setting up logfile_logger
• 61afaf1 Fix setting option attributes when processing log_level and log_file
• 3c60e23 Fix processing of log_level_logfile config setting
• 55a0af5 Use attribute functions for getting/setting options and config values
• c25f2d0 Fix getting Salt API default logfile option
• f242237 Remove processing of unused and undocumented cli_*_log_* config options
• 2065e83 Get default logging level and file from default opts dict
• PR #37925: (kontrolld) Fix missing ipv6 options centos network @ 2016-11-28T22:38:43Z
• f2f957d Merge pull request #37925 from kontrolld/add-ipv6-centos-network
• ac2b477 Adding IPv6 functionality for CentOS /etc/sysconfig/network
• PR #37899: (DmitryKuzmenko) Clear functions context in schedule tasks for ZeroMQ. @
2016-11-28T22:23:45Z
• ISSUE #37059: (basepi) Beacon fileserver operations cause scheduled jobs with fileserver operations
to hang | refs: #37899
• c07ad11 Merge pull request #37899 from DSRCorporation/bugs/37059_schedule_task_hang
• 9497748 Clear functions context in schedule tasks for ZeroMQ.
• PR #37928: (techhat) Don't modify self.opts directly @ 2016-11-28T21:07:40Z
• ISSUE #37737: (b-harper) python client api CloudClient multiple calls needed | refs: #37928
• a55519d Merge pull request #37928 from techhat/issue37737
• a09a60e Don't modify self.opts directly
• PR #37929: (gtmanfred) add list_nodes_min to nova driver @ 2016-11-28T21:05:40Z
• 9d17f1c Merge pull request #37929 from gtmanfred/2016.3
• c7d2c73 add list_nodes_min to nova driver
• PR #37926: (kontrolld) Fixes no IPv6 functionality in /etc/sysconfig/network @ 2016-11-28T20:40:00Z
• 3bb743b Merge pull request #37926 from kontrolld/fix-ipv6-centos-network
• 3ed42e5 updated
• 3b3bc4f Fixes no IPv6 functionality in /etc/sysconfig/network
• PR #37921: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3 @ 2016-11-28T19:54:40Z
• PR #37918: (rallytime) [2015.8] Update version numbers in doc config for 2016.11.0 release
• PR #37914: (terminalmage) Update earlier release channels' docs with Carbon release notes
• 271170a Merge pull request #37921 from rallytime/merge-2016.3
• 523a67c Merge branch '2015.8' into '2016.3'
• 4cdc6cf Update earlier release channels' docs with Carbon release notes (#37914)
• d31491a [2015.8] Update version numbers in doc config for 2016.11.0 release (#37918)
• PR #37924: (cachedout) Update test for new gem ver @ 2016-11-28T18:17:53Z
• 6cd6429 Merge pull request #37924 from cachedout/fix_gem_states
• 894cca3 Update test for new gem ver
• PR #37916: (rallytime) [2016.3] Update version numbers in doc config for 2016.11.0 release @
2016-11-28T17:09:08Z
• c35ba1f Merge pull request #37916 from rallytime/doc-update-2016.3
• bd40592 [2016.3] Update version numbers in doc config for 2016.11.0 release
• PR #37785: (AaronM-Cloudtek) respect trailing dot in ddns name parameter @ 2016-11-28T14:02:10Z
• ISSUE #37287: (AaronM-Cloudtek) salt.states.ddns.present: 'NS' record type always returns as changed
| refs: #37785
• e13a248 Merge pull request #37785 from Cloudtek/ddns-respect-trailing-dot
• 262e3b3 respect trailing dot in ddns name parameter
• PR #37895: (fj40crawler) Change return value for salt/states/augeas.py to be True instead of N… @
2016-11-28T13:49:27Z
• ISSUE #37870: (fj40crawler) salt.states.augeas.change returns None when test=True | refs: #37895
• c03b389 Merge pull request #37895 from fj40crawler/fix-augeas-return-for-test
• ddc238d Fixed augeas_test.py to match True v.s. None for test_change_in_test_mode
• ef75c45 Merge branch '2016.3' of github.com:saltstack/salt into fix-augeas-return-for-test
• b0fe0cd Change return value for salt/states/augeas.py to be True instead of None for cases where salt
is run with test=True. Fixes #37870
• PR #37907: (Talkless) Fix server trust in test run of svn.latest @ 2016-11-28T13:47:39Z
• fdbc31e Merge pull request #37907 from Talkless/patch-2
• 072a319 Fix server trust in test run of svn.latest
• PR #37896: (toanju) rh networking: add missing values @ 2016-11-27T10:30:35Z
• f39fdf4 Merge pull request #37896 from toanju/2016.3
• c953041 rh networking: add missing values
• PR #37886: (bdrung) Fix various spelling mistakes @ 2016-11-25T02:59:36Z
• ea935c5 Merge pull request #37886 from bdrung/fix-typos
• 9a51ba5 Fix various spelling mistakes
• PR #37736: (dhaines) handle semodule version >=2.4 (#37732) and fix typo @ 2016-11-24T01:44:20Z
• ISSUE #37732: (dhaines) list_semod() (from modules/selinux.py) incompatible with policycoreutils-2.5
(RHEL 7.3) | refs: #37736
• 371b0a8 Merge pull request #37736 from dhaines/issue-37732
• 7ef590a Update selinux.py
• 516a67e fix indexing error
• 4e49c1e fix typo
• b16f2d8 handle semodule version >=2.4 (#37732) and fix typo
• PR #37797: (clan) check count of columns after split @ 2016-11-24T01:28:59Z
• 87aeb66 Merge pull request #37797 from clan/extfs
• acf0f96 check count of columns after split
• PR #37762: (twangboy) Add pre_versions to chocolatey.installed @ 2016-11-24T01:27:29Z
• f7c7109 Merge pull request #37762 from twangboy/fix_chocolatey_state
• 9696b6d Use keyword args instead of relying on ordering
• 398eaa0 Add pre_versions to the available arguments
• PR #37866: (meaksh) Backport #37149 #36938 and #36784 to 2016.3 @ 2016-11-23T21:54:17Z
• PR #37857: (meaksh) Backport #37149 and #36938 to 2015.8 | refs: #37866
• PR #37856: (meaksh) Backport #36784 to 2015.8 | refs: #37866
• PR #37149: (dincamihai) Fix pkg.latest_version when latest already installed | refs: #37866 #37857
• PR #36938: (wanparo) acl.delfacl: fix position of -X option to setfacl | refs: #37866 #37857
• PR #36784: (moio) OS grains for SLES Expanded Support | refs: #37866 #37856
• 56baa92 Merge pull request #37866 from meaksh/2016.3-bp-37149-36938-36784
• 9d8d578 Fix pkg.latest_version when latest already installed
• ffca0d4 - acl.delfacl: fix position of -X option to setfacl
• 3dfed6b Adjust linux_acl unit test argument ordering
• f185ecd core.py: quote style fixed
• 8404d13 Setting up OS grains for SLES Expanded Support (SUSE's Red Hat compatible platform)
• PR #37863: (rallytime) Back-port #36893 to 2016.3 @ 2016-11-23T17:09:09Z
• ISSUE #32829: (tyhunt99) Dockerng appears to not be using docker registries pillar data | refs:
#36893 #36893
• PR #36893: (tyhunt99) add option to force a reauth for a docker registry | refs: #37863
• d0cc7f0 Merge pull request #37863 from rallytime/bp-36893
• 4c70534 Add versionadded to reauth option in dockerng module
• 5ca2c38 added documentation for the new reuth option in docker registry configuration
• 5b0c11a add option to force a reauth for a docker registry
• b17a118 add multiline encryption documentation to nacl (#37847)
• PR #37847: (laleocen) add multiline encryption documentation to nacl
• aa37487 add missing chloginclass (#37827)
• ISSUE #37787: (elyulka) user.present state fails to change loginclass on FreeBSD | refs: #37827
• PR #37827: (silenius) add missing chloginclass
• 0e74bad Update branch refs to more relevant branch (#37826)
• PR #37826: (rallytime) Update branch refs to more relevant branch
• PR #37822: (laleocen) add documentation for multiline encryption using nacl | refs: #37826
• 6a9b49c Add "names" option to file state docs: point users to highstate doc examples (#37823)
• ISSUE #19269: (markuskramerIgitt) Undocumented feature names: of file.directory | refs: #37823
• PR #37823: (rallytime) Add "names" option to file state docs: point users to highstate doc examples
• aaf587d Clarify keystone.user_present password state docs with default behavior (#37821)
• ISSUE #15697: (arthurlogilab) keystone.user_present should not re-set the password when user exists |
refs: #37821
• PR #37821: (rallytime) Clarify keystone.user_present password state docs with default behavior
• c300863 Add some dependency documentation to libvirt docs (#37820)
• ISSUE #5999: (pille) libvirt.keys does not work | refs: #37820
• PR #37820: (rallytime) Add some dependency documentation to libvirt docs
• PR #37772: (bdrung) Support initializing OpenSSL 1.1 @ 2016-11-21T20:28:51Z
• 485270f Merge pull request #37772 from bdrung/openssl1.1
• 819c965 Support initializing OpenSSL 1.1
• 4910912 Update orchestrate runner file.copy doc example (#37817)
• ISSUE #37383: (edwardsdanielj) Orchestration arguments (kwarg) not being interperted / How I learned
to stop worrying about documentation and love experimenting | refs: #37817
• PR #37817: (rallytime) Update orchestrate runner file.copy doc example
• PR #37816: (rallytime) Back-port #32157 to 2016.3 @ 2016-11-21T20:22:27Z
• ISSUE #37653: (gravyboat) Salt.cron docs don't wrap @hourly and @daily correctly in quotes for the
examples | refs: #37816
• ISSUE #31953: (sjorge) Documentation for salt.states.cron is incorrect | refs: #32157
• PR #32157: (cachedout) Add quotes to cron doc | refs: #37816
• c5d3d8b Merge pull request #37816 from rallytime/bp-32157
• d9c2971 Add quotes to cron doc
• PR #37812: (rallytime) Back-port #37790 to 2016.3 @ 2016-11-21T18:46:40Z
• PR #37790: (sofixa) Update cloud/proxmox.rst with more options and LXC | refs: #37812
• 97e6b6a Merge pull request #37812 from rallytime/bp-37790
• ca3b6e7 Update proxmox.rst with more options and LXC
• PR #37811: (rallytime) Back-port #37789 to 2016.3 @ 2016-11-21T18:46:21Z
• ISSUE #37751: (freach) Documentation salt.states.dockerng.running: "privileged" property undocumented
| refs: #37789
• PR #37789: (fedusia) issue: 37751 | refs: #37811
• 27703c5 Merge pull request #37811 from rallytime/bp-37789
• ba3fef4 fix comment
• a021f76 issue: 37751 Add documentation for option privileged
• PR #37810: (rallytime) Back-port #37775 to 2016.3 @ 2016-11-21T18:45:53Z
• PR #37775: (calve) Document python argument in salt.states.virtualenv_mod | refs: #37810
• adac9d7 Merge pull request #37810 from rallytime/bp-37775
• 2bed914 Document python argument in salt.states.virtualenv_mod
• 7de7844 Add nodegroup check to ckminions (#37763)
• ISSUE #37742: (blaketmiller) Cannot match on nodegroup when checking minions | refs: #37763
• PR #37763: (cachedout) Add nodegroup check to ckminions
• d674369 Fix ip/port issue with salt-call (#37766)
• ISSUE #37725: (secumod) salt-call incorrectly parses master hostname:port from minion config | refs:
#37766
• PR #37766: (cachedout) Fix ip/port issue with salt-call
• c62ff6b Add thorium path to syspaths (#37767)
• ISSUE #33709: (msummers42) Any/All Salt-SSH invocations in 2016.3.0 Fails with AttributeError:
'module' object has no attribute 'BASE_THORIUM_ROOTS_DIR' | refs: #37767
• PR #37767: (cachedout) Add thorium path to syspaths
• PR #37760: (hu-dabao) Fix couchbase returner and add couple of more features @ 2016-11-18T00:28:23Z
• bff949f Merge pull request #37760 from hu-dabao/fix_cb_returner
• de372f2 1. returner no need to check whether the jid exists for external job cache setup 2. add
full_ret to return doc so that the document will be informative 3. make ttl as a config attribute
because salt-minion does not have keep_jobs attribute 4. add password into config attribute 5. update
the documents accordingly
• PR #37738: (terminalmage) Allow pillar.get to retrieve fresh pillar data when saltenv passed @
2016-11-17T23:13:04Z
• ISSUE #36629: (yhekma) The pillar run module does not honor saltenv | refs: #37738
• 1f976ac Merge pull request #37738 from terminalmage/issue36629
• da46678 Allow pillar.get to retrieve fresh pillar data when saltenv passed
• 7aee7fc Switch default filter tag for ONE resources from user only to all resources (#37745)
• PR #37745: (cro) Switch default filter tag for ONE resources from user only to all resources
• 6ba8d4e check for SERVICE_DIR in __virtual__ in salt.modules.daemontools (#37748)
• ISSUE #37498: (githubcdr) service.restart salt-minion fails on Ubuntu 14.04.5 LTS | refs: #37748
#38587
• PR #37748: (silenius) check for SERVICE_DIR in __virtual__ in salt.modules.daemontools
• PR #37735: (Ch3LL) change size and image of joyent profile @ 2016-11-16T21:07:52Z
• ISSUE #37734: (Ch3LL) Joyent Cloud Size Issue | refs: #37735
• fa78831 Merge pull request #37735 from Ch3LL/fix_joyent_profile
• 9ef41dc change size and image of joyent profile
• PR #37731: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3 @ 2016-11-16T17:13:02Z
• PR #37718: (terminalmage) Fix incorrectly-formatted RST
• 98e25c6 Merge pull request #37731 from rallytime/merge-2016.3
• ec13897 Merge branch '2015.8' into '2016.3'
• f417dbb Merge pull request #37718 from terminalmage/docs
• 23b8b2a Fix incorrectly-formatted RST
• 3be9ab4 Warn on AES test for systems with > 1 core (#37724)
• PR #37724: (cachedout) Warn on AES test for systems with > 1 core
• PR #37721: (terminalmage) Fix for pillar setting 'environment' key in __gen_opts() @
2016-11-16T16:04:53Z
• 35655d5 Merge pull request #37721 from terminalmage/zd909
• acdd551 Update git_pillar docs to reflect info from bugfix
• 433737d Fix for pillar setting 'environment' key in __gen_opts()
• PR #37719: (terminalmage) Fix incorrectly-formatted RST (2016.3 branch) @ 2016-11-16T08:20:53Z
• 99cda7c Merge pull request #37719 from terminalmage/docs-2016.3
• f163b4c Fix incorrectly-formatted RST
• PR #37694: (cachedout) Catch differences in git URLs in npm state @ 2016-11-16T01:56:18Z
• 8dea695 Merge pull request #37694 from cachedout/npm_git
• 0e3bc23 Catch differences in git URLs in npm state
• PR #37705: (rallytime) Don't overwrite the "key" variable passed in to _listeners_present func @
2016-11-15T21:26:37Z
• ISSUE #37665: (kluoto) boto_elb state fails as key is overwritten by the code | refs: #37705
• 329448c Merge pull request #37705 from rallytime/fix-37665
• 3b7e9c5 Don't overwrite the "key" variable passed in to _listeners_present func
• PR #37707: (Ch3LL) add timeout increase on azure tests @ 2016-11-15T21:24:25Z
• PR #37239: (Ch3LL) Fix cloud tests timeout | refs: #37707
• ac9a316 Merge pull request #37707 from Ch3LL/fix_timeout_azure
• 363122c add timeout increase on azure tests
• PR #37704: (twangboy) Fix test disabled 2016.3 [DO NOT MERGE FORWARD] @ 2016-11-15T16:48:52Z
• 1ece265 Merge pull request #37704 from twangboy/fix_test_disabled_2016.3
• a0429cf Use nfsd instead of apsd for test_disabled
• PR #37690: (twangboy) Update pyzmq to 15.3.0 for 2016.3 [DO NOT MERGE FORWARD] @ 2016-11-15T03:10:36Z
• 44f05ac Merge pull request #37690 from twangboy/update_pyzmq_2016.3
• cf55342 Update pyzmq to version 15.3.0
• PR #37680: (rallytime) Back-port #32965 to 2016.3 @ 2016-11-15T02:56:46Z
• PR #32965: (kevinquinnyo) Fix 'present' option when used without 'key_type' | refs: #37680
• a743d8b Merge pull request #37680 from rallytime/bp-32965
• 1865b13 Fix 'present' option when used without 'key_type'
• PR #37681: (rallytime) Back-port #35965 to 2016.3 @ 2016-11-14T21:19:22Z
• ISSUE #35964: (edgan) salt-ssh doesn't set the return code to non-zero on highstate rendering error |
refs: #35965
• PR #35965: (edgan) Set the return code to 1 on salt-ssh highstate errors | refs: #37681
• 1c2d6ff Merge pull request #37681 from rallytime/bp-35965
• 700f3fa Set the return code to 1 on salt-ssh highstate errors
• PR #37668: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3 @ 2016-11-14T15:43:25Z
• PR #37641: (cro) Add docs for rotate_aes_key
• 1b456b5 Merge pull request #37668 from rallytime/merge-2016.3
• ef684c6 Merge branch '2015.8' into '2016.3'
• a01b665 Add docs for rotate_aes_key (#37641)
• PR #37625: (cachedout) Return with proper retcodes in batch mode @ 2016-11-12T20:29:09Z
• ISSUE #37492: (JensRantil) Failing salt -b 1 minion state.highstate has wrong exit code | refs:
#37625
• 305e51d Merge pull request #37625 from cachedout/issue_37492
• b603152 Return with proper retcodes in batch mode
• PR #37639: (rallytime) Back-port #37607 to 2016.3 @ 2016-11-11T20:29:20Z
• ISSUE #34547: (sebw) salt-cloud deployment fails when deploy: True | refs: #37607
• PR #37607: (techhat) Try the connection again, in case it's been reset | refs: #37639
• PR #35673: (cro) Proxies don't handle reusing the SmartConnect instances very well. D… | refs:
#37607
• PR #34059: (alexbleotu) Vmware common gh | refs: #37607
• 7510cd4 Merge pull request #37639 from rallytime/bp-37607
• 9914c93 Pylint: Remove kwargs that are not in the 2016.3 branch
• d941e93 Disable pylint warning
• 940ee49 Lint fix
• 69893f0 Try the connection again, in case it's been reset
• PR #37638: (rallytime) Back-port #37349 to 2016.3 @ 2016-11-11T20:29:01Z
• ISSUE #37118: (gtmanfred) group in file.find module unable to be a list | refs: #37349 #37349
• PR #37349: (haeac) Pull request for Bug #37118 | refs: #37638
• 24ca960 Merge pull request #37638 from rallytime/bp-37349
• ba2105b Fix for Bug #37118, the wrong parameter was being used to convert the group name to group id.
• PR #37644: (Ch3LL) digital ocean list_keypairs: increase limit for ssh keys parsed @
2016-11-11T20:28:46Z
• ISSUE #37643: (Ch3LL) digital ocean list_keypairs limits to 20 keys | refs: #37644
• e1e8b81 Merge pull request #37644 from Ch3LL/fix_37643
• c02961a list_keypairs: increase limit for ssh keys parsed
• PR #37640: (rallytime) Add known issue #37541 to 2016.3.4 release notes @ 2016-11-11T20:28:12Z
• ISSUE #37541: (yhekma) salt-minion does not clean up temp files for templates | refs: #37540 #37640
• a97c2ad Merge pull request #37640 from rallytime/update-release-notes
• 6d6de12 Grammatical fix
• 24d7f20 Add known issue #37541 to 2016.3.4 release notes
• PR #37642: (cro) Forward-port change from 2015.8 adding release note for rotate_aes_key @
2016-11-11T20:27:07Z
• fab3eaa Merge pull request #37642 from cro/rotate_aes_doc
• 1ca5b95 Forward-port change from 2015.8 adding release note for rotate_aes_key
• PR #37629: (TronPaul) fix __opts__ and provider being None in salt.utils.aws:get_location @
2016-11-11T09:49:47Z
• ISSUE #37628: (TronPaul) [git 2016.3] Refreshing of an s3 file server results in an exception | refs:
#37629
• 4c07b35 Merge pull request #37629 from TronPaul/fix-s3fs-opts
• a452cde fix __opts__ and provider being None issue
• PR #37481: (thatch45) Raet internal client reference fix @ 2016-11-11T04:39:41Z
• 200d9fc Merge pull request #37481 from thatch45/raet_client
• 50d9111 Attempted fix, needs user verification
• PR #37611: (jeanpralo) Fix cmd batch raw @ 2016-11-11T02:53:58Z
• b14faf1 Merge pull request #37611 from jeanpralo/fix-cmd-batch-raw
• 4f16840 add integration test for salt.client.LocalClient.cmd_batch
• ead47e4 update ret dict to avoid hanging
• 0a2f153 fix dict key for raw support to avoid exception
• PR #37614: (gtmanfred) remove redundant code @ 2016-11-11T02:49:13Z
• 35c8333 Merge pull request #37614 from gtmanfred/2016.3
• 71c2df8 remove redundent code
• PR #37627: (cachedout) Exempt pip.iteritems from test_valid_docs test @ 2016-11-11T02:48:37Z
• 4fab707 Merge pull request #37627 from cachedout/pr-36706
• 94df2f8 Exempt pip.iteritems from test_valid_docs test
• PR #36706: (siccrusher) Add basic sanity checks for env_vars in pip.install function @
2016-11-11T02:47:16Z
• ISSUE #36644: (b1naryth1ef) env_vars not properly validated/casted to strings w/
virtualenv.manage/pip.install | refs: #36706
• ee74f31 Merge pull request #36706 from siccrusher/fix_env_var_validation
• fb27f8b Revert change
• 79f3e83 Use fully-qualified path for six
• 0ca1222 Update pip.py
• b15de37 * Ensure src is python3 compatible
• 0976a2d * Before passing on the env_vars dictionary ensure all values are strings. Fixes #36644
• PR #37626: (cachedout) Exit with proper retcode on hard client failures @ 2016-11-11T02:38:47Z
• ISSUE #37491: (JensRantil) "Failed to authenticate! ..." error should exit non-zero | refs: #37626
• 902a975 Merge pull request #37626 from cachedout/issue_37491
• bab9a72 Exit with proper retcode on hard client failures
• PR #37617: (terminalmage) Clarify docs for git_pillar dynamic env feature @ 2016-11-11T01:52:52Z
• 845f835 Merge pull request #37617 from terminalmage/git_pillar-docs
• 8cdf5db Clarify docs for git_pillar dynamic env feature
• PR #36627: (sjmh) Skip rest of loop on failed func match @ 2016-11-10T23:47:12Z
• 3079d78 Merge pull request #36627 from sjmh/fix/auth_skip_nomatch
• b3baaf3 Skip rest of loop on failed func match
• PR #37600: (mcalmer) change TIMEZONE on SUSE systems (bsc`#1008933`_) @ 2016-11-10T21:54:04Z
• ISSUE #1008933: (**)
• a71e7c7 Merge pull request #37600 from mcalmer/fix-timezone-on-SUSE
• 3530b54 change TIMEZONE on SUSE systems (bsc`#1008933`_)
• PR #37602: (DmitryKuzmenko) Handle master restart in appropriate places using salt.event listener. @
2016-11-10T21:53:20Z
• ISSUE #37238: (cmclaughlin) Restarting master causes minion to hang | refs: #37438 #37602
• ISSUE #37018: (tsaridas) get events from python | refs: #37438 #37602
• PR #37438: (DmitryKuzmenko) Fix for #37238 salt hang on master restart | refs: #37602
• 39b7587 Merge pull request #37602 from DSRCorporation/bugs/37238_salt_hang_on_master_restart
• d3d987b Handle master restart in appropriate places using salt.event listener.
• PR #37608: (gtmanfred) allow multiline returns from docker for mac @ 2016-11-10T21:48:59Z
• 019e1a7 Merge pull request #37608 from gtmanfred/2016.3
• 74aee1e allow multiline returns from docker for mac
• 71032f8 Documentation improvements and corrections (#37604)
• ISSUE #37592: (craigafinch) State git.latest does not work with SSH | refs: #37604
• ISSUE #37551: (viict) git.latest "Not a valid commit name" | refs: #37571 #37604
• PR #37604: (terminalmage) Documentation improvements and corrections
• a7e09f9 Use existing VM's VDD size if not specified in the cloud profile (#37579)
• PR #37579: (pass-by-value) Use existing VM's VDD size if not specified in the cloud profile
• PR #37540: (yhekma) Added prefix to tempfile for template @ 2016-11-10T00:37:18Z
• ISSUE #37541: (yhekma) salt-minion does not clean up temp files for templates | refs: #37540 #37640
• fdd13b4 Merge pull request #37540 from yhekma/2016.3
• 93a59f8 Added prefix to tempfile for template
• 5e80acc Update for m2crypto changes removing lhash (#37578)
• ISSUE #37084: (AaronM-Cloudtek) x509.certificate_managed does not work with m2crypto >=0.25 | refs:
#37578
• PR #37578: (clinta) Update for m2crypto changes removing lhash
• 928462d fix example of function argument limiting (#37584)
• PR #37584: (clinta) Fix eauth example for limiting args
• 2810b85 Add a test to ensure we don't check for fast-forward before fetching (#37571)
• ISSUE #37551: (viict) git.latest "Not a valid commit name" | refs: #37571 #37604
• PR #37571: (terminalmage) Add a test to ensure we don't check for fast-forward before fetching
• PR #37553: (rallytime) Back-port #37521 to 2016.3 @ 2016-11-08T23:11:07Z
• ISSUE #33645: (ketzacoatl) saltutil.sync_all does not sync custom pillar modules to masterless
minions | refs: #33833
• ISSUE #25297: (Akilesh1597) perform 'refresh_pillar' as a part of 'sync_all' | refs: #37521 #25361
• PR #37521: (genuss) refresh_pillar() should be called always with refresh=True during
saltutil.sync_all | refs: #37553
• PR #33833: (terminalmage) Support syncing pillar modules to masterless minions | refs: #37521
• PR #25361: (tedski) perform refresh_pillar as part of sync_all when refresh=True | refs: #37521
• b01c247 Merge pull request #37553 from rallytime/bp-37521
• 30f92b0 refresh_pillar() should be called always
• PR #37565: (rallytime) Back-port #37549 to 2016.3 @ 2016-11-08T23:10:25Z
• PR #37549: (Mrten) sqlite is not found in 2015.8 | refs: #37565
• 694df30 Merge pull request #37565 from rallytime/bp-37549
• c92a90b Update sqlite3.py
• fb76557 sqlite is not found in 2015.8
• 2fc0b22 Fix regression in service.dead state (#37562)
• ISSUE #37511: (jdelic) service.dead now only operates if the service file exists | refs: #37562
• PR #37562: (terminalmage) Fix regression in service.dead state
• ac754db Skip config type checking for sdb values (#37560)
• ISSUE #37554: (sjmh) salt-api doesn't dynamically re-read nodegroups configuration | refs: #37560
• PR #37560: (whiteinge) Skip config type checking for sdb values
• 453319b Don't pass the vpc id to boto.vpc.create_internet_gateway func (#37556)
• PR #37556: (rallytime) Don't pass the vpc id to boto.vpc.create_internet_gateway func
• 89b9417 Documentation rendering fixes (#37543)
• PR #37543: (multani) Documentation rendering fixes
• PR #37457: (rallytime) Fixup file.line docs to be more clear and consistent @ 2016-11-08T00:29:20Z
• ISSUE #31081: (JensRantil) salt.modules.file.line documentation unclarities | refs: #37457
• 96b8b9a Merge pull request #37457 from rallytime/fix-31081
• 25821bb Clarify which modes use "before", "after", and "indent" options
• 8b2d2b9 Clarify file.line state docs as well
• b261589 Move note about using mode=insert with location options to mode section
• db0b0ce Fixup file.line docs to be more clear and consistent
• PR #37526: (twangboy) Remove loop from dsc.apply_config @ 2016-11-08T00:23:11Z
• ISSUE #35799: (davegiles) dsc.apply_config hangs (no error) on empty directory on target | refs:
#37526
• 7de790f Merge pull request #37526 from twangboy/fix_35799
• fc42609 Remove unnecessary format
• c934a2b Remove the loop from apply_config
• PR #37534: (rallytime) Back-port fix needed from #37515 @ 2016-11-08T00:14:46Z
• PR #37515: (rallytime) [carbon] Merge forward from 2016.3 to carbon | refs: #37534 #37534
• 94811df Merge pull request #37534 from rallytime/bp-merge-foward-fix
• d1b2af1 Add missing source_hash_name args to a couple funcs
• PR #37533: (whiteinge) Return a 504 response instead of 500 for Salt timeouts @ 2016-11-08T00:14:15Z
• 17adbb0 Merge pull request #37533 from whiteinge/salt-api-504-timeouts
• 63226ae Return a 504 response instead of 500 for Salt timeouts
• PR #37529: (lorengordon) Backport: PR 36736 to 2016.3 @ 2016-11-08T00:04:10Z
• ISSUE #36679: (lorengordon) Command 'Import-Module ServerManager' failed with return code: 1 | refs:
#36736
• PR #36736: (m03) Fix issue 36679 win_servermanager error | refs: #37529
• a9f03ee Merge pull request #37529 from lorengordon/bp-36736
• 21c2664 Fix issue 36679 win_servermanager failure
• PR #37519: (rallytime) Update returner __virtual__() return messages for loader @ 2016-11-07T23:06:23Z
• ISSUE #37444: (Tanoti) Returning False from __virtual__ in a returner does not return expected error
| refs: #37502 #37519
• PR #37502: (cachedout) Log proper message on returners that cannot be loaded | refs: #37519
• 19475aa Merge pull request #37519 from rallytime/returner-load-errors
• fb261a3 Update returner __virtual__() return messages for loader
• PR #37527: (rallytime) Add syndic_id=None kwarg to save_minions funcs in returners @
2016-11-07T23:04:03Z
• ISSUE #35016: (pingangit) TypeError: save_minions() got an unexpected keyword argument 'syndic_id' |
refs: #37527
• fefdfab Merge pull request #37527 from rallytime/fix-35016
• 2944b24 Add syndic_id=None kwarg to save_minions funcs in returners
• b77b6ba fix Lithium to 2015.5.0 (#37530)
• PR #37530: (gtmanfred) fix Lithium to 2015.5.0
• PR #37514: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3 @ 2016-11-07T16:51:06Z
• PR #37482: (rallytime) [2015.8] Doc version updated to 2016.3.4
• 7431648 Merge pull request #37514 from rallytime/merge-2016.3
• 41166ae Merge branch '2015.8' into '2016.3'
• c505a05 [2015.8] Doc version updated to 2016.3.4 (#37482)
• PR #37503: (cachedout) Catch loader error on returners without save_load @ 2016-11-07T09:33:57Z
• ISSUE #36713: (Tanoti) ExtraData: unpack(b) received extra data after upgrading to 2016.3.3 | refs:
#37503
• 2d924d0 Merge pull request #37503 from cachedout/issue_36713
• 5f7f971 Catch loader error on returners without save_load
• PR #37499: (cachedout) Clarify docs on salt-key events @ 2016-11-07T09:33:20Z
• ISSUE #37448: (alisson276) In 'salt/key' events there are acts that never happen | refs: #37499
• d95bf59 Merge pull request #37499 from cachedout/key_docs_clarify
• 2758e74 Clarify docs on salt-key events
• PR #37500: (cachedout) Remove unused flag @ 2016-11-07T09:33:04Z
• 1dd1408 Merge pull request #37500 from cachedout/remove_include_errors
• 6c705b1 Remove unused flag
• PR #37502: (cachedout) Log proper message on returners that cannot be loaded | refs: #37519 @
2016-11-07T09:32:45Z
• ISSUE #37444: (Tanoti) Returning False from __virtual__ in a returner does not return expected error
| refs: #37502 #37519
• 4b6f1ab Merge pull request #37502 from cachedout/issue_37444
• 4c5ab05 Remove debugging
• 17d01e4 Log proper message on returners that cannot be loaded
• PR #37494: (sjorge) Forgot to update os_family map in #37472 @ 2016-11-06T22:18:54Z
• ISSUE #37389: (d101nelson) Some core grains are inaccurate or incomplete for Solaris | refs: #37472
• PR #37472: (sjorge) 2016.3 solaris grains improvements | refs: #37494 #37494
• 2422daf Merge pull request #37494 from sjorge/2016.3-osfam_map
• 96ba545 Forgot to update os_family map in #37472
• PR #37496: (mcalmer) fix status handling in sysv init scripts @ 2016-11-06T22:18:00Z
• 41bd8e3 Merge pull request #37496 from mcalmer/fix-status-handling-in-sysv-init-scripts
• 1fb2c4d fix status handling in sysv init scripts
• PR #37497: (terminalmage) Update 2016.3.5 release notes with source_hash_name explanation @
2016-11-06T22:17:40Z
• e741a77 Merge pull request #37497 from terminalmage/release_notes
• c08038d Update 2016.3.5 release notes with source_hash_name explanation
• PR #37486: (twangboy) Add requirement for PowerShell 3 on Windows @ 2016-11-06T06:01:07Z
• f4426c2 Merge pull request #37486 from twangboy/fix_win_docs
• 9e0631a Add docs denoting the requirement for at least PowerShell 3
• PR #37493: (cachedout) Add sdb support to minion and master configs @ 2016-11-06T06:00:18Z
• a1f355a Merge pull request #37493 from cachedout/minion_master_sdb
• 9761a46 Add sdb support to minion and master configs
• PR #37452: (rallytime) file.line with mode=replace on an empty file should return False, not stacktrace
@ 2016-11-06T01:55:11Z
• ISSUE #31135: (jeffreyctang) file.line mode=replace breaks on empty file. | refs: #37452
• be93710 Merge pull request #37452 from rallytime/fix-31135
• c792f76 Bump log level from debug to warning on empty file
• 5f181cf file.line with mode=replace on an empty file should return False
• 94a00c6 Write a unit test demonstrating stack trace in #31135
• PR #37469: (terminalmage) Rewrite file.extract_hash to improve its matching ability @
2016-11-06T01:50:01Z
• ISSUE #37001: (phil123456) URGENT : archive.extracted does not work anymore | refs: #37081
• ISSUE #29010: (The-Loeki) file.managed download failing checksum testing for Ubuntu initrd
w/source_hash | refs: #37469
• PR #37081: (terminalmage) Fix archive.extracted remote source_hash verification | refs: #37469 #37469
• 129b038 Merge pull request #37469 from terminalmage/issue29010
• a3f38e5 Update file.extract_hash unit tests
• b26b528 Add the source_hash_name param to file.managed states
• 52fe72d Rewrite file.extract_hash
• PR #37472: (sjorge) 2016.3 solaris grains improvements | refs: #37494 #37494 @ 2016-11-06T01:46:10Z
• ISSUE #37389: (d101nelson) Some core grains are inaccurate or incomplete for Solaris | refs: #37472
• 9426b9d Merge pull request #37472 from sjorge/2016.3-solaris-grains
• 2958f5c detect and properly handle OmniOS
• 37c3a7f handle Oracle Solaris better
• 69706d3 parse minorrelease if it has a / in it
• d1cf4a0 improve regex for parsing /etc/release using files from Solaris 8 SPARC and Solaris 10
• 88eddef some more cleanup for smartos
• d3ff39f improve smartos os version grains
• PR #37478: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3 @ 2016-11-04T20:30:08Z
• ISSUE #37388: (tyhunt99) [2016.3.4] Refreshing of an s3 file server results in an exception. | refs:
#37428
• ISSUE #37286: (terminalmage) GitFS: mountpoints with trailing slashes cause all file paths in that
repo to fail to be matched | refs: #37408
• ISSUE #36849: (skulikov) file.managed and archive.extracted don't properly work for tgz remote files
| refs: #37418
• PR #37441: (rallytime) Back-port #37428 to 2015.8
• PR #37428: (cachedout) Fix incorrect reference of __utils__ in salt.utils | refs: #37441
• PR #37418: (terminalmage) Do not use compression in tornado httpclient requests
• PR #37408: (terminalmage) Strip slashes from gitfs mountpoints
• 4ba63ab Merge pull request #37478 from rallytime/merge-2016.3
• 3483a44 Merge branch '2015.8' into '2016.3'
• 35888c2 Merge pull request #37408 from terminalmage/issue37286
• 4e4a057 Strip slashes from gitfs mountpoints
• b6c57c6 Merge pull request #37418 from terminalmage/issue36849
• 740bc54 Do not use compression in tornado httpclient requests
• 7fba8aa Merge pull request #37441 from rallytime/bp-37428
• 6fe3ef4 Fix incorrect reference of __utils__ in salt.utils
• 8aa101a Get release notes started for 2016.3.5 (#37485)
• PR #37485: (rallytime) Get release notes started for 2016.3.5
• dfd9495 [2016.3] Doc version updated to 2016.3.4 (#37483)
• PR #37483: (rallytime) [2016.3] Doc version updated to 2016.3.4
• PR #37121: (nevins-b) allow the file.recurse state to support saltenv @ 2016-11-04T05:59:28Z
• ISSUE #37123: (nevins-b) file.recurse state doesn't support pulling from other environments | refs:
#37121
• 580eca7 Merge pull request #37121 from nevins-b/2016.3
• 99d2c36 making messaging in tests match new return
• bc4b0e7 adding test for saltenv in file.recurse source url
• 3315b67 fixing saltenv if not set in url
• a9683cb allow the file.recurse state to support saltenv (salt://example/dir?saltenv=dev)
• PR #37426: (jfindlay) Wait for macOS to change system settings @ 2016-11-04T04:35:52Z
• PR #37351: (jfindlay) modules.mac_power: give macOS time to change setting | refs: #37426
• 766b143 Merge pull request #37426 from jfindlay/mac_sleep
• 43a8e19 modules.mac_power: wait for system to make change
• feabca6 modules.mac_system: wait for system to make change
• 0213eb9 utils.mac_utils: add confirm_updated
• PR #37438: (DmitryKuzmenko) Fix for #37238 salt hang on master restart | refs: #37602 @
2016-11-04T04:10:51Z
• ISSUE #37238: (cmclaughlin) Restarting master causes minion to hang | refs: #37438 #37602
• ISSUE #37018: (tsaridas) get events from python | refs: #37438 #37602
• 9eab5c8 Merge pull request #37438 from DSRCorporation/bugs/37238_salt_hang_on_master_restart
• f253d3c Auto reconnect salt to master if the connection was lost.
• PR #37440: (rallytime) Back-port #31207 to 2016.3 @ 2016-11-04T04:09:33Z
• PR #31207: (thusoy) Remove error logging of missing boto libraries | refs: #37440
• 9aa7073 Merge pull request #37440 from rallytime/bp-31207
• c71ae61 Remove error logging of missing boto libraries
• PR #37442: (twangboy) Create paths.d directory @ 2016-11-04T04:07:19Z
• edbfadc Merge pull request #37442 from twangboy/fix_osx_postinstall
• 8091a30 Create paths.d directory
• PR #37445: (twangboy) Check for Server os before checking [DO NOT MERGE FORWARD] @ 2016-11-04T04:04:49Z
• afb1b3c Merge pull request #37445 from twangboy/fix_import_error_2016.3
• c0d5ebd Check for Server os before checking
• PR #37446: (twangboy) Detect VC++ for Python on Win32 @ 2016-11-04T04:04:02Z
• 7a9f95a Merge pull request #37446 from twangboy/fix_build_32
• 2de69f4 Detect VC for Python correctly on 32bit Windows
• PR #37447: (rallytime) Cast ip_protocol rule as a str() in boto_secgroup.present @ 2016-11-04T04:03:45Z
• ISSUE #36961: (nullify005) boto_secgroup assumes a string when checking ip_protocol validity when not
tcp|udp|all|-1 | refs: #37447
• 651e0f7 Merge pull request #37447 from rallytime/fix-36961
• 6b930ac Cast ip_protocol rule as a str() in boto_secgroup.present
• PR #37455: (techhat) Make api opts respect correct root_dir @ 2016-11-04T03:25:40Z
• ISSUE #36446: (whiteinge) Custom salt-api config problem | refs: #37455
• PR #36386: (xiaoanyunfei) fix salt-api's default opts were covered by salt-master #35734 | refs:
#37455
• a51d944 Merge pull request #37455 from techhat/issue36446
• 7eff90d Make api opts respect correct root_dir
• PR #37459: (twangboy) Fix error message when ConvertTo-Json not supported [DO NOT MERGE FORWARD] @
2016-11-04T03:22:31Z
• 3591bf0 Merge pull request #37459 from twangboy/fix_dsc_json_msg_2016.3
• 949b709 Use cmd.run_all instead of cmd.shell
• PR #37430: (meaksh) Including resolution parameters in the Zypper debug-solver call during a dry-run
dist-upgrade (2016.3) @ 2016-11-03T14:35:46Z
• ISSUE #2016: (seanchannel) status.custom failing on any arguments
• PR #37353: (meaksh) Including resolution parameters in the Zypper debug-solver call during a dry-run
dist-upgrade | refs: #37430
• 80a99c4 Merge pull request #37430 from meaksh/zypper-dist-upgrade-debug-solver-fix-2016.3
• ffc596f Including resolver params for Zypper debug-solver
• 67cc7a7 Fix incorrect reference of __utils__ in salt.utils (#37428)
• ISSUE #37388: (tyhunt99) [2016.3.4] Refreshing of an s3 file server results in an exception. | refs:
#37428
• PR #37428: (cachedout) Fix incorrect reference of __utils__ in salt.utils | refs: #37441
• PR #37419: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3 @ 2016-11-02T21:40:04Z
• ISSUE #33187: (usbportnoy) Deploy to jboss TypeError at boss7.py:469 | refs: #33190
• PR #37392: (rallytime) Back-port #33190 to 2015.8
• PR #33190: (usbportnoy) Fixes Type error in jboss state module when concatenating comments | refs:
#37392
• 7864f9b Merge pull request #37419 from rallytime/merge-2016.3
• bce47c9 Merge branch '2015.8' into '2016.3'
• 7b1d3b5 Merge pull request #37392 from rallytime/bp-33190
• 4063bae catch None cases for comments in jboss7 state module
• d749567 Fix regression in output for Ctrl-c'ed CLI jobs (#37416)
• PR #37416: (terminalmage) Fix regression in output for Ctrl-c'ed CLI jobs
• e9b4620 Add unit tests for cloning from snapshot (#37414)
• PR #37414: (pass-by-value) Add unit tests for cloning from snapshot
• PR #37350: (pass-by-value) Add handling for full and linked clone | refs: #37414
• PR #37404: (cachedout) Revert "Bootstrap delay option for salt-cloud" @ 2016-11-02T09:48:53Z
• PR #37401: (cachedout) Bootstrap delay option for salt-cloud | refs: #37404
• ecd794a Merge pull request #37404 from saltstack/revert-37401-bootstrap_delay
• e864de8 Revert "Bootstrap delay option for salt-cloud"
• PR #37401: (cachedout) Bootstrap delay option for salt-cloud | refs: #37404 @ 2016-11-02T09:02:13Z
• 2eb44fb Merge pull request #37401 from cachedout/bootstrap_delay
• 6e42b0e Bootstrap delay option for salt-cloud
• PR #37350: (pass-by-value) Add handling for full and linked clone | refs: #37414 @ 2016-11-02T08:02:29Z
• 9446e48 Merge pull request #37350 from pass-by-value/full_and_linked_clone_v1
• d8b1c9c Add handling for full and linked clone and commit disk mode additions
• PR #37386: (rallytime) Fix win_useradd.chgroups return when cmd.run_all retcode != 0 @
2016-11-02T06:34:12Z
• ISSUE #34841: (Ch3LL) Wrong return when using user.chgroups on windows | refs: #37386
• c7f4d7f Merge pull request #37386 from rallytime/fix-34841
• c70492a Fix win_useradd.chgroups return when cmd.run_all retcode != 0
• PR #37390: (rallytime) Don't insert __pub* keys into dnsmasq config file with set_config function @
2016-11-02T06:31:53Z
• ISSUE #34263: (vernondcole) Use of dnsmasq.set_config injects unintentional text into the
configuration file. | refs: #37390
• 34b6c64 Merge pull request #37390 from rallytime/fix-34263
• e082ff5 Fix failing test now that we're raising a CommandExecutionError
• c6a3476 Filter out the __pub keys passed via
**
kwargs for dnsmasq.set_config
• fd380c7 Add test case to reproduce dnsmasq.set_config failure in #34263
• PR #37391: (rallytime) Back-port #35287 to 2016.3 @ 2016-11-02T06:18:26Z
• ISSUE #35163: (SolarisYan) salt file.mkdir | refs: #35287 #35189
• PR #35287: (dere) 2016.3 | refs: #37391
• PR #35189: (dere) return value for file.mkdir instead of None | refs: #35287
• 798b2ac Merge pull request #37391 from rallytime/bp-35287
• 0e1ebea Simplify return value to "True".
• 13022c5 return value for mkdir instead of None
• PR #37279: (gtmanfred) initialize super class of NamespacedDictWrapper @ 2016-11-01T15:12:49Z
• ISSUE #37264: (junster1) Parsing __grains__ with json.dumps in a module is returning an empty dict in
2016.3.3 | refs: #37279
• 1a4833b Merge pull request #37279 from gtmanfred/2016.3
• 597f346 initialize super class of NamespacedDictWrapper
• PR #37351: (jfindlay) modules.mac_power: give macOS time to change setting | refs: #37426 @
2016-10-31T19:15:40Z
• 3511759 Merge pull request #37351 from jfindlay/mac_set
• 0c58056 modules.mac_power: give macOS time to change setting
• PR #37340: (cachedout) SIGILL -> SIGKILL in process test @ 2016-10-31T08:50:10Z
• 25c987e Merge pull request #37340 from cachedout/ill_kill_3
• a6b7417 SIGILL -> SIGKILL in process test
• PR #37306: (DmitryKuzmenko) Don't use os.wait() on subprocesses managed by multiprocessing. @
2016-10-31T06:55:30Z
• ISSUE #35480: (jelenak) 200 processes of salt-master (2016.3.2) | refs: #37306
• 7f16548 Merge pull request #37306 from DSRCorporation/bugs/35480_master_shutdown_no_process_error
• b6937eb Don't use os.wait() on subprocesses managed by multiprocessing.
• PR #37314: (rallytime) Document the existence of placementgroup option in ec2 driver @
2016-10-31T06:42:33Z
• ISSUE #34998: (exowaucka) placementgroup parameter for salt-cloud is undocumented | refs: #37314
• bf8ba97 Merge pull request #37314 from rallytime/fix-34998
• 39459ed Document the existence of placementgroup option in ec2 driver
• PR #37219: (alex-zel) Fix freeipa ldap groups @ 2016-10-28T04:33:37Z
• ISSUE #36148: (alex-zel) Eauth error with openLDAP groups | refs: #37219
• e0baf4b Merge pull request #37219 from alex-zel/fix-freeipa-ldap-groups
• b5b2e7e Remove trailing whitespaces
• 32f906b Add support for FreeIPA
Salt 2016.3.6 Release Notes
Version 2016.3.6 is a bugfix release for 2016.3.0.
Changes for v2016.3.5..v2016.3.6
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2017-03-22T20:18:54Z
Statistics:
• Total Merges: 118
• Total Issue references: 53
• Total PR references: 168
Changes:
• PR #39855: (Foxlik) Use regular expression instead of split when replacing authorized_keys @
2017-03-22T18:28:32Z
• ISSUE #39854: (Foxlik) quoted space in authorized_keys confuses ssh.py | refs: #39855
• c59ae9a Merge pull request #39855 from Foxlik/use_regex_to_compare_authorized_keys
• d46845a Add newline at end of file
• d4a3c8a Use regular expression instead of split when replacing authorized_keys
• PR #40221: (rallytime) Back-port #39179 to 2016.3 @ 2017-03-22T17:40:34Z
• PR #39179: (mcalmer) fix error parsing | refs: #40221
• fd10430 Merge pull request #40221 from rallytime/bp-39179
• 07dc2de fix error parsing
• PR #40206: (cro) Leave sign_pub_messages off by default. @ 2017-03-22T16:43:03Z
• ISSUE #40203: (frogunder) 2016.3.6. Minion don't connect to older master. | refs: #40206
• a27a2cc Merge pull request #40206 from cro/sign_pub_take2
• 01048de leave sign_pub_messages off on minion by default.
• a82b005 Leave sign_pub_messages off by default.
• PR #40193: (rallytime) Back-port #40117 to 2016.3 @ 2017-03-22T16:42:21Z
• PR #40117: (narendraingale2) Fix force remove | refs: #40193
• d1abb4c Merge pull request #40193 from rallytime/bp-40117
• cf18579 More optimization.
• 5a08266 Removed debug statemnt
• f557f7c Added fix for issue 39393
• bb62278 Reverting changes.
• a9107cd Added if condition for broken link.
• PR #40196: (twangboy) Update dependencies for PyOpenSSL @ 2017-03-22T16:40:46Z
• 0f1ff4d Merge pull request #40196 from twangboy/win_fix_deps
• 6761527 Update dependencies for PyOpenSSL
• PR #40184: (terminalmage) Link to minion start reactor example from FAQ. @ 2017-03-21T17:33:09Z
• b050151 Merge pull request #40184 from terminalmage/link-reactor-example
• a42be82 Link to minion start reactor example from FAQ.
• PR #40182: (terminalmage) Add support for "stopped" state to dockerng's mod_watch @
2017-03-21T15:40:29Z
• d4e6c58 Merge pull request #40182 from terminalmage/dockerng-mod_watch-stopped
• 4629a26 Add support for "stopped" state to dockerng's mod_watch
• PR #40171: (Ch3LL) additional PRs/issues for 2016.3.6 release notes @ 2017-03-20T22:14:17Z
• a0b4082 Merge pull request #40171 from Ch3LL/2016.3.6_release
• 9c6d8d8 additional PRs/issues for 2016.3.6 release notes
• PR #40120: (sergeizv) gce: Exclude GCENodeDriver objects from _expand_node result @
2017-03-20T21:44:42Z
• 33ba782 Merge pull request #40120 from sergeizv/gce-expand-node-fix
• 9d0fbe7 gce: Exclude GCENodeDriver objects from _expand_node result
• PR #40122: (meaksh) Adding "pkg.install downloadonly=True" support to yum/dnf execution module @
2017-03-20T21:44:15Z
• 4884397 Merge pull request #40122 from meaksh/2016.3-yum-downloadonly-support
• 067f3f7 Adding downloadonly support to yum/dnf module
• PR #40159: (cro) Turn on sign_pub_messages by default. @ 2017-03-20T21:00:49Z
• 60e1d4e Merge pull request #40159 from cro/sign_pub
• e663b76 Fix small syntax error
• 0a0f46f Turn on sign_pub_messages by default. Make sure messages with no 'sig' are dropped with
error when sign_pub_messages is True.
• PR #40123: (twangboy) Adds support for inet_pton in Windows to network util @ 2017-03-20T16:25:47Z
• 28e4fc1 Merge pull request #40123 from twangboy/win_fix_network
• 06dfd55 Adds support for inet_pton in Windows to network util
• PR #40141: (bobrik) Use the first address if cannot connect to any @ 2017-03-20T15:06:57Z
• ISSUE #39995: (frogunder) Head of Develop - Multimaster error | refs: #40141
• ISSUE #39118: (bobrik) Minion ipv6 option is not documented | refs: #39289
• PR #39289: (bobrik) Autodetect IPv6 connectivity from minion to master | refs: #39766 #40141
• 35ddb79 Merge pull request #40141 from bobrik/fallback-resolve
• af1545d Use the first address if cannot connect to any
• PR #40059: (terminalmage) Fix traceback when virtualenv.managed is invoked with nonexistent user @
2017-03-16T20:46:43Z
• 116201f Merge pull request #40059 from terminalmage/fix-virtualenv-traceback
• e3cfd29 Fix traceback when virtualenv.managed is invoked with nonexistent user
• PR #40090: (rallytime) Back-port #40056 to 2016.3 @ 2017-03-16T19:42:58Z
• PR #40056: (thatch45) update mention bot blacklist | refs: #40090
• a01b52b Merge pull request #40090 from rallytime/bp-40056
• ae012db update mention bot blacklist
• PR #40057: (cachedout) More mentionbot blacklists @ 2017-03-16T18:10:11Z
• d1570bb Merge pull request #40057 from cachedout/ollie_blacklist
• 0ac2e83 Merge branch '2016.3' into ollie_blacklist
• PR #40070: (Ch3LL) update 2016.3.6 release notes with additional PR's @ 2017-03-16T15:43:22Z
• d36bdb1 Merge pull request #40070 from Ch3LL/2016.3.6_release
• a1f8b49 update 2016.3.6 release notes with additional PR's
• PR #40018: (meaksh) Allow overriding 'timeout' and 'gather_job_timeout' to 'manage.up' runner call @
2017-03-15T19:43:01Z
• 8dcffc7 Merge pull request #40018 from meaksh/2016.3-handling-timeouts-for-manage.up-runner
• 9f5c3b7 Allow setting custom timeouts for 'manage.up' and 'manage.status'
• 2102d9c Allow setting 'timeout' and 'gather_job_timeout' via kwargs
• PR #40038: (velom) correctly parse "pkg_name===version" from pip freeze @ 2017-03-15T19:30:03Z
• 22fc529 Merge pull request #40038 from velom/fix-pip-freeze-parsing
• 3fae91d correctly parse "pkg_name===version" from pip freeze
• PR #40053: (gtmanfred) Update rh_ip.py @ 2017-03-15T18:57:32Z
• ISSUE #40036: (oogali) UnboundLocalError: local variable 'ifcfg' referenced before assignment | refs:
#40053
• 3584f93 Merge pull request #40053 from saltstack/rh_ip_patch
• 219947a Update rh_ip.py
• PR #40041: (terminalmage) Fix transposed lines in salt.utils.process @ 2017-03-15T17:58:24Z
• ISSUE #40011: (tsaridas) salt-minion does not shutdown properly 2016.11.3 rh6 | refs: #40041
• 837432d Merge pull request #40041 from terminalmage/issue40011
• 5b5d1b3 Fix transposed lines in salt.utils.process
• PR #40021: (Ch3LL) 2016.3.6 release notes with change log @ 2017-03-14T21:06:18Z
• ee7f3b1 Merge pull request #40021 from Ch3LL/2016.3.6_release
• f3e7e4f Add 2016.3.6 Release Notes
• PR #40016: (terminalmage) Attempt to fix failing grains tests in 2016.3 @ 2017-03-14T18:34:32Z
• 26895b7 Merge pull request #40016 from terminalmage/fix-grains-test
• 0ec81a4 Fixup a syntax error
• 5d84b40 Attempt to fix failing grains tests in 2016.3
• PR #39980: (vutny) [2016.3] Allow using bg kwarg for cmd.run state function @ 2017-03-14T17:16:14Z
• 0c61d06 Merge pull request #39980 from vutny/cmd-run-state-bg
• a81dc9d [2016.3] Allow using bg kwarg for cmd.run state function
• PR #39994: (rallytime) Add a versionadded tag for dockerng ulimits addition @ 2017-03-13T20:58:02Z
• ISSUE #39942: (Foxlik) Web Documentation not in sync with release 2016.11.3 | refs: #39994
• b042484 Merge pull request #39994 from rallytime/ulimits-dockerng-version
• 37bd800 Add a versionadded tag for dockerng ulimits addition
• PR #39988: (terminalmage) Add comment explaining change from #39973 @ 2017-03-13T18:37:29Z
• PR #39973: (terminalmage) Don't use docker.Client instance from context if missing attributes
• e125c94 Merge pull request #39988 from terminalmage/dockerng-timeout
• bd2519e Add comment explaining change from #39973
• PR #39973: (terminalmage) Don't use docker.Client instance from context if missing attributes @
2017-03-11T14:57:50Z
• cd0336e Merge pull request #39973 from terminalmage/dockerng-timeout
• 869416e Don't use docker.Client instance from context if missing attributes
• PR #39962: (cachedout) Disable mention bot delay on 2016.3 @ 2017-03-10T20:24:08Z
• 282c607 Merge pull request #39962 from cachedout/disable_mentionbot_delay_3
• 7a638f2 Disable mention bot delay on 2016.3
• 5592c68 More mentionbot blacklists
• PR #39937: (cachedout) Fix --non-gpg-checks in zypper module @ 2017-03-10T18:02:51Z
• 1e0c88a Merge pull request #39937 from cachedout/gpg_zypper
• 13ed0d1 Fix --non-gpg-checks in zypper module
• PR #39929: (terminalmage) Scrap event-based approach for refreshing grains (2016.3 branch) @
2017-03-09T22:03:16Z
• 4526fc6 Merge pull request #39929 from terminalmage/pr-39770-2016.3
• cf0100d Scrap event-based approach for refreshing grains
• PR #39919: (The-Loeki) CIDR matching supports IPv6, update docs @ 2017-03-09T16:03:00Z
• ISSUE #22080: (The-Loeki) CIDR matching for IPv6 / improve IPv6 support in utils.network | refs:
#39919
• 111110c Merge pull request #39919 from The-Loeki/patch-1
• 170cbad CIDR matching supports IPv6, update docs
• PR #39899: (techhat) Update cleanup function for azure @ 2017-03-08T23:28:33Z
• caf10e9 Merge pull request #39899 from techhat/cleanupdisks
• baf4579 Update cleanup function for azure
• PR #39871: (terminalmage) Squelch warning for pygit2 import @ 2017-03-07T20:40:18Z
• fcf95f3 Merge pull request #39871 from terminalmage/squelch-import-warning
• 2b2ec69 Squelch warning for pygit2 import
• PR #39794: (cachedout) Clean up errors which might be thrown when the monitor socket shuts down @
2017-03-04T16:12:37Z
• f223fa8 Merge pull request #39794 from cachedout/clean_monitor_socket_shutdown
• 2e683e7 Clean up errors which might be thrown when the monitor socket shuts down
• PR #39819: (terminalmage) Improve the Top File matching docs @ 2017-03-04T16:06:40Z
• 4002dc1 Merge pull request #39819 from terminalmage/top-file-matching-docs
• 7178e77 Improve the Top File matching docs
• PR #39820: (ni3mm4nd) Add missing apostrophe in Beacons topic documentation @ 2017-03-04T16:05:29Z
• c08aaeb Merge pull request #39820 from ni3mm4nd/beacons_topic_doc_typo
• 804b120 Add missing apostrophe
• PR #39826: (cachedout) Add group func to yubikey auth @ 2017-03-04T16:02:14Z
• cbd2a4e Merge pull request #39826 from cachedout/yubikey_fix
• 6125eff Add group func to yubikey auth
• PR #39624: (drawsmcgraw) Address issue 39622 @ 2017-03-03T15:59:04Z
• ISSUE #39622: (drawsmcgraw) boto_vpc.create_subnet does not properly assign tags | refs: #39624
• f575ef4 Merge pull request #39624 from drawsmcgraw/39622
• 13da50b Fix indention lint errors
• 5450263 Address issue 39622
• PR #39796: (cachedout) Stop the process manager when it no longer has processes to manage @
2017-03-02T23:03:13Z
• ISSUE #39119: (frogunder) Head of 2016.3 - Salt-Master uses 90 seconds to restart | refs: #39796
• 1f3619c Merge pull request #39796 from cachedout/master_shutdown
• e31d46c Stop the process manager when it no longer has processes to manage
• PR #39791: (gtmanfred) load runners if role is master @ 2017-03-02T19:43:41Z
• ISSUE #39333: (jagguli) Not Available error - Scheduling custom runner functions | refs: #39791
• ISSUE #38514: (githubcdr) Unable to schedule runners | refs: #39791
• 53341cf Merge pull request #39791 from gtmanfred/2016.3
• 3ab4f84 load runners if role is master
• PR #39784: (sergeizv) Fix 39782 @ 2017-03-02T16:08:51Z
• ISSUE #39782: (sergeizv) salt-cloud show_instance action fails on EC2 instances | refs: #39784
• ISSUE #33162: (jfindlay) Key error with salt.utils.cloud.cache_node and EC2 | refs: #33164 #39784
• PR #33164: (jfindlay) cloud.clouds.ec2: cache each named node | refs: #39784 #39784
• c234c25 Merge pull request #39784 from sergeizv/fix-39782
• b71c3fe Revert "cloud.clouds.ec2: cache each named node (#33164)"
• PR #39766: (rallytime) Restore ipv6 connectivity and "master: <ip>:<port>" support @
2017-03-02T02:55:55Z
• ISSUE #39336: (GevatterGaul) salt-minion fails with IPv6 | refs: #39766
• ISSUE #39118: (bobrik) Minion ipv6 option is not documented | refs: #39289
• PR #39289: (bobrik) Autodetect IPv6 connectivity from minion to master | refs: #39766 #40141
• PR #25021: (GideonRed) Introduce ip:port minion config | refs: #39766
• 4ee59be Merge pull request #39766 from rallytime/fix-ipv6-connection
• 65b2396 Restore ipv6 connectivity and "master: <ip>:<port>" support
• PR #39761: (cachedout) Properly display error in jboss7 state @ 2017-03-01T18:43:23Z
• ISSUE #33187: (usbportnoy) Deploy to jboss TypeError at boss7.py:469 | refs: #39170 #39761
• a24da31 Merge pull request #39761 from cachedout/issue_33187
• c2df29e Properly display error in jboss7 state
• PR #39728: (rallytime) [2016.3] Bump latest release version to 2016.11.3 @ 2017-02-28T18:07:44Z
• 0888bc3 Merge pull request #39728 from rallytime/update-release-ver-2016.3
• c9bc8af [2016.3] Bump latest release version to 2016.11.3
• PR #39619: (terminalmage) Add a function to simply refresh the grains @ 2017-02-28T00:20:27Z
• b52dbee Merge pull request #39619 from terminalmage/zd1207
• c7dfb49 Fix mocking for grains refresh
• 7e0ced3 Properly hand proxy minions
• 692c456 Add a function to simply refresh the grains
• PR #39487: (bobrik) Document default permission modes for file module @ 2017-02-24T23:49:00Z
• ISSUE #39482: (bobrik) file.managed and file mode don't mention default mode | refs: #39487
• 3f8b5e6 Merge pull request #39487 from bobrik/mode-docs
• 41ef69b Document default permission modes for file module
• PR #39641: (smarsching) Return runner return code in a way compatible with check_state_result @
2017-02-24T23:07:11Z
• ISSUE #39169: (blueyed) Using batch-mode with salt.state in orchestration runner considers all
minions to have failed | refs: #39641 #39641
• f7389bf Merge pull request #39641 from smarsching/issue-39169-2016.3
• 88c2d9a Fix return data structure for runner (issue #39169).
• PR #39633: (terminalmage) Fix misspelled argument in salt.modules.systemd.disable() @
2017-02-24T18:21:36Z
• fc970b6 Merge pull request #39633 from terminalmage/fix-systemd-typo
• ca54541 Add missing unit test for disable func
• 17109e1 Fix misspelled argument in salt.modules.systemd.disable()
• PR #39613: (terminalmage) Fix inaccurate documentation @ 2017-02-24T06:07:35Z
• 53e78d6 Merge pull request #39613 from terminalmage/fix-docs
• 9342eda Fix inaccurate documentation
• PR #39600: (vutny) state.file: drop non-relevant examples for source_hash parameter @
2017-02-23T16:55:27Z
• 4e2b852 Merge pull request #39600 from vutny/state-file-docs
• 9b0427c state.file: drop non-relevant examples for source_hash parameter
• PR #39584: (cachedout) A note in the docs about mentionbot @ 2017-02-23T15:12:13Z
• ed83420 Merge pull request #39584 from cachedout/mentionbot_docs
• 652044b A note in the docs about mentionbot
• PR #39583: (cachedout) Add empty blacklist to mention bot @ 2017-02-23T02:22:57Z
• d3e50b4 Merge pull request #39583 from cachedout/mentionbot_blacklist
• 62491c9 Add empty blacklist to mention bot
• PR #39579: (rallytime) [2016.3] Pylint: Remove unused import @ 2017-02-22T23:46:33Z
• 8352e6b Merge pull request #39579 from rallytime/fix-lint
• 65889e1 [2016.3] Pylint: Remove unused import
• PR #39578: (cachedout) Add mention-bot configuration @ 2017-02-22T23:39:24Z
• 43dba32 Merge pull request #39578 from cachedout/2016.3
• 344499e Add mention-bot configuration
• PR #39542: (twangboy) Gate ssh_known_hosts state against Windows @ 2017-02-22T20:16:41Z
• 8f7a0f9 Merge pull request #39542 from twangboy/gate_ssh_known_hosts
• c90a52e Remove expensive check
• 6d645ca Add __virtual__ function
• PR #39289: (bobrik) Autodetect IPv6 connectivity from minion to master | refs: #39766 #40141 @
2017-02-22T19:05:32Z
• ISSUE #39118: (bobrik) Minion ipv6 option is not documented | refs: #39289
• c109658 Merge pull request #39289 from bobrik/autodetect-ipv6
• 2761a1b Move new kwargs to the end of argument list
• 0df6b92 Narrow down connection exception to socket.error
• e8a2cc0 Do no try to connect to salt master in syndic config test
• af95786 Properly log address that failed to resolve or pass connection check
• 9a34fbe Actually connect to master instead of checking route availability
• c494839 Avoid bare exceptions in dns_check
• 29f3766 Rewrite dns_check to try to connect to address
• 55965ce Autodetect IPv6 connectivity from minion to master
• PR #39569: (s0undt3ch) Don't use our own six dictionary fixes in this branch @ 2017-02-22T18:59:49Z
• 3fb928b Merge pull request #39569 from s0undt3ch/2016.3
• 49da135 Don't use our own six dictionary fixes in this branch
• PR #39508: (dincamihai) Openscap @ 2017-02-22T18:36:36Z
• 91e3319 Merge pull request #39508 from dincamihai/openscap
• 9fedb84 Always return oscap's stderr
• 0ecde2c Include oscap returncode in response
• PR #39562: (terminalmage) Add ulimits to dockerng state/exec module @ 2017-02-22T16:31:49Z
• ISSUE #30802: (kjelle) Missing ulimits on docker.running / dockerng.running | refs: #39562
• fbe2194 Merge pull request #39562 from terminalmage/issue30802
• c503740 Add ulimits to dockerng state/exec module
• da42040 Try the docker-py 2.0 client name first
• 01d4a84 dockerng.get_client_args: Fix path for endpoint config for some versions of docker-py (#39544)
• PR #39544: (terminalmage) dockerng.get_client_args: Fix path for endpoint config for some versions of
docker-py
• PR #39498: (terminalmage) Resubmit PR #39483 against 2016.3 branch @ 2017-02-20T19:35:33Z
• dff35b5 Merge pull request #39498 from terminalmage/pr-39483
• 20b097a dockerng: compare sets instead of lists of security_opt
• PR #39497: (terminalmage) Two dockerng compatibility fixes @ 2017-02-19T17:43:36Z
• 6418e72 Merge pull request #39497 from terminalmage/docker-compat-fixes
• cbd0270 docker: make docker-exec the default execution driver
• a6a17d5 Handle docker-py 2.0's new host_config path
• PR #39423: (dincamihai) Openscap module @ 2017-02-17T18:31:04Z
• 9c4292f Merge pull request #39423 from dincamihai/openscap
• 9d13422 OpenSCAP module
• PR #39464: (gtmanfred) skip false values from preferred_ip @ 2017-02-16T22:48:32Z
• ISSUE #39444: (clem-compilatio) salt-cloud - IPv6 and IPv4 private_ips - preferred_ip sends False to
is_public_ip | refs: #39464
• 7dd2502 Merge pull request #39464 from gtmanfred/2016.3
• f829d6f skip false values from preferred_ip
• PR #39460: (cachedout) Fix mocks in win_disim tests @ 2017-02-16T19:27:48Z
• db359ff Merge pull request #39460 from cachedout/win_dism_test_fix
• e652a45 Fix mocks in win_disim tests
• PR #39426: (morganwillcock) win_dism: Return failure when package path does not exist @
2017-02-16T00:09:22Z
• 9dbfba9 Merge pull request #39426 from morganwillcock/dism
• a7d5118 Return failure when package path does not exist
• PR #39431: (UtahDave) Fix grains.setval performance @ 2017-02-15T23:56:30Z
• 5616270 Merge pull request #39431 from UtahDave/fix_grains.setval_performance
• 391bbec add docs
• 709c197 allow sync_grains to be disabled on grains.setval
• PR #39405: (rallytime) Update :depends: docs for boto states and modules @ 2017-02-15T17:32:08Z
• ISSUE #39304: (Auha) boto_s3_bucket documentation dependency clarification | refs: #39405
• 239e16e Merge pull request #39405 from rallytime/fix-39304
• bd1fe03 Update :depends: docs for boto states and modules
• PR #39411: (rallytime) Update external_cache docs with other configuration options @
2017-02-15T17:30:40Z
• ISSUE #38762: (oz123) Configuration information for custom returners | refs: #39411
• 415102f Merge pull request #39411 from rallytime/fix-38762
• e13febe Update external_cache docs with other configuration options
• 7e1803b Update docs on upstream EPEL7 pygit2/libgit2 issues (#39421)
• PR #39421: (terminalmage) Update docs on upstream EPEL7 pygit2/libgit2 issues
• 4ff13ac salt.fileserver.roots: Fix regression in symlink_list (#39409)
• PR #39409: (terminalmage) salt.fileserver.roots: Fix regression in symlink_list
• PR #39337: (terminalmage) Don't re-walk the roots fileserver in symlink_list() | refs: #39409
• PR #39362: (dincamihai) Add cp.push test @ 2017-02-14T18:42:11Z
• 8b8ab8e Merge pull request #39362 from dincamihai/cp-push-test-2016.3
• 91383c5 Add cp.push test
• PR #39380: (joe-niland) Quote numeric user names so pwd.getpwnam handles them properly @
2017-02-14T18:33:33Z
• 4b726f9 Merge pull request #39380 from joe-niland/quote-numeric-usernames
• c2edfdd Quote numeric user names so pwd.getpwnam handles them properly
• PR #39400: (meaksh) Prevents 'OSError' exception in case certain job cache path doesn't exist @
2017-02-14T18:27:04Z
• 1116d32 Merge pull request #39400 from meaksh/2016.3-fix-local-cache-issue
• e7e559e Prevents 'OSError' exception in case path doesn't exist
• PR #39300: (terminalmage) Replace more usage of str.format in the loader @ 2017-02-13T19:01:19Z
• PR #39227: (terminalmage) Loader optimzation | refs: #39300
• 6c854da Merge pull request #39300 from terminalmage/loader-optimization
• d3e5d15 Replace more usage of str.format in the loader
• PR #39337: (terminalmage) Don't re-walk the roots fileserver in symlink_list() | refs: #39409 @
2017-02-13T18:41:17Z
• 5286b5f Merge pull request #39337 from terminalmage/issue34428
• a7d2135 Don't re-walk the roots fileserver in symlink_list()
• PR #39339: (cro) Add link to external pillar documentation for clarification. @ 2017-02-13T18:40:13Z
• ce781de Merge pull request #39339 from cro/pillar_filetree_doc
• 410810c Clarification on external pillar usage.
• fa30143 Document the upstream RedHat bug with their pygit2 package (#39316)
• PR #39316: (terminalmage) Document the upstream RedHat bug with their pygit2 package
• PR #39313: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3 @ 2017-02-10T16:23:23Z
• PR #39296: (sergeizv) Whitespace fix in docs Makefile
• PR #39295: (sergeizv) Fix typo
• PR #39294: (sergeizv) Fix link in proxyminion guide
• PR #39293: (sergeizv) Grammar fix
• 9de559f Merge pull request #39313 from rallytime/merge-2016.3
• 0b8dddf Merge branch '2015.8' into '2016.3'
• fc551bc Merge pull request #39293 from sergeizv/grammar-fix
• 70f2b58 Rewrap paragraph
• e6ab517 Grammar fix
• 8a1b456 Merge pull request #39295 from sergeizv/typo-fix
• 5d9f36d Fix typo
• cfaafec Merge pull request #39296 from sergeizv/whitespace-fix
• 1d4c1dc Whitespace fix in docs Makefile
• 0b4dcf4 Merge pull request #39294 from sergeizv/fix-link
• 04bde6e Fix link in proxyminion guide
• dd3ca0e Fix #38595 - Unexpected error log from redis retuner in master's log (#39299)
• ISSUE #38595: (yue9944882) Redis ext job cache occurred error | refs: #38610 #38610
• PR #39299: (rallytime) Back-port #38610 to 2016.3
• PR #38610: (yue9944882) Fix #38595 - Unexpected error log from redis retuner in master's log | refs:
#39299
• PR #39297: (cro) Add doc to recommend pgjsonb for master job caches @ 2017-02-09T22:49:59Z
• f16027d Merge pull request #39297 from cro/pg_returner_docs
• 28bac64 Typo
• 19fedcd Add doc to recommend pgjsonb for master job caches
• PR #39286: (terminalmage) Allow minion/CLI saltenv/pillarenv to override master when compiling pillar @
2017-02-09T21:22:46Z
• 77e50ed Merge pull request #39286 from terminalmage/fix-pillarenv-precedence
• 3cb9833 Allow minion/CLI saltenv/pillarenv to override master when compiling pillar
• PR #39221: (lvg01) Fix bug 39220 @ 2017-02-09T18:12:29Z
• ISSUE #39220: (lvg01) state file.line skips leading spaces in content with mode:ensure and
indent:False | refs: #39221 #39221 #39221 #39221
• 5244041 Merge pull request #39221 from lvg01/fix-bug-39220
• e8a41d6 Removes to early content stripping (stripping is already done when needed with ident:true),
fixes #39220
• a4b169e Fixed wrong logic, fixes #39220
• 5a27207 Add warning for Dulwich removal (#39280)
• ISSUE #36913: (terminalmage) Support custom refspecs in GitFS | refs: #39210
• PR #39280: (terminalmage) Add warning for Dulwich removal
• PR #39210: (terminalmage) salt.utils.gitfs: remove dulwich support, make refspecs configurable |
refs: #39280
• 1b9217d Update jsonschema tests to reflect change in jsonschema 2.6.0 (#39260)
• PR #39260: (terminalmage) Update jsonschema tests to reflect change in jsonschema 2.6.0
• c1d16cc Better handling of enabled/disabled arguments in pkgrepo.managed (#39251)
• ISSUE #33536: (murzick) pkgrepo.managed does not disable a yum repo with "disabled: True" | refs:
#35055
• PR #39251: (terminalmage) Better handling of enabled/disabled arguments in pkgrepo.managed
• PR #35055: (galet) #33536 pkgrepo.managed does not disable a yum repo with "disabled: True" | refs:
#39251
• PR #39227: (terminalmage) Loader optimzation | refs: #39300 @ 2017-02-08T19:38:21Z
• 8e88f71 Merge pull request #39227 from terminalmage/loader-optimization
• c750662 Loader optimzation
• PR #39228: (gtmanfred) default to utf8 encoding if not specified @ 2017-02-08T19:36:57Z
• ISSUE #38856: (fhaynes) salt-cloud throws an exception when ec2 does not return encoding | refs:
#39228
• bc89b29 Merge pull request #39228 from gtmanfred/2016.3
• afee047 default to utf8 encoding if not specified
• PR #39231: (terminalmage) Add clarification for jenkins execution module @ 2017-02-08T19:34:45Z
• d9b0671 Merge pull request #39231 from terminalmage/clarify-jenkins-depends
• ad1b125 Add clarification for jenkins execution module
• PR #39232: (terminalmage) Avoid recursion in s3/svn ext_pillars @ 2017-02-08T19:33:28Z
• ddcff89 Merge pull request #39232 from terminalmage/issue21342
• c88896c Avoid recursion in s3/svn ext_pillars
• ef4e437 Fix the win_ip_test failures (#39230)
• ISSUE #38697: (fboismenu) On Windows, ip.get_all_interfaces returns at most 2 DNS/WINS Servers |
refs: #38793
• PR #39230: (rallytime) Fix the win_ip_test failures
• PR #38793: (fboismenu) Fix for #38697 | refs: #39197 #39230
• PR #39199: (rallytime) Back-port #39170 to 2016.3 @ 2017-02-07T16:19:32Z
• ISSUE #33187: (usbportnoy) Deploy to jboss TypeError at boss7.py:469 | refs: #39170 #39761
• PR #39170: (grep4linux) Added missing source_hash_name argument in get_managed function | refs:
#39199
• df5f934 Merge pull request #39199 from rallytime/bp-39170
• c129905 Added missing source_hash_name argument in get_managed function Additional fix to #33187
Customer was still seeing errors, this should now work. Tested with 2015.8.13 and 2016.11.2
• PR #39206: (cachedout) Ignore empty dicts in highstate outputter @ 2017-02-07T16:11:36Z
• ISSUE #37174: (mikeadamz) The State execution failed to record the order in which all states were
executed spam while running pkg.upgrade from orchestration runner | refs: #39206
• 2621c11 Merge pull request #39206 from cachedout/issue_issue_37174
• be31e05 Ignore empty dicts in highstate outputter
• PR #39209: (terminalmage) Sort the return list from the fileserver.envs runner @ 2017-02-07T16:07:08Z
• dd44045 Merge pull request #39209 from terminalmage/sorted-envs
• e6dda4a Sort the return list from the fileserver.envs runner
• 7bed687 [2016.3] Pylint fix (#39202)
• PR #39202: (rallytime) [2016.3] Pylint fix
• PR #39197: (cachedout) Pr 38793 @ 2017-02-06T19:23:12Z
• ISSUE #38697: (fboismenu) On Windows, ip.get_all_interfaces returns at most 2 DNS/WINS Servers |
refs: #38793
• PR #38793: (fboismenu) Fix for #38697 | refs: #39197 #39230
• ab76054 Merge pull request #39197 from cachedout/pr-38793
• f3d35fb Lint fixes
• 624f25b Fix for #38697
• PR #39166: (Ch3LL) fix boto ec2 module create_image doc @ 2017-02-06T18:27:17Z
• fa45cbc Merge pull request #39166 from Ch3LL/fix_boto_ec2_docs
• 90af696 fix boto ec2 module create_image doc
• PR #39173: (rallytime) Restore "Salt Community" doc section @ 2017-02-06T18:19:11Z
• PR #30770: (jacobhammons) Doc restructuring, organization, and cleanup | refs: #39173
• PR #10792: (cachedout) Documentation overhaul | refs: #39173
• a40cb46 Merge pull request #39173 from rallytime/restore-community-docs
• 5aeddf4 Restore "Salt Community" doc section
• 9de08af Apply fix from #38705 to 2016.3 branch (#39077)
• ISSUE #38704: (nasenbaer13) Archive extracted fails when another state run is queued | refs: #38705
• PR #39077: (terminalmage) Apply fix from #38705 to 2016.3 branch
• PR #38705: (nasenbaer13) Fix for #38704 archive extracted and dockerio states
• da3053e update vmware getting started doc (#39146)
• PR #39146: (gtmanfred) update vmware getting started doc
• e78ca0f Fixing a weird edge case when using salt syndics and targetting via pillar. Without this fix
the master of masters ends up in an infinite loop since the data returned from the minions is
differently structured than if a sync was not in use. (#39145)
• PR #39145: (garethgreenaway) [2016.3] Fix when targeting via pillar with Salt syndic
• PR #38804: (alexbleotu) Second attempt to fix prepending of root_dir to paths @ 2017-02-02T16:10:37Z
• ISSUE #2016: (seanchannel) status.custom failing on any arguments
• ISSUE #3: (thatch45) libvirt module
• ISSUE #1: (thatch45) Enable regex on the salt cli
• cd8077a Merge pull request #38804 from alexbleotu/root_dir_`fix-2016`_.3-gh
• b3bdd3b Add missing whiteline
• c7715ac Merge pull request #3 from cro/ab_rootdirfix
• e8cbafa When running testsuite, salt.syspaths.ROOT_DIR is often empty.
• b12dd44 Merge pull request #1 from cro/ab_rootdirfix
• bffc537 Remove extra if statements (rstrip will check for the presence anyway).
• 97521b3 Second attempt to fix prepending of root_dir to paths
• 6ffeda3 Clarify ipv6 option for minion and interface for master, closes #39118 (#39131)
• ISSUE #39118: (bobrik) Minion ipv6 option is not documented | refs: #39289
• PR #39131: (bobrik) Clarify ipv6 option for minion and interface for master, closes #39118
• 646b9ea Don't abort pillar.get with merge=True if default is None (#39116)
• PR #39116: (terminalmage) Don't abort pillar.get with merge=True if default is None
• PR #39091: (terminalmage) Run test_valid_docs in batches @ 2017-02-01T19:09:05Z
• cc9b69b Merge pull request #39091 from terminalmage/update-test-valid-docs
• d76f038 add debug logging for batch vars
• b4afea2 Don't fail test if data is empty
• b3a5d54 Account for trimmed value in 'salt -d' output
• 909916c Run test_valid_docs in batches
• bcee3d1 Move fileclient tests to tests/integration/fileserver/fileclient_test.py (#39081)
• PR #39081: (terminalmage) Move fileclient tests to tests/integration/fileserver/fileclient_test.py
• 122422b Bump openstack deprecation notice to Oxygen (#39067)
• PR #39067: (rallytime) Bump openstack deprecation notice to Oxygen
• PR #39047: (rallytime) [2016.3] Merge forward from 2015.8 to 2016.3 @ 2017-01-30T23:48:14Z
• PR #39046: (rallytime) Add 2015.8.14 release notes file
• PR #39037: (rallytime) Update 2015.8.13 release notes
• a24af5a Merge pull request #39047 from rallytime/merge-2016.3
• b732a1f Merge branch '2015.8' into '2016.3'
• 56ccae6 Add 2015.8.14 release notes file (#39046)
• 5943fe6 Update 2015.8.13 release notes (#39037)
• fef1b11 Add 2016.3.6 release notes file (#39045)
• PR #39045: (rallytime) Add 2016.3.6 release notes file
• 7c43f4a [2016.3] Update release numbers for doc build (#39042)
• PR #39042: (rallytime) [2016.3] Update release numbers for doc build
• ff32459 Update 2016.3.5 release notes (#39038)
• PR #39038: (rallytime) Update 2016.3.5 release notes
• PR #39028: (terminalmage) Clarify delimiter argument @ 2017-01-30T18:20:26Z
• 5b09dc4 Merge pull request #39028 from terminalmage/clarify-delimiter-argument
• f29ef07 Clarify delimiter argument
• 1ff359f Add CLI Example for rest_sample_utils.get_test_string function (#39030)
• PR #39030: (rallytime) Back-port #38972 to 2016.3
• PR #38972: (rallytime) Add CLI Example for rest_sample_utils.get_test_string function | refs: #39030
• f13fb9e Enable __proxy__ availability in states, highstate, and utils. Enable __utils__ availability in
proxies. (#38899)
• ISSUE #38753: (alexbleotu) __proxy__ dunder is not injected when invoking the salt variable in sls
files | refs: #38899 #38829
• ISSUE #38557: (alexbleotu) Proxy not working on develop | refs: #38829
• ISSUE #38265: (mirceaulinic) __utils__ object not available in proxy module | refs: #38899 #38829
#38829
• ISSUE #32918: (mirceaulinic) Proxy minions reconnection | refs: #38829
• PR #38899: (cro) Enable __proxy__ availability in states, highstate, and utils. Enable __utils__ for
proxies.
• PR #38829: (cro) MANY dunder variable fixes for proxies + proxy keepalive from @mirceaulinic | refs:
#38899
• PR #37864: (mirceaulinic) Proxy keepalive feature | refs: #38829
• PR #38951: (DmitryKuzmenko) Keep the only one record per module-function in depends decorator. @
2017-01-27T17:05:42Z
• ISSUE #37938: (johje349) Memory leak in Reactor | refs: #38951
• ISSUE #33890: (hvnsweeting) salt memleak when running state.sls | refs: #38951
• da96221 Merge pull request #38951 from DSRCorporation/bugs/37938_fix_depends_decorator_memleak
• 0b18f34 Keep the only one record per module-function in depends decorator.
• PR #38982: (rallytime) Set response when using "GET" method in s3 utils @ 2017-01-27T17:04:48Z
• ISSUE #34780: (joehoyle) S3fs broken in 2016.3.1 | refs: #38982
• 85165ed Merge pull request #38982 from rallytime/fix-34780
• 1583c55 Set response when using "GET" method in s3 utils
• PR #38989: (anlutro) Documentation: fix SLS in environment variable examples @ 2017-01-27T17:00:08Z
• cfdbc99 Merge pull request #38989 from alprs/docfix-state_pt3_environ
• 52a9ad1 fix SLS in environment variable examples
• PR #39000: (rallytime) Skip the test_badload test until Jenkins move is complete @ 2017-01-27T16:58:21Z
• 55e4d25 Merge pull request #39000 from rallytime/skip-badload-test
• 4b3ff0f Skip the test_badload test until Jenkins move is complete
• PR #38995: (terminalmage) Fix pillar.item docstring @ 2017-01-27T16:58:00Z
• fe054eb Merge pull request #38995 from terminalmage/fix-pillar.item-docstring
• 06d094d Fix pillar.item docstring
• PR #38950: (mbom2004) Fixed Logstash Engine in file logstash.py @ 2017-01-26T19:10:07Z
• ISSUE #34551: (mbom2004) salt.engines.logstash not loading | refs: #38950
• b66b6f6 Merge pull request #38950 from mbom2004/2016.3
• c09f39d Remove unused json import
• 249efa3 Fixed Logstash Engine in file logstash.py
• a6c6e47 Handle changing "is_default" value in moto package for boto test mock (#38973)
• PR #38973: (rallytime) Handle changing "is_default" value in moto package for boto test mock
• PR #38952: (terminalmage) Make the ext_pillars available to pillar.ext tunable @ 2017-01-26T19:01:56Z
• b965b5d Merge pull request #38952 from terminalmage/zd1168
• 6b014e5 Rename on_demand_pillar to on_demand_ext_pillar
• d216f90 Document new on_demand_pillar option and add to config template
• 426b20f Add documentation for on-demand pillar to pillar.ext docstring
• 7b10274 Make on-demand ext_pillars tunable
• d54723c Add on_demand_pillar config option
• PR #38948: (rallytime) Bump the template context deprecation version to Oxygen @ 2017-01-25T19:45:59Z
• ISSUE #35777: (rallytime) Properly deprecate template context data in Oxygen | refs: #38948
• 2c4ad85 Merge pull request #38948 from rallytime/bump-template-context-deprecation
• 749e003 Bump the template context deprecation version to Oxygen
• PR #38946: (rallytime) Back-port #37632 to 2016.3 @ 2017-01-25T19:40:40Z
• PR #37632: (twangboy) Fix versions report for Windows Server platforms | refs: #38946
• e4514ca Merge pull request #38946 from rallytime/bp-37632
• ee37cda Fix some lint
• c08071e Fix versions report for server OSs
• PR #38913: (Adaephon-GH) Ignore plist files without Label key @ 2017-01-25T19:07:27Z
• 953a203 Merge pull request #38913 from Adaephon-GH/patch-1
• e2f4a16 Removing trailing whitespace
• 616292c Ignore plist files without Label key
• PR #38917: (twangboy) Update Jinja2 to 2.9.4 @ 2017-01-25T19:05:38Z
• 826dce1 Merge pull request #38917 from twangboy/update_jinja_mac
• 62e608b Update Jinja2 to 2.9.4
• PR #38925: (terminalmage) Fix two wheel issues in netapi @ 2017-01-25T18:28:52Z
• ISSUE #38540: (amendlik) API wheel client throws exception and success=true | refs: #38925
• ISSUE #38537: (amendlik) API client wheel_async always returns status 500 | refs: #38925
• b27733c Merge pull request #38925 from terminalmage/issue38540
• 76392fc Fix traceback when a netapi module uses wheel_async
• bd4474f Fix 'success' value for wheel commands
• PR #38926: (gtmanfred) add note about pysss for pam eauth @ 2017-01-25T18:12:20Z
• 618596f Merge pull request #38926 from gtmanfred/2016.3
• 9cae953 add note about pysss for pam eauth
• PR #38847: (terminalmage) Catch MinionError in file.source_list @ 2017-01-24T16:03:10Z
• ISSUE #38825: (IshMalik) file.managed multiple sources for redundency failure | refs: #38847
• 405d86a Merge pull request #38847 from terminalmage/issue38825
• 11a4780 Use log.exception() instead
• e40fac5 Catch MinionError in file.source_list
• PR #38875: (terminalmage) Reactor: fix traceback when salt:// path is nonexistent @
2017-01-24T15:23:39Z
• ISSUE #36121: (Ashald) TemplateNotFound/Unable to cache file | refs: #38875
• b5df104 Merge pull request #38875 from terminalmage/issue36121
• fbc4d2a reactor: ensure glob_ref is a string
• 2e443d7 cp.cache_file: add note re: return for nonexistent salt:// path
• PR #38890: (cro) Backport #38887 to 2016.3: Enable resetting a VM via salt-cloud & VMware driver @
2017-01-24T15:15:35Z
• ISSUE #37413: (Snarfingcode666) Salt-cloud vmware missing reboot command | refs: #38890
• e9ebec4 Merge pull request #38890 from cro/vmware_reset_vm_20163
• 0146562 Call correct function for resetting a VM
• PR #38883: (techhat) Don't require text_out path to exist @ 2017-01-23T18:20:42Z
• PR #38867: (mchugh19) Touch deploy.sh before use | refs: #38883
• PR #32026: (techhat) Don't require the decode_out file to already exist | refs: #38883
• c3fbfcd Merge pull request #38883 from techhat/dontrequire
• 67bc4d6 Don't require text_out path to exist
• PR #38851: (terminalmage) Support docker-py 2.0 in dockerng @ 2017-01-23T16:48:12Z
• 6430a45 Merge pull request #38851 from terminalmage/docker-py-2.0
• 3c061b2 Support docker-py 2.0 in dockerng
• PR #38844: (cachedout) Fix memory leak in HTTP client @ 2017-01-20T20:59:14Z
• ac8008d Merge pull request #38844 from cachedout/http_memory_leak
• c46bf85 Fix memory leak in HTTP client
• PR #38823: (gtmanfred) pass pillar to compound matcher in match module @ 2017-01-20T19:19:09Z
• ISSUE #38798: (ripta) match.compound fails to match when pillar data is used | refs: #38823
• dfe6dfe Merge pull request #38823 from gtmanfred/2016.3
• f0a71e8 pass pillar to compound matcher in match module
Salt 2016.3.7 Release Notes
Version 2016.3.7 is a bugfix release for 2016.3.0.
Changes for v2016.3.6..v2016.3.7
Security Fix
CVE-2017-12791 Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master
Correct a flaw in minion id validation which could allow certain minions to authenticate to a master
despite not having the correct credentials. To exploit the vulnerability, an attacker must create a
salt-minion with an ID containing characters that will cause a directory traversal. Credit for
discovering the security flaw goes to: Vernhk@qq.com
Salt 2016.3.8 Release Notes
Version 2016.3.8 is a bugfix release for 2016.3.0.
Changes for v2016.3.7..v2016.3.8
Security Fix
CVE-2017-14695 Directory traversal vulnerability in minion id validation in SaltStack. Allows remote
minions with incorrect credentials to authenticate to a master via a crafted minion ID. Credit for
discovering the security flaw goes to: Julian Brost (julian@0x4a42.net)
CVE-2017-14696 Remote Denial of Service with a specially crafted authentication request. Credit for
discovering the security flaw goes to: Julian Brost (julian@0x4a42.net)
Salt 2016.3.9 Release Notes
Version 2016.3.9 is a bugfix release for 2016.3.0.
Changes for v2016.3.7..v2016.3.9
New master configuration option allow_minion_key_revoke, defaults to True. This option controls whether
a minion can request that the master revoke its key. When True, a minion can request a key revocation
and the master will comply. If it is False, the key will not be revoked by the msater.
New master configuration option require_minion_sign_messages This requires that minions cryptographically
sign the messages they publish to the master. If minions are not signing, then log this information at
loglevel 'INFO' and drop the message without acting on it.
New master configuration option drop_messages_signature_fail Drop messages from minions when their
signatures do not validate. Note that when this option is False but require_minion_sign_messages is True
minions MUST sign their messages but the validity of their signatures is ignored.
New minion configuration option minion_sign_messages Causes the minion to cryptographically sign the
payload of messages it places on the event bus for the master. The payloads are signed with the minion's
private key so the master can verify the signature with its public key.
Salt 2015.8.0 Release Notes - Codename Beryllium
2015.8.0 Detailed Change List
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs)
Generated at: 2015-09-09T18:15:43Z
This list includes all pull requests merged into the 2015.8 branch between the forking of the branch from
develop and the release of 2015.8.0.
Statistics:
• Total Merges: 682
• Total Issue references: 342
• Total PR references: 866
Pull Requests:
• #26993: (whiteinge) Backport #26975
• #26970: (cachedout) Revert "better path query parsing in fileserver"
• #26980: (terminalmage) Use human-readable cachedirs for gitfs-backed winrepo
• #26969: (TheBigBear) URL of salt windows downloads has changed
• #26968: (TheBigBear) URL of salt windows downloads has changed
• #26958: (s0undt3ch) Bradthurber bootstrap command line help doc update
• #26949: (rallytime) Back-port #25148 to 2015.8
• #26914: (cro) Add salt-proxy script and manpage to setup.py so they will get installed.
• #26909: (terminalmage) Don't try to git clone from /tmp on Windows
• #26910: (s0undt3ch) Sometimes the event system is just too fast
• #26905: (s0undt3ch) Exit the loop if run_once is true
• #26897: (msteed) spm file hash part deux
• #26900: (s0undt3ch) If no tag is passed, don't actually subscribe to anything.
• #26880: (s0undt3ch) Restore backwards compatibility to salt.utils.event
• #26896: (msteed) spm remove: use pkgfiles to calculate file hashes
• #26891: (jtand) Fixed an unboundlocalerror
• #26892: (cachedout) Make the testing ioloop the current one
• #26886: (jtand) Gets the azure version correctly on python-azure 1.0.0
• #26870: (rallytime) Back-port #26834 to 2015.8
• #26865: (dmurphy18) Fix apt preferences for apts, repos for pbuilder building for Debian
• #26873: (terminalmage) Properly handle getting local config values in older git versions
• #26869: (rallytime) Fix provider --> driver change for salt-cloud lxc
• #26858: (terminalmage) Fix a couple version checks for git state and execution module
• #26853: (UtahDave) Fix salt-cloud on windows
• #26852: (basepi) [2015.8] Only reference msgpack if it imported successfully
• #26835: (terminalmage) Backport #26572 to 2015.8
• #26836: (jacobhammons) Added rst source for salt-proxy man page, added build and copy lines …
• #26818: (terminalmage) Support empty repositories in git.latest
• #26819: (rallytime) Make sure we're calling _validate_name in the correct place in 2015.8 Linode driver
• #26841: (l2ol33rt) Fix reference before assignment in sqs engine
• #26822: (terminalmage) Add some missing imports for masterless winrepo
• #26831: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• #26826: (techhat) Pass a package name to unregister_file()
• #26757: (cachedout) Fix various filehandle leaks
• #26816: (gtmanfred) rev defaults to HEAD
• #26801: (jacobhammons) Added doc for dockerng minion configuration options
• #26808: (anlutro) Fix git init argument formatting
• #26807: (terminalmage) Move salt.utils.itersplit() to salt.utils.itertools.split()
• #26796: (jacobhammons) Add doc for __states__
• #26764: (sjorge) salt.utils.is_proxy() is no longer always true on SunOS/Illumos/SmartOS
• #26772: (sjorge) pull in smartos 'virt' module from develop
• #26726: (terminalmage) Redact HTTPS Basic Auth in states/funcs which deal with git remotes
• #26769: (terminalmage) Use --track to set tracking branch on older git versions
• #26765: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• #26761: (sjorge) fix SPM paths on smartos/illumos esky
• #26751: (terminalmage) Fixes for masterless winrepo
• #26745: (rallytime) Make sure pyrax configs are in place before checking for deps
• #26746: (rallytime) Make sure nova configs are set before checking for dependencies
• #26750: (basepi) [2015.8] Add __utils__ to state modules
• #26752: (cro) Fix typo in some diagram labels
• #26747: (basepi) [2015.8] Add __states__ to state modules, for cross-calling states
• #26744: (basepi) [2015.8] Fix issue from #26717
• #26737: (dmurphy18) Fix to allow for package naming other than just salt
• #26742: (rallytime) Only warn about vsphere deprecation if vsphere is configured
• #26733: (sjorge) Refactor of smartos_vmadm module
• #26735: (s0undt3ch) Add .hg and .cvs to spm_build_exclude
• #26720: (UtahDave) Updates for winrepo in 2015.8 to support jinja, while maintaining backwards compat
• #26719: (jodv) Backport 26532 to 2015.8
• #26721: (rallytime) Linode Driver Cleanup
• #26707: (techhat) Add top_level_dir to FORMULAs
• #26723: (s0undt3ch) Handle SPM paths in the setup script
• #26717: (basepi) [2015.8] Revert loader changes from #26645
• #26712: (techhat) Move SPM paths around
• #26680: (TheBigBear) add more python libs info in '--versions-report'
• #26716: (terminalmage) Allow git identity to be a list
• #26691: (garethgreenaway) Fixes to ipset module for 2015.8
• #26701: (kev009) Ignore the first element of kern.disks split, which is the sysctl name (new disks
grain)
• #26678: (terminalmage) Restructure git.latest rewrite to work better when following HEAD
• #26679: (rallytime) Back-port #26661 to 2015.8
• #26684: (techhat) Add reactor formulas to spm
• #26682: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• #26671: (rallytime) Warn users if cloud driver dependencies are missing.
• #26674: (rallytime) Back-port #26583 to 2015.8
• #26670: (techhat) Set up SPM to install -conf packages
• #26657: (jfindlay) top file compilation fixes
• #26659: (TheBigBear) minor doc edits - spelling
• #26654: (jfindlay) merge
`#26650`_
• #26567: (jtand) Added git version check to git module
• #26649: (twangboy) Fixed Lint for real in win_repo.py
• #26608: (jacobhammons) 2015.8.0 release notes and doc/conf.py updates
• #26646: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• #26645: (rallytime) Back-port #26390 to 2015.8
• #26642: (twangboy) Added function to render winrepo Jinja
• #26625: (twangboy) Correctly detect packages with no version, docs
• #26575: (msteed) Update spm for integration into raas
• #26635: (cro) Don't report windows as a proxy.
• #26622: (rallytime) [2015.8] Also add -Z to script args for cloud tests
• #26619: (rallytime) Apply cloud test fixes from 2015.5 to 2015.8
• #26603: (terminalmage) Fixes for git.latest, git module integration tests, etc.
• #26577: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• #26534: (cachedout) Bump required Tornado version to 4.2.1
• #26566: (cachedout) Don't stacktrace trying to publish without a master
• #26541: (terminalmage) Make winrepo execution module use the same code as the runner
• #26530: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• #26570: (cachedout) Fix haproxy docs to be valid
• #26562: (cachedout) Fix suprious error message with systemd-detect
• #26557: (jfindlay) add docs to #26550
• #26544: (nmadhok) Do not raise KeyError when calling avail_images if VM/template is in disconnected
state
• #26501: (terminalmage) Update git_pillar docs, add git.list_worktrees function
• #26521: (terminalmage) Work around upstream git bug when cloning repo as root
• #26518: (krak3n) Fix for
`#25492`_
• #26514: (evverx) Unmask a runtime masked services too
• #26529: (mnalt) bugfix: fix service.enable for missing rc.conf
• #26516: (techhat) Move more path operations into SPM loader
• #26533: (cachedout) Fix too aggressive even init check
• #26522: (cro) Do not load package provider if its not a proxy
• #26531: (cachedout) Fix failing event tests and modify event init
• #26433: (cro) Add support for default proxy config options, change default location of proxy config and
log to /etc/salt/proxy and /var/log/proxy
• #26504: (nmadhok) [Backport] Adding ability to specify the virtual hardware version when creating VM
• #26517: (cachedout) Better fix for opensuse tornado httpclient
• #26479: (rallytime) Don't allow VMs with duplicate names to be created in EC2/AWS
• #26488: (cachedout) Don't pass unsupported kwarg to tornado
• #26451: (terminalmage) Use 'rpm -qa' instead of repoquery to list installed packages
• #26491: (jacobhammons) doc site css fix for tiny fonts that appeared in code or pre tags in …
• #26442: (rallytime) Hide API Key from debug logs for Linode Driver
• #26441: (rallytime) Refactor a few linode functions to be useful with salt-cloud command
• #26485: (s0undt3ch) One more missed typo
• #26495: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• #26492: (cachedout) Fix schedule test error on py26
• #26489: (cachedout) Fixing more tarfile tests on py2.6
• #26475: (cachedout) Better object checking on asyncreq cleanup
• #26477: (cachedout) Fix integration.modules.git.GitModuleTest.test_archive on py26
• #26469: (jtand) --annotate and --message aren't valid options in older versions of git.
• #26439: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• #26464: (rallytime) Back-port #26456 to 2015.8
• #26463: (rallytime) Back-port #26455 to 2015.8
• #26449: (s0undt3ch) The CLI options are not meant to include underscores.
• #26270: (sjorge) salt.modules.network now supports SmartOS and SunOS < Solaris 11
• #26436: (TheBigBear) minor edits
• #26410: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• #26427: (anlutro) git.latest with no rev: fix concatenation error (NoneType and str)
• #26307: (cachedout) Fix bug in top file ordering
• #26428: (cro) Update docs to reflect new pillar structure
• #26429: (cachedout) Add release note regarding tcp transport on freebsd
• #26418: (driskell) Fix forward-merged caching from 2015.5 into 2015.8 to be compatible with the new
match_func
• #26252: (DmitryKuzmenko) Issues/24048 http client 2015.8
• #26413: (evverx) Fix service.{start,restart,reload,force-reload} for masked services
• #26393: (dmurphy18) Added option parameters to make_repo to allow for configuration settings
• #26422: (TheBigBear) no dots in SLS filename __AND__ any directories (incl git repos)
• #26323: (0xf10e) Fix Credentials used in glance Exec Module
• #26341: (terminalmage) Rewrite git state and execution modules
• #26419: (terminalmage) Only use pygit2.errors if it exists
• #26423: (eliasp) doc - Correct function name for peer configuration
• #26401: (cachedout) Adapt proxy minion to tornado (w/lint)
• #26400: (rallytime) Back-port #26318 to 2015.8
• #26397: (s0undt3ch) A single isinstance() check for all types is enough
• #26385: (gtmanfred) don't require volume endpoint in nova driver
• #26287: (techhat) Break out SPM components into loaders
• #26384: (TheBigBear) Fix shell quoting for cmd.run
• #26391: (rallytime) Back-port #26367 to 2015.8
• #26383: (rallytime) Allow the creation of a VM without a profile
• #26375: (s0undt3ch) [2015.8] Schema DictItem required attribute fixes
• #26363: (garethgreenaway) Fixes to mount state 2015.8
• #26347: (0xf10e) Load 'pkgng' as 'pkg' on FreeBSD 9 when providers:pkg == 'pkgng'
• #26361: (TronPaul) sign security token
• #26346: (TronPaul) Fix s3 using IAM credentials
• #26331: (mnalt) fix bug in sysrc to allow for empty rc variables
• #26334: (rallytime) Call salt.utils.cloud.bootstrap in GCE Driver provisioning
• #26308: (dmurphy18) Support for environment overrides building packages
• #26279: (TheScriptSage) Merge changes for pull`#26083`_ and pull`#25632`_ into 2015.8
• #26224: (cachedout) Cleanup of a few cases to move to salt.utils.fopen
• #26260: (nmadhok) Correct spelling of integration in docs
• #26226: (rallytime) Fix
`#25463`_
• #26248: (nmadhok) Initial commit of unit tests for vmware cloud driver
• #26228: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• #26244: (nmadhok) Backport additions to VMware cloud driver from develop to 2015.8 branch
• #26235: (sjorge) salt.utils.is_smartos_zone, inverse of is_smartos_globalzone
• #26221: (sjorge) SmartOS grain fixes
• #26218: (terminalmage) Add warning about file.recurse unicode errors with vim swap files.
• #26214: (rallytime) Back-port #24878 to 2015.8
• #26211: (techhat) Move SPM to its own directory
• #26197: (TronPaul) Fix GitFS when whitelisting base
• #26200: (anlutro) Make it possible to run salt-cloud as current user
• #26201: (kev009) Avoid VBOX storage emulation bugs in FreeBSD disks grain
• #26188: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• #26194: (basepi) Allow virtual grains to be generated even if virt-what is not available
• #26176: (rallytime) Back-port #26165 to 2015.8
• #26169: (terminalmage) Fix attribute error in gitfs' find_file functions
• #26170: (nmadhok) [Backport] Make sure variable is a dictionary before popping something from it.
• #26143: (nmadhok) VMware cloud driver fixes [forward port from 2015.5 into 2015.8]
• #26173: (jacobhammons) Updates to cloud docs for the provider > driver change
• #26125: (evverx) Use timedatectl set-timezone to tzsetting if available
• #26145: (sjorge) smartos_imgadm cleanup
• #26148: (terminalmage) Refactor winrepo support
• #26128: (sjorge) imgadm.avail should return multiple results
• #26109: (jfindlay) fix quote indent
• #26089: (anlutro) User state/module: fix coercing of None into string "None" in GECOS
• #26081: (cachedout) Move invocation routine up
• #26086: (rallytime) Back-port #26019 to 2015.8
• #26087: (rallytime) Back-port #26059 to 2015.8
• #26052: (jtand) Rh_ip fix
• #26078: (cachedout) Fix missing key in error return
• #26074: (basepi) [2015.8] Re-apply #25358 in 2015.8
• #26069: (jfindlay) fix win_firewall.delete_rule
• #26066: (s0undt3ch) [2015.8] Update to latest bootstrap stable release v2015.06.08
• #26049: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• #26026: (anlutro) Fix httpasswd result false positive in test mode
• #26037: (rallytime) Back-port #25489 to 2015.8
• #26004: (techhat) Allow updating a single SPM repo at a time
• #26012: (cachedout) Merge kwargs into opts for tcp client
• #26007: (anlutro) file.managed: wrap os.remove in if isfile, don't remove on success
• #26009: (terminalmage) Add winrepo and dockerng information to 2015.8.0 release notes
• #26006: (basepi) Revert #25727 in favor of #25645
• #26001: (cachedout) Fix failing tests
• #25978: (anlutro) Correct service state changes in test mode
• #25982: (sjorge) salt.modules.smartos_* limit to global zone only
• #25989: (rallytime) Back-port #25832 to 2015.8
• #25988: (cachedout) Move #25642 to 2015.8
• #25999: (s0undt3ch) Include subschema defaults
• #25997: (s0undt3ch) Allow getting a defaults dictionary from schema defaults
• #25979: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• #25902: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• #25956: (anlutro) Fix user argument to cron functions
• #25946: (sjorge) Fix for salt.utils.decorators under esky
• #25957: (anlutro) Remove temporary file after file.managed with checkcmd
• #25874: (rallytime) Back-port #25668 to 2015.8
• #25929: (sjorge) salt.module.pkgin's __virtual__() should not return None if pkg_info is not present
• #25952: (garethgreenaway) Log when event.fire and event.fire_master fail 2015.8
• #25944: (sjorge) Smartos libcrypto nonesky fix
• #25906: (dmurphy18) Cherry-pick of pkgbuild changes from develop branch
• #25925: (sjorge) Create default log location in smartos esky buildscript
• #25928: (cachedout) Fix stacktrace for non-existant states
• #25922: (jacksontj) Correct max_wait -> max_auth_wait in MultiMinion
• #25907: (rallytime) Back-port #25892 to 2015.8
• #25910: (terminalmage) Pass osarch to check_32()
• #25849: (basepi) Repress template error for GPG renderer (can't seek an OrderedDict)
• #25868: (rallytime) Back-port #25404 to 2015.8
• #25896: (cachedout) Lint
• #25876: (jacksontj) Fixes for 2015.8
• #25867: (rallytime) Back-port #25370 to 2015.8
• #25845: (jacobhammons) updated versionadded
• #25836: (jacksontj) Keep track of SyncWrapper's IOLoop usage
• #25859: (0xf10e) warn_until(Carbon,...) instead of Boron
• #25505: (0xf10e) Glance state module for 2015.8 "Beryllium"
• #25843: (jtand) Fixed a lint error in parsers.py
• #25835: (techhat) spm update_repo doesn't always require arguments
• #25837: (jacobhammons) regenerated man pages
• #25830: (sjorge) Loading of libcrypto on smartos esky fixed
• #25808: (jfindlay) add highstate opts to config/__init__.py, update docs
• #25820: (sjorge) Prerequisite to fix the smartos libcrypto loading
• #25781: (anlutro) Fix iptables.build_rule
• #25764: (gtmanfred) allow use of cloudnetworks in ssh_interface
• #25736: (jfindlay) insert explicit formatter number
• #25742: (rallytime) Back-port #25731 to 2015.8
• #25741: (rallytime) Back-port #25727 to 2015.8
• #25712: (cachedout) Fix outputter for state.apply
• #25698: (rallytime) Back-port #25659 to 2015.8
• #25690: (anlutro) Fix highstate duration alignment (again)
• #25684: (davidjb) Fix doc around Include/Exclude for states
• #25549: (techhat) Switch Scaleway to salt.utils.cloud.bootstrap()
• #25667: (jfindlay) add 2015.8.0rc2 autogenerated changelog
• #25653: (anlutro) Properly align highstate duration sum
• #25663: (rallytime) Back-port #25638 to 2015.8
• #25639: (terminalmage) Don't do pre-flight check on git_pillar if it is not configured
• #25587: (cachedout) Fix prereq in salt.state
• #25628: (anlutro) Highstate output: show duration in seconds instead of milliseconds when appropriate
• #25631: (basepi) Remove trailing whitespace
• #25627: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• #25626: (basepi) Fix the highstate outputter if 'duration' is not present
• #25601: (terminalmage) Fix error message when local bin pkg path is not absolute
• #25595: (terminalmage) Bring git_pillar up to feature parity with gitfs
• #25619: (cachedout) Lint stateconf changes
• #25578: (davidjb) Allow parent relative includes in state files
• #25610: (s0undt3ch) [2015.8] Update the bootstrap script to latest release v2015.07.22
• #25599: (jfindlay) fix transport settings in #25596
• #25596: (jfindlay) Tcp test
• #25591: (garethgreenaway) Return data for scheduled jobs in 2015.8 default to True.
• #25588: (basepi) Fix some of the retcode work from #23105
• #25583: (jtand) Fixed lint error where pprint wasn't imported.
• #25572: (rallytime) Back-port #25570 to 2015.8
• #25575: (rallytime) Make Sure Scaleway driver works with deprecation paths
• #25564: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• #25566: (techhat) Fix download process for SPM repo updates
• #25553: (techhat) Switch SoftLayer to salt.utils.cloud.bootstrap()
• #25552: (techhat) Update pricing for SoftlayerHW
• #25547: (techhat) Switch Parallels to salt.utils.cloud.bootstrap()
• #25548: (techhat) Switch Proxmox to salt.utils.cloud.bootstrap()
• #25543: (techhat) Switch GCE to salt.utils.cloud.bootstrap()
• #25546: (techhat) Switch CloudStack to salt.utils.cloud.bootstrap()
• #25558: (cachedout) Lint config_test
• #25515: (s0undt3ch) salt.utils.schema fixes
• #25514: (garethgreenaway) fixes to schedule.add documentation in 2015.8
• #25508: (s0undt3ch) [2015.8] Update bootstrap script to latest stable release, v2015.07.17
• #25501: (basepi) Add optional job end time to the local_cache returner
• #25491: (s0undt3ch) Let's call it for what it is!
• #25462: (rallytime) Wrap is_profile_configrured calls in try/except block
• #25439: (rallytime) Reduce digital_ocean API call frequency
• #25451: (s0undt3ch) Salt-SSH Scan roster bugfixes (And Py3 support)
• #25449: (ruzarowski) Exclude dotfiles and directories from minion key lists (Fixes
`#25448`_
)
• #25421: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• #25412: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• #25415: (bechtoldt) [docs] declare YAML as code block
• #25407: (rallytime) Back-port #23236 to 2015.8
• #25409: (rallytime) Back-port #24422 to 2015.8
• #25394: (rallytime) Back-port #25355 to 2015.8
• #25393: (rallytime) Back-port #25289 to 2015.8
• #25387: (cachedout) Lint #25319
• #25319: (ruzarowski) [cloud:EC2] Move SourceDest logic to _update_enis and add alias for
delete_interface_on_terminate
• #25310: (anlutro) Add an "is list" test to the jinja environment
• #25264: (ruzarowski) Fix AttributeError in fileserver update_opts
• #25372: (rallytime) Don't stacktrace when provisioning instances with softlayer* drivers
• #25315: (ruzarowski) [cloud:EC2] Move handling of AssociatePublicIpAddress to
associate_eip/allocate_new_eip logic depending on value type
• #25312: (ruzarowski) [cloud:EC2] Introduce eni Name property to set name tag value after its creation
• #25311: (ruzarowski) [cloud:EC2] Add ability to attach an existing eni
• #25280: (rallytime) Remove deprecation warnings for Beryllium
• #25329: (twangboy) Fixed some documentation errors
• #25300: (s0undt3ch) Fix ordering issue & Added requirements support
• #25283: (jfindlay) ensure ret is always defined
• #25252: (jfindlay) make args optional with default values in win_firewall.delete_rule
• #25257: (notpeter) Document SourceDestCheck added in #25242.
• #25298: (twangboy) Continue if profile not found
• #25296: (twangboy) Fixed file.comment for windows
• #25254: (rallytime) Change versionadded/changed references from Beryllium to 2015.8.0
• #25285: (thusoy) Remove error logging of missing victorops keys
• #25266: (ruzarowski) cloud: EC2 eni property SourceDestCheck is a AttributeBooleanValue
• #25216: (jfindlay) replace shell code with native python code
• #25278: (rallytime) Don't require size for all cloud drivers when checking profile configs
• #25271: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• #25263: (techhat) Allow non-standard HTTP requests on tornado
• #25253: (s0undt3ch) Remove the deprecation warning. The driver has been renamed.
• #25248: (techhat) Do not resize while iterating
• #25244: (rallytime) Remove parted deprecations and fix failing tests
• #25242: (ruzarowski) Make SourceDestCheck flag available to network interface definition
• #25226: (nmadhok) Backporting fix for issue
`#25223`_
on 2015.8 branch
• #25234: (krak3n) Fix: Bug in boto_asg state argument passing to boto_asg module
• #25222: (rallytime) Back-port #25219 to 2015.8
• #25188: (rallytime) Use linode status descriptions instead of ints when logging status to CLI
• #25203: (s0undt3ch) Added DictConfig with tests & More tests
• #25189: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• #25184: (rallytime) Back-port #25126 to 2015.8
• #25172: (s0undt3ch) Comment out imports while the YAML and RST rendering is not in-place.
• #25158: (s0undt3ch) Comment out not implemented code
• #25145: (s0undt3ch) Implement oneOf, anyOf, allOf and not with unit tests
• #25140: (s0undt3ch) Make the detection code work under Python 3.4
• #25131: (s0undt3ch) Array support in salt.utils.config
• #25130: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
The 2015.8.0 feature release of Salt contains several major new features. As usual the release notes are
not exhaustive and primarily include the most notable additions and improvements. Hundreds of bugs have
been fixed and many modules have been substantially updated and added.
New SaltStack Installation Repositories
SaltStack now provides installation repositories for several platforms, with more to come. See the
following links for instructions:
• Red Hat / CentOS 5, 6, 7
• Debian 8
• Windows
• FreeBSD
Send Event on State Completion
A fire_event global state keyword argument was added that allows any state to send an event upon
completion. Useful for custom progress bars and checking in on long state runs. See fire_event.
ZeroMQ socket monitoring
If zmq_monitor is enabled, log all ZMQ events for socket monitoring purposes. Verbose, but useful.
SPM (Salt Package Manager)
Allows Salt formulas to be packaged for ease of deployment. See spm.
NOTE:
The spm executable was not included in the Debian or Ubuntu packages for the 2015.8.0 or the 2015.8.1
releases. This executable will be included in an upcoming release. As a workaround, copy the SPM
script from the salt library installation into /usr/local/bin or your local equivalent.
Specify a Single Environment for Top Files
A new default_top option was added to load the state top file from a single, specific environment, rather
than merging top data across all environments. Additionally, new top_file_merge_strategy and env_order
options were added for more control over top file merging. See The Top File.
Tornado TCP Transport
Implemented a pure-TCP transport, in addition to ZeroMQ and RAET. The new transport uses Tornado, which
allows Salt to use a standardized set of libraries for asynchronous behavior, which should greatly
improve reliability and performance.
NOTE:
Tornado is considered expiremental in this release. The following known issues were being investigated
at the time of release:
• TCP tests show performance degredation over time (issue 26051)
• TCP transport stacktrace on windows minion: Future exception was never retrieved (issue 25718)
• [freebsd] TCP transport not working in 2015.8.0rc3 (issue 26364)
Proxy Minion Enhancements
Proxy Minions have undergone a significant overhaul in 2015.8, see Proxy Minion Enhancements.
Engines
Salt engines are long-running, external processes that leverage Salt. See Salt Engines.
Core Changes
• Add system version info to versions_report, which appears in both salt --versions-report and salt '*'
test.versions_report. Also added is an alias test.versions to test.versions_report. (issue 21906)
• Add colorized console logging support. This is activated by using %(colorlevel)s, %(colorname)s,
%(colorprocess)s, %(colormsg)s in log_fmt_console in the config file for any of salt-master,
salt-minion, and salt-cloud.
Git Pillar
The git external pillar has been rewritten to bring it up to feature parity with gitfs. Support for
pygit2 has been added, bringing with it the ability to access authenticated repositories.
Using the new features will require updates to the git ext_pillar configuration, further details can be
found in the pillar.git_pillar docs.
Salt Cloud Improvements
• Pricing data from several cloud providers (GCE, DigitalOcean, SoftLayer_HW, EC2)
• All cloud providers now use standardized bootstrapping code.
• Modified the Linode Salt Cloud driver to use Linode's native API instead of depending on
apache-libcloud or linode-python.
Salt Cloud Changes
• Changed the default behavior of rename_on_destroy to be set to True in the EC2 and AWS drivers.
• Changed the default behavior of the EC2 and AWS drivers to always check for duplicate names of VMs
before trying to create a new VM. Will now throw an error similarly to other salt-cloud drivers when
trying to create a VM of the same name, even if the VM is in the terminated state.
• When querying for VMs in digital_ocean.py, the number of VMs to include in a page was changed from 20
(default) to 200 to reduce the number of API calls to Digital Ocean.Ocean.
State and Execution Module Improvements
• New and improved Docker state and execution modules (state and execution module).
Git State and Execution Modules Rewritten
The git state and execution modules have gone through an extensive overhaul.
Changes in the git.latest State
• The branch argument has been added, allowing for a custom branch name to be used in the local checkout
maintained by the git.latest state. This can be helpful in avoiding ambiguous refs in the local
checkout when a tag is used as the rev argument. If no branch is specified, then the state uses the
value of rev as the branch name.
• The always_fetch argument no longer has any effect, and will be removed in a future release. The state
now detects whether or not a fetch is needed based on comparisons made between the local and remote
repositories.
• The force_fetch argument has been added to force a fetch if the fetch is not a fast-forward (for
instance, if someone has done a reset and force-pushed to the remote repository).
• The remote_name argument has been deprecated and renamed to remote.
• The force argument has been deprecated and renamed to force_clone to reduce ambiguity with the other
"force" arguments.
• Using SHA1 hashes (full or shortened) in the rev argument is now properly supported.
• Non-fast-forward merges are now detected before the repository is updated, and the state will not
update the repository if the change is not a fast-forward. Non-fast-forward updates must be overridden
with the force_reset argument. If force_reset is set to True, the state will only reset the repository
if it cannot be fast-forwarded. This is in contrast to the earlier behavior, in which a hard-reset
would be performed every time the state was run if force_reset was set to True.
• A git pull is no longer performed by this state, dropped in favor of a fetch-and-merge (or
fetch-and-reset) workflow.
git.config_unset state added
This state allows for configuration values (or entire keys) to be unset. See here for more information
and example SLS.
git.config State Renamed to git.config_set
To reduce confusion after the addition of git.config_unset, the git.config state has been renamed to
git.config_set. The old config.get name will still work for a couple releases, allowing time for SLS
files to be updated.
In addition, this state now supports managing multivar git configuration values. See here for more
information and example SLS.
Initial Support for Git Worktrees in Execution Module
Several functions have been added to the execution module to manage worktrees (a feature new to Git
2.5.0). State support does not exist yet, but will follow soon.
New Functions in Git Execution Module
• git.config_get_regexp
• git.config_unset
• git.is_worktree
• git.list_branches
• git.list_tags
• git.list_worktrees
• git.merge_base
• git.merge_tree
• git.rev_parse
• git.version
• git.worktree_rm
• git.worktree_add
• git.worktree_prune
Changes to Functions in Git Execution Module
git.add
• --verbose is now implied when running the git add command, to provide a list of the files added in the
return data.
git.archive
• Now returns True when the git archive command was successful, and otherwise raises an error.
• The overwrite argument has been added to prevent an existing archive from being overwritten by this
function.
• The fmt argument has been deprecated and renamed to format.
• Trailing slash no longer implied in prefix argument, must be included if this argument is passed.
git.checkout
• The rev argument is now optional when using -b or -B in opts, allowing for a branch to be created (or
reset) using HEAD as the starting point.
git.clone
• The name argument has been added to specify the name of the directory in which to clone the repository.
If this option is specified, then the clone will be made within the directory specified by the cwd,
instead of at that location.
• The repository argument has been deprecated and renamed to url.
git.config_get
• The setting_name argument has been deprecated and renamed to key.
• The global argument has been added, to query the global git configuration
• The all argument has been added to return a list of all values for the specified key, allowing for all
values in a multivar to be returned.
• The cwd argument is now optional if global is set to True
git.config_set
• The value(s) of the key being set are now returned
• The setting_name argument has been deprecated and renamed to key.
• The setting_value argument has been deprecated and renamed to value.
• The is_global argument has been deprecated and renamed to global.
• The multivar argument has been added to specify a list of values to set for the specified key. The
value argument is not compatible with multivar.
• The add argument has been added to add a value to a key (this essentially just adds an --add to the git
config command that is run to set the value).
git.fetch
• The force argument has been added to force the fetch when it is not a fast-forward. This could have
been achieved in previous Salt versions by including --force in the opts argument, this argument is
just for convenience and to match the usage of other functions with force arguments.
• The refspecs argument has been added to allow for one or more refspecs to be provided which override
the one(s) specified by the remote.remote_name.fetch git configuration option.
git.ls_remote
• The repository argument has been deprecated and renamed to remote.
• The branch argument has been deprecated and renamed to ref.
• The opts argument has been added to allow for additional CLI options to be passed to the git ls-remote
command.
git.merge
• The branch argument has been deprecated and renamed to rev.
git.status
• Return data has been changed from a list of lists to a dictionary containing lists of files in the
modified, added, deleted, and untracked states.
git.submodule
• Added the command argument to allow for operations other than update to be run on submodules, and
deprecated the init argument. To do a submodule update with init=True moving forward, use
command=update opts='--init'.
• OpenStack Glance API V2 execution module
• Amazon VPC state module
• RallyDev execution module
• BambooHR execution module
• Stormpath execution, state modules
• Remove unused argument timeout in jboss7.status.
• Deprecate enabled argument in pkgrepo.managed in favor of disabled.
• Archive module changes: In the archive.tar and archive.cmd_unzip module functions, remove the arbitrary
prefixing of the options string with -. An options string beginning with a --long-option, would have
uncharacteristically needed its first - removed under the former scheme. Also, tar will parse its
options differently if short options are used with or without a preceding -, so it is better to not
confuse the user into thinking they're using the non- - format, when really they are using the with- -
format.
• Added __states__ to state modules, for cross-calling states. This enables using existing states when
writing custom states. See cross calling states.
Windows Improvements
• Enhanced the windows minion silent installation with command line parameters to configure the salt
master and minion name. See Silent Installer Options.
• Improved user management with additional capabilities in the user module for Windows.
• Improved patch management with a new module for managing windows updates (win_wua).
• Turned on multi-processing by default for windows in minion configuration.
Windows Software Repo Changes
A next-generation (ng) windows software repo is available for 2015.8.0 and later minions. When using this
new repository, the repo cache is compiled on the Salt Minion, which enables pillar, grains and other
things to be available during compilation time.
See the Windows Software Repository documentation for more information.
Changes to legacy Windows repository
If you have pre 2015.8 Windows minions connecting to your 2015.8 Salt master, you can continue to use the
legacy Windows repository for these Salt minions.
If you were previously using this repository and have customized settings, be aware that several config
options have been renamed to make their naming more consistent.
See the Windows Software Repository documentation for more information.
Win System Module
The unit of the timeout parameter in the system.halt, system.poweroff, system.reboot, and
system.shutdown functions has been changed from seconds to minutes in order to be consistent with the
linux timeout setting. (issue 24411) Optionally, the unit can be reverted to seconds by specifying
in_seconds=True.
Other Improvements
• Sanitize sensitive fields in http.query
• Allow authorization to be read from Django and eauth
• Add templating to SMTP returner
• New REST module for SDB
• Added rest_timeout config option and timeout argument to jobs api call
• Provide config options for Raet lane and road buffer count. (Useful for BSD kernels)
• Implemented ZeroMQ socket monitor for master and minion
• Add end time to master job cache for jobs (optional, off by default)
• Tornado is now the default backend for http.request
• Support pillarenv selection as it's done for saltenv
• salt was updated to use python-crypto version 2.6.1, which removes the dependency on python-m2crypto.
Deprecations
• The digital_ocean.py Salt Cloud driver was removed in favor of the digital_ocean_v2.py driver as
DigitalOcean has removed support for APIv1. The digital_ocean_v2.py was renamed to digital_ocean.py
and supports DigitalOcean's APIv2.
• The vsphere.py Salt Cloud driver has been deprecated in favor of the vmware.py driver.
• The openstack.py Salt Cloud driver has been deprecated in favor of the nova.py driver.
• The use of provider in Salt Cloud provider files to define cloud drivers has been deprecated in favor
of using driver. Both terms will work until the 2017.7.0 release of Salt. Example provider file:
my-ec2-cloud-config:
id: 'HJGRYCILJLKJYG'
key: 'kdjgfsgm;woormgl/aserigjksjdhasdfgn'
private_key: /etc/salt/my_test_key.pem
keyname: my_test_key
securitygroup: default
driver: ec2
• The use of lock has been deprecated and from salt.utils.fopen. salt.utils.flopen should be used
instead.
• The following args have been deprecated from the rabbitmq_vhost.present state: user, owner, conf,
write, read, and runas.
• The use of runas has been deprecated from the rabbitmq_vhost.absent state.
• Support for output in mine.get was removed. --out should be used instead.
• The use of delim was removed from the following functions in the match execution module: pillar_pcre,
pillar, grain_pcre,
Security Fixes
CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug log
Updated the Git state and execution modules to no longer display HTTPS basic authentication credentials
in loglevel debug output on the Salt master. These credentials are now replaced with REDACTED in the
debug output. Thanks to Andreas Stieger <asteiger@suse.com> for bringing this to our attention.
Major Bug Fixes
• Fixed minion failover to next master on DNS errors (issue 21082)
• Fixed memory consumption in SaltEvents (issue 25557)
• Don't lookup outside system path in which() util (issue 24085)
• Fixed broken jobs rest api call (issue 23408)
• Fixed stale grains data using in modules (issue 24073)
• Added ssh_identities_only config flag for ssh-agent configured environments (issue 24096)
• Fixed "object has no attribute" errors for Raet transport (issue 21640)
• Flush event returners before master exit (issue 22814)
• Fix CommandExecutionError in grains generation with lspci missing (issue 23342)
• Fix salt-ssh against CentOS 7 when python-zmq not installed (issue 23503)
• Fix salt-ssh issues related to out-of-date six module (issue 20949)
• Fix salt-ssh thin generation after previous run was interrupted (issue 24376)
• Use proper line endings on Windows with "file.managed" w/contents (issue 25675)
• Fixed broken comment/uncomment functions in file.py (issue 24620)
• Fixed problem with unicode when changing computer description (issue 12255)
• Fixed problem with chocolatey module not loading (issue 25717)
• Fixed problem adding users to groups with spaces in the name (issue 25144)
• Fixed problem adding full name to user account (issue 25206)
• Fixed gem module stack trace (issue 21041)
• Fixed problem with file.managed when test=True (issue 20441)
• Fixed problem with powershell hanging while waiting for user input (issue 13943)
• Fixed problem where the salt-minion service would not consistently start (issue 25272)
• Fixed problem where pkg.refresh_db would return True even when winrepo.p was not found (issue 18919)
• Could someone please provide end to end example for Proxy Minion with REST (issue 25500)
• Proxy minions stopped working between 2014.7 and 2015.5 (issue 25053)
• Proxy minion documentation includes outdated code sample (issue 24018)
• Proxy Minion documentation missing grains example (issue 18273)
• Improve process management in proxy minion (issue 12024)
• Proxy minion never comes up with message ' I am XXX and I am not supposed to start any proxies.' (issue
25908)
• Fixed an issue that caused an exception when using Salt mine from pillar. (issue 11509)
Salt 2015.8.1 Release Notes
Version 2015.8.1 is a bugfix release for 2015.8.0.
Security Fixes
CVE-2015-6941 - win_useradd module and salt-cloud display passwords in debug log
Updated the win_useradd module return data to no longer include the password of the newly created user.
The password is now replaced with the string XXX-REDACTED-XXX. Updated the Salt Cloud debug output to no
longer display win_password and sudo_password authentication credentials. Also updated the Linode driver
to no longer display authentication credentials in debug logs. These credentials are now replaced with
REDACTED in the debug output.
CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug log
Updated the Git state and execution modules to no longer display HTTPS basic authentication credentials
in loglevel debug output on the Salt master. These credentials are now replaced with REDACTED in the
debug output. Thanks to Andreas Stieger <asteiger@suse.com> for bringing this to our attention.
Major Bug Fixes
• Add support for spm.d/*.conf configuration of SPM (issue 27010)
• Fix proxy grains breakage for non-proxy minions (issue 27039)
• Fix global key management for git state
• Fix passing http auth to util.http from state.file (issue 21917)
• Fix multiprocessing: True in windows (on by default`)
• Add pkg.info to pkg modules
• Fix name of serial grain (this was accidentally renamed in 2015.8.0`)
• Merge config values from master.d/minion.d conf files (rather than flat update`)
• Clean grains cache on grains sync (issue 19853)
• Remove streamed response for fileclient to avoid HTTP redirection problems (issue 27093)
• Fixed incorrect warning about osrelease grain (issue 27065)
• Fix authentication via Salt-API with tokens (issue 27270)
• Fix winrepo downloads from https locations (issue 27081)
• Fix potential error with salt-call as non-root user (issue 26889)
• Fix global minion provider overrides (issue 27209)
• Fix backward compatibility issues for pecl modules
• Fix Windows uninstaller to only remove ./bin, salt*, nssm.exe, uninst.exe (issue 27383)
• Fix misc issues with mongo returner.
• Add sudo option to cloud config files (issue 27398)
• Fix regression in RunnerClient argument handling (issue 25107)
• Fix dockerng.running replacing creation hostconfig with runtime hostconfig (issue 27265)
• Fix dockerng.running replacing creation hostconfig with runtime hostconfig (issue 27265)
• Increased performance on boto asg/elb states due to __states__ integration
• Windows minion no longer requires powershell to restart (issue 26629)
• Fix x509 module to support recent versions of OpenSSL (issue 27326)
• Some issues with proxy minions were corrected.
Known Issues:
• Proxy minions currently cannot execute a highstate because of the way the proxymodule is being loaded
internally. This will be fixed in a future release.
Changes for v2015.8.0..v2015.8.1
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2015-10-01T04:45:02Z
Total Merges: 200
Changes:
• PR #27584: (jacobhammons) added changes list to 2015.8.1 release notes
• PR #27575: (rallytime) Don't report existing instances as running only if they're actually terminated
in EC2
• PR #27573: (basepi) [2015.8] Use the custom yaml serializer for minion_opts for salt-ssh
• PR #27514: (clinta) Recent Versions of OpenSSL don't allow importing incomplete PEMs
• PR #27564: (jacobhammons) Man pages
• PR #27522: (twangboy) Removed dependency on powershell to restart salt-minion
• PR #27550: (rallytime) [2015.8] Clean up salt-cloud logging and make it more useful
• PR #27517: (jacobhammons) Updated install docs
• PR #27526: (eliasp) Add missing newlines before param listing to fix doc rendering
• PR #27525: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #27513: (terminalmage) Fix integration tests for worktree addition in git >= 2.6
• PR #27510: (rallytime) Merge #27475 with test fixes
• PR #27451: (ticosax) [dockerng] Enforce usage of host_config and require docker-py>=1.4.0
• PR #27461: (cachedout) Only clean context if it exists
• PR #27473: (terminalmage) salt.utils.gitfs: Don't use close_fds=True on Windows
• PR #27496: (blueyed) Fix version reporting of gitpython
• PR #27502: (ticosax) Add test to check we don't call inspect_image on absent images.
• PR #27497: (blueyed) dockerng: fix image_present for forced, non-existent image
• PR #27411: (terminalmage) Fix invocation of git.config_get and git.config_set
• PR #27477: (terminalmage) Don't append role to hash_cachedir
• PR #27474: (whiteinge) Add fake pymongo version attribute for the docs
• PR #27466: (blueyed) Fix version reporting of python-gnupg and mysql-python
• PR #27465: (ticosax) Fix usage of dockerng "cmd" was #27459
• PR #27417: (whiteinge) Backport #25243 into 2015.8
• PR #27423: (dmurphy18) Changes to support configurable repository for Debian / Ubuntu
• PR #27428: (rallytime) Back-port #27398 to 2015.8
• PR #27429: (rallytime) Back-port #27344 to 2015.8
• PR #27450: (ticosax) [dockerng] Fix typo in docstring
• PR #27430: (jacksontj) Fix bug introduced in eee0291ff8b65ff1e22f4dc2447a74aa28a3ce7f
• PR #27418: (terminalmage) Don't always remove dest path in salt.utils.files.rename()
• PR #27383: (twangboy) Uninstaller only removes specific files and dirs
• PR #27416: (rallytime) Back-port #27399 to 2015.8
• PR #27394: (jacksontj) Remove streamed response for fileclient to avoid HTTP redirection problems
• PR #27415: (ryan-lane) Backwards compat fixes for pecl module
• PR #27407: (meggiebot) Adding stretch label definition
• PR #27388: (basepi) [2015.8] Fix global provider overrides
• PR #27386: (rallytime) Document tty: True usage in salt-ssh roster file
• PR #27380: (jtand) Skipping Async tests
• PR #27382: (terminalmage) Revert "fixes #27217 clear_old_remotes clears wrong directory (gitfs)"
• PR #27361: (cro) Correct some issues with proxy minions
• PR #27364: (ruzarowski) SaltCloud[EC2] Fix missing credentials in modify_eni_properties api call
• PR #27349: (jfindlay) add freebsd install docs to release notes
• PR #27343: (cachedout) Close io loop before deleting attribute
• PR #27337: (rallytime) [2015.8] Fixup salt-cloud logging
• PR #27332: (terminalmage) Adjust dockerng/dockerio docstrings
• PR #27353: (cachedout) Fix case where var not set in config
• PR #27350: (rallytime) Allow IP-forwarding in GCE driver
• PR #27305: (cachedout) Re-init logging system on Windows when using multiprocessing
• PR #27331: (terminalmage) dockerng: Allow both cmd and command to be used to specify command
• PR #27327: (isbm) Fix a typo in the RPM output
• PR #27312: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #27303: (jacobhammons) Updated module doc index using https://github.com/saltstack/salt/pull…
• PR #27301: (twangboy) Pass ca_bundle for windows (fixes SSL Error)
• PR #27300: (rallytime) Back-port #27287 to 2015.8
• PR #27288: (rallytime) Filter on 'name', not 'id', when listing images
• PR #27283: (jtand) __grains__['osrelease'] returns a string
• PR #27276: (rallytime) Back-port #27218 to 2015.8
• PR #27275: (rallytime) Back-port #27213 to 2015.8
• PR #27274: (rallytime) Back-port #27272 to 2015.8
• PR #27271: (isbm) Bugfix: crash on token authentication via API
• PR #27251: (rallytime) Add support for post_uri in SoftLayer cloud drivers
• PR #27260: (bechtoldt) add missing module doc references
• PR #27254: (jfindlay) 2015.2,2015.8,Beryllium -> 2015.8.0
• PR #27245: (rallytime) If two ssh keynames are found in DigitalOcean, abort and warn the user.
• PR #27241: (jfindlay) osrelease is only an integer for fedora
• PR #27234: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #27240: (isbm) Backport of the fix of 'pkg.info*' for Beryllium
• PR #27223: (pprkut) Support firewalld per interface zone config on rh7 systems
• PR #27238: (bechtoldt) salt.modules.disk.percent() throws KeyError when partition doesn't exist
• PR #27232: (basepi) [2015.8] Add stub release notes for 2015.8.1
• PR #27199: (rallytime) Avoid RunTimeError (dictionary changed size during iteration) with keys()
• PR #27206: (rallytime) Don't repeat GCE setup instructions, and make the use of .json files clearer
• PR #27210: (rallytime) Refactor some digital ocean functions
• PR #27197: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #27195: (jacobhammons) Fixed sphinx / latex build warnings and errors
• PR #27182: (bernieke) fix restart_on_error
• PR #27163: (terminalmage) Workaround upstream tornado bug affecting redirects
• PR #27177: (rallytime) Remove note - incorrect info
• PR #27173: (rallytime) Add the ability to specify multiple disks on the SoftLayer driver
• PR #27164: (rallytime) Make sure changes from #26824 to digital_ocean_v2.py driver make it to
digital_ocean.py in 2015.8
• PR #27143: (cachedout) Clean grains cache on grains sync
• PR #27150: (cachedout) Merge config values from master.d/minion.d conf files
• PR #27137: (jfindlay) revert serial grain regression
• PR #27144: (rallytime) Don't stacktrace on softlayer_hw.show_all_prices if a code isn't supplied
• PR #27139: (jacobhammons) Updated key instruction on rhel7
• PR #27134: (isbm) Backport to 2015.8: "pkg.info"
• PR #27119: (l2ol33rt) Boto dynamodb module should be using layer 2 abstractions
• PR #27092: (perfinion) salt/master: chdir to root not homedir
• PR #27131: (jacobhammons) Install docs
• PR #27124: (jfindlay) Backport #27123
• PR #27111: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #27122: (terminalmage) Fix broken link to git-config(1) docs
• PR #27115: (jacobhammons) Release docs
• PR #27110: (rallytime) Make sure -Q output is consistent across salt-cloud drivers
• PR #27050: (twangboy) Turned multiprocessing on
• PR #27086: (techhat) Document development of SPM loader modules
• PR #26941: (msteed) Make elasticsearch work as master job cache
• PR #27080: (bechtoldt) [Proposal] Add Github SPM label for issues
• PR #27064: (twangboy) Fixed user docs
• PR #27072: (rallytime) Back-port #26840 to 2015.8
• PR #27060: (cro) Fix grains breakage when hosts are not Linux, Windows, or SunOS
• PR #27051: (rallytime) Back-port #26953 to 2015.8
• PR #26864: (terminalmage) Only do git_pillar preflight checks on new-style git_pillar configs
• PR #26967: (TheBigBear) new URL for windows salt downloads
• PR #26921: (terminalmage) Get rid of error in legacy git pillar when using branch mapping notation
• PR #26923: (rallytime) Code clean up of cloud drivers and files
• PR #27010: (rallytime) Back-port #26988 to 2015.8
• PR #26985: (rallytime) Fix versionadded tag
Salt 2015.8.10 Release Notes
Version 2015.8.10 is a bugfix release for 2015.8.0.
Final Release of Debian 7 Packages
Regular security support for Debian 7 ended on April 25th 2016. As a result, 2016.3.1 and 2015.8.10 will
be the last Salt releases for which Debian 7 packages are created.
Mint Linux: Important Post-Upgrade Instructions
As a result of some upstream changes, the os grain on Mint Linux is now being detected as
LinuxMint (issue 33295). Run the following command after you upgrade to 2015.8.10 to reset the
os grain to Mint and the os_family grain to Debian:
salt -G 'os:LinuxMint' grains.setvals "{'os': 'Mint', 'os_family': 'Debian'}"
Changes for v2015.8.9..v2015.8.10
Salt 2015.8.10 includes fixes for the following known issues in 2015.8.9:
• issue 33376: pip state broken in 2015.8.9 with pip <6.0
• PR 33386: Fix traceback in logging for config validation
Since 2015.8.10 includes only two fixes, the 2015.8.9 changes list is included below for convenience:
----
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-05-17T17:09:39Z
Total Merges: 145
Changes:
• PR #33293: (twangboy) Fix minion start retry on Windows (2015.8)
• 22c4331 linux_acl: Allow '-' as a separation character in ACL permissions. Fixes #31270 (#33172) (‐
#33305)
• 7a181f2 Handle more ipv6 error as an exception #33299 (#33300)
• eb47a15 Ignore retcode when checking service's status (#33294)
• PR #33274: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• 4f3596a Add comment for test=true w/o changes ret and add changes dict example (#33254)
• 2a30c48 Update Git Policy docs to match Contribution guide (#33252)
• 056c273 Fix #33238 (#33239)
• 1cd34ab Properly report on invalid gitfs/git_pillar/winrepo repos (#33245)
• PR #33253: (rallytime) Update the release process docs
• 8c2c5b1 update 2015.8.9 release notes (#33251)
• 8ee8ee3 Handle ipv6 error as an exception (#33246)
• 855bed3 Check rendered YAML for invalid keys (#33213)
• 6fb25a8 Make note of files that begin with '_' in master.d or minion.d dirs (#33224)
• a6dc0d2 Gate jnpr imports in salt.proxy.junos.py (#33150)
• 64a89c4 Add docs for the http state (#33222)
• 0a32163 Don't stacktrace when using --out=highstate at CLI during staterun. (#33215)
• 04d714d propagate opts to salt.util.http call (#33219)
• c8236c0 update 2015.8.9 release notes (#33237)
• PR #33217: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• 730bec1 [2015.8] Merge forward from 2015.5 to 2015.8 (#33207)
• 379b151 Add a fetch when compiling git_pillar for masterless minions (#33204)
• b3805d8 cloud.clouds.ec2: cache each named node (#33164)
• 86db5df Properly handle failed git commands when redirect_stderr=True (#33203)
• 8a0950d Don't force use of global ssh_config when git identity file is specified (#33152)
• ce07133 update 2015.8.9 release notes (#33198)
• PR #33188: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• e9108e0 add 2015.8.9 release notes (#33161)
• 2d9919e [2015.8] Update to latest bootstrap script v2016.05.10 (#33156)
• 033bef2 Hash fileclients by opts (#33142)
• f520fa3 Back-port #31769 to 2015.8 (#33139)
• PR #33144: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #33140: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• ad607ef If cache_jobs: True is set, populate the local job cache when running salt-call (#33100)
• 64689a6 Fix broken parsing of usermgmt.conf on OpenBSD (#33135)
• 06a382e Add a check that the cmdline of the found proc matches (#33129)
• 10018e9 salt.utils.gitfs: fix formatting for warning messages (#33064)
• d45b599 Fix 33058 (#33099)
• PR #33106: (abednarik) Moved _finger_fail method to parent class.
• 20c7e10 clarify docs that map is designed to be run once. is not stateful (#33102)
• 558561d cloud.query needs to define mapper.opts (#33098)
• PR #33096: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• 22a327b salt-cloud: fix ipv6-only virtual machines (#32865)
• e788f7e modules.npm: do not log npm --version at info level (#33084)
• PR #33081: (jfindlay) ssh docs: install py-2.6 for RHEL 5
• PR #33088: (isbm) Bugfix: Restore boolean values from the repo configuration
• 2c6326f fix tests for file.blockplace to remove newline (#33082)
• PR #32892: (isbm) Resolve Zypper locks on asynchronous calls
• 3e0bf23 Add fun_args to scheduled return data (part of #24237) (#33039)
• 264c0d4 Don't append a newline when creating new content with blockreplace (#33049)
• 54b783a Pass all data to batch.run() call when using --failhard (#33048)
• 2dbfa55 Display command output when command fails with batch + failhard options (#33050)
• add9199 Allow security_groups kwarg for boto_elb.present to be string or list (#33053)
• 111701c [2015.8] Merge forward from 2015.5 to 2015.8 (#33054)
• 1066063 File and User test fixes for 2015.8 on Fedora23 (#33056)
• f97b5d5 Back-port #33030 to 2015.8 (#33040)
• e90a501 Update the docs for saltutil.find_job to be more clear/accurate (#33017)
• d3d77ce Add saltenv to the cmd.script state function (#33031)
• 3434f44 Fix syndic regression (#33021)
• 4bb3ca5 Compare uid and gid instead of name and group (#32674)
• 9ca5b02 Allow batch mode to use verbose option, as well as show_jid. (#32996)
• 81c0fa4 Fixed glusterfs.peered output (#32955)
• 8c70d7a Clarify some arg docs (#32994)
• 00fbeab Fix boto_secgroup_test (#32986)
• 3362367 fix user cron on solarish operating systems (#32970)
• 07e38bc salt.log.setup: process user args before format (#32796)
• b2d7c81 doc.ref.states.ordering: clarify requisite change (#32934)
• df41d5d mode should default to 'text' (#32928)
• f581a82 Remove FileClient class references from docs - it doesn't exist. (#32925)
• 31b96de Update contents_grains option with relevant docs (#32922)
• PR #32926: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• 1cd6a45 specify volume tags in profile configuration (#32908)
• 85ca86d Update docs to warn users that -1 isn't valid for iptables insert state (#32906)
• cb68706 Allow profile options to be specified in provider file when using maps (#32900)
• 1a55fcb Clarify service state opening docs - uses 'service' virtualname (#32880)
• PR #32884: (terminalmage) Fix incorrect deprecation notice
• PR #32878: (jacobhammons) added note about updating the bootstrap script in salt-cloud using th…
• PR #32869: (rallytime) Use correct config setting in cloud syndic docs
• PR #32844: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• eb8fb6b Back-port #31139 to 2015.8 (#32868)
• 4bb5545 backport PR #32732 for issue #23714 (#32847)
• 5ea003b Add pyvmomi version warning to Getting Started with VMware docs (#32845)
• 44f08d0 Pass None as memory limit. (#32841)
• feebe69 Back-port #32813 to 2015.8 (#32839)
• 3b81031 various improvements on cloud deploy script docs (#32659)
• bf85987 update bootstrap to 2016.04.18 release (#32668)
• 83dee63 Back-port #29322 to 2015.8 (#32785)
• PR #32787: (rallytime) Back-port #32722 to 2015.8
• PR #32786: (rallytime) Back-port #32703 to 2015.8
• a6a42740 Merge branch 'pr-32775' into 2015.8
• cda00f4 Improve documentation on pygit2 versions (#32779)
• 1d6d234 Properly handle minion failback failure. (#32749)
• 3751a27 Document pillar cache options (#32643)
• 35c8af3 modules.win_dacl: consistent case of dacl constants (#32720)
• 2cd0817 Update external auth documentation to list supported matcher. (#32733)
• bba089d Check dependencies type before appling str operations (#32693)
• 3aa0605 Handle when beacon not configured and we try to enable/disable them (#32692)
• PR #32718: (garethgreenaway) Fixes to schedule.list in 2015.8
• PR #32684: (captaininspiration) Fix routes for redhat < 6
• 7cdd512 Handle a couple of arguments better (Azure) (#32683)
• aaa03bc Fix for issue 32523 (#32672)
• 21081b1 Don't access deprecated Exception.message attribute. (#32556)
• 5d1e9a4 Lower log level for pillar cache (#32655)
• PR #32588: (anlutro) Fix salt-ssh module function call argument type juggling by JSON encoding them
• 5e7edfc yumpkg: Ignore epoch in version comparison for explicit versions without an epoch (#32563)
• fea6056 Fixing critical bug to remove only the specified Host instead of the entire Host cluster (‐
#32640)
• 0477f66 align OS grains from older SLES with current one (#32649)
• 8d46244 Prevent crash if pygit2 package is requesting re-compilation of the e⦠(#32652)
• PR #32614: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #32616: (rallytime) Back-port #32547 to 2015.8
• 3047471 Fix comments value in salt.states.pkgrepo example (#32604)
• ab9da90 Revert PR #32480 and apply #32314 with fixes / documentation (#32558)
• c84c921 Better log message on minion restart if master couldn't be reached. (#32576)
• 3c81798 Don't return None from eval_master (#32555)
• PR #32536: (rallytime) Back-port #31898 to 2015.8
• d12a1c2 Fix binary search and replace (#32542)
• PR #32539: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #32531: (ticosax) [dockerng] Fix support of dockerng.volume_present when no volume is on present.
• 5d73d54 Enhance dockerng.wait() to control success on exit_code and on already stopped containers (‐
#32475)
• 214f01e Bugfix: salt-key crashes if tries to generate keys to the directory w/o write access (#32436)
• 288839f Turn on exc_info when logging failed minion startup (#32515)
• 08a8020 Add ignore_epoch option to pkg.installed/removed/purged states (#32520)
• 492ebfc Isbm zypper list products sles11 crash (#32505)
• ae89882 Clear VCS fsbackend and git_pillar locks on master start (#32480)
• a6482a3 Use win32api to get Total System Memory (#32491)
• PR #32487: (terminalmage) Add explanation of nonzero epoch requirement to pkg.installed state
documentation
• PR #32482: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• f5bd6bd Backport 31164 and 31364 (#32474)
• PR #32450: (cachedout) Pass parser options into batch mode
• b299835 Issue #28706: Fix state user.present behavior. (#32448)
• cef33d5 Argument name in docs should match actual arg name (#32445)
• PR #32432: (ticosax) [dockerng] Fix Domainname introspection
• PR #32427: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #32423: (jtand) Update glusterfs_test to be inline with #32312
• PR #32425: (cachedout) Fix salt-cloud parallel provisioning
• 51fb2ac FreeBSD supports packages in format java/openjdk7 so the prior commit broke that functionality.
Check freebsd/pkg #1409 for more info.
• 709410a Improve git_pillar documentation/logging
• c53efc3 Update master config docs
• PR #32323: (mcalmer) fix sorting by latest version when called with an attribute
• PR #32376: (amontalban) Fixes saltstack/salt`#28262`_
• 0d9a06b Cleaner deprecation process with decorators
• 6979fda Correcty index glusterfs bricks
• PR #32393: (jfindlay) modules.win_timezone: don't list all zones in debug log
• PR #32372: (rallytime) Back-port #32358 to 2015.8
• PR #32392: (multani) Fix documentation on boto_asg and boto_elb modules and states
• PR #32373: (cachedout) Resolve memory leak in authentication
• PR #32126: (cro) Add a couple CLI examples for the highstate outputter.
• PR #32353: (mcalmer) Prevent metadata download when listing installed products
• PR #32321: (abednarik) Better message when minion fail to start
• PR #32345: (nmadhok) [2015.8] Check if profile key exists in vm_ dict
• PR #32343: (Ferbla) Fixed win_wua example documentation
• PR #32360: (rallytime) Make sure hash_type is lowercase in master/minion config files
• PR #32361: (cro) SDB is no longer experimental
• PR #32336: (rallytime) Back-port #28639 to 2015.8
• PR #32332: (rallytime) Don't unsubscribe from open events on the CLI too early on long-running commands
• PR #32333: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #32289: (rallytime) New salt-cloud instances should not use old hash_type default.
• PR #32291: (twangboy) Fix bad output for chocolatey.version (fixes #14277)
• PR #32295: (rallytime) Test the contents of 'deploy_scripts_search_path' in salt.config.cloud_config
• PR #32315: (ahus1) fixing file.managed with requests lib
• PR #32316: (vutny) Update Salt Bootstrap tutorial
• PR #32325: (bdrung) Re-add shebang to ssh-id-wrapper shell script
• PR #32326: (bdrung) Fix typos
• PR #32300: (twangboy) Add documentation to disable winrepo/winrepo_ng
• PR #32288: (terminalmage) use dictupdate.merge instead of dict.update to merge CLI pillar overrides
• PR #32243: (isbm) Ensure latest pkg.info_installed ensure latest
• PR #32268: (ticosax) [dockerng] Improve detection for older versions of docker-py
• PR #32258: (jacobhammons) Replaces incorrect reference to master_alive_check
• PR #32254: (twangboy) Fix Display Name with spaces in win_servermanager
• PR #32248: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #32230: (terminalmage) systemd.py: Support both update-rc.d and chkconfig as managers of sysv
services
• PR #32249: (jacobhammons) Fixes windows download paths to account for patch
• PR #32221: (dmurphy18) Fix version check, fix extracting Major and Minor versions from __ver…
• PR #32227: (twangboy) Remove list2cmdline usage from win_service.py
• PR #32239: (anlutro) Add state file name to warning log line
• PR #32215: (DmitryKuzmenko) rhel oscodename
• PR #32217: (jacobhammons) 2015.8.8.2 release notes
• PR #32212: (rallytime) Back-port #32197 to 2015.8
• PR #32211: (rallytime) Back-port #32210 to 2015.8
• PR #32209: (rallytime) Back-port #32208 to 2015.8
• PR #32204: (ticosax) [dockerng] Consider labels carried by the image when comparing user defined
labels.
• PR #32186: (rallytime) Add some "best practices" information to test documentation
• PR #32176: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #32163: (rallytime) Update nacl.config docs to use key value instead of 'None'
• PR #32166: (vutny) salt.states.file: correct examples with multiline YAML string
• PR #32168: (rallytime) Lint 2015.8
• PR #32165: (terminalmage) Make __virtual__ for rhservice.py more robust
• PR #32160: (cachedout) Fix beacon tutorial docs
• PR #32145: (paclat) fixes 29817
• PR #32133: (basepi) Pass eauth user/groups through salt-api to destination functions
• PR #32127: (rallytime) Add runners to __salt__ docs
• PR #32143: (DmitryKuzmenko) Set auth retry count to 0 if multimaster mode is failover.
• PR #32134: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #32091: (clarkperkins) Fixed the regression in 410da78
• PR #32135: (rallytime) [2015.8] Support multiple valid option types when performing type checks
• PR #31760: (sakateka) SMinion need wait future from eval_master
• PR #32106: (jfindlay) update suse master service patch
• PR #32130: (jacobhammons) Added known issues 32004 and 32044 to 2015.8.8 release notes
• PR #32105: (clarkperkins) Fixed invalid deploy_scripts_search_path
• PR #32117: (tomlaredo) Fixed validation type for file_ignore_glob
• PR #32113: (sakateka) Fix log message for AsyncAuth initialization
• PR #32116: (ticosax) Obtain default value of memory_swap from the container.
• PR #32098: (rallytime) Back-port #32083 to 2015.8
• PR #32099: (jacobhammons) 2015.8.8 release docs
• PR #32088: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #32074: (Xiami2012) Fix code for proto args in modules.iptables
• PR #32053: (basepi) [2015.8] Fix rabbitmq_user.present tag handling
• PR #32023: (sbreidba) Move constant declaration into member variable to avoid issues when m…
• PR #32026: (techhat) Don't require the decode_out file to already exist
• PR #32019: (rallytime) Back-port #32012 to 2015.8
• PR #32015: (ticosax) [dockerng] Fix ports exposition when protocol is passed.
• PR #31999: (jacobhammons) Fixes a doc build exception caused by missing mocks for modules.win_dacl
• PR #31992: (notpeter) salt-cloud: add D2 and G2 EC2 instance types
• PR #31981: (lloydoliver) include rotational disks in grains under linux
• PR #31970: (twangboy) Add apply_template_on_contents for windows
• PR #31960: (aletourneau) fixed ec2 get_console_output
• PR #31958: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• 3934c66 Merge branch '2015.5' into '2015.8'
• PR #31935: (twangboy) Back port nullsoft build script from 2015.8
• PR #31912: (jfindlay) log.mixins: remove extermporaneous .record
Salt 2015.8.11 Release Notes
Version 2015.8.11 is a bugfix release for 2015.8.0.
Returner Changes
• Any returner which implements a save_load function is now required to accept a minions keyword
argument. All returners which ship with Salt have been modified to do so.
New Configuration Parameter: rotate_aes_key
• Rotate_aes_key causes Salt to generate a new AES key whenever a minion key is deleted. This eliminates
the chance that a deleted minion could continue to eavesdrop on communications with the master if it
continues to run after its key is deleted. See the entry in the documentation for rotate_aes_key.
Ubuntu 16.04 Packages
SaltStack is now providing official Salt 2015.8 packages for Ubuntu 16.04.
Changes for v2015.8.10..v2015.8.11
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-07-14T21:16:18Z
Total Merges: 122
Changes:
• PR #34676: (cachedout) Revert "Modify lodaer global test to use populated dunders"
• PR #34601: (lorengordon) Clarifies the proper way to reference states
• bc63f25 Lint 34644 (#34651)
• 5036026 Adjust the mine test a little bit to give it a better chance of success (#34647)
• PR #34642: (jtand) Check that mysqladmin exists before running mysql integration tests
• PR #34618: (jtand) Network state integration test test=True
• PR #34617: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• b90ae40 Add support for edge case when Cmd and Entrypoint can't be blanked (#34593)
• 12b579c When sorting list actual_data, make it a list (#34590)
• 7dd8035 Gate docker unit test to check for docker (#34591)
• ae38c87 Add a bunch of documentation on getting files from other environments (#34560)
• PR #34531: (terminalmage) Support ignore_epoch argument in version comparisons
• PR #34545: (terminalmage) Handle cases where Docker Remote API returns an empty ExecutionDriver
• PR #34546: (rallytime) Rename unit.states.boto_secgroup to unit.states.boto_secgroup_test
• PR #34537: (rallytime) Rename tests.unit.simple to tests.unit.simple_test
• fbab2f8 [2015.8] Update bootstrap script to latest stable (#34527)
• 6b8c76a Prevent many errors in the test suite in loader tests (#34521)
• c2f296c Fix wrong order of retention_policy_exists (#34507)
• PR #34518: (terminalmage) Fix pkg.latest integration test for non-LTS ubuntu
• PR #34513: (cachedout) Lower the log level for modules which cannot be loaded to trace
• PR #34498: (rallytime) Use -O in the wget example in the bootstrap tutorial for the develop branch
• 3ebba02 Rename some unit test files by adding _test (#34503)
• 8722257 Improve top file merging documentation (#34505)
• 6ce7cb9 Gracefully handle non-XML output in GlusterFS execution module. (#34492)
• 7529945 Use skipTest for network state integration test (#34489)
• 0f3f87f Update dnsmasq.get_config docs to use correct config_file param. (#34488)
• PR #34462: (terminalmage) Use --always when available to git describe
• PR #34467: (rallytime) Back-port #34457 to 2015.8
• PR #34432: (twangboy) Fix file.append
• PR #34429: (terminalmage) Skip version checking for targeted packages in pkg.latest state
• 0a26459 Forgot reference to inotify (#34455)
• PR #34451: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #34401: (terminalmage) Use rpmdev-vercmp as a fallback for version comparison on RHEL5
• PR #34366: (steverweber) Update service.py
• PR #34426: (cro) Document that inotify is Linux only
• PR #34392: (cro) Clarify that salt-cloud doesn't get installed by bootstrap
• PR #34373: (jtand) Network state integration test
• d6af1de Optimize pkg integration tests and add a couple new tests (#34377)
• PR #34368: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• 94e0946 Back-port #34324 to 2015.8 (#34344)
• 11dc020 Making salt-ssh pass proper return codes for jinja rendering errors (#34342)
• f6bd1ad Revert py3modernize lint changes (#34339)
• PR #34306: (ghedo) Fix iptables.flush state: Do not force 'filter' table when flushing
• 0c60fea Doc clarifications to file modules, addition of new profile log level to docs, fixed example in
dnsmasq (#34323)
• b793426 Remove unnecessarily-disabled sanity check (#34325)
• PR #34335: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• a6d3cc6 Typo in dockerio doc (#34319)
• PR #34312: (rallytime) [2015.8] Update to latest bootstrap script v2016.06.27
• PR #34307: (rallytime) Fix test example in integration testing docs
• PR #34233: (thegoodduke) ipset: fix the comment containing blank
• PR #34257: (rallytime) Use 'config_dir' setting instead of CONFIG_DIR in gpg renderer
• PR #34274: (clinta) Don't escape source before calling managed
• PR #34258: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #34093: (terminalmage) Catch CommandExecutionError in pkg states
• PR #34136: (meaksh) Fixed behavior for SUSE OS grains in 2015.8
• 56c7267 fix regression from #33681 which causes pulling a list of s3 objects via s3.query to fail (‐
#34208)
• 02eb331 Fix a pair of gitfs bugs (#34218)
• PR #34182: (rallytime) Handle child PIDs differently depending on the availability of psutils
• 5d3ec31 Clarify pkg.list_repo_pkgs docstring for held packages (#34188)
• 5bca5c4 Change target for dockerng assuming default status to Nitrogen release (#34206)
• PR #34184: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #34176: (rallytime) Back-port #34103 to 2015.8
• PR #34179: (terminalmage) Raise the correct exception when gitfs lockfile is empty
• PR #34178: (terminalmage) Remove unnecesssary comment
• 6387d16 fix salt --summary to count not responding minions correctly (#34165)
• e5949ea doc: add missing dot (#34175)
• 47595d6 Typo fix (#34174)
• PR #34077: (rallytime) Add some grains targeting tests
• PR #34142: (isbm) Move log message from INFO to DEBUG.
• 79a719b Update documentation on "refresh" behavior in pkg states (#34100)
• 6d0d52f modules.pkg int tests: skip refresh_db upon error (#34072)
• PR #34069: (rallytime) Add a test to check for disconnected minion messaging
• PR #34048: (terminalmage) RFC: proposed fix for multiple fileserver updates in masterless runs
• PR #34011: (rallytime) Back-port #33948 and #34009 to 2015.8
• bca4371 Fixed a bug in the consul.py module that was preventing services (#34051)
• PR #34045: (jacobhammons) Updated latest release version
• f9bfcde Always make changes to minion config if set (#34020)
• e25dba4 More YAML indentation fixes in state module examples (#34030)
• PR #34018: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• 7d940ae states.file: fix indentation in YAML examples (#34003)
• 4c7fac0 Remove loader test for pam module (#34002)
• PR #33990: (jacobhammons) Adds links to several current Salt-related projects
• PR #33983: (twangboy) Clarify the account_exists parameter
• PR #33951: (jfindlay) modules.gem int tests: more fixes
• PR #33984: (jfindlay) Add docs and tests to disk state
• PR #33985: (rallytime) Write some more simple batch command tests
• 6080846 acl.ClientACL: add unit tests (#33684)
• a74f1b8 ZD 762 (#33942)
• PR #33946: (rallytime) Back-port #33698 to 2015.8
• PR #33952: (rallytime) Add base argument to salt-ssh grains wrapper for filter_by func
• 4a80649 Adds a "Generated on <timestamp>" line to the footer of each doc html page in the doc (#33962)
• b3ec39d Correct issue with ping on rotate with minion cache (#33765)
• PR #33888: (jfindlay) random.org checks
• 2dc1914 Add connecting_settings to boto_elb state attributes list (#33936)
• 91a2184 Wait for up to a minute for sync_after_install (#33917)
• PR #33877: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #33827: (cachedout) Fix broken locate.locate function
• PR #33839: (cachedout) Fix another unit test stacktrace in pkg_resource
• PR #33840: (cachedout) Remove matcher tests
• PR #33836: (cachedout) Fixing more stupid unit tests
• PR #33805: (jfindlay) states.pkg int tests: skip if pkg mgr unavailable
• PR #33808: (jfindlay) fix some problems with the gem module integration tests
• PR #33770: (jfindlay) service state integration tests
• PR #33691: (jtand) Gem integration test
• PR #33777: (sodium-chloride) Fix minor docstring issue of arg being missing
• PR #33759: (cachedout) Catch no minions exception in batch mode
• PR #33719: (cachedout) Catch oserror for race condition
• PR #33712: (meaksh) Fix for groupadd execution module failures in SLES11 systems
• PR #33718: (rallytime) Back-port #33700 to 2015.8
• PR #33727: (terminalmage) Fix git_pillar edge case for remote repos without a master branch
• PR #33728: (jfindlay) Make configurable_test_state configurable in test mode
• PR #33729: (twangboy) Add exclude option to win_servermanager
• PR #33743: (vutny) Debian installation docs: drop section about community-maintained repo
• 56c0a42 Create missing jid dir if it doesn't exist (#33653)
• PR #33654: (twangboy) Fix win servermanager
• PR #33679: (terminalmage) Only compile the template contents if they evaluate to True
• PR #33685: (jfindlay) modules.cp.get_url: add test for https://
• PR #33581: (dincamihai) Call zypper refresh after adding/modifying a repository
• PR #33681: (rallytime) Back-port #33599 to 2015.8
• PR #33396: (babilen) Issue 33393
• PR #33652: (terminalmage) Lower the log level for failed auths
• PR #33615: (danslimmon) Fix crash on unconnectable MySQL server (resolves #33582)
• PR #33558: (twangboy) Fix win servermanager
• PR #33555: (cachedout) Fix crashing Maintenence process
• PR #33501: (meaksh) unit tests for rpm.checksum() and zypper.download()
• PR #33513: (rallytime) Add a section to the jinja docs about escaping jinja
• PR #33520: (jacobhammons) Updated version numbers in the docs for the 2016.3.0 release
• PR #33507: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #33503: (rallytime) Add docs about minion config file in standalone minion docs
• PR #33474: (cachedout) Fix diskusage beacon
• PR #33465: (meaksh) jobs.exit_success allow one to check if a job has executed and exit successfully
• PR #33487: (jtand) Add docstring examples to glance.py and nova.py [2015.8]
• PR #33481: (rallytime) Fix docs about etcd config options and add pillar_opts doc
• PR #33490: (rallytime) Document the postgres.psql_query function
• PR #33480: (jfindlay) states.service: minor doc updates
• 4f96cc1 Return full pending computer name (#33483)
• a89be5e Use six.string_types in jobs runner (#33499)
• PR #33491: (BlaineAtAffirm) fix jobs.list_jobs failing with search_target
• PR #33478: (rallytime) Back-port #32484 to 2015.8
• PR #33457: (rallytime) Make doc formatting consistent and use correct versionadded
• 1dfa956 Don't allow a "repo" kwarg for pkgrepo.managed (#33477)
• b4071b0 Allow for config entry to be a list in a dict for beacons (#33476)
• PR #33469: (meaksh) check the RPM signature of zypper pkg.download packages and report errors
• 00f9090 Add docs about PyYAML's 1024 character limitations for simple keys (#33459)
• 3b12f39 Prevent several minion processes on the same machine (#33464)
• c8b4f33 Make --gpg-auto-import-keys a global param when calling zypper (#33432)
• 0c4e38c Fix the saltutil.wheel function and add integration tests (#33414)
• e4f00f9 Make sure the path we're removing is present first - avoid an OSError (#33440)
• 93fd00b Avoid a syntax error by using " instead of escaped ' (#33443)
• ec60b9c Fix virtual function (#33436)
• PR #33438: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• c9d0de4 Documentation update in file.serialize. (#33421)
• f8a90eb Fix LVM parameter devices as a pure list. Comma separated lists are c⦠(#33398)
• 3989e5b Spelling correction. (#33406)
• 9accb53 Update windows pkg.[install|remove] error logic (#33321)
• 04ac89d Add note about reload_modules functionality for pkg.installed (#33374)
• 637c2af Add note to absolute_imports practice about __future__ import (#33377)
• d35b81d Document how to set the alias file location for alias state (#33380)
• PR #33403: (jacobhammons) 2015.8.10 release notes
• PR #33381: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• 946d27e Fix traceback in logging for config validation (#33386)
• 38fbcf8 Add note about name parameter in git_pillar docs (#33369)
• 4925199 Add win_pkg to list of modules that support "version" in pkg.installed (#33362)
• 7a400a9 Add note to docs about api settings for Hipchat API v2 (#33365)
• 37e1930 Add initscripts, SystemD service units and environment files for Debian (#32857)
• PR #33370: (jacobhammons) Update docs version to 2015.8.9
• PR #33366: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• f248003 Remove mentions of windows not supporting pkgs param (#33361)
• 4fdb097 Update job_cache and keep_jobs docs to be more specific to their behavior (#33328)
• 2f06918 Properly detect newer Linux Mint distros (#33359)
• d85096c Fix UnboundLocalError in git.latest (#33340)
• e602446 Describes parameters in register_instances function (#33339)
• 5c29c65 Fix some link errors in the test writing tutorial (#33347)
• e532e58 Fix network.managed for windows (#33312)
• 11a2525 Bp 28467 calm mine (#33327)
• b897f2c import ps from psutil_compat in beacons (#33334)
• 089c1a2 remove redundant, incorrect sudo_runas config documentation (#33318)
• 1f7fda2 Disambiguate non-exact matches when checking if sysv service is enabled (#33324)
• 8c1f19a Allow concurrency mode in state runs if using sudo (#33325)
• ed14ef2 Fix master hanging after a request from minion with removed key. (#33333)
• daafa27 Cleanup comments in smbios.get output (fixes #33266) (#33306)
• bfe12d9 Fix iptables --match-set (#23643) (#33314)
• PR #33308: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
Salt 2015.8.12 Release Notes
Version 2015.8.12 is a bugfix release for 2015.8.0.
Changes for v2015.8.11..v2015.8.12
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-08-19T16:06:27Z
Total Merges: 57
Changes:
• PR #35611: (rallytime*) Everything in the sample master config file should be commented out
• PR #35569: (
*
rallytime) Write test for multiple unless commands where 1st cmd passes and 2nd fails
• PR #35600: (
*
rallytime) Update release notes for 2015.8.12
• PR #35599: (rallytime) Update release notes for 2015.8.12
• PR #35584: (terminalmage) Update linux_sysctl tests to reflect new context key
• PR #35575: (terminalmage) Add warning about AWS flagging of nmap usage
• PR #35577: (terminalmage) Unit file changes for 2015.8.12, 2016.3.3
• PR #35566: (rallytime) Back-port #35545 to 2015.8
• PR #35545: (hu-dabao) fix-35384, fix cmd.run unless
• PR #35492: (terminalmage) Clarify config.get docstring
• PR #35483: (gtmanfred) use __utils__ in salt.cloud
• PR #35546: (whiteinge) Salt api eauth fail gracefully
• PR #35525: (UtahDave) add missing glob import
• PR #35540: (rallytime) Whitespace fix for 2015.8
• PR #35510: (terminalmage) Better systemd integration
• PR #35513: (cachedout) Might be a good idea to be able to download the software we make
• PR #35302: (Ch3LL) Add job cache test
• PR #35512: (cachedout) Fixup 35419
• PR #35497: (deepakhj) Fixes spacing in requirements files
• PR #35508: (terminalmage) Add Carbon to versionadded for git.diff
• PR #35486: (rallytime) Update bootstrap script to latest stable (2016.08.16)
• PR #35413: (cachedout) Resolve path issues with cp.push
• PR #35476: (cachedout) Fixup SSH bug where sudo without sudo user would break
• PR #35471: (terminalmage) win_pkg: Fix traceback when package is not installed
• PR #35448: (isbm) Add ignore_repo_failure option to suppress zypper's exit code 106 on …
• PR #35451: (isbm) Bugfix: zypper mod repo unchanged
• PR #35453: (theothergraham) fixes #34279 - disk cache ttl expiry
• PR #35459: (thatch45) Ensure that output for salt-ssh gets back
• PR #35460: (rallytime) [2015.8] Update bootstrap script to latest stable (2016.08.15)
• PR #35442: (cachedout) Fix cp.push_dir pushing empty dirs
• PR #35436: (cachedout) Minor doc fixup
• PR #35132: (sjorge) fixes , causing lots of mayham (onchange) with 2016.3.2 for me
• PR #35394: (rallytime) Back-port #34573 to 2015.8
• PR #34573: (cedwards) Update freebsd.rst
• PR #35359: (terminalmage) Clean up open filehandles
• PR #35339: (isbm) Bugfix: Prevent continuous restart, if a dependency wasn't installed
• PR #35357: (twangboy) Fix file.recurse with clean: True on Windows (2015.8)
• PR #35323: (thatch45) Fix issue with bad error check in salt-vt
• PR #35325: (kev009) Fix freebsd netstat route on fbsd 10+
• PR #35301: (bobrik) Pass port to ssh.check_known_host, closes #35264
• PR #35309: (terminalmage) file.recurse: Do not convert octal mode string to int
• PR #35290: (terminalmage) Resolve a couple bugs in orchestration output
• PR #35211: (cachedout) Alternative sudo users for salt-ssh
• PR #35271: (bobrik) Default state_output_profile to True everywhere, closes #35166
• PR #35233: (terminalmage) Do not attempt to get fqdn_ip{4,6} grains when ipv{4,6} grains are empty
• PR #35202: (multani) doc: fix broken links in the test documentation page
• PR #35236: (rallytime) Back-port #35119 to 2015.8
• PR #35119: (derekmaciel) Assume two EVRs are equal if E and V are equal but one R is missing.
• PR #35240: (derekmaciel) Backport #35225 to 2015.8
• PR #35225: (derekmaciel) Add missing documentation for pkg.installed
• PR #35241: (terminalmage) Ensure max recursion in gitfs results in no blob object being returned.
• PR #35245: (rallytime) Back-port #35039 to 2015.8
• PR #35039: (whiteinge) Add saltenv support to module.run
• PR #35249: (terminalmage) Fix regression in git.latest
• PR #35174: (rallytime) Back-port #35146 to 2015.8
• PR #35146: (cachedout) Don't discard running beacons config when listing becaons
• PR #34827: (thatch45) fix beacon list to include all beacons being processed
• PR #35173: (rallytime) Back-port #35135 to 2015.8
• PR #35135: (rallytime) Add missing CLI Examples to aws_sqs module funcs
• PR #35145: (jacobhammons) doc version update to 2015.8.11, updates to release notes
• PR #35114: (terminalmage) Add clarification docs on a common git_pillar misconfiguration
• PR #34768: (hrumph) Fixes #34767
• PR #35043: (rallytime) Start release notes file for 2015.8.12
• PR #35050: (terminalmage) [orchestration] Properly handle runner/wheel funcs which accept a 'saltdev'
argument
• PR #35066: (jfindlay) returners.postgres_local_cache: do not log in __virtual__
• PR #35024: (bobrik) Cache systemd unit update check per unit, closes #34927
• PR #35026: (cachedout) Expressly deny a minion if a key cannot be found
• PR #35000: (rallytime) Back-port #33875 and #34999 to 2015.8
• PR #33875: (jmesquita) Fix naive fileserver map diff algorithm
• PR #34994: (rallytime) Back-port #34835 to 2015.8
• PR #34835: (thatch45) Make the mine and publish combine minion and master opts in salt-ssh
• PR #34991: (cachedout) SSH timeout
• PR #34976: (cachedout) Refine errors in client
• PR #34831: (thatch45) If the thin does not match, then redeploy, don't error
• PR #34916: (cachedout) Master performance improvement
• PR #34911: (cachedout) Backport #34906
• PR #34906: (cachedout) Set timeout for run_salt in test suite
• PR #34898: (hrumph) Stop multiple refreshes during call to pkg.list_upgrades
• PR #34606: (isbm) Bugfix: Exit on configuration read (backport)
• PR #34862: (thatch45) Fix salt-ssh cacheing issue
• PR #34869: (terminalmage) Fail git.latest states with uncommitted changes when force_reset=False
• PR #34859: (cachedout) Fix wheel test
• PR #34822: (thatch45) Fix salt-ssh state.high and state.low
• PR #34847: (cachedout) Add an option to skip the verification of client_acl users
• PR #34827: (thatch45) fix beacon list to include all beacons being processed
• PR #34833: (rallytime) Back-port #28521 to 2015.8
• PR #28521: (gongled) SPM: packaging doesn't work in Python 2.6. Fixed.
• PR #34823: (rallytime) Back-port #25276 to 2015.8
• PR #25276: (jacobhammons) copy spm.1 man page during setup
• PR #34828: (thatch45) Fix #34648
• PR #34818: (jtand) Skip mysql state test if mysqladmin is not available
• PR #34642: (jtand) Check that mysqladmin exists before running mysql integration tests
• PR #34803: (junovitch) salt/state.py: set
`chunk['order'] = 0' with `order: first'; fixes `#24744`_
• PR #34773: (randomed) Bugfix: Startup states on minions are not being written to mysql returner
• PR #34751: (cachedout) Remove unnedeed config test
• PR #34606: (isbm) Bugfix: Exit on configuration read (backport)
• PR #34754: (cachedout) Disable test
• PR #34741: (rallytime) Back-port #34726 to 2015.8
• PR #34726: (martinhoefling) Always loop over updated keys in non recursive update
• PR #34721: (rallytime) Add output_file option to master config docs
• PR #34689: (Azidburn) fix second run problems with pkg.installed using sources
• PR #34695: (isbm) Bugfix: Zypper pkg.list_products returns False on some empty values (2015.8)
Salt 2015.8.13 Release Notes
Version 2015.8.13 is a bugfix release for 2015.8.0.
Security Fixes
CVE-2017-5192: local_batch client external authentication not respected
The LocalClient.cmd_batch() method client does not accept external_auth credentials and so access to it
from salt-api has been removed for now. This vulnerability allows code execution for
already-authenticated users and is only in effect when running salt-api as the root user.
CVE-2017-5200: Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client
Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems
were enabled.
We recommend everyone on the 2015.8 branch upgrade to a patched release as soon as possible.
Changes for v2015.8.12..v2015.8.13
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2017-01-09T21:17:06Z
Statistics:
• Total Merges: 3
• Total Issue references: 3
• Total PR references: 5
Changes:
• 3428232 Clean up tests and docs for batch execution
• 3d8f3d1 Remove batch execution from NetapiClient and Saltnado
• 97b0f64 Lintfix
• d151666 Add explanation comment
• 62f2c87 Add docstring
• 9b0a786 Explain what it is about and how to configure that
• 5ea3579 Pick up a specified roster file from the configured locations
• 3a8614c Disable custom rosters in API
• c0e5a11 Add roster disable flag
Salt 2015.8.14 Release Notes
Version 2015.8.14 is a bugfix release for 2015.8.0.
Salt 2015.8.2 Release Notes
NOTE:
A significant orchestrate issue #29110 was discovered during the release process of 2015.8.2, so it
has not been officially released. Please use 2015.8.3 instead.
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2015-11-13T17:24:04Z
Total Merges: 378
Changes:
• PR #28730: (garethgreenaway) Fixes to how return_job is handled in the scheduler for the salt master.
• PR #28848: (cro) Lint
• PR #28842: (cachedout) Add transport setting to shell test
• PR #28837: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #28827: (jacksontj) Cleanup virtual_timer in loader
• PR #28836: (cachedout) Cast to dict to fix wheel tests in tcp
• PR #28834: (cachedout) Fix breakage in tcp server
• PR #28804: (cachedout) TCP test fixes
• PR #28826: (basepi) [2015.8] Add new tornado deps to salt-ssh thin
• PR #28759: (jfindlay) simplify stdin use of stdin in at.present state
• PR #28824: (rallytime) Back-port #28778 and #28820 to 2015.8
• PR #28803: (jfindlay) decode strings to utf-8
• PR #28782: (rallytime) Fixes to rabbitmq user state
• PR #28789: (nmadhok) Provide ability to enable/disable customization for newly create VMs using VMware
salt-cloud driver
• PR #28768: (mrosedale) 2015.8
• PR #28772: (rallytime) rabbitmq.list_user_permissions returns a dict, not a list. Don't expect a list.
• PR #28774: (rallytime) Back-port #28725 to 2015.8
• PR #28775: (rallytime) Back-port #28740 to 2015.8
• PR #28755: (rallytime) Move most vmware driver list_* functions to use salt.utils.vmware functions
• PR #28744: (jfindlay) import gate elementtree
• PR #28758: (jfindlay) remove redundant logic in useradd execution module
• PR #28757: (mbarrien) Bug fix: pip command to not quote spaces in cmd line args
• PR #28764: (multani) Various documentation fixes
• PR #28752: (aboe76) Update openSUSE grain for tumbleweed
• PR #28713: (hexedpackets) Rename consul.list to consul.list_keys.
• PR #28719: (jacobhammons) removed dependencies info from docs
• PR #28709: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #28710: (rallytime) Pass kwargs correctly to _get_group from get_group_id
• PR #28698: (rallytime) Back-port #28530 to 2015.8
• PR #28700: (rallytime) Back-port #28679 to 2015.8
• PR #28695: (s0undt3ch) [2015.8] Update to latest bootstrap script v2015.11.09
• PR #28656: (clarkperkins) #28526 fixed yumpkg module issue with pkg.installed
• PR #28672: (jfindlay) add OS grain support for SuSE Leap
• PR #28673: (jfindlay) add hidden_opts to mount.mounted
• PR #28667: (cro) saltutil.sync_all should sync proxymodules as well as the rest.
• PR #28665: (jfindlay) fixes to windows execution and state modules
• PR #28660: (techhat) Don't sign empty regions
• PR #28632: (terminalmage) Fixes/improvements to pkgbuild state/modules
• PR #28658: (techhat) Remove _pkgdb_fun() references
• PR #28653: (rallytime) Provide possible parameters for boto_rds.present engine values
• PR #28649: (bdrung) Fix OS related grains on Debian
• PR #28646: (rallytime) Back-port #28614 to 2015.8
• PR #28647: (rallytime) Back-port #28624 to 2015.8
• PR #28648: (rallytime) Merge branch '2015.5' into '2015.8'
• PR #28638: (anlutro) Salt-SSH: Return more concise error when SSH command fails
• PR #28644: (pass-by-value) Make sure versionchanged is correct
• PR #28615: (The-Loeki) Fixes to FreeBSD pkg
• PR #28613: (cachedout) Add facility to deepcopy bound methods in Py2.6 and apply to grains
• PR #28612: (rallytime) Remove unsupported storage_type argument for parity with boto_rds module
• PR #28611: (rallytime) [2015.8] Be explicit about salt.utils.vmware function calls
• PR #28610: (pass-by-value) Lxc config additions
• PR #28602: (nasenbaer13) Allow setting of custom dimensions in asg alarm specification
• PR #28596: (rallytime) Merge branch '2015.5' into '2015.8'
• PR #28593: (blueyed) doc: fix typo with salt.states.file: s/preseve/preserve/
• PR #28578: (twangboy) Fixed the script... something got broke...
• PR #28579: (jfindlay) fix __virtual__ returns: tls,uptime mods
• PR #28584: (rallytime) If AssociatePublicIpAddress is set to True, don't auto-assign eip.
• PR #28576: (jacksontj) Only encode the zmq message once
• PR #28587: (cachedout) Reset yaml rendering hooks to avoid leaks
• PR #28581: (basepi) Revert b4875e585a165482c4c1ddc8987d76b0a71ef1b0
• PR #28573: (jacksontj) Add body to salt.utils.http.query returns
• PR #28564: (s0undt3ch) [2015.8] Update to latest bootstrap script v2015.11.04
• PR #28561: (Oro) Issue #28527 boto_rds.create does not work
• PR #28560: (bdrung) Fix various typos
• PR #28550: (jfindlay) check timedatectl errno and return stdout on failure
• PR #28545: (jfindlay) pass on concurrent create of jid_dir in local_cache
• PR #28544: (rallytime) Start moving some vmware.py cloud funcs to utils/vmware.py
• PR #28543: (gtmanfred) clean up changes for pkg.uptodate and supervisord.dead
• PR #28538: (jfindlay) decode path and url to utf-8 in url.create
• PR #28533: (jfindlay) decode highstate error messages to utf-8
• PR #28547: (nmadhok) [Backport] [2015.8] Tasks can be in queued state instead of running
• PR #28535: (techhat) Fail gracefully if 169.254* isn't available
• PR #28536: (cro) Default configuration file for proxy minions.
• PR #28534: (rallytime) Add versionadded directive for vpc_name arg in boto_secgroup.present
• PR #28516: (rallytime) Back-port #28489 to 2015.8
• PR #28506: (basepi) [2015.8] Log minion list for all rosters, at debug level
• PR #28514: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #28502: (cachedout) Lint #28427
• PR #28464: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #28486: (rallytime) Back-port #26945 to 2015.8
• PR #28472: (gtmanfred) overwrite more than one value with names
• PR #28493: (rallytime) Back-port #28492 to 2015.8
• PR #28494: (whiteinge) Fix filter_by passing incorrect parameters to match functions
• PR #28491: (rallytime) Back-port #28388 to 2015.8
• PR #28465: (twangboy) Fix #12363: Password Expiration in Windows
• PR #28485: (nasenbaer13) Fix invalid usage of _get_conn causing #28484
• PR #28454: (sdm24) Fixed nodegroup doc formatting to correctly link to pillar_opts in the master config
• PR #28487: (cachedout) Lint 28456
• PR #28457: (sdm24) Clarified comments for grains/core.py for ip_interfaces, ip4_interfac…
• PR #28473: (anlutro) Show check_cmd output on failure
• PR #28460: (jtand) Skipped wipefs test if wipefs does not exist on OS
• PR #28426: (terminalmage) pkgbuild.built: make template engine optional
• PR #28422: (cachedout) Handle windows logging on thread_multi [WIP]
• PR #28425: (twangboy) Fix #13513 - Reflection
• PR #28417: (rallytime) Add note about azure sdk version to getting started docs
• PR #28410: (jacksontj) Add retries to the zeromq.AsyncReqMessageClient
• PR #28404: (rallytime) Back-port #28395 to 2015.8
• PR #28405: (opdude) Detect legacy versions of chocolatey correctly
• PR #28187: (sjansen) fix at.present
• PR #28375: (merll) Merge pillar includes correctly
• PR #28376: (ryan-lane) Support update of route53 records with multiple values
• PR #28377: (terminalmage) Deprecate 'always' in favor of 'force' in pkgbuild.built
• PR #28380: (cro) Add missing call for service provider
• PR #28348: (jfindlay) salt.utils.alias informs user they are using a renamed function
• PR #28364: (jtand) In CentOS 5 the .split() causes a stacktrace.
• PR #28361: (rallytime) Back-port #28087 to 2015.8
• PR #28360: (multani) Various documentation fixes
• PR #28370: (rallytime) Back-port #28276 to 2015.8
• PR #28353: (merll) Consider each pillar match only once.
• PR #28334: (anlutro) iptables needs -m comment for --comment to work
• PR #28340: (jfindlay) sdecode file and dir lists in fileclient
• PR #28344: (ryan-lane) Fix iptables state for non-filter tables
• PR #28343: (rallytime) Back-port #28342 to 2015.8
• PR #28330: (rallytime) Back-port #28305 to 2015.8
• PR #28270: (rallytime) Refactor RabbitMQ Plugin State to correctly use test=true and format errors
• PR #28269: (rallytime) Refactor rabbitmq_user state to use test=True correctly
• PR #28299: (rallytime) Add test for availability_zone check to boto_vpc_tests
• PR #28306: (sdm24) Updated the Nodegroup docs to include how to target nodegroups in SLS Jinja
• PR #28308: (rallytime) Firewalld state services should use --add-service, not --new-service
• PR #28302: (DmitryKuzmenko) Always close socket even if there is no stream.
• PR #28282: (keesbos) Fix for __env__ in legacy git_pillar
• PR #28258: (pass-by-value) Add service module for ssh proxy example
• PR #28294: (bechtoldt) correct a bad default value in http utility
• PR #28185: (jtand) Added single package return for latest_version, fixed other bug.
• PR #28297: (cachedout) Lint fix proxy junos
• PR #28210: (terminalmage) Fix for ext_pillar being compiled twice in legacy git_pillar code
• PR #28265: (jfindlay) fix blockdev execution and state modules
• PR #28266: (rallytime) Back-port #28260 to 2015.8
• PR #28253: (rallytime) Back-port #28063 to 2015.8
• PR #28231: (rallytime) Make sure we're compairing strings when getting images in the DO driver
• PR #28224: (techhat) Optimize create_repo for large packages
• PR #28214: (rallytime) Don't stacktrace if invalid credentials are passed to boto_route53 state
• PR #28228: (rallytime) Back-port #27562 to 2015.8
• PR #28232: (rallytime) Add documentation to supply the ssh_username: freebsd config to DO docs
• PR #28198: (jacobhammons) Added note regarding missing spm exe on Debian/Ubuntu
• PR #28182: (erchn) Some fixes for nova driver for Rackspace
• PR #28181: (rallytime) Revamp firewalld state to be more stateful.
• PR #28176: (cro) Add ping function
• PR #28167: (The-Loeki) file.serialize needs to add a final newline to serialized files
• PR #28168: (rallytime) Make sure availability zone gets passed in boto_vpc module when creating subnet
• PR #28148: (basepi) [2015.8] Only expand nodegroups to lists if there is a nested nodegroup
• PR #28155: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #28149: (pass-by-value) Add clarification to cloud profile doc about host
• PR #28146: (cachedout) Lint dracr.py
• PR #28141: (rallytime) Don't use RAM for root disk size in linode.py
• PR #28143: (jtand) Removed blank line at end of chassis.py
• PR #28021: (blueyed) Handle includes in include_config recursively
• PR #28095: (rallytime) Back-port #28001 to 2015.8
• PR #28096: (rallytime) Back-port #28061 to 2015.8
• PR #28139: (rallytime) Back-port #28103 to 2015.8
• PR #28098: (jacksontj) For all multi-part messages, check the headers. If the header is not …
• PR #28134: (bernieke) fix unicode pillar values #3436
• PR #28076: (redmcg) Replace option 'i' with an explicit queryformat
• PR #28119: (jacksontj) Check if the remote exists before casting to a string.
• PR #28105: (jfindlay) add reason for not loading localemod
• PR #28108: (cachedout) Set logfile permsissions correctly
• PR #27922: (cro) WIP States/Modules for managing Dell FX2 chassis via salt-proxy
• PR #28104: (pass-by-value) Add documentation for proxy minion ssh
• PR #28020: (DmitryKuzmenko) LazyLoader deepcopy fix.
• PR #27933: (eliasp) Provide all git pillar dirs in opts[pillar_roots]
• PR #28013: (rallytime) Back-port #27891 to 2015.8
• PR #28018: (rallytime) Add example to Writing Grains of how grains can be loaded twice
• PR #28084: (cachedout) #28069 with lint
• PR #28079: (The-Loeki) Fix for trace dump on failing imports for win32com & pythoncom 4 win_task
• PR #28081: (The-Loeki) fix for glance state trace error on import failure
• PR #28066: (jacksontj) Use the generic text attribute, not .body of the handler
• PR #28019: (rallytime) Clean up version added and deprecated msgs to be accurate
• PR #28058: (rallytime) Back-port #28041 to 2015.8
• PR #28055: (rallytime) Back-port #28043 to 2015.8
• PR #28046: (pass-by-value) Add pkg install and remove functions
• PR #28050: (ryan-lane) Use a better method for checking dynamodb table existence
• PR #28042: (jfindlay) fix repo path in ubuntu installation documentation
• PR #28033: (twangboy) Fixed win_useradd.py
• PR #28027: (cro) Make ssh conn persistent.
• PR #28029: (jacobhammons) Updated release notes with additional CVE information
• PR #28022: (jacobhammons) Updated Debian and Ubuntu repo paths with new structure for 2015.8.1
• PR #27983: (rallytime) Pip state run result should be False, not None, if installation error occurs.
• PR #27991: (twangboy) Fix for #20678
• PR #27997: (rallytime) Remove note about pip bug with pip v1 vs pip v2 return codes
• PR #27994: (jtand) Fix schedule_test failure
• PR #27992: (cachedout) Make load beacon config into list
• PR #28003: (twangboy) Fix #26336
• PR #27984: (rallytime) Versionadded for clean_file option for pkgrepo
• PR #27989: (ryan-lane) Do not try to remove the main route table association
• PR #27982: (pass-by-value) Add example for salt-proxy over SSH
• PR #27985: (jacobhammons) Changed current release to 8.1 and added CVEs to release notes
• PR #27979: (cachedout) Fix regression with key whitespace
• PR #27977: (cachedout) Decode unicode names in fileclient/server
• PR #27981: (jtand) Fixed trailing whitespace lint
• PR #27969: (jeffreyctang) fix parse of { on next line
• PR #27978: (terminalmage) Add note about dockerng.inspect_image usage
• PR #27955: (pass-by-value) Bp 27868
• PR #27953: (The-Loeki) Fix CloudStack cloud for new 'driver' syntax
• PR #27965: (ryan-lane) Fail in boto_asg.present if alarms fail
• PR #27958: (twangboy) Added new functionality to win_task.py
• PR #27959: (techhat) Change __opts__ to self.opts
• PR #27943: (rallytime) Back-port #27910 to 2015.8
• PR #27944: (rallytime) Back-port #27909 to 2015.8
• PR #27946: (jtand) Changed grain to look at osmajorrelease instead of osrelease
• PR #27914: (rallytime) Use eipalloc instead of eni in EC2 interface properties example
• PR #27926: (rallytime) Back-port #27905 to 2015.8
• PR #27927: (ryan-lane) Do not manage ingress or egress rules if set to None
• PR #27928: (rallytime) Back-port #27908 to 2015.8
• PR #27676: (ticosax) [dockerng] WIP No more runtime args passed to docker.start()
• PR #27885: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #27882: (twangboy) Created win_task.py module
• PR #27802: (terminalmage) Correct warning logging when update lock is present for git_pillar/winrepo,
add runner function for clearing git_pillar/winrepo locks
• PR #27886: (rallytime) Handle group lists as well as comma-separated group strings.
• PR #27746: (anlutro) timezone module: handle timedatectl errors
• PR #27816: (anlutro) Make system.reboot use shutdown -r when available
• PR #27874: (rallytime) Add mention of Periodic Table naming scheme to deprecation docs
• PR #27883: (terminalmage) Work around --is-ancestor not being present in git-merge-base before git
1.8.0
• PR #27877: (rallytime) Back-port #27774 to 2015.8
• PR #27878: (rallytime) Use apache2ctl binary on SUSE in apache module
• PR #27879: (cro) Add docs for 2015.8.2+ changes to proxies
• PR #27731: (cro) Add __proxy__ to replace opts['proxymodule']
• PR #27745: (anlutro) Add pip_upgrade arg to virtualenv.managed state
• PR #27809: (ticosax) [dockerng] Remove dockerng.ps caching
• PR #27859: (ticosax) [dockerng] Clarify doc port bindings
• PR #27748: (multani) Fix #8646
• PR #27850: (rallytime) Back-port #27722 to 2015.8
• PR #27851: (rallytime) Back-port #27771 to 2015.8
• PR #27833: (jfindlay) decode path before string ops in fileclient
• PR #27837: (jfindlay) reverse truth in python_shell documentation
• PR #27860: (flavio) Fix OS related grains on openSUSE and SUSE Linux Enterprise
• PR #27768: (rallytime) Clean up bootstrap function to be slightly cleaner
• PR #27797: (isbm) Zypper module clusterfix
• PR #27849: (rallytime) Don't require a size parameter for proxmox profiles
• PR #27827: (techhat) Add additional error checking to SPM
• PR #27826: (martinhoefling) Fixes #27825
• PR #27824: (techhat) Update Azure errors
• PR #27795: (eguven) better change reporting for postgres_user groups
• PR #27799: (terminalmage) Fix usage of identity file in git.latest
• PR #27717: (pass-by-value) Proxy beacon example
• PR #27793: (anlutro) update code that changes log level of salt-ssh shim command
• PR #27761: (terminalmage) Merge git pillar data instead of using dict.update()
• PR #27741: (ticosax) [dockerng] pass filters argument to dockerng.ps
• PR #27760: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #27757: (jfindlay) fix virtual fcn return doc indentation
• PR #27754: (rallytime) Change test.nop version directive to 2015.8.1
• PR #27734: (jacobhammons) Updated saltstack2 theme to add SaltConf16 banner
• PR #27727: (rallytime) Merge #27719 w/pylint fix
• PR #27724: (jfindlay) update __virtual__ return documentation
• PR #27725: (basepi) Fix global injection for state cross calls
• PR #27628: (ticosax) [dockerng] Add support of labels parameter for dockerng
• PR #27704: (jacobhammons) Update compound matcher docs to clarify the usage of alternate delimi…
• PR #27705: (rallytime) Merge #27602 with final pylint fix
• PR #27691: (notpeter) Faster timeout (3s vs 2min) for instance metadata lookups. #13850.
• PR #27696: (blueyed) loader.proxy: call _modules_dirs only once
• PR #27630: (ticosax) Expose container_id in mine.get_docker
• PR #27600: (blueyed) dockerng: use docker.version=auto by default
• PR #27689: (rallytime) Merge #27448 with test fixes
• PR #27693: (jacobhammons) initial engines topic, updates to windows repo docs
• PR #27601: (blueyed) dockerng: handle None in container.Names
• PR #27596: (blueyed) gitfs: fix UnboundLocalError for 'msg'
• PR #27651: (eliasp) Check for existence of 'subnetId' key in subnet dict
• PR #27639: (rallytime) Docement version added for new artifactory options
• PR #27677: (rallytime) Back-port #27675 to 2015.8
• PR #27637: (rallytime) Back-port #27604 to 2015.8
• PR #27657: (garethgreenaway) Fix to pkg state module
• PR #27632: (rallytime) Back-port #27539 to 2015.8
• PR #27633: (rallytime) Back-port #27559 to 2015.8
• PR #27579: (rallytime) Change boto_route53 region default to 'universal' to avoid problems with boto
library
• PR #27581: (tkwilliams) Add support for 'vpc_name' tag in boto_secgroup module and state
• PR #27624: (nasenbaer13) Wait for sync is not passed to boto_route53 state
• PR #27614: (blueyed) doc: minor fixes to doc and comments
• PR #27627: (eyj) Fix crash in boto_asg.get_instances if the requested attribute is None
• PR #27616: (jacobhammons) Updated windows software repository docs
• PR #27569: (lomeroe) boto_vpc.get_subnet_association now returns a dict w/key of vpc_id, a…
• PR #27567: (whiteinge) Use getattr to fetch psutil.version_info
• PR #27583: (tkwilliams) Fixup zypper module
• PR #27597: (blueyed) gitfs: remove unused variable "bad_per_remote_conf"
• PR #27585: (ryan-lane) Fix undefined variable in cron state module
Salt 2015.8.3 Release Notes
Security Fix
CVE-2015-8034: Saving state.sls cache data to disk with insecure permissions
This affects users of the state.sls function. The state run cache on the minion was being created with
incorrect permissions. This file could potentially contain sensitive data that was inserted via jinja
into the state SLS files. The permissions for this file are now being set correctly. Thanks to @zmalone
for bringing this issue to our attention.
Changes
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2015-11-25T00:03:40Z
Merges: 452
Changes:
• PR #29172: (basepi) [2015.8] Backport new philips_hue proxy features from develop
• PR #29167: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #29141: (optix2000) Add test case for require: sls with only import statements
• PR #29072: (terminalmage) Several gitfs/git_pillar fixes
• PR #29118: (ticosax) [dockerng] Add networking capabilities
• PR #29145: (anlutro) Remove duplicate import of salt.utils.s3
• PR #29148: (lomeroe) correcting parameter calls to boto get_zone/create_zone functions in …
• PR #29108: (lorengordon) Enforce length as an int, fixes #29107
• PR #29125: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #29126: (fcrozat) Fix deployment when umask is non-standard
• PR #29124: (rallytime) Back-port #28130 to 2015.8
• PR #29076: (RealKelsar) We can't query installed use flags for a non installed pkg
• PR #29097: (rallytime) Back-port #29070 to 2015.8
• PR #29090: (gtmanfred) clean up novaclient module
• PR #29095: (terminalmage) Add warning about pygit2 API instability
• PR #28919: (cro) Update Philips Hue proxy minion to support __proxy__ instead of proxymodule stored in
__opts__
• PR #29065: (cachedout) Handle failures inside python's inspect if a module is reloaded
• PR #29057: (paulnivin) Add local file support for file.managed source list
• PR #29017: (jfindlay) pagerduty runner: add missing salt.utils import
• PR #29039: (anlutro) Allow passing list of pip packages to virtualenv.managed
• PR #29047: (schwing) Fix salt.modules.gpg.import_key exception: 'GPG_1_3_1 referenced before
assignment'
• PR #29050: (terminalmage) Make git_pillar global config option docs more prominent
• PR #29048: (nmadhok) Fix incorrect debug log statement
• PR #29024: (jfindlay) cache runner test: add new unit tests
• PR #28967: (cro) Fix some issues with password changes
• PR #29020: (basepi) [2015.8] Add special list-only nodegroup support to salt-ssh
• PR #28970: (terminalmage) Properly handle non-string saltenvs
• PR #28959: (rallytime) Add blade password example and make note of timeout
• PR #29000: (kiorky) [Mergeable] Fix up LXC
• PR #29014: (jfindlay) systemd module: remove unneeded col command
• PR #28983: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #28969: (rallytime) Back-port #28825 to 2015.8
• PR #28787: (chrigl) closes #28784
• PR #28944: (rallytime) The ret result must contain 'name', not 'chassis_name' for the state compiler.
• PR #28957: (terminalmage) Fix version number for new state option
• PR #28950: (DmitryKuzmenko) PR 28812 which test fix
• PR #28812: (isbm) Enhance 'which' decorator reliability
• PR #28934: (terminalmage) git.latest: Add update_head option to prevent local HEAD from being updated
• PR #28937: (rallytime) Update dellchassis state example to use correct jinja syntax
• PR #28889: (jfindlay) state compiler: relax aggregate conditional check
• PR #28921: (rallytime) Back-port #25470 to 2015.8
• PR #28922: (rallytime) Change 2015.8.2 release note title to reflect proper version
• PR #28891: (jfindlay) rh_service module: fix logic in _chkconfig_is_enabled
• PR #28892: (jfindlay) grains.core: correctly identify SLES 11 distrib_id
• PR #28910: (lorengordon) Fix winrepo command in windows pkg mgmt doc
• PR #28896: (rallytime) Back-port #28855 to 2015.8
• PR #28895: (rallytime) Back-port #28823 to 2015.8
• PR #28885: (kt97679) fix for: service.enabled fails on xen server #28754
• PR #28880: (terminalmage) Add "profile" loglevel
• PR #28882: (basepi) [2015.8] salt-ssh: Check return type to make sure it's an error
• PR #28867: (rallytime) [fx2 grains] Grains functions should return dictionaries
• PR #28863: (mhoogendoorn) Fix ebuild.install causing extra refresh_db calls.
• PR #28865: (jfindlay) add 2015.8.2 release notes
• PR #28730: (garethgreenaway) Fixes to how return_job is handled in the scheduler for the salt master.
• PR #28848: (cro) Lint
• PR #28842: (cachedout) Add transport setting to shell test
• PR #28837: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #28827: (jacksontj) Cleanup virtual_timer in loader
• PR #28836: (cachedout) Cast to dict to fix wheel tests in tcp
• PR #28834: (cachedout) Fix breakage in tcp server
• PR #28804: (cachedout) TCP test fixes
• PR #28826: (basepi) [2015.8] Add new tornado deps to salt-ssh thin
• PR #28759: (jfindlay) simplify stdin use of stdin in at.present state
• PR #28824: (rallytime) Back-port #28778 and #28820 to 2015.8
• PR #28803: (jfindlay) decode strings to utf-8
• PR #28782: (rallytime) Fixes to rabbitmq user state
• PR #28789: (nmadhok) Provide ability to enable/disable customization for newly create VMs using VMware
salt-cloud driver
• PR #28768: (mrosedale) 2015.8
• PR #28772: (rallytime) rabbitmq.list_user_permissions returns a dict, not a list. Don't expect a list.
• PR #28774: (rallytime) Back-port #28725 to 2015.8
• PR #28775: (rallytime) Back-port #28740 to 2015.8
• PR #28755: (rallytime) Move most vmware driver list_* functions to use salt.utils.vmware functions
• PR #28744: (jfindlay) import gate elementtree
• PR #28758: (jfindlay) remove redundant logic in useradd execution module
• PR #28757: (mbarrien) Bug fix: pip command to not quote spaces in cmd line args
• PR #28764: (multani) Various documentation fixes
• PR #28752: (aboe76) Update openSUSE grain for tumbleweed
• PR #28713: (hexedpackets) Rename consul.list to consul.list_keys.
• PR #28719: (jacobhammons) removed dependencies info from docs
• PR #28709: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #28710: (rallytime) Pass kwargs correctly to _get_group from get_group_id
• PR #28698: (rallytime) Back-port #28530 to 2015.8
• PR #28700: (rallytime) Back-port #28679 to 2015.8
• PR #28695: (s0undt3ch) [2015.8] Update to latest bootstrap script v2015.11.09
• PR #28656: (clarkperkins) #28526 fixed yumpkg module issue with pkg.installed
• PR #28672: (jfindlay) add OS grain support for SuSE Leap
• PR #28673: (jfindlay) add hidden_opts to mount.mounted
• PR #28667: (cro) saltutil.sync_all should sync proxymodules as well as the rest.
• PR #28665: (jfindlay) fixes to windows execution and state modules
• PR #28660: (techhat) Don't sign empty regions
• PR #28632: (terminalmage) Fixes/improvements to pkgbuild state/modules
• PR #28658: (techhat) Remove _pkgdb_fun() references
• PR #28653: (rallytime) Provide possible parameters for boto_rds.present engine values
• PR #28649: (bdrung) Fix OS related grains on Debian
• PR #28646: (rallytime) Back-port #28614 to 2015.8
• PR #28647: (rallytime) Back-port #28624 to 2015.8
• PR #28648: (rallytime) Merge branch '2015.5' into '2015.8'
• PR #28638: (anlutro) Salt-SSH: Return more concise error when SSH command fails
• PR #28644: (pass-by-value) Make sure versionchanged is correct
• PR #28615: (The-Loeki) Fixes to FreeBSD pkg
• PR #28613: (cachedout) Add facility to deepcopy bound methods in Py2.6 and apply to grains
• PR #28612: (rallytime) Remove unsupported storage_type argument for parity with boto_rds module
• PR #28611: (rallytime) [2015.8] Be explicit about salt.utils.vmware function calls
• PR #28610: (pass-by-value) Lxc config additions
• PR #28602: (nasenbaer13) Allow setting of custom dimensions in asg alarm specification
• PR #28596: (rallytime) Merge branch '2015.5' into '2015.8'
• PR #28593: (blueyed) doc: fix typo with salt.states.file: s/preseve/preserve/
• PR #28578: (twangboy) Fixed the script... something got broke...
• PR #28579: (jfindlay) fix __virtual__ returns: tls,uptime mods
• PR #28584: (rallytime) If AssociatePublicIpAddress is set to True, don't auto-assign eip.
• PR #28576: (jacksontj) Only encode the zmq message once
• PR #28587: (cachedout) Reset yaml rendering hooks to avoid leaks
• PR #28581: (basepi) Revert b4875e585a165482c4c1ddc8987d76b0a71ef1b0
• PR #28573: (jacksontj) Add body to salt.utils.http.query returns
• PR #28564: (s0undt3ch) [2015.8] Update to latest bootstrap script v2015.11.04
• PR #28561: (Oro) Issue #28527 boto_rds.create does not work
• PR #28560: (bdrung) Fix various typos
• PR #28550: (jfindlay) check timedatectl errno and return stdout on failure
• PR #28545: (jfindlay) pass on concurrent create of jid_dir in local_cache
• PR #28544: (rallytime) Start moving some vmware.py cloud funcs to utils/vmware.py
• PR #28543: (gtmanfred) clean up changes for pkg.uptodate and supervisord.dead
• PR #28538: (jfindlay) decode path and url to utf-8 in url.create
• PR #28533: (jfindlay) decode highstate error messages to utf-8
• PR #28547: (nmadhok) [Backport] [2015.8] Tasks can be in queued state instead of running
• PR #28535: (techhat) Fail gracefully if 169.254* isn't available
• PR #28536: (cro) Default configuration file for proxy minions.
• PR #28534: (rallytime) Add versionadded directive for vpc_name arg in boto_secgroup.present
• PR #28516: (rallytime) Back-port #28489 to 2015.8
• PR #28506: (basepi) [2015.8] Log minion list for all rosters, at debug level
• PR #28514: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #28502: (cachedout) Lint #28427
• PR #28464: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #28486: (rallytime) Back-port #26945 to 2015.8
• PR #28472: (gtmanfred) overwrite more than one value with names
• PR #28493: (rallytime) Back-port #28492 to 2015.8
• PR #28494: (whiteinge) Fix filter_by passing incorrect parameters to match functions
• PR #28491: (rallytime) Back-port #28388 to 2015.8
• PR #28465: (twangboy) Fix #12363: Password Expiration in Windows
• PR #28485: (nasenbaer13) Fix invalid usage of _get_conn causing #28484
• PR #28454: (sdm24) Fixed nodegroup doc formatting to correctly link to pillar_opts in the master config
• PR #28487: (cachedout) Lint 28456
• PR #28457: (sdm24) Clarified comments for grains/core.py for ip_interfaces, ip4_interfac…
• PR #28473: (anlutro) Show check_cmd output on failure
• PR #28460: (jtand) Skipped wipefs test if wipefs does not exist on OS
• PR #28426: (terminalmage) pkgbuild.built: make template engine optional
• PR #28422: (cachedout) Handle windows logging on thread_multi [WIP]
• PR #28425: (twangboy) Fix #13513 - Reflection
• PR #28417: (rallytime) Add note about azure sdk version to getting started docs
• PR #28410: (jacksontj) Add retries to the zeromq.AsyncReqMessageClient
• PR #28404: (rallytime) Back-port #28395 to 2015.8
• PR #28405: (opdude) Detect legacy versions of chocolatey correctly
• PR #28187: (sjansen) fix at.present
• PR #28375: (merll) Merge pillar includes correctly
• PR #28376: (ryan-lane) Support update of route53 records with multiple values
• PR #28377: (terminalmage) Deprecate 'always' in favor of 'force' in pkgbuild.built
• PR #28380: (cro) Add missing call for service provider
• PR #28348: (jfindlay) salt.utils.alias informs user they are using a renamed function
• PR #28364: (jtand) In CentOS 5 the .split() causes a stacktrace.
• PR #28361: (rallytime) Back-port #28087 to 2015.8
• PR #28360: (multani) Various documentation fixes
• PR #28370: (rallytime) Back-port #28276 to 2015.8
• PR #28353: (merll) Consider each pillar match only once.
• PR #28334: (anlutro) iptables needs -m comment for --comment to work
• PR #28340: (jfindlay) sdecode file and dir lists in fileclient
• PR #28344: (ryan-lane) Fix iptables state for non-filter tables
• PR #28343: (rallytime) Back-port #28342 to 2015.8
• PR #28330: (rallytime) Back-port #28305 to 2015.8
• PR #28270: (rallytime) Refactor RabbitMQ Plugin State to correctly use test=true and format errors
• PR #28269: (rallytime) Refactor rabbitmq_user state to use test=True correctly
• PR #28299: (rallytime) Add test for availability_zone check to boto_vpc_tests
• PR #28306: (sdm24) Updated the Nodegroup docs to include how to target nodegroups in SLS Jinja
• PR #28308: (rallytime) Firewalld state services should use --add-service, not --new-service
• PR #28302: (DmitryKuzmenko) Always close socket even if there is no stream.
• PR #28282: (keesbos) Fix for __env__ in legacy git_pillar
• PR #28258: (pass-by-value) Add service module for ssh proxy example
• PR #28294: (bechtoldt) correct a bad default value in http utility
• PR #28185: (jtand) Added single package return for latest_version, fixed other bug.
• PR #28297: (cachedout) Lint fix proxy junos
• PR #28210: (terminalmage) Fix for ext_pillar being compiled twice in legacy git_pillar code
• PR #28265: (jfindlay) fix blockdev execution and state modules
• PR #28266: (rallytime) Back-port #28260 to 2015.8
• PR #28253: (rallytime) Back-port #28063 to 2015.8
• PR #28231: (rallytime) Make sure we're compairing strings when getting images in the DO driver
• PR #28224: (techhat) Optimize create_repo for large packages
• PR #28214: (rallytime) Don't stacktrace if invalid credentials are passed to boto_route53 state
• PR #28228: (rallytime) Back-port #27562 to 2015.8
• PR #28232: (rallytime) Add documentation to supply the ssh_username: freebsd config to DO docs
• PR #28198: (jacobhammons) Added note regarding missing spm exe on Debian/Ubuntu
• PR #28182: (erchn) Some fixes for nova driver for Rackspace
• PR #28181: (rallytime) Revamp firewalld state to be more stateful.
• PR #28176: (cro) Add ping function
• PR #28167: (The-Loeki) file.serialize needs to add a final newline to serialized files
• PR #28168: (rallytime) Make sure availability zone gets passed in boto_vpc module when creating subnet
• PR #28148: (basepi) [2015.8] Only expand nodegroups to lists if there is a nested nodegroup
• PR #28155: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #28149: (pass-by-value) Add clarification to cloud profile doc about host
• PR #28146: (cachedout) Lint dracr.py
• PR #28141: (rallytime) Don't use RAM for root disk size in linode.py
• PR #28143: (jtand) Removed blank line at end of chassis.py
• PR #28021: (blueyed) Handle includes in include_config recursively
• PR #28095: (rallytime) Back-port #28001 to 2015.8
• PR #28096: (rallytime) Back-port #28061 to 2015.8
• PR #28139: (rallytime) Back-port #28103 to 2015.8
• PR #28098: (jacksontj) For all multi-part messages, check the headers. If the header is not …
• PR #28134: (bernieke) fix unicode pillar values #3436
• PR #28076: (redmcg) Replace option 'i' with an explicit queryformat
• PR #28119: (jacksontj) Check if the remote exists before casting to a string.
• PR #28105: (jfindlay) add reason for not loading localemod
• PR #28108: (cachedout) Set logfile permsissions correctly
• PR #27922: (cro) WIP States/Modules for managing Dell FX2 chassis via salt-proxy
• PR #28104: (pass-by-value) Add documentation for proxy minion ssh
• PR #28020: (DmitryKuzmenko) LazyLoader deepcopy fix.
• PR #27933: (eliasp) Provide all git pillar dirs in opts[pillar_roots]
• PR #28013: (rallytime) Back-port #27891 to 2015.8
• PR #28018: (rallytime) Add example to Writing Grains of how grains can be loaded twice
• PR #28084: (cachedout) #28069 with lint
• PR #28079: (The-Loeki) Fix for trace dump on failing imports for win32com & pythoncom 4 win_task
• PR #28081: (The-Loeki) fix for glance state trace error on import failure
• PR #28066: (jacksontj) Use the generic text attribute, not .body of the handler
• PR #28019: (rallytime) Clean up version added and deprecated msgs to be accurate
• PR #28058: (rallytime) Back-port #28041 to 2015.8
• PR #28055: (rallytime) Back-port #28043 to 2015.8
• PR #28046: (pass-by-value) Add pkg install and remove functions
• PR #28050: (ryan-lane) Use a better method for checking dynamodb table existence
• PR #28042: (jfindlay) fix repo path in ubuntu installation documentation
• PR #28033: (twangboy) Fixed win_useradd.py
• PR #28027: (cro) Make ssh conn persistent.
• PR #28029: (jacobhammons) Updated release notes with additional CVE information
• PR #28022: (jacobhammons) Updated Debian and Ubuntu repo paths with new structure for 2015.8.1
• PR #27983: (rallytime) Pip state run result should be False, not None, if installation error occurs.
• PR #27991: (twangboy) Fix for #20678
• PR #27997: (rallytime) Remove note about pip bug with pip v1 vs pip v2 return codes
• PR #27994: (jtand) Fix schedule_test failure
• PR #27992: (cachedout) Make load beacon config into list
• PR #28003: (twangboy) Fix #26336
• PR #27984: (rallytime) Versionadded for clean_file option for pkgrepo
• PR #27989: (ryan-lane) Do not try to remove the main route table association
• PR #27982: (pass-by-value) Add example for salt-proxy over SSH
• PR #27985: (jacobhammons) Changed current release to 8.1 and added CVEs to release notes
• PR #27979: (cachedout) Fix regression with key whitespace
• PR #27977: (cachedout) Decode unicode names in fileclient/server
• PR #27981: (jtand) Fixed trailing whitespace lint
• PR #27969: (jeffreyctang) fix parse of { on next line
• PR #27978: (terminalmage) Add note about dockerng.inspect_image usage
• PR #27955: (pass-by-value) Bp 27868
• PR #27953: (The-Loeki) Fix CloudStack cloud for new 'driver' syntax
• PR #27965: (ryan-lane) Fail in boto_asg.present if alarms fail
• PR #27958: (twangboy) Added new functionality to win_task.py
• PR #27959: (techhat) Change __opts__ to self.opts
• PR #27943: (rallytime) Back-port #27910 to 2015.8
• PR #27944: (rallytime) Back-port #27909 to 2015.8
• PR #27946: (jtand) Changed grain to look at osmajorrelease instead of osrelease
• PR #27914: (rallytime) Use eipalloc instead of eni in EC2 interface properties example
• PR #27926: (rallytime) Back-port #27905 to 2015.8
• PR #27927: (ryan-lane) Do not manage ingress or egress rules if set to None
• PR #27928: (rallytime) Back-port #27908 to 2015.8
• PR #27676: (ticosax) [dockerng] WIP No more runtime args passed to docker.start()
• PR #27885: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #27882: (twangboy) Created win_task.py module
• PR #27802: (terminalmage) Correct warning logging when update lock is present for git_pillar/winrepo,
add runner function for clearing git_pillar/winrepo locks
• PR #27886: (rallytime) Handle group lists as well as comma-separated group strings.
• PR #27746: (anlutro) timezone module: handle timedatectl errors
• PR #27816: (anlutro) Make system.reboot use shutdown -r when available
• PR #27874: (rallytime) Add mention of Periodic Table naming scheme to deprecation docs
• PR #27883: (terminalmage) Work around --is-ancestor not being present in git-merge-base before git
1.8.0
• PR #27877: (rallytime) Back-port #27774 to 2015.8
• PR #27878: (rallytime) Use apache2ctl binary on SUSE in apache module
• PR #27879: (cro) Add docs for 2015.8.2+ changes to proxies
• PR #27731: (cro) Add __proxy__ to replace opts['proxymodule']
• PR #27745: (anlutro) Add pip_upgrade arg to virtualenv.managed state
• PR #27809: (ticosax) [dockerng] Remove dockerng.ps caching
• PR #27859: (ticosax) [dockerng] Clarify doc port bindings
• PR #27748: (multani) Fix #8646
• PR #27850: (rallytime) Back-port #27722 to 2015.8
• PR #27851: (rallytime) Back-port #27771 to 2015.8
• PR #27833: (jfindlay) decode path before string ops in fileclient
• PR #27837: (jfindlay) reverse truth in python_shell documentation
• PR #27860: (flavio) Fix OS related grains on openSUSE and SUSE Linux Enterprise
• PR #27768: (rallytime) Clean up bootstrap function to be slightly cleaner
• PR #27797: (isbm) Zypper module clusterfix
• PR #27849: (rallytime) Don't require a size parameter for proxmox profiles
• PR #27827: (techhat) Add additional error checking to SPM
• PR #27826: (martinhoefling) Fixes #27825
• PR #27824: (techhat) Update Azure errors
• PR #27795: (eguven) better change reporting for postgres_user groups
• PR #27799: (terminalmage) Fix usage of identity file in git.latest
• PR #27717: (pass-by-value) Proxy beacon example
• PR #27793: (anlutro) update code that changes log level of salt-ssh shim command
• PR #27761: (terminalmage) Merge git pillar data instead of using dict.update()
• PR #27741: (ticosax) [dockerng] pass filters argument to dockerng.ps
• PR #27760: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #27757: (jfindlay) fix virtual fcn return doc indentation
• PR #27754: (rallytime) Change test.nop version directive to 2015.8.1
• PR #27734: (jacobhammons) Updated saltstack2 theme to add SaltConf16 banner
• PR #27727: (rallytime) Merge #27719 w/pylint fix
• PR #27724: (jfindlay) update __virtual__ return documentation
• PR #27725: (basepi) Fix global injection for state cross calls
• PR #27628: (ticosax) [dockerng] Add support of labels parameter for dockerng
• PR #27704: (jacobhammons) Update compound matcher docs to clarify the usage of alternate delimi…
• PR #27705: (rallytime) Merge #27602 with final pylint fix
• PR #27691: (notpeter) Faster timeout (3s vs 2min) for instance metadata lookups. #13850.
• PR #27696: (blueyed) loader.proxy: call _modules_dirs only once
• PR #27630: (ticosax) Expose container_id in mine.get_docker
• PR #27600: (blueyed) dockerng: use docker.version=auto by default
• PR #27689: (rallytime) Merge #27448 with test fixes
• PR #27693: (jacobhammons) initial engines topic, updates to windows repo docs
• PR #27601: (blueyed) dockerng: handle None in container.Names
• PR #27596: (blueyed) gitfs: fix UnboundLocalError for 'msg'
• PR #27651: (eliasp) Check for existence of 'subnetId' key in subnet dict
• PR #27639: (rallytime) Docement version added for new artifactory options
• PR #27677: (rallytime) Back-port #27675 to 2015.8
• PR #27637: (rallytime) Back-port #27604 to 2015.8
• PR #27657: (garethgreenaway) Fix to pkg state module
• PR #27632: (rallytime) Back-port #27539 to 2015.8
• PR #27633: (rallytime) Back-port #27559 to 2015.8
• PR #27579: (rallytime) Change boto_route53 region default to 'universal' to avoid problems with boto
library
• PR #27581: (tkwilliams) Add support for 'vpc_name' tag in boto_secgroup module and state
• PR #27624: (nasenbaer13) Wait for sync is not passed to boto_route53 state
• PR #27614: (blueyed) doc: minor fixes to doc and comments
• PR #27627: (eyj) Fix crash in boto_asg.get_instances if the requested attribute is None
• PR #27616: (jacobhammons) Updated windows software repository docs
• PR #27569: (lomeroe) boto_vpc.get_subnet_association now returns a dict w/key of vpc_id, a…
• PR #27567: (whiteinge) Use getattr to fetch psutil.version_info
• PR #27583: (tkwilliams) Fixup zypper module
• PR #27597: (blueyed) gitfs: remove unused variable "bad_per_remote_conf"
• PR #27585: (ryan-lane) Fix undefined variable in cron state module
Salt 2015.8.4 Release Notes
Known Issues
in_ requisites (issue 30820)
This issue affects all users targeting an explicit - name: <name> with a _in requisite (such as watch_in
or require_in). If you are not using explicit - name: <name> arguments, are targeting with the state ID
instead of the name, or are not using _in requisites, then you should be safe to upgrade to 2015.8.4.
This issue is resolved in the 2015.8.5 release.
Security Fix
CVE-2016-1866: Improper handling of clear messages on the minion, which could result in executing
commands not sent by the master.
This issue affects only the 2015.8.x releases of Salt. In order for an attacker to use this attack
vector, they would have to execute a successful attack on an existing TCP connection between minion and
master on the pub port. It does not allow an external attacker to obtain the shared secret or decrypt any
encrypted traffic between minion and master. Thank you to Sebastian Krahmer <krahmer@suse.com> for
bringing this issue to our attention.
We recommend everyone upgrade to 2015.8.4 as soon as possible.
Core Changes
• PR #28994: timcharper Salt S3 module has learned how to assume IAM roles
• Added option mock=True for state.sls and state.highstate. This allows the salt state compiler to
process sls data in a state run without actually calling the state functions, thus providing feedback
on the validity of the arguments used for the functions beyond the preprocessing validation provided by
state.show_sls (issue 30118 and issue 30189).
salt '*' state.sls core,edit.vim mock=True
salt '*' state.highstate mock=True
salt '*' state.apply edit.vim mock=True
Changes for v2015.8.3..v2015.8.4
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-01-25T17:48:35Z
Total Merges: 320
Changes:
• PR #30613: (basepi) Fix minion/syndic clearfuncs
• PR #30609: (seanjnkns) Fix documentation for pillar_merge_lists which default is False, not …
• PR #30584: (julianbrost) file.line state: add missing colon in docstring
• PR #30589: (terminalmage) Merge 2015.5 into 2015.8
• PR #30599: (multani) Documentation formatting fixes
• PR #30554: (rallytime) Make the salt-cloud actions output more verbose and helpful
• PR #30549: (techhat) Salt Virt cleanup
• PR #30553: (techhat) AWS: Support 17-character IDs
• PR #30532: (whiteinge) Add execution module for working in sls files
• PR #30529: (terminalmage) Merge 2015.5 into 2015.8
• PR #30526: (twangboy) Added FlushKey to make sure it's changes are saved to disk
• PR #30521: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #30485: (jtand) Updated pip_state to work with pip 8.0 on 2015.8
• PR #30494: (isbm) Zypper: info_installed — 'errors' flag change to type 'boolean'
• PR #30506: (jacksontj) Properly remove newlines after reading the file
• PR #30508: (rallytime) Fix Linode driver cloning functionality
• PR #30522: (terminalmage) Update git.list_worktree tests to reflect new return data
• PR #30483: (borgstrom) Pyobjects recursive import support (for 2015.8)
• PR #30491: (jacksontj) Add multi-IP support to network state
• PR #30496: (anlutro) Fix KeyError when adding ignored pillars
• PR #30359: (kingsquirrel152) Removes suspected copy/paste error for zmq_filtering functionailty
• PR #30448: (cournape) Fix osx scripts location
• PR #30457: (rallytime) Remove fsutils references from modules list
• PR #30453: (rallytime) Make sure private AND public IPs are listed for Linode driver
• PR #30458: (rallytime) Back-port #30062 to 2015.8
• PR #30468: (timcharper) make note of s3 role assumption in upcoming changelog
• PR #30470: (whiteinge) Add example of the match_dict format to accept_dict wheel function
• PR #30450: (gtmanfred) fix extension loading in novaclient
• PR #30212: (abednarik) Fix incorrect file permissions in file.line
• PR #29947: (jfindlay) fileclient: decode file list from master
• PR #30363: (terminalmage) Use native "list" subcommand to list git worktrees
• PR #30445: (jtand) Boto uses False for is_default instead of None
• PR #30406: (frioux) Add an example of how to use file.managed/check_cmd
• PR #30424: (isbm) Check if byte strings are properly encoded in UTF-8
• PR #30405: (jtand) Updated glusterfs.py for python2.6 compatibility.
• PR #30396: (pass-by-value) Remove hardcoded val
• PR #30391: (jtand) Added else statements
• PR #30375: (rallytime) Wrap formatted log statements with six.u() in cloud/__init__.py
• PR #30384: (isbm) Bugfix: info_available does not work correctly on SLE 11 series
• PR #30376: (pritambaral) Fix FLO_DIR path in 2015.8
• PR #30389: (jtand) Older versions of ipset don't support comments
• PR #30373: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #30372: (jacobhammons) Updated man pages for 2015.8.4, updated copyright to 2016
• PR #30370: (rallytime) Remove incomplete function
• PR #30366: (rallytime) Back-port #28702 to 2015.8
• PR #30361: (cro) Flip the sense of the test for proxymodule imports, add more fns for esxi proxy
• PR #30267: (isbm) Fix RPM issues with the date/time and add package attributes filtering
• PR #30360: (jfindlay) file.remove, file.absent: mention recursive dir removal
• PR #30221: (mbarrien) No rolcatupdate for user_exist in Postgres>=9.5 #26845
• PR #30358: (terminalmage) Add libgit2 version to versions-report
• PR #30346: (pass-by-value) Prevent orphaned volumes
• PR #30349: (rallytime) Back-port #30347 to 2015.8
• PR #30354: (anlutro) Make sure all ignore_missing SLSes are caught
• PR #30356: (nmadhok) Adding code author
• PR #30340: (jtand) Updated seed_test.py for changes made to seed module
• PR #30339: (jfindlay) Backport #26511
• PR #30343: (rallytime) Fix 2015.8 from incomplete back-port
• PR #30342: (eliasp) Correct whitespace placement in error message
• PR #30308: (rallytime) Back-port #30257 to 2015.8
• PR #30187: (rallytime) Back-port #27606 to 2015.8
• PR #30223: (serge-p) adding support for DragonFly BSD
• PR #30238: (rallytime) Reinit crypto before calling RSA.generate when generating keys.
• PR #30246: (dmacvicar) Add missing return data to scheduled jobs (#24237)
• PR #30292: (thegoodduke) ipset: fix test=true & add comment for every entry
• PR #30275: (abednarik) Add permanent argument in firewalld.
• PR #30328: (cachedout) Fix file test
• PR #30310: (pass-by-value) Empty bucket fix
• PR #30211: (techhat) Execute choot on the correct path
• PR #30309: (rallytime) Back-port #30304 to 2015.8
• PR #30278: (nmadhok) If datacenter is specified in the config, then look for managed objects under it
• PR #30305: (jacobhammons) Changed examples to use the "example.com" domain instead of "mycompan…
• PR #30249: (mpreziuso) Fixes performance and timeout issues on win_pkg.install
• PR #30217: (pass-by-value) Make sure cloud actions can be called via salt run
• PR #30268: (terminalmage) Optimize file_tree ext_pillar and update file.managed to allow for binary
contents
• PR #30245: (rallytime) Boto secgroup/iam_role: Add note stating us-east-1 is default region
• PR #30299: (rallytime) ESXi Proxy minions states are located at salt.states.esxi, not vsphere.
• PR #30202: (opdude) Fixed the periodic call to beacons
• PR #30303: (jacobhammons) Changed notes to indicate that functions are matched using regular ex…
• PR #30284: (terminalmage) salt.utils.gitfs: Fix Dulwich env detection and submodule handling
• PR #30280: (jfindlay) add state mocking to release notes
• PR #30273: (rallytime) Back-port #30121 to 2015.8
• PR #30301: (cachedout) Accept whatever comes into hightstate mock for state tests
• PR #30282: (cachedout) Fix file.append logic
• PR #30289: (cro) Fix problems with targeting proxies by grains
• PR #30293: (cro) Ensure we don't log stuff we shouldn't
• PR #30279: (cachedout) Allow modules to be packed into boto utils
• PR #30186: (rallytime) Update CLI Examples in boto_ec2 module to reflect correct arg/kwarg positioning
• PR #30156: (abednarik) Add option in file.append to ignore_whitespace.
• PR #30189: (rallytime) Back-port #30185 to 2015.8
• PR #30215: (jacobhammons) Assorted doc bug fixes
• PR #30206: (cachedout) Revert "Fix incorrect file permissions in file.line"
• PR #30190: (jacobhammons) Updated doc site banners
• PR #30180: (jfindlay) modules.x509._dec2hex: add fmt index for 2.6 compat
• PR #30179: (terminalmage) Backport #26962 to 2015.8 branch
• PR #29693: (abednarik) Handle missing source file in ssh_auth.
• PR #30155: (rallytime) Update boto_secgroup and boto_iam_role docs to only use region OR profile
• PR #30158: (rallytime) Move _option(value) calls to __salt__['config.option'] in boto utils
• PR #30160: (dmurphy18) Fix parsing disk usage for line with no number and AIX values in Kilos
• PR #30162: (rallytime) Update list_present and append grains state function docs to be more clear.
• PR #30163: (rallytime) Add warning about using "=" in file.line function
• PR #30164: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #30168: (abednarik) Fix incorrect file permissions in file.line
• PR #30154: (Oro) Fix file serialize on windows
• PR #30144: (rallytime) Added generic ESXCLI command ability to ESXi Proxy Minion
• PR #30142: (terminalmage) Fix dockerng.push, and allow for multiple images
• PR #30075: (joejulian) Convert glusterfs module to use xml
• PR #30129: (optix2000) Clean up _uptodate() in git state
• PR #30139: (rallytime) Back-port #29589 to 2015.8
• PR #30124: (abednarik) Update regex to detect ip alias in OpenBSD.
• PR #30133: (stanislavb) Fix typo in gpgkey URL
• PR #30126: (stanislavb) Log S3 API error message
• PR #30128: (oeuftete) Log retryable transport errors as warnings
• PR #30096: (cachedout) Add rm_special to crontab module
• PR #30106: (techhat) Ensure last dir
• PR #30101: (gtmanfred) fix bug where nova driver exits with no adminPass
• PR #30090: (techhat) Add argument to isdir()
• PR #30094: (rallytime) Fix doc formatting for cloud.create example in module.py state
• PR #30095: (rallytime) Add the list_nodes_select function to linode driver
• PR #30082: (abednarik) Fixed saltversioninfo grain return
• PR #30084: (rallytime) Back-port #29987 to 2015.8
• PR #30071: (rallytime) Merge branch '2015.5' into '2015.8'
• PR #30067: (ryan-lane) Pass in kwargs to boto_secgroup.convert_to_group_ids explicitly
• PR #30069: (techhat) Ensure that pki_dir exists
• PR #30064: (rallytime) Add Syndic documentation to miscellaneous Salt Cloud config options
• PR #30049: (rallytime) Add some more unit tests for the vsphere execution module
• PR #30060: (rallytime) Back-port #27104 to 2015.8
• PR #30048: (jacobhammons) Remove internal APIs from rest_cherrypy docs.
• PR #30043: (rallytime) Be explicit about importing from salt.utils.jinja to avoid circular imports
• PR #30038: (rallytime) Back-port #30017 to 2015.8
• PR #30036: (rallytime) Back-port #29995 to 2015.8
• PR #30035: (rallytime) Back-port #29895 to 2015.8
• PR #30034: (rallytime) Back-port #29893 to 2015.8
• PR #30033: (rallytime) Back-port #29876 to 2015.8
• PR #30029: (terminalmage) git.latest: Fix handling of nonexistent branches
• PR #30016: (anlutro) Properly normalize locales in locale.gen_locale
• PR #30015: (anlutro) locale module: don't escape the slash in \n
• PR #30022: (gqgunhed) Two minor typos fixed
• PR #30026: (anlutro) states.at: fix wrong variable being used
• PR #29966: (multani) Fix bigip state/module documentation + serializers documentation
• PR #29904: (twangboy) Improvements to osx packaging scripts
• PR #29950: (multani) boto_iam: fix deletion of IAM users when using delete_keys=true
• PR #29937: (multani) Fix states.boto_iam group users
• PR #29934: (multani) Fix state.boto_iam virtual name
• PR #29943: (cachedout) Check args correctly in boto_rds
• PR #29924: (gqgunhed) fixed: uptime now working on non-US Windows
• PR #29883: (serge-p) fix for nfs mounts in _active_mounts_openbsd()
• PR #29894: (techhat) Support Saltfile in SPM
• PR #29856: (rallytime) Added some initial unit tests for the salt.modules.vsphere.py file
• PR #29855: (rallytime) Back-port #29740 to 2015.8
• PR #29890: (multani) Various documentation fixes
• PR #29850: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #29811: (anlutro) influxdb: add retention policy module functions
• PR #29814: (basepi) [2015.8][Windows] Fix multi-master on windows
• PR #29819: (rallytime) Add esxi module and state to docs build
• PR #29832: (jleimbach) Fixed typo in order to use the keyboard module for RHEL without systemd
• PR #29803: (rallytime) Add vSphere module to doc ref module tree
• PR #29767: (abednarik) Hosts file update in mod_hostname.
• PR #29772: (terminalmage) pygit2: skip submodules when traversing tree
• PR #29765: (gtmanfred) allow nova driver to be boot from volume
• PR #29773: (l2ol33rt) Append missing wget in debian installation guide
• PR #29800: (rallytime) Back-port #29769 to 2015.8
• PR #29775: (paulnivin) Change listen requisite resolution from name to ID declaration
• PR #29754: (rallytime) Back-port #29719 to 2015.8
• PR #29713: (The-Loeki) Pillar-based cloud providers still forcing use of deprecated 'provider'
• PR #29729: (rallytime) Further clarifications on "unless" and "onlyif" requisites.
• PR #29737: (akissa) fix pillar sqlite3 documentation examples
• PR #29743: (akissa) fix pillar sqlite not honouring config options
• PR #29723: (rallytime) Clarify db_user and db_password kwargs for postgres_user.present state function
• PR #29722: (rallytime) Link "stateful" kwargs to definition of what "stateful" means for cmd state.
• PR #29724: (rallytime) Add examples of using multiple matching levels to Pillar docs
• PR #29726: (cachedout) Disable some boto tests per resolution of moto issue
• PR #29708: (lagesag) Fix test=True for file.directory with recurse ignore_files/ignore_dirs.
• PR #29642: (cachedout) Correctly restart daemonized minions on failure
• PR #29599: (cachedout) Clean up minion shutdown
• PR #29675: (clinta) allow returning all refs
• PR #29683: (rallytime) Catch more specific error to pass the error message through elegantly.
• PR #29687: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #29681: (clinta) fix bare/mirror in git.latest
• PR #29644: (rallytime) Fixed a couple more ESXi proxy minion bugs
• PR #29645: (rallytime) Back-port #29558 to 2015.8
• PR #29632: (jfindlay) reduce severity of tls module __virtual__ logging
• PR #29606: (abednarik) Fixed duplicate mtu entry in RedHat 7 network configuration.
• PR #29613: (rallytime) Various ESXi Proxy Minion Bug Fixes
• PR #29628: (DmitryKuzmenko) Don't create io_loop before fork
• PR #29609: (basepi) [2015.8][salt-ssh] Add ability to set salt-ssh command umask in roster
• PR #29603: (basepi) Fix orchestration failure-checking
• PR #29597: (terminalmage) dockerng: Prevent exception when API response contains empty dictionary
• PR #29596: (rallytime) Back-port #29587 to 2015.8
• PR #29588: (rallytime) Added ESXi Proxy Minion Tutorial
• PR #29572: (gtmanfred) [nova] use old discover_extensions if available
• PR #29545: (terminalmage) git.latest: init submodules if not yet initialized
• PR #29548: (rallytime) Back-port #29449 to 2015.8
• PR #29547: (rallytime) Refactored ESXCLI-based functions to accept a list of esxi_hosts
• PR #29563: (anlutro) Fix a call to deprecated method in python-influxdb
• PR #29565: (bdrung) Fix typos and missing release note
• PR #29540: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #29499: (rallytime) Initial commit of ESXi Proxy Minion
• PR #29526: (jfindlay) 2015.8.2 notes: add note about not being released
• PR #29531: (jfindlay) grains.core: handle undefined variable
• PR #29538: (basepi) [2015.8] [salt-ssh] Remove umask around actual execution for salt-ssh
• PR #29505: (rallytime) Update boto_rds state docs to include funky yaml syntax for "tags" option.
• PR #29513: (bdrung) Drop obsolete syslog.target from systemd services
• PR #29500: (rallytime) Back-port #29467 to 2015.8
• PR #29463: (abednarik) Add
**
kwargs to debconf.set.
• PR #29399: (jfindlay) modules.status: add human_readable option to uptime
• PR #29433: (cro) Files for building .pkg files for MacOS X
• PR #29455: (jfindlay) modules.nova.__init__: do not return None
• PR #29454: (jfindlay) rh_service module __virtual__ return error messages
• PR #29476: (tbaker57) Doc fix - route_table_present needs subnet_names (not subnets) as a key
• PR #29487: (rallytime) Back-port #29450 to 2015.8
• PR #29441: (rallytime) Make sure docs line up with blade_idrac function specs
• PR #29440: (rallytime) Back-port #28925 to 2015.8
• PR #29435: (galet) Grains return wrong OS version and other OS related values for Oracle Linux
• PR #29430: (rall0r) Fix host.present state limitation
• PR #29417: (jacobhammons) Repo install updates
• PR #29402: (techhat) Add rate limiting to linode
• PR #29400: (twangboy) Fix #19332
• PR #29398: (cachedout) Lint 29288
• PR #29331: (DmitryKuzmenko) Bugfix - #29116 raet dns error
• PR #29390: (jacobhammons) updated version numbers in documentation
• PR #29381: (nmadhok) No need to deepcopy since six.iterkeys() creates a copy
• PR #29349: (cro) Fix mis-setting chassis names
• PR #29334: (rallytime) Back-port #29237 to 2015.8
• PR #29300: (ticosax) [dockerng] Add support for volume management in dockerng
• PR #29218: (clan) check service enable state in test mode
• PR #29315: (jfindlay) dev tutorial doc: fix markup errors
• PR #29317: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #29240: (clan) handle acl_type [[d]efault:][user|group|mask|other]
• PR #29305: (lorengordon) Add 'file' as a source_hash proto
• PR #29272: (jfindlay) win_status module: handle 12 hour time in uptime
• PR #29289: (terminalmage) file.managed: Allow local file sources to use source_hash
• PR #29264: (anlutro) Prevent ssh_auth.absent from running when test=True
• PR #29277: (terminalmage) Update git_pillar runner to support new git ext_pillar config schema
• PR #29283: (cachedout) Single-quotes and use format
• PR #29139: (thomaso-mirodin) [salt-ssh] Add a range roster and range targeting options for the flat
roster
• PR #29282: (cachedout) dev docs: add development tutorial
• PR #28994: (timcharper) add support to s3 for aws role assumption
• PR #29278: (techhat) Add verify_log to SPM
• PR #29067: (jacksontj) Fix infinite recursion in state compiler for prereq of SLSs
• PR #29207: (jfindlay) do not shadow ret function argument
• PR #29215: (rallytime) Back-port #29192 to 2015.8
• PR #29217: (clan) show duration only if state_output_profile is False
• PR #29221: (ticosax) [dokcerng] Docu network mode
• PR #29269: (jfindlay) win_status module: fix function names in docs
• PR #29213: (rallytime) Move _wait_for_task func from vmware cloud to vmware utils
• PR #29271: (techhat) Pass full path for digest (SPM)
• PR #29244: (isbm) List products consistently across all SLES systems
• PR #29255: (garethgreenaway) fixes to consul module
• PR #29208: (whytewolf) Glance more profile errors
• PR #29200: (jfindlay) mount state: unmount by device is optional
• PR #29205: (trevor-h) Fixes #29187 - using winrm on EC2
• PR #29170: (cachedout) Migrate pydsl tests to integration test suite
• PR #29198: (jfindlay) rh_ip module: only set the mtu once
• PR #29135: (jfindlay) ssh_known_hosts.present state: catch not found exc
• PR #29196: (s0undt3ch) We need novaclient imported to compare versions
• PR #29059: (terminalmage) Work around upstream pygit2 bug
• PR #29112: (eliasp) Prevent backtrace (KeyError) in ssh_known_hosts.present state
• PR #29178: (whytewolf) Profile not being passed to keystone.endpoint_get in _auth. so if a p…
Salt 2015.8.5 Release Notes
About this Release
Salt 2015.8.5 is identical to the 2015.8.4 release with the addition of a fix for issue 30820,
fixed by PR #30833. For convenience, the content from the 2015.8.4 release notes is included
below.
Known Issue in boto_* execution modules
This release contains an issue that causes the boto_* execution modules to display a __salt__ not defined
error (issue 30300). This issue will be fixed in an upcoming release, but can be manually resolved by
completing the following:
1. Download the boto_* execution modules that you would like to update from the 2015.8 branch of Salt. A
complete list of affected modules with the specific changes is available in PR #30867.
A simple way to get the updated modules is to download a zip file of the 2015.8 branch from GitHub.
The updated modules are in the salt\modules directory.
2. Copy the boto_* modules to the \srv\salt\_modules directory on your Salt master.
3. Run the following command to sync these modules to all Salt minions:
salt '*' saltutil.sync_modules
----
2015.8.4 Release Notes
Security Fix
CVE-2016-1866: Improper handling of clear messages on the minion, which could result in executing
commands not sent by the master.
This issue affects only the 2015.8.x releases of Salt. In order for an attacker to use this attack
vector, they would have to execute a successful attack on an existing TCP connection between minion and
master on the pub port. It does not allow an external attacker to obtain the shared secret or decrypt any
encrypted traffic between minion and master. Thank you to Sebastian Krahmer <krahmer@suse.com> for
bringing this issue to our attention.
We recommend everyone upgrade to 2015.8.4 as soon as possible.
Core Changes
• PR #28994: timcharper Salt S3 module has learned how to assume IAM roles
• Added option mock=True for state.sls and state.highstate. This allows the salt state compiler to
process sls data in a state run without actually calling the state functions, thus providing feedback
on the validity of the arguments used for the functions beyond the preprocessing validation provided by
state.show_sls (issue 30118 and issue 30189).
salt '*' state.sls core,edit.vim mock=True
salt '*' state.highstate mock=True
salt '*' state.apply edit.vim mock=True
Changes for v2015.8.3..v2015.8.4
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-01-25T17:48:35Z
Total Merges: 320
Changes:
• PR #30613: (basepi) Fix minion/syndic clearfuncs
• PR #30609: (seanjnkns) Fix documentation for pillar_merge_lists which default is False, not …
• PR #30584: (julianbrost) file.line state: add missing colon in docstring
• PR #30589: (terminalmage) Merge 2015.5 into 2015.8
• PR #30599: (multani) Documentation formatting fixes
• PR #30554: (rallytime) Make the salt-cloud actions output more verbose and helpful
• PR #30549: (techhat) Salt Virt cleanup
• PR #30553: (techhat) AWS: Support 17-character IDs
• PR #30532: (whiteinge) Add execution module for working in sls files
• PR #30529: (terminalmage) Merge 2015.5 into 2015.8
• PR #30526: (twangboy) Added FlushKey to make sure it's changes are saved to disk
• PR #30521: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #30485: (jtand) Updated pip_state to work with pip 8.0 on 2015.8
• PR #30494: (isbm) Zypper: info_installed — 'errors' flag change to type 'boolean'
• PR #30506: (jacksontj) Properly remove newlines after reading the file
• PR #30508: (rallytime) Fix Linode driver cloning functionality
• PR #30522: (terminalmage) Update git.list_worktree tests to reflect new return data
• PR #30483: (borgstrom) Pyobjects recursive import support (for 2015.8)
• PR #30491: (jacksontj) Add multi-IP support to network state
• PR #30496: (anlutro) Fix KeyError when adding ignored pillars
• PR #30359: (kingsquirrel152) Removes suspected copy/paste error for zmq_filtering functionailty
• PR #30448: (cournape) Fix osx scripts location
• PR #30457: (rallytime) Remove fsutils references from modules list
• PR #30453: (rallytime) Make sure private AND public IPs are listed for Linode driver
• PR #30458: (rallytime) Back-port #30062 to 2015.8
• PR #30468: (timcharper) make note of s3 role assumption in upcoming changelog
• PR #30470: (whiteinge) Add example of the match_dict format to accept_dict wheel function
• PR #30450: (gtmanfred) fix extension loading in novaclient
• PR #30212: (abednarik) Fix incorrect file permissions in file.line
• PR #29947: (jfindlay) fileclient: decode file list from master
• PR #30363: (terminalmage) Use native "list" subcommand to list git worktrees
• PR #30445: (jtand) Boto uses False for is_default instead of None
• PR #30406: (frioux) Add an example of how to use file.managed/check_cmd
• PR #30424: (isbm) Check if byte strings are properly encoded in UTF-8
• PR #30405: (jtand) Updated glusterfs.py for python2.6 compatibility.
• PR #30396: (pass-by-value) Remove hardcoded val
• PR #30391: (jtand) Added else statements
• PR #30375: (rallytime) Wrap formatted log statements with six.u() in cloud/__init__.py
• PR #30384: (isbm) Bugfix: info_available does not work correctly on SLE 11 series
• PR #30376: (pritambaral) Fix FLO_DIR path in 2015.8
• PR #30389: (jtand) Older versions of ipset don't support comments
• PR #30373: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #30372: (jacobhammons) Updated man pages for 2015.8.4, updated copyright to 2016
• PR #30370: (rallytime) Remove incomplete function
• PR #30366: (rallytime) Back-port #28702 to 2015.8
• PR #30361: (cro) Flip the sense of the test for proxymodule imports, add more fns for esxi proxy
• PR #30267: (isbm) Fix RPM issues with the date/time and add package attributes filtering
• PR #30360: (jfindlay) file.remove, file.absent: mention recursive dir removal
• PR #30221: (mbarrien) No rolcatupdate for user_exist in Postgres>=9.5 #26845
• PR #30358: (terminalmage) Add libgit2 version to versions-report
• PR #30346: (pass-by-value) Prevent orphaned volumes
• PR #30349: (rallytime) Back-port #30347 to 2015.8
• PR #30354: (anlutro) Make sure all ignore_missing SLSes are caught
• PR #30356: (nmadhok) Adding code author
• PR #30340: (jtand) Updated seed_test.py for changes made to seed module
• PR #30339: (jfindlay) Backport #26511
• PR #30343: (rallytime) Fix 2015.8 from incomplete back-port
• PR #30342: (eliasp) Correct whitespace placement in error message
• PR #30308: (rallytime) Back-port #30257 to 2015.8
• PR #30187: (rallytime) Back-port #27606 to 2015.8
• PR #30223: (serge-p) adding support for DragonFly BSD
• PR #30238: (rallytime) Reinit crypto before calling RSA.generate when generating keys.
• PR #30246: (dmacvicar) Add missing return data to scheduled jobs (#24237)
• PR #30292: (thegoodduke) ipset: fix test=true & add comment for every entry
• PR #30275: (abednarik) Add permanent argument in firewalld.
• PR #30328: (cachedout) Fix file test
• PR #30310: (pass-by-value) Empty bucket fix
• PR #30211: (techhat) Execute choot on the correct path
• PR #30309: (rallytime) Back-port #30304 to 2015.8
• PR #30278: (nmadhok) If datacenter is specified in the config, then look for managed objects under it
• PR #30305: (jacobhammons) Changed examples to use the "example.com" domain instead of "mycompan…
• PR #30249: (mpreziuso) Fixes performance and timeout issues on win_pkg.install
• PR #30217: (pass-by-value) Make sure cloud actions can be called via salt run
• PR #30268: (terminalmage) Optimize file_tree ext_pillar and update file.managed to allow for binary
contents
• PR #30245: (rallytime) Boto secgroup/iam_role: Add note stating us-east-1 is default region
• PR #30299: (rallytime) ESXi Proxy minions states are located at salt.states.esxi, not vsphere.
• PR #30202: (opdude) Fixed the periodic call to beacons
• PR #30303: (jacobhammons) Changed notes to indicate that functions are matched using regular ex…
• PR #30284: (terminalmage) salt.utils.gitfs: Fix Dulwich env detection and submodule handling
• PR #30280: (jfindlay) add state mocking to release notes
• PR #30273: (rallytime) Back-port #30121 to 2015.8
• PR #30301: (cachedout) Accept whatever comes into hightstate mock for state tests
• PR #30282: (cachedout) Fix file.append logic
• PR #30289: (cro) Fix problems with targeting proxies by grains
• PR #30293: (cro) Ensure we don't log stuff we shouldn't
• PR #30279: (cachedout) Allow modules to be packed into boto utils
• PR #30186: (rallytime) Update CLI Examples in boto_ec2 module to reflect correct arg/kwarg positioning
• PR #30156: (abednarik) Add option in file.append to ignore_whitespace.
• PR #30189: (rallytime) Back-port #30185 to 2015.8
• PR #30215: (jacobhammons) Assorted doc bug fixes
• PR #30206: (cachedout) Revert "Fix incorrect file permissions in file.line"
• PR #30190: (jacobhammons) Updated doc site banners
• PR #30180: (jfindlay) modules.x509._dec2hex: add fmt index for 2.6 compat
• PR #30179: (terminalmage) Backport #26962 to 2015.8 branch
• PR #29693: (abednarik) Handle missing source file in ssh_auth.
• PR #30155: (rallytime) Update boto_secgroup and boto_iam_role docs to only use region OR profile
• PR #30158: (rallytime) Move _option(value) calls to __salt__['config.option'] in boto utils
• PR #30160: (dmurphy18) Fix parsing disk usage for line with no number and AIX values in Kilos
• PR #30162: (rallytime) Update list_present and append grains state function docs to be more clear.
• PR #30163: (rallytime) Add warning about using "=" in file.line function
• PR #30164: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #30168: (abednarik) Fix incorrect file permissions in file.line
• PR #30154: (Oro) Fix file serialize on windows
• PR #30144: (rallytime) Added generic ESXCLI command ability to ESXi Proxy Minion
• PR #30142: (terminalmage) Fix dockerng.push, and allow for multiple images
• PR #30075: (joejulian) Convert glusterfs module to use xml
• PR #30129: (optix2000) Clean up _uptodate() in git state
• PR #30139: (rallytime) Back-port #29589 to 2015.8
• PR #30124: (abednarik) Update regex to detect ip alias in OpenBSD.
• PR #30133: (stanislavb) Fix typo in gpgkey URL
• PR #30126: (stanislavb) Log S3 API error message
• PR #30128: (oeuftete) Log retryable transport errors as warnings
• PR #30096: (cachedout) Add rm_special to crontab module
• PR #30106: (techhat) Ensure last dir
• PR #30101: (gtmanfred) fix bug where nova driver exits with no adminPass
• PR #30090: (techhat) Add argument to isdir()
• PR #30094: (rallytime) Fix doc formatting for cloud.create example in module.py state
• PR #30095: (rallytime) Add the list_nodes_select function to linode driver
• PR #30082: (abednarik) Fixed saltversioninfo grain return
• PR #30084: (rallytime) Back-port #29987 to 2015.8
• PR #30071: (rallytime) Merge branch '2015.5' into '2015.8'
• PR #30067: (ryan-lane) Pass in kwargs to boto_secgroup.convert_to_group_ids explicitly
• PR #30069: (techhat) Ensure that pki_dir exists
• PR #30064: (rallytime) Add Syndic documentation to miscellaneous Salt Cloud config options
• PR #30049: (rallytime) Add some more unit tests for the vsphere execution module
• PR #30060: (rallytime) Back-port #27104 to 2015.8
• PR #30048: (jacobhammons) Remove internal APIs from rest_cherrypy docs.
• PR #30043: (rallytime) Be explicit about importing from salt.utils.jinja to avoid circular imports
• PR #30038: (rallytime) Back-port #30017 to 2015.8
• PR #30036: (rallytime) Back-port #29995 to 2015.8
• PR #30035: (rallytime) Back-port #29895 to 2015.8
• PR #30034: (rallytime) Back-port #29893 to 2015.8
• PR #30033: (rallytime) Back-port #29876 to 2015.8
• PR #30029: (terminalmage) git.latest: Fix handling of nonexistent branches
• PR #30016: (anlutro) Properly normalize locales in locale.gen_locale
• PR #30015: (anlutro) locale module: don't escape the slash in \n
• PR #30022: (gqgunhed) Two minor typos fixed
• PR #30026: (anlutro) states.at: fix wrong variable being used
• PR #29966: (multani) Fix bigip state/module documentation + serializers documentation
• PR #29904: (twangboy) Improvements to osx packaging scripts
• PR #29950: (multani) boto_iam: fix deletion of IAM users when using delete_keys=true
• PR #29937: (multani) Fix states.boto_iam group users
• PR #29934: (multani) Fix state.boto_iam virtual name
• PR #29943: (cachedout) Check args correctly in boto_rds
• PR #29924: (gqgunhed) fixed: uptime now working on non-US Windows
• PR #29883: (serge-p) fix for nfs mounts in _active_mounts_openbsd()
• PR #29894: (techhat) Support Saltfile in SPM
• PR #29856: (rallytime) Added some initial unit tests for the salt.modules.vsphere.py file
• PR #29855: (rallytime) Back-port #29740 to 2015.8
• PR #29890: (multani) Various documentation fixes
• PR #29850: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #29811: (anlutro) influxdb: add retention policy module functions
• PR #29814: (basepi) [2015.8][Windows] Fix multi-master on windows
• PR #29819: (rallytime) Add esxi module and state to docs build
• PR #29832: (jleimbach) Fixed typo in order to use the keyboard module for RHEL without systemd
• PR #29803: (rallytime) Add vSphere module to doc ref module tree
• PR #29767: (abednarik) Hosts file update in mod_hostname.
• PR #29772: (terminalmage) pygit2: skip submodules when traversing tree
• PR #29765: (gtmanfred) allow nova driver to be boot from volume
• PR #29773: (l2ol33rt) Append missing wget in debian installation guide
• PR #29800: (rallytime) Back-port #29769 to 2015.8
• PR #29775: (paulnivin) Change listen requisite resolution from name to ID declaration
• PR #29754: (rallytime) Back-port #29719 to 2015.8
• PR #29713: (The-Loeki) Pillar-based cloud providers still forcing use of deprecated 'provider'
• PR #29729: (rallytime) Further clarifications on "unless" and "onlyif" requisites.
• PR #29737: (akissa) fix pillar sqlite3 documentation examples
• PR #29743: (akissa) fix pillar sqlite not honouring config options
• PR #29723: (rallytime) Clarify db_user and db_password kwargs for postgres_user.present state function
• PR #29722: (rallytime) Link "stateful" kwargs to definition of what "stateful" means for cmd state.
• PR #29724: (rallytime) Add examples of using multiple matching levels to Pillar docs
• PR #29726: (cachedout) Disable some boto tests per resolution of moto issue
• PR #29708: (lagesag) Fix test=True for file.directory with recurse ignore_files/ignore_dirs.
• PR #29642: (cachedout) Correctly restart daemonized minions on failure
• PR #29599: (cachedout) Clean up minion shutdown
• PR #29675: (clinta) allow returning all refs
• PR #29683: (rallytime) Catch more specific error to pass the error message through elegantly.
• PR #29687: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #29681: (clinta) fix bare/mirror in git.latest
• PR #29644: (rallytime) Fixed a couple more ESXi proxy minion bugs
• PR #29645: (rallytime) Back-port #29558 to 2015.8
• PR #29632: (jfindlay) reduce severity of tls module __virtual__ logging
• PR #29606: (abednarik) Fixed duplicate mtu entry in RedHat 7 network configuration.
• PR #29613: (rallytime) Various ESXi Proxy Minion Bug Fixes
• PR #29628: (DmitryKuzmenko) Don't create io_loop before fork
• PR #29609: (basepi) [2015.8][salt-ssh] Add ability to set salt-ssh command umask in roster
• PR #29603: (basepi) Fix orchestration failure-checking
• PR #29597: (terminalmage) dockerng: Prevent exception when API response contains empty dictionary
• PR #29596: (rallytime) Back-port #29587 to 2015.8
• PR #29588: (rallytime) Added ESXi Proxy Minion Tutorial
• PR #29572: (gtmanfred) [nova] use old discover_extensions if available
• PR #29545: (terminalmage) git.latest: init submodules if not yet initialized
• PR #29548: (rallytime) Back-port #29449 to 2015.8
• PR #29547: (rallytime) Refactored ESXCLI-based functions to accept a list of esxi_hosts
• PR #29563: (anlutro) Fix a call to deprecated method in python-influxdb
• PR #29565: (bdrung) Fix typos and missing release note
• PR #29540: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #29499: (rallytime) Initial commit of ESXi Proxy Minion
• PR #29526: (jfindlay) 2015.8.2 notes: add note about not being released
• PR #29531: (jfindlay) grains.core: handle undefined variable
• PR #29538: (basepi) [2015.8] [salt-ssh] Remove umask around actual execution for salt-ssh
• PR #29505: (rallytime) Update boto_rds state docs to include funky yaml syntax for "tags" option.
• PR #29513: (bdrung) Drop obsolete syslog.target from systemd services
• PR #29500: (rallytime) Back-port #29467 to 2015.8
• PR #29463: (abednarik) Add
**
kwargs to debconf.set.
• PR #29399: (jfindlay) modules.status: add human_readable option to uptime
• PR #29433: (cro) Files for building .pkg files for MacOS X
• PR #29455: (jfindlay) modules.nova.__init__: do not return None
• PR #29454: (jfindlay) rh_service module __virtual__ return error messages
• PR #29476: (tbaker57) Doc fix - route_table_present needs subnet_names (not subnets) as a key
• PR #29487: (rallytime) Back-port #29450 to 2015.8
• PR #29441: (rallytime) Make sure docs line up with blade_idrac function specs
• PR #29440: (rallytime) Back-port #28925 to 2015.8
• PR #29435: (galet) Grains return wrong OS version and other OS related values for Oracle Linux
• PR #29430: (rall0r) Fix host.present state limitation
• PR #29417: (jacobhammons) Repo install updates
• PR #29402: (techhat) Add rate limiting to linode
• PR #29400: (twangboy) Fix #19332
• PR #29398: (cachedout) Lint 29288
• PR #29331: (DmitryKuzmenko) Bugfix - #29116 raet dns error
• PR #29390: (jacobhammons) updated version numbers in documentation
• PR #29381: (nmadhok) No need to deepcopy since six.iterkeys() creates a copy
• PR #29349: (cro) Fix mis-setting chassis names
• PR #29334: (rallytime) Back-port #29237 to 2015.8
• PR #29300: (ticosax) [dockerng] Add support for volume management in dockerng
• PR #29218: (clan) check service enable state in test mode
• PR #29315: (jfindlay) dev tutorial doc: fix markup errors
• PR #29317: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #29240: (clan) handle acl_type [[d]efault:][user|group|mask|other]
• PR #29305: (lorengordon) Add 'file' as a source_hash proto
• PR #29272: (jfindlay) win_status module: handle 12 hour time in uptime
• PR #29289: (terminalmage) file.managed: Allow local file sources to use source_hash
• PR #29264: (anlutro) Prevent ssh_auth.absent from running when test=True
• PR #29277: (terminalmage) Update git_pillar runner to support new git ext_pillar config schema
• PR #29283: (cachedout) Single-quotes and use format
• PR #29139: (thomaso-mirodin) [salt-ssh] Add a range roster and range targeting options for the flat
roster
• PR #29282: (cachedout) dev docs: add development tutorial
• PR #28994: (timcharper) add support to s3 for aws role assumption
• PR #29278: (techhat) Add verify_log to SPM
• PR #29067: (jacksontj) Fix infinite recursion in state compiler for prereq of SLSs
• PR #29207: (jfindlay) do not shadow ret function argument
• PR #29215: (rallytime) Back-port #29192 to 2015.8
• PR #29217: (clan) show duration only if state_output_profile is False
• PR #29221: (ticosax) [dokcerng] Docu network mode
• PR #29269: (jfindlay) win_status module: fix function names in docs
• PR #29213: (rallytime) Move _wait_for_task func from vmware cloud to vmware utils
• PR #29271: (techhat) Pass full path for digest (SPM)
• PR #29244: (isbm) List products consistently across all SLES systems
• PR #29255: (garethgreenaway) fixes to consul module
• PR #29208: (whytewolf) Glance more profile errors
• PR #29200: (jfindlay) mount state: unmount by device is optional
• PR #29205: (trevor-h) Fixes #29187 - using winrm on EC2
• PR #29170: (cachedout) Migrate pydsl tests to integration test suite
• PR #29198: (jfindlay) rh_ip module: only set the mtu once
• PR #29135: (jfindlay) ssh_known_hosts.present state: catch not found exc
• PR #29196: (s0undt3ch) We need novaclient imported to compare versions
• PR #29059: (terminalmage) Work around upstream pygit2 bug
• PR #29112: (eliasp) Prevent backtrace (KeyError) in ssh_known_hosts.present state
• PR #29178: (whytewolf) Profile not being passed to keystone.endpoint_get in _auth. so if a p…
Salt 2015.8.7 Release Notes
NOTE:
Salt 2015.8.4, 2015.8.5, and 2015.8.7 were all released within a short period due to regressions found
soon after the releases of 2015.8.4 and 2015.8.5. These release notes contain all of the changes since
2015.8.3 to make it easier to see everything that has changed recently.
Changes for v2015.8.4..v2015.8.7
For pkg.installed states, on Linux distributions which use yum/dnf, packages which have a non-zero epoch
in the version number now require this epoch to be included when specifying an exact version for a
package. For example:
vim-enhanced:
pkg.installed:
- version: 2:7.4.160-1.el7
The pkg.latest_version and pkg.list_repo_pkgs functions can be used to get the correct version string to
use, as they will now contain the epoch when it is non-zero.
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-02-11T22:13:51Z
Statistics:
• Total Merges: 2
• Total Issue references: 0
• Total PR references: 3
Changes:
• PR #31111: (jtand) Fixes failing npm test on arch. @ 2016-02-10T21:51:47Z
• 8d84c63 Merge pull request #31111 from jtand/8_4_npm_fix
• b0a48e5 Fixes failing npm test on arch.
• 733c6ab Some 3rd-party modules (e.g. gnupg) define custom log levels that emit at INFO level and
above. This patch sets the color data lookups to default to TextFormat('reset') rather than
producing a stack trace every time a log message is generated from an affected module.
• 3f71fd0 Revert #30217
• PR #30217: (pass-by-value) Make sure cloud actions can be called via salt run
• PR #31092: (terminalmage) Apply PR #31031 to 2015.8.4.follow_up @ 2016-02-10T20:54:37Z
• 5a6a93e Merge pull request #31092 from terminalmage/issue31014-2015.8.4.follow_up * 2767a4e Don't
handle epoch specially for dnf
• e5dfcc0 More efficient way to add the epoch before version number
• ed74627 include possible epoch in version for rpm
• 6c6b66a Comment multiprocessing line in minion config
• 1f7dfef Set multiprocessing to true in config.py
• 433c645 Fix remove placeholder files
• 7103756 Remove placeholder files
• 20b381f Set overwrite to off
• ca50f56 Fix boto_secgroup
• fd571d2 Fix boto test failures
• cfb6588 Fix regression when contents_pillar/contents_grains is a list.
• 881d866 utils.aws: use time lib to conver to epoch seconds
• 3141292 The call to cp.get_url needs the saltenv, if you're using environments other than base, it
will fail.
• a869401 Fix regression in git_pillar when multiple remotes are configured
• 2243f25 Properly set the default value for pillar_merge_lists
• c7472ff Lint
• d868711 Fix failing boto_vpc module unit tests
• ed09516 Fix failing state module tests
• fd0e940 Pylint fix
• bc780a7 Don't use pack=pack. Just pass in pack=__salt__ always.
• 1ae022d Pass in 'pack' variable to utils.boto.assign_funcs function from ALL boto modules.
• 1efaff1 Remove bad symlinks in osx pkg dirs
• c7db435 Fix regression in scanning for state with 'name' param
----
Security Fix
CVE-2016-1866: Improper handling of clear messages on the minion, which could result in executing
commands not sent by the master.
This issue affects only the 2015.8.x releases of Salt. In order for an attacker to use this attack
vector, they would have to execute a successful attack on an existing TCP connection between minion and
master on the pub port. It does not allow an external attacker to obtain the shared secret or decrypt any
encrypted traffic between minion and master. Thank you to Sebastian Krahmer <krahmer@suse.com> for
bringing this issue to our attention.
We recommend everyone upgrade to 2015.8.4 as soon as possible.
Core Changes
• PR #28994: timcharper Salt S3 module has learned how to assume IAM roles
• Added option mock=True for state.sls and state.highstate. This allows the salt state compiler to
process sls data in a state run without actually calling the state functions, thus providing feedback
on the validity of the arguments used for the functions beyond the preprocessing validation provided by
state.show_sls (issue 30118 and issue 30189).
salt '*' state.sls core,edit.vim mock=True
salt '*' state.highstate mock=True
salt '*' state.apply edit.vim mock=True
Changes for v2015.8.3..v2015.8.4
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-01-25T17:48:35Z
Total Merges: 320
Changes:
• PR #30613: (basepi) Fix minion/syndic clearfuncs
• PR #30609: (seanjnkns) Fix documentation for pillar_merge_lists which default is False, not …
• PR #30584: (julianbrost) file.line state: add missing colon in docstring
• PR #30589: (terminalmage) Merge 2015.5 into 2015.8
• PR #30599: (multani) Documentation formatting fixes
• PR #30554: (rallytime) Make the salt-cloud actions output more verbose and helpful
• PR #30549: (techhat) Salt Virt cleanup
• PR #30553: (techhat) AWS: Support 17-character IDs
• PR #30532: (whiteinge) Add execution module for working in sls files
• PR #30529: (terminalmage) Merge 2015.5 into 2015.8
• PR #30526: (twangboy) Added FlushKey to make sure it's changes are saved to disk
• PR #30521: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #30485: (jtand) Updated pip_state to work with pip 8.0 on 2015.8
• PR #30494: (isbm) Zypper: info_installed — 'errors' flag change to type 'boolean'
• PR #30506: (jacksontj) Properly remove newlines after reading the file
• PR #30508: (rallytime) Fix Linode driver cloning functionality
• PR #30522: (terminalmage) Update git.list_worktree tests to reflect new return data
• PR #30483: (borgstrom) Pyobjects recursive import support (for 2015.8)
• PR #30491: (jacksontj) Add multi-IP support to network state
• PR #30496: (anlutro) Fix KeyError when adding ignored pillars
• PR #30359: (kingsquirrel152) Removes suspected copy/paste error for zmq_filtering functionailty
• PR #30448: (cournape) Fix osx scripts location
• PR #30457: (rallytime) Remove fsutils references from modules list
• PR #30453: (rallytime) Make sure private AND public IPs are listed for Linode driver
• PR #30458: (rallytime) Back-port #30062 to 2015.8
• PR #30468: (timcharper) make note of s3 role assumption in upcoming changelog
• PR #30470: (whiteinge) Add example of the match_dict format to accept_dict wheel function
• PR #30450: (gtmanfred) fix extension loading in novaclient
• PR #30212: (abednarik) Fix incorrect file permissions in file.line
• PR #29947: (jfindlay) fileclient: decode file list from master
• PR #30363: (terminalmage) Use native "list" subcommand to list git worktrees
• PR #30445: (jtand) Boto uses False for is_default instead of None
• PR #30406: (frioux) Add an example of how to use file.managed/check_cmd
• PR #30424: (isbm) Check if byte strings are properly encoded in UTF-8
• PR #30405: (jtand) Updated glusterfs.py for python2.6 compatibility.
• PR #30396: (pass-by-value) Remove hardcoded val
• PR #30391: (jtand) Added else statements
• PR #30375: (rallytime) Wrap formatted log statements with six.u() in cloud/__init__.py
• PR #30384: (isbm) Bugfix: info_available does not work correctly on SLE 11 series
• PR #30376: (pritambaral) Fix FLO_DIR path in 2015.8
• PR #30389: (jtand) Older versions of ipset don't support comments
• PR #30373: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #30372: (jacobhammons) Updated man pages for 2015.8.4, updated copyright to 2016
• PR #30370: (rallytime) Remove incomplete function
• PR #30366: (rallytime) Back-port #28702 to 2015.8
• PR #30361: (cro) Flip the sense of the test for proxymodule imports, add more fns for esxi proxy
• PR #30267: (isbm) Fix RPM issues with the date/time and add package attributes filtering
• PR #30360: (jfindlay) file.remove, file.absent: mention recursive dir removal
• PR #30221: (mbarrien) No rolcatupdate for user_exist in Postgres>=9.5 #26845
• PR #30358: (terminalmage) Add libgit2 version to versions-report
• PR #30346: (pass-by-value) Prevent orphaned volumes
• PR #30349: (rallytime) Back-port #30347 to 2015.8
• PR #30354: (anlutro) Make sure all ignore_missing SLSes are caught
• PR #30356: (nmadhok) Adding code author
• PR #30340: (jtand) Updated seed_test.py for changes made to seed module
• PR #30339: (jfindlay) Backport #26511
• PR #30343: (rallytime) Fix 2015.8 from incomplete back-port
• PR #30342: (eliasp) Correct whitespace placement in error message
• PR #30308: (rallytime) Back-port #30257 to 2015.8
• PR #30187: (rallytime) Back-port #27606 to 2015.8
• PR #30223: (serge-p) adding support for DragonFly BSD
• PR #30238: (rallytime) Reinit crypto before calling RSA.generate when generating keys.
• PR #30246: (dmacvicar) Add missing return data to scheduled jobs (#24237)
• PR #30292: (thegoodduke) ipset: fix test=true & add comment for every entry
• PR #30275: (abednarik) Add permanent argument in firewalld.
• PR #30328: (cachedout) Fix file test
• PR #30310: (pass-by-value) Empty bucket fix
• PR #30211: (techhat) Execute choot on the correct path
• PR #30309: (rallytime) Back-port #30304 to 2015.8
• PR #30278: (nmadhok) If datacenter is specified in the config, then look for managed objects under it
• PR #30305: (jacobhammons) Changed examples to use the "example.com" domain instead of "mycompan…
• PR #30249: (mpreziuso) Fixes performance and timeout issues on win_pkg.install
• PR #30217: (pass-by-value) Make sure cloud actions can be called via salt run
• PR #30268: (terminalmage) Optimize file_tree ext_pillar and update file.managed to allow for binary
contents
• PR #30245: (rallytime) Boto secgroup/iam_role: Add note stating us-east-1 is default region
• PR #30299: (rallytime) ESXi Proxy minions states are located at salt.states.esxi, not vsphere.
• PR #30202: (opdude) Fixed the periodic call to beacons
• PR #30303: (jacobhammons) Changed notes to indicate that functions are matched using regular ex…
• PR #30284: (terminalmage) salt.utils.gitfs: Fix Dulwich env detection and submodule handling
• PR #30280: (jfindlay) add state mocking to release notes
• PR #30273: (rallytime) Back-port #30121 to 2015.8
• PR #30301: (cachedout) Accept whatever comes into hightstate mock for state tests
• PR #30282: (cachedout) Fix file.append logic
• PR #30289: (cro) Fix problems with targeting proxies by grains
• PR #30293: (cro) Ensure we don't log stuff we shouldn't
• PR #30279: (cachedout) Allow modules to be packed into boto utils
• PR #30186: (rallytime) Update CLI Examples in boto_ec2 module to reflect correct arg/kwarg positioning
• PR #30156: (abednarik) Add option in file.append to ignore_whitespace.
• PR #30189: (rallytime) Back-port #30185 to 2015.8
• PR #30215: (jacobhammons) Assorted doc bug fixes
• PR #30206: (cachedout) Revert "Fix incorrect file permissions in file.line"
• PR #30190: (jacobhammons) Updated doc site banners
• PR #30180: (jfindlay) modules.x509._dec2hex: add fmt index for 2.6 compat
• PR #30179: (terminalmage) Backport #26962 to 2015.8 branch
• PR #29693: (abednarik) Handle missing source file in ssh_auth.
• PR #30155: (rallytime) Update boto_secgroup and boto_iam_role docs to only use region OR profile
• PR #30158: (rallytime) Move _option(value) calls to __salt__['config.option'] in boto utils
• PR #30160: (dmurphy18) Fix parsing disk usage for line with no number and AIX values in Kilos
• PR #30162: (rallytime) Update list_present and append grains state function docs to be more clear.
• PR #30163: (rallytime) Add warning about using "=" in file.line function
• PR #30164: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #30168: (abednarik) Fix incorrect file permissions in file.line
• PR #30154: (Oro) Fix file serialize on windows
• PR #30144: (rallytime) Added generic ESXCLI command ability to ESXi Proxy Minion
• PR #30142: (terminalmage) Fix dockerng.push, and allow for multiple images
• PR #30075: (joejulian) Convert glusterfs module to use xml
• PR #30129: (optix2000) Clean up _uptodate() in git state
• PR #30139: (rallytime) Back-port #29589 to 2015.8
• PR #30124: (abednarik) Update regex to detect ip alias in OpenBSD.
• PR #30133: (stanislavb) Fix typo in gpgkey URL
• PR #30126: (stanislavb) Log S3 API error message
• PR #30128: (oeuftete) Log retryable transport errors as warnings
• PR #30096: (cachedout) Add rm_special to crontab module
• PR #30106: (techhat) Ensure last dir
• PR #30101: (gtmanfred) fix bug where nova driver exits with no adminPass
• PR #30090: (techhat) Add argument to isdir()
• PR #30094: (rallytime) Fix doc formatting for cloud.create example in module.py state
• PR #30095: (rallytime) Add the list_nodes_select function to linode driver
• PR #30082: (abednarik) Fixed saltversioninfo grain return
• PR #30084: (rallytime) Back-port #29987 to 2015.8
• PR #30071: (rallytime) Merge branch '2015.5' into '2015.8'
• PR #30067: (ryan-lane) Pass in kwargs to boto_secgroup.convert_to_group_ids explicitly
• PR #30069: (techhat) Ensure that pki_dir exists
• PR #30064: (rallytime) Add Syndic documentation to miscellaneous Salt Cloud config options
• PR #30049: (rallytime) Add some more unit tests for the vsphere execution module
• PR #30060: (rallytime) Back-port #27104 to 2015.8
• PR #30048: (jacobhammons) Remove internal APIs from rest_cherrypy docs.
• PR #30043: (rallytime) Be explicit about importing from salt.utils.jinja to avoid circular imports
• PR #30038: (rallytime) Back-port #30017 to 2015.8
• PR #30036: (rallytime) Back-port #29995 to 2015.8
• PR #30035: (rallytime) Back-port #29895 to 2015.8
• PR #30034: (rallytime) Back-port #29893 to 2015.8
• PR #30033: (rallytime) Back-port #29876 to 2015.8
• PR #30029: (terminalmage) git.latest: Fix handling of nonexistent branches
• PR #30016: (anlutro) Properly normalize locales in locale.gen_locale
• PR #30015: (anlutro) locale module: don't escape the slash in \n
• PR #30022: (gqgunhed) Two minor typos fixed
• PR #30026: (anlutro) states.at: fix wrong variable being used
• PR #29966: (multani) Fix bigip state/module documentation + serializers documentation
• PR #29904: (twangboy) Improvements to osx packaging scripts
• PR #29950: (multani) boto_iam: fix deletion of IAM users when using delete_keys=true
• PR #29937: (multani) Fix states.boto_iam group users
• PR #29934: (multani) Fix state.boto_iam virtual name
• PR #29943: (cachedout) Check args correctly in boto_rds
• PR #29924: (gqgunhed) fixed: uptime now working on non-US Windows
• PR #29883: (serge-p) fix for nfs mounts in _active_mounts_openbsd()
• PR #29894: (techhat) Support Saltfile in SPM
• PR #29856: (rallytime) Added some initial unit tests for the salt.modules.vsphere.py file
• PR #29855: (rallytime) Back-port #29740 to 2015.8
• PR #29890: (multani) Various documentation fixes
• PR #29850: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #29811: (anlutro) influxdb: add retention policy module functions
• PR #29814: (basepi) [2015.8][Windows] Fix multi-master on windows
• PR #29819: (rallytime) Add esxi module and state to docs build
• PR #29832: (jleimbach) Fixed typo in order to use the keyboard module for RHEL without systemd
• PR #29803: (rallytime) Add vSphere module to doc ref module tree
• PR #29767: (abednarik) Hosts file update in mod_hostname.
• PR #29772: (terminalmage) pygit2: skip submodules when traversing tree
• PR #29765: (gtmanfred) allow nova driver to be boot from volume
• PR #29773: (l2ol33rt) Append missing wget in debian installation guide
• PR #29800: (rallytime) Back-port #29769 to 2015.8
• PR #29775: (paulnivin) Change listen requisite resolution from name to ID declaration
• PR #29754: (rallytime) Back-port #29719 to 2015.8
• PR #29713: (The-Loeki) Pillar-based cloud providers still forcing use of deprecated 'provider'
• PR #29729: (rallytime) Further clarifications on "unless" and "onlyif" requisites.
• PR #29737: (akissa) fix pillar sqlite3 documentation examples
• PR #29743: (akissa) fix pillar sqlite not honouring config options
• PR #29723: (rallytime) Clarify db_user and db_password kwargs for postgres_user.present state function
• PR #29722: (rallytime) Link "stateful" kwargs to definition of what "stateful" means for cmd state.
• PR #29724: (rallytime) Add examples of using multiple matching levels to Pillar docs
• PR #29726: (cachedout) Disable some boto tests per resolution of moto issue
• PR #29708: (lagesag) Fix test=True for file.directory with recurse ignore_files/ignore_dirs.
• PR #29642: (cachedout) Correctly restart daemonized minions on failure
• PR #29599: (cachedout) Clean up minion shutdown
• PR #29675: (clinta) allow returning all refs
• PR #29683: (rallytime) Catch more specific error to pass the error message through elegantly.
• PR #29687: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #29681: (clinta) fix bare/mirror in git.latest
• PR #29644: (rallytime) Fixed a couple more ESXi proxy minion bugs
• PR #29645: (rallytime) Back-port #29558 to 2015.8
• PR #29632: (jfindlay) reduce severity of tls module __virtual__ logging
• PR #29606: (abednarik) Fixed duplicate mtu entry in RedHat 7 network configuration.
• PR #29613: (rallytime) Various ESXi Proxy Minion Bug Fixes
• PR #29628: (DmitryKuzmenko) Don't create io_loop before fork
• PR #29609: (basepi) [2015.8][salt-ssh] Add ability to set salt-ssh command umask in roster
• PR #29603: (basepi) Fix orchestration failure-checking
• PR #29597: (terminalmage) dockerng: Prevent exception when API response contains empty dictionary
• PR #29596: (rallytime) Back-port #29587 to 2015.8
• PR #29588: (rallytime) Added ESXi Proxy Minion Tutorial
• PR #29572: (gtmanfred) [nova] use old discover_extensions if available
• PR #29545: (terminalmage) git.latest: init submodules if not yet initialized
• PR #29548: (rallytime) Back-port #29449 to 2015.8
• PR #29547: (rallytime) Refactored ESXCLI-based functions to accept a list of esxi_hosts
• PR #29563: (anlutro) Fix a call to deprecated method in python-influxdb
• PR #29565: (bdrung) Fix typos and missing release note
• PR #29540: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #29499: (rallytime) Initial commit of ESXi Proxy Minion
• PR #29526: (jfindlay) 2015.8.2 notes: add note about not being released
• PR #29531: (jfindlay) grains.core: handle undefined variable
• PR #29538: (basepi) [2015.8] [salt-ssh] Remove umask around actual execution for salt-ssh
• PR #29505: (rallytime) Update boto_rds state docs to include funky yaml syntax for "tags" option.
• PR #29513: (bdrung) Drop obsolete syslog.target from systemd services
• PR #29500: (rallytime) Back-port #29467 to 2015.8
• PR #29463: (abednarik) Add
**
kwargs to debconf.set.
• PR #29399: (jfindlay) modules.status: add human_readable option to uptime
• PR #29433: (cro) Files for building .pkg files for MacOS X
• PR #29455: (jfindlay) modules.nova.__init__: do not return None
• PR #29454: (jfindlay) rh_service module __virtual__ return error messages
• PR #29476: (tbaker57) Doc fix - route_table_present needs subnet_names (not subnets) as a key
• PR #29487: (rallytime) Back-port #29450 to 2015.8
• PR #29441: (rallytime) Make sure docs line up with blade_idrac function specs
• PR #29440: (rallytime) Back-port #28925 to 2015.8
• PR #29435: (galet) Grains return wrong OS version and other OS related values for Oracle Linux
• PR #29430: (rall0r) Fix host.present state limitation
• PR #29417: (jacobhammons) Repo install updates
• PR #29402: (techhat) Add rate limiting to linode
• PR #29400: (twangboy) Fix #19332
• PR #29398: (cachedout) Lint 29288
• PR #29331: (DmitryKuzmenko) Bugfix - #29116 raet dns error
• PR #29390: (jacobhammons) updated version numbers in documentation
• PR #29381: (nmadhok) No need to deepcopy since six.iterkeys() creates a copy
• PR #29349: (cro) Fix mis-setting chassis names
• PR #29334: (rallytime) Back-port #29237 to 2015.8
• PR #29300: (ticosax) [dockerng] Add support for volume management in dockerng
• PR #29218: (clan) check service enable state in test mode
• PR #29315: (jfindlay) dev tutorial doc: fix markup errors
• PR #29317: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #29240: (clan) handle acl_type [[d]efault:][user|group|mask|other]
• PR #29305: (lorengordon) Add 'file' as a source_hash proto
• PR #29272: (jfindlay) win_status module: handle 12 hour time in uptime
• PR #29289: (terminalmage) file.managed: Allow local file sources to use source_hash
• PR #29264: (anlutro) Prevent ssh_auth.absent from running when test=True
• PR #29277: (terminalmage) Update git_pillar runner to support new git ext_pillar config schema
• PR #29283: (cachedout) Single-quotes and use format
• PR #29139: (thomaso-mirodin) [salt-ssh] Add a range roster and range targeting options for the flat
roster
• PR #29282: (cachedout) dev docs: add development tutorial
• PR #28994: (timcharper) add support to s3 for aws role assumption
• PR #29278: (techhat) Add verify_log to SPM
• PR #29067: (jacksontj) Fix infinite recursion in state compiler for prereq of SLSs
• PR #29207: (jfindlay) do not shadow ret function argument
• PR #29215: (rallytime) Back-port #29192 to 2015.8
• PR #29217: (clan) show duration only if state_output_profile is False
• PR #29221: (ticosax) [dokcerng] Docu network mode
• PR #29269: (jfindlay) win_status module: fix function names in docs
• PR #29213: (rallytime) Move _wait_for_task func from vmware cloud to vmware utils
• PR #29271: (techhat) Pass full path for digest (SPM)
• PR #29244: (isbm) List products consistently across all SLES systems
• PR #29255: (garethgreenaway) fixes to consul module
• PR #29208: (whytewolf) Glance more profile errors
• PR #29200: (jfindlay) mount state: unmount by device is optional
• PR #29205: (trevor-h) Fixes #29187 - using winrm on EC2
• PR #29170: (cachedout) Migrate pydsl tests to integration test suite
• PR #29198: (jfindlay) rh_ip module: only set the mtu once
• PR #29135: (jfindlay) ssh_known_hosts.present state: catch not found exc
• PR #29196: (s0undt3ch) We need novaclient imported to compare versions
• PR #29059: (terminalmage) Work around upstream pygit2 bug
• PR #29112: (eliasp) Prevent backtrace (KeyError) in ssh_known_hosts.present state
• PR #29178: (whytewolf) Profile not being passed to keystone.endpoint_get in _auth. so if a p…
Salt 2015.8.8 Release Notes
IMPORTANT:
2015.8.8.2 was released shortly after 2015.8.8 to fix several known issues. If you installed 2015.8.8
before 03/30/2016, you likely have installed 2015.8.8 and can optionally upgrade (find out which
version you have installed using salt --version. The latest version is 2015.8.8.2).
Salt 2015.8.8.2
Salt 2015.8.8.2 includes fixes for the following known issues in 2015.8.8:
• issue 32044: Key master with value [...] has an invalid type of list Error
• issue 32004: Failed to import module win_dacl Error
• issue 32114: Wrong validation type for file_ignore_glob key
• issue 31969: Fix file.managed for windows
IMPORTANT:
issue 32183 prevents Salt Cloud from installing the Salt minion on new systems. To workaround this
issue, call salt-cloud -u to update the bootstrap script to the latest version.
Salt 2015.8.8
Security Fix
CVE-2016-3176: Insecure configuration of PAM external authentication service
This issue affects all Salt versions prior to 2015.8.8/2015.5.10 when PAM external authentication is
enabled. This issue involves passing an alternative PAM authentication service with a command that is
sent to LocalClient, enabling the attacker to bypass the configured authentication service. Thank you to
Dylan Frese <dmfrese@gmail.com> for bringing this issue to our attention.
This update defines the PAM eAuth service that users authenticate against in the Salt Master
configuration.
Read Before Upgrading Debian 7 (Wheezy) from 2015.8.7 to 2015.8.8
Before you upgrade from 2015.8.7 on Debian 7, you must run the following commands to remove previous
packages:
sudo apt-get remove python-pycrypto
sudo apt-get remove python-apache-libcloud
Note that python-pycrypto will likely remove python-apache-libcloud, so the second command might not be
necessary. These have been replaced by python-crypto and python-libcloud with ~bpo70+1 moniker.
Read Before Upgrading Debian 8 (Jessie) from Salt Versions Earlier than 2015.8.4
Salt systemd service files are missing the following statement in these versions:
[Service]
KillMode=process
This statement must be added to successfully upgrade on these earlier versions of Salt.
Changes for v2015.8.7..v2015.8.8
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-03-17T21:03:44Z
Total Merges: 312
Changes:
• PR #31947: (cro) Move proxymodule assignment earlier in proxy minion init
• PR #31948: (rallytime) Revert "not not" deletion and add comment as to why that is there
• PR #31952: (rallytime) Fix lint for 2015.8 branch
• PR #31933: (rallytime) Fix linking syntax in testing docs
• PR #31930: (cro) Backport changes from 2016.3
• PR #31924: (jfindlay) update 2015.8.8 release notes
• PR #31922: (cachedout) For 2015.8 head
• PR #31904: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #31906: (sbreidba) Win_dacl module: fix FULLCONTROL / FILE_ALL_ACCESS definition
• PR #31745: (isbm) Fix the always-false behavior on checking state
• PR #31911: (rallytime) Merge #31903 with pylint fix
• PR #31883: (paiou) Fix scaleway cloud provider and manage x86 servers
• PR #31903: (terminalmage) Use remote_ref instead of local_ref to see if checkout is necessary
• PR #31845: (sakateka) Now a check_file_meta deletes temporary files when test=True
• PR #31901: (rallytime) Back-port #31846 to 2015.8
• PR #31905: (terminalmage) Update versionadded directive
• PR #31902: (rallytime) Update versionadded tag for new funcs
• PR #31888: (terminalmage) Fix salt.utils.decorators.Depends
• PR #31857: (sjorge) gen_password and del_password missing from solaris_shadow
• PR #31879: (cro) Clarify some comments
• PR #31815: (dr4Ke) Fix template on contents 2015.8
• PR #31818: (anlutro) Prevent event logs from writing huge amounts of data
• PR #31836: (terminalmage) Fix git_pillar race condition
• PR #31824: (rallytime) Back-port #31819 to 2015.8
• PR #31856: (szeestraten) Adds missing docs for Virtual Network and Subnet options in salt-cloud Azure
cloud profile
• PR #31839: (jfindlay) add 2015.8.8 release notes
• PR #31828: (gtmanfred) Remove ability of authenticating user to specify pam service
• PR #31787: (anlutro) Fix user_create and db_create for new versions of influxdb
• PR #31800: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #31797: (Ch3LL) Change pkg name to less for suse pkg.info_installed test
• PR #31793: (xopher-mc) fixing init system detection on sles 11, refs #31617
• PR #31786: (isbm) Bugfix: zypper doesn't detect base product on SLE11 series
• PR #31780: (gtmanfred) use already created vsphere connection
• PR #31779: (sbreidba) win_dacl state & module: return comment field as strings, not lists.
• PR #31723: (sjorge) file_ignore_regex is a list, not bool
• PR #31747: (techhat) Use get_local_client with MASTER opts, not MINION
• PR #31688: (whiteinge) Various SMTP returner fixes
• PR #31752: (rallytime) Back-port #31686 to 2015.8
• PR #31733: (jacobhammons) docs to clarify cloud configuration
• PR #31775: (techhat) Show correct provider/driver name
• PR #31754: (techhat) Check all providers, not just the current one
• PR #31735: (rallytime) Add reboot, start, and stop actions to digital ocean driver
• PR #31770: (anlutro) Fix influxdb user functionality for version 0.9+
• PR #31743: (Talkless) Fix parentheses mismatch in documentation
• PR #31162: (isbm) Remove MD5 digest from everywhere and default to SHA256
• PR #31670: (terminalmage) Write lists of minions targeted by syndic masters to job cache
• PR #31711: (ticosax) [dockerng] Port and Volume comparison should consider Dockerfile
• PR #31719: (techhat) Don't worry about KeyErrors if the node is already removed
• PR #31713: (ticosax) [dockerng] Fix dockerng.network_present when container is given by name
• PR #31705: (peripatetic-sojourner) Foreman pillar
• PR #31702: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #31700: (s0undt3ch) It's a function!
• PR #31679: (cro) Fix bad link to the sample REST endpoint in salt-contrib.
• PR #31668: (rallytime) Some more testing documentation improvements
• PR #31653: (DmitryKuzmenko) Don't attempt to verify token if it wasn't sent to master.
• PR #31629: (darix) Fix services on sles
• PR #31641: (rallytime) Improve Salt Testing tutorial to be a more comprehensive intro
• PR #31651: (dr4Ke) test case: test_list_present_nested_already
• PR #31643: (opdude) Make sure we are really updating the mercurial repository
• PR #31598: (terminalmage) Remove limitations on validation types for eauth targets
• PR #31627: (jakehilton) Handling error from using gevent 1.1.
• PR #31630: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #31594: (rallytime) Back-port #31589 to 2015.8
• PR #31604: (joejulian) Workaround for non-xml output from gluster cli when not tty
• PR #31583: (vutny) Remove trailing white spaces
• PR #31592: (rallytime) Back-port #31546 to 2015.8
• PR #31593: (rallytime) Back-port #31570 to 2015.8
• PR #31567: (cachedout) Restore FIPS compliance when using master_finger
• PR #31568: (twangboy) Grant permissions using SID instead of name
• PR #31561: (jtand) Skipped test
• PR #31550: (rallytime) Correct versionadded tag for win_service.config
• PR #31549: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #31544: (DmitryKuzmenko) Protect getattr from recursion
• PR #31525: (DmitryKuzmenko) Issues/30643 merge forward fixes
• PR #31536: (virtualguy) Remove debian repo from raspbian installation
• PR #31528: (vutny) Correct Salt Cloud documentation about updating Salt Bootstrap script
• PR #31539: (DmitryKuzmenko) Added temporary workaround for CentOS 7 os-release id bug.
• PR #31508: (mcalmer) Zypper correct exit code checking
• PR #31510: (vutny) Add installation guide for Raspbian (Debian on Raspberry Pi)
• PR #31498: (Ch3LL) rename methods in pkg states test
• PR #31471: (cachedout) Correct issue where duplicate items in grains list during state run will result
in duplicate grains
• PR #31455: (ticosax) [dockerng] Disable notset check
• PR #31488: (isbm) Unit Test for Zypper's "remove" and "purge"
• PR #31485: (jacobhammons) Fixed transport description in minion / master config
• PR #31411: (jtand) Added some beacons execution module integration tests
• PR #31475: (jacobhammons) Assorted doc issues
• PR #31477: (vutny) Correct installation documentation for Ubuntu
• PR #31479: (isbm) Zypper unit tests & fixes
• PR #31445: (rallytime) Only use LONGSIZE in rpm.info if available. Otherwise, use SIZE.
• PR #31464: (Ch3LL) integartion test: ensure decorator only runs on one method and not class
• PR #31458: (vutny) Correct installation documentation for Debian
• PR #31457: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #31439: (rallytime) Fix lowpkg.info function for Ubuntu 12 - make sure we have a pkg name
• PR #31456: (RabidCicada) Clarified the form of requisite targets/requisite-references
• PR #31453: (DmitryKuzmenko) Backport cp_geturl fix for large files into 2015.8
• PR #31444: (jacobhammons) Documentation updates - ddns state, file.line state/exe function,
installation dependencies
• PR #31341: (twangboy) Clarification on Windows Package Manager docs
• PR #31380: (kiorky) Bring up ext_pillar rendering errors as well
• PR #31418: (terminalmage) Fix core grains when Debian OS detected as 'Debian GNU/Linux'
• PR #31429: (mcalmer) fix argument handling for pkg.download
• PR #31432: (ticosax) [dockerng] Hotfix docker 1.10.2
• PR #31420: (twangboy) Handle Unversioned Packages
• PR #31417: (jacobhammons) ddns state docs updated with notes regarding the name, zone, and keyfile.
• PR #31391: (redmcg) Added sanity check: is 'pillar' in self.opts
• PR #31376: (cro) Some distros don't have a /lib/systemd
• PR #31352: (ticosax) [dockerng] Pull missing images when calling dockerng.running
• PR #31378: (mcalmer) Zypper refresh handling
• PR #31373: (terminalmage) Use --set-upstream instead of --track to set upstream on older git
• PR #31390: (abednarik) Fix Logrotate module.
• PR #31354: (ticosax) [dockerng] Don't require auth for all registries
• PR #31368: (whiteinge) Update list of netapi clients for autoclass
• PR #31367: (techhat) Add docs on how to actually use SDB
• PR #31357: (ticosax) [dockerng] Support docker inconsistencies
• PR #31353: (ticosax) [dockerng] Fix when ports are integers
• PR #31346: (ticosax) Backport #31130 to 2015.8
• PR #31332: (terminalmage) Clarify documentation for gitfs/hgfs/svnfs mountpoint and root options
• PR #31305: (mcalmer) call zypper with option --non-interactive everywhere
• PR #31337: (jacobhammons) Release notes and versioning for 2015.8.7
• PR #31326: (ticosax) [dockerng ] Detect settings removal
• PR #31292: (twangboy) Fix dunder virtual to check for Remote Administration Tools
• PR #31287: (joejulian) Rework tests and fix reverse peering with gluster 3.7
• PR #31196: (sakateka) Here are a few fixes utils.network
• PR #31299: (rallytime) Allow state-output and state-verbose default settings to be set from CLI
• PR #31317: (terminalmage) Fix versonadded directive
• PR #31301: (terminalmage) Corrected fix for #30999
• PR #31302: (terminalmage) Audit CLI opts used in git states
• PR #31312: (terminalmage) Merge 2015.5 into 2015.8
• PR #31225: (pprince) Fix in file_tree pillar (Fixes #31223.)
• PR #31233: (mcalmer) implement version_cmp for zypper
• PR #31273: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #31253: (gtmanfred) allow for nova servers to be built with premade volumes
• PR #31271: (rallytime) Back-port #30689 to 2015.8
• PR #31255: (jacobhammons) Fixes #30461
• PR #31189: (dmacvicar) Fix crash with scheduler and runners (#31106)
• PR #31201: (The-Loeki) Utilize prepared grains var in master-side ipcidr matching
• PR #31239: (terminalmage) Improve logging when master cannot decode a payload
• PR #31190: (twangboy) Clear minion cache before caching from master
• PR #31226: (pprince) Minor docs fix: file_tree pillar (Fixes #31124)
• PR #31234: (mcalmer) improve doc for list_pkgs
• PR #31237: (mcalmer) add handling for OEM products
• PR #31182: (rallytime) Back-port #31172 to 2015.8
• PR #31191: (rallytime) Make sure doc example matches kwarg
• PR #31171: (Ch3LL) added logic to check for installed package
• PR #31177: (Ch3LL) add integration test for issue #30934
• PR #31181: (cachedout) Lint 2015.8 branch
• PR #31169: (rallytime) Back-port #29718 to 2015.8
• PR #31170: (rallytime) Back-port #31157 to 2015.8
• PR #31147: (cro) Documentation clarifications.
• PR #31153: (edencrane) Fixed invalid host causing 'reference to variable before assignment'
• PR #31152: (garethgreenaway) fixes to beacon module, state module and friends
• PR #31149: (jfindlay) add 2015.8.7 release notes
• PR #31134: (isbm) Fix types in the output data and return just a list of products
• PR #31120: (gtmanfred) Clean up some bugs in the nova driver
• PR #31132: (rallytime) Make sure required profile configurations passed in a map file work
• PR #31131: (Ch3LL) integration test for issue #31014
• PR #31133: (cachedout) Fixup 31121
• PR #31125: (isbm) Force-kill websocket's child processes faster than default two minutes.
• PR #31119: (sakateka) fixes for ipv6-only multi-master faliover
• PR #31107: (techhat) Don't try to add a non-existent IP address
• PR #31108: (jtand) Changed npm integration test to install request.
• PR #31105: (cachedout) Lint 30975
• PR #31100: (jfindlay) states.x509: docs: peer.sls -> peer.conf
• PR #31103: (twangboy) Point to reg.delete_key_recursive
• PR #31093: (techhat) Ensure double directories don't get created
• PR #31095: (jfindlay) modules.file, states.file: explain symbolic links
• PR #31061: (rallytime) Revert #30217 - was causing salt-cloud -a breakage
• PR #31090: (rallytime) Back-port #30542 to 2015.8
• PR #31085: (jacksontj) Correctly remove path we added after loader is completed
• PR #31037: (vutny) Update RHEL installation guide to reflect latest repo changes
• PR #31050: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #31053: (cachedout) Fix boto test failures
• PR #31029: (twangboy) Windows defaults to multiprocessing true
• PR #30998: (dmacvicar) add_key/reject_key: do not crash w/Permission denied:
'/var/cache/salt/master/.dfn' (#27796)
• PR #31049: (twangboy) Fix versionadded in win_service.config
• PR #30987: (youngnick) Changed glusterfs.peer() module so state can handle localhost peering attempts.
• PR #31042: (moltob) Allow using Windows path in archive.extracted name attribute
• PR #31012: (terminalmage) Fix gitfs/git_pillar/winrepo provider to allow lowercase values
• PR #31024: (jfindlay) modules.aptpkg.upgrade: clarify dist-upgrade usage
• PR #31028: (twangboy) Fix config overwrite by windows installer
• PR #31031: (terminalmage) More complete fix for #31014
• PR #31026: (terminalmage) Fix regression when contents_pillar/contents_grains is a list.
• PR #30978: (garethgreenaway) fixes to state.py in 2015.8
• PR #30893: (bdrung) Make build reproducible
• PR #30945: (cachedout) Note that pillar cli args are sent via pub
• PR #31002: (rmtmckenzie) Fix lxc cloud provided minion reporting present
• PR #31007: (jtand) Fixed rabbitmq_vhost test failure.
• PR #31004: (rallytime) Remove overstate docs and a few references.
• PR #30965: (anlutro) Fix rabbitmq_vhost.present result when test=True
• PR #30955: (Ch3LL) docs: add clarification when source is not defined
• PR #30941: (rallytime) Back-port #30879 to 2015.8
• PR #30940: (twangboy) Fix Build Process for OSX
• PR #30944: (jacobhammons) 2015.8.5 release notes linking and clean up
• PR #30905: (joejulian) Add realpath to lvm.pvdisplay and use it in vg_present
• PR #30924: (youngnick) Fix small bug with starting volumes after creation.
• PR #30910: (cro) fix iDRAC state
• PR #30919: (garethgreenaway) Fixes to ssh_auth state module
• PR #30920: (jacobhammons) Versioned to 2015.8.5, added known issue #30300 to release notes
• PR #30894: (terminalmage) git module/state: Handle identity files more gracefully
• PR #30750: (jfindlay) extract whole war version
• PR #30884: (rallytime) Move checks for private_key file existence and permissions to create function
• PR #30888: (ticosax) Backport #30797 to 2015.8
• PR #30895: (bdrung) Fix various typos
• PR #30889: (anlutro) Make msgpack an optional dependency in salt.utils.cache
• PR #30896: (vutny) Update nodegroups parameter examples in master config example and docs
• PR #30898: (abednarik) Fix pkg install with version.
• PR #30867: (rallytime) Pass in 'pack' variable to utils.boto.assign_funcs function from ALL boto
modules
• PR #30849: (jfindlay) utils.aws: use time lib to conver to epoch seconds
• PR #30874: (terminalmage) Fix regression in git_pillar when multiple remotes are configured
• PR #30850: (jfindlay) modules.dpkg._get_pkg_info: allow for ubuntu 12.04
• PR #30852: (replicant0wnz) Added more descriptive error message
• PR #30847: (terminalmage) Backport #30844 to 2015.8 branch
• PR #30860: (vutny) Correct installation documentation for RHEL-based distributions
• PR #30841: (jacobhammons) Release notes for 2015.8.5
• PR #30835: (terminalmage) Integration test for #30820
• PR #30837: (jacobhammons) Added known issue #30820 to release notes
• PR #30832: (rallytime) Add grains modules to salt modindex
• PR #30822: (rallytime) Make sure setting list_user_permissions to ['', '', ''] doesn't stacktrace
• PR #30833: (terminalmage) Fix regression in scanning for state with 'name' param
• PR #30823: (yannis666) Fix for mine to merge configuration on update.
• PR #30827: (jacobhammons) Version to 2015.8.4, added CVE 2016-1866 to release notes
• PR #30813: (anlutro) Properly set the default value for pillar_merge_lists
• PR #30826: (cachedout) Fix 30682
• PR #30818: (rallytime) Back-port #30790 to 2015.8
• PR #30815: (vutny) Pick right user argument for updating reactor function's low data
• PR #30747: (jfindlay) modules.lxc.running_systemd: use command -v not which
• PR #30800: (twangboy) Ability to handle special case installations
• PR #30794: (rallytime) A spelling fix and some spacing fixes for the boto_ec2 module docs
• PR #30756: (basepi) [2015.8] Fix two error conditions in the highstate outputter
• PR #30788: (rallytime) Fix incorrect doc example for dellchassis blade_idrac state
• PR #30791: (Ch3LL) do not shadow ret function argument for salt.function
• PR #30726: (sjmh) Fix improper use of yield in generator
• PR #30752: (terminalmage) Backport systemd and yum/dnf optimizations from develop into 2015.8
• PR #30759: (thusoy) Allow managing empty files
• PR #30758: (thusoy) Support mounting labelled volumes with multiple drives
• PR #30686: (cachedout) Master-side pillar caching
• PR #30675: (jfindlay) handle non-ascii minion IDs
• PR #30691: (rallytime) Make sure we use the "instance" kwarg in cloud.action.
• PR #30713: (rallytime) Fix-up autodoc proxy modules for consistency
• PR #30741: (jfindlay) states.locale.__virtual__: return exec mod load err
• PR #30751: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #30720: (clinta) x509.pem_managed does not return changes dict
• PR #30687: (clarkperkins) Setting 'del_root_vol_on_destroy' changes the root volume type to 'standard'
• PR #30673: (terminalmage) Properly derive the git_pillar cachedir from the id instead of the URL
• PR #30666: (cachedout) Fix grains cache
• PR #30623: (twangboy) Added service.config function
• PR #30678: (rallytime) Back-port #30668 to 2015.8
• PR #30677: (clarkperkins) Fix EC2 volume creation logic
• PR #30680: (cro) Merge forward from 2015.5, primarily for #30671
• PR #30663: (isbm) Zypper: latest version bugfix and epoch support feature
• PR #30652: (mew1033) Fix sh beacon
• PR #30657: (jfindlay) [2015.8] Backport #30378 and #29650
• PR #30656: (rallytime) [2015.8] Merge 2015.5 into 2015.8
• PR #30644: (tbaker57) Another go at fixing 30573
• PR #30611: (isbm) Bugfix: Zypper pkg.latest crash fix
• PR #30631: (rallytime) Refactor rabbitmq_cluster states to use test=true functionality correctly
• PR #30628: (rallytime) Refactor rabbitmq_policy states to use test=true functionality correctly
• PR #30624: (cro) Remove bad symlinks from osx pkg dir
• PR #30622: (rallytime) Add glance state to list of state modules
• PR #30618: (rallytime) Back-port #30591 to 2015.8
• PR #30625: (jfindlay) doc.topics.eauth: clarify client_acl vs eauth
Salt 2015.8.9 Release Notes
Version 2015.8.9 is a bugfix release for 2015.8.0.
Mint Linux: Important Post-Upgrade Instructions
As a result of some upstream changes, the os grain on Mint Linux is now being detected as
LinuxMint (issue 33295). Run the following command after you upgrade to 2015.8.9 to reset the
os grain to Mint and the os_family grain to Debian:
salt -G 'os:LinuxMint' grains.setvals "{'os': 'Mint', 'os_family': 'Debian'}"
Changes for v2015.8.8..v2015.8.9
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-05-17T17:09:39Z
Total Merges: 145
Changes:
• PR #33293: (twangboy) Fix minion start retry on Windows (2015.8)
• 22c4331 linux_acl: Allow '-' as a separation character in ACL permissions. Fixes #31270 (#33172) (‐
#33305)
• 7a181f2 Handle more ipv6 error as an exception #33299 (#33300)
• eb47a15 Ignore retcode when checking service's status (#33294)
• PR #33274: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• 4f3596a Add comment for test=true w/o changes ret and add changes dict example (#33254)
• 2a30c48 Update Git Policy docs to match Contribution guide (#33252)
• 056c273 Fix #33238 (#33239)
• 1cd34ab Properly report on invalid gitfs/git_pillar/winrepo repos (#33245)
• PR #33253: (rallytime) Update the release process docs
• 8c2c5b1 update 2015.8.9 release notes (#33251)
• 8ee8ee3 Handle ipv6 error as an exception (#33246)
• 855bed3 Check rendered YAML for invalid keys (#33213)
• 6fb25a8 Make note of files that begin with '_' in master.d or minion.d dirs (#33224)
• a6dc0d2 Gate jnpr imports in salt.proxy.junos.py (#33150)
• 64a89c4 Add docs for the http state (#33222)
• 0a32163 Don't stacktrace when using --out=highstate at CLI during staterun. (#33215)
• 04d714d propagate opts to salt.util.http call (#33219)
• c8236c0 update 2015.8.9 release notes (#33237)
• PR #33217: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• 730bec1 [2015.8] Merge forward from 2015.5 to 2015.8 (#33207)
• 379b151 Add a fetch when compiling git_pillar for masterless minions (#33204)
• b3805d8 cloud.clouds.ec2: cache each named node (#33164)
• 86db5df Properly handle failed git commands when redirect_stderr=True (#33203)
• 8a0950d Don't force use of global ssh_config when git identity file is specified (#33152)
• ce07133 update 2015.8.9 release notes (#33198)
• PR #33188: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• e9108e0 add 2015.8.9 release notes (#33161)
• 2d9919e [2015.8] Update to latest bootstrap script v2016.05.10 (#33156)
• 033bef2 Hash fileclients by opts (#33142)
• f520fa3 Back-port #31769 to 2015.8 (#33139)
• PR #33144: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #33140: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• ad607ef If cache_jobs: True is set, populate the local job cache when running salt-call (#33100)
• 64689a6 Fix broken parsing of usermgmt.conf on OpenBSD (#33135)
• 06a382e Add a check that the cmdline of the found proc matches (#33129)
• 10018e9 salt.utils.gitfs: fix formatting for warning messages (#33064)
• d45b599 Fix 33058 (#33099)
• PR #33106: (abednarik) Moved _finger_fail method to parent class.
• 20c7e10 clarify docs that map is designed to be run once. is not stateful (#33102)
• 558561d cloud.query needs to define mapper.opts (#33098)
• PR #33096: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• 22a327b salt-cloud: fix ipv6-only virtual machines (#32865)
• e788f7e modules.npm: do not log npm --version at info level (#33084)
• PR #33081: (jfindlay) ssh docs: install py-2.6 for RHEL 5
• PR #33088: (isbm) Bugfix: Restore boolean values from the repo configuration
• 2c6326f fix tests for file.blockplace to remove newline (#33082)
• PR #32892: (isbm) Resolve Zypper locks on asynchronous calls
• 3e0bf23 Add fun_args to scheduled return data (part of #24237) (#33039)
• 264c0d4 Don't append a newline when creating new content with blockreplace (#33049)
• 54b783a Pass all data to batch.run() call when using --failhard (#33048)
• 2dbfa55 Display command output when command fails with batch + failhard options (#33050)
• add9199 Allow security_groups kwarg for boto_elb.present to be string or list (#33053)
• 111701c [2015.8] Merge forward from 2015.5 to 2015.8 (#33054)
• 1066063 File and User test fixes for 2015.8 on Fedora23 (#33056)
• f97b5d5 Back-port #33030 to 2015.8 (#33040)
• e90a501 Update the docs for saltutil.find_job to be more clear/accurate (#33017)
• d3d77ce Add saltenv to the cmd.script state function (#33031)
• 3434f44 Fix syndic regression (#33021)
• 4bb3ca5 Compare uid and gid instead of name and group (#32674)
• 9ca5b02 Allow batch mode to use verbose option, as well as show_jid. (#32996)
• 81c0fa4 Fixed glusterfs.peered output (#32955)
• 8c70d7a Clarify some arg docs (#32994)
• 00fbeab Fix boto_secgroup_test (#32986)
• 3362367 fix user cron on solarish operating systems (#32970)
• 07e38bc salt.log.setup: process user args before format (#32796)
• b2d7c81 doc.ref.states.ordering: clarify requisite change (#32934)
• df41d5d mode should default to 'text' (#32928)
• f581a82 Remove FileClient class references from docs - it doesn't exist. (#32925)
• 31b96de Update contents_grains option with relevant docs (#32922)
• PR #32926: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• 1cd6a45 specify volume tags in profile configuration (#32908)
• 85ca86d Update docs to warn users that -1 isn't valid for iptables insert state (#32906)
• cb68706 Allow profile options to be specified in provider file when using maps (#32900)
• 1a55fcb Clarify service state opening docs - uses 'service' virtualname (#32880)
• PR #32884: (terminalmage) Fix incorrect deprecation notice
• PR #32878: (jacobhammons) added note about updating the bootstrap script in salt-cloud using th…
• PR #32869: (rallytime) Use correct config setting in cloud syndic docs
• PR #32844: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• eb8fb6b Back-port #31139 to 2015.8 (#32868)
• 4bb5545 backport PR #32732 for issue #23714 (#32847)
• 5ea003b Add pyvmomi version warning to Getting Started with VMware docs (#32845)
• 44f08d0 Pass None as memory limit. (#32841)
• feebe69 Back-port #32813 to 2015.8 (#32839)
• 3b81031 various improvements on cloud deploy script docs (#32659)
• bf85987 update bootstrap to 2016.04.18 release (#32668)
• 83dee63 Back-port #29322 to 2015.8 (#32785)
• PR #32787: (rallytime) Back-port #32722 to 2015.8
• PR #32786: (rallytime) Back-port #32703 to 2015.8
• a6a42740 Merge branch 'pr-32775' into 2015.8
• cda00f4 Improve documentation on pygit2 versions (#32779)
• 1d6d234 Properly handle minion failback failure. (#32749)
• 3751a27 Document pillar cache options (#32643)
• 35c8af3 modules.win_dacl: consistent case of dacl constants (#32720)
• 2cd0817 Update external auth documentation to list supported matcher. (#32733)
• bba089d Check dependencies type before appling str operations (#32693)
• 3aa0605 Handle when beacon not configured and we try to enable/disable them (#32692)
• PR #32718: (garethgreenaway) Fixes to schedule.list in 2015.8
• PR #32684: (captaininspiration) Fix routes for redhat < 6
• 7cdd512 Handle a couple of arguments better (Azure) (#32683)
• aaa03bc Fix for issue 32523 (#32672)
• 21081b1 Don't access deprecated Exception.message attribute. (#32556)
• 5d1e9a4 Lower log level for pillar cache (#32655)
• PR #32588: (anlutro) Fix salt-ssh module function call argument type juggling by JSON encoding them
• 5e7edfc yumpkg: Ignore epoch in version comparison for explicit versions without an epoch (#32563)
• fea6056 Fixing critical bug to remove only the specified Host instead of the entire Host cluster (‐
#32640)
• 0477f66 align OS grains from older SLES with current one (#32649)
• 8d46244 Prevent crash if pygit2 package is requesting re-compilation of the e⦠(#32652)
• PR #32614: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #32616: (rallytime) Back-port #32547 to 2015.8
• 3047471 Fix comments value in salt.states.pkgrepo example (#32604)
• ab9da90 Revert PR #32480 and apply #32314 with fixes / documentation (#32558)
• c84c921 Better log message on minion restart if master couldn't be reached. (#32576)
• 3c81798 Don't return None from eval_master (#32555)
• PR #32536: (rallytime) Back-port #31898 to 2015.8
• d12a1c2 Fix binary search and replace (#32542)
• PR #32539: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #32531: (ticosax) [dockerng] Fix support of dockerng.volume_present when no volume is on present.
• 5d73d54 Enhance dockerng.wait() to control success on exit_code and on already stopped containers (‐
#32475)
• 214f01e Bugfix: salt-key crashes if tries to generate keys to the directory w/o write access (#32436)
• 288839f Turn on exc_info when logging failed minion startup (#32515)
• 08a8020 Add ignore_epoch option to pkg.installed/removed/purged states (#32520)
• 492ebfc Isbm zypper list products sles11 crash (#32505)
• ae89882 Clear VCS fsbackend and git_pillar locks on master start (#32480)
• a6482a3 Use win32api to get Total System Memory (#32491)
• PR #32487: (terminalmage) Add explanation of nonzero epoch requirement to pkg.installed state
documentation
• PR #32482: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• f5bd6bd Backport 31164 and 31364 (#32474)
• PR #32450: (cachedout) Pass parser options into batch mode
• b299835 Issue #28706: Fix state user.present behavior. (#32448)
• cef33d5 Argument name in docs should match actual arg name (#32445)
• PR #32432: (ticosax) [dockerng] Fix Domainname introspection
• PR #32427: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #32423: (jtand) Update glusterfs_test to be inline with #32312
• PR #32425: (cachedout) Fix salt-cloud parallel provisioning
• 51fb2ac FreeBSD supports packages in format java/openjdk7 so the prior commit broke that functionality.
Check freebsd/pkg #1409 for more info.
• 709410a Improve git_pillar documentation/logging
• c53efc3 Update master config docs
• PR #32323: (mcalmer) fix sorting by latest version when called with an attribute
• PR #32376: (amontalban) Fixes saltstack/salt`#28262`_
• 0d9a06b Cleaner deprecation process with decorators
• 6979fda Correcty index glusterfs bricks
• PR #32393: (jfindlay) modules.win_timezone: don't list all zones in debug log
• PR #32372: (rallytime) Back-port #32358 to 2015.8
• PR #32392: (multani) Fix documentation on boto_asg and boto_elb modules and states
• PR #32373: (cachedout) Resolve memory leak in authentication
• PR #32126: (cro) Add a couple CLI examples for the highstate outputter.
• PR #32353: (mcalmer) Prevent metadata download when listing installed products
• PR #32321: (abednarik) Better message when minion fail to start
• PR #32345: (nmadhok) [2015.8] Check if profile key exists in vm_ dict
• PR #32343: (Ferbla) Fixed win_wua example documentation
• PR #32360: (rallytime) Make sure hash_type is lowercase in master/minion config files
• PR #32361: (cro) SDB is no longer experimental
• PR #32336: (rallytime) Back-port #28639 to 2015.8
• PR #32332: (rallytime) Don't unsubscribe from open events on the CLI too early on long-running commands
• PR #32333: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #32289: (rallytime) New salt-cloud instances should not use old hash_type default.
• PR #32291: (twangboy) Fix bad output for chocolatey.version (fixes #14277)
• PR #32295: (rallytime) Test the contents of 'deploy_scripts_search_path' in salt.config.cloud_config
• PR #32315: (ahus1) fixing file.managed with requests lib
• PR #32316: (vutny) Update Salt Bootstrap tutorial
• PR #32325: (bdrung) Re-add shebang to ssh-id-wrapper shell script
• PR #32326: (bdrung) Fix typos
• PR #32300: (twangboy) Add documentation to disable winrepo/winrepo_ng
• PR #32288: (terminalmage) use dictupdate.merge instead of dict.update to merge CLI pillar overrides
• PR #32243: (isbm) Ensure latest pkg.info_installed ensure latest
• PR #32268: (ticosax) [dockerng] Improve detection for older versions of docker-py
• PR #32258: (jacobhammons) Replaces incorrect reference to master_alive_check
• PR #32254: (twangboy) Fix Display Name with spaces in win_servermanager
• PR #32248: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #32230: (terminalmage) systemd.py: Support both update-rc.d and chkconfig as managers of sysv
services
• PR #32249: (jacobhammons) Fixes windows download paths to account for patch
• PR #32221: (dmurphy18) Fix version check, fix extracting Major and Minor versions from __ver…
• PR #32227: (twangboy) Remove list2cmdline usage from win_service.py
• PR #32239: (anlutro) Add state file name to warning log line
• PR #32215: (DmitryKuzmenko) rhel oscodename
• PR #32217: (jacobhammons) 2015.8.8.2 release notes
• PR #32212: (rallytime) Back-port #32197 to 2015.8
• PR #32211: (rallytime) Back-port #32210 to 2015.8
• PR #32209: (rallytime) Back-port #32208 to 2015.8
• PR #32204: (ticosax) [dockerng] Consider labels carried by the image when comparing user defined
labels.
• PR #32186: (rallytime) Add some "best practices" information to test documentation
• PR #32176: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #32163: (rallytime) Update nacl.config docs to use key value instead of 'None'
• PR #32166: (vutny) salt.states.file: correct examples with multiline YAML string
• PR #32168: (rallytime) Lint 2015.8
• PR #32165: (terminalmage) Make __virtual__ for rhservice.py more robust
• PR #32160: (cachedout) Fix beacon tutorial docs
• PR #32145: (paclat) fixes 29817
• PR #32133: (basepi) Pass eauth user/groups through salt-api to destination functions
• PR #32127: (rallytime) Add runners to __salt__ docs
• PR #32143: (DmitryKuzmenko) Set auth retry count to 0 if multimaster mode is failover.
• PR #32134: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #32091: (clarkperkins) Fixed the regression in 410da78
• PR #32135: (rallytime) [2015.8] Support multiple valid option types when performing type checks
• PR #31760: (sakateka) SMinion need wait future from eval_master
• PR #32106: (jfindlay) update suse master service patch
• PR #32130: (jacobhammons) Added known issues 32004 and 32044 to 2015.8.8 release notes
• PR #32105: (clarkperkins) Fixed invalid deploy_scripts_search_path
• PR #32117: (tomlaredo) Fixed validation type for file_ignore_glob
• PR #32113: (sakateka) Fix log message for AsyncAuth initialization
• PR #32116: (ticosax) Obtain default value of memory_swap from the container.
• PR #32098: (rallytime) Back-port #32083 to 2015.8
• PR #32099: (jacobhammons) 2015.8.8 release docs
• PR #32088: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• PR #32074: (Xiami2012) Fix code for proto args in modules.iptables
• PR #32053: (basepi) [2015.8] Fix rabbitmq_user.present tag handling
• PR #32023: (sbreidba) Move constant declaration into member variable to avoid issues when m…
• PR #32026: (techhat) Don't require the decode_out file to already exist
• PR #32019: (rallytime) Back-port #32012 to 2015.8
• PR #32015: (ticosax) [dockerng] Fix ports exposition when protocol is passed.
• PR #31999: (jacobhammons) Fixes a doc build exception caused by missing mocks for modules.win_dacl
• PR #31992: (notpeter) salt-cloud: add D2 and G2 EC2 instance types
• PR #31981: (lloydoliver) include rotational disks in grains under linux
• PR #31970: (twangboy) Add apply_template_on_contents for windows
• PR #31960: (aletourneau) fixed ec2 get_console_output
• PR #31958: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
• 3934c66 Merge branch '2015.5' into '2015.8'
• PR #31935: (twangboy) Back port nullsoft build script from 2015.8
• PR #31912: (jfindlay) log.mixins: remove extermporaneous .record
Salt 2015.5.0 Release Notes - Codename Lithium
The 2015.5.0 feature release of Salt is focused on hardening Salt and mostly on improving existing
systems. A few major additions are present, primarily the new Beacon system. Most enhancements have been
focused around improving existing features and interfaces.
As usual the release notes are not exhaustive and primarily include the most notable additions and
improvements. Hundreds of bugs have been fixed and many modules have been substantially updated and
added.
WARNING:
In order to fix potential shell injection vulnerabilities in salt modules, a change has been made to
the various cmd module functions. These functions now default to python_shell=False, which means that
the commands will not be sent to an actual shell.
The largest side effect of this change is that "shellisms", such as pipes, will not work by default.
The modules shipped with salt have been audited to fix any issues that might have arisen from this
change. Additionally, the cmd state module has been unaffected, and use of cmd.run in jinja is also
unaffected. cmd.run calls on the CLI will also allow shellisms.
However, custom execution modules which use shellisms in cmd calls will break, unless you pass
python_shell=True to these calls.
As a temporary workaround, you can set cmd_safe: False in your minion and master configs. This will
revert the default, but is also less secure, as it will allow shell injection vulnerabilities to be
written in custom code. We recommend you only set this setting for as long as it takes to resolve
these issues in your custom code, then remove the override.
NOTE:
Starting in this version of salt, pillar_opts defaults to False instead of True. This means that
master opts will not be present in minion pillar, and as a result, config.get calls will not include
master opts.
We recommend pillar is used for configuration options which need to make it to the minion.
Beacons
The beacon system allows the minion to hook into system processes and continually translate external
events into the salt event bus. The primary example of this is the inotify beacon. This beacon uses
inotify to watch configured files or directories on the minion for changes, creation, deletion etc.
This allows for the changes to be sent up to the master where the reactor can respond to changes.
Sudo Minion Settings
It is now possible to run the minion as a non-root user and for the minion to execute commands via sudo.
Simply add sudo_user: root to the minion config, run the minion as a non-root user and grant that user
sudo rights to execute salt-call.
Lazy Loader
The Lazy Loader is a significant overhaul of Salt's module loader system. The Lazy Loader will lazily
load modules on access instead of all on start. In addition to a major performance improvement, this
"sandboxes" modules so a bad/broken import of a single module will only affect jobs that require
accessing the broken module. (:issue: 20274)
Enhanced Active Directory Support
The eauth system for LDAP has been extended to support Microsoft Active Directory out of the box. This
includes Active Directory and LDAP group support for eauth.
Salt LXC Enhancements
The LXC systems have been overhauled to be more consistent and to fix many bugs.
This overhaul makes using LXC with Salt much easier and substantially improves the underlying
capabilities of Salt's LXC integration.
Salt SSH
• Additional configuration options and command line flags have been added to configure the scan roster on
the fly
• Added support for state.single in salt-ssh
• Added support for publish.publish, publish.full_data, and publish.runner in salt-ssh
• Added support for mine.get in salt-ssh
New Windows Installer
The new Windows installer changes how Salt is installed on Windows. The old installer used bbfreeze to
create an isolated python environment to execute in. This made adding modules and python libraries
difficult. The new installer sets up a more flexible python environment making it easy to manage the
python install and add python modules.
Instead of frozen packages, a full python implementation resides in the bin directory (C:\salt\bin). By
executing pip or easy_install from within the Scripts directory (C:\salt\bin\Scripts) you can install any
additional python modules you may need for your custom environment.
The .exe's that once resided at the root of the salt directory (C:\salt) have been replaced by .bat files
and should function the same way as the .exe's in previous versions.
The new Windows Installer will not replace the minion config file and key if they already exist on the
target system. Only the salt program files will be replaced. C:\salt\conf and C:\salt\var will remain
unchanged.
Removed Requests Dependency
The hard dependency on the requests library has been removed. Requests is still required by a number of
cloud modules but is no longer required for normal Salt operations.
This removal fixes issues that were introduced with requests and salt-ssh, as well as issues users
experienced from the many different packaging methods used by requests package maintainers.
Python 3 Updates
While Salt does not YET run on Python 3 it has been updated to INSTALL on Python 3, taking us one step
closer. What remains is getting the test suite to the point where it can run on Python 3 so that we can
verify compatibility.
RAET Additions
The RAET support continues to improve. RAET now supports multi-master and many bugs and performance
issues have been fixed. RAET is much closer to being a first class citizen.
Modified File Detection
A number of functions have been added to the RPM-based package managers to detect and diff files that are
modified from the original package installs. This can be found in the new pkg.modified functions.
Reactor Update
Fix an infinite recursion problem for runner/wheel reactor jobs by passing a "user" (Reactor) to all jobs
that the reactor starts. The reactor skips all events created by that username -- thereby only reacting
to events not caused by itself. Because of this, runner and wheel executions from the runner will have
user "Reactor" in the job cache.
Misc Fixes/Additions
• SDB driver for etcd. (:issue: 22043)
• Add only_upgrade argument to apt-based pkg.install to only install a package version if the package is
already installed. (Great for security updates!)
• Joyent now requires a keyname to be specified in the provider configuration. This change was
necessitated upstream by the 7.0+ API.
• Add args argument to cmd.script_retcode to match cmd.script in the cmd module. (:issue: 21122)
• Fixed bug where TCP keepalive was not being sent on the defined interval on the return port (4506) from
minion to master. (:issue: 21465)
• LocalClient may now optionally raise SaltClientError exceptions. If using this class directly, checking
for and handling this exception is recommended. (:issue: 21501)
• The SAuth object is now a singleton, meaning authentication state is global (per master) on each
minion. This reduces sign-ins of minions from 3->1 per startup.
• Nested outputter has been optimized, it is now much faster.
• Extensive fileserver backend updates.
Deprecations
• Removed parameter keyword argument from eselect.exec_action execution module.
• Removed runas parameter from the following pip` execution module functions: install, uninstall, freeze,
list_, list_upgrades, upgrade_available, upgrade. Please migrate to user.
• Removed runas parameter from the following pip state module functions: installed, removed, uptodate .
Please migrate to user.
• Removed quiet option from all functions in cmdmod execution module. Please use output_loglevel=quiet
instead.
• Removed parameter argument from eselect.set_ state. Please migrate to module_parameter or
action_parameter.
• The salt_events table schema has changed to include an additional field called master_id to distinguish
between events flowing into a database from multiple masters. If event_return is enabled in the master
config, the database schema must first be updated to add the master_id field. This alteration can be
accomplished as follows:
ALTER TABLE salt_events ADD master_id VARCHAR(255) NOT NULL;
Known Issues
• In multi-master mode, a minion may become temporarily unresponsive if modules or pillars are refreshed
at the same time that one or more masters are down. This can be worked around by setting
'auth_timeout' and 'auth_tries' down to shorter periods.
Salt 2015.5.1 Release Notes
release
2015-05-20
Version 2015.5.1 is a bugfix release for 2015.5.0.
Changes:
• salt.runners.cloud.action() has changed the fun keyword argument to func. Please update any calls to
this function in the cloud runner.
Extended Changelog Courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
PR #23989: (rallytime) Backport #23980 to 2015.5
@ 2015-05-20T19:33:41Z
• PR #23980: (iggy) template: jinja2 -> jinja | refs: #23989
• 117ecb1 Merge pull request #23989 from rallytime/bp-23980
• 8f8557c template: jinja2 -> jinja
PR #23988: (rallytime) Backport #23977 to 2015.5
@ 2015-05-20T19:13:36Z
• PR #23977: (ionutbalutoiu) Fixed glance image_create | refs: #23988
• d4f1ba0 Merge pull request #23988 from rallytime/bp-23977
• 46fc7c6 Fixed glance image_create
PR #23986: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
@ 2015-05-20T18:41:33Z
• PR #23965: (hvnsweeting) handle all exceptions gitpython can raise
• 9566e7d Merge pull request #23986 from basepi/merge-forward-2015.5
• 0b78156 Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• 314e4db Merge pull request #23965 from hvnsweeting/20147-fix-gitfs-gitpython-exception
• 2576301 handle all exception gitpython can raise
PR #23985: (UtahDave) Add 2014.7.5-2 and 2015.5.0-2 Windows installer download links
@ 2015-05-20T18:32:44Z
• 9d1130e Merge pull request #23985 from UtahDave/2015.5local
• 10338d0 Add links to Windows 2015.5.0-2 install downloads
• b84f975 updated Windows 2014.7.5-2 installer download link
PR #23983: (rallytime) Versionadded tags for https_user and https_pass args new in 2015.5.0
@ 2015-05-20T18:05:27Z
• ca7729d Merge pull request #23983 from rallytime/versionadded_git_options
• 14eae22 Versionadded tags for https_user and https_pass args new in 2015.5.0
PR #23970: (jayeshka) adding system unit test case
@ 2015-05-20T17:12:57Z
• b06df57 Merge pull request #23970 from jayeshka/system-unit-test
• 89eb008 adding system unit test case
PR #23967: (jayeshka) adding states/memcached unit test case
@ 2015-05-20T17:12:26Z
• 38d5f75 Merge pull request #23967 from jayeshka/memcached-states-unit-test
• 8ef9240 adding states/memcached unit test case
PR #23966: (jayeshka) adding states/modjk unit test case
@ 2015-05-20T17:11:48Z
• 868e807 Merge pull request #23966 from jayeshka/modjk-states-unit-test
• 422a964 adding states/modjk unit test case
PR #23942: (jacobhammons) Updates to sphinx saltstack2 doc theme
@ 2015-05-20T15:43:54Z
• 6316490 Merge pull request #23942 from jacobhammons/2015.5
• 31023c8 Updates to sphinx saltstack2 doc theme
PR #23874: (joejulian) Validate keyword arguments to be valid
@ 2015-05-20T04:53:40Z
• ISSUE #23872: (joejulian) create_ca_signed_cert can error if dereferenced dict is used for args
| refs: #23874
• 587957b Merge pull request #23874 from joejulian/2015.5_tls_validate_kwargs
• 30102ac Fix py3 and ordering inconsistency problems.
• 493f7ad Validate keyword arguments to be valid
PR #23960: (rallytime) Backport #22114 to 2015.5
@ 2015-05-20T04:37:09Z
• PR #22114: (dmyerscough) Fixing KeyError when there are no additional pages | refs: #23960
• 00c5c22 Merge pull request #23960 from rallytime/bp-22114
• f3e1d63 Catch KeyError
• 306b1ea Fixing KeyError
• 6b2cda2 Fix PEP8 complaint
• 239e50f Fixing KeyError when there are no additional pages
PR #23961: (rallytime) Backport #23944 to 2015.5
@ 2015-05-20T04:35:41Z
• PR #23944: (ryan-lane) Add missing loginclass argument to _changes call | refs: #23961
• 4648b46 Merge pull request #23961 from rallytime/bp-23944
• 970d19a Add missing loginclass argument to _changes call
PR #23948: (jfindlay) augeas.change state now returns changes as a dict
@ 2015-05-20T04:00:10Z
• 0cb5cd3 Merge pull request #23948 from jfindlay/augeas_changes
• f09b80a augeas.change state now returns changes as a dict
PR #23957: (rallytime) Backport #23951 to 2015.5
@ 2015-05-20T03:04:24Z
• PR #23951: (ryan-lane) Do not check perms in file.copy if preserve | refs: #23957
• 2d185f7 Merge pull request #23957 from rallytime/bp-23951
• 996b431 Update file.py
• 85d461f Do not check perms in file.copy if preserve
• PR #23956: (rallytime) Backport #23906 to 2015.5 @ 2015-05-20T03:04:14Z
• ISSUE #23839: (gladiatr72) wonky loader syndrome | refs: #23906
• ISSUE #23373: (tnypex) reactor/orchestrate race condition on salt['pillar.get'] | refs: #23906
• PR #23906: (gladiatr72) Added exception handler to trap the RuntimeError raised when | refs: #23956
• ebff1ff Merge pull request #23956 from rallytime/bp-23906
• 9d87fd3 add proper marker for format argument
• 197688e Added exception handler to trap the RuntimeError raised when Depends.enforce_dependency()
class method fires unsuccessfully. There appears to be no synchronization within the Depends
decorator class wrt the class global dependency_dict which results in incomplete population of any
loader instantiation occurring at the time of one of these exceptions.
• PR #23955: (rallytime) Backport #19305 to 2015.5 @ 2015-05-20T03:03:55Z
• ISSUE #19852: (TaiSHiNet) DigitalOcean APIv2 can't delete machines when there is only 1 page | refs:
#23955
• ISSUE #19304: (TaiSHiNet) DigitalOcean API v2 cannot delete VMs on 2nd page | refs: #19305
• PR #19305: (TaiSHiNet) Fixes droplet listing past page 1 | refs: #23955
• da3f919 Merge pull request #23955 from rallytime/bp-19305
• bbf2429 Fixes droplet listing past page 1
• PR #23940: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-05-19T22:37:58Z
• ISSUE #23820: (UtahDave) 2014.7.5 schedule error | refs: #23881
• ISSUE #22131: (quixoten) "unexpected keyword argument 'merge'" on 2014.7.2 (salt-ssh) | refs: #23887
• PR #23939: (basepi) Add extended changelog to 2014.7.6 release notes
• PR #23887: (basepi) [2014.7] Bring salt-ssh pillar.get in line with mainline pillar.get
• PR #23881: (garethgreenaway) Fixes to schedule module in 2014.7
• 02a78fc Merge pull request #23940 from basepi/merge-forward-2015.5
• 36f0065 Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• 9133912 Merge pull request #23939 from basepi/v2014.7.6release
• 32b65dc Add extended changelog to 2014.7.6 release notes
• 0031ca2 Merge pull request #23881 from garethgreenaway/23820_2014_7_schedule_list_issue
• b207f2a Missing continue in the list function when deleting unused attributes.
• 63bd21e Merge pull request #23887 from basepi/salt-ssh.pillar.get.22131
• bc84502 Bring salt-ssh pillar.get in line with mainline pillar.get
• PR #23932: (rallytime) Backport #23908 to 2015.5 @ 2015-05-19T21:41:28Z
• PR #23908: (nleib) fix connection function to mongo | refs: #23932
• ee4c01b Merge pull request #23932 from rallytime/bp-23908
• 5d520c9 fix connection function to mongo
• PR #23931: (rallytime) Backport #23880 to 2015.5 @ 2015-05-19T21:41:18Z
• PR #23880: (bastiaanb) if setting client_config_dir to '~', expand path | refs: #23931
• 70bd407 Merge pull request #23931 from rallytime/bp-23880
• 8ce59a2 if setting client_config_dir to '~', expand path
• PR #23898: (kiorky) Lxc profiles | refs: #23897 @ 2015-05-19T21:08:28Z
• ISSUE #23847: (kiorky) lxc: systemd containers cant be seeded | refs: #23806 #23898 #23897 #23808
• ISSUE #23833: (kiorky) lxc.set_dns fails intermittently | refs: #23898 #23807 #23897 #23808
• ISSUE #23772: (cheuschober) lxc.init fails to bootstrap container | refs: #23806 #23898 #23807 #23897
#23808
• ISSUE #23658: (arthurlogilab) [salt-cloud lxc] too verbose, shows host: True multiple times when
starting | refs: #23898 #23897
• ISSUE #23657: (arthurlogilab) [salt-cloud lxc] NameError: global name '__salt__' is not defined |
refs: #23727 #23898 #23897
• PR #23897: (kiorky) Lxc seed and prof ports | refs: #23898
• PR #23808: (kiorky) Lxc seed and prof ports | refs: #23807 #23897
• PR #23807: (kiorky) Lxc profiles | refs: #23898
• PR #23806: (kiorky) Lxc seeding | refs: #23807
• 5bdbf0a Merge pull request #23898 from makinacorpus/lxc_profiles
• d9051a0 lxc: systemd support
• e8d674f lxc: chroot fallback toggle
• e2887a0 lxc: sync func name with develop
• e96e345 lxc more fixes (lxc.set_dns)
• fdb6424 lxc: Fix salt config (no more a kwarg)
• 63e63fa repair salt cloud lxc api on develop
• 80eabe2 lxc salt cloud doc
• 73f229d lxc: unificate saltconfig/master/master_port
• 0bc1f08 lxc: refactor a bit saltcloud/lxc interface
• 7a80370 lxc: get networkprofile from saltcloud
• 47acb2e lxc: default net profile has now correct options
• 7eadf48 lxc: select the appropriate default bridge
• PR #23922: (garethgreenaway) Fixes to debian_ip.py @ 2015-05-19T18:50:53Z
• ISSUE #23900: (hashi825) salt ubuntu network building issue 2015.5.0 | refs: #23922
• b818f72 Merge pull request #23922 from garethgreenaway/23900_2015_5_bonding_interface_fixes
• 0bba536 Fixing issue reported when using bonded interfaces on Ubuntu. Attributes should be bond-,
but the code was attempting to split just on bond_. Fix accounts for both, but the debian_ip.py
module will write out bond attributes with bond-
• PR #23925: (jpic) Fixed wrong path in LXC cloud documentation @ 2015-05-19T18:23:56Z
• PR #23924: (jpic) Fixed wrong path in LXC cloud documentation | refs: #23925
• b1c98a3 Merge pull request #23925 from jpic/fix/wrong_lxc_path
• a4bcd75 Fixed wrong path in LXC cloud documentation
• PR #23894: (whiteinge) Add __all__ attribute to Mock class for docs @ 2015-05-19T17:17:35Z
• 7f6a716 Merge pull request #23894 from whiteinge/doc-mock__all__
• 6eeca46 Add __all__ attribute to Mock class for docs
• PR #23884: (jfindlay) Fix locale.set_locale on debian @ 2015-05-19T15:51:22Z
• ISSUE #23767: (chrimi) Salt system.locale fails on non existent default locale | refs: #23884
• 8108a9b Merge pull request #23884 from jfindlay/fix_locale
• 91c2d51 use append_if_not_found in locale.set_locale
• e632603 (re)generate /etc/default/locale
• PR #23866: (jfindlay) backport #23834, change portage.dep.strip_empty to list comprehension @
2015-05-19T15:50:43Z
• PR #23834: (Arabus) Avoid deprecation warning from portage.dep.strip_empty() | refs: #23866
• 6bae12f Merge pull request #23866 from jfindlay/flag_strip
• aa032cc replace portage.dep.strip_empty() with list comprehension
• 7576872 Proper replacement for portage.dep.strip_empty() with list comprehension, pep8fix
• 2851a5c Switch portage.dep.strip_empty(...) to filter(None,...) to avoid deprecation warning and do
essentially the same
• PR #23917: (corywright) Split debian bonding options on dash instead of underscore @
2015-05-19T15:44:35Z
• ISSUE #23904: (mbrgm) Network config bonding section cannot be parsed when attribute names use dashes
| refs: #23917
• a67a008 Merge pull request #23917 from corywright/issue23904
• c06f8cf Split debian bonding options on dash instead of underscore
• PR #23909: (jayeshka) 'str' object has no attribute 'capitalized' @ 2015-05-19T15:41:53Z
• e8fcd09 Merge pull request #23909 from jayeshka/file-exe-module
• e422d9d 'str' object has no attribute 'capitalized'
• PR #23903: (garethgreenaway) Adding docs for missing schedule state module parameters. @
2015-05-19T06:29:34Z
• c73bf38 Merge pull request #23903 from garethgreenaway/missing_docs_schedule_state
• acd8ab9 Adding docs for missing schedule state module parameters.
• f7eb70c changed previous release to 2014.7.6
• 608059f Merge branch '2015.5' of https://github.com/jacobhammons/salt into 2015.5
• a56697b Merge branch '2015.5' of https://github.com/saltstack/salt into 2015.5
• 1c2af5c Merge branch '2015.5' of https://github.com/saltstack/salt into 2015.5
• ef58128 Merge branch '2015.5' of https://github.com/saltstack/salt into 2015.5
• 8664e8b Merge branch '2015.5' of https://github.com/saltstack/salt into 2015.5-2
• 46eb265 saltstack2 sphinx theme updates
• e7442d3 Merge branch '2015.5' of https://github.com/saltstack/salt into 2015.5
• ee3c1bd missed one
• 3872921 More updates to sphinx2 theme
• fcd4865 Merge branch '2015.5' of https://github.com/saltstack/salt into 2015.5
• 8c32152 removed TOC numbering, additional tweaks to layout.html
• 73dfaef Merge branch '2015.5' of https://github.com/saltstack/salt into 2015.5
• 16d8a75 saltstack2 sphinx theme and build settings
• PR #23806: (kiorky) Lxc seeding | refs: #23807 @ 2015-05-18T23:18:33Z
• ISSUE #23847: (kiorky) lxc: systemd containers cant be seeded | refs: #23806 #23898 #23897 #23808
• ISSUE #23772: (cheuschober) lxc.init fails to bootstrap container | refs: #23806 #23898 #23807 #23897
#23808
• ff3cc7d Merge pull request #23806 from makinacorpus/lxc_seeding
• 61b7aad runners/lxc: optim
• PR #23892: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-05-18T23:07:57Z
• PR #23891: (basepi) Update the release notes index page
• PR #23888: (basepi) Update the 2014.7.6 release notes with CVE details
• PR #23871: (rallytime) Backport #23848 to 2014.7
• PR #23848: (dumol) Updated installation docs for SLES 12. | refs: #23871
• 5f1a93d Merge pull request #23892 from basepi/merge-forward-2015.5
• c2eed77 Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• 17c5810 Merge pull request #23891 from basepi/releasenotes
• dec153b Update the release notes index page
• a93e58f Merge pull request #23888 from basepi/v2014.7.6release
• 49921b6 Update the 2014.7.6 release notes with CVE details
• 5073028 Merge pull request #23871 from rallytime/bp-23848
• 379c09c Updated for SLES 12.
• PR #23875: (rallytime) Backport #23838 to 2015.5 @ 2015-05-18T22:28:55Z
• PR #23838: (gtmanfred) add refresh_beacons and sync_beacons | refs: #23875
• 66d1335 Merge pull request #23875 from rallytime/bp-23838
• 3174227 Add versionadded directives to new beacon saltutil functions
• 4a94b2c add refresh_beacons and sync_beacons
• PR #23876: (rallytime) Switch digital ocean tests to v2 driver @ 2015-05-18T22:17:13Z
• d294cf2 Merge pull request #23876 from rallytime/switch_digital_ocean_tests_v2
• dce9b54 Remove extra line
• 4acf58e Switch digital ocean tests to v2 driver
• PR #23882: (garethgreenaway) Fixes to scheduler in 2015.5 @ 2015-05-18T22:09:24Z
• ISSUE #23792: (neogenix) Salt Scheduler Incorrect Response (True, should be False) | refs: #23882
• b97a48c Merge pull request #23882 from garethgreenaway/23792_2015_5_wrong_return_code
• 37dbde6 Job already exists in schedule, should return False.
• PR #23868: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-05-18T18:35:54Z
• ISSUE #20198: (jcftang) virt.get_graphics, virt.get_nics are broken, in turn breaking other things |
refs: #23809
• PR #23823: (gtmanfred) add link local for ipv6
• PR #23810: (rallytime) Backport #23757 to 2014.7
• PR #23809: (rallytime) Fix virtualport section of virt.get_nics loop
• PR #23802: (gtmanfred) if it is ipv6 ip_to_int will fail
• PR #23757: (clan) use abspath, do not eliminating symlinks | refs: #23810
• PR #23573: (techhat) Scan all available networks for public and private IPs | refs: #23802
• PR #21487: (rallytime) Backport #21469 to 2014.7 | refs: #23809
• PR #21469: (vdesjardins) fixes #20198: virt.get_graphics and virt.get_nics calls in module virt |
refs: #21487
• 61c922e Merge pull request #23868 from basepi/merge-forward-2015.5
• c9ed233 Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• aee00c8 Merge pull request #23810 from rallytime/bp-23757
• fb32c32 use abspath, do not eliminating symlinks
• 6b3352b Merge pull request #23809 from rallytime/virt_get_nics_fix
• 0616fb7 Fix virtualport section of virt.get_nics loop
• 188f03f Merge pull request #23823 from gtmanfred/2014.7
• 5ef006d add link local for ipv6
• f3ca682 Merge pull request #23802 from gtmanfred/2014.7
• 2da98b5 if it is ipv6 ip_to_int will fail
• PR #23863: (rahulhan) Adding states/timezone.py unit test @ 2015-05-18T17:02:19Z
• 433f873 Merge pull request #23863 from rahulhan/states_timezone_unit_test
• 72fcabc Adding states/timezone.py unit test
• PR #23862: (rahulhan) Adding states/tomcat.py unit tests @ 2015-05-18T17:02:10Z
• 37b3ee5 Merge pull request #23862 from rahulhan/states_tomcat_unit_test
• 65d7752 Adding states/tomcat.py unit tests
• PR #23860: (rahulhan) Adding states/test.py unit tests @ 2015-05-18T17:01:49Z
• dde7207 Merge pull request #23860 from rahulhan/states_test_unit_test
• 1f4cf86 Adding states/test.py unit tests
• PR #23859: (rahulhan) Adding states/sysrc.py unit tests @ 2015-05-18T17:01:46Z
• 3c9b813 Merge pull request #23859 from rahulhan/states_sysrc_unit_test
• 6a903b0 Adding states/sysrc.py unit tests
• PR #23812: (rallytime) Backport #23790 to 2015.5 @ 2015-05-18T15:30:34Z
• PR #23790: (aboe76) updated suse spec file to version 2015.5.0 | refs: #23812
• 4cf30a7 Merge pull request #23812 from rallytime/bp-23790
• 3f65631 updated suse spec file to version 2015.5.0
• PR #23811: (rallytime) Backport #23786 to 2015.5 @ 2015-05-18T15:30:27Z
• PR #23786: (kaithar) Log the error generated that causes returns.mysql.returner to except. | refs:
#23811
• c6f939a Merge pull request #23811 from rallytime/bp-23786
• 346f30b Log the error generated that causes returns.mysql.returner to except.
• PR #23850: (jayeshka) adding sysbench unit test case @ 2015-05-18T15:28:04Z
• ce60582 Merge pull request #23850 from jayeshka/sysbench-unit-test
• 280abde adding sysbench unit test case
• PR #23843: (The-Loeki) Fix erroneous virtual:physical core grain detection @ 2015-05-18T15:24:22Z
• 060902f Merge pull request #23843 from The-Loeki/patch-1
• 9e2cf60 Fix erroneous virtual:physical core grain detection
• PR #23816: (Snergster) Doc for #23685 Added prereq, caution, and additional mask information @
2015-05-18T15:18:03Z
• ISSUE #23815: (Snergster) [beacons] inotify errors on subdir creation | refs: #23816
• 3257a9b Merge pull request #23816 from Snergster/23685-doc-fix
• 0fca49d Added prereq, caution, and additional mask information
• PR #23832: (ahus1) make saltify provider use standard boostrap procedure @ 2015-05-18T02:18:29Z
• PR #23829: (ahus1) make saltify provider use standard boostrap procedure | refs: #23832
• 3df3b85 Merge pull request #23832 from ahus1/ahus1_saltify_bootstrap_2015.5
• f5b1734 fixing problem in unit test
• cba47f6 make saltify to use standard boostrap procedure, therefore providing all options like
master_sign_pub_file
• PR #23791: (optix2000) Psutil compat @ 2015-05-16T04:05:54Z
• 8ec4fb2 Merge pull request #23791 from optix2000/psutil_compat
• 5470cf5 Fix pylint errors and sloppy inline comments
• 64634b6 Update psutil.pid_list to use psutil.pids
• 5dd6d69 Fix imports that aren't in __all__
• 8a1da33 Fix test cases by mocking psutil_compat
• 558798d Fix net_io_counters deprecation issue
• 8140f92 Override unnecessary pylint errors
• 7d02ad4 Fix some of the mock names for the new API
• 9b3023e Fix overloaded getters/setters. Fix line lengths
• 180eb87 Fix whitespace
• f8edf72 Use new psutil API in ps module
• e48982f Fix version checking in psutil_compat
• 93ee411 Create compatibility psutil. psutil 3.0 drops 1.0 API, but we still support old psutil
versions.
• PR #23782: (terminalmage) Replace "command -v" with "which" and get rid of spurious log messages @
2015-05-16T04:03:10Z
• 405517b Merge pull request #23782 from terminalmage/issue23772
• 0f6f239 More ignore_retcode to suppress spurious log msgs
• b4c48e6 Ignore return code in lxc.attachable
• 08658c0 Replace "command -v" with "which"
• PR #23783: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-05-15T21:38:51Z
• ISSUE #22959: (highlyunavailable) Windows Salt hangs if file.directory is trying to write to a drive
that doesn't exist
• ISSUE #22332: (rallytime) [salt-ssh] Add a check for host in /etc/salt/roster | refs: #23748
• ISSUE #16424: (stanvit) salt-run cloud.create fails with saltify
• PR #23748: (basepi) [2014.7] Log salt-ssh roster render errors more assertively and verbosely
• PR #23731: (twangboy) Fixes #22959: Trying to add a directory to an unmapped drive in windows
• PR #23730: (rallytime) Backport #23729 to 2014.7
• PR #23729: (rallytime) Partially merge #23437 (grains fix) | refs: #23730
• PR #23688: (twangboy) Added inet_pton to utils/validate/net.py for ip.set_static_ip in windows
• PR #23488: (cellscape) LXC cloud fixes
• PR #23437: (cedwards) Grains item patch | refs: #23729
• cb2eb40 Merge pull request #23783 from basepi/merge-forward-2015.5
• 9df51ca __opts__.get
• 51d23ed Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• d9af0c3 Merge pull request #23488 from cellscape/lxc-cloud-fixes
• 64250a6 Remove profile from opts after creating LXC container
• c4047d2 Set destroy=True in opts when destroying cloud instance
• 9e1311a Store instance names in opts when performing cloud action
• 934bc57 Correctly pass custom env to lxc-attach
• 7fb85f7 Preserve test=True option in cloud states
• 9771b5a Fix detection of absent LXC container in cloud state
• fb24f0c Report failure when failed to create/clone LXC container
• 2d9aa2b Avoid shadowing variables in lxc module
• 792e102 Allow overriding profile options in lxc.cloud_init_interface
• 42bd64b Return changes on successful lxc.create from salt-cloud
• 4409eab Return correct result when creating cloud LXC container
• 377015c Issue #16424: List all providers when creating salt-cloud instance without profile
• 808bbe1 Merge pull request #23748 from basepi/salt-ssh.roster.host.check
• bc53e04 Log entire exception for render errors in roster
• 753de6a Log render errors in roster to error level
• e01a7a9 Always let the real YAML error through
• 72cf360 Merge pull request #23731 from twangboy/fix_22959
• 88e5495 Fixes #22959: Trying to add a directory to an unmapped drive in windows
• 2610195 Merge pull request #23730 from rallytime/bp-23729
• 1877cae adding support for nested grains to grains.item
• 3e9df88 Merge pull request #23688 from twangboy/fix_23415
• 6a91169 Fixed unused-import pylint error
• 5e25b3f fixed pylint errors
• 1a96766 Added inet_pton to utils/validate/net.py for ip.set_static_ip in windows
• PR #23781: (jfindlay) fix unit test mock errors on arch @ 2015-05-15T19:40:07Z
• 982f873 Merge pull request #23781 from jfindlay/fix_locale_tests
• 14c711e fix unit test mock errors on arch
• PR #23740: (jfindlay) Binary write @ 2015-05-15T18:10:44Z
• ISSUE #23566: (rks2286) Salt-cp corrupting the file after transfer to minion | refs: #23740
• 916b1c4 Merge pull request #23740 from jfindlay/binary_write
• 626930a update incorrect comment wording
• a978f5c always use binary file write mode on windows
• PR #23736: (jfindlay) always load pip execution module @ 2015-05-15T18:10:16Z
• ISSUE #23682: (chrish42) Pip module requires system pip, even when not used (with env_bin) | refs:
#23736
• 348645e Merge pull request #23736 from jfindlay/fix_pip
• b8867a8 update pip tests
• 040bbc4 only check pip version in one place
• 6c453a5 check for executable status of bin_env
• 3337257 always load the pip module as pip could be anywhere
• PR #23770: (cellscape) Fix cloud LXC container destruction @ 2015-05-15T17:38:59Z
• 10cedfb Merge pull request #23770 from cellscape/fix-cloud-lxc-destruction
• 4f6021c Fix cloud LXC container destruction
• PR #23759: (lisa2lisa) fixed the problem for not beable to revoke ., for more detail https… @
2015-05-15T17:38:38Z
• ddea822 Merge pull request #23759 from lisa2lisa/iss23664
• a29f161 fixed the problem for not beable to revoke ., for more detail
https://github.com/saltstack/salt/issues/23201, fixed mysql cannot create user with pure digit
password, for more info https://github.com/saltstack/salt/issues/23664
• PR #23769: (cellscape) Fix file_roots CA lookup in salt.utils.http.get_ca_bundle @ 2015-05-15T16:21:49Z
• 10615ff Merge pull request #23769 from cellscape/utils-http-ca-file-roots
• 8e90f32 Fix file_roots CA lookup in salt.utils.http.get_ca_bundle
• PR #23765: (jayeshka) adding states/makeconf unit test case @ 2015-05-15T14:29:43Z
• fd8a1b7 Merge pull request #23765 from jayeshka/makeconf_states-unit-test
• 26e31af adding states/makeconf unit test case
• PR #23760: (ticosax) [doc] document refresh argument @ 2015-05-15T14:23:47Z
• ee13b08 Merge pull request #23760 from ticosax/2015.5
• e3ca859 document refresh argument
• PR #23766: (jayeshka) adding svn unit test case @ 2015-05-15T14:23:18Z
• a017f72 Merge pull request #23766 from jayeshka/svn-unit-test
• 19939cf adding svn unit test case
• PR #23751: (rallytime) Backport #23737 to 2015.5 @ 2015-05-15T03:58:37Z
• ISSUE #23734: (bradthurber) 2015.5.0 modules/archive.py ZipFile instance has no attribute '__exit__'
- only python 2.6? | refs: #23737
• PR #23737: (bradthurber) fix for 2015.5.0 modules/archive.py ZipFile instance has no attribute… |
refs: #23751
• 0ed9d45 Merge pull request #23751 from rallytime/bp-23737
• 8d1eb32 fix for 2015.5.0 modules/archive.py ZipFile instance has no attribute '__exit__' - only
python 2.6? #23734
• PR #23710: (kiorky) Get more useful output from stateful commands @ 2015-05-14T21:58:10Z
• ISSUE #23709: (kiorky) cmdmod: enhancement is really needed for stateful commands | refs: #23710
• d73984e Merge pull request #23710 from makinacorpus/i23709
• c706909 Get more useful output from stateful commands
• PR #23724: (rallytime) Backport #23609 to 2015.5 @ 2015-05-14T19:34:22Z
• PR #23609: (kaidokert) file_map: chown created directories if not root #23608 | refs: #23724
• cdf421b Merge pull request #23724 from rallytime/bp-23609
• fe3a762 file_map: chmod created directories if not root
• PR #23723: (rallytime) Backport #23568 to 2015.5 @ 2015-05-14T19:34:11Z
• PR #23568: (techhat) Allow Salt Cloud to use either SCP or SFTP, as configured | refs: #23723
• 94f9099 Merge pull request #23723 from rallytime/bp-23568
• bbec34a Allow Salt Cloud to use either SCP or SFTP, as configured
• PR #23725: (rallytime) Backport #23691 to 2015.5 @ 2015-05-14T19:32:30Z
• PR #23691: (dennisjac) add initial configuration documentation for varstack pillar | refs: #23725
• 137e5ee Merge pull request #23725 from rallytime/bp-23691
• 28a846e add initial configuration documentation for varstack pillar
• PR #23722: (rallytime) Backport #23472 to 2015.5 @ 2015-05-14T19:31:52Z
• PR #23472: (techhat) Allow neutron network list to be used as pillar data | refs: #23722
• 0c00995 Merge pull request #23722 from rallytime/bp-23472
• c3d0f39 Change versionadded tag for backport
• 023e88f Allow neutron network list to be used as pillar data
• PR #23727: (jfindlay) fix npm execution module stacktrace @ 2015-05-14T18:14:12Z
• ISSUE #23657: (arthurlogilab) [salt-cloud lxc] NameError: global name '__salt__' is not defined |
refs: #23727 #23898 #23897
• cbf4ca8 Merge pull request #23727 from jfindlay/npm_salt
• 05392f2 fix npm execution module stacktrace
• PR #23718: (rahulhan) Adding states/user.py unit tests @ 2015-05-14T17:15:38Z
• ef536d5 Merge pull request #23718 from rahulhan/states_user_unit_tests
• aad27db Adding states/user.py unit tests
• PR #23720: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-05-14T17:13:02Z
• ISSUE #23604: (Azidburn) service.dead on systemd Minion create an Error Message | refs: #23607
• ISSUE #23548: (kkaig) grains.list_present produces incorrect (?) output | refs: #23674
• ISSUE #23403: (iamfil) salt.runners.cloud.action fun parameter is replaced | refs: #23680
• PR #23680: (cachedout) Rename kwarg in cloud runner
• PR #23674: (cachedout) Handle lists correctly in grains.list_prsesent
• PR #23672: (twangboy) Fix user present
• PR #23670: (rallytime) Backport #23607 to 2014.7
• PR #23607: (Azidburn) Fix for #23604. No error reporting. Exitcode !=0 are ok | refs: #23670
• a529d74 Merge pull request #23720 from basepi/merge-forward-2015.5
• 06a3ebd Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• 1b86460 Merge pull request #23680 from cachedout/issue_23403
• d5986c2 Rename kwarg in cloud runner
• cd64af0 Merge pull request #23674 from cachedout/issue_23548
• da8a2f5 Handle lists correctly in grains.list_prsesent
• d322a19 Merge pull request #23672 from twangboy/fix_user_present
• 731e7af Merge branch '2014.7' of https://github.com/saltstack/salt into fix_user_present
• d6f70a4 Fixed user.present to create password in windows
• 43f7025 Merge pull request #23670 from rallytime/bp-23607
• ed30dc4 Fix for #23604. No error reporting. Exitcode !=0 are ok
• PR #23704: (jayeshka) adding states/lvs_server unit test case @ 2015-05-14T14:22:10Z
• 13facbf Merge pull request #23704 from jayeshka/lvs_server_states-unit-test
• da323da adding states/lvs_server unit test case
• PR #23703: (jayeshka) adding states/lvs_service unit test case @ 2015-05-14T14:21:23Z
• f95ca31 Merge pull request #23703 from jayeshka/lvs_service_states-unit-test
• 66717c8 adding states/lvs_service unit test case
• PR #23702: (jayeshka) Remove superfluous return statement. @ 2015-05-14T14:20:42Z
• 07e987e Merge pull request #23702 from jayeshka/fix_lvs_service
• ecff218 fix lvs_service
• PR #23686: (jfindlay) remove superfluous return statement @ 2015-05-14T14:20:18Z
• 39973d4 Merge pull request #23686 from jfindlay/fix_lvs_server
• 5aaeb73 remove superfluous return statement
• PR #23690: (rallytime) Backport #23424 to 2015.5 @ 2015-05-13T23:04:36Z
• PR #23424: (jtand) Added python_shell=True for refresh_db in pacman.py | refs: #23690
• be7c7ef Merge pull request #23690 from rallytime/bp-23424
• 94574b7 Added python_shell=True for refresh_db in pacman.py
• PR #23681: (cachedout) Start on 2015.5.1 release notes @ 2015-05-13T19:44:22Z
• 1a0db43 Merge pull request #23681 from cachedout/2015_5_1_release_notes
• bdbbfa6 Start on 2015.5.1 release notes
• PR #23679: (jfindlay) Merge #23616 @ 2015-05-13T19:03:53Z
• PR #23616: (Snergster) virtual returning none warning fixed in dev but missed in 2015.5 | refs:
#23679
• b54075a Merge pull request #23679 from jfindlay/merge_23616
• 6e15e19 appease pylint's blank line strictures
• 8750680 virtual returning none warning fixed in dev but missed in 2015.5
• PR #23675: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-05-13T18:35:54Z
• ISSUE #23611: (hubez) master_type set to 'failover' but 'master' is not of type list but of type
<type 'str'> | refs: #23637
• ISSUE #23479: (danielmorlock) Typo in pkg.removed for Gentoo? | refs: #23558
• ISSUE #23452: (michaelforge) minion crashed with empty grain | refs: #23639
• ISSUE #23411: (dr4Ke) grains.append should work at any level of a grain | refs: #23440
• ISSUE #23355: (dr4Ke) salt-ssh: 'sources: salt://' files from 'pkg' state are not included in
salt_state.tgz | refs: #23530
• ISSUE #23110: (martinhoefling) Copying files from gitfs in file.recurse state fails
• ISSUE #23004: (b18) 2014.7.5 - Windows - pkg.list_pkgs - "nxlog" never shows up in output. | refs:
#23433
• ISSUE #22908: (karanjad) Add failhard option to salt orchestration | refs: #23389
• ISSUE #22141: (Deshke) grains.get_or_set_hash render error if hash begins with "%" | refs: #23640
• PR #23661: (rallytime) Merge #23640 with whitespace fix
• PR #23640: (cachedout) Add warning to get_or_set_hash about reserved chars | refs: #23661
• PR #23639: (cachedout) Handle exceptions raised by __virtual__
• PR #23637: (cachedout) Convert str master to list
• PR #23606: (twangboy) Fixed checkbox for starting service and actually starting it
• PR #23595: (rallytime) Backport #23549 to 2014.7
• PR #23594: (rallytime) Backport #23496 to 2014.7
• PR #23593: (rallytime) Backport #23442 to 2014.7
• PR #23592: (rallytime) Backport #23389 to 2014.7
• PR #23573: (techhat) Scan all available networks for public and private IPs | refs: #23802
• PR #23558: (jfindlay) reorder emerge command line
• PR #23554: (jleroy) Debian: Hostname always updated
• PR #23551: (dr4Ke) grains.append unit tests, related to #23474
• PR #23549: (vr-jack) Update __init__.py | refs: #23595
• PR #23537: (t0rrant) Update changelog
• PR #23530: (dr4Ke) salt-ssh state: fix including all salt:// references
• PR #23496: (martinhoefling) Fix for issue #23110 | refs: #23594
• PR #23474: (dr4Ke) Fix grains.append in nested dictionary grains #23411
• PR #23442: (clan) add directory itself to keep list | refs: #23593
• PR #23440: (dr4Ke) fix grains.append in nested dictionary grains #23411 | refs: #23474
• PR #23433: (twangboy) Obtain all software from the registry
• PR #23389: (cachedout) Correct fail_hard typo | refs: #23592
• e480f13 Merge pull request #23675 from basepi/merge-forward-2015.5
• bd63548 Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• 0f006ac Merge pull request #23661 from rallytime/merge-23640
• 4427f42 Whitespace fix
• dd91154 Add warning to get_or_set_hash about reserved chars
• 84e2ef8 Merge pull request #23639 from cachedout/issue_23452
• d418b49 Syntax error!
• 45b4015 Handle exceptions raised by __virtual__
• bd9b94b Merge pull request #23637 from cachedout/issue_23611
• 56cb1f5 Fix typo
• f6fcf19 Convert str master to list
• f20c0e4 Merge pull request #23595 from rallytime/bp-23549
• 6efcac0 Update __init__.py
• 1acaf86 Merge pull request #23594 from rallytime/bp-23496
• d5ae1d2 Fix for issue #23110 This resolves issues when the freshly created directory is removed
by fileserver.update.
• 2c221c7 Merge pull request #23593 from rallytime/bp-23442
• 39869a1 check w/ low['name'] only
• 304cc49 another fix for file defined w/ id, but require name
• 8814d41 add directory itself to keep list
• fadd1ef Merge pull request #23606 from twangboy/fix_installer
• 038331e Fixed checkbox for starting service and actually starting it
• acdd3fc Fix lint
• 680e88f Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• 10b3f0f Merge pull request #23592 from rallytime/bp-23389
• 734cc43 Correct fail_hard typo
• cd34b9b Merge pull request #23573 from techhat/novaquery
• f92db5e Linting
• 26e00d3 Scan all available networks for public and private IPs
• 2a72cd7 Merge pull request #23558 from jfindlay/fix_ebuild
• 45404fb reorder emerge command line
• a664a3c Merge pull request #23530 from dr4Ke/fix_salt-ssh_to_include_pkg_sources
• 5df6a80 fix pylint warning
• d0549e5 salt-ssh state: fix including all salt:// references
• 55c3869 Merge pull request #23433 from twangboy/list_pkgs_fix
• 8ab5b1b Fix pylint error
• 2d11d65 Obtain all software from the registry
• 755bed0 Merge pull request #23554 from jleroy/debian-hostname-fix
• 5ff749e Debian: Hostname always updated
• 6ec87ce Merge pull request #23551 from dr4Ke/grains.append_unit_tests
• ebff9df fix pylint errors
• c495404 unit tests for grains.append module function
• 0c9a323 use MagickMock
• c838a22 unit tests for grains.append module function
• e96c5c5 Merge pull request #23474 from dr4Ke/fix_grains.append_nested
• a01a5bb grains.get, parameter delimititer, versionadded: 2014.7.6
• b39f504 remove debugging output
• b6e15e2 fix grains.append in nested dictionary grains #23411
• ab7e1ae Merge pull request #23537 from t0rrant/patch-1
• 8e03cc9 Update changelog
• PR #23669: (rallytime) Backport #23586 to 2015.5 @ 2015-05-13T18:27:11Z
• PR #23586: (Lothiraldan) Fix salt.state.file._unify_sources_and_hashes when sources is used without
sources_hashes | refs: #23669
• 0dad6be Merge pull request #23669 from rallytime/bp-23586
• ef4c6ad Remove another unused import
• 73cfda7 Remove unused import
• 52b68d6 Use the zip_longest from six module for python 3 compatibility
• 18d5ff9 Fix salt.state.file._unify_sources_and_hashes when sources is used without sources_hashes
• PR #23662: (rallytime) Merge #23642 with pylint fix @ 2015-05-13T15:46:51Z
• PR #23642: (cachedout) Let saltmod handle lower-level exceptions gracefully | refs: #23662
• fabef75 Merge pull request #23662 from rallytime/merge-23642
• aa7bbd8 Remove unused import
• 9e66d4c Let saltmod handle lower-level exceptions gracefully
• PR #23622: (jfindlay) merge #23508 @ 2015-05-13T15:36:49Z
• PR #23508: (cro) Port mysql returner to postgres using jsonb datatype | refs: #23622
• 072b927 Merge pull request #23622 from jfindlay/pgjsonb
• 454322c appease pylint's proscription on blank line excess
• 57c6171 Get time with timezone correct also in job return.
• e109d0f Get time with timezone correct.
• 21e06b9 Fix SQL, remove unneeded imports.
• 653f360 Stop making changes in 2 places.
• d6daaa0 Typo.
• 7d748bf SSL is handled differently by Pg, so don't set it here.
• cc7c377 Fill alter_time field in salt_events with current time with timezone.
• 43defe9 Port mysql module to Postgres using jsonb datatypes
• PR #23651: (jayeshka) adding solr unit test case @ 2015-05-13T15:26:15Z
• c1bdd4d Merge pull request #23651 from jayeshka/solr-unit-test
• 6e05148 adding solr unit test case
• PR #23649: (jayeshka) adding states/libvirt unit test case @ 2015-05-13T15:24:48Z
• ee43411 Merge pull request #23649 from jayeshka/libvirt_states-unit-test
• 0fb923a adding states/libvirt unit test case
• PR #23648: (jayeshka) adding states/linux_acl unit test case @ 2015-05-13T15:24:11Z
• c7fc466 Merge pull request #23648 from jayeshka/linux_acl_states-unit-test
• 3f0ab29 removed error.
• 11081c1 adding states/linux_acl unit test case
• PR #23650: (jayeshka) adding states/kmod unit test case @ 2015-05-13T15:09:18Z
• 4cba7ba Merge pull request #23650 from jayeshka/kmod_states-unit-test
• 1987015 adding states/kmod unit test case
• PR #23633: (jayeshka) made changes to test_interfaces function. @ 2015-05-13T06:51:07Z
• bc8faf1 Merge pull request #23633 from jayeshka/win_network-2015.5-unit-test
• 0936e1d made changes to test_interfaces function.
• PR #23619: (jfindlay) fix kmod.present processing of module loading @ 2015-05-13T01:16:56Z
• 7df3579 Merge pull request #23619 from jfindlay/fix_kmod_state
• 73facbf fix kmod.present processing of module loading
• PR #23598: (rahulhan) Adding states/win_dns_client.py unit tests @ 2015-05-12T21:47:36Z
• d4f3095 Merge pull request #23598 from rahulhan/states_win_dns_client_unit_test
• d08d885 Adding states/win_dns_client.py unit tests
• PR #23597: (rahulhan) Adding states/vbox_guest.py unit tests @ 2015-05-12T21:46:30Z
• 811c6a1 Merge pull request #23597 from rahulhan/states_vbox_guest_unit_test
• 6a2909e Removed errors
• 4cde78a Adding states/vbox_guest.py unit tests
• PR #23615: (rallytime) Backport #23577 to 2015.5 @ 2015-05-12T21:19:11Z
• PR #23577: (msciciel) Fix find and remove functions to pass database param | refs: #23615
• 029ff11 Merge pull request #23615 from rallytime/bp-23577
• 6f74477 Fix find and remove functions to pass database param
• PR #23603: (rahulhan) Adding states/winrepo.py unit tests @ 2015-05-12T18:40:12Z
• b858953 Merge pull request #23603 from rahulhan/states_winrepo_unit_test
• a66e7e7 Adding states/winrepo.py unit tests
• PR #23602: (rahulhan) Adding states/win_path.py unit tests @ 2015-05-12T18:39:37Z
• 3cbbd6d Merge pull request #23602 from rahulhan/states_win_path_unit_test
• 122c29f Adding states/win_path.py unit tests
• PR #23600: (rahulhan) Adding states/win_network.py unit tests @ 2015-05-12T18:39:01Z
• 3c904e8 Merge pull request #23600 from rahulhan/states_win_network_unit_test
• b418404 removed lint error
• 1be8023 Adding states/win_network.py unit tests
• PR #23599: (rahulhan) Adding win_firewall.py unit tests @ 2015-05-12T18:37:49Z
• 10243a7 Merge pull request #23599 from rahulhan/states_win_firewall_unit_test
• 6cda890 Adding win_firewall.py unit tests
• PR #23601: (basepi) Add versionadded for jboss module/state @ 2015-05-12T17:22:59Z
• e73071d Merge pull request #23601 from basepi/jboss.version.added
• 0174c8f Add versionadded for jboss module/state
• PR #23469: (s0undt3ch) Call the windows specific function not the general one @ 2015-05-12T16:47:22Z
• 9beb7bc Merge pull request #23469 from s0undt3ch/hotfix/call-the-win-func
• 83e88a3 Call the windows specific function not the general one
• PR #23583: (jayeshka) adding states/ipset unit test case @ 2015-05-12T16:31:55Z
• d2f0975 Merge pull request #23583 from jayeshka/ipset_states-unit-test
• 4330cf4 adding states/ipset unit test case
• PR #23582: (jayeshka) adding states/keyboard unit test case @ 2015-05-12T16:31:17Z
• 82a47e8 Merge pull request #23582 from jayeshka/keyboard_states-unit-test
• fa94d7a adding states/keyboard unit test case
• PR #23581: (jayeshka) adding states/layman unit test case @ 2015-05-12T16:30:36Z
• 77e5b28 Merge pull request #23581 from jayeshka/layman_states-unit-test
• 297b055 adding states/layman unit test case
• PR #23580: (jayeshka) adding smf unit test case @ 2015-05-12T16:29:58Z
• cbe3282 Merge pull request #23580 from jayeshka/smf-unit-test
• 4f97191 adding smf unit test case
• PR #23572: (The-Loeki) Fix regression of #21355 introduced by #21603 @ 2015-05-12T16:28:05Z
• ISSUE #21603: (ipmb) ssh_auth.present fails on key without comment | refs: #23572 #23572
• PR #21355: (The-Loeki) Fix for comments containing whitespaces
• 16a3338 Merge pull request #23572 from The-Loeki/ssh_auth_fix
• d8248dd Fix regression of #21355 introduced by #21603
• PR #23565: (garethgreenaway) fix to aptpkg module @ 2015-05-12T16:25:46Z
• ISSUE #23490: (lichtamberg) salt.modules.aptpkg.upgrade should have default "dist_upgrade=False" |
refs: #23565
• f843f89 Merge pull request #23565 from garethgreenaway/2015_2_aptpkg_upgrade_default_to_upgrade
• 97ae514 aptpkg.upgrade should default to upgrade instead of dist_upgrade.
• PR #23550: (jfindlay) additional mock for rh_ip_test test_build_bond @ 2015-05-12T15:17:16Z
• ISSUE #23473: (terminalmage) unit.modules.rh_ip_test.RhipTestCase.test_build_bond is not properly
mocked | refs: #23550
• c1157cd Merge pull request #23550 from jfindlay/fix_rh_ip_test
• e9b94d3 additional mock for rh_ip_test test_build_bond
• PR #23552: (garethgreenaway) Fix for an issue caused by a previous pull request @ 2015-05-11T21:54:59Z
• b593328 Merge pull request #23552 from garethgreenaway/2015_5_returner_fix_broken_previous_pr
• 7d70e2b Passed argumentes in the call _fetch_profile_opts to were in the wrong order
• PR #23547: (slinu3d) Added AWS v4 signature support for 2015.5 @ 2015-05-11T21:52:24Z
• d0f9682 Merge pull request #23547 from slinu3d/2015.5
• f3bfdb5 Fixed urlparse and urlencode calls
• 802dbdb Added AWS v4 signature support for 2015.5
• PR #23544: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-05-11T18:02:06Z
• ISSUE #23159: (aneeshusa) Unused validator
• ISSUE #20518: (ekle) module s3.get does not support eu-central-1 | refs: #23467
• ISSUE #563: (chutz) pidfile support for minion and master daemons | refs: #23460 #23461
• PR #23538: (cro) Update date in LICENSE file
• PR #23505: (aneeshusa) Remove unused ssh config validator. Fixes #23159.
• PR #23467: (slinu3d) Added AWS v4 signature support
• PR #23460: (s0undt3ch) [2014.7] Update to latest stable bootstrap script v2015.05.07
• PR #23444: (techhat) Add create_attach_volume to nova driver
• PR #23439: (techhat) Add wait_for_passwd_maxtries variable
• 06c6a1f Merge pull request #23544 from basepi/merge-forward-2015.5
• f8a36bc Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• b79fed3 Merge pull request #23538 from cro/licupdate
• 345efe2 Update date in LICENSE file
• a123a36 Merge pull request #23505 from aneeshusa/remove-unused-ssh-config-validator
• 90af167 Remove unused ssh config validator. Fixes #23159.
• ca2c21a Merge pull request #23467 from slinu3d/2014.7
• 0b4081d Fixed pylint error at line 363
• 5be5eb5 Fixed pylink errors
• e64f374 Fixed lint errors
• b9d1ac4 Added AWS v4 signature support
• e6f9eec Merge pull request #23444 from techhat/novacreateattach
• ebdb7ea Add create_attach_volume to nova driver
• e331463 Merge pull request #23460 from s0undt3ch/hotfix/bootstrap-script-2014.7
• edcd0c4 Update to latest stable bootstrap script v2015.05.07
• 7a8ce1a Merge pull request #23439 from techhat/maxtries
• 0ad3ff2 Add wait_for_passwd_maxtries variable
• PR #23470: (twangboy) Fixed service.restart for salt-minion @ 2015-05-11T17:54:47Z
• ISSUE #23426: (twangboy) Can't restart salt-minion on 64 bit windows (2015.5.0) | refs: #23470
• aa5b896 Merge pull request #23470 from twangboy/fix_svc_restart
• b3f284c Fixed tests
• ad44d79 Fixed service.restart for salt-minion
• PR #23539: (rahulhan) Adding states/virtualenv_mod.py unit tests @ 2015-05-11T17:02:31Z
• 67988b2 Merge pull request #23539 from rahulhan/states_virtualenv_mod_unit_test
• 750bb07 Adding states/virtualenv_mod.py unit tests
• 6f0cf2e Merge remote-tracking branch 'upstream/2015.2' into 2015.5
• ISSUE #23244: (freimer) Caller not available in reactors | refs: #23245
• PR #23509: (keesbos) Catch the unset (empty/None) environment case
• PR #23423: (cachedout) Remove jid_event from state.orch
• PR #23245: (freimer) Add Caller functionality to reactors.
• c966196 Merge pull request #23423 from cachedout/remove_jid_event_from_orch
• f81aab7 Remove jid_event from state.orch
• 2bb09b7 Merge pull request #23509 from keesbos/Catch_empty_environment
• 6dedeac Catch the unset (empty/None) environment case
• 6d42f30 Merge pull request #23245 from freimer/issue_23244
• 24cf6eb Add Caller functionality to reactors.
• PR #23513: (gladiatr72) short-circuit auto-failure of iptables.delete state @ 2015-05-11T15:18:33Z
• c3f03d8 Merge pull request #23513 from
gladiatr72/RFC_stop_iptables.check_from_short-circuiting_position-only_delete_rule
• c71714c short-circuit auto-failure of iptables.delete state if position argument is set without the
other accoutrements that check_rule requires.
• PR #23534: (jayeshka) adding states/ini_manage unit test case @ 2015-05-11T14:32:06Z
• 4e77f6f Merge pull request #23534 from jayeshka/ini_manage_states-unit-test
• 831223c adding states/ini_manage unit test case
• PR #23533: (jayeshka) adding states/hipchat unit test case @ 2015-05-11T14:30:22Z
• 11ba9ed Merge pull request #23533 from jayeshka/hipchat-states-unit-test
• 41d14b3 adding states/hipchat unit test case
• PR #23532: (jayeshka) adding states/ipmi unit test case @ 2015-05-11T14:28:15Z
• e542113 Merge pull request #23532 from jayeshka/ipmi-states-unit-test
• fc3e64a adding states/ipmi unit test case
• PR #23531: (jayeshka) adding service unit test case @ 2015-05-11T14:27:12Z
• 9ba85fd Merge pull request #23531 from jayeshka/service-unit-test
• 3ad5314 adding service unit test case
• PR #23517: (garethgreenaway) fix to returners @ 2015-05-11T14:20:51Z
• ISSUE #23512: (Code-Vortex) hipchat_returner / slack_returner not work correctly | refs: #23517
• 32838cd Merge pull request #23517 from garethgreenaway/23512_2015_5_returners_with_profiles
• 81e31e2 fix for returners that utilize profile attributes. code in the if else statement was
backwards. #23512
• PR #23502: (rahulhan) Adding states/win_servermanager.py unit tests @ 2015-05-08T19:47:18Z
• 6be7d8d Merge pull request #23502 from rahulhan/states_win_servermanager_unit_test
• 2490074 Adding states/win_servermanager.py unit tests
• PR #23495: (jayeshka) adding seed unit test case @ 2015-05-08T17:30:38Z
• 6048578 Merge pull request #23495 from jayeshka/seed-unit-test
• 3f134bc adding seed unit test case
• PR #23494: (jayeshka) adding sensors unit test case @ 2015-05-08T17:30:18Z
• 70bc3c1 Merge pull request #23494 from jayeshka/sensors-unit-test
• 1fb48a3 adding sensors unit test case
• PR #23493: (jayeshka) adding states/incron unit test case @ 2015-05-08T17:29:59Z
• b981b20 Merge pull request #23493 from jayeshka/incron-states-unit-test
• cc7bc17 adding states/incron unit test case
• PR #23492: (jayeshka) adding states/influxdb_database unit test case @ 2015-05-08T17:29:51Z
• 4019c49 Merge pull request #23492 from jayeshka/influxdb_database-states-unit-test
• e1fcac8 adding states/influxdb_database unit test case
• PR #23491: (jayeshka) adding states/influxdb_user unit test case @ 2015-05-08T16:24:07Z
• d317a77 Merge pull request #23491 from jayeshka/influxdb_user-states-unit-test
• 9d4043f adding states/influxdb_user unit test case
• PR #23477: (galet) LDAP auth: Escape filter value for group membership search @ 2015-05-07T22:04:48Z
• e0b2a73 Merge pull request #23477 from galet/ldap-filter-escaping
• 33038b9 LDAP auth: Escape filter value for group membership search
• PR #23476: (cachedout) Lint becaon @ 2015-05-07T19:55:36Z
• PR #23431: (UtahDave) Beacon fixes | refs: #23476
• e1719fe Merge pull request #23476 from cachedout/lint_23431
• 8d1ff20 Lint becaon
• PR #23431: (UtahDave) Beacon fixes | refs: #23476 @ 2015-05-07T19:53:47Z
• 1e299ed Merge pull request #23431 from UtahDave/beacon_fixes
• 152f223 remove unused import
• 81198f9 fix interval logic and example
• 5504778 update to proper examples
• 6890439 fix list for mask
• ee7b579 remove custom interval code.
• PR #23468: (rahulhan) Adding states/win_system.py unit tests @ 2015-05-07T19:20:50Z
• ea55c44 Merge pull request #23468 from rahulhan/states_win_system_unit_test
• 33f8c12 Adding states/win_system.py unit tests
• PR #23466: (UtahDave) minor spelling fix @ 2015-05-07T19:19:06Z
• e6e1114 Merge pull request #23466 from UtahDave/2015.5local
• b2c399a minor spelling fix
• PR #23461: (s0undt3ch) [2015.5] Update to latest stable bootstrap script v2015.05.07 @
2015-05-07T19:16:18Z
• ISSUE #563: (chutz) pidfile support for minion and master daemons | refs: #23460 #23461
• 4eeb1e6 Merge pull request #23461 from s0undt3ch/hotfix/bootstrap-script
• 638c63d Update to latest stable bootstrap script v2015.05.07
• PR #23450: (jayeshka) adding scsi unit test case @ 2015-05-07T19:00:28Z
• 8651278 Merge pull request #23450 from jayeshka/scsi-unit-test
• e7269ff adding scsi unit test case
• PR #23449: (jayeshka) adding s3 unit test case @ 2015-05-07T18:59:45Z
• 8b374ae Merge pull request #23449 from jayeshka/s3-unit-test
• 85786bf adding s3 unit test case
• PR #23448: (jayeshka) adding states/keystone unit test case @ 2015-05-07T18:58:59Z
• 49b431c Merge pull request #23448 from jayeshka/keystone-states-unit-test
• a3050eb adding states/keystone unit test case
• PR #23447: (jayeshka) adding states/grafana unit test case @ 2015-05-07T18:58:20Z
• 23d7e7e Merge pull request #23447 from jayeshka/grafana-states-unit-test
• 7e90a4a adding states/grafana unit test case
• PR #23438: (techhat) Gate requests import @ 2015-05-07T07:22:58Z
• 1fd0bc2 Merge pull request #23438 from techhat/gaterequests
• d5b15fc Gate requests import
• PR #23429: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-05-07T05:35:13Z
• ISSUE #17245: (tomashavlas) localemod does not generate locale for Arch | refs: #23307 #23397
• PR #23425: (basepi) [2014.7] Fix typo in FunctionWrapper
• PR #23422: (cro) $HOME should not be used, some shells don't set it.
• PR #23414: (jfindlay) 2015.2 -> 2015.5
• PR #23409: (terminalmage) Update Lithium docstrings in 2014.7 branch | refs: #23410
• PR #23404: (hvnsweeting) saltapi cherrypy: initialize var when POST body is empty
• PR #23397: (jfindlay) add more flexible whitespace to locale_gen search
• PR #23385: (rallytime) Backport #23346 to 2014.7
• PR #23346: (ericfode) Allow file_map in salt-cloud to handle folders. | refs: #23385
• 3c4f734 Merge pull request #23429 from basepi/merge-forward-2015.5
• 7729834 Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• 644eb75 Merge pull request #23422 from cro/gce_sh_home
• 4ef9e6b Don't use $HOME to find user's directory, some shells don't set it
• ef17ab4 Merge pull request #23425 from basepi/functionwrapper_typo
• c390737 Fix typo in FunctionWrapper
• 1b13ec0 Merge pull request #23385 from rallytime/bp-23346
• 9efc13c more linting fixes
• cf131c9 cleaned up some pylint errors
• f981699 added logic to sftp_file and file_map to allow folder uploads using file_map
• f8c7a62 Merge pull request #23414 from jfindlay/update_branch
• 8074d16 2015.2 -> 2015.5
• 54b3bd4 Merge pull request #23404 from hvnsweeting/cherrypy-post-emptybody-fix
• f85f8f9 initialize var when POST body is empty
• 160f703 Merge pull request #23409 from terminalmage/update-lithium-docstrings-2014.7
• bc97d01 Fix sphinx typo
• 20006b0 Update Lithium docstrings in 2014.7 branch
• aa5fb0a Merge pull request #23397 from jfindlay/fix_locale_gen
• 0941fef add more flexible whitespace to locale_gen search
• PR #23396: (basepi) [2015.2] Merge forward from 2014.7 to 2015.2 @ 2015-05-06T21:42:35Z
• ISSUE #23294: (variia) file.replace fails to append if repl string partially available | refs: #23350
• ISSUE #23026: (adelcast) Incorrect salt-syndic logfile and pidfile locations | refs: #23341
• ISSUE #22742: (hvnsweeting) salt-master says: "This master address: 'salt' was previously resolvable
but now fails to resolve!" | refs: #23344
• ISSUE #19114: (pykler) salt-ssh and gpg pillar renderer | refs: #23272 #23347 #23188
• ISSUE #17245: (tomashavlas) localemod does not generate locale for Arch | refs: #23307 #23397
• ISSUE #580: (thatch45) recursive watch not being caught | refs: #23324
• ISSUE #552: (jhutchins) Support require and watch under the same state dec | refs: #23324
• PR #23368: (kaithar) Backport #23367 to 2014.7
• PR #23367: (kaithar) Put the sed insert statement back in to the output. | refs: #23368
• PR #23350: (lorengordon) Append/prepend: search for full line
• PR #23347: (basepi) [2014.7] Salt-SSH Backport FunctionWrapper.__contains__
• PR #23344: (cachedout) Explicitly set file_client on master
• PR #23341: (cachedout) Fix syndic pid and logfile path
• PR #23324: (s0undt3ch) [2014.7] Update to the latest stable release of the bootstrap script
v2015.05.04
• PR #23318: (cellscape) Honor seed argument in LXC container initializaton
• PR #23311: (cellscape) Fix new container initialization in LXC runner | refs: #23318
• PR #23307: (jfindlay) check for /etc/locale.gen
• PR #23272: (basepi) [2014.7] Allow salt-ssh minion config overrides via master config and roster |
refs: #23347
• PR #23188: (basepi) [2014.7] Work around bug in salt-ssh in config.get for gpg renderer | refs:
#23272
• PR #18368: (basepi) Merge forward from 2014.7 to develop | refs: #23367 #23368
• PR #589: (epoelke) add --quiet and --outfile options to saltkey | refs: #23324
• PR #567: (bastichelaar) Added upstart module | refs: #23324
• PR #560: (UtahDave) The runas feature that was added in 93423aa2e5e4b7de6452090b0039560d2b13... |
refs: #23324
• PR #504: (SEJeff) File state goodies | refs: #23324
• 1fb8445 Merge pull request #23396 from basepi/merge-forward-2015.2
• 2766c8c Fix typo in FunctionWrapper
• fd09cda Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.2
• 0c76dd4 Merge pull request #23368 from kaithar/bp-23367
• 577f419 Pylint fix
• 8d9acd1 Put the sed insert statement back in to the output.
• 3493cc1 Merge pull request #23350 from lorengordon/file.replace_assume_line
• b60e224 Append/prepend: search for full line
• 7be5c48 Merge pull request #23341 from cachedout/issue_23026
• e98e65e Fix tests
• 6011b43 Fix syndic pid and logfile path
• ea61abf Merge pull request #23272 from basepi/salt-ssh.minion.config.19114
• c223309 Add versionadded
• be7407f Lint
• c2c3375 Missing comma
• 8e3e8e0 Pass the minion_opts through the FunctionWrapper
• cb69cd0 Match the master config template in the master config reference
• 87fc316 Add Salt-SSH section to master config template
• 91dd9dc Add ssh_minion_opts to master config ref
• c273ea1 Add minion config to salt-ssh doc
• a0b6b76 Add minion_opts to roster docs
• 5212c35 Accept minion_opts from the target information
• e2099b6 Process ssh_minion_opts from master config
• 3b64214 Revert "Work around bug in salt-ssh in config.get for gpg renderer"
• 494953a Remove the strip (embracing multi-line YAML dump)
• fe87f0f Dump multi-line yaml into the SHIM
• b751a72 Inject local minion config into shim if available
• 4f760dd Merge pull request #23347 from basepi/salt-ssh.functionwrapper.contains.19114
• 30595e3 Backport FunctionWrapper.__contains__
• 02658b1 Merge pull request #23344 from cachedout/issue_22742
• 5adc96c Explicitly set file_client on master
• ba7605d Merge pull request #23318 from cellscape/honor-seed-argument
• 228b1be Honor seed argument in LXC container initializaton
• 4ac4509 Merge pull request #23307 from jfindlay/fix_locale_gen
• 101199a check for /etc/locale.gen
• f790f42 Merge pull request #23324 from s0undt3ch/hotfix/bootstrap-script-2014.7
• 6643e47 Update to the latest stable release of the bootstrap script v2015.05.04
• 23d4feb Merge remote-tracking branch 'upstream/2015.2' into 2015.5
• PR #23412: (rahulhan) Adding states/win_update.py unit tests @ 2015-05-06T18:31:09Z
• b3c1672 Merge pull request #23412 from rahulhan/states_win_update_unit_test
• 9bc1519 Removed unwanted imports
• f12bfcf Adding states/win_update.py unit tests
• PR #23413: (terminalmage) Update manpages for 2015.2 -> 2015.5 @ 2015-05-06T17:12:57Z
• f2d7646 Merge pull request #23413 from terminalmage/update-manpages
• 23fa440 Update manpages to reflect 2015.2 rename to 2015.5
• 0fdaa73 Fix missed docstring updates from 2015.2 -> 2015.5
• 4fea5ba Add missing RST file
• PR #23410: (terminalmage) Update Lithium docstrings in 2015.2 branch @ 2015-05-06T15:53:52Z
• PR #23409: (terminalmage) Update Lithium docstrings in 2014.7 branch | refs: #23410
• bafbea7 Merge pull request #23410 from terminalmage/update-lithium-docstrings-2015.2
• d395565 Update Lithium docstrings in 2015.2 branch
• PR #23407: (jayeshka) adding rsync unit test case @ 2015-05-06T15:52:23Z
• 02ef41a Merge pull request #23407 from jayeshka/rsync-unit-test
• a4dd836 adding rsync unit test case
• PR #23406: (jayeshka) adding states/lxc unit test case @ 2015-05-06T15:51:50Z
• 58ec2a2 Merge pull request #23406 from jayeshka/lxc-states-unit-test
• 32a0d03 adding states/lxc unit test case
• PR #23395: (basepi) [2015.2] Add note to 2015.2.0 release notes about master opts in pillar @
2015-05-05T22:15:20Z
• 8837d00 Merge pull request #23395 from basepi/2015.2.0masteropts
• b261c95 Add note to 2015.2.0 release notes about master opts in pillar
• PR #23393: (basepi) [2015.2] Add warning about python_shell changes to 2015.2.0 release notes @
2015-05-05T22:12:46Z
• f79aed5 Merge pull request #23393 from basepi/2015.2.0python_shell
• b2f033f Add CLI note
• 48e7b3e Add warning about python_shell changes to 2015.2.0 release notes
• PR #23380: (gladiatr72) Fix for double output with static salt cli/v2015.2 @ 2015-05-05T21:44:28Z
• a977776 Merge pull request #23380 from gladiatr72/fix_for_double_output_with_static__salt_CLI/v2015.2
• c47fdd7 Actually removed the static bits from below the else: fold this time.
• 4ee3679 Fix for incorrect output with salt CLI --static option
• PR #23379: (rahulhan) Adding states/rabbitmq_cluster.py @ 2015-05-05T21:44:06Z
• 5c9543c Merge pull request #23379 from rahulhan/states_rabbitmq_cluster_test
• 04c22d1 Adding states/rabbitmq_cluster.py
• PR #23377: (rahulhan) Adding states/xmpp.py unit tests @ 2015-05-05T21:43:35Z
• 430f080 Merge pull request #23377 from rahulhan/states_xmpp_test
• 32923b5 Adding states/xmpp.py unit tests
• PR #23335: (steverweber) 2015.2: include doc in master config for module_dirs @ 2015-05-05T21:28:58Z
• 8c057e6 Merge pull request #23335 from steverweber/2015.2
• 5e3bae9 help installing python pysphere lib
• 97513b0 include module_dirs
• 36b1c87 include module_dirs
• PR #23362: (jayeshka) adding states/zk_concurrency unit test case @ 2015-05-05T15:50:06Z
• 1648253 Merge pull request #23362 from jayeshka/zk_concurrency-states-unit-test
• f60dda4 adding states/zk_concurrency unit test case
• PR #23363: (jayeshka) adding riak unit test case @ 2015-05-05T14:23:05Z
• 1cdaeed Merge pull request #23363 from jayeshka/riak-unit-test
• f9da6db adding riak unit test case
Salt 2015.5.10 Release Notes
Security Fix
CVE-2016-3176: Insecure configuration of PAM external authentication service
This issue affects all Salt versions prior to 2015.8.8/2015.5.10 when PAM external authentication is
enabled. This issue involves passing an alternative PAM authentication service with a command that is
sent to LocalClient, enabling the attacker to bypass the configured authentication service. Thank you to
Dylan Frese <dmfrese@gmail.com> for bringing this issue to our attention.
This update defines the PAM eAuth service that users authenticate against in the Salt Master
configuration.
(No additional fixes are contained in this release).
Read Before Upgrading Debian 8 (Jessie) from Salt Versions Earlier than 2015.5.9
Salt systemd service files are missing the following statement in these versions:
[Service]
KillMode=process
This statement must be added to successfully upgrade on these earlier versions of Salt.
Salt 2015.5.11 Release Notes
Version 2015.5.11 is a bugfix release for 2015.5.0.
Changes for v2015.5.10..v2015.5.11
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-05-20T21:02:38Z
Total Merges: 101
Changes:
• dc8ce2d Fix traceback in logging for config validation (#33386) (#33405)
• PR #33383: (thatch45) maintain the fallabck because I am totally sick of this crap
• 755acfb Improve doc clarity for disable_modules documentation (#33379)
• 2b5ad12 Better YAML syntax error handling (#33375)
• PR #33372: (jacobhammons) revved 2015.8 branch to .9 in version selector
• 55be0ab Expanded documentation for boto_elb state and module (#33341)
• 9b42a05 Added some more docs for master and minion config settings (#33292)
• 8acee5e Fix iptables --match-set (#23643) (#33301)
• 757ef20 fix "loose" typo (#33290)
• b7d98da Add auth_tries config option to minion.rst docs (#33287)
• 061851b Document minion_id_caching config value (#33282)
• 8fa72f6 Clarify file.replace MULTILINE flag interaction with regex anchors (#33137)
• 4b1f460 update 2015.5.11 release notes (#33236)
• PR #33211: (cachedout) Don't try to kill a parent proc if we can't
• f868329 Resolve issue with pkg module on Mint Linux (#33205)
• a09e1b6 Add pip installed and removed test (#33178)
• 96e3586 update 2015.5.11 release notes (#33197)
• 09b072a Fix file.managed for Windows (#33181)
• 30868ab [2015.5] Update to latest bootstrap script v2016.05.11 (#33185)
• 264ad34 Pip fix (#33180)
• 43288b2 add 2015.5.11 release notes (#33160)
• e0da8fd [2015.5] Update to latest bootstrap script v2016.05.10 (#33155)
• PR #33141: (jtand) Skipping salt-call --local test
• 878d34a Doc mock decorators (#33132)
• 30edead Lower display of msgpack failure msg to debug (#33078)
• d4928c5 Use saltstack repo in buildpackage.py on CentOS 5 (#33080)
• 61d126c add test for installing package while using salt-call --local (#33025)
• 6d3e4e8 File and User test fixes for 2015.5 on Fedora23 (#33055)
• d48b2b8 test pillar.items output (#33060)
• 398793b Fix minor document error of test.assertion (#33067)
• f875763 Saltfile with pillar tests (#33045)
• 1d78924 Backport #33021 manually to 2015.5 (#33044)
• f00b5f9 Add run_on_start docs to schedule.rst (#32958)
• edce22a backport PR #32732 to 2015.5 fixes #23714 (#32848)
• 9b5c14c salt-cloud -u downloads stable version from bootstrap.saltstack.com by default (#32837)
• 9725804 update bootstrap to 2016.04.18 release (#32667)
• PR #32776: (rallytime) [2015.5] Merge forward from 2014.7 to 2015.5
• 67d0c81 Support remote sources in a source list (#32691)
• PR #32686: (cachedout) Fix stacktrace in batch with dup minion ids
• 3ec9502 Update "Low Hanging Fruit" to "Help Wanted" (#32675)
• 77bea56 Additional documentation on calling exec modules from templates (#32657)
• c910b8d Fixing critical bug to remove only the specified Host instead of the entire Host cluster (‐
#32639)
• 4568565 Add _syspaths.py to .gitignore (#32638)
• PR #32561: (gtmanfred) redact passwords and hashes from user.present updates
• PR #32538: (rallytime) Back-port #32528 to 2015.5
• 29333e5 Add documentation for some master/minion configs (#32454)
• PR #32458: (terminalmage) Improve and clarify docs on provider overrides.
• 0809126 Merge #32293 with test fixes (#32418)
• bbd8260 Ignore Raspbian in service.py __virtual__ (#32421)
• 690addf FreeBSD supports packages in format java/openjdk7 so the prior commit broke that functionality.
Check freebsd/pkg#1409 for more info.
• PR #32399: (amontalban) Backport to fix #28262 for 2015.5 as requested in PR #32376
• PR #32374: (cachedout) Update proxmox documentation
• PR #32339: (Ch3LL) remove reference to master_alive_check in 2015.5
• PR #32284: (rallytime) Audit config.py default types and values
• PR #32302: (terminalmage) Properly support packages with blank "Release" param in pkg.latest_version
• PR #32162: (terminalmage) Properly handle yum/zypper repositories in pkgrepo.managed
• PR #32223: (twangboy) Create minion.d directory on install for Windows
• PR #32218: (cachedout) Only display error when tty is True in salt-ssh
• PR #32196: (jtand) Fixed pylint error in app_pam_test.py
• PR #32154: (Ch3LL) Add integration tests for salt-api using pam eauth
• PR #32170: (gtmanfred) add name for lxc for use with cloud cache
• PR #32164: (terminalmage) Make __virtual__ for rhservice.py more robust (2015.5 branch)
• PR #32141: (paclat) fixes 32108
• PR #32129: (terminalmage) Support multiple valid option types when performing type checks
• PR #32056: (bstevenson) Fix list absent
• PR #32096: (rallytime) Back-port #32065 to 2015.5
• PR #32104: (jacobhammons) One additional known issue for 2015.5.10 release notes
• PR #32100: (jacobhammons) 2015.5.10 release docs
• PR #32038: (terminalmage) Improve state module docs, replace references to state.highstate/state.sls
with state.apply
• PR #32051: (terminalmage) Fix outputter for state.apply
• PR #32002: (abednarik) Added Manajro Linux to virtual.
• PR #31957: (rallytime) [2015.5] Merge forward from 2014.7 to 2015.5
• PR #31972: (terminalmage) Make lack of python-ldap module more explicit when LDAP eauth is enabled
• PR #31935: (twangboy) Back port nullsoft build script from 2015.8
• PR #31912: (jfindlay) log.mixins: remove extermporaneous .record
• PR #31825: (jtand) Updated .testing.pylintrc to match newer versions of pylint
• PR #31900: (rallytime) Add "python module" clarification to ps __virtual__ warning.
• PR #31878: (rallytime) Make sure __virtual__ error message is helpful when psutil is missing
• PR #31852: (rallytime) [2015.5] Merge forward from 2014.7 to 2015.5
• PR #31827: (gtmanfred) Remove ability of authenticating user to specify pam service
• PR #31810: (whiteinge) Fix outdated Jinja 'env' variable reference
• PR #31744: (brejoc) Fix for AttributeError with libcloud <0.15
• PR #31740: (terminalmage) Assume pillar_opts is False when not specified in masterless mode
• PR #31750: (rallytime) Back-port #26170 to 2015.5
• PR #31689: (rallytime) Back-port #29467 to 2015.5
• PR #31687: (cachedout) Removed useless GPG tests
• PR #31660: (terminalmage) Remove epoch from version string if present when installing with yum
• PR #31683: (rallytime) Back-port #31578 to 2015.5
• PR #31682: (cachedout) Add definition of job cache to glossary
• PR #31658: (rallytime) Add mentioned of Salt's Coding Style docs to the Contributing docs
• PR #31655: (rallytime) Make note of pylint dependencies in docs
• PR #31440: (cachedout) Set correct type for master_tops config value
• PR #31622: (jfindlay) doc/topics/tutorials/http: update query decoding docs
• PR #31558: (cachedout) Don't stacktrace if ssh binary is not installed with salt-ssh
• PR #31521: (terminalmage) salt-ssh: Fix race condition when caching files to build the thin tarball
• PR #31497: (rallytime) Remove duplicate "timeout" definition in Roster docs
• PR #31472: (rallytime) Update contributing docs
• PR #31461: (DmitryKuzmenko) Set auth retry count to 0 if multimaster mode is failover.
• PR #31442: (sastorsl) Add os.path.exists(src) to file.py, def copy
• PR #31441: (cachedout) Include localhost minions in presence detection for runner
• PR #31416: (carlwgeorge) selinux module documentation fix
• PR #31336: (terminalmage) Improve config validation logging
• PR #31374: (sjorge) fix for #31369
• PR #31339: (jacobhammons) changed latest release to 2015.8.7
• PR #31288: (notpeter) Improve salt.states.ssh_known_hosts documentation.
• PR #31183: (heyfife) Fixed named external_ip reservation/re-use code in gce driver.
• PR #31032: (terminalmage) (2015.5 branch) yumpkg: ensure that dnf-plugins-core >= 0.1.15 is installed
• PR #31264: (sjorge) fix if_missing gets appended to dirs list, take III
• PR #31110: (cachedout) Fixup 30730
• PR #30974: (rallytime) Back-port #30949 to 2015.5
• PR #30942: (rallytime) Back-port #30897 to 2015.5
• PR #30922: (jacobhammons) Rev latest version to 2015.8.5
• PR #30865: (abednarik) Better boto elb error message.
• PR #30831: (jacobhammons) Updated readme
• PR #30829: (jacobhammons) Updated latest version to 2015.8.4
• PR #30784: (rallytime) Back-port #24952 to 2015.5
• PR #30764: (terminalmage) Work around yum versionlock's inability to remove holds by package name alone
• PR #30760: (toanju) Changed output format of arp_ip_target from list to comma delimited...
• PR #30757: (yannis666) Fix to mine update to merge configuration
• PR #30749: (abednarik) Fix Netwotk hostname Module in Debian systems.
• PR #30699: (abednarik) Add Retry to save_load.
• PR #30659: (sjmh) Fix lsscsi issues for certain platforms
• PR #30671: (techhat) Add file locking to cloud index
• PR #30586: (abednarik) Fix comment_line permissions.
• PR #30582: (terminalmage) yumpkg.check_db: run separate repoquery commands when multiple names passed
• PR #30548: (jacobhammons) Added placeholder release notes for 2015.5.10
• PR #30530: (terminalmage) 2015.5 tweaks from #30529
• PR #30484: (terminalmage) Backport DNF support to 2015.5 branch
• PR #30512: (jfindlay) disable pkgrepo test for ubuntu 15.10+
• PR #30478: (jtand) Updated pip_state to work with pip 8.0
• PR #30482: (borgstrom) Pyobjects recursive import support (for 2015.5)
• PR #30459: (jfindlay) modules.pkg: disable repo int test for ubuntu 15.10
• PR #30443: (jtand) Boto uses False for is_default instead of None
• PR #30420: (attiasr) Backport #26853
• PR #30364: (rallytime) Add TLS version imports and add linode driver documentation notices
• PR #30184: (rallytime) Back-port #30166 to 2015.5
• PR #30291: (thegoodduke) ipset: fix test=true & add comment for every entry
Salt 2015.5.2 Release Notes
release
2015-06-10
Version 2015.5.2 is a bugfix release for 2015.5.0.
Extended Changelog Courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
PR #24346: (rallytime) Backport #24271 to 2015.5
@ 2015-06-03T18:44:31Z
PR #24271: (randybias) Fixed the setup instructions
refs: #24346
• 76927c9 Merge pull request #24346 from rallytime/bp-24271
• 04067b6 Fixed the setup instructions
PR #24345: (rallytime) Backport #24013 to 2015.5
@ 2015-06-03T18:39:41Z
ISSUE #24012: (jbq) Enabling a service does not create the appropriate rc.d symlinks on Ubuntu
refs: #24013
PR #24013: (jbq) Fix enabling a service on Ubuntu #24012
refs: #24345
• 4afa03d Merge pull request #24345 from rallytime/bp-24013
• 16e0732 Fix enabling a service on Ubuntu #24012
PR #24365: (jacobhammons) Fixes for PDF build errors
@ 2015-06-03T17:50:02Z
• c3392c2 Merge pull request #24365 from jacobhammons/DocFixes
• 0fc1902 Fixes for PDF build errors
PR #24313: (nicholascapo) Fix #22991 Correctly set result when test=True
@ 2015-06-03T14:49:18Z
ISSUE #22991: (nicholascapo) npm.installed ignores test=True * ae681a4 Merge pull request #24313
from nicholascapo/fix-22991-npm.installed-test-true * ac9644c Fix #22991 npm.installed correctly
set result on test=True
PR #24312: (nicholascapo) Fix #18966: file.serialize supports test=True
@ 2015-06-03T14:49:06Z
ISSUE #18966: (bechtoldt) file.serialize ignores test=True * d57a9a2 Merge pull request #24312
from nicholascapo/fix-18966-file.serialize-test-true * e7328e7 Fix #18966 file.serialize correctly
set result on test=True
PR #24302: (jfindlay) fix pkg hold/unhold integration test
@ 2015-06-03T03:27:43Z
• 6b694e3 Merge pull request #24302 from jfindlay/pkg_tests
• c2db0b1 fix pkg hold/unhold integration test
PR #24349: (rallytime) Remove references to mount_points in ec2 docs
@ 2015-06-03T01:54:09Z
ISSUE #14021: (mathrawka) EC2 doc mentions mount_point, but unable to use properly
refs: #24349
• aca8447 Merge pull request #24349 from rallytime/fix-14021
• a235b11 Remove references to mount_points in ec2 docs
PR #24328: (dr4Ke) Fix state grains silently fails 2015.5
@ 2015-06-02T15:18:46Z
ISSUE #24319: (dr4Ke) grains state shouldn't fail silently * 88a997e Merge pull request #24328
from dr4Ke/fix_state_grains_silently_fails_2015.5 * 8a63d1e fix state grains silently fails #24319
• ca1af20 grains state: add some tests
PR #24310: (techhat) Add warning about destroying maps
@ 2015-06-02T03:01:28Z
ISSUE #24036: (arthurlogilab) [salt-cloud] Protect against passing command line arguments as names
for the --destroy command in map files
refs: #24310
ISSUE #9772: (s0undt3ch) Delete VM's in a map does not delete them all
refs: #24310
• 7dcd9bb Merge pull request #24310 from techhat/mapwarning
• ca535a6 Add warning about destroying maps
PR #24281: (steverweber) Ipmi docfix
@ 2015-06-01T17:45:36Z
• 02bfb25 Merge pull request #24281 from steverweber/ipmi_docfix
• dd36f2c yaml formatting
• f6deef3 include api_kg kwarg in ipmi state
• a7d4e97 doc cleanup
• 0ded2fd save more cleanup to doc
• 08872f2 fix name api_key to api_kg
• 165a387 doc fix add api_kg kwargs
• 1ec7888 cleanup docs
PR #24287: (jfindlay) fix pkg test on ubuntu 12.04 for realz
@ 2015-06-01T14:16:37Z
• 73cd2cb Merge pull request #24287 from jfindlay/pkg_test
• 98944d8 fix pkg test on ubuntu 12.04 for realz
PR #24279: (rallytime) Backport #24263 to 2015.5
@ 2015-06-01T04:29:34Z
PR #24263: (cdarwin) Correct usage of import_yaml in formula documentation
refs: #24279
• 02017a0 Merge pull request #24279 from rallytime/bp-24263
• beff7c7 Correct usage of import_yaml in formula documentation
PR #24277: (rallytime) Put a space between after_jump commands
@ 2015-06-01T04:28:26Z
ISSUE #24226: (c4urself) iptables state needs to keep ordering of flags
refs: #24277
• 2ba696d Merge pull request #24277 from rallytime/fix_iptables_jump
• e2d1606 Move after_jump split out of loop
• d14f130 Remove extra loop
• 42ed532 Put a space between after_jump commands
PR #24262: (basepi) More dictupdate after #24142
@ 2015-05-31T04:09:37Z
PR #24142: (basepi) Optimize dictupdate.update and add #24097 functionality
refs: #24262
PR #24097: (kiorky) Optimize dictupdate
refs: #24142 #24142
• 113eba3 Merge pull request #24262 from basepi/dictupdatefix
• 0c4832c Raise a typeerror if non-dict types
• be21aaa Pylint
• bb8a6c6 More optimization
• c933249 py3 compat
• ff6b2a7 Further optimize dictupdate.update()
• c73f5ba Remove unused valtype
PR #24269: (kiorky) zfs: Fix spurious retcode hijacking in virtual
@ 2015-05-30T17:47:49Z
• 785d5a1 Merge pull request #24269 from makinacorpus/zfs
• 0bf23ce zfs: Fix spurious retcode hijacking in virtual
PR #24257: (jfindlay) fix pkg mod integration test on ubuntu 12.04
@ 2015-05-29T23:09:00Z
• 3d885c0 Merge pull request #24257 from jfindlay/pkg_tests
• 9508924 fix pkg mod integration test on ubuntu 12.04
PR #24260: (basepi) Fix some typos from #24080
@ 2015-05-29T22:54:58Z
ISSUE #23657: (arthurlogilab) [salt-cloud lxc] NameError: global name '__salt__' is not defined
refs: #24080 #23982
PR #24080: (kiorky) Lxc consistency2
refs: #24260 #23982 #24066
PR #24066: (kiorky) Merge forward 2015.5 -> develop
refs: #23982
PR #24065: (kiorky) continue to fix #23883
refs: #24080 #24066
PR #23982: (kiorky) lxc: path support
refs: #24080
• 08a1075 Merge pull request #24260 from basepi/lxctypos24080
• 0fa1ad3 Fix another lxc typo
• 669938f s/you ll/you'll/
PR #24080: (kiorky) Lxc consistency2
refs: #24260 #23982 #24066
@ 2015-05-29T22:51:54Z
ISSUE #23657: (arthurlogilab) [salt-cloud lxc] NameError: global name '__salt__' is not defined
refs: #24080 #23982
PR #24066: (kiorky) Merge forward 2015.5 -> develop
refs: #23982
PR #24065: (kiorky) continue to fix #23883
refs: #24080 #24066
PR #23982: (kiorky) lxc: path support
refs: #24080
• 75590cf Merge pull request #24080 from makinacorpus/lxc_consistency2
• 81f8067 lxc: fix old lxc test
• 458f506 seed: lint
• 96b8d55 Fix seed.mkconfig yamldump
• 76ddb68 lxc/applynet: conservative
• ce7096f variable collision
• 8a8b28d lxc: lint
• 458b18b more lxc docs
• ef1f952 lxc docs: typos
• d67a43d more lxc docs
• 608da5e modules/lxc: merge resolution
• 27c4689 modules/lxc: more consistent comparison
• 07c365a lxc: merge conflict spotted
• 9993915 modules/lxc: rework settings for consistency
• ce11d83 lxc: Global doc refresh
• 61ed2f5 clouds/lxc: profile key is conflicting
PR #24247: (rallytime) Backport #24220 to 2015.5
@ 2015-05-29T21:40:01Z
ISSUE #24210: (damonnk) salt-cloud vsphere.py should allow key_filename param
refs: #24220
PR #24220: (djcrabhat) adding key_filename param to vsphere provider
refs: #24247
• da14f3b Merge pull request #24247 from rallytime/bp-24220
• 0b1041d adding key_filename param to vsphere provider
PR #24254: (rallytime) Add deprecation warning to Digital Ocean v1 Driver
@ 2015-05-29T21:39:25Z
PR #22731: (dmyerscough) Decommission DigitalOcean APIv1 and have users use the new DigitalOcean
APIv2
refs: #24254
• 21d6126 Merge pull request #24254 from rallytime/add_deprecation_warning_digitalocean
• cafe37b Add note to docs about deprecation
• ea0f1e0 Add deprecation warning to digital ocean driver to move to digital_ocean_v2
PR #24252: (aboe76) Updated suse spec to 2015.5.1
@ 2015-05-29T21:38:45Z
• dac055d Merge pull request #24252 from aboe76/opensuse_package
• 0ad617d Updated suse spec to 2015.5.1
PR #24251: (garethgreenaway) Returners broken in 2015.5
@ 2015-05-29T21:37:52Z
• 49e7fe8 Merge pull request #24251 from garethgreenaway/2015_5_returner_brokenness
• 5df6b52 The code calling cfg as a function vs treating it as a dictionary and using get is
currently backwards causing returners to fail when used from the CLI and in scheduled jobs.
PR #24255: (rallytime) Clarify digital ocean documentation and mention v1 driver deprecation
@ 2015-05-29T21:37:07Z
ISSUE #21498: (rallytime) Clarify Digital Ocean Documentation
refs: #24255
• bfb9461 Merge pull request #24255 from rallytime/clarify_digital_ocean_driver_docs
• 8d51f75 Clarify digital ocean documentation and mention v1 driver deprecation
PR #24232: (rallytime) Backport #23308 to 2015.5
@ 2015-05-29T21:36:46Z
PR #23308: (thusoy) Don't merge: Add missing jump arguments to iptables module
refs: #24232
• 41f5756 Merge pull request #24232 from rallytime/bp-23308
• 2733f66 Import string
• 9097cca Add missing jump arguments to iptables module
PR #24245: (Sacro) Unset PYTHONHOME when starting the service
@ 2015-05-29T20:00:31Z
• a95982c Merge pull request #24245 from Sacro/patch-2
• 6632d06 Unset PYTHONHOME when starting the service
PR #24121: (hvnsweeting) deprecate setting user permission in rabbitmq_vhost.present
@ 2015-05-29T15:55:40Z
• 1504c76 Merge pull request #24121 from hvnsweeting/rabbitmq-host-deprecate-set-permission
• 2223158 deprecate setting user permission in rabbitmq_host.present
PR #24179: (merll) Changing user and group only possible for existing ids.
@ 2015-05-29T15:52:43Z
PR #24169: (merll) Changing user and group only possible for existing ids.
refs: #24179
• ba02f65 Merge pull request #24179 from Precis/fix-file-uid-gid-2015.0
• ee4c9d5 Use ids if user or group is not present.
PR #24229: (msteed) Fix auth failure on syndic with external_auth
@ 2015-05-29T15:04:06Z
ISSUE #24147: (paclat) Syndication issues when using authentication on master of masters.
refs: #24229
• 9bfb066 Merge pull request #24229 from msteed/issue-24147
• 482d1cf Fix auth failure on syndic with external_auth
PR #24234: (jayeshka) adding states/quota unit test case.
@ 2015-05-29T14:14:27Z
• 19fa43c Merge pull request #24234 from jayeshka/quota-states-unit-test
• c233565 adding states/quota unit test case.
PR #24217: (jfindlay) disable intermittently failing tests
@ 2015-05-29T03:08:39Z
ISSUE #40: (thatch45) Clean up timeouts
refs: #22857
PR #23623: (jfindlay) Fix /jobs endpoint's return
refs: #24217
PR #22857: (jacksontj) Fix /jobs endpoint's return
refs: #23623
• e15142c Merge pull request #24217 from jfindlay/disable_bad_tests
• 6b62804 disable intermittently failing tests
PR #24199: (ryan-lane) Various fixes for boto_route53 and boto_elb
@ 2015-05-29T03:02:41Z
• ce8e43b Merge pull request #24199 from lyft/route53-fix-elb
• d8dc9a7 Better unit tests for boto_elb state
• 62f214b Remove cnames_present test
• 7b9ae82 Lint fix
• b74b0d1 Various fixes for boto_route53 and boto_elb
PR #24142: (basepi) Optimize dictupdate.update and add #24097 functionality
refs: #24262
@ 2015-05-29T03:00:56Z
PR #24097: (kiorky) Optimize dictupdate
refs: #24142 #24142
PR #21968: (ryanwohara) Verifying the key has a value before using it. * a43465d Merge pull
request #24142 from basepi/dictupdate24097 * 5c6e210 Deepcopy on merge_recurse
• a13c84a Fix None check from #21968
• 9ef2c64 Add docstring
• 8579429 Add in recursive_update from #24097
• 8599143 if key not in dest, don't recurse
• d8a84b3 Rename klass to valtype
PR #24208: (jayeshka) adding states/ports unit test case.
@ 2015-05-28T23:06:33Z
• 526698b Merge pull request #24208 from jayeshka/ports-states-unit-test
• 657b709 adding states/ports unit test case.
PR #24219: (jfindlay) find zfs without modinfo
@ 2015-05-28T21:07:26Z
ISSUE #20635: (dennisjac) 2015.2.0rc1: zfs errors in log after update
refs: #24219
• d00945f Merge pull request #24219 from jfindlay/zfs_check
• 15d4019 use the salt loader in the zfs mod
• 5599b67 try to search for zfs if modinfo is unavailable
PR #24190: (msteed) Fix issue 23815
@ 2015-05-28T20:10:34Z
ISSUE #23815: (Snergster) [beacons] inotify errors on subdir creation * 3dc4b85 Merge pull request
#24190 from msteed/issue-23815 * 086a1a9 lint
• 65de62f fix #23815
• d04e916 spelling
• db9f682 add inotify beacon unit tests
PR #24211: (rallytime) Backport #24205 to 2015.5
@ 2015-05-28T18:28:15Z
PR #24205: (hazelesque) Docstring fix in salt.modules.yumpkg.hold
refs: #24211
• 436634b Merge pull request #24211 from rallytime/bp-24205
• 23284b5 Docstring fix in salt.modules.yumpkg.hold
PR #24212: (terminalmage) Clarify error in rendering template for top file
@ 2015-05-28T18:26:20Z
• cc58624 Merge pull request #24212 from terminalmage/clarify-error-msg
• ca807fb Clarify error in rendering template for top file
PR #24213: (The-Loeki) ShouldFix _- troubles in debian_ip
@ 2015-05-28T18:24:39Z
ISSUE #23904: (mbrgm) Network config bonding section cannot be parsed when attribute names use
dashes
refs: #23917
ISSUE #23900: (hashi825) salt ubuntu network building issue 2015.5.0
refs: #23922
PR #23922: (garethgreenaway) Fixes to debian_ip.py
refs: #24213
PR #23917: (corywright) Split debian bonding options on dash instead of underscore
refs: #24213
• 9825160 Merge pull request #24213 from The-Loeki/patch-3
• a68d515 ShouldFix _- troubles in debian_ip
PR #24214: (basepi) 2015.5.1release
@ 2015-05-28T16:23:57Z
• 071751d Merge pull request #24214 from basepi/2015.5.1release
• e5ba31b 2015.5.1 release date
• 768494c Update latest release in docs
PR #24202: (rallytime) Backport #24186 to 2015.5
@ 2015-05-28T05:16:48Z
PR #24186: (thcipriani) Update salt vagrant provisioner info
refs: #24202
• c2f1fdb Merge pull request #24202 from rallytime/bp-24186
• db793dd Update salt vagrant provisioner info
PR #24192: (rallytime) Backport #20474 to 2015.5
@ 2015-05-28T05:16:18Z
PR #20474: (djcrabhat) add sudo, sudo_password params to vsphere deploy to allow for non-root
deploys
refs: #24192
• 8a085a2 Merge pull request #24192 from rallytime/bp-20474
• fd3c783 add sudo, sudo_password params to deploy to allow for non-root deploys
PR #24184: (rallytime) Backport #24129 to 2015.5
@ 2015-05-28T05:15:08Z
PR #24129: (pengyao) Wheel client doc
refs: #24184
• 7cc535b Merge pull request #24184 from rallytime/bp-24129
• 722a662 fixed a typo
• 565eb46 Add cmd doc for WheelClient
PR #24183: (rallytime) Backport #19320 to 2015.5
@ 2015-05-28T05:14:36Z
PR #19320: (clan) add 'state_output_profile' option for profile output
refs: #24183
• eb0af70 Merge pull request #24183 from rallytime/bp-19320
• 55db1bf sate_output_profile default to True
• 9919227 fix type: statei -> state
• 0549ca6 add 'state_output_profile' option for profile output
PR #24201: (whiteinge) Add list of client libraries for the rest_cherrypy module to the top-level
documentation
@ 2015-05-28T02:12:09Z
• 1b5bf23 Merge pull request #24201 from whiteinge/rest_cherrypy-client-libs
• 5f71802 Add list of client libraries for the rest_cherrypy module
• 28fc77f Fix rest_cherrypy config example indentation
PR #24195: (rallytime) Merge #24185 with a couple of fixes
@ 2015-05-27T22:18:37Z
PR #24185: (jacobhammons) Fixes for doc build errors
refs: #24195
• 3307ec2 Merge pull request #24195 from rallytime/merge-24185
• d8daa9d Merge #24185 with a couple of fixes
• 634d56b Fixed pylon error
• 0689815 Fixes for doc build errors
PR #24166: (jayeshka) adding states/pkgng unit test case.
@ 2015-05-27T20:27:49Z
• 7e400bc Merge pull request #24166 from jayeshka/pkgng-states-unit-test
• 2234bb0 adding states/pkgng unit test case.
PR #24189: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
@ 2015-05-27T20:26:31Z
PR #24178: (rallytime) Backport #24118 to 2014.7, too. PR #24159: (rallytime) Fill out
modules/keystone.py CLI Examples PR #24158: (rallytime) Fix test_valid_docs test for tls module PR
#24118: (trevor-h) removed deprecated pymongo usage
refs: #24139 #24178
• 9fcda79 Merge pull request #24189 from basepi/merge-forward-2015.5
• 8839e9c Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• 9d7331c Merge pull request #24178 from rallytime/bp-24118
• e2217a0 removed deprecated pymongo usage as no longer functional with pymongo > 3.x
• 4e8c503 Merge pull request #24159 from rallytime/keystone_doc_examples
• dadac8d Fill out modules/keystone.py CLI Examples
• fc10ee8 Merge pull request #24158 from rallytime/fix_doc_error
• 49a517e Fix test_valid_docs test for tls module
PR #24181: (jtand) Fixed error where file was evaluated as a symlink in test_absent
@ 2015-05-27T18:26:28Z
• 2303dec Merge pull request #24181 from jtand/file_test
• 5f0e601 Fixed error where file was evaluated as a symlink in test_absent
PR #24180: (terminalmage) Skip libvirt tests if not running as root
@ 2015-05-27T18:18:47Z
• a162768 Merge pull request #24180 from terminalmage/fix-libvirt-test
• 72e7416 Skip libvirt tests if not running as root
PR #24165: (jayeshka) adding states/portage_config unit test case.
@ 2015-05-27T17:15:08Z
• 1fbc5b2 Merge pull request #24165 from jayeshka/portage_config-states-unit-test
• 8cf1505 adding states/portage_config unit test case.
PR #24164: (jayeshka) adding states/pecl unit test case.
@ 2015-05-27T17:14:26Z
• 4747856 Merge pull request #24164 from jayeshka/pecl-states-unit-test
• 563a5b3 adding states/pecl unit test case.
PR #24160: (The-Loeki) small enhancement to data module; pop()
@ 2015-05-27T17:03:10Z
• cdaaa19 Merge pull request #24160 from The-Loeki/patch-1
• 2175ff3 doc & merge fix
• eba382c small enhancement to data module; pop()
PR #24153: (techhat) Batch mode sometimes improperly builds lists of minions to process
@ 2015-05-27T16:21:53Z
• 4a8dbc7 Merge pull request #24153 from techhat/batchlist
• 467ba64 Make sure that minion IDs are strings
PR #24167: (jayeshka) adding states/pagerduty unit test case.
@ 2015-05-27T16:14:01Z
• ed8ccf5 Merge pull request #24167 from jayeshka/pagerduty-states-unit-test
• 1af8c83 adding states/pagerduty unit test case.
PR #24156: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
@ 2015-05-27T15:05:01Z
ISSUE #23464: (tibold) cmd_iter_no_block() blocks
refs: #24093
PR #24125: (hvnsweeting) Fix rabbitmq test mode PR #24093: (msteed) Make
LocalClient.cmd_iter_no_block() not block PR #24008: (davidjb) Correct reST formatting for
states.cmd documentation PR #23933: (jacobhammons) sphinx saltstack2 doc theme * b9507d1 Merge
pull request #24156 from basepi/merge-forward-2015.5 * e52b5ab Remove stray >>>>>
• 7dfbd92 Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• c0d32e0 Merge pull request #24125 from hvnsweeting/fix-rabbitmq-test-mode
• 71862c6 enhance log
• 28e2594 change according to new output of rabbitmq module functions
• cd0212e processes and returns better output for rabbitmq module
• 39a8f30 Merge pull request #24093 from msteed/issue-23464
• fd35903 Fix failing test
• 41b344c Make LocalClient.cmd_iter_no_block() not block
• 5bffd30 Merge pull request #24008 from davidjb/2014.7
• 8b8d029 Correct reST formatting for documentation
• 1aa0420 Merge pull request #23933 from jacobhammons/2014.7
• a3613e6 removed numbering from doc TOC
• 78b737c removed 2015.* release from release notes, updated index page to remove PDF/epub links
• e867f7d Changed build settings to use saltstack2 theme and update release versions.
• 81ed9c9 sphinx saltstack2 doc theme
PR #24145: (jfindlay) attempt to decode win update package
@ 2015-05-26T23:20:20Z
ISSUE #24102: (bormotov) win_update encondig problems
refs: #24145
• 05745fa Merge pull request #24145 from jfindlay/win_update_encoding
• cc5e17e attempt to decode win update package
PR #24123: (kiorky) fix service enable/disable change
@ 2015-05-26T21:24:19Z
ISSUE #24122: (kiorky) service.dead is no more stateful: services does not handle correctly
enable/disable change state
refs: #24123
• 7024789 Merge pull request #24123 from makinacorpus/ss
• 2e2e1d2 fix service enable/disable change
PR #24146: (rallytime) Fixes the boto_vpc_test failure on CentOS 5 tests
@ 2015-05-26T20:15:19Z
• 51c3cec Merge pull request #24146 from rallytime/fix_centos_boto_failure
• ac0f97d Fixes the boto_vpc_test failure on CentOS 5 tests
PR #24144: (twangboy) Compare Keys ignores all newlines and carriage returns
@ 2015-05-26T19:25:48Z
ISSUE #24052: (twangboy) v2015.5.1 Changes the way it interprets the minion_master.pub file
refs: #24089 #24144
ISSUE #23566: (rks2286) Salt-cp corrupting the file after transfer to minion
refs: #24144 #23740
PR #23740: (jfindlay) Binary write
refs: #24144
• 1c91a21 Merge pull request #24144 from twangboy/fix_24052
• c197b41 Compare Keys removing all newlines and carriage returns
PR #24139: (rallytime) Backport #24118 to 2015.5
@ 2015-05-26T18:24:27Z
PR #24118: (trevor-h) removed deprecated pymongo usage
refs: #24139 #24178
• 0841667 Merge pull request #24139 from rallytime/bp-24118
• 4bb519b removed deprecated pymongo usage as no longer functional with pymongo > 3.x
PR #24138: (rallytime) Backport #24116 to 2015.5
@ 2015-05-26T18:23:51Z
PR #24116: (awdrius) Fixed typo in chown username (ending dot) that fails the command.
refs: #24138
• 742eca2 Merge pull request #24138 from rallytime/bp-24116
• 7f08641 Fixed typo in chown username (ending dot) that fails the command.
PR #24137: (rallytime) Backport #24105 to 2015.5
@ 2015-05-26T18:23:40Z
PR #24105: (cedwards) Updated some beacon-specific documentation formatting
refs: #24137
• e01536d Merge pull request #24137 from rallytime/bp-24105
• f0778a0 Updated some beacon-specific documentation formatting
PR #24136: (rallytime) Backport #24104 to 2015.5
@ 2015-05-26T15:58:47Z
ISSUE #23364: (pruiz) Unable to destroy host using proxmox cloud: There was an error destroying
machines: 501 Server Error: Method 'DELETE /nodes/pmx1/openvz/openvz/100' not implemented PR
#24104: (pruiz) Only try to stop a VM if it's not already stopped. (fixes #23364)
refs: #24136
• 89cdf97 Merge pull request #24136 from rallytime/bp-24104
• c538884 Only try to stop a VM if it's not already stopped. (fixes #23364)
PR #24135: (rallytime) Backport #24083 to 2015.5
@ 2015-05-26T15:58:27Z
PR #24083: (swdream) fix code block syntax
refs: #24135
• 67c4373 Merge pull request #24135 from rallytime/bp-24083
• e1d06f9 fix code block syntax
PR #24131: (jayeshka) adding states/mysql_user unit test case
@ 2015-05-26T15:58:10Z
• a83371e Merge pull request #24131 from jayeshka/mysql_user-states-unit-test
• ed1ef69 adding states/mysql_user unit test case
PR #24130: (jayeshka) adding states/ntp unit test case
@ 2015-05-26T15:57:29Z
• 1dc1d2a Merge pull request #24130 from jayeshka/ntp-states-unit-test
• ede4a9f adding states/ntp unit test case
PR #24128: (jayeshka) adding states/openstack_config unit test case
@ 2015-05-26T15:56:08Z
• 3943417 Merge pull request #24128 from jayeshka/openstack_config-states-unit-test
• ca09e0f adding states/openstack_config unit test case
PR #24127: (jayeshka) adding states/npm unit test case
@ 2015-05-26T15:55:18Z
• 23f25c4 Merge pull request #24127 from jayeshka/npm-states-unit-test
• c3ecabb adding states/npm unit test case
PR #24077: (anlutro) Change how state_verbose output is filtered
@ 2015-05-26T15:41:11Z
ISSUE #24009: (hvnsweeting) state_verbose False summary is wrong
refs: #24077
• 07488a4 Merge pull request #24077 from alprs/fix-outputter_highstate_nonverbose_count
• 7790408 Change how state_verbose output is filtered
PR #24119: (jfindlay) Update contrib docs
@ 2015-05-26T15:37:01Z
• 224820f Merge pull request #24119 from jfindlay/update_contrib_docs
• fa2d411 update example release branch in contrib docs
• a0b76b5 clarify git rebase instructions
• 3517e00 fix contribution docs link typos
• 651629c backport dev contrib doc updates to 2015.5
PR #23928: (joejulian) Add the ability to replace existing certificates
@ 2015-05-25T19:47:26Z
• 5488c4a Merge pull request #23928 from joejulian/2015.5_tls_module_replace_existing
• 4a4cbdd Add the ability to replace existing certificates
PR #24078: (jfindlay) if a charmap is not supplied, set it to the codeset
@ 2015-05-25T19:39:19Z
ISSUE #23221: (Reiner030) Debian Jessie: locale.present not working again
refs: #24078
• dd90ef0 Merge pull request #24078 from jfindlay/locale_charmap
• 5eb97f0 if a charmap is not supplied, set it to the codeset
PR #24088: (jfindlay) pkg module integration tests
@ 2015-05-25T19:39:02Z
• 9cec5d3 Merge pull request #24088 from jfindlay/pkg_tests
• f1bd5ec adding pkg module integration tests
• 739b2ef rework yumpkg refresh_db so args are not mandatory
PR #24089: (jfindlay) allow override of binary file mode on windows
@ 2015-05-25T19:38:44Z
ISSUE #24052: (twangboy) v2015.5.1 Changes the way it interprets the minion_master.pub file
refs: #24089 #24144
• 517552c Merge pull request #24089 from jfindlay/binary_write
• b2259a6 allow override of binary file mode on windows
PR #24092: (jfindlay) collect scattered contents edits, ensure it's a str
@ 2015-05-25T19:38:10Z
ISSUE #23973: (mschiff) state file.managed: setting contents_pillar to a pillar which is a list
throws exception instead giving descriptive error message
refs: #24092
• 121ab9f Merge pull request #24092 from jfindlay/file_state
• cfa0f13 collect scattered contents edits, ensure it's a str
PR #24112: (The-Loeki) thin_gen breaks when thinver doesn't exist
@ 2015-05-25T19:37:47Z
• 84e65de Merge pull request #24112 from The-Loeki/patch-1
• 34646ea thin_gen breaks when thinver doesn't exist
PR #24108: (jayeshka) adding states/mysql_query unit test case
@ 2015-05-25T12:30:48Z
• ec509ed Merge pull request #24108 from jayeshka/mysql_query-states-unit-test
• ec50450 adding states/mysql_query unit test case
PR #24110: (jayeshka) adding varnish unit test case
@ 2015-05-25T12:30:21Z
• f2e5d6c Merge pull request #24110 from jayeshka/varnish-unit-test
• e119889 adding varnish unit test case
PR #24109: (jayeshka) adding states/mysql_grants unit test case
@ 2015-05-25T12:29:53Z
• 4fca2b4 Merge pull request #24109 from jayeshka/mysql_grants-states-unit-test
• 11a93cb adding states/mysql_grants unit test case
PR #24028: (nleib) send a disable message to disable puppet
@ 2015-05-25T04:02:11Z
• 6b43c9a Merge pull request #24028 from nleib/2015.5
• 15f24b4 update format of string in disabled msg
• 7690e5b remove trailing whitespaces
• 56a9720 Update puppet.py
• 9686391 Update puppet.py
• 33f3d68 send a disable message to disable puppet
PR #24100: (jfindlay) adding states/file unit test case
@ 2015-05-24T05:17:54Z
PR #23963: (jayeshka) adding states/file unit test case
refs: #24100
• 52c9aca Merge pull request #24100 from jfindlay/merge_23963
• 7d59deb adding states/file unit test case
PR #24098: (galet) Systemd not recognized properly on Oracle Linux 7
@ 2015-05-24T04:07:31Z
ISSUE #21446: (dpheasant) check for systemd on Oracle Linux
refs: #24098
• 0eb9f15 Merge pull request #24098 from galet/2015.5
• 4d6ab21 Systemd not recognized properly on Oracle Linux 7
PR #24090: (jfindlay) adding states/mount unit test case
@ 2015-05-22T23:02:57Z
PR #24062: (jayeshka) adding states/mount unit test case
refs: #24090
• 8e04db7 Merge pull request #24090 from jfindlay/merge_24062
• a81a922 adding states/mount unit test case
PR #24086: (rallytime) Backport #22806 to 2015.5
@ 2015-05-22T21:18:20Z
ISSUE #22574: (unicolet) error when which is not available
refs: #22806
PR #22806: (jfindlay) use cmd.run_all instead of cmd.run_stdout
refs: #24086
• c0079f5 Merge pull request #24086 from rallytime/bp-22806
• f728f55 use cmd.run_all instead of cmd.run_stdout
PR #24024: (jayeshka) adding states/mongodb_user unit test case
@ 2015-05-22T20:53:19Z
• 09de253 Merge pull request #24024 from jayeshka/mongodb_user-states-unit-test
• f31dc92 resolved errors
• d038b1f adding states/mongodb_user unit test case
PR #24065: (kiorky) continue to fix #23883
refs: #24080 #24066
@ 2015-05-22T18:59:21Z
ISSUE #23883: (kaithar) max_event_size seems broken * bfd812c Merge pull request #24065 from
makinacorpus/real23883 * 028282e continue to fix #23883
PR #24029: (kiorky) Fix providers handling
@ 2015-05-22T16:56:06Z
ISSUE #24017: (arthurlogilab) [salt-cloud openstack] TypeError: unhashable type: 'dict' on map
creation
refs: #24029
• 429adfe Merge pull request #24029 from makinacorpus/fixproviders
• 412b39b Fix providers handling
PR #23936: (jfindlay) remove unreachable returns in file state
@ 2015-05-22T16:26:49Z
• a42cccc Merge pull request #23936 from jfindlay/file_state
• ac29c0c also validate file.recurse source parameter
• 57f7388 remove unreachable returns in file state
PR #24063: (jayeshka) removed tuple index error
@ 2015-05-22T14:58:20Z
• 8b69b41 Merge pull request #24063 from jayeshka/mount-states-module
• b9745d5 removed tuple index error
PR #24057: (rallytime) Backport #22572 to 2015.5
@ 2015-05-22T05:36:25Z
PR #22572: (The-Loeki) Small docfix for GitPillar
refs: #24057
• 02ac4aa Merge pull request #24057 from rallytime/bp-22572
• 49aad84 Small docfix for GitPillar
PR #24040: (rallytime) Backport #24027 to 2015.5
@ 2015-05-21T23:43:54Z
ISSUE #23088: (wfhg) Segfault when adding a Zypper repo on SLES 11.3
refs: #24027
PR #24027: (wfhg) Add baseurl to salt.modules.zypper.mod_repo
refs: #24040
• 82de059 Merge pull request #24040 from rallytime/bp-24027
• 37d25d8 Added baseurl as alias for url and mirrorlist in salt.modules.zypper.mod_repo.
PR #24039: (rallytime) Backport #24015 to 2015.5
@ 2015-05-21T23:43:25Z
PR #24015: (YanChii) minor improvement of solarisips docs & fix typos
refs: #24039
• d909781 Merge pull request #24039 from rallytime/bp-24015
• 6bfaa94 minor improvement of solarisips docs & fix typos
PR #24038: (rallytime) Backport #19599 to 2015.5
@ 2015-05-21T23:43:10Z
ISSUE #19598: (fayetted) ssh_auth.present test=true incorectly reports changes will be made
refs: #19599
PR #19599: (fayetted) Fix ssh_auth test mode, compare lines not just key
refs: #24038
• 4a0f254 Merge pull request #24038 from rallytime/bp-19599
• ea00d3e Fix ssh_auth test mode, compare lines not just key
PR #24046: (rallytime) Remove key management test from digital ocean cloud tests
@ 2015-05-21T22:32:04Z
• 42b87f1 Merge pull request #24046 from rallytime/remove_key_test
• 1d031ca Remove key management test from digital ocean cloud tests
PR #24044: (cro) Remove spurious log message, fix typo in doc
@ 2015-05-21T22:31:49Z
• eff54b1 Merge pull request #24044 from cro/pgjsonb
• de06633 Remove spurious log message, fix typo in doc
PR #24001: (msteed) issue #23883
@ 2015-05-21T20:32:30Z
ISSUE #23883: (kaithar) max_event_size seems broken * ac32000 Merge pull request #24001 from
msteed/issue-23883 * bea97a8 issue #23883
PR #23995: (kiorky) Lxc path pre
@ 2015-05-21T17:26:03Z
• f7fae26 Merge pull request #23995 from makinacorpus/lxc_path_pre
• 319282a lint
• 1dc67e5 lxc: versionadded
• fcad7cb lxc: states improvements
• 644bd72 lxc: more consistence for profiles
• 139372c lxc: remove merge cruft
• 725b046 lxc: Repair merge
PR #24032: (kartiksubbarao) Update augeas_cfg.py
@ 2015-05-21T17:03:42Z
ISSUE #16383: (interjection) salt.states.augeas.change example from docs fails with exception
refs: #24032
• 26d6851 Merge pull request #24032 from kartiksubbarao/augeas_insert_16383
• 3686dcd Update augeas_cfg.py
PR #24025: (jayeshka) adding timezone unit test case
@ 2015-05-21T16:50:53Z
• 55c9245 Merge pull request #24025 from jayeshka/timezone-unit-test
• 1ec33e2 removed assertion error
• 16ecb28 adding timezone unit test case
PR #24023: (jayeshka) adding states/mongodb_database unit test case
@ 2015-05-21T16:49:17Z
• e243617 Merge pull request #24023 from jayeshka/mongodb_database-states-unit-test
• 5a9ac7e adding states/mongodb_database unit test case
PR #24022: (jayeshka) adding states/modjk_worker unit test case
@ 2015-05-21T16:48:29Z
• b377bd9 Merge pull request #24022 from jayeshka/modjk_worker-states-unit-test
• 05c0a98 adding states/modjk_worker unit test case
PR #24005: (msteed) issue #23776
@ 2015-05-21T01:55:34Z
ISSUE #23776: (enblde) Presence change events constantly reporting all minions as new in 2015.5 *
701c51b Merge pull request #24005 from msteed/issue-23776 * 62e67d8 issue #23776
PR #23996: (neogenix) iptables state generates a 0 position which is invalid in iptables cli #23950
@ 2015-05-20T22:44:27Z
ISSUE #23950: (neogenix) iptables state generates a 0 position which is invalid in iptables cli
refs: #23996
• 17b7c0b Merge pull request #23996 from neogenix/2015.5-23950
• ad417a5 fix for #23950
PR #23994: (rallytime) Skip the gpodder pkgrepo test for Ubuntu 15 - they don't have vivid ppa up yet
@ 2015-05-20T21:18:21Z
• 4cb8773 Merge pull request #23994 from rallytime/skip_test_ubuntu_15
• 9e0ec07 Skip the gpodder pkgrepo test - they don't have vivid ppa up yet
Salt 2015.5.3 Release Notes
Extended Changelog Courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2015-07-01T19:40:52Z
Statistics:
• Total Merges: 177
• Total Issue references: 81
• Total PR references: 231
Changes:
• PR #25096: (jfindlay) Postgres group test @ 2015-07-01T18:48:26Z
• PR #24330: (jayeshka) adding states/postgres_group unit test case. | refs: #25096
• 21709aa Merge pull request #25096 from jfindlay/postgres_group_test
• 3c379dc declobber postgres state unit test mocking
• a162ffa adding states/postgres_group unit test case.
• PR #25085: (jfindlay) accept all sources in the file state @ 2015-07-01T18:23:45Z
• ISSUE #25041: (wt) REGRESSION: pillar.get of integer fails to render in sls | refs: #25085
• 0a84640 Merge pull request #25085 from jfindlay/fix_file
• 937a252 remove unnecessary file state tests
• 6f238e9 integration test file.managed sources
• a5978d3 iterate an iterable source othwerise list+str it
• PR #25095: (jfindlay) Win groupadd unit tests @ 2015-07-01T18:18:53Z
• PR #24207: (jayeshka) adding win_groupadd unit test case. | refs: #25095
• a983942 Merge pull request #25095 from jfindlay/win_groupadd_test
• 564dffd depend on win libs rather than mocking them
• 9b9aeb8 resolved all errors.
• aaf8935 adding win_groupadd unit test case.
• PR #25089: (jfindlay) fix minion sudo @ 2015-07-01T15:53:16Z
• ISSUE #21520: (jfindlay) sudo.salt_call is broken | refs: #25089
• PR #20226: (thatch45) Allow sudo priv escalation | refs: #25089
• 7c8d2a8 Merge pull request #25089 from jfindlay/fix_sudo
• d8f91d4 add some apprehension to the sudo exec module
• a9269c0 adding sudo exec module docs
• e4a40b7 comment whitespace in minion config
• 44cb167 adding sudo_user minion config docs
• d461060 adding sudo_user minion config to default
• PR #25099: (driskell) Fix broken batch results @ 2015-07-01T15:51:29Z
• ISSUE #24875: (ahammond) ValueError: list.remove(x): x not in list in File
"/usr/lib/python2.6/site-packages/salt/cli/batch.py", line 179, in run active.remove(minion) | refs:
#25099
• 4d6078e Merge pull request #25099 from driskell/patch-1
• 59b23e5 Fix broken batch results
• PR #25083: (steverweber) ipmi: get_sensor_data would always fail @ 2015-06-30T20:57:21Z
• 4635079 Merge pull request #25083 from steverweber/fix_ipmi_stat
• 836f48c include _ in IpmiCommand
• 817e434 get_sensor_data would always fail
• PR #25067: (The-Loeki) Fix for maxdepth=0 in find @ 2015-06-30T20:54:06Z
• 15f2a40 Merge pull request #25067 from The-Loeki/patch-1
• 61edad3 Fix for maxdepth=0 in find
• PR #25078: (terminalmage) Use smaller number for upper limit of mac_user's _first_avail_uid helper
function @ 2015-06-30T20:53:24Z
• 58d933c Merge pull request #25078 from terminalmage/fix-mac-uid
• df2ab7e Use smaller number for upper limit of mac_user's _first_avail_uid helper function
• PR #25045: (garethgreenaway) Fixes to debian_ip.py in 2015.5 @ 2015-06-30T17:36:43Z
• ISSUE #24521: (multani) State network.managed fails on Debian (Jessie) | refs: #25045
• ebd6cdc Merge pull request #25045 from garethgreenaway/24521_debian_networking
• 6f2a6c9 having proto default to static since it's needed to build the template.
• PR #25065: (lorengordon) Add download links for 2015.5.1-3 and 2015.5.2 Windows installers @
2015-06-30T15:29:31Z
• ISSUE #25057: (TheBigBear) why is there still no newer salt-minion for windows than ver. 2015.5.0-2?
no 2015.5.1 or 2015.5.2?
• ae31b27 Merge pull request #25065 from lorengordon/update-windows-installer-links
• 40a0c13 Add download links for 2015.5.1-3 and 2015.5.2, Fixes #25057
• PR #25052: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-06-30T01:05:00Z
• ISSUE #15209: (hubez) file.manage: source_hash not working with s3:// (2014.7.0rc1) | refs: #25011
• PR #25011: (notpeter) Add s3 to protocols for remote source_hash (2014.7 backport)
• ddaeb0f Merge pull request #25052 from basepi/merge-forward-2015.5
• 2c5e664 Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• a7154e7 Merge pull request #25011 from notpeter/s3_2014.7_backport
• 8b8af64 Add s3 to protocols for remote source_hash
• PR #25038: (jfindlay) versionadded @ 2015-06-29T19:49:27Z
• PR #24747: (msciciel) add get_route function to network module | refs: #25038
• c7003d4 Merge pull request #25038 from jfindlay/versionadded
• d6dc6f9 versionadded
• PR #24747: (msciciel) add get_route function to network module | refs: #25038 @ 2015-06-29T16:51:43Z
• 28c87ca Merge pull request #24747 from msciciel/2015.5
• 79b4ec2 network module lint fix
• 0b6ef78 network module: fix for ipv6
• f3d184c add get_route function to network module
• PR #24975: (ryan-lane) Fix update of undefined env var in npm module @ 2015-06-29T16:45:05Z
• 46a9677 Merge pull request #24975 from lyft/npm-module-fix
• 6fde581 Try byte literals rather than unicode strings in the env
• c8514de Fix update of undefined env var in npm module
• PR #24986: (heewa) Don't modify empty change @ 2015-06-29T16:44:17Z
• 9cf8550 Merge pull request #24986 from heewa/fix-pkg-hold-when-errored
• d47a448 Don't modify empty change
• PR #24999: (rallytime) Provide a less confusing error when cloud provider is misconfigured @
2015-06-29T16:43:31Z
• ISSUE #24969: (bradthurber) salt-cloud 2015.5.0: missing azure dependency results in misleading error
| refs: #24999
• ece897d Merge pull request #24999 from rallytime/cloud_error_help
• 1e81a88 Clean up
• be19a67 Provide a less confusing error when cloud provider is misconfigured
• PR #24987: (heewa) Don't try to cache a template when it's not a file @ 2015-06-29T14:02:59Z
• 4af15cf Merge pull request #24987 from heewa/fix-trying-to-cache-no-file
• 9ae0c78 Don't try to cache a template when it's not a file
• PR #25022: (jfindlay) revise label and milestone documentation @ 2015-06-29T13:51:24Z
• 8eeaddb Merge pull request #25022 from jfindlay/label_docs
• 8575192 revise label and milestone documentation
• PR #25029: (jayeshka) adding redismod unit test case. @ 2015-06-29T13:50:33Z
• 89c2e01 Merge pull request #25029 from jayeshka/redismod-unit-test
• e3045be adding redismod unit test case.
• PR #24995: (rallytime) Fix deprecated pymongo usage causing errors in latest pymongo @
2015-06-27T22:28:56Z
• PR #24175: (trevor-h) fix deprecated pymongo usage causing errors in latest pymongo | refs: #24995
• 6425252 Merge pull request #24995 from rallytime/tops_mongo
• a3c1063 fix deprecated pymongo usage causing errors in latest pymongo
• PR #24994: (garethgreenaway) Another Fix to gpg.py in 2015.5 @ 2015-06-27T22:28:15Z
• ISSUE #24862: (dkatsanikakis) gpg.import_key returns error after successfully completed | refs:
#24966 #24994
• e9aaa11 Merge pull request #24994 from garethgreenaway/2015_5_24862_gpg_import_key
• d2f0d8f variable was referenced before assignment. Just removing the variable and checking the
return from distutils.version.LooseVersion directly.
• PR #24988: (jayeshka) adding states/supervisord unit test case. @ 2015-06-27T22:24:42Z
• ebd666e Merge pull request #24988 from jayeshka/supervisord-states-unit-test
• bb0a6d5 adding states/supervisord unit test case.
• PR #25007: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-06-26T21:28:57Z
• ISSUE #24915: (jtand) Salt-cloud not working in 2014.7.6 | refs: #24944
• PR #24944: (techhat) Double-check main_cloud_config
• PR #24936: (jtand) Fixed ps module to not use depreciated psutil commands
• 0487c3c Merge pull request #25007 from basepi/merge-forward-2015.5
• 4980fd5 Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• a11e4c6 Merge pull request #24944 from techhat/issue24915
• 59c3081 Double-check main_cloud_config
• d26a544 Merge pull request #24936 from jtand/psutil
• bdb7a19 Fixed ps module to not use depreciated psutil commands
• PR #25003: (jacobhammons) Updated man pages @ 2015-06-26T19:13:41Z
• 91a60e1 Merge pull request #25003 from jacobhammons/man-pages
• cf97a4a Updated man pages
• PR #25002: (jacobhammons) sphinx html theme updates @ 2015-06-26T18:39:14Z
• a60a2c4 Merge pull request #25002 from jacobhammons/doc-announcements
• f88f344 sphinx html theme updates
• PR #24977: (rallytime) Only warn about digital ocean deprecation if digital ocean is configured @
2015-06-25T23:54:46Z
• a791b23 Merge pull request #24977 from rallytime/do_move_warning
• 6b54422 Only warn about digital ocean deprecation if digital ocean is configured
• PR #24966: (garethgreenaway) Fixes to gpg.py in 2015.5 @ 2015-06-25T19:58:49Z
• ISSUE #24862: (dkatsanikakis) gpg.import_key returns error after successfully completed | refs:
#24966 #24994
• a71c1b7 Merge pull request #24966 from garethgreenaway/2015_5_24862_gpg_import_key
• 55eb73b fixing unit tests.
• 80c24be Fixing an issue with the import_key method. Different results depending on which gnupg
python module is installed.
• PR #24965: (jacksontj) Fix memory leak in saltnado @ 2015-06-25T18:48:03Z
• ISSUE #24846: (mavenAtHouzz) Memory leak issue in rest_tornado EventListener | refs: #24965
• 8622184 Merge pull request #24965 from jacksontj/2015.5
• 48b5e16 pylint
• 87adca4 Fix memory leak in saltnado
• PR #24948: (jfindlay) fix some malformed doc links and anchors @ 2015-06-25T15:51:38Z
• 773c4cf Merge pull request #24948 from jfindlay/doc_links
• 152a9b2 fix some malformed doc links and anchors
• PR #24886: (anlutro) Be more careful about stripping away root_dir from directory options @
2015-06-25T15:50:11Z
• ISSUE #24885: (anlutro) Master config - Directories starting with a dot have the dot stripped when
root_dir is . | refs: #24886
• 4ebc01e Merge pull request #24886 from alprs/fix-root_dir_bug
• 52ccafd os.sep is the correct directory separator constant
• 0ecbf26 Be more careful about stripping away root_dir from directory options
• PR #24930: (jacksontj) Don't refetch file templates 100% of the time-- Performance optimization for
templated files @ 2015-06-24T21:22:47Z
• f52f7e1 Merge pull request #24930 from jacksontj/2015.5
• 5fb7534 Only parse the source if we have one
• c03a6fa Add support for sources of managed files to be local
• 4cf78a0 pylint
• d70914e Don't refetch the template 100% of the time-- Performance optimization for templated files
• PR #24935: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-06-24T18:17:54Z
• PR #24918: (BretFisher) SmartOS SMF minion startup fix
• PR #473: (whiteinge) Added a couple functions to work with the minion file cache | refs: #24918
• 925a4d9 Merge pull request #24935 from basepi/merge-forward-2015.5
• 8d8bf34 Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• eeb05a1 Merge pull request #24918 from BretFisher/minion-start-smartos-smf-fix
• d7bfb0c Smartos smf minion fix
• PR #24873: (jfindlay) convert osrelease grain to str before str op @ 2015-06-24T16:43:08Z
• ISSUE #24826: (rakai93) rh_service.py: 'int' object has no attribute 'startswith' | refs: #24873
• 4e8ed0d Merge pull request #24873 from jfindlay/rh_service
• febe6ef convert osrelease grain to str before str op
• PR #24923: (jayeshka) adding states/status unit test case. @ 2015-06-24T15:50:07Z
• 90819f9 Merge pull request #24923 from jayeshka/status-states-unit-test
• baec650 adding states/status unit test case.
• PR #24902: (cro) Fix minion failover, document same @ 2015-06-24T15:20:43Z
• 2dd24ec Merge pull request #24902 from cro/fixfo2
• 90c73ff References to documentation.
• f0c9204 Add references to failover parameters in conf
• 9da96a8 Docs
• e2314f0 Move comment.
• b9a756f Fix master failover and add documentation for same. Factor in syndics. Syndics will not
failover (yet).
• PR #24926: (rallytime) Back-port #22263 to 2015.5 @ 2015-06-24T15:09:40Z
• PR #22263: (cachedout) Prevent a load from being written if one already exists | refs: #24926
• 087ee09 Merge pull request #24926 from rallytime/bp-22263
• 8c92d9c Prevent a load from being written if one already exists
• PR #24900: (rallytime) Back-port #24848 to 2015.5 @ 2015-06-24T15:09:18Z
• PR #24848: (nmadhok) Correcting bash code blocks | refs: #24900
• b34a74f Merge pull request #24900 from rallytime/bp-24848
• d2b5456 Correcting bash code blocks
• PR #24899: (rallytime) Back-port #24847 to 2015.5 @ 2015-06-24T15:09:01Z
• PR #24847: (borutmrak) unset size parameter for lxc.create when backing=zfs | refs: #24899
• a546e8e Merge pull request #24899 from rallytime/bp-24847
• 1e4ec7a unset size parameter for lxc.create when backing=zfs
• PR #24898: (rallytime) Back-port #24845 to 2015.5 @ 2015-06-24T15:06:09Z
• PR #24845: (porterjamesj) fix bug in docker.loaded | refs: #24898
• d4dd8d2 Merge pull request #24898 from rallytime/bp-24845
• 071049a fix bug in docker.loaded
• PR #24897: (rallytime) Back-port #24839 to 2015.5 @ 2015-06-24T15:05:35Z
• ISSUE #24799: (infestdead) Forced remount because options changed when no options changed (glusterfs)
• PR #24839: (infestdead) fix for issue #24799 | refs: #24897
• 6930855 Merge pull request #24897 from rallytime/bp-24839
• f3b20d5 fix for issue #24799
• PR #24891: (jayeshka) adding states/ssh_known_hosts unit test case. @ 2015-06-23T16:46:58Z
• 1650233 Merge pull request #24891 from jayeshka/ssh_known_hosts-states-unit-test
• ef1347f adding states/ssh_known_hosts unit test case.
• PR #24874: (dkiser) Fix for salt-cloud when ssh key used to auth and using sudo. @
2015-06-22T23:46:08Z
• ISSUE #24870: (dkiser) salt-cloud fails on sudo password prompt when using ssh key to auth | refs:
#24874
• c32aae9 Merge pull request #24874 from dkiser/salt-cloud-24870
• 6c31143 Fix key error for the PR to fix #24870.
• bdcf7d8 Fix pylint for #24874.
• 8f66d19 Fix for salt-cloud when ssh key used to auth and using sudo.
• PR #24880: (dkiser) Fix to allow password for salt-cloud to be set outside of a vm specif… @
2015-06-22T23:44:59Z
• ISSUE #24871: (dkiser) salt-cloud fails to honor 'password' in cloud options before raising an
exception | refs: #24880
• ddaa21c Merge pull request #24880 from dkiser/salt-cloud-24871
• 4f6c035 Fix to allow password for salt-cloud to be set outside of a vm specific context.
• PR #24852: (pruiz) Fix issue 24851: regular expression so it now matches packages with '.' or '-' at
pkg name @ 2015-06-22T20:37:13Z
• 3902b16 Merge pull request #24852 from pruiz/issue-24851
• 73adb1d Fix regular expression so it now matches packages with '.' or '-' at pkg name.
• PR #24861: (jayeshka) adding states/ssh_auth unit test case. @ 2015-06-22T16:20:01Z
• 6c5b788 Merge pull request #24861 from jayeshka/ssh_auth-states-unit-test
• e5d7b0d adding states/ssh_auth unit test case.
• PR #24824: (kev009) Detect bhyve virtual type for FreeBSD guests @ 2015-06-22T15:24:35Z
• ISSUE #23478: (calvinhp) grains.get virtual reports "physical" on bhyve FreeBSD VM | refs: #24824
• 9e3321c Merge pull request #24824 from kev009/grains-bhyve-bsd
• a226209 Detect bhyve virtual type for freebsd guests
• PR #24795: (anlutro) Fix state.apply for salt-ssh @ 2015-06-22T15:23:57Z
• ISSUE #24746: (anlutro) state.apply doesn't seem to work | refs: #24795
• 7b07ef9 Merge pull request #24795 from alprs/fix-salt_ssh_state_apply
• 905840b Fix state.apply for salt-ssh
• PR #24832: (jacksontj) Don't incur a "_load_all" of the lazy_loader while looking for mod_init. @
2015-06-22T15:17:10Z
• PR #20540: (jacksontj) Loader nomerge: Don't allow modules to "merge" | refs: #24832
• PR #20481: (jacksontj) Add submodule support to LazyLoader | refs: #20540
• PR #20473: (jacksontj) Add "disabled" support | refs: #20481
• PR #20274: (jacksontj) Loader overhaul to LazyLoader | refs: #20473
• PR #12327: (jacksontj) Add a LazyLoader class which will lazily load modules (with the given lo... |
refs: #20274
• 31d4c13 Merge pull request #24832 from jacksontj/2015.5
• cfa7c0a pylint
• be18439 Don't incur a "_load_all" of the lazy_loader while looking for mod_init.
• PR #24834: (rallytime) Back-port #24811 to 2015.5 @ 2015-06-19T18:43:49Z
• ISSUE #14666: (luciddr34m3r) salt-cloud GoGrid exception when using map file | refs: #24811
• PR #24811: (rallytime) Add notes to map and gogrid docs -- don't use -P with map files | refs: #24834
• 2d8148f Merge pull request #24834 from rallytime/bp-24811
• e2684ec Add notes to map and gogrid docs -- don't use -P with map files
• PR #24790: (rallytime) Back-port #24741 to 2015.5 @ 2015-06-19T17:25:58Z
• PR #24741: (CameronNemo) Improve Upstart enable/disable handling | refs: #24790
• d2edb63 Merge pull request #24790 from rallytime/bp-24741
• a54245f Add missing import
• 4ce6370 salt.modules.upstart: fix lint errors
• aec53ec Improve Upstart enable/disable handling
• PR #24789: (rallytime) Back-port #24717 to 2015.5 @ 2015-06-19T17:17:00Z
• PR #24717: (gthb) virtualenv.managed: document user and no_chown | refs: #24789
• 645e62a Merge pull request #24789 from rallytime/bp-24717
• 95ac4eb virtualenv.managed: document user and no_chown
• PR #24823: (jayeshka) adding states/splunk_search unit test case. @ 2015-06-19T17:14:12Z
• 0a6c70f Merge pull request #24823 from jayeshka/splunk_search-states-unit-test
• 98831a8 adding states/splunk_search unit test case.
• PR #24809: (jodv) Correctly create single item list for failover master type with string value for
master opt @ 2015-06-19T15:22:20Z
• 4c5a708 Merge pull request #24809 from jodv/single_item_master_list
• 18ceebc single item list vs. list of characters
• PR #24802: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-06-18T20:11:58Z
• ISSUE #24776: (nmadhok) --static option in salt raises ValueError and has been broken for a very long
time | refs: #24777
• ISSUE #21318: (thanatos) get_full_returns raises KeyError | refs: #24769
• ISSUE #18994: (njhartwell) salt.client.get_cli_returns errors when called immediately after run_job |
refs: #24769
• ISSUE #17041: (xenophonf) Confusing Salt error messages due to limited/incomplete PowerShell command
error handling | refs: #24690
• ISSUE #19: (thatch45) Sending a faulty command kills all the minions!
• PR #24780: (nmadhok) Backporting PR #24777 to 2014.7 branch
• PR #24779: (nmadhok) Backporting Changes to 2014.7 branch | refs: #24777
• PR #24778: (nmadhok) Backporting PR #24777 to 2015.2 branch | refs: #24777
• PR #24777: (nmadhok) Fixing issue where --static option fails with ValueError Fixes #24776 | refs:
#24778 #24780
• PR #24769: (msteed) Fix stacktrace in get_cli_returns()
• PR #24690: (twangboy) Report powershell output instead of error
• ae05e70 Merge pull request #24802 from basepi/merge-forward-2015.5
• 5b7a65d Merge pull request #19 from twangboy/merge-forward-fixes
• 98e7e90 Fixed test failures for Colton
• b949856 Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• 4281dff Merge pull request #24780 from nmadhok/backport-2014.7-24777
• c53b0d9 Backporting PR #24777 to 2014.7 branch
• f3c5cb2 Merge pull request #24769 from msteed/issue-21318
• f40a9d5 Fix stacktrace in get_cli_returns()
• 59db246 Merge pull request #24690 from twangboy/fix_17041
• 7a01538 Added additional reporting
• d84ad5d Fixed capitalization... Failed and Already
• e955245 Merge branch '2014.7' of https://github.com/saltstack/salt into fix_17041
• 144bff2 Report powershell output instead of error
• PR #24798: (jtand) Revert "adding states/postgres_database unit test case." @ 2015-06-18T17:56:17Z
• PR #24329: (jayeshka) adding states/postgres_database unit test case. | refs: #24798
• daa76c3 Merge pull request #24798 from saltstack/revert-24329-postgres_database-states-unit-test
• 179ce03 Revert "adding states/postgres_database unit test case."
• PR #24791: (rallytime) Back-port #24749 to 2015.5 @ 2015-06-18T17:43:15Z
• PR #24749: (obestwalter) add windows specific default for multiprocessing | refs: #24791
• 7073a9f Merge pull request #24791 from rallytime/bp-24749
• be43b2b add windows specific default for multiprocessing
• PR #24792: (rallytime) Back-port #24757 to 2015.5 @ 2015-06-18T15:58:35Z
• PR #24757: (cachedout) Fix loader call in pyobjects | refs: #24792
• PR #24668: (grischa) enable virtual package names in pyobjects renderer | refs: #24721 #24757
• 1a158e8 Merge pull request #24792 from rallytime/bp-24757
• 6c804f0 Fix loader call in pyobjects
• PR #24768: (jfindlay) fix yum versionlock on RHEL/CentOS 5, disable corresponding test @
2015-06-18T15:13:12Z
• 0f92982 Merge pull request #24768 from jfindlay/pkg_mod
• 7a26c2b disable pkg.hold test for RHEL/CentOS 5
• 4cacd93 use correct yum versionlock pkg name on centos 5
• PR #24778: (nmadhok) Backporting PR #24777 to 2015.2 branch | refs: #24777 @ 2015-06-18T14:53:04Z
• ISSUE #24776: (nmadhok) --static option in salt raises ValueError and has been broken for a very long
time | refs: #24777
• PR #24779: (nmadhok) Backporting Changes to 2014.7 branch | refs: #24777
• PR #24777: (nmadhok) Fixing issue where --static option fails with ValueError Fixes #24776 | refs:
#24778 #24780
• 39f088a Merge pull request #24778 from nmadhok/backport-2015.2-24777
• ae3701f Backporting PR #24777 to 2015.2 branch
• PR #24774: (zefrog) Fix lxc lvname parameter command @ 2015-06-18T14:49:06Z
• 2a4f65f Merge pull request #24774 from zefrog/fix-lxc-lvname-param
• 21e0cd4 Fixed typo in lxc module: lvname parameter typo
• 283d86e Fixed bug in lxc module: lvname using wrong parameter in cmd
• PR #24782: (jayeshka) adding states/slack unit test case. @ 2015-06-18T14:33:55Z
• fd73390 Merge pull request #24782 from jayeshka/slack-states-unit-test
• e2b6214 adding states/slack unit test case.
• PR #24771: (jacksontj) Always extend requisites, instead of replacing them @ 2015-06-18T14:29:09Z
• ISSUE #24770: (jacksontj) Requisite and Requisite_in don't play nice together | refs: #24771
• c9c90af Merge pull request #24771 from jacksontj/2015.5
• b1211c5 Re-enable tests for complex prereq and prereq_in
• 378f6bf Only merge when the merge is of requisites
• PR #24766: (msteed) Remove doc references to obsolete minion opt @ 2015-06-17T21:36:55Z
• 5fe4de8 Merge pull request #24766 from msteed/undoc-dns_check
• f92a769 Remove doc references to obsolete minion opt
• PR #24329: (jayeshka) adding states/postgres_database unit test case. | refs: #24798 @
2015-06-17T19:11:02Z
• a407ab7 Merge pull request #24329 from jayeshka/postgres_database-states-unit-test
• ee06f1a adding states/postgres_database unit test case.
• PR #24632: (jacobhammons) Doc bug fixes @ 2015-06-17T18:40:02Z
• ISSUE #24560: (hydrosine) Documentation missing on parameter | refs: #24632
• ISSUE #24547: (dragonpaw) Artifactory docs say module is 'jboss7'. | refs: #24632
• ISSUE #24375: (companykitchen-dev) Custom grain won't sync under any circumstances | refs: #24632
• ISSUE #24275: (kartiksubbarao) augeas issue with apache and recognizing changes that have been
already made | refs: #24632
• ISSUE #24163: (tbaker57) enable_gpu_grains default value confusion | refs: #24632
• 3ff6eff Merge pull request #24632 from jacobhammons/bug-fixes
• 7c52012 Fixed typos
• c7cdd41 Doc bug fixes Refs #24547 Refs #24275 Refs #24375 Refs #24560 Refs #24163
• PR #24607: (garethgreenaway) fixes to minion.py @ 2015-06-17T18:16:42Z
• ISSUE #24198: (ahammond) salt-call event.send doesn't send events from minion | refs: #24607
• 9995f64 Merge pull request #24607 from garethgreenaway/2015_5_sending_events_multi_master
• 8abd3f0 A fix if you have multiple masters configured and try to fire events to the minion.
Currently they fail silently. Might be the cause of #24198.
• PR #24755: (rallytime) Remove SALT_CLOUD_REQS from setup.py @ 2015-06-17T17:42:25Z
• bf2dd94 Merge pull request #24755 from rallytime/fix_setup_15
• 48769a5 Remove SALT_CLOUD_REQS from setup.py
• PR #24740: (rallytime) Backport #24720 to 2015.5 @ 2015-06-17T16:43:37Z
• PR #24720: (TheScriptSage) Issue 24621 - AD/LDAP Group Auth Issue | refs: #24740
• 3d53d79 Merge pull request #24740 from rallytime/bp-24720
• a9bcdb5 Updating master.py to properly check against groups when user is only authed against group.
Tested against unit.auth_test.
• PR #24723: (rallytime) Back-port #20124 to 2015.5 @ 2015-06-17T16:43:20Z
• PR #20124: (cgtx) add init system to default grains | refs: #24723
• ac2851b Merge pull request #24723 from rallytime/bp-20124
• 4d0061b fix infinite loop introduced by #20124 when the init system is not in the supported_inits
list
• 0c7fa0f Optimizations for #20124
• f353454 add init system to default grains (resolve #20124)
• PR #24754: (anlutro) salt-cloud documentation - Add information about linode location @
2015-06-17T16:04:48Z
• 78cd09b Merge pull request #24754 from alprs/docs-add_linode_location_option
• d88e071 add information about linode location
• PR #24748: (jayeshka) adding states/serverdensity_device unit test case. @ 2015-06-17T15:39:07Z
• d5554f7 Merge pull request #24748 from jayeshka/serverdensity_device-states-unit-test
• 1a4c241 adding states/serverdensity_device unit test case.
• PR #24739: (rallytime) Back-port #24735 to 2015.5 @ 2015-06-17T15:16:47Z
• PR #24735: (notpeter) Add 2015.5 codename to version numbers docs | refs: #24739
• 0b7e7ef Merge pull request #24739 from rallytime/bp-24735
• 64c565d Add .0 to version number
• 5ed801b Add codenames for 2015.5 and future versions. Trailing newline.
• PR #24732: (msteed) Fix stacktrace when --summary is used @ 2015-06-17T03:27:57Z
• ISSUE #24111: (yermulnik) cli option '--summary' got broken after upgrade to 2015.5.1 | refs: #24732
• c8713f2 Merge pull request #24732 from msteed/issue-24111
• 54b33dd Fix stacktrace when --summary is used
• PR #24721: (rallytime) Back-port #24668 to 2015.5 @ 2015-06-17T03:23:47Z
• PR #24668: (grischa) enable virtual package names in pyobjects renderer | refs: #24721 #24757
• 70d3781 Merge pull request #24721 from rallytime/bp-24668
• 68fb5af fixing other test
• ba4f262 fixing text for virtual support in pyobjects
• b349d91 enable virtual package names in pyobjects renderer
• PR #24718: (rallytime) Added some missing config documentation to the vsphere driver @
2015-06-17T03:19:35Z
• ISSUE #21923: (Fluro) Salt cloud not running provisioning script as root | refs: #24718
• ISSUE #17241: (hasues) Salt-Cloud for vSphere needs additional documentation | refs: #24718
• 1b9d689 Merge pull request #24718 from rallytime/update_vsphere_docs
• bfdebb6 Added some missing config documentation to the vsphere driver
• PR #24714: (rallytime) Remove cloud-requirements.txt @ 2015-06-17T03:17:04Z
• 64857c7 Merge pull request #24714 from rallytime/remove_cloud_reqs_15
• 67b796d Remove cloud-requirements.txt
• PR #24733: (msteed) Include Tornado in versions report @ 2015-06-17T03:13:53Z
• ISSUE #24439: (bechtoldt) Add tornado version to versions report | refs: #24733
• f96b1d6 Merge pull request #24733 from msteed/issue-24439
• 76cfef0 Include Tornado in versions report
• PR #24737: (jacksontj) Move AES command logging to trace @ 2015-06-17T01:48:11Z
• a861fe0 Merge pull request #24737 from jacksontj/2015.5
• a4ed41a Move AES command logging to trace
• PR #24724: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-06-16T22:46:27Z
• ISSUE #24196: (johnccfm) Exception when using user.present with Windows | refs: #24646
• PR #24646: (twangboy) Fixed user.present on existing user
• 0d2dc46 Merge pull request #24724 from basepi/merge-forward-2015.5
• 4641028 Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• a18dada Merge pull request #24646 from twangboy/fix_24196
• a208e1d Fixed user.present on existing user
• PR #24701: (jayeshka) adding states/selinux unit test case. @ 2015-06-16T15:27:29Z
• 3d33fe7 Merge pull request #24701 from jayeshka/selinux-states-unit-test
• 0c136fd adding states/selinux unit test case.
• PR #24687: (cachedout) Note about minimum worker_threads @ 2015-06-15T20:46:23Z
• 2e287a9 Merge pull request #24687 from cachedout/min_worker_threads
• b7bb7ea Note about minimum worker_threads
• PR #24688: (cachedout) Update AUTHORS @ 2015-06-15T20:46:03Z
• 432478c Merge pull request #24688 from cachedout/update_authors
• 3f6880e Better email
• 6c7b773 Update AUTHORS
• PR #24649: (cachedout) Improved error reporting for failed states @ 2015-06-15T16:04:20Z
• ISSUE #22385: (cachedout) States which require unavailable modules should display the reason | refs:
#24649
• 9a2b50d Merge pull request #24649 from cachedout/issue_22385
• b9fe792 States will now return the reason behind failure if a module could not be loaded
• PR #24673: (jayeshka) adding states/schedule unit test case. @ 2015-06-15T15:24:52Z
• 66e9e16 Merge pull request #24673 from jayeshka/schedule-states-unit-test
• 54aaaa5 adding states/schedule unit test case.
• PR #24663: (kartiksubbarao) Update augeas_cfg.py @ 2015-06-15T15:18:48Z
• ISSUE #24661: (kartiksubbarao) augeas.change doesn't support setting empty values | refs: #24663
• 5eb19c4 Merge pull request #24663 from kartiksubbarao/patch-2
• e18db50 Update augeas_cfg.py
• PR #24667: (dkiser) fix for #24583 clouds/openstack.py kerying first time succeeds @
2015-06-14T21:58:58Z
• ISSUE #24583: (dkiser) salt-cloud keyring password referenced before assignment | refs: #24667
• 4450432 Merge pull request #24667 from dkiser/fix-cloud-keyring
• c92c05f fix for #24583 clouds/openstack.py kerying first time succeeds
• PR #24659: (kartiksubbarao) Update aliases.py @ 2015-06-13T17:31:42Z
• ISSUE #24537: (kartiksubbarao) alias.present doesn't update alias values that are substrings of the
existing value | refs: #24659
• 4c64ee9 Merge pull request #24659 from kartiksubbarao/patch-1
• d683474 Update aliases.py
• PR #24644: (cro) Merge forward 2014.7->2015.5 @ 2015-06-12T21:31:41Z
• PR #24643: (cro) Add reference to salt-announce mailing list
• PR #24620: (twangboy) Fixed comment and uncomment functions in file.py
• 89eb616 Merge pull request #24644 from cro/2014.7-2015.5-20150612
• 4136dc3 Merge forward from 2014.7 to 2015.5
• b99484f Merge pull request #24643 from cro/saltannounce
• ecb0623 Add salt-announce mailing list.
• 635121e Merge pull request #24620 from twangboy/fix_24215
• d7a9999 Fixed comment and uncomment functions in file.py
• PR #24642: (basepi) Revert "fix target rule, remove unneeded quotation mark" @ 2015-06-12T20:14:26Z
• PR #24595: (tankywoo) fix target rule, remove unneeded quotation mark | refs: #24642
• b896a0d Merge pull request #24642 from saltstack/revert-24595-fix-iptables-target
• 5ff3224 Revert "fix target rule, remove unneeded quotation mark"
• PR #24628: (jayeshka) adding states/reg unit test case. @ 2015-06-12T17:29:11Z
• 01092c2 Merge pull request #24628 from jayeshka/reg_states-unit-test
• af1bd8f adding states/reg unit test case.
• PR #24631: (rallytime) Back-port #24591 to 2015.5 @ 2015-06-12T16:54:32Z
• ISSUE #24494: (arnoutpierre) Computed comments in jinja states | refs: #24591
• ISSUE #24073: (primechuck) State.highstate uses stale grain data. | refs: #24492
• ISSUE #23359: (BalintSzigeti) init.sls parsing issue | refs: #24591
• ISSUE #21217: (Colstuwjx) Maybe a bug for jinja render? | refs: #24591
• PR #24591: (tbaker57) Add some documentation surrounding Jinja vs yaml comments - | refs: #24631
• PR #24492: (DmitryKuzmenko) Don't remove grains from opts
• 5f491f9 Merge pull request #24631 from rallytime/bp-24591
• f13cd41 Add extra clarification why jinja comments are needed.
• 2374971 Fix typo
• 6a91747 Add some documentation surrounding Jinja comments - refs #24492, #21217, #23359
• PR #24616: (garethgreenaway) additional logging in state.py module @ 2015-06-12T16:25:39Z
• f23f99e Merge pull request #24616 from garethgreenaway/2015_5_logging_disabled_states
• 4dbf0ef Adding some logging statement to give feedback when states, including highstate, are
disabled. Useful when running from scheduler.
• PR #24595: (tankywoo) fix target rule, remove unneeded quotation mark | refs: #24642 @
2015-06-12T16:23:22Z
• 6dccbb0 Merge pull request #24595 from tankywoo/fix-iptables-target
• 10a5160 fix target rule, remove unneeded quotation mark
• PR #24604: (jfindlay) fix pkg module integration tests @ 2015-06-12T16:04:26Z
• 8ac3d94 Merge pull request #24604 from jfindlay/pkg_tests
• d88fb22 fix pkg module integration tests on CentOS 5
• fb91b40 fix pkg module integration tests on ubuntu 12
• PR #24600: (basepi) [2015.5] Remove __kwarg__ from salt-ssh keyword args @ 2015-06-12T04:21:29Z
• 0ff545c Merge pull request #24600 from basepi/salt-ssh.orchestrate.20615
• 9b55683 Remove __kwarg__ from salt-ssh keyword args
• PR #24608: (basepi) [2015.5] Normalize salt-ssh flat roster minion IDs to strings @
2015-06-11T21:35:07Z
• ISSUE #22843: (Xiol) salt-ssh roster doesn't support integers as host keys | refs: #24608
• 832916f Merge pull request #24608 from basepi/salt-ssh.flat.roster.integers.22843
• 381820f Normalize salt-ssh flat roster minion IDs to strings
• PR #24605: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-06-11T19:15:21Z
• PR #24589: (BretFisher) Fixed Mine example for jinja code block
• 4eb5bb2 Merge pull request #24605 from basepi/merge-forward-2015.5
• f96c502 Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• d83928a Merge pull request #24589 from BretFisher/patch-1
• 65a1133 Fixed Mine example for jinja code block
• PR #24598: (jacobhammons) 2015.5.2 release changes @ 2015-06-11T17:24:11Z
• ISSUE #24457: (ryan-lane) When selecting the version of docs on the docs site, it brings you to the
homepage | refs: #24598
• ISSUE #24250: (jfindlay) have version links on docs page link to that version of the current page |
refs: #24598
• e0bb177 Merge pull request #24598 from jacobhammons/doc-fixes
• f3f34dd 2015.5.2 release changes Refs #24250 Refs #24457
• PR #24588: (basepi) Fixes for saltmod.function for salt-ssh @ 2015-06-11T16:15:21Z
• ISSUE #20615: (aurynn) 2014.7.1: salt/states/saltmod using incorrect return dict for orchestrate |
refs: #24588
• 26930b4 Merge pull request #24588 from basepi/salt-ssh.orchestrate.20615
• 826936c Move documentation into docstring instead of comments
• de052e7 Assign 'return' to 'ret' if necessary in saltmod.function
• 34ff989 Convert keyword args to key=value strings in salt-ssh
• PR #24593: (jayeshka) adding states/redismod unit test case. @ 2015-06-11T15:55:27Z
• 5a21ad1 Merge pull request #24593 from jayeshka/redismod_states-unit-test
• 3b95744 adding states/redismod unit test case.
• PR #24581: (rallytime) Disabled some flaky tests until we can figure out how to make them more reliable
@ 2015-06-11T15:51:41Z
• ISSUE #40: (thatch45) Clean up timeouts | refs: #22857
• PR #24217: (jfindlay) disable intermittently failing tests | refs: #24581
• PR #23623: (jfindlay) Fix /jobs endpoint's return | refs: #24217
• PR #22857: (jacksontj) Fix /jobs endpoint's return | refs: #23623
• 8ffb86e Merge pull request #24581 from rallytime/disable_some_flaky_tests
• c82f135 Disabled some flaky tests until we can figure out how to make them more reliable
• PR #24566: (jayeshka) adding states/rdp unit test case. @ 2015-06-11T02:14:39Z
• a570d7f Merge pull request #24566 from jayeshka/rdp_states-unit-test
• 273b994 adding states/rdp unit test case.
• PR #24551: (joejulian) 2015.5 don't pollute environment @ 2015-06-11T02:13:06Z
• ISSUE #24480: (kiorky) [CRITICAL] [2015.5] tls breaks tzinfo | refs: #24551
• 20ada1f Merge pull request #24551 from joejulian/2015.5_dont_pollute_environment
• cfc3b43 Don't pollute the TZ environment variable
• cba8d3f pep8
• 9cb7015 Mark keyword version adds
• 76e2583 Merge tls changes from develop
• PR #24574: (jacobhammons) Refs #19901 @ 2015-06-10T20:09:23Z
• ISSUE #19901: (clinta) State cache is not documented | refs: #24468
• bb2fd6a Merge pull request #24574 from jacobhammons/19901
• e2a2946 Refs #19901
• PR #24577: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-06-10T19:46:22Z
• ISSUE #24427: (fayetted) 2015.5.1-3 Windows 64Bit Minion fails to start after install | refs: #24530
• PR #24530: (twangboy) Start Minion Service on Silent Install
• b03166c Merge pull request #24577 from basepi/merge-forward-2015.5
• e1d45cc Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• d376390 Merge pull request #24530 from twangboy/fix_24427
• 673e1d8 Added missing panel.bmp for installer
• cc50218 Start Minion Service on Silent Install
• PR #24571: (jacobhammons) Refs #24235 @ 2015-06-10T17:02:18Z
• ISSUE #24235: (tomasfejfar) Difference between running from minion and from master | refs: #24468
• 3ec457b Merge pull request #24571 from jacobhammons/24235
• 8df5d53 Refs #24235
• PR #24565: (pille) fix backtrace, when listing plugins @ 2015-06-10T16:33:11Z
• fe07eb5 Merge pull request #24565 from pille/munin-ignore-broken-symlinks
• 8511a6c fix backtrace, when listing plugins
• PR #24554: (ryan-lane) Fix yes usage for pecl defaults @ 2015-06-09T23:59:49Z
• 251c8f9 Merge pull request #24554 from lyft/pecl-module-fix
• 56a9cfc Fix yes usage for pecl defaults
• PR #24535: (rallytime) Back-port #24518 to 2015.5 @ 2015-06-09T20:06:18Z
• PR #24518: (rallytime) Merge #24448 with Pylint Fixes | refs: #24535
• PR #24448: (codertux) Update modules path for operating systems using systemd | refs: #24518
• dbd49b4 Merge pull request #24535 from rallytime/bp-24518
• fc75197 Pylint fix
• 3e08840 Update modules path for operating systems using systemd
• PR #24538: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-06-09T17:27:20Z
• PR #24513: (jquast) bugfix use of 'iteritem' in 2014.7 branch
• PR #24511: (jquast) bugfix: trailing "...done" in rabbitmq output | refs: #24513
• 485ed3c Merge pull request #24538 from basepi/merge-forward-2015.5
• 6a8039d Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• 6ebc476 Merge pull request #24513 from jquast/2014.7-bugfix-iteritem
• 2be0180 bugfix use of 'iteritem' in 2014.7 branch
• PR #24495: (jayeshka) adding states/rabbitmq_vhost unit test case. @ 2015-06-09T15:33:23Z
• 73e6388 Merge pull request #24495 from jayeshka/rabbitmq_vhost_states-unit-test
• 31889e3 cosmetic change.
• cf501cf resolved error.
• 4bb6087 Merge branch '2015.5' of https://github.com/saltstack/salt into
rabbitmq_vhost_states-unit-test
• 3ad7714 adding states/rabbitmq_vhost unit test case.
• PR #24445: (jayeshka) adding states/pyrax_queues unit test case. @ 2015-06-09T15:28:45Z
• bf1abcc Merge pull request #24445 from jayeshka/pyrax_queues_states-unit-test
• ea27cef adding states/pyrax_queues unit test case.
• PR #24490: (aneeshusa) Fix pacman.list_upgrades for new python_shell default. @ 2015-06-09T15:13:16Z
• 0247e8d Merge pull request #24490 from aneeshusa/fix-pacman-list-upgrades
• 980e1cb Lint fix.
• dca33f1 Fix pacman.list_upgrades for new python_shell default.
• PR #24517: (steverweber) small fixes to the ipmi docs @ 2015-06-09T15:10:14Z
• 6268ddb Merge pull request #24517 from steverweber/ipmi_doc
• 6413712 lint
• e78aea9 more small fixes to the ipmi docs
• PR #24524: (jayeshka) any() takes list oy tuple. @ 2015-06-09T13:49:42Z
• 3728b3f Merge pull request #24524 from jayeshka/rabbitmq_vhost_states-module
• 01c99ad any() takes list oy tuple.
• PR #24482: (eliasp) 'docker.running' needs now the 'image' param. @ 2015-06-09T04:43:04Z
• dd23de8 Merge pull request #24482 from eliasp/2015.5-states.dockerio-docker.running-doc
• 5de741d 'docker.running' needs now the 'image' param.
• PR #24515: (basepi) [2015.5] Add xml library to the salt-thin @ 2015-06-09T04:10:06Z
• ISSUE #23503: (jfindlay) salt-ssh fails on CentOS 7 when python-zmq is not installed | refs: #24515
• 2a727c3 Merge pull request #24515 from basepi/susexml23503
• 078b33e Add xml library to the thin
• PR #24497: (jayeshka) adding states/rbenv unit test case. @ 2015-06-09T03:56:10Z
• fce998a Merge pull request #24497 from jayeshka/rbenv_states-unit-test
• 79d343a adding states/rbenv unit test case.
• PR #24496: (jayeshka) adding states/rabbitmq_user unit test case. @ 2015-06-09T03:55:23Z
• 2bcb4b1 Merge pull request #24496 from jayeshka/rabbitmq_user_states-unit-test
• 7d96f27 adding states/rabbitmq_user unit test case.
• PR #24481: (eliasp) Fix typo (licnese → license). @ 2015-06-09T03:30:25Z
• 02a597b Merge pull request #24481 from eliasp/2015.5-salt.states.powerpath-license_typo
• 1280054 Fix typo (licnese â license).
• PR #24467: (thenewwazoo) Fix dockerio bound volumes @ 2015-06-09T01:40:23Z
• 5ad3db5 Merge pull request #24467 from thenewwazoo/fix-dockerio-bound-volumes
• db4e3dc Let's raise an exception if create fails
• d1d85dd Add logging
• ddc63f0 Fix volume handling when creating containers
• PR #24504: (rallytime) Move vsphere deprecation to 2015.5 @ 2015-06-08T22:43:05Z
• PR #24487: (nmadhok) Deprecating vsphere cloud driver in favor of vmware cloud driver | refs: #24504
• d236fbd Merge pull request #24504 from rallytime/move_vsphere_deprecation_2015.5
• d876535 Add Getting Started with VSphere doc to 2015.5
• b685ebc Add vSphere deprecation warnings to 2015.5
• PR #24506: (rallytime) Backport #24450 to 2015.5 @ 2015-06-08T22:42:14Z
• PR #24450: (ruzarowski) Fix salt cli runs with batch-size set | refs: #24506
• cb55460 Merge pull request #24506 from rallytime/bp-24450
• 1c0fca2 Backport #24450 to 2015.5
• PR #24498: (rallytime) Added "CLI Example" to make failing test happy on 2015.5 @ 2015-06-08T15:48:40Z
• 3173fd1 Merge pull request #24498 from rallytime/fix_doc_failure_fifteen
• d992ef4 Added "CLI Example" to make failing test happy on 2015.5
• PR #24471: (anlutro) Set up salt-ssh file logging @ 2015-06-08T15:26:49Z
• 3639e41 Merge pull request #24471 from alprs/fix-salt_ssh_logging
• 6a11ec8 set up salt-ssh file logging
• PR #24469: (jfindlay) correctly handle user environment info for npm @ 2015-06-08T15:26:02Z
• ISSUE #24231: (tarwich) npm.bootstrap | refs: #24469
• 551e70f Merge pull request #24469 from jfindlay/npm_env
• 8140c96 update npm's user info envs
• cb572f8 add env parameter to npm.uninstall
• PR #24468: (jacobhammons) Bug fixes and build errors @ 2015-06-08T15:25:40Z
• ISSUE #24268: (tkent-xetus) Ability to specify revision for win_gitrepos undocumented | refs: #24468
• ISSUE #24235: (tomasfejfar) Difference between running from minion and from master | refs: #24468
• ISSUE #24193: (abng88) Update ext_pillar docs to mention that this feature is supported masterless as
well | refs: #24468
• ISSUE #24172: (zhujinhe) Can lists be passed in the pillar on the command line on version 2015.5.0?
| refs: #24468
• ISSUE #23211: (lloesche) Document that salt://| escapes special characters in filenames | refs:
#24468
• ISSUE #19901: (clinta) State cache is not documented | refs: #24468
• ISSUE #19801: (ksalman) How are grains static? | refs: #24468
• 0d9e0c2 Merge pull request #24468 from jacobhammons/doc-fixes
• 1035959 Appended .0 to version added
• d45c4ed Bug fixes and build errors Refs #23211 Refs #24268 Refs #24235 Refs #24193 Refs #24172 Refs
#19901 Refs #19801
• PR #24465: (jfindlay) catch exception from softwarerepositories @ 2015-06-08T15:25:19Z
• ISSUE #24318: (favadi) uncaught exception for pkgrepo.absent for invalid PPA | refs: #24465
• be6905a Merge pull request #24465 from jfindlay/unknown_ppa
• 19c9128 catch exception from softwarerepositories
• PR #24464: (jfindlay) fix typo in modules/mount.py @ 2015-06-08T15:25:07Z
• ISSUE #24296: (objectx) mount.mount calls file.mkdir with incorrect named argument | refs: #24464
• 58d1ea8 Merge pull request #24464 from jfindlay/file_mkdir
• 6e8cd44 fix typo in modules/mount.py
• PR #24461: (dkiser) fix for #24434 @ 2015-06-08T15:24:53Z
• ISSUE #24434: (dkiser) multimaster failover fails due to logic from issue #23611
• 4f332a7 Merge pull request #24461 from dkiser/multimaster_minion_fix
• 1944a74 fix for #24434
• PR #24479: (ahus1) change "path" to "name" for "file" operations @ 2015-06-07T17:56:11Z
• 8917416 Merge pull request #24479 from ahus1/patch-1
• 7d6b60c change "path" to "name" for "file" operations
• PR #24475: (rallytime) Back-port #24454 to 2015.5 @ 2015-06-07T01:29:32Z
• PR #24454: (rhertzog) Strip extraneous newline character added in last environment variable | refs:
#24475
• 8618d5b Merge pull request #24475 from rallytime/bp-24454
• a793c19 Avoid extraneous newline character added in last environment variable
• PR #24474: (rallytime) Back-port #24420 to 2015.5 @ 2015-06-07T01:29:11Z
• ISSUE #24407: (aboe76) Please expand salt module random | refs: #24420
• PR #24420: (aboe76) added random integer module to mod_random.py | refs: #24474
• 61658ff Merge pull request #24474 from rallytime/bp-24420
• 4219b40 Fix lint error and update versionadded to 2015.5.3
• 3613cc9 added random integer module to mod_random.py
• PR #24472: (variia) ensure {} output is not treated as change in module.py state, fixes #… @
2015-06-06T14:45:44Z
• ISSUE #24233: (variia) yumpkg.group_install keeps returning state change
• 508d7dd Merge pull request #24472 from variia/Fix-yumpkg_group_install-return-change-#24233
• 37e8827 ensure {} output is not treated as change in module.py state, fixes #24233
• PR #24466: (basepi) [2015.5] Fix for # in inner strings in yaml arguments @ 2015-06-06T14:35:56Z
• ISSUE #18045: (dstokes) Pillar kwargs parse error with # | refs: #24466
• ISSUE #8585: (UtahDave) '#' in single quoted option on cli not making it into the execution module |
refs: #24466
• 0292e67 Merge pull request #24466 from basepi/fixhashinargs18045
• 2e0609f Fix for # in inner strings in yaml arguments
• PR #24456: (rallytime) Back-port #24441 to 2015.5 @ 2015-06-05T22:32:25Z
• PR #24441: (arthurlogilab) [doc] Alignement fix on external_auth documentation | refs: #24456
• ced558a Merge pull request #24456 from rallytime/bp-24441
• 7002855 yaml indentations should be 2 spaces
• 21b51ab [doc] Alignement fix on external_auth documentation
• PR #24398: (kiorky) VirtualName for states.apt | refs: #24399 @ 2015-06-05T17:40:04Z
• ISSUE #24397: (kiorky) on debian: states.apt should use virtualname as it shadows system apt module |
refs: #24398 #24398 #24399 #24399 #24400
• PR #24399: (kiorky) Versionvirtual | refs: #24398
• c0ff411 Merge pull request #24398 from makinacorpus/aptv
• 785d277 VirtualName for states.apt
• PR #24447: (jayeshka) adding states/rabbitmq_policy unit test case. @ 2015-06-05T15:26:11Z
• 3626340 Merge pull request #24447 from jayeshka/rabbitmq_policy_states-unit-test
• 9b038ab adding states/rabbitmq_policy unit test case.
• PR #24446: (jayeshka) adding states/rabbitmq_plugin unit test case. @ 2015-06-05T15:25:33Z
• 8445a3f Merge pull request #24446 from jayeshka/rabbitmq_plugin_states-unit-test
• cb0c99a adding states/rabbitmq_plugin unit test case.
• PR #24426: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-06-05T03:59:11Z
• ISSUE #24276: (markuskramerIgitt) Live salt-master Profiling with SIGUSR2 fails
• PR #24405: (jacksontj) Fix for #24276
• PR #24395: (hvnsweeting) handle exceptions when received data is not in good shape
• PR #24305: (twangboy) Added documentation, fixed formatting
• 9cc3808 Merge pull request #24426 from basepi/merge-forward-2015.5
• eafa20c Merge remote-tracking branch 'upstream/2014.7' into merge-forward-2015.5
• 83f853b Merge pull request #24405 from jacksontj/2014.7
• 2c7afae Fix for #24276
• cef919c Merge pull request #24395 from hvnsweeting/handle-exception-get-file
• bb798a0 handle exceptions when received data is not in good shape
• efba1a9 Merge pull request #24305 from twangboy/win_path_docs
• 36804253 Fixed pylint error caused by \P... added r
• bc42a4b triple double quotes to triple single quotes
• 77cd930 Added documentation, fixed formatting
• PR #24429: (jacobhammons) Salt cloud doc updates, build errors and bug fixes @ 2015-06-05T00:27:38Z
• ISSUE #24309: (steverweber) missing docs | refs: #24429
• 5d738b8 Merge pull request #24429 from jacobhammons/cloud-doc-updates
• 1f7a13d Salt cloud doc updates, build errors and bug fixes Refs #24309
• PR #24408: (rallytime) Backport #24392 to 2015.5 @ 2015-06-04T20:22:09Z
• PR #24392: (quixoten) Fix "No such file or directory" in grains/core.py | refs: #24408
• cdffc02 Merge pull request #24408 from rallytime/bp-24392
• ff7461b Use path found by salt.utils.which
• PR #24380: (rallytime) Backport #24357 to 2015.5 @ 2015-06-04T20:13:51Z
• PR #24357: (zhujinhe) fix invoke issues of Jinja Macros example | refs: #24380
• a6a1f87 Merge pull request #24380 from rallytime/bp-24357
• f08c875 fix invoke issues of Jinja Macros example
• PR #24388: (pengyao) fixes #24358 @ 2015-06-04T20:07:40Z
• ISSUE #24358: (pengyao) Netapi SSH client don't support ssh_user and ssh_passwd arguments | refs:
#24388
• 86ce9db Merge pull request #24388 from pengyao/sshclient-kwargs
• 5c08ca4 fixes #24358
• PR #24367: (terminalmage) Improve error message when module does not exist @ 2015-06-04T20:07:12Z
• ISSUE #22958: (highlyunavailable) Weird error when typoing a command | refs: #24367
• 72d2eae Merge pull request #24367 from terminalmage/issue22958
• d0d7a54 Improve error message when module does not exist
• PR #24412: (jfindlay) backport #23387 @ 2015-06-04T20:06:03Z
• ISSUE #23101: (gravyboat) Create a docs page for labels | refs: #23387
• PR #23387: (rallytime) Add some "What are all these labels for?" documentation | refs: #24412
• a628778 Merge pull request #24412 from jfindlay/bp-23387
• bf85772 Make sure the parameters are in the correct order
• 9f53809 Add "* Change" label parameters
• b27a15e Remove "workaround" wording
• 9fff35a Some small fixes
• 54a7089 Link the new labels doc in contributing and hacking docs
• 375695e Add pull request label definitions
• de94563 Add Feature Request label definition
• 684f291 Add issue definition and augment functional areas section
• 2da13dd Start a "what are all of these labels for?" doc
• PR #24336: (twangboy) Added line to give more descriptive error @ 2015-06-04T19:56:00Z
• ISSUE #24154: (ssgward) Exception when running cp.get_url | refs: #24336
• 485116c Merge pull request #24336 from twangboy/fix_cp_get_url
• 37b11f9 Added line to give more descriptive error
• PR #24413: (techhat) Add more namespaced functions to GoGrid driver @ 2015-06-04T19:51:22Z
• b3d39cc Merge pull request #24413 from techhat/gogridnamespace
• 1b397cb Adding blank line
• da08cc9 Add more namespaced functions to GoGrid driver
• PR #24399: (kiorky) Versionvirtual | refs: #24398 @ 2015-06-04T18:02:22Z
• ISSUE #24397: (kiorky) on debian: states.apt should use virtualname as it shadows system apt module |
refs: #24398 #24398 #24399 #24399 #24400
• PR #24398: (kiorky) VirtualName for states.apt | refs: #24399
• 27f109b Merge pull request #24399 from makinacorpus/versionvirtual
• 235c78d Use apt_pkg.version_compare if available
• 1c0cd45 reindent block to isolate conflict on merge forward
• 699ecea use var to isolate conflict on merge forward
• PR #24371: (joejulian) 2015.5 tls module tests @ 2015-06-04T15:20:16Z
• deaee68 Merge pull request #24371 from joejulian/2015.5_tls_module_tests
• 4c5dee1 Add @destructiveTest decorator to destructive tests
• 274bbd4 Accept results from older pyOpenSSL
• 161f913 All cert info should be in UTC always
• 9affcca See the whole diff if dict compare fails
• 94f6208 Ignore extensions for now. Resolve this as part of fixing issue 24338.
• 84904d3 Mask lint warning for unused imported module
• 5675b78 Do not test if PyOpenSSL is not installed
• 563cc66 Add tls tests
• PR #24403: (jayeshka) adding states/process unit test case. @ 2015-06-04T15:19:01Z
• 84686ee Merge pull request #24403 from jayeshka/process_states-unit-test
• fcb71fb adding states/process unit test case.
• PR #24402: (jayeshka) adding states/pyenv unit test case. @ 2015-06-04T15:18:11Z
• 35de8d7 Merge pull request #24402 from jayeshka/pyenv_states-unit-test
• 5f263ab adding states/pyenc unit test case.
• PR #24401: (jayeshka) adding states/powerpath unit test case. @ 2015-06-04T15:17:46Z
• 632f838 Merge pull request #24401 from jayeshka/powerpath-states-unit-test
• 49ff927 adding states/powerpath unit test case.
• PR #24400: (kiorky) Aptversion @ 2015-06-04T15:17:19Z
• ISSUE #24397: (kiorky) on debian: states.apt should use virtualname as it shadows system apt module |
refs: #24398 #24398 #24399 #24399 #24400
• 0a6e5e0 Merge pull request #24400 from makinacorpus/aptversion
• e15cb93 Use apt_pkg.version_compare if available
• 953725a Fix too much quoting in apt.version_cmp
• PR #24385: (jeanpralo) Fix salt.modules.dockerio.start method @ 2015-06-04T15:00:22Z
• a904055 Merge pull request #24385 from jeanpralo/Fix-binds-dockerio.start
• a0fed31 binds dict if not specified should remain to none otherwise docker-py will try to create a
new host config and all volume and ports binds are lost. config should be done at the creation of the
container not when we start it
• PR #24381: (jtand) Disabled flaky test to review later @ 2015-06-04T14:57:43Z
• 9890bc4 Merge pull request #24381 from jtand/seed_test
• 7570ae9 Disabled flaky test to review later
• PR #24382: (basepi) [2015.5] Handle CommandExecutionError in grains commands, Fixes #23342 @
2015-06-04T12:44:04Z
• ISSUE #23342: (philipsd6) salt-ssh 2015.2.0rc2 fails when target doesn't have lspci available | refs:
#24382
• b3fa8fe Merge pull request #24382 from basepi/grainscommandnotfound23342
• 85b91d6 Handle CommandExecutionError in grains commands
• PR #24379: (Starblade42) Fixes an issue where Pagerduty states/modules couldn't find their profile in
the Pillar @ 2015-06-04T12:41:13Z
• 52587a4 Merge pull request #24379 from Starblade42/2015.5
• b93dc5e Linting!
• 2dd5904 Fixes an issue where Pagerduty states/modules couldn't find it's profile in the Pillar
• PR #24366: (terminalmage) Use yes $'\n' instead of printf '\n' for pecl commands @ 2015-06-03T21:28:58Z
• 3ca35d1 Merge pull request #24366 from terminalmage/pecl-yes
• dcd9ad8 Use yes $'\n' instead of printf '\n' for pecl commands
• PR #24348: (kiorky) Try to close input pipes before calling lxc-start @ 2015-06-03T19:38:07Z
• ISSUE #24284: (kiorky) systemd lxc containers need use_vt=True at lxc-start stage | refs: #24348
• PR #548: (Lanzaa) Salt is now platform dependent. Use get_python_lib(1) | refs: #24348
• 86a3b31 Merge pull request #24348 from makinacorpus/lxcpre
• 0cb11a2 lxc: typo
• d71efa6 Try to close input pipes before calling lxc-start
Salt 2015.5.4 Release Notes
Version 2015.5.4 is a bugfix release for 2015.5.0.
Changes:
• The cron.present state now correctly defaults to state ID as identifier.
• When querying for VMs in digital_ocean_v2.py, the number of VMs to include in a page was changed from
20 (default) to 200 to reduce the number of API calls to Digital Ocean.
• The vmware Salt-Cloud driver was back-ported from the develop branch in order for installations of Salt
that are older than 2015.8.0 to be able to use the vmware driver without stack-tracing on various
deprecation paths that were implemented in the 2015.8.0 release.
Changes for v2015.5.3..v2015.5.4
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2015-08-13T20:23:30Z
Statistics:
• Total Merges: 247
• Total Issue references: 140
• Total PR references: 330
Changes:
• PR #26292: (jquast) Rabbitmq 3.2.4 on Ubuntu has "...done.", not "...done" @ 2015-08-13T19:53:29Z
• PR #26296: (jquast) bugfix missing
`
runas=None' for rabbitmqctl cmds (backport to 2015.5) @ 2015-08-13T19:52:40Z
• PR #26293: (jfindlay) Fix #26268 @ 2015-08-13T19:48:06Z
• ISSUE #25618: (twangboy) Fix reg.py to work with the registry properly | refs: #26268
• PR #26268: (twangboy) Multiple improvements to reg executionmod and state mod | refs: #26293
• PR #26290: (rallytime) Only call convert_to_arn when action name is provided @ 2015-08-13T18:48:58Z
• ISSUE #25192: (deuscapturus) 2015.5.2 boto_cloudwatch_alarm.present not working. | refs: #26290
• PR #26288: (bbinet) allow deleting grains which value is False @ 2015-08-13T18:24:36Z
• PR #26263: (rallytime) Don't make changes when test=True for openstack present/absent funcs @
2015-08-13T16:30:31Z
• ISSUE #24882: (nmadhok) salt.states.openstack_config.present and salt.states.openstack_config.absent
make changes when test=True | refs: #26263
• PR #26265: (rallytime) Don't stacktrace on query return in ec2.create_snapshot @ 2015-08-13T16:28:48Z
• ISSUE #24484: (codehotter) clouds/ec2.py: create_snapshot throws exception | refs: #26265
• PR #26285: (stanislavb) Remove explicit version from instance identity URL @ 2015-08-13T16:25:32Z
• PR #26275: (cachedout) Re-init modules on multi-master reconnect @ 2015-08-13T15:52:50Z
• PR #26273: (garethgreenaway) Fixes to schedule module in 2015.5 @ 2015-08-13T15:34:43Z
• PR #26271: (rallytime) Fix del_root_vol_on_destroy and del_all_vols_on_destroy functionality on ec2 @
2015-08-12T23:22:47Z
• ISSUE #24483: (codehotter) clouds/ec2.py: del_root_vol_on_destroy and del_all_vols_on_destroy not
working | refs: #26271
• PR #26219: (anlutro) cron: make identifier default to state ID @ 2015-08-12T18:42:33Z
• ISSUE #25958: (anlutro) Cron identifier does not default to state ID as documented | refs: #26219
• PR #26257: (rallytime) Back-port #26237 to 2015.5 @ 2015-08-12T18:40:35Z
• ISSUE #26207: (fullermd) group members setting fails with obscure error message on FreeBSD | refs:
#26237
• PR #26237: (silenius) fix issue #26207 | refs: #26257
• PR #26258: (nmadhok) Fix permission on tests/runtests.py on 2015.5 branch @ 2015-08-12T18:40:04Z
• PR #26261: (nmadhok) Correct spelling of integration in docs @ 2015-08-12T18:14:48Z
• PR #2015: (thekuffs) Esky / bbfreeze support
• PR #26247: (nmadhok) Initial commit of unit tests for vmware cloud driver @ 2015-08-12T16:58:24Z
• PR #26246: (nmadhok) Backport additions to VMware cloud driver from develop to 2015.5 branch @
2015-08-12T15:11:26Z
• PR #26239: (opdude) Fixed documentation to match function name @ 2015-08-12T14:48:52Z
• PR #26232: (garethgreenaway) Fix to trust_key in gpg module for 2015.5. @ 2015-08-12T04:48:27Z
• PR #26084: (twangboy) Added python_shell=True, quoted user input @ 2015-08-10T21:29:35Z
• ISSUE #25802: (jefftucker) Running module "npm.list" fails on Windows for masterless minion | refs:
#26084
• PR #26183: (cro) Fix LDAP configuration issue. @ 2015-08-10T19:09:41Z
• PR #26186: (jacobhammons) regenerated man pages @ 2015-08-10T19:07:44Z
• PR #26182: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-08-10T19:00:10Z
• ISSUE #25961: (getabc) [2015.5.3-2] salt-winrepo.git/salt-minion.sls fails certificate '
*
.wpengine.com' or 'wpengine.com' | refs: #26047
• ISSUE #25751: (basepi) Document master_finger more prominently | refs: #26088
• PR #26116: (corux) file.replace fails if repl string is an invalid regex and append/prepend is used
• PR #26088: (jacobhammons) Master finger
• PR #26047: (jacobhammons) Updated windows download links in the docs to https://repo.saltstack.com
• PR #26000: (driskell) Implement full event caching for subscribed tags @ 2015-08-10T18:57:17Z
• ISSUE #25998: (driskell) Event subsystem discarding required events during --batch breaking it for
slow running commands | refs: #26000
• PR #26175: (rallytime) Back-port #26153 to 2015.5 @ 2015-08-10T18:22:32Z
• PR #26153: (loa) Fix dockerio state documentation typo | refs: #26175
• PR #26177: (rallytime) Back-port #26147 to 2015.5 @ 2015-08-10T18:22:01Z
• ISSUE #26024: (jpic) lxc_conf_unset in cloud.profile is ignored
• PR #26147: (martinhoefling) Fixes #26024 | refs: #26177
• PR #26179: (rallytime) Back-port #25404 to 2015.5 @ 2015-08-10T18:21:50Z
• ISSUE #21082: (clinta) master_type failover does not failover on DNS errors | refs: #25404
• PR #25404: (DmitryKuzmenko) Fixed minion failover to next master on DNS errors. | refs: #26179
• PR #26180: (jfindlay) fix processing of state.template @ 2015-08-10T18:21:38Z
• ISSUE #26112: (wt) state.template fails with unclear error with template with only an include | refs:
#26180
• PR #26172: (nmadhok) [Backport] Make sure variable is a dictionary before popping something from it. @
2015-08-10T16:42:50Z
• ISSUE #26162: (nmadhok) VMware cloud driver create function failing with traceback on latest develop
| refs: #26163 #26172
• PR #26163: (nmadhok) Make sure variable is a dictionary before popping something from it.
• PR #26168: (cachedout) Fix slack docs @ 2015-08-10T14:57:18Z
• ISSUE #26098: (rdinoff) SALT.STATES.SLACK Doc update | refs: #26168
• PR #26127: (garethgreenaway) Fixes to salt.utils.http related to cp.get_file_str bug. @
2015-08-10T14:38:25Z
• ISSUE #24106: (nvx) fileclient.py#get_url ignores HTTP Auth again (2015.5 regression) | refs: #26127
• PR #26140: (nmadhok) VMware cloud driver fixes @ 2015-08-10T13:15:58Z
• ISSUE #26141: (nmadhok) salt-cloud VMware driver fails with error in parsing configuration file |
refs: #26140
• ISSUE #25809: (o-sleep) vmware cloud module error message | refs: #26140
• ISSUE #25625: (steverweber) cloud vmware driver does not provide mac_address unless vmware tools is
running | refs: #26137 #26140
• PR #26137: (steverweber) use device mac address if vmtools not active @ 2015-08-09T03:05:36Z
• ISSUE #25625: (steverweber) cloud vmware driver does not provide mac_address unless vmware tools is
running | refs: #26137 #26140
• PR #26119: (jodv) Backport eauth bugfix to 2015.5 @ 2015-08-09T02:19:52Z
• PR #26135: (cro) Fix proxy minions in 2015.5 and significantly update documentation. @
2015-08-09T02:19:21Z
• PR #26132: (TheBigBear) minor edit @ 2015-08-08T21:05:34Z
• PR #26133: (amontalban) Fixed #25915 in salt/modules/pkgng.py and salt/states/pkg.py @
2015-08-08T21:05:05Z
• ISSUE #25915: (ari) FreeBSD pkg install fails
• PR #26111: (anlutro) Better error messages when virtualenv creation fails @ 2015-08-07T21:42:09Z
• PR #26110: (jfindlay) check for sources before adding them to cmd str @ 2015-08-07T21:33:23Z
• ISSUE #26093: (freedba) archive.tar bug | refs: #26110
• PR #26106: (vr-jack) Update __init__.py @ 2015-08-07T21:15:55Z
• PR #26101: (rallytime) Back-port #25984 to 2015.5 @ 2015-08-07T18:56:26Z
• ISSUE #25983: (jmdcal) Trying to get md5 of local zip | refs: #25984
• PR #25984: (jmdcal) Support local files without md5sum | refs: #26101
• PR #26080: (techhat) Fix string checking in s3fs @ 2015-08-06T23:36:09Z
• PR #26079: (cachedout) Update docs to remove state.over @ 2015-08-06T23:35:26Z
• ISSUE #26039: (basepi) Update scheduler docs to use orchestrate instead of overstate | refs: #26079
• PR #26058: (opdude) Fix choco version on chocolatey versions below 0.9.9 @ 2015-08-06T18:50:10Z
• PR #26068: (jfindlay) fix autoruns.list looking in wrong directory @ 2015-08-06T18:49:48Z
• PR #26065: (s0undt3ch) [2015.5] Update to latest bootstrap stable release v2015.06.08 @
2015-08-06T17:09:35Z
• ISSUE #634: (loupgaroublond) /srv/salt/_grains/ not documented | refs: #26065
• ISSUE #631: (fatbox) Can't extend the same item multiple times | refs: #26065
• ISSUE #625: (whiteinge) cmd.run state user flag is not working | refs: #25506 #632
• PR #640: (terminalmage) fix syntax errors introduced in 0f776c13 | refs: #26065
• PR #638: (blast-hardcheese) Tightened up configuration documentation | refs: #26065
• PR #633: (epoelke) Bug fix to salt-key | refs: #26065
• PR #632: (whiteinge) Change the cmd.run state to use the new runas arg | refs: #26065
• PR #26061: (gmcwhistler) Patch for issue #25994 @ 2015-08-06T17:07:34Z
• ISSUE #25994: (gmcwhistler) module.ilo tempfile creation in __execute_cmd results in TypeError:
cannot concatenate 'str' and 'int' objects
• PR #26064: (s0undt3ch) Don't stacktrace when trying to get the default locale. @ 2015-08-06T16:11:05Z
• ISSUE #26063: (saltstack-bot) not working with salt-cloud shows unknown locale error | refs: #26064
• PR #26048: (jacobhammons) Updated windows download links in the docs to https://repo.saltstack.com @
2015-08-05T22:59:50Z
• PR #26044: (rallytime) Make sure the key we're comparing is also lowercase @ 2015-08-05T19:23:54Z
• ISSUE #25616: (rallytime) [2015.5] Provisioning Linodes Stacktraces | refs: #26044
• PR #26042: (jfindlay) fix test mode logic in state docs @ 2015-08-05T19:23:07Z
• PR #26036: (nicholascapo) survey.hash: Remove manually printed text @ 2015-08-05T19:21:59Z
• ISSUE #24460: (nicholascapo) Survey runner does not follow --out flag | refs: #26036
• PR #26030: (opdude) Fix a bug in choco version that returned odd data @ 2015-08-05T16:30:25Z
• PR #26032: (jfindlay) add test logic to state reult doc @ 2015-08-05T16:28:32Z
• PR #26031: (alekti) Revert "Add file as supported protocol for file source_hash. Fixes #23764" @
2015-08-05T15:32:01Z
• ISSUE #23764: (es1o) source_hash from local file is not supported. | refs: #25750
• PR #26021: (anlutro) Documentation: Specify versionadded for git.present shared argument @
2015-08-05T14:17:38Z
• PR #26020: (alekti) Correctly resolve conflict merging pull 25750 to 2015.5 @ 2015-08-05T14:16:58Z
• ISSUE #23764: (es1o) source_hash from local file is not supported. | refs: #25750
• PR #25750: (alekti) Add file as supported protocol for file source_hash. Fixes #25701. | refs:
#26020
• PR #26016: (basepi) Revert "Deep merge of pillar lists" @ 2015-08-05T04:59:52Z
• ISSUE #22241: (masterkorp) Salt master not properly generating the map | refs: #25358
• PR #25358: (dkiser) Deep merge of pillar lists | refs: #26016
• PR #25992: (twangboy) Refactor win_system.py @ 2015-08-05T04:54:18Z
• ISSUE #12255: (eliasp) 'system.set_computer_desc' fails with non-ASCII chars | refs: #25992
• ISSUE #3: (thatch45) libvirt module
• PR #26002: (twangboy) Fixed regex to account for comment character followed by whitespace @
2015-08-04T22:28:11Z
• ISSUE #25948: (twangboy) Fix uncomment function to handle spaces | refs: #26002
• PR #25970: (jfindlay) accept addition of layman overlay @ 2015-08-04T15:42:28Z
• ISSUE #25949: (godlike64) layman.add does not work with unofficial overlays | refs: #25970
• PR #25971: (basepi) [2015.5] salt.modules.reg Add spaces for strings split across multiple lines @
2015-08-04T15:39:48Z
• PR #25990: (rallytime) Back-port #25976 to 2015.5 @ 2015-08-04T14:36:53Z
• PR #25976: (fleaflicker) Typo in help output | refs: #25990
• PR #25996: (attiasr) fix msiexec package remove @ 2015-08-04T14:36:31Z
• PR #25966: (rallytime) Back-port #25864 to 2015.5 @ 2015-08-03T18:48:26Z
• ISSUE #25863: (peterdemin) pkg.installed fails on already installed package if it is in
versionlock.list | refs: #25864
• PR #25864: (peterdemin) #25863 state.pkg.installed fix | refs: #25966
• PR #25967: (rallytime) Back-port #25917 to 2015.5 @ 2015-08-03T18:48:02Z
• PR #25917: (jmdcal) adding missing format string | refs: #25967
• PR #25895: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-08-03T17:12:37Z
• ISSUE #23764: (es1o) source_hash from local file is not supported. | refs: #25750
• PR #25750: (alekti) Add file as supported protocol for file source_hash. Fixes #25701. | refs:
#26020
• PR #25704: (cachedout) Ensure prior alignment with master_type in 2014.7
• PR #25657: (MrCitron) Add the ability to specify a base pattern for carbon returner
• PR #25633: (AkhterAli) Update loader.py
• PR #25941: (jfindlay) add timelib to dependency versions @ 2015-08-03T12:23:42Z
• ISSUE #25850: (ssgward) Need to add packages to --versions-report | refs: #25941
• PR #25951: (garethgreenaway) Log when event.fire and event.fire_master fail. @ 2015-08-03T00:19:45Z
• PR #25942: (jfindlay) typo in minion doc @ 2015-07-31T23:34:55Z
• ISSUE #25838: (grep4linux) docs disable_modules documentation typo | refs: #25942
• PR #25938: (jacobhammons) Doc on using syndic with multimaster @ 2015-07-31T23:05:05Z
• PR #14690: (jacksontj) Multi syndic | refs: #25938
• PR #25848: (twangboy) Added allusers="1" when installing msi @ 2015-07-31T20:33:17Z
• ISSUE #25839: (twangboy) ALLUSERS="1" should be a default when installing MSI's | refs: #25848
• PR #25898: (jfindlay) clarify and expand syndic docs @ 2015-07-31T20:01:23Z
• PR #25927: (jacksontj) Pass actual renderers to the Reactor's Compiler @ 2015-07-31T20:00:17Z
• ISSUE #25852: (UtahDave) Salt loader is not loading Salt vars in reactor python renderer | refs:
#25927
• PR #25921: (cachedout) Handle non-ascii in state log @ 2015-07-31T17:41:30Z
• ISSUE #25810: (nvx) winpkg highstate fails when a new package name contains a unicide character |
refs: #25921
• PR #25919: (TheBigBear) Minor update to msi un-installer info @ 2015-07-31T17:39:48Z
• PR #25905: (rallytime) Back-port #25982 to 2015.5 @ 2015-07-30T23:24:19Z
• PR #25892: (TheBigBear) Update 7-zip msi un-installer instructions | refs: #25905
• PR #25890: (rallytime) Back-port #25698 to 2015.5 @ 2015-07-30T23:12:09Z
• ISSUE #25577: (yellow1912) Wrong indentation in document | refs: #25696
• PR #25698: (rallytime) Back-port #25659 to 2015.8 | refs: #25890
• PR #25696: (AkhterAli) Update schedule.py
• PR #25659: (isbm) Bugfix: crash at getting non-existing repo | refs: #25698
• PR #25894: (jacobhammons) Minor doc bug fixes @ 2015-07-30T23:02:34Z
• ISSUE #25650: (jacksontj) state.running documentation is incorrect | refs: #25894
• ISSUE #24042: (whiteinge) The state_events setting is not documented | refs: #25894
• ISSUE #23788: (k5jj) functions in drac.py module do not match documentation | refs: #25894
• ISSUE #21296: (Lothiraldan) Possible minion enumeration using saltutil.find_job and eauth | refs:
#25894
• PR #25877: (rallytime) Protect against passing a map file in addition to VM names with --destroy @
2015-07-30T21:55:45Z
• ISSUE #24036: (arthurlogilab) [salt-cloud] Protect against passing command line arguments as names
for the --destroy command in map files | refs: #25877
• PR #25870: (rallytime) Back-port #25824 to 2015.5 @ 2015-07-30T21:54:35Z
• PR #25824: (klyr) Fix get_managed() in file.py module for local files | refs: #25870
• PR #25885: (t0rrant) Update Debian changelog @ 2015-07-30T20:05:59Z
• PR #25875: (rallytime) Back-port #25862 to 2015.5 @ 2015-07-30T17:34:02Z
• ISSUE #25478: (zyio) salt-ssh - Unable to locate current thin version | refs: #25862
• ISSUE #25026: (sylvia-wang) salt-ssh "Failure deploying thin" when using salt module functions |
refs: #25862
• PR #25862: (zyio) Adding SCP_NOT_FOUND exit code | refs: #25875
• PR #25873: (rallytime) Back-port #25855 to 2015.5 @ 2015-07-30T17:33:55Z
• PR #25855: (puneetk) Patch 3 | refs: #25873
• PR #25871: (rallytime) Back-port #25829 to 2015.5 @ 2015-07-30T17:33:43Z
• PR #25829: (peterdemin) Fixed typo in salt.states.saltmod.function doc string | refs: #25871
• PR #25869: (rallytime) Back-port #25788 to 2015.5 @ 2015-07-30T17:33:33Z
• ISSUE #24002: (csakoda) File lock contention on windows minions causing highstate crash | refs:
#25788
• PR #25788: (opdude) Catch a hard crash when running highstate on windows | refs: #25869
• PR #25853: (davidjb) Make ssh-id-wrapper accessible to non-root users @ 2015-07-30T16:49:47Z
• ISSUE #19532: (stolendog) salt-ssh running git clone with not root user | refs: #25853
• PR #25856: (jfindlay) expand minion reauth scalability documentation @ 2015-07-30T15:33:17Z
• ISSUE #25447: (spo0nman) SaltMaster is crippled with Minion Re-Authentication | refs: #25856
• PR #25840: (jfindlay) add note to winrepo state docs about required grain @ 2015-07-30T14:38:27Z
• ISSUE #25801: (themalkolm) Update docs that salt.states.winrepo requires roles:salt-master in grains.
| refs: #25840
• PR #25846: (jfindlay) rework deprecation documentation for release names @ 2015-07-30T13:26:21Z
• ISSUE #25827: (0xf10e) "Deprecating Code" doesn't mention Usage of warn_until() w/ Release Names |
refs: #25846
• PR #25833: (jahamn) Allows cp.push to recreate empty files @ 2015-07-29T16:14:48Z
• ISSUE #23288: (UtahDave) cp.push fails to recreate empty files. | refs: #25833
• PR #25831: (rallytime) Add salt:// to key_url options to docs for pkgrepo.managed @
2015-07-29T15:38:43Z
• ISSUE #11474: (JensRantil) pkgrepo.managed key_url: salt:// always use base env | refs: #25831
• PR #25807: (rallytime) Provide helpful error when using actions with a mapfile @ 2015-07-29T15:30:15Z
• ISSUE #22699: (arthurlogilab) salt-cloud fails on KeyError when given a nonexistent action | refs:
#25807
• PR #25818: (jfindlay) fix autoruns list @ 2015-07-29T15:29:20Z
• PR #25826: (anlutro) Check that "onchanges" is a list @ 2015-07-29T15:00:28Z
• PR #25798: (twangboy) Fixed stacktrace on package name not found @ 2015-07-28T22:40:14Z
• ISSUE #25258: (nickw8) windows minion repo not updating | refs: #25798
• PR #25797: (twangboy) Changed repocache back to cached_repo @ 2015-07-28T22:39:32Z
• ISSUE #25437: (lorengordon) Stacktrace on Windows when running pkg.list_pkgs | refs: #25598 #25763
• PR #25763: (twangboy) Fix 25437 | refs: #25797
• PR #25793: (rallytime) Back-port #25730 to 2015.5 @ 2015-07-28T19:37:34Z
• PR #25730: (sjorge) patchelf lives in pkgsrc | refs: #25793
• PR #25792: (rallytime) Back-port #25688 to 2015.5 @ 2015-07-28T19:37:17Z
• PR #25688: (bclermont) Don't acquire lock if there is no formatter | refs: #25792
• PR #25796: (cachedout) Remove debug from docs @ 2015-07-28T17:35:59Z
• PR #25749: (jahamn) Allow zpool.create on character devices @ 2015-07-28T16:01:40Z
• ISSUE #24920: (voileux) module.zpool.create on character device is not possible by salt | refs:
#25749
• PR #25685: (twangboy) Fixed regex issues with comment and uncomment @ 2015-07-28T15:29:49Z
• PR #25763: (twangboy) Fix 25437 | refs: #25797 @ 2015-07-28T15:29:27Z
• ISSUE #25437: (lorengordon) Stacktrace on Windows when running pkg.list_pkgs | refs: #25598 #25763
• PR #25752: (thatch45) State top saltenv @ 2015-07-28T01:02:10Z
• PR #25755: (twangboy) Fixed problem with dunder functions not being passed @ 2015-07-27T19:31:22Z
• ISSUE #25717: (twangboy) Problem with chocolatey module not loading | refs: #25755
• PR #25648: (twangboy) Clarified functionality of reg module, fixed state to work with new module @
2015-07-27T19:30:33Z
• ISSUE #25352: (m03) reg.absent reporting incorrect results | refs: #25648
• ISSUE #1: (thatch45) Enable regex on the salt cli
• PR #25740: (rallytime) Back-port #25722 to 2015.5 @ 2015-07-27T16:08:40Z
• ISSUE #25154: (uvsmtid) All data mixed on STDOUT together should generate valid JSON output | refs:
#25722
• ISSUE #25153: (uvsmtid) Multiple results should generate valid JSON output | refs: #25722
• PR #25722: (uvsmtid) Minor docs changes to emphasize JSON output problems without --static option |
refs: #25740
• PR #25739: (rallytime) Back-port #25709 to 2015.5 @ 2015-07-27T16:08:27Z
• PR #25709: (colekowalski) add direct-io-mode to mount_invisible_options | refs: #25739
• PR #25699: (rallytime) Back-port #25660 to 2015.5 | refs: #25709
• PR #25660: (colekowalski) add glusterfs' direct-io-mode to mount_invisible_keys | refs: #25699 #25709
• PR #25738: (rallytime) Back-port #25671 to 2015.5 @ 2015-07-27T16:08:23Z
• PR #25671: (niq000) added a parameter so verifying SSL is now optional instead of hard-coded | refs:
#25738
• PR #25737: (rallytime) Back-port #25608 to 2015.5 @ 2015-07-27T16:08:18Z
• ISSUE #25229: (rall0r) Module git.latest kills target directory when test=True | refs: #25608
• PR #25608: (rall0r) Fix: prevent git.latest from removing target | refs: #25737
• PR #25733: (davidjb) Avoid IndexError when listing mounts if mount output ends in newline @
2015-07-27T16:08:05Z
• PR #25705: (blackduckx) Support for setm augeas command. @ 2015-07-27T16:07:10Z
• ISSUE #22460: (onmeac) Command setm is not supported (yet) | refs: #25705
• PR #25703: (cachedout) Return to str for master_type for 2015.5 @ 2015-07-27T16:06:22Z
• PR #25702: (twangboy) Fixed win_user module for groups with spaces in the name @ 2015-07-27T15:06:33Z
• ISSUE #25144: (johnccfm) user.present on Windows fails to add user to groups if group name contains a
space | refs: #25702
• PR #25711: (twangboy) Fixed problem with win_servermanager.list_installed @ 2015-07-27T15:05:48Z
• ISSUE #25351: (m03) win_servermanager.list_installed failing with "IndexError: list index out of
range" | refs: #25711
• PR #25714: (cachedout) Display warning when progressbar can't be loaded @ 2015-07-25T00:10:13Z
• ISSUE #25435: (yee379) progressbar dependency missing | refs: #25714
• PR #25699: (rallytime) Back-port #25660 to 2015.5 | refs: #25709 @ 2015-07-24T22:11:40Z
• PR #25660: (colekowalski) add glusterfs' direct-io-mode to mount_invisible_keys | refs: #25699 #25709
• PR #25694: (s0undt3ch) Salt-SSH fix for #25689 @ 2015-07-24T21:41:57Z
• ISSUE #25689: (anlutro) Minion log in salt-ssh | refs: #25694
• PR #25710: (jahamn) Integration Testcase for Issue 25250 @ 2015-07-24T20:57:33Z
• ISSUE #25250: (wipfs) 'force' option in copy state deletes target file | refs: #25461 #25710
• PR #25680: (basepi) [2015.5] Move cmd.run jinja aliasing to a wrapper class to prevent side effects @
2015-07-24T19:52:10Z
• PR #25049: (terminalmage) Fix cmd.run when cross-called in a state/execution module | refs: #25680
• PR #25682: (basepi) [2015.5] Fix parsing args with just a hash (#) @ 2015-07-24T19:52:01Z
• PR #25695: (stanislavb) Configurable AWS region & region from IAM metadata @ 2015-07-24T19:36:40Z
• PR #25645: (kev009) Fix pkgng provider to work with a sources list and the underlying pkg… @
2015-07-24T16:33:18Z
• PR #25677: (aneeshusa) Fix pacman.list_upgrades when refresh=True. @ 2015-07-24T16:30:06Z
• PR #25675: (UtahDave) Use OS line endings with contents on file.managed @ 2015-07-24T16:29:50Z
• ISSUE #25674: (UtahDave) file.managed with contents parameter uses wrong line endings on Windows |
refs: #25675
• PR #25676: (basepi) Update release candidate docs to 2015.8.0rc2 @ 2015-07-23T20:29:37Z
• PR #25666: (nmadhok) Check if the properties exist before looping over them causing KeyError @
2015-07-23T17:55:40Z
• ISSUE #25665: (nmadhok) salt-cloud VMware driver fails with KeyErrors if there's any existing machine
in the VMware infrastructure in (invalid state) | refs: #25666
• PR #25656: (anlutro) Fix locale detection in debian/gentoo @ 2015-07-23T16:46:40Z
• PR #25661: (rallytime) Back-port #25624 to 2015.5 @ 2015-07-23T16:26:48Z
• PR #25624: (bobrik) Fix typo in get_routes example for debian_ip | refs: #25661
• PR #25662: (rallytime) Back-port #25638 to 2015.5 @ 2015-07-23T16:26:40Z
• ISSUE #15209: (hubez) file.manage: source_hash not working with s3:// (2014.7.0rc1) | refs: #25638
• PR #25638: (TronPaul) fix bad merge in 99fc7ec | refs: #25662
• PR #25644: (cachedout) pillar doc fix @ 2015-07-22T22:57:23Z
• ISSUE #25413: (zizkebab) pillar_opts default behavior is not reflected in the docs | refs: #25644
• PR #25642: (cachedout) Warn on pillar schedule delete @ 2015-07-22T22:04:12Z
• ISSUE #25540: (dennisjac) salt highstate schedule cannot be removed | refs: #25642
• PR #25598: (twangboy) Fixed problem trying to load file with name of boolean type @
2015-07-22T17:07:49Z
• ISSUE #25437: (lorengordon) Stacktrace on Windows when running pkg.list_pkgs | refs: #25598 #25763
• 7b79e433 Merge pull request #25598 from twangboy/fix_25437
• PR #25604: (terminalmage) Move patching of mock_open to within test @ 2015-07-22T16:53:55Z
• ISSUE #25323: (terminalmage) unit.modules.tls_test fails with older mock | refs: #25604
• PR #25609: (s0undt3ch) [2015.5] Update the bootstrap script to latest release v2015.07.22 @
2015-07-22T16:28:52Z
• ISSUE #630: (syphernl) Allow for an include statement in config files | refs: #25609
• PR #627: (chjohnst) add saltversion grain | refs: #25609
• PR #25603: (terminalmage) Add version_cmp function to yumpkg.py @ 2015-07-22T15:42:29Z
• ISSUE #21912: (rvora) pkg.latest not updating the package on CentOS though yum reports an update
available | refs: #25603
• PR #25590: (garethgreenaway) 2015.5 scheduled jobs return data @ 2015-07-21T21:57:42Z
• ISSUE #25560: (dennisjac) scheduled highstate runs don't return results to the job cache | refs:
#25590
• PR #25584: (rallytime) Back-port #24054 and #25576 to 2015.5 @ 2015-07-21T21:16:38Z
• PR #25576: (pcn) s3fs breaks when fetching files from s3 | refs: #25584
• PR #24054: (mgwilliams) s3.head: return useful data | refs: #25584
• PR #25589: (jahamn) Fixes ssh_known_host not taking port into account @ 2015-07-21T21:15:06Z
• ISSUE #23626: (mirko) salt state 'ssh_known_hosts' doesn't take 'port' into account | refs: #25589
• PR #25573: (EvaSDK) Do not execute bootstrap script twice @ 2015-07-21T18:20:04Z
• PR #25465: (EvaSDK) 2015.5.3 LXC module fixes | refs: #25573
• PR #25580: (attiasr) use explicit utf-8 decoding (#25532) @ 2015-07-21T15:40:49Z
• ISSUE #25532: (attiasr) salt/modules/win_pkg.py list_pkgs is broken (encoding issues) | refs: #25556
#25580
• PR #25568: (twangboy) Fixed win_useradd module to add fullname @ 2015-07-21T14:30:25Z
• ISSUE #25206: (jfindlay) fullname issues with user.add state on windows | refs: #25568
• PR #25561: (twangboy) Fixed the gem module to work on windows... without injection @
2015-07-20T21:12:15Z
• ISSUE #21041: (deuscapturus) state module gem.installed not working on Windows. | refs: #25430
#25561 #25428
• PR #25428: (twangboy) Fixed the gem module to work on windows | refs: #25561
• PR #25521: (cachedout) Fix outputter for state.orch @ 2015-07-20T19:30:14Z
• PR #25563: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-07-20T19:27:36Z
• PR #25416: (cachedout) Fix broken keyword
• PR #25559: (cachedout) Lint win_pkg @ 2015-07-20T17:46:29Z
• PR #25556: (attiasr) fix for #25532 @ 2015-07-20T17:45:11Z
• ISSUE #25532: (attiasr) salt/modules/win_pkg.py list_pkgs is broken (encoding issues) | refs: #25556
#25580
• PR #25554: (jfindlay) verify_ssl=True for s3 ext pillar @ 2015-07-20T17:43:38Z
• ISSUE #25538: (stanislavb) S3 ext_pillar configuration requires verify_ssl | refs: #25554
• PR #25551: (rallytime) Backport #25530 to 2015.5 @ 2015-07-20T17:43:00Z
• PR #25530: (andre-luiz-dos-santos) The variable name must be last | refs: #25551
• PR #25533: (attiasr) port 445 for windows bootstraping @ 2015-07-20T15:13:06Z
• PR #25525: (gtmanfred) add make _prepare an alias for postinitio @ 2015-07-20T15:12:38Z
• ISSUE #25432: (gtmanfred) [2015.5.3][raet] raet error with SaltRaetRoadStackJoiner | refs: #25525
• PR #25519: (rallytime) Backport vmware driver to 2015.5 branch @ 2015-07-20T15:11:26Z
• ISSUE #25511: (rallytime) Make provider --> driver change backward compatible | refs: #25519 #25519
• ISSUE #23574: (CedNantes) Failed to Deploy Salt-Minion on a Win 2012 R2 using wmware Cloud Driver
from Develop branch | refs: #25519
• PR #25542: (Oro) Fix hipchat.send_message when using API v2 @ 2015-07-20T15:09:13Z
• PR #25531: (rallytime) Back-port #25529 to 2015.5 @ 2015-07-18T19:16:10Z
• PR #25529: (davidjb) Fix minor typo in best practice example | refs: #25531
• PR #25528: (davidjb) Fix typo in extend declaration doco @ 2015-07-18T14:22:06Z
• PR #25517: (rallytime) Back-port #25486 to 2015.5 @ 2015-07-17T21:49:26Z
• ISSUE #25486: (whiteinge) Highstate outputter not used for state.apply | refs: #25517
• PR #25485: (attiasr) fix file downloads on windows
• PR #25516: (rallytime) Back-port #25483 to 2015.5 @ 2015-07-17T21:49:05Z
• ISSUE #25479: (alexandrsushko) multiple mount.mounted of one device | refs: #25483
• PR #25483: (alexandrsushko) Added 'none' to the set of specialFSes | refs: #25516
• PR #25513: (garethgreenaway) fixes to schedule.add documentation in 2015.5 @ 2015-07-17T17:03:24Z
• ISSUE #25493: (blackduckx) Issue with job_args on schedule.add command | refs: #25513
• PR #25465: (EvaSDK) 2015.5.3 LXC module fixes | refs: #25573 @ 2015-07-17T15:57:54Z
• PR #25506: (s0undt3ch) [2015.5] Update bootstrap script to latest stable release, v2015.07.17 @
2015-07-17T15:40:38Z
• ISSUE #25456: (julienlavergne) [2015.8.0rc1] salt-bootstrap fails to install salt master | refs:
#25506
• ISSUE #25270: (iggy) [2015.8.0rc1] salt-bootstrap fails to properly install a minion | refs: #25506
• ISSUE #625: (whiteinge) cmd.run state user flag is not working | refs: #25506 #632
• ISSUE #611: (fatbox) Peer interface fails to return data occasionally | refs: #25506
• ISSUE #607: (thatch45) next level -X support | refs: #25506
• ISSUE #598: (syphernl) Explanation on how to execute interactive installs | refs: #25506
• ISSUE #455: (whiteinge) Document common troubleshooting tips | refs: #25506
• PR #624: (chjohnst) Docs are not correct with network.ping as args are not supported | refs: #25506
• PR #621: (akoumjian) Adding ec2 cloud-init bootstrap docs | refs: #25506
• PR #606: (terminalmage) need empty line before code blocks. added ones that were missing. | refs:
#25506
• PR #602: (terminalmage) State-related documentation changes | refs: #25506
• PR #25498: (jfindlay) only read /proc/1/cmdline if it exists @ 2015-07-17T15:35:33Z
• ISSUE #25454: (mschiff) Regression: salt 2015.5 not working in secure chroot anymore. | refs: #25498
• PR #25487: (rallytime) Back-port #25464 to 2015.5 @ 2015-07-16T16:58:36Z
• PR #25464: (jquast) docfix: "cache_jobs: False" => grains_cache: False" | refs: #25487
• PR #25482: (oeuftete) Fix docker.running detection of running container @ 2015-07-16T16:58:29Z
• PR #2015: (thekuffs) Esky / bbfreeze support
• PR #25468: (joejulian) Add support for pyOpenSSL > 0.10 @ 2015-07-16T15:10:30Z
• ISSUE #25384: (rickh563) pyopenssl 0.14 requirement in 2015.5.3 does not work in RHEL6 : ZD-364 |
refs: #25468
• PR #25467: (rallytime) Add lxml dependency to opennebula docs @ 2015-07-16T15:09:57Z
• PR #25461: (jahamn) Update file, if force option and content not same @ 2015-07-15T20:15:07Z
• ISSUE #25250: (wipfs) 'force' option in copy state deletes target file | refs: #25461 #25710
• ISSUE #24647: (nmadhok) salt.states.file.copy does not copy the file if it already exists with
force=True | refs: #25461
• PR #25438: (rallytime) Reduce digital_ocean_v2 API call frequency @ 2015-07-15T19:40:18Z
• ISSUE #25431: (namcois) Digital Ocean v2 reducing API calls by adding per_page | refs: #25438
• PR #25457: (jacksontj) Saltnado @ 2015-07-15T17:50:12Z
• PR #25427: (tony-cocco) Saltnado runner client results in blocking call despite being set-up as
Runner.async | refs: #25457
• PR #25459: (jahamn) Fixed 'defulats' typo in verify.py @ 2015-07-15T16:53:06Z
• PR #25426: (jquast) bugfix: trailing "...done" in rabbitmq output (backport from 'develop' to 2015.5) @
2015-07-15T14:48:05Z
• PR #25433: (jleroy) Support for IPv6 addresses scopes in network.interfaces (ifconfig) @
2015-07-15T14:44:09Z
• PR #25151: (jleroy) Support for IPv6 addresses scopes in network.interfaces | refs: #25274 #25433
• PR #25430: (twangboy) Disabled rbenv execution module for Windows @ 2015-07-15T14:41:18Z
• ISSUE #21041: (deuscapturus) state module gem.installed not working on Windows. | refs: #25430
#25561 #25428
• c4b1584 Additional test case for question raised in #1846
• ISSUE #1846: (seanchannel) development dependencies
• PR #25420: (techhat) Move S3 to use AWS Signature Version 4 @ 2015-07-14T22:03:09Z
• PR #25418: (twangboy) Fixed problem with file.managed test=True @ 2015-07-14T21:26:59Z
• ISSUE #20441: (deuscapturus) State module file.managed returns an error on Windows and test=Test |
refs: #25418
• PR #25417: (ahus1) extended documentation about dependencies for dig module @ 2015-07-14T20:49:51Z
• PR #25411: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-07-14T17:55:26Z
• PR #25375: (cachedout) Fix error in config.py for master_type
• PR #25324: (jacobhammons) Latest help theme updates
• PR #25406: (anlutro) Force arguments to aptpkg.version_cmp into strings @ 2015-07-14T16:15:41Z
• PR #25408: (rallytime) Back-port #25399 to 2015.5 @ 2015-07-14T16:09:06Z
• PR #25399: (jarpy) Demonstrate per-minion client_acl. | refs: #25408
• PR #25240: (tankywoo) file make os.walk only be called one @ 2015-07-14T16:04:49Z
• PR #25395: (rallytime) Back-port #25389 to 2015.5 @ 2015-07-14T03:26:34Z
• PR #25389: (l2ol33rt) Adding entropy note for gpg renderer | refs: #25395
• PR #25392: (rallytime) Back-port #25256 to 2015.5 @ 2015-07-14T03:25:13Z
• PR #25256: (yanatan16) Don't assume source_hash exists | refs: #25392
• PR #25398: (twangboy) Fix date @ 2015-07-14T03:21:17Z
• PR #25397: (GideonRed) Introduce standard error output when cli exits with non-zero status @
2015-07-14T03:20:24Z
• PR #25386: (cachedout) Lint #25383 @ 2015-07-13T21:01:10Z
• ISSUE #24444: (michaelkrupp) file.managed does not handle dead symlinks | refs: #25383
• PR #25383: (jahamn) Fix manage_file function in salt/modules/file.py to handle broken sym…
• PR #25383: (jahamn) Fix manage_file function in salt/modules/file.py to handle broken sym… @
2015-07-13T20:58:23Z
• ISSUE #24444: (michaelkrupp) file.managed does not handle dead symlinks | refs: #25383
• PR #25369: (anlutro) Fix aptpkg.version_cmp @ 2015-07-13T20:18:45Z
• PR #25379: (jfindlay) check for cwd before getting it @ 2015-07-13T19:50:27Z
• ISSUE #25337: (eliasp) salt-call from non-existend cwd backtraces | refs: #25379
• PR #25334: (jfindlay) return all cmd info back to zypper fcn @ 2015-07-13T17:03:29Z
• ISSUE #25320: (podloucky-init) zypper module list_upgrades broken (2015.5.2) | refs: #25334
• PR #25339: (jfindlay) update orchestration docs @ 2015-07-13T16:04:26Z
• PR #25358: (dkiser) Deep merge of pillar lists | refs: #26016 @ 2015-07-13T15:51:01Z
• ISSUE #22241: (masterkorp) Salt master not properly generating the map | refs: #25358
• PR #25346: (bechtoldt) set correct indention in states/requisites.rst (docs), fixes #25281 @
2015-07-13T15:34:45Z
• ISSUE #25281: (shinshenjs) Unless usage in Official Doc syntax error?
• PR #25336: (terminalmage) Don't try to read init binary if it wasn't found @ 2015-07-13T09:45:30Z
• PR #25350: (davidjb) Fix documentation for file.blockreplace @ 2015-07-13T03:41:20Z
• PR #25326: (rallytime) Back-port #20972 to 2015.5 @ 2015-07-10T18:49:44Z
• ISSUE #19288: (oba11) AssociatePublicIpAddress doesn't work with salt-cloud 2014.7.0 | refs: #20972
#25326
• PR #20972: (JohannesEbke) Fix interface cleanup when using AssociatePublicIpAddress in #19288 | refs:
#25326
• PR #25327: (rallytime) Back-port #25290 to 2015.5 @ 2015-07-10T18:49:37Z
• ISSUE #24433: (chrimi) Salt locale state fails, if locale has not been generated | refs: #25290
• PR #25290: (pcdummy) Simple fix for locale.present on Ubuntu. | refs: #25327
• PR #25328: (rallytime) Back-port #25309 to 2015.5 @ 2015-07-10T17:22:59Z
• ISSUE #24827: (yermulnik) locale.present doesn't generate locales | refs: #25309
• PR #25309: (davidjb) Format /etc/locale.gen correctly in salt.modules.localemod.gen_locale | refs:
#25328
• PR #25322: (jacobhammons) version change to 2015.5.3 @ 2015-07-10T16:11:24Z
• PR #25308: (jacksontj) Make clear commands trace level logging @ 2015-07-10T14:20:06Z
• PR #24737: (jacksontj) Move AES command logging to trace | refs: #25308
• PR #25269: (jfindlay) Extract tomcat war version @ 2015-07-10T01:28:21Z
• ISSUE #24520: (nvx) Tomcat module fails to extract version number from snapshot builds (2015.5
regression) | refs: #24927
• PR #24927: (egarbi) Tomcat module fails to extract version number from snapshot builds #2… | refs:
#25269
• PR #25238: (DmitryKuzmenko) Pillarenv backport 2015.5 @ 2015-07-10T01:25:07Z
• ISSUE #18808: (amendlik) Add command line argument to select pillar environment | refs: #25238
• PR #23719: (DmitryKuzmenko) Support pillarenv cmdline in state.sls
• PR #25299: (twangboy) Added -NonInteractive so powershell doesn't hang waiting for input @
2015-07-09T21:00:16Z
• ISSUE #13943: (Supermathie) Powershell commands that expect input hang forever | refs: #25299
• PR #25301: (jacobhammons) bug fix for module function display in help @ 2015-07-09T20:46:34Z
• PR #25279: (jacobhammons) Additional docs on external and master job cache, assorted doc fixes @
2015-07-09T16:46:26Z
• ISSUE #25277: (jacobhammons) CherryPy recommended versions | refs: #25279
• PR #25274: (jleroy) Fix for issue #25268 @ 2015-07-09T13:36:26Z
• ISSUE #25268: (lichtamberg) Salt not working anymore in 2015.8/develop: ValueError: 'scope' is not in
list | refs: #25274
• PR #25151: (jleroy) Support for IPv6 addresses scopes in network.interfaces | refs: #25274 #25433
• PR #25272: (twangboy) Fixed problem with service not starting @ 2015-07-08T23:29:48Z
• PR #25225: (nmadhok) Backporting fix for issue #25223 on 2015.5 branch @ 2015-07-08T15:16:18Z
• ISSUE #25223: (nmadhok) Runner occasionally fails with a RuntimeError when fired by a reactor | refs:
#25225
• PR #25214: (rallytime) A couple of doc fixes for the http tutorial @ 2015-07-07T22:23:07Z
• PR #25194: (rallytime) Update moto version check in boto_vpc_test and update min version @
2015-07-07T18:27:32Z
• ISSUE #24272: (rallytime) Fix boto_vpc_test moto version check | refs: #25194
• PR #25205: (basepi) Update releasecandidate docs @ 2015-07-07T15:25:24Z
• PR #25187: (UtahDave) Doc fixes: Fix misspelling and remove extraneous double spaces @
2015-07-07T01:07:04Z
• PR #25182: (cachedout) Try to re-pack long floats as strs @ 2015-07-07T01:06:43Z
• PR #25185: (rallytime) Back-port #25128 to 2015.5 @ 2015-07-07T00:58:00Z
• ISSUE #23822: (sidcarter) Zip file extracted permissions are incorrect | refs: #25128
• PR #25128: (stanislavb) Use cmd_unzip to preserve permissions | refs: #25185
• PR #25181: (rallytime) Back-port #25102 to 2015.5 @ 2015-07-07T00:57:13Z
• PR #25102: (derBroBro) Update win_network.py | refs: #25181
• PR #25179: (rallytime) Back-port #25059 to 2015.5 @ 2015-07-07T00:56:44Z
• ISSUE #24301: (iggy) influxdb_user and influxdb_database states need virtual functions | refs: #25059
• PR #25059: (babilen) Add virtual functions to influxdb state modules | refs: #25179
• PR #25196: (twangboy) Fixed #18919 false-positive on pkg.refresh @ 2015-07-07T00:24:13Z
• ISSUE #18919: (giner) Windows: pkg.refresh_db returns false-positive success | refs: #25196
• PR #25180: (rallytime) Back-port #25088 to 2015.5 @ 2015-07-06T20:33:45Z
• PR #25088: (supertom) Update | refs: #25180
• PR #25191: (basepi) Add extrndest back to fileclient.is_cached in 2015.5 @ 2015-07-06T19:35:24Z
• PR #25117: (basepi) Fix fileclient.is_cached | refs: #25191
• PR #25175: (rallytime) Back-port #25020 to 2015.5 @ 2015-07-06T18:53:19Z
• ISSUE #25016: (martinhoefling) salt-run doc.execution fails with AttributeError
• PR #25020: (martinhoefling) Fix for issue #25016 | refs: #25175
• PR #25173: (rallytime) Partial back-port of #25019 @ 2015-07-06T18:52:59Z
• ISSUE #21879: (bechtoldt) Reference pages in documentation are outdated again | refs: #25019
• ISSUE #19262: (bechtoldt) salt.pillar.file_tree doesn't appear in the documentation | refs: #25019
• PR #25019: (bechtoldt) add missing module documentation to references | refs: #25173
• PR #24421: (bechtoldt) add missing module documentation | refs: #25019
• PR #21880: (bechtoldt) update references, fixes #21879 | refs: #25019
• PR #20039: (bechtoldt) completing some doc references | refs: #25019
• PR #25171: (rallytime) Back-port #25001 to 2015.5 @ 2015-07-06T18:51:53Z
• PR #25001: (jasonkeene) Add docs for key arg in ssh_known_hosts.present | refs: #25171
• PR #25170: (rallytime) Back-port #24982 to 2015.5 @ 2015-07-06T16:34:43Z
• PR #24982: (asyncsrc) ec2 network_interfaces fix | refs: #25170
• PR #25161: (aneeshusa) Allow checking for non-normalized systemd units. @ 2015-07-06T15:15:31Z
• PR #25151: (jleroy) Support for IPv6 addresses scopes in network.interfaces | refs: #25274 #25433 @
2015-07-06T14:43:03Z
• PR #25166: (cachedout) Lint #25149 @ 2015-07-06T14:40:29Z
• ISSUE #24979: (mavenAtHouzz) [Discussion] Support for more than 1 netapi.rest_tornado server process
| refs: #25149
• PR #25149: (jacksontj) Saltnado multiprocess support | refs: #25166
• PR #25149: (jacksontj) Saltnado multiprocess support | refs: #25166 @ 2015-07-06T14:38:43Z
• ISSUE #24979: (mavenAtHouzz) [Discussion] Support for more than 1 netapi.rest_tornado server process
| refs: #25149
• PR #25120: (d--j) add missing continue for exception case @ 2015-07-02T19:38:45Z
• PR #25117: (basepi) Fix fileclient.is_cached | refs: #25191 @ 2015-07-02T19:38:26Z
• PR #25087: (0xf10e) Fix execution module for glance - now based on 2015.5! @ 2015-07-02T19:36:27Z
• PR #25129: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-07-02T17:37:40Z
• ISSUE #18447: (ryan-lane) Can't install salt with raet using pip -e git
• PR #25093: (jaybocc2) quick fix for issue #18447
• PR #25069: (puneetk) Add a helper module function called list_enabled
• PR #25114: (jfindlay) Revert "Revert "adding states/postgres_database unit test case."" @
2015-07-02T01:01:29Z
• PR #24798: (jtand) Revert "adding states/postgres_database unit test case." | refs: #25114
• PR #24329: (jayeshka) adding states/postgres_database unit test case. | refs: #24798
• PR #24362: (jayeshka) adding states/postgres_user unit test case. @ 2015-07-01T21:45:31Z
• PR #24361: (jayeshka) adding states/postgres_schema unit test case. @ 2015-07-01T21:44:56Z
• PR #24331: (jayeshka) adding states/postgres_extension unit test case. @ 2015-07-01T21:43:58Z
Salt 2015.5.5 Release Notes
Version 2015.5.5 is a bugfix release for 2015.5.0.
Changes:
• The cron.present state now correctly defaults to state ID as identifier.
• When querying for VMs in ditigal_ocean_v2.py, the number of VMs to include in a page was changed from
20 (default) to 200 to reduce the number of API calls to Digital Ocean.
• The vmware Salt-Cloud driver was back-ported from the develop branch in order for installations of Salt
that are older than 2015.8.0 to be able to use the vmware driver without stack-tracing on various
deprecation paths that were implemented in the 2015.8.0 release.
Changes for v2015.5.3..v2015.5.5
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2015-08-20T17:02:37Z
Statistics:
• Total Merges: 280
• Total Issue references: 168
• Total PR references: 371
Changes:
• PR #26292: (jquast) Rabbitmq 3.2.4 on Ubuntu has "...done.", not "...done" @ 2015-08-13T19:53:29Z
• PR #26296: (jquast) bugfix missing
`
runas=None' for rabbitmqctl cmds (backport to 2015.5) @ 2015-08-13T19:52:40Z
• PR #26293: (jfindlay) Fix #26268 @ 2015-08-13T19:48:06Z
• ISSUE #25618: (twangboy) Fix reg.py to work with the registry properly | refs: #26268
• PR #26268: (twangboy) Multiple improvements to reg executionmod and state mod | refs: #26293
• PR #26290: (rallytime) Only call convert_to_arn when action name is provided @ 2015-08-13T18:48:58Z
• ISSUE #25192: (deuscapturus) 2015.5.2 boto_cloudwatch_alarm.present not working. | refs: #26290
• PR #26288: (bbinet) allow deleting grains which value is False @ 2015-08-13T18:24:36Z
• PR #26263: (rallytime) Don't make changes when test=True for openstack present/absent funcs @
2015-08-13T16:30:31Z
• ISSUE #24882: (nmadhok) salt.states.openstack_config.present and salt.states.openstack_config.absent
make changes when test=True | refs: #26263
• PR #26265: (rallytime) Don't stacktrace on query return in ec2.create_snapshot @ 2015-08-13T16:28:48Z
• ISSUE #24484: (codehotter) clouds/ec2.py: create_snapshot throws exception | refs: #26265
• PR #26285: (stanislavb) Remove explicit version from instance identity URL @ 2015-08-13T16:25:32Z
• PR #26275: (cachedout) Re-init modules on multi-master reconnect @ 2015-08-13T15:52:50Z
• PR #26273: (garethgreenaway) Fixes to schedule module in 2015.5 @ 2015-08-13T15:34:43Z
• PR #26271: (rallytime) Fix del_root_vol_on_destroy and del_all_vols_on_destroy functionality on ec2 @
2015-08-12T23:22:47Z
• ISSUE #24483: (codehotter) clouds/ec2.py: del_root_vol_on_destroy and del_all_vols_on_destroy not
working | refs: #26271
• PR #26219: (anlutro) cron: make identifier default to state ID @ 2015-08-12T18:42:33Z
• ISSUE #25958: (anlutro) Cron identifier does not default to state ID as documented | refs: #26219
• PR #26257: (rallytime) Back-port #26237 to 2015.5 @ 2015-08-12T18:40:35Z
• ISSUE #26207: (fullermd) group members setting fails with obscure error message on FreeBSD | refs:
#26237
• PR #26237: (silenius) fix issue #26207 | refs: #26257
• PR #26258: (nmadhok) Fix permission on tests/runtests.py on 2015.5 branch @ 2015-08-12T18:40:04Z
• PR #26261: (nmadhok) Correct spelling of integration in docs @ 2015-08-12T18:14:48Z
• PR #2015: (thekuffs) Esky / bbfreeze support
• PR #26247: (nmadhok) Initial commit of unit tests for vmware cloud driver @ 2015-08-12T16:58:24Z
• PR #26246: (nmadhok) Backport additions to VMware cloud driver from develop to 2015.5 branch @
2015-08-12T15:11:26Z
• PR #26239: (opdude) Fixed documentation to match function name @ 2015-08-12T14:48:52Z
• PR #26232: (garethgreenaway) Fix to trust_key in gpg module for 2015.5. @ 2015-08-12T04:48:27Z
• PR #26084: (twangboy) Added python_shell=True, quoted user input @ 2015-08-10T21:29:35Z
• ISSUE #25802: (jefftucker) Running module "npm.list" fails on Windows for masterless minion | refs:
#26084
• PR #26183: (cro) Fix LDAP configuration issue. @ 2015-08-10T19:09:41Z
• PR #26186: (jacobhammons) regenerated man pages @ 2015-08-10T19:07:44Z
• PR #26182: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-08-10T19:00:10Z
• ISSUE #25961: (getabc) [2015.5.3-2] salt-winrepo.git/salt-minion.sls fails certificate '
*
.wpengine.com' or 'wpengine.com' | refs: #26047
• ISSUE #25751: (basepi) Document master_finger more prominently | refs: #26088
• PR #26116: (corux) file.replace fails if repl string is an invalid regex and append/prepend is used
• PR #26088: (jacobhammons) Master finger
• PR #26047: (jacobhammons) Updated windows download links in the docs to https://repo.saltstack.com
• PR #26000: (driskell) Implement full event caching for subscribed tags @ 2015-08-10T18:57:17Z
• ISSUE #25998: (driskell) Event subsystem discarding required events during --batch breaking it for
slow running commands | refs: #26000
• PR #26175: (rallytime) Back-port #26153 to 2015.5 @ 2015-08-10T18:22:32Z
• PR #26153: (loa) Fix dockerio state documentation typo | refs: #26175
• PR #26177: (rallytime) Back-port #26147 to 2015.5 @ 2015-08-10T18:22:01Z
• ISSUE #26024: (jpic) lxc_conf_unset in cloud.profile is ignored
• PR #26147: (martinhoefling) Fixes #26024 | refs: #26177
• PR #26179: (rallytime) Back-port #25404 to 2015.5 @ 2015-08-10T18:21:50Z
• ISSUE #21082: (clinta) master_type failover does not failover on DNS errors | refs: #25404
• PR #25404: (DmitryKuzmenko) Fixed minion failover to next master on DNS errors. | refs: #26179
• PR #26180: (jfindlay) fix processing of state.template @ 2015-08-10T18:21:38Z
• ISSUE #26112: (wt) state.template fails with unclear error with template with only an include | refs:
#26180
• PR #26172: (nmadhok) [Backport] Make sure variable is a dictionary before popping something from it. @
2015-08-10T16:42:50Z
• ISSUE #26162: (nmadhok) VMware cloud driver create function failing with traceback on latest develop
| refs: #26163 #26172
• PR #26163: (nmadhok) Make sure variable is a dictionary before popping something from it.
• PR #26168: (cachedout) Fix slack docs @ 2015-08-10T14:57:18Z
• ISSUE #26098: (rdinoff) SALT.STATES.SLACK Doc update | refs: #26168
• PR #26127: (garethgreenaway) Fixes to salt.utils.http related to cp.get_file_str bug. @
2015-08-10T14:38:25Z
• ISSUE #24106: (nvx) fileclient.py#get_url ignores HTTP Auth again (2015.5 regression) | refs: #26127
• PR #26140: (nmadhok) VMware cloud driver fixes @ 2015-08-10T13:15:58Z
• ISSUE #26141: (nmadhok) salt-cloud VMware driver fails with error in parsing configuration file |
refs: #26140
• ISSUE #25809: (o-sleep) vmware cloud module error message | refs: #26140
• ISSUE #25625: (steverweber) cloud vmware driver does not provide mac_address unless vmware tools is
running | refs: #26137 #26140
• PR #26137: (steverweber) use device mac address if vmtools not active @ 2015-08-09T03:05:36Z
• ISSUE #25625: (steverweber) cloud vmware driver does not provide mac_address unless vmware tools is
running | refs: #26137 #26140
• PR #26119: (jodv) Backport eauth bugfix to 2015.5 @ 2015-08-09T02:19:52Z
• PR #26135: (cro) Fix proxy minions in 2015.5 and significantly update documentation. @
2015-08-09T02:19:21Z
• PR #26132: (TheBigBear) minor edit @ 2015-08-08T21:05:34Z
• PR #26133: (amontalban) Fixed #25915 in salt/modules/pkgng.py and salt/states/pkg.py @
2015-08-08T21:05:05Z
• ISSUE #25915: (ari) FreeBSD pkg install fails
• PR #26111: (anlutro) Better error messages when virtualenv creation fails @ 2015-08-07T21:42:09Z
• PR #26110: (jfindlay) check for sources before adding them to cmd str @ 2015-08-07T21:33:23Z
• ISSUE #26093: (freedba) archive.tar bug | refs: #26110
• PR #26106: (vr-jack) Update __init__.py @ 2015-08-07T21:15:55Z
• PR #26101: (rallytime) Back-port #25984 to 2015.5 @ 2015-08-07T18:56:26Z
• ISSUE #25983: (jmdcal) Trying to get md5 of local zip | refs: #25984
• PR #25984: (jmdcal) Support local files without md5sum | refs: #26101
• PR #26080: (techhat) Fix string checking in s3fs @ 2015-08-06T23:36:09Z
• PR #26079: (cachedout) Update docs to remove state.over @ 2015-08-06T23:35:26Z
• ISSUE #26039: (basepi) Update scheduler docs to use orchestrate instead of overstate | refs: #26079
• PR #26058: (opdude) Fix choco version on chocolatey versions below 0.9.9 @ 2015-08-06T18:50:10Z
• PR #26068: (jfindlay) fix autoruns.list looking in wrong directory @ 2015-08-06T18:49:48Z
• PR #26065: (s0undt3ch) [2015.5] Update to latest bootstrap stable release v2015.06.08 @
2015-08-06T17:09:35Z
• ISSUE #634: (loupgaroublond) /srv/salt/_grains/ not documented | refs: #26065
• ISSUE #631: (fatbox) Can't extend the same item multiple times | refs: #26065
• ISSUE #625: (whiteinge) cmd.run state user flag is not working | refs: #25506 #632
• PR #640: (terminalmage) fix syntax errors introduced in 0f776c13 | refs: #26065
• PR #638: (blast-hardcheese) Tightened up configuration documentation | refs: #26065
• PR #633: (epoelke) Bug fix to salt-key | refs: #26065
• PR #632: (whiteinge) Change the cmd.run state to use the new runas arg | refs: #26065
• PR #26061: (gmcwhistler) Patch for issue #25994 @ 2015-08-06T17:07:34Z
• ISSUE #25994: (gmcwhistler) module.ilo tempfile creation in __execute_cmd results in TypeError:
cannot concatenate 'str' and 'int' objects
• PR #26064: (s0undt3ch) Don't stacktrace when trying to get the default locale. @ 2015-08-06T16:11:05Z
• ISSUE #26063: (saltstack-bot) not working with salt-cloud shows unknown locale error | refs: #26064
• PR #26048: (jacobhammons) Updated windows download links in the docs to https://repo.saltstack.com @
2015-08-05T22:59:50Z
• PR #26044: (rallytime) Make sure the key we're comparing is also lowercase @ 2015-08-05T19:23:54Z
• ISSUE #25616: (rallytime) [2015.5] Provisioning Linodes Stacktraces | refs: #26044
• PR #26042: (jfindlay) fix test mode logic in state docs @ 2015-08-05T19:23:07Z
• PR #26036: (nicholascapo) survey.hash: Remove manually printed text @ 2015-08-05T19:21:59Z
• ISSUE #24460: (nicholascapo) Survey runner does not follow --out flag | refs: #26036
• PR #26030: (opdude) Fix a bug in choco version that returned odd data @ 2015-08-05T16:30:25Z
• PR #26032: (jfindlay) add test logic to state reult doc @ 2015-08-05T16:28:32Z
• PR #26031: (alekti) Revert "Add file as supported protocol for file source_hash. Fixes #23764" @
2015-08-05T15:32:01Z
• ISSUE #23764: (es1o) source_hash from local file is not supported. | refs: #25750
• PR #26021: (anlutro) Documentation: Specify versionadded for git.present shared argument @
2015-08-05T14:17:38Z
• PR #26020: (alekti) Correctly resolve conflict merging pull 25750 to 2015.5 @ 2015-08-05T14:16:58Z
• ISSUE #23764: (es1o) source_hash from local file is not supported. | refs: #25750
• PR #25750: (alekti) Add file as supported protocol for file source_hash. Fixes #25701. | refs:
#26020
• PR #26016: (basepi) Revert "Deep merge of pillar lists" @ 2015-08-05T04:59:52Z
• ISSUE #22241: (masterkorp) Salt master not properly generating the map | refs: #25358
• PR #25358: (dkiser) Deep merge of pillar lists | refs: #26016
• PR #25992: (twangboy) Refactor win_system.py @ 2015-08-05T04:54:18Z
• ISSUE #12255: (eliasp) 'system.set_computer_desc' fails with non-ASCII chars | refs: #25992
• ISSUE #3: (thatch45) libvirt module
• PR #26002: (twangboy) Fixed regex to account for comment character followed by whitespace @
2015-08-04T22:28:11Z
• ISSUE #25948: (twangboy) Fix uncomment function to handle spaces | refs: #26002
• PR #25970: (jfindlay) accept addition of layman overlay @ 2015-08-04T15:42:28Z
• ISSUE #25949: (godlike64) layman.add does not work with unofficial overlays | refs: #25970
• PR #25971: (basepi) [2015.5] salt.modules.reg Add spaces for strings split across multiple lines @
2015-08-04T15:39:48Z
• PR #25990: (rallytime) Back-port #25976 to 2015.5 @ 2015-08-04T14:36:53Z
• PR #25976: (fleaflicker) Typo in help output | refs: #25990
• PR #25996: (attiasr) fix msiexec package remove @ 2015-08-04T14:36:31Z
• PR #25966: (rallytime) Back-port #25864 to 2015.5 @ 2015-08-03T18:48:26Z
• ISSUE #25863: (peterdemin) pkg.installed fails on already installed package if it is in
versionlock.list | refs: #25864
• PR #25864: (peterdemin) #25863 state.pkg.installed fix | refs: #25966
• PR #25967: (rallytime) Back-port #25917 to 2015.5 @ 2015-08-03T18:48:02Z
• PR #25917: (jmdcal) adding missing format string | refs: #25967
• PR #25895: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-08-03T17:12:37Z
• ISSUE #23764: (es1o) source_hash from local file is not supported. | refs: #25750
• PR #25750: (alekti) Add file as supported protocol for file source_hash. Fixes #25701. | refs:
#26020
• PR #25704: (cachedout) Ensure prior alignment with master_type in 2014.7
• PR #25657: (MrCitron) Add the ability to specify a base pattern for carbon returner
• PR #25633: (AkhterAli) Update loader.py
• PR #25941: (jfindlay) add timelib to dependency versions @ 2015-08-03T12:23:42Z
• ISSUE #25850: (ssgward) Need to add packages to --versions-report | refs: #25941
• PR #25951: (garethgreenaway) Log when event.fire and event.fire_master fail. @ 2015-08-03T00:19:45Z
• PR #25942: (jfindlay) typo in minion doc @ 2015-07-31T23:34:55Z
• ISSUE #25838: (grep4linux) docs disable_modules documentation typo | refs: #25942
• PR #25938: (jacobhammons) Doc on using syndic with multimaster @ 2015-07-31T23:05:05Z
• PR #14690: (jacksontj) Multi syndic | refs: #25938
• PR #25848: (twangboy) Added allusers="1" when installing msi @ 2015-07-31T20:33:17Z
• ISSUE #25839: (twangboy) ALLUSERS="1" should be a default when installing MSI's | refs: #25848
• PR #25898: (jfindlay) clarify and expand syndic docs @ 2015-07-31T20:01:23Z
• PR #25927: (jacksontj) Pass actual renderers to the Reactor's Compiler @ 2015-07-31T20:00:17Z
• ISSUE #25852: (UtahDave) Salt loader is not loading Salt vars in reactor python renderer | refs:
#25927
• PR #25921: (cachedout) Handle non-ascii in state log @ 2015-07-31T17:41:30Z
• ISSUE #25810: (nvx) winpkg highstate fails when a new package name contains a unicide character |
refs: #25921
• PR #25919: (TheBigBear) Minor update to msi un-installer info @ 2015-07-31T17:39:48Z
• PR #25905: (rallytime) Back-port #25982 to 2015.5 @ 2015-07-30T23:24:19Z
• PR #25892: (TheBigBear) Update 7-zip msi un-installer instructions | refs: #25905
• PR #25890: (rallytime) Back-port #25698 to 2015.5 @ 2015-07-30T23:12:09Z
• ISSUE #25577: (yellow1912) Wrong indentation in document | refs: #25696
• PR #25698: (rallytime) Back-port #25659 to 2015.8 | refs: #25890
• PR #25696: (AkhterAli) Update schedule.py
• PR #25659: (isbm) Bugfix: crash at getting non-existing repo | refs: #25698
• PR #25894: (jacobhammons) Minor doc bug fixes @ 2015-07-30T23:02:34Z
• ISSUE #25650: (jacksontj) state.running documentation is incorrect | refs: #25894
• ISSUE #24042: (whiteinge) The state_events setting is not documented | refs: #25894
• ISSUE #23788: (k5jj) functions in drac.py module do not match documentation | refs: #25894
• ISSUE #21296: (Lothiraldan) Possible minion enumeration using saltutil.find_job and eauth | refs:
#25894
• PR #25877: (rallytime) Protect against passing a map file in addition to VM names with --destroy @
2015-07-30T21:55:45Z
• ISSUE #24036: (arthurlogilab) [salt-cloud] Protect against passing command line arguments as names
for the --destroy command in map files | refs: #25877
• PR #25870: (rallytime) Back-port #25824 to 2015.5 @ 2015-07-30T21:54:35Z
• PR #25824: (klyr) Fix get_managed() in file.py module for local files | refs: #25870
• PR #25885: (t0rrant) Update Debian changelog @ 2015-07-30T20:05:59Z
• PR #25875: (rallytime) Back-port #25862 to 2015.5 @ 2015-07-30T17:34:02Z
• ISSUE #25478: (zyio) salt-ssh - Unable to locate current thin version | refs: #25862
• ISSUE #25026: (sylvia-wang) salt-ssh "Failure deploying thin" when using salt module functions |
refs: #25862
• PR #25862: (zyio) Adding SCP_NOT_FOUND exit code | refs: #25875
• PR #25873: (rallytime) Back-port #25855 to 2015.5 @ 2015-07-30T17:33:55Z
• PR #25855: (puneetk) Patch 3 | refs: #25873
• PR #25871: (rallytime) Back-port #25829 to 2015.5 @ 2015-07-30T17:33:43Z
• PR #25829: (peterdemin) Fixed typo in salt.states.saltmod.function doc string | refs: #25871
• PR #25869: (rallytime) Back-port #25788 to 2015.5 @ 2015-07-30T17:33:33Z
• ISSUE #24002: (csakoda) File lock contention on windows minions causing highstate crash | refs:
#25788
• PR #25788: (opdude) Catch a hard crash when running highstate on windows | refs: #25869
• PR #25853: (davidjb) Make ssh-id-wrapper accessible to non-root users @ 2015-07-30T16:49:47Z
• ISSUE #19532: (stolendog) salt-ssh running git clone with not root user | refs: #25853
• PR #25856: (jfindlay) expand minion reauth scalability documentation @ 2015-07-30T15:33:17Z
• ISSUE #25447: (spo0nman) SaltMaster is crippled with Minion Re-Authentication | refs: #25856
• PR #25840: (jfindlay) add note to winrepo state docs about required grain @ 2015-07-30T14:38:27Z
• ISSUE #25801: (themalkolm) Update docs that salt.states.winrepo requires roles:salt-master in grains.
| refs: #25840
• PR #25846: (jfindlay) rework deprecation documentation for release names @ 2015-07-30T13:26:21Z
• ISSUE #25827: (0xf10e) "Deprecating Code" doesn't mention Usage of warn_until() w/ Release Names |
refs: #25846
• PR #25833: (jahamn) Allows cp.push to recreate empty files @ 2015-07-29T16:14:48Z
• ISSUE #23288: (UtahDave) cp.push fails to recreate empty files. | refs: #25833
• PR #25831: (rallytime) Add salt:// to key_url options to docs for pkgrepo.managed @
2015-07-29T15:38:43Z
• ISSUE #11474: (JensRantil) pkgrepo.managed key_url: salt:// always use base env | refs: #25831
• PR #25807: (rallytime) Provide helpful error when using actions with a mapfile @ 2015-07-29T15:30:15Z
• ISSUE #22699: (arthurlogilab) salt-cloud fails on KeyError when given a nonexistent action | refs:
#25807
• PR #25818: (jfindlay) fix autoruns list @ 2015-07-29T15:29:20Z
• PR #25826: (anlutro) Check that "onchanges" is a list @ 2015-07-29T15:00:28Z
• PR #25798: (twangboy) Fixed stacktrace on package name not found @ 2015-07-28T22:40:14Z
• ISSUE #25258: (nickw8) windows minion repo not updating | refs: #25798
• PR #25797: (twangboy) Changed repocache back to cached_repo @ 2015-07-28T22:39:32Z
• ISSUE #25437: (lorengordon) Stacktrace on Windows when running pkg.list_pkgs | refs: #25598 #25763
• PR #25763: (twangboy) Fix 25437 | refs: #25797
• PR #25793: (rallytime) Back-port #25730 to 2015.5 @ 2015-07-28T19:37:34Z
• PR #25730: (sjorge) patchelf lives in pkgsrc | refs: #25793
• PR #25792: (rallytime) Back-port #25688 to 2015.5 @ 2015-07-28T19:37:17Z
• PR #25688: (bclermont) Don't acquire lock if there is no formatter | refs: #25792
• PR #25796: (cachedout) Remove debug from docs @ 2015-07-28T17:35:59Z
• PR #25749: (jahamn) Allow zpool.create on character devices @ 2015-07-28T16:01:40Z
• ISSUE #24920: (voileux) module.zpool.create on character device is not possible by salt | refs:
#25749
• PR #25685: (twangboy) Fixed regex issues with comment and uncomment @ 2015-07-28T15:29:49Z
• PR #25763: (twangboy) Fix 25437 | refs: #25797 @ 2015-07-28T15:29:27Z
• ISSUE #25437: (lorengordon) Stacktrace on Windows when running pkg.list_pkgs | refs: #25598 #25763
• PR #25752: (thatch45) State top saltenv @ 2015-07-28T01:02:10Z
• PR #25755: (twangboy) Fixed problem with dunder functions not being passed @ 2015-07-27T19:31:22Z
• ISSUE #25717: (twangboy) Problem with chocolatey module not loading | refs: #25755
• PR #25648: (twangboy) Clarified functionality of reg module, fixed state to work with new module @
2015-07-27T19:30:33Z
• ISSUE #25352: (m03) reg.absent reporting incorrect results | refs: #25648
• ISSUE #1: (thatch45) Enable regex on the salt cli
• PR #25740: (rallytime) Back-port #25722 to 2015.5 @ 2015-07-27T16:08:40Z
• ISSUE #25154: (uvsmtid) All data mixed on STDOUT together should generate valid JSON output | refs:
#25722
• ISSUE #25153: (uvsmtid) Multiple results should generate valid JSON output | refs: #25722
• PR #25722: (uvsmtid) Minor docs changes to emphasize JSON output problems without --static option |
refs: #25740
• PR #25739: (rallytime) Back-port #25709 to 2015.5 @ 2015-07-27T16:08:27Z
• PR #25709: (colekowalski) add direct-io-mode to mount_invisible_options | refs: #25739
• PR #25699: (rallytime) Back-port #25660 to 2015.5 | refs: #25709
• PR #25660: (colekowalski) add glusterfs' direct-io-mode to mount_invisible_keys | refs: #25699 #25709
• PR #25738: (rallytime) Back-port #25671 to 2015.5 @ 2015-07-27T16:08:23Z
• PR #25671: (niq000) added a parameter so verifying SSL is now optional instead of hard-coded | refs:
#25738
• PR #25737: (rallytime) Back-port #25608 to 2015.5 @ 2015-07-27T16:08:18Z
• ISSUE #25229: (rall0r) Module git.latest kills target directory when test=True | refs: #25608
• PR #25608: (rall0r) Fix: prevent git.latest from removing target | refs: #25737
• PR #25733: (davidjb) Avoid IndexError when listing mounts if mount output ends in newline @
2015-07-27T16:08:05Z
• PR #25705: (blackduckx) Support for setm augeas command. @ 2015-07-27T16:07:10Z
• ISSUE #22460: (onmeac) Command setm is not supported (yet) | refs: #25705
• PR #25703: (cachedout) Return to str for master_type for 2015.5 @ 2015-07-27T16:06:22Z
• PR #25702: (twangboy) Fixed win_user module for groups with spaces in the name @ 2015-07-27T15:06:33Z
• ISSUE #25144: (johnccfm) user.present on Windows fails to add user to groups if group name contains a
space | refs: #25702
• PR #25711: (twangboy) Fixed problem with win_servermanager.list_installed @ 2015-07-27T15:05:48Z
• ISSUE #25351: (m03) win_servermanager.list_installed failing with "IndexError: list index out of
range" | refs: #25711
• PR #25714: (cachedout) Display warning when progressbar can't be loaded @ 2015-07-25T00:10:13Z
• ISSUE #25435: (yee379) progressbar dependency missing | refs: #25714
• PR #25699: (rallytime) Back-port #25660 to 2015.5 | refs: #25709 @ 2015-07-24T22:11:40Z
• PR #25660: (colekowalski) add glusterfs' direct-io-mode to mount_invisible_keys | refs: #25699 #25709
• PR #25694: (s0undt3ch) Salt-SSH fix for #25689 @ 2015-07-24T21:41:57Z
• ISSUE #25689: (anlutro) Minion log in salt-ssh | refs: #25694
• PR #25710: (jahamn) Integration Testcase for Issue 25250 @ 2015-07-24T20:57:33Z
• ISSUE #25250: (wipfs) 'force' option in copy state deletes target file | refs: #25461 #25710
• PR #25680: (basepi) [2015.5] Move cmd.run jinja aliasing to a wrapper class to prevent side effects @
2015-07-24T19:52:10Z
• PR #25049: (terminalmage) Fix cmd.run when cross-called in a state/execution module | refs: #25680
• PR #25682: (basepi) [2015.5] Fix parsing args with just a hash (#) @ 2015-07-24T19:52:01Z
• PR #25695: (stanislavb) Configurable AWS region & region from IAM metadata @ 2015-07-24T19:36:40Z
• PR #25645: (kev009) Fix pkgng provider to work with a sources list and the underlying pkg… @
2015-07-24T16:33:18Z
• PR #25677: (aneeshusa) Fix pacman.list_upgrades when refresh=True. @ 2015-07-24T16:30:06Z
• PR #25675: (UtahDave) Use OS line endings with contents on file.managed @ 2015-07-24T16:29:50Z
• ISSUE #25674: (UtahDave) file.managed with contents parameter uses wrong line endings on Windows |
refs: #25675
• PR #25676: (basepi) Update release candidate docs to 2015.8.0rc2 @ 2015-07-23T20:29:37Z
• PR #25666: (nmadhok) Check if the properties exist before looping over them causing KeyError @
2015-07-23T17:55:40Z
• ISSUE #25665: (nmadhok) salt-cloud VMware driver fails with KeyErrors if there's any existing machine
in the VMware infrastructure in (invalid state) | refs: #25666
• PR #25656: (anlutro) Fix locale detection in debian/gentoo @ 2015-07-23T16:46:40Z
• PR #25661: (rallytime) Back-port #25624 to 2015.5 @ 2015-07-23T16:26:48Z
• PR #25624: (bobrik) Fix typo in get_routes example for debian_ip | refs: #25661
• PR #25662: (rallytime) Back-port #25638 to 2015.5 @ 2015-07-23T16:26:40Z
• ISSUE #15209: (hubez) file.manage: source_hash not working with s3:// (2014.7.0rc1) | refs: #25638
• PR #25638: (TronPaul) fix bad merge in 99fc7ec | refs: #25662
• PR #25644: (cachedout) pillar doc fix @ 2015-07-22T22:57:23Z
• ISSUE #25413: (zizkebab) pillar_opts default behavior is not reflected in the docs | refs: #25644
• PR #25642: (cachedout) Warn on pillar schedule delete @ 2015-07-22T22:04:12Z
• ISSUE #25540: (dennisjac) salt highstate schedule cannot be removed | refs: #25642
• PR #25598: (twangboy) Fixed problem trying to load file with name of boolean type @
2015-07-22T17:07:49Z
• ISSUE #25437: (lorengordon) Stacktrace on Windows when running pkg.list_pkgs | refs: #25598 #25763
• 7b79e433 Merge pull request #25598 from twangboy/fix_25437
• PR #25604: (terminalmage) Move patching of mock_open to within test @ 2015-07-22T16:53:55Z
• ISSUE #25323: (terminalmage) unit.modules.tls_test fails with older mock | refs: #25604
• PR #25609: (s0undt3ch) [2015.5] Update the bootstrap script to latest release v2015.07.22 @
2015-07-22T16:28:52Z
• ISSUE #630: (syphernl) Allow for an include statement in config files | refs: #25609
• PR #627: (chjohnst) add saltversion grain | refs: #25609
• PR #25603: (terminalmage) Add version_cmp function to yumpkg.py @ 2015-07-22T15:42:29Z
• ISSUE #21912: (rvora) pkg.latest not updating the package on CentOS though yum reports an update
available | refs: #25603
• PR #25590: (garethgreenaway) 2015.5 scheduled jobs return data @ 2015-07-21T21:57:42Z
• ISSUE #25560: (dennisjac) scheduled highstate runs don't return results to the job cache | refs:
#25590
• PR #25584: (rallytime) Back-port #24054 and #25576 to 2015.5 @ 2015-07-21T21:16:38Z
• PR #25576: (pcn) s3fs breaks when fetching files from s3 | refs: #25584
• PR #24054: (mgwilliams) s3.head: return useful data | refs: #25584
• PR #25589: (jahamn) Fixes ssh_known_host not taking port into account @ 2015-07-21T21:15:06Z
• ISSUE #23626: (mirko) salt state 'ssh_known_hosts' doesn't take 'port' into account | refs: #25589
• PR #25573: (EvaSDK) Do not execute bootstrap script twice @ 2015-07-21T18:20:04Z
• PR #25465: (EvaSDK) 2015.5.3 LXC module fixes | refs: #25573
• PR #25580: (attiasr) use explicit utf-8 decoding (#25532) @ 2015-07-21T15:40:49Z
• ISSUE #25532: (attiasr) salt/modules/win_pkg.py list_pkgs is broken (encoding issues) | refs: #25556
#25580
• PR #25568: (twangboy) Fixed win_useradd module to add fullname @ 2015-07-21T14:30:25Z
• ISSUE #25206: (jfindlay) fullname issues with user.add state on windows | refs: #25568
• PR #25561: (twangboy) Fixed the gem module to work on windows... without injection @
2015-07-20T21:12:15Z
• ISSUE #21041: (deuscapturus) state module gem.installed not working on Windows. | refs: #25430
#25561 #25428
• PR #25428: (twangboy) Fixed the gem module to work on windows | refs: #25561
• PR #25521: (cachedout) Fix outputter for state.orch @ 2015-07-20T19:30:14Z
• PR #25563: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-07-20T19:27:36Z
• PR #25416: (cachedout) Fix broken keyword
• PR #25559: (cachedout) Lint win_pkg @ 2015-07-20T17:46:29Z
• PR #25556: (attiasr) fix for #25532 @ 2015-07-20T17:45:11Z
• ISSUE #25532: (attiasr) salt/modules/win_pkg.py list_pkgs is broken (encoding issues) | refs: #25556
#25580
• PR #25554: (jfindlay) verify_ssl=True for s3 ext pillar @ 2015-07-20T17:43:38Z
• ISSUE #25538: (stanislavb) S3 ext_pillar configuration requires verify_ssl | refs: #25554
• PR #25551: (rallytime) Backport #25530 to 2015.5 @ 2015-07-20T17:43:00Z
• PR #25530: (andre-luiz-dos-santos) The variable name must be last | refs: #25551
• PR #25533: (attiasr) port 445 for windows bootstraping @ 2015-07-20T15:13:06Z
• PR #25525: (gtmanfred) add make _prepare an alias for postinitio @ 2015-07-20T15:12:38Z
• ISSUE #25432: (gtmanfred) [2015.5.3][raet] raet error with SaltRaetRoadStackJoiner | refs: #25525
• PR #25519: (rallytime) Backport vmware driver to 2015.5 branch @ 2015-07-20T15:11:26Z
• ISSUE #25511: (rallytime) Make provider --> driver change backward compatible | refs: #25519 #25519
• ISSUE #23574: (CedNantes) Failed to Deploy Salt-Minion on a Win 2012 R2 using wmware Cloud Driver
from Develop branch | refs: #25519
• PR #25542: (Oro) Fix hipchat.send_message when using API v2 @ 2015-07-20T15:09:13Z
• PR #25531: (rallytime) Back-port #25529 to 2015.5 @ 2015-07-18T19:16:10Z
• PR #25529: (davidjb) Fix minor typo in best practice example | refs: #25531
• PR #25528: (davidjb) Fix typo in extend declaration doco @ 2015-07-18T14:22:06Z
• PR #25517: (rallytime) Back-port #25486 to 2015.5 @ 2015-07-17T21:49:26Z
• ISSUE #25486: (whiteinge) Highstate outputter not used for state.apply | refs: #25517
• PR #25485: (attiasr) fix file downloads on windows
• PR #25516: (rallytime) Back-port #25483 to 2015.5 @ 2015-07-17T21:49:05Z
• ISSUE #25479: (alexandrsushko) multiple mount.mounted of one device | refs: #25483
• PR #25483: (alexandrsushko) Added 'none' to the set of specialFSes | refs: #25516
• PR #25513: (garethgreenaway) fixes to schedule.add documentation in 2015.5 @ 2015-07-17T17:03:24Z
• ISSUE #25493: (blackduckx) Issue with job_args on schedule.add command | refs: #25513
• PR #25465: (EvaSDK) 2015.5.3 LXC module fixes | refs: #25573 @ 2015-07-17T15:57:54Z
• PR #25506: (s0undt3ch) [2015.5] Update bootstrap script to latest stable release, v2015.07.17 @
2015-07-17T15:40:38Z
• ISSUE #25456: (julienlavergne) [2015.8.0rc1] salt-bootstrap fails to install salt master | refs:
#25506
• ISSUE #25270: (iggy) [2015.8.0rc1] salt-bootstrap fails to properly install a minion | refs: #25506
• ISSUE #625: (whiteinge) cmd.run state user flag is not working | refs: #25506 #632
• ISSUE #611: (fatbox) Peer interface fails to return data occasionally | refs: #25506
• ISSUE #607: (thatch45) next level -X support | refs: #25506
• ISSUE #598: (syphernl) Explanation on how to execute interactive installs | refs: #25506
• ISSUE #455: (whiteinge) Document common troubleshooting tips | refs: #25506
• PR #624: (chjohnst) Docs are not correct with network.ping as args are not supported | refs: #25506
• PR #621: (akoumjian) Adding ec2 cloud-init bootstrap docs | refs: #25506
• PR #606: (terminalmage) need empty line before code blocks. added ones that were missing. | refs:
#25506
• PR #602: (terminalmage) State-related documentation changes | refs: #25506
• PR #25498: (jfindlay) only read /proc/1/cmdline if it exists @ 2015-07-17T15:35:33Z
• ISSUE #25454: (mschiff) Regression: salt 2015.5 not working in secure chroot anymore. | refs: #25498
• PR #25487: (rallytime) Back-port #25464 to 2015.5 @ 2015-07-16T16:58:36Z
• PR #25464: (jquast) docfix: "cache_jobs: False" => grains_cache: False" | refs: #25487
• PR #25482: (oeuftete) Fix docker.running detection of running container @ 2015-07-16T16:58:29Z
• PR #2015: (thekuffs) Esky / bbfreeze support
• PR #25468: (joejulian) Add support for pyOpenSSL > 0.10 @ 2015-07-16T15:10:30Z
• ISSUE #25384: (rickh563) pyopenssl 0.14 requirement in 2015.5.3 does not work in RHEL6 : ZD-364 |
refs: #25468
• PR #25467: (rallytime) Add lxml dependency to opennebula docs @ 2015-07-16T15:09:57Z
• PR #25461: (jahamn) Update file, if force option and content not same @ 2015-07-15T20:15:07Z
• ISSUE #25250: (wipfs) 'force' option in copy state deletes target file | refs: #25461 #25710
• ISSUE #24647: (nmadhok) salt.states.file.copy does not copy the file if it already exists with
force=True | refs: #25461
• PR #25438: (rallytime) Reduce digital_ocean_v2 API call frequency @ 2015-07-15T19:40:18Z
• ISSUE #25431: (namcois) Digital Ocean v2 reducing API calls by adding per_page | refs: #25438
• PR #25457: (jacksontj) Saltnado @ 2015-07-15T17:50:12Z
• PR #25427: (tony-cocco) Saltnado runner client results in blocking call despite being set-up as
Runner.async | refs: #25457
• PR #25459: (jahamn) Fixed 'defulats' typo in verify.py @ 2015-07-15T16:53:06Z
• PR #25426: (jquast) bugfix: trailing "...done" in rabbitmq output (backport from 'develop' to 2015.5) @
2015-07-15T14:48:05Z
• PR #25433: (jleroy) Support for IPv6 addresses scopes in network.interfaces (ifconfig) @
2015-07-15T14:44:09Z
• PR #25151: (jleroy) Support for IPv6 addresses scopes in network.interfaces | refs: #25274 #25433
• PR #25430: (twangboy) Disabled rbenv execution module for Windows @ 2015-07-15T14:41:18Z
• ISSUE #21041: (deuscapturus) state module gem.installed not working on Windows. | refs: #25430
#25561 #25428
• ISSUE #1846: (seanchannel) development dependencies
• PR #25420: (techhat) Move S3 to use AWS Signature Version 4 @ 2015-07-14T22:03:09Z
• PR #25418: (twangboy) Fixed problem with file.managed test=True @ 2015-07-14T21:26:59Z
• ISSUE #20441: (deuscapturus) State module file.managed returns an error on Windows and test=Test |
refs: #25418
• PR #25417: (ahus1) extended documentation about dependencies for dig module @ 2015-07-14T20:49:51Z
• PR #25411: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-07-14T17:55:26Z
• PR #25375: (cachedout) Fix error in config.py for master_type
• PR #25324: (jacobhammons) Latest help theme updates
• PR #25406: (anlutro) Force arguments to aptpkg.version_cmp into strings @ 2015-07-14T16:15:41Z
• PR #25408: (rallytime) Back-port #25399 to 2015.5 @ 2015-07-14T16:09:06Z
• PR #25399: (jarpy) Demonstrate per-minion client_acl. | refs: #25408
• PR #25240: (tankywoo) file make os.walk only be called one @ 2015-07-14T16:04:49Z
• PR #25395: (rallytime) Back-port #25389 to 2015.5 @ 2015-07-14T03:26:34Z
• PR #25389: (l2ol33rt) Adding entropy note for gpg renderer | refs: #25395
• PR #25392: (rallytime) Back-port #25256 to 2015.5 @ 2015-07-14T03:25:13Z
• PR #25256: (yanatan16) Don't assume source_hash exists | refs: #25392
• PR #25398: (twangboy) Fix date @ 2015-07-14T03:21:17Z
• PR #25397: (GideonRed) Introduce standard error output when cli exits with non-zero status @
2015-07-14T03:20:24Z
• PR #25386: (cachedout) Lint #25383 @ 2015-07-13T21:01:10Z
• ISSUE #24444: (michaelkrupp) file.managed does not handle dead symlinks | refs: #25383
• PR #25383: (jahamn) Fix manage_file function in salt/modules/file.py to handle broken sym…
• PR #25383: (jahamn) Fix manage_file function in salt/modules/file.py to handle broken sym… @
2015-07-13T20:58:23Z
• ISSUE #24444: (michaelkrupp) file.managed does not handle dead symlinks | refs: #25383
• PR #25369: (anlutro) Fix aptpkg.version_cmp @ 2015-07-13T20:18:45Z
• PR #25379: (jfindlay) check for cwd before getting it @ 2015-07-13T19:50:27Z
• ISSUE #25337: (eliasp) salt-call from non-existend cwd backtraces | refs: #25379
• PR #25334: (jfindlay) return all cmd info back to zypper fcn @ 2015-07-13T17:03:29Z
• ISSUE #25320: (podloucky-init) zypper module list_upgrades broken (2015.5.2) | refs: #25334
• PR #25339: (jfindlay) update orchestration docs @ 2015-07-13T16:04:26Z
• PR #25358: (dkiser) Deep merge of pillar lists | refs: #26016 @ 2015-07-13T15:51:01Z
• ISSUE #22241: (masterkorp) Salt master not properly generating the map | refs: #25358
• PR #25346: (bechtoldt) set correct indention in states/requisites.rst (docs), fixes #25281 @
2015-07-13T15:34:45Z
• ISSUE #25281: (shinshenjs) Unless usage in Official Doc syntax error?
• PR #25336: (terminalmage) Don't try to read init binary if it wasn't found @ 2015-07-13T09:45:30Z
• PR #25350: (davidjb) Fix documentation for file.blockreplace @ 2015-07-13T03:41:20Z
• PR #25326: (rallytime) Back-port #20972 to 2015.5 @ 2015-07-10T18:49:44Z
• ISSUE #19288: (oba11) AssociatePublicIpAddress doesn't work with salt-cloud 2014.7.0 | refs: #20972
#25326
• PR #20972: (JohannesEbke) Fix interface cleanup when using AssociatePublicIpAddress in #19288 | refs:
#25326
• PR #25327: (rallytime) Back-port #25290 to 2015.5 @ 2015-07-10T18:49:37Z
• ISSUE #24433: (chrimi) Salt locale state fails, if locale has not been generated | refs: #25290
• PR #25290: (pcdummy) Simple fix for locale.present on Ubuntu. | refs: #25327
• PR #25328: (rallytime) Back-port #25309 to 2015.5 @ 2015-07-10T17:22:59Z
• ISSUE #24827: (yermulnik) locale.present doesn't generate locales | refs: #25309
• PR #25309: (davidjb) Format /etc/locale.gen correctly in salt.modules.localemod.gen_locale | refs:
#25328
• PR #25322: (jacobhammons) version change to 2015.5.3 @ 2015-07-10T16:11:24Z
• PR #25308: (jacksontj) Make clear commands trace level logging @ 2015-07-10T14:20:06Z
• PR #24737: (jacksontj) Move AES command logging to trace | refs: #25308
• PR #25269: (jfindlay) Extract tomcat war version @ 2015-07-10T01:28:21Z
• ISSUE #24520: (nvx) Tomcat module fails to extract version number from snapshot builds (2015.5
regression) | refs: #24927
• PR #24927: (egarbi) Tomcat module fails to extract version number from snapshot builds #2… | refs:
#25269
• PR #25238: (DmitryKuzmenko) Pillarenv backport 2015.5 @ 2015-07-10T01:25:07Z
• ISSUE #18808: (amendlik) Add command line argument to select pillar environment | refs: #25238
• PR #23719: (DmitryKuzmenko) Support pillarenv cmdline in state.sls
• PR #25299: (twangboy) Added -NonInteractive so powershell doesn't hang waiting for input @
2015-07-09T21:00:16Z
• ISSUE #13943: (Supermathie) Powershell commands that expect input hang forever | refs: #25299
• PR #25301: (jacobhammons) bug fix for module function display in help @ 2015-07-09T20:46:34Z
• PR #25279: (jacobhammons) Additional docs on external and master job cache, assorted doc fixes @
2015-07-09T16:46:26Z
• ISSUE #25277: (jacobhammons) CherryPy recommended versions | refs: #25279
• PR #25274: (jleroy) Fix for issue #25268 @ 2015-07-09T13:36:26Z
• ISSUE #25268: (lichtamberg) Salt not working anymore in 2015.8/develop: ValueError: 'scope' is not in
list | refs: #25274
• PR #25151: (jleroy) Support for IPv6 addresses scopes in network.interfaces | refs: #25274 #25433
• PR #25272: (twangboy) Fixed problem with service not starting @ 2015-07-08T23:29:48Z
• PR #25225: (nmadhok) Backporting fix for issue #25223 on 2015.5 branch @ 2015-07-08T15:16:18Z
• ISSUE #25223: (nmadhok) Runner occasionally fails with a RuntimeError when fired by a reactor | refs:
#25225
• PR #25214: (rallytime) A couple of doc fixes for the http tutorial @ 2015-07-07T22:23:07Z
• PR #25194: (rallytime) Update moto version check in boto_vpc_test and update min version @
2015-07-07T18:27:32Z
• ISSUE #24272: (rallytime) Fix boto_vpc_test moto version check | refs: #25194
• PR #25205: (basepi) Update releasecandidate docs @ 2015-07-07T15:25:24Z
• PR #25187: (UtahDave) Doc fixes: Fix misspelling and remove extraneous double spaces @
2015-07-07T01:07:04Z
• PR #25182: (cachedout) Try to re-pack long floats as strs @ 2015-07-07T01:06:43Z
• PR #25185: (rallytime) Back-port #25128 to 2015.5 @ 2015-07-07T00:58:00Z
• ISSUE #23822: (sidcarter) Zip file extracted permissions are incorrect | refs: #25128
• PR #25128: (stanislavb) Use cmd_unzip to preserve permissions | refs: #25185
• PR #25181: (rallytime) Back-port #25102 to 2015.5 @ 2015-07-07T00:57:13Z
• PR #25102: (derBroBro) Update win_network.py | refs: #25181
• PR #25179: (rallytime) Back-port #25059 to 2015.5 @ 2015-07-07T00:56:44Z
• ISSUE #24301: (iggy) influxdb_user and influxdb_database states need virtual functions | refs: #25059
• PR #25059: (babilen) Add virtual functions to influxdb state modules | refs: #25179
• PR #25196: (twangboy) Fixed #18919 false-positive on pkg.refresh @ 2015-07-07T00:24:13Z
• ISSUE #18919: (giner) Windows: pkg.refresh_db returns false-positive success | refs: #25196
• PR #25180: (rallytime) Back-port #25088 to 2015.5 @ 2015-07-06T20:33:45Z
• PR #25088: (supertom) Update | refs: #25180
• PR #25191: (basepi) Add extrndest back to fileclient.is_cached in 2015.5 @ 2015-07-06T19:35:24Z
• PR #25117: (basepi) Fix fileclient.is_cached | refs: #25191
• PR #25175: (rallytime) Back-port #25020 to 2015.5 @ 2015-07-06T18:53:19Z
• ISSUE #25016: (martinhoefling) salt-run doc.execution fails with AttributeError
• PR #25020: (martinhoefling) Fix for issue #25016 | refs: #25175
• PR #25173: (rallytime) Partial back-port of #25019 @ 2015-07-06T18:52:59Z
• ISSUE #21879: (bechtoldt) Reference pages in documentation are outdated again | refs: #25019
• ISSUE #19262: (bechtoldt) salt.pillar.file_tree doesn't appear in the documentation | refs: #25019
• PR #25019: (bechtoldt) add missing module documentation to references | refs: #25173
• PR #24421: (bechtoldt) add missing module documentation | refs: #25019
• PR #21880: (bechtoldt) update references, fixes #21879 | refs: #25019
• PR #20039: (bechtoldt) completing some doc references | refs: #25019
• PR #25171: (rallytime) Back-port #25001 to 2015.5 @ 2015-07-06T18:51:53Z
• PR #25001: (jasonkeene) Add docs for key arg in ssh_known_hosts.present | refs: #25171
• PR #25170: (rallytime) Back-port #24982 to 2015.5 @ 2015-07-06T16:34:43Z
• PR #24982: (asyncsrc) ec2 network_interfaces fix | refs: #25170
• PR #25161: (aneeshusa) Allow checking for non-normalized systemd units. @ 2015-07-06T15:15:31Z
• PR #25151: (jleroy) Support for IPv6 addresses scopes in network.interfaces | refs: #25274 #25433 @
2015-07-06T14:43:03Z
• PR #25166: (cachedout) Lint #25149 @ 2015-07-06T14:40:29Z
• ISSUE #24979: (mavenAtHouzz) [Discussion] Support for more than 1 netapi.rest_tornado server process
| refs: #25149
• PR #25149: (jacksontj) Saltnado multiprocess support | refs: #25166
• PR #25149: (jacksontj) Saltnado multiprocess support | refs: #25166 @ 2015-07-06T14:38:43Z
• ISSUE #24979: (mavenAtHouzz) [Discussion] Support for more than 1 netapi.rest_tornado server process
| refs: #25149
• PR #25120: (d--j) add missing continue for exception case @ 2015-07-02T19:38:45Z
• PR #25117: (basepi) Fix fileclient.is_cached | refs: #25191 @ 2015-07-02T19:38:26Z
• PR #25087: (0xf10e) Fix execution module for glance - now based on 2015.5! @ 2015-07-02T19:36:27Z
• PR #25129: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-07-02T17:37:40Z
• ISSUE #18447: (ryan-lane) Can't install salt with raet using pip -e git
• PR #25093: (jaybocc2) quick fix for issue #18447
• PR #25069: (puneetk) Add a helper module function called list_enabled
• PR #25114: (jfindlay) Revert "Revert "adding states/postgres_database unit test case."" @
2015-07-02T01:01:29Z
• PR #24798: (jtand) Revert "adding states/postgres_database unit test case." | refs: #25114
• PR #24329: (jayeshka) adding states/postgres_database unit test case. | refs: #24798
• PR #24362: (jayeshka) adding states/postgres_user unit test case. @ 2015-07-01T21:45:31Z
• PR #24361: (jayeshka) adding states/postgres_schema unit test case. @ 2015-07-01T21:44:56Z
• PR #24331: (jayeshka) adding states/postgres_extension unit test case. @ 2015-07-01T21:43:58Z
• PR #26486: (thusoy) Git: Don't leak https user/pw to log @ 2015-08-20T16:04:52Z
• ISSUE #26484: (thusoy) Git state leaks HTTPS user/pw to log | refs: #26486
• ISSUE #26482: (thusoy) Git states doesn't allow user-only auth | refs: #26483
• PR #26483: (thusoy) Handle user-only http auth in git module | refs: #26486
• PR #26476: (jacobhammons) Minor doc bug fixes @ 2015-08-19T22:52:35Z
• ISSUE #26432: (centromere) Documentation incorrectly references salt-key on the minion | refs: #26476
• ISSUE #26403: (adelcast) Grains documentation incorrectly states they are static | refs: #26476
• ISSUE #26329: (cro) Add note to eauth docs indicating default PAM service. | refs: #26476
• ISSUE #26264: (grep4linux) state trees cannot have 'dots' in the name | refs: #26476
• ISSUE #26233: (dove-young) pip install salt, then start master failed on Fedora 22 | refs: #26476
• PR #26443: (cachedout) Fix connect issue in event init @ 2015-08-19T22:50:22Z
• ISSUE #26366: (GreatSnoopy) The development tree produces hanging, 100%cpu salt-master processes |
refs: #26443
• ISSUE #26301: (waynew) CPU pegged out running salt-master (after running command) | refs: #26443
• ISSUE #25998: (driskell) Event subsystem discarding required events during --batch breaking it for
slow running commands | refs: #26000
• PR #26000: (driskell) Implement full event caching for subscribed tags | refs: #26443
• PR #26445: (cachedout) Raise clean error when no minions targeted in batch mode @ 2015-08-19T22:50:07Z
• ISSUE #26343: (jfindlay) batch error when no minions match target | refs: #26445
• PR #26483: (thusoy) Handle user-only http auth in git module | refs: #26486 @ 2015-08-19T22:47:41Z
• ISSUE #26482: (thusoy) Git states doesn't allow user-only auth | refs: #26483
• PR #26496: (jfindlay) add dateutil dependency reporting @ 2015-08-19T22:46:31Z
• PR #26494: (cachedout) Remove unnecessary debug statements @ 2015-08-19T20:46:00Z
• PR #26465: (rallytime) Back-port #26457 to 2015.5 @ 2015-08-19T16:08:16Z
• PR #26457: (arthurlogilab) docstring improvement for network.ping module execution | refs: #26465
• PR #26434: (s0undt3ch) Fix missed typo @ 2015-08-18T18:14:29Z
• PR #26430: (rallytime) List public and private ips under the correct label @ 2015-08-18T16:20:32Z
• ISSUE #26426: (alxbse) Private/public IPs are interchanged when listing nova driver cloud nodes |
refs: #26430
• PR #26431: (rallytime) Back-port #26417 to 2015.5 @ 2015-08-18T15:41:58Z
• PR #26417: (scottjpack) Changed t1 -> t2 micro | refs: #26431
• PR #26378: (stanislavb) Fix EC2 credentials from IAM roles for s3fs and s3 ext_pillar in 2015.5 @
2015-08-18T14:01:53Z
• PR #26420: (terminalmage) Only use pygit2.errors if it exists (2015.5 branch) @ 2015-08-18T14:00:01Z
• ISSUE #26245: (bradthurber) salt v2015.5.3 gitfs.py using newer pygit2 feature than required minimum
| refs: #26420
• PR #26409: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5 @ 2015-08-17T23:19:56Z
• PR #26242: (cro) Remove dead code
• PR #26216: (cro) Fix LDAP configuration issue.
• PR #26406: (jfindlay) fix syntax error in lvm exec module @ 2015-08-17T21:18:25Z
• ISSUE #26404: (ssgward) Syntax error in lvm.vg_absent state causing failure | refs: #26406
• PR #26405: (TheBigBear) dependency zip files moved to new site @ 2015-08-17T21:17:24Z
• PR #26298: (vr-jack) Keep $HOME from being interpretted by Master shell @ 2015-08-17T21:15:11Z
• PR #26324: (s0undt3ch) Salt is now pip install'able in windows @ 2015-08-17T20:41:34Z
• PR #26371: (bastiaanb) fix issue #26161: on RedHat family systems touch /var/lock/subsys/$SE… @
2015-08-17T20:39:28Z
• ISSUE #26161: (bastiaanb) salt initscripts do not set lock file in /var/lock/subsys as required on
RedHat family OSes
• PR #26402: (twangboy) Removed documentation no longer required @ 2015-08-17T20:35:37Z
• ISSUE #25801: (themalkolm) Update docs that salt.states.winrepo requires roles:salt-master in grains.
| refs: #26328
• ISSUE #25562: (jefftucker) winrepo state does not run on masterless minion | refs: #26328
• PR #26328: (twangboy) Removed salt-master role requirement | refs: #26402
• PR #26392: (rallytime) Back-port #26376 to 2015.5 @ 2015-08-17T19:39:51Z
• PR #26376: (TheBigBear) minor edit spelling | refs: #26392
• PR #26342: (rallytime) Don't call boto_elb._attributes_present if no attributes were provided @
2015-08-17T19:19:08Z
• ISSUE #16049: (ryan-lane) boto_elb.present state requires attributes argument | refs: #26342
• PR #26389: (rallytime) Back-port #26160 to 2015.5 @ 2015-08-17T19:09:16Z
• ISSUE #26155: (silenius) pip availability in states/pip_state | refs: #26160
• PR #26160: (silenius) proposed fix for #26155 | refs: #26389
• PR #26300: (jfindlay) mock pwd function calls in pw_user exec module @ 2015-08-17T18:56:41Z
• ISSUE #26266: (o-sleep) limit pw_user.getent() from returning entire corporate list | refs: #26300
• PR #26386: (jahamn) Fixes autosign_timeout usage in check_autosign_dir @ 2015-08-17T18:34:40Z
• ISSUE #24334: (afletch) autosign_timeout not honoured | refs: #26386
• PR #26328: (twangboy) Removed salt-master role requirement | refs: #26402 @ 2015-08-17T18:30:17Z
• ISSUE #25801: (themalkolm) Update docs that salt.states.winrepo requires roles:salt-master in grains.
| refs: #26328
• ISSUE #25562: (jefftucker) winrepo state does not run on masterless minion | refs: #26328
• PR #26362: (garethgreenaway) Fixes to mount state. @ 2015-08-17T17:44:55Z
• ISSUE #26327: (bradthurber) mount.mounted opts incorrect "forced unmount and mount because options
(tcp) changed" | refs: #26362
• PR #26379: (s0undt3ch) [2015.5] Backport #26353 @ 2015-08-17T17:19:29Z
• PR #26353: (sixninetynine) fixed a typo in setup.py | refs: #26379
• PR #26277: (rallytime) Handle exception when user is not found in keystone.user_get @
2015-08-14T19:41:59Z
• ISSUE #26240: (0xf10e) keystone.user_get raises exception when user is not found | refs: #26277
• PR #26326: (rallytime) Make ec2.create_snapshot return less unweildly and more relevant @
2015-08-14T19:40:47Z
• ISSUE #24484: (codehotter) clouds/ec2.py: create_snapshot throws exception | refs: #26326
• PR #26306: (rallytime) Move VM creation details dict to log.trace @ 2015-08-14T17:39:52Z
• ISSUE #16179: (UtahDave) Salt Cloud -l debug includes the entire bootstrap script twice in its output
| refs: #26306
Salt 2015.5.6 Release Notes
Version 2015.5.6 is a bugfix release for 2015.5.0.
Security Fixes
CVE-2015-6941 - win_useradd module and salt-cloud display passwords in debug log
Updated the win_useradd module return data to no longer include the password of the newly created user.
The password is now replaced with the string XXX-REDACTED-XXX. Updated the Salt Cloud debug output to no
longer display win_password and sudo_password authentication credentials.
CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug log
Updated the Git state and execution modules to no longer display HTTPS basic authentication credentials
in loglevel debug output on the Salt master. These credentials are now replaced with REDACTED in the
debug output. Thanks to Andreas Stieger <asteiger@suse.com> for bringing this to our attention.
Changes for v2015.5.5..v2015.5.6
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2015-09-30T22:22:43Z
Total Merges: 144
Changes:
• PR #27557: (jfindlay) add doc motivating mine vs grains
• PR #27515: (jfindlay) save iptables rules on SuSE
• PR #27509: (jfindlay) tell the user why the gluster module does not work
• PR #27379: (jfindlay) document and check dict type for pip env_vars
• PR #27516: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
• PR #27472: (cachedout) Change recommended schema for data field in mysql event table
• PR #27468: (cachedout) Fix 27351
• PR #27479: (aboe76) fix locale on opensuse and suse #27438
• PR #27483: (rallytime) Outputters should sync to output, not outputters, on the minion.
• PR #27484: (rallytime) Back-port #27434 and #27470 to 2015.5
• PR #27469: (twangboy) Added quotes to version numbers example
• PR #27467: (cachedout) file.managed: check contents_{pillar|grain} result
• PR #27419: (rallytime) Amend error log to include multiple tips for troubleshooting.
• PR #27426: (rallytime) Don't stacktrace if there are conflicting id errors in highstate
• PR #27408: (rallytime) Fix avail_locations function for the softlayer_hw driver in 2015.5
• PR #27410: (jacobhammons) Fix css layout Refs #27389
• PR #27336: (rallytime) [2015.5] Fixup salt-cloud logging
• PR #27358: (lorengordon) Escape search replacement text, fixes #27356
• PR #27345: (rallytime) Allow use of rst header links by separating options out from yaml example
• PR #26903: (bersace) Review defaults.get
• PR #27317: (efficks) State unzip should use unzip command instead of unzip_cmd.
• PR #27309: (rallytime) Change a value list to a comma-separated string in boto_route53.present
• PR #27311: (jfindlay) discuss replacement occurrences in file doc
• PR #27310: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
• PR #27308: (terminalmage) Fix refresh_db regression in yumpkg.py
• PR #27286: (terminalmage) Add a configurable timer for minion return retries
• PR #27278: (rallytime) Back-port #27256 to 2015.5
• PR #27277: (rallytime) Back-port #27230 to 2015.5
• PR #27253: (jfindlay) 2015.5 -> 2015.5.0
• PR #27244: (garethgreenaway) Exception in cloud.ec2.create_snapshot
• PR #27231: (jfindlay) only write cron file if it is changed
• PR #27233: (basepi) [2015.5] Add stub release notes for 2015.5.6
• PR #27208: (basepi) [2015.5] Add test.nop state
• PR #27201: (jfindlay) rename hash_hostname to hash_known_hosts
• PR #27214: (jacksontj) Correctly support https, port 443 is not a requirement
• PR #27172: (rallytime) Back-port #27150 to 2015.5
• PR #27194: (rallytime) Back-port #27180 to 2015.5
• PR #27176: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
• PR #27170: (rallytime) Update Getting Started with GCE docs to use cloud.profiles or cloud.profiles.d
examples
• PR #27167: (rallytime) Back-port #27148 to 2015.5
• PR #27168: (techhat) Add further gating of impacket library
• PR #27166: (rallytime) Allow a full-query for EC2, even if there are no profiles defined
• PR #27162: (rallytime) Be explicit in using "SoftLayer" for service queries in SoftLayer drivers
• PR #27149: (twangboy) Fixed problem with add/remove path
• PR #27147: (rallytime) Enforce bounds in the GCE Regex
• PR #27128: (eguven) don't show diff for test run if show_diff=False
• PR #27116: (jacobhammons) Update latest to 2015.8, 2015.5 is now previous
• PR #27033: (jfindlay) Merge #27019
• PR #26942: (Arabus) Fix docker.run
• PR #26977: (abh) Add support for PEERNTP network interface configuration
• PR #27023: (jfindlay) add test support for htpasswd state mod
• PR #27074: (twangboy) Replaced password with redacted when displayed
• PR #27073: (rallytime) Remove "use develop branch" warning from LXC tutorial
• PR #27054: (rallytime) Back-port #27029 to 2015.5
• PR #27053: (rallytime) Back-port #26992 to 2015.5
• PR #27052: (rallytime) Back-port #26930 to 2015.5
• PR #27049: (johanek) Run repoquery less
• PR #27070: (stanislavb) Deprecate salt.utils.iam in Carbon
• PR #27030: (jfindlay) Backport #26938
• PR #27025: (cachedout) Better try and error handling for prep_jid
• PR #27035: (terminalmage) useradd.py: Use contextmanager to prevent leaked filehandles
• PR #27034: (rallytime) Update softlayer docs for where to find apikey
• PR #27024: (rallytime) Back-port #27004 to 2015.5
• PR #27027: (rallytime) Back-port #27013 to 2015.5
• PR #27026: (rallytime) Back-port #27011 to 2015.5
• PR #26972: (twangboy) Catch the 404 error from fileclient
• PR #26951: (terminalmage) Fix timezone module for CentOS
• PR #26875: (marccardinal) LXC gateway provisioned only when IP is provided
• PR #26997: (twangboy) Fixed symlinks for windows (don't use user root)
• PR #27001: (twangboy) Added CLI Example for reg.delete_key_recursive
• PR #26996: (jacobhammons) Beacon doc updates
• PR #26868: (joejulian) Use the actual device name when checking vgdisplay
• PR #26955: (dsumsky) S3 ext_pillar module has broken caching mechanism (backport to 2015.5)
• PR #26987: (rallytime) Back-port #26966 to 2015.5
• PR #26915: (rallytime) Update Joyent Cloud Tests
• PR #26971: (rallytime) Fix a couple of typos in reactor docs
• PR #26976: (thatch45) Revert "file.symlink gets windows account instead of root"
• PR #26975: (whiteinge) Remove mocks from rest_cherrypy integration tests; fix groups check bug
• PR #26899: (twangboy) file.symlink gets windows account instead of root
• PR #26960: (rallytime) Fix bash code block formatting in CherryPy netapi docs
• PR #26940: (rallytime) Fix minor doc typo in client api
• PR #26871: (rallytime) Back-port #26852 to 2015.5
• PR #26851: (jacobhammons) states/pkgrepo examples, suse installation updates
• PR #26817: (jfindlay) modify groupadd for rhel 5
• PR #26824: (pravka) [salt-cloud] Fix creating droplet from snapshot in digital_ocean provider
• PR #26823: (joejulian) use dbus instead of localectl
• PR #26820: (jfindlay) add default param in _parse_localectl in locale mod
• PR #26821: (twangboy) Fixed user.rename function in windows
• PR #26803: (twangboy) Added check for PyMySQL if MySQLdb import fails
• PR #26815: (jfindlay) stringify linode id before performing str actions
• PR #26800: (jacobhammons) Doc bug fixes
• PR #26793: (rallytime) Don't stacktrace if "name" is specified as a minion id in a map file
• PR #26790: (rallytime) Update Saltify docs to be more accurate and helpful
• PR #26787: (jfindlay) merge #26775
• PR #26759: (terminalmage) Backport PR #26726 to 2015.5 branch
• PR #26768: (garethgreenaway) Fixes to ipset in 2015.5 for #26628
• PR #26753: (jfindlay) import elementree from _compat in ilo exec mod
• PR #26736: (twangboy) Changed import from smbconnection to smb3
• PR #26714: (jfindlay) add exception placeholder for older msgpacks
• PR #26710: (rallytime) Update GCE driver to return True, False or a new name in __virtual__()
• PR #26709: (rallytime) Ensure VM name is valid before trying to create Linode VM
• PR #26617: (terminalmage) Fix Windows failures in pip module due to raw string formatting
• PR #26700: (kev009) Ignore the first element of kern.disks split, which is the sysctl name
• PR #26695: (terminalmage) Better HTTPS basic auth redaction for 2015.5 branch
• PR #26694: (terminalmage) Backport #26693 to 2015.5
• PR #26681: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
• PR #26676: (rallytime) Back-port #26648 to 2015.5
• PR #26677: (rallytime) Back-port #26653 to 2015.5
• PR #26675: (rallytime) Back-port #26631 to 2015.5
• PR #26655: (cheng0919) Update win_dns_client.py
• PR #26662: (jacobhammons) update version to 2015.5
• PR #26651: (jfindlay) add 2015.5.4 notes to 2015.5.5 notes
• PR #26525: (jfindlay) document check_file_meta args, remove unused arg
• PR #26561: (stanislavb) Leave salt.utils.s3 location fallback to salt.utils.aws
• PR #26573: (rallytime) Don't stacktrace if using private_ips and delete_sshkeys together
• PR #26563: (rallytime) Fix error detection when salt-cloud config is missing a master's address
• PR #26641: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
• PR #26620: (rallytime) Also add -Z to script args for cloud tests
• PR #26618: (rallytime) Add script_args: '-P' to Ubuntu 14 profiles for nightly cloud tests
• PR #26612: (rallytime) Use an available image to test against
• PR #26576: (rallytime) Ensure GCE and EC2 configuration checks are correct
• PR #26580: (rallytime) Avoid race condition when assigning floating IPs to new VMs
• PR #26581: (terminalmage) Skip tests that don't work with older mock
• PR #26591: (rallytime) Back-port #26554 to 2015.5
• PR #26565: (cachedout) Fix many errors with __virtual__ in tests
• PR #26553: (rallytime) Back-port #26548 to 2015.5
• PR #26552: (rallytime) Back-port #26542 to 2015.5
• PR #26551: (rallytime) Back-port #26539 to 2015.5
• PR #26549: (rallytime) Back-port #26524 to 2015.5
• PR #26527: (jfindlay) check exists and values in boto_elb listeners
• PR #26446: (stanislavb) Fetch AWS region from EC2 instance metadata
• PR #26546: (nmadhok) Do not raise KeyError when calling avail_images if VM/template is in disconnected
state
• PR #26537: (jfindlay) Merge #26481
• PR #26528: (zmalone) Fixing encrypt to instructions in the 2015.5 branch
Salt 2015.5.7 Release Notes
NOTE:
A significant orchestrate issue #29110 was discovered during the release process of 2015.5.7, so it
has not been officially released. Please use 2015.5.8 instead.
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2015-11-13T17:11:14Z
Total Merges: 102
Changes:
• PR #28731: (garethgreenaway) Fixes to salt scheduler in 2015.5, ensuring that return_job is only used
on minion scheduler
• PR #28857: (rallytime) Back-port #28851 to 2015.5
• PR #28856: (rallytime) Back-port #28853 to 2015.5
• PR #28832: (basepi) [2015.5] Backport #28826
• PR #28833: (basepi) [2015.5] Increase the default gather_job_timeout
• PR #28829: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
• PR #28756: (MrCitron) Fix #25775
• PR #28786: (chrigl) closes #28783
• PR #28776: (rallytime) Back-port #28740 to 2015.5
• PR #28760: (dmyerscough) Fixing CherryPy key bug
• PR #28746: (rallytime) Back-port #28718 to 2015.5
• PR #28705: (cachedout) Account for new headers class in tornado 4.3
• PR #28699: (rallytime) Back-port #28670 to 2015.5
• PR #28703: (rallytime) Back-port #28690 to 2015.5
• PR #28694: (s0undt3ch) [2015.5] Update to latest bootstrap script v2015.11.09
• PR #28669: (rallytime) Use the -q argument to strip extraneous messages from rabbitmq
• PR #28645: (jacksontj) Rework minion return_retry_timer
• PR #28668: (twangboy) Fixed join_domain and unjoin_domain for Windows
• PR #28666: (jfindlay) define r_data before using it in file module
• PR #28662: (cachedout) Add note about disabling master_alive_interval
• PR #28627: (twangboy) Backport win_useradd
• PR #28617: (cachedout) Set restrictive umask on module sync
• PR #28622: (gravyboat) Update puppet module wording
• PR #28563: (s0undt3ch) [2015.5] Update to latest bootstrap script v2015.11.04
• PR #28541: (twangboy) Fixed problem with system.set_computer_name
• PR #28537: (jfindlay) decode filename to utf-8 in file.recurse state
• PR #28529: (rallytime) Update contributing and documentation pages to recommend submitting against
branches
• PR #28548: (nmadhok) [Backport] [2015.5] Tasks can be in queued state instead of running
• PR #28531: (rallytime) Add versionadded directives to virtualenv_mod state/module
• PR #28508: (twangboy) Fixed windows tests
• PR #28525: (rallytime) Fix spacing in doc examples for boto_route53 state and module
• PR #28517: (rallytime) Add state_auto_order defaults to True note to ordering docs
• PR #28512: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
• PR #28448: (gwaters) added a note to the tutorial for redhat derivatives
• PR #28406: (rallytime) Back-port #28381 to 2015.5
• PR #28413: (rallytime) Back-port #28400 to 2015.5
• PR #28366: (erchn) mark repo not enabled when pkgrepo state passes in disable: True
• PR #28373: (beverlcl) Fixing bug #28372 for use_carrier option on bonding network interfaces.
• PR #28359: (rallytime) Back-port #28358 to 2015.5
• PR #28346: (twangboy) Fix installer
• PR #28315: (gwaters) Adding a working example of setting pillar data on the cli
• PR #28211: (terminalmage) Fix for ext_pillar being compiled twice in legacy git_pillar code (2015.5
branch)
• PR #28263: (cachedout) New channel for event.send
• PR #28293: (cachedout) Minor grammar changes
• PR #28271: (gwaters) Update tutorial documentation
• PR #28280: (0xf10e) Correct Jinja function load_* to import_*
• PR #28255: (cachedout) Add __cli opt
• PR #28213: (rallytime) If record returned None, don't continue with the state. Something went wrong
• PR #28238: (basepi) [2015.5] Fix schedule.present always diffing
• PR #28174: (lorengordon) Add support for multiline regex in file.replace
• PR #28175: (twangboy) Fixes #19673
• PR #28140: (rallytime) Add OpenBSD installation documentation to 2015.5 branch
• PR #28138: (rallytime) Back-port #28130 EC2 Sizes Only portion to 2015.5
• PR #28097: (jacksontj) For all multi-part messages, check the headers. If the header is not …
• PR #28117: (rallytime) Clean up stacktrace when master can't be reached in lxc cloud driver
• PR #28110: (terminalmage) Add explanation of file_client: local setting masterless mode
• PR #28109: (rallytime) Add created reactor event to lxc cloud driver
• PR #27996: (rallytime) Don't fail if pip package is already present and pip1 is installed
• PR #28056: (rallytime) Back-port #28033 to 2015.5
• PR #28059: (rallytime) Back-port #28040 to 2015.5
• PR #28047: (cachedout) Restore FTP functionality to file client
• PR #28032: (twangboy) Fixed win_path.py
• PR #28037: (rallytime) Back-port #28003 to 2015.5
• PR #28031: (jacobhammons) Updated release notes with additional CVE information
• PR #28008: (jfindlay) platform independent line endings in hosts mod
• PR #28012: (rallytime) Clean up stack trace when something goes wrong with minion output
• PR #27995: (jacobhammons) added link to grains security FAQ to targeting and pillar topics.
• PR #27986: (jacobhammons) Changed current release to 5.6 and added CVE to release notes
• PR #27913: (pass-by-value) Set default
• PR #27876: (terminalmage) 2015.5 branch: Fix traceback when 2015.8 git ext_pillar config schema used
• PR #27726: (jfindlay) deprecate hash_hostname in favor of hash_known_hosts
• PR #27776: (jfindlay) return message when local jobs_cache not found
• PR #27766: (jfindlay) better check for debian userdel error
• PR #27758: (iggy) Remove redundant text from syslog returner
• PR #27841: (terminalmage) Detect Manjaro Linux as Arch derivative
• PR #27852: (rallytime) Back-port #27806 to 2015.5
• PR #27838: (basepi) [2015.5] Fix highstate outputter for jobs.lookup_jid
• PR #27791: (eguven) 2015.5 postgres_user groups backport
• PR #27759: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
• PR #27732: (jacobhammons) update docs for __virtual__ and __virtualname__
• PR #27747: (Sacro) Chocolatey doesn't have a help command.
• PR #27733: (jacobhammons) hardening topic - updates to docs.saltstack.com theme
• PR #27706: (jacobhammons) Assorted doc bugs
• PR #27695: (rallytime) Back-port #27671 to 2015.5
• PR #27524: (jfindlay) parse pkgng output in quiet mode for >= 1.6.1
• PR #27686: (rallytime) Back-port #27476 to 2015.5
• PR #27684: (rallytime) Back-port #27656 to 2015.5
• PR #27683: (rallytime) Back-port #27659 to 2015.5
• PR #27682: (rallytime) Back-port #27566 to 2015.5
• PR #27681: (rallytime) Back-port #25928 to 2015.5
• PR #27680: (rallytime) Back-port #27535 to 2015.5
• PR #27442: (JaseFace) Ensure we pass on the enable setting if present, or use the default of True if
not in build_schedule_item()
• PR #27641: (rallytime) Gate the psutil import and add depends doc for diskusage beacon
• PR #27644: (rallytime) Back-port #27640 to 2015.5
• PR #27612: (rallytime) Fix GCE external_ip stacktraces in 2015.5
• PR #27568: (jacobhammons) regenerated man pages
Salt 2015.5.8 Release Notes
Security Fix
CVE-2015-8034: Saving state.sls cache data to disk with insecure permissions
This affects users of the state.sls function. The state run cache on the minion was being created with
incorrect permissions. This file could potentially contain sensitive data that was inserted via jinja
into the state SLS files. The permissions for this file are now being set correctly. Thanks to @zmalone
for bringing this issue to our attention.
Changes
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2015-11-23T23:16:23Z
Total Merges: 118
Changes:
• PR #29128: (cachedout) Set a safer default value for ret in saltmod
• PR #29122: (cachedout) Fix broken state orchestration
• PR #29096: (rallytime) Back-port #29093 to 2015.5
• PR #29084: (rallytime) Back-port #29055 to 2015.5
• PR #29083: (rallytime) Back-port #29053 to 2015.5
• PR #28932: (twangboy) Fixed user.present / user.absent in windows
• PR #29011: (rallytime) Back-port #28630 to 2015.5
• PR #28982: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
• PR #28949: (whiteinge) Add sync_sdb execution function
• PR #28930: (twangboy) Added missing import mmap required by file.py
• PR #28908: (rallytime) A couple of spelling fixes for doc conventions page.
• PR #28902: (whiteinge) Fix missing JSON support for /keys endpoint
• PR #28897: (rallytime) Back-port #28873 to 2015.5
• PR #28871: (basepi) [2015.5] Fix command generation for mdadm.assemble
• PR #28864: (jfindlay) add 2015.5.7 release notes
• PR #28731: (garethgreenaway) Fixes to salt scheduler in 2015.5, ensuring that return_job is only used
on minion scheduler
• PR #28857: (rallytime) Back-port #28851 to 2015.5
• PR #28856: (rallytime) Back-port #28853 to 2015.5
• PR #28832: (basepi) [2015.5] Backport #28826
• PR #28833: (basepi) [2015.5] Increase the default gather_job_timeout
• PR #28829: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
• PR #28756: (MrCitron) Fix #25775
• PR #28786: (chrigl) closes #28783
• PR #28776: (rallytime) Back-port #28740 to 2015.5
• PR #28760: (dmyerscough) Fixing CherryPy key bug
• PR #28746: (rallytime) Back-port #28718 to 2015.5
• PR #28705: (cachedout) Account for new headers class in tornado 4.3
• PR #28699: (rallytime) Back-port #28670 to 2015.5
• PR #28703: (rallytime) Back-port #28690 to 2015.5
• PR #28694: (s0undt3ch) [2015.5] Update to latest bootstrap script v2015.11.09
• PR #28669: (rallytime) Use the -q argument to strip extraneous messages from rabbitmq
• PR #28645: (jacksontj) Rework minion return_retry_timer
• PR #28668: (twangboy) Fixed join_domain and unjoin_domain for Windows
• PR #28666: (jfindlay) define r_data before using it in file module
• PR #28662: (cachedout) Add note about disabling master_alive_interval
• PR #28627: (twangboy) Backport win_useradd
• PR #28617: (cachedout) Set restrictive umask on module sync
• PR #28622: (gravyboat) Update puppet module wording
• PR #28563: (s0undt3ch) [2015.5] Update to latest bootstrap script v2015.11.04
• PR #28541: (twangboy) Fixed problem with system.set_computer_name
• PR #28537: (jfindlay) decode filename to utf-8 in file.recurse state
• PR #28529: (rallytime) Update contributing and documentation pages to recommend submitting against
branches
• PR #28548: (nmadhok) [Backport] [2015.5] Tasks can be in queued state instead of running
• PR #28531: (rallytime) Add versionadded directives to virtualenv_mod state/module
• PR #28508: (twangboy) Fixed windows tests
• PR #28525: (rallytime) Fix spacing in doc examples for boto_route53 state and module
• PR #28517: (rallytime) Add state_auto_order defaults to True note to ordering docs
• PR #28512: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
• PR #28448: (gwaters) added a note to the tutorial for redhat derivatives
• PR #28406: (rallytime) Back-port #28381 to 2015.5
• PR #28413: (rallytime) Back-port #28400 to 2015.5
• PR #28366: (erchn) mark repo not enabled when pkgrepo state passes in disable: True
• PR #28373: (beverlcl) Fixing bug #28372 for use_carrier option on bonding network interfaces.
• PR #28359: (rallytime) Back-port #28358 to 2015.5
• PR #28346: (twangboy) Fix installer
• PR #28315: (gwaters) Adding a working example of setting pillar data on the cli
• PR #28211: (terminalmage) Fix for ext_pillar being compiled twice in legacy git_pillar code (2015.5
branch)
• PR #28263: (cachedout) New channel for event.send
• PR #28293: (cachedout) Minor grammar changes
• PR #28271: (gwaters) Update tutorial documentation
• PR #28280: (0xf10e) Correct Jinja function load_* to import_*
• PR #28255: (cachedout) Add __cli opt
• PR #28213: (rallytime) If record returned None, don't continue with the state. Something went wrong
• PR #28238: (basepi) [2015.5] Fix schedule.present always diffing
• PR #28174: (lorengordon) Add support for multiline regex in file.replace
• PR #28175: (twangboy) Fixes #19673
• PR #28140: (rallytime) Add OpenBSD installation documentation to 2015.5 branch
• PR #28138: (rallytime) Back-port #28130 EC2 Sizes Only portion to 2015.5
• PR #28097: (jacksontj) For all multi-part messages, check the headers. If the header is not …
• PR #28117: (rallytime) Clean up stacktrace when master can't be reached in lxc cloud driver
• PR #28110: (terminalmage) Add explanation of file_client: local setting masterless mode
• PR #28109: (rallytime) Add created reactor event to lxc cloud driver
• PR #27996: (rallytime) Don't fail if pip package is already present and pip1 is installed
• PR #28056: (rallytime) Back-port #28033 to 2015.5
• PR #28059: (rallytime) Back-port #28040 to 2015.5
• PR #28047: (cachedout) Restore FTP functionality to file client
• PR #28032: (twangboy) Fixed win_path.py
• PR #28037: (rallytime) Back-port #28003 to 2015.5
• PR #28031: (jacobhammons) Updated release notes with additional CVE information
• PR #28008: (jfindlay) platform independent line endings in hosts mod
• PR #28012: (rallytime) Clean up stack trace when something goes wrong with minion output
• PR #27995: (jacobhammons) added link to grains security FAQ to targeting and pillar topics.
• PR #27986: (jacobhammons) Changed current release to 5.6 and added CVE to release notes
• PR #27913: (pass-by-value) Set default
• PR #27876: (terminalmage) 2015.5 branch: Fix traceback when 2015.8 git ext_pillar config schema used
• PR #27726: (jfindlay) deprecate hash_hostname in favor of hash_known_hosts
• PR #27776: (jfindlay) return message when local jobs_cache not found
• PR #27766: (jfindlay) better check for debian userdel error
• PR #27758: (iggy) Remove redundant text from syslog returner
• PR #27841: (terminalmage) Detect Manjaro Linux as Arch derivative
• PR #27852: (rallytime) Back-port #27806 to 2015.5
• PR #27838: (basepi) [2015.5] Fix highstate outputter for jobs.lookup_jid
• PR #27791: (eguven) 2015.5 postgres_user groups backport
• PR #27759: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
• PR #27732: (jacobhammons) update docs for __virtual__ and __virtualname__
• PR #27747: (Sacro) Chocolatey doesn't have a help command.
• PR #27733: (jacobhammons) hardening topic - updates to docs.saltstack.com theme
• PR #27706: (jacobhammons) Assorted doc bugs
• PR #27695: (rallytime) Back-port #27671 to 2015.5
• PR #27524: (jfindlay) parse pkgng output in quiet mode for >= 1.6.1
• PR #27686: (rallytime) Back-port #27476 to 2015.5
• PR #27684: (rallytime) Back-port #27656 to 2015.5
• PR #27683: (rallytime) Back-port #27659 to 2015.5
• PR #27682: (rallytime) Back-port #27566 to 2015.5
• PR #27681: (rallytime) Back-port #25928 to 2015.5
• PR #27680: (rallytime) Back-port #27535 to 2015.5
• PR #27442: (JaseFace) Ensure we pass on the enable setting if present, or use the default of True if
not in build_schedule_item()
• PR #27641: (rallytime) Gate the psutil import and add depends doc for diskusage beacon
• PR #27644: (rallytime) Back-port #27640 to 2015.5
• PR #27612: (rallytime) Fix GCE external_ip stacktraces in 2015.5
• PR #27568: (jacobhammons) regenerated man pages
Salt 2015.5.9 Release Notes
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-01-08T23:02:31Z
Total Merges: 44
Changes:
• PR #30237: (jacobhammons) Updated man pages and doc version for 2015.5.9
• PR #30207: (rallytime) Use correct spacing in rabbitmq state examples
• PR #30191: (jacobhammons) Updated doc site banners
• PR #30125: (abednarik) Update user home event when createhome is set to False
• PR #30127: (jsutton) Updating documentation and example minion config for random_master/master_shuffle.
• PR #30110: (markckimball) Fixed flag sent to salt.utils.http in order for verify_ssl to work correctly
• PR #30093: (zmalone) Noting that file_roots and "state tree" should both be avoided
• PR #30097: (cachedout) Note concern about cleartext password in docs for shadow.gen_password
• PR #30089: (mpreziuso) Fixes terminology and adds more accurate details about the algorithms
• PR #30086: (cachedout) Document that gitfs needs recent libs
• PR #30070: (cachedout) Add documentation on debugging salt-ssh
• PR #30059: (mpreziuso) Fixes wrong function scope
• PR #30025: (jtand) Skipping some Boto tests until resolved moto issue
• PR #29949: (aletourneau) Enhanced netscaler docstring
• PR #29941: (cachedout) Fix spelling error in boto_vpc
• PR #29908: (cachedout) Allow kwargs to be passed to pacman provide for update func
• PR #29909: (abednarik) FreeBSD pkgng fix for non-interactive install.
• PR #29730: (rallytime) Update docker-py version requirement to 0.6.0 for dockerio.py files
• PR #29715: (rallytime) Install correct package version, if provided, for npm state.
• PR #29721: (terminalmage) Fix display of multiline strings when iterating over a list
• PR #29646: (rallytime) Don't stacktrace on kwargs.get if kwargs=None
• PR #29673: (rallytime) Default value should be False and not 'False'
• PR #29527: (jfindlay) 2015.5.7 notes: add note about not being released
• PR #29539: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
• PR #29504: (rallytime) Document userdata_file option for EC2 driver
• PR #29507: (rallytime) Switch volumes and del_*_on_destroy example ordering
• PR #29469: (abednarik) Added Documentation note in salt cloud.
• PR #29461: (dmyerscough) Fix resource limits, systemd sets the default too small
• PR #29439: (rallytime) Back-port #28656 to 2015.5
• PR #29418: (jacobhammons) Added CVE 2015-8034 to 2015.5.8 release notes
• PR #29389: (jacobhammons) updated version numbers in documentation
• PR #28501: (twangboy) Requested fixes for 26898
• PR #29348: (jtand) Fixes an file.search on python2.6
• PR #29336: (rallytime) Back-port #29276 to 2015.5
• PR #29333: (rallytime) Back-port #29280 to 2015.5
• PR #29316: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
• PR #29216: (clan) size is 0 doesn't mean no data, e.g, /proc/version
• PR #29261: (attiasr) fix incorrect reinstallation of windows pkg
• PR #29214: (cro) Doc for salt.utils.http should say verify_ssl not ssl_verify.
• PR #29204: (lorengordon) Use os.path.join to return full path to ca bundle
Salt 2014.7.0 Release Notes - Codename Helium
This release is the largest Salt release ever, with more features and commits then any previous release
of Salt. Everything from the new RAET transport to major updates in Salt Cloud and the merging of Salt
API into the main project.
IMPORTANT:
The Fedora/RHEL/CentOS salt-master package has been modified for this release. The following
components of Salt have been broken out and placed into their own packages:
• salt-syndic
• salt-cloud
• salt-ssh
When the salt-master package is upgraded, these components will be removed, and they will need to be
manually installed.
IMPORTANT:
Compound/pillar matching have been temporarily disabled for the mine and publish modules for this
release due to the possibility of inferring pillar data using pillar glob matching. A proper fix is
now in the 2014.7 branch and scheduled for the 2014.7.1 release, and compound matching and
non-globbing pillar matching will be re-enabled at that point.
Compound and pillar matching for normal salt commands are unaffected.
New Transport!
RAET Transport Option
This has been a HUGE amount of work, but the beta release of Salt with RAET is ready to go. RAET is a
reliable queuing transport system that has been developed in partnership with a number of large
enterprises to give Salt an alternative to ZeroMQ and a way to get Salt to scale well beyond tens of
thousands of servers. Unlike ZeroMQ, RAET is completely asynchronous in every aspect of its operation and
has been developed using the flow programming paradigm. This allows for many new capabilities to be added
to Salt in the upcoming releases.
Please keep in mind that this is a beta release of RAET and we hope for bugs to be worked out,
performance to be better realized and more in the 2015.5.0 release.
Simply stated, users running Salt with RAET should expect some hiccups as we hammer out the update. This
is a BETA release of Salt RAET.
For information about how to use Salt with RAET please see the tutorial.
Salt SSH Enhancements
Salt SSH has just entered a new league, with substantial updates and improvements to make salt-ssh more
reliable and easier then ever! From new features like the ansible roster and fileserver backends to the
new pypi salt-ssh installer to lowered deps and a swath of bugfixes, salt-ssh is basically reborn!
Install salt-ssh Using pip
Salt-ssh is now pip-installable!
https://pypi.python.org/pypi/salt-ssh/
Pip will bring in all of the required deps, and while some deps are compiled, they all include pure
python implementations, meaning that any compile errors which may be seen can be safely ignored.
pip install salt-ssh
Fileserver Backends
Salt-ssh can now use the salt fileserver backend system. This allows for the gitfs, hgfs, s3, and many
more ways to centrally store states to be easily used with salt-ssh. This also allows for a distributed
team to easily use a centralized source.
Saltfile Support
The new saltfile system makes it easy to have a user specific custom extended configuration.
Ext Pillar
Salt-ssh can now use the external pillar system. Making it easier then ever to use salt-ssh with teams.
No More sshpass
Thanks to the enhancements in the salt vt system, salt-ssh no longer requires sshpass to send passwords
to ssh. This also makes the manipulation of ssh calls substantially more flexible, allowing for
intercepting ssh calls in a much more fluid way.
Pure Python Shim
The salt-ssh call originally used a shell script to discover what version of python to execute with and
determine the state of the ssh code deployment. This shell script has been replaced with a pure python
version making it easy to increase the capability of the code deployment without causing platform
inconsistency issues with different shell interpreters.
Custom Module Delivery
Custom modules are now seamlessly delivered. This makes the deployment of custom grains, states,
execution modules and returners a seamless process.
CP Module Support
Salt-ssh now makes simple file transfers easier then ever! The cp module allows for files to be
conveniently sent from the salt fileserver system down to systems.
More Thin Directory Options
Salt ssh functions by copying a subset of the salt code, or salt thin down to the target system. In the
past this was always transferred to /tmp/.salt and cached there for subsequent commands.
Now, salt thin can be sent to a random directory and removed when the call is complete with the -W
option. The new -W option still uses a static location but will clean up that location when finished.
The default salt thin location is now user defined, allowing multiple users to cleanly access the same
systems.
State System Enhancements
New Imperative State Keyword Listen
The new listen and listen_in keywords allow for completely imperative states by calling the mod_watch()
routine after all states have run instead of re-ordering the states.
Mod Aggregate Runtime Manipulator
The new mod_aggregate system allows for the state system to rewrite the state data during execution. This
allows for state definitions to be aggregated dynamically at runtime.
The best example is found in the pkg state. If mod_aggregate is turned on, then when the first pkg state
is reached, the state system will scan all of the other running states for pkg states and take all other
packages set for install and install them all at once in the first pkg state.
These runtime modifications make it easy to run groups of states together. In future versions, we hope to
fill out the mod_aggregate system to build in more and more optimizations.
For more documentation on mod_aggregate, see the documentation.
New Requisites: onchanges and onfail
The new onchanges and onchanges_in requisites make a state apply only if there are changes in the
required state. This is useful to execute post hooks after changes occur on a system.
The other new requisites, onfail, and onfail_in, allow for a state to run in reaction to the failure of
another state.
For more information about these new requisites, see the requisites documentation.
Global onlyif and unless
The onlyif and unless options can now be used for any state declaration.
Use names to expand and override values
The names declaration in Salt's state system can now override or add values to the expanded data
structure. For example:
my_users:
user.present:
- names:
- larry
- curly
- moe:
- shell: /bin/zsh
- groups:
- wheel
- shell: /bin/bash
Major Features
Scheduler Additions
The Salt scheduler system has received MAJOR enhancements, allowing for cron-like scheduling and much
more granular timing routines. See here for more info.
Red Hat 7 Family Support
All the needed additions have been made to run Salt on RHEL 7 and derived OSes like CentOS and
Scientific.
Fileserver Backends in salt-call
Fileserver backends like gitfs can now be used without a salt master! Just add the fileserver backend
configuration to the minion config and execute salt-call. This has been a much-requested feature and we
are happy to finally bring it to our users.
Amazon Execution Modules
An entire family of execution modules further enhancing Salt's Amazon Cloud support. They include the
following:
• Autoscale Groups (includes state support) -- related: Launch Control states
• Cloud Watch (includes state support)
• Elastic Cache (includes state support)
• Elastic Load Balancer (includes state support)
• IAM Identity and Access Management (includes state support)
• Route53 DNS (includes state support)
• Security Groups (includes state support)
• Simple Queue Service (includes state support)
LXC Runner Enhancements
BETA The Salt LXC management system has received a number of enhancements which make running an LXC cloud
entirely from Salt an easy proposition.
Next Gen Docker Management
The Docker support in Salt has been increased at least ten fold. The Docker API is now completely exposed
and Salt ships with Docker data tracking systems which make automating Docker deployments very easy.
Peer System Performance Improvements
The peer system communication routines have been refined to make the peer system substantially faster.
SDB
Encryption at rest for configs
GPG Renderer
Encrypted pillar at rest
OpenStack Expansion
Lots of new OpenStack stuff
Queues System
Ran change external queue systems into Salt events
Multi Master Failover Additions
Connecting to multiple masters is more dynamic then ever
Chef Execution Module
Managing Chef with Salt just got even easier!
salt-api Project Merge
The salt-api project has been merged into Salt core and is now available as part of the regular
salt-master package install. No API changes were made, the salt-api script and init scripts remain
intact.
salt-api has always provided Yet Another Pluggable Interface to Salt (TM) in the form of "netapi"
modules. These are modules that bind to a port and start a service. Like many of Salt's other module
types, netapi modules often have library and configuration dependencies. See the documentation for each
module for instructions.
SEE ALSO:
The full list of netapi modules.
Synchronous and Asynchronous Execution of Runner and Wheel Modules
salt.runner.RunnerClient and salt.wheel.WheelClient have both gained complimentary cmd_sync and cmd_async
methods allowing for synchronous and asynchronous execution of any Runner or Wheel module function, all
protected using Salt's external authentication system. salt-api benefits from this addition as well.
rest_cherrypy Additions
The rest_cherrypy netapi module provides the main REST API for Salt.
Web Hooks
This release of course includes the Web Hook additions from the most recent salt-api release, which
allows external services to signal actions within a Salt infrastructure. External services such as Amazon
SNS, Travis-CI, or GitHub, as well as internal services that cannot or should not run a Salt minion
daemon can be used as first-class components in Salt's rich orchestration capabilities.
The raw HTTP request body is now available in the event data. This is sometimes required information for
checking an HMAC signature in order to verify a HTTP request. As an example, Amazon or GitHub requests
are signed this way.
Generating and Accepting Minion Keys
The /key convenience URL generates a public and private key for a minion, automatically pre-accepts the
public key on the Salt Master, and returns both keys as a tarball for download.
This allows for easily bootstrapping the key on a new minion with a single HTTP call, such as with a
Kickstart script, all using regular shell tools.
curl -sS http://salt-api.example.com:8000/keys \
-d mid=jerry \
-d username=kickstart \
-d password=kickstart \
-d eauth=pam \
-o jerry-salt-keys.tar
Fileserver Backend Enhancements
All of the fileserver backends have been overhauled to be faster, lighter, and more reliable. The VCS
backends (gitfs, hgfs, and svnfs) have also received a lot of new features.
Additionally, most config parameters for the VCS backends can now be configured on a per-remote basis,
allowing for global config parameters to be overridden for a specific gitfs/hgfs/svnfs remote.
New gitfs Features
Pygit2 and Dulwich
In addition to supporting GitPython, support for pygit2 (0.20.3 and newer) and dulwich have been added.
Provided a compatible version of pygit2 is installed, it will now be the default provider. The config
parameter gitfs_provider has been added to allow one to choose a specific provider for gitfs.
Mountpoints
Prior to this release, to serve a file from gitfs at a salt fileserver URL of salt://foo/bar/baz.txt, it
was necessary to ensure that the parent directories existed in the repository. A new config parameter
gitfs_mountpoint allows gitfs remotes to be exposed starting at a user-defined salt:// URL.
Environment Whitelisting/Blacklisting
By default, gitfs will expose all branches and tags as Salt fileserver environments. Two new config
parameters, gitfs_env_whitelist, and gitfs_env_blacklist, allow more control over which branches and tags
are exposed. More detailed information on how these two options work can be found in the Gitfs
Walkthrough.
Expanded Authentication Support
As of pygit2 0.20.3, both http(s) and SSH key authentication are supported, and Salt now also supports
both authentication methods when using pygit2. Keep in mind that pygit2 0.20.3 is not yet available on
many platforms, so those who had been using authenticated git repositories with a passphraseless key
should stick to GitPython if a new enough pygit2 is not yet available for the platform on which the
master is running.
A full explanation of how to use authentication can be found in the Gitfs Walkthrough.
New hgfs Features
Mountpoints
This feature works exactly like its gitfs counterpart. The new config parameter is called
hgfs_mountpoint.
Environment Whitelisting/Blacklisting
This feature works exactly like its gitfs counterpart. The new config parameters are called
hgfs_env_whitelist and hgfs_env_blacklist.
New svnfs Features
Mountpoints
This feature works exactly like its gitfs counterpart. The new config parameter is called
svnfs_mountpoint.
Environment Whitelisting/Blacklisting
This feature works exactly like its gitfs counterpart. The new config parameters are called
svnfs_env_whitelist and svnfs_env_blacklist.
Configurable Trunk/Branches/Tags Paths
Prior to this release, the paths where trunk, branches, and tags were located could only be in
directories named "trunk", "branches", and "tags" directly under the root of the repository. Three new
config parameters (svnfs_trunk, svnfs_branches, and svnfs_tags) allow SVN repositories which are laid out
differently to be used with svnfs.
New minionfs Features
Mountpoint
This feature works exactly like its gitfs counterpart. The new config parameter is called
minionfs_mountpoint. The one major difference is that, as minionfs doesn't use multiple remotes (it just
serves up files pushed to the master using cp.push) there is no such thing as a per-remote configuration
for minionfs_mountpoint.
Changing the Saltenv from Which Files are Served
A new config parameter (minionfs_env) allows minionfs files to be served from a Salt fileserver
environment other than base.
Minion Whitelisting/Blacklisting
By default, minionfs will expose the pushed files from all minions. Two new config parameters,
minionfs_whitelist, and minionfs_blacklist, allow minionfs to be restricted to serve files from only the
desired minions.
Pyobjects Renderer
Salt now ships with with the Pyobjects Renderer that allows for construction of States using pure Python
with an idiomatic object interface.
New Modules
In addition to the Amazon modules mentioned above, there are also several other new execution modules:
• Oracle
• Random
• Redis
• Amazon Simple Queue Service
• Block Device Management
• CoreOS etcd
• Genesis
• InfluxDB
• Server Density
• Twilio Notifications
• Varnish
• ZNC IRC Bouncer
• SMTP
New Runners
• Map/Reduce Style
• Queue
New External Pillars
• CoreOS etcd
New Salt-Cloud Providers
• Aliyun ECS Cloud
• LXC Containers
• Proxmox (OpenVZ containers & KVM)
Salt Call Change
When used with a returner, salt-call now contacts a master if --local is not specicified.
Deprecations
salt.modules.virtualenv_mod
• Removed deprecated memoize function from salt/utils/__init__.py (deprecated)
• Removed deprecated no_site_packages argument from create function (deprecated)
• Removed deprecated check_dns argument from minion_config and apply_minion_config functions (deprecated)
• Removed deprecated OutputOptionsWithTextMixIn class from salt/utils/parsers.py (deprecated)
• Removed the following deprecated functions from salt/modules/ps.py: - physical_memory_usage
(deprecated) - virtual_memory_usage (deprecated) - cached_physical_memory (deprecated) -
physical_memory_buffers (deprecated)
• Removed deprecated cloud arguments from cloud_config function in salt/config.py: - vm_config
(deprecated) - vm_config_path (deprecated)
• Removed deprecated libcloud_version function from salt/cloud/libcloudfuncs.py (deprecated)
• Removed deprecated CloudConfigMixIn class from salt/utils/parsers.py (deprecated)
Salt 2014.7.1 Release Notes
release
2015-01-12
Version 2014.7.1 is a bugfix release for 2014.7.0.
The changes include:
• Fixed gitfs serving symlinks in file.recurse states (issue 17700)
• Fixed holding of multiple packages (YUM) when combined with version pinning (issue 18468)
• Fixed use of Jinja templates in masterless mode with non-roots fileserver backend (issue 17963)
• Re-enabled pillar and compound matching for mine and publish calls. Note that pillar globbing is still
disabled for those modes, for security reasons. (issue 17194)
• Fix for tty: True in salt-ssh (issue 16847)
• Fix for supervisord states when supervisor not installed to system python (issue 18044)
• Fix for logging when log_level='quiet' for cmd.run (issue 19479)
Salt 2014.7.2 Release Notes
release
2015-02-09
Version 2014.7.2 is a bugfix release for 2014.7.0.
The changes include:
• Fix erroneous warnings for systemd service enabled check (issue 19606)
• Fix FreeBSD kernel module loading, listing, and persistence kmod (issue 197151, issue 19682)
• Allow case-sensitive npm package names in the npm state. This may break behavior for people expecting
the state to lowercase their npm package names for them. The npm module was never affected by
mandatory lowercasing. (issue 20329)
• Deprecate the activate parameter for pip.install for both the module and the state. If bin_env is
given and points to a virtualenv, there is no need to activate that virtualenv in a shell for pip to
install to the virtualenv.
• Fix a file-locking bug in gitfs (issue 18839)
• Deprecated archive_user in favor of standardized user parameter in state and added group parameter.
Salt 2014.7.3 Release Notes
release
TBA
Version 2014.7.3 is a bugfix release for 2014.7.0.
Changes:
• Multi-master minions mode no longer route fileclient operations asymetrically. This fixes the source
of many multi-master bugs where the minion would become unrepsonsive from one or more masters.
• Fix bug wherein network.iface could produce stack traces.
• net.arp will no longer be made available unless arp is installed on the system.
• Major performance improvements to Saltnado
• Allow KVM module to operate under KVM itself or VMware Fusion
• Various fixes to the Windows installation scripts
• Fix issue where the syndic would not correctly propagate loads to the master job cache.
• Improve error handling on invalid /etc/network/interfaces file in salt networking modules
• Fix bug where a response status was not checked for in fileclient.get_url
• Enable eauth when running salt in batch mode
• Increase timeout in Boto Route53 module
• Fix bugs with Salt's 'tar' module option parsing
• Fix parsing of NTP servers on Windows
• Fix issue with blockdev tuning not reporting changes correctly
• Update to the latest Salt bootstrap script
• Update Linode salt-cloud driver to use either linode-python or apache-libcloud
• Fix for s3.query function to return correct headers
• Fix for s3.head returning None for files that exist
• Fix the disable function in win_service module so that the service is disabled correctly
• Fix race condition between master and minion when making a directory when both daemons are on the same
host
• Fix an issue where file.recurse would fail at the root of an svn repo when the repo has a mountpoint
• Fix an issue where file.recurse would fail at the root of an hgfs repo when the repo has a mountpoint
• Fix an issue where file.recurse would fail at the root of an gitfs repo when the repo has a mountpoint
• Add status.master capability for Windows.
• Various fixes to ssh_known_hosts
• Various fixes to states.network bonding for Debian
• The debian_ip.get_interfaces module no longer removes nameservers.
• Better integration between grains.virtual and systemd-detect-virt and virt-what
• Fix traceback in sysctl.present state output
• Fix for issue where mount.mounted would fail when superopts were not a part of mount.active
(extended=True). Also mount.mounted various fixes for Solaris and FreeBSD.
• Fix error where datetimes were not correctly safeguarded before being passed into msgpack.
• Fix file.replace regressions. If the pattern is not found, and if dry run is False, and if backup is
False, and if a pre-existing file exists with extension .bak, then that backup file will be
overwritten. This backup behavior is a result of how fileinput works. Fixing it requires either passing
through the file twice (the first time only to search for content and set a flag), or rewriting
file.replace so it doesn't use fileinput
• VCS filreserver fixes/optimizations
• Catch fileserver configuration errors on master start
• Raise errors on invalid gitfs configurations
• set_locale when locale file does not exist (Redhat family)
• Fix to correctly count active devices when created mdadm array with spares
• Fix to correctly target minions in batch mode
• Support ssh:// urls using the gitfs dulwhich backend
• New fileserver runner
• Fix various bugs with argument parsing to the publish module.
• Fix disk.usage for Synology OS
• Fix issue with tags occurring twice with docker.pulled
• Fix incorrect key error in SMTP returner
• Fix condition which would remount loopback filesystems on every state run
• Remove requsites from listens after they are called in the state system
• Make system implementation of service.running aware of legacy service calls
• Fix issue where publish.publish would not handle duplicate responses gracefully.
• Accept Kali Linux for aptpkg salt execution module
• Fix bug where cmd.which could not handle a dirname as an argument
• Fix issue in ps.pgrep where exceptions were thrown on Windows.
Known issues:
• In multimaster mode, a minion may become temporarily unresponsive if modules or pillars are refreshed
at the same time that one or more masters are down. This can be worked around by setting 'auth_timeout'
and 'auth_tries' down to shorter periods.
Salt 2014.7.4 Release Notes
release
2015-03-30
Version 2014.7.4 is a bugfix release for 2014.7.0.
This is a security release. The security issues fixed have only been present since 2014.7.0, and only
users of the two listed modules are vulnerable. The following CVEs have been resolved:
• CVE-2015-1838 SaltStack: insecure /tmp file handling in salt/modules/serverdensity_device.py
• CVE-2015-1839 SaltStack: insecure /tmp file handling in salt/modules/chef.py
Changes:
• Multi-master minions mode no longer route fileclient operations asymetrically. This fixes the source
of many multi-master bugs where the minion would become unrepsonsive from one or more masters.
• Fix bug wherein network.iface could produce stack traces.
• net.arp will no longer be made available unless arp is installed on the system.
• Major performance improvements to Saltnado
• Allow KVM module to operate under KVM itself or VMware Fusion
• Various fixes to the Windows installation scripts
• Fix issue where the syndic would not correctly propagate loads to the master job cache.
• Improve error handling on invalid /etc/network/interfaces file in salt networking modules
• Fix bug where a response status was not checked for in fileclient.get_url
• Enable eauth when running salt in batch mode
• Increase timeout in Boto Route53 module
• Fix bugs with Salt's 'tar' module option parsing
• Fix parsing of NTP servers on Windows
• Fix issue with blockdev tuning not reporting changes correctly
• Update to the latest Salt bootstrap script
• Update Linode salt-cloud driver to use either linode-python or apache-libcloud
• Fix for s3.query function to return correct headers
• Fix for s3.head returning None for files that exist
• Fix the disable function in win_service module so that the service is disabled correctly
• Fix race condition between master and minion when making a directory when both daemons are on the same
host
• Fix an issue where file.recurse would fail at the root of an svn repo when the repo has a mountpoint
• Fix an issue where file.recurse would fail at the root of an hgfs repo when the repo has a mountpoint
• Fix an issue where file.recurse would fail at the root of an gitfs repo when the repo has a mountpoint
• Add status.master capability for Windows.
• Various fixes to ssh_known_hosts
• Various fixes to states.network bonding for Debian
• The debian_ip.get_interfaces module no longer removes nameservers.
• Better integration between grains.virtual and systemd-detect-virt and virt-what
• Fix traceback in sysctl.present state output
• Fix for issue where mount.mounted would fail when superopts were not a part of mount.active
(extended=True). Also mount.mounted various fixes for Solaris and FreeBSD.
• Fix error where datetimes were not correctly safeguarded before being passed into msgpack.
• Fix file.replace regressions. If the pattern is not found, and if dry run is False, and if backup is
False, and if a pre-existing file exists with extension .bak, then that backup file will be
overwritten. This backup behavior is a result of how fileinput works. Fixing it requires either passing
through the file twice (the first time only to search for content and set a flag), or rewriting
file.replace so it doesn't use fileinput
• VCS filreserver fixes/optimizations
• Catch fileserver configuration errors on master start
• Raise errors on invalid gitfs configurations
• set_locale when locale file does not exist (Redhat family)
• Fix to correctly count active devices when created mdadm array with spares
• Fix to correctly target minions in batch mode
• Support ssh:// urls using the gitfs dulwhich backend
• New fileserver runner
• Fix various bugs with argument parsing to the publish module.
• Fix disk.usage for Synology OS
• Fix issue with tags occurring twice with docker.pulled
• Fix incorrect key error in SMTP returner
• Fix condition which would remount loopback filesystems on every state run
• Remove requsites from listens after they are called in the state system
• Make system implementation of service.running aware of legacy service calls
• Fix issue where publish.publish would not handle duplicate responses gracefully.
• Accept Kali Linux for aptpkg salt execution module
• Fix bug where cmd.which could not handle a dirname as an argument
• Fix issue in ps.pgrep where exceptions were thrown on Windows.
Known issues:
• In multimaster mode, a minion may become temporarily unresponsive if modules or pillars are refreshed
at the same time that one or more masters are down. This can be worked around by setting 'auth_timeout'
and 'auth_tries' down to shorter periods.
• There are known issues with batch mode operating on the incorrect number of minions. This bug can be
patched with the change in Pull Request #22464.
• The fun, state, and unless keywords are missing from the state internals, which can cause problems
running some states. This bug can be patched with the change in Pull Request #22365.
Salt 2014.7.5 Release Notes
release
2015-04-16
Version 2014.7.5 is a bugfix release for 2014.7.0.
Changes:
• Fixed a key error bug in salt-cloud
• Updated man pages to better match documentation
• Fixed bug concerning high CPU usage with salt-ssh
• Fixed bugs with remounting cvfs and fuse filesystems
• Fixed bug with alowing requisite tracking of entire sls files
• Fixed bug with aptpkg.mod_repo returning OK even if apt-add-repository fails
• Increased frequency of ssh terminal output checking
• Fixed malformed locale string in localmod module
• Fixed checking of available version of package when accept_keywords were changed
• Fixed bug to make git.latest work with empty repositories
• Added **kwargs to service.mod_watch which removes warnings about enable and __reqs__ not being
supported by the function
• Improved state comments to not grow so quickly on failed requisites
• Added force argument to service to trigger force_reload
• Fixed bug to andle pkgrepo keyids that have been converted to int
• Fixed module.portage_config bug with appending accept_keywords
• Fixed bug to correctly report disk usage on windows minion
• Added the ability to specify key prefix for S3 ext_pillar
• Fixed issues with batch mode operating on the incorrect number of minions
• Fixed a bug with the proxmox cloud provider stacktracing on disk definition
• Fixed a bug with the changes dictionary in the file state
• Fixed the TCP keep alive settings to work better with SREQ caching
• Fixed many bugs within the iptables state and module
• Fixed bug with states by adding fun, state, and unless to the state runtime internal keywords listing
• Added ability to eAuth against Active Directory
• Fixed some salt-ssh issues when running on Fedora 21
• Fixed grains.get_or_set_hash to work with multiple entries under same key
• Added better explanations and more examples of how the Reactor calls functions to docs
• Fixed bug to not pass ex_config_drive to libcloud unless it's explicitly enabled
• Fixed bug with pip.install on windows
• Fixed bug where puppet.run always returns a 0 retcode
• Fixed race condition bug with minion scheduling via pillar
• Made efficiency improvements and bug fixes to the windows installer
• Updated environment variables to fix bug with pygit2 when running salt as non-root user
• Fixed cas behavior on data module -- data.cas was not saving changes
• Fixed GPG rendering error
• Fixed strace error in virt.query
• Fixed stacktrace when running chef-solo command
• Fixed possible bug wherein uncaught exceptions seem to make zmq3 tip over when threading is involved
• Fixed argument passing to the reactor
• Fixed glibc caching to prevent bug where salt-minion getaddrinfo in dns_check() never got updated
nameservers
Known issues:
• In multimaster mode, a minion may become temporarily unresponsive if modules or pillars are refreshed
at the same time that one or more masters are down. This can be worked around by setting 'auth_timeout'
and 'auth_tries' down to shorter periods.
Salt 2014.7.6 Release Notes
release
2015-05-18
Version 2014.7.6 is a bugfix release for 2014.7.0.
This release is a security release. A minor issue was found, as cited below:
• CVE-2015-4017 -- Certificates are not verified when connecting to server in the Aliyun and Proxmox
modules
Only users of the Aliyun or Proxmox cloud modules are at risk. The vulnerability does not exist in the
latest 2015.5.0 release of Salt.
Changes:
• salt.runners.cloud.action() has changed the fun keyword argument to func. Please update any calls to
this function in the cloud runner.
Extended Changelog Courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
• PR #23810: (rallytime) Backport #23757 to 2014.7 @ 2015-05-18T15:30:21Z
• PR #23757: (clan) use abspath, do not eliminating symlinks | refs: #23810
• aee00c8 Merge pull request #23810 from rallytime/bp-23757
• fb32c32 use abspath, do not eliminating symlinks
• PR #23809: (rallytime) Fix virtualport section of virt.get_nics loop @ 2015-05-18T15:30:09Z
• ISSUE #20198: (jcftang) virt.get_graphics, virt.get_nics are broken, in turn breaking other things |
refs: #23809
• PR #21487: (rallytime) Backport #21469 to 2014.7 | refs: #23809
• PR #21469: (vdesjardins) fixes #20198: virt.get_graphics and virt.get_nics calls in module virt |
refs: #21487
• 6b3352b Merge pull request #23809 from rallytime/virt_get_nics_fix
• 0616fb7 Fix virtualport section of virt.get_nics loop
• PR #23823: (gtmanfred) add link local for ipv6 @ 2015-05-17T12:48:25Z
• 188f03f Merge pull request #23823 from gtmanfred/2014.7
• 5ef006d add link local for ipv6
• PR #23802: (gtmanfred) if it is ipv6 ip_to_int will fail @ 2015-05-16T04:06:59Z
• PR #23573: (techhat) Scan all available networks for public and private IPs | refs: #23802
• f3ca682 Merge pull request #23802 from gtmanfred/2014.7
• 2da98b5 if it is ipv6 ip_to_int will fail
• PR #23488: (cellscape) LXC cloud fixes @ 2015-05-15T18:09:35Z
• ISSUE #16424: (stanvit) salt-run cloud.create fails with saltify
• d9af0c3 Merge pull request #23488 from cellscape/lxc-cloud-fixes
• 64250a6 Remove profile from opts after creating LXC container
• c4047d2 Set destroy=True in opts when destroying cloud instance
• 9e1311a Store instance names in opts when performing cloud action
• 934bc57 Correctly pass custom env to lxc-attach
• 7fb85f7 Preserve test=True option in cloud states
• 9771b5a Fix detection of absent LXC container in cloud state
• fb24f0c Report failure when failed to create/clone LXC container
• 2d9aa2b Avoid shadowing variables in lxc module
• 792e102 Allow overriding profile options in lxc.cloud_init_interface
• 42bd64b Return changes on successful lxc.create from salt-cloud
• 4409eab Return correct result when creating cloud LXC container
• 377015c Issue #16424: List all providers when creating salt-cloud instance without profile
• PR #23748: (basepi) [2014.7] Log salt-ssh roster render errors more assertively and verbosely @
2015-05-14T22:38:10Z
• ISSUE #22332: (rallytime) [salt-ssh] Add a check for host in /etc/salt/roster | refs: #23748
• 808bbe1 Merge pull request #23748 from basepi/salt-ssh.roster.host.check
• bc53e04 Log entire exception for render errors in roster
• 753de6a Log render errors in roster to error level
• e01a7a9 Always let the real YAML error through
• PR #23731: (twangboy) Fixes #22959: Trying to add a directory to an unmapped drive in windows @
2015-05-14T21:59:14Z
• ISSUE #22959: (highlyunavailable) Windows Salt hangs if file.directory is trying to write to a drive
that doesn't exist
• 72cf360 Merge pull request #23731 from twangboy/fix_22959
• 88e5495 Fixes #22959: Trying to add a directory to an unmapped drive in windows
• PR #23730: (rallytime) Backport #23729 to 2014.7 @ 2015-05-14T21:58:34Z
• PR #23729: (rallytime) Partially merge #23437 (grains fix) | refs: #23730
• PR #23437: (cedwards) Grains item patch | refs: #23729
• 2610195 Merge pull request #23730 from rallytime/bp-23729
• 1877cae adding support for nested grains to grains.item
• PR #23688: (twangboy) Added inet_pton to utils/validate/net.py for ip.set_static_ip in windows @
2015-05-14T16:15:56Z
• 3e9df88 Merge pull request #23688 from twangboy/fix_23415
• 6a91169 Fixed unused-import pylint error
• 5e25b3f fixed pylint errors
• 1a96766 Added inet_pton to utils/validate/net.py for ip.set_static_ip in windows
• PR #23680: (cachedout) Rename kwarg in cloud runner @ 2015-05-13T19:44:02Z
• ISSUE #23403: (iamfil) salt.runners.cloud.action fun parameter is replaced | refs: #23680
• 1b86460 Merge pull request #23680 from cachedout/issue_23403
• d5986c2 Rename kwarg in cloud runner
• PR #23674: (cachedout) Handle lists correctly in grains.list_prsesent @ 2015-05-13T18:34:58Z
• ISSUE #23548: (kkaig) grains.list_present produces incorrect (?) output | refs: #23674
• cd64af0 Merge pull request #23674 from cachedout/issue_23548
• da8a2f5 Handle lists correctly in grains.list_prsesent
• PR #23672: (twangboy) Fix user present @ 2015-05-13T18:30:09Z
• d322a19 Merge pull request #23672 from twangboy/fix_user_present
• 731e7af Merge branch '2014.7' of https://github.com/saltstack/salt into fix_user_present
• d6f70a4 Fixed user.present to create password in windows
• PR #23670: (rallytime) Backport #23607 to 2014.7 @ 2015-05-13T18:27:17Z
• ISSUE #23604: (Azidburn) service.dead on systemd Minion create an Error Message | refs: #23607
• PR #23607: (Azidburn) Fix for #23604. No error reporting. Exitcode !=0 are ok | refs: #23670
• 43f7025 Merge pull request #23670 from rallytime/bp-23607
• ed30dc4 Fix for #23604. No error reporting. Exitcode !=0 are ok
• PR #23661: (rallytime) Merge #23640 with whitespace fix @ 2015-05-13T15:47:30Z
• ISSUE #22141: (Deshke) grains.get_or_set_hash render error if hash begins with "%" | refs: #23640
• PR #23640: (cachedout) Add warning to get_or_set_hash about reserved chars | refs: #23661
• 0f006ac Merge pull request #23661 from rallytime/merge-23640
• 4427f42 Whitespace fix
• dd91154 Add warning to get_or_set_hash about reserved chars
• PR #23639: (cachedout) Handle exceptions raised by __virtual__ @ 2015-05-13T15:11:12Z
• ISSUE #23452: (michaelforge) minion crashed with empty grain | refs: #23639
• 84e2ef8 Merge pull request #23639 from cachedout/issue_23452
• d418b49 Syntax error!
• 45b4015 Handle exceptions raised by __virtual__
• PR #23637: (cachedout) Convert str master to list @ 2015-05-13T15:08:19Z
• ISSUE #23611: (hubez) master_type set to 'failover' but 'master' is not of type list but of type
<type 'str'> | refs: #23637
• bd9b94b Merge pull request #23637 from cachedout/issue_23611
• 56cb1f5 Fix typo
• f6fcf19 Convert str master to list
• PR #23595: (rallytime) Backport #23549 to 2014.7 @ 2015-05-12T21:19:40Z
• PR #23549: (vr-jack) Update __init__.py | refs: #23595
• f20c0e4 Merge pull request #23595 from rallytime/bp-23549
• 6efcac0 Update __init__.py
• PR #23594: (rallytime) Backport #23496 to 2014.7 @ 2015-05-12T21:19:34Z
• ISSUE #23110: (martinhoefling) Copying files from gitfs in file.recurse state fails
• PR #23496: (martinhoefling) Fix for issue #23110 | refs: #23594
• 1acaf86 Merge pull request #23594 from rallytime/bp-23496
• d5ae1d2 Fix for issue #23110 This resolves issues when the freshly created directory is removed by
fileserver.update.
• PR #23593: (rallytime) Backport #23442 to 2014.7 @ 2015-05-12T21:19:26Z
• PR #23442: (clan) add directory itself to keep list | refs: #23593
• 2c221c7 Merge pull request #23593 from rallytime/bp-23442
• 39869a1 check w/ low['name'] only
• 304cc49 another fix for file defined w/ id, but require name
• 8814d41 add directory itself to keep list
• PR #23606: (twangboy) Fixed checkbox for starting service and actually starting it @
2015-05-12T21:18:50Z
• fadd1ef Merge pull request #23606 from twangboy/fix_installer
• 038331e Fixed checkbox for starting service and actually starting it
• PR #23592: (rallytime) Backport #23389 to 2014.7 @ 2015-05-12T16:44:42Z
• ISSUE #22908: (karanjad) Add failhard option to salt orchestration | refs: #23389
• PR #23389: (cachedout) Correct fail_hard typo | refs: #23592
• 10b3f0f Merge pull request #23592 from rallytime/bp-23389
• 734cc43 Correct fail_hard typo
• PR #23573: (techhat) Scan all available networks for public and private IPs | refs: #23802 @
2015-05-12T15:22:22Z
• cd34b9b Merge pull request #23573 from techhat/novaquery
• f92db5e Linting
• 26e00d3 Scan all available networks for public and private IPs
• PR #23558: (jfindlay) reorder emerge command line @ 2015-05-12T15:17:46Z
• ISSUE #23479: (danielmorlock) Typo in pkg.removed for Gentoo? | refs: #23558
• 2a72cd7 Merge pull request #23558 from jfindlay/fix_ebuild
• 45404fb reorder emerge command line
• PR #23530: (dr4Ke) salt-ssh state: fix including all salt:// references @ 2015-05-12T15:13:43Z
• ISSUE #23355: (dr4Ke) salt-ssh: 'sources: salt://' files from 'pkg' state are not included in
salt_state.tgz | refs: #23530
• a664a3c Merge pull request #23530 from dr4Ke/fix_salt-ssh_to_include_pkg_sources
• 5df6a80 fix pylint warning
• d0549e5 salt-ssh state: fix including all salt:// references
• PR #23433: (twangboy) Obtain all software from the registry @ 2015-05-11T22:47:52Z
• ISSUE #23004: (b18) 2014.7.5 - Windows - pkg.list_pkgs - "nxlog" never shows up in output. | refs:
#23433
• 55c3869 Merge pull request #23433 from twangboy/list_pkgs_fix
• 8ab5b1b Fix pylint error
• 2d11d65 Obtain all software from the registry
• PR #23554: (jleroy) Debian: Hostname always updated @ 2015-05-11T21:57:00Z
• 755bed0 Merge pull request #23554 from jleroy/debian-hostname-fix
• 5ff749e Debian: Hostname always updated
• PR #23551: (dr4Ke) grains.append unit tests, related to #23474 @ 2015-05-11T21:54:25Z
• 6ec87ce Merge pull request #23551 from dr4Ke/grains.append_unit_tests
• ebff9df fix pylint errors
• c495404 unit tests for grains.append module function
• 0c9a323 use MagickMock
• c838a22 unit tests for grains.append module function
• PR #23474: (dr4Ke) Fix grains.append in nested dictionary grains #23411 @ 2015-05-11T18:00:21Z
• ISSUE #23411: (dr4Ke) grains.append should work at any level of a grain | refs: #23440
• PR #23440: (dr4Ke) fix grains.append in nested dictionary grains #23411 | refs: #23474
• e96c5c5 Merge pull request #23474 from dr4Ke/fix_grains.append_nested
• a01a5bb grains.get, parameter delimititer, versionadded: 2014.7.6
• b39f504 remove debugging output
• b6e15e2 fix grains.append in nested dictionary grains #23411
• PR #23537: (t0rrant) Update changelog @ 2015-05-11T17:02:16Z
• ab7e1ae Merge pull request #23537 from t0rrant/patch-1
• 8e03cc9 Update changelog
• PR #23538: (cro) Update date in LICENSE file @ 2015-05-11T15:19:25Z
• b79fed3 Merge pull request #23538 from cro/licupdate
• 345efe2 Update date in LICENSE file
• PR #23505: (aneeshusa) Remove unused ssh config validator. Fixes #23159. @ 2015-05-09T13:24:15Z
• ISSUE #23159: (aneeshusa) Unused validator
• a123a36 Merge pull request #23505 from aneeshusa/remove-unused-ssh-config-validator
• 90af167 Remove unused ssh config validator. Fixes #23159.
• PR #23467: (slinu3d) Added AWS v4 signature support @ 2015-05-08T14:36:19Z
• ISSUE #20518: (ekle) module s3.get does not support eu-central-1 | refs: #23467
• ca2c21a Merge pull request #23467 from slinu3d/2014.7
• 0b4081d Fixed pylint error at line 363
• 5be5eb5 Fixed pylink errors
• e64f374 Fixed lint errors
• b9d1ac4 Added AWS v4 signature support
• PR #23444: (techhat) Add create_attach_volume to nova driver @ 2015-05-07T19:51:32Z
• e6f9eec Merge pull request #23444 from techhat/novacreateattach
• ebdb7ea Add create_attach_volume to nova driver
• PR #23460: (s0undt3ch) [2014.7] Update to latest stable bootstrap script v2015.05.07 @
2015-05-07T19:10:54Z
• ISSUE #563: (chutz) pidfile support for minion and master daemons | refs: #23460
• e331463 Merge pull request #23460 from s0undt3ch/hotfix/bootstrap-script-2014.7
• edcd0c4 Update to latest stable bootstrap script v2015.05.07
• PR #23439: (techhat) Add wait_for_passwd_maxtries variable @ 2015-05-07T07:28:56Z
• 7a8ce1a Merge pull request #23439 from techhat/maxtries
• 0ad3ff2 Add wait_for_passwd_maxtries variable
• PR #23422: (cro) $HOME should not be used, some shells don't set it. @ 2015-05-06T21:02:36Z
• 644eb75 Merge pull request #23422 from cro/gce_sh_home
• 4ef9e6b Don't use $HOME to find user's directory, some shells don't set it
• PR #23425: (basepi) [2014.7] Fix typo in FunctionWrapper @ 2015-05-06T20:38:03Z
• ef17ab4 Merge pull request #23425 from basepi/functionwrapper_typo
• c390737 Fix typo in FunctionWrapper
• PR #23385: (rallytime) Backport #23346 to 2014.7 @ 2015-05-06T20:12:29Z
• PR #23346: (ericfode) Allow file_map in salt-cloud to handle folders. | refs: #23385
• 1b13ec0 Merge pull request #23385 from rallytime/bp-23346
• 9efc13c more linting fixes
• cf131c9 cleaned up some pylint errors
• f981699 added logic to sftp_file and file_map to allow folder uploads using file_map
• PR #23414: (jfindlay) 2015.2 -> 2015.5 @ 2015-05-06T20:04:02Z
• f8c7a62 Merge pull request #23414 from jfindlay/update_branch
• 8074d16 2015.2 -> 2015.5
• PR #23404: (hvnsweeting) saltapi cherrypy: initialize var when POST body is empty @
2015-05-06T17:35:56Z
• 54b3bd4 Merge pull request #23404 from hvnsweeting/cherrypy-post-emptybody-fix
• f85f8f9 initialize var when POST body is empty
• PR #23409: (terminalmage) Update Lithium docstrings in 2014.7 branch @ 2015-05-06T16:20:46Z
• 160f703 Merge pull request #23409 from terminalmage/update-lithium-docstrings-2014.7
• bc97d01 Fix sphinx typo
• 20006b0 Update Lithium docstrings in 2014.7 branch
• PR #23397: (jfindlay) add more flexible whitespace to locale_gen search @ 2015-05-06T03:44:11Z
• ISSUE #17245: (tomashavlas) localemod does not generate locale for Arch | refs: #23307 #23397
• aa5fb0a Merge pull request #23397 from jfindlay/fix_locale_gen
• 0941fef add more flexible whitespace to locale_gen search
• PR #23368: (kaithar) Backport #23367 to 2014.7 @ 2015-05-05T21:42:26Z
• PR #23367: (kaithar) Put the sed insert statement back in to the output. | refs: #23368
• PR #18368: (basepi) Merge forward from 2014.7 to develop | refs: #23367 #23368
• 0c76dd4 Merge pull request #23368 from kaithar/bp-23367
• 577f419 Pylint fix
• 8d9acd1 Put the sed insert statement back in to the output.
• PR #23350: (lorengordon) Append/prepend: search for full line @ 2015-05-05T21:42:11Z
• ISSUE #23294: (variia) file.replace fails to append if repl string partially available | refs: #23350
• 3493cc1 Merge pull request #23350 from lorengordon/file.replace_assume_line
• b60e224 Append/prepend: search for full line
• PR #23341: (cachedout) Fix syndic pid and logfile path @ 2015-05-05T21:29:10Z
• ISSUE #23026: (adelcast) Incorrect salt-syndic logfile and pidfile locations | refs: #23341
• 7be5c48 Merge pull request #23341 from cachedout/issue_23026
• e98e65e Fix tests
• 6011b43 Fix syndic pid and logfile path
• PR #23272: (basepi) [2014.7] Allow salt-ssh minion config overrides via master config and roster |
refs: #23347 @ **
• ISSUE #19114: (pykler) salt-ssh and gpg pillar renderer | refs: #23188 #23272 #23347
• PR #23188: (basepi) [2014.7] Work around bug in salt-ssh in config.get for gpg renderer | refs:
#23272
• ea61abf Merge pull request #23272 from basepi/salt-ssh.minion.config.19114
• c223309 Add versionadded
• be7407f Lint
• c2c3375 Missing comma
• 8e3e8e0 Pass the minion_opts through the FunctionWrapper
• cb69cd0 Match the master config template in the master config reference
• 87fc316 Add Salt-SSH section to master config template
• 91dd9dc Add ssh_minion_opts to master config ref
• c273ea1 Add minion config to salt-ssh doc
• a0b6b76 Add minion_opts to roster docs
• 5212c35 Accept minion_opts from the target information
• e2099b6 Process ssh_minion_opts from master config
• 3b64214 Revert "Work around bug in salt-ssh in config.get for gpg renderer"
• 494953a Remove the strip (embracing multi-line YAML dump)
• fe87f0f Dump multi-line yaml into the SHIM
• b751a72 Inject local minion config into shim if available
• PR #23347: (basepi) [2014.7] Salt-SSH Backport FunctionWrapper.__contains__ @ 2015-05-05T14:13:21Z
• ISSUE #19114: (pykler) salt-ssh and gpg pillar renderer | refs: #23188 #23272 #23347
• PR #23272: (basepi) [2014.7] Allow salt-ssh minion config overrides via master config and roster |
refs: #23347
• PR #23188: (basepi) [2014.7] Work around bug in salt-ssh in config.get for gpg renderer | refs:
#23272
• 4f760dd Merge pull request #23347 from basepi/salt-ssh.functionwrapper.contains.19114
• 30595e3 Backport FunctionWrapper.__contains__
• PR #23344: (cachedout) Explicitly set file_client on master @ 2015-05-04T23:21:48Z
• ISSUE #22742: (hvnsweeting) salt-master says: "This master address: 'salt' was previously resolvable
but now fails to resolve!" | refs: #23344
• 02658b1 Merge pull request #23344 from cachedout/issue_22742
• 5adc96c Explicitly set file_client on master
• PR #23318: (cellscape) Honor seed argument in LXC container initializaton @ 2015-05-04T20:58:12Z
• PR #23311: (cellscape) Fix new container initialization in LXC runner | refs: #23318
• ba7605d Merge pull request #23318 from cellscape/honor-seed-argument
• 228b1be Honor seed argument in LXC container initializaton
• PR #23307: (jfindlay) check for /etc/locale.gen @ 2015-05-04T20:56:32Z
• ISSUE #17245: (tomashavlas) localemod does not generate locale for Arch | refs: #23307 #23397
• 4ac4509 Merge pull request #23307 from jfindlay/fix_locale_gen
• 101199a check for /etc/locale.gen
• PR #23324: (s0undt3ch) [2014.7] Update to the latest stable release of the bootstrap script v2015.05.04
@ 2015-05-04T16:28:30Z
• ISSUE #580: (thatch45) recursive watch not being caught | refs: #23324
• ISSUE #552: (jhutchins) Support require and watch under the same state dec | refs: #23324
• PR #589: (epoelke) add --quiet and --outfile options to saltkey | refs: #23324
• PR #567: (bastichelaar) Added upstart module | refs: #23324
• PR #560: (UtahDave) The runas feature that was added in 93423aa2e5e4b7de6452090b0039560d2b13... |
refs: #23324
• PR #504: (SEJeff) File state goodies | refs: #23324
• f790f42 Merge pull request #23324 from s0undt3ch/hotfix/bootstrap-script-2014.7
• 6643e47 Update to the latest stable release of the bootstrap script v2015.05.04
• PR #23329: (cro) Require requests to verify cert when talking to aliyun and proxmox cloud providers @
2015-05-04T16:18:17Z
• 5487367 Merge pull request #23329 from cro/cloud_verify_cert
• 860d4b7 Turn on ssl verify for requests.
• PR #23311: (cellscape) Fix new container initialization in LXC runner | refs: #23318 @
2015-05-04T09:55:29Z
• ea20176 Merge pull request #23311 from cellscape/fix-salt-cloud-lxc-init
• 76fbb34 Fix new container initialization in LXC runner
• PR #23298: (chris-prince) Fixed issue #18880 in 2014.7 branch @ 2015-05-03T15:49:41Z
• ISSUE #18880: (johtso) npm installed breaks when a module is missing
• c399b8f Merge pull request #23298 from chris-prince/2014.7
• 0fa25db Fixed issue #18880 in 2014.7 branch
• PR #23292: (rallytime) Merge #23151 with pylint fixes @ 2015-05-02T03:54:12Z
• ISSUE #23148: (cr1st1p) virt - error handling bogus if machine image location is wrong
• PR #23151: (cr1st1p) Fixes #23148 | refs: #23292
• 16ecefd Merge pull request #23292 from rallytime/merge-23151
• 8ff852a Merge #23151 with pylint fixes
• 8ffa12e Fixes #23148
• PR #23274: (basepi) [2014.7] Reduce salt-ssh debug log verbosity @ 2015-05-01T20:19:23Z
• ce24315 Merge pull request #23274 from basepi/salt-ssh.debug.verbosity
• ecee6c6 Log stdout and stderr to trace
• 08f54d7 Log stdout and stderr to trace as well
• 9b9c30f Reduce salt-ssh debug log verbosity
• PR #23261: (rallytime) Fix tornado websocket event handler registration @ 2015-05-01T18:20:31Z
• ISSUE #22605: (mavenAtHouzz) Tornado websockets event Handlers registration are incorrect | refs:
#23261
• 7b55e43 Merge pull request #23261 from rallytime/fix-22605
• 4950fbf Fix tornado websocket event handler registration
• PR #23258: (teizz) TCP keepalives on the ret side, Revisited. @ 2015-05-01T16:13:49Z
• 83ef7cb Merge pull request #23258 from teizz/ret_keepalive_2014_7_5
• 0b9fb6f The fixes by cachedout which were backported into 2015_2 were missing a single parameter
thus not setting up the TCP keepalive for the ZeroMQ Channel by default.
• PR #23241: (techhat) Move iptables log options after the jump @ 2015-05-01T01:31:59Z
• ISSUE #23224: (twellspring) iptables.append --log parameters must be after --jump LOG | refs: #23241
• 8de3c83 Merge pull request #23241 from techhat/issue23224
• 87f7948 Move iptables log options after the jump
• PR #23228: (rallytime) Backport #23171 to 2014.7 @ 2015-04-30T21:09:45Z
• PR #23171: (skizunov) Bugfix: 'clean_proc_dir' is broken | refs: #23228
• f20210e Merge pull request #23228 from rallytime/bp-23171
• e670e99 Bugfix: 'clean_proc_dir' is broken
• PR #23227: (rallytime) Backport #22808 to 2014.7 @ 2015-04-30T21:09:14Z
• ISSUE #22703: (Xiol) salt-ssh does not work with list matcher | refs: #22808
• PR #22808: (basepi) [2015.2] Add list targeting to salt-ssh flat roster | refs: #23227
• 721cc28 Merge pull request #23227 from rallytime/bp-22808
• d208a00 Dict, not list
• a3f529e It's already been converted to a list
• dd57f2d Add list targeting to salt-ssh flat roster
• PR #22823: (hvnsweeting) 22822 file directory clean @ 2015-04-30T15:25:51Z
• 82c22af Merge pull request #22823 from hvnsweeting/22822-file-directory-clean
• c749c27 fix lint - remove unnecessary parenthesis
• cb3dfee refactor
• 8924b5a refactor: use relpath instead of do it manually
• d3060a5 refactor
• 5759a0e bugfix: fix file.directory clean=True when it require parent dir
• PR #22977: (bersace) Fix fileserver backends __opts__ overwritten by _pillar @ 2015-04-30T15:24:56Z
• ISSUE #22941: (bersace) _pillar func breaks fileserver globals | refs: #22977 #22942
• PR #22942: (bersace) Fix fileserver backends global overwritten by _pillar | refs: #22977
• f6c0728 Merge pull request #22977 from bersace/fix-fileserver-backends-pillar-side-effect
• 5f451f6 Fix fileserver backends __opts__ overwritten by _pillar
• PR #23180: (jfindlay) fix typos from 36841bdd in masterapi.py @ 2015-04-30T15:22:41Z
• ISSUE #23166: (claudiupopescu) "Error in function _minion_event" resulting in modules not loaded |
refs: #23180
• 34206f7 Merge pull request #23180 from jfindlay/remote_event
• 72066e1 fix typos from 36841bdd in masterapi.py
• PR #23176: (jfindlay) copy standard cmd.run* kwargs into cmd.run_chroot @ 2015-04-30T15:22:12Z
• ISSUE #23153: (cr1st1p) cmdmod : run_chroot - broken in 2014.7.5 - missing kwargs | refs: #23176
• b6b8216 Merge pull request #23176 from jfindlay/run_chroot
• 7dc3417 copy standard cmd.run* kwargs into cmd.run_chroot
• PR #23193: (joejulian) supervisord.mod_watch should accept sfun @ 2015-04-30T04:34:21Z
• ISSUE #23192: (joejulian) supervisord mod_watch does not accept sfun | refs: #23193
• effacbe Merge pull request #23193 from joejulian/2014.7_supervisord_accept_sfun
• efb59f9 supervisord.mod_watch should accept sfun
• PR #23188: (basepi) [2014.7] Work around bug in salt-ssh in config.get for gpg renderer | refs: #23272
@ 2015-04-30T04:34:10Z
• ISSUE #19114: (pykler) salt-ssh and gpg pillar renderer | refs: #23188 #23272 #23347
• 72fe88e Merge pull request #23188 from basepi/salt-ssh.function.wrapper.gpg.19114
• d73979e Work around bug in salt-ssh in config.get for gpg renderer
• PR #23154: (cachedout) Re-establish channel on interruption in fileclient @ 2015-04-29T16:18:59Z
• ISSUE #21480: (msciciel) TypeError: string indices must be integers, not str | refs: #23154
• 168508e Merge pull request #23154 from cachedout/refresh_channel
• 9f8dd80 Re-establish channel on interruption in fileclient
• PR #23146: (rallytime) Backport #20779 to 2014.7 @ 2015-04-28T20:45:06Z
• ISSUE #20647: (ryan-lane) file.serialize fails to serialize due to ordered dicts | refs: #20779
• PR #20779: (cachedout) Use declared yaml options | refs: #23146
• 3b53e04 Merge pull request #23146 from rallytime/bp-20779
• ffd1849 compare OrderedDicts in serializer unit test
• a221706 Just change serialize
• a111798 Use declared yaml options
• PR #23145: (rallytime) Backport #23089 to 2014.7 @ 2015-04-28T20:44:56Z
• PR #23089: (cachedout) Stringify version number before lstrip | refs: #23145
• 8bb4664 Merge pull request #23145 from rallytime/bp-23089
• 93c41af Stringify version number before lstrip
• PR #23144: (rallytime) Backport #23124 to 2014.7 @ 2015-04-28T20:44:46Z
• ISSUE #16188: (drawks) salt.modules.parted has various functions with bogus input validation. |
refs: #23124
• PR #23124: (ether42) fix parsing the output of parted in parted.list_() | refs: #23144
• c85d36f Merge pull request #23144 from rallytime/bp-23124-2014-7
• 6b64da7 fix parsing the output of parted
• PR #23120: (terminalmage) Don't run os.path.relpath() if repo doesn't have a "root" param set @
2015-04-28T15:46:54Z
• a27b158 Merge pull request #23120 from terminalmage/fix-gitfs-relpath
• 1860fff Don't run os.path.relpath() if repo doesn't have a "root" param set
• PR #23132: (clinta) Backport b27c176 @ 2015-04-28T15:00:30Z
• fcba607 Merge pull request #23132 from clinta/patch-2
• a824d72 Backport b27c176
• PR #23114: (rallytime) Adjust ZeroMQ 4 docs to reflect changes to Ubuntu 12 packages @
2015-04-28T03:59:24Z
• ISSUE #18476: (Auha) Upgrading salt on my master caused dependency issues | refs: #23114 #18610
• PR #18610: (rallytime) Make ZMQ 4 installation docs for ubuntu more clear | refs: #23114
• b0f4b28 Merge pull request #23114 from rallytime/remove_ubuntu_zmq4_docs
• f6cc7c8 Adjust ZeroMQ 4 docs to reflect changes to Ubuntu 12 packages
• PR #23108: (rallytime) Backport #23097 to 2014.7 @ 2015-04-28T03:58:05Z
• ISSUE #23085: (xenophonf) Use "s3fs" (not "s3") in fileserver_roots | refs: #23097
• PR #23097: (rallytime) Change s3 to s3fs in fileserver_roots docs example | refs: #23108
• 399857f Merge pull request #23108 from rallytime/bp-23097
• fa88984 Change s3 to s3fs in fileserver_roots docs example
• PR #23112: (basepi) [2014.7] Backport #22199 to fix mysql returner save_load errors @
2015-04-28T03:55:44Z
• ISSUE #22171: (basepi) We should only call returner.save_load once per jid | refs: #22199
• PR #22199: (basepi) [2015.2] Put a bandaid on the save_load duplicate issue (mysql returner) | refs:
#23112
• 5541537 Merge pull request #23112 from basepi/mysql_returner_save_load
• 0127012 Put a bandaid on the save_load duplicate issue
• PR #23113: (rallytime) Revert "Backport #22895 to 2014.7" @ 2015-04-28T03:27:29Z
• PR #22925: (rallytime) Backport #22895 to 2014.7 | refs: #23113
• PR #22895: (aletourneau) pam_tally counter was not reset to 0 after a successful login | refs: #22925
• dfe2066 Merge pull request #23113 from saltstack/revert-22925-bp-22895
• b957ea8 Revert "Backport #22895 to 2014.7"
• PR #23094: (terminalmage) pygit2: disable cleaning of stale refs for authenticated remotes @
2015-04-27T20:51:28Z
• ISSUE #23013: (markusr815) gitfs regression with authenticated repos | refs: #23094
• 21515f3 Merge pull request #23094 from terminalmage/issue23013
• aaf7b04 pygit2: disable cleaning of stale refs for authenticated remotes
• PR #23048: (jfindlay) py-2.6 compat for utils/boto.py ElementTree exception @ 2015-04-25T16:56:45Z
• d45aa21 Merge pull request #23048 from jfindlay/ET_error
• 64c42cc py-2.6 compat for utils/boto.py ElementTree exception
• PR #23025: (jfindlay) catch exceptions on bad system locales/encodings @ 2015-04-25T16:56:30Z
• ISSUE #22981: (syphernl) Locale state throwing traceback when generating not (yet) existing locale |
refs: #23025
• d25a5c1 Merge pull request #23025 from jfindlay/fix_sys_locale
• 9c4d62b catch exceptions on bad system locales/encodings
• PR #22932: (hvnsweeting) bugfix: also manipulate dir_mode when source not defined @
2015-04-25T16:54:58Z
• 5e44b59 Merge pull request #22932 from hvnsweeting/file-append-bugfix
• 3f368de do not use assert in execution module
• 9d4fd4a bugfix: also manipulate dir_mode when source not defined
• PR #23055: (jfindlay) prevent ps module errors on accessing dead procs @ 2015-04-24T22:39:49Z
• ISSUE #23021: (ether42) ps.pgrep raises NoSuchProcess | refs: #23055
• c2416a4 Merge pull request #23055 from jfindlay/fix_ps
• c2dc7ad prevent ps module errors on accessing dead procs
• PR #23031: (jfindlay) convert exception e.message to just e @ 2015-04-24T18:38:13Z
• bfd9158 Merge pull request #23031 from jfindlay/exception
• 856bad1 convert exception e.message to just e
• PR #23015: (hvnsweeting) if status of service is stop, there is not an error with it @
2015-04-24T14:35:10Z
• 7747f33 Merge pull request #23015 from hvnsweeting/set-non-error-lvl-for-service-status-log
• 92ea163 if status of service is stop, there is not an error with it
• PR #23000: (jfindlay) set systemd service killMode to process for minion @ 2015-04-24T03:42:39Z
• ISSUE #22993: (jetpak) salt-minion restart causes all spawned daemons to die on centos7 (systemd) |
refs: #23000
• 2e09789 Merge pull request #23000 from jfindlay/systemd_kill
• 3d575e2 set systemd service killMode to process for minion
• PR #22999: (jtand) Added retry_dns to minion doc. @ 2015-04-24T03:30:24Z
• ISSUE #22707: (arthurlogilab) retry_dns of master configuration is missing from the documentation |
refs: #22999
• b5c059a Merge pull request #22999 from jtand/fix_22707
• 8486e17 Added retry_dns to minion doc.
• PR #22990: (techhat) Use the proper cloud conf variable @ 2015-04-23T17:48:07Z
• 27dc877 Merge pull request #22990 from techhat/2014.7
• d33bcbc Use the proper cloud conf variable
• PR #22976: (multani) Improve state_output documentation @ 2015-04-23T12:24:22Z
• 13dff65 Merge pull request #22976 from multani/fix/state-output-doc
• 19efd41 Improve state_output documentation
• PR #22955: (terminalmage) Fix regression introduced yesterday in dockerio module @ 2015-04-22T18:56:39Z
• 89fa185 Merge pull request #22955 from terminalmage/dockerio-run-fix
• b4472ad Fix regression introduced yesterday in dockerio module
• PR #22954: (rallytime) Backport #22909 to 2014.7 @ 2015-04-22T18:56:20Z
• PR #22909: (mguegan) Fix compatibility with pkgin > 0.7 | refs: #22954
• 46ef227 Merge pull request #22954 from rallytime/bp-22909
• 70c1cd3 Fix compatibility with pkgin > 0.7
• PR #22856: (jfindlay) increase timeout and decrease tries for route53 records @ 2015-04-22T16:47:01Z
• ISSUE #18720: (Reiner030) timeouts when setting Route53 records | refs: #22856
• c9ae593 Merge pull request #22856 from jfindlay/route53_timeout
• ba4a786 add route53 record sync wait, default=False
• ea2fd50 increase timeout and tries for route53 records
• PR #22946: (s0undt3ch) Test with a more recent pip version to avoid a traceback @ 2015-04-22T16:25:17Z
• a178d44 Merge pull request #22946 from s0undt3ch/2014.7
• bc87749 Test with a more recent pip version to avoid a traceback
• PR #22945: (garethgreenaway) Fixes to scheduler @ 2015-04-22T16:25:00Z
• ISSUE #22571: (BoomerB) same error message as on issue #18504 | refs: #22945
• de339be Merge pull request #22945 from
garethgreenaway/22571_2014_7_schedule_pillar_refresh_seconds_exceptions
• bfa6d25 Fixing a reported issue when using a scheduled job from pillar with splay. _seconds element
that acted as a backup of the actual seconds was being removed when pillar was refreshed and causing
exceptions. This fix moves some splay related code out of the if else condition so it's checked
whether the job is in the job queue or not.
• PR #22887: (hvnsweeting) fix #18843 @ 2015-04-22T15:47:05Z
• ISSUE #18843: (calvinhp) State user.present will fail to create home if user exists and homedir
doesn't
• 12d2b91 Merge pull request #22887 from hvnsweeting/18843-fix-user-present-home
• 7fe7b08 run user.chhome once to avoid any side-effect when run it twice
• 19de995 clarify the usage of home arg
• d6dc09a enhance doc, as usermod on ubuntu 12.04 will not CREATE home
• 0ce4d7f refactor: force to use boolean
• 849d19e log debug the creating dir process
• c4e95b9 fix #18843: usermod won't create a dir if old home does not exist
• PR #22930: (jfindlay) localemod.gen_locale now always returns a boolean @ 2015-04-22T15:37:39Z
• ISSUE #21140: (holms) locale.present state executed successfully, although originally fails | refs:
#22930 #22829
• ISSUE #2417: (ffa) Module standards | refs: #22829
• PR #22829: (F30) Always return a boolean in gen_locale() | refs: #22930
• b7de7bd Merge pull request #22930 from jfindlay/localegen_bool
• 399399f localemod.gen_locale now always returns a boolean
• PR #22933: (hvnsweeting) add test for #18843 @ 2015-04-22T15:27:18Z
• ISSUE #18843: (calvinhp) State user.present will fail to create home if user exists and homedir
doesn't
• 11bcf14 Merge pull request #22933 from hvnsweeting/18843-test
• b13db32 add test for #18843
• PR #22925: (rallytime) Backport #22895 to 2014.7 | refs: #23113 @ 2015-04-22T02:30:26Z
• PR #22895: (aletourneau) pam_tally counter was not reset to 0 after a successful login | refs: #22925
• 6890752 Merge pull request #22925 from rallytime/bp-22895
• 3852d96 Pylint fix
• 90f7829 Fixed pylint issues
• 5ebf159 Cleaned up pull request
• a08ac47 pam_tally counter was not reset to 0 after a successful login
• PR #22914: (cachedout) Call proper returner function in jobs.list_jobs @ 2015-04-22T00:49:01Z
• ISSUE #22790: (whiteinge) jobs.list_jobs runner tracebacks on 'missing' argument | refs: #22914
• eca37eb Merge pull request #22914 from cachedout/issue_22790
• d828d6f Call proper returner function in jobs.list_jobs
• PR #22918: (JaseFace) Add a note to the git_pillar docs stating that GitPython is the only currently
supported provider @ 2015-04-22T00:48:26Z
• 44f3409 Merge pull request #22918 from JaseFace/git-pillar-provider-doc-note
• 0aee5c2 Add a note to the git_pillar docs stating that GitPython is the only currently supported
provider
• PR #22907: (techhat) Properly merge cloud configs to create profiles @ 2015-04-21T22:02:44Z
• 31c461f Merge pull request #22907 from techhat/cloudconfig
• 3bf4e66 Properly merge cloud configs to create profiles
• PR #22894: (0xf10e) Fix issue #22782 @ 2015-04-21T18:55:18Z
• f093975 Merge pull request #22894 from 0xf10e/2014.7
• 58fa24c Clarify doc on kwarg 'roles' for user_present().
• f0ae2eb Improve readability by renaming tenant_role
• PR #22902: (rallytime) Change state example to use proper kwarg @ 2015-04-21T18:50:47Z
• ISSUE #12003: (MarkusMuellerAU) [state.dockerio] docker.run TypeError: run() argument after ** must
be a mapping, not str | refs: #22902
• c802ba7 Merge pull request #22902 from rallytime/docker_doc_fix
• 8f70346 Change state example to use proper kwarg
• PR #22898: (terminalmage) dockerio: better error message for native exec driver @ 2015-04-21T18:02:58Z
• 81771a7 Merge pull request #22898 from terminalmage/issue12003
• c375309 dockerio: better error message for native exec driver
• PR #22897: (rallytime) Add param documentation for file.replace state @ 2015-04-21T17:31:04Z
• ISSUE #22825: (paolodina) Issue using file.replace in state file | refs: #22897
• e2ec4ec Merge pull request #22897 from rallytime/fix-22825
• 9c51630 Add param documentation for file.replace state
• PR #22850: (bersace) Fix pillar and salt fileserver mixed @ 2015-04-21T17:04:33Z
• ISSUE #22844: (bersace) LocalClient file cache confuse pillar and state files | refs: #22850
• fd53889 Merge pull request #22850 from bersace/fix-pillar-salt-mixed
• 31b98e7 Initialize state file client after pillar loading
• f6bebb7 Use saltenv
• PR #22818: (twangboy) Added documentation regarding pip in windows @ 2015-04-21T03:58:59Z
• 1380fec Merge pull request #22818 from twangboy/upd_pip_docs
• cb999c7 Update pip.py
• 3cc5c97 Added documentation regarding pip in windows
• PR #22872: (rallytime) Prevent stacktrace on os.path.exists in hosts module @ 2015-04-21T02:54:40Z
• b2bf17f Merge pull request #22872 from rallytime/fix_hosts_stacktrace
• c88a1ea Prevent stacktrace on os.path.exists in hosts module
• PR #22853: (s0undt3ch) Don't assume package installation order. @ 2015-04-21T02:42:41Z
• 03af523 Merge pull request #22853 from s0undt3ch/2014.7
• b62df62 Don't assume package installation order.
• PR #22877: (s0undt3ch) Don't fail on make clean just because the directory does not exist @
2015-04-21T02:40:47Z
• 9211e36 Merge pull request #22877 from s0undt3ch/hotfix/clean-docs-fix
• 95d6887 Don't fail on make clean just because the directory does not exist
• PR #22873: (thatch45) Type check the version since it will often be numeric @ 2015-04-21T02:38:11Z
• 5bdbd08 Merge pull request #22873 from thatch45/type_check
• 53b8376 Type check the version since it will often be numeric
• PR #22870: (twangboy) Added ability to send a version with a space in it @ 2015-04-20T23:18:28Z
• c965b0a Merge pull request #22870 from twangboy/fix_installer_again
• 3f180cf Added ability to send a version with a space in it
• PR #22863: (rallytime) Backport #20974 to 2014.7 @ 2015-04-20T19:29:37Z
• PR #20974: (JohannesEbke) Fix expr_match usage in salt.utils.check_whitelist_blacklist | refs: #22863
• 2973eb1 Merge pull request #22863 from rallytime/bp-20974
• 14913a4 Fix expr_match usage in salt.utils.check_whitelist_blacklist
• PR #22578: (hvnsweeting) gracefully handle when salt-minion cannot decrypt key @ 2015-04-20T15:24:45Z
• c45b92b Merge pull request #22578 from hvnsweeting/2014-7-fix-compile-pillar
• f75b24a gracefully handle when salt-minion cannot decrypt key
• PR #22800: (terminalmage) Improve error logging for pygit2 SSH-based remotes @ 2015-04-18T17:18:55Z
• ISSUE #21979: (yrdevops) gitfs: error message not descriptive enough when libgit2 was compiled
without libssh2 | refs: #22800
• 900c7a5 Merge pull request #22800 from terminalmage/issue21979
• 8f1c008 Clarify that for pygit2, receiving 0 objects means repo is up-to-date
• 98885f7 Add information about libssh2 requirement for pygit2 ssh auth
• 09468d2 Fix incorrect log message
• 2093bf8 Adjust loglevels for gitfs errors
• 9d394df Improve error logging for pygit2 SSH-based remotes
• PR #22813: (twangboy) Updated instructions for building salt @ 2015-04-18T04:10:07Z
• e99f2fd Merge pull request #22813 from twangboy/win_doc_fix
• adc421a Fixed some formatting issues
• 8901b3b Updated instructions for building salt
• PR #22810: (basepi) [2014.7] More msgpack gating for salt-ssh @ 2015-04-17T22:28:24Z
• ISSUE #22708: (Bilge) salt-ssh file.accumulated error: NameError: global name 'msgpack' is not
defined | refs: #22810
• fe1de89 Merge pull request #22810 from basepi/salt-ssh.more.msgpack.gating
• d4da8e6 Gate msgpack in salt/modules/saltutil.py
• 02303b2 Gate msgpack in salt/modules/data.py
• d7e8741 Gate salt.states.file.py msgpack
• PR #22803: (rallytime) Allow map file to work with softlayer @ 2015-04-17T20:34:42Z
• ISSUE #17144: (xpender) salt-cloud -m fails with softlayer | refs: #22803
• 11df71e Merge pull request #22803 from rallytime/fix-17144
• ce88b6a Allow map file to work with softlayer
• PR #22807: (rallytime) Add 2014.7.5 links to windows installation docs @ 2015-04-17T20:32:13Z
• cd43a95 Merge pull request #22807 from rallytime/windows_docs_update
• 5931a58 Replace all 4s with 5s
• eadaead Add 2014.7.5 links to windows installation docs
• PR #22795: (rallytime) Added release note for 2014.7.5 release @ 2015-04-17T18:05:36Z
• 0b295e2 Merge pull request #22795 from rallytime/release_notes
• fde1fee Remove extra line
• b19b95d Added release note for 2014.7.5 release
• PR #22759: (twangboy) Final edits to the batch files for running salt @ 2015-04-17T04:31:15Z
• ISSUE #22740: (lorengordon) New Windows installer assumes salt is installed to the current directory
| refs: #22759
• PR #22754: (twangboy) Removed redundant \ and " | refs: #22759
• 3c91459 Merge pull request #22759 from twangboy/fix_bat_one_last_time
• 075f82e Final edits to the batch files for running salt
• PR #22760: (thatch45) Fix issues with the syndic @ 2015-04-17T04:30:48Z
• 20d3f2b Merge pull request #22760 from thatch45/syndic_fix
• e2db624 Fix issues with the syndic not resolving the master when the interface is set
• PR #22762: (twangboy) Fixed version not showing in Add/Remove Programs @ 2015-04-17T04:29:46Z
• 54c4584 Merge pull request #22762 from twangboy/fix_installer
• 4d25af8 Fixed version not showing in Add/Remove Programs
Salt 2014.7.8 Release Notes
Changes for v2014.7.7..v2014.7.8
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-03-11T21:18:48Z
Statistics:
• Total Merges: 7
• Total Issue references: 3
• Total PR references: 10
Changes:
• PR #28839: (cachedout) Revert #28740 @ 2015-11-12T22:54:28Z
• PR #28740: (MasterNayru) Add missing S3 module import | refs: #28777
• 4b8bdd0 Merge pull request #28839 from cachedout/revert_28740
• 215b26c Revert #28740
• PR #28777: (rallytime) Back-port #28740 to 2014.7 @ 2015-11-11T18:00:00Z
• PR #28740: (MasterNayru) Add missing S3 module import | refs: #28777
• 76e69b4 Merge pull request #28777 from rallytime/bp-28740-2014.7
• da5fac2 Back-port #28740 to 2014.7
• PR #28716: (rallytime) Back-port #28705 to 2014.7 @ 2015-11-10T16:15:03Z
• PR #28705: (cachedout) Account for new headers class in tornado 4.3 | refs: #28716
• 45c73eb Merge pull request #28716 from rallytime/bp-28705
• 32e7bd3 Account for new headers class in tornado 4.3
• PR #28717: (cachedout) Add note about recommended umask @ 2015-11-09T23:26:20Z
• ISSUE #28199: (felskrone) Non-standard umasks might break the master | refs: #28717
• f4fe921 Merge pull request #28717 from cachedout/umask_note
• 1874300 Add note about recommended umask
• PR #28461: (cachedout) Wrap all cache calls in state.sls in correct umask @ 2015-11-02T17:11:02Z
• ISSUE #28455: (zmalone) highstate.cache is world readable, and contains secrets | refs: #28461
• 4bf56ca Merge pull request #28461 from cachedout/issue_28455
• 097838e Wrap all cache calls in state.sls in correct umask
• PR #28407: (DmitryKuzmenko) Don't request creds if auth with key. @ 2015-10-29T16:12:30Z
• ISSUE #24910: (bocig) -T, --make-token flag does NOT work- LDAP Groups | refs: #28407
• f3e61db Merge pull request #28407 from DSRCompany/issues/24910_token_auth_fix_2014
• b7b5bec Don't request creds if auth with key.
• PR #27390: (JaseFace) Ensure we pass on the enable setting if present, or use the default of True if
not in build_schedule_item() @ 2015-10-05T18:09:33Z
• d284eb1 Merge pull request #27390 from JaseFace/schedule-missing-enabled
• 563db71 Ensure we pass on the enable setting if present, or use the default of True if not in
build_schedule_item() Prior to this, when schedule.present compares the existing schedule to the one
crafted by this function, enabled will actually be removed at each run. schedule.present sees a
modification needs to be made, and invokes schedule.modify, which does so with enabled: True,
creating and endless loop of an 'enabled' removal and addition.
Salt 2014.7.9 Release Notes
Changes for v2014.7.8..v2014.7.9
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-03-11T20:58:58Z
Statistics:
• Total Merges: 3
• Total Issue references: 1
• Total PR references: 3
Changes:
• PR #31826: (gtmanfred) Remove ability of authenticating user to specify pam service @
2016-03-11T20:41:01Z
• c5e7c03 Merge pull request #31826 from gtmanfred/2014.7
• d73f70e Remove ability of authenticating user to specify pam service
• PR #29392: (jacobhammons) updated version number to not reference a specific build from the lat… @
2015-12-03T15:54:31Z
• 85aa70a Merge pull request #29392 from jacobhammons/2014.7
• d7f0db1 updated version number to not reference a specific build from the latest branch
• PR #29296: (douardda) Use process KillMode on Debian systems also @ 2015-12-01T16:00:16Z
• ISSUE #29295: (douardda) systemd's service file should use the 'process' KillMode option on Debian
also | refs: #29296
• d2fb210 Merge pull request #29296 from douardda/patch-3
• d288539 Use process KillMode on Debian systems also
Salt 2014.1.0 Release Notes - Codename Hydrogen
NOTE:
Due to a change in master to minion communication, 2014.1.0 minions are not compatible with
older-version masters. Please upgrade masters first. More info on backwards-compatibility policy
here, under the "Upgrading Salt" subheading.
NOTE:
A change in the grammar in the state compiler makes module.run in requisites illegal syntax. Its use
is replaced simply with the word module. In other words you will need to change requisites like this:
require:
module.run: some_module_name
to:
require:
module: some_module_name
This is a breaking change. We apologize for the inconvenience, we needed to do this to remove some
ambiguity in parsing requisites.
release
2014-02-24
The 2014.1.0 release of Salt is a major release which not only increases stability but also brings new
capabilities in virtualization, cloud integration, and more. This release brings a great focus on the
expansion of testing making roughly double the coverage in the Salt tests, and comes with many new
features.
2014.1.0 is the first release to follow the new date-based release naming system. See the version numbers
page for more details.
Major Features
Salt Cloud Merged into Salt
Salt Cloud is a tool for provisioning salted minions across various cloud providers. Prior to this
release, Salt Cloud was a separate project but this marks its full integration with the Salt
distribution. A Getting Started guide and additional documentation for Salt Cloud can be found here:
Google Compute Engine
Alongside Salt Cloud comes new support for the Google Compute Engine. Salt Stack can now deploy and
control GCE virtual machines and the application stacks that they run.
For more information on Salt Stack and GCE, please see this blog post.
Documentation for Salt and GCE can be found here.
Salt Virt
Salt Virt is a cloud controller that supports virtual machine deployment, inspection, migration, and
integration with many aspects of Salt.
Salt Virt has undergone a major overhaul with this release and now supports many more features and
includes a number of critical improvements.
Docker Integration
Salt now ships with states and an execution module to manage Docker containers.
Substantial Testing Expansion
Salt continues to increase its unit/regression test coverage. This release includes over 300 new tests.
BSD Package Management
BSD package management has been entirely rewritten. FreeBSD 9 and older now default to using pkg_add,
while FreeBSD 10 and newer will use pkgng. FreeBSD 9 can be forced to use pkgng, however, by specifying
the following option in the minion config file:
providers:
pkg: pkgng
In addition, support for installing software from the ports tree has been added. See the documentation
for the ports state and execution module for more information.
Network Management for Debian/Ubuntu
Initial support for management of network interfaces on Debian-based distros has been added. See the
documentation for the network state and the debian_ip for more information.
IPv6 Support for iptables State/Module
The iptables state and module now have IPv6 support. A new parameter family has been added to the states
and execution functions, to distinguish between IPv4 and IPv6. The default value for this parameter is
ipv4, specifying ipv6 will use ip6tables to manage firewall rules.
GitFS Improvements
Several performance improvements have been made to the Git fileserver backend. Additionally, file states
can now use any SHA1 commit hash as a fileserver environment:
/etc/httpd/httpd.conf:
file.managed:
- source: salt://webserver/files/httpd.conf
- saltenv: 45af879
This applies to the functions in the cp module as well:
salt '*' cp.get_file salt://readme.txt /tmp/readme.txt saltenv=45af879
MinionFS
This new fileserver backend allows files which have been pushed from the minion to the master (using
cp.push) to be served up from the salt fileserver. The path for these files takes the following format:
salt://minion-id/path/to/file
minion-id is the id of the "source" minion, the one from which the files were pushed to the master.
/path/to/file is the full path of the file.
The MinionFS Walkthrough contains a more thorough example of how to use this backend.
saltenv
To distinguish between fileserver environments and execution functions which deal with environment
variables, fileserver environments are now specified using the saltenv parameter. env will continue to
work, but is deprecated and will be removed in a future release.
Grains Caching
A caching layer has been added to the Grains system, which can help speed up minion startup. Disabled by
default, it can be enabled by setting the minion config option grains_cache:
grains_cache: True
# Seconds before grains cache is considered to be stale.
grains_cache_expiration: 300
If set to True, the grains loader will read from/write to a msgpack-serialized file containing the grains
data.
Additional command-line parameters have been added to salt-call, mainly for testing purposes:
• --skip-grains will completely bypass the grains loader when salt-call is invoked.
• --refresh-grains-cache will force the grains loader to bypass the grains cache and refresh the grains,
writing a new grains cache file.
Improved Command Logging Control
When using the cmd module, either on the CLI or when developing Salt execution modules, a new keyword
argument output_loglevel allows for greater control over how (or even if) the command and its output are
logged. For example:
salt '*' cmd.run 'tail /var/log/messages' output_loglevel=debug
The package management modules (apt, yumpkg, etc.) have been updated to log the copious output generated
from these commands at loglevel debug.
NOTE:
To keep a command from being logged, output_loglevel=quiet can be used.
Prior to this release, this could be done using quiet=True. This argument is still supported, but will
be removed in a future Salt release.
PagerDuty Support
Initial support for firing events via PagerDuty has been added. See the documentation for the pagerduty
module.
Virtual Terminal
Sometimes the subprocess module is not good enough, and, in fact, not even askpass is. This virtual
terminal is still in it's infant childhood, needs quite some love, and was originally created to replace
askpass, but, while developing it, it immediately proved that it could do so much more. It's currently
used by salt-cloud when bootstrapping salt on clouds which require the use of a password.
Proxy Minions
Initial basic support for Proxy Minions is in this release. Documentation can be found here.
Proxy minions are a developing feature in Salt that enables control of devices that cannot run a minion.
Examples include network gear like switches and routers that run a proprietary OS but offer an API, or
"dumb" devices that just don't have the horsepower or ability to handle a Python VM.
Proxy minions can be difficult to write, so a simple REST-based example proxy is included. A Python
bottle-based webserver can be found at https://github.com/cro/salt-proxy-rest as an endpoint for this
proxy.
This is an ALPHA-quality feature. There are a number of issues with it currently, mostly centering around
process control, logging, and inability to work in a masterless configuration.
Additional Bugfixes (Release Candidate Period)
Below are many of the fixes that were implemented in salt during the release candidate phase.
• Fix mount.mounted leaving conflicting entries in fstab (issue 7079)
• Fix mysql returner serialization to use json (issue 9590)
• Fix ZMQError: Operation cannot be accomplished in current state errors (issue 6306)
• Rbenv and ruby improvements
• Fix quoting issues with mysql port (issue 9568)
• Update mount module/state to support multiple swap partitions (issue 9520)
• Fix archive state to work with bsdtar
• Clarify logs for minion ID caching
• Add numeric revision support to git state (issue 9718)
• Update master_uri with master_ip (issue 9694)
• Add comment to Debian mod_repo (issue 9923)
• Fix potential undefined loop variable in rabbitmq state (issue 8703)
• Fix for salt-virt runner to delete key on VM deletion
• Fix for salt-run -d to limit results to specific runner or function (issue 9975)
• Add tracebacks to jinja renderer when applicable (issue 10010)
• Fix parsing in monit module (issue 10041)
• Fix highstate output from syndic minions (issue 9732)
• Quiet logging when dealing with passwords/hashes (issue 10000)
• Fix for multiple remotes in git_pillar (issue 9932)
• Fix npm installed command (issue 10109)
• Add safeguards for utf8 errors in zcbuildout module
• Fix compound commands (issue 9746)
• Add systemd notification when master is started
• Many doc improvements
Salt 2014.1.1 Release Notes
release
2014-03-18
Version 2014.1.1 is a bugfix release for 2014.1.0. The changes include:
• Various doc fixes, including up-to-date Salt Cloud installation documentation.
• Renamed state.sls runner to state.orchestrate, to reduce confusion with the state.sls execution
function
• Fix various bugs in the dig module (issue 10367)
• Add retry for query on certain EC2 status codes (issue 10154)
• Fix various bugs in mongodb_user state module (issue 10430)
• Fix permissions on ~/.salt_token (issue 10422)
• Add PyObjects support
• Fix launchctl module crash with missing files
• Fix saltutil.find_job for Windows (issue 10581)
• Fix OS detection for OpenSolaris (issue 10601)
• Fix broken salt-ssh key_deploy
• Add support for multiline cron comments (issue 10721)
• Fix timezone module for Arch (issue 10789)
• Fix symlink support for file.recurse (issue 10809)
• Fix multi-master bugs (issue 10732 and issue 10969)
• Fix file.patch to error when source file is unavailable (issue 10380)
• Fix pkg to handle packages set as purge in pkg.installed (issue 10719)
• Add zmqversion grain
• Fix highstate summary for masterless minions (issue 10945)
• Fix saltutil.find_job for 2014.1 masters talking to 0.17 minions (issue 11020)
• Fix file.recurse states with trailing slashes in source (issue 11002)
• Fix pkg states to allow pkgname.x86_64 (issue 7306)
• Make iptables states set a default table for flush (issue 11037)
• Added iptables --reject-with after final iptables call in iptables states (issue:10757)
• Fix improper passing of “family” in iptables states (issue 10774)
• Fix traceback in iptables.insert states (issue 10988)
• Fix zombie processes (issue 10867 and others)
• Fix batch mode to obey --return settings (issue 9146)
• Fix localclient issue that was causing batch mode breakage (issue 11094, issue 10470, and others)
• Multiple salt-ssh fixes
• FreeBSD: look in /usr/local/etc/salt for configuration by default, if installed using pip --editable.
• Add a skip_suggestions parameter to pkg.installed states which allows pre-flight check to be skipped (‐
issue 11106)
• Fixed tag-based gitfs fileserver environments regression (issue 10956)
• Yum: fix cache of available pkgs not cleared when repos are changed (issue 11001)
• Yum: fix for plugin-provided repositories (i.e. RHN/Spacewalk) (issue 11145)
• Fix regression in chocolatey.bootstrap (issue 10541)
• Fix fail on unknown target in jobs runner (issue 11151)
• Don’t log errors for commands which are expected to sometimes exit with non-zero exit status (issue
11154, issue 11090)
• Fix test=True CLI override of config option (issue 10877)
• Log sysctl key listing at loglevel TRACE (issue 10931)
Salt 2014.1.10 Release Notes
release
2014-08-01
NOTE:
Version 2014.1.9 contained a regression which caused inaccurate Salt version detection, and thus was
never packaged for general release. This version contains the version detection fix, but is otherwise
identical to 2014.1.9.
Version 2014.1.10 is another bugfix release for 2014.1.0. Changes include:
• Ensure salt-ssh will not continue if permissions on a temporary directory are not correct.
• Use the bootstrap script distributed with Salt instead of relying on an external resource
• Remove unused testing code
• Ensure salt states are placed into the .salt directory in salt-ssh
• Use a randomized path for temporary files in a salt-cloud deployment
• Clean any stale directories to ensure a fresh copy of salt-ssh during a deployment
Salt 2014.1.10 fixes security issues documented by CVE-2014-3563: "Insecure tmp-file creation in seed.py,
salt-ssh, and salt-cloud." Upgrading is recommended.
Salt 2014.1.11 Release Notes
release
2014-08-29
Version 2014.1.11 is another bugfix release for 2014.1.0. Changes include:
• Fix for minion_id with byte-order mark (BOM) (issue 12296)
• Fix runas deprecation in at module
• Fix trailing slash befhavior for file.makedirs_ (issue 14019)
• Fix chocolatey path (issue 13870)
• Fix git_pillar infinite loop issues (issue 14671)
• Fix json outputter null case
• Fix for minion error if one of multiple masters are down (issue 14099)
Salt 2014.1.12 Release Notes
release
2014-10-08
Version 2014.1.12 is another bugfix release for 2014.1.0. Changes include:
• Fix scp_file always failing (which broke salt-cloud) (issue 16437)
• Fix regression in pillar in masterless (issue 16210, issue 16416, issue 16428)
Salt 2014.1.13 Release Notes
release
2014-10-14
Version 2014.1.13 is another bugfix release for 2014.1.0. Changes include:
• Fix sftp_file by checking the exit status code of scp (which broke salt-cloud) (issue 16599)
Salt 2014.1.2 Release Notes
release
2014-04-15
Version 2014.1.2 is another bugfix release for 2014.1.0. The changes include:
• Fix username detection when su'ed to root on FreeBSD (issue 11628)
• Fix minionfs backend for file.recurse states
• Fix 32-bit packages of different arches than the CPU arch, on 32-bit RHEL/CentOS (issue 11822)
• Fix bug with specifying alternate home dir on user creation (FreeBSD) (issue 11790)
• Don’t reload site module on module refresh for MacOS
• Fix regression with running execution functions in Pillar SLS (issue 11453)
• Fix some modules missing from Windows installer
• Don’t log an error for yum commands that return nonzero exit status on non-failure (issue 11645)
• Fix bug in rabbitmq state (issue 8703)
• Fix missing ssh config options (issue 10604)
• Fix top.sls ordering (issue 10810 and issue 11691)
• Fix salt-key --list all (issue 10982)
• Fix win_servermanager install/remove function (issue 11038)
• Fix interaction with tokens when running commands as root (issue 11223)
• Fix overstate bug with find_job and **kwargs (issue 10503)
• Fix saltenv for aptpkg.mod_repo from pkgrepo state
• Fix environment issue causing file caching problems (issue 11189)
• Fix bug in __parse_key in registry state (issue 11408)
• Add minion auth retry on rejection (issue 10763)
• Fix publish_session updating the encryption key (issue 11493)
• Fix for bad AssertionError raised by GitPython (issue 11473)
• Fix debian_ip to allow disabling and enabling networking on Ubuntu (issue 11164)
• Fix potential memory leak caused by saved (and unused) events (issue 11582)
• Fix exception handling in the MySQL module (issue 11616)
• Fix environment-related error (issue 11534)
• Include psutil on Windows
• Add file.replace and file.search to Windows (issue 11471)
• Add additional file module helpers to Windows (issue 11235)
• Add pid to netstat output on Windows (issue 10782)
• Fix Windows not caching new versions of installers in winrepo (issue 10597)
• Fix hardcoded md5 hashing
• Fix kwargs in salt-ssh (issue 11609)
• Fix file backup timestamps (issue 11745)
• Fix stacktrace on sys.doc with invalid eauth (issue 11293)
• Fix git.latest with test=True (issue 11595)
• Fix file.check_perms hardcoded follow_symlinks (issue 11387)
• Fix certain pkg states for RHEL5/Cent5 machines (issue 11719)
Salt 2014.1.3 Release Notes
release
2014-04-15
Version 2014.1.3 is another bugfix release for 2014.1.0. It was created as a hotfix for a regression
found in 2014.1.2, which was not distributed. The only change made was as follows:
• Fix regression that caused saltutil.find_job to fail, causing premature terminations of salt CLI
commands.
Changes in the not-distributed 2014.1.2, also included in 2014.1.3:
• Fix username detection when su'ed to root on FreeBSD (issue 11628)
• Fix minionfs backend for file.recurse states
• Fix 32-bit packages of different arches than the CPU arch, on 32-bit RHEL/CentOS (issue 11822)
• Fix bug with specifying alternate home dir on user creation (FreeBSD) (issue 11790)
• Don’t reload site module on module refresh for MacOS
• Fix regression with running execution functions in Pillar SLS (issue 11453)
• Fix some modules missing from Windows installer
• Don’t log an error for yum commands that return nonzero exit status on non-failure (issue 11645)
• Fix bug in rabbitmq state (issue 8703)
• Fix missing ssh config options (issue 10604)
• Fix top.sls ordering (issue 10810 and issue 11691)
• Fix salt-key --list all (issue 10982)
• Fix win_servermanager install/remove function (issue 11038)
• Fix interaction with tokens when running commands as root (issue 11223)
• Fix overstate bug with find_job and **kwargs (issue 10503)
• Fix saltenv for aptpkg.mod_repo from pkgrepo state
• Fix environment issue causing file caching problems (issue 11189)
• Fix bug in __parse_key in registry state (issue 11408)
• Add minion auth retry on rejection (issue 10763)
• Fix publish_session updating the encryption key (issue 11493)
• Fix for bad AssertionError raised by GitPython (issue 11473)
• Fix debian_ip to allow disabling and enabling networking on Ubuntu (issue 11164)
• Fix potential memory leak caused by saved (and unused) events (issue 11582)
• Fix exception handling in the MySQL module (issue 11616)
• Fix environment-related error (issue 11534)
• Include psutil on Windows
• Add file.replace and file.search to Windows (issue 11471)
• Add additional file module helpers to Windows (issue 11235)
• Add pid to netstat output on Windows (issue 10782)
• Fix Windows not caching new versions of installers in winrepo (issue 10597)
• Fix hardcoded md5 hashing
• Fix kwargs in salt-ssh (issue 11609)
• Fix file backup timestamps (issue 11745)
• Fix stacktrace on sys.doc with invalid eauth (issue 11293)
• Fix git.latest with test=True (issue 11595)
• Fix file.check_perms hardcoded follow_symlinks (issue 11387)
• Fix certain pkg states for RHEL5/Cent5 machines (issue 11719)
Salt 2014.1.4 Release Notes
release
2014-05-05
Version 2014.1.4 is another bugfix release for 2014.1.0. Changes include:
• Fix setup.py dependency issue (issue 12031)
• Fix handling for IOErrors under certain circumstances (issue 11783 and issue 11853)
• Fix fatal exception when /proc/1/cgroup is not readable (issue 11619)
• Fix os grains for OpenSolaris (issue 11907)
• Fix lvs.zero module argument pass-through (issue 9001)
• Fix bug in debian_ip interaction with network.system state (issue 11164)
• Remove bad binary package verification code (issue 12177)
• Fix traceback in solaris package installation (issue 12237)
• Fix file.directory state symlink handling (issue 12209)
• Remove external_ip grain
• Fix file.managed makedirs issues (issue 10446)
• Fix hang on non-existent Windows drive letter for file module (issue 9880)
• Fix salt minion caching all users on the server (issue 9743)
• Add strftime formatting for ps.boot_time (issue 12428)
Salt 2014.1.5 Release Notes
release
2014-06-11
Version 2014.1.5 is another bugfix release for 2014.1.0. Changes include:
• Add function for finding cached job on the minion
• Fix iptables save file location for Debian (issue 11730)
• Fix for minion caching jobs when master is down
• Bump default syndic_wait to 5 to fix syndic-related problems (issue 12262)
• Add OpenBSD, FreeBSD, and NetBSD support for network.netstat (issue 12121)
• Fix false positive error in logs for makeconf state (issue 9762)
• Fix for yum fromrepo package installs when repo is disabled by default (issue 12466)
• Fix for extra blank lines in file.blockreplace (issue 12422)
• Fix grain detection for OpenVZ guests (issue 11877)
• Fix get_dns_servers function for Windows win_dns_client
• Use system locale for ports package installations
• Use correct stop/restart procedure for Debian networking in debian_ip (issue 12614)
• Fix for cmd_iter/cmd_iter_no_block blocking issues (issue 12617)
• Fix traceback when syncing custom types (issue 12883)
• Fix cleaning directory symlinks in file.directory
• Add performance optimizations for saltutil.sync_all and state.highstate
• Fix possible error in saltutil.running
• Fix for kmod modules with dashes (issue 13239)
• Fix possible race condition for Windows minions in state module reloading (issue 12370)
• Fix bug with roster for passwd option that is loaded as a non-string object (issue 13249)
• Keep duplicate version numbers from showing up in pkg.list_pkgs output
• Fixes for Jinja renderer, timezone module/state (issue 12724)
• Fix timedatectl parsing for systemd>=210 (issue 12728)
• Fix saltenv being written to YUM repo config files (issue 12887)
• Removed the deprecated external nodes classifier (originally accessible by setting a value for
external_nodes in the master configuration file). Note that this functionality has been marked
deprecated for some time and was replaced by the more general master tops system.
• More robust escaping of ldap filter strings.
• Fix trailing slash in gitfs_root causing files not to be available (issue 13185)
Salt 2014.1.6 Release Notes
release
2014-07-08
Version 2014.1.6 is another bugfix release for 2014.1.0. Changes include:
• Fix extra iptables --help output (Sorry!) (issue 13648, issue 13507, issue 13527, issue 13607)
• Fix mount.active for Solaris
• Fix support for allow-hotplug statement in debian_ip network module
• Add sqlite3 to esky builds
• Fix jobs.active output (issue 9526)
• Fix the virtual grain for Xen (issue 13534)
• Fix _ext_nodes unavailable on master (issue 13535)
• Fix eauth for batch mode (issue 9605)
• Fix force-related issues with tomcat support (issue 12889)
• Fix KeyError when cloud mapping
• Fix salt-minion restart loop in Windows (issue 12086)
• Fix detection of service virtual module on Fedora minions
• Fix traceback with missing ipv4 grain (issue 13838)
• Fix issue in roots backend with invalid data in mtime_map (issue 13836)
• Fix traceback in jobs.active (issue 11151)
• Fix master_tops and _ext_nodes issue (issue 13535, issue 13673)
Salt 2014.1.7 Release Notes
release
2014-07-09
Version 2014.1.7 is another bugfix release for 2014.1.0. Changes include:
• Fix batch mode regression (issue 14046)
This release was a hotfix release for the regression listed above which was present in the 2014.1.6
release. The changes included in 2014.1.6 are listed below:
• Fix extra iptables --help output (Sorry!) (issue 13648, issue 13507, issue 13527, issue 13607)
• Fix mount.active for Solaris
• Fix support for allow-hotplug statement in debian_ip network module
• Add sqlite3 to esky builds
• Fix jobs.active output (issue 9526)
• Fix the virtual grain for Xen (issue 13534)
• Fix eauth for batch mode (issue 9605)
• Fix force-related issues with tomcat support (issue 12889)
• Fix KeyError when cloud mapping
• Fix salt-minion restart loop in Windows (issue 12086)
• Fix detection of service virtual module on Fedora minions
• Fix traceback with missing ipv4 grain (issue 13838)
• Fix issue in roots backend with invalid data in mtime_map (issue 13836)
• Fix traceback in jobs.active (issue 11151)
• Fix master_tops and _ext_nodes issue (issue 13535, issue 13673)
Salt 2014.1.8 Release Notes
release
2014-07-30
NOTE:
This release contained a regression which caused inaccurate Salt version detection, and thus was never
packaged for general release. Please use version 2014.1.10 instead.
Version 2014.1.8 is another bugfix release for 2014.1.0. Changes include:
• Ensure salt-ssh will not continue if permissions on a temporary directory are not correct.
• Use the bootstrap script distributed with Salt instead of relying on an external resource
• Remove unused testing code
• Ensure salt states are placed into the .salt directory in salt-ssh
• Use a randomized path for temporary files in a salt-cloud deployment
• Clean any stale directories to ensure a fresh copy of salt-ssh during a deployment
Salt 2014.1.9 Release Notes
release
2014-07-31
NOTE:
This release contained a regression which caused inaccurate Salt version detection, and thus was never
packaged for general release. Please use version 2014.1.10 instead.
NOTE:
Version 2014.1.8 contained a regression which caused inaccurate Salt version detection, and thus was
never packaged for general release. This version contains the version detection fix, but is otherwise
identical to 2014.1.8.
Version 2014.1.9 is another bugfix release for 2014.1.0. Changes include:
• Ensure salt-ssh will not continue if permissions on a temporary directory are not correct.
• Use the bootstrap script distributed with Salt instead of relying on an external resource
• Remove unused testing code
• Ensure salt states are placed into the .salt directory in salt-ssh
• Use a randomized path for temporary files in a salt-cloud deployment
• Clean any stale directories to ensure a fresh copy of salt-ssh during a deployment
Salt 0.10.0 Release Notes
release
2012-06-16
0.10.0 has arrived! This release comes with MANY bug fixes, and new capabilities which greatly enhance
performance and reliability. This release is primarily a bug fix release with many new tests and many
repaired bugs. This release also introduces a few new key features which were brought in primarily to
repair bugs and some limitations found in some of the components of the original architecture.
Major Features
Event System
The Salt Master now comes equipped with a new event system. This event system has replaced some of the
back end of the Salt client and offers the beginning of a system which will make plugging external
applications into Salt. The event system relies on a local ZeroMQ publish socket and other processes can
connect to this socket and listen for events. The new events can be easily managed via Salt's event
library.
Unprivileged User Updates
Some enhancements have been added to Salt for running as a user other than root. These new additions
should make switching the user that the Salt Master is running as very painless, simply change the user
option in the master configuration and restart the master, Salt will take care of all of the particulars
for you.
Peer Runner Execution
Salt has long had the peer communication system used to allow minions to send commands via the salt
master. 0.10.0 adds a new capability here, now the master can be configured to allow for minions to
execute Salt runners via the peer_run option in the salt master configuration.
YAML Parsing Updates
In the past the YAML parser for sls files would return the incorrect numbers when the file mode was set
with a preceding 0. The YAML parser used in Salt has been modified to no longer convert these number into
octal but to keep them as the correct value so that sls files can be a little cleaner to write.
State Call Data Files
It was requested that the minion keep a local cache of the most recent executed state run. This has been
added and now with state runs the data is stored in a msgpack file in the minion's cachedir.
Turning Off the Job Cache
A new option has been added to the master configuration file. In previous releases the Salt client would
look over the Salt job cache to read in the minion return data. With the addition of the event system the
Salt client can now watch for events directly from the master worker processes.
This means that the job cache is no longer a hard requirement. Keep in mind though, that turning off the
job cache means that historic job execution data cannot be retrieved.
Test Updates
Minion Swarms Are Faster
To continue our efforts with testing Salt's ability to scale the minionswarm script has been updated. The
minionswarm can now start up minions much faster than it could before and comes with a new feature
allowing modules to be disabled, thus lowering the minion's footprint when making a swarm. These new
updates have allows us to test
# python minionswarm.py -m 20 --master salt-master
Many Fixes
To get a good idea for the number of bugfixes this release offers take a look at the closed tickets for
0.10.0, this is a very substantial update:
https://github.com/saltstack/salt/issues?milestone=12&state=closed
Master and Minion Stability Fixes
As Salt deployments grow new ways to break Salt are discovered. 0.10.0 comes with a number of fixes for
the minions and master greatly improving Salt stability.
Salt 0.10.1 Release Notes
release
2012-06-19
Salt 0.10.2 Release Notes
release
2012-07-30
0.10.2 is out! This release comes with enhancements to the pillar interface, cleaner ways to access the
salt-call capabilities in the API, minion data caching and the event system has been added to salt
minions.
There have also been updates to the ZeroMQ functions, many more tests (thanks to sponsors, the code
sprint and many contributors) and a swath of bug fixes.
Major Features
Ext Pillar Modules
The ranks of available Salt modules directories sees a new member in 0.10.2. With the popularity of
pillar a higher demand has arisen for ext_pillar interfaces to be more like regular Salt module
additions. Now ext_pillar interfaces can be added in the same way as other modules, just drop it into the
pillar directory in the salt source.
Minion Events
In 0.10.0 an event system was added to the Salt master. 0.10.2 adds the event system to the minions as
well. Now event can be published on a local minion as well.
The minions can also send events back up to the master. This means that Salt is able to communicate
individual events from the minions back up to the Master which are not associated with command.
Minion Data Caching
When pillar was introduced the landscape for available data was greatly enhanced. The minion's began
sending grain data back to the master on a regular basis.
The new config option on the master called minion_data_cache instructs the Salt master to maintain a
cache of the minion's grains and pillar data in the cachedir. This option is turned off by default to
avoid hitting the disk more, but when enabled the cache is used to make grain matching from the salt
command more powerful, since the minions that will match can be predetermined.
Backup Files
By default all files replaced by the file.managed and file.recurse states we simply deleted. 0.10.2 adds
a new option. By setting the backup option to minion the files are backed up before they are replaced.
The backed up files are located in the cachedir under the file_backup directory. On a default system this
will be at: /var/cache/salt/file_backup
Configuration files
salt-master and salt-minion automatically load additional configuration files from master.d/*.conf
respective minion.d/*.conf where master.d/minion.d is a directory in the same directory as the main
configuration file.
Salt Key Verification
A number of users complained that they had inadvertently deleted the wrong salt authentication keys.
0.10.2 now displays what keys are going to be deleted and verifies that they are the keys that are
intended for deletion.
Key auto-signing
If autosign_file is specified in the configuration file incoming keys will be compared to the list of
keynames in autosign_file. Regular expressions as well as globbing is supported.
The file must only be writable by the user otherwise the file will be ignored. To relax the permission
and allow group write access set the permissive_pki_access option.
Module changes
Improved OpenBSD support
New modules for managing services and packages were provided by Joshua Elsasser to further improve the
support for OpenBSD.
Existing modules like the disk module were also improved to support OpenBSD.
SQL Modules
The MySQL and PostgreSQL modules have both received a number of additions thanks to the work of Avi
Marcus and Roman Imankulov.
ZFS Support on FreeBSD
A new ZFS module has been added by Kurtis Velarde for FreeBSD supporting various ZFS operations like
creating, extending or removing zpools.
Augeas
A new Augeas module by Ulrich Dangel for editing and verifying config files.
Native Debian Service module
The support for the Debian was further improved with an new service module for Debian by Ahmad Khayyat
supporting disable and enable.
Cassandra
Cassandra support has been added by Adam Garside. Currently only status and diagnostic information are
supported.
Networking
The networking support for RHEL has been improved and supports bonding support as well as zeroconf
configuration.
Monit
Basic monit support by Kurtis Velarde to control services via monit.
nzbget
Basic support for controlling nzbget by Joseph Hall
Bluetooth
Baisc bluez support for managing and controlling Bluetooth devices. Supports scanning as well as
pairing/unpairing by Joseph Hall.
Test Updates
Consistency Testing
Another testing script has been added. A bug was found in pillar when many minions generated pillar data
at the same time. The new consist.py script is the tests directory was created to reproduce bugs where
data should always be consistent.
Many Fixes
To get a good idea for the number of bugfixes this release offers take a look at the closed tickets for
0.10.2, this is a very substantial update:
https://github.com/saltstack/salt/issues?milestone=24&page=1&state=closed
Master and Minion Stability Fixes
As Salt deployments grow new ways to break Salt are discovered. 0.10.2 comes with a number of fixes for
the minions and master greatly improving Salt stability.
Salt 0.10.3 Release Notes
release
2012-09-30
The latest taste of Salt has come, this release has many fixes and feature additions. Modifications have
been made to make ZeroMQ connections more reliable, the beginning of the ACL system is in place, a new
command line parsing system has been added, dynamic module distribution has become more environment
aware, the new master_finger option and many more!
Major Features
ACL System
The new ACL system has been introduced. The ACL system allows for system users other than root to execute
salt commands. Users can be allowed to execute specific commands in the same way that minions are opened
up to the peer system.
The configuration value to open up the ACL system is called client_acl and is configured like so:
client_acl:
fred:
- test..*
- pkg.list_pkgs
Where fred is allowed access to functions in the test module and to the pkg.list_pkgs function.
Master Finger Option
The master_finger option has been added to improve the security of minion provisioning. The master_finger
option allows for the fingerprint of the master public key to be set in the configuration file to double
verify that the master is valid. This option was added in response to a motivation to pre-authenticate
the master when provisioning new minions to help prevent man in the middle attacks in some situations.
Salt Key Fingerprint Generation
The ability to generate fingerprints of keys used by Salt has been added to salt-key. The new option
finger accepts the name of the key to generate and display a fingerprint for.
salt-key -F master
Will display the fingerprints for the master public and private keys.
Parsing System
Pedro Algavio, aka s0undt3ch, has added a substantial update to the command line parsing system that
makes the help message output much cleaner and easier to search through. Salt parsers now have
--versions-report besides usual --version info which you can provide when reporting any issues found.
Key Generation
We have reduced the requirements needed for salt-key to generate minion keys. You're no longer required
to have salt configured and it's common directories created just to generate keys. This might prove
useful if you're batch creating keys to pre-load on minions.
Startup States
A few configuration options have been added which allow for states to be run when the minion daemon
starts. This can be a great advantage when deploying with Salt because the minion can apply states right
when it first runs. To use startup states set the startup_states configuration option on the minion to
highstate.
New Exclude Declaration
Some users have asked about adding the ability to ensure that other sls files or ids are excluded from a
state run. The exclude statement will delete all of the data loaded from the specified sls file or will
delete the specified id:
exclude:
- sls: http
- id: /etc/vimrc
Max Open Files
While we're currently unable to properly handle ZeroMQ's abort signals when the max open files is
reached, due to the way that's handled on ZeroMQ's, we have minimized the chances of this happening
without at least warning the user.
More State Output Options
Some major changes have been made to the state output system. In the past state return data was printed
in a very verbose fashion and only states that failed or made changes were printed by default. Now two
options can be passed to the master and minion configuration files to change the behavior of the state
output. State output can be set to verbose (default) or non-verbose with the state_verbose option:
state_verbose: False
It is noteworthy that the state_verbose option used to be set to False by default but has been changed to
True by default in 0.10.3 due to many requests for the change.
Te next option to be aware of new and called state_output. This option allows for the state output to be
set to full (default) or terse.
The full output is the standard state output, but the new terse output will print only one line per state
making the output much easier to follow when executing a large state system.
state_output: terse
state.file.append Improvements
The salt state file.append() tries not to append existing text. Previously the matching check was being
made line by line. While this kind of check might be enough for most cases, if the text being appended
was multi-line, the check would not work properly. This issue is now properly handled, the match is done
as a whole ignoring any white space addition or removal except inside commas. For those thinking that,
in order to properly match over multiple lines, salt will load the whole file into memory, that's not
true. For most cases this is not important but an erroneous order to read a 4GB file, if not properly
handled, like salt does, could make salt chew that amount of memory. Salt has a buffered file reader
which will keep in memory a maximum of 256KB and iterates over the file in chunks of 32KB to test for the
match, more than enough, if not, explain your usage on a ticket. With this change, also
salt.modules.file.contains(), salt.modules.file.contains_regex(), salt.modules.file.contains_glob() and
salt.utils.find now do the searching and/or matching using the buffered chunks approach explained above.
Two new keyword arguments were also added, makedirs, and source. The first, makedirs will create the
necessary directories in order to append to the specified file, of course, it only applies if we're
trying to append to a non-existing file on a non-existing directory:
/tmp/salttest/file-append-makedirs:
file.append:
text: foo
makedirs: True
The second, source, allows one to append the contents of a file instead of specifying the text.
/tmp/salttest/file-append-source:
file.append:
- source: salt://testfile
Security Fix
A timing vulnerability was uncovered in the code which decrypts the AES messages sent over the network.
This has been fixed and upgrading is strongly recommended.
Salt 0.10.4 Release Notes
release
2012-10-23
Salt 0.10.4 is a monumental release for the Salt team, with two new module systems, many additions to
allow granular access to Salt, improved platform support and much more.
This release is also exciting because we have been able to shorten the release cycle back to under a
month. We are working hard to keep up the aggressive pace and look forward to having releases happen more
frequently!
This release also includes a serious security fix and all users are very strongly recommended to upgrade.
As usual, upgrade the master first, and then the minion to ensure that the process is smooth.
Major Features
External Authentication System
The new external authentication system allows for Salt to pass through authentication to any
authentication system to determine if a user has permission to execute a Salt command. The Unix PAM
system is the first supported system with more to come!
The external authentication system allows for specific users to be granted access to execute specific
functions on specific minions. Access is configured in the master configuration file, and uses the new
access control system:
external_auth:
pam:
thatch:
- 'web*':
- test.*
- network.*
The configuration above allows the user thatch to execute functions in the test and network modules on
minions that match the web* target.
Access Control System
All Salt systems can now be configured to grant access to non-administrative users in a granular way. The
old configuration continues to work. Specific functions can be opened up to specific minions from
specific users in the case of external auth and client ACLs, and for specific minions in the case of the
peer system.
Access controls are configured like this:
client_acl:
fred:
- web\*:
- pkg.list_pkgs
- test.*
- apache.*
Target by Network
A new matcher has been added to the system which allows for minions to be targeted by network. This new
matcher can be called with the -S flag on the command line and is available in all places that the
matcher system is available. Using it is simple:
$ salt -S '192.168.1.0/24' test.ping
$ salt -S '192.168.1.100' test.ping
Nodegroup Nesting
Previously a nodegroup was limited by not being able to include another nodegroup, this restraint has
been lifted and now nodegroups will be expanded within other nodegroups with the N@ classifier.
Salt Key Delete by Glob
The ability to delete minion keys by glob has been added to salt-key. To delete all minion keys whose
minion name starts with 'web':
$ salt-key -d 'web*'
Master Tops System
The external_nodes system has been upgraded to allow for modular subsystems to be used to generate the
top file data for a highstate run.
The external_nodes option still works but will be deprecated in the future in favor of the new
master_tops option.
Example of using master_tops:
master_tops:
ext_nodes: cobbler-external-nodes
Next Level Solaris Support
A lot of work has been put into improved Solaris support by Romeo Theriault. Packaging modules
(pkgadd/pkgrm and pkgutil) and states, cron support and user and group management have all been added and
improved upon. These additions along with SMF (Service Management Facility) service support and improved
Solaris grain detection in 0.10.3 add up to Salt becoming a great tool to manage Solaris servers with.
Security
A vulnerability in the security handshake was found and has been repaired, old minions should be able to
connect to a new master, so as usual, the master should be updated first and then the minions.
Pillar Updates
The pillar communication has been updated to add some extra levels of verification so that the intended
minion is the only one allowed to gather the data. Once all minions and the master are updated to salt
0.10.4 please activate pillar 2 by changing the pillar_version in the master config to 2. This will be
set to 2 by default in a future release.
Salt 0.10.5 Release Notes
release
2012-11-15
Salt 0.10.5 is ready, and comes with some great new features. A few more interfaces have been
modularized, like the outputter system. The job cache system has been made more powerful and can now
store and retrieve jobs archived in external databases. The returner system has been extended to allow
minions to easily retrieve data from a returner interface.
As usual, this is an exciting release, with many noteworthy additions!
Major Features
External Job Cache
The external job cache is a system which allows for a returner interface to also act as a job cache. This
system is intended to allow users to store job information in a central location for longer periods of
time and to make the act of looking up information from jobs executed on other minions easier.
Currently the external job cache is supported via the mongo and redis returners:
ext_job_cache: redis
redis.host: salt
Once the external job cache is turned on the new ret module can be used on the minions to retrieve return
information from the job cache. This can be a great way for minions to respond and react to other
minions.
OpenStack Additions
OpenStack integration with Salt has been moving forward at a blistering pace. The new nova, glance, and
keystone modules represent the beginning of ongoing OpenStack integration.
The Salt team has had many conversations with core OpenStack developers and is working on linking to
OpenStack in powerful new ways.
Wheel System
A new API was added to the Salt Master which allows the master to be managed via an external API. This
new system allows Salt API to easily hook into the Salt Master and manage configs, modify the state tree,
manage the pillar and more. The main motivation for the wheel system is to enable features needed in the
upcoming web UI so users can manage the master just as easily as they manage minions.
The wheel system has also been hooked into the external auth system. This allows specific users to have
granular access to manage components of the Salt Master.
Render Pipes
Jack Kuan has added a substantial new feature. The render pipes system allows Salt to treat the render
system like unix pipes. This new system enables sls files to be passed through specific render engines.
While the default renderer is still recommended, different engines can now be more easily merged. So to
pipe the output of Mako used in YAML use this shebang line:
#!mako|yaml
Salt Key Overhaul
The Salt Key system was originally developed as only a CLI interface, but as time went on it was pressed
into becoming a clumsy API. This release marks a complete overhaul of Salt Key. Salt Key has been
rewritten to function purely from an API and to use the outputter system. The benefit here is that the
outputter system works much more cleanly with Salt Key now, and the internals of Salt Key can be used
much more cleanly.
Modular Outputters
The outputter system is now loaded in a modular way. This means that output systems can be more easily
added by dropping a python file down on the master that contains the function output.
Gzip from Fileserver
Gzip compression has been added as an option to the cp.get_file and cp.get_dir commands. This will make
file transfers more efficient and faster, especially over slower network links.
Unified Module Configuration
In past releases of Salt, the minions needed to be configured for certain modules to function. This was
difficult because it required pre-configuring the minions. 0.10.5 changes this by making all module
configs on minions search the master config file for values.
Now if a single database server is needed, then it can be defined in the master config and all minions
will become aware of the configuration value.
Salt Call Enhancements
The salt-call command has been updated in a few ways. Now, salt-call can take the --return option to send
the data to a returner. Also, salt-call now reports executions in the minion proc system, this allows the
master to be aware of the operation salt-call is running.
Death to pub_refresh and sub_timeout
The old configuration values pub_refresh and sub_timeout have been removed. These options were in place
to alleviate problems found in earlier versions of ZeroMQ which have since been fixed. The continued use
of these options has proven to cause problems with message passing and have been completely removed.
Git Revision Versions
When running Salt directly from git (for testing or development, of course) it has been difficult to know
exactly what code is being executed. The new versioning system will detect the git revision when building
and how many commits have been made since the last release. A release from git will look like this:
0.10.4-736-gec74d69
Svn Module Addition
Anthony Cornehl (twinshadow) contributed a module that adds Subversion support to Salt. This great
addition helps round out Salt's VCS support.
Noteworthy Changes
Arch Linux Defaults to Systemd
Arch Linux recently changed to use systemd by default and discontinued support for init scripts. Salt has
followed suit and defaults to systemd now for managing services in Arch.
Salt, Salt Cloud and Openstack
With the releases of Salt 0.10.5 and Salt Cloud 0.8.2, OpenStack becomes the first (non-OS) piece of
software to include support both on the user level (with Salt Cloud) and the admin level (with Salt). We
are excited to continue to extend support of other platforms at this level.
Salt 0.11.0 Release Notes
release
2012-12-14
Salt 0.11.0 is here, with some highly sought after and exciting features. These features include the new
overstate system, the reactor system, a new state run scope component called __context__, the beginning
of the search system (still needs a great deal of work), multiple package states, the MySQL returner and
a better system to arbitrarily reference outputters.
It is also noteworthy that we are changing how we mark release numbers. For the life of the project we
have been pushing every release with features and fixes as point releases. We will now be releasing point
releases for only bug fixes on a more regular basis and major feature releases on a slightly less regular
basis. This means that the next release will be a bugfix only release with a version number of 0.11.1.
The next feature release will be named 0.12.0 and will mark the end of life for the 0.11 series.
Major Features
OverState
The overstate system is a simple way to manage rolling state executions across many minions. The
overstate allows for a state to depend on the successful completion of another state.
Reactor System
The new reactor system allows for a reactive logic engine to be created which can respond to events
within a salted environment. The reactor system uses sls files to match events fired on the master with
actions, enabling Salt to react to problems in an infrastructure.
Your load-balanced group of webservers is under extra load? Spin up a new VM and add it to the group.
Your fileserver is filling up? Send a notification to your sysadmin on call. The possibilities are
endless!
Module Context
A new component has been added to the module loader system. The module context is a data structure that
can hold objects for a given scope within the module.
This allows for components that are initialized to be stored in a persistent context which can greatly
speed up ongoing connections. Right now the best example can be found in the cp execution module.
Multiple Package Management
A long desired feature has been added to package management. By definition Salt States have always
installed packages one at a time. On most platforms this is not the fastest way to install packages. Erik
Johnson, aka terminalmage, has modified the package modules for many providers and added new capabilities
to install groups of packages. These package groups can be defined as a list of packages available in
repository servers:
python_pkgs:
pkg.installed:
- pkgs:
- python-mako
- whoosh
- python-git
or specify based on the location of specific packages:
python_pkgs:
pkg.installed:
- sources:
- python-mako: http://some-rpms.org/python-mako.rpm
- whoosh: salt://whoosh/whoosh.rpm
- python-git: ftp://companyserver.net/python-git.rpm
Search System
The bones to the search system have been added. This is a very basic interface that allows for search
backends to be added as search modules. The first supported search module is the whoosh search backend.
Right now only the basic paths for the search system are in place, making this very experimental.
Further development will involve improving the search routines and index routines for whoosh and other
search backends.
The search system has been made to allow for searching through all of the state and pillar files,
configuration files and all return data from minion executions.
Notable Changes
All previous versions of Salt have shared many directories between the master and minion. The default
locations for keys, cached data and sockets has been shared by master and minion. This has created
serious problems with running a master and a minion on the same systems. 0.11.0 changes the defaults to
be separate directories. Salt will also attempt to migrate all of the old key data into the correct new
directories, but if it is not successful it may need to be done manually. If your keys exhibit issues
after updating make sure that they have been moved from /etc/salt/pki to /etc/salt/pki/{master,minion}.
The old setup will look like this:
/etc/salt/pki
|-- master.pem
|-- master.pub
|-- minions
| `-- ragnarok.saltstack.net
|-- minions_pre
|-- minion.pem
|-- minion.pub
|-- minion_master.pub
|-- minions_pre
`-- minions_rejected
With the accepted minion keys in /etc/salt/pki/minions, the new setup places the accepted minion keys in
/etc/salt/pki/master/minions.
/etc/salt/pki
|-- master
| |-- master.pem
| |-- master.pub
| |-- minions
| | `-- ragnarok.saltstack.net
| |-- minions_pre
| `-- minions_rejected
|-- minion
| |-- minion.pem
| |-- minion.pub
| `-- minion_master.pub
Salt 0.11.1 Release Notes
release
2012-12-19
Salt 0.12.0 Release Notes
release
2013-01-15
Another feature release of Salt is here! Some exciting additions are included with more ways to make salt
modular and even easier management of the salt file server.
Major Features
Modular Fileserver Backend
The new modular fileserver backend allows for any external system to be used as a salt file server. The
main benefit here is that it is now possible to tell the master to directly use a git remote location, or
many git remote locations, automatically mapping git branches and tags to salt environments.
Windows is First Class!
A new Salt Windows installer is now available! Much work has been put in to improve Windows support. With
this much easier method of getting Salt on your Windows machines, we hope even more development and
progress will occur. Please file bug reports on the Salt GitHub repo issue tracker so we can continue
improving.
One thing that is missing on Windows that Salt uses extensively is a software package manager and a
software package repository. The Salt pkg state allows sys admins to install software across their
infrastructure and across operating systems. Software on Windows can now be managed in the same way. The
SaltStack team built a package manager that interfaces with the standard Salt pkg module to allow for
installing and removing software on Windows. In addition, a software package repository has been built on
top of the Salt fileserver. A small YAML file provides the information necessary for the package manager
to install and remove software.
An interesting feature of the new Salt Windows software package repository is that one or more remote git
repositories can supplement the master's local repository. The repository can point to software on the
master's fileserver or on an HTTP, HTTPS, or ftp server.
New Default Outputter
Salt displays data to the terminal via the outputter system. For a long time the default outputter for
Salt has been the python pretty print library. While this has been a generally reasonable outputter, it
did have many failings. The new default outputter is called "nested", it recursively scans return data
structures and prints them out cleanly.
If the result of the new nested outputter is not desired any other outputter can be used via the --out
option, or the output option can be set in the master and minion configs to change the default outputter.
Internal Scheduler
The internal Salt scheduler is a new capability which allows for functions to be executed at given
intervals on the minion, and for runners to be executed at given intervals on the master. The scheduler
allows for sequences such as executing state runs (locally on the minion or remotely via an overstate) or
continually gathering system data to be run at given intervals.
The configuration is simple, add the schedule option to the master or minion config and specify jobs to
run, this in the master config will execute the state.over runner every 60 minutes:
schedule:
overstate:
function: state.over
minutes: 60
This example for the minion configuration will execute a highstate every 30 minutes:
schedule:
highstate:
function: state.highstate
minutes: 30
Optional DSL for SLS Formulas
Jack Kuan, our renderer expert, has created something that is astonishing. Salt, now comes with an
optional Python based DSL, this is a very powerful interface that makes writing SLS files in pure python
easier than it was with the raw py renderer. As usual this can be used with the renderer shebang line, so
a single sls can be written with the DSL if pure python power is needed while keeping other sls files
simple with YAML.
Set Grains Remotely
A new execution function and state module have been added that allows for grains to be set on the minion.
Now grains can be set via a remote execution or via states. Use the grains.present state or the
grains.setval execution functions.
Gentoo Additions
Major additions to Gentoo specific components have been made. The encompasses executions modules and
states ranging from supporting the make.conf file to tools like layman.
Salt 0.12.1 Release Notes
release
2013-01-21
Salt 0.13.0 Release Notes
release
2013-02-12
The lucky number 13 has turned the corner! From CLI notifications when quitting a salt command, to
substantial improvements on Windows, Salt 0.13.0 has arrived!
Major Features
Improved file.recurse Performance
The file.recurse system has been deployed and used in a vast array of situations. Fixes to the file state
and module have led towards opening up new ways of running file.recurse to make it faster. Now the
file.recurse state will download fewer files and will run substantially faster.
Windows Improvements
Minion stability on Windows has improved. Many file operations, including file.recurse, have been fixed
and improved. The network module works better, to include network.interfaces. Both 32bit and 64bit
installers are now available.
Nodegroup Targeting in Peer System
In the past, nodegroups were not available for targeting via the peer system. This has been fixed,
allowing the new nodegroup expr_form argument for the publish.publish function:
salt-call publish.publish group1 test.ping expr_form=nodegroup
Blacklist Additions
Additions allowing more granular blacklisting are available in 0.13.0. The ability to blacklist users and
functions in client_acl have been added, as well as the ability to exclude state formulas from the
command line.
Command Line Pillar Embedding
Pillar data can now be embedded on the command line when calling state.sls and state.highstate. This
allows for on the fly changes or settings to pillar and makes parameterizing state formulas even easier.
This is done via the keyword argument:
salt '*' state.highstate pillar='{"cheese": "spam"}'
The above example will extend the existing pillar to hold the cheese key with a value of spam. If the
cheese key is already specified in the minion's pillar then it will be overwritten.
CLI Notifications
In the past hitting ctrl-C and quitting from the salt command would just drop to a shell prompt, this
caused confusion with users who expected the remote executions to also quit. Now a message is displayed
showing what command can be used to track the execution and what the job id is for the execution.
Version Specification in Multiple-Package States
Versions can now be specified within multiple-package pkg.installed states. An example can be found
below:
mypkgs:
pkg.installed:
- pkgs:
- foo
- bar: 1.2.3-4
- baz
Noteworthy Changes
The configuration subsystem in Salt has been overhauled to make the opts dict used by Salt applications
more portable, the problem is that this is an incompatible change with salt-cloud, and salt-cloud will
need to be updated to the latest git to work with Salt 0.13.0. Salt Cloud 0.8.5 will also require Salt
0.13.0 or later to function.
The SaltStack team is sorry for the inconvenience here, we work hard to make sure these sorts of things
do not happen, but sometimes hard changes get in.
Salt 0.13.1 Release Notes
release
2013-02-15
Salt 0.13.2 Release Notes
release
2013-03-13
Salt 0.13.3 Release Notes
release
2013-03-18
Salt 0.14.0 Release Notes
release
2013-03-23
Salt 0.14.0 is here! This release was held up primarily by PyCon, Scale, and illness, but has arrived!
0.14.0 comes with many new features and is breaking ground for Salt in the area of cloud management with
the introduction of Salt providing basic cloud controller functionality.
Major Features
Salt - As a Cloud Controller
This is the first primitive inroad to using Salt as a cloud controller is available in 0.14.0. Be advised
that this is alpha, only tested in a few very small environments.
The cloud controller is built using kvm and libvirt for the hypervisors. Hypervisors are autodetected as
minions and only need to have libvirt running and kvm installed to function. The features of the Salt
cloud controller are as follows:
• Basic vm discovery and reporting
• Creation of new virtual machines
• Seeding virtual machines with Salt via qemu-nbd or libguestfs
• Live migration (shared and non shared storage)
• Delete existing VMs
It is noteworthy that this feature is still Alpha, meaning that all rights are reserved to change the
interface if needs be in future releases!
Libvirt State
One of the problems with libvirt is management of certificates needed for live migration and cross
communication between hypervisors. The new libvirt state makes the Salt Master hold a CA and manage the
signing and distribution of keys onto hypervisors, just add a call to the libvirt state in the sls
formulas used to set up a hypervisor:
libvirt_keys:
libvirt.keys
New get Functions
An easier way to manage data has been introduced. The pillar, grains, and config execution modules have
been extended with the new get function. This function works much in the same way as the get method in a
python dict, but with an enhancement, nested dict components can be extracted using a : delimiter.
If a structure like this is in pillar:
foo:
bar:
baz: quo
Extracting it from the raw pillar in an sls formula or file template is done this way:
{{ pillar['foo']['bar']['baz'] }}
Now with the new get function the data can be safely gathered and a default can be set allowing the
template to fall back if the value is not available:
{{ salt['pillar.get']('foo:bar:baz', 'qux') }}
This makes handling nested structures much easier, and defaults can be cleanly set. This new function is
being used extensively in the new formulae repository of salt sls formulas.
Salt 0.14.1 Release Notes
release
2013-04-13
Salt 0.15.0 Release Notes
release
2013-05-03
The many new features of Salt 0.15.0 have arrived! Salt 0.15.0 comes with many smaller features and a few
larger ones.
These features range from better debugging tools to the new Salt Mine system.
Major Features
The Salt Mine
First there was the peer system, allowing for commands to be executed from a minion to other minions to
gather data live. Then there was the external job cache for storing and accessing long term data. Now the
middle ground is being filled in with the Salt Mine. The Salt Mine is a system used to execute functions
on a regular basis on minions and then store only the most recent data from the functions on the master,
then the data is looked up via targets.
The mine caches data that is public to all minions, so when a minion posts data to the mine all other
minions can see it.
IPV6 Support
0.13.0 saw the addition of initial IPV6 support but errors were encountered and it needed to be stripped
out. This time the code covers more cases and must be explicitly enabled. But the support is much more
extensive than before.
Copy Files From Minions to the Master
Minions have long been able to copy files down from the master file server, but until now files could not
be easily copied from the minion up to the master.
A new function called cp.push can push files from the minions up to the master server. The uploaded files
are then cached on the master in the master cachedir for each minion.
Better Template Debugging
Template errors have long been a burden when writing states and pillar. 0.15.0 will now send the compiled
template data to the debug log, this makes tracking down the intermittent stage templates much easier. So
running state.sls or state.highstate with -l debug will now print out the rendered templates in the debug
information.
State Event Firing
The state system is now more closely tied to the master's event bus. Now when a state fails the failure
will be fired on the master event bus so that the reactor can respond to it.
Major Syndic Updates
The Syndic system has been basically re-written. Now it runs in a completely asynchronous way and
functions primarily as an event broker. This means that the events fired on the syndic are now pushed up
to the higher level master instead of the old method used which waited for the client libraries to
return.
This makes the syndic much more accurate and powerful, it also means that all events fired on the syndic
master make it up the pipe as well making a reactor on the higher level master able to react to minions
further downstream.
Peer System Updates
The Peer System has been updated to run using the client libraries instead of firing directly over the
publish bus. This makes the peer system much more consistent and reliable.
Minion Key Revocation
In the past when a minion was decommissioned the key needed to be manually deleted on the master, but now
a function on the minion can be used to revoke the calling minion's key:
$ salt-call saltutil.revoke_auth
Function Return Codes
Functions can now be assigned numeric return codes to determine if the function executed successfully.
While not all functions have been given return codes, many have and it is an ongoing effort to fill out
all functions that might return a non-zero return code.
Functions in Overstate
The overstate system was originally created to just manage the execution of states, but with the addition
of return codes to functions, requisite logic can now be used with respect to the overstate. This means
that an overstate stage can now run single functions instead of just state executions.
Pillar Error Reporting
Previously if errors surfaced in pillar, then the pillar would consist of only an empty dict. Now all
data that was successfully rendered stays in pillar and the render error is also made available. If
errors are found in the pillar, states will refuse to run.
Using Cached State Data
Sometimes states are executed purely to maintain a specific state rather than to update states with new
configs. This is grounds for the new cached state system. By adding cache=True to a state call the state
will not be generated fresh from the master but the last state data to be generated will be used. If no
previous state data is available then fresh data will be generated.
Monitoring States
The new monitoring states system has been started. This is very young but allows for states to be used to
configure monitoring routines. So far only one monitoring state is available, the disk.status state. As
more capabilities are added to Salt UI the monitoring capabilities of Salt will continue to be expanded.
Salt 0.15.1 Release Notes
release
2013-05-08
The 0.15.1 release has been posted, this release includes fixes to a number of bugs in 0.15.1 and a three
security patches.
Security Updates
A number of security issues have been resolved via the 0.15.1 release.
Path Injection in Minion IDs
Salt masters did not properly validate the id of a connecting minion. This can lead to an attacker
uploading files to the master in arbitrary locations. In particular this can be used to bypass the
manual validation of new unknown minions. Exploiting this vulnerability does not require authentication.
This issue affects all known versions of Salt.
This issue was reported by Ronald Volgers.
Patch
The issue is fixed in Salt 0.15.1. Updated packages are available in the usual locations.
Specific commits:
https://github.com/saltstack/salt/commit/5427b9438e452a5a8910d9128c6aafb45d8fd5d3
https://github.com/saltstack/salt/commit/7560908ee62351769c3cd43b03d74c1ca772cc52
https://github.com/saltstack/salt/commit/e200b8a7ff53780124e08d2bdefde7587e52bfca
RSA Key Generation Fault
RSA key generation was done incorrectly, leading to very insecure keys. It is recommended to regenerate
all RSA keys.
This issue can be used to impersonate Salt masters or minions, or decrypt any transferred data.
This issue can only be exploited by attackers who are able to observe or modify traffic between Salt
minions and the legitimate Salt master.
A tool was included in 0.15.1 to assist in mass key regeneration, the manage.regen_keys runner.
This issue affects all known versions of Salt.
This issue was reported by Ronald Volgers.
Patch
The issue is fixed in Salt 0.15.1. Updated packages are available in the usual locations.
Specific commits:
https://github.com/saltstack/salt/commit/5dd304276ba5745ec21fc1e6686a0b28da29e6fc
Command Injection Via ext_pillar
Arbitrary shell commands could be executed on the master by an authenticated minion through options
passed when requesting a pillar.
Ext pillar options have been restricted to only allow safe external pillars to be called when prompted by
the minion.
This issue affects Salt versions from 0.14.0 to 0.15.0.
This issue was reported by Ronald Volgers.
Patch
The issue is fixed in Salt 0.15.1. Updated packages are available in the usual locations.
Specific commits:
https://github.com/saltstack/salt/commit/43d8c16bd26159d827d1a945c83ac28159ec5865
Salt 0.15.2 Release Notes
release
2013-05-29
Salt 0.15.3 Release Notes
release
2013-06-01
Salt 0.16.0 Release Notes
release
2013-07-01
The 0.16.0 release is an exciting one, with new features in master redundancy, and a new, powerful
requisite.
Major Features
Multi-Master
This new capability allows for a minion to be actively connected to multiple salt masters at the same
time. This allows for multiple masters to send out commands to minions and for minions to automatically
reconnect to masters that have gone down. A tutorial is available to help get started here:
Multi Master Tutorial
Prereq, the New Requisite
The new prereq requisite is very powerful! It allows for states to execute based on a state that is
expected to make changes in the future. This allows for a change on the system to be preempted by another
execution. A good example is needing to shut down a service before modifying files associated with it,
allowing, for instance, a webserver to be shut down allowing a load balancer to stop sending requests
while server side code is updated. In this case, the prereq will only run if changes are expected to
happen in the prerequired state, and the prerequired state will always run after the prereq state and
only if the prereq state succeeds.
Peer System Improvements
The peer system has been revamped to make it more reliable, faster, and like the rest of Salt, async. The
peer calls when an updated minion and master are used together will be much faster!
Relative Includes
The ability to include an sls relative to the defined sls has been added, the new syntax id documented
here:
Includes
More State Output Options
The state_output option in the past only supported full and terse, 0.16.0 add the mixed and changes modes
further refining how states are sent to users' eyes.
Improved Windows Support
Support for Salt on Windows continues to improve. Software management on Windows has become more seamless
with Linux/UNIX/BSD software management. Installed software is now recognized by the short names defined
in the repository SLS. This makes it possible to run salt '*' pkg.version firefox and get back results
from Windows and non-Windows minions alike.
When templating files on Windows, Salt will now correctly use Windows appropriate line endings. This
makes it much easier to edit and consume files on Windows.
When using the cmd state the shell option now allows for specifying Windows Powershell as an alternate
shell to execute cmd.run and cmd.script. This opens up Salt to all the power of Windows Powershell and
its advanced Windows management capabilities.
Several fixes and optimizations were added for the Windows networking modules, especially when working
with IPv6.
A system module was added that makes it easy to restart and shutdown Windows minions.
The Salt Minion will now look for its config file in c:\salt\conf by default. This means that it's no
longer necessary to specify the -c option to specify the location of the config file when starting the
Salt Minion on Windows in a terminal.
Multiple Targets for pkg.removed, pkg.purged States
Both pkg.removed and pkg.purged now support the pkgs argument, which allow for multiple packages to be
targeted in a single state. This, as in pkg.installed, helps speed up these states by reducing the number
of times that the package management tools (apt, yum, etc.) need to be run.
Random Times in Cron States
The temporal parameters in cron.present states (minute, hour, etc.) can now be randomized by using random
instead of a specific value. For example, by using the random keyword in the minute parameter of a cron
state, the same cron job can be pushed to hundreds or thousands of hosts, and they would each use a
randomly-generated minute. This can be helpful when the cron job accesses a network resource, and it is
not desirable for all hosts to run the job concurrently.
/path/to/cron/script:
cron.present:
- user: root
- minute: random
- hour: 2
Since Salt assumes a value of * for unspecified temporal parameters, adding a parameter to the state and
setting it to random will change that value from * to a randomized numeric value. However, if that field
in the cron entry on the minion already contains a numeric value, then using the random keyword will not
modify it.
Confirmation Prompt on Key Acceptance
When accepting new keys with salt-key -a minion-id or salt-key -A, there is now a prompt that will show
the affected keys and ask for confirmation before proceeding. This prompt can be bypassed using the -y or
--yes command line argument, as with other salt-key commands.
Support for Setting Password Hashes on BSD Minions
FreeBSD, NetBSD, and OpenBSD all now support setting passwords in user.present states.
Salt 0.16.1 Release Notes
release
2013-07-29
Salt 0.16.2 Release Notes
release
2013-08-01
Version 0.16.2 is a bugfix release for 0.16.0, and contains a number of fixes.
Windows
• Only allow Administrator's group and SYSTEM user access to C:\salt. This eliminates a race condition
where a non-admin user could modify a template or managed file before it is executed by the minion
(which is running as an elevated user), thus avoiding a potential escalation of privileges. (issue
6361)
Grains
• Fixed detection of virtual grain on OpenVZ hardware nodes
• Gracefully handle lsb_release data when it is enclosed in quotes
• LSB grains are now prefixed with lsb_distrib_ instead of simply lsb_. The old naming is not preserved,
so SLS may be affected.
• Improved grains detection on MacOS
Pillar
• Don't try to load git_pillar if not enabled in master config (issue 6052)
• Functions pillar.item and pillar.items added for parity with grains.item/grains.items. The old function
pillar.data is preserved for backwards compatibility.
• Fixed minion traceback when Pillar SLS is malformed (issue 5910)
Peer Publishing
• More gracefully handle improperly quoted publish commands (issue 5958)
• Fixed traceback when timeout specified via the CLI fo publish.publish, publish.full_data (issue 5959)
• Fixed unintended change in output of publish.publish (issue 5928)
Minion
• Fixed salt-key usage in minionswarm script
• Quieted warning about SALT_MINION_CONFIG environment variable on minion startup and for CLI commands
run via salt-call (issue 5956)
• Added minion config parameter random_reauth_delay to stagger re-auth attempts when the minion is
waiting for the master to approve its public key. This helps prevent SYN flooding in larger
environments.
User/Group Management
• Implement previously-ignored unique option for user.present states in FreeBSD
• Report in state output when a group.present state attempts to use a gid in use by another group
• Fixed regression that prevents a user.present state to set the password hash to the system default
(i.e. an unset password)
• Fixed multiple group.present states with the same group (issue 6439)
File Management
• Fixed file.mkdir setting incorrect permissions (issue 6033)
• Fixed cleanup of source files for templates when /tmp is in file_roots (issue 6118)
• Fixed caching of zero-byte files when a non-empty file was previously cached at the same path
• Added HTTP authentication support to the cp module (issue 5641)
• Diffs are now suppressed when binary files are changed
Package/Repository Management
• Fixed traceback when there is only one target for pkg.latest states
• Fixed regression in detection of virtual packages (apt)
• Limit number of pkg database refreshes to once per state.sls/state.highstate
• YUM: Allow 32-bit packages with arches other than i686 to be managed on 64-bit systems (issue 6299)
• Fixed incorrect reporting in pkgrepo.managed states (issue 5517)
• Fixed 32-bit binary package installs on 64-bit RHEL-based distros, and added proper support for 32-bit
packages on 64-bit Debian-based distros (issue 6303)
• Fixed issue where requisites were inadvertently being put into YUM repo files (issue 6471)
Service Management
• Fixed inaccurate reporting of results in service.running states when the service fails to start (issue
5894)
• Fixed handling of custom initscripts in RHEL-based distros so that they are immediately available,
negating the need for a second state run to manage the service that the initscript controls
Networking
• Function network.hwaddr renamed to network.hw_addr to match network.ip_addrs and network.ip_addrs6. All
three functions also now work without the underscore in the name, as well.
• Fixed traceback in bridge.show when interface is not present (issue 6326)
SSH
• Fixed incorrect result reporting for some ssh_known_hosts.present states
• Fixed inaccurate reporting when ssh_auth.present states are run with test=True, when rsa/dss is used
for the enc param instead of ssh-rsa/ssh-dss (issue 5374)
pip
• Properly handle -f lines in pip freeze output
• Fixed regression in pip.installed states with specifying a requirements file (issue 6003)
• Fixed use of editable argument in pip.installed states (issue 6025)
• Deprecated runas parameter in execution function calls, in favor of user
MySQL
• Allow specification of MySQL connection arguments via the CLI, overriding/bypassing minion config
params
• Allow mysql_user.present states to set a passwordless login (issue 5550)
• Fixed endless loop when mysql.processlist is run (issue 6297)
PostgreSQL
• Fixed traceback in postgres.user_list (issue 6352)
Miscellaneous
• Don't allow npm states to be used if npm module is not available
• Fixed alternatives.install states for which the target is a symlink (issue 6162)
• Fixed traceback in sysbench module (issue 6175)
• Fixed traceback in job cache
• Fixed tempfile cleanup for windows
• Fixed issue where SLS files using the pydsl renderer were not being run
• Fixed issue where returners were being passed incorrect information (issue 5518)
• Fixed traceback when numeric args are passed to cmd.script states
• Fixed bug causing cp.get_dir to return more directories than expected (issue 6048)
• Fixed traceback when supervisord.running states are run with test=True (issue 6053)
• Fixed tracebacks when Salt encounters problems running rbenv (issue 5888)
• Only make the monit module available if monit binary is present (issue 5871)
• Fixed incorrect behavior of img.mount_image
• Fixed traceback in tomcat.deploy_war in Windows
• Don't re-write /etc/fstab if mount fails
• Fixed tracebacks when Salt encounters problems running gem (issue 5886)
• Fixed incorrect behavior of selinux.boolean states (issue 5912)
• RabbitMQ: Quote passwords to avoid symbols being interpolated by the shell (issue 6338)
• Fixed tracebacks in extfs.mkfs and extfs.tune (issue 6462)
• Fixed a regression with the module.run state where the m_name and m_fun arguments were being ignored (‐
issue 6464)
Salt 0.16.3 Release Notes
release
2013-08-09
Version 0.16.3 is another bugfix release for 0.16.0. The changes include:
• Various documentation fixes
• Fix proc directory regression (issue 6502)
• Properly detect Linaro Linux (issue 6496)
• Fix regressions in mount.mounted (issue 6522, issue 6545)
• Skip malformed state requisites (issue 6521)
• Fix regression in gitfs from bad import
• Fix for watching prereq states (including recursive requisite error) (issue 6057)
• Fix mod_watch not overriding prereq (issue 6520)
• Don't allow functions which compile states to be called within states (issue 5623)
• Return error for malformed top.sls (issue 6544)
• Fix traceback in mysql.query
• Fix regression in binary package installation for 64-bit packages on Debian-based Linux distros (issue
6563)
• Fix traceback caused by running cp.push without having set file_recv in the master config file
• Fix scheduler configuration in pillar (issue 6201)
Salt 0.16.4 Release Notes
release
2013-09-07
Version 0.16.4 is another bugfix release for 0.16.0, likely to be the last before 0.17.0 is released.
The changes include:
• Multiple documentation improvements/additions
• Added the osfinger and osarch grains
• Properly handle 32-bit packages for debian32 on x86_64 (issue 6607)
• Fix regression in yum package installation in CentOS 5 (issue 6677)
• Fix bug in hg.latest state that would erroneously delete directories (issue 6661)
• Fix bug related to pid not existing for ps.top (issue 6679)
• Fix regression in MySQL returner (issue 6695)
• Fix IP addresses grains (ipv4 and ipv6) to include all addresses (issue 6656)
• Fix regression preventing authenticated FTP (issue 6733)
• Fix setting password for windows users (issue 6824)
• Fix file.contains on values YAML parses as non-string (issue 6817)
• Fix file.get_gid, file.get_uid, and file.chown for broken symlinks (issue 6826)
• Fix comment for service reloads in service state (issue 6851)
Salt 0.17.0 Release Notes
release
2013-09-26
The 0.17.0 release is a very exciting release of Salt, this brings to Salt some very powerful new
features and advances. The advances range from the state system to the test suite, covering new transport
capabilities and making states easier and more powerful, to extending Salt Virt and much more!
The 0.17.0 release will also be the last release of Salt to follow the old 0.XX.X numbering system, the
next release of Salt will change the numbering to be date based following this format:
<Year>.<Month>.<Minor>
So if the release happens in November of 2013 the number will be 13.11.0, the first bugfix release will
be 13.11.1 and so forth.
Major Features
Halite
The new Halite web GUI is now available on PyPI. A great deal of work has been put into Halite to make it
fully event driven and amazingly fast. The Halite UI can be started from within the Salt Master (after
being installed from PyPI), or standalone, and does not require an external database to run. It is very
lightweight!
This initial release of Halite is primarily the framework for the UI and the communication systems,
making it easy to extend and build the UI up. It presently supports watching the event bus and firing
commands over Salt.
At this time, Halite is not available as a package, but installation documentation is available at:
http://docs.saltstack.com/topics/tutorials/halite.html
Halite is, like the rest of Salt, Open Source!
Much more will be coming in the future of Halite!
Salt SSH
The new salt-ssh command has been added to Salt. This system allows for remote execution and states to be
run over ssh. The benefit here being, that salt can run relying only on the ssh agent, rather than
requiring a minion to be deployed.
The salt-ssh system runs states in a compatible way as Salt and states created and run with salt-ssh can
be moved over to a standard salt deployment without modification.
Since this is the initial release of salt-ssh, there is plenty of room for improvement, but it is fully
operational, not just a bootstrap tool.
Rosters
Salt is designed to have the minions be aware of the master and the master does not need to be aware of
the location of the minions. The new salt roster system was created and designed to facilitate listing
the targets for salt-ssh.
The roster system, like most of Salt, is a plugin system, allowing for the list of systems to target to
be derived from any pluggable backend. The rosters shipping with 0.17.0 are flat and scan. Flat is a file
which is read in via the salt render system and the scan roster does simple network scanning to discover
ssh servers.
State Auto Order
This is a major change in how states are evaluated in Salt. State Auto Order is a new feature that makes
states get evaluated and executed in the order in which they are defined in the sls file. This feature
makes it very easy to see the finite order in which things will be executed, making Salt now, fully
imperative AND fully declarative.
The requisite system still takes precedence over the order in which states are defined, so no existing
states should break with this change. But this new feature can be turned off by setting state_auto_order:
False in the master config, thus reverting to the old lexicographical order.
state.sls Runner
The state.sls runner has been created to allow for a more powerful system for orchestrating state runs
and function calls across the salt minions. This new system uses the state system for organizing
executions.
This allows for states to be defined that are executed on the master to call states on minions via
salt-run state.sls.
Salt Thin
Salt Thin is an exciting new component of Salt, this is the ability to execute Salt routines without any
transport mechanisms installed, it is a pure python subset of Salt.
Salt Thin does not have any networking capability, but can be dropped into any system with Python
installed and then salt-call can be called directly. The Salt Thin system, is used by the salt-ssh
command, but can still be used to just drop salt somewhere for easy use.
Event Namespacing
Events have been updated to be much more flexible. The tags in events have all been namespaced allowing
easier tracking of event names.
Mercurial Fileserver Backend
The popular git fileserver backend has been joined by the mercurial fileserver backend, allowing the
state tree to be managed entirely via mercurial.
External Logging Handlers
The external logging handler system allows for Salt to directly hook into any external logging system.
Currently supported are sentry and logstash.
Jenkins Testing
The testing systems in Salt have been greatly enhanced, tests for salt are now executed, via
jenkins.saltstack.com, across many supported platforms. Jenkins calls out to salt-cloud to create virtual
machines on Rackspace, then the minion on the virtual machine checks into the master running on Jenkins
where a state run is executed that sets up the minion to run tests and executes the test suite.
This now automates the sequence of running platform tests and allows for continuous destructive tests to
be run.
Salt Testing Project
The testing libraries for salt have been moved out of the main salt code base and into a standalone
codebase. This has been done to ease the use of the testing systems being used in salt based projects
other than Salt itself.
StormPath External Authentication
The external auth system now supports the fantastic Stormpath cloud based authentication system.
LXC Support
Extensive additions have been added to Salt for LXC support. This included the backend libs for managing
LXC containers. Addition into the salt-virt system is still in the works.
macOS User/Group Support
Salt is now able to manage users and groups on Minions running macOS. However, at this time user
passwords cannot be managed.
Django ORM External Pillar
Pillar data can now be derived from Django managed databases.
Fixes from RC to release
• Multiple documentation fixes
• Add multiple source files + templating for file.append (issue 6905)
• Support sysctl configuration files in systemd>=207 (issue 7351)
• Add file.search and file.replace
• Fix cross-calling execution functions in provider overrides
• Fix locale override for postgres (issue 4543)
• Fix Raspbian identification for service/pkg support (issue 7371)
• Fix cp.push file corruption (issue 6495)
• Fix ALT Linux password hash specification (issue 3474)
• Multiple salt-ssh-related fixes and improvements
Salt 0.17.1 Release Notes
release
2013-10-17
NOTE:
THIS RELEASE IS NOT COMPATIBLE WITH PREVIOUS VERSIONS. If you update your master to 0.17.1, you must
update your minions as well. Sorry for the inconvenience -- this is a result of one of the security
fixes listed below.
The 0.17.1 release comes with a number of improvements to salt-ssh, many bugfixes, and a number of
security updates.
Salt SSH has been improved to be faster, more featureful and more secure. Since the original release of
Salt SSH was primarily a proof of concept, it has been very exciting to see its rapid adoption. We
appreciate the willingness of security experts to review Salt SSH and help discover oversights and ensure
that security issues only exist for such a tiny window of time.
SSH Enhancements
Shell Improvements
Improvements to Salt SSH's communication have been added that improve routine execution regardless of the
target system's login shell.
Performance
Deployment of routines is now faster and takes fewer commands to execute.
Security Updates
Be advised that these security issues all apply to a small subset of Salt users and mostly apply to Salt
SSH.
Insufficient Argument Validation
This issue allowed for a user with limited privileges to embed executions inside of routines to execute
routines that should be restricted. This applies to users using external auth or client ACL and opening
up specific routines.
Be advised that these patches address the direct issue. Additional commits have been applied to help
mitigate this issue from resurfacing.
CVE
CVE-2013-4435
Affected Versions
0.15.0 - 0.17.0
Patches
https://github.com/saltstack/salt/commit/6d8ef68b605fd63c36bb8ed96122a75ad2e80269
https://github.com/saltstack/salt/commit/ebdef37b7e5d2b95a01d34b211c61c61da67e46a
https://github.com/saltstack/salt/commit/7f190ff890e47cdd591d9d7cefa5126574660824
https://github.com/saltstack/salt/commit/8e5afe59cef6743fe5dbd510dcf463dbdfca1ced
https://github.com/saltstack/salt/commit/aca78f314481082862e96d4f0c1b75fa382bb885
https://github.com/saltstack/salt/commit/6a9752cdb1e8df2c9505ea910434c79d132eb1e2
https://github.com/saltstack/salt/commit/b73677435ba54ecfc93c1c2d840a7f9ba6f53410
https://github.com/saltstack/salt/commit/07972eb0a6f985749a55d8d4a2e471596591c80d
https://github.com/saltstack/salt/commit/1e3f197726aa13ac5c3f2416000089f477f489b5
Found By
Feth Arezki, of Majerti
MITM SSH attack in salt-ssh
SSH host keys were being accepted by default and not enforced on future SSH connections. These patches
set SSH host key checking by default and can be overridden by passing the -i flag to salt-ssh.
CVE
CVE-2013-4436
Affected Versions
0.17.0
Found By
Michael Scherer, Red Hat
Insecure Usage of /tmp in salt-ssh
The initial release of salt-ssh used the /tmp directory in an insecure way. These patches not only
secure usage of files under /tmp in salt-ssh, but also add checksum validation for all packages sent into
the now secure locations on target systems.
CVE
CVE-2013-4438
Affected Versions
0.17.0
Patches
https://github.com/saltstack/salt/commit/aa4bb77ef230758cad84381dde0ec660d2dc340a
https://github.com/saltstack/salt/commit/8f92b6b2cb2e4ec3af8783eb6bf4ff06f5a352cf
https://github.com/saltstack/salt/commit/c58e56811d5a50c908df0597a0ba0b643b45ebfd
https://github.com/saltstack/salt/commit/0359db9b46e47614cff35a66ea6a6a76846885d2
https://github.com/saltstack/salt/commit/4348392860e0fd43701c331ac3e681cf1a8c17b0
https://github.com/saltstack/salt/commit/664d1a1cac05602fad2693f6f97092d98a72bf61
https://github.com/saltstack/salt/commit/bab92775a576e28ff9db262f32db9cf2375bba87
https://github.com/saltstack/salt/commit/c6d34f1acf64900a3c87a2d37618ff414e5a704e
Found By
Michael Scherer, Red Hat
YAML Calling Unsafe Loading Routine
It has been argued that this is not a valid security issue, as the YAML loading that was happening was
only being called after an initial gateway filter in Salt has already safely loaded the YAML and would
fail if non-safe routines were embedded. Nonetheless, the CVE was filed and patches applied.
CVE
CVE-2013-4438
Patches
https://github.com/saltstack/salt/commit/339b0a51befae6b6b218ebcb55daa9cd3329a1c5
Found By
Michael Scherer, Red Hat
Failure to Drop Supplementary Group on Salt Master
If a salt master was started as a non-root user by the root user, root's groups would still be applied to
the running process. This fix changes the process to have only the groups of the running user.
CVE
CVE not considered necessary by submitter.
Affected Versions
0.11.0 - 0.17.0
Patches
https://github.com/saltstack/salt/commit/b89fa9135822d029795ab1eecd68cce2d1ced715
Found By
Michael Scherer, Red Hat
Failure to Validate Minions Posting Data
This issue allowed a minion to pose as another authorized minion when posting data such as the mine data.
All minions now pass through the id challenge before posting such data.
CVE
CVE-2013-4439
Affected Versions
0.15.0 - 0.17.0
Patches
https://github.com/saltstack/salt/commit/7b850ff3d07ef6782888914ac4556c01e8a1c482
https://github.com/saltstack/salt/commit/151759b2a1e1c6ce29277aa81b054219147f80fd
Found By
David Anderson
Fix Reference
Version 0.17.1 is the first bugfix release for 0.17.0. The changes include:
• Fix symbolic links in thin.tgz (issue 7482)
• Pass env through to file.patch state (issue 7452)
• Service provider fixes and reporting improvements (issue 7361)
• Add --priv option for specifying salt-ssh private key
• Fix salt-thin's salt-call on setuptools installations (issue 7516)
• Fix salt-ssh to support passwords with spaces (issue 7480)
• Fix regression in wildcard includes (issue 7455)
• Fix salt-call outputter regression (issue 7456)
• Fix custom returner support for startup states (issue 7540)
• Fix value handling in augeas (issue 7605)
• Fix regression in apt (issue 7624)
• Fix minion ID guessing to use socket.getfqdn() first (issue 7558)
• Add minion ID caching (issue 7558)
• Fix salt-key race condition (issue 7304)
• Add --include-all flag to salt-key (issue 7399)
• Fix custom grains in pillar (part of issue 5716, issue 6083)
• Fix race condition in salt-key (issue 7304)
• Fix regression in minion ID guessing, prioritize socket.getfqdn() (issue 7558)
• Cache minion ID on first guess (issue 7558)
• Allow trailing slash in file.directory state
• Fix reporting of file_roots in pillar return (issue 5449 and issue 5951)
• Remove pillar matching for mine.get (issue 7197)
• Sanitize args for multiple execution modules
• Fix yumpkg mod_repo functions to filter hidden args (issue 7656)
• Fix conflicting IDs in state includes (issue 7526)
• Fix mysql_grants.absent string formatting issue (issue 7827)
• Fix postgres.version so it won't return None (issue 7695)
• Fix for trailing slashes in mount.mounted state
• Fix rogue AttributErrors in the outputter system (issue 7845)
• Fix for incorrect ssh key encodings resulting in incorrect key added (issue 7718)
• Fix for pillar/grains naming regression in python renderer (issue 7693)
• Fix args/kwargs handling in the scheduler (issue 7422)
• Fix logfile handling for file://, tcp://, and udp:// (issue 7754)
• Fix error handling in config file parsing (issue 6714)
• Fix RVM using sudo when running as non-root user (issue 2193)
• Fix client ACL and underlying logging bugs (issue 7706)
• Fix scheduler bug with returner (issue 7367)
• Fix user management bug related to default groups (issue 7690)
• Fix various salt-ssh bugs (issue 7528)
• Many various documentation fixes
Salt 0.17.2 Release Notes
release
2013-11-14
Version 0.17.2 is another bugfix release for 0.17.0. The changes include:
• Add ability to delete key with grains.delval (issue 7872)
• Fix possible state compiler stack trace (issue 5767)
• Fix architecture regression in yumpkg (issue 7813)
• Use correct ps on Debian to prevent truncating (issue 5646)
• Fix grains targeting for new grains (issue 5737)
• Fix bug with merging in git_pillar (issue 6992)
• Fix print_jobs duplicate results
• Fix apt version specification for pkg.install
• Fix possible KeyError from ext_job_cache missing option
• Fix auto_order for - names states (issue 7649)
• Fix regression in new gitfs installs (directory not found error)
• Fix escape pipe issue on Windows for file.recurse (issue 7967)
• Fix fileclient in case of master restart (issue 7987)
• Try to output warning if CLI command malformed (issue 6538)
• Fix --out=quiet to actually be quiet (issue 8000)
• Fix for state.sls in salt-ssh (issue 7991)
• Fix for MySQL grants ordering issue (issue 5817)
• Fix traceback for certain missing CLI args (issue 8016)
• Add ability to disable lspci queries on master (issue 4906)
• Fail if sls defined in topfile does not exist (issue 5998)
• Add ability to downgrade MySQL grants (issue 6606)
• Fix ssh_auth.absent traceback (issue 8043)
• Add upstart detection for Debian/Raspbian (issue 8039)
• Fix ID-related issues (issue 8052, issue 8050, and others)
• Fix for jinja rendering issues (issue 8066 and issue 8079)
• Fix argument parsing in salt-ssh (issue 7928)
• Fix some GPU detection instances (issue 6945)
• Fix bug preventing includes from other environments in SLS files
• Fix for kwargs with dashes (issue 8102)
• Fix salt.utils.which for windows '.exe' (issue 7904)
• Fix apache.adduser without apachectl (issue 8123)
• Fix issue with evaluating test kwarg in states (issue 7788)
• Fix regression in salt.client.Caller() (issue 8078)
• Fix apt-key silent failure
• Fix bug where cmd.script would try to run even if caching failed (issue 7601)
• Fix apt pkg.latest regression (issue 8067)
• Fix for mine data not being updated (issue 8144)
• Fix for noarch packages in yum
• Fix a Xen detection edge case (issue 7839)
• Fix windows __opts__ dictionary persistence (issue 7714)
• Fix version generation for when it's part of another git repo (issue 8090)
• Fix _handle_iorder stacktrace so that the real syntax error is shown (issue 8114 and issue 7905)
• Fix git.latest state when a commit SHA is used (issue 8163)
• Fix various small bugs in yumpkg.py (issue 8201)
• Fix for specifying identify file in git.latest (issue 8094)
• Fix for --output-file CLI arg (issue 8205)
• Add ability to specify shutdown time for system.shutdown (issue 7833)
• Fix for salt version using non-salt git repo info (issue 8266)
• Add additional hints at impact of pkgrepo states when test=True (issue 8247)
• Fix for salt-ssh files not being owned by root (issue 8216)
• Fix retry logic and error handling in fileserver (related to issue 7755)
• Fix file.replace with test=True (issue 8279)
• Add flag for limiting file traversal in fileserver (issue 6928)
• Fix for extra mine processes (issue 5729)
• Fix for unloading custom modules (issue 7691)
• Fix for salt-ssh opts (issue 8005 and issue 8271)
• Fix compound matcher for grains (issue 7944)
• Improve error reporting in ebuild module (related to issue 5393)
• Add dir_mode to file.managed (issue 7860)
• Improve traceroute support for FreeBSD and macOS (issue 4927)
• Fix for matching minions under syndics (issue 7671)
• Improve exception handling for missing ID (issue 8259)
• Fix grain mismatch for ScientificLinux (issue 8338)
• Add configuration option for minion_id_caching
• Fix open mode auth errors (issue 8402)
Salt 0.17.3 Release Notes
release
2013-12-08
NOTE:
0.17.3 had some regressions which were promptly fixed in the 0.17.4 release. Please use 0.17.4
instead.
Version 0.17.3 is another bugfix release for 0.17.0. The changes include:
• Fix some jinja render errors (issue 8418)
• Fix file.replace state changing file ownership (issue 8399)
• Fix state ordering with the PyDSL renderer (issue 8446)
• Fix for new npm version (issue 8517)
• Fix for pip state requiring name even with requirements file (issue 8519)
• Fix yum logging to open terminals (issue 3855)
• Add sane maxrunning defaults for scheduler (issue 8563)
• Fix states duplicate key detection (issue 8053)
• Fix SUSE patch level reporting (issue 8428)
• Fix managed file creation umask (issue 8590)
• Fix logstash exception (issue 8635)
• Improve argument exception handling for salt command (issue 8016)
• Fix pecl success reporting (issue 8750)
• Fix launchctl module exceptions (issue 8759)
• Fix argument order in pw_user module
• Add warnings for failing grains (issue 8690)
• Fix hgfs problems caused by connections left open (issue 8811 and issue 8810)
• Add Debian iptables default for iptables-persistent package (issue 8889)
• Fix installation of packages with dots in pkg name (issue 8614)
• Fix noarch package installation on CentOS 6 (issue 8945)
• Fix portage_config.enforce_nice_config (issue 8252)
• Fix salt.util.copyfile umask usage (issue 8590)
• Fix rescheduling of failed jobs (issue 8941)
• Fix pkg on Amazon Linux (uses yumpkg5 now) (issue 8226)
• Fix conflicting options in postgres module (issue 8717)
• Fix ps modules for psutil >= 0.3.0 (issue 7432)
• Fix postgres module to return False on failure (issue 8778)
• Fix argument passing for args with pound signs (issue 8585)
• Fix pid of salt CLi command showing in status.pid output (issue 8720)
• Fix rvm to run gem as the correct user (issue 8951)
• Fix namespace issue in win_file module (issue 9060)
• Fix masterless state paths on windows (issue 9021)
• Fix timeout option in master config (issue 9040)
Salt 0.17.4 Release Notes
release
2013-12-10
Version 0.17.4 is another bugfix release for 0.17.0. The changes include:
• Fix file.replace bug when replacement str is numeric (issue 9101)
• Fix regression in file.managed (issue 9131)
• Prevent traceback when job is None. (issue 9145)
Salt 0.17.5 Release Notes
release
2014-01-27
Version 0.17.5 is another bugfix release for 0.17.0. The changes include:
• Fix user.present states with non-string fullname (issue 9085)
• Fix virt.init return value on failure (issue 6870)
• Fix reporting of file.blockreplace state when test=True
• Fix network.interfaces when used in cron (issue 7990)
• Fix bug in pkgrepo when switching to/from mirrorlist-based repo def (issue 9121)
• Fix infinite recursion when cache file is corrupted
• Add checking for rev and mirror/bare args in git.latest (issue 9107)
• Add cmd.watch alias (points to cmd.wait) (issue 8612)
• Fix stacktrace when prereq is not formed as a list (issue 8235)
• Fix stdin issue with lvdisplay command (issue 9128)
• Add pre-check function for range matcher (issue 9236)
• Add exception handling for psutil for processes that go missing (issue 9274)
• Allow _in requisites to match both on ID and name (issue 9061)
• Fix multiple client timeout issues (issue 7157 and issue 9302, probably others)
• Fix ZMQError: Operation cannot be accomplished in current state errors (issue 6306)
• Multiple optimization in minion auth routines
• Clarify logs for minion ID caching
Salt 0.6.0 release notes
The Salt remote execution manager has reached initial functionality! Salt is a management application
which can be used to execute commands on remote sets of servers.
The whole idea behind Salt is to create a system where a group of servers can be remotely controlled from
a single master, not only can commands be executed on remote systems, but salt can also be used to gather
information about your server environment.
Unlike similar systems, like Func and MCollective, Salt is extremely simple to setup and use, the entire
application is contained in a single package, and the master and minion daemons require no running
dependencies in the way that Func requires Certmaster and MCollective requires activeMQ.
Salt also manages authentication and encryption. Rather than using SSL for encryption, salt manages
encryption on a payload level, so the data sent across the network is encrypted with fast AES encryption,
and authentication uses RSA keys. This means that Salt is fast, secure, and very efficient.
Messaging in Salt is executed with ZeroMQ, so the message passing interface is built into salt and does
not require an external ZeroMQ server. This also adds speed to Salt since there is no additional bloat on
the networking layer, and ZeroMQ has already proven itself as a very fast networking system.
The remote execution in Salt is "Lazy Execution", in that once the command is sent the requesting network
connection is closed. This makes it easier to detach the execution from the calling process on the
master, it also means that replies are cached, so that information gathered from historic commands can be
queried in the future.
Salt also allows users to make execution modules in Python. Writers of these modules should also be
pleased to know that they have access to the impressive information gathered from PuppetLabs' Facter
application, making Salt module more flexible. In the future I hope to also allow Salt to group servers
based on Facter information as well.
All in all Salt is fast, efficient, and clean, can be used from a simple command line client or through
an API, uses message queue technology to make network execution extremely fast, and encryption is handled
in a very fast and efficient manner. Salt is also VERY easy to use and VERY easy to extend.
You can find the source code for Salt on my GitHub page, I have also set up a few wiki pages explaining
how to use and set up Salt. If you are using Arch Linux there is a package available in the Arch Linux
AUR.
Salt 0.6.0 Source: https://cloud.github.com/downloads/saltstack/salt/salt-0.6.0.tar.gz
GitHub page: https://github.com/saltstack/salt
Wiki: https://github.com/saltstack/salt/wiki
Arch Linux Package: https://aur.archlinux.org/packages/salt-git/
I am very open to contributions, for instance I need packages for more Linux distributions as well as BSD
packages and testers.
Give Salt a try, this is the initial release and is not a 1.0 quality release, but it has been working
well for me! I am eager to get your feedback!
Salt 0.7.0 release notes
I am pleased to announce the release of Salt 0.7.0!
This release marks what is the first stable release of salt, 0.7.0 should be suitable for general use.
0.7.0 Brings the following new features to Salt:
• Integration with Facter data from puppet labs
• Allow for matching minions from the salt client via Facter information
• Minion job threading, many jobs can be executed from the master at once
• Preview of master clustering support - Still experimental
• Introduce new minion modules for stats, virtualization, service management and more
• Add extensive logging to the master and minion daemons
• Add sys.reload_functions for dynamic function reloading
• Greatly improve authentication
• Introduce the saltkey command for managing public keys
• Begin backend development preparatory to introducing butter
• Addition of man pages for the core commands
• Extended and cleaned configuration
0.7.0 Fixes the following major bugs:
• Fix crash in minions when matching failed
• Fix configuration file lookups for the local client
• Repair communication bugs in encryption
• Numerous fixes in the minion modules
The next release of Salt should see the following features:
• Stabilize the cluster support
• Introduce a remote client for salt command tiers
• salt-ftp system for distributed file copies
• Initial support for "butter"
Coming up next is a higher level management framework for salt called Butter. I want salt to stay as a
simple and effective communication framework, and allow for more complicated executions to be managed via
Butter.
Right now Butter is being developed to act as a cloud controller using salt as the communication layer,
but features like system monitoring and advanced configuration control (a puppet manager) are also in the
pipe.
Special thanks to Joseph Hall for the status and network modules, and thanks to Matthias Teege for
tracking down some configuration bugs!
Salt can be downloaded from the following locations;
Source Tarball:
https://cloud.github.com/downloads/saltstack/salt/salt-0.7.0.tar.gz
Arch Linux Package:
https://aur.archlinux.org/packages/salt-git/
Please enjoy the latest Salt release!
Salt 0.8.0 release notes
Salt 0.8.0 is ready for general consumption! The source tarball is available on GitHub for download:
https://cloud.github.com/downloads/saltstack/salt/salt-0.8.0.tar.gz
A lot of work has gone into salt since the last release just 2 weeks ago, and salt has improved a great
deal. A swath of new features are here along with performance and threading improvements!
The main new features of salt 0.8.0 are:
Salt-cp
Cython minion modules
Dynamic returners
Faster return handling
Lowered required Python version to 2.6
Advanced minion threading
Configurable minion modules
Salt-cp
The salt-cp command introduces the ability to copy simple files via salt to targeted servers. Using
salt-cp is very simple, just call salt-cp with a target specification, the source file(s) and where to
copy the files on the minions. For instance:
# salt-cp ‘*’ /etc/hosts /etc/hosts
Will copy the local /etc/hosts file to all of the minions.
Salt-cp is very young, in the future more advanced features will be added, and the functionality will
much more closely resemble the cp command.
Cython minion modules
Cython is an amazing tool used to compile Python modules down to c. This is arguably the fastest way to
run Python code, and since pyzmq requires cython, adding support to salt for cython adds no new
dependencies.
Cython minion modules allow minion modules to be written in cython and therefore executed in compiled c.
Simply write the salt module in cython and use the file extension “.pyx” and the minion module will be
compiled when the minion is started. An example cython module is included in the main distribution called
cytest.pyx:
https://github.com/saltstack/salt/blob/develop/salt/modules/cytest.pyx
Dynamic Returners
By default salt returns command data back to the salt master, but now salt can return command data to any
system. This is enabled via the new returners modules feature for salt. The returners modules take the
return data and sends it to a specific module. The returner modules work like minion modules, so any
returner can be added to the minions.
This means that a custom data returner can be added to communicate the return data so anything from
MySQL, Redis, MongoDB, and more!
There are 2 simple stock returners in the returners directory:
https://github.com/saltstack/salt/blob/develop/salt/returners
The documentation on writing returners will be added to the wiki shortly, and returners can be written in
pure Python, or in cython.
Configurable Minion Modules
Minion modules may need to be configured, now the options passed to the minion configuration file can be
accessed inside of the minion modules via the __opt__ dict.
Information on how to use this simple addition has been added to the wiki: Writing modules
The test module has an example of using the __opts__ dict, and how to set default options:
https://github.com/saltstack/salt/blob/develop/salt/modules/test.py
Advanced Minion Threading
In 0.7.0 the minion would block after receiving a command from the master, now the minion will spawn a
thread or multiprocess. By default Python threads are used because for general use they have proved to be
faster, but the minion can now be configured to use the Python multiprocessing module instead. Using
multiprocessing will cause executions that are CPU bound or would otherwise exploit the negative aspects
of the Python GIL to run faster and more reliably, but simple calls will still be faster with Python
threading. The configuration option can be found in the minion configuration file:
https://github.com/saltstack/salt/blob/develop/conf/minion
Lowered Supported Python to 2.6
The requirement for Python 2.7 has been removed to support Python 2.6. I have received requests to take
the minimum Python version back to 2.4, but unfortunately this will not be possible, since the ZeroMQ
Python bindings do not support Python 2.4.
Salt 0.8.0 is a very major update, it also changes the network protocol slightly which makes
communication with older salt daemons impossible, your master and minions need to be upgraded together!
I could use some help bringing salt to the people! Right now I only have packages for Arch Linux, Fedora
14 and Gentoo. We need packages for Debian and people willing to help test on more platforms. We also
need help writing more minion modules and returner modules. If you want to contribute to salt please hop
on the mailing list and send in patches, make a fork on GitHub and send in pull requests! If you want to
help but are not sure where you can, please email me directly or post tot he mailing list!
I hope you enjoy salt, while it is not yet 1.0 salt is completely viable and usable!
-Thomas S. Hatch
Salt 0.8.7 release notes
It has been a month since salt 0.8.0, and it has been a long month! But Salt is still coming along
strong. 0.8.7 has a lot of changes and a lot of updates. This update makes Salt’s ZeroMQ back end
better, strips Facter from the dependencies, and introduces interfaces to handle more capabilities.
Many of the major updates are in the background, but the changes should shine through to the surface. A
number of the new features are still a little thin, but the back end to support expansion is in place.
I also recently gave a presentation to the Utah Python users group in Salt Lake City, the slides from
this presentation are available here: https://cloud.github.com/downloads/saltstack/salt/Salt.pdf
The video from this presentation will be available shortly.
The major new features and changes in Salt 0.8.7 are:
• Revamp ZeroMQ topology on the master for better scalability
• State enforcement
• Dynamic state enforcement managers
• Extract the module loader into salt.loader
• Make Job ids more granular
• Replace Facter functionality with the new salt grains interface
• Support for “virtual” salt modules
• Introduce the salt-call command
• Better debugging for minion modules
The new ZeroMQ topology allows for better scalability, this will be required by the need to execute
massive file transfers to multiple machines in parallel and state management. The new ZeroMQ topology is
available in the aforementioned presentation.
0.8.7 introduces the capability to declare states, this is similar to the capabilities of Puppet. States
in salt are declared via state data structures. This system is very young, but the core feature set is
available. Salt states work around rendering files which represent Salt high data. More on the Salt state
system will be documented in the near future.
The system for loading salt modules has been pulled out of the minion class to be a standalone module,
this has enabled more dynamic loading of Salt modules and enables many of the updates in 0.8.7 –
https://github.com/saltstack/salt/blob/develop/salt/loader.py
Salt Job ids are now microsecond precise, this was needed to repair a race condition unveiled by the
speed improvements in the new ZeroMQ topology.
The new grains interface replaces the functionality of Facter, the idea behind grains differs from Facter
in that the grains are only used for static system data, dynamic data needs to be derived from a call to
a salt module. This makes grains much faster to use, since the grains data is generated when the minion
starts.
Virtual salt modules allows for a salt module to be presented as something other than its module name.
The idea here is that based on information from the minion decisions about which module should be
presented can be made. The best example is the pacman module. The pacman module will only load on Arch
Linux minions, and will be called pkg. Similarly the yum module will be presented as pkg when the minion
starts on a Fedora/RedHat system.
The new salt-call command allows for minion modules to be executed from the minion. This means that on
the minion a salt module can be executed, this is a great tool for testing Salt modules. The salt-call
command can also be used to view the grains data.
In previous releases when a minion module threw an exception very little data was returned to the master.
Now the stack trace from the failure is returned making debugging of minion modules MUCH easier.
Salt is nearing the goal of 1.0, where the core feature set and capability is complete!
Salt 0.8.7 can be downloaded from GitHub here:
https://cloud.github.com/downloads/saltstack/salt/salt-0.8.7.tar.gz
-Thomas S Hatch
Salt 0.8.8 release notes
Salt 0.8.8 is here! This release adds a great deal of code and some serious new features. The latest
release can be downloaded here: https://cloud.github.com/downloads/saltstack/salt/salt-0.8.8.tar.gz
Improved Documentation has been set up for salt using sphinx thanks to the efforts of Seth House. This
new documentation system will act as the back end to the salt website which is still under heavy
development. The new sphinx documentation system has also been used to greatly clean up the salt
manpages. The salt 7 manpage in particular now contains extensive information which was previously only
in the wiki. The new documentation can be found at: http://docs.saltstack.com/ We still have a lot to
add, and when the domain is set up I will post another announcement.
More additions have been made to the ZeroMQ setup, particularly in the realm of file transfers. Salt
0.8.8 introduces a built in, stateless, encrypted file server which allows salt minions to download files
from the salt master using the same encryption system used for all other salt communications. The main
motivation for the salt file server has been to facilitate the new salt state system.
Much of the salt code has been cleaned up and a new cleaner logging system has been introduced thanks to
the efforts of Pedro Algarvio. These additions will allow for much more flexible logging to be executed
by salt, and fixed a great deal of my poor spelling in the salt docstrings! Pedro Algarvio has also
cleaned up the API, making it easier to embed salt into another application.
The biggest addition to salt found in 0.8.8 is the new state system. The salt module system has received
a new front end which allows salt to be used as a configuration management system. The configuration
management system allows for system configuration to be defined in data structures. The configuration
management system, or as it is called in salt, the “salt state system” supports many of the features
found in other configuration managers, but allows for system states to be written in a far simpler
format, executes at blazing speeds, and operates via the salt minion matching system. The state system
also operates within the normal scope of salt, and requires no additional configuration to use.
The salt state system can enforce the following states with many more to come: Packages Files Services
Executing commands Hosts
The system used to define the salt states is based on a data structure, the data structure used to define
the salt states has been made to be as easy to use as possible. The data structure is defined by default
using a YAML file rendered via a Jinja template. This means that the state definition language supports
all of the data structures that YAML supports, and all of the programming constructs and logic that Jinja
supports. If the user does not like YAML or Jinja the states can be defined in yaml-mako, json-jinja, or
json-mako. The system used to render the states is completely dynamic, and any rendering system can be
added to the capabilities of Salt, this means that a rendering system that renders XML data in a cheetah
template, or whatever you can imagine, can be easily added to the capabilities of salt.
The salt state system also supports isolated environments, as well as matching code from several
environments to a single salt minion.
The feature base for Salt has grown quite a bit since my last serious documentation push. As we approach
0.9.0 the goals are becoming very clear, and the documentation needs a lot of work. The main goals for
0.9.0 are to further refine the state system, fix any bugs we find, get Salt running on as many platforms
as we can, and get the documentation filled out. There is a lot more to come as Salt moves forward to
encapsulate a much larger scope, while maintaining supreme usability and simplicity.
If you would like a more complete overview of Salt please watch the Salt presentation: Slides:
https://cloud.github.com/downloads/saltstack/salt/Salt.pdf
-Thomas S Hatch
Salt 0.8.9 Release Notes
Salt 0.8.9 has finally arrived! Unfortunately this is much later than I had hoped to release 0.8.9, life
has been very crazy over the last month. But despite challenges, Salt has moved forward!
This release, as expected, adds few new features and many refinements. One of the most exciting aspect of
this release is that the development community for salt has grown a great deal and much of the code is
from contributors.
Also, I have filled out the documentation a great deal. So information on States is properly documented,
and much of the documentation that was out of date has been filled in.
Download!
The Salt source can be downloaded from the salt GitHub site:
https://cloud.github.com/downloads/saltstack/salt/salt-0.8.9.tar.gz
Or from PyPI:
https://pypi.python.org/packages/source/s/salt/salt-0.8.9.tar.gz
Here s the md5sum:
7d5aca4633bc22f59045f59e82f43b56
For instructions on how to set up Salt please see the installation instructions.
New Features
Salt Run
A big feature is the addition of Salt run, the salt-run command allows for master side execution modules
to be made that gather specific information or execute custom routines from the master.
Documentation for salt-run can be found here
Refined Outputters
One problem often complained about in salt was the fact that the output was so messy. Thanks to help from
Jeff Schroeder a cleaner interface for the command output for the Salt CLI has been made. This new
interface makes adding new printout formats easy and additions to the capabilities of minion modules
makes it possible to set the printout mode or outputter for functions in minion modules.
Cross Calling Salt Modules
Salt modules can now call each other, the __salt__ dict has been added to the predefined references in
minion modules. This new feature is documented in the modules documentation.
Watch Option Added to Salt State System
Now in Salt states you can set the watch option, this will allow watch enabled states to change based on
a change in the other defined states. This is similar to subscribe and notify statements in puppet.
Root Dir Option
Travis Cline has added the ability to define the option root_dir which allows the salt minion to operate
in a subdir. This is a strong move in supporting the minion running as an unprivileged user
Config Files Defined in Variables
Thanks again to Travis Cline, the master and minion configuration file locations can be defined in
environment variables now.
New Modules
Quite a few new modules, states, returners, and runners have been made.
New Minion Modules
apt
Support for apt-get has been added, this adds greatly improved Debian and Ubuntu support to Salt!
useradd and groupadd
Support for manipulating users and groups on Unix-like systems.
moosefs
Initial support for reporting on aspects of the distributed file system, MooseFS. For more information on
MooseFS please see: http://www.moosefs.org
Thanks to Joseph Hall for his work on MooseFS support.
mount
Manage mounts and the fstab.
puppet
Execute puppet on remote systems.
shadow
Manipulate and manage the user password file.
ssh
Interact with ssh keys.
New States
user and group
Support for managing users and groups in Salt States.
mount
Enforce mounts and the fstab.
New Returners
mongo_return
Send the return information to a MongoDB server.
New Runners
manage
Display minions that are up or down.
Salt 0.9.0 Release Notes
release
2011-08-27
Salt 0.9.0 is here. This is an exciting release, 0.9.0 includes the new network topology features
allowing peer salt commands and masters of masters via the syndic interface.
0.9.0 also introduces many more modules, improvements to the API and improvements to the ZeroMQ systems.
Download!
The Salt source can be downloaded from the salt GitHub site:
https://cloud.github.com/downloads/saltstack/salt/salt-0.9.0.tar.gz
Or from PyPI:
https://pypi.python.org/packages/source/s/salt/salt-0.9.0.tar.gz
Here is the md5sum:
9a925da04981e65a0f237f2e77ddab37
For instructions on how to set up Salt please see the installation instructions.
New Features
Salt Syndic
The new Syndic interface allows a master to be commanded via another higher level salt master. This is a
powerful solution allowing a master control structure to exist, allowing salt to scale to much larger
levels then before.
Peer Communication
0.9.0 introduces the capability for a minion to call a publication on the master and receive the return
from another set of minions. This allows salt to act as a communication channel between minions and as a
general infrastructure message bus.
Peer communication is turned off by default but can be enabled via the peer option in the master
configuration file. Documentation on the new Peer interface.
Easily Extensible API
The minion and master classes have been redesigned to allow for specialized minion and master servers to
be easily created. An example on how this is done for the master can be found in the master.py salt
module:
https://github.com/saltstack/salt/blob/develop/salt/master.py
The Master class extends the SMaster class and set up the main master server.
The minion functions can now also be easily added to another application via the SMinion class, this
class can be found in the minion.py module:
https://github.com/saltstack/salt/blob/develop/salt/minion.py
Cleaner Key Management
This release changes some of the key naming to allow for multiple master keys to be held based on the
type of minion gathering the master key.
The -d option has also been added to the salt-key command allowing for easy removal of accepted public
keys.
The --gen-keys option is now available as well for salt-key, this allows for a salt specific RSA key pair
to be easily generated from the command line.
Improved 0MQ Master Workers
The 0MQ worker system has been further refined to be faster and more robust. This new system has been
able to handle a much larger load than the previous setup. The new system uses the IPC protocol in 0MQ
instead of TCP.
New Modules
Quite a few new modules have been made.
New Minion Modules
apache
Work directly with apache servers, great for managing balanced web servers
cron
Read out the contents of a systems crontabs
mdadm
Module to manage raid devices in Linux, appears as the raid module
mysql
Gather simple data from MySQL databases
ps
Extensive utilities for managing processes
publish
Used by the peer interface to allow minions to make publications
Salt 0.9.1 Release Notes
release
2011-08-29
Salt 0.9.2 Release Notes
release
2011-09-17
Salt 0.9.2 has arrived! 0.9.2 is primarily a bugfix release, the exciting component in 0.9.2 is greatly
improved support for salt states. All of the salt states interfaces have been more thoroughly tested and
the new salt-states git repo is growing with example of how to use states.
This release introduces salt states for early developers and testers to start helping us clean up the
states interface and make it ready for the world!
0.9.2 also fixes a number of bugs found on Python 2.6.
Download!
The Salt source can be downloaded from the salt GitHub site:
https://cloud.github.com/downloads/saltstack/salt/salt-0.9.2.tar.gz
Or from PyPI:
https://pypi.python.org/packages/source/s/salt/salt-0.9.2.tar.gz
For instructions on how to set up Salt please see the installation instructions.
New Features
Salt-Call Additions
The salt-call command has received an overhaul, it now hooks into the outputter system so command output
looks clean, and the logging system has been hooked into salt-call, so the -l option allows the logging
output from salt minion functions to be displayed.
The end result is that the salt-call command can execute the state system and return clean output:
# salt-call state.highstate
State System Fixes
The state system has been tested and better refined. As of this release the state system is ready for
early testers to start playing with. If you are interested in working with the state system please check
out the (still very small) salt-states GitHub repo:
https://github.com/saltstack/salt-states
This git repo is the active development branch for determining how a clean salt-state database should
look and act. Since the salt state system is still very young a lot of help is still needed here. Please
fork the salt-states repo and help us develop a truly large and scalable system for configuration
management!
Notable Bug Fixes
Python 2.6 String Formatting
Python 2.6 does not support format strings without an index identifier, all of them have been repaired.
Cython Loading Disabled by Default
Cython loading requires a development tool chain to be installed on the minion, requiring this by default
can cause problems for most Salt deployments. If Cython auto loading is desired it will need to be turned
on in the minion config.
Salt 0.9.3 Release Notes
release
2011-11-05
Salt 0.9.3 is finally arrived. This is another big step forward for Salt, new features range from proper
FreeBSD support to fixing issues seen when attaching a minion to a master over the Internet.
The biggest improvements in 0.9.3 though can be found in the state system, it has progressed from
something ready for early testers to a system ready to compete with platforms such as Puppet and Chef.
The backbone of the state system has been greatly refined and many new features are available.
Download!
The Salt source can be downloaded from the salt GitHub site:
https://cloud.github.com/downloads/saltstack/salt/salt-0.9.3.tar.gz
Or from PyPI:
https://pypi.python.org/packages/source/s/salt/salt-0.9.3.tar.gz
For instructions on how to set up Salt please see the installation instructions.
New Features
WAN Support
Recently more people have been testing Salt minions connecting to Salt Masters over the Internet. It was
found that Minions would commonly loose their connection to the master when working over the internet.
The minions can now detect if the connection has been lost and reconnect to the master, making WAN
connections much more reliable.
State System Fixes
Substantial testing has gone into the state system and it is ready for real world usage. A great deal has
been added to the documentation for states and the modules and functions available to states have been
cleanly documented.
A number of State System bugs have also been founds and repaired, the output from the state system has
also been refined to be extremely clear and concise.
Error reporting has also been introduced, issues found in sls files will now be clearly reported when
executing Salt States.
Extend Declaration
The Salt States have also gained the extend declaration. This declaration allows for states to be cleanly
modified in a post environment. Simply said, if there is an apache.sls file that declares the apache
service, then another sls can include apache and then extend it:
include:
- apache
extend:
apache:
service:
- require:
- pkg: mod_python
mod_python:
pkg:
- installed
The notable behavior with the extend functionality is that it literally extends or overwrites a
declaration set up in another sls module. This means that Salt will behave as though the modifications
were made directly to the apache sls. This ensures that the apache service in this example is directly
tied to all requirements.
Highstate Structure Specification
This release comes with a clear specification of the Highstate data structure that is used to declare
Salt States. This specification explains everything that can be declared in the Salt SLS modules.
The specification is extremely simple, and illustrates how Salt has been able to fulfill the requirements
of a central configuration manager within a simple and easy to understand format and specification.
SheBang Renderer Switch
It came to our attention that having many renderers means that there may be a situation where more than
one State Renderer should be available within a single State Tree.
The method chosen to accomplish this was something already familiar to developers and systems
administrators, a SheBang. The Python State Renderer displays this new capability.
Python State Renderer
Until now Salt States could only be declared in yaml or json using Jinja or Mako. A new, very powerful,
renderer has been added, making it possible to write Salt States in pure Python:
#!py
def run():
'''
Install the python-mako package
'''
return {'include': ['python'],
'python-mako': {'pkg': ['installed']}}
This renderer is used by making a run function that returns the Highstate data structure. Any
capabilities of Python can be used in pure Python sls modules.
This example of a pure Python sls module is the same as this example in yaml:
include:
- python
python-mako:
pkg:
- installed
FreeBSD Support
Additional support has been added for FreeBSD, this is Salt's first branch out of the Linux world and
proves the viability of Salt on non-Linux platforms.
Salt remote execution already worked on FreeBSD, and should work without issue on any Unix-like platform.
But this support comes in the form of package management and user support, so Salt States also work on
FreeBSD now.
The new freebsdpkg module provides package management support for FreeBSD and the new pw_user and
pw_group provide user and group management.
Module and State Additions
Cron Support
Support for managing the system crontab has been added, declaring a cron state can be done easily:
date > /tmp/datestamp:
cron:
- present
- user: fred
- minute: 5
- hour: 3
File State Additions
The file state has been given a number of new features, primarily the directory, recurse, symlink, and
absent functions.
file.directory
Make sure that a directory exists and has the right permissions.
/srv/foo:
file:
- directory
- user: root
- group: root
- mode: 1755
file.symlink
Make a symlink.
/var/lib/www:
file:
- symlink
- target: /srv/www
- force: True
file.recurse
The recurse state function will recursively download a directory on the master file server and
place it on the minion. Any change in the files on the master will be pushed to the minion. The
recurse function is very powerful and has been tested by pushing out the full Linux kernel source.
/opt/code:
file:
- recurse
- source: salt://linux
file.absent
Make sure that the file is not on the system, recursively deletes directories, files, and
symlinks.
/etc/httpd/conf.d/somebogusfile.conf:
file:
- absent
Sysctl Module and State
The sysctl module and state allows for sysctl components in the kernel to be managed easily. the sysctl
module contains the following functions:
sysctl.show
Return a list of sysctl parameters for this minion
sysctl.get
Return a single sysctl parameter for this minion
sysctl.assign
Assign a single sysctl parameter for this minion
sysctl.persist
Assign and persist a simple sysctl parameter for this minion
The sysctl state allows for sysctl parameters to be assigned:
vm.swappiness:
sysctl:
- present
- value: 20
Kernel Module Management
A module for managing Linux kernel modules has been added. The new functions are as follows:
kmod.available
Return a list of all available kernel modules
kmod.check_available
Check to see if the specified kernel module is available
kmod.lsmod
Return a dict containing information about currently loaded modules
kmod.load
Load the specified kernel module
kmod.remove
Unload the specified kernel module
The kmod state can enforce modules be either present or absent:
kvm_intel:
kmod:
- present
Ssh Authorized Keys
The ssh_auth state can distribute ssh authorized keys out to minions. Ssh authorized keys can be present
or absent.
AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyYvlRBsJdDOo49CNfhlWHWXQRqul6rwL4KIuPrhY7hBw0tV7UNC7J9IZRNO4iGod9C+OYutuWGJ2x5YNf7P4uGhH9AhBQGQ4LKOLxhDyT1OrDKXVFw3wgY3rHiJYAbd1PXNuclJHOKL27QZCRFjWSEaSrUOoczvAAAAFQD9d4jp2dCJSIseSkk4Lez3LqFcqQAAAIAmovHIVSrbLbXAXQE8eyPoL9x5C+x2GRpEcA7AeMH6bGx/xw6NtnQZVMcmZIre5Elrw3OKgxcDNomjYFNHuOYaQLBBMosyO++tJe1KTAr3A2zGj2xbWO9JhEzu8xvSdF8jRu0N5SRXPpzSyU4o1WGIPLVZSeSq1VFTHRT4lXB7PQAAAIBXUz6ZO0bregF5xtJRuxUN583HlfQkXvxLqHAGY8WSEVlTnuG/x75wolBDbVzeTlxWxgxhafj7P6Ncdv25Wz9wvc6ko/puww0b3rcLNqK+XCNJlsM/7lB8Q26iK5mRZzNsGeGwGTyzNIMBekGYQ5MRdIcPv5dBIP/1M6fQDEsAXQ==:
ssh_auth:
- present
- user: frank
- enc: dsa
- comment: 'Frank's key'
Salt 0.9.4 Release Notes
release
2011-11-27
Salt 0.9.4 has arrived. This is a critical update that repairs a number of key bugs found in 0.9.3. But
this update is not without feature additions as well! 0.9.4 adds support for Gentoo portage to the pkg
module and state system. Also there are 2 major new state additions, the failhard option and the ability
to set up finite state ordering with the order option.
This release also sees our largest increase in community contributions. These contributors have and
continue to be the life blood of the Salt project, and the team continues to grow. I want to put out a
big thanks to our new and existing contributors.
Download!
The Salt source can be downloaded from the salt GitHub site:
https://cloud.github.com/downloads/saltstack/salt/salt-0.9.4.tar.gz
Or from PyPI:
https://pypi.python.org/packages/source/s/salt/salt-0.9.4.tar.gz
For instructions on how to set up Salt please see the installation instructions.
New Features
Failhard State Option
Normally, when a state fails Salt continues to execute the remainder of the defined states and will only
refuse to execute states that require the failed state.
But the situation may exist, where you would want all state execution to stop if a single state execution
fails. The capability to do this is called failing hard.
State Level Failhard
A single state can have a failhard set, this means that if this individual state fails that all state
execution will immediately stop. This is a great thing to do if there is a state that sets up a critical
config file and setting a require for each state that reads the config would be cumbersome. A good
example of this would be setting up a package manager early on:
/etc/yum.repos.d/company.repo:
file:
- managed
- source: salt://company/yumrepo.conf
- user: root
- group: root
- mode: 644
- order: 1
- failhard: True
In this situation, the yum repo is going to be configured before other states, and if it fails to lay
down the config file, than no other states will be executed.
Global Failhard
It may be desired to have failhard be applied to every state that is executed, if this is the case, then
failhard can be set in the master configuration file. Setting failhard in the master configuration file
will result in failing hard when any minion gathering states from the master have a state fail.
This is NOT the default behavior, normally Salt will only fail states that require a failed state.
Using the global failhard is generally not recommended, since it can result in states not being executed
or even checked. It can also be confusing to see states failhard if an admin is not actively aware that
the failhard has been set.
To use the global failhard set failhard: True in the master configuration
Finite Ordering of State Execution
When creating salt sls files, it is often important to ensure that they run in a specific order. While
states will always execute in the same order, that order is not necessarily defined the way you want it.
A few tools exist in Salt to set up the correct state ordering, these tools consist of requisite
declarations and order options.
The Order Option
Before using the order option, remember that the majority of state ordering should be done with requisite
statements, and that a requisite statement will override an order option.
The order option is used by adding an order number to a state declaration with the option order:
vim:
pkg:
- installed
- order: 1
By adding the order option to 1 this ensures that the vim package will be installed in tandem with any
other state declaration set to the order 1.
Any state declared without an order option will be executed after all states with order options are
executed.
But this construct can only handle ordering states from the beginning. Sometimes you may want to send a
state to the end of the line, to do this set the order to last:
vim:
pkg:
- installed
- order: last
Substantial testing has gone into the state system and it is ready for real world usage. A great deal has
been added to the documentation for states and the modules and functions available to states have been
cleanly documented.
A number of State System bugs have also been founds and repaired, the output from the state system has
also been refined to be extremely clear and concise.
Error reporting has also been introduced, issues found in sls files will now be clearly reported when
executing Salt States.
Gentoo Support
Additional experimental support has been added for Gentoo. This is found in the contribution from Doug
Renn, aka nestegg.
Salt 0.9.5 Release Notes
release
2012-01-15
Salt 0.9.5 is one of the largest steps forward in the development of Salt.
0.9.5 comes with many milestones, this release has seen the community of developers grow out to an
international team of 46 code contributors and has many feature additions, feature enhancements, bug
fixes and speed improvements.
WARNING:
Be sure to read the upgrade instructions about the switch to msgpack before upgrading!
Community
Nothing has proven to have more value to the development of Salt that the outstanding community that has
been growing at such a great pace around Salt. This has proven not only that Salt has great value, but
also the expandability of Salt is as exponential as I originally intended.
0.9.5 has received over 600 additional commits since 0.9.4 with a swath of new committers. The following
individuals have contributed to the development of 0.9.5:
• Aaron Bull Schaefer
• Antti Kaihola
• Bas Tichelaar
• Brad Barden
• Brian Wagner
• Byron Clark
• Chris Scheller
• Christer Edwards
• Clint Savage
• Corey Quinn
• David Boucha
• Eivind Uggedal
• Eric Poelke
• Evan Borgstrom
• Jed Glazner
• Jeff Schroeder
• Jeffrey C. Ollie
• Jonas Buckner
• Kent Tenney
• Martin Schnabel
• Maxim Burgerhout
• Mitch Anderson
• Nathaniel Whiteinge
• Seth House
• Thomas S Hatch
• Thomas Schreiber
• Tor Hveem
• lzyeval
• syphernl
This makes 21 new developers since 0.9.4 was released!
To keep up with the growing community follow Salt on Ohloh (http://www.ohloh.net/p/salt), to join the
Salt development community, fork Salt on GitHub, and get coding (https://github.com/saltstack/salt)!
Major Features
SPEED! Pickle to msgpack
For a few months now we have been talking about moving away from Python pickles for network
serialization, but a preferred serialization format had not yet been found. After an extensive
performance testing period involving everything from JSON to protocol buffers, a clear winner emerged.
Message Pack (http://msgpack.org/) proved to not only be the fastest and most compact, but also the most
"salt like". Message Pack is simple, and the code involved is very small. The msgpack library for Python
has been added directly to Salt.
This move introduces a few changes to Salt. First off, Salt is no longer a "noarch" package, since the
msgpack lib is written in C. Salt 0.9.5 will also have compatibility issues with 0.9.4 with the default
configuration.
We have gone through great lengths to avoid backwards compatibility issues with Salt, but changing the
serialization medium was going to create issues regardless. Salt 0.9.5 is somewhat backwards compatible
with earlier minions. A 0.9.5 master can command older minions, but only if the serial config value in
the master is set to pickle. This will tell the master to publish messages in pickle format and will
allow the master to receive messages in both msgpack and pickle formats.
Therefore the suggested methods for upgrading are either to just upgrade everything at once, or:
1. Upgrade the master to 0.9.5
2. Set serial to pickle in the master config
3. Upgrade the minions
4. Remove the serial option from the master config
Since pickles can be used as a security exploit the ability for a master to accept pickles from minions
at all will be removed in a future release.
C Bindings for YAML
All of the YAML rendering is now done with the YAML C bindings. This speeds up all of the sls files when
running states.
Experimental Windows Support
David Boucha has worked tirelessly to bring initial support to Salt for Microsoft Windows operating
systems. Right now the Salt Minion can run as a native Windows service and accept commands.
In the weeks and months to come Windows will receive the full treatment and will have support for Salt
States and more robust support for managing Windows systems. This is a big step forward for Salt to move
entirely outside of the Unix world, and proves Salt is a viable cross platform solution. Big Thanks to
Dave for his contribution here!
Dynamic Module Distribution
Many Salt users have expressed the desire to have Salt distribute in-house modules, states, renderers,
returners, and grains. This support has been added in a number of ways:
Modules via States
Now when salt modules are deployed to a minion via the state system as a file, then the modules will be
automatically loaded into the active running minion - no restart required - and into the active running
state. So custom state modules can be deployed and used in the same state run.
Modules via Module Environment Directories
Under the file_roots each environment can now have directories that are used to deploy large groups of
modules. These directories sync modules at the beginning of a state run on the minion, or can be manually
synced via the Salt module salt.modules.saltutil.sync_all.
The directories are named:
• _modules
• _states
• _grains
• _renderers
• _returners
The modules are pushed to their respective scopes on the minions.
Module Reloading
Modules can now be reloaded without restarting the minion, this is done by calling the
salt.modules.sys.reload_modules function.
But wait, there's more! Now when a salt module of any type is added via states the modules will be
automatically reloaded, allowing for modules to be laid down with states and then immediately used.
Finally, all modules are reloaded when modules are dynamically distributed from the salt master.
Enable / Disable Added to Service
A great deal of demand has existed for adding the capability to set services to be started at boot in the
service module. This feature also comes with an overhaul of the service modules and initial systemd
support.
This means that the service state can now accept - enable: True to make sure a service is enabled at
boot, and - enable: False to make sure it is disabled.
Compound Target
A new target type has been added to the lineup, the compound target. In previous versions the desired
minions could only be targeted via a single specific target type, but now many target specifications can
be declared.
These targets can also be separated by and/or operators, so certain properties can be used to omit a
node:
salt -C 'webserv* and G@os:Debian or E@db.*' test.ping
will match all minions with ids starting with webserv via a glob and minions matching the os:Debian
grain. Or minions that match the db.* regular expression.
Node Groups
Often the convenience of having a predefined group of minions to execute targets on is desired. This can
be accomplished with the new nodegroups feature. Nodegroups allow for predefined compound targets to be
declared in the master configuration file:
nodegroups:
group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com'
group2: 'G@os:Debian and foo.domain.com'
And then used via the -N option:
salt -N group1 test.ping
Minion Side Data Store
The data module introduces the initial approach into storing persistent data on the minions, specific to
the minions. This allows for data to be stored on minions that can be accessed from the master or from
the minion.
The Minion datastore is young, and will eventually provide an interface similar to a more mature
key/value pair server.
Major Grains Improvement
The Salt grains have been overhauled to include a massive amount of extra data. this includes hardware
data, os data and salt specific data.
Salt -Q is Useful Now
In the past the salt query system, which would display the data from recent executions would be displayed
in pure Python, and it was unreadable.
0.9.5 has added the outputter system to the -Q option, thus enabling the salt query system to return
readable output.
Packaging Updates
Huge strides have been made in packaging Salt for distributions. These additions are thanks to our
wonderful community where the work to set up packages has proceeded tirelessly.
FreeBSD
Salt on FreeBSD? There a port for that:
http://svnweb.freebsd.org/ports/head/sysutils/py-salt/
This port was developed and added by Christer Edwards. This also marks the first time Salt has been
included in an upstream packaging system!
Fedora and Red Hat Enterprise
Salt packages have been prepared for inclusion in the Fedora Project and in EPEL for Red Hat Enterprise 5
and 6. These packages are the result of the efforts made by Clint Savage (herlo).
Debian/Ubuntu
A team of many contributors have assisted in developing packages for Debian and Ubuntu. Salt is still
actively seeking inclusion in upstream Debian and Ubuntu and the package data that has been prepared is
being pushed through the needed channels for inclusion.
These packages have been prepared with the help of:
• Corey
• Aaron Toponce
• and`
More to Come
We are actively seeking inclusion in more distributions. Primarily getting Salt into Gentoo, SUSE,
OpenBSD, and preparing Solaris support are all turning into higher priorities.
Refinement
Salt continues to be refined into a faster, more stable and more usable application. 0.9.5 comes with
more debug logging, more bug fixes and more complete support.
More Testing, More BugFixes
0.9.5 comes with more bugfixes due to more testing than any previous release. The growing community and
the introduction a dedicated QA environment have unearthed many issues that were hiding under the covers.
This has further refined and cleaned the state interface, taking care of things from minor visual issues
to repairing misleading data.
Custom Exceptions
A custom exception module has been added to throw salt specific exceptions. This allows Salt to give
much more granular error information.
New Modules
data
The new data module manages a persistent datastore on the minion. Big thanks to bastichelaar for his
help refining this module
freebsdkmod
FreeBSD kernel modules can now be managed in the same way Salt handles Linux kernel modules.
This module was contributed thanks to the efforts of Christer Edwards
gentoo_service
Support has been added for managing services in Gentoo. Now Gentoo services can be started, stopped,
restarted, enabled, disabled, and viewed.
pip
The pip module introduces management for pip installed applications. Thanks goes to whitinge for the
addition of the pip module
rh_service
The rh_service module enables Red Hat and Fedora specific service management. Now Red Hat like systems
come with extensive management of the classic init system used by Red Hat
saltutil
The saltutil module has been added as a place to hold functions used in the maintenance and management of
salt itself. Saltutil is used to salt the salt minion. The saltutil module is presently used only to sync
extension modules from the master server.
systemd
Systemd support has been added to Salt, now systems using this next generation init system are supported
on systems running systemd.
virtualenv
The virtualenv module has been added to allow salt to create virtual Python environments. Thanks goes to
whitinge for the addition of the virtualenv module
win_disk
Support for gathering disk information on Microsoft Windows minions The windows modules come courtesy of
Utah_Dave
win_service
The win_service module adds service support to Salt for Microsoft Windows services
win_useradd
Salt can now manage local users on Microsoft Windows Systems
yumpkg5
The yumpkg module introduces in 0.9.4 uses the yum API to interact with the yum package manager.
Unfortunately, on Red Hat 5 systems salt does not have access to the yum API because the yum API is
running under Python 2.4 and Salt needs to run under Python 2.6.
The yumpkg5 module bypasses this issue by shelling out to yum on systems where the yum API is not
available.
New States
mysql_database
The new mysql_database state adds the ability to systems running a mysql server to manage the existence
of mysql databases.
The mysql states are thanks to syphernl
mysql_user
The mysql_user state enables mysql user management.
virtualenv
The virtualenv state can manage the state of Python virtual environments. Thanks to Whitinge for the
virtualenv state
New Returners
cassandra_returner
A returner allowing Salt to send data to a cassandra server. Thanks to Byron Clark for contributing this
returner
Salt 0.9.6 Release Notes
release
2012-01-21
Salt 0.9.6 is a release targeting a few bugs and changes. This is primarily targeting an issue found in
the names declaration in the state system. But a few other bugs were also repaired, like missing support
for grains in extmods.
Due to a conflict in distribution packaging msgpack will no longer be bundled with Salt, and is required
as a dependency.
New Features
HTTP and ftp support in files.managed
Now under the source option in the file.managed state a HTTP or ftp address can be used instead of a file
located on the salt master.
Allow Multiple Returners
Now the returner interface can define multiple returners, and will also return data back to the master,
making the process less ambiguous.
Minion Memory Improvements
A number of modules have been taken out of the minion if the underlying systems required by said modules
are not present on the minion system. A number of other modules need to be stripped out in this same way
which should continue to make the minion more efficient.
Minions Can Locally Cache Return Data
A new option, cache_jobs, has been added to the minion to allow for all of the historically run jobs to
cache on the minion, allowing for looking up historic returns. By default cache_jobs is set to False.
Pure Python Template Support For file.managed
Templates in the file.managed state can now be defined in a Python script. This script needs to have a
run function that returns the string that needs to be in the named file.
Salt 0.9.7 Release Notes
release
2012-02-15
Salt 0.9.7 is here! The latest iteration of Salt brings more features and many fixes. This release is a
great refinement over 0.9.6, adding many conveniences under the hood, as well as some features that make
working with Salt much better.
A few highlights include the new Job system, refinements to the requisite system in states, the mod_init
interface for states, external node classification, search path to managed files in the file state, and
refinements and additions to dynamic module loading.
0.9.7 also introduces the long developed (and oft changed) unit test framework and the initial unit
tests.
Major Features
Salt Jobs Interface
The new jobs interface makes the management of running executions much cleaner and more transparent.
Building on the existing execution framework the jobs system allows clear introspection into the active
running state of the running Salt interface.
The Jobs interface is centered in the new minion side proc system. The minions now store msgpack
serialized files under /var/cache/salt/proc. These files keep track of the active state of processes on
the minion.
Functions in the saltutil Module
A number of functions have been added to the saltutil module to manage and view the jobs:
running - Returns the data of all running jobs that are found in the proc directory.
find_job - Returns specific data about a certain job based on job id.
signal_job - Allows for a given jid to be sent a signal.
term_job - Sends a termination signal (SIGTERM, 15) to the process controlling the specified job.
kill_job Sends a kill signal (SIGKILL, 9) to the process controlling the specified job.
The jobs Runner
A convenience runner front end and reporting system has been added as well. The jobs runner contains
functions to make viewing data easier and cleaner.
The jobs runner contains a number of functions...
active
The active function runs saltutil.running on all minions and formats the return data about all running
jobs in a much more usable and compact format. The active function will also compare jobs that have
returned and jobs that are still running, making it easier to see what systems have completed a job and
what systems are still being waited on.
lookup_jid
When jobs are executed the return data is sent back to the master and cached. By default is cached for
24 hours, but this can be configured via the keep_jobs option in the master configuration.
Using the lookup_jid runner will display the same return data that the initial job invocation with the
salt command would display.
list_jobs
Before finding a historic job, it may be required to find the job id. list_jobs will parse the cached
execution data and display all of the job data for jobs that have already, or partially returned.
External Node Classification
Salt can now use external node classifiers like Cobbler's cobbler-ext-nodes.
Salt uses specific data from the external node classifier. In particular the classes value denotes which
sls modules to run, and the environment value sets to another environment.
An external node classification can be set in the master configuration file via the external_nodes
option: https://salt.readthedocs.io/en/latest/ref/configuration/master.html#external-nodes
External nodes are loaded in addition to the top files. If it is intended to only use external nodes, do
not deploy any top files.
State Mod Init System
An issue arose with the pkg state. Every time a package was run Salt would need to refresh the package
database. This made systems with slower package metadata refresh speeds much slower to work with. To
alleviate this issue the mod_init interface has been added to salt states.
The mod_init interface is a function that can be added to a state file. This function is called with the
first state called. In the case of the pkg state, the mod_init function sets up a tag which makes the
package database only refresh on the first attempt to install a package.
In a nutshell, the mod_init interface allows a state to run any command that only needs to be run once,
or can be used to set up an environment for working with the state.
Source File Search Path
The file state continues to be refined, adding speed and capabilities. This release adds the ability to
pass a list to the source option. This list is then iterated over until the source file is found, and the
first found file is used.
The new syntax looks like this:
/etc/httpd/conf/httpd.conf:
file:
- managed
- source:
- salt://httpd/httpd.conf
- http://myserver/httpd.conf: md5=8c1fe119e6f1fd96bc06614473509bf1
The source option can take sources in the list from the salt file server as well as an arbitrary web
source. If using an arbitrary web source the checksum needs to be passed as well for file verification.
Refinements to the Requisite System
A few discrepancies were still lingering in the requisite system, in particular, it was not possible to
have a require and a watch requisite declared in the same state declaration.
This issue has been alleviated, as well as making the requisite system run more quickly.
Initial Unit Testing Framework
Because of the module system, and the need to test real scenarios, the development of a viable unit
testing system has been difficult, but unit testing has finally arrived. Only a small amount of unit
testing coverage has been developed, much more coverage will be in place soon.
A huge thanks goes out to those who have helped with unit testing, and the contributions that have been
made to get us where we are. Without these contributions unit tests would still be in the dark.
Compound Targets Expanded
Originally only support for and and or were available in the compound target. 0.9.7 adds the capability
to negate compound targets with not.
Nodegroups in the Top File
Previously the nodegroups defined in the master configuration file could not be used to match nodes for
states. The nodegroups support has been expanded and the nodegroups defined in the master configuration
can now be used to match minions in the top file.
Salt 0.9.8 Release Notes
release
2012-03-21
Salt 0.9.8 is a big step forward, with many additions and enhancements, as well as a number of precursors
to advanced future developments.
This version of Salt adds much more power to the command line, making the old hard timeout issues a thing
of the past and adds keyword argument support. These additions are also available in the salt client API,
making the available API tools much more powerful.
The new pillar system allows for data to be stored on the master and assigned to minions in a granular
way similar to the state system. It also allows flexibility for users who want to keep data out of their
state tree similar to 'external lookup' functionality in other tools.
A new way to extend requisites was added, the "requisite in" statement. This makes adding requires or
watch statements to external state decs much easier.
Additions to requisites making them much more powerful have been added as well as improved error checking
for sls files in the state system. A new provider system has been added to allow for redirecting what
modules run in the background for individual states.
Support for openSUSE has been added and support for Solaris has begun serious development. Windows
support has been significantly enhanced as well.
The matcher and target systems have received a great deal of attention. The default behavior of grain
matching has changed slightly to reflect the rest of salt and the compound matcher system has been
refined.
A number of impressive features with keyword arguments have been added to both the CLI and to the state
system. This makes states much more powerful and flexible while maintaining the simple configuration
everyone loves.
The new batch size capability allows for executions to be rolled through a group of targeted minions a
percentage or specific number at a time. This was added to prevent the "thundering herd" problem when
targeting large numbers of minions for things like service restarts or file downloads.
Upgrade Considerations
Upgrade Issues
There was a previously missed oversight which could cause a newer minion to crash an older master. That
oversight has been resolved so the version incompatibility issue will no longer occur. When upgrading to
0.9.8 make sure to upgrade the master first, followed by the minions.
Debian/Ubuntu Packages
The original Debian/Ubuntu packages were called salt and included all salt applications. New packages in
the ppa are split by function. If an old salt package is installed then it should be manually removed and
the new split packages need to be freshly installed.
On the master:
# apt-get purge salt
# apt-get install salt-{master,minion}
On the minions:
# apt-get purge salt
# apt-get install salt-minion
And on any Syndics:
# apt-get install salt-syndic
The official Salt PPA for Ubuntu is located at: https://launchpad.net/~saltstack/+archive/salt
Major Features
Pillar
Pillar offers an interface to declare variable data on the master that is then assigned to the minions.
The pillar data is made available to all modules, states, sls files etc. It is compiled on the master and
is declared using the existing renderer system. This means that learning pillar should be fairly trivial
to those already familiar with salt states.
CLI Additions
The salt command has received a serious overhaul and is more powerful than ever. Data is returned to the
terminal as it is received, and the salt command will now wait for all running minions to return data
before stopping. This makes adding very large --timeout arguments completely unnecessary and gets rid of
long running operations returning empty {} when the timeout is exceeded.
When calling salt via sudo, the user originally running salt is saved to the log for auditing purposes.
This makes it easy to see who ran what by just looking through the minion logs.
The salt-key command gained the -D and --delete-all arguments for removing all keys. Be careful with this
one!
Running States Without a Master
The addition of running states without a salt-master has been added to 0.9.8. This feature allows for the
unmodified salt state tree to be read locally from a minion. The result is that the UNMODIFIED state tree
has just become portable, allowing minions to have a local copy of states or to manage states without a
master entirely.
This is accomplished via the new file client interface in Salt that allows for the salt:// URI to be
redirected to custom interfaces. This means that there are now two interfaces for the salt file server,
calling the master or looking in a local, minion defined file_roots.
This new feature can be used by modifying the minion config to point to a local file_roots and setting
the file_client option to local.
Keyword Arguments and States
State modules now accept the **kwargs argument. This results in all data in a sls file assigned to a
state being made available to the state function.
This passes data in a transparent way back to the modules executing the logic. In particular, this
allows adding arguments to the pkg.install module that enable more advanced and granular controls with
respect to what the state is capable of.
An example of this along with the new debconf module for installing ldap client packages on Debian:
ldap-client-packages:
pkg:
- debconf: salt://debconf/ldap-client.ans
- installed
- names:
- nslcd
- libpam-ldapd
- libnss-ldapd
Keyword Arguments and the CLI
In the past it was required that all arguments be passed in the proper order to the salt and salt-call
commands. As of 0.9.8, keyword arguments can be passed in the form of kwarg=argument.
# salt -G 'type:dev' git.clone \
repository=https://github.com/saltstack/salt.git cwd=/tmp/salt user=jeff
Matcher Refinements and Changes
A number of fixes and changes have been applied to the Matcher system. The most noteworthy is the change
in the grain matcher. The grain matcher used to use a regular expression to match the passed data to a
grain, but now defaults to a shell glob like the majority of match interfaces in Salt. A new option is
available that still uses the old style regex matching to grain data called grain-pcre. To use regex
matching in compound matches use the letter P.
For example, this would match any ArchLinux or Fedora minions:
# salt --grain-pcre 'os:(Arch:Fed).*' test.ping
And the associated compound matcher suitable for top.sls is P:
P@os:(Arch|Fed).*
NOTE: Changing the grains matcher from pcre to glob is backwards incompatible.
Support has been added for matching minions with Yahoo's range library. This is handled by passing range
syntax with -R or --range arguments to salt.
More information at: https://github.com/ytoolshed/range/wiki/%22yamlfile%22-module-file-spec
Requisite in
A new means to updating requisite statements has been added to make adding watchers and requires to
external states easier. Before 0.9.8 the only way to extend the states that were watched by a state
outside of the sls was to use an extend statement:
include:
- http
extend:
apache:
service:
- watch:
- pkg: tomcat
tomcat:
pkg:
- installed
But the new Requisite in statement allows for easier extends for requisites:
include:
- http
tomcat:
pkg:
- installed
- watch_in:
- service: apache
Requisite in is part of the extend system, so still remember to always include the sls that is being
extended!
Providers
Salt predetermines what modules should be mapped to what uses based on the properties of a system. These
determinations are generally made for modules that provide things like package and service management.
The apt module maps to pkg on Debian and the yum module maps to pkg on Fedora for instance.
Sometimes in states, it may be necessary for a non-default module to be used for the desired
functionality. For instance, an Arch Linux system may have been set up with systemd support. Instead of
using the default service module detected for Arch Linux, the systemd module can be used:
http:
service:
- running
- enable: True
- provider: systemd
Default providers can also be defined in the minion config file:
providers:
service: systemd
When default providers are passed in the minion config, then those providers will be applied to all
functionality in Salt, this means that the functions called by the minion will use these modules, as well
as states.
Requisite Glob Matching
Requisites can now be defined with glob expansion. This means that if there are many requisites, they can
be defined on a single line.
To watch all files in a directory:
http:
service:
- running
- enable: True
- watch:
- file: /etc/http/conf.d/*
This example will watch all defined files that match the glob /etc/http/conf.d/*
Batch Size
The new batch size option allows commands to be executed while maintaining that only so many hosts are
executing the command at one time. This option can take a percentage or a finite number:
salt '*' -b 10 test.ping
salt -G 'os:RedHat' --batch-size 25% apache.signal restart
This will only run test.ping on 10 of the targeted minions at a time and then restart apache on 25% of
the minions matching os:RedHat at a time and work through them all until the task is complete. This makes
jobs like rolling web server restarts behind a load balancer or doing maintenance on BSD firewalls using
carp much easier with salt.
Module Updates
This is a list of notable, but non-exhaustive updates with new and existing modules.
Windows support has seen a flurry of support this release cycle. We've gained all new file, network, and
shadow modules. Please note that these are still a work in progress.
For our ruby users, new rvm and gem modules have been added along with the associated states
The virt module gained basic Xen support.
The yum module gained Scientific Linux support.
The pkg module on Debian, Ubuntu, and derivatives force apt to run in a non-interactive mode. This
prevents issues when package installation waits for confirmation.
A pkg module for OpenSUSE's zypper was added.
The service module on Ubuntu natively supports upstart.
A new debconf module was contributed by our community for more advanced control over deb package
deployments on Debian based distributions.
The mysql.user state and mysql module gained a password_hash argument.
The cmd module and state gained a shell keyword argument for specifying a shell other than /bin/sh on
Linux / Unix systems.
New git and mercurial modules have been added for fans of distributed version control.
In Progress Development
Master Side State Compiling
While we feel strongly that the advantages gained with minion side state compiling are very critical, it
does prevent certain features that may be desired. 0.9.8 has support for initial master side state
compiling, but many more components still need to be developed, it is hoped that these can be finished
for 0.9.9.
The goal is that states can be compiled on both the master and the minion allowing for compilation to be
split between master and minion. Why will this be great? It will allow storing sensitive data on the
master and sending it to some minions without all minions having access to it. This will be good for
handling ssl certificates on front-end web servers for instance.
Solaris Support
Salt 0.9.8 sees the introduction of basic Solaris support. The daemon runs well, but grains and more of
the modules need updating and testing.
Windows Support
Salt states on windows are now much more viable thanks to contributions from our community! States for
file, service, local user, and local group management are more fully fleshed out along with network and
disk modules. Windows users can also now manage registry entries using the new "reg" module.
Salt 0.9.9 Release Notes
release
2012-04-27
0.9.9 is out and comes with some serious bug fixes and even more serious features. This release is the
last major feature release before 1.0.0 and could be considered the 1.0.0 release candidate.
A few updates include more advanced kwargs support, the ability for salt states to more safely configure
a running salt minion, better job directory management and the new state test interface.
Many new tests have been added as well, including the new minion swarm test that allows for easier
testing of Salt working with large groups of minions. This means that if you have experienced stability
issues with Salt before, particularly in larger deployments, that these bugs have been tested for, found,
and killed.
Major Features
State Test Interface
Until 0.9.9 the only option when running states to see what was going to be changed was to print out the
highstate with state.show_highstate and manually look it over. But now states can be run to discover what
is going to be changed.
Passing the option test=True to many of the state functions will now cause the salt state system to only
check for what is going to be changed and report on those changes.
salt '*' state.highstate test=True
Now states that would have made changes report them back in yellow.
State Syntax Update
A shorthand syntax has been added to sls files, and it will be the default syntax in documentation going
forward. The old syntax is still fully supported and will not be deprecated, but it is recommended to
move to the new syntax in the future. This change moves the state function up into the state name using a
dot notation. This is in-line with how state functions are generally referred to as well:
The new way:
/etc/sudoers:
file.present:
- source: salt://sudo/sudoers
- user: root
- mode: 400
Use and Use_in Requisites
Two new requisite statements are available in 0.9.9. The use and use_in requisite and requisite-in allow
for the transparent duplication of data between states. When a state "uses" another state it copies the
other state's arguments as defaults. This was created in direct response to the new network state, and
allows for many network interfaces to be configured in the same way easily. A simple example:
root_file:
file.absent:
- name: /tmp/nothing
- user: root
- mode: 644
- group: root
- use_in:
- file: /etc/vimrc
fred_file:
file.absent:
- name: /tmp/nothing
- user: fred
- group: marketing
- mode: 660
/files/marketing/district7.rst:
file.present:
- source: salt://marketing/district7.rst
- template: jinja
- use:
- file: fred_file
/etc/vimrc:
file.present:
- source: salt://edit/vimrc
This makes the 2 lower state decs inherit the options from their respectively "used" state decs.
Network State
The new network state allows for the configuration of network devices via salt states and the ip salt
module. This addition has been given to the project by Jeff Hutchins and Bret Palsson from Jive
Communications.
Currently the only network configuration backend available is for Red Hat based systems, like Red Hat
Enterprise, CentOS, and Fedora.
Exponential Jobs
Originally the jobs executed were stored on the master in the format: <cachedir>/jobs/jid/{minion ids}
But this format restricted the number of jobs in the cache to the number of subdirectories allowed on the
filesystem. Ext3 for instance limits subdirectories to 32000. To combat this the new format for 0.9.9 is:
<cachedir>/jobs/jid_hash[:2]/jid_hash[2:]/{minion ids} So that now the number of maximum jobs that can be
run before the cleanup cycle hits the job directory is substantially higher.
ssh_auth Additions
The original ssh_auth state was limited to accepting only arguments to apply to a public key, and the key
itself. This was restrictive due to the way the we learned that many people were using the state, so the
key section has been expanded to accept options and arguments to the key that over ride arguments passed
in the state. This gives substantial power to using ssh_auth with names:
sshkeys:
ssh_auth:
- present
- user: backup
- enc: ssh-dss
- options:
- option1="value1"
- option2="value2 flag2"
- comment: backup
- names:
- AAAAB3NzaC1yc2EAAAABIwAAAQEAlyE26SMFFVY5YJvnL7AF5CRTPtAigSW1U887ASfBt6FDa7Qr1YdO5ochiLoz8aSiMKd5h4dhB6ymHbmntMPjQena29jQjXAK4AK0500rMShG1Y1HYEjTXjQxIy/SMjq2aycHI+abiVDn3sciQjsLsNW59t48Udivl2RjWG7Eo+LYiB17MKD5M40r5CP2K4B8nuL+r4oAZEHKOJUF3rzA20MZXHRQuki7vVeWcW7ie8JHNBcq8iObVSoruylXav4aKG02d/I4bz/l0UdGh18SpMB8zVnT3YF5nukQQ/ATspmhpU66s4ntMehULC+ljLvZL40ByNmF0TZc2sdSkA0111==
- AAAAB3NzaC1yc2EAAAABIwAAAQEAlyE26SMFFVY5YJvnL7AF5CRTPtAigSW1U887ASfBt6FDa7Qr1YdO5ochiLoz8aSiMKd5h4dhB6ymHbmntMPjQena29jQjXAK4AK0500rMShG1Y1HYEjTXjQxIy/SMjq2aycHI+abiVDn3sciQjsLsNW59t48Udivl2RjWG7Eo+LYiB17MKD5M40r5CP2K4B8nuL+r4oAZEHKOJUF3rzA20MZXHRQuki7vVeWcW7ie8JHNBcq8iObVSoruylXav4aKG02d/I4bz/l0UdGh18SpMB8zVnT3YF5nukQQ/ATspmhpU66s4ntMehULC+ljLvZL40ByNmF0TZc2sdSkA0222== override
- ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAlyE26SMFFVY5YJvnL7AF5CRTPtAigSW1U887ASfBt6FDa7Qr1YdO5ochiLoz8aSiMKd5h4dhB6ymHbmntMPjQena29jQjXAK4AK0500rMShG1Y1HYEjTXjQxIy/SMjq2aycHI+abiVDn3sciQjsLsNW59t48Udivl2RjWG7Eo+LYiB17MKD5M40r5CP2K4B8nuL+r4oAZEHKOJUF3rzA20MZXHRQuki7vVeWcW7ie8JHNBcq8iObVSoruylXav4aKG02d/I4bz/l0UdGh18SpMB8zVnT3YF5nukQQ/ATspmhpU66s4ntMehULC+ljLvZL40ByNmF0TZc2sdSkA0333== override
- ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAlyE26SMFFVY5YJvnL7AF5CRTPtAigSW1U887ASfBt6FDa7Qr1YdO5ochiLoz8aSiMKd5h4dhB6ymHbmntMPjQena29jQjXAK4AK0500rMShG1Y1HYEjTXjQxIy/SMjq2aycHI+abiVDn3sciQjsLsNW59t48Udivl2RjWG7Eo+LYiB17MKD5M40r5CP2K4B8nuL+r4oAZEHKOJUF3rzA20MZXHRQuki7vVeWcW7ie8JHNBcq8iObVSoruylXav4aKG02d/I4bz/l0UdGh18SpMB8zVnT3YF5nukQQ/ATspmhpU66s4ntMehULC+ljLvZL40ByNmF0TZc2sdSkA0444==
- option3="value3",option4="value4 flag4" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAlyE26SMFFVY5YJvnL7AF5CRTPtAigSW1U887ASfBt6FDa7Qr1YdO5ochiLoz8aSiMKd5h4dhB6ymHbmntMPjQena29jQjXAK4AK0500rMShG1Y1HYEjTXjQxIy/SMjq2aycHI+abiVDn3sciQjsLsNW59t48Udivl2RjWG7Eo+LYiB17MKD5M40r5CP2K4B8nuL+r4oAZEHKOJUF3rzA20MZXHRQuki7vVeWcW7ie8JHNBcq8iObVSoruylXav4aKG02d/I4bz/l0UdGh18SpMB8zVnT3YF5nukQQ/ATspmhpU66s4ntMehULC+ljLvZL40ByNmF0TZc2sdSkA0555== override
- option3="value3" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAlyE26SMFFVY5YJvnL7AF5CRTPtAigSW1U887ASfBt6FDa7Qr1YdO5ochiLoz8aSiMKd5h4dhB6ymHbmntMPjQena29jQjXAK4AK0500rMShG1Y1HYEjTXjQxIy/SMjq2aycHI+abiVDn3sciQjsLsNW59t48Udivl2RjWG7Eo+LYiB17MKD5M40r5CP2K4B8nuL+r4oAZEHKOJUF3rzA20MZXHRQuki7vVeWcW7ie8JHNBcq8iObVSoruylXav4aKG02d/I4bz/l0UdGh18SpMB8zVnT3YF5nukQQ/ATspmhpU66s4ntMehULC+ljLvZL40ByNmF0TZc2sdSkA0666==
LocalClient Additions
To follow up the recent additions in 0.9.8 of additional kwargs support, 0.9.9 also adds the capability
to send kwargs into commands via a dict. This addition to the LocalClient api can be used like so:
import salt.client
client = salt.client.LocalClient('/etc/salt/master')
ret = client.cmd('*', 'cmd.run', ['ls -l'], kwarg={'cwd': '/etc'})
This update has been added to all cmd methods in the LocalClient class.
Better Self Salting
One problem faced with running Salt states, is that it has been difficult to manage the Salt minion via
states, this is due to the fact that if the minion is called to restart while a state run is happening
then the state run would be killed. 0.9.9 slightly changes the process scope of the state runs, so now
when salt is executing states it can safely restart the salt-minion daemon.
In addition to daemonizing the state run, the apt module also daemonizes. This update makes it possible
to cleanly update the salt-minion package on Debian/Ubuntu systems without leaving apt in an inconsistent
state or killing the active minion process mid-execution.
Wildcards for SLS Modules
Now, when including sls modules in include statements or in the top file, shell globs can be used. This
can greatly simplify listing matched sls modules in the top file and include statements:
base:
'*':
- files*
- core*
include:
- users.dev.*
- apache.ser*
External Pillar
Since the pillar data is just, data, it does not need to come expressly from the pillar interface. The
external pillar system allows for hooks to be added making it possible to extract pillar data from any
arbitrary external interface. The external pillar interface is configured via the ext_pillar option.
Currently interfaces exist to gather external pillar data via hiera or via a shell command that sends
yaml data to the terminal:
ext_pillar:
- cmd_yaml: cat /etc/salt/ext.yaml
- hiera: /etc/hirea.yaml
The initial external pillar interfaces and extra interfaces can be added to the file salt/pillar.py, it
is planned to add more external pillar interfaces. If the need arises a new module loader interface will
be created in the future to manage external pillar interfaces.
Single State Executions
The new state.single function allows for single states to be cleanly executed. This is a great tool for
setting up a small group of states on a system or for testing out the behavior of single states:
salt '*' state.single user.present name=wade uid=2000
The test interface functions here as well, so changes can also be tested against as:
salt '*' state.single user.present name=wade uid=2000 test=True
New Tests
A few exciting new test interfaces have been added, the minion swarm allows not only testing of larger
loads, but also allows users to see how Salt behaves with large groups of minions without having to
create a large deployment.
Minion Swarm
The minion swarm test system allows for large groups of minions to be tested against easily without
requiring large numbers of servers or virtual machines. The minion swarm creates as many minions as a
system can handle and roots them in the /tmp directory and connects them to a master.
The benefit here is that we were able to replicate issues that happen only when there are large numbers
of minions. A number of elusive bugs which were causing stability issues in masters and minions have
since been hunted down. Bugs that used to take careful watch by users over several days can now be
reliably replicated in minutes, and fixed in minutes.
Using the swarm is easy, make sure a master is up for the swarm to connect to, and then use the
minionswarm.py script in the tests directory to spin up as many minions as you want. Remember, this is a
fork bomb, don't spin up more than your hardware can handle!
python minionswarm.py -m 20 --master salt-master
Shell Tests
The new Shell testing system allows us to test the behavior of commands executed from a high level. This
allows for the high level testing of salt runners and commands like salt-key.
Client Tests
Tests have been added to test the aspects of the client APIs and ensure that the client calls work, and
that they manage passed data, in a desirable way.
SEE ALSO:
Legacy salt-cloud release docs
SEE ALSO:
Legacy salt-api release docs
VENAFI TOOLS FOR SALT
Introduction
Before using these modules you need to register an account with Venafi, and configure it in your master
configuration file.
First, you need to add a placeholder to the master file. This is because the module will not load unless
it finds an api_key setting, valid or not. Open up /etc/salt/master and add:
venafi:
api_key: None
Then register your email address with Venafi using the following command:
salt-run venafi.register <youremail@yourdomain.com>
This command will not return an api_key to you; that will be send to you via email from Venafi. Once you
have received that key, open up your master file and set the api_key to it:
venafi:
api_key: abcdef01-2345-6789-abcd-ef0123456789
To enable the ability for creating keys and certificates it is necessary to enable the external pillars.
Open the /etc/salt/master file and add:
ext_pillar:
- venafi: True
To modify the URL being used for the Venafi Certificate issuance modify the file in /etc/salt/master and
add the base_url information following under the venafi tag:
venafi:
base_url: http://newurl.venafi.com
Example Usage
Generate a CSR and submit it to Venafi for issuance, using the 'Internet' zone: salt-run venafi.request
minion.example.com minion.example.com zone=Internet
Retrieve a certificate for a previously submitted request with request ID aaa-bbb-ccc-dddd: salt-run
venafi.pickup aaa-bbb-ccc-dddd
Runner Functions
gen_key
Generate and return a private_key. If a dns_name is passed in, the private_key will be cached under that
name.
The key will be generated based on the policy values that were configured by the Venafi administrator. A
default Certificate Use Policy is associated with a zone; the key type and key length parameters
associated with this value will be used.
salt-run venafi.gen_key minion.example.com minion.example.com zone=Internet \
password=SecretSauce
param str minion_id
Required. The name of the minion which hosts the domain name in question.
param str dns_name
Required. The FQDN of the domain that will be hosted on the minion.
param str zone
Required. Default value is "default". The zone on Venafi that the domain belongs to.
param str password
Optional. If specified, the password to use to access the generated key.
gen_csr
Generate a csr using the host's private_key. Analogous to:
salt-run venafi.gen_csr minion.example.com minion.example.com country=US \
state=California loc=Sacramento org=CompanyName org_unit=DevOps \
zone=Internet password=SecretSauce
param str minion_id
Required.
param str dns_name
Required.
param str zone
Optional. Default value is "default". The zone on Venafi that the domain belongs to.
param str country=None
Optional. The two-letter ISO abbreviation for your country.
param str state=None
Optional. The state/county/region where your organisation is legally located. Must not be
abbreviated.
param str loc=None
Optional. The city where your organisation is legally located.
param str org=None
Optional. The exact legal name of your organisation. Do not abbreviate your organisation name.
param str org_unit=None
Optional. Section of the organisation, can be left empty if this does not apply to your case.
param str password=None
Optional. Password for the CSR.
request
Request a new certificate. Analogous to:
salt-run venafi.request minion.example.com minion.example.com country=US \
state=California loc=Sacramento org=CompanyName org_unit=DevOps \
zone=Internet password=SecretSauce
param str minion_id
Required.
param str dns_name
Required.
param str zone
Required. Default value is "default". The zone on Venafi that the certificate request will be
submitted to.
param str country=None
Optional. The two-letter ISO abbreviation for your country.
param str state=None
Optional. The state/county/region where your organisation is legally located. Must not be
abbreviated.
param str loc=None
Optional. The city where your organisation is legally located.
param str org=None
Optional. The exact legal name of your organisation. Do not abbreviate your organisation name.
param str org_unit=None
Optional. Section of the organisation, can be left empty if this does not apply to your case.
param str password=None
Optional. Password for the CSR.
param str company_id=None
Optional, but may be configured in master file instead.
register
Register a new user account
salt-run venafi.register username@example.com
param str email
Required. The email address to use for the new Venafi account.
show_company
Show company information, especially the company id
salt-run venafi.show_company example.com
param str domain
Required. The domain name to look up information for.
show_csrs
Show certificate requests for the configured API key.
salt-run venafi.show_csrs
show_zones
Show zones for the specified company id.
salt-run venafi.show_zones
param str company_id
Optional. The company id to show the zones for.
pickup, show_cert
Show certificate requests for the specified certificate id. Analogous to the VCert pickup command.
salt-run venafi.pickup 4295ebc0-14bf-11e7-b965-1df050017ec1
param str
id_
Required. The id of the certificate to look up.
show_rsa
Show a private RSA key.
salt-run venafi.show_rsa minion.example.com minion.example.com
param str minion_id
The name of the minion to display the key for.
param str dns_name
The domain name to display the key for.
list_domain_cache
List domains that have been cached on this master.
salt-run venafi.list_domain_cache
del_cached_domain
Delete a domain from this master's cache.
salt-run venafi.delete_domain_cache example.com
param str domains
A domain name, or a comma-separated list of domain names, to delete from this master's cache.
AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
2017.7.4 Aug 05, 2020 SALT(7)