valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-08 09:23:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'develop' of https://github.com/saltstack/salt into salt-check-feature

Browse Source
This commit is contained in:
William Cannon 2017-08-18 16:37:40 -05:00
commit 1499314595
1184 changed files with 30319 additions and 16157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/stale.yml vendored
View File

@ -1,8 +1,8 @@
# Probot Stale configuration file
# Number of days of inactivity before an issue becomes stale
# 1145 is approximately 3 years and 2 months
daysUntilStale: 1145
# 1115 is approximately 3 years and 1 month
daysUntilStale: 1115
# Number of days of inactivity before a stale issue is closed
daysUntilClose: 7

7
.mention-bot
View File

@ -1,4 +1,11 @@
{
"alwaysNotifyForPaths": [
{
"name": "ryan-lane",
"files": ["salt/**/*boto*.py"],
"skipTeamPrs": false
}
],
"skipTitle": "Merge forward",
"userBlacklist": ["cvrebert", "markusgattol", "olliewalsh"]
}

11
conf/cloud
View File

@ -97,3 +97,14 @@
#
#delete_sshkeys: False
# Whether or not to include grains information in the /etc/salt/minion file
# which is generated when the minion is provisioned. For example...
# grains:
# salt-cloud:
# driver: ec2
# provider: my_ec2:ec2
# profile: micro_ec2
#
# Default: 'True'
#
#enable_cloud_grains: 'True'

34
conf/master
View File

@ -301,6 +301,22 @@
##### Security settings #####
##########################################
# Enable passphrase protection of Master private key. Although a string value
# is acceptable; passwords should be stored in an external vaulting mechanism
# and retrieved via sdb. See https://docs.saltstack.com/en/latest/topics/sdb/.
# Passphrase protection is off by default but an example of an sdb profile and
# query is as follows.
# masterkeyring:
# driver: keyring
# service: system
#
# key_pass: sdb://masterkeyring/key_pass
# Enable passphrase protection of the Master signing_key. This only applies if
# master_sign_pubkey is set to True. This is disabled by default.
# master_sign_pubkey: True
# signing_key_pass: sdb://masterkeyring/signing_pass
# Enable "open mode", this mode still maintains encryption, but turns off
# authentication, this is only intended for highly secure environments or for
# the situation where your keys end up in a bad state. If you run in open mode
@ -311,6 +327,9 @@
# public keys from the minions. Note that this is insecure.
#auto_accept: False
# The size of key that should be generated when creating new keys.
#keysize: 2048
# Time in minutes that an incoming public key with a matching name found in
# pki_dir/minion_autosign/keyid is automatically accepted. Expired autosign keys
# are removed when the master checks the minion_autosign directory.
@ -968,6 +987,21 @@
#pillar_cache_backend: disk
###### Reactor Settings #####
###########################################
# Define a salt reactor. See https://docs.saltstack.com/en/latest/topics/reactor/
#reactor: []
#Set the TTL for the cache of the reactor configuration.
#reactor_refresh_interval: 60
#Configure the number of workers for the runner/wheel in the reactor.
#reactor_worker_threads: 10
#Define the queue size for workers in the reactor.
#reactor_worker_hwm: 10000
##### Syndic settings #####
##########################################
# The Salt syndic is used to pass commands through a master from a higher

18
conf/minion
View File

@ -620,6 +620,9 @@
# you do so at your own risk!
#open_mode: False
# The size of key that should be generated when creating new keys.
#keysize: 2048
# Enable permissive access to the salt keys. This allows you to run the
# master or minion as root, but have a non-root group be given access to
# your pki_dir. To make the access explicit, root must belong to the group
@ -661,6 +664,21 @@
# ssl_version: PROTOCOL_TLSv1_2
###### Reactor Settings #####
###########################################
# Define a salt reactor. See https://docs.saltstack.com/en/latest/topics/reactor/
#reactor: []
#Set the TTL for the cache of the reactor configuration.
#reactor_refresh_interval: 60
#Configure the number of workers for the runner/wheel in the reactor.
#reactor_worker_threads: 10
#Define the queue size for workers in the reactor.
#reactor_worker_hwm: 10000
###### Thread settings #####
###########################################
# Disable multiprocessing support, by default when a minion receives a

22
doc/conf.py
View File

@ -245,8 +245,8 @@ on_saltstack = 'SALT_ON_SALTSTACK' in os.environ
project = 'Salt'
version = salt.version.__version__
latest_release = '2017.7.0' # latest release
previous_release = '2016.11.6' # latest release from previous branch
latest_release = '2017.7.1' # latest release
previous_release = '2016.11.7' # latest release from previous branch
previous_release_dir = '2016.11' # path on web server for previous branch
next_release = '' # next release
next_release_dir = '' # path on web server for next release branch
@ -320,11 +320,21 @@ rst_prolog = """\
.. _`salt-packagers`: https://groups.google.com/forum/#!forum/salt-packagers
.. |windownload| raw:: html
<p>x86: <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-x86-Setup.exe"><strong>Salt-Minion-{release}-x86-Setup.exe</strong></a>
| <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-x86-Setup.exe.md5"><strong>md5</strong></a></p>
<p>Python2 x86: <a
href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py2-x86-Setup.exe"><strong>Salt-Minion-{release}-x86-Setup.exe</strong></a>
| <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py2-x86-Setup.exe.md5"><strong>md5</strong></a></p>
<p>Python2 AMD64: <a
href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py2-AMD64-Setup.exe"><strong>Salt-Minion-{release}-AMD64-Setup.exe</strong></a>
| <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py2-AMD64-Setup.exe.md5"><strong>md5</strong></a></p>
<p>Python3 x86: <a
href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py3-x86-Setup.exe"><strong>Salt-Minion-{release}-x86-Setup.exe</strong></a>
| <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py3-x86-Setup.exe.md5"><strong>md5</strong></a></p>
<p>Python3 AMD64: <a
href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py3-AMD64-Setup.exe"><strong>Salt-Minion-{release}-AMD64-Setup.exe</strong></a>
| <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py3-AMD64-Setup.exe.md5"><strong>md5</strong></a></p>
<p>AMD64: <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-AMD64-Setup.exe"><strong>Salt-Minion-{release}-AMD64-Setup.exe</strong></a>
| <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-AMD64-Setup.exe.md5"><strong>md5</strong></a></p>
.. |osxdownload| raw:: html

26
doc/faq.rst
View File

@ -321,7 +321,27 @@ Restart using states
********************
Now we can apply the workaround to restart the Minion in reliable way.
The following example works on both UNIX-like and Windows operating systems:
The following example works on UNIX-like operating systems:
.. code-block:: jinja
{%- if grains['os'] != 'Windows' %
Restart Salt Minion:
cmd.run:
- name: 'salt-call --local service.restart salt-minion'
- bg: True
- onchanges:
- pkg: Upgrade Salt Minion
{%- endif %}
Note that restarting the ``salt-minion`` service on Windows operating systems is
not always necessary when performing an upgrade. The installer stops the
``salt-minion`` service, removes it, deletes the contents of the ``\salt\bin``
directory, installs the new code, re-creates the ``salt-minion`` service, and
starts it (by default). The restart step **would** be necessary during the
upgrade process, however, if the minion config was edited after the upgrade or
installation. If a minion restart is necessary, the state above can be edited
as follows:
.. code-block:: jinja
@ -337,8 +357,8 @@ The following example works on both UNIX-like and Windows operating systems:
- pkg: Upgrade Salt Minion
However, it requires more advanced tricks to upgrade from legacy version of
Salt (before ``2016.3.0``), where executing commands in the background is not
supported:
Salt (before ``2016.3.0``) on UNIX-like operating systems, where executing
commands in the background is not supported:
.. code-block:: jinja

1
doc/ref/auth/all/index.rst
View File

@ -19,5 +19,4 @@ auth modules
pki
rest
sharedsecret
stormpath
yubico

6
doc/ref/auth/all/salt.auth.stormpath.rst
View File

@ -1,6 +0,0 @@
===================
salt.auth.stormpath
===================
.. automodule:: salt.auth.stormpath
:members:

15
doc/ref/cli/_includes/output-options.rst
View File

@ -33,6 +33,10 @@ Output Options
Write the output to the specified file.
.. option:: --out-file-append, --output-file-append
Append the output to the specified file.
.. option:: --no-color
Disable all colored output
@ -46,3 +50,14 @@ Output Options
``green`` denotes success, ``red`` denotes failure, ``blue`` denotes
changes and success and ``yellow`` denotes a expected future change in configuration.
.. option:: --state-output=STATE_OUTPUT, --state_output=STATE_OUTPUT
Override the configured state_output value for minion
output. One of 'full', 'terse', 'mixed', 'changes' or
'filter'. Default: 'none'.
.. option:: --state-verbose=STATE_VERBOSE, --state_verbose=STATE_VERBOSE
Override the configured state_verbose value for minion
output. Set to True or False. Default: none.

2
doc/ref/cli/salt.rst
View File

@ -81,7 +81,7 @@ Options
Pass in an external authentication medium to validate against. The
credentials will be prompted for. The options are `auto`,
`keystone`, `ldap`, `pam`, and `stormpath`. Can be used with the -T
`keystone`, `ldap`, and `pam`. Can be used with the -T
option.
.. option:: -T, --make-token

6
doc/ref/clouds/all/salt.cloud.clouds.oneandone.rst Normal file
View File

@ -0,0 +1,6 @@
===========================
salt.cloud.clouds.oneandone
===========================
.. automodule:: salt.cloud.clouds.oneandone
:members:

461
doc/ref/configuration/master.rst
View File

@ -94,64 +94,6 @@ The user to run the Salt processes
user: root
.. conf_master:: max_open_files
``max_open_files``
------------------
Default: ``100000``
Each minion connecting to the master uses AT LEAST one file descriptor, the
master subscription connection. If enough minions connect you might start
seeing on the console(and then salt-master crashes):
.. code-block:: bash
Too many open files (tcp_listener.cpp:335)
Aborted (core dumped)
.. code-block:: yaml
max_open_files: 100000
By default this value will be the one of `ulimit -Hn`, i.e., the hard limit for
max open files.
To set a different value than the default one, uncomment, and configure this
setting. Remember that this value CANNOT be higher than the hard limit. Raising
the hard limit depends on the OS and/or distribution, a good way to find the
limit is to search the internet for something like this:
.. code-block:: text
raise max open files hard limit debian
.. conf_master:: worker_threads
``worker_threads``
------------------
Default: ``5``
The number of threads to start for receiving commands and replies from minions.
If minions are stalling on replies because you have many minions, raise the
worker_threads value.
Worker threads should not be put below 3 when using the peer system, but can
drop down to 1 worker otherwise.
.. note::
When the master daemon starts, it is expected behaviour to see
multiple salt-master processes, even if 'worker_threads' is set to '1'. At
a minimum, a controlling process will start along with a Publisher, an
EventPublisher, and a number of MWorker processes will be started. The
number of MWorker processes is tuneable by the 'worker_threads'
configuration value while the others are not.
.. code-block:: yaml
worker_threads: 5
.. conf_master:: ret_port
``ret_port``
@ -946,6 +888,74 @@ to socket concurrently.
sock_pool_size: 15
.. conf_master:: ipc_mode
``ipc_mode``
------------
Default: ``ipc``
The ipc strategy. (i.e., sockets versus tcp, etc.) Windows platforms lack
POSIX IPC and must rely on TCP based inter-process communications. ``ipc_mode``
is set to ``tcp`` by default on Windows.
.. code-block:: yaml
ipc_mode: ipc
.. conf_master::
``tcp_master_pub_port``
-----------------------
Default: ``4512``
The TCP port on which events for the master should be published if ``ipc_mode`` is TCP.
.. code-block:: yaml
tcp_master_pub_port: 4512
.. conf_master:: tcp_master_pull_port
``tcp_master_pull_port``
------------------------
Default: ``4513``
The TCP port on which events for the master should be pulled if ``ipc_mode`` is TCP.
.. code-block:: yaml
tcp_master_pull_port: 4513
.. conf_master:: tcp_master_publish_pull
``tcp_master_publish_pull``
---------------------------
Default: ``4514``
The TCP port on which events for the master should be pulled fom and then republished onto
the event bus on the master.
.. code-block:: yaml
tcp_master_publish_pull: 4514
.. conf_master:: tcp_master_workers
``tcp_master_workers``
----------------------
Default: ``4515``
The TCP port for ``mworkers`` to connect to on the master.
.. code-block:: yaml
tcp_master_workers: 4515
.. _salt-ssh-configuration:
@ -1192,6 +1202,19 @@ public keys from minions.
auto_accept: False
.. conf_master:: keysize
``keysize``
-----------
Default: ``2048``
The size of key that should be generated when creating new keys.
.. code-block:: yaml
keysize: 2048
.. conf_master:: autosign_timeout
``autosign_timeout``
@ -1236,6 +1259,24 @@ minion IDs for which keys will automatically be rejected. Will override both
membership in the :conf_master:`autosign_file` and the
:conf_master:`auto_accept` setting.
.. conf_master:: permissive_pki_access
``permissive_pki_access``
-------------------------
Default: ``False``
Enable permissive access to the salt keys. This allows you to run the
master or minion as root, but have a non-root group be given access to
your pki_dir. To make the access explicit, root must belong to the group
you've given access to. This is potentially quite insecure. If an autosign_file
is specified, enabling permissive_pki_access will allow group access to that
specific file.
.. code-block:: yaml
permissive_pki_access: False
.. conf_master:: publisher_acl
``publisher_acl``
@ -1278,6 +1319,20 @@ This is completely disabled by default.
- cmd.*
- test.echo
.. conf_master:: sudo_acl
``sudo_acl``
------------
Default: ``False``
Enforce ``publisher_acl`` and ``publisher_acl_blacklist`` when users have sudo
access to the salt command.
.. code-block:: yaml
sudo_acl: False
.. conf_master:: external_auth
``external_auth``
@ -1462,6 +1517,19 @@ Do not disable this unless it is absolutely clear what this does.
rotate_aes_key: True
.. conf_master:: publish_session
``publish_session``
-------------------
Default: ``86400``
The number of seconds between AES key rotations on the master.
.. code-block:: yaml
publish_session: Default: 86400
.. conf_master:: ssl
``ssl``
@ -1492,6 +1560,24 @@ constant names without ssl module prefix: ``CERT_REQUIRED`` or ``PROTOCOL_SSLv23
``allow_minion_key_revoke``
---------------------------
Default: ``False``
By default, the master deletes its cache of minion data when the key for that
minion is removed. To preserve the cache after key deletion, set
``preserve_minion_cache`` to True.
WARNING: This may have security implications if compromised minions auth with
a previous deleted minion ID.
.. code-block:: yaml
preserve_minion_cache: False
.. conf_master:: allow_minion_key_revoke
``allow_minion_key_revoke``
---------------------------
Default: ``True``
Controls whether a minion can request its own key revocation. When True
@ -1504,6 +1590,127 @@ the master will drop the request and the minion's key will remain accepted.
rotate_aes_key: True
Master Large Scale Tuning Settings
==================================
.. conf_master:: max_open_files
``max_open_files``
------------------
Default: ``100000``
Each minion connecting to the master uses AT LEAST one file descriptor, the
master subscription connection. If enough minions connect you might start
seeing on the console(and then salt-master crashes):
.. code-block:: bash
Too many open files (tcp_listener.cpp:335)
Aborted (core dumped)
.. code-block:: yaml
max_open_files: 100000
By default this value will be the one of `ulimit -Hn`, i.e., the hard limit for
max open files.
To set a different value than the default one, uncomment, and configure this
setting. Remember that this value CANNOT be higher than the hard limit. Raising
the hard limit depends on the OS and/or distribution, a good way to find the
limit is to search the internet for something like this:
.. code-block:: text
raise max open files hard limit debian
.. conf_master:: worker_threads
``worker_threads``
------------------
Default: ``5``
The number of threads to start for receiving commands and replies from minions.
If minions are stalling on replies because you have many minions, raise the
worker_threads value.
Worker threads should not be put below 3 when using the peer system, but can
drop down to 1 worker otherwise.
.. note::
When the master daemon starts, it is expected behaviour to see
multiple salt-master processes, even if 'worker_threads' is set to '1'. At
a minimum, a controlling process will start along with a Publisher, an
EventPublisher, and a number of MWorker processes will be started. The
number of MWorker processes is tuneable by the 'worker_threads'
configuration value while the others are not.
.. code-block:: yaml
worker_threads: 5
.. conf_master:: pub_hwm
``pub_hwm``
-----------
Default: ``1000``
The zeromq high water mark on the publisher interface.
.. code-block:: yaml
pub_hwm: 1000
.. conf_master:: zmq_backlog
``zmq_backlog``
---------------
Default: ``1000``
The listen queue size of the ZeroMQ backlog.
.. code-block:: yaml
zmq_backlog: 1000
.. conf_master:: salt_event_pub_hwm
.. conf_master:: event_publisher_pub_hwm
``salt_event_pub_hwm`` and ``event_publisher_pub_hwm``
------------------------------------------------------
These two ZeroMQ High Water Mark settings, ``salt_event_pub_hwm`` and
``event_publisher_pub_hwm`` are significant for masters with thousands of
minions. When these are insufficiently high it will manifest in random
responses missing in the CLI and even missing from the job cache. Masters
that have fast CPUs and many cores with appropriate ``worker_threads``
will not need these set as high.
The ZeroMQ high-water-mark for the ``SaltEvent`` pub socket default is:
.. code-block:: yaml
salt_event_pub_hwm: 20000
The ZeroMQ high-water-mark for the ``EventPublisher`` pub socket default is:
.. code-block:: yaml
event_publisher_pub_hwm: 10000
As an example, on single master deployment with 8,000 minions, 2.4GHz CPUs,
24 cores, and 32GiB memory has these settings:
.. code-block:: yaml
salt_event_pub_hwm: 128000
event_publisher_pub_hwm: 64000
.. _master-module-management:
Master Module Management
@ -1552,7 +1759,8 @@ Default: ``top.sls``
The state system uses a "top" file to tell the minions what environment to
use and what modules to use. The state_top file is defined relative to the
root of the base environment.
root of the base environment. The value of "state_top" is also used for the
pillar top file
.. code-block:: yaml
@ -3245,6 +3453,26 @@ configuration.
pillar_opts: False
.. conf_master:: pillar_safe_render_error
``pillar_safe_render_error``
----------------------------
Default: ``True``
The pillar_safe_render_error option prevents the master from passing pillar
render errors to the minion. This is set on by default because the error could
contain templating data which would give that minion information it shouldn't
have, like a password! When set ``True`` the error message will only show:
.. code-block:: shell
Rendering SLS 'my.sls' failed. Please see master log for details.
.. code-block:: yaml
pillar_safe_render_error: True
.. _master-configuration-ext-pillar:
.. conf_master:: ext_pillar
@ -3915,6 +4143,62 @@ can be utilized:
pillar_cache_backend: disk
Master Reactor Settings
=======================
.. conf_master:: reactor
``reactor``
-----------
Default: ``[]``
Defines a salt reactor. See the :ref:`Reactor <reactor>` documentation for more
information.
.. code-block:: yaml
reactor: []
.. conf_master:: reactor_refresh_interval
``reactor_refresh_interval``
----------------------------
Default: ``60``
The TTL for the cache of the reactor configuration.
.. code-block:: yaml
reactor_refresh_interval: 60
.. conf_master:: reactor_worker_threads
``reactor_worker_threads``
--------------------------
Default: ``10``
The number of workers for the runner/wheel in the reactor.
.. code-block:: yaml
reactor_worker_threads: 10
.. conf_master:: reactor_worker_hwm
``reactor_worker_hwm``
----------------------
Default: ``10000``
The queue size for workers in the reactor.
.. code-block:: yaml
reactor_worker_hwm: 10000
.. _syndic-server-settings:
Syndic Server Settings
@ -4381,6 +4665,63 @@ option then the master will log a warning message.
- /etc/roles/webserver
Keepalive Settings
==================
.. conf_master:: tcp_keepalive
``tcp_keepalive``
-----------------
Default: ``True``
The tcp keepalive interval to set on TCP ports. This setting can be used to tune Salt
connectivity issues in messy network environments with misbehaving firewalls.
.. code-block:: yaml
tcp_keepalive: True
.. conf_master:: tcp_keepalive_cnt
``tcp_keepalive_cnt``
---------------------
Default: ``-1``
Sets the ZeroMQ TCP keepalive count. May be used to tune issues with minion disconnects.
.. code-block:: yaml
tcp_keepalive_cnt: -1
.. conf_master:: tcp_keepalive_idle
``tcp_keepalive_idle``
----------------------
Default: ``300``
Sets ZeroMQ TCP keepalive idle. May be used to tune issues with minion disconnects.
.. code-block:: yaml
tcp_keepalive_idle: 300
.. conf_master:: tcp_keepalive_intvl
``tcp_keepalive_intvl``
-----------------------
Default: ``-1``
Sets ZeroMQ TCP keepalive interval. May be used to tune issues with minion disconnects.
.. code-block:: yaml
tcp_keepalive_intvl': -1
.. _winrepo-master-config-opts:
Windows Software Repo Settings
@ -4519,7 +4860,7 @@ URL of the repository:
.. code-block:: yaml
winrepo_remotes:
winrepo_remotes_ng:
- '<commit_id> https://github.com/saltstack/salt-winrepo-ng.git'
Replace ``<commit_id>`` with the SHA1 hash of a commit ID. Specifying a commit

297
doc/ref/configuration/minion.rst
View File

@ -782,6 +782,20 @@ seconds each iteration.
acceptance_wait_time_max: 0
.. conf_minion:: rejected_retry
``rejected_retry``
------------------
Default: ``False``
If the master rejects the minion's public key, retry instead of exiting.
Rejected keys will be handled the same as waiting on acceptance.
.. code-block:: yaml
rejected_retry: False
.. conf_minion:: random_reauth_delay
``random_reauth_delay``
@ -1212,7 +1226,7 @@ If certain returners should be disabled, this is the place
.. conf_minion:: enable_whitelist_modules
``whitelist_modules``
----------------------------
---------------------
Default: ``[]`` (Module whitelisting is disabled. Adding anything to the config option
will cause only the listed modules to be enabled. Modules not in the list will
@ -1304,6 +1318,20 @@ A list of extra directories to search for Salt renderers
render_dirs:
- /var/lib/salt/renderers
.. conf_minion:: utils_dirs
``utils_dirs``
--------------
Default: ``[]``
A list of extra directories to search for Salt utilities
.. code-block:: yaml
utils_dirs:
- /var/lib/salt/utils
.. conf_minion:: cython_enable
``cython_enable``
@ -1352,6 +1380,20 @@ below.
providers:
service: systemd
.. conf_minion:: modules_max_memory
``modules_max_memory``
----------------------
Default: ``-1``
Specify a max size (in bytes) for modules on import. This feature is currently
only supported on *nix operating systems and requires psutil.
.. code-block:: yaml
modules_max_memory: -1
.. conf_minion:: extmod_whitelist
.. conf_minion:: extmod_blacklist
@ -1377,8 +1419,8 @@ whitelist an empty list.
modules:
- specific_module
Valid options:
- beacons
- clouds
- sdb
@ -1524,6 +1566,52 @@ environment lacks one.
default_top: dev
.. conf_minion:: startup_states
``startup_states``
------------------
Default: ``''``
States to run when the minion daemon starts. To enable, set ``startup_states`` to:
- ``highstate``: Execute state.highstate
- ``sls``: Read in the sls_list option and execute the named sls files
- ``top``: Read top_file option and execute based on that file on the Master
.. code-block:: yaml
startup_states: ''
.. conf_minion:: sls_list
``sls_list``
------------
Default: ``[]``
List of states to run when the minion starts up if ``startup_states`` is set to ``sls``.
.. code-block:: yaml
sls_list:
- edit.vim
- hyper
.. conf_minion:: top_file
``top_file``
------------
Default: ``''``
Top file to execute if ``startup_states`` is set to ``top``.
.. code-block:: yaml
top_file: ''
State Management Settings
=========================
@ -1540,7 +1628,7 @@ The default renderer used for local state executions
renderer: yaml_jinja
.. conf_master:: test
.. conf_minion:: test
``test``
--------
@ -2058,6 +2146,35 @@ before the initial key exchange. The master fingerprint can be found by running
master_finger: 'ba:30:65:2a:d6:9e:20:4f:d8:b2:f3:a7:d4:65:11:13'
.. conf_minion:: keysize
``keysize``
-----------
Default: ``2048``
The size of key that should be generated when creating new keys.
.. code-block:: yaml
keysize: 2048
.. conf_minion:: permissive_pki_access
``permissive_pki_access``
-------------------------
Default: ``False``
Enable permissive access to the salt keys. This allows you to run the
master or minion as root, but have a non-root group be given access to
your pki_dir. To make the access explicit, root must belong to the group
you've given access to. This is potentially quite insecure.
.. code-block:: yaml
permissive_pki_access: False
.. conf_minion:: verify_master_pubkey_sign
``verify_master_pubkey_sign``
@ -2165,7 +2282,7 @@ blocked. If `cmd_whitelist_glob` is NOT SET, then all shell commands are permitt
- 'cat /etc/fstab'
.. conf_master:: ssl
.. conf_minion:: ssl
``ssl``
-------
@ -2191,6 +2308,62 @@ constant names without ssl module prefix: ``CERT_REQUIRED`` or ``PROTOCOL_SSLv23
ssl_version: PROTOCOL_TLSv1_2
Reactor Settings
================
.. conf_minion:: reactor
``reactor``
-----------
Default: ``[]``
Defines a salt reactor. See the :ref:`Reactor <reactor>` documentation for more
information.
.. code-block:: yaml
reactor: []
.. conf_minion:: reactor_refresh_interval
``reactor_refresh_interval``
----------------------------
Default: ``60``
The TTL for the cache of the reactor configuration.
.. code-block:: yaml
reactor_refresh_interval: 60
.. conf_minion:: reactor_worker_threads
``reactor_worker_threads``
--------------------------
Default: ``10``
The number of workers for the runner/wheel in the reactor.
.. code-block:: yaml
reactor_worker_threads: 10
.. conf_minion:: reactor_worker_hwm
``reactor_worker_hwm``
----------------------
Default: ``10000``
The queue size for workers in the reactor.
.. code-block:: yaml
reactor_worker_hwm: 10000
Thread Settings
===============
@ -2461,6 +2634,62 @@ option then the minion will log a warning message.
- /etc/roles/webserver
Keepalive Settings
==================
.. conf_minion:: tcp_keepalive
``tcp_keepalive``
-----------------
Default: ``True``
The tcp keepalive interval to set on TCP ports. This setting can be used to tune Salt
connectivity issues in messy network environments with misbehaving firewalls.
.. code-block:: yaml
tcp_keepalive: True
.. conf_minion:: tcp_keepalive_cnt
``tcp_keepalive_cnt``
---------------------
Default: ``-1``
Sets the ZeroMQ TCP keepalive count. May be used to tune issues with minion disconnects.
.. code-block:: yaml
tcp_keepalive_cnt: -1
.. conf_minion:: tcp_keepalive_idle
``tcp_keepalive_idle``
----------------------
Default: ``300``
Sets ZeroMQ TCP keepalive idle. May be used to tune issues with minion disconnects.
.. code-block:: yaml
tcp_keepalive_idle: 300
.. conf_minion:: tcp_keepalive_intvl
``tcp_keepalive_intvl``
-----------------------
Default: ``-1``
Sets ZeroMQ TCP keepalive interval. May be used to tune issues with minion disconnects.
.. code-block:: yaml
tcp_keepalive_intvl': -1
Frozen Build Update Settings
============================
@ -2562,6 +2791,36 @@ out.
winrepo_dir: 'D:\winrepo'
.. conf_minion:: winrepo_dir_ng
``winrepo_dir_ng``
------------------
.. versionadded:: 2015.8.0
A new :ref:`ng <windows-package-manager>` repo was added.
Default: ``/srv/salt/win/repo-ng``
Location on the minion where the :conf_minion:`winrepo_remotes_ng` are checked
out for 2015.8.0 and later minions.
.. code-block:: yaml
winrepo_dir_ng: /srv/salt/win/repo-ng
.. conf_minion:: winrepo_source_dir
``winrepo_source_dir``
----------------------
Default: ``salt://win/repo-ng/``
The source location for the winrepo sls files.
.. code-block:: yaml
winrepo_source_dir: salt://win/repo-ng/
.. conf_minion:: winrepo_cachefile
.. conf_minion:: win_repo_cachefile
@ -2614,3 +2873,33 @@ URL of the repository:
Replace ``<commit_id>`` with the SHA1 hash of a commit ID. Specifying a commit
ID is useful in that it allows one to revert back to a previous version in the
event that an error is introduced in the latest revision of the repo.
.. conf_minion:: winrepo_remotes_ng
``winrepo_remotes_ng``
----------------------
.. versionadded:: 2015.8.0
A new :ref:`ng <windows-package-manager>` repo was added.
Default: ``['https://github.com/saltstack/salt-winrepo-ng.git']``
List of git repositories to checkout and include in the winrepo for
2015.8.0 and later minions.
.. code-block:: yaml
winrepo_remotes_ng:
- https://github.com/saltstack/salt-winrepo-ng.git
To specify a specific revision of the repository, prepend a commit ID to the
URL of the repository:
.. code-block:: yaml
winrepo_remotes_ng:
- '<commit_id> https://github.com/saltstack/salt-winrepo-ng.git'
Replace ``<commit_id>`` with the SHA1 hash of a commit ID. Specifying a commit
ID is useful in that it allows one to revert back to a previous version in the
event that an error is introduced in the latest revision of the repo.

3
doc/ref/modules/all/index.rst
View File

@ -97,6 +97,7 @@ execution modules
cytest
daemontools
data
datadog_api
ddns
deb_apache
deb_postgres
@ -197,6 +198,7 @@ execution modules
keyboard
keystone
kmod
kubernetes
launchctl
layman
ldap3
@ -398,7 +400,6 @@ execution modules
state
status
statuspage
stormpath
supervisord
suse_apache
svn

6
doc/ref/modules/all/salt.modules.datadog_api.rst Normal file
View File

@ -0,0 +1,6 @@
========================
salt.modules.datadog_api
========================
.. automodule:: salt.modules.datadog_api
:members:

6
doc/ref/modules/all/salt.modules.kubernetes.rst Normal file
View File

@ -0,0 +1,6 @@
=======================
salt.modules.kubernetes
=======================
.. automodule:: salt.modules.kubernetes
:members:

6
doc/ref/modules/all/salt.modules.stormpath.rst
View File

@ -1,6 +0,0 @@
======================
salt.modules.stormpath
======================
.. automodule:: salt.modules.stormpath
:members:

3
doc/ref/modules/all/salt.modules.test.rst
View File

@ -3,4 +3,5 @@ salt.modules.test
=================
.. automodule:: salt.modules.test
:members:
:members:
:exclude-members: rand_str

25
doc/ref/modules/index.rst
View File

@ -429,10 +429,33 @@ similar to the following:
Confine this module to Mac OS with Homebrew.
'''
if salt.utils.which('brew') and __grains__['os'] == 'MacOS':
if salt.utils.path.which('brew') and __grains__['os'] == 'MacOS':
return __virtualname__
return False
The ``__virtual__()`` function can return a ``True`` or ``False`` boolean, a tuple,
or a string. If it returns a ``True`` value, this ``__virtualname__`` module-level
attribute can be set as seen in the above example. This is the string that the module
should be referred to as.
When ``__virtual__()`` returns a tuple, the first item should be a boolean and the
second should be a string. This is typically done when the module should not load. The
first value of the tuple is ``False`` and the second is the error message to display
for why the module did not load.
For example:
.. code-block:: python
def __virtual__():
'''
Only load if git exists on the system
'''
if salt.utils.which('git') is None:
return (False,
'The git execution module cannot be loaded: git unavailable.')
else:
return True
Documentation
=============

4
doc/ref/renderers/index.rst
View File

@ -146,8 +146,10 @@ Here is a simple YAML renderer example:
import yaml
from salt.utils.yamlloader import SaltYamlSafeLoader
from salt.ext import six
def render(yaml_data, saltenv='', sls='', **kws):
if not isinstance(yaml_data, basestring):
if not isinstance(yaml_data, six.string_types):
yaml_data = yaml_data.read()
data = yaml.load(
yaml_data,

2
doc/ref/states/all/index.rst
View File

@ -136,6 +136,7 @@ state modules
keyboard
keystone
kmod
kubernetes
layman
ldap
libcloud_dns
@ -249,7 +250,6 @@ state modules
stateconf
status
statuspage
stormpath_account
supervisord
svn
sysctl

6
doc/ref/states/all/salt.states.kubernetes.rst Normal file
View File

@ -0,0 +1,6 @@
======================
salt.states.kubernetes
======================
.. automodule:: salt.states.kubernetes
:members:

6
doc/ref/states/all/salt.states.stormpath_account.rst
View File

@ -1,6 +0,0 @@
=============================
salt.states.stormpath_account
=============================
.. automodule:: salt.states.stormpath_account
:members:

23
doc/ref/states/requisites.rst
View File

@ -519,7 +519,8 @@ runas
.. versionadded:: 2017.7.0
The ``runas`` global option is used to set the user which will be used to run the command in the ``cmd.run`` module.
The ``runas`` global option is used to set the user which will be used to run
the command in the ``cmd.run`` module.
.. code-block:: yaml
@ -532,6 +533,26 @@ The ``runas`` global option is used to set the user which will be used to run th
In the above state, the pip command run by ``cmd.run`` will be run by the daniel user.
runas_password
~~~~~~~~~~~~~~
.. versionadded:: 2017.7.2
The ``runas_password`` global option is used to set the password used by the
runas global option. This is required by ``cmd.run`` on Windows when ``runas``
is specified. It will be set when ``runas_password`` is defined in the state.
.. code-block:: yaml
run_script:
cmd.run:
- name: Powershell -NonInteractive -ExecutionPolicy Bypass -File C:\\Temp\\script.ps1
- runas: frank
- runas_password: supersecret
In the above state, the Powershell script run by ``cmd.run`` will be run by the
frank user with the password ``supersecret``.
.. _requisites-require-in:
.. _requisites-watch-in:
.. _requisites-onchanges-in:

24
doc/ref/states/writing.rst
View File

@ -135,19 +135,23 @@ A State Module must return a dict containing the following keys/values:
``test=True``, and changes would have been made if the state was not run in
test mode.
+--------------------+-----------+-----------+
| | live mode | test mode |
+====================+===========+===========+
| no changes | ``True`` | ``True`` |
+--------------------+-----------+-----------+
| successful changes | ``True`` | ``None`` |
+--------------------+-----------+-----------+
| failed changes | ``False`` | ``None`` |
+--------------------+-----------+-----------+
+--------------------+-----------+------------------------+
| | live mode | test mode |
+====================+===========+========================+
| no changes | ``True`` | ``True`` |
+--------------------+-----------+------------------------+
| successful changes | ``True`` | ``None`` |
+--------------------+-----------+------------------------+
| failed changes | ``False`` | ``False`` or ``None`` |
+--------------------+-----------+------------------------+
.. note::
Test mode does not predict if the changes will be successful or not.
Test mode does not predict if the changes will be successful or not,
and hence the result for pending changes is usually ``None``.
However, if a state is going to fail and this can be determined
in test mode without applying the change, ``False`` can be returned.
- **comment:** A string containing a summary of the result.

2
doc/spelling_wordlist.txt
View File

@ -777,8 +777,6 @@ Stateconf
stderr
stdin
stdout
stormpath
Stormpath
str
strftime
subfolder

6
doc/topics/cloud/action.rst
View File

@ -21,7 +21,7 @@ Or you may specify a map which includes all VMs to perform the action on:
$ salt-cloud -a reboot -m /path/to/mapfile
The following is a list of actions currently supported by salt-cloud:
The following is an example list of actions currently supported by ``salt-cloud``:
.. code-block:: yaml
@ -36,5 +36,5 @@ The following is a list of actions currently supported by salt-cloud:
- start
- stop
Another useful reference for viewing more salt-cloud actions is the
:ref:Salt Cloud Feature Matrix <salt-cloud-feature-matrix>
Another useful reference for viewing more ``salt-cloud`` actions is the
:ref:`Salt Cloud Feature Matrix <salt-cloud-feature-matrix>`.

24
doc/topics/cloud/cloud.rst
View File

@ -146,24 +146,24 @@ library. The following two lines set up the imports:
.. code-block:: python
from salt.cloud.libcloudfuncs import * # pylint: disable=W0614,W0401
from salt.utils import namespaced_function
import salt.utils
And then a series of declarations will make the necessary functions available
within the cloud module.
.. code-block:: python
get_size = namespaced_function(get_size, globals())
get_image = namespaced_function(get_image, globals())
avail_locations = namespaced_function(avail_locations, globals())
avail_images = namespaced_function(avail_images, globals())
avail_sizes = namespaced_function(avail_sizes, globals())
script = namespaced_function(script, globals())
destroy = namespaced_function(destroy, globals())
list_nodes = namespaced_function(list_nodes, globals())
list_nodes_full = namespaced_function(list_nodes_full, globals())
list_nodes_select = namespaced_function(list_nodes_select, globals())
show_instance = namespaced_function(show_instance, globals())
get_size = salt.utils.namespaced_function(get_size, globals())
get_image = salt.utils.namespaced_function(get_image, globals())
avail_locations = salt.utils.namespaced_function(avail_locations, globals())
avail_images = salt.utils.namespaced_function(avail_images, globals())
avail_sizes = salt.utils.namespaced_function(avail_sizes, globals())
script = salt.utils.namespaced_function(script, globals())
destroy = salt.utils.namespaced_function(destroy, globals())
list_nodes = salt.utils.namespaced_function(list_nodes, globals())
list_nodes_full = salt.utils.namespaced_function(list_nodes_full, globals())
list_nodes_select = salt.utils.namespaced_function(list_nodes_select, globals())
show_instance = salt.utils.namespaced_function(show_instance, globals())
If necessary, these functions may be replaced by removing the appropriate
declaration line, and then adding the function as normal.

18
doc/topics/cloud/config.rst
View File

@ -56,6 +56,24 @@ settings can be placed in the provider or profile:
sls_list:
- web
When salt cloud creates a new minon, it can automatically add grain information
to the minion configuration file identifying the sources originally used
to define it.
The generated grain information will appear similar to:
.. code-block:: yaml
grains:
salt-cloud:
driver: ec2
provider: my_ec2:ec2
profile: ec2-web
The generation of the salt-cloud grain can be surpressed by the
option ``enable_cloud_grains: 'False'`` in the cloud configuration file.
Cloud Configuration Syntax
==========================

2
doc/topics/cloud/function.rst
View File

@ -26,5 +26,5 @@ gathering information about instances on a provider basis:
$ salt-cloud -f list_nodes_full linode
$ salt-cloud -f list_nodes_select linode
Another useful reference for viewing salt-cloud functions is the
Another useful reference for viewing ``salt-cloud`` functions is the
:ref:`Salt Cloud Feature Matrix <salt-cloud-feature-matrix>`.

1
doc/topics/cloud/index.rst
View File

@ -119,6 +119,7 @@ Cloud Provider Specifics
Getting Started With Libvirt <libvirt>
Getting Started With Linode <linode>
Getting Started With LXC <lxc>
Getting Started With OneAndOne <oneandone>
Getting Started With OpenNebula <opennebula>
Getting Started With OpenStack <openstack>
Getting Started With Parallels <parallels>

2
doc/topics/cloud/joyent.rst
View File

@ -49,7 +49,7 @@ Set up an initial profile at ``/etc/salt/cloud.profiles`` or in the
.. code-block:: yaml
joyent_512
joyent_512:
provider: my-joyent-config
size: g4-highcpu-512M
image: ubuntu-16.04

6
doc/topics/cloud/libvirt.rst
View File

@ -8,10 +8,14 @@ libvirt with qemu-kvm.
http://www.libvirt.org/
Dependencies
Host Dependencies
============
* libvirt >= 1.2.18 (older might work)
Salt-Cloud Dependencies
============
* libvirt-python
Provider Configuration
======================

39
doc/topics/cloud/misc.rst
View File

@ -386,3 +386,42 @@ script, a cloud profile using ``file_map`` might look like:
file_map:
/local/path/to/custom/script: /remote/path/to/use/custom/script
/local/path/to/package: /remote/path/to/store/package
Running Pre-Flight Commands
===========================
.. versionadded:: Oxygen
To execute specified preflight shell commands on a VM before the deploy script is
run, use the ``preflight_cmds`` option. These must be defined as a list in a cloud
configuration file. For example:
.. code-block:: yaml
my-cloud-profile:
provider: linode-config
image: Ubuntu 16.04 LTS
size: Linode 2048
preflight_cmds:
- whoami
- echo 'hello world!'
These commands will run in sequence **before** the bootstrap script is executed.
Force Minion Config
===================
.. versionadded:: Oxygen
The ``force_minion_config`` option requests the bootstrap process to overwrite
an existing minion configuration file and public/private key files.
Default: False
This might be important for drivers (such as ``saltify``) which are expected to
take over a connection from a former salt master.
.. code-block:: yaml
my_saltify_provider:
driver: saltify
force_minion_config: true

146
doc/topics/cloud/oneandone.rst Normal file
View File

@ -0,0 +1,146 @@
==========================
Getting Started With 1and1
==========================
1&1 is one of the worlds leading Web hosting providers. 1&1 currently offers
a wide range of Web hosting products, including email solutions and high-end
servers in 10 different countries including Germany, Spain, Great Britain
and the United States. From domains to 1&1 MyWebsite to eBusiness solutions
like Cloud Hosting and Web servers for complex tasks, 1&1 is well placed to deliver
a high quality service to its customers. All 1&1 products are hosted in
1&1s high-performance, green data centers in the USA and Europe.
Dependencies
============
* 1and1 >= 1.2.0
Configuration
=============
* Using the new format, set up the cloud configuration at
``/etc/salt/cloud.providers`` or
``/etc/salt/cloud.providers.d/oneandone.conf``:
.. code-block:: yaml
my-oneandone-config:
driver: oneandone
# Set the location of the salt-master
#
minion:
master: saltmaster.example.com
# Configure oneandone authentication credentials
#
api_token: <api_token>
ssh_private_key: /path/to/id_rsa
ssh_public_key: /path/to/id_rsa.pub
Authentication
==============
The ``api_key`` is used for API authorization. This token can be obtained
from the CloudPanel in the Management section below Users.
Profiles
========
Here is an example of a profile:
.. code-block:: yaml
oneandone_fixed_size:
provider: my-oneandone-config
description: Small instance size server
fixed_instance_size: S
appliance_id: 8E3BAA98E3DFD37857810E0288DD8FBA
oneandone_custom_size:
provider: my-oneandone-config
description: Custom size server
vcore: 2
cores_per_processor: 2
ram: 8
appliance_id: 8E3BAA98E3DFD37857810E0288DD8FBA
hdds:
-
is_main: true
size: 20
-
is_main: false
size: 20
The following list explains some of the important properties.
fixed_instance_size_id
When creating a server, either ``fixed_instance_size_id`` or custom hardware params
containing ``vcore``, ``cores_per_processor``, ``ram``, and ``hdds`` must be provided.
Can be one of the IDs listed among the output of the following command:
.. code-block:: bash
salt-cloud --list-sizes oneandone
vcore
Total amount of processors.
cores_per_processor
Number of cores per processor.
ram
RAM memory size in GB.
hdds
Hard disks.
appliance_id
ID of the image that will be installed on server.
Can be one of the IDs listed in the output of the following command:
.. code-block:: bash
salt-cloud --list-images oneandone
datacenter_id
ID of the datacenter where the server will be created.
Can be one of the IDs listed in the output of the following command:
.. code-block:: bash
salt-cloud --list-locations oneandone
description
Description of the server.
password
Password of the server. Password must contain more than 8 characters
using uppercase letters, numbers and other special symbols.
power_on
Power on server after creation. Default is set to true.
firewall_policy_id
Firewall policy ID. If it is not provided, the server will assign
the best firewall policy, creating a new one if necessary. If the parameter
is sent with a 0 value, the server will be created with all ports blocked.
ip_id
IP address ID.
load_balancer_id
Load balancer ID.
monitoring_policy_id
Monitoring policy ID.
deploy
Set to False if Salt should not be installed on the node.
wait_for_timeout
The timeout to wait in seconds for provisioning resources such as servers.
The default wait_for_timeout is 15 minutes.
For more information concerning cloud profiles, see :ref:`here
<salt-cloud-profiles>`.

96
doc/topics/cloud/saltify.rst
View File

@ -16,7 +16,7 @@ The Saltify driver has no external dependencies.
Configuration
=============
Because the Saltify driver does not use an actual cloud provider host, it has a
Because the Saltify driver does not use an actual cloud provider host, it can have a
simple provider configuration. The only thing that is required to be set is the
driver name, and any other potentially useful information, like the location of
the salt-master:
@ -31,6 +31,12 @@ the salt-master:
master: 111.222.333.444
provider: saltify
However, if you wish to use the more advanced capabilities of salt-cloud, such as
rebooting, listing, and disconnecting machines, then the salt master must fill
the role usually performed by a vendor's cloud management system. In order to do
that, you must configure your salt master as a salt-api server, and supply credentials
to use it. (See ``salt-api setup`` below.)
Profiles
========
@ -72,6 +78,30 @@ to it can be verified with Salt:
salt my-machine test.ping
Destroy Options
---------------
For obvious reasons, the ``destroy`` action does not actually vaporize hardware.
If the salt master is connected using salt-api, it can tear down parts of
the client machines. It will remove the client's key from the salt master,
and will attempt the following options:
.. code-block:: yaml
- remove_config_on_destroy: true
# default: true
# Deactivate salt-minion on reboot and
# delete the minion config and key files from its ``/etc/salt`` directory,
# NOTE: If deactivation is unsuccessful (older Ubuntu machines) then when
# salt-minion restarts it will automatically create a new, unwanted, set
# of key files. The ``force_minion_config`` option must be used in that case.
- shutdown_on_destroy: false
# default: false
# send a ``shutdown`` command to the client.
.. versionadded:: Oxygen
Using Map Files
---------------
The settings explained in the section above may also be set in a map file. An
@ -135,3 +165,67 @@ Return values:
- ``True``: Credential verification succeeded
- ``False``: Credential verification succeeded
- ``None``: Credential verification was not attempted.
Provisioning salt-api
=====================
In order to query or control minions it created, saltify needs to send commands
to the salt master. It does that using the network interface to salt-api.
The salt-api is not enabled by default. The following example will provide a
simple installation.
.. code-block:: yaml
# file /etc/salt/cloud.profiles.d/my_saltify_profiles.conf
hw_41: # a theoretical example hardware machine
ssh_host: 10.100.9.41 # the hard address of your target
ssh_username: vagrant # a user name which has passwordless sudo
password: vagrant # on your target machine
provider: my_saltify_provider
.. code-block:: yaml
# file /etc/salt/cloud.providers.d/saltify_provider.conf
my_saltify_provider:
driver: saltify
eauth: pam
username: vagrant # supply some sudo-group-member's name
password: vagrant # and password on the salt master
minion:
master: 10.100.9.5 # the hard address of the master
.. code-block:: yaml
# file /etc/salt/master.d/auth.conf
# using salt-api ... members of the 'sudo' group can do anything ...
external_auth:
pam:
sudo%:
- .*
- '@wheel'
- '@runner'
- '@jobs'
.. code-block:: yaml
# file /etc/salt/master.d/api.conf
# see https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html
rest_cherrypy:
host: localhost
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/certs/localhost.key
thread_pool: 30
socket_queue_size: 10
Start your target machine as a Salt minion named "node41" by:
.. code-block:: bash
$ sudo salt-cloud -p hw_41 node41

36
doc/topics/development/conventions/formulas.rst
View File

@ -214,18 +214,34 @@ Writing Formulas
Each Formula is a separate repository in the `saltstack-formulas`_ organization
on GitHub.
.. note:: Get involved creating new Formulas
Get involved creating new Formulas
----------------------------------
The best way to create new Formula repositories for now is to create a
repository in your own account on GitHub and notify a SaltStack employee
when it is ready. We will add you to the contributors team on the
`saltstack-formulas`_ organization and help you transfer the repository
over. Ping a SaltStack employee on IRC (``#salt`` on Freenode) or send an
email to the `salt-users`_ mailing list.
The best way to create new Formula repositories for now is to create a
repository in your own account on GitHub and notify a SaltStack employee when
it is ready. We will add you to the Contributors team on the
`saltstack-formulas`_ organization and help you transfer the repository over.
Ping a SaltStack employee on IRC (``#salt`` on Freenode) or send an email to
the `salt-users`_ mailing list.
There are a lot of repositories in that organization! Team members can
manage which repositories they are subscribed to on GitHub's watching page:
https://github.com/watching.
There are a lot of repositories in that organization! Team members can manage
which repositories they are subscribed to on GitHub's watching page:
https://github.com/watching.
Members of the Contributors team are welcome to participate in reviewing pull
requests across the Organization. Some repositories will have regular
contributors and some repositories will not. As you get involved in a
repository be sure to communicate with any other contributors there on pull
requests that are large or have breaking changes.
In general it is best to have another Contributor review and merge any pull
requests that you open. Feel free to `at-mention`__ other regular contributors
to a repository and request a review. However, there are a lot of formula
repositories so if a repository does not yet have regular contributors or if
your pull request has stayed open for more than a couple days feel free to
"selfie-merge" your own pull request.
__: https://help.github.com/articles/basic-writing-and-formatting-syntax/#mentioning-users-and-teams
Style
-----

26
doc/topics/development/deprecations.rst
View File

@ -18,10 +18,10 @@ on the significance and complexity of the changes required by the user.
Salt feature releases are based on the Periodic Table. Any new features going
into the develop branch will be named after the next element in the Periodic
Table. For example, Beryllium was the feature release name of the develop branch
before the 2015.8 branch was tagged. At that point in time, any new features going
into the develop branch after 2015.8 was branched were part of the Boron feature
release.
Table. For example, Beryllium was the feature release name of the develop
branch before the 2015.8 branch was tagged. At that point in time, any new
features going into the develop branch after 2015.8 was branched were part of
the Boron feature release.
A deprecation warning should be in place for at least two major releases before
the deprecated code and its accompanying deprecation warning are removed. More
@ -29,14 +29,14 @@ time should be given for more complex changes. For example, if the current
release under development is ``Sodium``, the deprecated code and associated
warnings should remain in place and warn for at least ``Aluminum``.
To help in this deprecation task, salt provides :func:`salt.utils.warn_until
<salt.utils.warn_until>`. The idea behind this helper function is to show the
deprecation warning to the user until salt reaches the provided version. Once
that provided version is equaled :func:`salt.utils.warn_until
<salt.utils.warn_until>` will raise a :py:exc:`RuntimeError` making salt stop
its execution. This stoppage is unpleasant and will remind the developer that
the deprecation limit has been reached and that the code can then be safely
removed.
To help in this deprecation task, salt provides
:func:`salt.utils.versions.warn_until <salt.utils.versions.warn_until>`. The
idea behind this helper function is to show the deprecation warning to the user
until salt reaches the provided version. Once that provided version is equaled
:func:`salt.utils.versions.warn_until <salt.utils.versions.warn_until>` will
raise a :py:exc:`RuntimeError` making salt stop its execution. This stoppage is
unpleasant and will remind the developer that the deprecation limit has been
reached and that the code can then be safely removed.
Consider the following example:
@ -44,7 +44,7 @@ Consider the following example:
def some_function(bar=False, foo=None):
if foo is not None:
salt.utils.warn_until(
salt.utils.versions.warn_until(
'Aluminum',
'The \'foo\' argument has been deprecated and its '
'functionality removed, as such, its usage is no longer '

2
doc/topics/development/tests/unit.rst
View File

@ -319,7 +319,7 @@ function into ``__salt__`` that's actually a MagicMock instance.
def show_patch(self):
with patch.dict(my_module.__salt__,
{'function.to_replace': MagicMock()}:
{'function.to_replace': MagicMock()}):
# From this scope, carry on with testing, with a modified __salt__!

154
doc/topics/installation/eos.rst Normal file
View File

@ -0,0 +1,154 @@
=========================================
Arista EOS Salt minion installation guide
=========================================
The Salt minion for Arista EOS is distributed as a SWIX extension and can be installed directly on the switch. The EOS network operating system is based on old Fedora distributions and the installation of the ``salt-minion`` requires backports. This SWIX extension contains the necessary backports, together with the Salt basecode.
.. note::
This SWIX extension has been tested on Arista DCS-7280SE-68-R, running EOS 4.17.5M and vEOS 4.18.3F.
Important Notes
===============
This package is in beta, make sure to test it carefully before running it in production.
If confirmed working correctly, please report and add a note on this page with the platform model and EOS version.
If you want to uninstall this package, please refer to the uninstalling_ section.
Installation from the Official SaltStack Repository
===================================================
Download the swix package and save it to flash.
.. code-block:: bash
veos#copy https://salt-eos.netops.life/salt-eos-latest.swix flash:
veos#copy https://salt-eos.netops.life/startup.sh flash:
Install the Extension
=====================
Copy the Salt package to extension
.. code-block:: bash
veos#copy flash:salt-eos-latest.swix extension:
Install the SWIX
.. code-block:: bash
veos#extension salt-eos-latest.swix force
Verify the installation
.. code-block:: bash
veos#show extensions | include salt-eos
salt-eos-2017-07-19.swix 1.0.11/1.fc25 A, F 27
Change the Salt master IP address or FQDN, by edit the variable (SALT_MASTER)
.. code-block:: bash
veos#bash vi /mnt/flash/startup.sh
Make sure you enable the eAPI with unix-socket
.. code-block:: bash
veos(config)#management api http-commands
protocol unix-socket
no shutdown
Post-installation tasks
=======================
Generate Keys and host record and start Salt minion
.. code-block:: bash
veos#bash
#sudo /mnt/flash/startup.sh
``salt-minion`` should be running
Copy the installed extensions to boot-extensions
.. code-block:: bash
veos#copy installed-extensions boot-extensions
Apply event-handler to let EOS start salt-minion during boot-up
.. code-block:: bash
veos(config)#event-handler boot-up-script
trigger on-boot
action bash sudo /mnt/flash/startup.sh
For more specific installation details of the ``salt-minion``, please refer to :ref:`Configuring Salt<configuring-salt>`.
.. _uninstalling:
Uninstalling
============
If you decide to uninstall this package, the following steps are recommended for safety:
1. Remove the extension from boot-extensions
.. code-block:: bash
veos#bash rm /mnt/flash/boot-extensions
2. Remove the extension from extensions folder
.. code-block:: bash
veos#bash rm /mnt/flash/.extensions/salt-eos-latest.swix
2. Remove boot-up script
.. code-block:: bash
veos(config)#no event-handler boot-up-script
Additional Information
======================
This SWIX extension contains the following RPM packages:
.. code-block:: text
libsodium-1.0.11-1.fc25.i686.rpm
libstdc++-6.2.1-2.fc25.i686.rpm
openpgm-5.2.122-6.fc24.i686.rpm
python-Jinja2-2.8-0.i686.rpm
python-PyYAML-3.12-0.i686.rpm
python-babel-0.9.6-5.fc18.noarch.rpm
python-backports-1.0-3.fc18.i686.rpm
python-backports-ssl_match_hostname-3.4.0.2-1.fc18.noarch.rpm
python-backports_abc-0.5-0.i686.rpm
python-certifi-2016.9.26-0.i686.rpm
python-chardet-2.0.1-5.fc18.noarch.rpm
python-crypto-1.4.1-1.noarch.rpm
python-crypto-2.6.1-1.fc18.i686.rpm
python-futures-3.1.1-1.noarch.rpm
python-jtextfsm-0.3.1-0.noarch.rpm
python-kitchen-1.1.1-2.fc18.noarch.rpm
python-markupsafe-0.18-1.fc18.i686.rpm
python-msgpack-python-0.4.8-0.i686.rpm
python-napalm-base-0.24.3-1.noarch.rpm
python-napalm-eos-0.6.0-1.noarch.rpm
python-netaddr-0.7.18-0.noarch.rpm
python-pyeapi-0.7.0-0.noarch.rpm
python-salt-2017.7.0_1414_g2fb986f-1.noarch.rpm
python-singledispatch-3.4.0.3-0.i686.rpm
python-six-1.10.0-0.i686.rpm
python-tornado-4.4.2-0.i686.rpm
python-urllib3-1.5-7.fc18.noarch.rpm
python2-zmq-15.3.0-2.fc25.i686.rpm
zeromq-4.1.4-5.fc25.i686.rpm

1
doc/topics/installation/index.rst
View File

@ -46,6 +46,7 @@ These guides go into detail how to install Salt on a given platform.
arch
debian
eos
fedora
freebsd
gentoo

82
doc/topics/jinja/index.rst
View File

@ -351,7 +351,7 @@ Returns:
.. versionadded:: 2017.7.0
Wraps a text around quoutes.
This text will be wrapped in quotes.
.. jinja_ref:: regex_search
@ -766,19 +766,43 @@ Returns:
Check a whitelist and/or blacklist to see if the value matches it.
Example:
This filter can be used with either a whitelist or a blacklist individually,
or a whitelist and a blacklist can be passed simultaneously.
If whitelist is used alone, value membership is checked against the
whitelist only. If the value is found, the function returns ``True``.
Otherwise, it returns ``False``.
If blacklist is used alone, value membership is checked against the
blacklist only. If the value is found, the function returns ``False``.
Otherwise, it returns ``True``.
If both a whitelist and a blacklist are provided, value membership in the
blacklist will be examined first. If the value is not found in the blacklist,
then the whitelist is checked. If the value isn't found in the whitelist,
the function returns ``False``.
Whitelist Example:
.. code-block:: jinja
{{ 5 | check_whitelist_blacklist(whitelist=[5, 6, 7]) }}
{{ 5 | check_whitelist_blacklist(blacklist=[5, 6, 7]) }}
{{ 5 | check_whitelist_blacklist(whitelist=[5, 6, 7]) }}
Returns:
.. code-block:: python
True
True
Blacklist Example:
.. code-block:: jinja
{{ 5 | check_whitelist_blacklist(blacklist=[5, 6, 7]) }}
.. code-block:: python
False
.. jinja_ref:: date_format
@ -804,12 +828,14 @@ Returns:
08.03.2017 17:00
.. jinja_ref:: str_to_num
.. jinja_ref:: to_num
``str_to_num``
--------------
``to_num``
----------
.. versionadded:: 2017.7.0
.. versionadded:: Oxygen
Renamed from ``str_to_num`` to ``to_num``.
Converts a string to its numerical value.
@ -817,7 +843,7 @@ Example:
.. code-block:: jinja
{{ '5' | str_to_num }}
{{ '5' | to_num }}
Returns:
@ -841,6 +867,13 @@ Example:
{{ 'wall of text' | to_bytes }}
.. note::
This option may have adverse effects when using the default renderer, ``yaml_jinja``.
This is due to the fact that YAML requires proper handling in regard to special
characters. Please see the section on :ref:`YAML ASCII support <yaml_plain_ascii>`
in the :ref:`YAML Idiosyncracies <yaml-idiosyncrasies>` documentation for more
information.
.. jinja_ref:: json_decode_list
@ -886,22 +919,28 @@ Returns:
{'a': 'b'}
.. jinja_ref:: rand_str
.. jinja_ref:: random_hash
``rand_str``
------------
``random_hash``
---------------
.. versionadded:: 2017.7.0
.. versionadded:: Oxygen
Renamed from ``rand_str`` to ``random_hash`` to more accurately describe
what the filter does.
Generate a random string and applies a hash. Default hashing: md5.
Generates a random number between 1 and the number passed to the filter, and
then hashes it. The default hash type is the one specified by the minion's
:conf_minion:`hash_type` config option, but an alternate hash type can be
passed to the filter as an argument.
Example:
.. code-block:: jinja
{% set passwd_length = 17 %}
{{ passwd_length | rand_str }}
{{ passwd_length | rand_str('sha512') }}
{% set num_range = 99999999 %}
{{ num_range | random_hash }}
{{ num_range | random_hash('sha512') }}
Returns:
@ -1202,7 +1241,7 @@ Example:
.. code-block:: jinja
{{ ['192.168.0.1', 'foo', 'bar', 'fe80::'] | ipv4 }}
{{ ['192.168.0.1', 'foo', 'bar', 'fe80::'] | ipv6 }}
Returns:
@ -1245,7 +1284,7 @@ Returns:
.. versionadded:: 2017.7.0
Return the size of the network.
Return the size of the network. This utility works for both IPv4 and IPv6.
Example:
@ -1305,6 +1344,13 @@ Example:
{{ '00:11:22:33:44:55' | mac_str_to_bytes }}
.. note::
This option may have adverse effects when using the default renderer, ``yaml_jinja``.
This is due to the fact that YAML requires proper handling in regard to special
characters. Please see the section on :ref:`YAML ASCII support <yaml_plain_ascii>`
in the :ref:`YAML Idiosyncracies <yaml-idiosyncrasies>` documentation for more
information.
.. jinja_ref:: dns_check

34
doc/topics/proxyminion/index.rst
View File

@ -89,7 +89,7 @@ they are being loaded for the correct proxytype, example below:
Only work on proxy
'''
try:
if salt.utils.is_proxy() and \
if salt.utils.platform.is_proxy() and \
__opts__['proxy']['proxytype'] == 'ssh_sample':
return __virtualname__
except KeyError:
@ -156,20 +156,23 @@ will need to be restarted to pick up any changes. A corresponding utility funct
``saltutil.sync_proxymodules``, has been added to sync these modules to minions.
In addition, a salt.utils helper function called `is_proxy()` was added to make
it easier to tell when the running minion is a proxy minion.
it easier to tell when the running minion is a proxy minion. **NOTE: This
function was renamed to salt.utils.platform.is_proxy() for the Oxygen release**
New in 2015.8
-------------
Starting with the 2015.8 release of Salt, proxy processes are no longer forked off from a controlling minion.
Instead, they have their own script ``salt-proxy`` which takes mostly the same arguments that the
standard Salt minion does with the addition of ``--proxyid``. This is the id that the salt-proxy will
use to identify itself to the master. Proxy configurations are still best kept in Pillar and their format
has not changed.
Starting with the 2015.8 release of Salt, proxy processes are no longer forked
off from a controlling minion. Instead, they have their own script
``salt-proxy`` which takes mostly the same arguments that the standard Salt
minion does with the addition of ``--proxyid``. This is the id that the
salt-proxy will use to identify itself to the master. Proxy configurations are
still best kept in Pillar and their format has not changed.
This change allows for better process control and logging. Proxy processes can now be listed with standard
process management utilities (``ps`` from the command line). Also, a full Salt minion is no longer
required (though it is still strongly recommended) on machines hosting proxies.
This change allows for better process control and logging. Proxy processes can
now be listed with standard process management utilities (``ps`` from the
command line). Also, a full Salt minion is no longer required (though it is
still strongly recommended) on machines hosting proxies.
Getting Started
@ -619,9 +622,10 @@ in the proxymodule itself. This might be useful if a proxymodule author wants t
all the code for the proxy interface in the same place instead of splitting it between
the proxy and grains directories.
This function will only be called automatically if the configuration variable ``proxy_merge_grains_in_module``
is set to True in the proxy configuration file (default ``/etc/salt/proxy``). This
variable defaults to ``True`` in the release code-named *2017.7.0*.
This function will only be called automatically if the configuration variable
``proxy_merge_grains_in_module`` is set to True in the proxy configuration file
(default ``/etc/salt/proxy``). This variable defaults to ``True`` in the
release code-named *2017.7.0*.
.. code: python::
@ -640,7 +644,7 @@ variable defaults to ``True`` in the release code-named *2017.7.0*.
def __virtual__():
try:
if salt.utils.is_proxy() and __opts__['proxy']['proxytype'] == 'rest_sample':
if salt.utils.platform.is_proxy() and __opts__['proxy']['proxytype'] == 'rest_sample':
return __virtualname__
except KeyError:
pass
@ -708,7 +712,7 @@ Example from ``salt/grains/rest_sample.py``:
def __virtual__():
try:
if salt.utils.is_proxy() and __opts__['proxy']['proxytype'] == 'rest_sample':
if salt.utils.platform.is_proxy() and __opts__['proxy']['proxytype'] == 'rest_sample':
return __virtualname__
except KeyError:
pass

10
doc/topics/releases/2016.11.7.rst
View File

@ -3,3 +3,13 @@ Salt 2016.11.7 Release Notes
============================
Version 2016.11.7 is a bugfix release for :ref:`2016.11.0 <release-2016-11-0>`.
Changes for v2016.11.6..v2016.11.7
----------------------------------
Security Fix
============
CVE-2017-12791 Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master
Correct a flaw in minion id validation which could allow certain minions to authenticate to a master despite not having the correct credentials. To exploit the vulnerability, an attacker must create a salt-minion with an ID containing characters that will cause a directory traversal. Credit for discovering the security flaw goes to: Vernhk@qq.com

4
doc/topics/releases/2016.3.0.rst
View File

@ -175,6 +175,10 @@ they are being loaded for the correct proxytype, example below:
return False
.. note::
``salt.utils.is_proxy()`` has been renamed to
``salt.utils.platform.is_proxy`` as of the Oxygen release.
The try/except block above exists because grains are processed very early
in the proxy minion startup process, sometimes earlier than the proxy
key in the ``__opts__`` dictionary is populated.

48
doc/topics/releases/2017.7.0.rst
View File

@ -28,8 +28,6 @@ The following salt-cloud drivers have known issues running with Python 3. These
- Joyent
- Any driver that relies on the `apache-libcloud` library such as cloudstack, dimenstiondata, gce, nova, and openstack
- When running under Python 3, users who require Unicode support should ensure that a locale is set on their machines.
Users using the `C` locale are advised to switch to a UTF-aware locale to ensure proper functionality with Salt with Python 3.
@ -124,13 +122,12 @@ State Module Changes
# After
run_something:
module.run:
mymodule.something:
- mymodule.something:
- name: some name
- first_arg: one
- second_arg: two
- do_stuff: True
Since a lot of users are already using :py:func:`module.run
<salt.states.module.run>` states, this new behavior must currently be
explicitly turned on, to allow users to take their time updating their SLS
@ -138,6 +135,36 @@ State Module Changes
the next feature release of Salt (Oxygen) and the old usage will no longer be
supported at that time.
Another feature of the new :py:func:`module.run <salt.states.module.run>` is that
it allows calling many functions in a single batch, such as:
.. code-block:: yaml
run_something:
module.run:
- mymodule.function_without_parameters:
- mymodule.another_function:
- myparam
- my_other_param
In a rare case that you have a function that needs to be called several times but
with the different parameters, an additional feature of "tagging" is to the
rescue. In order to tag a function, use a colon delimeter. For example:
.. code-block:: yaml
run_something:
module.run:
- mymodule.same_function:1:
- mymodule.same_function:2:
- myparam
- my_other_param
- mymodule.same_function:3:
- foo: bar
The example above will run `mymodule.same_function` three times with the
different parameters.
To enable the new behavior for :py:func:`module.run <salt.states.module.run>`,
add the following to the minion config file:
@ -145,6 +172,7 @@ State Module Changes
use_superseded:
- module.run
- The default for the ``fingerprint_hash_type`` option used in the ``present``
function in the :mod:`ssh <salt.states.ssh_know_hosts>` state changed from
``md5`` to ``sha256``.
@ -678,6 +706,7 @@ Execution modules
- :mod:`salt.modules.grafana4 <salt.modules.grafana4>`
- :mod:`salt.modules.heat <salt.modules.heat>`
- :mod:`salt.modules.icinga2 <salt.modules.icinga2>`
- :mod:`salt.modules.kubernetes <salt.modules.kubernetes>`
- :mod:`salt.modules.logmod <salt.modules.logmod>`
- :mod:`salt.modules.mattermost <salt.modules.mattermost>`
- :mod:`salt.modules.namecheap_dns <salt.modules.namecheap_dns>`
@ -756,6 +785,7 @@ States
- :mod:`salt.states.icinga2 <salt.states.icinga2>`
- :mod:`salt.states.influxdb_continuous_query <salt.states.influxdb_continuous_query>`
- :mod:`salt.states.influxdb_retention_policy <salt.states.influxdb_retention_policy>`
- :mod:`salt.states.kubernetes <salt.states.kubernetes>`
- :mod:`salt.states.logadm <salt.states.logadm>`
- :mod:`salt.states.logrotate <salt.states.logrotate>`
- :mod:`salt.states.msteams <salt.states.msteams>`
@ -945,3 +975,13 @@ The ``glusterfs`` state had the following function removed:
The ``openvswitch_port`` state had the following change:
- The ``type`` option was removed from the ``present`` function. Please use ``tunnel_type`` instead.
Build Notes
===========
Windows Installer Packages
--------------------------
Windows Installer packages have been patched with the following PR: 42347_
.. _42347: https://github.com/saltstack/salt/pull/42347

190
doc/topics/releases/2017.7.1.rst Normal file
View File

@ -0,0 +1,190 @@
============================
Salt 2017.7.1 Release Notes
============================
Version 2017.7.1 is a bugfix release for :ref:`2017.7.0 <release-2017-7-0>`.
Security Fix
============
CVE-2017-12791 Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master
Correct a flaw in minion id validation which could allow certain minions to authenticate to a master despite not having the correct credentials. To exploit the vulnerability, an attacker must create a salt-minion with an ID containing characters that will cause a directory traversal. Credit for discovering the security flaw goes to: Vernhk@qq.com
Changes for v2017.7.0..v2017.7.1
--------------------------------
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
*Generated at: 2017-07-26T01:09:40Z*
Statistics:
- Total Merges: **11**
- Total Issue references: **9**
- Total PR references: **22**
Changes:
- **PR** `#42548`_: (*gtmanfred*) pass in empty kwarg for reactor
@ *2017-07-26T00:41:20Z*
- **ISSUE** `#460`_: (*whiteinge*) Add a topic and a ref for modules/states/returners/renderers/runners
| refs: `#42548`_
* 711b742c54 Merge pull request `#42548`_ from gtmanfred/2017.7.1
* 0257c1dc32 pass in empty kwarg for reactor
* b948e980d2 update chunk, not kwarg in chunk
- **PR** `#42522`_: (*gtmanfred*) pacman wildcard is only for repository installs
@ *2017-07-24T20:51:05Z*
- **ISSUE** `#42519`_: (*xuhcc*) Error when installing package from file under Arch Linux
| refs: `#42522`_
* 50c1635dcc Merge pull request `#42522`_ from gtmanfred/2017.7.1
* 7787fb9e1b pacman wildcard is only for repository installs
- **PR** `#42508`_: (*rallytime*) Back-port `#42474`_ to 2017.7.1
@ *2017-07-24T20:49:51Z*
- **PR** `#42474`_: (*whiteinge*) Cmd arg kwarg parsing test
| refs: `#42508`_
- **PR** `#39646`_: (*terminalmage*) Handle deprecation of passing string args to load_args_and_kwargs
| refs: `#42474`_
* 05c07ac049 Merge pull request `#42508`_ from rallytime/`bp-42474`_
* 76fb074433 Add a test.arg variant that cleans the pub kwargs by default
* 624f63648e Lint fixes
* d246a5fc61 Add back support for string kwargs
* 854e098aa0 Add LocalClient.cmd test for arg/kwarg parsing
- **PR** `#42472`_: (*rallytime*) Back-port `#42435`_ to 2017.7.1
@ *2017-07-24T15:11:13Z*
- **ISSUE** `#42427`_: (*grichmond-salt*) Issue Passing Variables created from load_json as Inline Pillar Between States
| refs: `#42435`_
- **PR** `#42435`_: (*terminalmage*) Modify our custom YAML loader to treat unicode literals as unicode strings
| refs: `#42472`_
* 95fe2558e4 Merge pull request `#42472`_ from rallytime/`bp-42435`_
* 5c47af5b98 Modify our custom YAML loader to treat unicode literals as unicode strings
- **PR** `#42473`_: (*rallytime*) Back-port `#42436`_ to 2017.7.1
@ *2017-07-24T15:10:29Z*
- **ISSUE** `#42374`_: (*tyhunt99*) [2017.7.0] salt-run mange.versions throws exception if minion is offline or unresponsive
| refs: `#42436`_
- **PR** `#42436`_: (*garethgreenaway*) Fixes to versions function in manage runner
| refs: `#42473`_
* 5b99d45f54 Merge pull request `#42473`_ from rallytime/`bp-42436`_
* 82ed919803 Updating the versions function inside the manage runner to account for when a minion is offline and we are unable to determine it's version.
- **PR** `#42471`_: (*rallytime*) Back-port `#42399`_ to 2017.7.1
@ *2017-07-24T15:09:50Z*
- **ISSUE** `#42381`_: (*zebooka*) Git.detached broken in 2017.7.0
| refs: `#42399`_
- **ISSUE** `#38878`_: (*tomlaredo*) [Naming consistency] git.latest "rev" option VS git.detached "ref" option
| refs: `#38898`_
- **PR** `#42399`_: (*rallytime*) Update old "ref" references to "rev" in git.detached state
| refs: `#42471`_
- **PR** `#38898`_: (*terminalmage*) git.detached: rename ref to rev for consistency
| refs: `#42399`_
* 3d1a2d3f9f Merge pull request `#42471`_ from rallytime/`bp-42399`_
* b9a4669e5a Update old "ref" references to "rev" in git.detached state
- **PR** `#42470`_: (*rallytime*) Back-port `#42031`_ to 2017.7.1
@ *2017-07-24T15:09:30Z*
- **ISSUE** `#42400`_: (*Enquier*) Conflict in execution of passing pillar data to orch/reactor event executions 2017.7.0
| refs: `#42031`_
- **PR** `#42031`_: (*skizunov*) Fix: Reactor emits critical error
| refs: `#42470`_
* 09766bccbc Merge pull request `#42470`_ from rallytime/`bp-42031`_
* 0a0c6287a4 Fix: Reactor emits critical error
- **PR** `#42469`_: (*rallytime*) Back-port `#42027`_ to 2017.7.1
@ *2017-07-21T22:41:02Z*
- **ISSUE** `#41949`_: (*jrporcaro*) Event returner doesn't work with Windows Master
| refs: `#42027`_
- **PR** `#42027`_: (*gtmanfred*) import salt.minion for EventReturn for Windows
| refs: `#42469`_
* d7b172a15b Merge pull request `#42469`_ from rallytime/`bp-42027`_
* ed612b4ee7 import salt.minion for EventReturn for Windows
- **PR** `#42466`_: (*rallytime*) Back-port `#42452`_ to 2017.7.1
@ *2017-07-21T19:41:24Z*
- **PR** `#42452`_: (*Ch3LL*) update windows urls to new py2/py3 naming scheme
| refs: `#42466`_
* 8777b1a825 Merge pull request `#42466`_ from rallytime/`bp-42452`_
* c10196f68c update windows urls to new py2/py3 naming scheme
- **PR** `#42439`_: (*rallytime*) Back-port `#42409`_ to 2017.7.1
@ *2017-07-21T17:38:10Z*
- **PR** `#42409`_: (*twangboy*) Add Scripts to build Py3 on Mac
| refs: `#42439`_
* fceaaf41d0 Merge pull request `#42439`_ from rallytime/`bp-42409`_
* 8176964b41 Remove build and dist, sign pkgs
* 2c14d92a07 Fix hard coded pip path
* 82fdd7c2e1 Add support for Py3
* 2478447246 Update Python and other reqs
- **PR** `#42441`_: (*rallytime*) Back-port `#42433`_ to 2017.7.1
@ *2017-07-21T17:37:01Z*
- **ISSUE** `#42403`_: (*astronouth7303*) [2017.7] Pillar empty when state is applied from orchestrate
| refs: `#42433`_
- **PR** `#42433`_: (*terminalmage*) Only force saltenv/pillarenv to be a string when not None
| refs: `#42441`_
* 660400560b Merge pull request `#42441`_ from rallytime/`bp-42433`_
* 17f347123a Only force saltenv/pillarenv to be a string when not None
.. _`#38878`: https://github.com/saltstack/salt/issues/38878
.. _`#38898`: https://github.com/saltstack/salt/pull/38898
.. _`#39646`: https://github.com/saltstack/salt/pull/39646
.. _`#41949`: https://github.com/saltstack/salt/issues/41949
.. _`#42027`: https://github.com/saltstack/salt/pull/42027
.. _`#42031`: https://github.com/saltstack/salt/pull/42031
.. _`#42374`: https://github.com/saltstack/salt/issues/42374
.. _`#42381`: https://github.com/saltstack/salt/issues/42381
.. _`#42399`: https://github.com/saltstack/salt/pull/42399
.. _`#42400`: https://github.com/saltstack/salt/issues/42400
.. _`#42403`: https://github.com/saltstack/salt/issues/42403
.. _`#42409`: https://github.com/saltstack/salt/pull/42409
.. _`#42427`: https://github.com/saltstack/salt/issues/42427
.. _`#42433`: https://github.com/saltstack/salt/pull/42433
.. _`#42435`: https://github.com/saltstack/salt/pull/42435
.. _`#42436`: https://github.com/saltstack/salt/pull/42436
.. _`#42439`: https://github.com/saltstack/salt/pull/42439
.. _`#42441`: https://github.com/saltstack/salt/pull/42441
.. _`#42452`: https://github.com/saltstack/salt/pull/42452
.. _`#42466`: https://github.com/saltstack/salt/pull/42466
.. _`#42469`: https://github.com/saltstack/salt/pull/42469
.. _`#42470`: https://github.com/saltstack/salt/pull/42470
.. _`#42471`: https://github.com/saltstack/salt/pull/42471
.. _`#42472`: https://github.com/saltstack/salt/pull/42472
.. _`#42473`: https://github.com/saltstack/salt/pull/42473
.. _`#42474`: https://github.com/saltstack/salt/pull/42474
.. _`#42508`: https://github.com/saltstack/salt/pull/42508
.. _`#42519`: https://github.com/saltstack/salt/issues/42519
.. _`#42522`: https://github.com/saltstack/salt/pull/42522
.. _`#42548`: https://github.com/saltstack/salt/pull/42548
.. _`#460`: https://github.com/saltstack/salt/issues/460
.. _`bp-42027`: https://github.com/saltstack/salt/pull/42027
.. _`bp-42031`: https://github.com/saltstack/salt/pull/42031
.. _`bp-42399`: https://github.com/saltstack/salt/pull/42399
.. _`bp-42409`: https://github.com/saltstack/salt/pull/42409
.. _`bp-42433`: https://github.com/saltstack/salt/pull/42433
.. _`bp-42435`: https://github.com/saltstack/salt/pull/42435
.. _`bp-42436`: https://github.com/saltstack/salt/pull/42436
.. _`bp-42452`: https://github.com/saltstack/salt/pull/42452
.. _`bp-42474`: https://github.com/saltstack/salt/pull/42474

570
doc/topics/releases/oxygen.rst
View File

@ -25,6 +25,27 @@ by any master tops matches that are not matched via a top file.
To make master tops matches execute first, followed by top file matches, set
the new :conf_minion:`master_tops_first` minion config option to ``True``.
LDAP via External Authentication Changes
----------------------------------------
In this release of Salt, if LDAP Bind Credentials are supplied, then
these credentials will be used for all LDAP access except the first
authentication when a job is submitted. The first authentication will
use the user's credentials as passed on the CLI. This behavior is to
accommodate certain two-factor authentication schemes where the authentication
token can only be used once.
In previous releases the bind credentials would only be used to determine
the LDAP user's existence and group membership. The user's LDAP credentials
were used from then on.
Stormpath External Authentication Removed
-----------------------------------------
Per Stormpath's announcement, their API will be shutting down on 8/17/2017 at
noon PST so the Stormpath external authentication module has been removed.
https://stormpath.com/oktaplusstormpath
New GitFS Features
------------------
@ -49,8 +70,30 @@ environments (i.e. ``saltenvs``) have been added:
ignore all tags and use branches only, and also to keep SHAs from being made
available as saltenvs.
Salt Cloud and Newer PyWinRM Versions
-------------------------------------
Salt Cloud Features
-------------------
Pre-Flight Commands
===================
Support has been added for specified "preflight commands" to run on a VM before
the deploy script is run. These must be defined as a list in a cloud configuration
file. For example:
.. code-block:: yaml
my-cloud-profile:
provider: linode-config
image: Ubuntu 16.04 LTS
size: Linode 2048
preflight_cmds:
- whoami
- echo 'hello world!'
These commands will run in sequence **before** the bootstrap script is executed.
Newer PyWinRM Versions
----------------------
Versions of ``pywinrm>=0.2.1`` are finally able to disable validation of self
signed certificates. :ref:`Here<new-pywinrm>` for more information.
@ -63,23 +106,514 @@ running on T-Series SPARC hardware. The ``virtual_subtype`` grain is
populated as a list of domain roles.
Beacon configuration changes
----------------------------------------
In order to remain consistent and to align with other Salt components such as states,
support for configuring beacons using dictionary based configuration has been deprecated
in favor of list based configuration. All beacons have a validation function which will
check the configuration for the correct format and only load if the validation passes.
- ``avahi_announce`` beacon
Old behavior:
```
beacons:
avahi_announce:
run_once: True
servicetype: _demo._tcp
port: 1234
txt:
ProdName: grains.productname
SerialNo: grains.serialnumber
Comments: 'this is a test'
```
New behavior:
```
beacons:
avahi_announce:
- run_once: True
- servicetype: _demo._tcp
- port: 1234
- txt:
ProdName: grains.productname
SerialNo: grains.serialnumber
Comments: 'this is a test'
```
- ``bonjour_announce`` beacon
Old behavior:
```
beacons:
bonjour_announce:
run_once: True
servicetype: _demo._tcp
port: 1234
txt:
ProdName: grains.productname
SerialNo: grains.serialnumber
Comments: 'this is a test'
```
New behavior:
```
beacons:
bonjour_announce:
- run_once: True
- servicetype: _demo._tcp
- port: 1234
- txt:
ProdName: grains.productname
SerialNo: grains.serialnumber
Comments: 'this is a test'
```
- ``btmp`` beacon
Old behavior:
```
beacons:
btmp: {}
```
New behavior:
```
beacons:
btmp: []
```
- ``glxinfo`` beacon
Old behavior:
```
beacons:
glxinfo:
user: frank
screen_event: True
```
New behavior:
```
beacons:
glxinfo:
- user: frank
- screen_event: True
```
- ``haproxy`` beacon
Old behavior:
```
beacons:
haproxy:
- www-backend:
threshold: 45
servers:
- web1
- web2
- interval: 120
```
New behavior:
```
beacons:
haproxy:
- backends:
www-backend:
threshold: 45
servers:
- web1
- web2
- interval: 120
```
- ``inotify`` beacon
Old behavior:
```
beacons:
inotify:
/path/to/file/or/dir:
mask:
- open
- create
- close_write
recurse: True
auto_add: True
exclude:
- /path/to/file/or/dir/exclude1
- /path/to/file/or/dir/exclude2
- /path/to/file/or/dir/regex[a-m]*$:
regex: True
coalesce: True
```
New behavior:
```
beacons:
inotify:
- files:
/path/to/file/or/dir:
mask:
- open
- create
- close_write
recurse: True
auto_add: True
exclude:
- /path/to/file/or/dir/exclude1
- /path/to/file/or/dir/exclude2
- /path/to/file/or/dir/regex[a-m]*$:
regex: True
- coalesce: True
```
- ``journald`` beacon
Old behavior:
```
beacons:
journald:
sshd:
SYSLOG_IDENTIFIER: sshd
PRIORITY: 6
```
New behavior:
```
beacons:
journald:
- services:
sshd:
SYSLOG_IDENTIFIER: sshd
PRIORITY: 6
```
- ``load`` beacon
Old behavior:
```
beacons:
load:
1m:
- 0.0
- 2.0
5m:
- 0.0
- 1.5
15m:
- 0.1
- 1.0
emitatstartup: True
onchangeonly: False
```
New behavior:
```
beacons:
load:
- averages:
1m:
- 0.0
- 2.0
5m:
- 0.0
- 1.5
15m:
- 0.1
- 1.0
- emitatstartup: True
- onchangeonly: False
```
- ``log`` beacon
Old behavior:
```
beacons:
log:
file: <path>
<tag>:
regex: <pattern>
```
New behavior:
```
beacons:
log:
- file: <path>
- tags:
<tag>:
regex: <pattern>
```
- ``network_info`` beacon
Old behavior:
```
beacons:
network_info:
- eth0:
type: equal
bytes_sent: 100000
bytes_recv: 100000
packets_sent: 100000
packets_recv: 100000
errin: 100
errout: 100
dropin: 100
dropout: 100
```
New behavior:
```
beacons:
network_info:
- interfaces:
eth0:
type: equal
bytes_sent: 100000
bytes_recv: 100000
packets_sent: 100000
packets_recv: 100000
errin: 100
errout: 100
dropin: 100
dropout: 100
```
- ``network_settings`` beacon
Old behavior:
```
beacons:
network_settings:
eth0:
ipaddr:
promiscuity:
onvalue: 1
eth1:
linkmode:
```
New behavior:
```
beacons:
network_settings:
- interfaces:
- eth0:
ipaddr:
promiscuity:
onvalue: 1
- eth1:
linkmode:
```
- ``proxy_example`` beacon
Old behavior:
```
beacons:
proxy_example:
endpoint: beacon
```
New behavior:
```
beacons:
proxy_example:
- endpoint: beacon
```
- ``ps`` beacon
Old behavior:
```
beacons:
ps:
- salt-master: running
- mysql: stopped
```
New behavior:
```
beacons:
ps:
- processes:
salt-master: running
mysql: stopped
```
- ``salt_proxy`` beacon
Old behavior:
```
beacons:
salt_proxy:
- p8000: {}
- p8001: {}
```
New behavior:
```
beacons:
salt_proxy:
- proxies:
p8000: {}
p8001: {}
```
- ``sensehat`` beacon
Old behavior:
```
beacons:
sensehat:
humidity: 70%
temperature: [20, 40]
temperature_from_pressure: 40
pressure: 1500
```
New behavior:
```
beacons:
sensehat:
- sensors:
humidity: 70%
temperature: [20, 40]
temperature_from_pressure: 40
pressure: 1500
```
- ``service`` beacon
Old behavior:
```
beacons:
service:
salt-master:
mysql:
```
New behavior:
```
beacons:
service:
- services:
nginx:
onchangeonly: True
delay: 30
uncleanshutdown: /run/nginx.pid
```
- ``sh`` beacon
Old behavior:
```
beacons:
sh: {}
```
New behavior:
```
beacons:
sh: []
```
- ``status`` beacon
Old behavior:
```
beacons:
status: {}
```
New behavior:
```
beacons:
status: []
```
- ``telegram_bot_msg`` beacon
Old behavior:
```
beacons:
telegram_bot_msg:
token: "<bot access token>"
accept_from:
- "<valid username>"
interval: 10
```
New behavior:
```
beacons:
telegram_bot_msg:
- token: "<bot access token>"
- accept_from:
- "<valid username>"
- interval: 10
```
- ``twilio_txt_msg`` beacon
Old behavior:
```
beacons:
twilio_txt_msg:
account_sid: "<account sid>"
auth_token: "<auth token>"
twilio_number: "+15555555555"
interval: 10
```
New behavior:
```
beacons:
twilio_txt_msg:
- account_sid: "<account sid>"
- auth_token: "<auth token>"
- twilio_number: "+15555555555"
- interval: 10
```
- ``wtmp`` beacon
Old behavior:
```
beacons:
wtmp: {}
```
New behavior:
```
beacons:
wtmp: []
```
Deprecations
============
------------
Configuration Option Deprecations
---------------------------------
=================================
- The ``requests_lib`` configuration option has been removed. Please use
``backend`` instead.
Profitbricks Cloud Updated Dependency
-------------------------------------
=====================================
The minimum version of the `profitbrick` python package for the `profitbricks`
The minimum version of the ``profitbrick`` python package for the ``profitbricks``
cloud driver has changed from 3.0.0 to 3.1.0.
Module Deprecations
-------------------
===================
The ``blockdev`` execution module has been removed. Its functions were merged
with the ``disk`` module. Please use the ``disk`` execution module instead.
@ -119,7 +653,7 @@ The ``win_service`` module had the following changes:
``service_type`` instead.
Runner Deprecations
-------------------
===================
The ``manage`` runner had the following changes:
@ -127,7 +661,7 @@ The ``manage`` runner had the following changes:
use ``salt-ssh`` roster entries for the host instead.
State Deprecations
------------------
==================
The ``archive`` state had the following changes:
@ -150,15 +684,27 @@ The ``file`` state had the following changes:
- The ``show_diff`` option was removed. Please use ``show_changes`` instead.
Grain Deprecations
------------------
==================
For ``smartos`` some grains have been deprecated. These grains will be removed in Neon.
- The ``hypervisor_uuid`` has been replaced with ``mdata:sdc:server_uuid`` grain.
- The ``datacenter`` has been replaced with ``mdata:sdc:datacenter_name`` grain.
Minion Blackout
---------------
During a blackout, minions will not execute any remote execution commands,
except for :mod:`saltutil.refresh_pillar <salt.modules.saltutil.refresh_pillar>`.
Previously, support was added so that blackouts are enabled using a special
pillar key, ``minion_blackout`` set to ``True`` and an optional pillar key
``minion_blackout_whitelist`` to specify additional functions that are permitted
during blackout. This release adds support for using this feature in the grains
as well, by using special grains keys ``minion_blackout`` and
``minion_blackout_whitelist``.
Utils Deprecations
------------------
==================
The ``salt.utils.cloud.py`` file had the following change:
@ -166,7 +712,7 @@ The ``salt.utils.cloud.py`` file had the following change:
optional.
Other Miscellaneous Deprecations
--------------------------------
================================
The ``version.py`` file had the following changes:

2
doc/topics/releases/releasecandidate.rst
View File

@ -32,6 +32,8 @@ Builds for a few platforms are available as part of the RC at https://repo.salts
Available builds:
- Ubuntu16
- Redhat7
- Windows
.. FreeBSD

3
doc/topics/ssh/index.rst
View File

@ -64,7 +64,8 @@ Deploy ssh key for salt-ssh
===========================
By default, salt-ssh will generate key pairs for ssh, the default path will be
/etc/salt/pki/master/ssh/salt-ssh.rsa
``/etc/salt/pki/master/ssh/salt-ssh.rsa``. The key generation happens when you run
``salt-ssh`` for the first time.
You can use ssh-copy-id, (the OpenSSH key deployment tool) to deploy keys to your servers.

27
doc/topics/troubleshooting/yaml_idiosyncrasies.rst
View File

@ -28,6 +28,7 @@ hit `Enter`. Also, you can convert tabs to 2 spaces by these commands in Vim:
Indentation
===========
The suggested syntax for YAML files is to use 2 spaces for indentation,
but YAML will follow whatever indentation system that the individual file
uses. Indentation of two spaces works very well for SLS files given the
@ -112,8 +113,24 @@ PyYAML will load these values as boolean ``True`` or ``False``. Un-capitalized
versions will also be loaded as booleans (``true``, ``false``, ``yes``, ``no``,
``on``, and ``off``). This can be especially problematic when constructing
Pillar data. Make sure that your Pillars which need to use the string versions
of these values are enclosed in quotes. Pillars will be parsed twice by salt,
so you'll need to wrap your values in multiple quotes, for example '"false"'.
of these values are enclosed in quotes. Pillars will be parsed twice by salt,
so you'll need to wrap your values in multiple quotes, including double quotation
marks (``" "``) and single quotation marks (``' '``). Note that spaces are included
in the quotation type examples for clarity.
Multiple quoting examples looks like this:
.. code-block:: yaml
- '"false"'
- "'True'"
- "'YES'"
- '"No"'
.. note::
When using multiple quotes in this manner, they must be different. Using ``"" ""``
or ``'' ''`` won't work in this case (spaces are included in examples for clarity).
The '%' Sign
============
@ -248,8 +265,10 @@ Alternatively, they can be defined the "old way", or with multiple
- require:
- user: fred
YAML support only plain ASCII
=============================
.. _yaml_plain_ascii:
YAML supports only plain ASCII
==============================
According to YAML specification, only ASCII characters can be used.

14
doc/topics/tutorials/gitfs.rst
View File

@ -166,13 +166,15 @@ Ubuntu 14.04 LTS and Debian Wheezy (7.x) also have a compatible version packaged
# apt-get install python-git
If your master is running an older version (such as Ubuntu 12.04 LTS or Debian
Squeeze), then you will need to install GitPython using either pip_ or
easy_install (it is recommended to use pip). Version 0.3.2.RC1 is now marked as
the stable release in PyPI, so it should be a simple matter of running ``pip
install GitPython`` (or ``easy_install GitPython``) as root.
GitPython_ requires the ``git`` CLI utility to work. If installed from a system
package, then git should already be installed, but if installed via pip_ then
it may still be necessary to install git separately. For MacOS users,
GitPython_ comes bundled in with the Salt installer, but git must still be
installed for it to work properly. Git can be installed in several ways,
including by installing XCode_.
.. _`pip`: http://www.pip-installer.org/
.. _pip: http://www.pip-installer.org/
.. _XCode: https://developer.apple.com/xcode/
.. warning::

12
doc/topics/tutorials/http.rst
View File

@ -110,7 +110,7 @@ To pass through a file that contains jinja + yaml templating (the default):
method='POST',
data_file='/srv/salt/somefile.jinja',
data_render=True,
template_data={'key1': 'value1', 'key2': 'value2'}
template_dict={'key1': 'value1', 'key2': 'value2'}
)
To pass through a file that contains mako templating:
@ -123,7 +123,7 @@ To pass through a file that contains mako templating:
data_file='/srv/salt/somefile.mako',
data_render=True,
data_renderer='mako',
template_data={'key1': 'value1', 'key2': 'value2'}
template_dict={'key1': 'value1', 'key2': 'value2'}
)
Because this function uses Salt's own rendering system, any Salt renderer can
@ -140,7 +140,7 @@ However, this can be changed to ``master`` if necessary.
method='POST',
data_file='/srv/salt/somefile.jinja',
data_render=True,
template_data={'key1': 'value1', 'key2': 'value2'},
template_dict={'key1': 'value1', 'key2': 'value2'},
opts=__opts__
)
@ -149,7 +149,7 @@ However, this can be changed to ``master`` if necessary.
method='POST',
data_file='/srv/salt/somefile.jinja',
data_render=True,
template_data={'key1': 'value1', 'key2': 'value2'},
template_dict={'key1': 'value1', 'key2': 'value2'},
node='master'
)
@ -170,11 +170,11 @@ a Python dict.
header_file='/srv/salt/headers.jinja',
header_render=True,
header_renderer='jinja',
template_data={'key1': 'value1', 'key2': 'value2'}
template_dict={'key1': 'value1', 'key2': 'value2'}
)
Because much of the data that would be templated between headers and data may be
the same, the ``template_data`` is the same for both. Correcting possible
the same, the ``template_dict`` is the same for both. Correcting possible
variable name collisions is up to the user.
Authentication

3
doc/topics/tutorials/index.rst
View File

@ -28,9 +28,8 @@ Tutorials Index
* :ref:`States tutorial, part 3 - Templating, Includes, Extends <tutorial-states-part-3>`
* :ref:`States tutorial, part 4 <tutorial-states-part-4>`
* :ref:`How to Convert Jinja Logic to an Execution Module <tutorial-jinja_to_execution-module>`
* :ref:`Using Salt with Stormpath <tutorial-stormpath>`
* :ref:`Syslog-ng usage <syslog-ng-sate-usage>`
* :ref:`The macOS (Maverick) Developer Step By Step Guide To Salt Installation <tutorial-macos-walk-through>`
* :ref:`SaltStack Walk-through <tutorial-salt-walk-through>`
* :ref:`Writing Salt Tests <tutorial-salt-testing>`
* :ref:`Multi-cloud orchestration with Apache Libcloud <tutorial-libcloud>`
* :ref:`Multi-cloud orchestration with Apache Libcloud <tutorial-libcloud>`

16
doc/topics/tutorials/pillar.rst
View File

@ -75,7 +75,7 @@ The default location for the pillar is in /srv/pillar.
.. note::
The pillar location can be configured via the `pillar_roots` option inside
The pillar location can be configured via the ``pillar_roots`` option inside
the master configuration file. It must not be in a subdirectory of the state
tree or file_roots. If the pillar is under file_roots, any pillar targeting
can be bypassed by minions.
@ -242,7 +242,7 @@ set in the minion's pillar, then the default of ``httpd`` will be used.
.. note::
Under the hood, pillar is just a Python dict, so Python dict methods such
as `get` and `items` can be used.
as ``get`` and ``items`` can be used.
Pillar Makes Simple States Grow Easily
======================================
@ -303,6 +303,18 @@ Where the vimrc source location can now be changed via pillar:
Ensuring that the right vimrc is sent out to the correct minions.
The pillar top file must include a reference to the new sls pillar file:
``/srv/pillar/top.sls``:
.. code-block:: yaml
base:
'*':
- pkg
- edit.vim
Setting Pillar Data on the Command Line
=======================================

198
doc/topics/tutorials/stormpath.rst
View File

@ -1,198 +0,0 @@
.. _tutorial-stormpath:
=========================
Using Salt with Stormpath
=========================
`Stormpath <https://stormpath.com/>`_ is a user management and authentication
service. This tutorial covers using SaltStack to manage and take advantage of
Stormpath's features.
External Authentication
-----------------------
Stormpath can be used for Salt's external authentication system. In order to do
this, the master should be configured with an ``apiid``, ``apikey``, and the ID
of the ``application`` that is associated with the users to be authenticated:
.. code-block:: yaml
stormpath:
apiid: 367DFSF4FRJ8767FSF4G34FGH
apikey: FEFREF43t3FEFRe/f323fwer4FWF3445gferWRWEer1
application: 786786FREFrefreg435fr1
.. note::
These values can be found in the `Stormpath dashboard
<https://api.stormpath.com/ui2/index.html#/>`_`.
Users that are to be authenticated should be set up under the ``stormpath``
dict under ``external_auth``:
.. code-block:: yaml
external_auth:
stormpath:
larry:
- .*
- '@runner'
- '@wheel'
Keep in mind that while Stormpath defaults the username associated with the
account to the email address, it is better to use a username without an ``@``
sign in it.
Configuring Stormpath Modules
-----------------------------
Stormpath accounts can be managed via either an execution or state module. In
order to use either, a minion must be configured with an API ID and key.
.. code-block:: yaml
stormpath:
apiid: 367DFSF4FRJ8767FSF4G34FGH
apikey: FEFREF43t3FEFRe/f323fwer4FWF3445gferWRWEer1
directory: efreg435fr1786786FREFr
application: 786786FREFrefreg435fr1
Some functions in the ``stormpath`` modules can make use of other options. The
following options are also available.
directory
`````````
The ID of the directory that is to be used with this minion. Many functions
require an ID to be specified to do their work. However, if the ID of a
``directory`` is specified, then Salt can often look up the resource in
question.
application
```````````
The ID of the application that is to be used with this minion. Many functions
require an ID to be specified to do their work. However, if the ID of a
``application`` is specified, then Salt can often look up the resource in
question.
Managing Stormpath Accounts
---------------------------
With the ``stormpath`` configuration in place, Salt can be used to configure
accounts (which may be thought of as users) on the Stormpath service. The
following functions are available.
stormpath.create_account
````````````````````````
Create an account on the Stormpath service. This requires a ``directory_id`` as
the first argument; it will not be retrieved from the minion configuration. An
``email`` address, ``password``, first name (``givenName``) and last name
(``surname``) are also required. For the full list of other parameters that may
be specified, see:
http://docs.stormpath.com/rest/product-guide/#account-resource
When executed with no errors, this function will return the information about
the account, from Stormpath.
.. code-block:: bash
salt myminion stormpath.create_account <directory_id> shemp@example.com letmein Shemp Howard
stormpath.list_accounts
```````````````````````
Show all accounts on the Stormpath service. This will return all accounts,
regardless of directory, application, or group.
.. code-block:: bash
salt myminion stormpath.list_accounts
'''
stormpath.show_account
``````````````````````
Show the details for a specific Stormpath account. An ``account_id`` is normally
required. However, if am ``email`` is provided instead, along with either a
``directory_id``, ``application_id``, or ``group_id``, then Salt will search the
specified resource to try and locate the ``account_id``.
.. code-block:: bash
salt myminion stormpath.show_account <account_id>
salt myminion stormpath.show_account email=<email> directory_id=<directory_id>
stormpath.update_account
````````````````````````
Update one or more items for this account. Specifying an empty value will clear
it for that account. This function may be used in one of two ways. In order to
update only one key/value pair, specify them in order:
.. code-block:: bash
salt myminion stormpath.update_account <account_id> givenName shemp
salt myminion stormpath.update_account <account_id> middleName ''
In order to specify multiple items, they need to be passed in as a dict. From
the command line, it is best to do this as a JSON string:
.. code-block:: bash
salt myminion stormpath.update_account <account_id> items='{"givenName": "Shemp"}
salt myminion stormpath.update_account <account_id> items='{"middlename": ""}
When executed with no errors, this function will return the information about
the account, from Stormpath.
stormpath.delete_account
````````````````````````
Delete an account from Stormpath.
.. code-block:: bash
salt myminion stormpath.delete_account <account_id>
stormpath.list_directories
``````````````````````````
Show all directories associated with this tenant.
.. code-block:: bash
salt myminion stormpath.list_directories
Using Stormpath States
----------------------
Stormpath resources may be managed using the state system. The following states
are available.
stormpath_account.present
`````````````````````````
Ensure that an account exists on the Stormpath service. All options that are
available with the ``stormpath.create_account`` function are available here.
If an account needs to be created, then this function will require the same
fields that ``stormpath.create_account`` requires, including the ``password``.
However, if a password changes for an existing account, it will NOT be updated
by this state.
.. code-block:: yaml
curly@example.com:
stormpath_account.present:
- directory_id: efreg435fr1786786FREFr
- password: badpass
- firstName: Curly
- surname: Howard
- nickname: curly
It is advisable to always set a ``nickname`` that is not also an email address,
so that it can be used by Salt's external authentication module.
stormpath_account.absent
````````````````````````
Ensure that an account does not exist on Stormpath. As with
``stormpath_account.present``, the ``name`` supplied to this state is the
``email`` address associated with this account. Salt will use this, with or
without the ``directory`` ID that is configured for the minion. However, lookups
will be much faster with a directory ID specified.

51
doc/topics/utils/index.rst
View File

@ -54,7 +54,7 @@ types like so:
salt '*' mymodule.observe_the_awesomeness
'''
print __utils__['foo.bar']()
return __utils__['foo.bar']()
Utility modules, like any other kind of Salt extension, support using a
:ref:`__virtual__ function <modules-virtual-name>` to conditionally load them,
@ -81,11 +81,56 @@ the ``foo`` utility module with a ``__virtual__`` function.
def bar():
return 'baz'
Also you could even write your utility modules in object oriented fashion:
.. code-block:: python
# -*- coding: utf-8 -*-
'''
My utils module
---------------
This module contains common functions for use in my other custom types.
'''
class Foo(object):
def __init__(self):
pass
def bar(self):
return 'baz'
And import them into other custom modules:
.. code-block:: python
# -*- coding: utf-8 -*-
'''
My awesome execution module
---------------------------
'''
import mymodule
def observe_the_awesomeness():
'''
Prints information from my utility module
CLI Example:
.. code-block:: bash
salt '*' mymodule.observe_the_awesomeness
'''
foo = mymodule.Foo()
return foo.bar()
These are, of course, contrived examples, but they should serve to show some of
the possibilities opened up by writing utility modules. Keep in mind though
that States still have access to all of the execution modules, so it is not
that states still have access to all of the execution modules, so it is not
necessary to write a utility module to make a function available to both a
state and an execution module. One good use case for utililty modules is one
state and an execution module. One good use case for utility modules is one
where it is necessary to invoke the same function from a custom :ref:`outputter
<all-salt.output>`/returner, as well as an execution module.

37
pkg/osx/build.sh
View File

@ -19,14 +19,16 @@
# $1 : <version> : the version of salt to build
# (a git tag, not a branch)
# (defaults to git-repo state)
# $2 : <package dir> : the staging area for the package
# $2 : <pythin ver> : The version of Python to use in the
# build. Default is 2
# $3 : <package dir> : the staging area for the package
# defaults to /tmp/salt_pkg
#
# Example:
# The following will build Salt v2015.8.3 and stage all files
# in /tmp/custom_pkg:
# The following will build Salt v2015.8.3 with Python 2 and
# stage all files in /tmp/custom_pkg:
#
# ./build.sh v2015.8.3 /tmp/custom_pkg
# ./build.sh v2015.8.3 2 /tmp/custom_pkg
#
############################################################################
echo -n -e "\033]0;Build: Variables\007"
@ -41,9 +43,15 @@ else
fi
if [ "$2" == "" ]; then
PYVER=2
else
PYVER=$2
fi
if [ "$3" == "" ]; then
PKGDIR=/tmp/salt_pkg
else
PKGDIR=$2
PKGDIR=$3
fi
############################################################################
@ -51,6 +59,12 @@ fi
############################################################################
SRCDIR=`git rev-parse --show-toplevel`
PKGRESOURCES=$SRCDIR/pkg/osx
if [ "$PYVER" == "2" ]; then
PYTHON=/opt/salt/bin/python
else
PYTHON=/opt/salt/bin/python3
fi
CPUARCH=`uname -m`
############################################################################
# Make sure this is the Salt Repository
@ -66,16 +80,23 @@ fi
# Create the Build Environment
############################################################################
echo -n -e "\033]0;Build: Build Environment\007"
sudo $PKGRESOURCES/build_env.sh
sudo $PKGRESOURCES/build_env.sh $PYVER
############################################################################
# Install Salt
############################################################################
echo -n -e "\033]0;Build: Install Salt\007"
sudo /opt/salt/bin/python $SRCDIR/setup.py install
sudo rm -rf $SRCDIR/build
sudo rm -rf $SRCDIR/dist
sudo $PYTHON $SRCDIR/setup.py build -e "$PYTHON -E -s" install
############################################################################
# Build Package
############################################################################
echo -n -e "\033]0;Build: Package Salt\007"
sudo $PKGRESOURCES/build_pkg.sh $VERSION $PKGDIR
sudo $PKGRESOURCES/build_pkg.sh $VERSION $PYVER $PKGDIR
############################################################################
# Sign Package
############################################################################
sudo $PKGRESOURCES/build_sig.sh salt-$VERSION-py$PYVER-$CPUARCH.pkg salt-$VERSION-py$PYVER-$CPUARCH-signed.pkg

78
pkg/osx/build_env.sh
View File

@ -6,18 +6,21 @@
# Authors: CR Oldham, Shane Lee
# Date: December 2015
#
# Description: This script sets up a build environment for salt on macOS.
# Description: This script sets up a build environment for Salt on macOS.
#
# Requirements:
# - XCode Command Line Tools (xcode-select --install)
#
# Usage:
# This script is not passed any parameters
# This script can be passed 1 parameter
# $1 : <python version> : the version of Python to use for the
# build environment. Default is 2
#
# Example:
# The following will set up a build environment for salt on macOS
# The following will set up a Python 3 build environment for Salt
# on macOS
#
# ./dev_env.sh
# ./dev_env.sh 3
#
############################################################################
@ -31,6 +34,15 @@ quit_on_error() {
exit -1
}
############################################################################
# Check passed parameters, set defaults
############################################################################
if [ "$1" == "" ]; then
PYVER=2
else
PYVER=$1
fi
############################################################################
# Parameters Required for the script to function properly
############################################################################
@ -45,6 +57,15 @@ SHADIR=$SCRIPTDIR/shasums
PKG_CONFIG_PATH=/opt/salt/lib/pkgconfig
CFLAGS="-I/opt/salt/include"
LDFLAGS="-L/opt/salt/lib"
if [ "$PYVER" == "2" ]; then
PYDIR=/opt/salt/lib/python2.7
PYTHON=/opt/salt/bin/python
PIP=/opt/salt/bin/pip
else
PYDIR=/opt/salt/lib/python3.5
PYTHON=/opt/salt/bin/python3
PIP=/opt/salt/bin/pip3
fi
############################################################################
# Determine Which XCode is being used (XCode or XCode Command Line Tools)
@ -121,8 +142,8 @@ BUILDDIR=$SCRIPTDIR/build
############################################################################
echo -n -e "\033]0;Build_Env: pkg-config\007"
PKGURL="http://pkgconfig.freedesktop.org/releases/pkg-config-0.29.tar.gz"
PKGDIR="pkg-config-0.29"
PKGURL="http://pkgconfig.freedesktop.org/releases/pkg-config-0.29.2.tar.gz"
PKGDIR="pkg-config-0.29.2"
download $PKGURL
@ -140,8 +161,8 @@ sudo -H $MAKE install
############################################################################
echo -n -e "\033]0;Build_Env: libsodium\007"
PKGURL="https://download.libsodium.org/libsodium/releases/libsodium-1.0.12.tar.gz"
PKGDIR="libsodium-1.0.12"
PKGURL="https://download.libsodium.org/libsodium/releases/libsodium-1.0.13.tar.gz"
PKGDIR="libsodium-1.0.13"
download $PKGURL
@ -159,8 +180,8 @@ sudo -H $MAKE install
############################################################################
echo -n -e "\033]0;Build_Env: zeromq\007"
PKGURL="http://download.zeromq.org/zeromq-4.1.3.tar.gz"
PKGDIR="zeromq-4.1.3"
PKGURL="http://download.zeromq.org/zeromq-4.1.4.tar.gz"
PKGDIR="zeromq-4.1.4"
download $PKGURL
@ -178,13 +199,13 @@ sudo -H $MAKE install
############################################################################
echo -n -e "\033]0;Build_Env: OpenSSL\007"
PKGURL="http://openssl.org/source/openssl-1.0.2f.tar.gz"
PKGDIR="openssl-1.0.2f"
PKGURL="http://openssl.org/source/openssl-1.0.2l.tar.gz"
PKGDIR="openssl-1.0.2l"
download $PKGURL
echo "################################################################################"
echo "Building OpenSSL 1.0.2f"
echo "Building OpenSSL"
echo "################################################################################"
cd $PKGDIR
./Configure darwin64-x86_64-cc --prefix=/opt/salt --openssldir=/opt/salt/openssl
@ -197,13 +218,18 @@ sudo -H $MAKE install
############################################################################
echo -n -e "\033]0;Build_Env: Python\007"
PKGURL="https://www.python.org/ftp/python/2.7.12/Python-2.7.12.tar.xz"
PKGDIR="Python-2.7.12"
if [ "$PYVER" == "2" ]; then
PKGURL="https://www.python.org/ftp/python/2.7.13/Python-2.7.13.tar.xz"
PKGDIR="Python-2.7.13"
else
PKGURL="https://www.python.org/ftp/python/3.5.3/Python-3.5.3.tar.xz"
PKGDIR="Python-3.5.3"
fi
download $PKGURL
echo "################################################################################"
echo "Building Python 2.7.12"
echo "Building Python"
echo "################################################################################"
echo "Note there are some test failures"
cd $PKGDIR
@ -215,7 +241,7 @@ sudo -H $MAKE install
############################################################################
# upgrade pip
############################################################################
sudo -H /opt/salt/bin/pip install --upgrade pip
sudo -H $PIP install --upgrade pip
############################################################################
# Download and install salt python dependencies
@ -227,23 +253,23 @@ cd $BUILDDIR
echo "################################################################################"
echo "Installing Salt Dependencies with pip (normal)"
echo "################################################################################"
sudo -H /opt/salt/bin/pip install \
-r $SRCDIR/pkg/osx/req.txt \
--no-cache-dir
sudo -H $PIP install \
-r $SRCDIR/pkg/osx/req.txt \
--no-cache-dir
echo "################################################################################"
echo "Installing Salt Dependencies with pip (build_ext)"
echo "################################################################################"
sudo -H /opt/salt/bin/pip install \
-r $SRCDIR/pkg/osx/req_ext.txt \
--global-option=build_ext \
--global-option="-I/opt/salt/include" \
--no-cache-dir
sudo -H $PIP install \
-r $SRCDIR/pkg/osx/req_ext.txt \
--global-option=build_ext \
--global-option="-I/opt/salt/include" \
--no-cache-dir
echo "--------------------------------------------------------------------------------"
echo "Create Symlink to certifi for openssl"
echo "--------------------------------------------------------------------------------"
sudo ln -s /opt/salt/lib/python2.7/site-packages/certifi/cacert.pem /opt/salt/openssl/cert.pem
sudo ln -s $PYDIR/site-packages/certifi/cacert.pem /opt/salt/openssl/cert.pem
echo -n -e "\033]0;Build_Env: Finished\007"

59
pkg/osx/build_pkg.sh
View File

@ -15,13 +15,16 @@
# This script can be passed 2 parameters
# $1 : <version> : the version name to give the package (overrides
# version of the git repo) (Defaults to the git repo version)
# $2 : <package dir> : the staging area for the package defaults to
# $2 : <python ver> : the version of python that was built (defaults
# to 2)
# $3 : <package dir> : the staging area for the package defaults to
# /tmp/salt_pkg
#
# Example:
# The following will build Salt and stage all files in /tmp/salt_pkg:
# The following will build Salt version 2017.7.0 with Python 3 and
# stage all files in /tmp/salt_pkg:
#
# ./build.sh
# ./build.sh 2017.7.0 3
#
############################################################################
@ -45,11 +48,18 @@ else
VERSION=$1
fi
# Get/Set temp directory
# Get/Set Python Version
if [ "$2" == "" ]; then
PYVER=2
else
PYVER=$2
fi
# Get/Set temp directory
if [ "$3" == "" ]; then
PKGDIR=/tmp/salt_pkg
else
PKGDIR=$2
PKGDIR=$3
fi
CPUARCH=`uname -m`
@ -114,7 +124,11 @@ sudo rm -rdf $PKGDIR/opt/salt/lib/engines
sudo rm -rdf $PKGDIR/opt/salt/share/aclocal
sudo rm -rdf $PKGDIR/opt/salt/share/doc
sudo rm -rdf $PKGDIR/opt/salt/share/man/man1/pkg-config.1
sudo rm -rdf $PKGDIR/opt/salt/lib/python2.7/test
if [ "$PYVER" == "2" ]; then
sudo rm -rdf $PKGDIR/opt/salt/lib/python2.7/test
else
sudo rm -rdf $PKGDIR/opt/salt/lib/python3.5/test
fi
echo -n -e "\033]0;Build_Pkg: Remove compiled python files\007"
sudo find $PKGDIR/opt/salt -name '*.pyc' -type f -delete
@ -133,15 +147,30 @@ cp $SRCDIR/conf/master $PKGDIR/etc/salt/master.dist
############################################################################
echo -n -e "\033]0;Build_Pkg: Add Version to .xml\007"
if [ "$PYVER" == "2" ]; then
TITLE="Salt $VERSION"
DESC="Salt $VERSION with Python 2"
else
TITLE="Salt $VERSION (Python 3)"
DESC="Salt $VERSION with Python 3"
fi
cd $PKGRESOURCES
cp distribution.xml.dist distribution.xml
SEDSTR="s/@VERSION@/$VERSION/"
echo $SEDSTR
sed -i '' $SEDSTR distribution.xml
SEDSTR="s/@TITLE@/$TITLE/g"
sed -E -i '' "$SEDSTR" distribution.xml
SEDSTR="s/@CPUARCH@/$CPUARCH/"
echo $SEDSTR
sed -i '' $SEDSTR distribution.xml
SEDSTR="s/@DESC@/$DESC/g"
sed -E -i '' "$SEDSTR" distribution.xml
SEDSTR="s/@VERSION@/$VERSION/g"
sed -E -i '' "$SEDSTR" distribution.xml
SEDSTR="s/@PYVER@/$PYVER/g"
sed -E -i '' "$SEDSTR" distribution.xml
SEDSTR="s/@CPUARCH@/$CPUARCH/g"
sed -i '' "$SEDSTR" distribution.xml
############################################################################
# Build the Package
@ -152,10 +181,10 @@ pkgbuild --root=$PKGDIR \
--scripts=pkg-scripts \
--identifier=com.saltstack.salt \
--version=$VERSION \
--ownership=recommended salt-src-$VERSION-$CPUARCH.pkg
--ownership=recommended salt-src-$VERSION-py$PYVER-$CPUARCH.pkg
productbuild --resources=pkg-resources \
--distribution=distribution.xml \
--package-path=salt-src-$VERSION-$CPUARCH.pkg \
--version=$VERSION salt-$VERSION-$CPUARCH.pkg
--package-path=salt-src-$VERSION-py$PYVER-$CPUARCH.pkg \
--version=$VERSION salt-$VERSION-py$PYVER-$CPUARCH.pkg

8
pkg/osx/distribution.xml.dist
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8" standalone="no"?>
<installer-gui-script minSpecVersion="2">
<title>Salt @VERSION@</title>
<title>@TITLE@</title>
<organization>com.saltstack.salt</organization>
<!-- Define minimum system requirements -->
<volume-check>
@ -25,7 +25,7 @@
<!-- List all component packages -->
<pkg-ref id="com.saltstack.salt"
version="@VERSION@"
auth="root">salt-src-@VERSION@-@CPUARCH@.pkg</pkg-ref>
auth="root">salt-src-@VERSION@-py@PYVER@-@CPUARCH@.pkg</pkg-ref>
<!-- List them again here. They can now be organized
as a hierarchy if you want. -->
<choices-outline>
@ -34,8 +34,8 @@
<!-- Define each choice above -->
<choice id="com.saltstack.salt"
visible="false"
title="Salt @VERSION@"
description="Salt @VERSION@"
title="@TITLE@"
description="@DESC@"
start_selected="true">
<pkg-ref id="com.saltstack.salt" />
</choice>

47
pkg/osx/req.txt
View File

@ -1,34 +1,31 @@
apache-libcloud==0.20.1
apache-libcloud==2.1.0
backports.ssl_match_hostname==3.5.0.1
backports_abc==0.4
backports_abc==0.5
certifi
cffi==1.5.0
CherryPy==4.0.0
click==6.2
enum34==1.1.2
cffi==1.10.0
CherryPy==11.0.0
click==6.7
enum34==1.1.6
gitdb==0.6.4
GitPython==1.0.1
idna==2.0
ioflo==1.5.0
ipaddress==1.0.16
Jinja2==2.9.4
libnacl==1.4.4
GitPython==2.1.1
idna==2.5
ipaddress==1.0.18
Jinja2==2.9.6
linode-python==1.1.1
Mako==1.0.3
MarkupSafe==0.23
msgpack-python==0.4.7
pyasn1==0.1.9
pycparser==2.14
Mako==1.0.7
MarkupSafe==1.0
msgpack-python==0.4.8
pyasn1==0.2.3
pycparser==2.18
pycrypto==2.6.1
python-dateutil==2.4.2
python-gnupg==0.3.8
PyYAML==3.11
pyzmq==15.2.0
raet==0.6.5
requests==2.9.1
python-dateutil==2.6.1
python-gnupg==0.4.1
PyYAML==3.12
pyzmq==16.0.2
requests==2.18.1
singledispatch==3.4.0.3
six==1.10.0
smmap==0.9.0
timelib==0.2.4
tornado==4.3
vultr==0.1.2
tornado==4.5.1
vultr==1.0rc1

4
pkg/osx/req_ext.txt
View File

@ -1,2 +1,2 @@
cryptography==1.2.2
pyOpenSSL==0.15.1
cryptography==2.0
pyOpenSSL==17.1.0

1
pkg/osx/shasums/Python-2.7.12.tar.xz.sha512
View File

@ -1 +0,0 @@
6ddbbce47cc49597433d98ca05c2f62f07ed1070807b645602a8e9e9b996adc6fa66fa20a33cd7d23d4e7e925e25071d7301d288149fbe4e8c5f06d5438dda1f ./Python-2.7.12.tar.xz

1
pkg/osx/shasums/Python-2.7.13.tar.xz.sha512 Normal file
View File

@ -0,0 +1 @@
f37c9a28ce129d01e63c84d7db627a06402854578f62d17927334ea21ede318e04bbf66e890e3f47c85333e6b19f6e5581fb3f3e27efd24be27017d1b6529c4b ./Python-2.7.13.tar.xz

1
pkg/osx/shasums/Python-3.5.3.tar.xz.sha512 Normal file
View File

@ -0,0 +1 @@
bbcc20e315c63dbc8901d7e7bfa29d4dbdad9335720757d8d679730319fd1d9fcfdb55cf62d620c9b052134170f162c28d653a8af60923185b8932524d827864 ./Python-3.5.3.tar.xz

1
pkg/osx/shasums/libsodium-1.0.12.tar.gz.sha512
View File

@ -1 +0,0 @@
1e63960da42bcc90945463ae1f5b1355849881dce5bba6d293391f8d6f0932063a5bfd433a071cb184af90ebeab469acc34710587116922144d61f3d7661901b ./libsodium-1.0.12.tar.gz

1
pkg/osx/shasums/libsodium-1.0.13.tar.gz.sha512 Normal file
View File

@ -0,0 +1 @@
c619b12fdf0b2e59174b6e383a62d5499ebcd720fdbb2c1a41a98a46c285df075202423454b294fefee185432441e943805397d7656f7cd7837de425da623929 ./libsodium-1.0.13.tar.gz

1
pkg/osx/shasums/openssl-1.0.2f.tar.gz.sha512
View File

@ -1 +0,0 @@
50abf6dc94cafd06e7fd20770808bdc675c88daa369e4f752bd584ab17f72a57357c1ca1eca3c83e6745b5a3c9c73c99dce70adaa904d73f6df4c75bc7138351 ./openssl-1.0.2f.tar.gz

1
pkg/osx/shasums/openssl-1.0.2l.tar.gz.sha512 Normal file
View File

@ -0,0 +1 @@
047d964508ad6025c79caabd8965efd2416dc026a56183d0ef4de7a0a6769ce8e0b4608a3f8393d326f6d03b26a2b067e6e0c750f35b20be190e595e8290c0e3 ./openssl-1.0.2l.tar.gz

1
pkg/osx/shasums/pkg-config-0.29.2.tar.gz.sha512 Normal file
View File

@ -0,0 +1 @@
4861ec6428fead416f5cbbbb0bbad10b9152967e481d4b0ff2eb396a9f297f552984c9bb72f6864a37dcd8fca1d9ccceda3ef18d8f121938dbe4fdf2b870fe75 ./pkg-config-0.29.2.tar.gz

1
pkg/osx/shasums/pkg-config-0.29.tar.gz.sha512
View File

@ -1 +0,0 @@
c2857cd67801c0db5d204912453ff6bdc7da3ea61f8b1c6b38983d48dffb958725e7723f909abbc057c7b34a85c27290eec6943808312a75909306076064aa63 ./pkg-config-0.29.tar.gz

1
pkg/osx/shasums/zeromq-4.1.3.tar.gz.sha512
View File

@ -1 +0,0 @@
2c993d18ea44e1cba890e024176af65b85b842ca4f8a22d319be4ace8388ab8828dd706b065f02754025bf271b1d7aa878c3f6655878248f7826452cb2a6134c ./zeromq-4.1.3.tar.gz

1
pkg/osx/shasums/zeromq-4.1.4.tar.gz.sha512 Normal file
View File

@ -0,0 +1 @@
8a8cf4f52ad78dddfff104bfba0f80bbc12566920906a0fafb9fc340aa92f5577c2923cb2e5346c69835cd2ea1609647a8893c2883cd22c1f0340a720511460c ./zeromq-4.1.4.tar.gz

7
pkg/windows/build.bat
View File

@ -110,6 +110,13 @@ if not %errorLevel%==0 (
)
@echo.
:: Remove build and dist directories
@echo %0 :: Remove build and dist directories...
@echo ---------------------------------------------------------------------
rd /s /q "%SrcDir%\build"
rd /s /q "%SrcDir%\dist"
@echo.
:: Install Current Version of salt
@echo %0 :: Install Current Version of salt...
@echo ---------------------------------------------------------------------

8
pkg/windows/build_pkg.bat
View File

@ -108,9 +108,9 @@ xcopy /E /Q "%PyDir%" "%BinDir%\"
@echo Copying configs to buildenv\conf...
@echo ----------------------------------------------------------------------
@echo xcopy /E /Q "%SrcDir%\conf\master" "%CnfDir%\"
xcopy /Q "%SrcDir%\conf\master" "%CnfDir%\"
xcopy /Q /Y "%SrcDir%\conf\master" "%CnfDir%\"
@echo xcopy /E /Q "%SrcDir%\conf\minion" "%CnfDir%\"
xcopy /Q "%SrcDir%\conf\minion" "%CnfDir%\"
xcopy /Q /Y "%SrcDir%\conf\minion" "%CnfDir%\"
@echo.
@echo Copying VCRedist to Prerequisites
@ -582,6 +582,10 @@ If Exist "%BinDir%\Scripts\salt-run*"^
If Exist "%BldDir%\salt-run.bat"^
del /Q "%BldDir%\salt-run.bat" 1>nul
:: Remove the master config file
if Exist "%CnfDir%\master"^
del /Q "%CnfDir%\master" 1>nul
:: Make the Salt Minion Installer
makensis.exe /DSaltVersion=%Version% /DPythonVersion=%Python% "%InsDir%\Salt-Minion-Setup.nsi"
@echo.

3
pkg/windows/buildenv/salt-call.bat
View File

@ -9,5 +9,4 @@ Set Python=%SaltDir%\bin\python.exe
Set Script=%SaltDir%\bin\Scripts\salt-call
:: Launch Script
"%Python%" "%Script%" %*
"%Python%" -E -s "%Script%" %*

3
pkg/windows/buildenv/salt-cp.bat
View File

@ -9,5 +9,4 @@ Set Python=%SaltDir%\bin\python.exe
Set Script=%SaltDir%\bin\Scripts\salt-cp
:: Launch Script
"%Python%" "%Script%" %*
"%Python%" -E -s "%Script%" %*

3
pkg/windows/buildenv/salt-key.bat
View File

@ -9,5 +9,4 @@ Set Python=%SaltDir%\bin\python.exe
Set Script=%SaltDir%\bin\Scripts\salt-key
:: Launch Script
"%Python%" "%Script%" %*
"%Python%" -E -s "%Script%" %*

3
pkg/windows/buildenv/salt-master.bat
View File

@ -9,5 +9,4 @@ Set Python=%SaltDir%\bin\python.exe
Set Script=%SaltDir%\bin\Scripts\salt-master
:: Launch Script
"%Python%" "%Script%" %*
"%Python%" -E -s "%Script%" %*

3
pkg/windows/buildenv/salt-minion-debug.bat
View File

@ -12,5 +12,4 @@ Set Script=%SaltDir%\bin\Scripts\salt-minion
net stop salt-minion
:: Launch Script
"%Python%" "%Script%" -l debug
"%Python%" -E -s "%Script%" -l debug

3
pkg/windows/buildenv/salt-minion.bat
View File

@ -9,5 +9,4 @@ Set Python=%SaltDir%\bin\python.exe
Set Script=%SaltDir%\bin\Scripts\salt-minion
:: Launch Script
"%Python%" "%Script%" %*
"%Python%" -E -s "%Script%" %*

3
pkg/windows/buildenv/salt-run.bat
View File

@ -9,5 +9,4 @@ Set Python=%SaltDir%\bin\python.exe
Set Script=%SaltDir%\bin\Scripts\salt-run
:: Launch Script
"%Python%" "%Script%" %*
"%Python%" -E -s "%Script%" %*

3
pkg/windows/buildenv/salt.bat
View File

@ -9,5 +9,4 @@ Set Python=%SaltDir%\bin\python.exe
Set Script=%SaltDir%\bin\Scripts\salt
:: Launch Script
"%Python%" "%Script%" %*
"%Python%" -E -s "%Script%" %*

7
pkg/windows/installer/Salt-Minion-Setup.nsi
View File

@ -379,13 +379,12 @@ Section -Post
WriteRegStr HKLM "${PRODUCT_MINION_REGKEY}" "Path" "$INSTDIR\bin\"
; Register the Salt-Minion Service
nsExec::Exec "nssm.exe install salt-minion $INSTDIR\bin\python.exe $INSTDIR\bin\Scripts\salt-minion -c $INSTDIR\conf -l quiet"
nsExec::Exec "nssm.exe set salt-minion AppEnvironmentExtra PYTHONHOME="
nsExec::Exec "nssm.exe install salt-minion $INSTDIR\bin\python.exe -E -s $INSTDIR\bin\Scripts\salt-minion -c $INSTDIR\conf -l quiet"
nsExec::Exec "nssm.exe set salt-minion Description Salt Minion from saltstack.com"
nsExec::Exec "nssm.exe set salt-minion Start SERVICE_AUTO_START"
nsExec::Exec "nssm.exe set salt-minion AppNoConsole 1"
RMDir /R "$INSTDIR\var\cache\salt" ; removing cache from old version
nsExec::Exec "nssm.exe set salt-minion AppStopMethodConsole 24000"
nsExec::Exec "nssm.exe set salt-minion AppStopMethodWindow 2000"
Call updateMinionConfig

1
requirements/opt.txt
View File

@ -5,3 +5,4 @@ yappi>=0.8.2
--allow-unverified python-neutronclient>2.3.6
python-gnupg
cherrypy>=3.2.2
libnacl

24
salt/__init__.py
View File

@ -7,6 +7,7 @@ Salt package
from __future__ import absolute_import
import warnings
# future lint: disable=non-unicode-string
# All salt related deprecation warnings should be shown once each!
warnings.filterwarnings(
'once', # Show once
@ -14,18 +15,19 @@ warnings.filterwarnings(
DeprecationWarning, # This filter is for DeprecationWarnings
r'^(salt|salt\.(.*))$' # Match module(s) 'salt' and 'salt.<whatever>'
)
# future lint: enable=non-unicode-string
# While we are supporting Python2.6, hide nested with-statements warnings
warnings.filterwarnings(
'ignore',
'With-statements now directly support multiple context managers',
u'ignore',
u'With-statements now directly support multiple context managers',
DeprecationWarning
)
# Filter the backports package UserWarning about being re-imported
warnings.filterwarnings(
'ignore',
'^Module backports was already imported from (.*), but (.*) is being added to sys.path$',
u'ignore',
u'^Module backports was already imported from (.*), but (.*) is being added to sys.path$',
UserWarning
)
@ -37,7 +39,7 @@ def __define_global_system_encoding_variable__():
# and reset to None
encoding = None
if not sys.platform.startswith('win') and sys.stdin is not None:
if not sys.platform.startswith(u'win') and sys.stdin is not None:
# On linux we can rely on sys.stdin for the encoding since it
# most commonly matches the filesystem encoding. This however
# does not apply to windows
@ -63,16 +65,16 @@ def __define_global_system_encoding_variable__():
# the way back to ascii
encoding = sys.getdefaultencoding()
if not encoding:
if sys.platform.startswith('darwin'):
if sys.platform.startswith(u'darwin'):
# Mac OS X uses UTF-8
encoding = 'utf-8'
elif sys.platform.startswith('win'):
encoding = u'utf-8'
elif sys.platform.startswith(u'win'):
# Windows uses a configurable encoding; on Windows, Python uses the name “mbcs”
# to refer to whatever the currently configured encoding is.
encoding = 'mbcs'
encoding = u'mbcs'
else:
# On linux default to ascii as a last resort
encoding = 'ascii'
encoding = u'ascii'
# We can't use six.moves.builtins because these builtins get deleted sooner
# than expected. See:
@ -83,7 +85,7 @@ def __define_global_system_encoding_variable__():
import builtins # pylint: disable=import-error
# Define the detected encoding as a built-in variable for ease of use
setattr(builtins, '__salt_system_encoding__', encoding)
setattr(builtins, u'__salt_system_encoding__', encoding)
# This is now garbage collectable
del sys

24
salt/_compat.py
View File

@ -46,7 +46,7 @@ else:
if HAS_XML:
if not hasattr(ElementTree, 'ParseError'):
if not hasattr(ElementTree, u'ParseError'):
class ParseError(Exception):
'''
older versions of ElementTree do not have ParseError
@ -56,7 +56,7 @@ if HAS_XML:
ElementTree.ParseError = ParseError
def text_(s, encoding='latin-1', errors='strict'):
def text_(s, encoding=u'latin-1', errors=u'strict'):
'''
If ``s`` is an instance of ``binary_type``, return
``s.decode(encoding, errors)``, otherwise return ``s``
@ -66,7 +66,7 @@ def text_(s, encoding='latin-1', errors='strict'):
return s
def bytes_(s, encoding='latin-1', errors='strict'):
def bytes_(s, encoding=u'latin-1', errors=u'strict'):
'''
If ``s`` is an instance of ``text_type``, return
``s.encode(encoding, errors)``, otherwise return ``s``
@ -79,25 +79,25 @@ def bytes_(s, encoding='latin-1', errors='strict'):
if PY3:
def ascii_native_(s):
if isinstance(s, text_type):
s = s.encode('ascii')
return str(s, 'ascii', 'strict')
s = s.encode(u'ascii')
return str(s, u'ascii', u'strict')
else:
def ascii_native_(s):
if isinstance(s, text_type):
s = s.encode('ascii')
s = s.encode(u'ascii')
return str(s)
ascii_native_.__doc__ = '''
Python 3: If ``s`` is an instance of ``text_type``, return
``s.encode('ascii')``, otherwise return ``str(s, 'ascii', 'strict')``
``s.encode(u'ascii')``, otherwise return ``str(s, 'ascii', 'strict')``
Python 2: If ``s`` is an instance of ``text_type``, return
``s.encode('ascii')``, otherwise return ``str(s)``
'''
``s.encode(u'ascii')``, otherwise return ``str(s)``
''' # future lint: disable=non-unicode-string
if PY3:
def native_(s, encoding='latin-1', errors='strict'):
def native_(s, encoding=u'latin-1', errors=u'strict'):
'''
If ``s`` is an instance of ``text_type``, return
``s``, otherwise return ``str(s, encoding, errors)``
@ -106,7 +106,7 @@ if PY3:
return s
return str(s, encoding, errors)
else:
def native_(s, encoding='latin-1', errors='strict'):
def native_(s, encoding=u'latin-1', errors=u'strict'):
'''
If ``s`` is an instance of ``text_type``, return
``s.encode(encoding, errors)``, otherwise return ``str(s)``
@ -121,7 +121,7 @@ return ``str(s, encoding, errors)``
Python 2: If ``s`` is an instance of ``text_type``, return
``s.encode(encoding, errors)``, otherwise return ``str(s)``
'''
''' # future lint: disable=non-unicode-string
def string_io(data=None): # cStringIO can't handle unicode

7
salt/acl/__init__.py
View File

@ -10,8 +10,13 @@ found by reading the salt documentation:
# Import python libraries
from __future__ import absolute_import
# Import salt libs
import salt.utils
# Import 3rd-party libs
from salt.ext import six
class PublisherACL(object):
'''
@ -30,7 +35,7 @@ class PublisherACL(object):
def cmd_is_blacklisted(self, cmd):
# If this is a regular command, it is a single function
if isinstance(cmd, str):
if isinstance(cmd, six.string_types):
cmd = [cmd]
for fun in cmd:
if not salt.utils.check_whitelist_blacklist(fun, blacklist=self.blacklist.get('modules', [])):

2
salt/auth/django.py
View File

@ -55,7 +55,7 @@ import sys
# Import 3rd-party libs
import salt.ext.six as six
from salt.ext import six
# pylint: disable=import-error
try:
import django

6
salt/auth/file.py
View File

@ -101,8 +101,8 @@ import logging
import os
# Import salt utils
import salt.utils
import salt.utils.files
import salt.utils.versions
log = logging.getLogger(__name__)
@ -200,7 +200,7 @@ def _htpasswd(username, password, **kwargs):
pwfile = HtpasswdFile(kwargs['filename'])
# passlib below version 1.6 uses 'verify' function instead of 'check_password'
if salt.utils.version_cmp(kwargs['passlib_version'], '1.6') < 0:
if salt.utils.versions.version_cmp(kwargs['passlib_version'], '1.6') < 0:
return pwfile.verify(username, password)
else:
return pwfile.check_password(username, password)
@ -222,7 +222,7 @@ def _htdigest(username, password, **kwargs):
pwfile = HtdigestFile(kwargs['filename'])
# passlib below version 1.6 uses 'verify' function instead of 'check_password'
if salt.utils.version_cmp(kwargs['passlib_version'], '1.6') < 0:
if salt.utils.versions.version_cmp(kwargs['passlib_version'], '1.6') < 0:
return pwfile.verify(username, realm, password)
else:
return pwfile.check_password(username, realm, password)

23
salt/auth/ldap.py
View File

@ -8,7 +8,7 @@ Provide authentication using simple LDAP binds
# Import python libs
from __future__ import absolute_import
import logging
import salt.ext.six as six
from salt.ext import six
# Import salt libs
from salt.exceptions import CommandExecutionError, SaltInvocationError
@ -280,8 +280,14 @@ def auth(username, password):
'''
Simple LDAP auth
'''
if _bind(username, password, anonymous=_config('auth_by_group_membership_only', mandatory=False) and
_config('anonymous', mandatory=False)):
#If bind credentials are configured, use them instead of user's
if _config('binddn', mandatory=False) and _config('bindpw', mandatory=False):
bind = _bind_for_search(anonymous=_config('anonymous', mandatory=False))
else:
bind = _bind(username, password, anonymous=_config('auth_by_group_membership_only', mandatory=False) and
_config('anonymous', mandatory=False))
if bind:
log.debug('LDAP authentication successful')
return True
else:
@ -306,8 +312,9 @@ def groups(username, **kwargs):
'''
group_list = []
bind = _bind(username, kwargs['password'],
anonymous=_config('anonymous', mandatory=False))
# Perform un-authenticated bind to determine group membership
bind = _bind_for_search(anonymous=_config('anonymous', mandatory=False))
if bind:
log.debug('ldap bind to determine group membership succeeded!')
@ -381,7 +388,11 @@ def groups(username, **kwargs):
group_list.append(group.split(',')[0].split('=')[-1])
log.debug('User {0} is a member of groups: {1}'.format(username, group_list))
if not auth(username, kwargs['password']):
# Only test user auth on first call for job.
# 'show_jid' only exists on first payload so we can use that for the conditional.
if 'show_jid' in kwargs and not _bind(username, kwargs['password'],
anonymous=_config('auth_by_group_membership_only', mandatory=False) and
_config('anonymous', mandatory=False)):
log.error('LDAP username and password do not match')
return []
else:

6
salt/auth/pam.py
View File

@ -42,11 +42,11 @@ from ctypes import c_void_p, c_uint, c_char_p, c_char, c_int
from ctypes.util import find_library
# Import Salt libs
from salt.utils import get_group_list
import salt.utils # Can be removed once get_group_list is moved
from salt.ext.six.moves import range # pylint: disable=import-error,redefined-builtin
# Import 3rd-party libs
import salt.ext.six as six
from salt.ext import six
LIBPAM = CDLL(find_library('pam'))
LIBC = CDLL(find_library('c'))
@ -214,4 +214,4 @@ def groups(username, *args, **kwargs):
Uses system groups
'''
return get_group_list(username)
return salt.utils.get_group_list(username)

71
salt/auth/stormpath.py
View File

@ -1,71 +0,0 @@
# -*- coding: utf-8 -*-
'''
Provide authentication using Stormpath.
This driver requires some extra configuration beyond that which Stormpath
normally requires.
.. code-block:: yaml
stormpath:
apiid: 1234567890
apikey: 1234567890/ABCDEF
# Can use an application ID
application: 6789012345
# Or can use a directory ID
directory: 3456789012
# But not both
.. versionadded:: 2015.8.0
'''
from __future__ import absolute_import
import json
import base64
import urllib
import salt.utils.http
import logging
log = logging.getLogger(__name__)
def auth(username, password):
'''
Authenticate using a Stormpath directory or application
'''
apiid = __opts__.get('stormpath', {}).get('apiid', None)
apikey = __opts__.get('stormpath', {}).get('apikey', None)
application = __opts__.get('stormpath', {}).get('application', None)
path = 'https://api.stormpath.com/v1'
if application is not None:
path = '{0}/applications/{1}/loginAttempts'.format(path, application)
else:
return False
username = urllib.quote(username)
data = {
'type': 'basic',
'value': base64.b64encode('{0}:{1}'.format(username, password))
}
log.debug('{0}:{1}'.format(username, password))
log.debug(path)
log.debug(data)
log.debug(json.dumps(data))
result = salt.utils.http.query(
path,
method='POST',
username=apiid,
password=apikey,
data=json.dumps(data),
header_dict={'Content-type': 'application/json;charset=UTF-8'},
decode=False,
status=True,
opts=__opts__,
)
log.debug(result)
if result.get('status', 403) == 200:
return True
return False

19
salt/beacons/__init__.py
View File

@ -37,8 +37,9 @@ class Beacon(object):
.. code_block:: yaml
beacons:
inotify:
- /etc/fstab: {}
- /var/cache/foo: {}
- files:
- /etc/fstab: {}
- /var/cache/foo: {}
'''
ret = []
b_config = copy.deepcopy(config)
@ -69,6 +70,7 @@ class Beacon(object):
log.trace('Beacon processing: {0}'.format(mod))
fun_str = '{0}.beacon'.format(mod)
validate_str = '{0}.validate'.format(mod)
if fun_str in self.beacons:
runonce = self._determine_beacon_config(current_beacon_config, 'run_once')
interval = self._determine_beacon_config(current_beacon_config, 'interval')
@ -95,6 +97,17 @@ class Beacon(object):
continue
# Update __grains__ on the beacon
self.beacons[fun_str].__globals__['__grains__'] = grains
# Run the validate function if it's available,
# otherwise there is a warning about it being missing
if validate_str in self.beacons:
valid, vcomment = self.beacons[validate_str](b_config[mod])
if not valid:
log.info('Beacon %s configuration invalid, '
'not running.\n%s', mod, vcomment)
continue
# Fire the beacon!
raw = self.beacons[fun_str](b_config[mod])
for data in raw:
@ -193,6 +206,8 @@ class Beacon(object):
# Fire the complete event back along with the list of beacons
evt = salt.utils.event.get_event('minion', opts=self.opts)
b_conf = self.functions['config.merge']('beacons')
if not isinstance(self.opts['beacons'], dict):
self.opts['beacons'] = {}
self.opts['beacons'].update(b_conf)
evt.fire_event({'complete': True, 'beacons': self.opts['beacons']},
tag='/salt/minion/minion_beacons_list_complete')

59
salt/beacons/adb.py
View File

@ -10,7 +10,8 @@ from __future__ import absolute_import
import logging
# Salt libs
import salt.utils
import salt.utils.path
from salt.ext.six.moves import map
log = logging.getLogger(__name__)
@ -21,32 +22,41 @@ last_state_extra = {'value': False, 'no_devices': False}
def __virtual__():
which_result = salt.utils.which('adb')
which_result = salt.utils.path.which('adb')
if which_result is None:
return False
else:
return __virtualname__
def __validate__(config):
def validate(config):
'''
Validate the beacon configuration
'''
# Configuration for adb beacon should be a dictionary with states array
if not isinstance(config, dict):
log.info('Configuration for adb beacon must be a dict.')
return False, ('Configuration for adb beacon must be a dict.')
elif 'states' not in config.keys():
if not isinstance(config, list):
log.info('Configuration for adb beacon must be a list.')
return False, ('Configuration for adb beacon must be a list.')
_config = {}
list(map(_config.update, config))
if 'states' not in _config:
log.info('Configuration for adb beacon must include a states array.')
return False, ('Configuration for adb beacon must include a states array.')
else:
states = ['offline', 'bootloader', 'device', 'host', 'recovery', 'no permissions',
'sideload', 'unauthorized', 'unknown', 'missing']
if any(s not in states for s in config['states']):
log.info('Need a one of the following adb '
'states: {0}'.format(', '.join(states)))
return False, ('Need a one of the following adb '
'states: {0}'.format(', '.join(states)))
if not isinstance(_config['states'], list):
log.info('Configuration for adb beacon must include a states array.')
return False, ('Configuration for adb beacon must include a states array.')
else:
states = ['offline', 'bootloader', 'device', 'host',
'recovery', 'no permissions',
'sideload', 'unauthorized', 'unknown', 'missing']
if any(s not in states for s in _config['states']):
log.info('Need a one of the following adb '
'states: {0}'.format(', '.join(states)))
return False, ('Need a one of the following adb '
'states: {0}'.format(', '.join(states)))
return True, 'Valid beacon configuration'
@ -74,11 +84,10 @@ def beacon(config):
log.trace('adb beacon starting')
ret = []
_validate = __validate__(config)
if not _validate[0]:
return ret
_config = {}
list(map(_config.update, config))
out = __salt__['cmd.run']('adb devices', runas=config.get('user', None))
out = __salt__['cmd.run']('adb devices', runas=_config.get('user', None))
lines = out.split('\n')[1:]
last_state_devices = list(last_state.keys())
@ -90,21 +99,21 @@ def beacon(config):
found_devices.append(device)
if device not in last_state_devices or \
('state' in last_state[device] and last_state[device]['state'] != state):
if state in config['states']:
if state in _config['states']:
ret.append({'device': device, 'state': state, 'tag': state})
last_state[device] = {'state': state}
if 'battery_low' in config:
if 'battery_low' in _config:
val = last_state.get(device, {})
cmd = 'adb -s {0} shell cat /sys/class/power_supply/*/capacity'.format(device)
battery_levels = __salt__['cmd.run'](cmd, runas=config.get('user', None)).split('\n')
battery_levels = __salt__['cmd.run'](cmd, runas=_config.get('user', None)).split('\n')
for l in battery_levels:
battery_level = int(l)
if 0 < battery_level < 100:
if 'battery' not in val or battery_level != val['battery']:
if ('battery' not in val or val['battery'] > config['battery_low']) and \
battery_level <= config['battery_low']:
if ('battery' not in val or val['battery'] > _config['battery_low']) and \
battery_level <= _config['battery_low']:
ret.append({'device': device, 'battery_level': battery_level, 'tag': 'battery_low'})
if device not in last_state:
@ -118,13 +127,13 @@ def beacon(config):
# Find missing devices and remove them / send an event
for device in last_state_devices:
if device not in found_devices:
if 'missing' in config['states']:
if 'missing' in _config['states']:
ret.append({'device': device, 'state': 'missing', 'tag': 'missing'})
del last_state[device]
# Maybe send an event if we don't have any devices
if 'no_devices_event' in config and config['no_devices_event'] is True:
if 'no_devices_event' in _config and _config['no_devices_event'] is True:
if len(found_devices) == 0 and not last_state_extra['no_devices']:
ret.append({'tag': 'no_devices'})

76
salt/beacons/avahi_announce.py
View File

@ -15,6 +15,7 @@ Dependencies
from __future__ import absolute_import
import logging
import time
from salt.ext.six.moves import map
# Import 3rd Party libs
try:
@ -54,17 +55,23 @@ def __virtual__():
'\'python-avahi\' dependency is missing.'.format(__virtualname__)
def __validate__(config):
def validate(config):
'''
Validate the beacon configuration
'''
if not isinstance(config, dict):
return False, ('Configuration for avahi_announcement '
'beacon must be a dictionary')
elif not all(x in list(config.keys()) for x in ('servicetype', 'port', 'txt')):
_config = {}
list(map(_config.update, config))
if not isinstance(config, list):
return False, ('Configuration for avahi_announce '
'beacon must be a list.')
elif not all(x in _config for x in ('servicetype',
'port',
'txt')):
return False, ('Configuration for avahi_announce beacon '
'must contain servicetype, port and txt items')
return True, 'Valid beacon configuration'
'must contain servicetype, port and txt items.')
return True, 'Valid beacon configuration.'
def _enforce_txt_record_maxlen(key, value):
@ -138,13 +145,13 @@ def beacon(config):
beacons:
avahi_announce:
run_once: True
servicetype: _demo._tcp
port: 1234
txt:
ProdName: grains.productname
SerialNo: grains.serialnumber
Comments: 'this is a test'
- run_once: True
- servicetype: _demo._tcp
- port: 1234
- txt:
ProdName: grains.productname
SerialNo: grains.serialnumber
Comments: 'this is a test'
'''
ret = []
changes = {}
@ -152,30 +159,27 @@ def beacon(config):
global LAST_GRAINS
_validate = __validate__(config)
if not _validate[0]:
log.warning('Beacon {0} configuration invalid, '
'not adding. {1}'.format(__virtualname__, _validate[1]))
return ret
_config = {}
list(map(_config.update, config))
if 'servicename' in config:
servicename = config['servicename']
if 'servicename' in _config:
servicename = _config['servicename']
else:
servicename = __grains__['host']
# Check for hostname change
if LAST_GRAINS and LAST_GRAINS['host'] != servicename:
changes['servicename'] = servicename
if LAST_GRAINS and config.get('reset_on_change', False):
if LAST_GRAINS and _config.get('reset_on_change', False):
# Check for IP address change in the case when we reset on change
if LAST_GRAINS.get('ipv4', []) != __grains__.get('ipv4', []):
changes['ipv4'] = __grains__.get('ipv4', [])
if LAST_GRAINS.get('ipv6', []) != __grains__.get('ipv6', []):
changes['ipv6'] = __grains__.get('ipv6', [])
for item in config['txt']:
if config['txt'][item].startswith('grains.'):
grain = config['txt'][item][7:]
for item in _config['txt']:
if _config['txt'][item].startswith('grains.'):
grain = _config['txt'][item][7:]
grain_index = None
square_bracket = grain.find('[')
if square_bracket != -1 and grain[-1] == ']':
@ -192,7 +196,7 @@ def beacon(config):
if LAST_GRAINS and (LAST_GRAINS.get(grain, '') != __grains__.get(grain, '')):
changes[str('txt.' + item)] = txt[item]
else:
txt[item] = _enforce_txt_record_maxlen(item, config['txt'][item])
txt[item] = _enforce_txt_record_maxlen(item, _config['txt'][item])
if not LAST_GRAINS:
changes[str('txt.' + item)] = txt[item]
@ -200,33 +204,33 @@ def beacon(config):
if changes:
if not LAST_GRAINS:
changes['servicename'] = servicename
changes['servicetype'] = config['servicetype']
changes['port'] = config['port']
changes['servicetype'] = _config['servicetype']
changes['port'] = _config['port']
changes['ipv4'] = __grains__.get('ipv4', [])
changes['ipv6'] = __grains__.get('ipv6', [])
GROUP.AddService(avahi.IF_UNSPEC, avahi.PROTO_UNSPEC, dbus.UInt32(0),
servicename, config['servicetype'], '', '',
dbus.UInt16(config['port']), avahi.dict_to_txt_array(txt))
servicename, _config['servicetype'], '', '',
dbus.UInt16(_config['port']), avahi.dict_to_txt_array(txt))
GROUP.Commit()
elif config.get('reset_on_change', False) or 'servicename' in changes:
elif _config.get('reset_on_change', False) or 'servicename' in changes:
# A change in 'servicename' requires a reset because we can only
# directly update TXT records
GROUP.Reset()
reset_wait = config.get('reset_wait', 0)
reset_wait = _config.get('reset_wait', 0)
if reset_wait > 0:
time.sleep(reset_wait)
GROUP.AddService(avahi.IF_UNSPEC, avahi.PROTO_UNSPEC, dbus.UInt32(0),
servicename, config['servicetype'], '', '',
dbus.UInt16(config['port']), avahi.dict_to_txt_array(txt))
servicename, _config['servicetype'], '', '',
dbus.UInt16(_config['port']), avahi.dict_to_txt_array(txt))
GROUP.Commit()
else:
GROUP.UpdateServiceTxt(avahi.IF_UNSPEC, avahi.PROTO_UNSPEC, dbus.UInt32(0),
servicename, config['servicetype'], '',
servicename, _config['servicetype'], '',
avahi.dict_to_txt_array(txt))
ret.append({'tag': 'result', 'changes': changes})
if config.get('copy_grains', False):
if _config.get('copy_grains', False):
LAST_GRAINS = __grains__.copy()
else:
LAST_GRAINS = __grains__

74
salt/beacons/bonjour_announce.py
View File

@ -9,6 +9,7 @@ import atexit
import logging
import select
import time
from salt.ext.six.moves import map
# Import 3rd Party libs
try:
@ -47,17 +48,23 @@ def _register_callback(sdRef, flags, errorCode, name, regtype, domain): # pylin
log.error('Bonjour registration failed with error code {0}'.format(errorCode))
def __validate__(config):
def validate(config):
'''
Validate the beacon configuration
'''
if not isinstance(config, dict):
return False, ('Configuration for bonjour_announcement '
'beacon must be a dictionary')
elif not all(x in list(config.keys()) for x in ('servicetype', 'port', 'txt')):
_config = {}
list(map(_config.update, config))
if not isinstance(config, list):
return False, ('Configuration for bonjour_announce '
'beacon must be a list.')
elif not all(x in _config for x in ('servicetype',
'port',
'txt')):
return False, ('Configuration for bonjour_announce beacon '
'must contain servicetype, port and txt items')
return True, 'Valid beacon configuration'
'must contain servicetype, port and txt items.')
return True, 'Valid beacon configuration.'
def _enforce_txt_record_maxlen(key, value):
@ -131,13 +138,13 @@ def beacon(config):
beacons:
bonjour_announce:
run_once: True
servicetype: _demo._tcp
port: 1234
txt:
ProdName: grains.productname
SerialNo: grains.serialnumber
Comments: 'this is a test'
- run_once: True
- servicetype: _demo._tcp
- port: 1234
- txt:
ProdName: grains.productname
SerialNo: grains.serialnumber
Comments: 'this is a test'
'''
ret = []
changes = {}
@ -146,30 +153,27 @@ def beacon(config):
global LAST_GRAINS
global SD_REF
_validate = __validate__(config)
if not _validate[0]:
log.warning('Beacon {0} configuration invalid, '
'not adding. {1}'.format(__virtualname__, _validate[1]))
return ret
_config = {}
list(map(_config.update, config))
if 'servicename' in config:
servicename = config['servicename']
if 'servicename' in _config:
servicename = _config['servicename']
else:
servicename = __grains__['host']
# Check for hostname change
if LAST_GRAINS and LAST_GRAINS['host'] != servicename:
changes['servicename'] = servicename
if LAST_GRAINS and config.get('reset_on_change', False):
if LAST_GRAINS and _config.get('reset_on_change', False):
# Check for IP address change in the case when we reset on change
if LAST_GRAINS.get('ipv4', []) != __grains__.get('ipv4', []):
changes['ipv4'] = __grains__.get('ipv4', [])
if LAST_GRAINS.get('ipv6', []) != __grains__.get('ipv6', []):
changes['ipv6'] = __grains__.get('ipv6', [])
for item in config['txt']:
if config['txt'][item].startswith('grains.'):
grain = config['txt'][item][7:]
for item in _config['txt']:
if _config['txt'][item].startswith('grains.'):
grain = _config['txt'][item][7:]
grain_index = None
square_bracket = grain.find('[')
if square_bracket != -1 and grain[-1] == ']':
@ -186,7 +190,7 @@ def beacon(config):
if LAST_GRAINS and (LAST_GRAINS.get(grain, '') != __grains__.get(grain, '')):
changes[str('txt.' + item)] = txt[item]
else:
txt[item] = _enforce_txt_record_maxlen(item, config['txt'][item])
txt[item] = _enforce_txt_record_maxlen(item, _config['txt'][item])
if not LAST_GRAINS:
changes[str('txt.' + item)] = txt[item]
@ -195,32 +199,32 @@ def beacon(config):
txt_record = pybonjour.TXTRecord(items=txt)
if not LAST_GRAINS:
changes['servicename'] = servicename
changes['servicetype'] = config['servicetype']
changes['port'] = config['port']
changes['servicetype'] = _config['servicetype']
changes['port'] = _config['port']
changes['ipv4'] = __grains__.get('ipv4', [])
changes['ipv6'] = __grains__.get('ipv6', [])
SD_REF = pybonjour.DNSServiceRegister(
name=servicename,
regtype=config['servicetype'],
port=config['port'],
regtype=_config['servicetype'],
port=_config['port'],
txtRecord=txt_record,
callBack=_register_callback)
atexit.register(_close_sd_ref)
ready = select.select([SD_REF], [], [])
if SD_REF in ready[0]:
pybonjour.DNSServiceProcessResult(SD_REF)
elif config.get('reset_on_change', False) or 'servicename' in changes:
elif _config.get('reset_on_change', False) or 'servicename' in changes:
# A change in 'servicename' requires a reset because we can only
# directly update TXT records
SD_REF.close()
SD_REF = None
reset_wait = config.get('reset_wait', 0)
reset_wait = _config.get('reset_wait', 0)
if reset_wait > 0:
time.sleep(reset_wait)
SD_REF = pybonjour.DNSServiceRegister(
name=servicename,
regtype=config['servicetype'],
port=config['port'],
regtype=_config['servicetype'],
port=_config['port'],
txtRecord=txt_record,
callBack=_register_callback)
ready = select.select([SD_REF], [], [])
@ -236,7 +240,7 @@ def beacon(config):
ret.append({'tag': 'result', 'changes': changes})
if config.get('copy_grains', False):
if _config.get('copy_grains', False):
LAST_GRAINS = __grains__.copy()
else:
LAST_GRAINS = __grains__

15
salt/beacons/btmp.py
View File

@ -5,7 +5,7 @@ Beacon to fire events at failed login of users
.. code-block:: yaml
beacons:
btmp: {}
btmp: []
'''
# Import python libs
@ -16,6 +16,9 @@ import struct
# Import Salt Libs
import salt.utils.files
# Import 3rd-party libs
from salt.ext import six
__virtualname__ = 'btmp'
BTMP = '/var/log/btmp'
FMT = 'hi32s4s32s256shhiii4i20x'
@ -49,14 +52,14 @@ def _get_loc():
return __context__[LOC_KEY]
def __validate__(config):
def validate(config):
'''
Validate the beacon configuration
'''
# Configuration for load beacon should be a list of dicts
if not isinstance(config, dict):
if not isinstance(config, list):
return False, ('Configuration for btmp beacon must '
'be a list of dictionaries.')
'be a list.')
return True, 'Valid beacon configuration'
@ -68,7 +71,7 @@ def beacon(config):
.. code-block:: yaml
beacons:
btmp: {}
btmp: []
'''
ret = []
with salt.utils.files.fopen(BTMP, 'rb') as fp_:
@ -88,7 +91,7 @@ def beacon(config):
event = {}
for ind, field in enumerate(FIELDS):
event[field] = pack[ind]
if isinstance(event[field], str):
if isinstance(event[field], six.string_types):
event[field] = event[field].strip('\x00')
ret.append(event)
return ret

Some files were not shown because too many files have changed in this diff Show More