valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-08 01:18:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'develop' into fix/rabbitmq_policy

Browse Source
This commit is contained in:
Nicole Thomas 2017-09-28 12:01:13 -04:00 committed by GitHub
commit 28b9d9af26
1771 changed files with 99714 additions and 31171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
.github/CODEOWNERS vendored Normal file
View File

@ -0,0 +1,60 @@
# SALTSTACK CODE OWNERS
# See https://help.github.com/articles/about-codeowners/
# for more info about CODEOWNERS file
# Lines starting with '#' are comments.
# Each line is a file pattern followed by one or more owners.
# See https://help.github.com/articles/about-codeowners/
# for more info about the CODEOWNERS file
# Team Boto
salt/**/*boto* @saltstack/team-boto
# Team Core
salt/auth/ @saltstack/team-core
salt/cache/ @saltstack/team-core
salt/cli/ @saltstack/team-core
salt/client/* @saltstack/team-core
salt/config/* @saltstack/team-core
salt/daemons/ @saltstack/team-core
salt/pillar/ @saltstack/team-core
salt/loader.py @saltstack/team-core
salt/payload.py @saltstack/team-core
salt/**/master* @saltstack/team-core
salt/**/minion* @saltstack/team-core
# Team Cloud
salt/cloud/ @saltstack/team-cloud
salt/utils/openstack/ @saltstack/team-cloud
salt/utils/aws.py @saltstack/team-cloud
salt/**/*cloud* @saltstack/team-cloud
# Team NetAPI
salt/cli/api.py @saltstack/team-netapi
salt/client/netapi.py @saltstack/team-netapi
salt/netapi/ @saltstack/team-netapi
# Team Network
salt/proxy/ @saltstack/team-proxy
# Team SPM
salt/cli/spm.py @saltstack/team-spm
salt/spm/ @saltstack/team-spm
# Team SSH
salt/cli/ssh.py @saltstack/team-ssh
salt/client/ssh/ @saltstack/team-ssh
salt/runners/ssh.py @saltstack/team-ssh
salt/**/thin.py @saltstack/team-ssh
# Team State
salt/state.py @saltstack/team-state
# Team Transport
salt/transport/ @saltstack/team-transport
salt/utils/zeromq.py @saltstack/team-transport
# Team Windows
salt/**/*win* @saltstack/team-windows

33
.github/stale.yml vendored Normal file
View File

@ -0,0 +1,33 @@
# Probot Stale configuration file
# Number of days of inactivity before an issue becomes stale
# 1000 is approximately 2 years and 9 months
daysUntilStale: 1000
# Number of days of inactivity before a stale issue is closed
daysUntilClose: 7
# Issues with these labels will never be considered stale
#exemptLabels:
# - pinned
# - security
# Label to use when marking an issue as stale
staleLabel: stale
# Comment to post when marking an issue as stale. Set to `false` to disable
markComment: |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.
# Comment to post when removing the stale label. Set to `false` to disable
unmarkComment: |
Thank you for updating this issue. It is no longer marked as stale.
# Comment to post when closing a stale issue. Set to `false` to disable
closeComment: false
# Limit to only `issues` or `pulls`
only: issues

14
.mention-bot
View File

@ -1,5 +1,17 @@
{
"alwaysNotifyForPaths": [
{
"name": "ryan-lane",
"files": ["salt/**/*boto*.py"],
"skipTeamPrs": false
},
{
"name": "tkwilliams",
"files": ["salt/**/*boto*.py"],
"skipTeamPrs": false
}
],
"skipTitle": "Merge forward",
"userBlacklist": ["cvrebert", "markusgattol", "olliewalsh"]
"userBlacklist": ["cvrebert", "markusgattol", "olliewalsh", "basepi"]
}

2
.pylintrc
View File

@ -74,7 +74,7 @@ confidence=
# can either give multiple identifiers separated by comma (,) or put this
# option multiple times (only on the command line, not in the configuration
# file where it should appear only once).You can also use "--disable=all" to
# disable everything first and then reenable specific checks. For example, if
# disable everything first and then re-enable specific checks. For example, if
# you want to run only the similarities checker, you can use "--disable=all
# --enable=similarities". If you want to run only the classes checker, but have
# no Warning level messages displayed, use"--disable=all --enable=classes

2
.testing.pylintrc
View File

@ -71,7 +71,7 @@ confidence=
# can either give multiple identifiers separated by comma (,) or put this
# option multiple times (only on the command line, not in the configuration
# file where it should appear only once).You can also use "--disable=all" to
# disable everything first and then reenable specific checks. For example, if
# disable everything first and then re-enable specific checks. For example, if
# you want to run only the similarities checker, you can use "--disable=all
# --enable=similarities". If you want to run only the classes checker, but have
# no Warning level messages displayed, use"--disable=all --enable=classes

0
CONDUCT.md → CODE_OF_CONDUCT.md
View File

12
README.rst
View File

@ -67,10 +67,11 @@ Engage SaltStack
`SaltConf`_, **User Groups and Meetups** - SaltStack has a vibrant and `global
community`_ of customers, users, developers and enthusiasts. Connect with other
Salted folks in your area of the world, or join `SaltConf16`_, the SaltStack
annual user conference, April 19-21 in Salt Lake City. Please let us know if
you would like to start a user group or if we should add your existing
SaltStack user group to this list by emailing: info@saltstack.com
Salted folks in your area of the world, or join `SaltConf`_, the SaltStack
annual user conference held in Salt Lake City. Please visit the `SaltConf`_ site
for details of our next conference. Also, please let us know if you would like
to start a user group or if we should add your existing SaltStack user group to
this list by emailing: info@saltstack.com
**SaltStack Training** - Get access to proprietary `SaltStack education
offerings`_ through instructor-led training offered on-site, virtually or at
@ -89,9 +90,8 @@ services`_ offerings.
* LinkedIn Group - `<https://www.linkedin.com/groups/4877160>`_
* Google+ - `<https://plus.google.com/b/112856352920437801867/+SaltStackInc/posts>`_
.. _SaltConf: http://www.youtube.com/user/saltstack
.. _global community: http://www.meetup.com/pro/saltstack/
.. _SaltConf16: http://saltconf.com/
.. _SaltConf: http://saltconf.com/
.. _SaltStack education offerings: http://saltstack.com/training/
.. _SaltStack Certified Engineer (SSCE): http://saltstack.com/certification/
.. _SaltStack professional services: http://saltstack.com/services/

11
conf/cloud
View File

@ -97,3 +97,14 @@
#
#delete_sshkeys: False
# Whether or not to include grains information in the /etc/salt/minion file
# which is generated when the minion is provisioned. For example...
# grains:
# salt-cloud:
# driver: ec2
# provider: my_ec2:ec2
# profile: micro_ec2
#
# Default: 'True'
#
#enable_cloud_grains: 'True'

2
conf/cloud.providers
View File

@ -3,7 +3,7 @@
# directory is identical.
#my-digitalocean-config:
# driver: digital_ocean
# driver: digitalocean
# client_key: wFGEwgregeqw3435gDger
# api_key: GDE43t43REGTrkilg43934t34qT43t4dgegerGEgg
# location: New York 1

2
conf/cloud.providers.d/digitalocean.conf
View File

@ -1,5 +1,5 @@
#my-digitalocean-config:
# driver: digital_ocean
# driver: digitalocean
# client_key: wFGEwgregeqw3435gDger
# api_key: GDE43t43REGTrkilg43934t34qT43t4dgegerGEgg
# location: New York 1

109
conf/master
View File

@ -59,15 +59,14 @@
# Directory for custom modules. This directory can contain subdirectories for
# each of Salt's module types such as "runners", "output", "wheel", "modules",
# "states", "returners", etc.
#extension_modules: <no default>
# "states", "returners", "engines", "utils", etc.
#extension_modules: /var/cache/salt/master/extmods
# Directory for custom modules. This directory can contain subdirectories for
# each of Salt's module types such as "runners", "output", "wheel", "modules",
# "states", "returners", "engines", etc.
# "states", "returners", "engines", "utils", etc.
# Like 'extension_modules' but can take an array of paths
#module_dirs: <no default>
# - /var/cache/salt/minion/extmods
#module_dirs: []
# Verify and set permissions on configuration directories at startup:
#verify_env: True
@ -91,6 +90,10 @@
# Set the default outputter used by the salt command. The default is "nested".
#output: nested
# To set a list of additional directories to search for salt outputters, set the
# outputter_dirs option.
#outputter_dirs: []
# Set the default output file used by the salt command. Default is to output
# to the CLI and not to a file. Functions the same way as the "--out-file"
# CLI option, only sets this to a single file for all salt commands.
@ -99,6 +102,9 @@
# Return minions that timeout when running commands like test.ping
#show_timeout: True
# Tell the client to display the jid when a job is published.
#show_jid: False
# By default, output is colored. To disable colored output, set the color value
# to False.
#color: True
@ -294,6 +300,22 @@
##### Security settings #####
##########################################
# Enable passphrase protection of Master private key. Although a string value
# is acceptable; passwords should be stored in an external vaulting mechanism
# and retrieved via sdb. See https://docs.saltstack.com/en/latest/topics/sdb/.
# Passphrase protection is off by default but an example of an sdb profile and
# query is as follows.
# masterkeyring:
# driver: keyring
# service: system
#
# key_pass: sdb://masterkeyring/key_pass
# Enable passphrase protection of the Master signing_key. This only applies if
# master_sign_pubkey is set to True. This is disabled by default.
# master_sign_pubkey: True
# signing_key_pass: sdb://masterkeyring/signing_pass
# Enable "open mode", this mode still maintains encryption, but turns off
# authentication, this is only intended for highly secure environments or for
# the situation where your keys end up in a bad state. If you run in open mode
@ -304,6 +326,9 @@
# public keys from the minions. Note that this is insecure.
#auto_accept: False
# The size of key that should be generated when creating new keys.
#keysize: 2048
# Time in minutes that an incoming public key with a matching name found in
# pki_dir/minion_autosign/keyid is automatically accepted. Expired autosign keys
# are removed when the master checks the minion_autosign directory.
@ -414,6 +439,20 @@
# will cause minion to throw an exception and drop the message.
# sign_pub_messages: False
# Signature verification on messages published from minions
# This requires that minions cryptographically sign the messages they
# publish to the master. If minions are not signing, then log this information
# at loglevel 'INFO' and drop the message without acting on it.
# require_minion_sign_messages: False
# The below will drop messages when their signatures do not validate.
# Note that when this option is False but `require_minion_sign_messages` is True
# minions MUST sign their messages but the validity of their signatures
# is ignored.
# These two config options exist so a Salt infrastructure can be moved
# to signing minion messages gradually.
# drop_messages_signature_fail: False
# Use TLS/SSL encrypted connection between master and minion.
# Can be set to a dictionary containing keyword arguments corresponding to Python's
# 'ssl.wrap_socket' method.
@ -440,6 +479,27 @@
# - /etc/salt/roster.d
# - /opt/salt/some/more/rosters
# The ssh password to log in with.
#ssh_passwd: ''
#The target system's ssh port number.
#ssh_port: 22
# Comma-separated list of ports to scan.
#ssh_scan_ports: 22
# Scanning socket timeout for salt-ssh.
#ssh_scan_timeout: 0.01
# Boolean to run command via sudo.
#ssh_sudo: False
# Number of seconds to wait for a response when establishing an SSH connection.
#ssh_timeout: 60
# The user to log in as.
#ssh_user: root
# The log file of the salt-ssh command:
#ssh_log_file: /var/log/salt/ssh
@ -453,6 +513,18 @@
# authentication with minions
#ssh_use_home_key: False
# Set this to True to default salt-ssh to run with ``-o IdentitiesOnly=yes``.
# This option is intended for situations where the ssh-agent offers many
# different identities and allows ssh to ignore those identities and use the
# only one specified in options.
#ssh_identities_only: False
# List-only nodegroups for salt-ssh. Each group must be formed as either a
# comma-separated list, or a YAML list. This option is useful to group minions
# into easy-to-target groups when using salt-ssh. These groups can then be
# targeted with the normal -N argument to salt-ssh.
#ssh_list_nodegroups: {}
##### Master Module Management #####
##########################################
# Manage how master side modules are loaded.
@ -460,6 +532,9 @@
# Add any additional locations to look for master runners:
#runner_dirs: []
# Add any additional locations to look for master utils:
#utils_dirs: []
# Enable Cython for master side modules:
#cython_enable: False
@ -521,6 +596,11 @@
# If set to 'changes', the output will be full unless the state didn't change.
#state_output: full
# The state_output_diff setting changes whether or not the output from
# successful states is returned. Useful when even the terse output of these
# states is cluttering the logs. Set it to True to ignore them.
#state_output_diff: False
# Automatically aggregate all states that have support for mod_aggregate by
# setting to 'True'. Or pass a list of state module names to automatically
# aggregate just those types.
@ -561,6 +641,10 @@
# - /srv/salt
#
# The master_roots setting configures a master-only copy of the file_roots dictionary,
# used by the state compiler.
#master_roots: /srv/salt-master
# When using multiple environments, each with their own top file, the
# default behaviour is an unordered merge. To prevent top files from
# being merged together and instead to only use the top file from the
@ -905,6 +989,21 @@
#pillar_cache_backend: disk
###### Reactor Settings #####
###########################################
# Define a salt reactor. See https://docs.saltstack.com/en/latest/topics/reactor/
#reactor: []
#Set the TTL for the cache of the reactor configuration.
#reactor_refresh_interval: 60
#Configure the number of workers for the runner/wheel in the reactor.
#reactor_worker_threads: 10
#Define the queue size for workers in the reactor.
#reactor_worker_hwm: 10000
##### Syndic settings #####
##########################################
# The Salt syndic is used to pass commands through a master from a higher

35
conf/minion
View File

@ -151,7 +151,11 @@
# Set the default outputter used by the salt-call command. The default is
# "nested".
#output: nested
#
# To set a list of additional directories to search for salt outputters, set the
# outputter_dirs option.
#outputter_dirs: []
# By default output is colored. To disable colored output, set the color value
# to False.
#color: True
@ -231,7 +235,7 @@
# cause sub minion process to restart.
#auth_safemode: False
# Ping Master to ensure connection is alive (minutes).
# Ping Master to ensure connection is alive (seconds).
#ping_interval: 0
# To auto recover minions if master changes IP address (DDNS)
@ -369,6 +373,9 @@
# interface: eth0
# cidr: '10.0.0.0/8'
# The number of minutes between mine updates.
#mine_interval: 60
# Windows platforms lack posix IPC and must rely on slower TCP based inter-
# process communications. Set ipc_mode to 'tcp' on such systems
#ipc_mode: ipc
@ -613,6 +620,9 @@
# you do so at your own risk!
#open_mode: False
# The size of key that should be generated when creating new keys.
#keysize: 2048
# Enable permissive access to the salt keys. This allows you to run the
# master or minion as root, but have a non-root group be given access to
# your pki_dir. To make the access explicit, root must belong to the group
@ -654,6 +664,21 @@
# ssl_version: PROTOCOL_TLSv1_2
###### Reactor Settings #####
###########################################
# Define a salt reactor. See https://docs.saltstack.com/en/latest/topics/reactor/
#reactor: []
#Set the TTL for the cache of the reactor configuration.
#reactor_refresh_interval: 60
#Configure the number of workers for the runner/wheel in the reactor.
#reactor_worker_threads: 10
#Define the queue size for workers in the reactor.
#reactor_worker_hwm: 10000
###### Thread settings #####
###########################################
# Disable multiprocessing support, by default when a minion receives a
@ -664,6 +689,12 @@
# for a full explanation.
#multiprocessing: True
# Limit the maximum amount of processes or threads created by salt-minion.
# This is useful to avoid resource exhaustion in case the minion receives more
# publications than it is able to handle, as it limits the number of spawned
# processes or threads. -1 is the default and disables the limit.
#process_count_max: -1
##### Logging settings #####
##########################################

8
conf/proxy
View File

@ -28,27 +28,27 @@
# dictionary. Otherwise it is assumed that the module calls the grains
# function in a custom way and returns the data elsewhere
#
# Default to False for 2016.3 and 2016.11. Switch to True for Nitrogen.
# Default to False for 2016.3 and 2016.11. Switch to True for 2017.7.0.
# proxy_merge_grains_in_module: True
# If a proxymodule has a function called 'alive' returning a boolean
# flag reflecting the state of the connection with the remove device,
# when this option is set as True, a scheduled job on the proxy will
# try restarting the connection. The polling frequency depends on the
# next option, 'proxy_keep_alive_interval'. Added in Nitrogen.
# next option, 'proxy_keep_alive_interval'. Added in 2017.7.0.
# proxy_keep_alive: True
# The polling interval (in minutes) to check if the underlying connection
# with the remote device is still alive. This option requires
# 'proxy_keep_alive' to be configured as True and the proxymodule to
# implement the 'alive' function. Added in Nitrogen.
# implement the 'alive' function. Added in 2017.7.0.
# proxy_keep_alive_interval: 1
# By default, any proxy opens the connection with the remote device when
# initialized. Some proxymodules allow through this option to open/close
# the session per command. This requires the proxymodule to have this
# capability. Please consult the documentation to see if the proxy type
# used can be that flexible. Added in Nitrogen.
# used can be that flexible. Added in 2017.7.0.
# proxy_always_alive: True
# If multiple masters are specified in the 'master' setting, the default behavior

1230
conf/suse/master Normal file
View File

File diff suppressed because it is too large Load Diff

59
doc/Makefile
View File

@ -9,11 +9,6 @@ BUILDDIR = _build
SPHINXLANG =
XELATEX = xelatex
# User-friendly check for sphinx-build
ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1)
$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/)
endif
# ----- Translations Support ------------------------------------------------>
# If language is set, also set translation options
ifeq ($(shell [ "x$(SPHINXLANG)" != "x" ] && echo 0 || echo 1), 0)
@ -36,7 +31,7 @@ ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(TRANSLATIONOPTS
# the i18n builder cannot share the environment and doctrees with the others
I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext translations download-translations
.PHONY: help clean check_sphinx-build html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext translations download-translations
help:
@echo "Please use \`make <target>' where <target> is one of"
@ -69,38 +64,42 @@ clean:
rm -rf $(BUILDDIR)/*
test -d 'locale' && find locale/ -name *.mo -exec rm {} \; || true
html: translations
# User-friendly check for sphinx-build
check_sphinx-build:
@which $(SPHINXBUILD) >/dev/null 2>&1 || (echo "The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/)" >&2; false)
html: check_sphinx-build translations
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
dirhtml: translations
dirhtml: check_sphinx-build translations
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
singlehtml: translations
singlehtml: check_sphinx-build translations
$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
@echo
@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
pickle: translations
pickle: check_sphinx-build translations
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
@echo
@echo "Build finished; now you can process the pickle files."
json: translations
json: check_sphinx-build translations
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
@echo
@echo "Build finished; now you can process the JSON files."
htmlhelp: translations
htmlhelp: check_sphinx-build translations
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
@echo
@echo "Build finished; now you can run HTML Help Workshop with the" \
".hhp project file in $(BUILDDIR)/htmlhelp."
qthelp: translations
qthelp: check_sphinx-build translations
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
@echo
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
@ -109,7 +108,7 @@ qthelp: translations
@echo "To view the help file:"
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/Salt.qhc"
devhelp: translations
devhelp: check_sphinx-build translations
$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
@echo
@echo "Build finished."
@ -118,31 +117,31 @@ devhelp: translations
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/Salt"
@echo "# devhelp"
epub: translations
epub: check_sphinx-build translations
$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
@echo
@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
latex: translations
latex: check_sphinx-build translations
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
@echo "Run \`make' in that directory to run these through (pdf)latex" \
"(use \`make latexpdf' here to do that automatically)."
latexpdf: translations
latexpdf: check_sphinx-build translations
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through pdflatex..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
latexpdfja: translations
latexpdfja: check_sphinx-build translations
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through platex and dvipdfmx..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf-ja
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
pdf: translations
pdf: check_sphinx-build translations
@if [ "$(XELATEX)" = "xelatex" ] || [ "x$(XELATEX)" = "x" ]; then \
echo "The '$(XELATEX)' command was not found."; \
fi
@ -157,62 +156,62 @@ cheatsheet: translations
cd cheatsheet && xelatex salt.tex && cp salt.pdf ../salt-cheatsheet.pdf
@echo "./salt-cheatsheet.pdf created."
text: translations
text: check_sphinx-build translations
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
@echo
@echo "Build finished. The text files are in $(BUILDDIR)/text."
man: translations
man: check_sphinx-build translations
$(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
@echo
@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
texinfo: translations
texinfo: check_sphinx-build translations
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo
@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
@echo "Run \`make' in that directory to run these through makeinfo" \
"(use \`make info' here to do that automatically)."
info: translations
info: check_sphinx-build translations
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo "Running Texinfo files through makeinfo..."
make -C $(BUILDDIR)/texinfo info
@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
gettext:
gettext: check_sphinx-build
$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
@echo
@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale"
changes: translations
changes: check_sphinx-build translations
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
@echo
@echo "The overview file is in $(BUILDDIR)/changes."
spelling:
spelling: check_sphinx-build
$(SPHINXBUILD) -b spelling $(ALLSPHINXOPTS) $(BUILDDIR)/spelling
@echo
@echo "Spell check complete; look for any errors in the above output " \
"or in $(BUILDDIR)/spelling/output.txt."
linkcheck:
linkcheck: check_sphinx-build
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
@echo
@echo "Link check complete; look for any errors in the above output " \
"or in $(BUILDDIR)/linkcheck/output.txt."
doctest:
doctest: check_sphinx-build
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
@echo "Testing of doctests in the sources finished, look at the " \
"results in $(BUILDDIR)/doctest/output.txt."
xml: translations
xml: check_sphinx-build translations
$(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml
@echo
@echo "Build finished. The XML files are in $(BUILDDIR)/xml."
pseudoxml: translations
pseudoxml: check_sphinx-build translations
$(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml
@echo
@echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml."

2
doc/_ext/saltdomain.py
View File

@ -309,3 +309,5 @@ def setup(app):
indextemplate="pair: %s; conf/proxy")
app.add_crossref_type(directivename="conf_log", rolename="conf_log",
indextemplate="pair: %s; conf/logging")
app.add_crossref_type(directivename="jinja_ref", rolename="jinja_ref",
indextemplate="pair: %s; jinja filters")

2
doc/_themes/saltstack2/layout.html vendored
View File

@ -255,8 +255,8 @@
<div class="col-sm-6">
<a href="https://saltstack.com/support" target="_blank"><img class="nolightbox footer-banner center" src="{{ pathto('_static/images/footer-support.png', 1) }}"/></a>
<a href="https://saltstack.com/saltstack-enterprise/" target="_blank"><img class="nolightbox footer-banner center" src="{{ pathto('_static/images/enterprise_ad.jpg', 1) }}"/></a>
<a href="http://saltconf.com" target="_blank"><img class="nolightbox footer-banner center" src="{{ pathto('_static/images/DOCBANNER.jpg', 1) }}"/></a>
</div>

BIN
doc/_themes/saltstack2/static/images/DOCBANNER.jpg vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 790 KiB

28
doc/conf.py
View File

@ -26,7 +26,7 @@ class Mock(object):
'''
def __init__(self, mapping=None, *args, **kwargs):
"""
Mapping allows to bypass the Mock object, but actually assign
Mapping allows autodoc to bypass the Mock object, but actually assign
a specific value, expected by a specific attribute returned.
"""
self.__mapping = mapping or {}
@ -72,6 +72,7 @@ MOCK_MODULES = [
'Crypto.Signature',
'Crypto.Signature.PKCS1_v1_5',
'M2Crypto',
'msgpack',
'yaml',
'yaml.constructor',
'yaml.nodes',
@ -244,9 +245,9 @@ on_saltstack = 'SALT_ON_SALTSTACK' in os.environ
project = 'Salt'
version = salt.version.__version__
latest_release = '2016.11.4' # latest release
previous_release = '2016.3.6' # latest release from previous branch
previous_release_dir = '2016.3' # path on web server for previous branch
latest_release = '2017.7.1' # latest release
previous_release = '2016.11.7' # latest release from previous branch
previous_release_dir = '2016.11' # path on web server for previous branch
next_release = '' # next release
next_release_dir = '' # path on web server for next release branch
@ -319,11 +320,21 @@ rst_prolog = """\
.. _`salt-packagers`: https://groups.google.com/forum/#!forum/salt-packagers
.. |windownload| raw:: html
<p>x86: <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-x86-Setup.exe"><strong>Salt-Minion-{release}-x86-Setup.exe</strong></a>
| <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-x86-Setup.exe.md5"><strong>md5</strong></a></p>
<p>Python2 x86: <a
href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py2-x86-Setup.exe"><strong>Salt-Minion-{release}-x86-Setup.exe</strong></a>
| <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py2-x86-Setup.exe.md5"><strong>md5</strong></a></p>
<p>Python2 AMD64: <a
href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py2-AMD64-Setup.exe"><strong>Salt-Minion-{release}-AMD64-Setup.exe</strong></a>
| <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py2-AMD64-Setup.exe.md5"><strong>md5</strong></a></p>
<p>Python3 x86: <a
href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py3-x86-Setup.exe"><strong>Salt-Minion-{release}-x86-Setup.exe</strong></a>
| <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py3-x86-Setup.exe.md5"><strong>md5</strong></a></p>
<p>Python3 AMD64: <a
href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py3-AMD64-Setup.exe"><strong>Salt-Minion-{release}-AMD64-Setup.exe</strong></a>
| <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py3-AMD64-Setup.exe.md5"><strong>md5</strong></a></p>
<p>AMD64: <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-AMD64-Setup.exe"><strong>Salt-Minion-{release}-AMD64-Setup.exe</strong></a>
| <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-AMD64-Setup.exe.md5"><strong>md5</strong></a></p>
.. |osxdownload| raw:: html
@ -504,6 +515,7 @@ epub_copyright = copyright
epub_scheme = 'URL'
epub_identifier = 'http://saltstack.com/'
epub_tocdup = False
#epub_tocdepth = 3

1
doc/contents.rst
View File

@ -28,3 +28,4 @@ Salt Table of Contents
topics/windows/index
topics/development/index
topics/releases/index
topics/venafi/index

34
doc/faq.rst
View File

@ -190,6 +190,8 @@ PATH using a :mod:`file.symlink <salt.states.file.symlink>` state.
file.symlink:
- target: /usr/local/bin/foo
.. _which-version:
Can I run different versions of Salt on my Master and Minion?
-------------------------------------------------------------
@ -260,9 +262,9 @@ service. But restarting the service while in the middle of a state run
interrupts the process of the Minion running states and sending results back to
the Master. A common way to workaround that is to schedule restarting of the
Minion service using :ref:`masterless mode <masterless-quickstart>` after all
other states have been applied. This allows to keep Minion to Master connection
alive for the Minion to report the final results to the Master, while the
service is restarting in the background.
other states have been applied. This allows the minion to keep Minion to Master
connection alive for the Minion to report the final results to the Master, while
the service is restarting in the background.
Upgrade without automatic restart
*********************************
@ -319,7 +321,27 @@ Restart using states
********************
Now we can apply the workaround to restart the Minion in reliable way.
The following example works on both UNIX-like and Windows operating systems:
The following example works on UNIX-like operating systems:
.. code-block:: jinja
{%- if grains['os'] != 'Windows' %
Restart Salt Minion:
cmd.run:
- name: 'salt-call --local service.restart salt-minion'
- bg: True
- onchanges:
- pkg: Upgrade Salt Minion
{%- endif %}
Note that restarting the ``salt-minion`` service on Windows operating systems is
not always necessary when performing an upgrade. The installer stops the
``salt-minion`` service, removes it, deletes the contents of the ``\salt\bin``
directory, installs the new code, re-creates the ``salt-minion`` service, and
starts it (by default). The restart step **would** be necessary during the
upgrade process, however, if the minion config was edited after the upgrade or
installation. If a minion restart is necessary, the state above can be edited
as follows:
.. code-block:: jinja
@ -335,8 +357,8 @@ The following example works on both UNIX-like and Windows operating systems:
- pkg: Upgrade Salt Minion
However, it requires more advanced tricks to upgrade from legacy version of
Salt (before ``2016.3.0``), where executing commands in the background is not
supported:
Salt (before ``2016.3.0``) on UNIX-like operating systems, where executing
commands in the background is not supported:
.. code-block:: jinja

1
doc/man/salt.7
View File

@ -10795,6 +10795,7 @@ cmd_whitelist_glob:
.UNINDENT
.UNINDENT
.SS Thread Settings
.SS \fBmultiprocessing\fP
.sp
Default: \fBTrue\fP
.sp

1
doc/ref/auth/all/index.rst
View File

@ -19,5 +19,4 @@ auth modules
pki
rest
sharedsecret
stormpath
yubico

6
doc/ref/auth/all/salt.auth.stormpath.rst
View File

@ -1,6 +0,0 @@
===================
salt.auth.stormpath
===================
.. automodule:: salt.auth.stormpath
:members:

1
doc/ref/beacons/all/index.rst
View File

@ -22,6 +22,7 @@ beacon modules
load
log
memusage
napalm_beacon
network_info
network_settings
pkg

6
doc/ref/beacons/all/salt.beacons.napalm_beacon.rst Normal file
View File

@ -0,0 +1,6 @@
==========================
salt.beacons.napalm_beacon
==========================
.. automodule:: salt.beacons.napalm_beacon
:members:

5
doc/ref/cache/all/salt.cache.etcd_cache.rst vendored Normal file
View File

@ -0,0 +1,5 @@
salt.cache.etcd_cache module
=============================
.. automodule:: salt.cache.etcd_cache
:members:

5
doc/ref/cache/all/salt.cache.mysql_cache.rst vendored Normal file
View File

@ -0,0 +1,5 @@
salt.cache.mysql_cache module
=============================
.. automodule:: salt.cache.mysql_cache
:members:

15
doc/ref/cli/_includes/output-options.rst
View File

@ -33,6 +33,10 @@ Output Options
Write the output to the specified file.
.. option:: --out-file-append, --output-file-append
Append the output to the specified file.
.. option:: --no-color
Disable all colored output
@ -46,3 +50,14 @@ Output Options
``green`` denotes success, ``red`` denotes failure, ``blue`` denotes
changes and success and ``yellow`` denotes a expected future change in configuration.
.. option:: --state-output=STATE_OUTPUT, --state_output=STATE_OUTPUT
Override the configured state_output value for minion
output. One of 'full', 'terse', 'mixed', 'changes' or
'filter'. Default: 'none'.
.. option:: --state-verbose=STATE_VERBOSE, --state_verbose=STATE_VERBOSE
Override the configured state_verbose value for minion
output. Set to True or False. Default: none.

2
doc/ref/cli/salt-cloud.rst
View File

@ -136,7 +136,7 @@ Query Options
.. versionadded:: 2014.7.0
Display a list of configured profiles. Pass in a cloud provider to view
the provider's associated profiles, such as ``digital_ocean``, or pass in
the provider's associated profiles, such as ``digitalocean``, or pass in
``all`` to list all the configured profiles.

54
doc/ref/cli/salt-cp.rst
View File

@ -2,32 +2,49 @@
``salt-cp``
===========
Copy a file to a set of systems
Copy a file or files to one or more minions
Synopsis
========
.. code-block:: bash
salt-cp '*' [ options ] SOURCE DEST
salt-cp '*' [ options ] SOURCE [SOURCE2 SOURCE3 ...] DEST
salt-cp -E '.*' [ options ] SOURCE DEST
salt-cp -E '.*' [ options ] SOURCE [SOURCE2 SOURCE3 ...] DEST
salt-cp -G 'os:Arch.*' [ options ] SOURCE DEST
salt-cp -G 'os:Arch.*' [ options ] SOURCE [SOURCE2 SOURCE3 ...] DEST
Description
===========
Salt copy copies a local file out to all of the Salt minions matched by the
given target.
salt-cp copies files from the master to all of the Salt minions matched by the
specified target expression.
Salt copy is only intended for use with small files (< 100KB). If you need
to copy large files out to minions please use the cp.get_file function.
.. note::
salt-cp uses Salt's publishing mechanism. This means the privacy of the
contents of the file on the wire is completely dependent upon the transport
in use. In addition, if the master or minion is running with debug logging,
the contents of the file will be logged to disk.
Note: salt-cp uses salt's publishing mechanism. This means the privacy of the
contents of the file on the wire is completely dependent upon the transport
in use. In addition, if the salt-master is running with debug logging it is
possible that the contents of the file will be logged to disk.
In addition, this tool is less efficient than the Salt fileserver when
copying larger files. It is recommended to instead use
:py:func:`cp.get_file <salt.modules.cp.get_file>` to copy larger files to
minions. However, this requires the file to be located within one of the
fileserver directories.
.. versionchanged:: 2016.3.7,2016.11.6,2017.7.0
Compression support added, disable with ``-n``. Also, if the destination
path ends in a path separator (i.e. ``/``, or ``\`` on Windows, the
desitination will be assumed to be a directory. Finally, recursion is now
supported, allowing for entire directories to be copied.
.. versionchanged:: 2016.11.7,2017.7.2
Reverted back to the old copy mode to preserve backward compatibility. The
new functionality added in 2016.6.6 and 2017.7.0 is now available using the
``-C`` or ``--chunked`` CLI arguments. Note that compression, recursive
copying, and support for copying large files is only available in chunked
mode.
Options
=======
@ -46,6 +63,19 @@ Options
.. include:: _includes/target-selection.rst
.. option:: -C, --chunked
Use new chunked mode to copy files. This mode supports large files, recursive
directories copying and compression.
.. versionadded:: 2016.11.7,2017.7.2
.. option:: -n, --no-compression
Disable gzip compression in chunked mode.
.. versionadded:: 2016.3.7,2016.11.6,2017.7.0
See also
========

2
doc/ref/cli/salt.rst
View File

@ -81,7 +81,7 @@ Options
Pass in an external authentication medium to validate against. The
credentials will be prompted for. The options are `auto`,
`keystone`, `ldap`, `pam`, and `stormpath`. Can be used with the -T
`keystone`, `ldap`, and `pam`. Can be used with the -T
option.
.. option:: -T, --make-token

2
doc/ref/clouds/all/index.rst
View File

@ -13,7 +13,7 @@ Full list of Salt Cloud modules
aliyun
azurearm
cloudstack
digital_ocean
digitalocean
dimensiondata
ec2
gce

4
doc/ref/clouds/all/salt.cloud.clouds.digital_ocean.rst
View File

@ -1,6 +1,6 @@
===============================
salt.cloud.clouds.digital_ocean
salt.cloud.clouds.digitalocean
===============================
.. automodule:: salt.cloud.clouds.digital_ocean
.. automodule:: salt.cloud.clouds.digitalocean
:members:

6
doc/ref/clouds/all/salt.cloud.clouds.oneandone.rst Normal file
View File

@ -0,0 +1,6 @@
===========================
salt.cloud.clouds.oneandone
===========================
.. automodule:: salt.cloud.clouds.oneandone
:members:

948
doc/ref/configuration/master.rst
View File

File diff suppressed because it is too large Load Diff

488
doc/ref/configuration/minion.rst
View File

@ -133,6 +133,24 @@ name) is set in the :conf_minion:`master` configuration setting.
master_uri_format: ip_only
.. conf_minion:: master_tops_first
``master_tops_first``
---------------------
.. versionadded:: Oxygen
Default: ``False``
SLS targets defined using the :ref:`Master Tops <master-tops-system>` system
are normally executed *after* any matches defined in the :ref:`Top File
<states-top>`. Set this option to ``True`` to have the minion execute the
:ref:`Master Tops <master-tops-system>` states first.
.. code-block:: yaml
master_tops_first: True
.. conf_minion:: master_type
``master_type``
@ -319,7 +337,7 @@ The user to run the Salt processes
.. conf_minion:: sudo_user
``sudo_user``
--------------
-------------
Default: ``''``
@ -448,6 +466,20 @@ FQDN (for instance, Solaris).
append_domain: foo.org
.. conf_minion:: minion_id_lowercase
``minion_id_lowercase``
-----------------------
Default: ``False``
Convert minion id to lowercase when it is being generated. Helpful when some hosts
get the minion id in uppercase. Cached ids will remain the same and not converted.
.. code-block:: yaml
minion_id_lowercase: True
.. conf_minion:: cachedir
``cachedir``
@ -596,6 +628,26 @@ With ``grains_deep_merge``, the result will be:
k1: v1
k2: v2
.. conf_minion:: grains_refresh_every
``grains_refresh_every``
------------------------
Default: ``0``
The ``grains_refresh_every`` setting allows for a minion to periodically
check its grains to see if they have changed and, if so, to inform the master
of the new grains. This operation is moderately expensive, therefore care
should be taken not to set this value too low.
Note: This value is expressed in minutes.
A value of 10 minutes is a reasonable default.
.. code-block:: yaml
grains_refresh_every: 0
.. conf_minion:: mine_enabled
``mine_enabled``
@ -629,7 +681,7 @@ return for the job cache.
mine_return_job: False
``mine_functions``
-------------------
------------------
Default: Empty
@ -647,6 +699,18 @@ Note these can be defined in the pillar for a minion as well.
interface: eth0
cidr: '10.0.0.0/8'
.. conf_minion:: mine_interval
``mine_interval``
-----------------
Default: ``60``
The number of minutes between mine updates.
.. code-block:: yaml
mine_interval: 60
.. conf_minion:: sock_dir
@ -661,6 +725,19 @@ The directory where Unix sockets will be kept.
sock_dir: /var/run/salt/minion
.. conf_minion:: outputter_dirs
``outputter_dirs``
------------------
Default: ``[]``
A list of additional directories to search for salt outputters in.
.. code-block:: yaml
outputter_dirs: []
.. conf_minion:: backup_mode
``backup_mode``
@ -705,6 +782,20 @@ seconds each iteration.
acceptance_wait_time_max: 0
.. conf_minion:: rejected_retry
``rejected_retry``
------------------
Default: ``False``
If the master rejects the minion's public key, retry instead of exiting.
Rejected keys will be handled the same as waiting on acceptance.
.. code-block:: yaml
rejected_retry: False
.. conf_minion:: random_reauth_delay
``random_reauth_delay``
@ -803,6 +894,20 @@ restart.
auth_safemode: False
.. conf_minion:: ping_interval
``ping_interval``
-----------------
Default: ``0``
Instructs the minion to ping its master(s) every n number of seconds. Used
primarily as a mitigation technique against minion disconnects.
.. code-block:: yaml
ping_interval: 0
.. conf_minion:: recon_default
``random_startup_delay``
@ -1121,7 +1226,7 @@ If certain returners should be disabled, this is the place
.. conf_minion:: enable_whitelist_modules
``whitelist_modules``
----------------------------
---------------------
Default: ``[]`` (Module whitelisting is disabled. Adding anything to the config option
will cause only the listed modules to be enabled. Modules not in the list will
@ -1213,6 +1318,20 @@ A list of extra directories to search for Salt renderers
render_dirs:
- /var/lib/salt/renderers
.. conf_minion:: utils_dirs
``utils_dirs``
--------------
Default: ``[]``
A list of extra directories to search for Salt utilities
.. code-block:: yaml
utils_dirs:
- /var/lib/salt/utils
.. conf_minion:: cython_enable
``cython_enable``
@ -1261,10 +1380,27 @@ below.
providers:
service: systemd
``extmod_whitelist/extmod_blacklist``
--------------------
.. conf_minion:: modules_max_memory
.. versionadded:: Nitrogen
``modules_max_memory``
----------------------
Default: ``-1``
Specify a max size (in bytes) for modules on import. This feature is currently
only supported on *nix operating systems and requires psutil.
.. code-block:: yaml
modules_max_memory: -1
.. conf_minion:: extmod_whitelist
.. conf_minion:: extmod_blacklist
``extmod_whitelist/extmod_blacklist``
-------------------------------------
.. versionadded:: 2017.7.0
By using this dictionary, the modules that are synced to the minion's extmod cache using `saltutil.sync_*` can be
limited. If nothing is set to a specific type, then all modules are accepted. To block all modules of a specific type,
@ -1283,8 +1419,8 @@ whitelist an empty list.
modules:
- specific_module
Valid options:
- beacons
- clouds
- sdb
@ -1430,6 +1566,52 @@ environment lacks one.
default_top: dev
.. conf_minion:: startup_states
``startup_states``
------------------
Default: ``''``
States to run when the minion daemon starts. To enable, set ``startup_states`` to:
- ``highstate``: Execute state.highstate
- ``sls``: Read in the sls_list option and execute the named sls files
- ``top``: Read top_file option and execute based on that file on the Master
.. code-block:: yaml
startup_states: ''
.. conf_minion:: sls_list
``sls_list``
------------
Default: ``[]``
List of states to run when the minion starts up if ``startup_states`` is set to ``sls``.
.. code-block:: yaml
sls_list:
- edit.vim
- hyper
.. conf_minion:: top_file
``top_file``
------------
Default: ``''``
Top file to execute if ``startup_states`` is set to ``top``.
.. code-block:: yaml
top_file: ''
State Management Settings
=========================
@ -1446,7 +1628,7 @@ The default renderer used for local state executions
renderer: yaml_jinja
.. conf_master:: test
.. conf_minion:: test
``test``
--------
@ -1490,6 +1672,22 @@ the output will be shortened to a single line.
state_output: full
.. conf_minion:: state_output_diff
``state_output_diff``
---------------------
Default: ``False``
The state_output_diff setting changes whether or not the output from
successful states is returned. Useful when even the terse output of these
states is cluttering the logs. Set it to True to ignore them.
.. code-block:: yaml
state_output_diff: False
.. conf_minion:: autoload_dynamic_modules
``autoload_dynamic_modules``
@ -1733,7 +1931,7 @@ the pillar environments.
``on_demand_ext_pillar``
------------------------
.. versionadded:: 2016.3.6,2016.11.3,Nitrogen
.. versionadded:: 2016.3.6,2016.11.3,2017.7.0
Default: ``['libvirt', 'virtkey']``
@ -1762,7 +1960,7 @@ external pillars are permitted to be used on-demand using :py:func:`pillar.ext
``decrypt_pillar``
------------------
.. versionadded:: Nitrogen
.. versionadded:: 2017.7.0
Default: ``[]``
@ -1784,7 +1982,7 @@ specified by :conf_minion:`decrypt_pillar_default` will be used.
``decrypt_pillar_delimiter``
----------------------------
.. versionadded:: Nitrogen
.. versionadded:: 2017.7.0
Default: ``:``
@ -1803,7 +2001,7 @@ The delimiter used to distinguish nested data structures in the
``decrypt_pillar_default``
--------------------------
.. versionadded:: Nitrogen
.. versionadded:: 2017.7.0
Default: ``gpg``
@ -1819,7 +2017,7 @@ pillar key in :conf_minion:`decrypt_pillar`.
``decrypt_pillar_renderers``
----------------------------
.. versionadded:: Nitrogen
.. versionadded:: 2017.7.0
Default: ``['gpg']``
@ -1850,7 +2048,7 @@ the environment setting, but for pillar instead of states.
``pillarenv_from_saltenv``
--------------------------
.. versionadded:: Nitrogen
.. versionadded:: 2017.7.0
Default: ``False``
@ -1915,6 +2113,41 @@ It will be interpreted as megabytes.
file_recv_max_size: 100
.. conf_minion:: pass_to_ext_pillars
``pass_to_ext_pillars``
-----------------------
Specify a list of configuration keys whose values are to be passed to
external pillar functions.
Suboptions can be specified using the ':' notation (i.e. ``option:suboption``)
The values are merged and included in the ``extra_minion_data`` optional
parameter of the external pillar function. The ``extra_minion_data`` parameter
is passed only to the external pillar functions that have it explicitly
specified in their definition.
If the config contains
.. code-block:: yaml
opt1: value1
opt2:
subopt1: value2
subopt2: value3
pass_to_ext_pillars:
- opt1
- opt2: subopt1
the ``extra_minion_data`` parameter will be
.. code-block:: python
{'opt1': 'value1',
'opt2': {'subopt1': 'value2'}}
Security Settings
=================
@ -1948,6 +2181,35 @@ before the initial key exchange. The master fingerprint can be found by running
master_finger: 'ba:30:65:2a:d6:9e:20:4f:d8:b2:f3:a7:d4:65:11:13'
.. conf_minion:: keysize
``keysize``
-----------
Default: ``2048``
The size of key that should be generated when creating new keys.
.. code-block:: yaml
keysize: 2048
.. conf_minion:: permissive_pki_access
``permissive_pki_access``
-------------------------
Default: ``False``
Enable permissive access to the salt keys. This allows you to run the
master or minion as root, but have a non-root group be given access to
your pki_dir. To make the access explicit, root must belong to the group
you've given access to. This is potentially quite insecure.
.. code-block:: yaml
permissive_pki_access: False
.. conf_minion:: verify_master_pubkey_sign
``verify_master_pubkey_sign``
@ -2055,7 +2317,7 @@ blocked. If `cmd_whitelist_glob` is NOT SET, then all shell commands are permitt
- 'cat /etc/fstab'
.. conf_master:: ssl
.. conf_minion:: ssl
``ssl``
-------
@ -2081,16 +2343,75 @@ constant names without ssl module prefix: ``CERT_REQUIRED`` or ``PROTOCOL_SSLv23
ssl_version: PROTOCOL_TLSv1_2
Reactor Settings
================
.. conf_minion:: reactor
``reactor``
-----------
Default: ``[]``
Defines a salt reactor. See the :ref:`Reactor <reactor>` documentation for more
information.
.. code-block:: yaml
reactor: []
.. conf_minion:: reactor_refresh_interval
``reactor_refresh_interval``
----------------------------
Default: ``60``
The TTL for the cache of the reactor configuration.
.. code-block:: yaml
reactor_refresh_interval: 60
.. conf_minion:: reactor_worker_threads
``reactor_worker_threads``
--------------------------
Default: ``10``
The number of workers for the runner/wheel in the reactor.
.. code-block:: yaml
reactor_worker_threads: 10
.. conf_minion:: reactor_worker_hwm
``reactor_worker_hwm``
----------------------
Default: ``10000``
The queue size for workers in the reactor.
.. code-block:: yaml
reactor_worker_hwm: 10000
Thread Settings
===============
.. conf_minion:: multiprocessing
``multiprocessing``
-------
Default: ``True``
If `multiprocessing` is enabled when a minion receives a
If ``multiprocessing`` is enabled when a minion receives a
publication a new process is spawned and the command is executed therein.
Conversely, if `multiprocessing` is disabled the new publication will be run
Conversely, if ``multiprocessing`` is disabled the new publication will be run
executed in a thread.
@ -2098,6 +2419,23 @@ executed in a thread.
multiprocessing: True
.. conf_minion:: process_count_max
``process_count_max``
-------
.. versionadded:: Oxygen
Default: ``-1``
Limit the maximum amount of processes or threads created by ``salt-minion``.
This is useful to avoid resource exhaustion in case the minion receives more
publications than it is able to handle, as it limits the number of spawned
processes or threads. ``-1`` is the default and disables the limit.
.. code-block:: yaml
process_count_max: -1
.. _minion-logging-settings:
@ -2351,6 +2689,62 @@ option then the minion will log a warning message.
- /etc/roles/webserver
Keepalive Settings
==================
.. conf_minion:: tcp_keepalive
``tcp_keepalive``
-----------------
Default: ``True``
The tcp keepalive interval to set on TCP ports. This setting can be used to tune Salt
connectivity issues in messy network environments with misbehaving firewalls.
.. code-block:: yaml
tcp_keepalive: True
.. conf_minion:: tcp_keepalive_cnt
``tcp_keepalive_cnt``
---------------------
Default: ``-1``
Sets the ZeroMQ TCP keepalive count. May be used to tune issues with minion disconnects.
.. code-block:: yaml
tcp_keepalive_cnt: -1
.. conf_minion:: tcp_keepalive_idle
``tcp_keepalive_idle``
----------------------
Default: ``300``
Sets ZeroMQ TCP keepalive idle. May be used to tune issues with minion disconnects.
.. code-block:: yaml
tcp_keepalive_idle: 300
.. conf_minion:: tcp_keepalive_intvl
``tcp_keepalive_intvl``
-----------------------
Default: ``-1``
Sets ZeroMQ TCP keepalive interval. May be used to tune issues with minion disconnects.
.. code-block:: yaml
tcp_keepalive_intvl': -1
Frozen Build Update Settings
============================
@ -2452,6 +2846,36 @@ out.
winrepo_dir: 'D:\winrepo'
.. conf_minion:: winrepo_dir_ng
``winrepo_dir_ng``
------------------
.. versionadded:: 2015.8.0
A new :ref:`ng <windows-package-manager>` repo was added.
Default: ``/srv/salt/win/repo-ng``
Location on the minion where the :conf_minion:`winrepo_remotes_ng` are checked
out for 2015.8.0 and later minions.
.. code-block:: yaml
winrepo_dir_ng: /srv/salt/win/repo-ng
.. conf_minion:: winrepo_source_dir
``winrepo_source_dir``
----------------------
Default: ``salt://win/repo-ng/``
The source location for the winrepo sls files.
.. code-block:: yaml
winrepo_source_dir: salt://win/repo-ng/
.. conf_minion:: winrepo_cachefile
.. conf_minion:: win_repo_cachefile
@ -2504,3 +2928,33 @@ URL of the repository:
Replace ``<commit_id>`` with the SHA1 hash of a commit ID. Specifying a commit
ID is useful in that it allows one to revert back to a previous version in the
event that an error is introduced in the latest revision of the repo.
.. conf_minion:: winrepo_remotes_ng
``winrepo_remotes_ng``
----------------------
.. versionadded:: 2015.8.0
A new :ref:`ng <windows-package-manager>` repo was added.
Default: ``['https://github.com/saltstack/salt-winrepo-ng.git']``
List of git repositories to checkout and include in the winrepo for
2015.8.0 and later minions.
.. code-block:: yaml
winrepo_remotes_ng:
- https://github.com/saltstack/salt-winrepo-ng.git
To specify a specific revision of the repository, prepend a commit ID to the
URL of the repository:
.. code-block:: yaml
winrepo_remotes_ng:
- '<commit_id> https://github.com/saltstack/salt-winrepo-ng.git'
Replace ``<commit_id>`` with the SHA1 hash of a commit ID. Specifying a commit
ID is useful in that it allows one to revert back to a previous version in the
event that an error is introduced in the latest revision of the repo.

60
doc/ref/configuration/proxy.rst
View File

@ -27,7 +27,7 @@ Proxy-specific Configuration Options
.. conf_proxy:: add_proxymodule_to_opts
``add_proxymodule_to_opts``
--------------------------
---------------------------
.. versionadded:: 2015.8.2
@ -49,7 +49,7 @@ Add the proxymodule LazyLoader object to opts.
.. versionadded:: 2016.3.0
.. versionchanged:: Nitrogen
.. versionchanged:: 2017.7.0
Default: ``True``
@ -68,7 +68,7 @@ function in a custom way and returns the data elsewhere.
``proxy_keep_alive``
--------------------
.. versionadded:: Nitrogen
.. versionadded:: 2017.7.0
Default: ``True``
@ -86,7 +86,7 @@ otherwise the connection is considered alive.
``proxy_keep_alive_interval``
-----------------------------
.. versionadded:: Nitrogen
.. versionadded:: 2017.7.0
Default: ``1``
@ -104,7 +104,7 @@ The frequency of keepalive checks, in minutes. It requires the
``proxy_always_alive``
----------------------
.. versionadded:: Nitrogen
.. versionadded:: 2017.7.0
Default: ``True``
@ -118,3 +118,53 @@ has to be closed after every command.
.. code-block:: yaml
proxy_always_alive: False
``proxy_merge_pillar_in_opts``
------------------------------
.. versionadded:: 2017.7.3
Default: ``False``.
Wheter the pillar data to be merged into the proxy configuration options.
As multiple proxies can run on the same server, we may need different
configuration options for each, while there's one single configuration file.
The solution is merging the pillar data of each proxy minion into the opts.
.. code-block:: yaml
proxy_merge_pillar_in_opts: True
``proxy_deep_merge_pillar_in_opts``
-----------------------------------
.. versionadded:: 2017.7.3
Default: ``False``.
Deep merge of pillar data into configuration opts.
This option is evaluated only when :conf_proxy:`proxy_merge_pillar_in_opts` is
enabled.
``proxy_merge_pillar_in_opts_strategy``
---------------------------------------
.. versionadded:: 2017.7.3
Default: ``smart``.
The strategy used when merging pillar configuration into opts.
This option is evaluated only when :conf_proxy:`proxy_merge_pillar_in_opts` is
enabled.
``proxy_mines_pillar``
----------------------
.. versionadded:: 2017.7.3
Default: ``True``.
Allow enabling mine details using pillar data. This evaluates the mine
configuration under the pillar, for the following regular minion options that
are also equally available on the proxy minion: :conf_minion:`mine_interval`,
and :conf_minion:`mine_functions`.

2
doc/ref/executors/all/index.rst
View File

@ -1,4 +1,4 @@
.. _all-salt_executors:
.. _all-salt.executors:
=================
executors modules

85
doc/ref/executors/index.rst Normal file
View File

@ -0,0 +1,85 @@
.. _executors:
=========
Executors
=========
Executors are used by minion to execute module functions. Executors can be used
to modify the functions behavior, do any pre-execution steps or execute in a
specific way like sudo executor.
Executors could be passed as a list and they will be used one-by-one in the
order. If an executor returns ``None`` the next one will be called. If an
executor returns non-``None`` the execution sequence is terminated and the
returned value is used as a result. It's a way executor could control modules
execution working as a filter. Note that executor could actually not execute
the function but just do something else and return ``None`` like ``splay``
executor does. In this case some other executor have to be used as a final
executor that will actually execute the function. See examples below.
Executors list could be passed by minion config file in the following way:
.. code-block:: yaml
module_executors:
- splay
- direct_call
splaytime: 30
The same could be done by command line:
.. code-block:: bash
salt -t 40 --module-executors='[splay, direct_call]' --executor-opts='{splaytime: 30}' '*' test.ping
And the same command called via netapi will look like this:
.. code-block:: bash
curl -sSk https://localhost:8000 \
-H 'Accept: application/x-yaml' \
-H 'X-Auth-Token: 697adbdc8fe971d09ae4c2a3add7248859c87079' \
-H 'Content-type: application/json' \
-d '[{
"client": "local",
"tgt": "*",
"fun": "test.ping",
"module_executors": ["splay", "direct_call"],
"executor_opts": {"splaytime": 10}
}]'
.. seealso:: :ref:`The full list of executors <all-salt.executors>`
Writing Salt Executors
----------------------
A Salt executor is written in a similar manner to a Salt execution module.
Executor is a python module placed into the ``executors`` folder and containing
the ``execute`` function with the following signature:
.. code-block:: python
def execute(opts, data, func, args, kwargs)
Where the args are:
``opts``:
Dictionary containing the minion configuration options
``data``:
Dictionary containing the load data including ``executor_opts`` passed via
cmdline/API.
``func``, ``args``, ``kwargs``:
Execution module function to be executed and it's arguments. For instance the
simplest ``direct_call`` executor just runs it as ``func(*args, **kwargs)``.
``Returns``:
``None`` if the execution sequence must be continued with the next executor.
Error string or execution result if the job is done and execution must be
stopped.
Specific options could be passed to the executor via minion config or via
``executor_opts`` argument. For instance to access ``splaytime`` option set by
minion config executor should access ``opts.get('splaytime')``. To access the
option set by commandline or API ``data.get('executor_opts',
{}).get('splaytime')`` should be used. So if an option is safe and must be
accessible by user executor should check it in both places, but if an option is
unsafe it should be read from the only config ignoring the passed request data.

1
doc/ref/index.rst
View File

@ -12,6 +12,7 @@ This section contains a list of the Python modules that are used to extend the v
../ref/beacons/all/index
../ref/cache/all/index
../ref/engines/all/index
../ref/executors/all/index
../ref/file_server/all/index
../ref/grains/all/index
../ref/modules/all/index

12
doc/ref/modules/all/index.rst
View File

@ -9,6 +9,7 @@ execution modules
.. toctree::
salt.modules.group
salt.modules.kernelpkg
salt.modules.pkg
salt.modules.user
@ -43,6 +44,7 @@ execution modules
boto_apigateway
boto_asg
boto_cfn
boto_cloudfront
boto_cloudtrail
boto_cloudwatch
boto_cloudwatch_event
@ -96,6 +98,7 @@ execution modules
cytest
daemontools
data
datadog_api
ddns
deb_apache
deb_postgres
@ -116,6 +119,8 @@ execution modules
drac
dracr
drbd
dummyproxy_package
dummyproxy_service
ebuild
eix
elasticsearch
@ -188,10 +193,13 @@ execution modules
k8s
kapacitor
kerberos
kernelpkg_linux_apt
kernelpkg_linux_yum
key
keyboard
keystone
kmod
kubernetes
launchctl
layman
ldap3
@ -293,6 +301,7 @@ execution modules
opkg
oracle
osquery
out
pacman
pagerduty
pagerduty_util
@ -318,6 +327,7 @@ execution modules
ps
publish
puppet
purefa
pushbullet
pushover_notify
pw_group
@ -392,7 +402,6 @@ execution modules
state
status
statuspage
stormpath
supervisord
suse_apache
svn
@ -410,6 +419,7 @@ execution modules
test
testinframod
test_virtual
textfsm_mod
timezone
tls
tomcat

6
doc/ref/modules/all/salt.modules.boto_cloudfront.rst Normal file
View File

@ -0,0 +1,6 @@
============================
salt.modules.boto_cloudfront
============================
.. automodule:: salt.modules.boto_cloudfront
:members:

6
doc/ref/modules/all/salt.modules.datadog_api.rst Normal file
View File

@ -0,0 +1,6 @@
========================
salt.modules.datadog_api
========================
.. automodule:: salt.modules.datadog_api
:members:

6
doc/ref/modules/all/salt.modules.dummyproxy_package.rst Normal file
View File

@ -0,0 +1,6 @@
salt.modules.dummyproxy_package module
======================================
.. automodule:: salt.modules.dummyproxy_package
:members:
:undoc-members:

6
doc/ref/modules/all/salt.modules.dummyproxy_service.rst Normal file
View File

@ -0,0 +1,6 @@
salt.modules.dummyproxy_service module
======================================
.. automodule:: salt.modules.dummyproxy_service
:members:
:undoc-members:

19
doc/ref/modules/all/salt.modules.kernelpkg.rst Normal file
View File

@ -0,0 +1,19 @@
.. _virtual-kernelpkg:
======================
salt.modules.kernelpkg
======================
.. py:module:: salt.modules.kernelpkg
:synopsis: A virtual module for managing kernel packages
``kernelpkg`` is a virtual module that is fulfilled by one of the following modules:
============================================ ========================================
Execution Module Used for
============================================ ========================================
:py:mod:`~salt.modules.kernelpkg_linux_apt` Debian/Ubuntu-based distros which use
``apt-get`` for package management
:py:mod:`~salt.modules.kernelpkg_linux_yum` RedHat-based distros and derivatives
using ``yum`` or ``dnf``
============================================ ========================================

6
doc/ref/modules/all/salt.modules.kernelpkg_linux_apt.rst Normal file
View File

@ -0,0 +1,6 @@
================================
salt.modules.kernelpkg_linux_apt
================================
.. automodule:: salt.modules.kernelpkg_linux_apt
:members:

6
doc/ref/modules/all/salt.modules.kernelpkg_linux_yum.rst Normal file
View File

@ -0,0 +1,6 @@
================================
salt.modules.kernelpkg_linux_yum
================================
.. automodule:: salt.modules.kernelpkg_linux_yum
:members:

6
doc/ref/modules/all/salt.modules.kubernetes.rst Normal file
View File

@ -0,0 +1,6 @@
=======================
salt.modules.kubernetes
=======================
.. automodule:: salt.modules.kubernetes
:members:

5
doc/ref/modules/all/salt.modules.out.rst Normal file
View File

@ -0,0 +1,5 @@
salt.modules.out module
=======================
.. automodule:: salt.modules.out
:members:

6
doc/ref/modules/all/salt.modules.purefa.rst Normal file
View File

@ -0,0 +1,6 @@
===================
salt.modules.purefa
===================
.. automodule:: salt.modules.purefa
:members:

6
doc/ref/modules/all/salt.modules.stormpath.rst
View File

@ -1,6 +0,0 @@
======================
salt.modules.stormpath
======================
.. automodule:: salt.modules.stormpath
:members:

3
doc/ref/modules/all/salt.modules.test.rst
View File

@ -3,4 +3,5 @@ salt.modules.test
=================
.. automodule:: salt.modules.test
:members:
:members:
:exclude-members: rand_str

5
doc/ref/modules/all/salt.modules.textfsm_mod.rst Normal file
View File

@ -0,0 +1,5 @@
salt.modules.textfsm_mod module
===============================
.. automodule:: salt.modules.textfsm_mod
:members:

61
doc/ref/modules/index.rst
View File

@ -13,7 +13,7 @@ Writing Salt execution modules is straightforward.
A Salt execution module is a Python or `Cython`_ module placed in a directory
called ``_modules/`` at the root of the Salt fileserver. When using the default
fileserver backend (i.e. :py:mod:`roots <salt.fileserver.roots`), unless
fileserver backend (i.e. :py:mod:`roots <salt.fileserver.roots>`), unless
environments are otherwise defined in the :conf_master:`file_roots` config
option, the ``_modules/`` directory would be located in ``/srv/salt/_modules``
on most systems.
@ -209,6 +209,29 @@ default configuration file for the minion contains the information and format
used to pass data to the modules. :mod:`salt.modules.test`,
:file:`conf/minion`.
.. _module_init:
``__init__`` Function
---------------------
If you want your module to have different execution modes based on minion
configuration, you can use the ``__init__(opts)`` function to perform initial
module setup. The parameter ``opts`` is the complete minion configuration,
as also available in the ``__opts__`` dict.
.. code-block:: python
'''
Cheese module initialization example
'''
def __init__(opts):
'''
Allow foreign imports if configured to do so
'''
if opts.get('cheese.allow_foreign', False):
_enable_foreign_products()
Strings and Unicode
===================
@ -273,8 +296,9 @@ module is not loaded. ``False`` lets the module perform system checks and
prevent loading if dependencies are not met.
Since ``__virtual__`` is called before the module is loaded, ``__salt__`` will
be unavailable as it will not have been packed into the module at this point in
time.
be unreliable as not all modules will be available at this point in time. The
``__pillar`` and ``__grains__`` :ref:`"dunder" dictionaries <dunder-dictionaries>`
are available however.
.. note::
Modules which return a string from ``__virtual__`` that is already used by
@ -313,10 +337,14 @@ the case when the dependency is unavailable.
else:
return False, 'The cheese execution module cannot be loaded: enzymes unavailable.'
def slice():
pass
.. code-block:: python
'''
Cheese state module
Cheese state module. Note that this works in state modules because it is
guaranteed that execution modules are loaded first
'''
def __virtual__():
@ -401,10 +429,33 @@ similar to the following:
Confine this module to Mac OS with Homebrew.
'''
if salt.utils.which('brew') and __grains__['os'] == 'MacOS':
if salt.utils.path.which('brew') and __grains__['os'] == 'MacOS':
return __virtualname__
return False
The ``__virtual__()`` function can return a ``True`` or ``False`` boolean, a tuple,
or a string. If it returns a ``True`` value, this ``__virtualname__`` module-level
attribute can be set as seen in the above example. This is the string that the module
should be referred to as.
When ``__virtual__()`` returns a tuple, the first item should be a boolean and the
second should be a string. This is typically done when the module should not load. The
first value of the tuple is ``False`` and the second is the error message to display
for why the module did not load.
For example:
.. code-block:: python
def __virtual__():
'''
Only load if git exists on the system
'''
if salt.utils.path.which('git') is None:
return (False,
'The git execution module cannot be loaded: git unavailable.')
else:
return True
Documentation
=============

8
doc/ref/netapi/all/salt.netapi.rest_cherrypy.rst
View File

@ -2,6 +2,9 @@
rest_cherrypy
=============
.. contents::
:local:
.. automodule:: salt.netapi.rest_cherrypy.app
.. automodule:: salt.netapi.rest_cherrypy.wsgi
@ -11,9 +14,6 @@ REST URI Reference
.. py:currentmodule:: salt.netapi.rest_cherrypy.app
.. contents::
:local:
``/``
-----
@ -78,4 +78,4 @@ REST URI Reference
----------
.. autoclass:: Stats
:members: GET
:members: GET

2
doc/ref/peer.rst
View File

@ -126,4 +126,4 @@ To match minions using other matchers, use ``tgt_type``:
# salt-call publish.publish 'webserv* and not G@os:Ubuntu' test.ping tgt_type='compound'
.. note::
In pre-Nitrogen releases, use ``expr_form`` instead of ``tgt_type``.
In pre-2017.7.0 releases, use ``expr_form`` instead of ``tgt_type``.

1
doc/ref/pillar/all/index.rst
View File

@ -17,6 +17,7 @@ pillar modules
confidant
consul_pillar
csvpillar
digicert
django_orm
ec2_pillar
etcd_pillar

6
doc/ref/pillar/all/salt.pillar.digicert.rst Normal file
View File

@ -0,0 +1,6 @@
salt.pillar.digicert module
===========================
.. automodule:: salt.pillar.digicert
:members:
:undoc-members:

1
doc/ref/proxy/all/index.rst
View File

@ -12,6 +12,7 @@ proxy modules
chronos
cisconso
dummy
esxi
fx2
junos

6
doc/ref/proxy/all/salt.proxy.dummy.rst Normal file
View File

@ -0,0 +1,6 @@
salt.proxy.dummy module
=======================
.. automodule:: salt.proxy.dummy
:members:
:undoc-members:

3
doc/ref/publisheracl.rst
View File

@ -25,6 +25,9 @@ configuration:
- web*:
- test.*
- pkg.*
# Allow managers to use saltutil module functions
manager_.*:
- saltutil.*
Permission Issues
-----------------

4
doc/ref/renderers/index.rst
View File

@ -146,8 +146,10 @@ Here is a simple YAML renderer example:
import yaml
from salt.utils.yamlloader import SaltYamlSafeLoader
from salt.ext import six
def render(yaml_data, saltenv='', sls='', **kws):
if not isinstance(yaml_data, basestring):
if not isinstance(yaml_data, six.string_types):
yaml_data = yaml_data.read()
data = yaml.load(
yaml_data,

2
doc/ref/returners/index.rst
View File

@ -1,3 +1,5 @@
.. _returners:
=========
Returners
=========

2
doc/ref/runners/all/index.rst
View File

@ -16,6 +16,7 @@ runner modules
cache
cloud
ddns
digicertapi
doc
drac
error
@ -42,7 +43,6 @@ runner modules
saltutil
sdb
smartos_vmadm
search
spacewalk
ssh
state

4
doc/ref/runners/all/salt.runners.auth.rst
View File

@ -1,5 +1,5 @@
salt.runners.auth module
========================
salt.runners.auth
=================
.. automodule:: salt.runners.auth
:members:

6
doc/ref/runners/all/salt.runners.digicertapi.rst Normal file
View File

@ -0,0 +1,6 @@
salt.runners.digicertapi
========================
.. automodule:: salt.runners.digicertapi
:members:
:undoc-members:

4
doc/ref/runners/all/salt.runners.event.rst
View File

@ -1,5 +1,5 @@
salt.runners.event module
=========================
salt.runners.event
==================
.. automodule:: salt.runners.event
:members:

10
doc/ref/runners/all/salt.runners.mattermost.rst
View File

@ -1,5 +1,11 @@
salt.runners.mattermost module
==============================
salt.runners.mattermost
=======================
**Note for 2017.7 releases!**
Due to the `salt.runners.config <https://github.com/saltstack/salt/blob/develop/salt/runners/config.py>`_ module not being available in this release series, importing the `salt.runners.config <https://github.com/saltstack/salt/blob/develop/salt/runners/config.py>`_ module from the develop branch is required to make this module work.
Ref: `Mattermost runner failing to retrieve config values due to unavailable config runner #43479 <https://github.com/saltstack/salt/issues/43479>`_
.. automodule:: salt.runners.mattermost
:members:

6
doc/ref/runners/all/salt.runners.search.rst
View File

@ -1,6 +0,0 @@
===================
salt.runners.search
===================
.. automodule:: salt.runners.search
:members:

4
doc/ref/runners/all/salt.runners.smartos_vmadm.rst
View File

@ -1,5 +1,5 @@
salt.runners.smartos_vmadm module
=================================
salt.runners.smartos_vmadm
==========================
.. automodule:: salt.runners.smartos_vmadm
:members:

4
doc/ref/runners/all/salt.runners.vault.rst
View File

@ -1,5 +1,5 @@
salt.runners.vault module
=========================
salt.runners.vault
==================
.. automodule:: salt.runners.vault
:members:

4
doc/ref/runners/all/salt.runners.venafiapi.rst
View File

@ -1,5 +1,5 @@
salt.runners.venafiapi module
=============================
salt.runners.venafiapi
======================
.. automodule:: salt.runners.venafiapi
:members:

4
doc/ref/runners/all/salt.runners.vistara.rst
View File

@ -1,5 +1,5 @@
salt.runners.vistara module
===========================
salt.runners.vistara
====================
.. automodule:: salt.runners.vistara
:members:

2
doc/ref/states/aggregate.rst
View File

@ -122,7 +122,7 @@ This example, simplified from the pkg state, shows how to create mod_aggregate f
for chunk in chunks:
# The state runtime uses "tags" to track completed jobs, it may
# look familiar with the _|-
tag = salt.utils.gen_state_tag(chunk)
tag = __utils__['state.gen_tag'](chunk)
if tag in running:
# Already ran the pkg state, skip aggregation
continue

9
doc/ref/states/all/index.rst
View File

@ -31,6 +31,7 @@ state modules
boto_apigateway
boto_asg
boto_cfn
boto_cloudfront
boto_cloudtrail
boto_cloudwatch_alarm
boto_cloudwatch_event
@ -74,6 +75,10 @@ state modules
dellchassis
disk
docker
docker_container
docker_image
docker_network
docker_volume
drac
elasticsearch
elasticsearch_index
@ -128,9 +133,11 @@ state modules
junos
k8s
kapacitor
kernelpkg
keyboard
keystone
kmod
kubernetes
layman
ldap
libcloud_dns
@ -173,6 +180,7 @@ state modules
netusers
network
netyang
nfs_export
nftables
npm
ntp
@ -244,7 +252,6 @@ state modules
stateconf
status
statuspage
stormpath_account
supervisord
svn
sysctl

6
doc/ref/states/all/salt.states.boto_cloudfront.rst Normal file
View File

@ -0,0 +1,6 @@
===========================
salt.states.boto_cloudfront
===========================
.. automodule:: salt.states.boto_cloudfront
:members:

6
doc/ref/states/all/salt.states.kernelpkg.rst Normal file
View File

@ -0,0 +1,6 @@
=====================
salt.states.kernelpkg
=====================
.. automodule:: salt.states.kernelpkg
:members:

6
doc/ref/states/all/salt.states.kubernetes.rst Normal file
View File

@ -0,0 +1,6 @@
======================
salt.states.kubernetes
======================
.. automodule:: salt.states.kubernetes
:members:

6
doc/ref/states/all/salt.states.nfs_export.rst Normal file
View File

@ -0,0 +1,6 @@
======================
salt.states.nfs_export
======================
.. automodule:: salt.states.nfs_export
:members:

6
doc/ref/states/all/salt.states.stormpath_account.rst
View File

@ -1,6 +0,0 @@
=============================
salt.states.stormpath_account
=============================
.. automodule:: salt.states.stormpath_account
:members:

22
doc/ref/states/parallel.rst
View File

@ -2,8 +2,8 @@
Running States in Parallel
==========================
Introduced in Salt version Nitrogen it is now possible to run select states
in parallel. This is accomplished very easily by adding the `parallel: True`
Introduced in Salt version ``2017.7.0`` it is now possible to run select states
in parallel. This is accomplished very easily by adding the ``parallel: True``
option to your state declaration:
.. code_block:: yaml
@ -12,7 +12,7 @@ option to your state declaration:
service.running:
- parallel: True
Now `nginx` will be started in a seperate process from the normal state run
Now ``nginx`` will be started in a seperate process from the normal state run
and will therefore not block additional states.
Parallel States and Requisites
@ -40,16 +40,16 @@ Given this example:
cmd.run:
- parallel: True
The `sleep 10` will be started first, then the state system will block on
starting nginx until the `sleep 10` completes. Once nginx has been ensured to
be running then the `sleep 5` will start.
The ``sleep 10`` will be started first, then the state system will block on
starting nginx until the ``sleep 10`` completes. Once nginx has been ensured to
be running then the ``sleep 5`` will start.
This means that the order of evaluation of Salt States and requisites are
still honored, and given that in the above case, `parallel: True` does not
still honored, and given that in the above case, ``parallel: True`` does not
actually speed things up.
To run the above state much faster make sure that the `sleep 5` is evaluated
before the `nginx` state
To run the above state much faster make sure that the ``sleep 5`` is evaluated
before the ``nginx`` state
.. code_block:: yaml
@ -67,8 +67,8 @@ before the `nginx` state
- require:
- cmd: sleep 10
Now both of the sleep calls will be started in parallel and `nginx` will still
wait for the state it requires, but while it waits the `sleep 5` state will
Now both of the sleep calls will be started in parallel and ``nginx`` will still
wait for the state it requires, but while it waits the ``sleep 5`` state will
also complete.
Things to be Careful of

27
doc/ref/states/requisites.rst
View File

@ -517,9 +517,10 @@ inherit inherited options.
runas
~~~~~
.. versionadded:: Nitrogen
.. versionadded:: 2017.7.0
The ``runas`` global option is used to set the user which will be used to run the command in the ``cmd.run`` module.
The ``runas`` global option is used to set the user which will be used to run
the command in the ``cmd.run`` module.
.. code-block:: yaml
@ -532,6 +533,26 @@ The ``runas`` global option is used to set the user which will be used to run th
In the above state, the pip command run by ``cmd.run`` will be run by the daniel user.
runas_password
~~~~~~~~~~~~~~
.. versionadded:: 2017.7.2
The ``runas_password`` global option is used to set the password used by the
runas global option. This is required by ``cmd.run`` on Windows when ``runas``
is specified. It will be set when ``runas_password`` is defined in the state.
.. code-block:: yaml
run_script:
cmd.run:
- name: Powershell -NonInteractive -ExecutionPolicy Bypass -File C:\\Temp\\script.ps1
- runas: frank
- runas_password: supersecret
In the above state, the Powershell script run by ``cmd.run`` will be run by the
frank user with the password ``supersecret``.
.. _requisites-require-in:
.. _requisites-watch-in:
.. _requisites-onchanges-in:
@ -849,7 +870,7 @@ this one, include a ``mod_run_check_cmd`` in the states file for the state.
Retrying States
===============
.. versionadded:: Nitrogen
.. versionadded:: 2017.7.0
The retry option in a state allows it to be executed multiple times until a desired
result is obtained or the maximum number of attempts have been made.

31
doc/ref/states/writing.rst
View File

@ -135,21 +135,30 @@ A State Module must return a dict containing the following keys/values:
``test=True``, and changes would have been made if the state was not run in
test mode.
+--------------------+-----------+-----------+
| | live mode | test mode |
+====================+===========+===========+
| no changes | ``True`` | ``True`` |
+--------------------+-----------+-----------+
| successful changes | ``True`` | ``None`` |
+--------------------+-----------+-----------+
| failed changes | ``False`` | ``None`` |
+--------------------+-----------+-----------+
+--------------------+-----------+------------------------+
| | live mode | test mode |
+====================+===========+========================+
| no changes | ``True`` | ``True`` |
+--------------------+-----------+------------------------+
| successful changes | ``True`` | ``None`` |
+--------------------+-----------+------------------------+
| failed changes | ``False`` | ``False`` or ``None`` |
+--------------------+-----------+------------------------+
.. note::
Test mode does not predict if the changes will be successful or not.
Test mode does not predict if the changes will be successful or not,
and hence the result for pending changes is usually ``None``.
- **comment:** A string containing a summary of the result.
However, if a state is going to fail and this can be determined
in test mode without applying the change, ``False`` can be returned.
- **comment:** A list of strings or a single string summarizing the result.
Note that support for lists of strings is available as of Salt Oxygen.
Lists of strings will be joined with newlines to form the final comment;
this is useful to allow multiple comments from subparts of a state.
Prefer to keep line lengths short (use multiple lines as needed),
and end with punctuation (e.g. a period) to delimit multiple comments.
The return data can also, include the **pchanges** key, this stands for
`predictive changes`. The **pchanges** key informs the State system what

2
doc/spelling_wordlist.txt
View File

@ -777,8 +777,6 @@ Stateconf
stderr
stdin
stdout
stormpath
Stormpath
str
strftime
subfolder

7
doc/topics/beacons/index.rst
View File

@ -34,7 +34,7 @@ monitored, everything is configured using Salt.
Beacons are typically enabled by placing a ``beacons:`` top level block in
``/etc/salt/minion`` or any file in ``/etc/salt/minion.d/`` such as
``/etc/salt/minion.d/beacons.conf``:
``/etc/salt/minion.d/beacons.conf`` or add it to pillars for that minion:
.. code-block:: yaml
@ -253,9 +253,8 @@ in ``/etc/salt/master.d/reactor.conf``:
.. note::
You can have only one top level ``reactor`` section, so if one already
exists, add this code to the existing section. See :ref:`Understanding the
Structure of Reactor Formulas <reactor-structure>` to learn more about
reactor SLS syntax.
exists, add this code to the existing section. See :ref:`here
<reactor-sls>` to learn more about reactor SLS syntax.
Start the Salt Master in Debug Mode

6
doc/topics/cloud/action.rst
View File

@ -21,7 +21,7 @@ Or you may specify a map which includes all VMs to perform the action on:
$ salt-cloud -a reboot -m /path/to/mapfile
The following is a list of actions currently supported by salt-cloud:
The following is an example list of actions currently supported by ``salt-cloud``:
.. code-block:: yaml
@ -36,5 +36,5 @@ The following is a list of actions currently supported by salt-cloud:
- start
- stop
Another useful reference for viewing more salt-cloud actions is the
:ref:Salt Cloud Feature Matrix <salt-cloud-feature-matrix>
Another useful reference for viewing more ``salt-cloud`` actions is the
:ref:`Salt Cloud Feature Matrix <salt-cloud-feature-matrix>`.

3
doc/topics/cloud/aws.rst
View File

@ -78,6 +78,7 @@ parameters are discussed in more detail below.
# RHEL -> ec2-user
# CentOS -> ec2-user
# Ubuntu -> ubuntu
# Debian -> admin
#
ssh_username: ec2-user
@ -470,7 +471,7 @@ EC2 API or AWS Console.
By default, the spot instance type is set to 'one-time', meaning it will
be launched and, if it's ever terminated for whatever reason, it will not
be recreated. If you would like your spot instances to be relaunched after
a termination (by your or AWS), set the ``type`` to 'persistent'.
a termination (by you or AWS), set the ``type`` to 'persistent'.
NOTE: Spot instances are a great way to save a bit of money, but you do
run the risk of losing your spot instances if the current price for the

34
doc/topics/cloud/azurearm.rst
View File

@ -6,7 +6,7 @@ Getting Started With Azure ARM
Azure is a cloud service by Microsoft providing virtual machines, SQL services,
media services, and more. Azure ARM (aka, the Azure Resource Manager) is a next
generatiom version of the Azure portal and API. This document describes how to
generation version of the Azure portal and API. This document describes how to
use Salt Cloud to create a virtual machine on Azure ARM, with Salt installed.
More information about Azure is located at `http://www.windowsazure.com/
@ -15,9 +15,7 @@ More information about Azure is located at `http://www.windowsazure.com/
Dependencies
============
* `Microsoft Azure SDK for Python <https://pypi.python.org/pypi/azure>`_ >= 2.0rc6
* `Microsoft Azure Storage SDK for Python <https://pypi.python.org/pypi/azure-storage>`_ >= 0.32
* The python-requests library, for Python < 2.7.9.
* Azure Cli ```pip install 'azure-cli>=2.0.12'```
* A Microsoft Azure account
* `Salt <https://github.com/saltstack/salt>`_
@ -223,11 +221,39 @@ subnet
Optional. The subnet inside the virtual network that the VM will be spun up in.
Default is ``default``.
load_balancer
-------------
Optional. The load-balancer for the VM's network interface to join. If
specified the backend_pool option need to be set.
backend_pool
------------
Optional. Required if the load_balancer option is set. The load-balancer's
Backend Pool the VM's network interface will join.
iface_name
----------
Optional. The name to apply to the VM's network interface. If not supplied, the
value will be set to ``<VM name>-iface0``.
dns_servers
-----------
Optional. A **list** of the DNS servers to configure for the network interface
(will be set on the VM by the DHCP of the VNET).
.. code-block:: yaml
my-azurearm-profile:
provider: azurearm-provider
network: mynetwork
dns_servers:
- 10.1.1.4
- 10.1.1.5
availability_set
----------------
Optional. If set, the VM will be added to the specified availability set.
cleanup_disks
-------------
Optional. Default is ``False``. If set to ``True``, disks will be cleaned up

26
doc/topics/cloud/cloud.rst
View File

@ -146,24 +146,24 @@ library. The following two lines set up the imports:
.. code-block:: python
from salt.cloud.libcloudfuncs import * # pylint: disable=W0614,W0401
from salt.utils import namespaced_function
import salt.utils
And then a series of declarations will make the necessary functions available
within the cloud module.
.. code-block:: python
get_size = namespaced_function(get_size, globals())
get_image = namespaced_function(get_image, globals())
avail_locations = namespaced_function(avail_locations, globals())
avail_images = namespaced_function(avail_images, globals())
avail_sizes = namespaced_function(avail_sizes, globals())
script = namespaced_function(script, globals())
destroy = namespaced_function(destroy, globals())
list_nodes = namespaced_function(list_nodes, globals())
list_nodes_full = namespaced_function(list_nodes_full, globals())
list_nodes_select = namespaced_function(list_nodes_select, globals())
show_instance = namespaced_function(show_instance, globals())
get_size = salt.utils.namespaced_function(get_size, globals())
get_image = salt.utils.namespaced_function(get_image, globals())
avail_locations = salt.utils.namespaced_function(avail_locations, globals())
avail_images = salt.utils.namespaced_function(avail_images, globals())
avail_sizes = salt.utils.namespaced_function(avail_sizes, globals())
script = salt.utils.namespaced_function(script, globals())
destroy = salt.utils.namespaced_function(destroy, globals())
list_nodes = salt.utils.namespaced_function(list_nodes, globals())
list_nodes_full = salt.utils.namespaced_function(list_nodes_full, globals())
list_nodes_select = salt.utils.namespaced_function(list_nodes_select, globals())
show_instance = salt.utils.namespaced_function(show_instance, globals())
If necessary, these functions may be replaced by removing the appropriate
declaration line, and then adding the function as normal.
@ -183,7 +183,7 @@ imports should be absent from the Salt Cloud module.
A good example of a non-libcloud driver is the DigitalOcean driver:
https://github.com/saltstack/salt/tree/develop/salt/cloud/clouds/digital_ocean.py
https://github.com/saltstack/salt/tree/develop/salt/cloud/clouds/digitalocean.py
The ``create()`` Function
-------------------------

23
doc/topics/cloud/config.rst
View File

@ -56,6 +56,24 @@ settings can be placed in the provider or profile:
sls_list:
- web
When salt cloud creates a new minon, it can automatically add grain information
to the minion configuration file identifying the sources originally used
to define it.
The generated grain information will appear similar to:
.. code-block:: yaml
grains:
salt-cloud:
driver: ec2
provider: my_ec2:ec2
profile: ec2-web
The generation of the salt-cloud grain can be surpressed by the
option ``enable_cloud_grains: 'False'`` in the cloud configuration file.
Cloud Configuration Syntax
==========================
@ -97,7 +115,7 @@ Using the example configuration above:
.. note::
Salt Cloud provider configurations within ``/etc/cloud.provider.d/ should not
Salt Cloud provider configurations within ``/etc/cloud.provider.d/`` should not
specify the ``providers`` starting key.
It is also possible to have multiple cloud configuration blocks within the same alias block.
@ -371,7 +389,6 @@ both.
compute_name: cloudServersOpenStack
protocol: ipv4
compute_region: DFW
protocol: ipv4
user: myuser
tenant: 5555555
password: mypass
@ -427,7 +444,7 @@ under the API Access tab.
.. code-block:: yaml
my-digitalocean-config:
driver: digital_ocean
driver: digitalocean
personal_access_token: xxx
location: New York 1

2
doc/topics/cloud/deploy.rst
View File

@ -89,7 +89,7 @@ functions include:
A good, well commented example of this process is the Fedora deployment
script:
https://github.com/saltstack/salt-cloud/blob/master/saltcloud/deploy/Fedora.sh
https://github.com/saltstack/salt/blob/develop/salt/cloud/deploy/Fedora.sh
A number of legacy deploy scripts are included with the release tarball. None
of them are as functional or complete as Salt Bootstrap, and are still included

10
doc/topics/cloud/digitalocean.rst
View File

@ -19,7 +19,7 @@ under the "SSH Keys" section.
# /etc/salt/cloud.providers.d/ directory.
my-digitalocean-config:
driver: digital_ocean
driver: digitalocean
personal_access_token: xxx
ssh_key_file: /path/to/ssh/key/file
ssh_key_names: my-key-name,my-key-name-2
@ -63,7 +63,7 @@ command:
# salt-cloud --list-locations my-digitalocean-config
my-digitalocean-config:
----------
digital_ocean:
digitalocean:
----------
Amsterdam 1:
----------
@ -87,7 +87,7 @@ command:
# salt-cloud --list-sizes my-digitalocean-config
my-digitalocean-config:
----------
digital_ocean:
digitalocean:
----------
512MB:
----------
@ -117,7 +117,7 @@ command:
# salt-cloud --list-images my-digitalocean-config
my-digitalocean-config:
----------
digital_ocean:
digitalocean:
----------
10.1:
----------
@ -142,7 +142,7 @@ Profile Specifics:
ssh_username
------------
If using a FreeBSD image from Digital Ocean, you'll need to set the ``ssh_username``
If using a FreeBSD image from DigitalOcean, you'll need to set the ``ssh_username``
setting to ``freebsd`` in your profile configuration.
.. code-block:: yaml

2
doc/topics/cloud/function.rst
View File

@ -26,5 +26,5 @@ gathering information about instances on a provider basis:
$ salt-cloud -f list_nodes_full linode
$ salt-cloud -f list_nodes_select linode
Another useful reference for viewing salt-cloud functions is the
Another useful reference for viewing ``salt-cloud`` functions is the
:ref:`Salt Cloud Feature Matrix <salt-cloud-feature-matrix>`.

24
doc/topics/cloud/gce.rst
View File

@ -15,9 +15,10 @@ at https://cloud.google.com.
Dependencies
============
* LibCloud >= 1.0.0
.. versionchanged:: Nitrogen
.. versionchanged:: 2017.7.0
* A Google Cloud Platform account with Compute Engine enabled
* A registered Service Account for authorization
@ -224,9 +225,9 @@ subnetwork
Use this setting to define the subnetwork an instance will be created in.
This requires that the network your instance is created under has a mode of 'custom' or 'auto'.
Additionally, the subnetwork your instance is created under is associated with the location you provide. Required.
Additionally, the subnetwork your instance is created under is associated with the location you provide.
.. versionadded:: Nitrogen
.. versionadded:: 2017.7.0
tags
----
@ -526,7 +527,7 @@ not possible to add/remove existing instances to a network.
salt-cloud -f create_network gce name=mynet cidr=10.10.10.0/24
salt-cloud -f create_network gce name=mynet mode=auto description=some optional info.
.. versionchanged:: Nitrogen
.. versionchanged:: 2017.7.0
Destroy network
---------------
@ -546,7 +547,8 @@ Specify the network name to view information about the network.
salt-cloud -f show_network gce name=mynet
Create subnetwork
--------------
-----------------
New subnetworks require a name, region, and CIDR range.
Optionally, 'description' can be provided to add an extra note to your subnetwork.
New instances can be created and added to this subnetwork by setting the subnetwork name during create. It is
@ -557,10 +559,11 @@ not possible to add/remove existing instances to a subnetwork.
salt-cloud -f create_subnetwork gce name=mynet network=mynet region=us-central1 cidr=10.0.10.0/24
salt-cloud -f create_subnetwork gce name=mynet network=mynet region=us-central1 cidr=10.10.10.0/24 description=some info about my subnet.
.. versionadded:: Nitrogen
.. versionadded:: 2017.7.0
Destroy subnetwork
---------------
------------------
Destroy a subnetwork by specifying the name and region. If a resource is currently using
the target subnetwork an exception will be raised.
@ -568,17 +571,18 @@ the target subnetwork an exception will be raised.
salt-cloud -f delete_subnetwork gce name=mynet region=us-central1
.. versionadded:: Nitrogen
.. versionadded:: 2017.7.0
Show subnetwork
------------
---------------
Specify the subnetwork name to view information about the subnetwork.
.. code-block:: bash
salt-cloud -f show_subnetwork gce name=mynet
.. versionadded:: Nitrogen
.. versionadded:: 2017.7.0
Create address
--------------

5
doc/topics/cloud/index.rst
View File

@ -64,7 +64,9 @@ automatically installed salt-cloud for you. Use your distribution's package
manager to install the ``salt-cloud`` package from the same repo that you
used to install Salt. These repos will automatically be setup by Salt Bootstrap.
If there is no salt-cloud package, install with ``pip install salt-cloud``.
Alternatively, the ``-L`` option can be passed to the `Salt Bootstrap`_ script when
installing Salt. The ``-L`` option will install ``salt-cloud`` and the required
``libcloud`` package.
.. _`Salt Bootstrap`: https://github.com/saltstack/salt-bootstrap
@ -117,6 +119,7 @@ Cloud Provider Specifics
Getting Started With Libvirt <libvirt>
Getting Started With Linode <linode>
Getting Started With LXC <lxc>
Getting Started With OneAndOne <oneandone>
Getting Started With OpenNebula <opennebula>
Getting Started With OpenStack <openstack>
Getting Started With Parallels <parallels>

2
doc/topics/cloud/joyent.rst
View File

@ -49,7 +49,7 @@ Set up an initial profile at ``/etc/salt/cloud.profiles`` or in the
.. code-block:: yaml
joyent_512
joyent_512:
provider: my-joyent-config
size: g4-highcpu-512M
image: ubuntu-16.04

8
doc/topics/cloud/libvirt.rst
View File

@ -8,10 +8,14 @@ libvirt with qemu-kvm.
http://www.libvirt.org/
Dependencies
Host Dependencies
============
* libvirt >= 1.2.18 (older might work)
Salt-Cloud Dependencies
============
* libvirt-python
Provider Configuration
======================
@ -32,6 +36,8 @@ Set up the provider cloud configuration file at ``/etc/salt/cloud.providers`` or
local-kvm:
driver: libvirt
url: qemu:///system
# work around flag for XML validation errors while cloning
validate_xml: no
Cloud Profiles
==============

2
doc/topics/cloud/map.rst
View File

@ -92,7 +92,7 @@ Any top level data element from your profile may be overridden in the map file:
- web2:
size: t2.nano
As of Salt Nitrogen, nested elements are merged, and can can be specified
As of Salt 2017.7.0, nested elements are merged, and can can be specified
individually without having to repeat the complete definition for each top
level data element. In this example a separate MAC is assigned to each VMware
instance while inheriting device parameters for for disk and network

Some files were not shown because too many files have changed in this diff Show More