valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-06 08:35:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/2015.5' into merge-forward-2015.8

Browse Source 
Conflicts:
    doc/man/salt-api.1
    doc/man/salt-call.1
    doc/man/salt-cloud.1
    doc/man/salt-cp.1
    doc/man/salt-key.1
    doc/man/salt-master.1
    doc/man/salt-minion.1
    doc/man/salt-run.1
    doc/man/salt-ssh.1
    doc/man/salt-syndic.1
    doc/man/salt-unity.1
    doc/man/salt.1
    doc/man/salt.7
    salt/modules/pip.py
    salt/states/user.py
This commit is contained in:
Colton Myers 2015-10-07 12:06:12 -06:00
commit 35425b14ad
33 changed files with 878 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc/contents.rst
View File

@ -37,6 +37,7 @@ Salt Table of Contents
topics/ssh/*
ref/index
topics/best_practices
topics/hardening
topics/troubleshooting/index
topics/development/index
topics/releases/index

9
doc/index.rst
View File

@ -65,6 +65,15 @@ Running Salt without root access in userland:
A list of all tutorials can be found here:
:doc:`All Salt tutorials <topics/tutorials/index>`
Demo Environments
=================
You can download one of the following `Vagrant <http://vagrantup.com>`_
projects to quickly set up a Salt demo environment:
- https://github.com/UtahDave/salt-vagrant-demo
- https://github.com/UtahDave/salt-vagrant-lxc
Salt in depth
=============

8
doc/ref/cli/index.rst
View File

@ -231,6 +231,14 @@ You may change the arguments separator using the ``--args-separator`` option:
salt --args-separator=:: '*' some.fun,test.echo params with , comma :: foo
CLI Completion
==============
Shell completion scripts for the Salt CLI are available in the ``pkg`` Salt
`source directory`_.
.. _source directory: https://github.com/saltstack/salt/tree/develop/pkg
salt-call
=========
.. toctree::

1
doc/ref/modules/all/index.rst
View File

@ -104,6 +104,7 @@ Full list of builtin execution modules
freebsdpkg
freebsdports
freebsdservice
fsutils
gem
genesis
gentoo_service

6
doc/ref/modules/all/salt.modules.fsutils.rst Normal file
View File

@ -0,0 +1,6 @@
====================
salt.modules.fsutils
====================
.. automodule:: salt.modules.fsutils
:members:

83
doc/ref/modules/index.rst
View File

@ -225,37 +225,40 @@ This will ensure that the text outputter is used.
Virtual Modules
===============
Sometimes an execution module should be presented in a generic way. A good example of this
can be found in the package manager modules. The package manager changes from
one operating system to another, but the Salt execution module that interfaces with the
package manager can be presented in a generic way.
Virtual modules let you override the name of a module in order to use the same
name to refer to one of several similar modules. The specific module that is
loaded for a virtual name is selected based on the current platform or
environment.
The Salt modules for package managers all contain a ``__virtual__`` function
which is called to define what systems the module should be loaded on.
For example, packages are managed across platforms using the ``pkg`` module.
``pkg`` is a virtual module name that is
an alias for the specific package manager module that is loaded on a specific
system (for example, :mod:`yumpkg <salt.modules.yumpkg>` on RHEL/CentOS systems
, and :mod:`aptpkg <salt.modules.aptpkg>` on Ubuntu).
The ``__virtual__`` function is used to return either a
:ref:`string <python2:typesseq>` or :py:data:`False`. If
False is returned then the module is not loaded, if a string is returned then
the module is loaded with the name of the string.
Virtual module names are set using the ``__virtual__`` function and the
:ref:`virtual name <modules-virtual-name>`.
This means that the package manager modules can be presented as the ``pkg`` module
regardless of what the actual module is named.
``__virtual__`` Function
========================
The ``__virtual__`` function returns either a :ref:`string <python2:typesseq>`,
:py:data:`True`, :py:data:`False`, or :py:data:`False` with an :ref:`error
string <modules-error-info>`. If a string is returned then the module is loaded
using the name of the string as the virtual name. If ``True`` is returned the
module is loaded using the current module name. If ``False`` is returned the
module is not loaded. ``False`` lets the module perform system checks and
prevent loading if dependencies are not met.
Since ``__virtual__`` is called before the module is loaded, ``__salt__`` will be
unavailable as it will not have been packed into the module at this point in time.
The package manager modules are among the best example of using the ``__virtual__``
function. Some examples:
- :blob:`pacman.py <salt/modules/pacman.py>`
- :blob:`yumpkg.py <salt/modules/yumpkg.py>`
- :blob:`aptpkg.py <salt/modules/aptpkg.py>`
- :blob:`at.py <salt/modules/at.py>`
.. note::
Modules which return a string from ``__virtual__`` that is already used by a module that
ships with Salt will _override_ the stock module.
.. _modules-error-info:
Returning Error Information from ``__virtual__``
------------------------------------------------
@ -303,6 +306,46 @@ the case when the dependency is unavailable.
else:
return (False, 'The cheese state module cannot be loaded: enzymes unavailable.')
Examples
--------
The package manager modules are among the best examples of using the ``__virtual__``
function. Some examples:
- :blob:`pacman.py <salt/modules/pacman.py>`
- :blob:`yumpkg.py <salt/modules/yumpkg.py>`
- :blob:`aptpkg.py <salt/modules/aptpkg.py>`
- :blob:`at.py <salt/modules/at.py>`
.. _modules-virtual-name:
``__virtualname__``
===================
``__virtualname__`` is a variable that is used by the documentation build
system to know the virtual name of a module without calling the ``__virtual__``
function. Modules that return a string from the ``__virtual__`` function
must also set the ``__virtualname__`` variable.
To avoid setting the virtual name string twice, you can implement
``__virtual__`` to return the value set for ``__virtualname__`` using a pattern
similar to the following:
.. code-block:: python
# Define the module's virtual name
__virtualname__ = 'pkg'
def __virtual__():
'''
Confine this module to Mac OS with Homebrew.
'''
if salt.utils.which('brew') and __grains__['os'] == 'MacOS':
return __virtualname__
return False
Documentation
=============

2
doc/topics/best_practices.rst
View File

@ -154,7 +154,7 @@ creates a consistent understanding throughout our Salt environment. Users can
expect that pillar variables found in an Apache state will live inside of an
Apache pillar:
``/srv/salt/pillar/apache.sls``:
``/srv/pillar/apache.sls``:
.. code-block:: yaml

12
doc/topics/cloud/gce.rst
View File

@ -244,11 +244,14 @@ deleted when you destroy an instance, set delete_boot_pd to True.
ssh_interface
-------------
.. versionadded:: 2015.5.0
Specify whether to use public or private IP for deploy script.
Valid options are:
* private_ips: The salt-master is also hosted with GCE
* public_ips: The salt-master is hosted outside of GCE
- private_ips: The salt-master is also hosted with GCE
- public_ips: The salt-master is hosted outside of GCE
external_ip
-----------
@ -256,8 +259,9 @@ external_ip
Per instance setting: Used a named fixed IP address to this host.
Valid options are:
* ephemeral - The host will use a GCE ephemeral IP
* None - No external IP will be configured on this host.
- ephemeral: The host will use a GCE ephemeral IP
- None: No external IP will be configured on this host.
Optionally, pass the name of a GCE address to use a fixed IP address.
If the address does not already exist, it will be created.

62
doc/topics/hardening.rst Normal file
View File

@ -0,0 +1,62 @@
.. _hardening-salt:
==============
Hardening Salt
==============
This topic contains tips you can use to secure and harden your Salt
environment. How you best secure and harden your Salt environment depends
heavily on how you use Salt, where you use Salt, how your team is structured,
where you get data from, and what kinds of access (internal and external) you
require.
General hardening tips
======================
- Restrict who can directly log into your Salt master system.
- Use SSH keys secured with a passphrase to gain access to the Salt master system.
- Track and secure SSH keys and any other login credentials you and your team
need to gain access to the Salt master system.
- Use a hardened bastion server or a VPN to restrict direct access to the Salt
master from the internet.
- Don't expose the Salt master any more than what is required.
- Harden the system as you would with any high-priority target.
- Keep the system patched and up-to-date.
- Use tight firewall rules.
Salt hardening tips
===================
- Subscribe to `salt-users`_ or `salt-announce`_ so you know when new Salt
releases are available. Keep your systems up-to-date with the latest patches.
- Use Salt's Client :ref:`ACL system <acl>` to avoid having to give out root
access in order to run Salt commands.
- Use Salt's Client :ref:`ACL system <acl>` to restrict which users can run what commands.
- Use :ref:`external Pillar <all-salt.pillars>` to pull data into Salt from
external sources so that non-sysadmins (other teams, junior admins,
developers, etc) can provide configuration data without needing access to the
Salt master.
- Make heavy use of SLS files that are version-controlled and go through
a peer-review/code-review process before they're deployed and run in
production. This is good advice even for "one-off" CLI commands because it
helps mitigate typos and mistakes.
- Use salt-api, SSL, and restrict authentication with the :ref:`external auth
<acl-eauth>` system if you need to expose your Salt master to external
services.
- Make use of Salt's event system and :ref:`reactor <reactor>` to allow minions
to signal the Salt master without requiring direct access.
- Run the ``salt-master`` daemon as non-root.
- Disable which modules are loaded onto minions with the
:conf_minion:`disable_modules` setting. (for example, disable the ``cmd``
module if it makes sense in your environment.)
- Look through the fully-commented sample :ref:`master
<configuration-examples-master>` and :ref:`minion
<configuration-examples-minion>` config files. There are many options for
securing an installation.
- Run :ref:`masterless-mode <tutorial-standalone-minion>` minions on
particularly sensitive minions. There is also :ref:`salt-ssh` or the
:mod:`modules.sudo <salt.modules.sudo>` if you need to further restrict
a minion.
.. _salt-users: https://groups.google.com/forum/#!forum/salt-users
.. _salt-announce: https://groups.google.com/forum/#!forum/salt-announce

45
doc/topics/mine/index.rst
View File

@ -6,22 +6,33 @@
The Salt Mine
=============
The Salt Mine is used to collect arbitrary data from minions and store it on
the master. This data is then made available to all minions via the
The Salt Mine is used to collect arbitrary data from Minions and store it on
the Master. This data is then made available to all Minions via the
:py:mod:`salt.modules.mine` module.
The data is gathered on the minion and sent back to the master where only
the most recent data is maintained (if long term data is required use
returners or the external job cache).
Mine data is gathered on the Minion and sent back to the Master where only the
most recent data is maintained (if long term data is required use returners or
the external job cache).
Mine vs Grains
==============
Mine data is designed to be much more up-to-date than grain data. Grains are
refreshed on a very limited basis and are largely static data. Mines are
designed to replace slow peer publishing calls when Minions need data from
other Minions. Rather than having a Minion reach out to all the other Minions
for a piece of data, the Salt Mine, running on the Master, can collect it from
all the Minions every :ref:`mine-interval`, resulting in
almost fresh data at any given time, with much less overhead.
Mine Functions
==============
To enable the Salt Mine the `mine_functions` option needs to be applied to a
minion. This option can be applied via the minion's configuration file, or the
minion's Pillar. The `mine_functions` option dictates what functions are being
executed and allows for arguments to be passed in. If no arguments are passed,
an empty list must be added:
To enable the Salt Mine the ``mine_functions`` option needs to be applied to a
Minion. This option can be applied via the Minion's configuration file, or the
Minion's Pillar. The ``mine_functions`` option dictates what functions are
being executed and allows for arguments to be passed in. If no arguments are
passed, an empty list must be added:
.. code-block:: yaml
@ -54,12 +65,14 @@ key-value arguments is not supported.
- ip_interfaces
.. _mine_interval:
Mine Interval
=============
The Salt Mine functions are executed when the minion starts and at a given
The Salt Mine functions are executed when the Minion starts and at a given
interval by the scheduler. The default interval is every 60 minutes and can
be adjusted for the minion via the `mine_interval` option:
be adjusted for the Minion via the ``mine_interval`` option:
.. code-block:: yaml
@ -70,7 +83,7 @@ Mine in Salt-SSH
As of the 2015.5.0 release of salt, salt-ssh supports ``mine.get``.
Because the minions cannot provide their own ``mine_functions`` configuration,
Because the Minions cannot provide their own ``mine_functions`` configuration,
we retrieve the args for specified mine functions in one of three places,
searched in the following order:
@ -96,10 +109,10 @@ stored in a different location. Here is an example of a flat roster containing
Because of the differences in the architecture of salt-ssh, ``mine.get``
calls are somewhat inefficient. Salt must make a new salt-ssh call to each
of the minions in question to retrieve the requested data, much like a
of the Minions in question to retrieve the requested data, much like a
publish call. However, unlike publish, it must run the requested function
as a wrapper function, so we can retrieve the function args from the pillar
of the minion in question. This results in a non-trivial delay in
of the Minion in question. This results in a non-trivial delay in
retrieving the requested data.
Example
@ -107,7 +120,7 @@ Example
One way to use data from Salt Mine is in a State. The values can be retrieved
via Jinja and used in the SLS file. The following example is a partial HAProxy
configuration file and pulls IP addresses from all minions with the "web" grain
configuration file and pulls IP addresses from all Minions with the "web" grain
to add them to the pool of load balanced servers.
:file:`/srv/pillar/top.sls`:

22
doc/topics/pillar/index.rst
View File

@ -321,28 +321,6 @@ locally. This is done with the ``saltutil.refresh_pillar`` function.
This function triggers the minion to asynchronously refresh the pillar and will
always return ``None``.
.. _targeting-pillar:
Targeting with Pillar
=====================
Pillar data can be used when targeting minions. This allows for ultimate
control and flexibility when targeting minions.
.. code-block:: bash
salt -I 'somekey:specialvalue' test.ping
Like with :doc:`Grains <../targeting/grains>`, it is possible to use globbing
as well as match nested values in Pillar, by adding colons for each level that
is being traversed. The below example would match minions with a pillar named
``foo``, which is a dict containing a key ``bar``, with a value beginning with
``baz``:
.. code-block:: bash
salt -I 'foo:bar:baz*' test.ping
Set Pillar Data at the Command Line
===================================

457
doc/topics/releases/2015.5.6.rst
View File

@ -5,4 +5,461 @@ Salt 2015.5.6 Release Notes
Version 2015.5.6 is a bugfix release for :doc:`2015.5.0
</topics/releases/2015.5.0>`.
Changes for v2015.5.5..v2015.5.6
--------------------------------
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
*Generated at: 2015-09-30T22:22:43Z*
Total Merges: **144**
Changes:
- **PR** `#27557`_: (*jfindlay*) add doc motivating mine vs grains
- **PR** `#27515`_: (*jfindlay*) save iptables rules on SuSE
- **PR** `#27509`_: (*jfindlay*) tell the user why the gluster module does not work
- **PR** `#27379`_: (*jfindlay*) document and check dict type for pip env_vars
- **PR** `#27516`_: (*basepi*) [2015.5] Merge forward from 2014.7 to 2015.5
- **PR** `#27472`_: (*cachedout*) Change recommeded schema for data field in mysql event table
- **PR** `#27468`_: (*cachedout*) Fix 27351
- **PR** `#27479`_: (*aboe76*) fix locale on opensuse and suse `#27438`_
- **PR** `#27483`_: (*rallytime*) Outputters should sync to output, not outputters, on the minion.
- **PR** `#27484`_: (*rallytime*) Back-port `#27434`_ and `#27470`_ to 2015.5
- **PR** `#27469`_: (*twangboy*) Added quotes to version numbers example
- **PR** `#27467`_: (*cachedout*) file.managed: check contents_{pillar|grain} result
- **PR** `#27419`_: (*rallytime*) Amend error log to include multiple tips for troubleshooting.
- **PR** `#27426`_: (*rallytime*) Don't stacktrace if there are conflicting id errors in highstate
- **PR** `#27408`_: (*rallytime*) Fix avail_locations function for the softlayer_hw driver in 2015.5
- **PR** `#27410`_: (*jacobhammons*) Fix css layout Refs `#27389`_
- **PR** `#27336`_: (*rallytime*) [2015.5] Fixup salt-cloud logging
- **PR** `#27358`_: (*lorengordon*) Escape search replacement text, fixes `#27356`_
- **PR** `#27345`_: (*rallytime*) Allow use of rst header links by separating options out from yaml example
- **PR** `#26903`_: (*bersace*) Review defaults.get
- **PR** `#27317`_: (*efficks*) State unzip should use unzip command instead of unzip_cmd.
- **PR** `#27309`_: (*rallytime*) Change a value list to a comma-separated string in boto_route53.present
- **PR** `#27311`_: (*jfindlay*) discuss replacement occurrences in file doc
- **PR** `#27310`_: (*basepi*) [2015.5] Merge forward from 2014.7 to 2015.5
- **PR** `#27308`_: (*terminalmage*) Fix refresh_db regression in yumpkg.py
- **PR** `#27286`_: (*terminalmage*) Add a configurable timer for minion return retries
- **PR** `#27278`_: (*rallytime*) Back-port `#27256`_ to 2015.5
- **PR** `#27277`_: (*rallytime*) Back-port `#27230`_ to 2015.5
- **PR** `#27253`_: (*jfindlay*) 2015.5 -> 2015.5.0
- **PR** `#27244`_: (*garethgreenaway*) Exception in cloud.ec2.create_snapshot
- **PR** `#27231`_: (*jfindlay*) only write cron file if it is changed
- **PR** `#27233`_: (*basepi*) [2015.5] Add stub release notes for 2015.5.6
- **PR** `#27208`_: (*basepi*) [2015.5] Add test.nop state
- **PR** `#27201`_: (*jfindlay*) rename hash_hostname to hash_known_hosts
- **PR** `#27214`_: (*jacksontj*) Correctly support https, port 443 is not a requirement
- **PR** `#27172`_: (*rallytime*) Back-port `#27150`_ to 2015.5
- **PR** `#27194`_: (*rallytime*) Back-port `#27180`_ to 2015.5
- **PR** `#27176`_: (*basepi*) [2015.5] Merge forward from 2014.7 to 2015.5
- **PR** `#27170`_: (*rallytime*) Update Getting Started with GCE docs to use cloud.profiles or cloud.profiles.d examples
- **PR** `#27167`_: (*rallytime*) Back-port `#27148`_ to 2015.5
- **PR** `#27168`_: (*techhat*) Add further gating of impacket library
- **PR** `#27166`_: (*rallytime*) Allow a full-query for EC2, even if there are no profiles defined
- **PR** `#27162`_: (*rallytime*) Be explicit in using "SoftLayer" for service queries in SoftLayer drivers
- **PR** `#27149`_: (*twangboy*) Fixed problem with add/remove path
- **PR** `#27147`_: (*rallytime*) Enforce bounds in the GCE Regex
- **PR** `#27128`_: (*eguven*) don't show diff for test run if show_diff=False
- **PR** `#27116`_: (*jacobhammons*) Update latest to 2015.8, 2015.5 is now previous
- **PR** `#27033`_: (*jfindlay*) Merge `#27019`_
- **PR** `#26942`_: (*Arabus*) Fix docker.run
- **PR** `#26977`_: (*abh*) Add support for PEERNTP network interface configuration
- **PR** `#27023`_: (*jfindlay*) add test support for htpasswd state mod
- **PR** `#27074`_: (*twangboy*) Replaced password with redacted when displayed
- **PR** `#27073`_: (*rallytime*) Remove "use develop branch" warning from LXC tutorial
- **PR** `#27054`_: (*rallytime*) Back-port `#27029`_ to 2015.5
- **PR** `#27053`_: (*rallytime*) Back-port `#26992`_ to 2015.5
- **PR** `#27052`_: (*rallytime*) Back-port `#26930`_ to 2015.5
- **PR** `#27049`_: (*johanek*) Run repoquery less
- **PR** `#27070`_: (*stanislavb*) Deprecate salt.utils.iam in Carbon
- **PR** `#27030`_: (*jfindlay*) Backport `#26938`_
- **PR** `#27025`_: (*cachedout*) Better try and error handling for prep_jid
- **PR** `#27035`_: (*terminalmage*) useradd.py: Use contextmanager to prevent leaked filehandles
- **PR** `#27034`_: (*rallytime*) Update softlayer docs for where to find apikey
- **PR** `#27024`_: (*rallytime*) Back-port `#27004`_ to 2015.5
- **PR** `#27027`_: (*rallytime*) Back-port `#27013`_ to 2015.5
- **PR** `#27026`_: (*rallytime*) Back-port `#27011`_ to 2015.5
- **PR** `#26972`_: (*twangboy*) Catch the 404 error from fileclient
- **PR** `#26951`_: (*terminalmage*) Fix timezone module for CentOS
- **PR** `#26875`_: (*marccardinal*) LXC gateway provisioned only when IP is provided
- **PR** `#26997`_: (*twangboy*) Fixed symlinks for windows (don't use user root)
- **PR** `#27001`_: (*twangboy*) Added CLI Example for reg.delete_key_recursive
- **PR** `#26996`_: (*jacobhammons*) Beacon doc updates
- **PR** `#26868`_: (*joejulian*) Use the actual device name when checking vgdisplay
- **PR** `#26955`_: (*dsumsky*) S3 ext_pillar module has broken caching mechanism (backport to 2015.5)
- **PR** `#26987`_: (*rallytime*) Back-port `#26966`_ to 2015.5
- **PR** `#26915`_: (*rallytime*) Update Joyent Cloud Tests
- **PR** `#26971`_: (*rallytime*) Fix a couple of typos in reactor docs
- **PR** `#26976`_: (*thatch45*) Revert "file.symlink gets windows account instead of root"
- **PR** `#26975`_: (*whiteinge*) Remove mocks from rest_cherrypy integration tests; fix groups check bug
- **PR** `#26899`_: (*twangboy*) file.symlink gets windows account instead of root
- **PR** `#26960`_: (*rallytime*) Fix bash code block formatting in CherryPy netapi docs
- **PR** `#26940`_: (*rallytime*) Fix minor doc typo in client api
- **PR** `#26871`_: (*rallytime*) Back-port `#26852`_ to 2015.5
- **PR** `#26851`_: (*jacobhammons*) states/pkgrepo examples, suse installation updates
- **PR** `#26817`_: (*jfindlay*) modify groupadd for rhel 5
- **PR** `#26824`_: (*pravka*) [salt-cloud] Fix creating droplet from snapshot in digital_ocean provider
- **PR** `#26823`_: (*joejulian*) use dbus instead of localectl
- **PR** `#26820`_: (*jfindlay*) add default param in _parse_localectl in locale mod
- **PR** `#26821`_: (*twangboy*) Fixed user.rename function in windows
- **PR** `#26803`_: (*twangboy*) Added check for PyMySQL if MySQLdb import fails
- **PR** `#26815`_: (*jfindlay*) stringify linode id before performing str actions
- **PR** `#26800`_: (*jacobhammons*) Doc bug fixes
- **PR** `#26793`_: (*rallytime*) Don't stacktrace if "name" is specified as a minion id in a map file
- **PR** `#26790`_: (*rallytime*) Update Saltify docs to be more accurate and helpful
- **PR** `#26787`_: (*jfindlay*) merge `#26775`_
- **PR** `#26759`_: (*terminalmage*) Backport PR `#26726`_ to 2015.5 branch
- **PR** `#26768`_: (*garethgreenaway*) Fixes to ipset in 2015.5 for `#26628`_
- **PR** `#26753`_: (*jfindlay*) import elementree from _compat in ilo exec mod
- **PR** `#26736`_: (*twangboy*) Changed import from smbconnection to smb3
- **PR** `#26714`_: (*jfindlay*) add exception placeholder for older msgpacks
- **PR** `#26710`_: (*rallytime*) Update GCE driver to return True, False or a new name in __virtual__()
- **PR** `#26709`_: (*rallytime*) Ensure VM name is valid before trying to create Linode VM
- **PR** `#26617`_: (*terminalmage*) Fix Windows failures in pip module due to raw string formatting
- **PR** `#26700`_: (*kev009*) Ignore the first element of kern.disks split, which is the sysctl name
- **PR** `#26695`_: (*terminalmage*) Better HTTPS basic auth redaction for 2015.5 branch
- **PR** `#26694`_: (*terminalmage*) Backport `#26693`_ to 2015.5
- **PR** `#26681`_: (*basepi*) [2015.5] Merge forward from 2014.7 to 2015.5
- **PR** `#26676`_: (*rallytime*) Back-port `#26648`_ to 2015.5
- **PR** `#26677`_: (*rallytime*) Back-port `#26653`_ to 2015.5
- **PR** `#26675`_: (*rallytime*) Back-port `#26631`_ to 2015.5
- **PR** `#26655`_: (*cheng0919*) Update win_dns_client.py
- **PR** `#26662`_: (*jacobhammons*) update version to 2015.5
- **PR** `#26651`_: (*jfindlay*) add 2015.5.4 notes to 2015.5.5 notes
- **PR** `#26525`_: (*jfindlay*) document check_file_meta args, remove unused arg
- **PR** `#26561`_: (*stanislavb*) Leave salt.utils.s3 location fallback to salt.utils.aws
- **PR** `#26573`_: (*rallytime*) Don't stacktrace if using private_ips and delete_sshkeys together
- **PR** `#26563`_: (*rallytime*) Fix error detection when salt-cloud config is missing a master's address
- **PR** `#26641`_: (*basepi*) [2015.5] Merge forward from 2014.7 to 2015.5
- **PR** `#26620`_: (*rallytime*) Also add -Z to script args for cloud tests
- **PR** `#26618`_: (*rallytime*) Add script_args: '-P' to Ubuntu 14 profiles for nightly cloud tests
- **PR** `#26612`_: (*rallytime*) Use an available image to test against
- **PR** `#26576`_: (*rallytime*) Ensure GCE and EC2 configuration checks are correct
- **PR** `#26580`_: (*rallytime*) Avoid race condition when assigning floating IPs to new VMs
- **PR** `#26581`_: (*terminalmage*) Skip tests that don't work with older mock
- **PR** `#26591`_: (*rallytime*) Back-port `#26554`_ to 2015.5
- **PR** `#26565`_: (*cachedout*) Fix many errors with __virtual__ in tests
- **PR** `#26553`_: (*rallytime*) Back-port `#26548`_ to 2015.5
- **PR** `#26552`_: (*rallytime*) Back-port `#26542`_ to 2015.5
- **PR** `#26551`_: (*rallytime*) Back-port `#26539`_ to 2015.5
- **PR** `#26549`_: (*rallytime*) Back-port `#26524`_ to 2015.5
- **PR** `#26527`_: (*jfindlay*) check exists and values in boto_elb listeners
- **PR** `#26446`_: (*stanislavb*) Fetch AWS region from EC2 instance metadata
- **PR** `#26546`_: (*nmadhok*) Do not raise KeyError when calling avail_images if VM/template is in disconnected state
- **PR** `#26537`_: (*jfindlay*) Merge `#26481`_
- **PR** `#26528`_: (*zmalone*) Fixing encrypt to instructions in the 2015.5 branch
.. _`#21649`: https://github.com/saltstack/salt/pull/21649
.. _`#25369`: https://github.com/saltstack/salt/pull/25369
.. _`#25862`: https://github.com/saltstack/salt/pull/25862
.. _`#26378`: https://github.com/saltstack/salt/pull/26378
.. _`#26446`: https://github.com/saltstack/salt/pull/26446
.. _`#26481`: https://github.com/saltstack/salt/pull/26481
.. _`#26515`: https://github.com/saltstack/salt/pull/26515
.. _`#26524`: https://github.com/saltstack/salt/pull/26524
.. _`#26525`: https://github.com/saltstack/salt/pull/26525
.. _`#26527`: https://github.com/saltstack/salt/pull/26527
.. _`#26528`: https://github.com/saltstack/salt/pull/26528
.. _`#26537`: https://github.com/saltstack/salt/pull/26537
.. _`#26539`: https://github.com/saltstack/salt/pull/26539
.. _`#26542`: https://github.com/saltstack/salt/pull/26542
.. _`#26546`: https://github.com/saltstack/salt/pull/26546
.. _`#26548`: https://github.com/saltstack/salt/pull/26548
.. _`#26549`: https://github.com/saltstack/salt/pull/26549
.. _`#26551`: https://github.com/saltstack/salt/pull/26551
.. _`#26552`: https://github.com/saltstack/salt/pull/26552
.. _`#26553`: https://github.com/saltstack/salt/pull/26553
.. _`#26554`: https://github.com/saltstack/salt/pull/26554
.. _`#26561`: https://github.com/saltstack/salt/pull/26561
.. _`#26563`: https://github.com/saltstack/salt/pull/26563
.. _`#26565`: https://github.com/saltstack/salt/pull/26565
.. _`#26573`: https://github.com/saltstack/salt/pull/26573
.. _`#26576`: https://github.com/saltstack/salt/pull/26576
.. _`#26580`: https://github.com/saltstack/salt/pull/26580
.. _`#26581`: https://github.com/saltstack/salt/pull/26581
.. _`#26591`: https://github.com/saltstack/salt/pull/26591
.. _`#26612`: https://github.com/saltstack/salt/pull/26612
.. _`#26617`: https://github.com/saltstack/salt/pull/26617
.. _`#26618`: https://github.com/saltstack/salt/pull/26618
.. _`#26620`: https://github.com/saltstack/salt/pull/26620
.. _`#26631`: https://github.com/saltstack/salt/pull/26631
.. _`#26636`: https://github.com/saltstack/salt/pull/26636
.. _`#26640`: https://github.com/saltstack/salt/pull/26640
.. _`#26641`: https://github.com/saltstack/salt/pull/26641
.. _`#26648`: https://github.com/saltstack/salt/pull/26648
.. _`#26651`: https://github.com/saltstack/salt/pull/26651
.. _`#26653`: https://github.com/saltstack/salt/pull/26653
.. _`#26655`: https://github.com/saltstack/salt/pull/26655
.. _`#26662`: https://github.com/saltstack/salt/pull/26662
.. _`#26663`: https://github.com/saltstack/salt/pull/26663
.. _`#26667`: https://github.com/saltstack/salt/pull/26667
.. _`#26675`: https://github.com/saltstack/salt/pull/26675
.. _`#26676`: https://github.com/saltstack/salt/pull/26676
.. _`#26677`: https://github.com/saltstack/salt/pull/26677
.. _`#26681`: https://github.com/saltstack/salt/pull/26681
.. _`#26693`: https://github.com/saltstack/salt/pull/26693
.. _`#26694`: https://github.com/saltstack/salt/pull/26694
.. _`#26695`: https://github.com/saltstack/salt/pull/26695
.. _`#26700`: https://github.com/saltstack/salt/pull/26700
.. _`#26709`: https://github.com/saltstack/salt/pull/26709
.. _`#26710`: https://github.com/saltstack/salt/pull/26710
.. _`#26714`: https://github.com/saltstack/salt/pull/26714
.. _`#26726`: https://github.com/saltstack/salt/pull/26726
.. _`#26736`: https://github.com/saltstack/salt/pull/26736
.. _`#26753`: https://github.com/saltstack/salt/pull/26753
.. _`#26759`: https://github.com/saltstack/salt/pull/26759
.. _`#26768`: https://github.com/saltstack/salt/pull/26768
.. _`#26775`: https://github.com/saltstack/salt/pull/26775
.. _`#26787`: https://github.com/saltstack/salt/pull/26787
.. _`#26790`: https://github.com/saltstack/salt/pull/26790
.. _`#26793`: https://github.com/saltstack/salt/pull/26793
.. _`#26800`: https://github.com/saltstack/salt/pull/26800
.. _`#26803`: https://github.com/saltstack/salt/pull/26803
.. _`#26815`: https://github.com/saltstack/salt/pull/26815
.. _`#26817`: https://github.com/saltstack/salt/pull/26817
.. _`#26820`: https://github.com/saltstack/salt/pull/26820
.. _`#26821`: https://github.com/saltstack/salt/pull/26821
.. _`#26823`: https://github.com/saltstack/salt/pull/26823
.. _`#26824`: https://github.com/saltstack/salt/pull/26824
.. _`#26851`: https://github.com/saltstack/salt/pull/26851
.. _`#26852`: https://github.com/saltstack/salt/pull/26852
.. _`#26868`: https://github.com/saltstack/salt/pull/26868
.. _`#26871`: https://github.com/saltstack/salt/pull/26871
.. _`#26875`: https://github.com/saltstack/salt/pull/26875
.. _`#26899`: https://github.com/saltstack/salt/pull/26899
.. _`#26903`: https://github.com/saltstack/salt/pull/26903
.. _`#26915`: https://github.com/saltstack/salt/pull/26915
.. _`#26930`: https://github.com/saltstack/salt/pull/26930
.. _`#26938`: https://github.com/saltstack/salt/pull/26938
.. _`#26940`: https://github.com/saltstack/salt/pull/26940
.. _`#26942`: https://github.com/saltstack/salt/pull/26942
.. _`#26951`: https://github.com/saltstack/salt/pull/26951
.. _`#26955`: https://github.com/saltstack/salt/pull/26955
.. _`#26960`: https://github.com/saltstack/salt/pull/26960
.. _`#26966`: https://github.com/saltstack/salt/pull/26966
.. _`#26971`: https://github.com/saltstack/salt/pull/26971
.. _`#26972`: https://github.com/saltstack/salt/pull/26972
.. _`#26975`: https://github.com/saltstack/salt/pull/26975
.. _`#26976`: https://github.com/saltstack/salt/pull/26976
.. _`#26977`: https://github.com/saltstack/salt/pull/26977
.. _`#26987`: https://github.com/saltstack/salt/pull/26987
.. _`#26992`: https://github.com/saltstack/salt/pull/26992
.. _`#26996`: https://github.com/saltstack/salt/pull/26996
.. _`#26997`: https://github.com/saltstack/salt/pull/26997
.. _`#27001`: https://github.com/saltstack/salt/pull/27001
.. _`#27004`: https://github.com/saltstack/salt/pull/27004
.. _`#27011`: https://github.com/saltstack/salt/pull/27011
.. _`#27013`: https://github.com/saltstack/salt/pull/27013
.. _`#27019`: https://github.com/saltstack/salt/pull/27019
.. _`#27023`: https://github.com/saltstack/salt/pull/27023
.. _`#27024`: https://github.com/saltstack/salt/pull/27024
.. _`#27025`: https://github.com/saltstack/salt/pull/27025
.. _`#27026`: https://github.com/saltstack/salt/pull/27026
.. _`#27027`: https://github.com/saltstack/salt/pull/27027
.. _`#27029`: https://github.com/saltstack/salt/pull/27029
.. _`#27030`: https://github.com/saltstack/salt/pull/27030
.. _`#27033`: https://github.com/saltstack/salt/pull/27033
.. _`#27034`: https://github.com/saltstack/salt/pull/27034
.. _`#27035`: https://github.com/saltstack/salt/pull/27035
.. _`#27049`: https://github.com/saltstack/salt/pull/27049
.. _`#27052`: https://github.com/saltstack/salt/pull/27052
.. _`#27053`: https://github.com/saltstack/salt/pull/27053
.. _`#27054`: https://github.com/saltstack/salt/pull/27054
.. _`#27070`: https://github.com/saltstack/salt/pull/27070
.. _`#27073`: https://github.com/saltstack/salt/pull/27073
.. _`#27074`: https://github.com/saltstack/salt/pull/27074
.. _`#27075`: https://github.com/saltstack/salt/pull/27075
.. _`#27114`: https://github.com/saltstack/salt/pull/27114
.. _`#27116`: https://github.com/saltstack/salt/pull/27116
.. _`#27117`: https://github.com/saltstack/salt/pull/27117
.. _`#27128`: https://github.com/saltstack/salt/pull/27128
.. _`#27147`: https://github.com/saltstack/salt/pull/27147
.. _`#27148`: https://github.com/saltstack/salt/pull/27148
.. _`#27149`: https://github.com/saltstack/salt/pull/27149
.. _`#27150`: https://github.com/saltstack/salt/pull/27150
.. _`#27162`: https://github.com/saltstack/salt/pull/27162
.. _`#27166`: https://github.com/saltstack/salt/pull/27166
.. _`#27167`: https://github.com/saltstack/salt/pull/27167
.. _`#27168`: https://github.com/saltstack/salt/pull/27168
.. _`#27170`: https://github.com/saltstack/salt/pull/27170
.. _`#27172`: https://github.com/saltstack/salt/pull/27172
.. _`#27176`: https://github.com/saltstack/salt/pull/27176
.. _`#27180`: https://github.com/saltstack/salt/pull/27180
.. _`#27194`: https://github.com/saltstack/salt/pull/27194
.. _`#27201`: https://github.com/saltstack/salt/pull/27201
.. _`#27208`: https://github.com/saltstack/salt/pull/27208
.. _`#27214`: https://github.com/saltstack/salt/pull/27214
.. _`#27230`: https://github.com/saltstack/salt/pull/27230
.. _`#27231`: https://github.com/saltstack/salt/pull/27231
.. _`#27233`: https://github.com/saltstack/salt/pull/27233
.. _`#27244`: https://github.com/saltstack/salt/pull/27244
.. _`#27252`: https://github.com/saltstack/salt/pull/27252
.. _`#27253`: https://github.com/saltstack/salt/pull/27253
.. _`#27256`: https://github.com/saltstack/salt/pull/27256
.. _`#27277`: https://github.com/saltstack/salt/pull/27277
.. _`#27278`: https://github.com/saltstack/salt/pull/27278
.. _`#27286`: https://github.com/saltstack/salt/pull/27286
.. _`#27308`: https://github.com/saltstack/salt/pull/27308
.. _`#27309`: https://github.com/saltstack/salt/pull/27309
.. _`#27310`: https://github.com/saltstack/salt/pull/27310
.. _`#27311`: https://github.com/saltstack/salt/pull/27311
.. _`#27317`: https://github.com/saltstack/salt/pull/27317
.. _`#27335`: https://github.com/saltstack/salt/pull/27335
.. _`#27336`: https://github.com/saltstack/salt/pull/27336
.. _`#27345`: https://github.com/saltstack/salt/pull/27345
.. _`#27351`: https://github.com/saltstack/salt/pull/27351
.. _`#27358`: https://github.com/saltstack/salt/pull/27358
.. _`#27375`: https://github.com/saltstack/salt/pull/27375
.. _`#27379`: https://github.com/saltstack/salt/pull/27379
.. _`#27408`: https://github.com/saltstack/salt/pull/27408
.. _`#27410`: https://github.com/saltstack/salt/pull/27410
.. _`#27419`: https://github.com/saltstack/salt/pull/27419
.. _`#27426`: https://github.com/saltstack/salt/pull/27426
.. _`#27434`: https://github.com/saltstack/salt/pull/27434
.. _`#27467`: https://github.com/saltstack/salt/pull/27467
.. _`#27468`: https://github.com/saltstack/salt/pull/27468
.. _`#27469`: https://github.com/saltstack/salt/pull/27469
.. _`#27470`: https://github.com/saltstack/salt/pull/27470
.. _`#27472`: https://github.com/saltstack/salt/pull/27472
.. _`#27479`: https://github.com/saltstack/salt/pull/27479
.. _`#27483`: https://github.com/saltstack/salt/pull/27483
.. _`#27484`: https://github.com/saltstack/salt/pull/27484
.. _`#27509`: https://github.com/saltstack/salt/pull/27509
.. _`#27515`: https://github.com/saltstack/salt/pull/27515
.. _`#27516`: https://github.com/saltstack/salt/pull/27516
.. _`#27557`: https://github.com/saltstack/salt/pull/27557

13
doc/topics/ssh/index.rst
View File

@ -1,3 +1,5 @@
.. _salt-ssh:
========
Salt SSH
========
@ -33,7 +35,6 @@ Salt SSH Roster
The roster system in Salt allows for remote minions to be easily defined.
.. note::
See the :doc:`Roster documentation </topics/ssh/roster>` for more details.
Simply create the roster file, the default location is `/etc/salt/roster`:
@ -56,7 +57,6 @@ address. A more elaborate roster can be created:
host: 192.168.42.2
.. note::
sudo works only if NOPASSWD is set for user in /etc/sudoers:
``fred ALL=(ALL) NOPASSWD: ALL``
@ -70,9 +70,9 @@ You can use ssh-copy-id, (the OpenSSH key deployment tool) to deploy keys to you
.. code-block:: bash
ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa user@server.demo.com
ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa.pub user@server.demo.com
One could also create e a simple shell script, named salt-ssh-copy-id.sh as follows:
One could also create a simple shell script, named salt-ssh-copy-id.sh as follows:
.. code-block:: bash
@ -81,12 +81,11 @@ One could also create e a simple shell script, named salt-ssh-copy-id.sh as foll
echo $0 user@host.com
exit 0
fi
ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa $1
ssh-copy-id -i /etc/salt/pki/master/ssh/salt-ssh.rsa.pub $1
.. note::
Be certain to chmod +x salt-ssh-copy-id.sh.
Be certain to chmod +x salt-ssh-copy-id.sh.
.. code-block:: bash

6
doc/topics/ssh/roster.rst
View File

@ -23,14 +23,14 @@ How Rosters Work
================
The roster system compiles a data structure internally referred to as
`targets`. The `targets` is a list of target systems and attributes about how
``targets``. The ``targets`` is a list of target systems and attributes about how
to connect to said systems. The only requirement for a roster module in Salt
is to return the `targets` data structure.
is to return the ``targets`` data structure.
Targets Data
------------
The information which can be stored in a roster `target` is the following:
The information which can be stored in a roster ``target`` is the following:
.. code-block:: yaml

10
doc/topics/targeting/grains.rst
View File

@ -206,15 +206,15 @@ defining custom grains, there is an order of precedence which should be kept in
mind when defining them. The order of evaluation is as follows:
1. Core grains.
2. Custom grain modules in ``_grains`` directory, synced to minions.
3. Custom grains in ``/etc/salt/grains``.
4. Custom grains in ``/etc/salt/minion``.
2. Custom grains in ``/etc/salt/grains``.
3. Custom grains in ``/etc/salt/minion``.
4. Custom grain modules in ``_grains`` directory, synced to minions.
Each successive evaluation overrides the previous ones, so any grains defined
by custom grains modules synced to minions that have the same name as a core
grain will override that core grain. Similarly, grains from
``/etc/salt/grains`` override both core grains and custom grain modules, and
grains in ``/etc/salt/minion`` will override *any* grains of the same name.
``/etc/salt/minion`` override both core grains and custom grain modules, and
grains in ``_grains`` will override *any* grains of the same name.
Examples of Grains

3
doc/topics/targeting/index.rst
View File

@ -28,8 +28,9 @@ There are many ways to target individual minions or groups of minions in Salt:
globbing
grains
pillar
ipcidr
compound
nodegroups
batch
range
range

22
doc/topics/targeting/pillar.rst Normal file
View File

@ -0,0 +1,22 @@
.. _targeting-pillar:
=====================
Targeting with Pillar
=====================
Pillar data can be used when targeting minions. This allows for ultimate
control and flexibility when targeting minions.
.. code-block:: bash
salt -I 'somekey:specialvalue' test.ping
Like with :ref:`Grains <targeting-grains>`, it is possible to use globbing
as well as match nested values in Pillar, by adding colons for each level that
is being traversed. The below example would match minions with a pillar named
``foo``, which is a dict containing a key ``bar``, with a value beginning with
``baz``:
.. code-block:: bash
salt -I 'foo:bar:baz*' test.ping

41
doc/topics/tutorials/states_pt3.rst
View File

@ -47,11 +47,11 @@ Here's a more complex example:
.. code-blocK:: jinja
# Comments in yaml start with a hash symbol.
# Since jinja rendering occurs before yaml parsing, if you want to include jinja
# Since jinja rendering occurs before yaml parsing, if you want to include jinja
# in the comments you may need to escape them using 'jinja' comments to prevent
# jinja from trying to render something which is not well-defined jinja.
# e.g.
# {# iterate over the Three Stooges using a {% for %}..{% endfor %} loop
# {# iterate over the Three Stooges using a {% for %}..{% endfor %} loop
# with the iterator variable {{ usr }} becoming the state ID. #}
{% for usr in 'moe','larry','curly' %}
{{ usr }}:
@ -81,6 +81,43 @@ in the template context. The `grains` can be used from within sls modules:
- name: apache2
{% endif %}
Using Environment Variables in SLS modules
==========================================
You can use ``salt['environ.get']('VARNAME')`` to use an environment
variable in a Salt state.
.. code-block:: bash
MYENVVAR="world" salt-call state.template test.sls
.. code-block:: yaml
Create a file with contents from an environment variable:
file.managed:
- name: /tmp/hello
- contents: {{ salt['environ.get']('MYENVVAR') }}
Error checking:
.. code-block:: yaml
{% set myenvvar = salt['environ.get']('MYENVVAR') %}
{% if myenvvar %}
Create a file with contents from an environment variable:
file.managed:
- name: /tmp/hello
- contents: {{ salt['environ.get']('MYENVVAR') }}
{% else %}
Fail - no environment passed in:
test:
A. fail_without_changes
{% endif %}
Calling Salt modules from templates
===================================

12
salt/beacons/diskusage.py
View File

@ -3,17 +3,25 @@
Beacon to monitor disk usage.
.. versionadded:: 2015.5.0
:depends: python-psutil
'''
# Import Python libs
from __future__ import absolute_import
import logging
import psutil
import re
# Import Salt libs
import salt.utils
# Import Third Party Libs
try:
import psutil
HAS_PSUTIL = True
except ImportError:
HAS_PSUTIL = False
log = logging.getLogger(__name__)
__virtualname__ = 'diskusage'
@ -22,6 +30,8 @@ __virtualname__ = 'diskusage'
def __virtual__():
if salt.utils.is_windows():
return False
elif HAS_PSUTIL is False:
return False
else:
return __virtualname__

29
salt/cloud/clouds/gce.py
View File

@ -426,18 +426,13 @@ def __get_host(node, vm_):
'''
Return public IP, private IP, or hostname for the libcloud 'node' object
'''
if __get_ssh_interface(vm_) == 'private_ips':
if __get_ssh_interface(vm_) == 'private_ips' or vm_['external_ip'] is None:
ip_address = node.private_ips[0]
log.info('Salt node data. Private_ip: {0}'.format(ip_address))
else:
ip_address = node.public_ips[0]
log.info('Salt node data. Public_ip: {0}'.format(ip_address))
# if len(node.public_ips) > 0:
# return node.public_ips[0]
# if len(node.private_ips) > 0:
# return node.private_ips[0]
if len(ip_address) > 0:
return ip_address
@ -2050,10 +2045,20 @@ def create(vm_=None, call=None):
'ex_network': __get_network(conn, vm_),
'ex_tags': __get_tags(vm_),
'ex_metadata': __get_metadata(vm_),
'external_ip': config.get_cloud_config_value(
'external_ip', vm_, __opts__, default='ephemeral'
)
}
external_ip = config.get_cloud_config_value(
'external_ip', vm_, __opts__, default='ephemeral'
)
if external_ip.lower() == 'ephemeral':
external_ip = 'ephemeral'
elif external_ip == 'None':
external_ip = None
else:
region = '-'.join(kwargs['location'].name.split('-')[:2])
kwargs['external_ip'] = __create_orget_address(conn, kwargs['external_ip'], region)
kwargs['external_ip'] = external_ip
vm_['external_ip'] = external_ip
if LIBCLOUD_VERSION_INFO > (0, 15, 1):
@ -2076,12 +2081,6 @@ def create(vm_=None, call=None):
'\'pd-standard\', \'pd-ssd\''
)
if 'external_ip' in kwargs and kwargs['external_ip'] == "None":
kwargs['external_ip'] = None
elif kwargs['external_ip'] != 'ephemeral':
region = '-'.join(kwargs['location'].name.split('-')[:2])
kwargs['external_ip'] = __create_orget_address(conn, kwargs['external_ip'], region)
log.info('Creating GCE instance {0} in {1}'.format(vm_['name'],
kwargs['location'].name)
)

2
salt/modules/chocolatey.py
View File

@ -102,7 +102,7 @@ def chocolatey_version():
'''
if 'chocolatey._version' in __context__:
return __context__['chocolatey._version']
cmd = [_find_chocolatey(__context__, __salt__), 'help']
cmd = [_find_chocolatey(__context__, __salt__)]
out = __salt__['cmd.run'](cmd, python_shell=False)
for line in out.splitlines():
line = line.lower()

58
salt/modules/daemontools.py
View File

@ -15,10 +15,13 @@ so it can be used to maintain services using the ``provider`` argument:
from __future__ import absolute_import
# Import python libs
import logging
import os
import os.path
import re
# Import salt libs
import salt.utils
from salt.exceptions import CommandExecutionError
# Function alias to not shadow built-ins.
@ -26,6 +29,8 @@ __func_alias__ = {
'reload_': 'reload'
}
log = logging.getLogger(__name__)
VALID_SERVICE_DIRS = [
'/service',
'/var/service',
@ -38,6 +43,12 @@ for service_dir in VALID_SERVICE_DIRS:
break
def __virtual__():
# Ensure that daemontools is installed properly.
BINS = frozenset(('svc', 'supervise', 'svok'))
return all(salt.utils.which(b) for b in BINS)
def _service_path(name):
'''
build service path
@ -201,3 +212,50 @@ def get_all():
raise CommandExecutionError("Could not find service directory.")
#- List all daemontools services in
return sorted(os.listdir(SERVICE_DIR))
def enabled(name, **kwargs):
'''
Return True if the named service is enabled, false otherwise
A service is considered enabled if in your service directory:
- an executable ./run file exist
- a file named "down" does not exist
.. versionadded:: 2015.5.7
name
Service name
CLI Example:
.. code-block:: bash
salt '*' daemontools.enabled <service name>
'''
if not available(name):
log.error('Service {0} not found'.format(name))
return False
run_file = os.path.join(SERVICE_DIR, name, 'run')
down_file = os.path.join(SERVICE_DIR, name, 'down')
return (
os.path.isfile(run_file) and
os.access(run_file, os.X_OK) and not
os.path.isfile(down_file)
)
def disabled(name):
'''
Return True if the named service is enabled, false otherwise
.. versionadded:: 2015.5.6
CLI Example:
.. code-block:: bash
salt '*' daemontools.disabled <service name>
'''
return not enabled(name)

2
salt/modules/freebsdservice.py
View File

@ -25,7 +25,7 @@ __virtualname__ = 'service'
def __virtual__():
'''
Only work on systems which default to systemd
Only work on FreeBSD
'''
# Disable on these platforms, specific service modules exist:
if __grains__['os'] == 'FreeBSD':

2
salt/modules/glusterfs.py
View File

@ -26,7 +26,7 @@ def __virtual__():
'''
if salt.utils.which('gluster'):
return True
return False
return (False, 'glusterfs server is not installed')
def list_peers():

7
salt/modules/iptables.py
View File

@ -80,8 +80,13 @@ def _conf(family='ipv4'):
return '/var/lib/ip6tables/rules-save'
else:
return '/var/lib/iptables/rules-save'
elif __grains__['os_family'] == 'Suse':
# SuSE does not seem to use separate files for IPv4 and IPv6
return '/etc/sysconfig/scripts/SuSEfirewall2-custom'
else:
return False
raise SaltException('Saving iptables to file is not' +
' supported on {0}.'.format(__grains__['os']) +
' Please file an issue with SaltStack')
def version(family='ipv4'):

20
salt/modules/pip.py
View File

@ -418,17 +418,24 @@ def install(pkgs=None, # pylint: disable=R0912,R0913,R0914
process_dependency_links
Enable the processing of dependency links
use_vt
Use VT terminal emulation (see ouptut while installing)
env_vars
Set environment variables that some builds will depend on. For example,
a Python C-module may have a Makefile that needs INCLUDE_PATH set to
pick up a header file while compiling.
pick up a header file while compiling. This must be in the form of a
dictionary or a mapping.
Example:
.. code-block:: bash
salt '*' pip.install django_app env_vars="{'CUSTOM_PATH': '/opt/django_app'}"
trusted_host
Mark this host as trusted, even though it does not have valid or any
HTTPS.
use_vt
Use VT terminal emulation (see ouptut while installing)
CLI Example:
@ -704,7 +711,10 @@ def install(pkgs=None, # pylint: disable=R0912,R0913,R0914
cmd.append('--process-dependency-links')
if env_vars:
os.environ.update(env_vars)
if isinstance(env_vars, dict):
os.environ.update(env_vars)
else:
raise CommandExecutionError('env_vars {0} is not a dictionary'.format(env_vars))
if trusted_host:
cmd.append('--trusted-host {0}'.format(trusted_host))

19
salt/modules/pkgng.py
View File

@ -82,6 +82,13 @@ def _pkg(jail=None, chroot=None):
return ret
def _get_pkgng_version(jail=None, chroot=None):
'''
return the version of 'pkg'
'''
return __salt__['cmd.run']([_pkg(jail, chroot), '--version']).strip()
def _get_version(name, results):
'''
``pkg search`` will return all packages for which the pattern is a match.
@ -253,6 +260,7 @@ def latest_version(*names, **kwargs):
if len(names) == 0:
return ''
ret = {}
# Initialize the dict with empty strings
for name in names:
ret[name] = ''
@ -260,8 +268,17 @@ def latest_version(*names, **kwargs):
chroot = kwargs.get('chroot')
pkgs = list_pkgs(versions_as_list=True, jail=jail, chroot=chroot)
if salt.utils.compare_versions(_get_pkgng_version(jail, chroot), '>=', '1.6.0'):
quiet = True
else:
quiet = False
for name in names:
cmd = '{0} search {1}'.format(_pkg(jail, chroot), name)
cmd = [_pkg(jail, chroot), 'search']
if quiet:
cmd.append('-q')
cmd.append(name)
pkgver = _get_version(
name,
__salt__['cmd.run'](cmd, python_shell=False, output_loglevel='trace')

19
salt/returners/local_cache.py
View File

@ -76,30 +76,31 @@ def _walk_through(job_dir):
#TODO: add to returner docs-- this is a new one
def prep_jid(nocache=False, passed_jid=None, recurse_count=0):
'''
Return a job id and prepare the job id directory
This is the function responsible for making sure jids don't collide (unless its passed a jid)
Return a job id and prepare the job id directory.
This is the function responsible for making sure jids don't collide (unless
it is passed a jid).
So do what you have to do to make sure that stays the case
'''
if recurse_count >= 5:
err = 'prep_jid could not store a jid after {0} tries.'.format(recurse_count)
log.error(err)
raise salt.exceptions.SaltCacheError(err)
if passed_jid is None: # this can be a None of an empty string
if passed_jid is None: # this can be a None or an empty string.
jid = salt.utils.jid.gen_jid()
else:
jid = passed_jid
jid_dir_ = _jid_dir(jid)
# make sure we create the jid dir, otherwise someone else is using it,
# meaning we need a new jid
# Make sure we create the jid dir, otherwise someone else is using it,
# meaning we need a new jid.
try:
os.makedirs(jid_dir_)
except OSError:
time.sleep(0.1)
if passed_jid is None:
recurse_count += recurse_count
return prep_jid(nocache=nocache)
return prep_jid(nocache=nocache, recurse_count=recurse_count+1)
try:
with salt.utils.fopen(os.path.join(jid_dir_, 'jid'), 'wb+') as fn_:
@ -110,8 +111,8 @@ def prep_jid(nocache=False, passed_jid=None, recurse_count=0):
except IOError:
log.warn('Could not write out jid file for job {0}. Retrying.'.format(jid))
time.sleep(0.1)
recurse_count += recurse_count
return prep_jid(passed_jid=jid, nocache=nocache)
return prep_jid(passed_jid=jid, nocache=nocache,
recurse_count=recurse_count+1)
return jid

10
salt/returners/postgres_local_cache.py
View File

@ -56,6 +56,8 @@ and then:
--
-- Table structure for table 'salt_returns'
--
-- note that 'success' must not have NOT NULL constraint, since
-- some functions don't provide it.
DROP TABLE IF EXISTS salt_returns;
CREATE TABLE salt_returns (
@ -203,12 +205,6 @@ def returner(load):
'''
Return data to a postgres server
'''
# salt guarantees that there will be 'fun', 'jid', 'return' and 'id' but not
# 'success'
success = 'Unknown'
if 'success' in load:
success = load['success']
conn = _get_conn()
if conn is None:
return None
@ -222,7 +218,7 @@ def returner(load):
load['jid'],
json.dumps(six.text_type(str(load['return']), 'utf-8', 'replace')),
load['id'],
success
load.get('success'),
)
)
_close_conn(conn)

13
salt/states/pip_state.py
View File

@ -396,7 +396,18 @@ def installed(name,
env_vars
Add or modify environment variables. Useful for tweaking build steps,
such as specifying INCLUDE or LIBRARY paths in Makefiles, build scripts or
compiler calls.
compiler calls. This must be in the form of a dictionary or a mapping.
Example:
.. code-block:: yaml
django:
pip.installed:
- name: django_app
- env_vars:
CUSTOM_PATH: /opt/django_app
VERBOSE: True
use_vt
Use VT terminal emulation (see ouptut while installing)

3
salt/states/user.py
View File

@ -260,7 +260,8 @@ def present(name,
password
A password hash to set for the user. This field is only supported on
Linux, FreeBSD, NetBSD, OpenBSD, and Solaris.
Linux, FreeBSD, NetBSD, OpenBSD, and Solaris. If the ``empty_password``
argument is set to ``True`` then ``password`` is ignored.
For Windows this is the plain text password.
.. versionchanged:: 0.16.0

4
setup.py
View File

@ -401,7 +401,7 @@ class DownloadWindowsDlls(Command):
from contextlib import closing
with closing(requests.get(furl, stream=True)) as req:
if req.status_code == 200:
with open(fdest, 'w') as wfh:
with open(fdest, 'wb') as wfh:
for chunk in req.iter_content(chunk_size=4096):
if chunk: # filter out keep-alive new chunks
wfh.write(chunk)
@ -416,7 +416,7 @@ class DownloadWindowsDlls(Command):
req = urlopen(furl)
if req.getcode() == 200:
with open(fdest, 'w') as wfh:
with open(fdest, 'wb') as wfh:
while True:
for chunk in req.read(4096):
if not chunk:

4
tests/integration/modules/pillar.py
View File

@ -98,7 +98,6 @@ class PillarModuleTest(integration.ModuleCase):
def no_test_issue_10408_ext_pillar_gitfs_url_update(self):
import os
from salt.pillar import git_pillar
import git
original_url = 'git+ssh://original@example.com/home/git/test'
changed_url = 'git+ssh://changed@example.com/home/git/test'
rp_location = os.path.join(self.master_opts['cachedir'], 'pillar_gitfs/0/.git')
@ -114,10 +113,11 @@ class PillarModuleTest(integration.ModuleCase):
self.assertEqual(grepo.rp_location, repo.remotes.origin.url)
@skipIf(HAS_GIT_PYTHON is False,
'GitPython must be installed and >= version {0}'.format(GIT_PYTHON))
def test_ext_pillar_env_mapping(self):
import os
from salt.pillar import git_pillar
import git
repo_url = 'https://github.com/saltstack/pillar1.git'
pillar = self.run_function('pillar.data')