From 7c1cfa82e476c752b7037567137398fc1cc3878a Mon Sep 17 00:00:00 2001 From: Erik Johnson Date: Tue, 22 Nov 2016 12:44:46 -0600 Subject: [PATCH 1/6] Clarify the master_type docs (#37841) Mention when "disable" began to be supported. --- doc/ref/configuration/minion.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/doc/ref/configuration/minion.rst b/doc/ref/configuration/minion.rst index 47202b3e36..1c259eb1a0 100644 --- a/doc/ref/configuration/minion.rst +++ b/doc/ref/configuration/minion.rst @@ -107,13 +107,14 @@ to manage the minion's master setting from an execution module. By simply changing the algorithm in the module to return a new master ip/fqdn, restart the minion and it will connect to the new master. +As of version 2016.11.0 this option can be set to ``disable`` and the minion +will never attempt to talk to the master. This is useful for running a +masterless minion daemon. + .. code-block:: yaml master_type: disable -If you just want to run a masterless minion, this can be set and the minion -will never attempt to talk to the master. - .. conf_minion:: max_event_size ``max_event_size`` From 0c607ccaeccb4dc8f1b7eace23b2b82100f65823 Mon Sep 17 00:00:00 2001 From: Dmitry Kuzmenko Date: Wed, 23 Nov 2016 19:38:16 +0300 Subject: [PATCH 2/6] An example configuration for TLS/SSL. (#37859) --- conf/master | 9 +++++++++ conf/minion | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/conf/master b/conf/master index 4ecb16041e..8d90afdc92 100644 --- a/conf/master +++ b/conf/master @@ -382,6 +382,15 @@ # will cause minion to throw an exception and drop the message. # sign_pub_messages: False +# Use TLS/SSL encrypted connection between master and minion. +# Can be set to a dictionary containing keyword arguments corresponding to Python's +# 'ssl.wrap_socket' method. +# Default is None. +#ssl: +# keyfile: +# certfile: +# ssl_version: PROTOCOL_TLSv1_2 + ##### Salt-SSH Configuration ##### ########################################## diff --git a/conf/minion b/conf/minion index ad7a3749e6..35b48a7c15 100644 --- a/conf/minion +++ b/conf/minion @@ -633,6 +633,15 @@ # "salt-key -f master.pub" on the Salt master. #master_finger: '' +# Use TLS/SSL encrypted connection between master and minion. +# Can be set to a dictionary containing keyword arguments corresponding to Python's +# 'ssl.wrap_socket' method. +# Default is None. +#ssl: +# keyfile: +# certfile: +# ssl_version: PROTOCOL_TLSv1_2 + ###### Thread settings ##### ########################################### From 16ce844c54a3054be10da97f33c5e0654b37a5a7 Mon Sep 17 00:00:00 2001 From: Sergey Kizunov Date: Wed, 23 Nov 2016 11:40:28 -0500 Subject: [PATCH 3/6] Eliminate warning when 'ssl' not set (#37849) When not specifying 'ssl' in a config file, the following warning is displayed: `[WARNING ] Key 'ssl' with value None has an invalid type of NoneType, a dict is required for this value` This has been caused by PR #37776. Fix this by allowing `None` as a valid value for `ssl`. Signed-off-by: Sergey Kizunov --- salt/config/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/config/__init__.py b/salt/config/__init__.py index c8e7e5ae9c..b50f104075 100644 --- a/salt/config/__init__.py +++ b/salt/config/__init__.py @@ -921,7 +921,7 @@ VALID_OPTS = { # http://docs.python.org/2/library/ssl.html#ssl.wrap_socket # Note: to set enum arguments values like `cert_reqs` and `ssl_version` use constant names # without ssl module prefix: `CERT_REQUIRED` or `PROTOCOL_SSLv23`. - 'ssl': dict, + 'ssl': (dict, type(None)), } # default configurations From 47d21d9ed28ae2faca322828369a687c8b8f25a5 Mon Sep 17 00:00:00 2001 From: Erik Johnson Date: Wed, 23 Nov 2016 10:43:01 -0600 Subject: [PATCH 4/6] Don't skip pillar compilation when master_type=='disable' (#37843) This was broken in pull #32521. The community member who opened that PR was apparently unaware of the fact that masterless minions will use the Pillar instead of RemotePillar class, so skipping the Pillar compilation here results in the packed pillar dunder being completely empty. This PR fixes that by removing the check for master_type and allowing local pillar data to be compiled. --- salt/minion.py | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/salt/minion.py b/salt/minion.py index 0b39bbc88f..06aa7050cc 100644 --- a/salt/minion.py +++ b/salt/minion.py @@ -673,14 +673,13 @@ class SMinion(MinionBase): ''' Load all of the modules for the minion ''' - if self.opts.get('master_type') != 'disable': - self.opts['pillar'] = salt.pillar.get_pillar( - self.opts, - self.opts['grains'], - self.opts['id'], - self.opts['environment'], - pillarenv=self.opts.get('pillarenv'), - ).compile_pillar() + self.opts['pillar'] = salt.pillar.get_pillar( + self.opts, + self.opts['grains'], + self.opts['id'], + self.opts['environment'], + pillarenv=self.opts.get('pillarenv'), + ).compile_pillar() self.utils = salt.loader.utils(self.opts) self.functions = salt.loader.minion_mods(self.opts, utils=self.utils) From 7fceaa34764317459fcc353bea797401dd796436 Mon Sep 17 00:00:00 2001 From: Bruno Binet Date: Fri, 25 Nov 2016 11:18:00 +0100 Subject: [PATCH 5/6] Fix support for extra_mods='six' to add six module to a thin.tgz tarball Without this patch, gen_thin will only include py2/salt/ext/six.py but not py2/six.py (which may be required for other selected extra_mods python modules) --- salt/utils/thin.py | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/salt/utils/thin.py b/salt/utils/thin.py index dc23dbe6b1..5abc6bcc82 100644 --- a/salt/utils/thin.py +++ b/salt/utils/thin.py @@ -19,7 +19,7 @@ import subprocess import jinja2 import yaml import msgpack -import salt.ext.six as six +import salt.ext.six as _six import tornado # pylint: disable=import-error,no-name-in-module @@ -107,7 +107,7 @@ def get_tops(extra_mods='', so_mods=''): os.path.dirname(msgpack.__file__), ] - tops.append(six.__file__.replace('.pyc', '.py')) + tops.append(_six.__file__.replace('.pyc', '.py')) if HAS_CERTIFI: tops.append(os.path.dirname(certifi.__file__)) @@ -196,7 +196,7 @@ def gen_thin(cachedir, extra_mods='', overwrite=False, so_mods='', pass else: return thintar - if six.PY3: + if _six.PY3: # Let's check for the minimum python 2 version requirement, 2.6 py_shell_cmd = ( python2_bin + ' -c \'from __future__ import print_function; import sys; ' @@ -222,14 +222,14 @@ def gen_thin(cachedir, extra_mods='', overwrite=False, so_mods='', tops_py_version_mapping = {} tops = get_tops(extra_mods=extra_mods, so_mods=so_mods) - if six.PY2: + if _six.PY2: tops_py_version_mapping['2'] = tops else: tops_py_version_mapping['3'] = tops # TODO: Consider putting known py2 and py3 compatible libs in it's own sharable directory. # This would reduce the thin size. - if six.PY2 and sys.version_info[0] == 2: + if _six.PY2 and sys.version_info[0] == 2: # Get python 3 tops py_shell_cmd = ( python3_bin + ' -c \'import sys; import json; import salt.utils.thin; ' @@ -244,7 +244,7 @@ def gen_thin(cachedir, extra_mods='', overwrite=False, so_mods='', tops_py_version_mapping['3'] = tops except ValueError: pass - if six.PY3 and sys.version_info[0] == 3: + if _six.PY3 and sys.version_info[0] == 3: # Get python 2 tops py_shell_cmd = ( python2_bin + ' -c \'from __future__ import print_function; ' @@ -267,7 +267,7 @@ def gen_thin(cachedir, extra_mods='', overwrite=False, so_mods='', except OSError: start_dir = None tempdir = None - for py_ver, tops in six.iteritems(tops_py_version_mapping): + for py_ver, tops in _six.iteritems(tops_py_version_mapping): for top in tops: base = os.path.basename(top) top_dirname = os.path.dirname(top) @@ -359,7 +359,7 @@ def gen_min(cachedir, extra_mods='', overwrite=False, so_mods='', pass else: return mintar - if six.PY3: + if _six.PY3: # Let's check for the minimum python 2 version requirement, 2.6 py_shell_cmd = ( python2_bin + ' -c \'from __future__ import print_function; import sys; ' @@ -385,14 +385,14 @@ def gen_min(cachedir, extra_mods='', overwrite=False, so_mods='', tops_py_version_mapping = {} tops = get_tops(extra_mods=extra_mods, so_mods=so_mods) - if six.PY2: + if _six.PY2: tops_py_version_mapping['2'] = tops else: tops_py_version_mapping['3'] = tops # TODO: Consider putting known py2 and py3 compatible libs in it's own sharable directory. # This would reduce the min size. - if six.PY2 and sys.version_info[0] == 2: + if _six.PY2 and sys.version_info[0] == 2: # Get python 3 tops py_shell_cmd = ( python3_bin + ' -c \'import sys; import json; import salt.utils.thin; ' @@ -407,7 +407,7 @@ def gen_min(cachedir, extra_mods='', overwrite=False, so_mods='', tops_py_version_mapping['3'] = tops except ValueError: pass - if six.PY3 and sys.version_info[0] == 3: + if _six.PY3 and sys.version_info[0] == 3: # Get python 2 tops py_shell_cmd = ( python2_bin + ' -c \'from __future__ import print_function; ' @@ -548,7 +548,7 @@ def gen_min(cachedir, extra_mods='', overwrite=False, so_mods='', 'salt/output/nested.py', ) - for py_ver, tops in six.iteritems(tops_py_version_mapping): + for py_ver, tops in _six.iteritems(tops_py_version_mapping): for top in tops: base = os.path.basename(top) top_dirname = os.path.dirname(top) From d204099db82c7c9a982e04fc6bf2909f2e72389d Mon Sep 17 00:00:00 2001 From: Nicole Thomas Date: Mon, 28 Nov 2016 10:08:52 -0700 Subject: [PATCH 6/6] [2016.11] Update version numbers in doc config for 2016.11.0 release (#37917) --- doc/conf.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/conf.py b/doc/conf.py index 67557d195b..be73f1943d 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -232,11 +232,11 @@ on_saltstack = 'SALT_ON_SALTSTACK' in os.environ project = 'Salt' version = salt.version.__version__ -latest_release = '2016.3.4' # latest release -previous_release = '2015.8.12' # latest release from previous branch -previous_release_dir = '2015.8' # path on web server for previous branch -next_release = '2016.11' # next release -next_release_dir = '2016.11' # path on web server for next release branch +latest_release = '2016.11.0' # latest release +previous_release = '2016.3.4' # latest release from previous branch +previous_release_dir = '2016.3' # path on web server for previous branch +next_release = '' # next release +next_release_dir = '' # path on web server for next release branch today = '' copyright = '' @@ -245,8 +245,8 @@ if on_saltstack: copyright = time.strftime("%Y") # < --- START do not merge these settings to other branches START ---> # -build_type = 'next' # latest, previous, develop, next -release = version # version, latest_release, previous_release +build_type = 'latest' # latest, previous, develop, next +release = latest_release # version, latest_release, previous_release # < --- END do not merge these settings to other branches END ---> # # Set google custom search engine