valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-07 17:09:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'develop' into file.symlink-updates

Browse Source
This commit is contained in:
Nicole Thomas 2018-05-10 11:25:44 -04:00 committed by GitHub
commit 9a5cccfc18
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1932 changed files with 232590 additions and 57856 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
.github/CODEOWNERS vendored
View File

@ -9,52 +9,66 @@
# See https://help.github.com/articles/about-codeowners/
# for more info about the CODEOWNERS file
# This file uses an fnmatch-style matching pattern.
# Team Boto
salt/**/*boto* @saltstack/team-boto
# Team Core
salt/auth/ @saltstack/team-core
salt/cache/ @saltstack/team-core
salt/cli/ @saltstack/team-core
salt/auth/* @saltstack/team-core
salt/cache/* @saltstack/team-core
salt/cli/* @saltstack/team-core
salt/client/* @saltstack/team-core
salt/config/* @saltstack/team-core
salt/daemons/ @saltstack/team-core
salt/pillar/ @saltstack/team-core
salt/daemons/* @saltstack/team-core
salt/pillar/* @saltstack/team-core
salt/loader.py @saltstack/team-core
salt/payload.py @saltstack/team-core
salt/**/master* @saltstack/team-core
salt/**/minion* @saltstack/team-core
# Team Cloud
salt/cloud/ @saltstack/team-cloud
salt/utils/openstack/ @saltstack/team-cloud
salt/cloud/* @saltstack/team-cloud
salt/utils/openstack/* @saltstack/team-cloud
salt/utils/aws.py @saltstack/team-cloud
salt/**/*cloud* @saltstack/team-cloud
# Team NetAPI
salt/cli/api.py @saltstack/team-netapi
salt/client/netapi.py @saltstack/team-netapi
salt/netapi/ @saltstack/team-netapi
salt/netapi/* @saltstack/team-netapi
# Team Network
salt/proxy/ @saltstack/team-proxy
salt/proxy/* @saltstack/team-proxy
# Team SPM
salt/cli/spm.py @saltstack/team-spm
salt/spm/ @saltstack/team-spm
salt/spm/* @saltstack/team-spm
# Team SSH
salt/cli/ssh.py @saltstack/team-ssh
salt/client/ssh/ @saltstack/team-ssh
salt/client/ssh/* @saltstack/team-ssh
salt/runners/ssh.py @saltstack/team-ssh
salt/**/thin.py @saltstack/team-ssh
# Team State
salt/state.py @saltstack/team-state
# Team SUSE
salt/**/*btrfs* @saltstack/team-suse
salt/**/*kubernetes* @saltstack/team-suse
salt/**/*pkg* @saltstack/team-suse
salt/**/*snapper* @saltstack/team-suse
salt/**/*xfs* @saltstack/team-suse
salt/**/*zypper* @saltstack/team-suse
# Team Transport
salt/transport/ @saltstack/team-transport
salt/transport/* @saltstack/team-transport
salt/utils/zeromq.py @saltstack/team-transport
# Team Windows
salt/**/*win* @saltstack/team-windows
salt/*/*win* @saltstack/team-windows
salt/modules/reg.py @saltstack/team-windows
salt/states/reg.py @saltstack/team-windows
tests/*/*win* @saltstack/team-windows
tests/*/test_reg.py @saltstack/team-windows

4
.github/stale.yml vendored
View File

@ -1,8 +1,8 @@
# Probot Stale configuration file
# Number of days of inactivity before an issue becomes stale
# 820 is approximately 2 years and 3 months
daysUntilStale: 820
# 710 is approximately 1 year and 11 months
daysUntilStale: 710
# Number of days of inactivity before a stale issue is closed
daysUntilClose: 7

87
.kitchen.yml
View File

@ -1,6 +1,6 @@
---
<% vagrant = system('which vagrant 2>/dev/null >/dev/null') %>
<% version = '2017.7.1' %>
<% version = '2017.7.4' %>
<% platformsfile = ENV['SALT_KITCHEN_PLATFORMS'] || '.kitchen/platforms.yml' %>
<% driverfile = ENV['SALT_KITCHEN_DRIVER'] || '.kitchen/driver.yml' %>
<% verifierfile = ENV['SALT_KITCHEN_VERIFIER'] || '.kitchen/verifier.yml' %>
@ -31,24 +31,28 @@ provisioner:
salt_version: latest
salt_bootstrap_url: https://bootstrap.saltstack.com
salt_bootstrap_options: -X -p rsync stable <%= version %>
log_level: info
log_level: debug
sudo: true
require_chef: false
retry_on_exit_code:
- 139
max_retries: 2
remote_states:
name: git://github.com/saltstack/salt-jenkins.git
branch: oxygen
branch: master
repo: git
testingdir: /testing
salt_copy_filter:
- .bundle
- .git
- .gitignore
- .kitchen
- .kitchen.yml
- artifacts
- Gemfile
- Gemfile.lock
- README.rst
- .travis.yml
- '*.pyc'
- __pycache__
state_top:
base:
"os:Windows":
@ -56,6 +60,20 @@ provisioner:
- prep_windows
"*":
- git.salt
pillars:
top.sls:
base:
"*":
- jenkins
"os:Windows":
- match: grain
- windows
jenkins.sls:
testing_dir: "{{salt.config.get('root_dir')|replace('\\', '\\\\')}}/testing"
clone_repo: false
salttesting_namespec: salttesting==2017.6.1
windows.sls:
virtualenv_path: 'c:\Python27\Scripts\pip.exe'
<% if File.exists?(platformsfile) %>
<%= ERB.new(File.read(platformsfile)).result %>
<% else %>
@ -124,16 +142,22 @@ platforms:
box: mwrock/Windows2012R2
name: vagrant
gui: true
customize:
cpus: 4
memory: 8192
transport:
name: winrm
username: Vagrant
password: vagrant
username: Administrator
password: Pass@word1
provisioner:
init_environment: |
Clear-Host
$AddedLocation ="c:\salt;c:\salt\bin\Scripts"
$Reg = "Registry::HKLM\System\CurrentControlSet\Control\Session Manager\Environment"
$OldPath = (Get-ItemProperty -Path $Reg -Name PATH).Path
$NewPath= $OldPath + ";" + $AddedLocation
Set-ItemProperty -Path $Reg -Value $NewPath -Name PATH
reg add "hklm\system\currentcontrolset\control\session manager\memory management" /v pagingfiles /t reg_multi_sz /d "d:\pagefile.sys 4096 8192" /f
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="5000"}'
salt_bootstrap_url: https://raw.githubusercontent.com/saltstack/salt-bootstrap/develop/bootstrap-salt.ps1
salt_bootstrap_options: -version <%= version %>
salt_bootstrap_options: ''
verifier:
windows: true
types:
@ -157,12 +181,25 @@ platforms:
provisioner:
salt_bootstrap_url: https://raw.githubusercontent.com/saltstack/salt-bootstrap/develop/bootstrap-salt.ps1
salt_bootstrap_options: -version <%= version %>
init_environment: |
Clear-Host
$AddedLocation ="c:\salt;c:\salt\bin\Scripts"
$Reg = "Registry::HKLM\System\CurrentControlSet\Control\Session Manager\Environment"
$OldPath = (Get-ItemProperty -Path $Reg -Name PATH).Path
$NewPath= $OldPath + ";" + $AddedLocation
Set-ItemProperty -Path $Reg -Value $NewPath -Name PATH
reg add "hklm\system\currentcontrolset\control\session manager\memory management" /v pagingfiles /t reg_multi_sz /d "d:\pagefile.sys 4096 8192" /f
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="5000"}'
salt_bootstrap_url: https://raw.githubusercontent.com/saltstack/salt-bootstrap/develop/bootstrap-salt.ps1
salt_bootstrap_options: ''
verifier:
windows: true
types:
- unit
coverage_xml: false
xml: /tmp/xml-unittests-output/
save:
/tmp/xml-unittests-output/: artifacts/
$env:TEMP/salt-runtests.log: artifacts/logs/salt-runtests.log
/salt/var/log/salt/minion: artifacts/logs/minion
<% end %>
@ -171,21 +208,6 @@ suites:
- name: py2
verifier:
python_bin: python2.7
provisioner:
pillars:
top.sls:
base:
"*":
- jenkins
"os:Windows":
- match: grain
- windows
jenkins.sls:
testing_dir: "{{salt.config.get('root_dir')|replace('\\', '\\\\')}}/testing"
clone_repo: false
salttesting_namespec: salttesting==2017.6.1
windows.sls:
virtualenv_path: 'c:\Python27\Scripts\pip.exe'
- name: py3
excludes:
- centos-6
@ -194,18 +216,8 @@ suites:
python_bin: python3
provisioner:
pillars:
top.sls:
base:
"*":
- jenkins
"os:Windows":
- match: grain
- windows
jenkins.sls:
testing_dir: "{{salt.config.get('root_dir')|replace('\\', '\\\\')}}/testing"
clone_repo: false
py3: true
salttesting_namespec: salttesting==2017.6.1
windows.sls:
virtualenv_path: 'c:\Python35\Scripts\pip.exe'
@ -215,7 +227,6 @@ suites:
verifier:
name: runtests
sudo: true
verbose: true
run_destructive: true
transport: zeromq
types:
@ -225,6 +236,6 @@ verifier:
save:
/tmp/xml-unittests-output: artifacts/
/tmp/coverage.xml: artifacts/coverage/coverage.xml
/var/log/salt/minion: artifacts/logs/minion
/tmp/kitchen/var/log/salt/minion: artifacts/logs/minion
/tmp/salt-runtests.log: artifacts/logs/salt-runtests.log
<% end %>

19
.testing.pylintrc
View File

@ -29,6 +29,25 @@ load-plugins=saltpylint.pep8,
# Don't bump this values on PyLint 1.4.0 - Know bug that ignores the passed --rcfile
jobs=1
# List of blacklisted functions and suggested replacements
#
# NOTE: This pylint check will infer the full name of the function by walking
# back up from the function name to the parent, to the parent's parent, etc.,
# and this means that functions which come from platform-specific modules need
# to be referenced using name of the module from which the function was
# imported. This happens a lot in the os and os.path modules. Functions from
# os.path should be defined using posixpath.funcname and ntpath.funcname, while
# functions from os should be defined using posix.funcname and nt.funcname.
#
# When defining a blacklisted function, the format is:
#
# <func_name>=<suggested_replacement>
#
# The replacement text will be included in the alert message.
#
blacklisted-functions=posix.umask=salt.utils.files.set_umask or get_umask,
nt.umask=salt.utils.files.set_umask or get_umask
# Allow loading of arbitrary C extensions. Extensions are imported into the
# active Python interpreter and may run arbitrary code.
unsafe-load-any-extension=no

2
Gemfile
View File

@ -12,7 +12,7 @@ group :docker do
end
group :opennebula do
gem 'kitchen-opennebula', :git => 'https://github.com/gtmanfred/kitchen-opennebula.git'
gem 'kitchen-opennebula', '>=0.2.3'
gem 'xmlrpc'
end

2
conf/cloud
View File

@ -26,7 +26,7 @@
# The level of messages to send to the console.
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
# One of 'garbage', 'trace', 'debug', 'info', 'warning', 'error', 'critical'.
#
# The following log levels are considered INSECURE and may log sensitive data:
# ['garbage', 'trace', 'debug']

3
conf/cloud.providers
View File

@ -84,3 +84,6 @@
#my-saltify-config:
# driver: saltify
#my-scaleway-config:
# driver: scaleway

2
conf/cloud.providers.d/scaleway.conf Normal file
View File

@ -0,0 +1,2 @@
#my-scaleway-config:
# driver: scaleway

20
conf/master
View File

@ -176,6 +176,14 @@
# master event bus. The value is expressed in bytes.
#max_event_size: 1048576
# Windows platforms lack posix IPC and must rely on slower TCP based inter-
# process communications. Set ipc_mode to 'tcp' on such systems
#ipc_mode: ipc
# Overwrite the default tcp ports used by the minion when ipc_mode is set to 'tcp'
#tcp_master_pub_port: 4510
#tcp_master_pull_port: 4511
# By default, the master AES key rotates every 24 hours. The next command
# following a key rotation will trigger a key refresh from the minion which may
# result in minions which do not respond to the first command after a key refresh.
@ -577,7 +585,7 @@
#external_nodes: None
# The renderer to use on the minions to render the state data
#renderer: yaml_jinja
#renderer: jinja|yaml
# Default Jinja environment options for all templates except sls templates
#jinja_env:
@ -587,8 +595,8 @@
# variable_end_string: '}}'
# comment_start_string: '{#'
# comment_end_string: '#}'
# line_statement_prefix:
# line_comment_prefix:
# line_statement_prefix:
# line_comment_prefix:
# trim_blocks: False
# lstrip_blocks: False
# newline_sequence: '\n'
@ -602,8 +610,8 @@
# variable_end_string: '}}'
# comment_start_string: '{#'
# comment_end_string: '#}'
# line_statement_prefix:
# line_comment_prefix:
# line_statement_prefix:
# line_comment_prefix:
# trim_blocks: False
# lstrip_blocks: False
# newline_sequence: '\n'
@ -1157,7 +1165,7 @@
#log_level: warning
# The level of messages to send to the log file.
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
# One of 'garbage', 'trace', 'debug', 'info', 'warning', 'error', 'critical'.
# If using 'log_granular_levels' this must be set to the highest desired level.
#log_level_logfile: warning

37
conf/minion
View File

@ -380,7 +380,7 @@
# process communications. Set ipc_mode to 'tcp' on such systems
#ipc_mode: ipc
# Overwrite the default tcp ports used by the minion when in tcp mode
# Overwrite the default tcp ports used by the minion when ipc_mode is set to 'tcp'
#tcp_pub_port: 4510
#tcp_pull_port: 4511
@ -389,6 +389,16 @@
# minion event bus. The value is expressed in bytes.
#max_event_size: 1048576
# When a minion starts up it sends a notification on the event bus with a tag
# that looks like this: `salt/minion/<minion_id>/start`. For historical reasons
# the minion also sends a similar event with an event tag like this:
# `minion_start`. This duplication can cause a lot of clutter on the event bus
# when there are many minions. Set `enable_legacy_startup_events: False` in the
# minion config to ensure only the `salt/minion/<minion_id>/start` events are
# sent. Beginning with the `Neon` Salt release this option will default to
# `False`
#enable_legacy_startup_events: True
# To detect failed master(s) and fire events on connect/disconnect, set
# master_alive_interval to the number of seconds to poll the masters for
# connection events.
@ -463,19 +473,18 @@
##### State Management Settings #####
###########################################
# The state management system executes all of the state templates on the minion
# to enable more granular control of system state management. The type of
# template and serialization used for state management needs to be configured
# on the minion, the default renderer is yaml_jinja. This is a yaml file
# rendered from a jinja template, the available options are:
# yaml_jinja
# yaml_mako
# yaml_wempy
# json_jinja
# json_mako
# json_wempy
# The default renderer to use in SLS files. This is configured as a
# pipe-delimited expression. For example, jinja|yaml will first run jinja
# templating on the SLS file, and then load the result as YAML. This syntax is
# documented in further depth at the following URL:
#
#renderer: yaml_jinja
# https://docs.saltstack.com/en/latest/ref/renderers/#composing-renderers
#
# NOTE: The "shebang" prefix (e.g. "#!jinja|yaml") described in the
# documentation linked above is for use in an SLS file to override the default
# renderer, it should not be used when configuring the renderer here.
#
#renderer: jinja|yaml
#
# The failhard option tells the minions to stop immediately after the first
# failure detected in the state execution. Defaults to False.
@ -720,7 +729,7 @@
#key_logfile: /var/log/salt/key
# The level of messages to send to the console.
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
# One of 'garbage', 'trace', 'debug', 'info', 'warning', 'error', 'critical'.
#
# The following log levels are considered INSECURE and may log sensitive data:
# ['garbage', 'trace', 'debug']

25
conf/proxy
View File

@ -356,19 +356,18 @@
##### State Management Settings #####
###########################################
# The state management system executes all of the state templates on the minion
# to enable more granular control of system state management. The type of
# template and serialization used for state management needs to be configured
# on the minion, the default renderer is yaml_jinja. This is a yaml file
# rendered from a jinja template, the available options are:
# yaml_jinja
# yaml_mako
# yaml_wempy
# json_jinja
# json_mako
# json_wempy
# The default renderer to use in SLS files. This is configured as a
# pipe-delimited expression. For example, jinja|yaml will first run jinja
# templating on the SLS file, and then load the result as YAML. This syntax is
# documented in further depth at the following URL:
#
#renderer: yaml_jinja
# https://docs.saltstack.com/en/latest/ref/renderers/#composing-renderers
#
# NOTE: The "shebang" prefix (e.g. "#!jinja|yaml") described in the
# documentation linked above is for use in an SLS file to override the default
# renderer, it should not be used when configuring the renderer here.
#
#renderer: jinja|yaml
#
# The failhard option tells the minions to stop immediately after the first
# failure detected in the state execution. Defaults to False.
@ -543,7 +542,7 @@
#key_logfile: /var/log/salt/key
# The level of messages to send to the console.
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
# One of 'garbage', 'trace', 'debug', 'info', 'warning', 'error', 'critical'.
#
# The following log levels are considered INSECURE and may log sensitive data:
# ['garbage', 'trace', 'debug']

2
conf/suse/master
View File

@ -1100,7 +1100,7 @@ syndic_user: salt
#key_logfile: /var/log/salt/key
# The level of messages to send to the console.
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
# One of 'garbage', 'trace', 'debug', 'info', 'warning', 'error', 'critical'.
#
# The following log levels are considered INSECURE and may log sensitive data:
# ['garbage', 'trace', 'debug']

BIN
doc/_themes/saltstack2/static/images/DOCBANNER.jpg vendored
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 438 KiB

After

Width:  |  Height:  |  Size: 240 KiB

BIN
doc/_themes/saltstack2/static/images/enterprise_ad.jpg vendored
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 739 KiB

After

Width:  |  Height:  |  Size: 109 KiB

25
doc/conf.py
View File

@ -46,6 +46,8 @@ class Mock(object):
data = self.__mapping.get(name)
elif name in ('__file__', '__path__'):
data = '/dev/null'
elif name == '__qualname__':
raise AttributeError("'Mock' object has no attribute '__qualname__'")
else:
data = Mock(mapping=self.__mapping)
return data
@ -158,6 +160,7 @@ MOCK_MODULES = [
'jnpr.junos.utils.sw',
'dns',
'dns.resolver',
'keyring',
'netaddr',
'netaddr.IPAddress',
'netaddr.core',
@ -199,6 +202,8 @@ def mock_decorator_with_params(*oargs, **okwargs):
# Define a fake version attribute for the following libs.
sys.modules['libcloud'].__version__ = '0.0.0'
sys.modules['msgpack'].version = (1, 0, 0)
sys.modules['psutil'].version_info = (3, 0, 0)
sys.modules['pymongo'].version = '0.0.0'
sys.modules['ntsecuritycon'].STANDARD_RIGHTS_REQUIRED = 0
sys.modules['ntsecuritycon'].SYNCHRONIZE = 0
@ -245,9 +250,9 @@ on_saltstack = 'SALT_ON_SALTSTACK' in os.environ
project = 'Salt'
version = salt.version.__version__
latest_release = '2017.7.2' # latest release
previous_release = '2016.11.8' # latest release from previous branch
previous_release_dir = '2016.11' # path on web server for previous branch
latest_release = '2018.3.0' # latest release
previous_release = '2017.7.5' # latest release from previous branch
previous_release_dir = '2017.7' # path on web server for previous branch
next_release = '' # next release
next_release_dir = '' # path on web server for next release branch
@ -318,6 +323,7 @@ rst_prolog = """\
.. _`salt-users`: https://groups.google.com/forum/#!forum/salt-users
.. _`salt-announce`: https://groups.google.com/forum/#!forum/salt-announce
.. _`salt-packagers`: https://groups.google.com/forum/#!forum/salt-packagers
.. _`salt-slack`: https://saltstackcommunity.herokuapp.com/
.. |windownload| raw:: html
<p>Python2 x86: <a
@ -336,10 +342,15 @@ rst_prolog = """\
| <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py3-AMD64-Setup.exe.md5"><strong>md5</strong></a></p>
.. |osxdownload| raw:: html
.. |osxdownloadpy2| raw:: html
<p>x86_64: <a href="https://repo.saltstack.com/osx/salt-{release}-x86_64.pkg"><strong>salt-{release}-x86_64.pkg</strong></a>
| <a href="https://repo.saltstack.com/osx/salt-{release}-x86_64.pkg.md5"><strong>md5</strong></a></p>
<p>x86_64: <a href="https://repo.saltstack.com/osx/salt-{release}-py2-x86_64.pkg"><strong>salt-{release}-py2-x86_64.pkg</strong></a>
| <a href="https://repo.saltstack.com/osx/salt-{release}-py2-x86_64.pkg.md5"><strong>md5</strong></a></p>
.. |osxdownloadpy3| raw:: html
<p>x86_64: <a href="https://repo.saltstack.com/osx/salt-{release}-py3-x86_64.pkg"><strong>salt-{release}-py3-x86_64.pkg</strong></a>
| <a href="https://repo.saltstack.com/osx/salt-{release}-py3-x86_64.pkg.md5"><strong>md5</strong></a></p>
""".format(release=release)
@ -360,7 +371,7 @@ gettext_compact = False
### HTML options
html_theme = 'saltstack2' #change to 'saltstack' to use previous theme
html_theme = os.environ.get('HTML_THEME', 'saltstack2') # set 'HTML_THEME=saltstack' to use previous theme
html_theme_path = ['_themes']
html_title = u''
html_short_title = 'Salt'

35
doc/faq.rst
View File

@ -254,17 +254,19 @@ specifying the pillar variable is the same one used for :py:func:`pillar.get
<salt.states.file.managed>` state is only supported in Salt 2015.8.4 and
newer.
.. _faq-restart-salt-minion:
What is the best way to restart a Salt Minion daemon using Salt after upgrade?
------------------------------------------------------------------------------
Updating the ``salt-minion`` package requires a restart of the ``salt-minion``
service. But restarting the service while in the middle of a state run
interrupts the process of the Minion running states and sending results back to
the Master. A common way to workaround that is to schedule restarting of the
Minion service using :ref:`masterless mode <masterless-quickstart>` after all
other states have been applied. This allows the minion to keep Minion to Master
connection alive for the Minion to report the final results to the Master, while
the service is restarting in the background.
the Master. A common way to workaround that is to schedule restarting the
Minion service in the background by issuing a ``salt-call`` command calling
``service.restart`` function. This prevents the Minion being disconnected from
the Master immediately. Otherwise you would get
``Minion did not return. [Not connected]`` message as the result of a state run.
Upgrade without automatic restart
*********************************
@ -328,7 +330,7 @@ The following example works on UNIX-like operating systems:
{%- if grains['os'] != 'Windows' %}
Restart Salt Minion:
cmd.run:
- name: 'salt-call --local service.restart salt-minion'
- name: 'salt-call service.restart salt-minion'
- bg: True
- onchanges:
- pkg: Upgrade Salt Minion
@ -348,9 +350,9 @@ as follows:
Restart Salt Minion:
cmd.run:
{%- if grains['kernel'] == 'Windows' %}
- name: 'C:\salt\salt-call.bat --local service.restart salt-minion'
- name: 'C:\salt\salt-call.bat service.restart salt-minion'
{%- else %}
- name: 'salt-call --local service.restart salt-minion'
- name: 'salt-call service.restart salt-minion'
{%- endif %}
- bg: True
- onchanges:
@ -358,7 +360,13 @@ as follows:
However, it requires more advanced tricks to upgrade from legacy version of
Salt (before ``2016.3.0``) on UNIX-like operating systems, where executing
commands in the background is not supported:
commands in the background is not supported. You also may need to schedule
restarting the Minion service using :ref:`masterless mode
<masterless-quickstart>` after all other states have been applied for Salt
versions earlier than ``2016.11.0``. This allows the Minion to keep the
connection to the Master alive for being able to report the final results back
to the Master, while the service is restarting in the background. This state
should run last or watch for the ``pkg`` state changes:
.. code-block:: jinja
@ -382,8 +390,8 @@ Restart the Minion from the command line:
.. code-block:: bash
salt -G kernel:Windows cmd.run_bg 'C:\salt\salt-call.bat --local service.restart salt-minion'
salt -C 'not G@kernel:Windows' cmd.run_bg 'salt-call --local service.restart salt-minion'
salt -G kernel:Windows cmd.run_bg 'C:\salt\salt-call.bat service.restart salt-minion'
salt -C 'not G@kernel:Windows' cmd.run_bg 'salt-call service.restart salt-minion'
Salting the Salt Master
-----------------------
@ -409,6 +417,10 @@ for salt itself:
https://github.com/saltstack-formulas/salt-formula
Restarting the ``salt-master`` service using execution module or application of
state could be done the same way as for the Salt minion described :ref:`above
<faq-restart-salt-minion>`.
.. _faq-grain-security:
Is Targeting using Grain Data Secure?
@ -443,4 +455,3 @@ the grain and values that you want to change / set.)
You should also `file an issue <https://github.com/saltstack/salt/issues>`_
describing the change so it can be fixed in Salt.

4
doc/glossary.rst
View File

@ -83,8 +83,8 @@ Glossary
to the system. State module functions should be idempotent. Some
state module functions, such as :mod:`cmd.run <salt.states.cmd.run>`
are not idempotent by default but can be made idempotent with the
proper use of requisites such as :ref:```unless`` <unless-requisite>`
and :ref:```onlyif`` <onlyif-requisite>`. For more information, *see*
proper use of requisites such as :ref:`unless <unless-requisite>`
and :ref:`onlyif <onlyif-requisite>`. For more information, *see*
`wikipedia <https://en.wikipedia.org/wiki/Idempotent>`_.
Jinja

10
doc/man/salt-api.1
View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SALT-API" "1" "October 31, 2016" "2016.11.0" "Salt"
.TH "SALT-API" "1" "Feb 23, 2018" "2018.3.0" "Salt"
.SH NAME
salt-api \- salt-api Command
.
@ -103,12 +103,10 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
.UNINDENT
.SH SEE ALSO
.sp
\fIsalt\-api(7)\fP
\fIsalt(7)\fP
\fIsalt\-master(1)\fP
\fBsalt\-api(7)\fP
\fBsalt(7)\fP
\fBsalt\-master(1)\fP
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2016 SaltStack, Inc.
.\" Generated by docutils manpage writer.
.

28
doc/man/salt-call.1
View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SALT-CALL" "1" "October 31, 2016" "2016.11.0" "Salt"
.TH "SALT-CALL" "1" "Feb 23, 2018" "2018.3.0" "Salt"
.SH NAME
salt-call \- salt-call Documentation
.
@ -227,6 +227,11 @@ Write the output to the specified file.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-out\-file\-append, \-\-output\-file\-append
Append the output to the specified file.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-no\-color
Disable all colored output
.UNINDENT
@ -245,14 +250,25 @@ changes and success and \fByellow\fP denotes a expected future change in configu
.UNINDENT
.UNINDENT
.UNINDENT
.INDENT 0.0
.TP
.B \-\-state\-output=STATE_OUTPUT, \-\-state_output=STATE_OUTPUT
Override the configured state_output value for minion
output. One of \(aqfull\(aq, \(aqterse\(aq, \(aqmixed\(aq, \(aqchanges\(aq or
\(aqfilter\(aq. Default: \(aqnone\(aq.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-state\-verbose=STATE_VERBOSE, \-\-state_verbose=STATE_VERBOSE
Override the configured state_verbose value for minion
output. Set to True or False. Default: none.
.UNINDENT
.SH SEE ALSO
.sp
\fIsalt(1)\fP
\fIsalt\-master(1)\fP
\fIsalt\-minion(1)\fP
\fBsalt(1)\fP
\fBsalt\-master(1)\fP
\fBsalt\-minion(1)\fP
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2016 SaltStack, Inc.
.\" Generated by docutils manpage writer.
.

32
doc/man/salt-cloud.1
View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SALT-CLOUD" "1" "October 31, 2016" "2016.11.0" "Salt"
.TH "SALT-CLOUD" "1" "Feb 23, 2018" "2018.3.0" "Salt"
.SH NAME
salt-cloud \- Salt Cloud Command
.
@ -197,7 +197,7 @@ New in version 2014.7.0.
.sp
Display a list of configured profiles. Pass in a cloud provider to view
the provider\(aqs associated profiles, such as \fBdigital_ocean\fP, or pass in
the provider\(aqs associated profiles, such as \fBdigitalocean\fP, or pass in
\fBall\fP to list all the configured profiles.
.UNINDENT
.SS Cloud Providers Listings
@ -276,6 +276,11 @@ Write the output to the specified file.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-out\-file\-append, \-\-output\-file\-append
Append the output to the specified file.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-no\-color
Disable all colored output
.UNINDENT
@ -294,6 +299,19 @@ changes and success and \fByellow\fP denotes a expected future change in configu
.UNINDENT
.UNINDENT
.UNINDENT
.INDENT 0.0
.TP
.B \-\-state\-output=STATE_OUTPUT, \-\-state_output=STATE_OUTPUT
Override the configured state_output value for minion
output. One of \(aqfull\(aq, \(aqterse\(aq, \(aqmixed\(aq, \(aqchanges\(aq or
\(aqfilter\(aq. Default: \(aqnone\(aq.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-state\-verbose=STATE_VERBOSE, \-\-state_verbose=STATE_VERBOSE
Override the configured state_verbose value for minion
output. Set to True or False. Default: none.
.UNINDENT
.SH EXAMPLES
.sp
To create 4 VMs named web1, web2, db1, and db2 from specified profiles:
@ -369,13 +387,11 @@ salt\-cloud \-m /path/to/cloud.map \-Q
.UNINDENT
.SH SEE ALSO
.sp
\fIsalt\-cloud(7)\fP
\fIsalt(7)\fP
\fIsalt\-master(1)\fP
\fIsalt\-minion(1)\fP
\fBsalt\-cloud(7)\fP
\fBsalt(7)\fP
\fBsalt\-master(1)\fP
\fBsalt\-minion(1)\fP
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2016 SaltStack, Inc.
.\" Generated by docutils manpage writer.
.

72
doc/man/salt-cp.1
View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SALT-CP" "1" "October 31, 2016" "2016.11.0" "Salt"
.TH "SALT-CP" "1" "Feb 23, 2018" "2018.3.0" "Salt"
.SH NAME
salt-cp \- salt-cp Documentation
.
@ -31,34 +31,55 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.sp
Copy a file to a set of systems
Copy a file or files to one or more minions
.SH SYNOPSIS
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
salt\-cp \(aq*\(aq [ options ] SOURCE DEST
salt\-cp \(aq*\(aq [ options ] SOURCE [SOURCE2 SOURCE3 ...] DEST
salt\-cp \-E \(aq.*\(aq [ options ] SOURCE DEST
salt\-cp \-E \(aq.*\(aq [ options ] SOURCE [SOURCE2 SOURCE3 ...] DEST
salt\-cp \-G \(aqos:Arch.*\(aq [ options ] SOURCE DEST
salt\-cp \-G \(aqos:Arch.*\(aq [ options ] SOURCE [SOURCE2 SOURCE3 ...] DEST
.ft P
.fi
.UNINDENT
.UNINDENT
.SH DESCRIPTION
.sp
Salt copy copies a local file out to all of the Salt minions matched by the
given target.
salt\-cp copies files from the master to all of the Salt minions matched by the
specified target expression.
.sp
Salt copy is only intended for use with small files (< 100KB). If you need
to copy large files out to minions please use the cp.get_file function.
.sp
Note: salt\-cp uses salt\(aqs publishing mechanism. This means the privacy of the
\fBNOTE:\fP
.INDENT 0.0
.INDENT 3.5
salt\-cp uses Salt\(aqs publishing mechanism. This means the privacy of the
contents of the file on the wire is completely dependent upon the transport
in use. In addition, if the salt\-master is running with debug logging it is
possible that the contents of the file will be logged to disk.
in use. In addition, if the master or minion is running with debug logging,
the contents of the file will be logged to disk.
.sp
In addition, this tool is less efficient than the Salt fileserver when
copying larger files. It is recommended to instead use
\fBcp.get_file\fP to copy larger files to
minions. However, this requires the file to be located within one of the
fileserver directories.
.UNINDENT
.UNINDENT
.sp
Changed in version 2016.3.7,2016.11.6,2017.7.0: Compression support added, disable with \fB\-n\fP\&. Also, if the destination
path ends in a path separator (i.e. \fB/\fP, or \fB\e\fP on Windows, the
desitination will be assumed to be a directory. Finally, recursion is now
supported, allowing for entire directories to be copied.
.sp
Changed in version 2016.11.7,2017.7.2: Reverted back to the old copy mode to preserve backward compatibility. The
new functionality added in 2016.6.6 and 2017.7.0 is now available using the
\fB\-C\fP or \fB\-\-chunked\fP CLI arguments. Note that compression, recursive
copying, and support for copying large files is only available in chunked
mode.
.SH OPTIONS
.INDENT 0.0
.TP
@ -160,15 +181,30 @@ to identify targets. Range expressions look like %cluster.
Using the Range option requires that a range server is set up and the
location of the range server is referenced in the master configuration
file.
.UNINDENT
.INDENT 0.0
.TP
.B \-C, \-\-chunked
Use new chunked mode to copy files. This mode supports large files, recursive
directories copying and compression.
.sp
New in version 2016.11.7,2017.7.2.
.UNINDENT
.INDENT 0.0
.TP
.B \-n, \-\-no\-compression
Disable gzip compression in chunked mode.
.sp
New in version 2016.3.7,2016.11.6,2017.7.0.
.UNINDENT
.SH SEE ALSO
.sp
\fIsalt(1)\fP
\fIsalt\-master(1)\fP
\fIsalt\-minion(1)\fP
\fBsalt(1)\fP
\fBsalt\-master(1)\fP
\fBsalt\-minion(1)\fP
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2016 SaltStack, Inc.
.\" Generated by docutils manpage writer.
.

28
doc/man/salt-key.1
View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SALT-KEY" "1" "October 31, 2016" "2016.11.0" "Salt"
.TH "SALT-KEY" "1" "Feb 23, 2018" "2018.3.0" "Salt"
.SH NAME
salt-key \- salt-key Documentation
.
@ -182,6 +182,11 @@ Write the output to the specified file.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-out\-file\-append, \-\-output\-file\-append
Append the output to the specified file.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-no\-color
Disable all colored output
.UNINDENT
@ -200,6 +205,19 @@ changes and success and \fByellow\fP denotes a expected future change in configu
.UNINDENT
.UNINDENT
.UNINDENT
.INDENT 0.0
.TP
.B \-\-state\-output=STATE_OUTPUT, \-\-state_output=STATE_OUTPUT
Override the configured state_output value for minion
output. One of \(aqfull\(aq, \(aqterse\(aq, \(aqmixed\(aq, \(aqchanges\(aq or
\(aqfilter\(aq. Default: \(aqnone\(aq.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-state\-verbose=STATE_VERBOSE, \-\-state_verbose=STATE_VERBOSE
Override the configured state_verbose value for minion
output. Set to True or False. Default: none.
.UNINDENT
.SS Actions
.INDENT 0.0
.TP
@ -322,12 +340,10 @@ Auto\-create a signing key\-pair if it does not yet exist
.UNINDENT
.SH SEE ALSO
.sp
\fIsalt(7)\fP
\fIsalt\-master(1)\fP
\fIsalt\-minion(1)\fP
\fBsalt(7)\fP
\fBsalt\-master(1)\fP
\fBsalt\-minion(1)\fP
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2016 SaltStack, Inc.
.\" Generated by docutils manpage writer.
.

10
doc/man/salt-master.1
View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SALT-MASTER" "1" "October 31, 2016" "2016.11.0" "Salt"
.TH "SALT-MASTER" "1" "Feb 23, 2018" "2018.3.0" "Salt"
.SH NAME
salt-master \- salt-master Documentation
.
@ -108,12 +108,10 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
.UNINDENT
.SH SEE ALSO
.sp
\fIsalt(1)\fP
\fIsalt(7)\fP
\fIsalt\-minion(1)\fP
\fBsalt(1)\fP
\fBsalt(7)\fP
\fBsalt\-minion(1)\fP
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2016 SaltStack, Inc.
.\" Generated by docutils manpage writer.
.

10
doc/man/salt-minion.1
View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SALT-MINION" "1" "October 31, 2016" "2016.11.0" "Salt"
.TH "SALT-MINION" "1" "Feb 23, 2018" "2018.3.0" "Salt"
.SH NAME
salt-minion \- salt-minion Documentation
.
@ -109,12 +109,10 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
.UNINDENT
.SH SEE ALSO
.sp
\fIsalt(1)\fP
\fIsalt(7)\fP
\fIsalt\-master(1)\fP
\fBsalt(1)\fP
\fBsalt(7)\fP
\fBsalt\-master(1)\fP
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2016 SaltStack, Inc.
.\" Generated by docutils manpage writer.
.

12
doc/man/salt-proxy.1
View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SALT-PROXY" "1" "October 31, 2016" "2016.11.0" "Salt"
.TH "SALT-PROXY" "1" "Feb 23, 2018" "2018.3.0" "Salt"
.SH NAME
salt-proxy \- salt-proxy Documentation
.
@ -116,13 +116,11 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
.UNINDENT
.SH SEE ALSO
.sp
\fIsalt(1)\fP
\fIsalt(7)\fP
\fIsalt\-master(1)\fP
\fIsalt\-minion(1)\fP
\fBsalt(1)\fP
\fBsalt(7)\fP
\fBsalt\-master(1)\fP
\fBsalt\-minion(1)\fP
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2016 SaltStack, Inc.
.\" Generated by docutils manpage writer.
.

10
doc/man/salt-run.1
View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SALT-RUN" "1" "October 31, 2016" "2016.11.0" "Salt"
.TH "SALT-RUN" "1" "Feb 23, 2018" "2018.3.0" "Salt"
.SH NAME
salt-run \- salt-run Documentation
.
@ -114,12 +114,10 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
.UNINDENT
.SH SEE ALSO
.sp
\fIsalt(1)\fP
\fIsalt\-master(1)\fP
\fIsalt\-minion(1)\fP
\fBsalt(1)\fP
\fBsalt\-master(1)\fP
\fBsalt\-minion(1)\fP
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2016 SaltStack, Inc.
.\" Generated by docutils manpage writer.
.

184
doc/man/salt-ssh.1
View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SALT-SSH" "1" "October 31, 2016" "2016.11.0" "Salt"
.TH "SALT-SSH" "1" "Feb 23, 2018" "2018.3.0" "Salt"
.SH NAME
salt-ssh \- salt-ssh Documentation
.
@ -49,13 +49,35 @@ Salt SSH allows for salt routines to be executed using only SSH for transport
.SH OPTIONS
.INDENT 0.0
.TP
.B \-r, \-\-raw, \-\-raw\-shell
Execute a raw shell command.
.B \-\-version
Print the version of Salt that is running.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-priv
Specify the SSH private key file to be used for authentication.
.B \-\-versions\-report
Show program\(aqs dependencies and version number, and then exit
.UNINDENT
.INDENT 0.0
.TP
.B \-h, \-\-help
Show the help message and exit
.UNINDENT
.INDENT 0.0
.TP
.B \-c CONFIG_DIR, \-\-config\-dir=CONFIG_dir
The location of the Salt configuration directory. This directory contains
the configuration files for Salt master and minions. The default location
on most systems is \fB/etc/salt\fP\&.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-hard\-crash
Raise any original exception rather than exiting gracefully. Default: False.
.UNINDENT
.INDENT 0.0
.TP
.B \-r, \-\-raw, \-\-raw\-shell
Execute a raw shell command.
.UNINDENT
.INDENT 0.0
.TP
@ -90,9 +112,74 @@ is 25.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-extra\-filerefs=EXTRA_FILEREFS
Pass in extra files to include in the state tarball.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-min\-extra\-modules=MIN_EXTRA_MODS
One or comma\-separated list of extra Python modulesto be included
into Minimal Salt.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-thin\-extra\-modules=THIN_EXTRA_MODS
One or comma\-separated list of extra Python modulesto be included
into Thin Salt.
.UNINDENT
.INDENT 0.0
.TP
.B \-v, \-\-verbose
Turn on command verbosity, display jid.
.UNINDENT
.INDENT 0.0
.TP
.B \-s, \-\-static
Return the data from minions as a group after they all return.
.UNINDENT
.INDENT 0.0
.TP
.B \-w, \-\-wipe
Remove the deployment of the salt files when done executing.
.UNINDENT
.INDENT 0.0
.TP
.B \-W, \-\-rand\-thin\-dir
Select a random temp dir to deploy on the remote system. The dir
will be cleaned after the execution.
.UNINDENT
.INDENT 0.0
.TP
.B \-t, \-\-regen\-thin, \-\-thin
Trigger a thin tarball regeneration. This is needed if custom
grains/modules/states have been added or updated.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-python2\-bin=PYTHON2_BIN
Path to a python2 binary which has salt installed.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-python3\-bin=PYTHON3_BIN
Path to a python3 binary which has salt installed.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-jid=JID
Pass a JID to be used instead of generating one.
.UNINDENT
.SS Authentication Options
.INDENT 0.0
.TP
.B \-\-priv=SSH_PRIV
Specify the SSH private key file to be used for authentication.
.UNINDENT
.INDENT 0.0
.TP
.B \-i, \-\-ignore\-host\-keys
Disables StrictHostKeyChecking to relax acceptance of new and unknown
host keys.
By default ssh host keys are honored and connections will ask for
approval. Use this option to disable StrictHostKeyChecking.
.UNINDENT
.INDENT 0.0
.TP
@ -103,11 +190,22 @@ changed and would still error with \-\-ignore\-host\-keys.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-user=SSH_USER
Set the default user to attempt to use when authenticating.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-passwd
Set the default password to attempt to use when authenticating.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-askpass
Interactively ask for the SSH password with no echo \- avoids password
in process args and stored in history.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-key\-deploy
Set this flag to attempt to deploy the authorized ssh key with all
minions. This combined with \-\-passwd can make initial deployment of keys
@ -115,35 +213,25 @@ very fast and easy.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-version
Print the version of Salt that is running.
.B \-\-identities\-only
Use the only authentication identity files configured in the ssh_config
files. See IdentitiesOnly flag in man ssh_config.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-versions\-report
Show program\(aqs dependencies and version number, and then exit
.B \-\-sudo
Run command via sudo.
.UNINDENT
.SS Scan Roster Options
.INDENT 0.0
.TP
.B \-\-scan\-ports=SSH_SCAN_PORTS
Comma\-separated list of ports to scan in the scan roster.
.UNINDENT
.INDENT 0.0
.TP
.B \-h, \-\-help
Show the help message and exit
.UNINDENT
.INDENT 0.0
.TP
.B \-c CONFIG_DIR, \-\-config\-dir=CONFIG_dir
The location of the Salt configuration directory. This directory contains
the configuration files for Salt master and minions. The default location
on most systems is \fB/etc/salt\fP\&.
.UNINDENT
.SS Target Selection
.sp
The default matching that Salt utilizes is shell\-style globbing around the
minion id. See \fI\%https://docs.python.org/2/library/fnmatch.html#module\-fnmatch\fP\&.
.INDENT 0.0
.TP
.B \-E, \-\-pcre
The target expression will be interpreted as a PCRE regular expression
rather than a shell glob.
.B \-\-scan\-timeout=SSH_SCAN_TIMEOUT
Scanning socket timeout for the scan roster.
.UNINDENT
.SS Logging Options
.sp
@ -167,6 +255,16 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
\fBdebug\fP, \fBinfo\fP, \fBwarning\fP, \fBerror\fP, \fBquiet\fP\&. Default:
\fBwarning\fP\&.
.UNINDENT
.SS Target Selection
.sp
The default matching that Salt utilizes is shell\-style globbing around the
minion id. See \fI\%https://docs.python.org/2/library/fnmatch.html#module\-fnmatch\fP\&.
.INDENT 0.0
.TP
.B \-E, \-\-pcre
The target expression will be interpreted as a PCRE regular expression
rather than a shell glob.
.UNINDENT
.SS Output Options
.INDENT 0.0
.TP
@ -212,6 +310,11 @@ Write the output to the specified file.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-out\-file\-append, \-\-output\-file\-append
Append the output to the specified file.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-no\-color
Disable all colored output
.UNINDENT
@ -230,14 +333,25 @@ changes and success and \fByellow\fP denotes a expected future change in configu
.UNINDENT
.UNINDENT
.UNINDENT
.INDENT 0.0
.TP
.B \-\-state\-output=STATE_OUTPUT, \-\-state_output=STATE_OUTPUT
Override the configured state_output value for minion
output. One of \(aqfull\(aq, \(aqterse\(aq, \(aqmixed\(aq, \(aqchanges\(aq or
\(aqfilter\(aq. Default: \(aqnone\(aq.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-state\-verbose=STATE_VERBOSE, \-\-state_verbose=STATE_VERBOSE
Override the configured state_verbose value for minion
output. Set to True or False. Default: none.
.UNINDENT
.SH SEE ALSO
.sp
\fIsalt(7)\fP
\fIsalt\-master(1)\fP
\fIsalt\-minion(1)\fP
\fBsalt(7)\fP
\fBsalt\-master(1)\fP
\fBsalt\-minion(1)\fP
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2016 SaltStack, Inc.
.\" Generated by docutils manpage writer.
.

10
doc/man/salt-syndic.1
View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SALT-SYNDIC" "1" "October 31, 2016" "2016.11.0" "Salt"
.TH "SALT-SYNDIC" "1" "Feb 23, 2018" "2018.3.0" "Salt"
.SH NAME
salt-syndic \- salt-syndic Documentation
.
@ -110,12 +110,10 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
.UNINDENT
.SH SEE ALSO
.sp
\fIsalt(1)\fP
\fIsalt\-master(1)\fP
\fIsalt\-minion(1)\fP
\fBsalt(1)\fP
\fBsalt\-master(1)\fP
\fBsalt\-minion(1)\fP
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2016 SaltStack, Inc.
.\" Generated by docutils manpage writer.
.

26
doc/man/salt-unity.1
View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SALT-UNITY" "1" "October 31, 2016" "2016.11.0" "Salt"
.TH "SALT-UNITY" "1" "Feb 23, 2018" "2018.3.0" "Salt"
.SH NAME
salt-unity \- salt-unity Command
.
@ -50,20 +50,18 @@ invokes that script.
.SH OPTIONS
.SH SEE ALSO
.sp
\fIsalt\-api(1)\fP
\fIsalt\-call(1)\fP
\fIsalt\-cloud(1)\fP
\fIsalt\-cp(1)\fP
\fIsalt\-key(1)\fP
\fIsalt\-main(1)\fP
\fIsalt\-master(1)\fP
\fIsalt\-minion(1)\fP
\fIsalt\-run(1)\fP
\fIsalt\-ssh(1)\fP
\fIsalt\-syndic(1)\fP
\fBsalt\-api(1)\fP
\fBsalt\-call(1)\fP
\fBsalt\-cloud(1)\fP
\fBsalt\-cp(1)\fP
\fBsalt\-key(1)\fP
\fBsalt\-main(1)\fP
\fBsalt\-master(1)\fP
\fBsalt\-minion(1)\fP
\fBsalt\-run(1)\fP
\fBsalt\-ssh(1)\fP
\fBsalt\-syndic(1)\fP
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2016 SaltStack, Inc.
.\" Generated by docutils manpage writer.
.

30
doc/man/salt.1
View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SALT" "1" "October 31, 2016" "2016.11.0" "Salt"
.TH "SALT" "1" "Feb 23, 2018" "2018.3.0" "Salt"
.SH NAME
salt \- salt
.
@ -135,7 +135,7 @@ minions to execute on.
.B \-a EAUTH, \-\-auth=EAUTH
Pass in an external authentication medium to validate against. The
credentials will be prompted for. The options are \fIauto\fP,
\fIkeystone\fP, \fIldap\fP, \fIpam\fP, and \fIstormpath\fP\&. Can be used with the \-T
\fIkeystone\fP, \fIldap\fP, and \fIpam\fP\&. Can be used with the \-T
option.
.UNINDENT
.INDENT 0.0
@ -306,6 +306,11 @@ Write the output to the specified file.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-out\-file\-append, \-\-output\-file\-append
Append the output to the specified file.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-no\-color
Disable all colored output
.UNINDENT
@ -324,14 +329,25 @@ changes and success and \fByellow\fP denotes a expected future change in configu
.UNINDENT
.UNINDENT
.UNINDENT
.INDENT 0.0
.TP
.B \-\-state\-output=STATE_OUTPUT, \-\-state_output=STATE_OUTPUT
Override the configured state_output value for minion
output. One of \(aqfull\(aq, \(aqterse\(aq, \(aqmixed\(aq, \(aqchanges\(aq or
\(aqfilter\(aq. Default: \(aqnone\(aq.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-state\-verbose=STATE_VERBOSE, \-\-state_verbose=STATE_VERBOSE
Override the configured state_verbose value for minion
output. Set to True or False. Default: none.
.UNINDENT
.SH SEE ALSO
.sp
\fIsalt(7)\fP
\fIsalt\-master(1)\fP
\fIsalt\-minion(1)\fP
\fBsalt(7)\fP
\fBsalt\-master(1)\fP
\fBsalt\-minion(1)\fP
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2016 SaltStack, Inc.
.\" Generated by docutils manpage writer.
.

174524
doc/man/salt.7
View File

File diff suppressed because it is too large Load Diff

10
doc/man/spm.1
View File

@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SPM" "1" "October 31, 2016" "2016.11.0" "Salt"
.TH "SPM" "1" "Feb 23, 2018" "2018.3.0" "Salt"
.SH NAME
spm \- Salt Package Manager Command
.
@ -132,12 +132,10 @@ in that directory which describes them.
.UNINDENT
.SH SEE ALSO
.sp
\fIsalt(1)\fP
\fIsalt\-master(1)\fP
\fIsalt\-minion(1)\fP
\fBsalt(1)\fP
\fBsalt\-master(1)\fP
\fBsalt\-minion(1)\fP
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2016 SaltStack, Inc.
.\" Generated by docutils manpage writer.
.

1
doc/ref/auth/all/index.rst
View File

@ -12,6 +12,7 @@ auth modules
auto
django
file
keystone
ldap
mysql

6
doc/ref/clouds/all/index.rst
View File

@ -1,8 +1,8 @@
.. _all-salt.clouds:
===============================
Full list of Salt Cloud modules
===============================
=============
cloud modules
=============
.. currentmodule:: salt.cloud.clouds

126
doc/ref/configuration/master.rst
View File

@ -551,7 +551,7 @@ Default: ``0``
Memcache is an additional cache layer that keeps a limited amount of data
fetched from the minion data cache for a limited period of time in memory that
makes cache operations faster. It doesn't make much sence for the ``localfs``
makes cache operations faster. It doesn't make much sense for the ``localfs``
cache driver but helps for more complex drivers like ``consul``.
This option sets the memcache items expiration time. By default is set to ``0``
@ -1044,6 +1044,40 @@ cache events are fired when a minion requests a minion data cache refresh.
minion_data_cache_events: True
.. conf_master:: http_connect_timeout
``http_connect_timeout``
------------------------
.. versionadded:: Fluorine
Default: ``20``
HTTP connection timeout in seconds.
Applied when fetching files using tornado back-end.
Should be greater than overall download time.
.. code-block:: yaml
http_connect_timeout: 20
.. conf_master:: http_request_timeout
``http_request_timeout``
------------------------
.. versionadded:: 2015.8.0
Default: ``3600``
HTTP request timeout in seconds.
Applied when fetching files using tornado back-end.
Should be greater than overall download time.
.. code-block:: yaml
http_request_timeout: 3600
.. _salt-ssh-configuration:
Salt-SSH Configuration
@ -1364,7 +1398,7 @@ comparison, then by globbing, then by full-string regex matching.
This should still be considered a less than secure option, due to the fact
that trust is based on just the requesting minion id.
.. versionchanged:: Oxygen
.. versionchanged:: 2018.3.0
For security reasons the file must be readonly except for it's owner.
If :conf_master:`permissive_pki_access` is ``True`` the owning group can also
have write access, but if Salt is running as ``root`` it must be a member of that group.
@ -1389,7 +1423,7 @@ membership in the :conf_master:`autosign_file` and the
``autosign_grains_dir``
-----------------------
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
Default: ``not defined``
@ -1404,7 +1438,7 @@ This should still be considered a less than secure option, due to the fact
that trust is based on just the requesting minion.
Please see the :ref:`Autoaccept Minions from Grains <tutorial-autoaccept-grains>`
documentation for more infomation.
documentation for more information.
.. code-block:: yaml
@ -1886,7 +1920,7 @@ Set additional directories to search for runner modules.
``utils_dirs``
---------------
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
Default: ``[]``
@ -2066,13 +2100,13 @@ are enabled and available!
``renderer``
------------
Default: ``yaml_jinja``
Default: ``jinja|yaml``
The renderer to use on the minions to render the state data.
.. code-block:: yaml
renderer: yaml_jinja
renderer: jinja|json
.. conf_master:: userdata_template
@ -2096,7 +2130,7 @@ the cloud profile or master config file, no templating will be performed.
``jinja_env``
-------------
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
Default: ``{}``
@ -2132,7 +2166,7 @@ The default options are:
``jinja_sls_env``
-----------------
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
Default: ``{}``
@ -2178,7 +2212,7 @@ This allows the following more convenient syntax to be used:
# (this comment remains in the rendered template)
## ensure all the formula services are running
% for service in formula_services:
enable_service_{{ serivce }}:
enable_service_{{ service }}:
service.running:
name: {{ service }}
% endfor
@ -2202,7 +2236,7 @@ be used if you had not set the line_statement and line_comment options:
``jinja_trim_blocks``
---------------------
.. deprecated:: Oxygen
.. deprecated:: 2018.3.0
Replaced by :conf_master:`jinja_env` and :conf_master:`jinja_sls_env`
.. versionadded:: 2014.1.0
@ -2222,7 +2256,7 @@ to the Jinja environment init variable ``trim_blocks``.
``jinja_lstrip_blocks``
-----------------------
.. deprecated:: Oxygen
.. deprecated:: 2018.3.0
Replaced by :conf_master:`jinja_env` and :conf_master:`jinja_sls_env`
.. versionadded:: 2014.1.0
@ -2470,8 +2504,9 @@ on a large number of minions.
.. note::
Rather than altering this configuration parameter, it may be advisable to
use the :mod:`fileserver.clear_list_cache
<salt.runners.fileserver.clear_list_cache>` runner to clear these caches.
use the :mod:`fileserver.clear_file_list_cache
<salt.runners.fileserver.clear_file_list_cache>` runner to clear these
caches.
.. code-block:: yaml
@ -2631,7 +2666,7 @@ Example:
``roots_update_interval``
*************************
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
Default: ``60``
@ -2818,7 +2853,7 @@ gitfs remotes.
``gitfs_disable_saltenv_mapping``
*********************************
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
Default: ``False``
@ -2841,7 +2876,7 @@ parameters <gitfs-per-saltenv-config>`.
``gitfs_ref_types``
*******************
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
Default: ``['branch', 'tag', 'sha']``
@ -2873,7 +2908,7 @@ are mapped as saltenvs:
***************************
.. versionadded:: 2014.7.0
.. versionchanged:: Oxygen
.. versionchanged:: 2018.3.0
Renamed from ``gitfs_env_whitelist`` to ``gitfs_saltenv_whitelist``
Default: ``[]``
@ -2896,7 +2931,7 @@ information can be found in the :ref:`GitFS Walkthrough
***************************
.. versionadded:: 2014.7.0
.. versionchanged:: Oxygen
.. versionchanged:: 2018.3.0
Renamed from ``gitfs_env_blacklist`` to ``gitfs_saltenv_blacklist``
Default: ``[]``
@ -2948,7 +2983,7 @@ they were created by a different master.
``gitfs_update_interval``
*************************
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
Default: ``60``
@ -3263,7 +3298,7 @@ bookmark should be used as the ``base`` environment.
**************************
.. versionadded:: 2014.7.0
.. versionchanged:: Oxygen
.. versionchanged:: 2018.3.0
Renamed from ``hgfs_env_whitelist`` to ``hgfs_saltenv_whitelist``
Default: ``[]``
@ -3293,7 +3328,7 @@ blacklist will be exposed as fileserver environments.
**************************
.. versionadded:: 2014.7.0
.. versionchanged:: Oxygen
.. versionchanged:: 2018.3.0
Renamed from ``hgfs_env_blacklist`` to ``hgfs_saltenv_blacklist``
Default: ``[]``
@ -3322,7 +3357,7 @@ blacklist will be exposed as fileserver environments.
``hgfs_update_interval``
************************
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
Default: ``60``
@ -3490,7 +3525,7 @@ also be configured on a per-remote basis, see :conf_master:`here
***************************
.. versionadded:: 2014.7.0
.. versionchanged:: Oxygen
.. versionchanged:: 2018.3.0
Renamed from ``svnfs_env_whitelist`` to ``svnfs_saltenv_whitelist``
Default: ``[]``
@ -3520,7 +3555,7 @@ will be exposed as fileserver environments.
***************************
.. versionadded:: 2014.7.0
.. versionchanged:: Oxygen
.. versionchanged:: 2018.3.0
Renamed from ``svnfs_env_blacklist`` to ``svnfs_saltenv_blacklist``
Default: ``[]``
@ -3549,7 +3584,7 @@ will be exposed as fileserver environments.
``svnfs_update_interval``
*************************
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
Default: ``60``
@ -3655,7 +3690,7 @@ exposed.
``minionfs_update_interval``
****************************
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
Default: ``60``
@ -3684,7 +3719,7 @@ examples.
``azurefs_update_interval``
***************************
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
Default: ``60``
@ -3706,7 +3741,7 @@ See the :mod:`s3fs documentation <salt.fileserver.s3fs>` for usage examples.
``s3fs_update_interval``
************************
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
Default: ``60``
@ -4465,6 +4500,11 @@ strategy between different sources. It accepts 5 values:
Guesses the best strategy based on the "renderer" setting.
.. note::
In order for yamlex based features such as ``!aggregate`` to work as expected
across documents using the default ``smart`` merge strategy, the :conf_master:`renderer`
config option must be set to ``jinja|yamlex`` or similar.
.. conf_master:: pillar_merge_lists
``pillar_merge_lists``
@ -4480,6 +4520,25 @@ Recursively merge lists by aggregating them instead of replacing them.
pillar_merge_lists: False
.. conf_master:: pillar_includes_override_sls
``pillar_includes_override_sls``
********************************
.. versionadded:: 2017.7.6,2018.3.1
Default: ``False``
Prior to version 2017.7.3, keys from :ref:`pillar includes <pillar-include>`
would be merged on top of the pillar SLS. Since 2017.7.3, the includes are
merged together and then the pillar SLS is merged on top of that.
Set this option to ``True`` to return to the old behavior.
.. code-block:: yaml
pillar_includes_override_sls: True
.. _pillar-cache-opts:
Pillar Cache Options
@ -5304,11 +5363,10 @@ branch/tag.
winrepo_branch: winrepo
ext_pillar:
- git:
- https://mygitserver/winrepo1.git
- https://mygitserver/winrepo2.git:
- foo https://mygitserver/winrepo3.git
winrepo_remotes:
- https://mygitserver/winrepo1.git
- https://mygitserver/winrepo2.git:
- foo https://mygitserver/winrepo3.git
.. conf_master:: winrepo_ssl_verify

111
doc/ref/configuration/minion.rst
View File

@ -138,7 +138,7 @@ name) is set in the :conf_minion:`master` configuration setting.
``master_tops_first``
---------------------
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
Default: ``False``
@ -208,6 +208,28 @@ minion event bus. The value is expressed in bytes.
max_event_size: 1048576
.. conf_minion:: enable_legacy_startup_events
``enable_legacy_startup_events``
--------------------------------
.. versionadded:: Fluorine
Default: ``True``
When a minion starts up it sends a notification on the event bus with a tag
that looks like this: `salt/minion/<minion_id>/start`. For historical reasons
the minion also sends a similar event with an event tag like this:
`minion_start`. This duplication can cause a lot of clutter on the event bus
when there are many minions. Set `enable_legacy_startup_events: False` in the
minion config to ensure only the `salt/minion/<minion_id>/start` events are
sent. Beginning with the `Neon` Salt release this option will default to
`False`
.. code-block:: yaml
enable_legacy_startup_events: True
.. conf_minion:: master_failback
``master_failback``
@ -340,7 +362,7 @@ option on the Salt master.
``source_interface_name``
-------------------------
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
The name of the interface to use when establishing the connection to the Master.
@ -379,7 +401,7 @@ Configuration example:
``source_address``
------------------
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
The source IP address or the domain name to be used when connecting the Minion
to the Master.
@ -404,7 +426,7 @@ Configuration example:
``source_ret_port``
-------------------
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
The source port to be used when connecting the Minion to the Master ret server.
@ -427,7 +449,7 @@ Configuration example:
``source_publish_port``
-----------------------
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
The source port to be used when connecting the Minion to the Master publish
server.
@ -786,6 +808,35 @@ A value of 10 minutes is a reasonable default.
grains_refresh_every: 0
.. conf_minion:: fibre_channel_grains
``fibre_channel_grains``
------------------------
Default: ``False``
The ``fibre_channel_grains`` setting will enable the ``fc_wwn`` grain for
Fibre Channel WWN's on the minion. Since this grain is expensive, it is
disabled by default.
.. code-block:: yaml
fibre_channel_grains: True
.. conf_minion:: iscsi_grains
``iscsi_grains``
------------------------
Default: ``False``
The ``iscsi_grains`` setting will enable the ``iscsi_iqn`` grain on the
minion. Since this grain is expensive, it is disabled by default.
.. code-block:: yaml
iscsi_grains: True
.. conf_minion:: mine_enabled
``mine_enabled``
@ -1267,6 +1318,40 @@ talking to the intended master.
syndic_finger: 'ab:30:65:2a:d6:9e:20:4f:d8:b2:f3:a7:d4:65:50:10'
.. conf_minion:: http_connect_timeout
``http_connect_timeout``
------------------------
.. versionadded:: Fluorine
Default: ``20``
HTTP connection timeout in seconds.
Applied when fetching files using tornado back-end.
Should be greater than overall download time.
.. code-block:: yaml
http_connect_timeout: 20
.. conf_minion:: http_request_timeout
``http_request_timeout``
------------------------
.. versionadded:: 2015.8.0
Default: ``3600``
HTTP request timeout in seconds.
Applied when fetching files using tornado back-end.
Should be greater than overall download time.
.. code-block:: yaml
http_request_timeout: 3600
.. conf_minion:: proxy_host
``proxy_host``
@ -1324,7 +1409,7 @@ The password used for HTTP proxy access.
``docker.compare_container_networks``
-------------------------------------
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
Default: ``{'static': ['Aliases', 'Links', 'IPAMConfig'], 'automatic': ['IPAddress', 'Gateway', 'GlobalIPv6Address', 'IPv6Gateway']}``
@ -1794,13 +1879,13 @@ State Management Settings
``renderer``
------------
Default: ``yaml_jinja``
Default: ``jinja|yaml``
The default renderer used for local state executions
.. code-block:: yaml
renderer: yaml_jinja
renderer: jinja|json
.. conf_minion:: test
@ -1904,7 +1989,7 @@ enabled and can be disabled by changing this value to ``False``.
``saltenv``
-----------
.. versionchanged:: Oxygen
.. versionchanged:: 2018.3.0
Renamed from ``environment`` to ``saltenv``. If ``environment`` is used,
``saltenv`` will take its value. If both are used, ``environment`` will be
ignored and ``saltenv`` will be used.
@ -1923,7 +2008,7 @@ environments is to isolate via the top file.
``lock_saltenv``
----------------
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
Default: ``False``
@ -2455,7 +2540,7 @@ minion's pki directory.
``autosign_grains``
-------------------
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
Default: ``not defined``
@ -2463,7 +2548,7 @@ The grains that should be sent to the master on authentication to decide if
the minion's key should be accepted automatically.
Please see the :ref:`Autoaccept Minions from Grains <tutorial-autoaccept-grains>`
documentation for more infomation.
documentation for more information.
.. code-block:: yaml
@ -2648,7 +2733,7 @@ executed in a thread.
``process_count_max``
-------
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
Default: ``-1``

4
doc/ref/configuration/proxy.rst
View File

@ -108,7 +108,7 @@ The frequency of keepalive checks, in minutes. It requires the
Default: ``True``
Wheter the proxy should maintain the connection with the remote
Whether the proxy should maintain the connection with the remote
device. Similarly to :conf_proxy:`proxy_keep_alive`, this option
is very specific to the design of the proxy module.
When :conf_proxy:`proxy_always_alive` is set to ``False``,
@ -126,7 +126,7 @@ has to be closed after every command.
Default: ``False``.
Wheter the pillar data to be merged into the proxy configuration options.
Whether the pillar data to be merged into the proxy configuration options.
As multiple proxies can run on the same server, we may need different
configuration options for each, while there's one single configuration file.
The solution is merging the pillar data of each proxy minion into the opts.

2
doc/ref/internals/fileserver-and-client.rst
View File

@ -6,7 +6,7 @@ The Salt Fileserver and Client
Introduction
------------
Salt has a modular fileserver, and mulitple client classes which are used to
Salt has a modular fileserver, and multiple client classes which are used to
interact with it. This page serves as a developer's reference, to help explain
how the fileserver and clients both work.

9
doc/ref/modules/all/index.rst
View File

@ -148,6 +148,7 @@ execution modules
git
github
glance
glanceng
glusterfs
gnomedesktop
gpg
@ -189,7 +190,7 @@ execution modules
iwtools
jboss7
jboss7_cli
jenkins
jenkinsmod
junos
k8s
kapacitor
@ -199,6 +200,7 @@ execution modules
key
keyboard
keystone
keystoneng
kmod
kubernetes
launchctl
@ -277,11 +279,13 @@ execution modules
napalm_users
napalm_yang_mod
netaddress
netbox
netbsd_sysctl
netbsdservice
netscaler
network
neutron
neutronng
nfs3
nftables
nginx
@ -315,6 +319,7 @@ execution modules
pcs
pdbedit
pecl
pf
philips_hue
pillar
pip
@ -332,6 +337,7 @@ execution modules
publish
puppet
purefa
purefb
pushbullet
pushover_notify
pw_group
@ -446,6 +452,7 @@ execution modules
victorops
virt
virtualenv_mod
vmctl
vsphere
win_autoruns
win_certutil

6
doc/ref/modules/all/salt.modules.glanceng.rst Normal file
View File

@ -0,0 +1,6 @@
=====================
salt.modules.glanceng
=====================
.. automodule:: salt.modules.glanceng
:members:

5
doc/ref/modules/all/salt.modules.jenkins.rst
View File

@ -1,5 +0,0 @@
salt.modules.jenkins module
===========================
.. automodule:: salt.modules.jenkins
:members:

5
doc/ref/modules/all/salt.modules.jenkinsmod.rst Normal file
View File

@ -0,0 +1,5 @@
salt.modules.jenkinsmod module
==============================
.. automodule:: salt.modules.jenkinsmod
:members:

6
doc/ref/modules/all/salt.modules.keystoneng.rst Normal file
View File

@ -0,0 +1,6 @@
=======================
salt.modules.keystoneng
=======================
.. automodule:: salt.modules.keystoneng
:members:

7
doc/ref/modules/all/salt.modules.netbox.rst Normal file
View File

@ -0,0 +1,7 @@
==========================
salt.modules.netbox module
==========================
.. automodule:: salt.modules.netbox
:members:

6
doc/ref/modules/all/salt.modules.neutronng.rst Normal file
View File

@ -0,0 +1,6 @@
======================
salt.modules.neutronng
======================
.. automodule:: salt.modules.neutronng
:members:

6
doc/ref/modules/all/salt.modules.pf.rst Normal file
View File

@ -0,0 +1,6 @@
===============
salt.modules.pf
===============
.. automodule:: salt.modules.pf
:members:

6
doc/ref/modules/all/salt.modules.purefb.rst Normal file
View File

@ -0,0 +1,6 @@
===================
salt.modules.purefb
===================
.. automodule:: salt.modules.purefb
:members:

6
doc/ref/modules/all/salt.modules.telegram.rst Normal file
View File

@ -0,0 +1,6 @@
=====================
salt.modules.telegram
=====================
.. automodule:: salt.modules.telegram
:members:

6
doc/ref/modules/all/salt.modules.vmctl.rst Normal file
View File

@ -0,0 +1,6 @@
==================
salt.modules.vmctl
==================
.. automodule:: salt.modules.vmctl
:members:

1
doc/ref/proxy/all/index.rst
View File

@ -12,6 +12,7 @@ proxy modules
cimc
chronos
cimc
cisconso
dummy
esxi

5
doc/ref/proxy/all/salt.proxy.cimc.rst
View File

@ -1,6 +1,5 @@
===================
salt.proxy.cimc
===================
salt.proxy.cimc module
======================
.. automodule:: salt.proxy.cimc
:members:

2
doc/ref/proxy/all/salt.proxy.panos.rst
View File

@ -1,5 +1,5 @@
salt.proxy.panos module
=========================
=======================
.. automodule:: salt.proxy.panos
:members:

21
doc/ref/publisheracl.rst
View File

@ -10,9 +10,10 @@ to have access to execute select salt commands on minions from the master.
The publisher ACL system is configured in the master configuration file via the
``publisher_acl`` configuration option. Under the ``publisher_acl``
configuration option the users open to send commands are specified and then a
list of regular expressions which specify the minion functions which will be
made available to specified user. This configuration is much like the ``peer``
configuration:
list of the minion functions which will be made available to specified user.
Both users and functions could be specified by exact match, shell glob or
regular expression. This configuration is much like the :ref:`external_auth
<acl-eauth>` configuration:
.. code-block:: yaml
@ -25,9 +26,19 @@ configuration:
- web*:
- test.*
- pkg.*
# Allow managers to use saltutil module functions
manager_.*:
# Allow admin and managers to use saltutil module functions
admin|manager_.*:
- saltutil.*
# Allow users to use only my_mod functions on "web*" minions with specific arguments.
user_.*:
- web*:
- 'my_mod.*':
args:
- 'a.*'
- 'b.*'
kwargs:
'kwa': 'kwa.*'
'kwb': 'kwb'
Permission Issues
-----------------

201
doc/ref/renderers/index.rst
View File

@ -4,41 +4,70 @@
Renderers
=========
The Salt state system operates by gathering information from common data
types such as lists, dictionaries, and strings that would be familiar
to any developer.
The Salt state system operates by gathering information from common data types
such as lists, dictionaries, and strings that would be familiar to any
developer.
SLS files are translated from whatever data templating format they are written
in back into Python data types to be consumed by Salt.
Salt Renderers translate input from the format in which it is written into
Python data structures.
By default SLS files are rendered as Jinja templates and then parsed as YAML
documents. But since the only thing the state system cares about is raw data,
the SLS files can be any structured format that can be dreamed up.
The default renderer is set in the master/minion configuration file using the
:conf_master:`renderer` config option, which defaults to ``jinja|yaml``.
Currently there is support for ``Jinja + YAML``, ``Mako + YAML``,
``Wempy + YAML``, ``Jinja + json``, ``Mako + json`` and ``Wempy + json``.
Renderers can be written to support any template type. This means that the
Salt states could be managed by XML files, HTML files, Puppet files, or any
format that can be translated into the Pythonic data structure used by the state
system.
Two Kinds of Renderers
----------------------
Multiple Renderers
------------------
Renderers fall into one of two categories, based on what they output: text or
data. The one exception to this would be the :mod:`pure python
<salt.renderers.py>` renderer, which can be used in either capacity.
A default renderer is selected in the master configuration file by providing
a value to the ``renderer`` key.
Text Renderers
**************
When evaluating an SLS, more than one renderer can be used.
A text renderer returns text. These include templating engines such as
:mod:`jinja <salt.renderers.jinja>`, :mod:`mako <salt.renderers.mako>`, and
:mod:`genshi <salt.renderers.genshi>`, as well as the :mod:`gpg
<salt.renderers.gpg>` renderer. The following are all text renderers:
When rendering SLS files, Salt checks for the presence of a Salt-specific
shebang line.
- :mod:`aws_kms <salt.renderers.aws_kms>`
- :mod:`cheetah <salt.renderers.cheetah>`
- :mod:`genshi <salt.renderers.genshi>`
- :mod:`gpg <salt.renderers.gpg>`
- :mod:`jinja <salt.renderers.jinja>`
- :mod:`mako <salt.renderers.mako>`
- :mod:`nacl <salt.renderers.nacl>`
- :mod:`pass <salt.renderers.pass>`
- :mod:`py <salt.renderers.py>`
- :mod:`wempy <salt.renderers.wempy>`
The shebang line directly calls the name of the renderer as it is specified
within Salt. One of the most common reasons to use multiple renderers is to
use the Python or ``py`` renderer.
Data Renderers
**************
Below, the first line is a shebang that references the ``py`` renderer.
A data renderer returns a Python data structure (typically a dictionary). The
following are all data renderers:
- :mod:`dson <salt.renderers.dson>`
- :mod:`hjson <salt.renderers.hjson>`
- :mod:`json5 <salt.renderers.json5>`
- :mod:`json <salt.renderers.json>`
- :mod:`pydsl <salt.renderers.pydsl>`
- :mod:`pyobjects <salt.renderers.pyobjects>`
- :mod:`py <salt.renderers.py>`
- :mod:`stateconf <salt.renderers.stateconf>`
- :mod:`yamlex <salt.renderers.yamlex>`
- :mod:`yaml <salt.renderers.yaml>`
Overriding the Default Renderer
-------------------------------
It can sometimes be beneficial to write an SLS file using a renderer other than
the default one. This can be done by using a "shebang"-like syntax on the first
line of the SLS file:
Here is an example of using the :mod:`pure python <salt.renderers.py>` renderer
to install a package:
.. code-block:: python
@ -46,36 +75,57 @@ Below, the first line is a shebang that references the ``py`` renderer.
def run():
'''
Install the python-mako package
Install version 1.5-1.el7 of package "python-foo"
'''
return {'include': ['python'],
'python-mako': {'pkg': ['installed']}}
return {
'include': ['python'],
'python-foo': {
'pkg.installed': [
{'version': '1.5-1.el7'},
]
}
}
This would be equivalent to the following:
.. code-block:: yaml
include:
- python
python-foo:
pkg.installed:
- version: '1.5-1.el7'
.. _renderers-composing:
Composing Renderers
-------------------
A renderer can be composed from other renderers by connecting them in a series
of pipes(``|``).
Composing Renderers (a.k.a. The "Render Pipeline")
--------------------------------------------------
In fact, the default ``Jinja + YAML`` renderer is implemented by connecting a YAML
renderer to a Jinja renderer. Such renderer configuration is specified as: ``jinja | yaml``.
A render pipeline can be composed from other renderers by connecting them in a
series of "pipes" (i.e. ``|``). The renderers will be evaluated from left to
right, with each renderer receiving the result of the previous renderer's
execution.
Other renderer combinations are possible:
Take for example the default renderer (``jinja|yaml``). The file is evaluated
first a jinja template, and the result of that template is evaluated as a YAML
document.
Other render pipeline combinations include:
``yaml``
i.e, just YAML, no templating.
Just YAML, no templating.
``mako | yaml``
pass the input to the ``mako`` renderer, whose output is then fed into the
``yaml`` renderer.
``mako|yaml``
This passes the input to the ``mako`` renderer, with its output fed into
the ``yaml`` renderer.
``jinja | mako | yaml``
``jinja|mako|yaml``
This one allows you to use both jinja and mako templating syntax in the
input and then parse the final rendered output as YAML.
The following is a contrived example SLS file using the ``jinja | mako | yaml`` renderer:
The following is a contrived example SLS file using the ``jinja|mako|yaml``
render pipeline:
.. code-block:: python
@ -91,36 +141,59 @@ The following is a contrived example SLS file using the ``jinja | mako | yaml``
<%doc> ${...} is Mako's notation, and so is this comment. </%doc>
{# Similarly, {{...}} is Jinja's notation, and so is this comment. #}
For backward compatibility, ``jinja | yaml`` can also be written as
``yaml_jinja``, and similarly, the ``yaml_mako``, ``yaml_wempy``,
``json_jinja``, ``json_mako``, and ``json_wempy`` renderers are all supported.
.. important::
Keep in mind that not all renderers can be used alone or with any other
renderers. For example, text renderers shouldn't be used alone as their
outputs are just strings, which still need to be parsed by another renderer
to turn them into Python data structures.
Keep in mind that not all renderers can be used alone or with any other renderers.
For example, the template renderers shouldn't be used alone as their outputs are
just strings, which still need to be parsed by another renderer to turn them into
highstate data structures.
For example, it would not make sense to use ``yaml|jinja`` because the
output of the :mod:`yaml <salt.renderers.yaml>` renderer is a Python data
structure, and the :mod:`jinja <salt.renderers.jinja>` renderer only
accepts text as input.
Therefore, when combining renderers, you should know what each renderer
accepts as input and what it returns as output. One way of thinking about
it is that you can chain together multiple text renderers, but the pipeline
*must* end in a data renderer. Similarly, since the text renderers in Salt
don't accept data structures as input, a text renderer should usually not
come after a data renderer. It's technically *possible* to write a renderer
that takes a data structure as input and returns a string, but no such
renderer is distributed with Salt.
For example, it doesn't make sense to specify ``yaml | jinja`` because the
output of the YAML renderer is a highstate data structure (a dict in Python), which
cannot be used as the input to a template renderer. Therefore, when combining
renderers, you should know what each renderer accepts as input and what it returns
as output.
Writing Renderers
-----------------
A custom renderer must be a Python module placed in the renderers directory and the
module implement the ``render`` function.
A custom renderer must be a Python module which implements a ``render``
function. This function must implement three positional arguments:
The ``render`` function will be passed the path of the SLS file as an argument.
1. ``data`` - Can be called whatever you like. This is the input to be
rendered.
2. ``saltenv``
3. ``sls``
The purpose of the ``render`` function is to parse the passed file and to return
the Python data structure derived from the file.
The first is the important one, and the 2nd and 3rd must be included since Salt
needs to pass this info to each render, even though it is only used by template
renderers.
Custom renderers must be placed in a ``_renderers`` directory within the
:conf_master:`file_roots` specified by the master config file.
Renderers should be written so that the ``data`` argument can accept either
strings or file-like objects as input. For example:
Custom renderers are distributed when any of the following are run:
.. code-block:: python
import mycoolmodule
from salt.ext import six
def render(data, saltenv='base', sls='', **kwargs):
if not isinstance(data, six.string_types):
# Read from file-like object
data = data.read()
return mycoolmodule.do_something(data)
Custom renderers should be placed within ``salt://_renderers/``, so that they
can be synced to minions. They are synced when any of the following are run:
- :py:func:`state.apply <salt.modules.state.apply_>`
- :py:func:`saltutil.sync_renderers <salt.modules.saltutil.sync_renderers>`
@ -130,6 +203,12 @@ Any custom renderers which have been synced to a minion, that are named the
same as one of Salt's default set of renderers, will take the place of the
default renderer with the same name.
.. note::
Renderers can also be synced from ``salt://_renderers/`` to the Master
using either the :py:func:`saltutil.sync_renderers
<salt.runners.saltutil.sync_renderers>` or :py:func:`saltutil.sync_all
<salt.runners.saltutil.sync_all>` runner function.
Examples
--------

17
doc/ref/states/all/index.rst
View File

@ -97,6 +97,7 @@ state modules
git
github
glance
glance_image
glusterfs
gnomedesktop
gpg
@ -125,6 +126,10 @@ state modules
influxdb_retention_policy
influxdb_user
infoblox
infoblox_a
infoblox_cname
infoblox_host_record
infoblox_range
ini_manage
ipmi
ipset
@ -137,6 +142,14 @@ state modules
kernelpkg
keyboard
keystone
keystone_domain
keystone_endpoint
keystone_group
keystone_project
keystone_role
keystone_role_grant
keystone_service
keystone_user
kmod
kubernetes
layman
@ -181,6 +194,10 @@ state modules
netusers
network
netyang
neutron_network
neutron_secgroup
neutron_secgroup_rule
neutron_subnet
nfs_export
nftables
npm

6
doc/ref/states/all/salt.states.glance_image.rst Normal file
View File

@ -0,0 +1,6 @@
========================
salt.states.glance_image
========================
.. automodule:: salt.states.glance_image
:members:

6
doc/ref/states/all/salt.states.infoblox_a.rst Normal file
View File

@ -0,0 +1,6 @@
salt.states.infoblox_a module
===========================
.. automodule:: salt.states.infoblox_a
:members:
:undoc-members:

6
doc/ref/states/all/salt.states.infoblox_cname.rst Normal file
View File

@ -0,0 +1,6 @@
salt.states.infoblox_cname module
===========================
.. automodule:: salt.states.infoblox_cname
:members:
:undoc-members:

6
doc/ref/states/all/salt.states.infoblox_host_record.rst Normal file
View File

@ -0,0 +1,6 @@
salt.states.infoblox_host_record module
===========================
.. automodule:: salt.states.infoblox_host_record
:members:
:undoc-members:

6
doc/ref/states/all/salt.states.infoblox_range.rst Normal file
View File

@ -0,0 +1,6 @@
salt.states.infoblox_range module
===========================
.. automodule:: salt.states.infoblox_range
:members:
:undoc-members:

6
doc/ref/states/all/salt.states.keystone_domain.rst Normal file
View File

@ -0,0 +1,6 @@
===========================
salt.states.keystone_domain
===========================
.. automodule:: salt.states.keystone_domain
:members:

6
doc/ref/states/all/salt.states.keystone_endpoint.rst Normal file
View File

@ -0,0 +1,6 @@
=============================
salt.states.keystone_endpoint
=============================
.. automodule:: salt.states.keystone_endpoint
:members:

6
doc/ref/states/all/salt.states.keystone_group.rst Normal file
View File

@ -0,0 +1,6 @@
==========================
salt.states.keystone_group
==========================
.. automodule:: salt.states.keystone_group
:members:

6
doc/ref/states/all/salt.states.keystone_project.rst Normal file
View File

@ -0,0 +1,6 @@
============================
salt.states.keystone_project
============================
.. automodule:: salt.states.keystone_project
:members:

6
doc/ref/states/all/salt.states.keystone_role.rst Normal file
View File

@ -0,0 +1,6 @@
=========================
salt.states.keystone_role
=========================
.. automodule:: salt.states.keystone_role
:members:

6
doc/ref/states/all/salt.states.keystone_role_grant.rst Normal file
View File

@ -0,0 +1,6 @@
===============================
salt.states.keystone_role_grant
===============================
.. automodule:: salt.states.keystone_role_grant
:members:

6
doc/ref/states/all/salt.states.keystone_service.rst Normal file
View File

@ -0,0 +1,6 @@
============================
salt.states.keystone_service
============================
.. automodule:: salt.states.keystone_service
:members:

6
doc/ref/states/all/salt.states.keystone_user.rst Normal file
View File

@ -0,0 +1,6 @@
=========================
salt.states.keystone_user
=========================
.. automodule:: salt.states.keystone_user
:members:

6
doc/ref/states/all/salt.states.neutron_network.rst Normal file
View File

@ -0,0 +1,6 @@
===========================
salt.states.neutron_network
===========================
.. automodule:: salt.states.neutron_network
:members:

6
doc/ref/states/all/salt.states.neutron_secgroup.rst Normal file
View File

@ -0,0 +1,6 @@
============================
salt.states.neutron_secgroup
============================
.. automodule:: salt.states.neutron_secgroup
:members:

6
doc/ref/states/all/salt.states.neutron_secgroup_rule.rst Normal file
View File

@ -0,0 +1,6 @@
=================================
salt.states.neutron_secgroup_rule
=================================
.. automodule:: salt.states.neutron_secgroup_rule
:members:

6
doc/ref/states/all/salt.states.neutron_subnet.rst Normal file
View File

@ -0,0 +1,6 @@
==========================
salt.states.neutron_subnet
==========================
.. automodule:: salt.states.neutron_subnet
:members:

5
doc/ref/states/all/salt.states.zabbix_action.rst Normal file
View File

@ -0,0 +1,5 @@
salt.states.zabbix_action module
==============================
.. automodule:: salt.states.zabbix_action
:members:

5
doc/ref/states/all/salt.states.zabbix_template.rst Normal file
View File

@ -0,0 +1,5 @@
salt.states.zabbix_template module
==============================
.. automodule:: salt.states.zabbix_template
:members:

5
doc/ref/states/all/salt.states.zabbix_valuemap.rst Normal file
View File

@ -0,0 +1,5 @@
salt.states.zabbix_valuemap module
==============================
.. automodule:: salt.states.zabbix_valuemap
:members:

4
doc/ref/states/failhard.rst
View File

@ -33,6 +33,8 @@ A good example of this would be setting up a package manager early on:
In this situation, the yum repo is going to be configured before other states,
and if it fails to lay down the config file, than no other states will be
executed.
It is possible to override a Global Failhard (see below) by explicitly setting
it to ``False`` in the state.
Global Failhard
===============
@ -51,4 +53,4 @@ see states failhard if an admin is not actively aware that the failhard has
been set.
To use the global failhard set failhard: True in the master configuration
file.
file.

2
doc/ref/states/parallel.rst
View File

@ -12,7 +12,7 @@ option to your state declaration:
service.running:
- parallel: True
Now ``nginx`` will be started in a seperate process from the normal state run
Now ``nginx`` will be started in a separate process from the normal state run
and will therefore not block additional states.
Parallel States and Requisites

19
doc/ref/states/requisites.rst
View File

@ -257,13 +257,13 @@ large groups of states easily in any requisite statement.
require_any
~~~~~~~~~~~
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
The use of ``require_any`` demands that one of the required states executes before the
dependent state. The state containing the ``require_any`` requisite is defined as the
dependent state. The states specified in the ``require_any`` statement are defined as the
required states. If at least one of the required state's execution succeeds, the dependent state
will then execute. If at least one of the required state's execution fails, the dependent state
will then execute. If all of the executions by the required states fail, the dependent state
will not execute.
.. code-block:: yaml
@ -380,7 +380,7 @@ to Salt ensuring that the service is running.
watch_any
~~~~~~~~~
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
The state containing the ``watch_any`` requisite is defined as the watching
state. The states specified in the ``watch_any`` statement are defined as the watched
@ -504,6 +504,15 @@ The ``onfail`` requisite is applied in the same way as ``require`` as ``watch``:
- onfail:
- mount: primary_mount
.. note::
Setting failhard (:ref:`globally <global-failhard>` or in
:ref:`the failing state <state-level-failhard>`) to ``True`` will cause
``onfail``, ``onfail_in`` and ``onfail_any`` requisites to be ignored.
If you want to combine a global failhard set to True with ``onfail``,
``onfail_in`` or ``onfail_any``, you will have to explicitly set failhard
to ``False`` (overriding the global setting) in the state that could fail.
.. note::
Beginning in the ``2016.11.0`` release of Salt, ``onfail`` uses OR logic for
@ -517,7 +526,7 @@ The ``onfail`` requisite is applied in the same way as ``require`` as ``watch``:
onfail_any
~~~~~~~~~~
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
The ``onfail_any`` requisite allows for reactions to happen strictly as a response
to the failure of at least one other state. This can be used in a number of ways, such as
@ -616,7 +625,7 @@ if any of the watched states changes.
onchanges_any
~~~~~~~~~~~~~
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
The ``onchanges_any`` requisite makes a state only apply one of the required states
generates changes, and if one of the watched state's "result" is ``True``. This can be

2
doc/ref/states/writing.rst
View File

@ -156,7 +156,7 @@ A State Module must return a dict containing the following keys/values:
in test mode without applying the change, ``False`` can be returned.
- **comment:** A list of strings or a single string summarizing the result.
Note that support for lists of strings is available as of Salt Oxygen.
Note that support for lists of strings is available as of Salt 2018.3.0.
Lists of strings will be joined with newlines to form the final comment;
this is useful to allow multiple comments from subparts of a state.
Prefer to keep line lengths short (use multiple lines as needed),

24
doc/topics/cloud/aws.rst
View File

@ -296,7 +296,7 @@ Set up an initial profile at ``/etc/salt/cloud.profiles``:
SecurityGroupId:
- sg-750af413
del_root_vol_on_destroy: True
del_all_vol_on_destroy: True
del_all_vols_on_destroy: True
volumes:
- { size: 10, device: /dev/sdf }
- { size: 10, device: /dev/sdg, type: io1, iops: 1000 }
@ -721,6 +721,28 @@ them have never been used, much less tested, by the Salt Stack team.
.. __: https://aws.amazon.com/marketplace
NOTE: If ``image`` of a profile does not start with ``ami-``, latest
image with that name will be used. For example, to create a CentOS 7
profile, instead of using the AMI like ``image: ami-1caef165``, we
can use its name like ``image: 'CentOS Linux 7 x86_64 HVM EBS ENA 1803_01'``.
We can also use a pattern like below to get the latest CentOS 7:
.. code-block:: yaml
profile-id:
provider: provider-name
subnetid: subnet-XXXXXXXX
image: 'CentOS Linux 7 x86_64 HVM EBS *'
size: m1.medium
ssh_username: centos
securitygroupid:
- sg-XXXXXXXX
securitygroupname:
- AnotherSecurityGroup
- AndThirdSecurityGroup
show_image
==========
This is a function that describes an AMI on EC2. This will give insight as to

56
doc/topics/cloud/azurearm.rst
View File

@ -15,7 +15,16 @@ More information about Azure is located at `http://www.windowsazure.com/
Dependencies
============
* Azure Cli ```pip install 'azure-cli>=2.0.12'```
* `azure <https://pypi.python.org/pypi/azure>`_ >= 2.0.0rc6
* `azure-common <https://pypi.python.org/pypi/azure-common>`_ >= 1.1.4
* `azure-mgmt <https://pypi.python.org/pypi/azure-mgmt>`_ >= 0.30.0rc6
* `azure-mgmt-compute <https://pypi.python.org/pypi/azure-mgmt-compute>`_ >= 0.33.0
* `azure-mgmt-network <https://pypi.python.org/pypi/azure-mgmt-network>`_ >= 0.30.0rc6
* `azure-mgmt-resource <https://pypi.python.org/pypi/azure-mgmt-resource>`_ >= 0.30.0
* `azure-mgmt-storage <https://pypi.python.org/pypi/azure-mgmt-storage>`_ >= 0.30.0rc6
* `azure-mgmt-web <https://pypi.python.org/pypi/azure-mgmt-web>`_ >= 0.30.0rc6
* `azure-storage <https://pypi.python.org/pypi/azure-storage>`_ >= 0.32.0
* `msrestazure <https://pypi.python.org/pypi/msrestazure>`_ >= 0.4.21
* A Microsoft Azure account
* `Salt <https://github.com/saltstack/salt>`_
@ -89,7 +98,7 @@ Set up an initial profile at ``/etc/salt/cloud.profiles``:
.. code-block:: yaml
azure-ubuntu:
azure-ubuntu-pass:
provider: my-azure-config
image: Canonical|UbuntuServer|14.04.5-LTS|14.04.201612050
size: Standard_D1_v2
@ -97,6 +106,14 @@ Set up an initial profile at ``/etc/salt/cloud.profiles``:
ssh_username: azureuser
ssh_password: verybadpass
azure-ubuntu-key:
provider: my-azure-config
image: Canonical|UbuntuServer|14.04.5-LTS|14.04.201612050
size: Standard_D1_v2
location: eastus
ssh_username: azureuser
ssh_publickeyfile: /path/to/ssh_public_key.pub
azure-win2012:
provider: my-azure-config
image: MicrosoftWindowsServer|WindowsServer|2012-R2-Datacenter|latest
@ -179,13 +196,23 @@ be viewed using the following command:
ssh_username
------------
Required for Linux. The user to use to log into the newly-created Linux VM to
install Salt.
Required for Linux. The admin user to add on the instance. It is also used to log
into the newly-created VM to install Salt.
ssh_keyfile
-----------
Required if using SSH key authentication. The path on the Salt master to the SSH private
key used during the minion bootstrap process.
ssh_publickeyfile
-----------------
Use either ``ssh_publickeyfile`` or ``ssh_password``. The path on the Salt master to the
SSH public key which will be pushed to the Linux VM.
ssh_password
------------
Required for Linux. The password to use to log into the newly-created Linux VM
to install Salt.
Use either ``ssh_publickeyfile`` or ``ssh_password``. The password for the admin user on
the newly-created Linux virtual machine.
win_username
------------
@ -221,6 +248,11 @@ subnet
Optional. The subnet inside the virtual network that the VM will be spun up in.
Default is ``default``.
allocate_public_ip
------------------
Optional. Default is ``False``. If set to ``True``, a public IP will
be created and assigned to the VM.
load_balancer
-------------
Optional. The load-balancer for the VM's network interface to join. If
@ -295,6 +327,18 @@ Optional. The path to a file to be read and submitted to Azure as user data.
How this is used depends on the operating system that is being deployed. If
used, any ``userdata`` setting will be ignored.
userdata_sendkeys
-------------
Optional. Set to ``True`` in order to generate salt minion keys and provide
them as variables to the userdata script when running it through the template
renderer. The keys can be referenced as ``{{opts['priv_key']}}`` and
``{{opts['pub_key']}}``.
userdata_template
-------------
Optional. Enter the renderer, such as ``jinja``, to be used for the userdata
script template.
wait_for_ip_timeout
-------------------
Optional. Default is ``600``. When waiting for a VM to be created, Salt Cloud

2
doc/topics/cloud/cloud.rst
View File

@ -35,7 +35,7 @@ https://github.com/saltstack/salt/tree/develop/salt/cloud/clouds/msazure.py
The get_configured_provider() Function
--------------------------------------
This function uses ``config.is_provider_configured()`` to determine wither
This function uses ``config.is_provider_configured()`` to determine whether
all required information for this driver has been configured. The last value
in the list of required settings should be followed by a comma.

2
doc/topics/cloud/cloudstack.rst
View File

@ -156,7 +156,7 @@ security_group
~~~~~~~~~~~~~~
.. versionadded:: next-release
You can specifiy a list of security groups (by name or id) that should be
You can specify a list of security groups (by name or id) that should be
assigned to the VM.
.. code-block:: yaml

32
doc/topics/cloud/config.rst
View File

@ -71,7 +71,7 @@ The generated grain information will appear similar to:
provider: my_ec2:ec2
profile: ec2-web
The generation of the salt-cloud grain can be surpressed by the
The generation of the salt-cloud grain can be suppressed by the
option ``enable_cloud_grains: 'False'`` in the cloud configuration file.
Cloud Configuration Syntax
@ -344,7 +344,35 @@ be set in the configuration file to enable interfacing with GoGrid:
OpenStack
---------
.. automodule:: salt.cloud.clouds.openstack
Using Salt for OpenStack uses the `shade <https://docs.openstack.org/shade/latest/>` driver managed by the
openstack-infra team.
This driver can be configured using the ``/etc/openstack/clouds.yml`` file with
`os-client-config <https://docs.openstack.org/os-client-config/latest/>`
.. code-block:: yaml
myopenstack:
driver: openstack
region_name: RegionOne
cloud: mycloud
Or by just configuring the same auth block directly in the cloud provider config.
.. code-block:: yaml
myopenstack:
driver: openstack
region_name: RegionOne
auth:
username: 'demo'
password: secret
project_name: 'demo'
auth_url: 'http://openstack/identity'
Both of these methods support using the
`vendor <https://docs.openstack.org/os-client-config/latest/user/vendor-support.html>`
options.
For more information, look at :mod:`Openstack Cloud Driver Docs <salt.cloud.clouds.openstack>`
DigitalOcean
------------

2
doc/topics/cloud/linode.rst
View File

@ -38,7 +38,7 @@ Set up the provider cloud configuration file at ``/etc/salt/cloud.providers`` or
Profile Configuration
=====================
Linode profiles require a ``provider``, ``size``, ``image``, and ``location``. Set up an initial profile
at ``/etc/salt/cloud.profiles`` or in the ``/etc/salt/cloud.profiles.d/`` directory:
at ``/etc/salt/cloud.profiles`` or ``/etc/salt/cloud.profiles.d/*.conf``:
.. code-block:: yaml

4
doc/topics/cloud/misc.rst
View File

@ -392,7 +392,7 @@ script, a cloud profile using ``file_map`` might look like:
Running Pre-Flight Commands
===========================
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
To execute specified preflight shell commands on a VM before the deploy script is
run, use the ``preflight_cmds`` option. These must be defined as a list in a cloud
@ -413,7 +413,7 @@ These commands will run in sequence **before** the bootstrap script is executed.
Force Minion Config
===================
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
The ``force_minion_config`` option requests the bootstrap process to overwrite
an existing minion configuration file and public/private key files.

18
doc/topics/cloud/oneandone.rst
View File

@ -142,5 +142,23 @@ wait_for_timeout
The timeout to wait in seconds for provisioning resources such as servers.
The default wait_for_timeout is 15 minutes.
public_key_ids
List of public key IDs (ssh key).
Functions
=========
* Create an SSH key
.. code-block:: bash
sudo salt-cloud -f create_ssh_key my-oneandone-config name='SaltTest' description='SaltTestDescription'
* Create a block storage
.. code-block:: bash
sudo salt-cloud -f create_block_storage my-oneandone-config name='SaltTest2' description='SaltTestDescription' size=50 datacenter_id='5091F6D8CBFEF9C26ACE957C652D5D49'
For more information concerning cloud profiles, see :ref:`here
<salt-cloud-profiles>`.

5
doc/topics/cloud/openstack.rst Normal file
View File

@ -0,0 +1,5 @@
==============================
Getting Started with Openstack
==============================
.. automodule:: salt.cloud.clouds.openstack

28
doc/topics/cloud/profitbricks.rst
View File

@ -104,13 +104,18 @@ Here is an example of a profile:
profitbricks_production:
provider: my-profitbricks-config
image: Ubuntu-15.10-server-2016-05-01
image_password: MyPassword1
disk_type: SSD
disk_size: 40
cores: 8
cpu_family: INTEL_XEON
ram: 32768
public_lan: 1
public_ips:
- 172.217.18.174
private_lan: 2
private_ips:
- 192.168.100.10
public_firewall_rules:
Allow SSH:
protocol: TCP
@ -151,6 +156,13 @@ command:
# salt-cloud --list-sizes my-profitbricks-config
.. versionadded:: Fluorine
One or more public IP address can be reserved with the following command:
.. code-block:: bash
# salt-cloud -f reserve_ipblock my-profitbricks-config location='us/ewr' size=1
Profile Specifics:
------------------
@ -185,6 +197,14 @@ disk_type
This option allow the disk type to be set to HDD or SSD. The default is
HDD.
.. versionadded:: Fluorine
image_password
A password is set on the image for the "root" or "Administrator" account.
This field may only be set during volume creation. Only valid with
ProfitBricks supplied HDD (not ISO) images. The password must contain at
least 8 and no more than 50 characters. Only these characters are
allowed: [a-z][A-Z][0-9]
cores
This option allows you to override the number of CPU cores as defined by
the size.
@ -199,6 +219,10 @@ public_lan
LAN exists, then a new public LAN will be created. The value accepts a LAN
ID (integer).
.. versionadded:: Fluorine
public_ips
Public IPs assigned to the NIC in the public LAN.
public_firewall_rules
This option allows for a list of firewall rules assigned to the public
network interface.
@ -218,6 +242,10 @@ private_lan
LAN exists, then a new private LAN will be created. The value accepts a LAN
ID (integer).
.. versionadded:: Fluorine
private_ips
Private IPs assigned in the private LAN. NAT setting is ignored when this setting is active.
private_firewall_rules
This option allows for a list of firewall rules assigned to the private
network interface.

188
doc/topics/cloud/rackspace.rst
View File

@ -1,188 +0,0 @@
==============================
Getting Started With Rackspace
==============================
Rackspace is a major public cloud platform which may be configured using either
the `openstack` driver.
Dependencies
============
* Libcloud >= 0.13.2
Configuration
=============
To use the `openstack` driver (recommended), set up the cloud configuration at
``/etc/salt/cloud.providers`` or
``/etc/salt/cloud.providers.d/rackspace.conf``:
.. code-block:: yaml
my-rackspace-config:
# Set the location of the salt-master
#
minion:
master: saltmaster.example.com
# Configure Rackspace using the OpenStack plugin
#
identity_url: 'https://identity.api.rackspacecloud.com/v2.0/tokens'
compute_name: cloudServersOpenStack
protocol: ipv4
# Set the compute region:
#
compute_region: DFW
# Configure Rackspace authentication credentials
#
user: myname
tenant: 123456
apikey: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
driver: openstack
.. note::
.. versionchanged:: 2015.8.0
The ``provider`` parameter in cloud provider definitions was renamed to ``driver``. This
change was made to avoid confusion with the ``provider`` parameter that is used in cloud profile
definitions. Cloud provider definitions now use ``driver`` to refer to the Salt cloud module that
provides the underlying functionality to connect to a cloud host, while cloud profiles continue
to use ``provider`` to refer to provider configurations that you define.
Compute Region
==============
Rackspace currently has six compute regions which may be used:
.. code-block:: bash
DFW -> Dallas/Forth Worth
ORD -> Chicago
SYD -> Sydney
LON -> London
IAD -> Northern Virginia
HKG -> Hong Kong
Note: Currently the LON region is only available with a UK account, and UK accounts cannot access other regions
Authentication
==============
The ``user`` is the same user as is used to log into the Rackspace Control
Panel. The ``tenant`` and ``apikey`` can be found in the API Keys area of the
Control Panel. The ``apikey`` will be labeled as API Key (and may need to be
generated), and ``tenant`` will be labeled as Cloud Account Number.
An initial profile can be configured in ``/etc/salt/cloud.profiles`` or
``/etc/salt/cloud.profiles.d/rackspace.conf``:
.. code-block:: yaml
openstack_512:
provider: my-rackspace-config
size: 512 MB Standard
image: Ubuntu 12.04 LTS (Precise Pangolin)
To instantiate a machine based on this profile:
.. code-block:: bash
# salt-cloud -p openstack_512 myinstance
This will create a virtual machine at Rackspace with the name ``myinstance``.
This operation may take several minutes to complete, depending on the current
load at the Rackspace data center.
Once the instance has been created with salt-minion installed, connectivity to
it can be verified with Salt:
.. code-block:: bash
# salt myinstance test.ping
RackConnect Environments
------------------------
Rackspace offers a hybrid hosting configuration option called RackConnect that
allows you to use a physical firewall appliance with your cloud servers. When
this service is in use the public_ip assigned by nova will be replaced by a NAT
ip on the firewall. For salt-cloud to work properly it must use the newly
assigned "access ip" instead of the Nova assigned public ip. You can enable that
capability by adding this to your profiles:
.. code-block:: yaml
openstack_512:
provider: my-openstack-config
size: 512 MB Standard
image: Ubuntu 12.04 LTS (Precise Pangolin)
rackconnect: True
Managed Cloud Environments
--------------------------
Rackspace offers a managed service level of hosting. As part of the managed
service level you have the ability to choose from base of lamp installations on
cloud server images. The post build process for both the base and the lamp
installations used Chef to install things such as the cloud monitoring agent and
the cloud backup agent. It also takes care of installing the lamp stack if
selected. In order to prevent the post installation process from stomping over
the bootstrapping you can add the below to your profiles.
.. code-block:: yaml
openstack_512:
provider: my-rackspace-config
size: 512 MB Standard
image: Ubuntu 12.04 LTS (Precise Pangolin)
managedcloud: True
First and Next Generation Images
--------------------------------
Rackspace provides two sets of virtual machine images, *first*, and *next*
generation. As of ``0.8.9`` salt-cloud will default to using the *next*
generation images. To force the use of first generation images, on the profile
configuration please add:
.. code-block:: yaml
FreeBSD-9.0-512:
provider: my-rackspace-config
size: 512 MB Standard
image: FreeBSD 9.0
force_first_gen: True
Private Subnets
---------------
By default salt-cloud will not add Rackspace private networks to new servers. To enable
a private network to a server instantiated by salt cloud, add the following section
to the provider file (typically ``/etc/salt/cloud.providers.d/rackspace.conf``)
.. code-block:: yaml
networks:
- fixed:
# This is the private network
- private-network-id
# This is Rackspace's "PublicNet"
- 00000000-0000-0000-0000-000000000000
# This is Rackspace's "ServiceNet"
- 11111111-1111-1111-1111-111111111111
To get the Rackspace private network ID, go to Networking, Networks and hover over the private network name.
The order of the networks in the above code block does not map to the order of the
ethernet devices on newly created servers. Public IP will always be first ( eth0 )
followed by servicenet ( eth1 ) and then private networks.
Enabling the private network per above gives the option of using the private subnet for
all master-minion communication, including the bootstrap install of salt-minion. To
enable the minion to use the private subnet, update the master: line in the minion:
section of the providers file. To configure the master to only listen on the private
subnet IP, update the interface: line in the /etc/salt/master file to be the private
subnet IP of the salt master.

2
doc/topics/cloud/salt.rst
View File

@ -238,7 +238,7 @@ presence of the instance will be managed statefully.
my-instance-name:
cloud.present:
- provider: my-ec2-config
- cloud_provider: my-ec2-config
- image: ami-1624987f
- size: 't1.micro'
- ssh_username: ec2-user

6
doc/topics/cloud/saltify.rst
View File

@ -89,7 +89,7 @@ to it can be verified with Salt:
Destroy Options
---------------
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
For obvious reasons, the ``destroy`` action does not actually vaporize hardware.
If the salt master is connected, it can tear down parts of the client machines.
@ -113,7 +113,7 @@ and can execute the following options:
Wake On LAN
-----------
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
In addition to connecting a hardware machine to a Salt master,
you have the option of sending a wake-on-LAN
@ -125,7 +125,7 @@ to start that machine running.
The "magic packet" must be sent by an existing salt minion which is on
the same network segment as the target machine. (Or your router
must be set up especially to route WoL packets.) Your target machine
must be set up to listen for WoL and to respond appropriatly.
must be set up to listen for WoL and to respond appropriately.
You must provide the Salt node id of the machine which will send
the WoL packet \(parameter ``wol_sender_node``\), and

2
doc/topics/cloud/vmware.rst
View File

@ -286,7 +286,7 @@ Set up an initial profile at ``/etc/salt/cloud.profiles`` or
eagerly_scrub
Specifies whether the disk should be rewrite with zeros during thick provisioning or not.
Default is ``eagerly_scrub: False``.
.. versionadded:: Oxygen
.. versionadded:: 2018.3.0
controller
Specify the SCSI controller label to which this disk should be attached.
This should be specified only when creating both the specified SCSI

24
doc/topics/cloud/windows.rst
View File

@ -9,6 +9,13 @@ Windows images.
Requirements
============
.. note::
Support ``winexe`` and ``impacket`` has been deprecated and will be removed in
Fluorine. These dependencies are replaced by ``pypsexec`` and ``smbprotocol``
respectivly. These are pure python alternatives that are compatible with all
supported python versions.
Salt Cloud makes use of `impacket` and `winexe` to set up the Windows Salt
Minion installer.
@ -32,6 +39,15 @@ channels:
.. __: http://software.opensuse.org/package/winexe
* `pypsexec project home`__
.. __: https://github.com/jborean93/pypsexec
* `smbprotocol project home`__
.. __: https://github.com/jborean93/smbprotocol
Optionally WinRM can be used instead of `winexe` if the python module `pywinrm`
is available and WinRM is supported on the target Windows version. Information
on pywinrm can be found at the project home:
@ -136,24 +152,24 @@ the following userdata example:
$SourceStoreScope = 'LocalMachine'
$SourceStorename = 'Remote Desktop'
$SourceStore = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $SourceStorename, $SourceStoreScope
$SourceStore = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $SourceStorename, $SourceStoreScope
$SourceStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
$cert = $SourceStore.Certificates | Where-Object -FilterScript {
$cert = $SourceStore.Certificates | Where-Object -FilterScript {
$_.subject -like '*'
}
$DestStoreScope = 'LocalMachine'
$DestStoreName = 'My'
$DestStore = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $DestStoreName, $DestStoreScope
$DestStore = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $DestStoreName, $DestStoreScope
$DestStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$DestStore.Add($cert)
$SourceStore.Close()
$DestStore.Close()
winrm create winrm/config/listener?Address=*+Transport=HTTPS `@`{Hostname=`"($certId)`"`;CertificateThumbprint=`"($cert.Thumbprint)`"`}
winrm create winrm/config/listener?Address=*+Transport=HTTPS `@`{CertificateThumbprint=`"($cert.Thumbprint)`"`}
Restart-Service winrm
</powershell>

19
doc/topics/development/contributing.rst
View File

@ -60,7 +60,7 @@ Fork a Repo Guide_>`_ and is well worth reading.
isolated into separate branches.
If you're working on a bug or documentation fix, create your branch from
the oldest release branch that contains the bug or requires the documentation
the oldest **supported** main release branch that contains the bug or requires the documentation
update. See :ref:`Which Salt Branch? <which-salt-branch>`.
.. code-block:: bash
@ -212,8 +212,11 @@ There are three different kinds of branches in use: develop, main release
branches, and dot release branches.
- All feature work should go into the ``develop`` branch.
- Bug fixes and documentation changes should go into the oldest supported
**main** release branch affected by the the bug or documentation change.
- Bug fixes and documentation changes should go into the oldest **supported
main** release branch affected by the the bug or documentation change (you
can use the blame button in github to figure out when the bug was introduced).
Supported releases are the last 2 releases. For example, if the latest release
is 2018.3, the last two release are 2018.3 and 2017.7.
Main release branches are named after a year and month, such as
``2016.11`` and ``2017.7``.
- Hot fixes, as determined by SaltStack's release team, should be submitted
@ -223,7 +226,7 @@ branches, and dot release branches.
.. note::
GitHub will open pull requests against Salt's main branch, ``develop``,
byndefault. Be sure to check which branch is selected when creating the
by default. Be sure to check which branch is selected when creating the
pull request.
The Develop Branch
@ -247,7 +250,7 @@ Main Release Branches
=====================
The current release branch is the most recent stable release. Pull requests
containing bug fixes or documentation changes should be made against the main
containing bug fixes or documentation changes should be made against the oldest supported main
release branch that is affected.
The branch name will be a date-based name such as ``2016.11``.
@ -282,9 +285,9 @@ The Salt repository follows a "Merge Forward" policy. The merge-forward
behavior means that changes submitted to older main release branches will
automatically be "merged-forward" into the newer branches.
For example, a pull request is merged into ``2016.11``. Then, the entire
``2016.11`` branch is merged-forward into the ``2017.7`` branch, and the
``2017.7`` branch is merged-forward into the ``develop`` branch.
For example, a pull request is merged into ``2017.7``. Then, the entire
``2017.7`` branch is merged-forward into the ``2018.3`` branch, and the
``2018.3`` branch is merged-forward into the ``develop`` branch.
This process makes is easy for contributors to make only one pull-request
against an older branch, but allows the change to propagate to all **main**

23
doc/topics/development/conventions/formulas.rst
View File

@ -58,7 +58,7 @@ States. GitFS is a quick and natural way to use Formulas.
3. Restart the Salt master.
Beginning with the Oxygen release, using formulas with GitFS is now much more
Beginning with the 2018.3.0 release, using formulas with GitFS is now much more
convenient for deployments which use many different fileserver environments
(i.e. saltenvs). Using the :ref:`all_saltenvs <gitfs-global-remotes>`
parameter, files from a single git branch/tag will appear in all environments.
@ -221,8 +221,9 @@ The best way to create new Formula repositories for now is to create a
repository in your own account on GitHub and notify a SaltStack employee when
it is ready. We will add you to the Contributors team on the
`saltstack-formulas`_ organization and help you transfer the repository over.
Ping a SaltStack employee on IRC (``#salt`` on Freenode) or send an email to
the `salt-users`_ mailing list.
Ping a SaltStack employee on IRC (``#salt`` on Freenode), join the
``#formulas`` channel on the `salt-slack`_ or send an email to the
`salt-users`_ mailing list.
There are a lot of repositories in that organization! Team members can manage
which repositories they are subscribed to on GitHub's watching page:
@ -1005,10 +1006,10 @@ The :py:func:`file.serialize <salt.states.file.serialize>` state can provide a
shorthand for creating some files from data structures. There are also many
examples within Salt Formulas of creating one-off "serializers" (often as Jinja
macros) that reformat a data structure to a specific config file format. For
example, `Nginx vhosts`__ or the `php.ini`__
example, look at the`Nginx vhosts`_ states or the `php.ini`_ file template.
__: https://github.com/saltstack-formulas/nginx-formula/blob/5cad4512/nginx/ng/vhosts_config.sls
__: https://github.com/saltstack-formulas/php-formula/blob/82e2cd3a/php/ng/files/php.ini
.. _`Nginx vhosts`: https://github.com/saltstack-formulas/nginx-formula/blob/5cad4512/nginx/ng/vhosts_config.sls
.. _`php.ini`: https://github.com/saltstack-formulas/php-formula/blob/82e2cd3a/php/ng/files/php.ini
Environment specific information
................................
@ -1258,7 +1259,7 @@ target platform, and any other installation or usage instructions or tips.
A sample skeleton for the ``README.rst`` file:
.. code-block:: rest
.. code-block:: restructuredtext
===
foo
@ -1266,10 +1267,10 @@ A sample skeleton for the ``README.rst`` file:
Install and configure the FOO service.
.. note::
**NOTE**
See the full `Salt Formulas installation and usage instructions
<http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_.
See the full `Salt Formulas installation and usage instructions
<https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_.
Available states
================
@ -1298,7 +1299,7 @@ A sample skeleton for the `CHANGELOG.rst` file:
:file:`CHANGELOG.rst`:
.. code-block:: rest
.. code-block:: restructuredtext
foo formula
===========

2
doc/topics/development/tests/index.rst
View File

@ -436,7 +436,7 @@ external resource, like a cloud virtual machine. This decorator is not normally
used by developers outside of the Salt core team.
`@destructiveTest` -- Marks a test as potentially destructive. It will not be run
by the test runner unles the ``-run-destructive`` test is expressly passed.
by the test runner unless the ``-run-destructive`` test is expressly passed.
`@requires_network` -- Requires a network connection for the test to operate
successfully. If a network connection is not detected, the test will not run.

2
doc/topics/development/tests/unit.rst
View File

@ -98,7 +98,7 @@ Mocking Loader Modules
Salt loader modules use a series of globally available dunder variables,
``__salt__``, ``__opts__``, ``__pillar__``, etc. To facilitate testing these
modules a mixin class was created, ``LoaderModuleMockMixin`` which can be found
in ``tests/support/mixins.py``. The reason for the existance of this class is
in ``tests/support/mixins.py``. The reason for the existence of this class is
because historiclly and because it was easier, one would add these dunder
variables directly on the imported module. This however, introduces unexpected
behavior when running the full test suite since those attributes would not be

17
doc/topics/eauth/index.rst
View File

@ -27,12 +27,13 @@ in the master configuration file and uses the :ref:`access control system
- 'web*':
- test.*
- network.*
steve:
steve|admin.*:
- .*
The above configuration allows the user ``thatch`` to execute functions
in the test and network modules on the minions that match the web* target.
User ``steve`` is given unrestricted access to minion commands.
The above configuration allows the user ``thatch`` to execute functions in the
test and network modules on the minions that match the web* target. User
``steve`` and the users whose logins start with ``admin``, are granted
unrestricted access to minion commands.
Salt respects the current PAM configuration in place, and uses the 'login'
service to authenticate.
@ -71,8 +72,8 @@ Matching syntax
---------------
The structure of the ``external_auth`` dictionary can take the following
shapes. Function matches are regular expressions; minion matches are compound
targets.
shapes. User and function matches are exact matches, shell glob patterns or
regular expressions; minion matches are compound targets.
By user:
@ -142,8 +143,8 @@ Positional arguments or keyword arguments to functions can also be whitelisted.
- '*':
- 'my_mod.*':
args:
- 'a.*'
- 'b.*'
- 'a.*'
- 'b.*'
kwargs:
'kwa': 'kwa.*'
'kwb': 'kwb'

39
doc/topics/event/events.rst
View File

@ -174,17 +174,34 @@ YAML can be used at the CLI in function arguments:
salt-call event.send 'myco/mytag/success' '{success: True, message: "It works!"}'
If a process is listening on the minion, it may be useful for a user on the
master to fire an event to it:
master to fire an event to it. An example of listening local events on
a minion on a non-Windows system:
.. code-block:: python
# Job on minion
import salt.utils.event
event = salt.utils.event.MinionEvent(**__opts__)
opts = salt.config.minion_config('/etc/salt/minion')
event = salt.utils.event.MinionEvent(opts)
for evdata in event.iter_events(tag='customtag/'):
return evdata # do your processing here...
for evdata in event.iter_events(match_type = 'regex',
tag = 'custom/.*'):
# do your processing here...
And an example of listening local events on a Windows system:
.. code-block:: python
# Job on minion
import salt.utils.event
opts = salt.config.minion_config(salt.minion.DEFAULT_MINION_OPTS)
event = salt.utils.event.MinionEvent(opts)
for evdata in event.iter_events(match_type = 'regex',
tag = 'custom/.*'):
# do your processing here...
.. code-block:: bash
@ -231,10 +248,10 @@ done at the CLI:
caller = salt.client.Caller()
caller.sminion.functions['event.send'](
'myco/myevent/success',
{
'success': True,
'message': "It works!",
}
)
ret = called.cmd('event.send',
'myco/event/success'
{ 'success': True,
'message': "It works!" })
if not ret:
# the event could not be sent, process the error here

Some files were not shown because too many files have changed in this diff Show More