valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-08 09:23:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'develop' into feature-parallel-runners

Browse Source
This commit is contained in:
Mike Place 2017-09-28 14:21:13 +02:00 committed by GitHub
commit eb89973696
2387 changed files with 183413 additions and 70453 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
.github/CODEOWNERS vendored Normal file
View File

@ -0,0 +1,60 @@
# SALTSTACK CODE OWNERS
# See https://help.github.com/articles/about-codeowners/
# for more info about CODEOWNERS file
# Lines starting with '#' are comments.
# Each line is a file pattern followed by one or more owners.
# See https://help.github.com/articles/about-codeowners/
# for more info about the CODEOWNERS file
# Team Boto
salt/**/*boto* @saltstack/team-boto
# Team Core
salt/auth/ @saltstack/team-core
salt/cache/ @saltstack/team-core
salt/cli/ @saltstack/team-core
salt/client/* @saltstack/team-core
salt/config/* @saltstack/team-core
salt/daemons/ @saltstack/team-core
salt/pillar/ @saltstack/team-core
salt/loader.py @saltstack/team-core
salt/payload.py @saltstack/team-core
salt/**/master* @saltstack/team-core
salt/**/minion* @saltstack/team-core
# Team Cloud
salt/cloud/ @saltstack/team-cloud
salt/utils/openstack/ @saltstack/team-cloud
salt/utils/aws.py @saltstack/team-cloud
salt/**/*cloud* @saltstack/team-cloud
# Team NetAPI
salt/cli/api.py @saltstack/team-netapi
salt/client/netapi.py @saltstack/team-netapi
salt/netapi/ @saltstack/team-netapi
# Team Network
salt/proxy/ @saltstack/team-proxy
# Team SPM
salt/cli/spm.py @saltstack/team-spm
salt/spm/ @saltstack/team-spm
# Team SSH
salt/cli/ssh.py @saltstack/team-ssh
salt/client/ssh/ @saltstack/team-ssh
salt/runners/ssh.py @saltstack/team-ssh
salt/**/thin.py @saltstack/team-ssh
# Team State
salt/state.py @saltstack/team-state
# Team Transport
salt/transport/ @saltstack/team-transport
salt/utils/zeromq.py @saltstack/team-transport
# Team Windows
salt/**/*win* @saltstack/team-windows

39
.github/CONTRIBUTING.rst → .github/CONTRIBUTING.md vendored
View File

@ -7,7 +7,7 @@ License. We cannot accept contributions that already hold a License other
than Apache 2.0 without explicit exception.
Reporting issues
Reporting Issues
================
The Salt issue tracker is used for feature requests and bug reports.
@ -17,15 +17,16 @@ Bugs
A bug is a *demonstrable problem* that is caused by the code in the repository.
Please read the following guidelines before you `report an issue`_
Please read the following guidelines before you
[report an issue](https://github.com/saltstack/salt/issues).
1. **Use the GitHub issue search** -- check if the issue has
already been reported. If it has been, please comment on the existing issue.
2. **Check if the issue has been fixed** — Various point-release branches, such
as ``2015.5``, ``2015.8``, ``2016.3``, or even ``develop``, may already contain
a fix. Please try to reproduce the bug against the latest git HEAD or the latest
release.
as ``2016.3``, ``2016.11``, or even ``develop``, may already contain
a fix. Please try to reproduce the bug against the latest git ``HEAD`` or
the latest release.
3. **Isolate the demonstrable problem** -- make sure that the
code in the project's repository is *definitely* responsible for the issue.
@ -41,7 +42,7 @@ assess and fix any potential bugs.
**Including the output of** ``salt --versions-report`` **will always help.**
Valid bugs will be categorized for the next release and worked on as quickly
as resources can be reasonably allocated
as resources can be reasonably allocated.
Features
--------
@ -65,25 +66,23 @@ reason to ask first.
Fixing issues
=============
If you wish to help us fix the issue you're reporting, `Salt's documentation`_
If you wish to help us fix the issue you're reporting,
[Salt's documentation](http://docs.saltstack.com/en/latest/index.html)
already includes information to help you setup a development environment,
under `Developing Salt`_.
under [Developing Salt](http://docs.saltstack.com/en/latest/topics/development/hacking.html).
`SaltStack's Contributing documentation`_ is also helpful, as it explains
sending in pull requests, keeping your salt branches in sync, and knowing
`which branch`_ new features or bug fixes should be submitted against.
[SaltStack's Contributing documentation](https://docs.saltstack.com/en/latest/topics/development/contributing.html)
is also helpful, as it explains sending in pull requests, keeping your
salt branches in sync, and knowing
[which branch](https://docs.saltstack.com/en/latest/topics/development/contributing.html#which-salt-branch)
new features or bug fixes should be submitted against.
Fix the issue you have in hands, if possible also add a test case to Salt's
testing suite, create a `pull request`_, and **that's it**!
Fix the issue you have in hand and, if possible, also add a test case to Salt's
testing suite. Then, create a
[pull request](http://docs.saltstack.com/en/latest/topics/development/contributing.html#sending-a-github-pull-request),
and **that's it**!
Salt's development team will review your fix and if everything is OK, your fix
will be merged into Salt's code.
.. _`report an issue`: https://github.com/saltstack/salt/issues
.. _`Salt's documentation`: http://docs.saltstack.com/en/latest/index.html
.. _`Developing Salt`: http://docs.saltstack.com/en/latest/topics/development/hacking.html
.. _`pull request`: http://docs.saltstack.com/en/latest/topics/development/contributing.html#sending-a-github-pull-request
.. _`SaltStack's Contributing documentation`: https://docs.saltstack.com/en/latest/topics/development/contributing.html
.. _`which branch`: https://docs.saltstack.com/en/latest/topics/development/contributing.html#which-salt-branch
.. vim: set fenc=utf-8 spell spl=en:

33
.github/stale.yml vendored Normal file
View File

@ -0,0 +1,33 @@
# Probot Stale configuration file
# Number of days of inactivity before an issue becomes stale
# 1000 is approximately 2 years and 9 months
daysUntilStale: 1000
# Number of days of inactivity before a stale issue is closed
daysUntilClose: 7
# Issues with these labels will never be considered stale
#exemptLabels:
# - pinned
# - security
# Label to use when marking an issue as stale
staleLabel: stale
# Comment to post when marking an issue as stale. Set to `false` to disable
markComment: |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.
# Comment to post when removing the stale label. Set to `false` to disable
unmarkComment: |
Thank you for updating this issue. It is no longer marked as stale.
# Comment to post when closing a stale issue. Set to `false` to disable
closeComment: false
# Limit to only `issues` or `pulls`
only: issues

17
.mention-bot Normal file
View File

@ -0,0 +1,17 @@
{
"alwaysNotifyForPaths": [
{
"name": "ryan-lane",
"files": ["salt/**/*boto*.py"],
"skipTeamPrs": false
},
{
"name": "tkwilliams",
"files": ["salt/**/*boto*.py"],
"skipTeamPrs": false
}
],
"skipTitle": "Merge forward",
"userBlacklist": ["cvrebert", "markusgattol", "olliewalsh", "basepi"]
}

20
.pylintrc
View File

@ -24,7 +24,9 @@ load-plugins=saltpylint.pep8,
saltpylint.fileperms,
saltpylint.py3modernize,
saltpylint.smartup,
saltpylint.minpyver
saltpylint.minpyver,
saltpylint.blacklist,
saltpylint.thirdparty
# Use multiple processes to speed up Pylint.
# Don't bump this values on PyLint 1.4.0 - Know bug that ignores the passed --rcfile
@ -41,11 +43,23 @@ extension-pkg-whitelist=
# Fileperms Lint Plugin Settings
fileperms-default=0644
fileperms-ignore-paths=tests/runtests.py,tests/jenkins*.py,tests/saltsh.py,tests/buildpackage.py
fileperms-ignore-paths=setup.py,tests/runtests.py,tests/jenkins*.py,tests/saltsh.py,tests/buildpackage.py
# Minimum Python Version To Enforce
minimum-python-version = 2.7
# Allowed 3rd-party package imports
allowed-3rd-party-modules = msgpack,
tornado,
yaml,
jinja2,
Crypto,
requests,
libcloud,
zmq,
pytest,
pytestsalt
[MESSAGES CONTROL]
# Only show warnings with the listed confidence levels. Leave empty to show
# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED
@ -60,7 +74,7 @@ confidence=
# can either give multiple identifiers separated by comma (,) or put this
# option multiple times (only on the command line, not in the configuration
# file where it should appear only once).You can also use "--disable=all" to
# disable everything first and then reenable specific checks. For example, if
# disable everything first and then re-enable specific checks. For example, if
# you want to run only the similarities checker, you can use "--disable=all
# --enable=similarities". If you want to run only the classes checker, but have
# no Warning level messages displayed, use"--disable=all --enable=classes

23
.testing.pylintrc
View File

@ -21,7 +21,9 @@ load-plugins=saltpylint.pep8,
saltpylint.fileperms,
saltpylint.py3modernize,
saltpylint.smartup,
saltpylint.minpyver
saltpylint.minpyver,
saltpylint.blacklist,
saltpylint.thirdparty
# Use multiple processes to speed up Pylint.
# Don't bump this values on PyLint 1.4.0 - Know bug that ignores the passed --rcfile
@ -38,11 +40,23 @@ extension-pkg-whitelist=
# Fileperms Lint Plugin Settings
fileperms-default=0644
fileperms-ignore-paths=tests/runtests.py,tests/jenkins*.py,tests/saltsh.py,tests/buildpackage.py
fileperms-ignore-paths=setup.py,tests/runtests.py,tests/jenkins*.py,tests/saltsh.py,tests/buildpackage.py
# Minimum Python Version To Enforce
minimum-python-version = 2.7
# Allowed 3rd-party package imports
allowed-3rd-party-modules = msgpack,
tornado,
yaml,
jinja2,
Crypto,
requests,
libcloud,
zmq,
pytest,
pytestsalt
[MESSAGES CONTROL]
# Only show warnings with the listed confidence levels. Leave empty to show
# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED
@ -57,7 +71,7 @@ confidence=
# can either give multiple identifiers separated by comma (,) or put this
# option multiple times (only on the command line, not in the configuration
# file where it should appear only once).You can also use "--disable=all" to
# disable everything first and then reenable specific checks. For example, if
# disable everything first and then re-enable specific checks. For example, if
# you want to run only the similarities checker, you can use "--disable=all
# --enable=similarities". If you want to run only the classes checker, but have
# no Warning level messages displayed, use"--disable=all --enable=classes
@ -120,7 +134,8 @@ disable=R,
E8265,
E8266,
E8402,
E8731
E8731,
3rd-party-local-module-not-gated
# Disabled:
# R* [refactoring suggestions & reports]

35
.travis.yml
View File

@ -1,35 +0,0 @@
language: python
python:
- '2.6'
- '2.7'
before_install:
- sudo apt-get update
- sudo apt-get install --fix-broken --ignore-missing -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" swig rabbitmq-server ruby python-apt mysql-server libmysqlclient-dev
- (git describe && git fetch --tags) || (git remote add upstream git://github.com/saltstack/salt.git && git fetch --tags upstream)
- pip install mock
- pip install --allow-external http://dl.dropbox.com/u/174789/m2crypto-0.20.1.tar.gz
- pip install --upgrade pep8 'pylint<=1.2.0'
- pip install --upgrade coveralls
- "if [[ $TRAVIS_PYTHON_VERSION == '2.6' ]]; then pip install unittest2 ordereddict; fi"
- pip install git+https://github.com/saltstack/salt-testing.git#egg=SaltTesting
install:
- pip install -r requirements/zeromq.txt -r requirements/cloud.txt
- pip install --allow-all-external -r requirements/opt.txt
before_script:
- "/home/travis/virtualenv/python${TRAVIS_PYTHON_VERSION}/bin/pylint --rcfile=.testing.pylintrc salt/ && echo 'Finished Pylint Check Cleanly' || echo 'Finished Pylint Check With Errors'"
- "/home/travis/virtualenv/python${TRAVIS_PYTHON_VERSION}/bin/pep8 --ignore=E501,E12 salt/ && echo 'Finished PEP-8 Check Cleanly' || echo 'Finished PEP-8 Check With Errors'"
script: "sudo -E /home/travis/virtualenv/python${TRAVIS_PYTHON_VERSION}/bin/python setup.py test --runtests-opts='--run-destructive --sysinfo -v --coverage'"
after_success:
- coveralls
notifications:
irc:
channels: "irc.freenode.org#salt-devel"
on_success: change
on_failure: change

2
AUTHORS
View File

@ -84,6 +84,7 @@ Maxim Burgerhout <maxim@wzzrd.com>
Mickey Malone <mickey.malone@gmail.com>
Michael Steed <msteed@saltstack.com>
Mike Place <mp@saltstack.com>
Mircea Ulinic <mircea@cloudflare.com>
Mitch Anderson <mitch@metauser.net>
Mostafa Hussein <mostafa.hussein91@gmail.com>
Nathaniel Whiteinge <seth@eseth.com>
@ -96,6 +97,7 @@ Pedro Algarvio <pedro@algarvio.me>
Peter Baumgartner
Pierre Carrier <pierre@spotify.com>
Rhys Elsmore <me@rhys.io>
Rafael Caricio <rafael@caricio.com>
Robert Fielding
Sean Channel <pentabular@gmail.com>
Seth House <seth@eseth.com>

0
CONDUCT.md → CODE_OF_CONDUCT.md
View File

12
README.rst
View File

@ -67,10 +67,11 @@ Engage SaltStack
`SaltConf`_, **User Groups and Meetups** - SaltStack has a vibrant and `global
community`_ of customers, users, developers and enthusiasts. Connect with other
Salted folks in your area of the world, or join `SaltConf16`_, the SaltStack
annual user conference, April 19-21 in Salt Lake City. Please let us know if
you would like to start a user group or if we should add your existing
SaltStack user group to this list by emailing: info@saltstack.com
Salted folks in your area of the world, or join `SaltConf`_, the SaltStack
annual user conference held in Salt Lake City. Please visit the `SaltConf`_ site
for details of our next conference. Also, please let us know if you would like
to start a user group or if we should add your existing SaltStack user group to
this list by emailing: info@saltstack.com
**SaltStack Training** - Get access to proprietary `SaltStack education
offerings`_ through instructor-led training offered on-site, virtually or at
@ -89,9 +90,8 @@ services`_ offerings.
* LinkedIn Group - `<https://www.linkedin.com/groups/4877160>`_
* Google+ - `<https://plus.google.com/b/112856352920437801867/+SaltStackInc/posts>`_
.. _SaltConf: http://www.youtube.com/user/saltstack
.. _global community: http://www.meetup.com/pro/saltstack/
.. _SaltConf16: http://saltconf.com/
.. _SaltConf: http://saltconf.com/
.. _SaltStack education offerings: http://saltstack.com/training/
.. _SaltStack Certified Engineer (SSCE): http://saltstack.com/certification/
.. _SaltStack professional services: http://saltstack.com/services/

11
conf/cloud
View File

@ -97,3 +97,14 @@
#
#delete_sshkeys: False
# Whether or not to include grains information in the /etc/salt/minion file
# which is generated when the minion is provisioned. For example...
# grains:
# salt-cloud:
# driver: ec2
# provider: my_ec2:ec2
# profile: micro_ec2
#
# Default: 'True'
#
#enable_cloud_grains: 'True'

2
conf/cloud.providers
View File

@ -3,7 +3,7 @@
# directory is identical.
#my-digitalocean-config:
# driver: digital_ocean
# driver: digitalocean
# client_key: wFGEwgregeqw3435gDger
# api_key: GDE43t43REGTrkilg43934t34qT43t4dgegerGEgg
# location: New York 1

2
conf/cloud.providers.d/digitalocean.conf
View File

@ -1,5 +1,5 @@
#my-digitalocean-config:
# driver: digital_ocean
# driver: digitalocean
# client_key: wFGEwgregeqw3435gDger
# api_key: GDE43t43REGTrkilg43934t34qT43t4dgegerGEgg
# location: New York 1

148
conf/master
View File

@ -59,15 +59,14 @@
# Directory for custom modules. This directory can contain subdirectories for
# each of Salt's module types such as "runners", "output", "wheel", "modules",
# "states", "returners", etc.
#extension_modules: <no default>
# "states", "returners", "engines", "utils", etc.
#extension_modules: /var/cache/salt/master/extmods
# Directory for custom modules. This directory can contain subdirectories for
# each of Salt's module types such as "runners", "output", "wheel", "modules",
# "states", "returners", "engines", etc.
# "states", "returners", "engines", "utils", etc.
# Like 'extension_modules' but can take an array of paths
#module_dirs: <no default>
# - /var/cache/salt/minion/extmods
#module_dirs: []
# Verify and set permissions on configuration directories at startup:
#verify_env: True
@ -91,6 +90,10 @@
# Set the default outputter used by the salt command. The default is "nested".
#output: nested
# To set a list of additional directories to search for salt outputters, set the
# outputter_dirs option.
#outputter_dirs: []
# Set the default output file used by the salt command. Default is to output
# to the CLI and not to a file. Functions the same way as the "--out-file"
# CLI option, only sets this to a single file for all salt commands.
@ -99,6 +102,9 @@
# Return minions that timeout when running commands like test.ping
#show_timeout: True
# Tell the client to display the jid when a job is published.
#show_jid: False
# By default, output is colored. To disable colored output, set the color value
# to False.
#color: True
@ -133,6 +139,14 @@
# Cache subsystem module to use for minion data cache.
#cache: localfs
# Enables a fast in-memory cache booster and sets the expiration time.
#memcache_expire_seconds: 0
# Set a memcache limit in items (bank + key) per cache storage (driver + driver_opts).
#memcache_max_items: 1024
# Each time a cache storage got full cleanup all the expired items not just the oldest one.
#memcache_full_cleanup: False
# Enable collecting the memcache stats and log it on `debug` log level.
#memcache_debug: False
# Store all returns in the given returner.
# Setting this option requires that any returner-specific configuration also
@ -186,6 +200,9 @@
# a previous deleted minion ID.
#preserve_minion_cache: False
# Allow or deny minions from requesting their own key revocation
#allow_minion_key_revoke: True
# If max_minions is used in large installations, the master might experience
# high-load situations because of having to check the number of connected
# minions for every authentication. This cache provides the minion-ids of
@ -271,9 +288,34 @@
# a value for you. Default is disabled.
# ipc_write_buffer: 'dynamic'
# These two batch settings, batch_safe_limit and batch_safe_size, are used to
# automatically switch to a batch mode execution. If a command would have been
# sent to more than <batch_safe_limit> minions, then run the command in
# batches of <batch_safe_size>. If no batch_safe_size is specified, a default
# of 8 will be used. If no batch_safe_limit is specified, then no automatic
# batching will occur.
#batch_safe_limit: 100
#batch_safe_size: 8
##### Security settings #####
##########################################
# Enable passphrase protection of Master private key. Although a string value
# is acceptable; passwords should be stored in an external vaulting mechanism
# and retrieved via sdb. See https://docs.saltstack.com/en/latest/topics/sdb/.
# Passphrase protection is off by default but an example of an sdb profile and
# query is as follows.
# masterkeyring:
# driver: keyring
# service: system
#
# key_pass: sdb://masterkeyring/key_pass
# Enable passphrase protection of the Master signing_key. This only applies if
# master_sign_pubkey is set to True. This is disabled by default.
# master_sign_pubkey: True
# signing_key_pass: sdb://masterkeyring/signing_pass
# Enable "open mode", this mode still maintains encryption, but turns off
# authentication, this is only intended for highly secure environments or for
# the situation where your keys end up in a bad state. If you run in open mode
@ -284,6 +326,9 @@
# public keys from the minions. Note that this is insecure.
#auto_accept: False
# The size of key that should be generated when creating new keys.
#keysize: 2048
# Time in minutes that an incoming public key with a matching name found in
# pki_dir/minion_autosign/keyid is automatically accepted. Expired autosign keys
# are removed when the master checks the minion_autosign directory.
@ -362,6 +407,15 @@
#
#token_expire_user_override: False
# Set to True to enable keeping the calculated user's auth list in the token
# file. This is disabled by default and the auth list is calculated or requested
# from the eauth driver each time.
#keep_acl_in_token: False
# Auth subsystem module to use to get authorized access list for a user. By default it's
# the same module used for external authentication.
#eauth_acl_module: django
# Allow minions to push files to the master. This is disabled by default, for
# security purposes.
#file_recv: False
@ -385,6 +439,20 @@
# will cause minion to throw an exception and drop the message.
# sign_pub_messages: False
# Signature verification on messages published from minions
# This requires that minions cryptographically sign the messages they
# publish to the master. If minions are not signing, then log this information
# at loglevel 'INFO' and drop the message without acting on it.
# require_minion_sign_messages: False
# The below will drop messages when their signatures do not validate.
# Note that when this option is False but `require_minion_sign_messages` is True
# minions MUST sign their messages but the validity of their signatures
# is ignored.
# These two config options exist so a Salt infrastructure can be moved
# to signing minion messages gradually.
# drop_messages_signature_fail: False
# Use TLS/SSL encrypted connection between master and minion.
# Can be set to a dictionary containing keyword arguments corresponding to Python's
# 'ssl.wrap_socket' method.
@ -411,6 +479,27 @@
# - /etc/salt/roster.d
# - /opt/salt/some/more/rosters
# The ssh password to log in with.
#ssh_passwd: ''
#The target system's ssh port number.
#ssh_port: 22
# Comma-separated list of ports to scan.
#ssh_scan_ports: 22
# Scanning socket timeout for salt-ssh.
#ssh_scan_timeout: 0.01
# Boolean to run command via sudo.
#ssh_sudo: False
# Number of seconds to wait for a response when establishing an SSH connection.
#ssh_timeout: 60
# The user to log in as.
#ssh_user: root
# The log file of the salt-ssh command:
#ssh_log_file: /var/log/salt/ssh
@ -424,6 +513,18 @@
# authentication with minions
#ssh_use_home_key: False
# Set this to True to default salt-ssh to run with ``-o IdentitiesOnly=yes``.
# This option is intended for situations where the ssh-agent offers many
# different identities and allows ssh to ignore those identities and use the
# only one specified in options.
#ssh_identities_only: False
# List-only nodegroups for salt-ssh. Each group must be formed as either a
# comma-separated list, or a YAML list. This option is useful to group minions
# into easy-to-target groups when using salt-ssh. These groups can then be
# targeted with the normal -N argument to salt-ssh.
#ssh_list_nodegroups: {}
##### Master Module Management #####
##########################################
# Manage how master side modules are loaded.
@ -431,6 +532,9 @@
# Add any additional locations to look for master runners:
#runner_dirs: []
# Add any additional locations to look for master utils:
#utils_dirs: []
# Enable Cython for master side modules:
#cython_enable: False
@ -492,6 +596,11 @@
# If set to 'changes', the output will be full unless the state didn't change.
#state_output: full
# The state_output_diff setting changes whether or not the output from
# successful states is returned. Useful when even the terse output of these
# states is cluttering the logs. Set it to True to ignore them.
#state_output_diff: False
# Automatically aggregate all states that have support for mod_aggregate by
# setting to 'True'. Or pass a list of state module names to automatically
# aggregate just those types.
@ -532,6 +641,10 @@
# - /srv/salt
#
# The master_roots setting configures a master-only copy of the file_roots dictionary,
# used by the state compiler.
#master_roots: /srv/salt-master
# When using multiple environments, each with their own top file, the
# default behaviour is an unordered merge. To prevent top files from
# being merged together and instead to only use the top file from the
@ -549,11 +662,11 @@
#default_top: base
# The hash_type is the hash to use when discovering the hash of a file on
# the master server. The default is md5 but sha1, sha224, sha256, sha384
# and sha512 are also supported.
# the master server. The default is sha256, but md5, sha1, sha224, sha384 and
# sha512 are also supported.
#
# WARNING: While md5 is also supported, do not use it due to the high chance
# of possible collisions and thus security breach.
# WARNING: While md5 and sha1 are also supported, do not use them due to the
# high chance of possible collisions and thus security breach.
#
# Prior to changing this value, the master should be stopped and all Salt
# caches should be cleared.
@ -857,7 +970,7 @@
#pillar_cache_ttl: 3600
# If and only if a master has set `pillar_cache: True`, one of several storage providers
# can be utililzed.
# can be utilized.
#
# `disk`: The default storage backend. This caches rendered pillars to the master cache.
# Rendered pillars are serialized and deserialized as msgpack structures for speed.
@ -876,6 +989,21 @@
#pillar_cache_backend: disk
###### Reactor Settings #####
###########################################
# Define a salt reactor. See https://docs.saltstack.com/en/latest/topics/reactor/
#reactor: []
#Set the TTL for the cache of the reactor configuration.
#reactor_refresh_interval: 60
#Configure the number of workers for the runner/wheel in the reactor.
#reactor_worker_threads: 10
#Define the queue size for workers in the reactor.
#reactor_worker_hwm: 10000
##### Syndic settings #####
##########################################
# The Salt syndic is used to pass commands through a master from a higher

63
conf/minion
View File

@ -151,7 +151,11 @@
# Set the default outputter used by the salt-call command. The default is
# "nested".
#output: nested
#
# To set a list of additional directories to search for salt outputters, set the
# outputter_dirs option.
#outputter_dirs: []
# By default output is colored. To disable colored output, set the color value
# to False.
#color: True
@ -161,7 +165,7 @@
# strip_colors: False
# Backup files that are replaced by file.managed and file.recurse under
# 'cachedir'/file_backups relative to their original location and appended
# 'cachedir'/file_backup relative to their original location and appended
# with a timestamp. The only valid setting is "minion". Disabled by default.
#
# Alternatively this can be specified for each file in state files:
@ -193,6 +197,15 @@
# The wait-time will be a random number of seconds between 0 and the defined value.
#random_reauth_delay: 60
# To avoid overloading a master when many minions startup at once, a randomized
# delay may be set to tell the minions to wait before connecting to the master.
# This value is the number of seconds to choose from for a random number. For
# example, setting this value to 60 will choose a random number of seconds to delay
# on startup between zero seconds and sixty seconds. Setting to '0' will disable
# this feature.
#random_startup_delay: 0
# When waiting for a master to accept the minion's public key, salt will
# continuously attempt to reconnect until successful. This is the timeout value,
# in seconds, for each individual attempt. After this timeout expires, the minion
@ -222,7 +235,7 @@
# cause sub minion process to restart.
#auth_safemode: False
# Ping Master to ensure connection is alive (minutes).
# Ping Master to ensure connection is alive (seconds).
#ping_interval: 0
# To auto recover minions if master changes IP address (DDNS)
@ -360,6 +373,9 @@
# interface: eth0
# cidr: '10.0.0.0/8'
# The number of minutes between mine updates.
#mine_interval: 60
# Windows platforms lack posix IPC and must rely on slower TCP based inter-
# process communications. Set ipc_mode to 'tcp' on such systems
#ipc_mode: ipc
@ -574,14 +590,11 @@
#fileserver_limit_traversal: False
# The hash_type is the hash to use when discovering the hash of a file on
# the local fileserver. The default is md5, but sha1, sha224, sha256, sha384
# the local fileserver. The default is sha256, but md5, sha1, sha224, sha384
# and sha512 are also supported.
#
# WARNING: While md5 and sha1 are also supported, do not use it due to the high chance
# of possible collisions and thus security breach.
#
# WARNING: While md5 is also supported, do not use it due to the high chance
# of possible collisions and thus security breach.
# WARNING: While md5 and sha1 are also supported, do not use them due to the
# high chance of possible collisions and thus security breach.
#
# Warning: Prior to changing this value, the minion should be stopped and all
# Salt caches should be cleared.
@ -607,6 +620,9 @@
# you do so at your own risk!
#open_mode: False
# The size of key that should be generated when creating new keys.
#keysize: 2048
# Enable permissive access to the salt keys. This allows you to run the
# master or minion as root, but have a non-root group be given access to
# your pki_dir. To make the access explicit, root must belong to the group
@ -648,12 +664,37 @@
# ssl_version: PROTOCOL_TLSv1_2
###### Reactor Settings #####
###########################################
# Define a salt reactor. See https://docs.saltstack.com/en/latest/topics/reactor/
#reactor: []
#Set the TTL for the cache of the reactor configuration.
#reactor_refresh_interval: 60
#Configure the number of workers for the runner/wheel in the reactor.
#reactor_worker_threads: 10
#Define the queue size for workers in the reactor.
#reactor_worker_hwm: 10000
###### Thread settings #####
###########################################
# Disable multiprocessing support, by default when a minion receives a
# publication a new process is spawned and the command is executed therein.
#
# WARNING: Disabling multiprocessing may result in substantial slowdowns
# when processing large pillars. See https://github.com/saltstack/salt/issues/38758
# for a full explanation.
#multiprocessing: True
# Limit the maximum amount of processes or threads created by salt-minion.
# This is useful to avoid resource exhaustion in case the minion receives more
# publications than it is able to handle, as it limits the number of spawned
# processes or threads. -1 is the default and disables the limit.
#process_count_max: -1
##### Logging settings #####
##########################################
@ -736,6 +777,10 @@
#
#zmq_monitor: False
# Number of times to try to authenticate with the salt master when reconnecting
# to the master
#tcp_authentication_retries: 5
###### Module configuration #####
###########################################
# Salt allows for modules to be passed arbitrary configuration data, any data

24
conf/proxy
View File

@ -28,9 +28,29 @@
# dictionary. Otherwise it is assumed that the module calls the grains
# function in a custom way and returns the data elsewhere
#
# Default to False for 2016.3 and 2016.11. Switch to True for Nitrogen.
# Default to False for 2016.3 and 2016.11. Switch to True for 2017.7.0.
# proxy_merge_grains_in_module: True
# If a proxymodule has a function called 'alive' returning a boolean
# flag reflecting the state of the connection with the remove device,
# when this option is set as True, a scheduled job on the proxy will
# try restarting the connection. The polling frequency depends on the
# next option, 'proxy_keep_alive_interval'. Added in 2017.7.0.
# proxy_keep_alive: True
# The polling interval (in minutes) to check if the underlying connection
# with the remote device is still alive. This option requires
# 'proxy_keep_alive' to be configured as True and the proxymodule to
# implement the 'alive' function. Added in 2017.7.0.
# proxy_keep_alive_interval: 1
# By default, any proxy opens the connection with the remote device when
# initialized. Some proxymodules allow through this option to open/close
# the session per command. This requires the proxymodule to have this
# capability. Please consult the documentation to see if the proxy type
# used can be that flexible. Added in 2017.7.0.
# proxy_always_alive: True
# If multiple masters are specified in the 'master' setting, the default behavior
# is to always try to connect to them in the order they are listed. If random_master is
# set to True, the order will be randomized instead. This can be helpful in distributing
@ -119,7 +139,7 @@
# strip_colors: False
# Backup files that are replaced by file.managed and file.recurse under
# 'cachedir'/file_backups relative to their original location and appended
# 'cachedir'/file_backup relative to their original location and appended
# with a timestamp. The only valid setting is "minion". Disabled by default.
#
# Alternatively this can be specified for each file in state files:

1230
conf/suse/master Normal file
View File

File diff suppressed because it is too large Load Diff

59
doc/Makefile
View File

@ -9,11 +9,6 @@ BUILDDIR = _build
SPHINXLANG =
XELATEX = xelatex
# User-friendly check for sphinx-build
ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1)
$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/)
endif
# ----- Translations Support ------------------------------------------------>
# If language is set, also set translation options
ifeq ($(shell [ "x$(SPHINXLANG)" != "x" ] && echo 0 || echo 1), 0)
@ -36,7 +31,7 @@ ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(TRANSLATIONOPTS
# the i18n builder cannot share the environment and doctrees with the others
I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext translations download-translations
.PHONY: help clean check_sphinx-build html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext translations download-translations
help:
@echo "Please use \`make <target>' where <target> is one of"
@ -69,38 +64,42 @@ clean:
rm -rf $(BUILDDIR)/*
test -d 'locale' && find locale/ -name *.mo -exec rm {} \; || true
html: translations
# User-friendly check for sphinx-build
check_sphinx-build:
@which $(SPHINXBUILD) >/dev/null 2>&1 || (echo "The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/)" >&2; false)
html: check_sphinx-build translations
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
dirhtml: translations
dirhtml: check_sphinx-build translations
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
singlehtml: translations
singlehtml: check_sphinx-build translations
$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
@echo
@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
pickle: translations
pickle: check_sphinx-build translations
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
@echo
@echo "Build finished; now you can process the pickle files."
json: translations
json: check_sphinx-build translations
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
@echo
@echo "Build finished; now you can process the JSON files."
htmlhelp: translations
htmlhelp: check_sphinx-build translations
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
@echo
@echo "Build finished; now you can run HTML Help Workshop with the" \
".hhp project file in $(BUILDDIR)/htmlhelp."
qthelp: translations
qthelp: check_sphinx-build translations
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
@echo
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
@ -109,7 +108,7 @@ qthelp: translations
@echo "To view the help file:"
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/Salt.qhc"
devhelp: translations
devhelp: check_sphinx-build translations
$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
@echo
@echo "Build finished."
@ -118,31 +117,31 @@ devhelp: translations
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/Salt"
@echo "# devhelp"
epub: translations
epub: check_sphinx-build translations
$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
@echo
@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
latex: translations
latex: check_sphinx-build translations
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
@echo "Run \`make' in that directory to run these through (pdf)latex" \
"(use \`make latexpdf' here to do that automatically)."
latexpdf: translations
latexpdf: check_sphinx-build translations
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through pdflatex..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
latexpdfja: translations
latexpdfja: check_sphinx-build translations
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through platex and dvipdfmx..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf-ja
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
pdf: translations
pdf: check_sphinx-build translations
@if [ "$(XELATEX)" = "xelatex" ] || [ "x$(XELATEX)" = "x" ]; then \
echo "The '$(XELATEX)' command was not found."; \
fi
@ -157,62 +156,62 @@ cheatsheet: translations
cd cheatsheet && xelatex salt.tex && cp salt.pdf ../salt-cheatsheet.pdf
@echo "./salt-cheatsheet.pdf created."
text: translations
text: check_sphinx-build translations
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
@echo
@echo "Build finished. The text files are in $(BUILDDIR)/text."
man: translations
man: check_sphinx-build translations
$(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
@echo
@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
texinfo: translations
texinfo: check_sphinx-build translations
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo
@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
@echo "Run \`make' in that directory to run these through makeinfo" \
"(use \`make info' here to do that automatically)."
info: translations
info: check_sphinx-build translations
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo "Running Texinfo files through makeinfo..."
make -C $(BUILDDIR)/texinfo info
@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
gettext:
gettext: check_sphinx-build
$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
@echo
@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale"
changes: translations
changes: check_sphinx-build translations
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
@echo
@echo "The overview file is in $(BUILDDIR)/changes."
spelling:
spelling: check_sphinx-build
$(SPHINXBUILD) -b spelling $(ALLSPHINXOPTS) $(BUILDDIR)/spelling
@echo
@echo "Spell check complete; look for any errors in the above output " \
"or in $(BUILDDIR)/spelling/output.txt."
linkcheck:
linkcheck: check_sphinx-build
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
@echo
@echo "Link check complete; look for any errors in the above output " \
"or in $(BUILDDIR)/linkcheck/output.txt."
doctest:
doctest: check_sphinx-build
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
@echo "Testing of doctests in the sources finished, look at the " \
"results in $(BUILDDIR)/doctest/output.txt."
xml: translations
xml: check_sphinx-build translations
$(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml
@echo
@echo "Build finished. The XML files are in $(BUILDDIR)/xml."
pseudoxml: translations
pseudoxml: check_sphinx-build translations
$(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml
@echo
@echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml."

4
doc/_ext/saltdomain.py
View File

@ -305,5 +305,9 @@ def setup(app):
indextemplate="pair: %s; conf/master")
app.add_crossref_type(directivename="conf_minion", rolename="conf_minion",
indextemplate="pair: %s; conf/minion")
app.add_crossref_type(directivename="conf_proxy", rolename="conf_proxy",
indextemplate="pair: %s; conf/proxy")
app.add_crossref_type(directivename="conf_log", rolename="conf_log",
indextemplate="pair: %s; conf/logging")
app.add_crossref_type(directivename="jinja_ref", rolename="jinja_ref",
indextemplate="pair: %s; jinja filters")

BIN
doc/_static/napalm_logo.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

5
doc/_themes/saltstack2/layout.html vendored
View File

@ -164,6 +164,9 @@
<!--start navbar-->
<div class="row">
<div class="col-sm-12 col-md-11 col-md-offset-1 col-lg-10 col-lg-offset-1">
<nav class="pull-left text-muted">
<a href="https://github.com/saltstack/salt/edit/develop/doc/{{pagename}}.rst">Edit on GitHub</a>
</nav>
<nav id="localnav">
<ul class="nav navbar-nav">
{%- block relbar_small %}{{ relbar() }}{% endblock %}
@ -252,8 +255,8 @@
<div class="col-sm-6">
<a href="https://saltstack.com/support" target="_blank"><img class="nolightbox footer-banner center" src="{{ pathto('_static/images/footer-support.png', 1) }}"/></a>
<a href="https://saltstack.com/saltstack-enterprise/" target="_blank"><img class="nolightbox footer-banner center" src="{{ pathto('_static/images/enterprise_ad.jpg', 1) }}"/></a>
<a href="http://saltconf.com" target="_blank"><img class="nolightbox footer-banner center" src="{{ pathto('_static/images/DOCBANNER.jpg', 1) }}"/></a>
</div>

BIN
doc/_themes/saltstack2/static/images/DOCBANNER.jpg vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 790 KiB

28
doc/conf.py
View File

@ -26,7 +26,7 @@ class Mock(object):
'''
def __init__(self, mapping=None, *args, **kwargs):
"""
Mapping allows to bypass the Mock object, but actually assign
Mapping allows autodoc to bypass the Mock object, but actually assign
a specific value, expected by a specific attribute returned.
"""
self.__mapping = mapping or {}
@ -72,6 +72,7 @@ MOCK_MODULES = [
'Crypto.Signature',
'Crypto.Signature.PKCS1_v1_5',
'M2Crypto',
'msgpack',
'yaml',
'yaml.constructor',
'yaml.nodes',
@ -244,9 +245,9 @@ on_saltstack = 'SALT_ON_SALTSTACK' in os.environ
project = 'Salt'
version = salt.version.__version__
latest_release = '2016.11.2' # latest release
previous_release = '2016.3.5' # latest release from previous branch
previous_release_dir = '2016.3' # path on web server for previous branch
latest_release = '2017.7.1' # latest release
previous_release = '2016.11.7' # latest release from previous branch
previous_release_dir = '2016.11' # path on web server for previous branch
next_release = '' # next release
next_release_dir = '' # path on web server for next release branch
@ -319,11 +320,21 @@ rst_prolog = """\
.. _`salt-packagers`: https://groups.google.com/forum/#!forum/salt-packagers
.. |windownload| raw:: html
<p>x86: <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-x86-Setup.exe"><strong>Salt-Minion-{release}-x86-Setup.exe</strong></a>
| <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-x86-Setup.exe.md5"><strong>md5</strong></a></p>
<p>Python2 x86: <a
href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py2-x86-Setup.exe"><strong>Salt-Minion-{release}-x86-Setup.exe</strong></a>
| <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py2-x86-Setup.exe.md5"><strong>md5</strong></a></p>
<p>Python2 AMD64: <a
href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py2-AMD64-Setup.exe"><strong>Salt-Minion-{release}-AMD64-Setup.exe</strong></a>
| <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py2-AMD64-Setup.exe.md5"><strong>md5</strong></a></p>
<p>Python3 x86: <a
href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py3-x86-Setup.exe"><strong>Salt-Minion-{release}-x86-Setup.exe</strong></a>
| <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py3-x86-Setup.exe.md5"><strong>md5</strong></a></p>
<p>Python3 AMD64: <a
href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py3-AMD64-Setup.exe"><strong>Salt-Minion-{release}-AMD64-Setup.exe</strong></a>
| <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-Py3-AMD64-Setup.exe.md5"><strong>md5</strong></a></p>
<p>AMD64: <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-AMD64-Setup.exe"><strong>Salt-Minion-{release}-AMD64-Setup.exe</strong></a>
| <a href="https://repo.saltstack.com/windows/Salt-Minion-{release}-AMD64-Setup.exe.md5"><strong>md5</strong></a></p>
.. |osxdownload| raw:: html
@ -504,6 +515,7 @@ epub_copyright = copyright
epub_scheme = 'URL'
epub_identifier = 'http://saltstack.com/'
epub_tocdup = False
#epub_tocdepth = 3

2
doc/contents.rst
View File

@ -18,6 +18,7 @@ Salt Table of Contents
topics/ssh/index
topics/cloud/index
topics/proxyminion/index
topics/network_automation/index
topics/virt/index
ref/cli/index
ref/index
@ -27,3 +28,4 @@ Salt Table of Contents
topics/windows/index
topics/development/index
topics/releases/index
topics/venafi/index

172
doc/faq.rst
View File

@ -147,7 +147,7 @@ should be opened on our tracker_, with the following information:
Why aren't my custom modules/states/etc. available on my Minions?
-----------------------------------------------------------------
Custom modules are synced to Minions when
Custom modules are synced to Minions when
:mod:`saltutil.sync_modules <salt.modules.saltutil.sync_modules>`,
or :mod:`saltutil.sync_all <salt.modules.saltutil.sync_all>` is run.
Custom modules are also synced by :mod:`state.apply` when run without
@ -166,8 +166,14 @@ Other custom types (renderers, outputters, etc.) have similar behavior, see the
documentation for the :mod:`saltutil <salt.modules.saltutil>` module for more
information.
:ref:`This reactor example <minion-start-reactor>` can be used to automatically
sync custom types when the minion connects to the master, to help with this
chicken-and-egg issue.
Module ``X`` isn't available, even though the shell command it uses is installed. Why?
--------------------------------------------------------------------------------------
This is most likely a PATH issue. Did you custom-compile the software which the
module requires? RHEL/CentOS/etc. in particular override the root user's path
in ``/etc/init.d/functions``, setting it to ``/sbin:/usr/sbin:/bin:/usr/bin``,
@ -184,6 +190,8 @@ PATH using a :mod:`file.symlink <salt.states.file.symlink>` state.
file.symlink:
- target: /usr/local/bin/foo
.. _which-version:
Can I run different versions of Salt on my Master and Minion?
-------------------------------------------------------------
@ -246,86 +254,136 @@ specifying the pillar variable is the same one used for :py:func:`pillar.get
<salt.states.file.managed>` state is only supported in Salt 2015.8.4 and
newer.
What is the best way to restart a Salt daemon using Salt?
---------------------------------------------------------
What is the best way to restart a Salt Minion daemon using Salt after upgrade?
------------------------------------------------------------------------------
Updating the salt-minion package requires a restart of the salt-minion service.
But restarting the service while in the middle of a state run interrupts the
process of the minion running states and sending results back to the master.
It's a tricky problem to solve, and we're working on it, but in the meantime
one way of handling this (on Linux and UNIX-based operating systems) is to use
**at** (a job scheduler which predates cron) to schedule a restart of the
service. **at** is not installed by default on most distros, and requires a
service to be running (usually called **atd**) in order to schedule jobs.
Here's an example of how to upgrade the salt-minion package at the end of a
Salt run, and schedule a service restart for one minute after the package
update completes.
Updating the ``salt-minion`` package requires a restart of the ``salt-minion``
service. But restarting the service while in the middle of a state run
interrupts the process of the Minion running states and sending results back to
the Master. A common way to workaround that is to schedule restarting of the
Minion service using :ref:`masterless mode <masterless-quickstart>` after all
other states have been applied. This allows the minion to keep Minion to Master
connection alive for the Minion to report the final results to the Master, while
the service is restarting in the background.
Linux/Unix
**********
Upgrade without automatic restart
*********************************
.. code-block:: yaml
Doing the Minion upgrade seems to be a simplest state in your SLS file at
first. But the operating systems such as Debian GNU/Linux, Ubuntu and their
derivatives start the service after the package installation by default.
To prevent this, we need to create policy layer which will prevent the Minion
service to restart right after the upgrade:
salt-minion:
.. code-block:: jinja
{%- if grains['os_family'] == 'Debian' %}
Disable starting services:
file.managed:
- name: /usr/sbin/policy-rc.d
- user: root
- group: root
- mode: 0755
- contents:
- '#!/bin/sh'
- exit 101
# do not touch if already exists
- replace: False
- prereq:
- pkg: Upgrade Salt Minion
{%- endif %}
Upgrade Salt Minion:
pkg.installed:
- name: salt-minion
- version: 2014.1.7-3.el6
- version: 2016.11.3{% if grains['os_family'] == 'Debian' %}+ds-1{% endif %}
- order: last
service.running:
Enable Salt Minion:
service.enabled:
- name: salt-minion
- require:
- pkg: salt-minion
cmd.run:
- name: echo service salt-minion restart | at now + 1 minute
- pkg: Upgrade Salt Minion
{%- if grains['os_family'] == 'Debian' %}
Enable starting services:
file.absent:
- name: /usr/sbin/policy-rc.d
- onchanges:
- pkg: salt-minion
- pkg: Upgrade Salt Minion
To ensure that **at** is installed and **atd** is running, the following states
can be used (be sure to double-check the package name and service name for the
distro the minion is running, in case they differ from the example below.
{%- endif %}
.. code-block:: yaml
Restart using states
********************
at:
pkg.installed:
- name: at
service.running:
- name: atd
- enable: True
Now we can apply the workaround to restart the Minion in reliable way.
The following example works on UNIX-like operating systems:
An alternative to using the :program:`atd` daemon is to fork and disown the
process.
.. code-block:: jinja
.. code-block:: yaml
restart_minion:
{%- if grains['os'] != 'Windows' %
Restart Salt Minion:
cmd.run:
- name: |
- name: 'salt-call --local service.restart salt-minion'
- bg: True
- onchanges:
- pkg: Upgrade Salt Minion
{%- endif %}
Note that restarting the ``salt-minion`` service on Windows operating systems is
not always necessary when performing an upgrade. The installer stops the
``salt-minion`` service, removes it, deletes the contents of the ``\salt\bin``
directory, installs the new code, re-creates the ``salt-minion`` service, and
starts it (by default). The restart step **would** be necessary during the
upgrade process, however, if the minion config was edited after the upgrade or
installation. If a minion restart is necessary, the state above can be edited
as follows:
.. code-block:: jinja
Restart Salt Minion:
cmd.run:
{%- if grains['kernel'] == 'Windows' %}
- name: 'C:\salt\salt-call.bat --local service.restart salt-minion'
{%- else %}
- name: 'salt-call --local service.restart salt-minion'
{%- endif %}
- bg: True
- onchanges:
- pkg: Upgrade Salt Minion
However, it requires more advanced tricks to upgrade from legacy version of
Salt (before ``2016.3.0``) on UNIX-like operating systems, where executing
commands in the background is not supported:
.. code-block:: jinja
Restart Salt Minion:
cmd.run:
{%- if grains['kernel'] == 'Windows' %}
- name: 'start powershell "Restart-Service -Name salt-minion"'
{%- else %}
# fork and disown the process
- name: |-
exec 0>&- # close stdin
exec 1>&- # close stdout
exec 2>&- # close stderr
nohup /bin/sh -c 'sleep 10 && salt-call --local service.restart salt-minion' &
- python_shell: True
- order: last
nohup salt-call --local service.restart salt-minion &
{%- endif %}
Windows
*******
Restart using remote executions
*******************************
For Windows machines, restarting the minion can be accomplished using the
following state:
.. code-block:: yaml
schedule-start:
cmd.run:
- name: 'start powershell "Restart-Service -Name salt-minion"'
- order: last
or running immediately from the command line:
Restart the Minion from the command line:
.. code-block:: bash
salt -G kernel:Windows cmd.run 'start powershell "Restart-Service -Name salt-minion"'
salt -G kernel:Windows cmd.run_bg 'C:\salt\salt-call.bat --local service.restart salt-minion'
salt -C 'not G@kernel:Windows' cmd.run_bg 'salt-call --local service.restart salt-minion'
Salting the Salt Master
-----------------------

42
doc/man/salt.7
View File

@ -6093,17 +6093,17 @@ fileserver_list_cache_time: 5
.UNINDENT
.SS \fBhash_type\fP
.sp
Default: \fBmd5\fP
Default: \fBsha256\fP
.sp
The hash_type is the hash to use when discovering the hash of a file on
the master server. The default is md5, but sha1, sha224, sha256, sha384, and
the master server. The default is sha256, but md5, sha1, sha224, sha384, and
sha512 are also supported.
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
hash_type: md5
hash_type: sha256
.ft P
.fi
.UNINDENT
@ -10539,17 +10539,17 @@ fileserver_limit_traversal: False
.UNINDENT
.SS \fBhash_type\fP
.sp
Default: \fBmd5\fP
Default: \fBsha256\fP
.sp
The hash_type is the hash to use when discovering the hash of a file on the
local fileserver. The default is md5, but sha1, sha224, sha256, sha384, and
local fileserver. The default is sha256, but md5, sha1, sha224, sha384, and
sha512 are also supported.
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
hash_type: md5
hash_type: sha256
.ft P
.fi
.UNINDENT
@ -10795,6 +10795,7 @@ cmd_whitelist_glob:
.UNINDENT
.UNINDENT
.SS Thread Settings
.SS \fBmultiprocessing\fP
.sp
Default: \fBTrue\fP
.sp
@ -11776,11 +11777,11 @@ event that an error is introduced in the latest revision of the repo.
#default_top: base
# The hash_type is the hash to use when discovering the hash of a file on
# the master server. The default is md5 but sha1, sha224, sha256, sha384
# and sha512 are also supported.
# the master server. The default is sha256, but md5, sha1, sha224, sha384 and
# sha512 are also supported.
#
# WARNING: While md5 is also supported, do not use it due to the high chance
# of possible collisions and thus security breach.
# WARNING: While md5 and sha1 are also supported, do not use them due to the
# high chance of possible collisions and thus security breach.
#
# Prior to changing this value, the master should be stopped and all Salt
# caches should be cleared.
@ -12459,7 +12460,7 @@ event that an error is introduced in the latest revision of the repo.
# strip_colors: False
# Backup files that are replaced by file.managed and file.recurse under
# \(aqcachedir\(aq/file_backups relative to their original location and appended
# \(aqcachedir\(aq/file_backup relative to their original location and appended
# with a timestamp. The only valid setting is "minion". Disabled by default.
#
# Alternatively this can be specified for each file in state files:
@ -12867,14 +12868,11 @@ event that an error is introduced in the latest revision of the repo.
#fileserver_limit_traversal: False
# The hash_type is the hash to use when discovering the hash of a file on
# the local fileserver. The default is md5, but sha1, sha224, sha256, sha384
# the local fileserver. The default is sha256, but md5, sha1, sha224, sha384
# and sha512 are also supported.
#
# WARNING: While md5 and sha1 are also supported, do not use it due to the high chance
# of possible collisions and thus security breach.
#
# WARNING: While md5 is also supported, do not use it due to the high chance
# of possible collisions and thus security breach.
# WARNING: While md5 and sha1 are also supported, do not use them due to the
# high chance of possible collisions and thus security breach.
#
# Warning: Prior to changing this value, the minion should be stopped and all
# Salt caches should be cleared.
@ -63393,6 +63391,7 @@ them onto a logstash endpoint.
logstash:
host: log.my_network.com
port: 5959
proto: tcp
.UNINDENT
.UNINDENT
.UNINDENT
@ -63402,7 +63401,7 @@ logstash
.UNINDENT
.INDENT 0.0
.TP
.B salt.engines.logstash.start(host, port=5959, tag=\(aqsalt/engine/logstash\(aq)
.B salt.engines.logstash.start(host, port=5959, proto=\(aqtcp\(aq, tag=\(aqsalt/engine/logstash\(aq)
Listen to salt events and forward them to logstash
.UNINDENT
.SS salt.engines.reactor module
@ -68500,6 +68499,9 @@ key id to load with the keyserver argument
.B key_url
URL to a GPG key to add to the APT GPG keyring
.TP
.B key_text
GPG key in string form to add to the APT GPG keyring
.TP
.B consolidate
if \fBTrue\fP, will attempt to de\-dup and consolidate sources
.TP
@ -292069,7 +292071,7 @@ the test method:
.nf
.ft C
import integration
from salttesting.helpers import destructiveTest
from tests.support.helpers import destructiveTest
class PkgTest(integration.ModuleCase):
@destructiveTest
@ -292165,7 +292167,7 @@ can be used
.nf
.ft C
# Import logging handler
from salttesting.helpers import TestsLoggingHandler
from tests.support.helpers import TestsLoggingHandler
# .. inside test
with TestsLoggingHandler() as handler:

1
doc/ref/auth/all/index.rst
View File

@ -19,5 +19,4 @@ auth modules
pki
rest
sharedsecret
stormpath
yubico

6
doc/ref/auth/all/salt.auth.file.rst Normal file
View File

@ -0,0 +1,6 @@
==============
salt.auth.file
==============
.. automodule:: salt.auth.file
:members:

5
doc/ref/auth/all/salt.auth.rest.rst
View File

@ -1,5 +1,6 @@
salt.auth.rest module
=====================
==============
salt.auth.rest
==============
.. automodule:: salt.auth.rest
:members:

6
doc/ref/auth/all/salt.auth.stormpath.rst
View File

@ -1,6 +0,0 @@
===================
salt.auth.stormpath
===================
.. automodule:: salt.auth.stormpath
:members:

2
doc/ref/beacons/all/index.rst
View File

@ -22,6 +22,7 @@ beacon modules
load
log
memusage
napalm_beacon
network_info
network_settings
pkg
@ -32,5 +33,6 @@ beacon modules
service
sh
status
telegram_bot_msg
twilio_txt_msg
wtmp

6
doc/ref/beacons/all/salt.beacons.napalm_beacon.rst Normal file
View File

@ -0,0 +1,6 @@
==========================
salt.beacons.napalm_beacon
==========================
.. automodule:: salt.beacons.napalm_beacon
:members:

6
doc/ref/beacons/all/salt.beacons.telegram_bot_msg.rst Normal file
View File

@ -0,0 +1,6 @@
=============================
salt.beacons.telegram_bot_msg
=============================
.. automodule:: salt.beacons.telegram_bot_msg
:members:

2
doc/ref/cache/all/index.rst vendored
View File

@ -12,4 +12,4 @@ cache modules
localfs
consul
redis
redis_cache

5
doc/ref/cache/all/salt.cache.etcd_cache.rst vendored Normal file
View File

@ -0,0 +1,5 @@
salt.cache.etcd_cache module
=============================
.. automodule:: salt.cache.etcd_cache
:members:

5
doc/ref/cache/all/salt.cache.mysql_cache.rst vendored Normal file
View File

@ -0,0 +1,5 @@
salt.cache.mysql_cache module
=============================
.. automodule:: salt.cache.mysql_cache
:members:

5
doc/ref/cache/all/salt.cache.redis.rst vendored
View File

@ -1,5 +0,0 @@
salt.cache.redis module
========================
.. automodule:: salt.cache.redis_cache
:members:

5
doc/ref/cache/all/salt.cache.redis_cache.rst vendored Normal file
View File

@ -0,0 +1,5 @@
salt.cache.redis_cache module
=============================
.. automodule:: salt.cache.redis_cache
:members:

15
doc/ref/cli/_includes/output-options.rst
View File

@ -33,6 +33,10 @@ Output Options
Write the output to the specified file.
.. option:: --out-file-append, --output-file-append
Append the output to the specified file.
.. option:: --no-color
Disable all colored output
@ -46,3 +50,14 @@ Output Options
``green`` denotes success, ``red`` denotes failure, ``blue`` denotes
changes and success and ``yellow`` denotes a expected future change in configuration.
.. option:: --state-output=STATE_OUTPUT, --state_output=STATE_OUTPUT
Override the configured state_output value for minion
output. One of 'full', 'terse', 'mixed', 'changes' or
'filter'. Default: 'none'.
.. option:: --state-verbose=STATE_VERBOSE, --state_verbose=STATE_VERBOSE
Override the configured state_verbose value for minion
output. Set to True or False. Default: none.

2
doc/ref/cli/salt-cloud.rst
View File

@ -136,7 +136,7 @@ Query Options
.. versionadded:: 2014.7.0
Display a list of configured profiles. Pass in a cloud provider to view
the provider's associated profiles, such as ``digital_ocean``, or pass in
the provider's associated profiles, such as ``digitalocean``, or pass in
``all`` to list all the configured profiles.

54
doc/ref/cli/salt-cp.rst
View File

@ -2,32 +2,49 @@
``salt-cp``
===========
Copy a file to a set of systems
Copy a file or files to one or more minions
Synopsis
========
.. code-block:: bash
salt-cp '*' [ options ] SOURCE DEST
salt-cp '*' [ options ] SOURCE [SOURCE2 SOURCE3 ...] DEST
salt-cp -E '.*' [ options ] SOURCE DEST
salt-cp -E '.*' [ options ] SOURCE [SOURCE2 SOURCE3 ...] DEST
salt-cp -G 'os:Arch.*' [ options ] SOURCE DEST
salt-cp -G 'os:Arch.*' [ options ] SOURCE [SOURCE2 SOURCE3 ...] DEST
Description
===========
Salt copy copies a local file out to all of the Salt minions matched by the
given target.
salt-cp copies files from the master to all of the Salt minions matched by the
specified target expression.
Salt copy is only intended for use with small files (< 100KB). If you need
to copy large files out to minions please use the cp.get_file function.
.. note::
salt-cp uses Salt's publishing mechanism. This means the privacy of the
contents of the file on the wire is completely dependent upon the transport
in use. In addition, if the master or minion is running with debug logging,
the contents of the file will be logged to disk.
Note: salt-cp uses salt's publishing mechanism. This means the privacy of the
contents of the file on the wire is completely dependent upon the transport
in use. In addition, if the salt-master is running with debug logging it is
possible that the contents of the file will be logged to disk.
In addition, this tool is less efficient than the Salt fileserver when
copying larger files. It is recommended to instead use
:py:func:`cp.get_file <salt.modules.cp.get_file>` to copy larger files to
minions. However, this requires the file to be located within one of the
fileserver directories.
.. versionchanged:: 2016.3.7,2016.11.6,2017.7.0
Compression support added, disable with ``-n``. Also, if the destination
path ends in a path separator (i.e. ``/``, or ``\`` on Windows, the
desitination will be assumed to be a directory. Finally, recursion is now
supported, allowing for entire directories to be copied.
.. versionchanged:: 2016.11.7,2017.7.2
Reverted back to the old copy mode to preserve backward compatibility. The
new functionality added in 2016.6.6 and 2017.7.0 is now available using the
``-C`` or ``--chunked`` CLI arguments. Note that compression, recursive
copying, and support for copying large files is only available in chunked
mode.
Options
=======
@ -46,6 +63,19 @@ Options
.. include:: _includes/target-selection.rst
.. option:: -C, --chunked
Use new chunked mode to copy files. This mode supports large files, recursive
directories copying and compression.
.. versionadded:: 2016.11.7,2017.7.2
.. option:: -n, --no-compression
Disable gzip compression in chunked mode.
.. versionadded:: 2016.3.7,2016.11.6,2017.7.0
See also
========

2
doc/ref/cli/salt.rst
View File

@ -81,7 +81,7 @@ Options
Pass in an external authentication medium to validate against. The
credentials will be prompted for. The options are `auto`,
`keystone`, `ldap`, `pam`, and `stormpath`. Can be used with the -T
`keystone`, `ldap`, and `pam`. Can be used with the -T
option.
.. option:: -T, --make-token

4
doc/ref/clouds/all/index.rst
View File

@ -13,7 +13,7 @@ Full list of Salt Cloud modules
aliyun
azurearm
cloudstack
digital_ocean
digitalocean
dimensiondata
ec2
gce
@ -30,7 +30,6 @@ Full list of Salt Cloud modules
proxmox
pyrax
qingcloud
rackspace
saltify
scaleway
softlayer
@ -38,3 +37,4 @@ Full list of Salt Cloud modules
virtualbox
vmware
vultrpy
xen

4
doc/ref/clouds/all/salt.cloud.clouds.digital_ocean.rst
View File

@ -1,6 +1,6 @@
===============================
salt.cloud.clouds.digital_ocean
salt.cloud.clouds.digitalocean
===============================
.. automodule:: salt.cloud.clouds.digital_ocean
.. automodule:: salt.cloud.clouds.digitalocean
:members:

6
doc/ref/clouds/all/salt.cloud.clouds.oneandone.rst Normal file
View File

@ -0,0 +1,6 @@
===========================
salt.cloud.clouds.oneandone
===========================
.. automodule:: salt.cloud.clouds.oneandone
:members:

6
doc/ref/clouds/all/salt.cloud.clouds.rackspace.rst
View File

@ -1,6 +0,0 @@
===========================
salt.cloud.clouds.rackspace
===========================
.. automodule:: salt.cloud.clouds.rackspace
:members:

6
doc/ref/clouds/all/salt.cloud.clouds.xen.rst Normal file
View File

@ -0,0 +1,6 @@
=====================
salt.cloud.clouds.xen
=====================
.. automodule:: salt.cloud.clouds.xen
:members:

10
doc/ref/configuration/examples.rst
View File

@ -22,4 +22,12 @@ Example minion configuration file
=================================
.. literalinclude:: ../../../conf/minion
:language: yaml
:language: yaml
.. _configuration-examples-proxy:
Example proxy minion configuration file
=======================================
.. literalinclude:: ../../../conf/proxy
:language: yaml

13
doc/ref/configuration/index.rst
View File

@ -51,6 +51,19 @@ After updating the configuration file, restart the Salt minion.
See the :ref:`minion configuration reference <configuration-salt-minion>`
for more details about other configurable options.
Proxy Minion Configuration
==========================
A proxy minion emulates the behaviour of a regular minion
and inherits their options.
Similarly, the configuration file is ``/etc/salt/proxy`` and the proxy
tries to connect to the DNS name "salt".
In addition to the regular minion options,
there are several proxy-specific - see the
:ref:`proxy minion configuration reference <configuration-salt-proxy>`.
Running Salt
============

4
doc/ref/configuration/logging/handlers/index.rst
View File

@ -9,5 +9,7 @@ External Logging Handlers
:toctree:
:template: autosummary.rst.tmpl
fluent_mod
log4mongo_mod
logstash_mod
sentry_mod
sentry_mod

5
doc/ref/configuration/logging/handlers/salt.log.handlers.fluent_mod.rst Normal file
View File

@ -0,0 +1,5 @@
============================
salt.log.handlers.fluent_mod
============================
.. automodule:: salt.log.handlers.fluent_mod

5
doc/ref/configuration/logging/handlers/salt.log.handlers.log4mongo_mod.rst Normal file
View File

@ -0,0 +1,5 @@
===============================
salt.log.handlers.log4mongo_mod
===============================
.. automodule:: salt.log.handlers.log4mongo_mod

6
doc/ref/configuration/logging/handlers/salt.log.handlers.logstash_mod.rst
View File

@ -1 +1,5 @@
.. automodule:: salt.log.handlers.logstash_mod
==============================
salt.log.handlers.logstash_mod
==============================
.. automodule:: salt.log.handlers.logstash_mod

6
doc/ref/configuration/logging/handlers/salt.log.handlers.sentry_mod.rst
View File

@ -1 +1,5 @@
.. automodule:: salt.log.handlers.sentry_mod
============================
salt.log.handlers.sentry_mod
============================
.. automodule:: salt.log.handlers.sentry_mod

1269
doc/ref/configuration/master.rst
View File

File diff suppressed because it is too large Load Diff

583
doc/ref/configuration/minion.rst
View File

@ -40,6 +40,33 @@ Default: ``salt``
master: salt
master:port Syntax
~~~~~~~~~~~~~~~~~~
.. versionadded:: 2015.8.0
The ``master`` config option can also be set to use the master's IP in
conjunction with a port number by default.
.. code-block:: yaml
master: localhost:1234
For IPv6 formatting with a port, remember to add brackets around the IP address
before adding the port and enclose the line in single quotes to make it a string:
.. code-block:: yaml
master: '[2001:db8:85a3:8d3:1319:8a2e:370:7348]:1234'
.. note::
If a port is specified in the ``master`` as well as :conf_minion:`master_port`,
the ``master_port`` setting will be overridden by the ``master`` configuration.
List of Masters Syntax
~~~~~~~~~~~~~~~~~~~~~~
The option can also be set to a list of masters, enabling
:ref:`multi-master <tutorial-multi-master>` mode.
@ -81,14 +108,49 @@ The option can also be set to a list of masters, enabling
``ipv6``
--------
Default: ``False``
Default: ``None``
Whether the master should be connected over IPv6.
Whether the master should be connected over IPv6. By default salt minion
will try to automatically detect IPv6 connectivity to master.
.. code-block:: yaml
ipv6: True
.. conf_minion:: master_uri_format
``master_uri_format``
---------------------
.. versionadded:: 2015.8.0
Specify the format in which the master address will be evaluated. Valid options
are ``default`` or ``ip_only``. If ``ip_only`` is specified, then the master
address will not be split into IP and PORT, so be sure that only an IP (or domain
name) is set in the :conf_minion:`master` configuration setting.
.. code-block:: yaml
master_uri_format: ip_only
.. conf_minion:: master_tops_first
``master_tops_first``
---------------------
.. versionadded:: Oxygen
Default: ``False``
SLS targets defined using the :ref:`Master Tops <master-tops-system>` system
are normally executed *after* any matches defined in the :ref:`Top File
<states-top>`. Set this option to ``True`` to have the minion execute the
:ref:`Master Tops <master-tops-system>` states first.
.. code-block:: yaml
master_tops_first: True
.. conf_minion:: master_type
``master_type``
@ -205,9 +267,10 @@ to the next master in the list if it finds the existing one is dead.
Default: ``False``
If :conf_minion:`master` is a list of addresses and :conf_minion`master_type` is ``failover``, shuffle them before trying to
connect to distribute the minions over all available masters. This uses
Python's :func:`random.shuffle <python2:random.shuffle>` method.
If :conf_minion:`master` is a list of addresses and :conf_minion`master_type`
is ``failover``, shuffle them before trying to connect to distribute the
minions over all available masters. This uses Python's :func:`random.shuffle
<python2:random.shuffle>` method.
.. code-block:: yaml
@ -220,9 +283,10 @@ Python's :func:`random.shuffle <python2:random.shuffle>` method.
Default: ``False``
If :conf_minion:`master` is a list of addresses, shuffle them before trying to
connect to distribute the minions over all available masters. This uses
Python's :func:`random.randint <python2:random.randint>` method.
If :conf_minion:`master` is a list of addresses, and :conf_minion`master_type`
is set to ``failover`` shuffle them before trying to connect to distribute the
minions over all available masters. This uses Python's :func:`random.shuffle
<python2:random.shuffle>` method.
.. code-block:: yaml
@ -273,7 +337,7 @@ The user to run the Salt processes
.. conf_minion:: sudo_user
``sudo_user``
--------------
-------------
Default: ``''``
@ -402,6 +466,20 @@ FQDN (for instance, Solaris).
append_domain: foo.org
.. conf_minion:: minion_id_lowercase
``minion_id_lowercase``
-----------------------
Default: ``False``
Convert minion id to lowercase when it is being generated. Helpful when some hosts
get the minion id in uppercase. Cached ids will remain the same and not converted.
.. code-block:: yaml
minion_id_lowercase: True
.. conf_minion:: cachedir
``cachedir``
@ -550,6 +628,26 @@ With ``grains_deep_merge``, the result will be:
k1: v1
k2: v2
.. conf_minion:: grains_refresh_every
``grains_refresh_every``
------------------------
Default: ``0``
The ``grains_refresh_every`` setting allows for a minion to periodically
check its grains to see if they have changed and, if so, to inform the master
of the new grains. This operation is moderately expensive, therefore care
should be taken not to set this value too low.
Note: This value is expressed in minutes.
A value of 10 minutes is a reasonable default.
.. code-block:: yaml
grains_refresh_every: 0
.. conf_minion:: mine_enabled
``mine_enabled``
@ -583,7 +681,7 @@ return for the job cache.
mine_return_job: False
``mine_functions``
-------------------
------------------
Default: Empty
@ -601,6 +699,18 @@ Note these can be defined in the pillar for a minion as well.
interface: eth0
cidr: '10.0.0.0/8'
.. conf_minion:: mine_interval
``mine_interval``
-----------------
Default: ``60``
The number of minutes between mine updates.
.. code-block:: yaml
mine_interval: 60
.. conf_minion:: sock_dir
@ -615,6 +725,19 @@ The directory where Unix sockets will be kept.
sock_dir: /var/run/salt/minion
.. conf_minion:: outputter_dirs
``outputter_dirs``
------------------
Default: ``[]``
A list of additional directories to search for salt outputters in.
.. code-block:: yaml
outputter_dirs: []
.. conf_minion:: backup_mode
``backup_mode``
@ -659,6 +782,20 @@ seconds each iteration.
acceptance_wait_time_max: 0
.. conf_minion:: rejected_retry
``rejected_retry``
------------------
Default: ``False``
If the master rejects the minion's public key, retry instead of exiting.
Rejected keys will be handled the same as waiting on acceptance.
.. code-block:: yaml
rejected_retry: False
.. conf_minion:: random_reauth_delay
``random_reauth_delay``
@ -757,8 +894,40 @@ restart.
auth_safemode: False
.. conf_minion:: ping_interval
``ping_interval``
-----------------
Default: ``0``
Instructs the minion to ping its master(s) every n number of seconds. Used
primarily as a mitigation technique against minion disconnects.
.. code-block:: yaml
ping_interval: 0
.. conf_minion:: recon_default
``random_startup_delay``
------------------------
Default: ``0``
The maximum bound for an interval in which a minion will randomly sleep upon starting
up prior to attempting to connect to a master. This can be used to splay connection attempts
for cases where many minions starting up at once may place undue load on a master.
For example, setting this to ``5`` will tell a minion to sleep for a value between ``0``
and ``5`` seconds.
.. code-block:: yaml
random_startup_delay: 5
.. conf_minion:: random_startup_delay
``recon_default``
-----------------
@ -1057,7 +1226,7 @@ If certain returners should be disabled, this is the place
.. conf_minion:: enable_whitelist_modules
``whitelist_modules``
----------------------------
---------------------
Default: ``[]`` (Module whitelisting is disabled. Adding anything to the config option
will cause only the listed modules to be enabled. Modules not in the list will
@ -1149,6 +1318,20 @@ A list of extra directories to search for Salt renderers
render_dirs:
- /var/lib/salt/renderers
.. conf_minion:: utils_dirs
``utils_dirs``
--------------
Default: ``[]``
A list of extra directories to search for Salt utilities
.. code-block:: yaml
utils_dirs:
- /var/lib/salt/utils
.. conf_minion:: cython_enable
``cython_enable``
@ -1197,10 +1380,27 @@ below.
providers:
service: systemd
``extmod_whitelist/extmod_blacklist``
--------------------
.. conf_minion:: modules_max_memory
.. versionadded:: Nitrogen
``modules_max_memory``
----------------------
Default: ``-1``
Specify a max size (in bytes) for modules on import. This feature is currently
only supported on *nix operating systems and requires psutil.
.. code-block:: yaml
modules_max_memory: -1
.. conf_minion:: extmod_whitelist
.. conf_minion:: extmod_blacklist
``extmod_whitelist/extmod_blacklist``
-------------------------------------
.. versionadded:: 2017.7.0
By using this dictionary, the modules that are synced to the minion's extmod cache using `saltutil.sync_*` can be
limited. If nothing is set to a specific type, then all modules are accepted. To block all modules of a specific type,
@ -1219,9 +1419,10 @@ whitelist an empty list.
modules:
- specific_module
Valid options:
- beacons
- clouds
- sdb
- modules
- states
@ -1365,6 +1566,52 @@ environment lacks one.
default_top: dev
.. conf_minion:: startup_states
``startup_states``
------------------
Default: ``''``
States to run when the minion daemon starts. To enable, set ``startup_states`` to:
- ``highstate``: Execute state.highstate
- ``sls``: Read in the sls_list option and execute the named sls files
- ``top``: Read top_file option and execute based on that file on the Master
.. code-block:: yaml
startup_states: ''
.. conf_minion:: sls_list
``sls_list``
------------
Default: ``[]``
List of states to run when the minion starts up if ``startup_states`` is set to ``sls``.
.. code-block:: yaml
sls_list:
- edit.vim
- hyper
.. conf_minion:: top_file
``top_file``
------------
Default: ``''``
Top file to execute if ``startup_states`` is set to ``top``.
.. code-block:: yaml
top_file: ''
State Management Settings
=========================
@ -1381,7 +1628,7 @@ The default renderer used for local state executions
renderer: yaml_jinja
.. conf_master:: test
.. conf_minion:: test
``test``
--------
@ -1425,6 +1672,22 @@ the output will be shortened to a single line.
state_output: full
.. conf_minion:: state_output_diff
``state_output_diff``
---------------------
Default: ``False``
The state_output_diff setting changes whether or not the output from
successful states is returned. Useful when even the terse output of these
states is cluttering the logs. Set it to True to ignore them.
.. code-block:: yaml
state_output_diff: False
.. conf_minion:: autoload_dynamic_modules
``autoload_dynamic_modules``
@ -1668,7 +1931,7 @@ the pillar environments.
``on_demand_ext_pillar``
------------------------
.. versionadded:: 2016.3.6,2016.11.3,Nitrogen
.. versionadded:: 2016.3.6,2016.11.3,2017.7.0
Default: ``['libvirt', 'virtkey']``
@ -1697,7 +1960,7 @@ external pillars are permitted to be used on-demand using :py:func:`pillar.ext
``decrypt_pillar``
------------------
.. versionadded:: Nitrogen
.. versionadded:: 2017.7.0
Default: ``[]``
@ -1719,7 +1982,7 @@ specified by :conf_minion:`decrypt_pillar_default` will be used.
``decrypt_pillar_delimiter``
----------------------------
.. versionadded:: Nitrogen
.. versionadded:: 2017.7.0
Default: ``:``
@ -1738,7 +2001,7 @@ The delimiter used to distinguish nested data structures in the
``decrypt_pillar_default``
--------------------------
.. versionadded:: Nitrogen
.. versionadded:: 2017.7.0
Default: ``gpg``
@ -1754,7 +2017,7 @@ pillar key in :conf_minion:`decrypt_pillar`.
``decrypt_pillar_renderers``
----------------------------
.. versionadded:: Nitrogen
.. versionadded:: 2017.7.0
Default: ``['gpg']``
@ -1785,7 +2048,7 @@ the environment setting, but for pillar instead of states.
``pillarenv_from_saltenv``
--------------------------
.. versionadded:: Nitrogen
.. versionadded:: 2017.7.0
Default: ``False``
@ -1850,6 +2113,41 @@ It will be interpreted as megabytes.
file_recv_max_size: 100
.. conf_minion:: pass_to_ext_pillars
``pass_to_ext_pillars``
-----------------------
Specify a list of configuration keys whose values are to be passed to
external pillar functions.
Suboptions can be specified using the ':' notation (i.e. ``option:suboption``)
The values are merged and included in the ``extra_minion_data`` optional
parameter of the external pillar function. The ``extra_minion_data`` parameter
is passed only to the external pillar functions that have it explicitly
specified in their definition.
If the config contains
.. code-block:: yaml
opt1: value1
opt2:
subopt1: value2
subopt2: value3
pass_to_ext_pillars:
- opt1
- opt2: subopt1
the ``extra_minion_data`` parameter will be
.. code-block:: python
{'opt1': 'value1',
'opt2': {'subopt1': 'value2'}}
Security Settings
=================
@ -1883,6 +2181,35 @@ before the initial key exchange. The master fingerprint can be found by running
master_finger: 'ba:30:65:2a:d6:9e:20:4f:d8:b2:f3:a7:d4:65:11:13'
.. conf_minion:: keysize
``keysize``
-----------
Default: ``2048``
The size of key that should be generated when creating new keys.
.. code-block:: yaml
keysize: 2048
.. conf_minion:: permissive_pki_access
``permissive_pki_access``
-------------------------
Default: ``False``
Enable permissive access to the salt keys. This allows you to run the
master or minion as root, but have a non-root group be given access to
your pki_dir. To make the access explicit, root must belong to the group
you've given access to. This is potentially quite insecure.
.. code-block:: yaml
permissive_pki_access: False
.. conf_minion:: verify_master_pubkey_sign
``verify_master_pubkey_sign``
@ -1990,7 +2317,7 @@ blocked. If `cmd_whitelist_glob` is NOT SET, then all shell commands are permitt
- 'cat /etc/fstab'
.. conf_master:: ssl
.. conf_minion:: ssl
``ssl``
-------
@ -2016,16 +2343,75 @@ constant names without ssl module prefix: ``CERT_REQUIRED`` or ``PROTOCOL_SSLv23
ssl_version: PROTOCOL_TLSv1_2
Reactor Settings
================
.. conf_minion:: reactor
``reactor``
-----------
Default: ``[]``
Defines a salt reactor. See the :ref:`Reactor <reactor>` documentation for more
information.
.. code-block:: yaml
reactor: []
.. conf_minion:: reactor_refresh_interval
``reactor_refresh_interval``
----------------------------
Default: ``60``
The TTL for the cache of the reactor configuration.
.. code-block:: yaml
reactor_refresh_interval: 60
.. conf_minion:: reactor_worker_threads
``reactor_worker_threads``
--------------------------
Default: ``10``
The number of workers for the runner/wheel in the reactor.
.. code-block:: yaml
reactor_worker_threads: 10
.. conf_minion:: reactor_worker_hwm
``reactor_worker_hwm``
----------------------
Default: ``10000``
The queue size for workers in the reactor.
.. code-block:: yaml
reactor_worker_hwm: 10000
Thread Settings
===============
.. conf_minion:: multiprocessing
``multiprocessing``
-------
Default: ``True``
If `multiprocessing` is enabled when a minion receives a
If ``multiprocessing`` is enabled when a minion receives a
publication a new process is spawned and the command is executed therein.
Conversely, if `multiprocessing` is disabled the new publication will be run
Conversely, if ``multiprocessing`` is disabled the new publication will be run
executed in a thread.
@ -2033,6 +2419,23 @@ executed in a thread.
multiprocessing: True
.. conf_minion:: process_count_max
``process_count_max``
-------
.. versionadded:: Oxygen
Default: ``-1``
Limit the maximum amount of processes or threads created by ``salt-minion``.
This is useful to avoid resource exhaustion in case the minion receives more
publications than it is able to handle, as it limits the number of spawned
processes or threads. ``-1`` is the default and disables the limit.
.. code-block:: yaml
process_count_max: -1
.. _minion-logging-settings:
@ -2210,6 +2613,20 @@ ZeroMQ is installed.
.. conf_minion:: failhard
``tcp_authentication_retries``
------------------------------
Default: ``5``
The number of times to retry authenticating with the salt master when it comes
back online.
Zeromq does a lot to make sure when connections come back online that they
reauthenticate. The tcp transport should try to connect with a new connection
if the old one times out on reauthenticating.
`-1` for infinite tries.
``failhard``
------------
@ -2272,6 +2689,62 @@ option then the minion will log a warning message.
- /etc/roles/webserver
Keepalive Settings
==================
.. conf_minion:: tcp_keepalive
``tcp_keepalive``
-----------------
Default: ``True``
The tcp keepalive interval to set on TCP ports. This setting can be used to tune Salt
connectivity issues in messy network environments with misbehaving firewalls.
.. code-block:: yaml
tcp_keepalive: True
.. conf_minion:: tcp_keepalive_cnt
``tcp_keepalive_cnt``
---------------------
Default: ``-1``
Sets the ZeroMQ TCP keepalive count. May be used to tune issues with minion disconnects.
.. code-block:: yaml
tcp_keepalive_cnt: -1
.. conf_minion:: tcp_keepalive_idle
``tcp_keepalive_idle``
----------------------
Default: ``300``
Sets ZeroMQ TCP keepalive idle. May be used to tune issues with minion disconnects.
.. code-block:: yaml
tcp_keepalive_idle: 300
.. conf_minion:: tcp_keepalive_intvl
``tcp_keepalive_intvl``
-----------------------
Default: ``-1``
Sets ZeroMQ TCP keepalive interval. May be used to tune issues with minion disconnects.
.. code-block:: yaml
tcp_keepalive_intvl': -1
Frozen Build Update Settings
============================
@ -2373,6 +2846,36 @@ out.
winrepo_dir: 'D:\winrepo'
.. conf_minion:: winrepo_dir_ng
``winrepo_dir_ng``
------------------
.. versionadded:: 2015.8.0
A new :ref:`ng <windows-package-manager>` repo was added.
Default: ``/srv/salt/win/repo-ng``
Location on the minion where the :conf_minion:`winrepo_remotes_ng` are checked
out for 2015.8.0 and later minions.
.. code-block:: yaml
winrepo_dir_ng: /srv/salt/win/repo-ng
.. conf_minion:: winrepo_source_dir
``winrepo_source_dir``
----------------------
Default: ``salt://win/repo-ng/``
The source location for the winrepo sls files.
.. code-block:: yaml
winrepo_source_dir: salt://win/repo-ng/
.. conf_minion:: winrepo_cachefile
.. conf_minion:: win_repo_cachefile
@ -2425,3 +2928,33 @@ URL of the repository:
Replace ``<commit_id>`` with the SHA1 hash of a commit ID. Specifying a commit
ID is useful in that it allows one to revert back to a previous version in the
event that an error is introduced in the latest revision of the repo.
.. conf_minion:: winrepo_remotes_ng
``winrepo_remotes_ng``
----------------------
.. versionadded:: 2015.8.0
A new :ref:`ng <windows-package-manager>` repo was added.
Default: ``['https://github.com/saltstack/salt-winrepo-ng.git']``
List of git repositories to checkout and include in the winrepo for
2015.8.0 and later minions.
.. code-block:: yaml
winrepo_remotes_ng:
- https://github.com/saltstack/salt-winrepo-ng.git
To specify a specific revision of the repository, prepend a commit ID to the
URL of the repository:
.. code-block:: yaml
winrepo_remotes_ng:
- '<commit_id> https://github.com/saltstack/salt-winrepo-ng.git'
Replace ``<commit_id>`` with the SHA1 hash of a commit ID. Specifying a commit
ID is useful in that it allows one to revert back to a previous version in the
event that an error is introduced in the latest revision of the repo.

170
doc/ref/configuration/proxy.rst Normal file
View File

@ -0,0 +1,170 @@
.. _configuration-salt-proxy:
=================================
Configuring the Salt Proxy Minion
=================================
The Salt system is amazingly simple and easy to configure. The two components
of the Salt system each have a respective configuration file. The
:command:`salt-master` is configured via the master configuration file, and the
:command:`salt-proxy` is configured via the proxy configuration file.
.. seealso::
:ref:`example proxy minion configuration file <configuration-examples-proxy>`
The Salt Minion configuration is very simple. Typically, the only value that
needs to be set is the master value so the proxy knows where to locate its master.
By default, the salt-proxy configuration will be in :file:`/etc/salt/proxy`.
A notable exception is FreeBSD, where the configuration will be in
:file:`/usr/local/etc/salt/proxy`.
Proxy-specific Configuration Options
====================================
.. conf_proxy:: add_proxymodule_to_opts
``add_proxymodule_to_opts``
---------------------------
.. versionadded:: 2015.8.2
.. versionchanged:: 2016.3.0
Default: ``False``
Add the proxymodule LazyLoader object to opts.
.. code-block:: yaml
add_proxymodule_to_opts: True
.. conf_proxy:: proxy_merge_grains_in_module
``proxy_merge_grains_in_module``
--------------------------------
.. versionadded:: 2016.3.0
.. versionchanged:: 2017.7.0
Default: ``True``
If a proxymodule has a function called ``grains``, then call it during
regular grains loading and merge the results with the proxy's grains
dictionary. Otherwise it is assumed that the module calls the grains
function in a custom way and returns the data elsewhere.
.. code-block:: yaml
proxy_merge_grains_in_module: False
.. conf_proxy:: proxy_keep_alive
``proxy_keep_alive``
--------------------
.. versionadded:: 2017.7.0
Default: ``True``
Whether the connection with the remote device should be restarted
when dead. The proxy module must implement the ``alive`` function,
otherwise the connection is considered alive.
.. code-block:: yaml
proxy_keep_alive: False
.. conf_proxy:: proxy_keep_alive_interval
``proxy_keep_alive_interval``
-----------------------------
.. versionadded:: 2017.7.0
Default: ``1``
The frequency of keepalive checks, in minutes. It requires the
:conf_proxy:`proxy_keep_alive` option to be enabled
(and the proxy module to implement the ``alive`` function).
.. code-block:: yaml
proxy_keep_alive_interval: 5
.. conf_proxy:: proxy_always_alive
``proxy_always_alive``
----------------------
.. versionadded:: 2017.7.0
Default: ``True``
Wheter the proxy should maintain the connection with the remote
device. Similarly to :conf_proxy:`proxy_keep_alive`, this option
is very specific to the design of the proxy module.
When :conf_proxy:`proxy_always_alive` is set to ``False``,
the connection with the remote device is not maintained and
has to be closed after every command.
.. code-block:: yaml
proxy_always_alive: False
``proxy_merge_pillar_in_opts``
------------------------------
.. versionadded:: 2017.7.3
Default: ``False``.
Wheter the pillar data to be merged into the proxy configuration options.
As multiple proxies can run on the same server, we may need different
configuration options for each, while there's one single configuration file.
The solution is merging the pillar data of each proxy minion into the opts.
.. code-block:: yaml
proxy_merge_pillar_in_opts: True
``proxy_deep_merge_pillar_in_opts``
-----------------------------------
.. versionadded:: 2017.7.3
Default: ``False``.
Deep merge of pillar data into configuration opts.
This option is evaluated only when :conf_proxy:`proxy_merge_pillar_in_opts` is
enabled.
``proxy_merge_pillar_in_opts_strategy``
---------------------------------------
.. versionadded:: 2017.7.3
Default: ``smart``.
The strategy used when merging pillar configuration into opts.
This option is evaluated only when :conf_proxy:`proxy_merge_pillar_in_opts` is
enabled.
``proxy_mines_pillar``
----------------------
.. versionadded:: 2017.7.3
Default: ``True``.
Allow enabling mine details using pillar data. This evaluates the mine
configuration under the pillar, for the following regular minion options that
are also equally available on the proxy minion: :conf_minion:`mine_interval`,
and :conf_minion:`mine_functions`.

1
doc/ref/engines/all/index.rst
View File

@ -17,6 +17,7 @@ engine modules
junos_syslog
logentries
logstash
napalm_syslog
reactor
redis_sentinel
slack

6
doc/ref/engines/all/salt.engines.napalm_syslog.rst Normal file
View File

@ -0,0 +1,6 @@
===========================
salt.engines.napalm_syslog
===========================
.. automodule:: salt.engines.napalm_syslog
:members:

2
doc/ref/executors/all/index.rst
View File

@ -1,4 +1,4 @@
.. _all-salt_executors:
.. _all-salt.executors:
=================
executors modules

85
doc/ref/executors/index.rst Normal file
View File

@ -0,0 +1,85 @@
.. _executors:
=========
Executors
=========
Executors are used by minion to execute module functions. Executors can be used
to modify the functions behavior, do any pre-execution steps or execute in a
specific way like sudo executor.
Executors could be passed as a list and they will be used one-by-one in the
order. If an executor returns ``None`` the next one will be called. If an
executor returns non-``None`` the execution sequence is terminated and the
returned value is used as a result. It's a way executor could control modules
execution working as a filter. Note that executor could actually not execute
the function but just do something else and return ``None`` like ``splay``
executor does. In this case some other executor have to be used as a final
executor that will actually execute the function. See examples below.
Executors list could be passed by minion config file in the following way:
.. code-block:: yaml
module_executors:
- splay
- direct_call
splaytime: 30
The same could be done by command line:
.. code-block:: bash
salt -t 40 --module-executors='[splay, direct_call]' --executor-opts='{splaytime: 30}' '*' test.ping
And the same command called via netapi will look like this:
.. code-block:: bash
curl -sSk https://localhost:8000 \
-H 'Accept: application/x-yaml' \
-H 'X-Auth-Token: 697adbdc8fe971d09ae4c2a3add7248859c87079' \
-H 'Content-type: application/json' \
-d '[{
"client": "local",
"tgt": "*",
"fun": "test.ping",
"module_executors": ["splay", "direct_call"],
"executor_opts": {"splaytime": 10}
}]'
.. seealso:: :ref:`The full list of executors <all-salt.executors>`
Writing Salt Executors
----------------------
A Salt executor is written in a similar manner to a Salt execution module.
Executor is a python module placed into the ``executors`` folder and containing
the ``execute`` function with the following signature:
.. code-block:: python
def execute(opts, data, func, args, kwargs)
Where the args are:
``opts``:
Dictionary containing the minion configuration options
``data``:
Dictionary containing the load data including ``executor_opts`` passed via
cmdline/API.
``func``, ``args``, ``kwargs``:
Execution module function to be executed and it's arguments. For instance the
simplest ``direct_call`` executor just runs it as ``func(*args, **kwargs)``.
``Returns``:
``None`` if the execution sequence must be continued with the next executor.
Error string or execution result if the job is done and execution must be
stopped.
Specific options could be passed to the executor via minion config or via
``executor_opts`` argument. For instance to access ``splaytime`` option set by
minion config executor should access ``opts.get('splaytime')``. To access the
option set by commandline or API ``data.get('executor_opts',
{}).get('splaytime')`` should be used. So if an option is safe and must be
accessible by user executor should check it in both places, but if an option is
unsafe it should be read from the only config ignoring the passed request data.

2
doc/ref/file_server/dynamic-modules.rst
View File

@ -17,6 +17,7 @@ be used.
The directories are prepended with an underscore:
- :file:`_beacons`
- :file:`_clouds`
- :file:`_engines`
- :file:`_grains`
- :file:`_modules`
@ -25,6 +26,7 @@ The directories are prepended with an underscore:
- :file:`_renderers`
- :file:`_returners`
- :file:`_states`
- :file:`_tops`
- :file:`_utils`
The contents of these directories need to be synced over to the minions after

1
doc/ref/index.rst
View File

@ -12,6 +12,7 @@ This section contains a list of the Python modules that are used to extend the v
../ref/beacons/all/index
../ref/cache/all/index
../ref/engines/all/index
../ref/executors/all/index
../ref/file_server/all/index
../ref/grains/all/index
../ref/modules/all/index

131
doc/ref/internals/fileserver-and-client.rst Normal file
View File

@ -0,0 +1,131 @@
.. _internals-fileserver-client:
The Salt Fileserver and Client
==============================
Introduction
------------
Salt has a modular fileserver, and mulitple client classes which are used to
interact with it. This page serves as a developer's reference, to help explain
how the fileserver and clients both work.
Fileserver
----------
The fileserver is not a daemon, so the fileserver and client are not a true
server and client in the traditional sense. Instead, the fileserver is simply a
class (``salt.fileserver.Fileserver``), located in
`salt/fileserver/__init__.py`_. This class has access to the configured
fileserver backends via a loader instance, referenced as ``self.servers``. When
a request comes in from the fileclient, it will ultimately result in a
``Fileserver`` class function being run.
The functions in this class will run corresponding functions in the configured
fileserver backends to perform the requested action. So, in summary:
1. A fileclient class makes a request...
2. which triggers the fileserver to run a function...
3. which runs a named function in each of the configured backends.
Not all of the functions will always execute on every configured backend. For
instance, the ``find_file`` function in the fileserver will stop when it finds
a match, so if it finds a match for the desired path in the first configured
backend, it won't proceed and try to find the file in the next backend in the
list.
Additionally, not all backends implement all functions in the
``salt.fileserver.Fileserver`` class. For instance, there is a function called
``update``, which exists to update remote fileservers such as the ``git``,
``hg``, and ``svn`` backends. This action has no use however in the ``roots``
backend, so it is simply not implemented there, and thus the ``roots`` backend
will be skipped if the ``update`` function is run on the fileserver.
Backends for the fileserver are located in `salt/fileserver/`_ (the files not
named ``__init__.py``).
.. _`salt/fileserver/__init__.py`: https://github.com/saltstack/salt/tree/develop/salt/fileserver/__init__.py
.. _`salt/fileserver/`: https://github.com/saltstack/salt/tree/develop/salt/fileserver
Fileclient
----------
There are three fileclient classes:
salt.fileclient.RemoteClient
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This client is used when :conf_minion:`file_client` is set to ``remote``. This
is how minions request files from the master.
Functions in this client will craft a payload and send it to the master via the
transport channel. This is the same way that the minion asks the minion to do
other things, such as updating and requesting data from the mine. The payload
will be a dictionary with a key called ``cmd``, and other values as needed.
Payloads sent via the transport channel are processed my an MWorker instance on
the master, and the MWorker's ``_handle_aes()`` function will execute the
command. The command will be a function attribute of the
``salt.master.AESFuncs`` class. The AESFuncs class' ``__setup_fileserver()``
function instantiates a ``salt.fileserver.Fileserver`` instance and maps its
member functions to AESFuncs attributes. This is what makes the fileserver
functions available remotely. The result of the function is returned back
through the transport channel to the minion.
Transporting files is done in chunks, the size of which is decided by the
``file_buffer_size`` config option. If you look at the ``serve_file()``
function in any of the fileserver backends, you can see how the ``loc`` value
in the payload determines the offset so that an intermediate chunk of the file
can be served. The RemoteClient's ``get_file()`` function will loop until the
end of the file is reached, retrieving one chunk at a time.
salt.fileclient.FSClient
~~~~~~~~~~~~~~~~~~~~~~~~
This client is used when :conf_minion:`file_client` is set to ``local``. This
is how masterless minions request files.
This class inherits from the RemoteClient, but instead of using a transport
channel (zmq, tcp, etc.), it uses a "fake" transport channel
(``salt.fileserver.FSChan``), which implements its own ``send()`` function.
Thus, when a function that the FSClient inherits from the RemoteClient runs
``self.channel.send()``, it's actually calling
``salt.fileserver.FSChan.send()``, which calls corresponding functions in the
``salt.fileserver.Fileserver()`` class. The result is that local file requests
use the same code as remote file requests, they just bypass sending them
through an actual transport channel and instead call them on the FSChan's
Fileserver instance.
salt.fileclient.LocalClient
~~~~~~~~~~~~~~~~~~~~~~~~~~~
This client is now used exclusively by Pillar. This used to be used when
:conf_minion:`file_client` was set to ``local``, but the ``FSChan`` class was
written to allow minions with ``file_client: local`` to access the full set of
backends. This class will probably be renamed at some point as it is often
confused with ``salt.client.LocalClient``.
The :mod:`cp <salt.modules.cp>` Module
--------------------------------------
Most of the user-facing interaction with the fileclient happens via the
:mod:`cp <salt.modules.cp>` module. The functions in this module instantiate a
fileclient instance (if one is not already saved to the ``__context__``
dunder) and run fileclient functions.
Updating the Fileserver
-----------------------
The master daemon spawns a process dedicated to routine maintenance tasks upon
startup. This process runs an instance of ``salt.master.Maintenance``, which
loops forever, running a series of functions and then sleeping for a length of
time determined by the :conf_master:`loop_interval` config option. One of the
maintenance tasks is to update the fileserver, and it essentially runs
``salt.fileserver.Fileserver.update()``, which as we know from above will run
all configured backends' ``update()`` functions, if present. This is now remote
fileservers like ``git``, ``hg``, and ``svn`` stay up-to-date.
For the local file_client (FSClient), since it does not interact with the
master, upon spawning of its FSChan it will update the fileserver.

30
doc/ref/modules/all/index.rst
View File

@ -9,6 +9,7 @@ execution modules
.. toctree::
salt.modules.group
salt.modules.kernelpkg
salt.modules.pkg
salt.modules.user
@ -19,6 +20,7 @@ execution modules
:template: autosummary.rst.tmpl
acme
aix_group
aliases
alternatives
apache
@ -36,12 +38,13 @@ execution modules
bcache
beacons
bigip
blockdev
bluez
boto3_elasticache
boto3_route53
boto_apigateway
boto_asg
boto_cfn
boto_cloudfront
boto_cloudtrail
boto_cloudwatch
boto_cloudwatch_event
@ -53,6 +56,7 @@ execution modules
boto_elasticache
boto_elasticsearch_domain
boto_elb
boto_elbv2
boto_iam
boto_iot
boto_kinesis
@ -70,6 +74,7 @@ execution modules
bsd_shadow
btrfs
cabal
capirca_acl
cassandra
cassandra_cql
celery
@ -93,6 +98,7 @@ execution modules
cytest
daemontools
data
datadog_api
ddns
deb_apache
deb_postgres
@ -108,11 +114,13 @@ execution modules
dnsmasq
dnsutil
dockercompose
docker
dockermod
dpkg
drac
dracr
drbd
dummyproxy_package
dummyproxy_service
ebuild
eix
elasticsearch
@ -185,14 +193,21 @@ execution modules
k8s
kapacitor
kerberos
kernelpkg_linux_apt
kernelpkg_linux_yum
key
keyboard
keystone
kmod
kubernetes
launchctl
layman
ldap3
ldapmod
libcloud_compute
libcloud_dns
libcloud_loadbalancer
libcloud_storage
linux_acl
linux_ip
linux_lvm
@ -200,6 +215,7 @@ execution modules
localemod
locate
logadm
logmod
logrotate
lvs
lxc
@ -237,6 +253,7 @@ execution modules
moosefs
mount
mssql
msteams
munin
mysql
nacl
@ -248,6 +265,7 @@ execution modules
namecheap_ssl
namecheap_users
napalm
napalm_acl
napalm_bgp
napalm_network
napalm_ntp
@ -255,6 +273,7 @@ execution modules
napalm_route
napalm_snmp
napalm_users
napalm_yang_mod
netaddress
netbsd_sysctl
netbsdservice
@ -264,6 +283,7 @@ execution modules
nfs3
nftables
nginx
nilrt_ip
nix
nova
npm
@ -274,12 +294,14 @@ execution modules
openbsdpkg
openbsdrcctl
openbsdservice
openscap
openstack_config
openstack_mng
openvswitch
opkg
oracle
osquery
out
pacman
pagerduty
pagerduty_util
@ -305,6 +327,7 @@ execution modules
ps
publish
puppet
purefa
pushbullet
pushover_notify
pw_group
@ -379,7 +402,6 @@ execution modules
state
status
statuspage
stormpath
supervisord
suse_apache
svn
@ -397,6 +419,7 @@ execution modules
test
testinframod
test_virtual
textfsm_mod
timezone
tls
tomcat
@ -410,6 +433,7 @@ execution modules
useradd
uwsgi
varnish
vault
vbox_guest
vboxmanage
victorops

6
doc/ref/modules/all/salt.modules.aix_group.rst Normal file
View File

@ -0,0 +1,6 @@
salt.modules.aix_group module
=============================
.. automodule:: salt.modules.aix_group
:members:
:undoc-members:

6
doc/ref/modules/all/salt.modules.blockdev.rst
View File

@ -1,6 +0,0 @@
=====================
salt.modules.blockdev
=====================
.. automodule:: salt.modules.blockdev
:members:

6
doc/ref/modules/all/salt.modules.boto3_route53.rst Normal file
View File

@ -0,0 +1,6 @@
salt.modules.boto3_route53 module
=================================
.. automodule:: salt.modules.boto3_route53
:members:
:undoc-members:

6
doc/ref/modules/all/salt.modules.boto_cloudfront.rst Normal file
View File

@ -0,0 +1,6 @@
============================
salt.modules.boto_cloudfront
============================
.. automodule:: salt.modules.boto_cloudfront
:members:

6
doc/ref/modules/all/salt.modules.boto_elbv2.rst Normal file
View File

@ -0,0 +1,6 @@
salt.modules.boto_elbv2 module
==============================
.. automodule:: salt.modules.boto_elbv2
:members:
:undoc-members:

5
doc/ref/modules/all/salt.modules.capirca_acl.rst Normal file
View File

@ -0,0 +1,5 @@
salt.modules.capirca_acl module
===============================
.. automodule:: salt.modules.capirca_acl
:members:

6
doc/ref/modules/all/salt.modules.datadog_api.rst Normal file
View File

@ -0,0 +1,6 @@
========================
salt.modules.datadog_api
========================
.. automodule:: salt.modules.datadog_api
:members:

7
doc/ref/modules/all/salt.modules.docker.rst
View File

@ -1,7 +0,0 @@
===================
salt.modules.docker
===================
.. automodule:: salt.modules.docker
:members:
:exclude-members: cp, freeze, unfreeze

7
doc/ref/modules/all/salt.modules.dockermod.rst Normal file
View File

@ -0,0 +1,7 @@
======================
salt.modules.dockermod
======================
.. automodule:: salt.modules.dockermod
:members:
:exclude-members: cp, freeze, unfreeze

6
doc/ref/modules/all/salt.modules.dummyproxy_package.rst Normal file
View File

@ -0,0 +1,6 @@
salt.modules.dummyproxy_package module
======================================
.. automodule:: salt.modules.dummyproxy_package
:members:
:undoc-members:

6
doc/ref/modules/all/salt.modules.dummyproxy_service.rst Normal file
View File

@ -0,0 +1,6 @@
salt.modules.dummyproxy_service module
======================================
.. automodule:: salt.modules.dummyproxy_service
:members:
:undoc-members:

19
doc/ref/modules/all/salt.modules.kernelpkg.rst Normal file
View File

@ -0,0 +1,19 @@
.. _virtual-kernelpkg:
======================
salt.modules.kernelpkg
======================
.. py:module:: salt.modules.kernelpkg
:synopsis: A virtual module for managing kernel packages
``kernelpkg`` is a virtual module that is fulfilled by one of the following modules:
============================================ ========================================
Execution Module Used for
============================================ ========================================
:py:mod:`~salt.modules.kernelpkg_linux_apt` Debian/Ubuntu-based distros which use
``apt-get`` for package management
:py:mod:`~salt.modules.kernelpkg_linux_yum` RedHat-based distros and derivatives
using ``yum`` or ``dnf``
============================================ ========================================

6
doc/ref/modules/all/salt.modules.kernelpkg_linux_apt.rst Normal file
View File

@ -0,0 +1,6 @@
================================
salt.modules.kernelpkg_linux_apt
================================
.. automodule:: salt.modules.kernelpkg_linux_apt
:members:

6
doc/ref/modules/all/salt.modules.kernelpkg_linux_yum.rst Normal file
View File

@ -0,0 +1,6 @@
================================
salt.modules.kernelpkg_linux_yum
================================
.. automodule:: salt.modules.kernelpkg_linux_yum
:members:

6
doc/ref/modules/all/salt.modules.kubernetes.rst Normal file
View File

@ -0,0 +1,6 @@
=======================
salt.modules.kubernetes
=======================
.. automodule:: salt.modules.kubernetes
:members:

6
doc/ref/modules/all/salt.modules.libcloud_compute.rst Normal file
View File

@ -0,0 +1,6 @@
salt.modules.libcloud_compute module
====================================
.. automodule:: salt.modules.libcloud_compute
:members:
:undoc-members:

6
doc/ref/modules/all/salt.modules.libcloud_loadbalancer.rst Normal file
View File

@ -0,0 +1,6 @@
==================================
salt.modules.libcloud_loadbalancer
==================================
.. automodule:: salt.modules.libcloud_loadbalancer
:members:

6
doc/ref/modules/all/salt.modules.libcloud_storage.rst Normal file
View File

@ -0,0 +1,6 @@
salt.modules.libcloud_storage module
================================
.. automodule:: salt.modules.libcloud_storage
:members:
:undoc-members:

5
doc/ref/modules/all/salt.modules.logmod.rst Normal file
View File

@ -0,0 +1,5 @@
salt.modules.logmod module
==========================
.. automodule:: salt.modules.logmod
:members:

6
doc/ref/modules/all/salt.modules.msteams.rst Normal file
View File

@ -0,0 +1,6 @@
salt.modules.msteams module
===========================
.. automodule:: salt.modules.msteams
:members:
:undoc-members:

7
doc/ref/modules/all/salt.modules.napalm_acl.rst Normal file
View File

@ -0,0 +1,7 @@
==============================
salt.modules.napalm_acl module
==============================
.. automodule:: salt.modules.napalm_acl
:members:

5
doc/ref/modules/all/salt.modules.napalm_yang_mod.rst Normal file
View File

@ -0,0 +1,5 @@
salt.modules.napalm_yang_mod module
===================================
.. automodule:: salt.modules.napalm_yang_mod
:members:

6
doc/ref/modules/all/salt.modules.nilrt_ip.rst Normal file
View File

@ -0,0 +1,6 @@
salt.modules.nilrt_ip module
============================
.. automodule:: salt.modules.nilrt_ip
:members:
:undoc-members:

6
doc/ref/modules/all/salt.modules.openscap.rst Normal file
View File

@ -0,0 +1,6 @@
salt.modules.openscap module
============================
.. automodule:: salt.modules.openscap
:members:
:undoc-members:

5
doc/ref/modules/all/salt.modules.out.rst Normal file
View File

@ -0,0 +1,5 @@
salt.modules.out module
=======================
.. automodule:: salt.modules.out
:members:

6
doc/ref/modules/all/salt.modules.purefa.rst Normal file
View File

@ -0,0 +1,6 @@
===================
salt.modules.purefa
===================
.. automodule:: salt.modules.purefa
:members:

6
doc/ref/modules/all/salt.modules.stormpath.rst
View File

@ -1,6 +0,0 @@
======================
salt.modules.stormpath
======================
.. automodule:: salt.modules.stormpath
:members:

3
doc/ref/modules/all/salt.modules.test.rst
View File

@ -3,4 +3,5 @@ salt.modules.test
=================
.. automodule:: salt.modules.test
:members:
:members:
:exclude-members: rand_str

5
doc/ref/modules/all/salt.modules.textfsm_mod.rst Normal file
View File

@ -0,0 +1,5 @@
salt.modules.textfsm_mod module
===============================
.. automodule:: salt.modules.textfsm_mod
:members:

6
doc/ref/modules/all/salt.modules.vault.rst Normal file
View File

@ -0,0 +1,6 @@
salt.modules.vault module
=========================
.. automodule:: salt.modules.vault
:members:
:undoc-members:

6
doc/ref/modules/all/salt.modules.zookeeper.rst Normal file
View File

@ -0,0 +1,6 @@
======================
salt.modules.zookeeper
======================
.. automodule:: salt.modules.zookeeper
:members:

61
doc/ref/modules/index.rst
View File

@ -13,7 +13,7 @@ Writing Salt execution modules is straightforward.
A Salt execution module is a Python or `Cython`_ module placed in a directory
called ``_modules/`` at the root of the Salt fileserver. When using the default
fileserver backend (i.e. :py:mod:`roots <salt.fileserver.roots`), unless
fileserver backend (i.e. :py:mod:`roots <salt.fileserver.roots>`), unless
environments are otherwise defined in the :conf_master:`file_roots` config
option, the ``_modules/`` directory would be located in ``/srv/salt/_modules``
on most systems.
@ -209,6 +209,29 @@ default configuration file for the minion contains the information and format
used to pass data to the modules. :mod:`salt.modules.test`,
:file:`conf/minion`.
.. _module_init:
``__init__`` Function
---------------------
If you want your module to have different execution modes based on minion
configuration, you can use the ``__init__(opts)`` function to perform initial
module setup. The parameter ``opts`` is the complete minion configuration,
as also available in the ``__opts__`` dict.
.. code-block:: python
'''
Cheese module initialization example
'''
def __init__(opts):
'''
Allow foreign imports if configured to do so
'''
if opts.get('cheese.allow_foreign', False):
_enable_foreign_products()
Strings and Unicode
===================
@ -273,8 +296,9 @@ module is not loaded. ``False`` lets the module perform system checks and
prevent loading if dependencies are not met.
Since ``__virtual__`` is called before the module is loaded, ``__salt__`` will
be unavailable as it will not have been packed into the module at this point in
time.
be unreliable as not all modules will be available at this point in time. The
``__pillar`` and ``__grains__`` :ref:`"dunder" dictionaries <dunder-dictionaries>`
are available however.
.. note::
Modules which return a string from ``__virtual__`` that is already used by
@ -313,10 +337,14 @@ the case when the dependency is unavailable.
else:
return False, 'The cheese execution module cannot be loaded: enzymes unavailable.'
def slice():
pass
.. code-block:: python
'''
Cheese state module
Cheese state module. Note that this works in state modules because it is
guaranteed that execution modules are loaded first
'''
def __virtual__():
@ -401,10 +429,33 @@ similar to the following:
Confine this module to Mac OS with Homebrew.
'''
if salt.utils.which('brew') and __grains__['os'] == 'MacOS':
if salt.utils.path.which('brew') and __grains__['os'] == 'MacOS':
return __virtualname__
return False
The ``__virtual__()`` function can return a ``True`` or ``False`` boolean, a tuple,
or a string. If it returns a ``True`` value, this ``__virtualname__`` module-level
attribute can be set as seen in the above example. This is the string that the module
should be referred to as.
When ``__virtual__()`` returns a tuple, the first item should be a boolean and the
second should be a string. This is typically done when the module should not load. The
first value of the tuple is ``False`` and the second is the error message to display
for why the module did not load.
For example:
.. code-block:: python
def __virtual__():
'''
Only load if git exists on the system
'''
if salt.utils.path.which('git') is None:
return (False,
'The git execution module cannot be loaded: git unavailable.')
else:
return True
Documentation
=============

8
doc/ref/netapi/all/salt.netapi.rest_cherrypy.rst
View File

@ -2,6 +2,9 @@
rest_cherrypy
=============
.. contents::
:local:
.. automodule:: salt.netapi.rest_cherrypy.app
.. automodule:: salt.netapi.rest_cherrypy.wsgi
@ -11,9 +14,6 @@ REST URI Reference
.. py:currentmodule:: salt.netapi.rest_cherrypy.app
.. contents::
:local:
``/``
-----
@ -78,4 +78,4 @@ REST URI Reference
----------
.. autoclass:: Stats
:members: GET
:members: GET

2
doc/ref/peer.rst
View File

@ -126,4 +126,4 @@ To match minions using other matchers, use ``tgt_type``:
# salt-call publish.publish 'webserv* and not G@os:Ubuntu' test.ping tgt_type='compound'
.. note::
In pre-Nitrogen releases, use ``expr_form`` instead of ``tgt_type``.
In pre-2017.7.0 releases, use ``expr_form`` instead of ``tgt_type``.

3
doc/ref/pillar/all/index.rst
View File

@ -17,12 +17,14 @@ pillar modules
confidant
consul_pillar
csvpillar
digicert
django_orm
ec2_pillar
etcd_pillar
file_tree
foreman
git_pillar
gpg
hg_pillar
hiera
http_json
@ -47,6 +49,7 @@ pillar modules
svn_pillar
varstack_pillar
vault
venafi
virtkey
vmware_pillar

Some files were not shown because too many files have changed in this diff Show More