* allow user to revert vm to the selected snapshot for vmware
* fixed Pylint check failed
* add two blank lines to fix Pylink check failed
* refactor code according to nmadhok's comments
* Add Support for CSF
* Add Support for APF
* add new apf module to docs
* add blank line to match salt lint rules
* adding deny/remove host functions
* using python instead of bash while finding out if APF is running
* add error handling if iptc is missing
* remove trailing space
* gentoo service enhancements
* fixing command examples
making sure enabled handles multiple runlevel
* unused import removed
* replacing collection.OrderedDict with salt.utils.odict.OrderedDict
* set replaced with list
The SSH_PASSWORD_PROMPT_RE regexp used to detect if SSH is requesting a
password can be triggered if the shim is returning data to the server
with text that matches the regex, including inside JSON results. This
then results in the server unable to parse the JSON results. This
patch fixes this issue by looking for the shim delimiter in the output and
disabling the sending of passwords after the delimiter is found.
Fixes#29422.
`salt/utils/__init__.py`:
- In `get_user`, if it is the built-in system account, return the
more recogizable 'SYSTEM' (which is the return value of
`GetUserName`) instead of the SAM format which looks like:
'<DOMAIN>\<HOSTNAME>$'.
`salt/utils/win_functions.py`:
- In `get_current_user` do the same change as above.
- In `is_admin`, accept the system account sid ('S-1-5-18') as
administrator access. It technically isn't in the 'administrators'
group but has the same access rights as administrators.
- In `get_user_groups`, if the user is 'SYSTEM', don't invoke
`win32net.NetUserGetLocalGroups`. It will not recognize the
'SYSTEM' username because it is a special built-in account and thus
throw an exception. Instead, just add 'SYSTEM' to the list of groups.
`get_sid_from_name` will still convert it correctly to 'S-1-5-18'.
Signed-off-by: Sergey Kizunov <sergey.kizunov@ni.com>
* minion.py: fix Windows minion
On Windows, by default, new processes are created to handle new jobs. The
minion instance member, is reconstructed on the new process. However, the
connected state is not being preserved, which prevents the minion from
sending updates on the PUB channel. Add parameter to _target to pass
existing connected state.
PR #33011 added a minion_instance.connected check to _thread_return, which
prevented the minion from returning it's result to the master.
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
* _thread_multi_return: add multifunc support to standalone minion
Currently salt-call doesn't have support for multifunc jobs in either
the CLI or the python API. This change add the same logic present in
_thread_return to get the standalone minion to behave correctly, in case
multifunc jobs are support by the Caller class in the future.
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
* Fix file.managed for Windows (#33181)
* Revert back to import string_types
For some reason, there is a problem with the following
code when run from the file.py module:
```
from salt.ext import six
comment = 'This is a string'
isinstance(comment, six.string_types)
```
When run from within the python shell it works fine.
* Add six import
* Fix some lint
* Use correct six import
* Changed it back to explicit import
* Additional comments specific to 2015.5
* Fix file.managed for real
* Move comment to clarify purpose
* update 2015.5.11 release notes (#33197)
* Add pip installed and removed test (#33178)
* Resolve issue with pkg module on Mint Linux (#33205)
Closes#32198
The following error occurs when running salt-master or salt-minion
under a domain user account:
File "...\lib\site-packages\
salt\utils\win_functions.py", line 79, in get_user_groups
groups = win32net.NetUserGetLocalGroups(None, name)
pywintypes.error: (2221, 'NetUserGetLocalGroups',
'The user name could not be found.')
`salt/utils/__init__.py`:
- Change `get_user` to use:
`win32api.GetUserNameEx(win32api.NameSamCompatible)`. This will return
the username in the format 'DOMAIN\username'.
`salt/utils/win_functions.py`:
- Change `get_current_user` to also use
`win32api.GetUserNameEx(win32api.NameSamCompatible)`. This will fix the
problem when it passes the username to `win32net.NetUserGetLocalGroups`.
`salt/client/__init__.py`:
- In `LocalClient.__read_master_key`, on Windows replace the username
portion of the keyfile path so that '\' is converted to '_'. This will
allow a valid filename.
`salt/daemons/masterapi.py`:
- In `access_keys`, on Windows replace the username
portion of the keyfile path so that '\' is converted to '_'. This will
allow a valid filename.
Signed-off-by: Sergey Kizunov <sergey.kizunov@ni.com>
* Properly handle redirected stderr
When running subprocess.Popen.communicate() on a command run with stderr
redirected to subprocess.STDOUT, the 2nd element of the return tuple
(representing the stderr) will be None, since all of the standard error
was sent to stdout.
Functions interpreting the return data from cmd.run_all will be
expecting the ``stderr`` key in the return dict to contain a string, not
a NoneType, so this commit forces the stderr to be set to an empty
string when redirect_stderr is True.
* Look at stdout instead of stderr for error text when redirect_stderr is True
* Add run_on_start docs to schedule.rst (#32958)
Fixes#22580
* Backport #33021 manually to 2015.5 (#33044)
* Saltfile with pillar tests (#33045)
* add file.managed with pillar data tests
* do not require git for other tests
* Fix minor document error of test.assertion (#33067)
* test pillar.items output (#33060)
* File and User test fixes for 2015.5 on Fedora23 (#33055)
* Fix file_test.test_symlink on 2015.5
* Fix failing user present test
* add test for installing package while using salt-call --local (#33025)
* add test for installing package while using salt-call --local
* fix pylint
* ssh docs: install py-2.6 for RHEL 5
* Bugfix: Restore boolean values from the repo configuration
* Add test data for repos
* Add repo config test
* Bugfix (follow-up): setting priority requires non-positive integer
* modules.npm: do not log npm --version at info level (#33084)
* salt-cloud: fix ipv6-only virtual machines (#32865)
* salt-cloud: fix ipv6-only virtual machines
* fix hostname for rsync fallback in scp_file function
* use 4 spaces instead of 2
* remove global variable, use direct socket call instead
* Use saltstack repo in buildpackage.py on CentOS 5 (#33080)
* Lower display of msgpack failure msg to debug (#33078)
Closes#33074
* cloud.query needs to define mapper.opts (#33098)
* clarify docs that map is designed to be run once. is not stateful (#33102)
* Moved _finger_fail method to parent class.
Method _finger_fail method from SAuth to AsyncAuth class to make method available
in both class and fix an issue where _finger_Fail is called inside AsyncAuth.
* Fix 33058 (#33099)
* Fix servermanager module
- Added check for 2008 version of windows
- Added Import-Module ServerManager to _pshell_json.
Apparently this needs to run each time we issue a
servermanager command.
* Fix list_available
* salt.utils.gitfs: fix formatting for warning messages (#33064)
* salt.utils.gitfs: fix formatting for warning messages
When git_pillar support was added to salt.utils.gitfs, the
recommendation globals had string formatting placeholders added to them,
but the locations where these values are referenced do not call
``.format()`` to properly replace them. This commit fixes that
oversight.
* Remove more gitfs and master-specific wording from log messages
* Add a check that the cmdline of the found proc matches (#33129)
* Doc mock decorators (#33132)
* Add mock function for mocking decorators
* Mock the stdlib user module because importing it will open the repl
* Fix broken parsing of usermgmt.conf on OpenBSD (#33135)
When creating a new user, if a group of the same name already exists,
the usermgmt.conf file is consulted to determine the primary group.
It's in these cases that the parsing bug is triggered.
This code change addresses several of the existing issues:
- The previous split statement explicitly specified a single space.
Since a config line may have any number of spaces and/or tabs
surrounding the entries, the resulting array's elements may be
incorrect.
- According to the man pages for usermgmt.conf, the "group" config
entry accpets a single parameter -- so we shouldn't iterate.
- The "val[1]" was returning the 2nd letter of each word and not the
second word on the config line as intended.
* Move salt-ssh thin dir location to /var/tmp (#33130)
* Move salt-ssh thin dir location to /var/tmp
Closes#32771
* Remove performance penelty language
* If cache_jobs: True is set, populate the local job cache when running salt-call (#33100)
* If cache_jobs: True is set, populate the local job cache
Fixes#32834
Allows a masterless minion to query the job cache.
* Refactor cache_jobs functionality to be DRY
* Skipping salt-call --local test
* Back-port #31769 to 2015.8 (#33139)
* Handle empty acl_name in linux_acl state
Calls to setfacl interpret an empty group or user name to mean to be the
owner of the file they're operating on. For example, for a directory
owned by group 'admin', the ACL 'default:group::rwx' is equivalent to
'default:group:admin:rwx'.
The output of the getfacl execution module returns ACLs in the format of
'group:admin:rwx' instead of 'group::rwx'. This commit changes the
acl.present state to look for the owner of the file if the acl_name
paremeter is empty.
* Fix acl.present/acl.absent changing default ACLs
The behaviour of the acl.present and acl.absent is to check the data
structure returned by getfacl contains a key by the name of acl_type.
However, this data structure does not contain any default ACLs if none
exist, so this check will fail. We omit the check if a default ACL was
passed into the state functions.
Unfortunately, the call to modfacl may fail if the user passes in an
acl_type such as 'default:random'. In this case the state will appear to
succeed, but do nothing.
This fixes the state module to allow setting default ACLs on files which
have none.
* Fix regression in 2016.3 HEAD when version is specified (#33146)
Resolves#33013.
* Hash fileclients by opts (#33142)
* Hash fileclients by opts
There was an issue whereby the cache of the fileclient was being overwritten
by dueling minion instances in multimaster mode. This protects them by hashing
by the id of opts.
Closes#25040
* Silly typo!
* Remove tests which do not test any actual functionality or are too tightly coupled to the implementation
* Strip ldap fqdn (#33127)
* Add option to strip off domain names on computer names that come from LDAP/AD
* Add strip_domains option for ldap.
* Add documentation for auth.ldap.minion_stripdomains.
* [2015.5] Update to latest bootstrap script v2016.05.10 (#33155)
* [2015.8] Update to latest bootstrap script v2016.05.10 (#33156)
* [2016.3] Update to latest bootstrap script v2016.05.10 (#33157)
* add 2015.5.11 release notes (#33160)
* add 2015.8.9 release notes (#33161)
* Pip fix (#33180)
* fix pip!!
* make it work with old pip as well
* Added resiliency
* Don't need to check, just get the right name
* [2015.5] Update to latest bootstrap script v2016.05.11 (#33185)
* Revert back to import string_types
For some reason, there is a problem with the following
code when run from the file.py module:
```
from salt.ext import six
comment = 'This is a string'
isinstance(comment, six.string_types)
```
When run from within the python shell it works fine.
* Add six import
* Fix some lint
* Use correct six import
* Changed it back to explicit import
* Additional comments specific to 2015.5
* Fix file.managed for real
* Move comment to clarify purpose
