Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
nee2c
/
salt
-ын хуулбар https://github.com/nee2c/salt.git
1
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Салаа: 2018.3
Салаанууд Тагууд
salt
/
doc
/
topics
/
releases
/
0.10.4.rst

0.10.4.rst 4.3 KB
Байнгын холболт Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136 
  1. =========================
    2. 

  2. Salt 0.10.4 Release Notes
    3. 

  3. =========================
    4. 

  4. 

  5. :release: 2012-10-23
    6. 

  6. 

  7. Salt 0.10.4 is a monumental release for the Salt team, with two new module
    8. 

  8. systems, many additions to allow granular access to Salt, improved platform
    9. 

  9. support and much more.
    10. 

  10. 

  11. This release is also exciting because we have been able to shorten the release
    12. 

  12. cycle back to under a month. We are working hard to keep up the aggressive pace
    13. 

  13. and look forward to having releases happen more frequently!
    14. 

  14. 

  15. This release also includes a serious security fix and all users are very
    16. 

  16. strongly recommended to upgrade. As usual, upgrade the master first, and then
    17. 

  17. the minion to ensure that the process is smooth.
    18. 

  18. 

  19. Major Features
    20. 

  20. ==============
    21. 

  21. 

  22. External Authentication System
    23. 

  23. ------------------------------
    24. 

  24. 

  25. The new external authentication system allows for Salt to pass through
    26. 

  26. authentication to any authentication system to determine if a user has
    27. 

  27. permission to execute a Salt command. The Unix PAM system is the first
    28. 

  28. supported system with more to come!
    29. 

  29. 

  30. The external authentication system allows for specific users to be granted
    31. 

  31. access to execute specific functions on specific minions. Access is configured
    32. 

  32. in the master configuration file, and uses the new access control system:
    33. 

  33. 

  34. .. code-block:: yaml
    35. 

  35. 

  36.     external_auth:
    37. 

  37.       pam:
    38. 

  38.         thatch:
    39. 

  39.           - 'web*':
    40. 

  40.             - test.*
    41. 

  41.             - network.*
    42. 

  42. 

  43. The configuration above allows the user `thatch` to execute functions in the
    44. 

  44. test and network modules on minions that match the web* target.
    45. 

  45. 

  46. Access Control System
    47. 

  47. ---------------------
    48. 

  48. 

  49. All Salt systems can now be configured to grant access to non-administrative
    50. 

  50. users in a granular way. The old configuration continues to work. Specific
    51. 

  51. functions can be opened up to specific minions from specific users in the case
    52. 

  52. of external auth and client ACLs, and for specific minions in the case of the
    53. 

  53. peer system.
    54. 

  54. 

  55. Access controls are configured like this:
    56. 

  56. 

  57. .. code-block:: yaml
    58. 

  58. 

  59.     client_acl:
    60. 

  60.       fred:
    61. 

  61.         - web\*:
    62. 

  62.           - pkg.list_pkgs
    63. 

  63.           - test.*
    64. 

  64.           - apache.*
    65. 

  65. 

  66. Target by Network
    67. 

  67. -----------------
    68. 

  68. 

  69. A new matcher has been added to the system which allows for minions to be
    70. 

  70. targeted by network. This new matcher can be called with the `-S` flag on the
    71. 

  71. command line and is available in all places that the matcher system is
    72. 

  72. available. Using it is simple:
    73. 

  73. 

  74. .. code-block:: bash
    75. 

  75. 

  76.     $ salt -S '192.168.1.0/24' test.ping
    77. 

  77.     $ salt -S '192.168.1.100' test.ping
    78. 

  78. 

  79. Nodegroup Nesting
    80. 

  80. -----------------
    81. 

  81. 

  82. Previously a nodegroup was limited by not being able to include another
    83. 

  83. nodegroup, this restraint has been lifted and now nodegroups will be expanded
    84. 

  84. within other nodegroups with the `N@` classifier.
    85. 

  85. 

  86. Salt Key Delete by Glob
    87. 

  87. -----------------------
    88. 

  88. 

  89. The ability to delete minion keys by glob has been added to ``salt-key``.  To
    90. 

  90. delete all minion keys whose minion name starts with 'web':
    91. 

  91. 

  92. .. code-block:: bash
    93. 

  93. 

  94.     $ salt-key -d 'web*'
    95. 

  95. 

  96. Master Tops System
    97. 

  97. ------------------
    98. 

  98. 

  99. The `external_nodes` system has been upgraded to allow for modular subsystems
    100. 

  100. to be used to generate the top file data for a highstate run.
    101. 

  101. 

  102. The `external_nodes` option still works but will be deprecated in the future in
    103. 

  103. favor of the new `master_tops` option.
    104. 

  104. 

  105. Example of using `master_tops`:
    106. 

  106. 

  107. .. code-block:: yaml
    108. 

  108. 

  109.     master_tops:
    110. 

  110.       ext_nodes: cobbler-external-nodes
    111. 

  111. 

  112. Next Level Solaris Support
    113. 

  113. --------------------------
    114. 

  114. 

  115. A lot of work has been put into improved Solaris support by Romeo Theriault.
    116. 

  116. Packaging modules (pkgadd/pkgrm and pkgutil) and states, cron support and user
    117. 

  117. and group management have all been added and improved upon. These additions
    118. 

  118. along with SMF (Service Management Facility) service support and improved
    119. 

  119. Solaris grain detection in 0.10.3 add up to Salt becoming a great tool
    120. 

  120. to manage Solaris servers with.
    121. 

  121. 

  122. Security
    123. 

  123. ========
    124. 

  124. 

  125. A vulnerability in the security handshake was found and has been repaired, old
    126. 

  126. minions should be able to connect to a new master, so as usual, the master
    127. 

  127. should be updated first and then the minions.
    128. 

  128. 

  129. Pillar Updates
    130. 

  130. --------------
    131. 

  131. 

  132. The pillar communication has been updated to add some extra levels of
    133. 

  133. verification so that the intended minion is the only one allowed to gather the
    134. 

  134. data. Once all minions and the master are updated to salt 0.10.4 please
    135. 

  135. activate pillar `2` by changing the `pillar_version` in the master config to
    136. 

  136. `2`. This will be set to `2` by default in a future release.
    137.