1
0

2015.8.0.rst 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305
  1. .. _release-2015-8-0:
  2. ================================================
  3. Salt 2015.8.0 Release Notes - Codename Beryllium
  4. ================================================
  5. .. toctree::
  6. includes/2015.8.0.pull_list
  7. The 2015.8.0 feature release of Salt contains several major new features. As
  8. usual the release notes are not exhaustive and primarily include the most
  9. notable additions and improvements. Hundreds of bugs have been fixed and many
  10. modules have been substantially updated and added.
  11. New SaltStack Installation Repositories
  12. =======================================
  13. SaltStack now provides installation repositories for several platforms, with more to come.
  14. See the following links for instructions:
  15. - :ref:`Red Hat / CentOS 5, 6, 7 <installation-rhel-repo>`
  16. - :ref:`Debian 8 <installation-debian-repo>`
  17. - :ref:`Windows <windows-installer>`
  18. Send Event on State Completion
  19. ==============================
  20. A ``fire_event`` global state keyword argument was added that allows any state to
  21. send an event upon completion. Useful for custom progress bars and checking in
  22. on long state runs. See :ref:`fire_event <requisites-fire-event>`.
  23. ZeroMQ socket monitoring
  24. ========================
  25. If :conf_master:`zmq_monitor` is enabled, log all ZMQ events for socket monitoring
  26. purposes. Verbose, but useful.
  27. SPM (Salt Package Manager)
  28. ==========================
  29. Allows Salt formulas to be packaged for ease of deployment. See :ref:`spm <spm>`.
  30. .. note::
  31. The spm executable was not included in the Debian or Ubuntu packages for the
  32. 2015.8.0 or the 2015.8.1 releases. This executable will be included in an
  33. upcoming release. As a workaround, copy the SPM script from the salt library
  34. installation into ``/usr/local/bin`` or your local equivalent.
  35. Specify a Single Environment for Top Files
  36. ==========================================
  37. A new :conf_master:`default_top` option was added to load the state top file
  38. from a single, specific environment, rather than merging top data across all
  39. environments. Additionally, new :conf_master:`top_file_merge_strategy` and
  40. :conf_master:`env_order` options were added for more control over top file
  41. merging. See :ref:`The Top File <states-top>`.
  42. Tornado TCP Transport
  43. =====================
  44. Implemented a pure-TCP transport, in addition to ZeroMQ and RAET. The new
  45. transport uses Tornado, which allows Salt to use a standardized set of libraries
  46. for asynchronous behavior, which should greatly improve reliability and
  47. performance.
  48. .. note::
  49. Tornado is considered expiremental in this release. The following known
  50. issues were being investigated at the time of release:
  51. - TCP tests show performance degredation over time (:issue:`26051`)
  52. - TCP transport stacktrace on windows minion: Future exception was never
  53. retrieved (:issue:`25718`)
  54. - [freebsd] TCP transport not working in 2015.8.0rc3 (:issue:`26364`)
  55. Proxy Minion Enhancements
  56. =========================
  57. Proxy Minions have undergone a significant overhaul in 2015.8, see :ref:`Proxy Minion Enhancements <proxy-2015.8.0>`.
  58. Engines
  59. =======
  60. Salt engines are long-running, external processes that leverage Salt. See :ref:`Salt Engines <engines>`.
  61. Core Changes
  62. ============
  63. - Add system version info to ``versions_report``, which appears in both ``salt
  64. --versions-report`` and ``salt '*' test.versions_report``. Also added is an
  65. alias ``test.versions`` to ``test.versions_report``. (:issue:`21906`)
  66. - Add colorized console logging support. This is activated by using
  67. ``%(colorlevel)s``, ``%(colorname)s``, ``%(colorprocess)s``, ``%(colormsg)s``
  68. in ``log_fmt_console`` in the config file for any of ``salt-master``,
  69. ``salt-minion``, and ``salt-cloud``.
  70. Git Pillar
  71. ==========
  72. The git external pillar has been rewritten to bring it up to feature parity
  73. with :mod:`gitfs <salt.fileserver.gitfs>`. Support for pygit2_ has been added,
  74. bringing with it the ability to access authenticated repositories.
  75. Using the new features will require updates to the git ext_pillar
  76. configuration, further details can be found in the :ref:`pillar.git_pillar
  77. <git-pillar-configuration>` docs.
  78. .. _pygit2: https://github.com/libgit2/pygit2
  79. Salt Cloud Improvements
  80. =======================
  81. - Pricing data from several cloud providers (GCE, DigitalOcean, SoftLayer_HW, EC2)
  82. - All cloud providers now use standardized bootstrapping code.
  83. - Modified the Linode Salt Cloud driver to use Linode's native API instead of
  84. depending on apache-libcloud or linode-python.
  85. Salt Cloud Changes
  86. ------------------
  87. - Changed the default behavior of ``rename_on_destroy`` to be set to ``True``
  88. in the EC2 and AWS drivers.
  89. - Changed the default behavior of the EC2 and AWS drivers to always check for
  90. duplicate names of VMs before trying to create a new VM. Will now throw an
  91. error similarly to other salt-cloud drivers when trying to create a VM of the
  92. same name, even if the VM is in the ``terminated`` state.
  93. - When querying for VMs in ``digital_ocean.py``, the number of VMs to include in
  94. a page was changed from 20 (default) to 200 to reduce the number of API calls
  95. to Digital Ocean.Ocean.
  96. State and Execution Module Improvements
  97. =======================================
  98. - New and improved Docker state and execution modules (:mod:`state
  99. <salt.states.dockerng>` and :mod:`execution module <salt.modules.dockerng>`).
  100. .. toctree::
  101. includes/git-2015.8.0
  102. - OpenStack Glance API V2 execution module
  103. - Amazon VPC state module
  104. - RallyDev execution module
  105. - BambooHR execution module
  106. - Stormpath execution, state modules
  107. - Remove unused argument ``timeout`` in jboss7.status.
  108. - Deprecate ``enabled`` argument in ``pkgrepo.managed`` in favor of ``disabled``.
  109. - Archive module changes: In the ``archive.tar`` and ``archive.cmd_unzip``
  110. module functions, remove the arbitrary prefixing of the options string with
  111. ``-``. An options string beginning with a ``--long-option``, would have
  112. uncharacteristically needed its first ``-`` removed under the former scheme.
  113. Also, tar will parse its options differently if short options are used with or
  114. without a preceding ``-``, so it is better to not confuse the user into
  115. thinking they're using the non- ``-`` format, when really they are using the
  116. with- ``-`` format.
  117. - Added ``__states__`` to state modules, for cross-calling states. This enables
  118. using existing states when writing custom states. See :ref:`cross calling states
  119. <cross-calling-state-modules>`.
  120. Windows Improvements
  121. ====================
  122. - Enhanced the windows minion silent installation with command line parameters
  123. to configure the salt master and minion name. See :ref:`Silent Installer
  124. Options <windows-installer-options>`.
  125. - Improved user management with additional capabilities in the user module for Windows.
  126. - Improved patch management with a new module for managing windows updates (:mod:`win_wua <modules.win_wua>`).
  127. - Turned on multi-processing by default for windows in minion configuration.
  128. Windows Software Repo Changes
  129. -----------------------------
  130. A next-generation (ng) windows software repo is available for 2015.8.0 and
  131. later minions. When using this new repository, the repo cache is compiled on
  132. the Salt Minion, which enables pillar, grains and other things to be available
  133. during compilation time.
  134. See the :ref:`Windows Software Repository <2015-8-0-winrepo-changes>`
  135. documentation for more information.
  136. Changes to legacy Windows repository
  137. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  138. If you have pre 2015.8 Windows minions connecting to your 2015.8 Salt master, you
  139. can continue to use the legacy Windows repository for these Salt minions.
  140. If you were previously using this repository and have customized settings, be
  141. aware that several config options have been renamed to make their naming more
  142. consistent.
  143. See the :ref:`Windows Software Repository <2015-8-0-winrepo-changes>`
  144. documentation for more information.
  145. Win System Module
  146. -----------------
  147. The unit of the ``timeout`` parameter in the ``system.halt``,
  148. ``system.poweroff``, ``system.reboot``, and ``system.shutdown`` functions has
  149. been changed from seconds to minutes in order to be consistent with the linux
  150. timeout setting. (:issue:`24411`) Optionally, the unit can be reverted to
  151. seconds by specifying ``in_seconds=True``.
  152. Other Improvements
  153. ==================
  154. - Sanitize sensitive fields in http.query
  155. - Allow authorization to be read from Django and eauth
  156. - Add templating to SMTP returner
  157. - New REST module for SDB
  158. - Added rest_timeout config option and timeout argument to jobs api call
  159. - Provide config options for Raet lane and road buffer count. (Useful for BSD kernels)
  160. - Implemented ZeroMQ socket monitor for master and minion
  161. - Add end time to master job cache for jobs (optional, off by default)
  162. - Tornado is now the default backend for http.request
  163. - Support pillarenv selection as it's done for saltenv
  164. - salt was updated to use python-crypto version 2.6.1, which removes the dependency on python-m2crypto.
  165. Deprecations
  166. ============
  167. - The ``digital_ocean.py`` Salt Cloud driver was removed in favor of the
  168. ``digital_ocean_v2.py`` driver as DigitalOcean has removed support for APIv1.
  169. The ``digital_ocean_v2.py`` was renamed to ``digital_ocean.py`` and supports
  170. DigitalOcean's APIv2.
  171. - The ``vsphere.py`` Salt Cloud driver has been deprecated in favor of the
  172. ``vmware.py`` driver.
  173. - The ``openstack.py`` Salt Cloud driver has been deprecated in favor of the
  174. ``nova.py`` driver.
  175. - The use of ``provider`` in Salt Cloud provider files to define cloud drivers
  176. has been deprecated in favor of using ``driver``. Both terms will work until
  177. the 2017.7.0 release of Salt. Example provider file:
  178. .. code-block:: yaml
  179. my-ec2-cloud-config:
  180. id: 'HJGRYCILJLKJYG'
  181. key: 'kdjgfsgm;woormgl/aserigjksjdhasdfgn'
  182. private_key: /etc/salt/my_test_key.pem
  183. keyname: my_test_key
  184. securitygroup: default
  185. driver: ec2
  186. - The use of ``lock`` has been deprecated and from ``salt.utils.fopen``.
  187. ``salt.utils.flopen`` should be used instead.
  188. - The following args have been deprecated from the ``rabbitmq_vhost.present``
  189. state: ``user``, ``owner``, ``conf``, ``write``, ``read``, and ``runas``.
  190. - The use of ``runas`` has been deprecated from the ``rabbitmq_vhost.absent``
  191. state.
  192. - Support for ``output`` in ``mine.get`` was removed. ``--out`` should be used
  193. instead.
  194. - The use of ``delim`` was removed from the following functions in the ``match``
  195. execution module: ``pillar_pcre``, ``pillar``, ``grain_pcre``,
  196. Security Fixes
  197. ==============
  198. CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug log
  199. Updated the Git state and execution modules to no longer display HTTPS basic authentication credentials in loglevel debug output on the Salt master. These credentials are now replaced with ``REDACTED`` in the debug output. Thanks to Andreas Stieger <asteiger@suse.com> for bringing this to our attention.
  200. Major Bug Fixes
  201. ===============
  202. - Fixed minion failover to next master on DNS errors (:issue:`21082`)
  203. - Fixed memory consumption in SaltEvents (:issue:`25557`)
  204. - Don't lookup outside system path in which() util (:issue:`24085`)
  205. - Fixed broken jobs rest api call (:issue:`23408`)
  206. - Fixed stale grains data using in modules (:issue:`24073`)
  207. - Added ssh_identities_only config flag for ssh-agent configured environments
  208. (:issue:`24096`)
  209. - Fixed "object has no attribute" errors for Raet transport (:issue:`21640`)
  210. - Flush event returners before master exit (:issue:`22814`)
  211. - Fix CommandExecutionError in grains generation with lspci missing (:issue:`23342`)
  212. - Fix salt-ssh against CentOS 7 when python-zmq not installed (:issue:`23503`)
  213. - Fix salt-ssh issues related to out-of-date six module (:issue:`20949`)
  214. - Fix salt-ssh thin generation after previous run was interrupted (:issue:`24376`)
  215. - Use proper line endings on Windows with "file.managed" w/contents (:issue:`25675`)
  216. - Fixed broken comment/uncomment functions in file.py (:issue:`24620`)
  217. - Fixed problem with unicode when changing computer description (:issue:`12255`)
  218. - Fixed problem with chocolatey module not loading (:issue:`25717`)
  219. - Fixed problem adding users to groups with spaces in the name (:issue:`25144`)
  220. - Fixed problem adding full name to user account (:issue:`25206`)
  221. - Fixed gem module stack trace (:issue:`21041`)
  222. - Fixed problem with file.managed when test=True (:issue:`20441`)
  223. - Fixed problem with powershell hanging while waiting for user input (:issue:`13943`)
  224. - Fixed problem where the salt-minion service would not consistently start
  225. (:issue:`25272`)
  226. - Fixed problem where pkg.refresh_db would return True even when winrepo.p was not
  227. found (:issue:`18919`)
  228. - Could someone please provide end to end example for Proxy Minion with REST
  229. (:issue:`25500`)
  230. - Proxy minions stopped working between 2014.7 and 2015.5 (:issue:`25053`)
  231. - Proxy minion documentation includes outdated code sample (:issue:`24018`)
  232. - Proxy Minion documentation missing grains example (:issue:`18273`)
  233. - Improve process management in proxy minion (:issue:`12024`)
  234. - Proxy minion never comes up with message ' I am XXX and I am not supposed to
  235. start any proxies.' (:issue:`25908`)
  236. - Fixed an issue that caused an exception when using Salt mine from pillar. (:issue:`11509`)