Inicio Explorar Ayuda
Registro Iniciar sesión
nee2c
/
salt
espejo de https://github.com/nee2c/salt.git
1
0
Fork 0
Archivos Incidencias 0 Wiki
Rama: 2019.2.3
Ramas Etiquetas
salt
/
doc
/
topics
/
releases
/
0.10.3.rst

0.10.3.rst 6.4 KB
Permalink Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182 
  1. =========================
    2. 

  2. Salt 0.10.3 Release Notes
    3. 

  3. =========================
    4. 

  4. 

  5. :release: 2012-09-30
    6. 

  6. 

  7. The latest taste of Salt has come, this release has many fixes and feature
    8. 

  8. additions. Modifications have been made to make ZeroMQ connections more
    9. 

  9. reliable, the beginning of the ACL system is in place, a new command line
    10. 

  10. parsing system has been added, dynamic module distribution has become more
    11. 

  11. environment aware, the new `master_finger` option and many more!
    12. 

  12. 

  13. Major Features
    14. 

  14. ==============
    15. 

  15. 

  16. ACL System
    17. 

  17. ----------
    18. 

  18. 

  19. The new ACL system has been introduced. The ACL system allows for system users
    20. 

  20. other than root to execute salt commands. Users can be allowed to execute
    21. 

  21. specific commands in the same way that minions are opened up to the peer
    22. 

  22. system.
    23. 

  23. 

  24. The configuration value to open up the ACL system is called ``client_acl``
    25. 

  25. and is configured like so:
    26. 

  26. 

  27. .. code-block:: yaml
    28. 

  28. 

  29.     client_acl:
    30. 

  30.       fred:
    31. 

  31.         - test..*
    32. 

  32.         - pkg.list_pkgs
    33. 

  33. 

  34. Where `fred` is allowed access to functions in the test module and to the
    35. 

  35. ``pkg.list_pkgs`` function.
    36. 

  36. 

  37. Master Finger Option
    38. 

  38. --------------------
    39. 

  39. 

  40. The `master_finger` option has been added to improve the security of minion
    41. 

  41. provisioning. The `master_finger` option allows for the fingerprint of the
    42. 

  42. master public key to be set in the configuration file to double verify that the
    43. 

  43. master is valid. This option was added in response to a motivation to
    44. 

  44. pre-authenticate the master when provisioning new minions to help prevent
    45. 

  45. man in the middle attacks in some situations.
    46. 

  46. 

  47. Salt Key Fingerprint Generation
    48. 

  48. -------------------------------
    49. 

  49. 

  50. The ability to generate fingerprints of keys used by Salt has been added to
    51. 

  51. ``salt-key``. The new option `finger` accepts the name of the key to generate
    52. 

  52. and display a fingerprint for.
    53. 

  53. 

  54. .. code-block:: bash
    55. 

  55. 

  56.     salt-key -F master
    57. 

  57. 

  58. Will display the fingerprints for the master public and private keys.
    59. 

  59. 

  60. Parsing System
    61. 

  61. --------------
    62. 

  62. 

  63. Pedro Algavio, aka s0undt3ch, has added a substantial update to the command
    64. 

  64. line parsing system that makes the help message output much cleaner and easier
    65. 

  65. to search through. Salt parsers now have `--versions-report` besides usual
    66. 

  66. `--version` info which you can provide when reporting any issues found.
    67. 

  67. 

  68. Key Generation
    69. 

  69. --------------
    70. 

  70. 

  71. We have reduced the requirements needed for `salt-key` to generate minion keys.
    72. 

  72. You're no longer required to have salt configured and it's common directories
    73. 

  73. created just to generate keys. This might prove useful if you're batch creating
    74. 

  74. keys to pre-load on minions.
    75. 

  75. 

  76. Startup States
    77. 

  77. --------------
    78. 

  78. 

  79. A few configuration options have been added which allow for states to be run
    80. 

  80. when the minion daemon starts. This can be a great advantage when deploying
    81. 

  81. with Salt because the minion can apply states right when it first runs. To
    82. 

  82. use startup states set the ``startup_states`` configuration option on the
    83. 

  83. minion to `highstate`.
    84. 

  84. 

  85. New Exclude Declaration
    86. 

  86. -----------------------
    87. 

  87. 

  88. Some users have asked about adding the ability to ensure that other sls files
    89. 

  89. or ids are excluded from a state run. The exclude statement will delete all of
    90. 

  90. the data loaded from the specified sls file or will delete the specified id:
    91. 

  91. 

  92. .. code-block:: yaml
    93. 

  93. 

  94.     exclude:
    95. 

  95.       - sls: http
    96. 

  96.       - id: /etc/vimrc
    97. 

  97. 

  98. Max Open Files
    99. 

  99. --------------
    100. 

  100. 

  101. While we're currently unable to properly handle ZeroMQ's abort signals when the
    102. 

  102. max open files is reached, due to the way that's handled on ZeroMQ's, we have
    103. 

  103. minimized the chances of this happening without at least warning the user.
    104. 

  104. 

  105. More State Output Options
    106. 

  106. -------------------------
    107. 

  107. 

  108. Some major changes have been made to the state output system. In the past state
    109. 

  109. return data was printed in a very verbose fashion and only states that failed
    110. 

  110. or made changes were printed by default. Now two options can be passed to the
    111. 

  111. master and minion configuration files to change the behavior of the state
    112. 

  112. output. State output can be set to verbose (default) or non-verbose with the
    113. 

  113. ``state_verbose`` option:
    114. 

  114. 

  115. .. code-block:: yaml
    116. 

  116. 

  117.     state_verbose: False
    118. 

  118. 

  119. It is noteworthy that the state_verbose option used to be set to `False` by
    120. 

  120. default but has been changed to `True` by default in 0.10.3 due to many
    121. 

  121. requests for the change.
    122. 

  122. 

  123. Te next option to be aware of new and called ``state_output``. This option
    124. 

  124. allows for the state output to be set to `full` (default) or `terse`.
    125. 

  125. 

  126. The `full` output is the standard state output, but the new `terse` output
    127. 

  127. will print only one line per state making the output much easier to follow when
    128. 

  128. executing a large state system.
    129. 

  129. 

  130. .. code-block:: yaml
    131. 

  131. 

  132.     state_output: terse
    133. 

  133. 

  134. 

  135. `state.file.append` Improvements
    136. 

  136. --------------------------------
    137. 

  137. 

  138. The salt state `file.append()` tries *not* to append existing text. Previously
    139. 

  139. the matching check was being made line by line. While this kind of check might
    140. 

  140. be enough for most cases, if the text being appended was multi-line, the check
    141. 

  141. would not work properly. This issue is now properly handled, the match is done
    142. 

  142. as a whole ignoring any white space addition or removal except inside commas.
    143. 

  143. For those thinking that, in order to properly match over multiple lines, salt
    144. 

  144. will load the whole file into memory, that's not true. For most cases this is
    145. 

  145. not important but an erroneous order to read a 4GB file, if not properly
    146. 

  146. handled, like salt does, could make salt chew that amount of memory.  Salt has
    147. 

  147. a buffered file reader which will keep in memory a maximum of 256KB and
    148. 

  148. iterates over the file in chunks of 32KB to test for the match, more than
    149. 

  149. enough, if not, explain your usage on a ticket. With this change, also
    150. 

  150. `salt.modules.file.contains()`, `salt.modules.file.contains_regex()`,
    151. 

  151. `salt.modules.file.contains_glob()` and `salt.utils.find` now do the searching
    152. 

  152. and/or matching using the buffered chunks approach explained above.
    153. 

  153. 

  154. Two new keyword arguments were also added, `makedirs`, and `source`.
    155. 

  155. The first, `makedirs` will create the necessary directories in order to append
    156. 

  156. to the specified file, of course, it only applies if we're trying to append to
    157. 

  157. a non-existing file on a non-existing directory:
    158. 

  158. 

  159. .. code-block:: yaml
    160. 

  160. 

  161.     /tmp/salttest/file-append-makedirs:
    162. 

  162.         file.append:
    163. 

  163.             text: foo
    164. 

  164.             makedirs: True
    165. 

  165. 

  166. 

  167. The second, `source`, allows one to append the contents of a file instead of
    168. 

  168. specifying the text.
    169. 

  169. 

  170. .. code-block:: yaml
    171. 

  171. 

  172.     /tmp/salttest/file-append-source:
    173. 

  173. 

  174.     file.append:
    175. 

  175.         - source: salt://testfile
    176. 

  176. 

  177. Security Fix
    178. 

  178. ============
    179. 

  179. 

  180. A timing vulnerability was uncovered in the code which decrypts the AES
    181. 

  181. messages sent over the network. This has been fixed and upgrading is
    182. 

  182. strongly recommended.
    183.