1
0

2019.2.0.rst 53 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381
  1. .. _release-2019-2-0:
  2. ===============================================
  3. Salt 2019.2.0 Release Notes - Codename Fluorine
  4. ===============================================
  5. Python 2.7 Deprecation
  6. ======================
  7. In light of Python 2.7 reaching its End of Life (EOL) on Jan 1st 2020,
  8. Python 2 will be deprecated from SaltStack no earlier than the Sodium
  9. release, that is either the Sodium release or a later release.
  10. This decision is pending further community discussion.
  11. Non-Backward-Compatible Change to YAML Renderer
  12. ===============================================
  13. In earlier releases, this was considered valid usage in Python 2, assuming that
  14. ``data`` was a list or dictionary containing keys/values which are ``unicode``
  15. types:
  16. .. code-block:: jinja
  17. /etc/foo.conf:
  18. file.managed:
  19. - source: salt://foo.conf.jinja
  20. - template: jinja
  21. - context:
  22. data: {{ data }}
  23. One common use case for this is when using one of Salt's :jinja_ref:`custom
  24. Jinja filters <custom-jinja-filters>` which return lists or dictionaries, such
  25. as the :jinja_ref:`ipv4` filter.
  26. In Python 2, Jinja will render the ``unicode`` string types within the
  27. list/dictionary with the "u" prefix (e.g. ``{u'foo': u'bar'}``). While not
  28. valid YAML, earlier releases would successfully load these values.
  29. As of this release, the above SLS would result in an error message. To allow
  30. for a data structure to be dumped directly into your SLS file, use the `tojson
  31. Jinja filter`_:
  32. .. code-block:: jinja
  33. /etc/foo.conf:
  34. file.managed:
  35. - source: salt://foo.conf.jinja
  36. - template: jinja
  37. - context:
  38. data: {{ data|tojson }}
  39. Another example where the new filter needs to be used is the following state example:
  40. .. code-block:: jinja
  41. grafana_packages:
  42. pkg.installed:
  43. - names: {{ server.pkgs }}
  44. This will fail when pkgs is a list or dictionary. You will need to update the state:
  45. .. code-block:: jinja
  46. grafana_packages:
  47. pkg.installed:
  48. - names: {{ server.pkgs|tojson }}
  49. This test case has also been tested with the ``yaml`` and ``json`` filters successfully.
  50. .. note::
  51. This filter was added in Jinja 2.9. However, fear not! The 2018.3.3 release
  52. added a ``tojson`` filter which will be used if this filter is not already
  53. present, making it available on platforms like RHEL 7 and Ubuntu 14.04
  54. which provide older versions of Jinja.
  55. .. important::
  56. The :jinja_ref:`json_encode_dict` and :jinja_ref:`json_encode_list` filters
  57. do not actually dump the results to JSON. Since ``tojson`` accomplishes
  58. what those filters were designed to do, they are now deprecated and will be
  59. removed in the Neon release. The ``tojson`` filter should be used in all
  60. cases where :jinja_ref:`json_encode_dict` and :jinja_ref:`json_encode_list`
  61. would have been used.
  62. .. _`tojson Jinja filter`: http://jinja.pocoo.org/docs/2.10/templates/#tojson
  63. Ansible Playbook State and Execution Modules
  64. ============================================
  65. Along with the including the :py:mod:`ansible modules
  66. <salt.module.ansiblegate>` in the Oxygen release, running playbooks has been
  67. added in 2019.2.0 with the :py:func:`playbooks function
  68. <salt.modules.ansiblegate.playbooks>`. This also includes an :py:func:`ansible
  69. playbooks state module <salt.states.ansiblegate.playbooks>` which can be used
  70. on a targeted host to run ansible playbooks, or used in an
  71. orchestration state runner.
  72. .. code-block:: yaml
  73. install nginx:
  74. ansible.playbooks:
  75. - name: install.yml
  76. - git_repo: git://github.com/gtmanfred/playbook.git
  77. - git_kwargs:
  78. rev: master
  79. The playbooks modules also includes the ability to specify a git repo to clone
  80. and use, or a specific directory can to used when running the playbook.
  81. Network Automation
  82. ==================
  83. Beginning with this release, Salt provides much broader support for a variety
  84. of network operating systems, and features for configuration manipulation or
  85. operational command execution.
  86. NetBox
  87. ------
  88. Added in the previous release, 2018.3.0, the capabilities of the
  89. :mod:`netbox <salt.modules.netbox>` Execution Module have been extended, with a
  90. much longer list of available features:
  91. - :mod:`netbox.create_circuit <salt.modules.netbox.create_circuit>`
  92. - :mod:`netbox.create_circuit_provider <salt.modules.netbox.create_circuit_provider>`
  93. - :mod:`netbox.create_circuit_termination <salt.modules.netbox.create_circuit_termination>`
  94. - :mod:`netbox.create_circuit_type <salt.modules.netbox.create_circuit_type>`
  95. - :mod:`netbox.create_device <salt.modules.netbox.create_device>`
  96. - :mod:`netbox.create_device_role <salt.modules.netbox.create_device_role>`
  97. - :mod:`netbox.create_device_type <salt.modules.netbox.create_device_type>`
  98. - :mod:`netbox.create_interface <salt.modules.netbox.create_interface>`
  99. - :mod:`netbox.create_interface_connection <salt.modules.netbox.create_interface_connection>`
  100. - :mod:`netbox.create_inventory_item <salt.modules.netbox.create_inventory_item>`
  101. - :mod:`netbox.create_ipaddress <salt.modules.netbox.create_ipaddress>`
  102. - :mod:`netbox.create_manufacturer <salt.modules.netbox.create_manufacturer>`
  103. - :mod:`netbox.create_platform <salt.modules.netbox.create_platform>`
  104. - :mod:`netbox.create_site <salt.modules.netbox.create_site>`
  105. - :mod:`netbox.delete_interface <salt.modules.netbox.delete_interface>`
  106. - :mod:`netbox.delete_inventory_item <salt.modules.netbox.delete_inventory_item>`
  107. - :mod:`netbox.delete_ipaddress <salt.modules.netbox.delete_ipaddress>`
  108. - :mod:`netbox.get_circuit_provider <salt.modules.netbox.get_circuit_provider>`
  109. - :mod:`netbox.get_interfaces <salt.modules.netbox.get_interfaces>`
  110. - :mod:`netbox.get_ipaddresses <salt.modules.netbox.get_ipaddresses>`
  111. - :mod:`netbox.make_interface_child <salt.modules.netbox.make_interface_child>`
  112. - :mod:`netbox.make_interface_lag <salt.modules.netbox.make_interface_lag>`
  113. - :mod:`netbox.openconfig_interfaces <salt.modules.netbox.openconfig_interfaces>`
  114. - :mod:`netbox.openconfig_lacp <salt.modules.netbox.openconfig_lacp>`
  115. - :mod:`netbox.update_device <salt.modules.netbox.update_device>`
  116. - :mod:`netbox.update_interface <salt.modules.netbox.update_interface>`
  117. Besides this Execution Module, Salt users can load data directly from NetBox
  118. into the device Pillar, via the :mod:`netbox <salt.pillar.netbox>` External
  119. Pillar module.
  120. Netmiko
  121. -------
  122. `Netmiko <https://github.com/ktbyers/netmiko>`_, the multi-vendor library to
  123. simplify Paramiko SSH connections to network devices, is now officially
  124. integrated into Salt. The network community can use it via the
  125. :mod:`netmiko <salt.proxy.netmiko_px>` Proxy Module or directly from any Salt
  126. Minions, passing the connection credentials - see the documentation for the
  127. :mod:`netmiko <salt.modules.netmiko_mod>` Execution Module.
  128. Arista
  129. ------
  130. Arista switches can now be managed running under the :mod:`pyeapi
  131. <salt.proxy.arista_pyeapi>` Proxy Module, and execute RPC requests via the
  132. :mod:`pyeapi <salt.modules.arista_pyeapi>` Execution Module.
  133. Cisco Nexus
  134. -----------
  135. While support for SSH-based operations has been added in the release codename
  136. Carbon (2016.11), the new :mod:`nxos_api <salt.proxy.nxos_api>` Proxy Module
  137. and :mod:`nxos_api <salt.modules.nxos_api>` allow management of Cisco Nexus
  138. switches via the NX-API.
  139. It is important to note that these modules don't have third party dependencies,
  140. therefore they can be used straight away from any Salt Minion. This also means
  141. that the user may be able to install the regular Salt Minion on the Nexus
  142. switch directly and manage the network devices like a regular server.
  143. General-purpose Modules
  144. -----------------------
  145. The new :mod:`ciscoconfparse <salt.modules.ciscoconfparse_mod>` Execution Module
  146. can be used for basic configuration parsing, audit or validation for a variety
  147. of network platforms having Cisco IOS style configuration (one space
  148. indentation), as well as brace-delimited configuration style.
  149. The :mod:`iosconfig <salt.modules.iosconfig>` can be used for various
  150. configuration manipulation for Cisco IOS style configuration, such as:
  151. :mod:`configuration cleanup <salt.modules.iosconfig.clean>`,
  152. :mod:`tree representation of the config <salt.modules.iosconfig.tree>`, etc.
  153. NAPALM
  154. ------
  155. Commit At and Commit Confirmed
  156. """"""""""""""""""""""""""""""
  157. Beginning with this release, NAPALM users are able to execute scheduled commits
  158. (broadly known as "commit at") and "commit confirmed" (revert the configuration
  159. change unless the user confirms by running another command). These features are
  160. available via the ``commit_in``, ``commit_at``, ``revert_in``, or ``revert_at``
  161. arguments for the
  162. :mod:`net.load_config <salt.modules.napalm_network.load_config>` and
  163. :mod:`net.load_template <salt.modules.napalm_network.load_template>` execution
  164. functions, or :mod:`netconfig.managed <salt.states.netconfig.managed>`.
  165. The counterpart execution functions
  166. :mod:`net.confirm_commit <salt.modules.napalm_network.confirm_commit>`, or
  167. :mod:`net.cancel_commit <salt.modules.napalm_network.cancel_commit>`, as well
  168. as the State functions
  169. :mod:`netconfig.commit_cancelled <salt.states.netconfig.commit_cancelled>`, or
  170. :mod:`netconfig.commit_confirmed <salt.states.netconfig.commit_confirmed>` can
  171. be used to confirm or cancel a commit.
  172. Please note that the commit confirmed and commit cancelled functionalities are
  173. available for any platform whether the network devices supports the features
  174. natively or not. However, be cautious and make sure you read and understand the
  175. caveats before using them in production.
  176. Multiple Templates Rendered Simultaneously
  177. """"""""""""""""""""""""""""""""""""""""""
  178. The ``template_name`` argument of the
  179. :mod:`net.load_template <salt.modules.napalm_network.load_template>` Execution
  180. and :mod:`netconfig.managed <salt.states.netconfig.managed>` State function now
  181. supports a list of templates. This is particularly useful when a very large
  182. Jinja template is split into multiple smaller and easier to read templates that
  183. can eventually be reused in other States. For example, the following syntax is
  184. not correct to manage the configuration of NTP and BGP simultaneously, using
  185. two different templates and changing the device configuration through one
  186. single commit:
  187. .. code-block:: yaml
  188. manage_bgp_and_ntp:
  189. netconfig.managed:
  190. - template_name:
  191. - salt://templates/bgp.jinja
  192. - salt://templates/ntp.jinja
  193. - context:
  194. bpg: {{ pillar.bgp }}
  195. ntp: {{ pillar.ntp }}
  196. Connection Re-establishment on Demand
  197. """""""""""""""""""""""""""""""""""""
  198. Beginning with this release, any NAPALM command executed when
  199. running under a NAPALM Proxy Minion supports the ``force_reconnect``
  200. magic argument.
  201. Proxy Minions generally establish a connection with the remote network
  202. device at the time of the Minion startup and that connection is going to be
  203. used forever.
  204. If one would need to execute a command on the device but is connecting using
  205. different parameters (due to various causes, e.g., unable to authenticate
  206. the user specified in the Pillar as the authentication system - say
  207. TACACS+ is not available, or the DNS resolver is currently down and would
  208. like to temporarily use the IP address instead, etc.), it implies updating
  209. the Pillar data and restarting the Proxy Minion process restart.
  210. In particular cases like that, you can pass the ``force_reconnect=True``
  211. keyword argument, together with the alternative connection details, to
  212. enforce the command to be executed over a separate connection.
  213. For example, if the usual command is ``salt '*' net.arp``, you can use the
  214. following to connect using a different username instead:
  215. .. code-block:: bash
  216. salt '*' net.arp username=my-alt-usr force_reconnect=True
  217. The same goes with any of the other configuration arguments required for the
  218. NAPALM connection - see :mod:`NAPALM proxy documentation <salt.proxy.napalm>`.
  219. Configuration Replace Features
  220. """"""""""""""""""""""""""""""
  221. To replace various configuration chunks, you can use the new
  222. :mod:`net.replace_pattern <salt.modules.napalm_network.replace_pattern>`
  223. execution function, or the
  224. :mod:`netconfig.replace_pattern <salt.states.netconfig.replace_pattern>` State
  225. function. For example, if you want to update your configuration and rename
  226. a BGP policy referenced in many places, you can do so by running:
  227. .. code-block:: bash
  228. salt '*' net.replace_pattern OLD-POLICY-CONFIG new-policy-config
  229. Similarly, you can also replace entire configuration blocks using the
  230. :mod:`net.blockreplace <salt.modules.napalm_network.blockreplace>` function.
  231. Configuration Save Features
  232. """""""""""""""""""""""""""
  233. The :mod:`net.save_config <salt.modules.napalm_network.save_config>` function
  234. can be used to save the configuration of the managed device into a file. For
  235. the State subsystem, the :mod:`netconfig.saved <salt.states.netconfig.saved>`
  236. function has been added which provides a complete list of facilities when
  237. managing the target file where the configuration of the network device can be
  238. saved.
  239. For example, backup the running configuration of each device under its own
  240. directory tree:
  241. .. code-block:: yaml
  242. /var/backups/{{ opts.id }}/running.cfg:
  243. netconfig.saved:
  244. - source: running
  245. - makedirs: true
  246. All the new network automation modules mentioned above are directly exposed to
  247. the NAPALM users, without requiring any architectural changes, just eventually
  248. install some requirements:
  249. Junos
  250. ^^^^^
  251. The features from the existing :mod:`junos <salt.modules.junos>` Execution
  252. Module are available via the following functions:
  253. - :mod:`napalm.junos_cli <salt.modules.napalm_mod.junos_cli>`: Execute a CLI
  254. command and return the output as text or Python dictionary.
  255. - :mod:`napalm.junos_rpc <salt.modules.napalm_mod.junos_rpc>`: Execute an RPC
  256. request on the remote Junos device, and return the result as a Python
  257. dictionary, easy to digest and manipulate.
  258. - :mod:`napalm.junos_install_os <salt.modules.napalm_mod.junos_install_os>`:
  259. Install the given image on the device.
  260. - :mod:`napalm.junos_facts <salt.modules.napalm_mod.junos_facts>`: The complete
  261. list of Junos facts collected by the ``junos-eznc`` underlying library.
  262. .. note::
  263. To be able to use these features, you muse ensure that you meet the
  264. requirements for the :mod:`junos <salt.modules.junos>` module. As
  265. ``junos-eznc`` is already a dependency of NAPALM, you will only have to
  266. install ``jxmlease``.
  267. Usage examples:
  268. .. code-block:: bash
  269. salt '*' napalm.junos_cli 'show arp' format=xml
  270. salt '*' napalm.junos_rpc get-interface-information
  271. Netmiko
  272. ^^^^^^^
  273. The features from the newly added :mod:`netmiko <salt.modules.netmiko_mod>`
  274. Execution Module are available as:
  275. - :mod:`napalm.netmiko_commands <salt.modules.napalm_mod.netmiko_commands>`:
  276. Execute one or more commands to be execute on the remote device, via Netmiko,
  277. and return the output as a text.
  278. - :mod:`napalm.netmiko_config <salt.modules.napalm_mod.netmiko_config>`: Load
  279. a list of configuration command on the remote device, via Netmiko. The
  280. commands can equally be loaded from a local or remote path, and passed
  281. through Salt's template rendering pipeline (by default using ``Jinja`` as the
  282. template rendering engine).
  283. Usage examples:
  284. .. code-block:: bash
  285. salt '*' napalm.netmiko_commands 'show version' 'show interfaces'
  286. salt '*' napalm.netmiko_config config_file=https://bit.ly/2sgljCB
  287. Arista pyeapi
  288. ^^^^^^^^^^^^^
  289. For various operations and various extension modules, the following features
  290. have been added to gate functionality from the
  291. :mod:`pyeapi <salt.modules.arista_pyeapi>` module:
  292. - :mod:`napalm.pyeapi_run_commands
  293. <salt.modules.napalm_mod.pyeapi_run_commands>`: Execute a list of commands on
  294. the Arista switch, via the ``pyeapi`` library.
  295. - :mod:`napalm.pyeapi_config <salt.modules.napalm_mod.pyeapi_config>`:
  296. Configure the Arista switch with the specified commands, via the ``pyeapi``
  297. Python library. Similarly to
  298. :mod:`napalm.netmiko_config <salt.modules.napalm_mod.netmiko_config>`, you
  299. can use both local and remote files, with or without templating.
  300. Usage examples:
  301. .. code-block:: bash
  302. salt '*' napalm.pyeapi_run_commands 'show version' 'show interfaces'
  303. salt '*' napalm.pyeapi_config config_file=salt://path/to/template.jinja
  304. Cisco NX-API
  305. ^^^^^^^^^^^^
  306. In the exact same way as above, the user has absolute control by using the
  307. following primitives to manage Cisco Nexus switches via the NX-API:
  308. - :mod:`napalm.nxos_api_show <salt.modules.napalm_mod.nxos_api_show>`: Execute
  309. one or more show (non-configuration) commands, and return the output as plain
  310. text or Python dictionary.
  311. - :mod:`napalm.nxos_api_rpc <salt.modules.napalm_mod.nxos_api_rpc>`: Execute
  312. arbitrary RPC requests via the Nexus API.
  313. - :mod:`napalm.nxos_api_config <salt.modules.napalm_mod.nxos_api_config>`:
  314. Configures the Nexus switch with the specified commands, via the NX-API. The
  315. commands can be loaded from the command line, or a local or remote file,
  316. eventually rendered using the templating engine of choice (default:
  317. ``jinja``).
  318. Usage examples:
  319. .. code-block:: bash
  320. salt '*' napalm.nxos_api_show 'show bgp sessions' 'show processes' raw_text=False
  321. Ciscoconfparse
  322. ^^^^^^^^^^^^^^
  323. The following list of function may be handy when manipulating Cisco IOS or
  324. Junos style configurations:
  325. - :mod:`napalm.config_filter_lines
  326. <salt.modules.napalm_mod.config_filter_lines>`: Return a list of detailed
  327. matches, for the configuration blocks (parent-child relationship) whose
  328. parent and children respect the regular expressions provided.
  329. - :mod:`napalm.config_find_lines <salt.modules.napalm_mod.config_find_lines>`:
  330. Return the configuration lines that match the regular expression provided.
  331. - :mod:`napalm.config_lines_w_child <salt.modules.napalm_mod.config_lines_w_child>`:
  332. Return the configuration lines that match a regular expression, having child
  333. lines matching the child regular expression.
  334. - :mod:`napalm.config_lines_wo_child <salt.modules.napalm_mod.config_lines_wo_child>`:
  335. Return the configuration lines that match a regular expression, that don't
  336. have child lines matching the child regular expression.
  337. .. note::
  338. These functions require the ``ciscoconfparse`` Python library to be
  339. installed.
  340. Usage example (find interfaces that are administratively shut down):
  341. .. code-block:: bash
  342. salt '*' napalm.config_lines_w_child 'interface' 'shutdown'
  343. IOSConfig
  344. ^^^^^^^^^
  345. For Cisco IOS style configuration, the following features have been added to
  346. the :mod:`napalm <salt.modules.napalm_mod>` Execution Module:
  347. - :mod:`napalm.config_tree <salt.modules.napalm_mod.config_tree>`: Transform
  348. Cisco IOS style configuration to structured Python dictionary, using the
  349. configuration of the interrogated network device.
  350. - :mod:`napalm.config_merge_tree <salt.modules.napalm_mod.config_merge_tree>`:
  351. Return the merge tree of the configuration of the managed network device with
  352. a different configuration to be merged with (without actually loading any
  353. changes on the device).
  354. - :mod:`napalm.config_merge_text <salt.modules.napalm_mod.config_merge_text>`:
  355. Return the merge result (as text) of the configuration of the managed network
  356. device with a different configuration to be merged with.
  357. - :mod:`napalm.config_merge_diff <salt.modules.napalm_mod.config_merge_diff>`:
  358. Return the merge diff after merging the configuration of the managed network
  359. device with a different configuration (without actually loading any changes
  360. on the device).
  361. SCP
  362. ^^^
  363. Reusing the already available connection credentials provided for NAPALM, the
  364. following features are now available:
  365. - :mod:`napalm.scp_put <salt.modules.napalm_mod.scp_put>`: Transfer files and
  366. directories to remote network device.
  367. - :mod:`napalm.scp_get <salt.modules.napalm_mod.scp_get>`: Transfer files and
  368. directories from remote network device to the localhost of the Minion.
  369. PeeringDB
  370. ---------
  371. The :mod:`peeringdb <salt.modules.peeringdb>` Execution Module is useful to
  372. gather information about other networks you can potentially peer with, and
  373. automatically establish BGP sessions, e.g., given just a specific AS number,
  374. the rest of the data (i.e., IP addresses, locations where the remote network is
  375. available, etc.) is retrieved from PeeringDB, and the session configuration is
  376. automated with minimal to no effort (typing the IP addresses manually can be
  377. both tedious and error prone).
  378. New Docker Proxy Minion
  379. =======================
  380. Docker containers can now be treated as actual minions without installing salt
  381. in the container, using the new :py:mod:`docker proxy minion <salt.proxy.docker>`.
  382. This proxy minion uses the :py:mod:`docker executor <salt.executors.docker>` to
  383. pass commands to the docker container using :py:func:`docker.call
  384. <salt.modules.dockermod.call>`. Any state module calls are passed through the
  385. corresponding function from the :py:mod:`docker <salt.modules.dockermod>`
  386. module.
  387. .. code-block:: yaml
  388. proxy:
  389. proxytype: docker
  390. name: keen_proskuriakova
  391. Terraform Salt-SSH Roster
  392. =========================
  393. You can now dynamically generate a Salt-SSH roster from the terraform resources
  394. defined with `terraform-provider-salt <https://github.com/dmacvicar/terraform-provider-salt>`_.
  395. This allows you to combine both terraform and Salt-SSH to provision and
  396. configure your hosts. See the :py:mod:`terraform roster<salt.roster.terraform>` for
  397. an example on how to setup and use.
  398. Grains Dictionary Passed into Custom Grains
  399. ===========================================
  400. Starting in this release, if a custom grains function accepts a variable named
  401. ``grains``, the Grains dictionary of the already compiled grains will be passed
  402. in. Because of the non-deterministic order that grains are rendered in, the
  403. only grains that can be relied upon to be passed in are ``core.py`` grains,
  404. since those are compiled first.
  405. More Precise ``virtual`` Grain
  406. ==============================
  407. This release improves the accuracy of the ``virtual`` grain when running Salt in
  408. a nested virtualization environment (e.g. ``systemd-nspawn`` container inside a
  409. VM) and having ``virt-what`` installed.
  410. Until now, the ``virtual`` grain was determined by matching against all output
  411. lines of ``virt-what`` instead of individual items which could lead to not quite
  412. precise results (e.g. reporting ``HyperV`` inside a ``systemd-nspawn`` container
  413. running within a Hyper-V-based VM.
  414. Configurable Module Environment
  415. ===============================
  416. Salt modules (states, execution modules, returners, etc.) now can have custom
  417. environment variables applied when running shell commands. This can be
  418. configured by setting a ``system-environment`` key either in Grains or Pillar.
  419. The syntax is as follows:
  420. .. code-block:: yaml
  421. system-environment:
  422. <type>
  423. <module>:
  424. # Namespace for all functions in the module
  425. _:
  426. <key>: <value>
  427. # Namespace only for particular function in the module
  428. <function>:
  429. <key>: <value>
  430. - ``<type>`` would be the type of module (i.e. ``states``, ``modules``, etc.).
  431. - ``<module>`` would be the module's name.
  432. .. note::
  433. The module name can be either the virtual name (e.g. ``pkg``), or the
  434. physical name (e.g. ``yumpkg``).
  435. - ``<function>`` would be the function name within that module. To apply
  436. environment variables to *all* functions in a given module, use an underscore
  437. (i.e. ``_``) as the function name. For example, to set the same environment
  438. variable for all package management functions, the following could be used:
  439. .. code-block:: yaml
  440. system-environment:
  441. modules:
  442. pkg:
  443. _:
  444. SOMETHING: for_all
  445. To set an environment variable in ``pkg.install`` only:
  446. .. code-block:: yaml
  447. system-environment:
  448. modules:
  449. pkg:
  450. install:
  451. LC_ALL: en_GB.UTF-8
  452. To set the same variable but only for SUSE minions (which use zypper for
  453. package management):
  454. .. code-block:: yaml
  455. system-environment:
  456. modules:
  457. zypper:
  458. install:
  459. LC_ALL: en_GB.UTF-8
  460. .. note::
  461. This is not supported throughout Salt; the module must explicitly support
  462. this feature (though this may change in the future). As of this release,
  463. the only modules which support this are the following ``pkg`` virtual
  464. modules:
  465. - :py:mod:`aptpkg <salt.modules.aptpkg>`
  466. - :py:mod:`yumpkg <salt.modules.yumpkg>`
  467. - :py:mod:`zypper <salt.modules.zypper>`
  468. "Virtual Package" Support Dropped for APT
  469. =========================================
  470. In APT, some packages have an associated list of packages which they provide.
  471. This allows one to do things like run ``apt-get install foo`` when the real
  472. package name is ``foo1.0``, and get the right package installed.
  473. Salt has traditionally designated as "virtual packages" those which are
  474. provided by an installed package, but for which there is no real package by
  475. that name installed. Given the above example, if one were to run a
  476. :py:func:`pkg.installed <salt.states.pkg.installed>` state for a package named
  477. ``foo``, then :py:func:`pkg.list_pkgs <salt.modules.aptpkg.list_pkgs>` would
  478. show a package version of simply ``1`` for package ``foo``, denoting that it is
  479. a virtual package.
  480. However, while this makes certain aspects of package management convenient,
  481. there are issues with this approach that make relying on "virtual packages"
  482. problematic. For instance, Ubuntu has four different mutually-conflicting
  483. packages for ``nginx``:
  484. - nginx-core_
  485. - nginx-full_
  486. - nginx-light_
  487. - nginx-extras_
  488. All four of these provide ``nginx``. Yet there is an nginx_ package as well,
  489. which has no actual content and merely has dependencies on any one of the above
  490. four packages. If one used ``nginx`` in a :py:func:`pkg.installed
  491. <salt.states.pkg.installed>` state, and none of the above four packages were
  492. installed, then the nginx_ metapackage would be installed, which would pull in
  493. `nginx-core_`. Later, if ``nginx`` were used in a :py:func:`pkg.removed
  494. <salt.states.pkg.removed>` state, the nginx_ metapackage would be removed,
  495. leaving nginx-core_ installed. The result would be that, since `nginx-core_`
  496. provides `nginx_`, Salt would now see nginx_ as an installed virtual package,
  497. and the :py:func:`pkg.removed <salt.states.pkg.removed>` state would fail.
  498. Moreover, *nginx would not actually have been removed*, since nginx-core_ would
  499. remain installed.
  500. .. _nginx-core: https://packages.ubuntu.com/xenial/nginx-core
  501. .. _nginx-full: https://packages.ubuntu.com/xenial/nginx-full
  502. .. _nginx-light: https://packages.ubuntu.com/xenial/nginx-light
  503. .. _nginx-extras: https://packages.ubuntu.com/xenial/nginx-extras
  504. .. _nginx: https://packages.ubuntu.com/xenial/nginx
  505. Starting with this release, Salt will no longer support using "virtual package"
  506. names in ``pkg`` states, and package names will need to be specified using the
  507. proper package name. The :py:func:`pkg.list_repo_pkgs
  508. <salt.modules.aptpkg.list_repo_pkgs>` function can be used to find matching
  509. package names in the repositories, given a package name (or glob):
  510. .. code-block:: bash
  511. # salt myminion pkg.list_repo_pkgs 'nginx*'
  512. myminion:
  513. ----------
  514. nginx:
  515. - 1.10.3-0ubuntu0.16.04.2
  516. - 1.9.15-0ubuntu1
  517. nginx-common:
  518. - 1.10.3-0ubuntu0.16.04.2
  519. - 1.9.15-0ubuntu1
  520. nginx-core:
  521. - 1.10.3-0ubuntu0.16.04.2
  522. - 1.9.15-0ubuntu1
  523. nginx-core-dbg:
  524. - 1.10.3-0ubuntu0.16.04.2
  525. - 1.9.15-0ubuntu1
  526. nginx-doc:
  527. - 1.10.3-0ubuntu0.16.04.2
  528. - 1.9.15-0ubuntu1
  529. nginx-extras:
  530. - 1.10.3-0ubuntu0.16.04.2
  531. - 1.9.15-0ubuntu1
  532. nginx-extras-dbg:
  533. - 1.10.3-0ubuntu0.16.04.2
  534. - 1.9.15-0ubuntu1
  535. nginx-full:
  536. - 1.10.3-0ubuntu0.16.04.2
  537. - 1.9.15-0ubuntu1
  538. nginx-full-dbg:
  539. - 1.10.3-0ubuntu0.16.04.2
  540. - 1.9.15-0ubuntu1
  541. nginx-light:
  542. - 1.10.3-0ubuntu0.16.04.2
  543. - 1.9.15-0ubuntu1
  544. nginx-light-dbg:
  545. - 1.10.3-0ubuntu0.16.04.2
  546. - 1.9.15-0ubuntu1
  547. Alternatively, the newly-added :py:func:`pkg.show <salt.modules.aptpkg.show>`
  548. function can be used to get more detailed information about a given package and
  549. help determine what package name is correct:
  550. .. code-block:: bash
  551. # salt myminion pkg.show 'nginx*' filter=description,provides
  552. myminion:
  553. ----------
  554. nginx:
  555. ----------
  556. 1.10.3-0ubuntu0.16.04.2:
  557. ----------
  558. Description:
  559. small, powerful, scalable web/proxy server
  560. 1.9.15-0ubuntu1:
  561. ----------
  562. Description:
  563. small, powerful, scalable web/proxy server
  564. nginx-common:
  565. ----------
  566. 1.10.3-0ubuntu0.16.04.2:
  567. ----------
  568. Description:
  569. small, powerful, scalable web/proxy server - common files
  570. 1.9.15-0ubuntu1:
  571. ----------
  572. Description:
  573. small, powerful, scalable web/proxy server - common files
  574. nginx-core:
  575. ----------
  576. 1.10.3-0ubuntu0.16.04.2:
  577. ----------
  578. Description:
  579. nginx web/proxy server (core version)
  580. Provides:
  581. httpd, httpd-cgi, nginx
  582. 1.9.15-0ubuntu1:
  583. ----------
  584. Description:
  585. nginx web/proxy server (core version)
  586. Provides:
  587. httpd, httpd-cgi, nginx
  588. nginx-core-dbg:
  589. ----------
  590. 1.10.3-0ubuntu0.16.04.2:
  591. ----------
  592. Description:
  593. nginx web/proxy server (core version) - debugging symbols
  594. 1.9.15-0ubuntu1:
  595. ----------
  596. Description:
  597. nginx web/proxy server (core version) - debugging symbols
  598. nginx-doc:
  599. ----------
  600. 1.10.3-0ubuntu0.16.04.2:
  601. ----------
  602. Description:
  603. small, powerful, scalable web/proxy server - documentation
  604. 1.9.15-0ubuntu1:
  605. ----------
  606. Description:
  607. small, powerful, scalable web/proxy server - documentation
  608. nginx-extras:
  609. ----------
  610. 1.10.3-0ubuntu0.16.04.2:
  611. ----------
  612. Description:
  613. nginx web/proxy server (extended version)
  614. Provides:
  615. httpd, httpd-cgi, nginx
  616. 1.9.15-0ubuntu1:
  617. ----------
  618. Description:
  619. nginx web/proxy server (extended version)
  620. Provides:
  621. httpd, httpd-cgi, nginx
  622. nginx-extras-dbg:
  623. ----------
  624. 1.10.3-0ubuntu0.16.04.2:
  625. ----------
  626. Description:
  627. nginx web/proxy server (extended version) - debugging symbols
  628. 1.9.15-0ubuntu1:
  629. ----------
  630. Description:
  631. nginx web/proxy server (extended version) - debugging symbols
  632. nginx-full:
  633. ----------
  634. 1.10.3-0ubuntu0.16.04.2:
  635. ----------
  636. Description:
  637. nginx web/proxy server (standard version)
  638. Provides:
  639. httpd, httpd-cgi, nginx
  640. 1.9.15-0ubuntu1:
  641. ----------
  642. Description:
  643. nginx web/proxy server (standard version)
  644. Provides:
  645. httpd, httpd-cgi, nginx
  646. nginx-full-dbg:
  647. ----------
  648. 1.10.3-0ubuntu0.16.04.2:
  649. ----------
  650. Description:
  651. nginx web/proxy server (standard version) - debugging symbols
  652. 1.9.15-0ubuntu1:
  653. ----------
  654. Description:
  655. nginx web/proxy server (standard version) - debugging symbols
  656. nginx-light:
  657. ----------
  658. 1.10.3-0ubuntu0.16.04.2:
  659. ----------
  660. Description:
  661. nginx web/proxy server (basic version)
  662. Provides:
  663. httpd, httpd-cgi, nginx
  664. 1.9.15-0ubuntu1:
  665. ----------
  666. Description:
  667. nginx web/proxy server (basic version)
  668. Provides:
  669. httpd, httpd-cgi, nginx
  670. nginx-light-dbg:
  671. ----------
  672. 1.10.3-0ubuntu0.16.04.2:
  673. ----------
  674. Description:
  675. nginx web/proxy server (basic version) - debugging symbols
  676. 1.9.15-0ubuntu1:
  677. ----------
  678. Description:
  679. nginx web/proxy server (basic version) - debugging symbols
  680. Minion Startup Events
  681. =====================
  682. When a minion starts up it sends a notification on the event bus with a tag
  683. that looks like this: ``salt/minion/<minion_id>/start``. For historical reasons
  684. the minion also sends a similar event with an event tag like this:
  685. ``minion_start``. This duplication can cause a lot of clutter on the event bus
  686. when there are many minions. Set ``enable_legacy_startup_events: False`` in the
  687. minion config to ensure only the ``salt/minion/<minion_id>/start`` events are
  688. sent.
  689. The new :conf_minion:`enable_legacy_startup_events` minion config option
  690. defaults to ``True``, but will be set to default to ``False`` beginning with
  691. the Sodium release of Salt.
  692. The Salt Syndic currently sends an old style ``syndic_start`` event as well. The
  693. syndic respects :conf_minion:`enable_legacy_startup_events` as well.
  694. Failhard changes
  695. ================
  696. It is now possible to override a global failhard setting with a state-level
  697. failhard setting. This is most useful in case where global failhard is set to
  698. ``True`` and you want the execution not to stop for a specific state that
  699. could fail, by setting the state level failhard to ``False``.
  700. This also allows for the use of ``onfail*``-requisites, which would previously
  701. be ignored when a global failhard was set to ``True``.
  702. This is a deviation from previous behavior, where the global failhard setting
  703. always resulted in an immediate stop whenever any state failed (regardless
  704. of whether the failing state had a failhard setting of its own, or whether
  705. any ``onfail*``-requisites were used).
  706. Pass Through Options to :py:func:`file.serialize <salt.states.file.serialize>` State
  707. ====================================================================================
  708. This allows for more granular control over the way in which the dataset is
  709. serialized. See the documentation for the new ``serializer_opts`` and
  710. ``deserializer_opts`` options in the :py:func:`file.serialize
  711. <salt.states.file.serialize>` state for more information.
  712. :py:func:`file.patch <salt.sates.file.patch>` State Rewritten
  713. =============================================================
  714. The :py:func:`file.patch <salt.sates.file.patch>` state has been rewritten with
  715. several new features:
  716. - Patch sources can now be remote files instead of only ``salt://`` URLs
  717. - Multi-file patches are now supported
  718. - Patch files can be templated
  719. In addition, it is no longer necessary to specify what the hash of the patched
  720. file should be.
  721. New no_proxy Minion Configuration
  722. =================================
  723. Pass a list of hosts using the ``no_proxy`` minion config option to bypass an HTTP
  724. proxy.
  725. .. note::
  726. This key does nothing unless proxy_host is configured and it does not support
  727. any kind of wildcards.
  728. .. code-block:: yaml
  729. no_proxy: [ '127.0.0.1', 'foo.tld' ]
  730. Changes to :py:mod:`slack <salt.engines.slack>` Engine
  731. ======================================================
  732. The output returned to Slack from functions run using this engine is now
  733. formatted using that function's proper outputter. Earlier releases would format
  734. the output in YAML for all functions except for when states were run.
  735. Enhancements to :py:mod:`wtmp <salt.beacons.wtmp>` Beacon
  736. =========================================================
  737. A new key, ``action``, has been added to the events fired by this beacon, which
  738. will contain either the string ``login`` or ``logout``. This will simplify
  739. reactors which use this beacon's data, as it will no longer be necessary to
  740. check the integer value of the ``type`` key to know whether the event is a
  741. login or logout.
  742. Additionally, in the event that your platform has a non-standard ``utmp.h``,
  743. you can now configure which type numbers indicate a login and logout.
  744. See the :py:mod:`wtmp beacon documentation <salt.beacons.wtmp>` for more
  745. information.
  746. Deprecations
  747. ============
  748. API Deprecations
  749. ----------------
  750. Support for :ref:`LocalClient <local-client>`'s ``expr_form`` argument has
  751. been removed. Please use ``tgt_type`` instead. This change was made due to
  752. numerous reports of confusion among community members, since the targeting
  753. method is published to minions as ``tgt_type``, and appears as ``tgt_type``
  754. in the job cache as well.
  755. Those who are using the :ref:`LocalClient <local-client>` (either directly,
  756. or implicitly via a :ref:`netapi module <all-netapi-modules>`) need to update
  757. their code to use ``tgt_type``.
  758. .. code-block:: python
  759. >>> import salt.client
  760. >>> local = salt.client.LocalClient()
  761. >>> local.cmd('*', 'cmd.run', ['whoami'], tgt_type='glob')
  762. {'jerry': 'root'}
  763. Minion Configuration Deprecations
  764. ---------------------------------
  765. The :conf_minion:`master_shuffle` configuration option is deprecated as of the
  766. ``2019.2.0`` release. Please use the :conf_minion:`random_master` option instead.
  767. Module Deprecations
  768. -------------------
  769. - The :py:mod:`napalm_network <salt.modules.napalm_network>` module has been
  770. changed as follows:
  771. - Support for the ``template_path`` has been removed from
  772. :py:func:`net.load_template <salt.modules.napalm_network.load_template>`
  773. function. This is because support for NAPALM native templates has been
  774. dropped.
  775. - The :py:mod:`pip <salt.modules.pip>` module has been changed as follows:
  776. - Support for the ``no_chown`` option has been removed from
  777. :py:func:`pip.install <salt.modules.pip.install>` function.
  778. - The :py:mod:`trafficserver <salt.modules.trafficserver>` module has been
  779. changed as follows:
  780. - The ``trafficserver.match_var`` function was removed. Please use
  781. :py:func:`trafficserver.match_metric
  782. <salt.modules.trafficserver.match_metric>` instead.
  783. - The ``trafficserver.read_var`` function was removed. Please use
  784. :py:func:`trafficserver.read_config
  785. <salt.modules.trafficserver.read_config>` instead.
  786. - The ``trafficserver.set_var`` function was removed. Please use
  787. :py:func:`trafficserver.set_config
  788. <salt.modules.trafficserver.set_config>` instead.
  789. - The ``win_update`` module has been removed. It has been replaced by
  790. :py:mod:`win_wua <salt.modules.win_wua>`.
  791. - The :py:mod:`win_wua <salt.modules.win_wua>` module has been changed as
  792. follows:
  793. - The ``win_wua.download_update`` and ``win_wua.download_updates``
  794. functions have been removed. Please use :py:func:`win_wua.download
  795. <salt.modules.win_wua.download>` instead.
  796. - The ``win_wua.install_update`` and ``win_wua.install_updates``
  797. functions have been removed. Please use :py:func:`win_wua.install
  798. <salt.modules.win_wua.install>` instead.
  799. - The ``win_wua.list_update`` function has been removed. Please use
  800. functions have been removed. Please use :py:func:`win_wua.get
  801. <salt.modules.win_wua.get>` instead.
  802. - The ``win_wua.list_updates`` function has been removed. Please use
  803. functions have been removed. Please use :py:func:`win_wua.list
  804. <salt.modules.win_wua.list_>` instead.
  805. Pillar Deprecations
  806. -------------------
  807. - The :py:mod:`vault <salt.pillar.vault>` external pillar has been changed as
  808. follows:
  809. - Support for the ``profile`` argument was removed. Any options passed up
  810. until and following the first ``path=`` are discarded.
  811. Roster Deprecations
  812. -------------------
  813. - The :py:mod:`cache <salt.roster.cache>` roster has been changed as follows:
  814. - Support for ``roster_order`` as a list or tuple has been removed. As of
  815. the ``2019.2.0`` release, ``roster_order`` must be a dictionary.
  816. - The ``roster_order`` option now includes IPv6 in addition to IPv4 for the
  817. ``private``, ``public``, ``global`` or ``local`` settings. The syntax for
  818. these settings has changed to ``ipv4-*`` or ``ipv6-*``, respectively.
  819. State Deprecations
  820. ------------------
  821. - The ``docker`` state module has been removed
  822. - In :ref:`2017.7.0 <release-2017-7-0>`, the states from this module were
  823. split into four separate state modules:
  824. - :py:mod:`docker_container <salt.states.docker_container>`
  825. - :py:mod:`docker_image <salt.states.docker_image>`
  826. - :py:mod:`docker_volume <salt.states.docker_volume>`
  827. - :py:mod:`docker_network <salt.states.docker_network>`
  828. - The ``docker`` module remained, for backward-compatibility, but it has now
  829. been removed. Please update SLS files to use the new state names:
  830. - ``docker.running`` => :py:func:`docker_container.running
  831. <salt.states.docker_container.running>`
  832. - ``docker.stopped`` => :py:func:`docker_container.stopped
  833. <salt.states.docker_container.stopped>`
  834. - ``docker.absent`` => :py:func:`docker_container.absent
  835. <salt.states.docker_container.absent>`
  836. - ``docker.network_present`` => :py:func:`docker_network.present
  837. <salt.states.docker_network.present>`
  838. - ``docker.network_absent`` => :py:func:`docker_network.absent
  839. <salt.states.docker_network.absent>`
  840. - ``docker.image_present`` => :py:func:`docker_image.present
  841. <salt.states.docker_image.present>`
  842. - ``docker.image_absent`` => :py:func:`docker_image.absent
  843. <salt.states.docker_image.absent>`
  844. - ``docker.volume_present`` => :py:func:`docker_volume.present
  845. <salt.states.docker_volume.present>`
  846. - ``docker.volume_absent`` => :py:func:`docker_volume.absent
  847. <salt.states.docker_volume.absent>`
  848. - The :py:mod:`docker_network <salt.states.docker_network>` state module has
  849. been changed as follows:
  850. - The ``driver`` option has been removed from
  851. :py:func:`docker_network.absent <salt.states.docker_network.absent>`. It
  852. had no functionality, as the state simply deletes the specified network
  853. name if it exists.
  854. - The deprecated ``ref`` option has been removed from the
  855. :py:func:`git.detached <salt.states.git.detached>` state. Please use ``rev``
  856. instead.
  857. - The ``k8s`` state module has been removed in favor of the :py:mod:`kubernetes
  858. <salt.states.kubernetes>` state mdoule. Please update SLS files as follows:
  859. - In place of ``k8s.label_present``, use
  860. :py:func:`kubernetes.node_label_present
  861. <salt.states.kubernetes.node_label_present>`
  862. - In place of ``k8s.label_absent``, use
  863. :py:func:`kubernetes.node_label_absent
  864. <salt.states.kubernetes.node_label_absent>`
  865. - In place of ``k8s.label_folder_absent``, use
  866. :py:func:`kubernetes.node_label_folder_absent
  867. <salt.states.kubernetes.node_label_folder_absent>`
  868. - Support for the ``template_path`` option in the :py:func:`netconfig.managed
  869. <salt.states.netconfig.managed` state has been removed. This is because
  870. support for NAPALM native templates has been dropped.
  871. - Support for the ``no_chown`` option in the
  872. :py:func:`pip.insalled <salt.states.pip.installed>` state has been removed.
  873. - The :py:func:`trafficserver.set_var <salt.states.trafficserver.set_var>`
  874. state has been removed. Please use :py:func:`trafficserver.config
  875. <salt.states.trafficserver.config>` instead.
  876. - Support for the ``no_chown`` option in the
  877. :py:func`virtualenv.managed <salt.states.virtualenv.managed>` function has
  878. been removed.
  879. - The ``win_update`` state module has been removed. It has been replaced by
  880. :py:mod:`win_wua <salt.states.win_wua>`.
  881. - Support for virtual packages has been removed from the
  882. py:mod:`pkg state <salt.states.pkg>`.
  883. Utils Deprecations
  884. ------------------
  885. The ``cloud`` utils module had the following changes:
  886. - Support for the ``cache_nodes_ip`` function in :mod:`salt utils module <salt.utils.cloud>`
  887. has been removed. The function was incomplete and non-functional.
  888. The ``vault`` utils module had the following changes:
  889. - Support for specifying Vault connection data within a 'profile' has been removed.
  890. Please see the :mod:`vault execution module <salt.modules.vault>` documentation for
  891. details on the new configuration schema.
  892. Dependency Deprecations
  893. -----------------------
  894. Salt-Cloud has been updated to use the ``pypsexec`` Python library instead of the
  895. ``winexe`` executable. Both ``winexe`` and ``pypsexec`` run remote commands
  896. against Windows OSes. Since ``winexe`` is not packaged for every system, it has
  897. been deprecated in favor of ``pypsexec``.
  898. Salt-Cloud has deprecated the use ``impacket`` in favor of ``smbprotocol``.
  899. This changes was made because ``impacket`` is not compatible with Python 3.
  900. SaltSSH major updates
  901. =====================
  902. SaltSSH now works across different major Python versions. Python 2.7 ~ Python 3.x
  903. are now supported transparently. Requirement is, however, that the SaltMaster should
  904. have installed Salt, including all related dependencies for Python 2 and Python 3.
  905. Everything needs to be importable from the respective Python environment.
  906. SaltSSH can bundle up an arbitrary version of Salt. If there would be an old box for
  907. example, running an outdated and unsupported Python 2.6, it is still possible from
  908. a SaltMaster with Python 3.5 or newer to access it. This feature requires an additional
  909. configuration in /etc/salt/master as follows:
  910. .. code-block:: yaml
  911. ssh_ext_alternatives:
  912. 2016.3: # Namespace, can be actually anything.
  913. py-version: [2, 6] # Constraint to specific interpreter version
  914. path: /opt/2016.3/salt # Main Salt installation
  915. dependencies: # List of dependencies and their installation paths
  916. jinja2: /opt/jinja2
  917. yaml: /opt/yaml
  918. tornado: /opt/tornado
  919. msgpack: /opt/msgpack
  920. certifi: /opt/certifi
  921. singledispatch: /opt/singledispatch.py
  922. singledispatch_helpers: /opt/singledispatch_helpers.py
  923. markupsafe: /opt/markupsafe
  924. backports_abc: /opt/backports_abc.py
  925. It is also possible to use several alternative versions of Salt. You can for
  926. instance generate a minimal tarball using runners and include that. But this is
  927. only possible, when such specific Salt version is also available on the Master
  928. machine, although does not need to be directly installed together with the
  929. older Python interpreter.
  930. SaltSSH now support private key's passphrase. You can configure it by:
  931. * `--priv-passwd` for salt-ssh cli
  932. * `salt_priv_passwd` for salt master configure file
  933. * `priv_passwd` for salt roster file
  934. State Module Changes
  935. ====================
  936. :py:mod:`salt <salt.states.saltmod>` State Module (used in orchestration)
  937. -------------------------------------------------------------------------
  938. The ``test`` option now defaults to None. A value of ``True`` or ``False`` set
  939. here is passed to the state being run and can be used to override a ``test:
  940. True`` option set in the minion's config file. In previous releases the
  941. minion's config option would take precedence and it would be impossible to run
  942. an orchestration on a minion with test mode set to True in the config file.
  943. If a minion is not in permanent test mode due to the config file and the 'test'
  944. argument here is left as None then a value of ``test=True`` on the command-line is
  945. passed correctly to the minion to run an orchestration in test mode. At present
  946. it is not possible to pass ``test=False`` on the command-line to override a
  947. minion in permanent test mode and so the ``test: False`` option must still be set
  948. in the orchestration file.
  949. :py:func:`event.send <salt.states.event.send>` State
  950. ----------------------------------------------------
  951. The :py:func:`event.send <salt.states.event.send>` state does not know the
  952. results of the sent event, so returns changed every state run. It can now be
  953. set to return changed or unchanged.
  954. :py:mod:`influxdb_user.present <salt.states.influxdb_user>` Influxdb User Module State
  955. ---------------------------------------------------------------------------------------
  956. The ``password`` parameter has been changed to ``passwd`` to remove the
  957. name collusion with the influxdb client configuration (``client_kwargs``)
  958. allowing management of users when authentication is enabled on the influxdb
  959. instance
  960. Old behavior:
  961. .. code-block:: yaml
  962. influxdb_user.present:
  963. - name: exampleuser
  964. - password: exampleuserpassword
  965. - user: admin
  966. - password: adminpassword
  967. New behavior:
  968. .. code-block:: yaml
  969. influxdb_user.present:
  970. - name: exampleuser
  971. - passwd: exampleuserpassword
  972. - user: admin
  973. - password: adminpassword
  974. :conf_minion:`winrepo_cache_expire_min` Windows Package Definitions Caching
  975. ---------------------------------------------------------------------------
  976. The :conf_minion:`winrepo_cache_expire_min` has been changed from 0 to 1800 (30 minutes)
  977. For example if you run highstate the package definitions are normally updated,
  978. however now if the package definitions are younger than :conf_minion:`winrepo_cache_expire_min`
  979. (30 minutes) the package definitions will not be refreshed, reducing the amount
  980. of time taken to run a 2nd highstate. To get the old behaviour change the value
  981. back to 0 in the minion configuration file. This also effects the behaviour of
  982. other functions which default to refresh. The ``pkg.refresh_db`` will always
  983. refresh the package definitions.
  984. LDAP External Authentication
  985. ============================
  986. freeipa ``groupattribute`` support
  987. ----------------------------------
  988. Previously, if Salt was using external authentication against a freeipa LDAP
  989. system it could only search for users via the ``accountattributename`` field.
  990. This release add an additional search using the ``groupattribute`` field as
  991. well. The original ``accountattributename`` search is done first then the
  992. ``groupattribute`` allowing for backward compatibility with previous Salt
  993. releases.
  994. Jinja Include Relative Paths
  995. ============================
  996. When a jinja include template name begins with ``./`` or
  997. ``../`` then the import will be relative to the importing file.
  998. Prior practices required the following construct:
  999. .. code-block:: jinja
  1000. {% from tpldir ~ '/foo' import bar %}
  1001. A more "natural" construct is now supported:
  1002. .. code-block:: jinja
  1003. {% from './foo' import bar %}
  1004. Comparatively when importing from a parent directory - prior practice:
  1005. .. code-block:: jinja
  1006. {% from tpldir ~ '/../foo' import bar %}
  1007. New style for including from a parent directory:
  1008. .. code-block:: jinja
  1009. {% from '../foo' import bar %}
  1010. salt-api
  1011. ========
  1012. salt-api Windows support
  1013. ------------------------
  1014. Previously, salt-api was was not supported on the Microsoft Windows platforms. Now it is!
  1015. salt-api provides a RESTful interface to a running Salt system. It allows
  1016. for viewing minions, runners, and jobs as well as running execution modules
  1017. and runners of a running Salt system through a REST API that returns JSON.
  1018. See Salt-API_ documentation.
  1019. .. _Salt-API: https://docs.saltstack.com/en/latest/topics/netapi/index.html
  1020. Logging Changes
  1021. ===============
  1022. Include Job ID (JID) in Minion and Master Logs
  1023. ----------------------------------------------
  1024. The Job ID (JID) can now be optionally included in both the minion and master logs
  1025. by including ``jid`` in either the ``log_fmt_console`` or ``log_fmt_logfile``
  1026. configuration option:
  1027. .. code-block:: yaml
  1028. log_fmt_console: "[%(levelname)-8s] %(jid)s %(message)s"
  1029. The will cause the JID to be included in any log entries that are related to a
  1030. particular Salt job. The JID will be included using the default format,
  1031. ``[JID: %(jid)s]`` but can be overriden with the ``log_fmt_jid`` configuration item.
  1032. .. code-block:: yaml
  1033. log_fmt_jid: "[JID: %(jid)s]"
  1034. Security
  1035. ========
  1036. Windows runas changes
  1037. ---------------------
  1038. A password is no longer required with ``runas`` under normal circumstances.
  1039. The password option is only needed if the minion process is run under a
  1040. restricted (non-administrator) account. In the aforementioned case, a password
  1041. is only required when using the ``runas`` argument to run command as a
  1042. different user.
  1043. New Modules
  1044. ===========
  1045. Execution Modules
  1046. -----------------
  1047. - :mod:`salt.modules.ciscoconfparse_mod <salt.modules.ciscoconfparse_mod>`
  1048. - :mod:`salt.modules.jira <salt.modules.jira_mod>`
  1049. - :mod:`salt.modules.google_chat <salt.modules.google_chat>`
  1050. - :mod:`salt.modules.iosconfig <salt.modules.iosconfig>`
  1051. - :mod:`salt.modules.netmiko <salt.modules.netmiko_mod>`
  1052. - :mod:`salt.modules.nxos_api <salt.modules.nxos_api>`
  1053. - :mod:`salt.modules.peeringdb <salt.modules.peeringdb>`
  1054. - :mod:`salt.modules.purefb <salt.modules.purefb>`
  1055. - :mod:`salt.modules.pyeapi <salt.modules.arista_pyeapi>`
  1056. Pillar Modules
  1057. --------------
  1058. - :mod:`netbox <salt.pillar.netbox>`
  1059. Proxy Modules
  1060. -------------
  1061. - :mod:`salt.proxy.netmiko <salt.proxy.netmiko_px>`
  1062. - :mod:`salt.proxy.nxos_api <salt.proxy.nxos_api>`
  1063. - :mod:`salt.proxy.pyeapi <salt.proxy.arista_pyeapi>`