1
0

0.10.3.rst 6.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182
  1. =========================
  2. Salt 0.10.3 Release Notes
  3. =========================
  4. :release: 2012-09-30
  5. The latest taste of Salt has come, this release has many fixes and feature
  6. additions. Modifications have been made to make ZeroMQ connections more
  7. reliable, the beginning of the ACL system is in place, a new command line
  8. parsing system has been added, dynamic module distribution has become more
  9. environment aware, the new `master_finger` option and many more!
  10. Major Features
  11. ==============
  12. ACL System
  13. ----------
  14. The new ACL system has been introduced. The ACL system allows for system users
  15. other than root to execute salt commands. Users can be allowed to execute
  16. specific commands in the same way that minions are opened up to the peer
  17. system.
  18. The configuration value to open up the ACL system is called ``client_acl``
  19. and is configured like so:
  20. .. code-block:: yaml
  21. client_acl:
  22. fred:
  23. - test..*
  24. - pkg.list_pkgs
  25. Where `fred` is allowed access to functions in the test module and to the
  26. ``pkg.list_pkgs`` function.
  27. Master Finger Option
  28. --------------------
  29. The `master_finger` option has been added to improve the security of minion
  30. provisioning. The `master_finger` option allows for the fingerprint of the
  31. master public key to be set in the configuration file to double verify that the
  32. master is valid. This option was added in response to a motivation to
  33. pre-authenticate the master when provisioning new minions to help prevent
  34. man in the middle attacks in some situations.
  35. Salt Key Fingerprint Generation
  36. -------------------------------
  37. The ability to generate fingerprints of keys used by Salt has been added to
  38. ``salt-key``. The new option `finger` accepts the name of the key to generate
  39. and display a fingerprint for.
  40. .. code-block:: bash
  41. salt-key -F master
  42. Will display the fingerprints for the master public and private keys.
  43. Parsing System
  44. --------------
  45. Pedro Algavio, aka s0undt3ch, has added a substantial update to the command
  46. line parsing system that makes the help message output much cleaner and easier
  47. to search through. Salt parsers now have `--versions-report` besides usual
  48. `--version` info which you can provide when reporting any issues found.
  49. Key Generation
  50. --------------
  51. We have reduced the requirements needed for `salt-key` to generate minion keys.
  52. You're no longer required to have salt configured and it's common directories
  53. created just to generate keys. This might prove useful if you're batch creating
  54. keys to pre-load on minions.
  55. Startup States
  56. --------------
  57. A few configuration options have been added which allow for states to be run
  58. when the minion daemon starts. This can be a great advantage when deploying
  59. with Salt because the minion can apply states right when it first runs. To
  60. use startup states set the ``startup_states`` configuration option on the
  61. minion to `highstate`.
  62. New Exclude Declaration
  63. -----------------------
  64. Some users have asked about adding the ability to ensure that other sls files
  65. or ids are excluded from a state run. The exclude statement will delete all of
  66. the data loaded from the specified sls file or will delete the specified id:
  67. .. code-block:: yaml
  68. exclude:
  69. - sls: http
  70. - id: /etc/vimrc
  71. Max Open Files
  72. --------------
  73. While we're currently unable to properly handle ZeroMQ's abort signals when the
  74. max open files is reached, due to the way that's handled on ZeroMQ's, we have
  75. minimized the chances of this happening without at least warning the user.
  76. More State Output Options
  77. -------------------------
  78. Some major changes have been made to the state output system. In the past state
  79. return data was printed in a very verbose fashion and only states that failed
  80. or made changes were printed by default. Now two options can be passed to the
  81. master and minion configuration files to change the behavior of the state
  82. output. State output can be set to verbose (default) or non-verbose with the
  83. ``state_verbose`` option:
  84. .. code-block:: yaml
  85. state_verbose: False
  86. It is noteworthy that the state_verbose option used to be set to `False` by
  87. default but has been changed to `True` by default in 0.10.3 due to many
  88. requests for the change.
  89. Te next option to be aware of new and called ``state_output``. This option
  90. allows for the state output to be set to `full` (default) or `terse`.
  91. The `full` output is the standard state output, but the new `terse` output
  92. will print only one line per state making the output much easier to follow when
  93. executing a large state system.
  94. .. code-block:: yaml
  95. state_output: terse
  96. `state.file.append` Improvements
  97. --------------------------------
  98. The salt state `file.append()` tries *not* to append existing text. Previously
  99. the matching check was being made line by line. While this kind of check might
  100. be enough for most cases, if the text being appended was multi-line, the check
  101. would not work properly. This issue is now properly handled, the match is done
  102. as a whole ignoring any white space addition or removal except inside commas.
  103. For those thinking that, in order to properly match over multiple lines, salt
  104. will load the whole file into memory, that's not true. For most cases this is
  105. not important but an erroneous order to read a 4GB file, if not properly
  106. handled, like salt does, could make salt chew that amount of memory. Salt has
  107. a buffered file reader which will keep in memory a maximum of 256KB and
  108. iterates over the file in chunks of 32KB to test for the match, more than
  109. enough, if not, explain your usage on a ticket. With this change, also
  110. `salt.modules.file.contains()`, `salt.modules.file.contains_regex()`,
  111. `salt.modules.file.contains_glob()` and `salt.utils.find` now do the searching
  112. and/or matching using the buffered chunks approach explained above.
  113. Two new keyword arguments were also added, `makedirs`, and `source`.
  114. The first, `makedirs` will create the necessary directories in order to append
  115. to the specified file, of course, it only applies if we're trying to append to
  116. a non-existing file on a non-existing directory:
  117. .. code-block:: yaml
  118. /tmp/salttest/file-append-makedirs:
  119. file.append:
  120. text: foo
  121. makedirs: True
  122. The second, `source`, allows one to append the contents of a file instead of
  123. specifying the text.
  124. .. code-block:: yaml
  125. /tmp/salttest/file-append-source:
  126. file.append:
  127. - source: salt://testfile
  128. Security Fix
  129. ============
  130. A timing vulnerability was uncovered in the code which decrypts the AES
  131. messages sent over the network. This has been fixed and upgrading is
  132. strongly recommended.