1
0

2014.7.0.rst 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579
  1. .. _release-2014-7-0:
  2. =============================================
  3. Salt 2014.7.0 Release Notes - Codename Helium
  4. =============================================
  5. This release is the largest Salt release ever, with more features and commits
  6. then any previous release of Salt. Everything from the new RAET transport to
  7. major updates in Salt Cloud and the merging of Salt API into the main project.
  8. .. important::
  9. The Fedora/RHEL/CentOS **salt-master** package has been modified for this
  10. release. The following components of Salt have been broken out and placed
  11. into their own packages:
  12. * salt-syndic
  13. * salt-cloud
  14. * salt-ssh
  15. When the **salt-master** package is upgraded, these components will be
  16. removed, and they will need to be manually installed.
  17. .. important::
  18. Compound/pillar matching have been temporarily disabled for the ``mine``
  19. and ``publish`` modules for this release due to the possibility of
  20. inferring pillar data using pillar glob matching. A proper fix is now in
  21. the 2014.7 branch and scheduled for the 2014.7.1 release, and compound
  22. matching and non-globbing pillar matching will be re-enabled at that point.
  23. Compound and pillar matching for normal salt commands are unaffected.
  24. New Transport!
  25. ==============
  26. RAET Transport Option
  27. ---------------------
  28. This has been a HUGE amount of work, but the beta release of Salt with RAET is
  29. ready to go. RAET is a reliable queuing transport system that has been
  30. developed in partnership with a number of large enterprises to give Salt an
  31. alternative to ZeroMQ and a way to get Salt to scale well beyond tens of
  32. thousands of servers. Unlike ZeroMQ, RAET is completely asynchronous in every
  33. aspect of its operation and has been developed using the flow programming
  34. paradigm. This allows for many new capabilities to be added to Salt in the
  35. upcoming releases.
  36. Please keep in mind that this is a beta release of RAET and we hope for bugs to
  37. be worked out, performance to be better realized and more in the 2015.5.0
  38. release.
  39. Simply stated, users running Salt with RAET should expect some hiccups as we
  40. hammer out the update. This is a BETA release of Salt RAET.
  41. For information about how to use Salt with RAET please see the
  42. :ref:`tutorial <raet>`.
  43. Salt SSH Enhancements
  44. =====================
  45. Salt SSH has just entered a new league, with substantial updates and
  46. improvements to make salt-ssh more reliable and easier then ever! From new
  47. features like the ansible roster and fileserver backends to the new pypi
  48. salt-ssh installer to lowered deps and a swath of bugfixes, salt-ssh is
  49. basically reborn!
  50. Install salt-ssh Using pip
  51. --------------------------
  52. Salt-ssh is now pip-installable!
  53. https://pypi.python.org/pypi/salt-ssh/
  54. Pip will bring in all of the required deps, and while some deps are compiled,
  55. they all include pure python implementations, meaning that any compile errors
  56. which may be seen can be safely ignored.
  57. .. code-block:: bash
  58. pip install salt-ssh
  59. Fileserver Backends
  60. -------------------
  61. Salt-ssh can now use the salt fileserver backend system. This allows for
  62. the gitfs, hgfs, s3, and many more ways to centrally store states to be easily
  63. used with salt-ssh. This also allows for a distributed team to easily use
  64. a centralized source.
  65. Saltfile Support
  66. ----------------
  67. The new saltfile system makes it easy to have a user specific custom extended
  68. configuration.
  69. Ext Pillar
  70. ----------
  71. Salt-ssh can now use the external pillar system. Making it easier then ever
  72. to use salt-ssh with teams.
  73. No More sshpass
  74. ---------------
  75. Thanks to the enhancements in the salt vt system, salt-ssh no longer requires
  76. sshpass to send passwords to ssh. This also makes the manipulation of ssh
  77. calls substantially more flexible, allowing for intercepting ssh calls in
  78. a much more fluid way.
  79. Pure Python Shim
  80. ----------------
  81. The salt-ssh call originally used a shell script to discover what version of
  82. python to execute with and determine the state of the ssh code deployment.
  83. This shell script has been replaced with a pure python version making it easy
  84. to increase the capability of the code deployment without causing platform
  85. inconsistency issues with different shell interpreters.
  86. Custom Module Delivery
  87. ----------------------
  88. Custom modules are now seamlessly delivered. This makes the deployment of
  89. custom grains, states, execution modules and returners a seamless process.
  90. CP Module Support
  91. -----------------
  92. Salt-ssh now makes simple file transfers easier then ever! The `cp`
  93. module allows for files to be conveniently sent from the salt fileserver
  94. system down to systems.
  95. More Thin Directory Options
  96. ---------------------------
  97. Salt ssh functions by copying a subset of the salt code, or `salt thin` down
  98. to the target system. In the past this was always transferred to /tmp/.salt
  99. and cached there for subsequent commands.
  100. Now, salt thin can be sent to a random directory and removed when the call
  101. is complete with the `-W` option. The new `-W` option still uses a static
  102. location but will clean up that location when finished.
  103. The default `salt thin` location is now user defined, allowing multiple users
  104. to cleanly access the same systems.
  105. State System Enhancements
  106. =========================
  107. New Imperative State Keyword "Listen"
  108. -------------------------------------
  109. The new ``listen`` and ``listen_in`` keywords allow for completely imperative
  110. states by calling the ``mod_watch()`` routine after all states have run instead
  111. of re-ordering the states.
  112. Mod Aggregate Runtime Manipulator
  113. ---------------------------------
  114. The new ``mod_aggregate`` system allows for the state system to rewrite the
  115. state data during execution. This allows for state definitions to be aggregated
  116. dynamically at runtime.
  117. The best example is found in the :mod:`pkg <salt.states.pkg>` state. If
  118. ``mod_aggregate`` is turned on, then when the first pkg state is reached, the
  119. state system will scan all of the other running states for pkg states and take
  120. all other packages set for install and install them all at once in the first
  121. pkg state.
  122. These runtime modifications make it easy to run groups of states together. In
  123. future versions, we hope to fill out the ``mod_aggregate`` system to build in
  124. more and more optimizations.
  125. For more documentation on ``mod_aggregate``, see :ref:`the documentation
  126. <mod-aggregate-state>`.
  127. New Requisites: onchanges and onfail
  128. ------------------------------------
  129. The new ``onchanges`` and ``onchanges_in`` requisites make a state apply only if
  130. there are changes in the required state. This is useful to execute post hooks
  131. after changes occur on a system.
  132. The other new requisites, ``onfail``, and ``onfail_in``, allow for a state to run
  133. in reaction to the failure of another state.
  134. For more information about these new requisites, see the
  135. :ref:`requisites documentation <requisites>`.
  136. Global onlyif and unless
  137. ------------------------
  138. The ``onlyif`` and ``unless`` options can now be used for any state declaration.
  139. Use ``names`` to expand and override values
  140. -------------------------------------------
  141. The :ref:`names declaration <names-declaration>` in Salt's state system can now
  142. override or add values to the expanded data structure. For example:
  143. .. code-block:: yaml
  144. my_users:
  145. user.present:
  146. - names:
  147. - larry
  148. - curly
  149. - moe:
  150. - shell: /bin/zsh
  151. - groups:
  152. - wheel
  153. - shell: /bin/bash
  154. Major Features
  155. ==============
  156. Scheduler Additions
  157. -------------------
  158. The Salt scheduler system has received MAJOR enhancements, allowing for
  159. cron-like scheduling and much more granular timing routines. See :mod:`here
  160. <salt.modules.schedule>` for more info.
  161. Red Hat 7 Family Support
  162. ------------------------
  163. All the needed additions have been made to run Salt on RHEL 7 and derived OSes
  164. like CentOS and Scientific.
  165. Fileserver Backends in salt-call
  166. --------------------------------
  167. Fileserver backends like gitfs can now be used without a salt master! Just add
  168. the fileserver backend configuration to the minion config and execute
  169. salt-call. This has been a much-requested feature and we are happy to finally
  170. bring it to our users.
  171. Amazon Execution Modules
  172. ------------------------
  173. An entire family of execution modules further enhancing Salt's Amazon Cloud
  174. support. They include the following:
  175. - :mod:`Autoscale Groups <salt.modules.boto_asg>` (includes :mod:`state support <salt.states.boto_asg>`) -- related: :mod:`Launch Control <salt.states.boto_lc>` states
  176. - :mod:`Cloud Watch <salt.modules.boto_cloudwatch>` (includes :mod:`state support <salt.states.boto_cloudwatch_alarm>`)
  177. - :mod:`Elastic Cache <salt.modules.boto_elasticache>` (includes :mod:`state support <salt.states.boto_elasticache>`)
  178. - :mod:`Elastic Load Balancer <salt.modules.boto_elb>` (includes :mod:`state support <salt.states.boto_elb>`)
  179. - :mod:`IAM Identity and Access Management <salt.modules.boto_iam>` (includes :mod:`state support <salt.states.boto_iam_role>`)
  180. - :mod:`Route53 DNS <salt.modules.boto_route53>` (includes :mod:`state support <salt.states.boto_route53>`)
  181. - :mod:`Security Groups <salt.modules.boto_secgroup>` (includes :mod:`state support <salt.states.boto_secgroup>`)
  182. - :mod:`Simple Queue Service <salt.modules.boto_sqs>` (includes :mod:`state support <salt.states.boto_sqs>`)
  183. LXC Runner Enhancements
  184. -----------------------
  185. BETA
  186. The Salt LXC management system has received a number of enhancements which make
  187. running an LXC cloud entirely from Salt an easy proposition.
  188. Next Gen Docker Management
  189. --------------------------
  190. The Docker support in Salt has been increased at least ten fold. The Docker API
  191. is now completely exposed and Salt ships with Docker data tracking systems
  192. which make automating Docker deployments very easy.
  193. Peer System Performance Improvements
  194. ------------------------------------
  195. The peer system communication routines have been refined to make the peer
  196. system substantially faster.
  197. SDB
  198. ---
  199. Encryption at rest for configs
  200. GPG Renderer
  201. ------------
  202. Encrypted pillar at rest
  203. OpenStack Expansion
  204. -------------------
  205. Lots of new OpenStack stuff
  206. Queues System
  207. -------------
  208. Ran change external queue systems into Salt events
  209. Multi Master Failover Additions
  210. -------------------------------
  211. Connecting to multiple masters is more dynamic then ever
  212. Chef Execution Module
  213. ---------------------
  214. Managing Chef with Salt just got even easier!
  215. salt-api Project Merge
  216. ----------------------
  217. The ``salt-api`` project has been merged into Salt core and is now available as
  218. part of the regular ``salt-master`` package install. No API changes were made,
  219. the :command:`salt-api` script and init scripts remain intact.
  220. ``salt-api`` has always provided Yet Another Pluggable Interface to Salt (TM)
  221. in the form of "netapi" modules. These are modules that bind to a port and
  222. start a service. Like many of Salt's other module types, netapi modules often
  223. have library and configuration dependencies. See the documentation for each
  224. module for instructions.
  225. .. seealso:: :ref:`The full list of netapi modules. <all-netapi-modules>`
  226. Synchronous and Asynchronous Execution of Runner and Wheel Modules
  227. ******************************************************************
  228. :py:class:`salt.runner.RunnerClient` and :py:class:`salt.wheel.WheelClient`
  229. have both gained complimentary ``cmd_sync`` and ``cmd_async`` methods allowing
  230. for synchronous and asynchronous execution of any Runner or Wheel module
  231. function, all protected using Salt's :ref:`external authentication <acl-eauth>`
  232. system. ``salt-api`` benefits from this addition as well.
  233. ``rest_cherrypy`` Additions
  234. ***************************
  235. The :py:mod:`rest_cherrypy <salt.netapi.rest_cherrypy.app>` netapi module
  236. provides the main REST API for Salt.
  237. Web Hooks
  238. ~~~~~~~~~
  239. This release of course includes the Web Hook additions from the most recent
  240. ``salt-api`` release, which allows external services to signal actions within a
  241. Salt infrastructure. External services such as Amazon SNS, Travis-CI, or
  242. GitHub, as well as internal services that cannot or should not run a Salt
  243. minion daemon can be used as first-class components in Salt's rich
  244. orchestration capabilities.
  245. The raw HTTP request body is now available in the event data. This is sometimes
  246. required information for checking an HMAC signature in order to verify a HTTP
  247. request. As an example, Amazon or GitHub requests are signed this way.
  248. Generating and Accepting Minion Keys
  249. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  250. The :py:func:`/key <salt.netapi.rest_cherrypy.app.Keys.POST>` convenience URL
  251. generates a public and private key for a minion, automatically pre-accepts the
  252. public key on the Salt Master, and returns both keys as a tarball for download.
  253. This allows for easily bootstrapping the key on a new minion with a single HTTP
  254. call, such as with a Kickstart script, all using regular shell tools.
  255. .. code-block:: bash
  256. curl -sS http://salt-api.example.com:8000/keys \
  257. -d mid=jerry \
  258. -d username=kickstart \
  259. -d password=kickstart \
  260. -d eauth=pam \
  261. -o jerry-salt-keys.tar
  262. Fileserver Backend Enhancements
  263. -------------------------------
  264. All of the fileserver backends have been overhauled to be faster, lighter, and
  265. more reliable. The VCS backends (:mod:`gitfs <salt.fileserver.gitfs>`,
  266. :mod:`hgfs <salt.fileserver.hgfs>`, and :mod:`svnfs <salt.fileserver.svnfs>`)
  267. have also received a **lot** of new features.
  268. Additionally, most config parameters for the VCS backends can now be configured
  269. on a per-remote basis, allowing for global config parameters to be overridden
  270. for a specific gitfs/hgfs/svnfs remote.
  271. New :mod:`gitfs <salt.fileserver.gitfs>` Features
  272. *************************************************
  273. Pygit2 and Dulwich
  274. ~~~~~~~~~~~~~~~~~~
  275. In addition to supporting GitPython, support for pygit2_ (0.20.3 and newer) and
  276. dulwich_ have been added. Provided a compatible version of pygit2_ is
  277. installed, it will now be the default provider. The config parameter
  278. :conf_master:`gitfs_provider` has been added to allow one to choose a specific
  279. provider for gitfs.
  280. .. _pygit2: https://github.com/libgit2/pygit2
  281. .. _dulwich: https://www.samba.org/~jelmer/dulwich/
  282. .. _2014.7.0-gitfs-mountpoints:
  283. Mountpoints
  284. ~~~~~~~~~~~
  285. Prior to this release, to serve a file from gitfs at a salt fileserver URL of
  286. ``salt://foo/bar/baz.txt``, it was necessary to ensure that the parent
  287. directories existed in the repository. A new config parameter
  288. :conf_master:`gitfs_mountpoint` allows gitfs remotes to be exposed starting at
  289. a user-defined ``salt://`` URL.
  290. .. _2014.7.0-gitfs-whitelist-blacklist:
  291. Environment Whitelisting/Blacklisting
  292. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  293. By default, gitfs will expose all branches and tags as Salt fileserver
  294. environments. Two new config parameters, :conf_master:`gitfs_env_whitelist`, and
  295. :conf_master:`gitfs_env_blacklist`, allow more control over which branches and
  296. tags are exposed. More detailed information on how these two options work can
  297. be found in the :ref:`Gitfs Walkthrough <gitfs-whitelist-blacklist>`.
  298. Expanded Authentication Support
  299. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  300. As of pygit2_ 0.20.3, both http(s) and SSH key authentication are supported,
  301. and Salt now also supports both authentication methods when using pygit2_. Keep
  302. in mind that pygit2_ 0.20.3 is not yet available on many platforms, so those
  303. who had been using authenticated git repositories with a passphraseless key
  304. should stick to GitPython if a new enough pygit2_ is not yet available for the
  305. platform on which the master is running.
  306. A full explanation of how to use authentication can be found in the :ref:`Gitfs
  307. Walkthrough <gitfs-authentication>`.
  308. New :mod:`hgfs <salt.fileserver.hgfs>` Features
  309. ***********************************************
  310. Mountpoints
  311. ~~~~~~~~~~~
  312. This feature works exactly like its :ref:`gitfs counterpart
  313. <2014.7.0-gitfs-mountpoints>`. The new config parameter is called
  314. :conf_master:`hgfs_mountpoint`.
  315. Environment Whitelisting/Blacklisting
  316. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  317. This feature works exactly like its :ref:`gitfs counterpart
  318. <2014.7.0-gitfs-whitelist-blacklist>`. The new config parameters are called
  319. :conf_master:`hgfs_env_whitelist` and :conf_master:`hgfs_env_blacklist`.
  320. New :mod:`svnfs <salt.fileserver.svnfs>` Features
  321. *************************************************
  322. Mountpoints
  323. ~~~~~~~~~~~
  324. This feature works exactly like its :ref:`gitfs counterpart
  325. <2014.7.0-gitfs-mountpoints>`. The new config parameter is called
  326. :conf_master:`svnfs_mountpoint`.
  327. Environment Whitelisting/Blacklisting
  328. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  329. This feature works exactly like its :ref:`gitfs counterpart
  330. <2014.7.0-gitfs-whitelist-blacklist>`. The new config parameters are called
  331. :conf_master:`svnfs_env_whitelist` and :conf_master:`svnfs_env_blacklist`.
  332. Configurable Trunk/Branches/Tags Paths
  333. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  334. Prior to this release, the paths where trunk, branches, and tags were located
  335. could only be in directories named "trunk", "branches", and "tags" directly
  336. under the root of the repository. Three new config parameters
  337. (:conf_master:`svnfs_trunk`, :conf_master:`svnfs_branches`, and
  338. :conf_master:`svnfs_tags`) allow SVN repositories which are laid out
  339. differently to be used with svnfs.
  340. New :mod:`minionfs <salt.fileserver.minionfs>` Features
  341. *******************************************************
  342. Mountpoint
  343. ~~~~~~~~~~
  344. This feature works exactly like its :ref:`gitfs counterpart
  345. <2014.7.0-gitfs-mountpoints>`. The new config parameter is called
  346. :conf_master:`minionfs_mountpoint`. The one major difference is that, as
  347. minionfs doesn't use multiple remotes (it just serves up files pushed to the
  348. master using :mod:`cp.push <salt.modules.cp.push>`) there is no such thing as a
  349. per-remote configuration for :conf_master:`minionfs_mountpoint`.
  350. Changing the Saltenv from Which Files are Served
  351. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  352. A new config parameter (:conf_master:`minionfs_env`) allows minionfs files to
  353. be served from a Salt fileserver environment other than ``base``.
  354. Minion Whitelisting/Blacklisting
  355. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  356. By default, minionfs will expose the pushed files from all minions. Two new
  357. config parameters, :conf_master:`minionfs_whitelist`, and
  358. :conf_master:`minionfs_blacklist`, allow minionfs to be restricted to serve
  359. files from only the desired minions.
  360. Pyobjects Renderer
  361. ------------------
  362. Salt now ships with with the :mod:`Pyobjects Renderer
  363. <salt.renderers.pyobjects>` that allows for construction of States using pure
  364. Python with an idiomatic object interface.
  365. New Modules
  366. ===========
  367. In addition to the Amazon modules mentioned above, there are also several other
  368. new execution modules:
  369. - :mod:`Oracle <salt.modules.oracle>`
  370. - :mod:`Random <salt.modules.mod_random>`
  371. - :mod:`Redis <salt.modules.redismod>`
  372. - :mod:`Amazon Simple Queue Service <salt.modules.aws_sqs>`
  373. - :mod:`Block Device Management <salt.modules.blockdev>`
  374. - :mod:`CoreOS etcd <salt.modules.etcd_mod>`
  375. - :mod:`Genesis <salt.modules.genesis>`
  376. - :mod:`InfluxDB <salt.modules.influx>`
  377. - :mod:`Server Density <salt.modules.serverdensity_device>`
  378. - :mod:`Twilio Notifications <salt.modules.twilio_notify>`
  379. - :mod:`Varnish <salt.modules.varnish>`
  380. - :mod:`ZNC IRC Bouncer <salt.modules.znc>`
  381. - :mod:`SMTP <salt.modules.smtp>`
  382. New Runners
  383. ===========
  384. - :mod:`Map/Reduce Style <salt.runners.survey>`
  385. - :mod:`Queue <salt.runners.queue>`
  386. New External Pillars
  387. ====================
  388. - :mod:`CoreOS etcd <salt.pillar.etcd_pillar>`
  389. New Salt-Cloud Providers
  390. ========================
  391. - :mod:`Aliyun ECS Cloud <salt.cloud.clouds.aliyun>`
  392. - :mod:`LXC Containers <salt.cloud.clouds.lxc>`
  393. - :mod:`Proxmox (OpenVZ containers & KVM) <salt.cloud.clouds.proxmox>`
  394. Salt Call Change
  395. ================
  396. When used with a returner, salt-call now contacts a master if ``--local``
  397. is not specicified.
  398. Deprecations
  399. ============
  400. :mod:`salt.modules.virtualenv_mod`
  401. ----------------------------------
  402. - Removed deprecated ``memoize`` function from ``salt/utils/__init__.py`` (deprecated)
  403. - Removed deprecated ``no_site_packages`` argument from ``create`` function (deprecated)
  404. - Removed deprecated ``check_dns`` argument from ``minion_config`` and ``apply_minion_config`` functions (deprecated)
  405. - Removed deprecated ``OutputOptionsWithTextMixIn`` class from ``salt/utils/parsers.py`` (deprecated)
  406. - Removed the following deprecated functions from ``salt/modules/ps.py``:
  407. - ``physical_memory_usage`` (deprecated)
  408. - ``virtual_memory_usage`` (deprecated)
  409. - ``cached_physical_memory`` (deprecated)
  410. - ``physical_memory_buffers`` (deprecated)
  411. - Removed deprecated cloud arguments from ``cloud_config`` function in ``salt/config.py``:
  412. - ``vm_config`` (deprecated)
  413. - ``vm_config_path`` (deprecated)
  414. - Removed deprecated ``libcloud_version`` function from ``salt/cloud/libcloudfuncs.py`` (deprecated)
  415. - Removed deprecated ``CloudConfigMixIn`` class from ``salt/utils/parsers.py`` (deprecated)