1
0

2019.2.0.rst 53 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391
  1. .. _release-2019-2-0:
  2. ===============================================
  3. Salt 2019.2.0 Release Notes - Codename Fluorine
  4. ===============================================
  5. Python 2.7 Deprecation
  6. ======================
  7. In light of Python 2.7 reaching its End of Life (EOL) on Jan 1st 2020,
  8. Python 2 will be deprecated from SaltStack no earlier than the 3001
  9. release, that is either the 3001 release or a later release.
  10. This decision is pending further community discussion.
  11. Known Issues
  12. ============
  13. The following are known issues for the 2019.2.0 release and will be fixed for 2019.2.1:
  14. * `#51699`_
  15. .. _`#51699`: https://github.com/saltstack/salt/issues/51699
  16. Non-Backward-Compatible Change to YAML Renderer
  17. ===============================================
  18. In earlier releases, this was considered valid usage in Python 2, assuming that
  19. ``data`` was a list or dictionary containing keys/values which are ``unicode``
  20. types:
  21. .. code-block:: jinja
  22. /etc/foo.conf:
  23. file.managed:
  24. - source: salt://foo.conf.jinja
  25. - template: jinja
  26. - context:
  27. data: {{ data }}
  28. One common use case for this is when using one of Salt's :jinja_ref:`custom
  29. Jinja filters <custom-jinja-filters>` which return lists or dictionaries, such
  30. as the :jinja_ref:`ipv4` filter.
  31. In Python 2, Jinja will render the ``unicode`` string types within the
  32. list/dictionary with the "u" prefix (e.g. ``{u'foo': u'bar'}``). While not
  33. valid YAML, earlier releases would successfully load these values.
  34. As of this release, the above SLS would result in an error message. To allow
  35. for a data structure to be dumped directly into your SLS file, use the `tojson
  36. Jinja filter`_:
  37. .. code-block:: jinja
  38. /etc/foo.conf:
  39. file.managed:
  40. - source: salt://foo.conf.jinja
  41. - template: jinja
  42. - context:
  43. data: {{ data|tojson }}
  44. Another example where the new filter needs to be used is the following state example:
  45. .. code-block:: jinja
  46. grafana_packages:
  47. pkg.installed:
  48. - names: {{ server.pkgs }}
  49. This will fail when pkgs is a list or dictionary. You will need to update the state:
  50. .. code-block:: jinja
  51. grafana_packages:
  52. pkg.installed:
  53. - names: {{ server.pkgs|tojson }}
  54. This test case has also been tested with the ``yaml`` and ``json`` filters successfully.
  55. .. note::
  56. This filter was added in Jinja 2.9. However, fear not! The 2018.3.3 release
  57. added a ``tojson`` filter which will be used if this filter is not already
  58. present, making it available on platforms like RHEL 7 and Ubuntu 14.04
  59. which provide older versions of Jinja.
  60. .. important::
  61. The :jinja_ref:`json_encode_dict` and :jinja_ref:`json_encode_list` filters
  62. do not actually dump the results to JSON. Since ``tojson`` accomplishes
  63. what those filters were designed to do, they are now deprecated and will be
  64. removed in the 3000 release. The ``tojson`` filter should be used in all
  65. cases where :jinja_ref:`json_encode_dict` and :jinja_ref:`json_encode_list`
  66. would have been used.
  67. .. _`tojson Jinja filter`: https://jinja.palletsprojects.com/en/2.11.x/templates/#tojson
  68. Ansible Playbook State and Execution Modules
  69. ============================================
  70. Along with the including the :py:mod:`ansible modules
  71. <salt.module.ansiblegate>` in the Oxygen release, running playbooks has been
  72. added in 2019.2.0 with the :py:func:`playbooks function
  73. <salt.modules.ansiblegate.playbooks>`. This also includes an :py:func:`ansible
  74. playbooks state module <salt.states.ansiblegate.playbooks>` which can be used
  75. on a targeted host to run ansible playbooks, or used in an
  76. orchestration state runner.
  77. .. code-block:: yaml
  78. install nginx:
  79. ansible.playbooks:
  80. - name: install.yml
  81. - git_repo: git://github.com/gtmanfred/playbook.git
  82. - git_kwargs:
  83. rev: master
  84. The playbooks modules also includes the ability to specify a git repo to clone
  85. and use, or a specific directory can to used when running the playbook.
  86. Network Automation
  87. ==================
  88. Beginning with this release, Salt provides much broader support for a variety
  89. of network operating systems, and features for configuration manipulation or
  90. operational command execution.
  91. NetBox
  92. ------
  93. Added in the previous release, 2018.3.0, the capabilities of the
  94. :mod:`netbox <salt.modules.netbox>` Execution Module have been extended, with a
  95. much longer list of available features:
  96. - :mod:`netbox.create_circuit <salt.modules.netbox.create_circuit>`
  97. - :mod:`netbox.create_circuit_provider <salt.modules.netbox.create_circuit_provider>`
  98. - :mod:`netbox.create_circuit_termination <salt.modules.netbox.create_circuit_termination>`
  99. - :mod:`netbox.create_circuit_type <salt.modules.netbox.create_circuit_type>`
  100. - :mod:`netbox.create_device <salt.modules.netbox.create_device>`
  101. - :mod:`netbox.create_device_role <salt.modules.netbox.create_device_role>`
  102. - :mod:`netbox.create_device_type <salt.modules.netbox.create_device_type>`
  103. - :mod:`netbox.create_interface <salt.modules.netbox.create_interface>`
  104. - :mod:`netbox.create_interface_connection <salt.modules.netbox.create_interface_connection>`
  105. - :mod:`netbox.create_inventory_item <salt.modules.netbox.create_inventory_item>`
  106. - :mod:`netbox.create_ipaddress <salt.modules.netbox.create_ipaddress>`
  107. - :mod:`netbox.create_manufacturer <salt.modules.netbox.create_manufacturer>`
  108. - :mod:`netbox.create_platform <salt.modules.netbox.create_platform>`
  109. - :mod:`netbox.create_site <salt.modules.netbox.create_site>`
  110. - :mod:`netbox.delete_interface <salt.modules.netbox.delete_interface>`
  111. - :mod:`netbox.delete_inventory_item <salt.modules.netbox.delete_inventory_item>`
  112. - :mod:`netbox.delete_ipaddress <salt.modules.netbox.delete_ipaddress>`
  113. - :mod:`netbox.get_circuit_provider <salt.modules.netbox.get_circuit_provider>`
  114. - :mod:`netbox.get_interfaces <salt.modules.netbox.get_interfaces>`
  115. - :mod:`netbox.get_ipaddresses <salt.modules.netbox.get_ipaddresses>`
  116. - :mod:`netbox.make_interface_child <salt.modules.netbox.make_interface_child>`
  117. - :mod:`netbox.make_interface_lag <salt.modules.netbox.make_interface_lag>`
  118. - :mod:`netbox.openconfig_interfaces <salt.modules.netbox.openconfig_interfaces>`
  119. - :mod:`netbox.openconfig_lacp <salt.modules.netbox.openconfig_lacp>`
  120. - :mod:`netbox.update_device <salt.modules.netbox.update_device>`
  121. - :mod:`netbox.update_interface <salt.modules.netbox.update_interface>`
  122. Besides this Execution Module, Salt users can load data directly from NetBox
  123. into the device Pillar, via the :mod:`netbox <salt.pillar.netbox>` External
  124. Pillar module.
  125. Netmiko
  126. -------
  127. `Netmiko <https://github.com/ktbyers/netmiko>`_, the multi-vendor library to
  128. simplify Paramiko SSH connections to network devices, is now officially
  129. integrated into Salt. The network community can use it via the
  130. :mod:`netmiko <salt.proxy.netmiko_px>` Proxy Module or directly from any Salt
  131. Minions, passing the connection credentials - see the documentation for the
  132. :mod:`netmiko <salt.modules.netmiko_mod>` Execution Module.
  133. Arista
  134. ------
  135. Arista switches can now be managed running under the :mod:`pyeapi
  136. <salt.proxy.arista_pyeapi>` Proxy Module, and execute RPC requests via the
  137. :mod:`pyeapi <salt.modules.arista_pyeapi>` Execution Module.
  138. Cisco Nexus
  139. -----------
  140. While support for SSH-based operations has been added in the release codename
  141. Carbon (2016.11), the new :mod:`nxos_api <salt.proxy.nxos_api>` Proxy Module
  142. and :mod:`nxos_api <salt.modules.nxos_api>` allow management of Cisco Nexus
  143. switches via the NX-API.
  144. It is important to note that these modules don't have third party dependencies,
  145. therefore they can be used straight away from any Salt Minion. This also means
  146. that the user may be able to install the regular Salt Minion on the Nexus
  147. switch directly and manage the network devices like a regular server.
  148. General-purpose Modules
  149. -----------------------
  150. The new :mod:`ciscoconfparse <salt.modules.ciscoconfparse_mod>` Execution Module
  151. can be used for basic configuration parsing, audit or validation for a variety
  152. of network platforms having Cisco IOS style configuration (one space
  153. indentation), as well as brace-delimited configuration style.
  154. The :mod:`iosconfig <salt.modules.iosconfig>` can be used for various
  155. configuration manipulation for Cisco IOS style configuration, such as:
  156. :mod:`configuration cleanup <salt.modules.iosconfig.clean>`,
  157. :mod:`tree representation of the config <salt.modules.iosconfig.tree>`, etc.
  158. NAPALM
  159. ------
  160. Commit At and Commit Confirmed
  161. """"""""""""""""""""""""""""""
  162. Beginning with this release, NAPALM users are able to execute scheduled commits
  163. (broadly known as "commit at") and "commit confirmed" (revert the configuration
  164. change unless the user confirms by running another command). These features are
  165. available via the ``commit_in``, ``commit_at``, ``revert_in``, or ``revert_at``
  166. arguments for the
  167. :mod:`net.load_config <salt.modules.napalm_network.load_config>` and
  168. :mod:`net.load_template <salt.modules.napalm_network.load_template>` execution
  169. functions, or :mod:`netconfig.managed <salt.states.netconfig.managed>`.
  170. The counterpart execution functions
  171. :mod:`net.confirm_commit <salt.modules.napalm_network.confirm_commit>`, or
  172. :mod:`net.cancel_commit <salt.modules.napalm_network.cancel_commit>`, as well
  173. as the State functions
  174. :mod:`netconfig.commit_cancelled <salt.states.netconfig.commit_cancelled>`, or
  175. :mod:`netconfig.commit_confirmed <salt.states.netconfig.commit_confirmed>` can
  176. be used to confirm or cancel a commit.
  177. Please note that the commit confirmed and commit cancelled functionalities are
  178. available for any platform whether the network devices supports the features
  179. natively or not. However, be cautious and make sure you read and understand the
  180. caveats before using them in production.
  181. Multiple Templates Rendered Simultaneously
  182. """"""""""""""""""""""""""""""""""""""""""
  183. The ``template_name`` argument of the
  184. :mod:`net.load_template <salt.modules.napalm_network.load_template>` Execution
  185. and :mod:`netconfig.managed <salt.states.netconfig.managed>` State function now
  186. supports a list of templates. This is particularly useful when a very large
  187. Jinja template is split into multiple smaller and easier to read templates that
  188. can eventually be reused in other States. For example, the following syntax is
  189. not correct to manage the configuration of NTP and BGP simultaneously, using
  190. two different templates and changing the device configuration through one
  191. single commit:
  192. .. code-block:: yaml
  193. manage_bgp_and_ntp:
  194. netconfig.managed:
  195. - template_name:
  196. - salt://templates/bgp.jinja
  197. - salt://templates/ntp.jinja
  198. - context:
  199. bpg: {{ pillar.bgp }}
  200. ntp: {{ pillar.ntp }}
  201. Connection Re-establishment on Demand
  202. """""""""""""""""""""""""""""""""""""
  203. Beginning with this release, any NAPALM command executed when
  204. running under a NAPALM Proxy Minion supports the ``force_reconnect``
  205. magic argument.
  206. Proxy Minions generally establish a connection with the remote network
  207. device at the time of the Minion startup and that connection is going to be
  208. used forever.
  209. If one would need to execute a command on the device but is connecting using
  210. different parameters (due to various causes, e.g., unable to authenticate
  211. the user specified in the Pillar as the authentication system - say
  212. TACACS+ is not available, or the DNS resolver is currently down and would
  213. like to temporarily use the IP address instead, etc.), it implies updating
  214. the Pillar data and restarting the Proxy Minion process restart.
  215. In particular cases like that, you can pass the ``force_reconnect=True``
  216. keyword argument, together with the alternative connection details, to
  217. enforce the command to be executed over a separate connection.
  218. For example, if the usual command is ``salt '*' net.arp``, you can use the
  219. following to connect using a different username instead:
  220. .. code-block:: bash
  221. salt '*' net.arp username=my-alt-usr force_reconnect=True
  222. The same goes with any of the other configuration arguments required for the
  223. NAPALM connection - see :mod:`NAPALM proxy documentation <salt.proxy.napalm>`.
  224. Configuration Replace Features
  225. """"""""""""""""""""""""""""""
  226. To replace various configuration chunks, you can use the new
  227. :mod:`net.replace_pattern <salt.modules.napalm_network.replace_pattern>`
  228. execution function, or the
  229. :mod:`netconfig.replace_pattern <salt.states.netconfig.replace_pattern>` State
  230. function. For example, if you want to update your configuration and rename
  231. a BGP policy referenced in many places, you can do so by running:
  232. .. code-block:: bash
  233. salt '*' net.replace_pattern OLD-POLICY-CONFIG new-policy-config
  234. Similarly, you can also replace entire configuration blocks using the
  235. :mod:`net.blockreplace <salt.modules.napalm_network.blockreplace>` function.
  236. Configuration Save Features
  237. """""""""""""""""""""""""""
  238. The :mod:`net.save_config <salt.modules.napalm_network.save_config>` function
  239. can be used to save the configuration of the managed device into a file. For
  240. the State subsystem, the :mod:`netconfig.saved <salt.states.netconfig.saved>`
  241. function has been added which provides a complete list of facilities when
  242. managing the target file where the configuration of the network device can be
  243. saved.
  244. For example, backup the running configuration of each device under its own
  245. directory tree:
  246. .. code-block:: yaml
  247. /var/backups/{{ opts.id }}/running.cfg:
  248. netconfig.saved:
  249. - source: running
  250. - makedirs: true
  251. All the new network automation modules mentioned above are directly exposed to
  252. the NAPALM users, without requiring any architectural changes, just eventually
  253. install some requirements:
  254. Junos
  255. ^^^^^
  256. The features from the existing :mod:`junos <salt.modules.junos>` Execution
  257. Module are available via the following functions:
  258. - :mod:`napalm.junos_cli <salt.modules.napalm_mod.junos_cli>`: Execute a CLI
  259. command and return the output as text or Python dictionary.
  260. - :mod:`napalm.junos_rpc <salt.modules.napalm_mod.junos_rpc>`: Execute an RPC
  261. request on the remote Junos device, and return the result as a Python
  262. dictionary, easy to digest and manipulate.
  263. - :mod:`napalm.junos_install_os <salt.modules.napalm_mod.junos_install_os>`:
  264. Install the given image on the device.
  265. - :mod:`napalm.junos_facts <salt.modules.napalm_mod.junos_facts>`: The complete
  266. list of Junos facts collected by the ``junos-eznc`` underlying library.
  267. .. note::
  268. To be able to use these features, you muse ensure that you meet the
  269. requirements for the :mod:`junos <salt.modules.junos>` module. As
  270. ``junos-eznc`` is already a dependency of NAPALM, you will only have to
  271. install ``jxmlease``.
  272. Usage examples:
  273. .. code-block:: bash
  274. salt '*' napalm.junos_cli 'show arp' format=xml
  275. salt '*' napalm.junos_rpc get-interface-information
  276. Netmiko
  277. ^^^^^^^
  278. The features from the newly added :mod:`netmiko <salt.modules.netmiko_mod>`
  279. Execution Module are available as:
  280. - :mod:`napalm.netmiko_commands <salt.modules.napalm_mod.netmiko_commands>`:
  281. Execute one or more commands to be execute on the remote device, via Netmiko,
  282. and return the output as a text.
  283. - :mod:`napalm.netmiko_config <salt.modules.napalm_mod.netmiko_config>`: Load
  284. a list of configuration command on the remote device, via Netmiko. The
  285. commands can equally be loaded from a local or remote path, and passed
  286. through Salt's template rendering pipeline (by default using ``Jinja`` as the
  287. template rendering engine).
  288. Usage examples:
  289. .. code-block:: bash
  290. salt '*' napalm.netmiko_commands 'show version' 'show interfaces'
  291. salt '*' napalm.netmiko_config config_file=https://bit.ly/2sgljCB
  292. Arista pyeapi
  293. ^^^^^^^^^^^^^
  294. For various operations and various extension modules, the following features
  295. have been added to gate functionality from the
  296. :mod:`pyeapi <salt.modules.arista_pyeapi>` module:
  297. - :mod:`napalm.pyeapi_run_commands
  298. <salt.modules.napalm_mod.pyeapi_run_commands>`: Execute a list of commands on
  299. the Arista switch, via the ``pyeapi`` library.
  300. - :mod:`napalm.pyeapi_config <salt.modules.napalm_mod.pyeapi_config>`:
  301. Configure the Arista switch with the specified commands, via the ``pyeapi``
  302. Python library. Similarly to
  303. :mod:`napalm.netmiko_config <salt.modules.napalm_mod.netmiko_config>`, you
  304. can use both local and remote files, with or without templating.
  305. Usage examples:
  306. .. code-block:: bash
  307. salt '*' napalm.pyeapi_run_commands 'show version' 'show interfaces'
  308. salt '*' napalm.pyeapi_config config_file=salt://path/to/template.jinja
  309. Cisco NX-API
  310. ^^^^^^^^^^^^
  311. In the exact same way as above, the user has absolute control by using the
  312. following primitives to manage Cisco Nexus switches via the NX-API:
  313. - :mod:`napalm.nxos_api_show <salt.modules.napalm_mod.nxos_api_show>`: Execute
  314. one or more show (non-configuration) commands, and return the output as plain
  315. text or Python dictionary.
  316. - :mod:`napalm.nxos_api_rpc <salt.modules.napalm_mod.nxos_api_rpc>`: Execute
  317. arbitrary RPC requests via the Nexus API.
  318. - :mod:`napalm.nxos_api_config <salt.modules.napalm_mod.nxos_api_config>`:
  319. Configures the Nexus switch with the specified commands, via the NX-API. The
  320. commands can be loaded from the command line, or a local or remote file,
  321. eventually rendered using the templating engine of choice (default:
  322. ``jinja``).
  323. Usage examples:
  324. .. code-block:: bash
  325. salt '*' napalm.nxos_api_show 'show bgp sessions' 'show processes' raw_text=False
  326. Ciscoconfparse
  327. ^^^^^^^^^^^^^^
  328. The following list of function may be handy when manipulating Cisco IOS or
  329. Junos style configurations:
  330. - :mod:`napalm.config_filter_lines
  331. <salt.modules.napalm_mod.config_filter_lines>`: Return a list of detailed
  332. matches, for the configuration blocks (parent-child relationship) whose
  333. parent and children respect the regular expressions provided.
  334. - :mod:`napalm.config_find_lines <salt.modules.napalm_mod.config_find_lines>`:
  335. Return the configuration lines that match the regular expression provided.
  336. - :mod:`napalm.config_lines_w_child <salt.modules.napalm_mod.config_lines_w_child>`:
  337. Return the configuration lines that match a regular expression, having child
  338. lines matching the child regular expression.
  339. - :mod:`napalm.config_lines_wo_child <salt.modules.napalm_mod.config_lines_wo_child>`:
  340. Return the configuration lines that match a regular expression, that don't
  341. have child lines matching the child regular expression.
  342. .. note::
  343. These functions require the ``ciscoconfparse`` Python library to be
  344. installed.
  345. Usage example (find interfaces that are administratively shut down):
  346. .. code-block:: bash
  347. salt '*' napalm.config_lines_w_child 'interface' 'shutdown'
  348. IOSConfig
  349. ^^^^^^^^^
  350. For Cisco IOS style configuration, the following features have been added to
  351. the :mod:`napalm <salt.modules.napalm_mod>` Execution Module:
  352. - :mod:`napalm.config_tree <salt.modules.napalm_mod.config_tree>`: Transform
  353. Cisco IOS style configuration to structured Python dictionary, using the
  354. configuration of the interrogated network device.
  355. - :mod:`napalm.config_merge_tree <salt.modules.napalm_mod.config_merge_tree>`:
  356. Return the merge tree of the configuration of the managed network device with
  357. a different configuration to be merged with (without actually loading any
  358. changes on the device).
  359. - :mod:`napalm.config_merge_text <salt.modules.napalm_mod.config_merge_text>`:
  360. Return the merge result (as text) of the configuration of the managed network
  361. device with a different configuration to be merged with.
  362. - :mod:`napalm.config_merge_diff <salt.modules.napalm_mod.config_merge_diff>`:
  363. Return the merge diff after merging the configuration of the managed network
  364. device with a different configuration (without actually loading any changes
  365. on the device).
  366. SCP
  367. ^^^
  368. Reusing the already available connection credentials provided for NAPALM, the
  369. following features are now available:
  370. - :mod:`napalm.scp_put <salt.modules.napalm_mod.scp_put>`: Transfer files and
  371. directories to remote network device.
  372. - :mod:`napalm.scp_get <salt.modules.napalm_mod.scp_get>`: Transfer files and
  373. directories from remote network device to the localhost of the Minion.
  374. PeeringDB
  375. ---------
  376. The :mod:`peeringdb <salt.modules.peeringdb>` Execution Module is useful to
  377. gather information about other networks you can potentially peer with, and
  378. automatically establish BGP sessions, e.g., given just a specific AS number,
  379. the rest of the data (i.e., IP addresses, locations where the remote network is
  380. available, etc.) is retrieved from PeeringDB, and the session configuration is
  381. automated with minimal to no effort (typing the IP addresses manually can be
  382. both tedious and error prone).
  383. New Docker Proxy Minion
  384. =======================
  385. Docker containers can now be treated as actual minions without installing salt
  386. in the container, using the new :py:mod:`docker proxy minion <salt.proxy.docker>`.
  387. This proxy minion uses the :py:mod:`docker executor <salt.executors.docker>` to
  388. pass commands to the docker container using :py:func:`docker.call
  389. <salt.modules.dockermod.call>`. Any state module calls are passed through the
  390. corresponding function from the :py:mod:`docker <salt.modules.dockermod>`
  391. module.
  392. .. code-block:: yaml
  393. proxy:
  394. proxytype: docker
  395. name: keen_proskuriakova
  396. Terraform Salt-SSH Roster
  397. =========================
  398. You can now dynamically generate a Salt-SSH roster from the terraform resources
  399. defined with `terraform-provider-salt <https://github.com/dmacvicar/terraform-provider-salt>`_.
  400. This allows you to combine both terraform and Salt-SSH to provision and
  401. configure your hosts. See the :py:mod:`terraform roster<salt.roster.terraform>` for
  402. an example on how to setup and use.
  403. Grains Dictionary Passed into Custom Grains
  404. ===========================================
  405. Starting in this release, if a custom grains function accepts a variable named
  406. ``grains``, the Grains dictionary of the already compiled grains will be passed
  407. in. Because of the non-deterministic order that grains are rendered in, the
  408. only grains that can be relied upon to be passed in are ``core.py`` grains,
  409. since those are compiled first.
  410. More Precise ``virtual`` Grain
  411. ==============================
  412. This release improves the accuracy of the ``virtual`` grain when running Salt in
  413. a nested virtualization environment (e.g. ``systemd-nspawn`` container inside a
  414. VM) and having ``virt-what`` installed.
  415. Until now, the ``virtual`` grain was determined by matching against all output
  416. lines of ``virt-what`` instead of individual items which could lead to not quite
  417. precise results (e.g. reporting ``HyperV`` inside a ``systemd-nspawn`` container
  418. running within a Hyper-V-based VM.
  419. Configurable Module Environment
  420. ===============================
  421. Salt modules (states, execution modules, returners, etc.) now can have custom
  422. environment variables applied when running shell commands. This can be
  423. configured by setting a ``system-environment`` key either in Grains or Pillar.
  424. The syntax is as follows:
  425. .. code-block:: yaml
  426. system-environment:
  427. <type>
  428. <module>:
  429. # Namespace for all functions in the module
  430. _:
  431. <key>: <value>
  432. # Namespace only for particular function in the module
  433. <function>:
  434. <key>: <value>
  435. - ``<type>`` would be the type of module (i.e. ``states``, ``modules``, etc.).
  436. - ``<module>`` would be the module's name.
  437. .. note::
  438. The module name can be either the virtual name (e.g. ``pkg``), or the
  439. physical name (e.g. ``yumpkg``).
  440. - ``<function>`` would be the function name within that module. To apply
  441. environment variables to *all* functions in a given module, use an underscore
  442. (i.e. ``_``) as the function name. For example, to set the same environment
  443. variable for all package management functions, the following could be used:
  444. .. code-block:: yaml
  445. system-environment:
  446. modules:
  447. pkg:
  448. _:
  449. SOMETHING: for_all
  450. To set an environment variable in ``pkg.install`` only:
  451. .. code-block:: yaml
  452. system-environment:
  453. modules:
  454. pkg:
  455. install:
  456. LC_ALL: en_GB.UTF-8
  457. To set the same variable but only for SUSE minions (which use zypper for
  458. package management):
  459. .. code-block:: yaml
  460. system-environment:
  461. modules:
  462. zypper:
  463. install:
  464. LC_ALL: en_GB.UTF-8
  465. .. note::
  466. This is not supported throughout Salt; the module must explicitly support
  467. this feature (though this may change in the future). As of this release,
  468. the only modules which support this are the following ``pkg`` virtual
  469. modules:
  470. - :py:mod:`aptpkg <salt.modules.aptpkg>`
  471. - :py:mod:`yumpkg <salt.modules.yumpkg>`
  472. - :py:mod:`zypper <salt.modules.zypper>`
  473. "Virtual Package" Support Dropped for APT
  474. =========================================
  475. In APT, some packages have an associated list of packages which they provide.
  476. This allows one to do things like run ``apt-get install foo`` when the real
  477. package name is ``foo1.0``, and get the right package installed.
  478. Salt has traditionally designated as "virtual packages" those which are
  479. provided by an installed package, but for which there is no real package by
  480. that name installed. Given the above example, if one were to run a
  481. :py:func:`pkg.installed <salt.states.pkg.installed>` state for a package named
  482. ``foo``, then :py:func:`pkg.list_pkgs <salt.modules.aptpkg.list_pkgs>` would
  483. show a package version of simply ``1`` for package ``foo``, denoting that it is
  484. a virtual package.
  485. However, while this makes certain aspects of package management convenient,
  486. there are issues with this approach that make relying on "virtual packages"
  487. problematic. For instance, Ubuntu has four different mutually-conflicting
  488. packages for ``nginx``:
  489. - nginx-core_
  490. - nginx-full_
  491. - nginx-light_
  492. - nginx-extras_
  493. All four of these provide ``nginx``. Yet there is an nginx_ package as well,
  494. which has no actual content and merely has dependencies on any one of the above
  495. four packages. If one used ``nginx`` in a :py:func:`pkg.installed
  496. <salt.states.pkg.installed>` state, and none of the above four packages were
  497. installed, then the nginx_ metapackage would be installed, which would pull in
  498. `nginx-core_`. Later, if ``nginx`` were used in a :py:func:`pkg.removed
  499. <salt.states.pkg.removed>` state, the nginx_ metapackage would be removed,
  500. leaving nginx-core_ installed. The result would be that, since `nginx-core_`
  501. provides `nginx_`, Salt would now see nginx_ as an installed virtual package,
  502. and the :py:func:`pkg.removed <salt.states.pkg.removed>` state would fail.
  503. Moreover, *nginx would not actually have been removed*, since nginx-core_ would
  504. remain installed.
  505. .. _nginx-core: https://packages.ubuntu.com/xenial/nginx-core
  506. .. _nginx-full: https://packages.ubuntu.com/xenial/nginx-full
  507. .. _nginx-light: https://packages.ubuntu.com/xenial/nginx-light
  508. .. _nginx-extras: https://packages.ubuntu.com/xenial/nginx-extras
  509. .. _nginx: https://packages.ubuntu.com/xenial/nginx
  510. Starting with this release, Salt will no longer support using "virtual package"
  511. names in ``pkg`` states, and package names will need to be specified using the
  512. proper package name. The :py:func:`pkg.list_repo_pkgs
  513. <salt.modules.aptpkg.list_repo_pkgs>` function can be used to find matching
  514. package names in the repositories, given a package name (or glob):
  515. .. code-block:: bash
  516. # salt myminion pkg.list_repo_pkgs 'nginx*'
  517. myminion:
  518. ----------
  519. nginx:
  520. - 1.10.3-0ubuntu0.16.04.2
  521. - 1.9.15-0ubuntu1
  522. nginx-common:
  523. - 1.10.3-0ubuntu0.16.04.2
  524. - 1.9.15-0ubuntu1
  525. nginx-core:
  526. - 1.10.3-0ubuntu0.16.04.2
  527. - 1.9.15-0ubuntu1
  528. nginx-core-dbg:
  529. - 1.10.3-0ubuntu0.16.04.2
  530. - 1.9.15-0ubuntu1
  531. nginx-doc:
  532. - 1.10.3-0ubuntu0.16.04.2
  533. - 1.9.15-0ubuntu1
  534. nginx-extras:
  535. - 1.10.3-0ubuntu0.16.04.2
  536. - 1.9.15-0ubuntu1
  537. nginx-extras-dbg:
  538. - 1.10.3-0ubuntu0.16.04.2
  539. - 1.9.15-0ubuntu1
  540. nginx-full:
  541. - 1.10.3-0ubuntu0.16.04.2
  542. - 1.9.15-0ubuntu1
  543. nginx-full-dbg:
  544. - 1.10.3-0ubuntu0.16.04.2
  545. - 1.9.15-0ubuntu1
  546. nginx-light:
  547. - 1.10.3-0ubuntu0.16.04.2
  548. - 1.9.15-0ubuntu1
  549. nginx-light-dbg:
  550. - 1.10.3-0ubuntu0.16.04.2
  551. - 1.9.15-0ubuntu1
  552. Alternatively, the newly-added :py:func:`pkg.show <salt.modules.aptpkg.show>`
  553. function can be used to get more detailed information about a given package and
  554. help determine what package name is correct:
  555. .. code-block:: bash
  556. # salt myminion pkg.show 'nginx*' filter=description,provides
  557. myminion:
  558. ----------
  559. nginx:
  560. ----------
  561. 1.10.3-0ubuntu0.16.04.2:
  562. ----------
  563. Description:
  564. small, powerful, scalable web/proxy server
  565. 1.9.15-0ubuntu1:
  566. ----------
  567. Description:
  568. small, powerful, scalable web/proxy server
  569. nginx-common:
  570. ----------
  571. 1.10.3-0ubuntu0.16.04.2:
  572. ----------
  573. Description:
  574. small, powerful, scalable web/proxy server - common files
  575. 1.9.15-0ubuntu1:
  576. ----------
  577. Description:
  578. small, powerful, scalable web/proxy server - common files
  579. nginx-core:
  580. ----------
  581. 1.10.3-0ubuntu0.16.04.2:
  582. ----------
  583. Description:
  584. nginx web/proxy server (core version)
  585. Provides:
  586. httpd, httpd-cgi, nginx
  587. 1.9.15-0ubuntu1:
  588. ----------
  589. Description:
  590. nginx web/proxy server (core version)
  591. Provides:
  592. httpd, httpd-cgi, nginx
  593. nginx-core-dbg:
  594. ----------
  595. 1.10.3-0ubuntu0.16.04.2:
  596. ----------
  597. Description:
  598. nginx web/proxy server (core version) - debugging symbols
  599. 1.9.15-0ubuntu1:
  600. ----------
  601. Description:
  602. nginx web/proxy server (core version) - debugging symbols
  603. nginx-doc:
  604. ----------
  605. 1.10.3-0ubuntu0.16.04.2:
  606. ----------
  607. Description:
  608. small, powerful, scalable web/proxy server - documentation
  609. 1.9.15-0ubuntu1:
  610. ----------
  611. Description:
  612. small, powerful, scalable web/proxy server - documentation
  613. nginx-extras:
  614. ----------
  615. 1.10.3-0ubuntu0.16.04.2:
  616. ----------
  617. Description:
  618. nginx web/proxy server (extended version)
  619. Provides:
  620. httpd, httpd-cgi, nginx
  621. 1.9.15-0ubuntu1:
  622. ----------
  623. Description:
  624. nginx web/proxy server (extended version)
  625. Provides:
  626. httpd, httpd-cgi, nginx
  627. nginx-extras-dbg:
  628. ----------
  629. 1.10.3-0ubuntu0.16.04.2:
  630. ----------
  631. Description:
  632. nginx web/proxy server (extended version) - debugging symbols
  633. 1.9.15-0ubuntu1:
  634. ----------
  635. Description:
  636. nginx web/proxy server (extended version) - debugging symbols
  637. nginx-full:
  638. ----------
  639. 1.10.3-0ubuntu0.16.04.2:
  640. ----------
  641. Description:
  642. nginx web/proxy server (standard version)
  643. Provides:
  644. httpd, httpd-cgi, nginx
  645. 1.9.15-0ubuntu1:
  646. ----------
  647. Description:
  648. nginx web/proxy server (standard version)
  649. Provides:
  650. httpd, httpd-cgi, nginx
  651. nginx-full-dbg:
  652. ----------
  653. 1.10.3-0ubuntu0.16.04.2:
  654. ----------
  655. Description:
  656. nginx web/proxy server (standard version) - debugging symbols
  657. 1.9.15-0ubuntu1:
  658. ----------
  659. Description:
  660. nginx web/proxy server (standard version) - debugging symbols
  661. nginx-light:
  662. ----------
  663. 1.10.3-0ubuntu0.16.04.2:
  664. ----------
  665. Description:
  666. nginx web/proxy server (basic version)
  667. Provides:
  668. httpd, httpd-cgi, nginx
  669. 1.9.15-0ubuntu1:
  670. ----------
  671. Description:
  672. nginx web/proxy server (basic version)
  673. Provides:
  674. httpd, httpd-cgi, nginx
  675. nginx-light-dbg:
  676. ----------
  677. 1.10.3-0ubuntu0.16.04.2:
  678. ----------
  679. Description:
  680. nginx web/proxy server (basic version) - debugging symbols
  681. 1.9.15-0ubuntu1:
  682. ----------
  683. Description:
  684. nginx web/proxy server (basic version) - debugging symbols
  685. Minion Startup Events
  686. =====================
  687. When a minion starts up it sends a notification on the event bus with a tag
  688. that looks like this: ``salt/minion/<minion_id>/start``. For historical reasons
  689. the minion also sends a similar event with an event tag like this:
  690. ``minion_start``. This duplication can cause a lot of clutter on the event bus
  691. when there are many minions. Set ``enable_legacy_startup_events: False`` in the
  692. minion config to ensure only the ``salt/minion/<minion_id>/start`` events are
  693. sent.
  694. The new :conf_minion:`enable_legacy_startup_events` minion config option
  695. defaults to ``True``, but will be set to default to ``False`` beginning with
  696. the 3001 release of Salt.
  697. The Salt Syndic currently sends an old style ``syndic_start`` event as well. The
  698. syndic respects :conf_minion:`enable_legacy_startup_events` as well.
  699. Failhard changes
  700. ================
  701. It is now possible to override a global failhard setting with a state-level
  702. failhard setting. This is most useful in case where global failhard is set to
  703. ``True`` and you want the execution not to stop for a specific state that
  704. could fail, by setting the state level failhard to ``False``.
  705. This also allows for the use of ``onfail*``-requisites, which would previously
  706. be ignored when a global failhard was set to ``True``.
  707. This is a deviation from previous behavior, where the global failhard setting
  708. always resulted in an immediate stop whenever any state failed (regardless
  709. of whether the failing state had a failhard setting of its own, or whether
  710. any ``onfail*``-requisites were used).
  711. Pass Through Options to :py:func:`file.serialize <salt.states.file.serialize>` State
  712. ====================================================================================
  713. This allows for more granular control over the way in which the dataset is
  714. serialized. See the documentation for the new ``serializer_opts`` and
  715. ``deserializer_opts`` options in the :py:func:`file.serialize
  716. <salt.states.file.serialize>` state for more information.
  717. :py:func:`file.patch <salt.sates.file.patch>` State Rewritten
  718. =============================================================
  719. The :py:func:`file.patch <salt.sates.file.patch>` state has been rewritten with
  720. several new features:
  721. - Patch sources can now be remote files instead of only ``salt://`` URLs
  722. - Multi-file patches are now supported
  723. - Patch files can be templated
  724. In addition, it is no longer necessary to specify what the hash of the patched
  725. file should be.
  726. New no_proxy Minion Configuration
  727. =================================
  728. Pass a list of hosts using the ``no_proxy`` minion config option to bypass an HTTP
  729. proxy.
  730. .. note::
  731. This key does nothing unless proxy_host is configured and it does not support
  732. any kind of wildcards.
  733. .. code-block:: yaml
  734. no_proxy: [ '127.0.0.1', 'foo.tld' ]
  735. Changes to :py:mod:`slack <salt.engines.slack>` Engine
  736. ======================================================
  737. The output returned to Slack from functions run using this engine is now
  738. formatted using that function's proper outputter. Earlier releases would format
  739. the output in YAML for all functions except for when states were run.
  740. Enhancements to :py:mod:`wtmp <salt.beacons.wtmp>` Beacon
  741. =========================================================
  742. A new key, ``action``, has been added to the events fired by this beacon, which
  743. will contain either the string ``login`` or ``logout``. This will simplify
  744. reactors which use this beacon's data, as it will no longer be necessary to
  745. check the integer value of the ``type`` key to know whether the event is a
  746. login or logout.
  747. Additionally, in the event that your platform has a non-standard ``utmp.h``,
  748. you can now configure which type numbers indicate a login and logout.
  749. See the :py:mod:`wtmp beacon documentation <salt.beacons.wtmp>` for more
  750. information.
  751. Deprecated and Removed Options
  752. ==============================
  753. API Removed Arguments
  754. ---------------------
  755. Support for :ref:`LocalClient <local-client>`'s ``expr_form`` argument has
  756. been removed. Please use ``tgt_type`` instead. This change was made due to
  757. numerous reports of confusion among community members, since the targeting
  758. method is published to minions as ``tgt_type``, and appears as ``tgt_type``
  759. in the job cache as well.
  760. Those who are using the :ref:`LocalClient <local-client>` (either directly,
  761. or implicitly via a :ref:`netapi module <all-netapi-modules>`) need to update
  762. their code to use ``tgt_type``.
  763. .. code-block:: python
  764. >>> import salt.client
  765. >>> local = salt.client.LocalClient()
  766. >>> local.cmd('*', 'cmd.run', ['whoami'], tgt_type='glob')
  767. {'jerry': 'root'}
  768. Minion Configuration Deprecated Option
  769. --------------------------------------
  770. The :conf_minion:`master_shuffle` configuration option is deprecated as of the
  771. ``2019.2.0`` release. Please use the :conf_minion:`random_master` option instead.
  772. Module Removed Options
  773. ----------------------
  774. - The :py:mod:`napalm_network <salt.modules.napalm_network>` module has been
  775. changed as follows:
  776. - Support for the ``template_path`` has been removed from
  777. :py:func:`net.load_template <salt.modules.napalm_network.load_template>`
  778. function. This is because support for NAPALM native templates has been
  779. dropped.
  780. - The :py:mod:`pip <salt.modules.pip>` module has been changed as follows:
  781. - Support for the ``no_chown`` option has been removed from
  782. :py:func:`pip.install <salt.modules.pip.install>` function.
  783. - The :py:mod:`trafficserver <salt.modules.trafficserver>` module has been
  784. changed as follows:
  785. - The ``trafficserver.match_var`` function was removed. Please use
  786. :py:func:`trafficserver.match_metric
  787. <salt.modules.trafficserver.match_metric>` instead.
  788. - The ``trafficserver.read_var`` function was removed. Please use
  789. :py:func:`trafficserver.read_config
  790. <salt.modules.trafficserver.read_config>` instead.
  791. - The ``trafficserver.set_var`` function was removed. Please use
  792. :py:func:`trafficserver.set_config
  793. <salt.modules.trafficserver.set_config>` instead.
  794. - The ``win_update`` module has been removed. It has been replaced by
  795. :py:mod:`win_wua <salt.modules.win_wua>`.
  796. - The :py:mod:`win_wua <salt.modules.win_wua>` module has been changed as
  797. follows:
  798. - The ``win_wua.download_update`` and ``win_wua.download_updates``
  799. functions have been removed. Please use :py:func:`win_wua.download
  800. <salt.modules.win_wua.download>` instead.
  801. - The ``win_wua.install_update`` and ``win_wua.install_updates``
  802. functions have been removed. Please use :py:func:`win_wua.install
  803. <salt.modules.win_wua.install>` instead.
  804. - The ``win_wua.list_update`` function has been removed. Please use
  805. functions have been removed. Please use :py:func:`win_wua.get
  806. <salt.modules.win_wua.get>` instead.
  807. - The ``win_wua.list_updates`` function has been removed. Please use
  808. functions have been removed. Please use :py:func:`win_wua.list
  809. <salt.modules.win_wua.list_>` instead.
  810. Pillar Removed Option
  811. ---------------------
  812. - The :py:mod:`vault <salt.pillar.vault>` external pillar has been changed as
  813. follows:
  814. - Support for the ``profile`` argument was removed. Any options passed up
  815. until and following the first ``path=`` are discarded.
  816. Roster Removed Option
  817. ---------------------
  818. - The :py:mod:`cache <salt.roster.cache>` roster has been changed as follows:
  819. - Support for ``roster_order`` as a list or tuple has been removed. As of
  820. the ``2019.2.0`` release, ``roster_order`` must be a dictionary.
  821. - The ``roster_order`` option now includes IPv6 in addition to IPv4 for the
  822. ``private``, ``public``, ``global`` or ``local`` settings. The syntax for
  823. these settings has changed to ``ipv4-*`` or ``ipv6-*``, respectively.
  824. State Removed Modules and Options
  825. ---------------------------------
  826. - The ``docker`` state module has been removed
  827. - In :ref:`2017.7.0 <release-2017-7-0>`, the states from this module were
  828. split into four separate state modules:
  829. - :py:mod:`docker_container <salt.states.docker_container>`
  830. - :py:mod:`docker_image <salt.states.docker_image>`
  831. - :py:mod:`docker_volume <salt.states.docker_volume>`
  832. - :py:mod:`docker_network <salt.states.docker_network>`
  833. - The ``docker`` module remained, for backward-compatibility, but it has now
  834. been removed. Please update SLS files to use the new state names:
  835. - ``docker.running`` => :py:func:`docker_container.running
  836. <salt.states.docker_container.running>`
  837. - ``docker.stopped`` => :py:func:`docker_container.stopped
  838. <salt.states.docker_container.stopped>`
  839. - ``docker.absent`` => :py:func:`docker_container.absent
  840. <salt.states.docker_container.absent>`
  841. - ``docker.network_present`` => :py:func:`docker_network.present
  842. <salt.states.docker_network.present>`
  843. - ``docker.network_absent`` => :py:func:`docker_network.absent
  844. <salt.states.docker_network.absent>`
  845. - ``docker.image_present`` => :py:func:`docker_image.present
  846. <salt.states.docker_image.present>`
  847. - ``docker.image_absent`` => :py:func:`docker_image.absent
  848. <salt.states.docker_image.absent>`
  849. - ``docker.volume_present`` => :py:func:`docker_volume.present
  850. <salt.states.docker_volume.present>`
  851. - ``docker.volume_absent`` => :py:func:`docker_volume.absent
  852. <salt.states.docker_volume.absent>`
  853. - The :py:mod:`docker_network <salt.states.docker_network>` state module has
  854. been changed as follows:
  855. - The ``driver`` option has been removed from
  856. :py:func:`docker_network.absent <salt.states.docker_network.absent>`. It
  857. had no functionality, as the state simply deletes the specified network
  858. name if it exists.
  859. - The deprecated ``ref`` option has been removed from the
  860. :py:func:`git.detached <salt.states.git.detached>` state. Please use ``rev``
  861. instead.
  862. - The ``k8s`` state module has been removed in favor of the :py:mod:`kubernetes
  863. <salt.states.kubernetes>` state mdoule. Please update SLS files as follows:
  864. - In place of ``k8s.label_present``, use
  865. :py:func:`kubernetes.node_label_present
  866. <salt.states.kubernetes.node_label_present>`
  867. - In place of ``k8s.label_absent``, use
  868. :py:func:`kubernetes.node_label_absent
  869. <salt.states.kubernetes.node_label_absent>`
  870. - In place of ``k8s.label_folder_absent``, use
  871. :py:func:`kubernetes.node_label_folder_absent
  872. <salt.states.kubernetes.node_label_folder_absent>`
  873. - Support for the ``template_path`` option in the :py:func:`netconfig.managed
  874. <salt.states.netconfig.managed` state has been removed. This is because
  875. support for NAPALM native templates has been dropped.
  876. - Support for the ``no_chown`` option in the
  877. :py:func:`pip.insalled <salt.states.pip.installed>` state has been removed.
  878. - The :py:func:`trafficserver.set_var <salt.states.trafficserver.set_var>`
  879. state has been removed. Please use :py:func:`trafficserver.config
  880. <salt.states.trafficserver.config>` instead.
  881. - Support for the ``no_chown`` option in the
  882. :py:func`virtualenv.managed <salt.states.virtualenv.managed>` function has
  883. been removed.
  884. - The ``win_update`` state module has been removed. It has been replaced by
  885. :py:mod:`win_wua <salt.states.win_wua>`.
  886. - Support for virtual packages has been removed from the
  887. py:mod:`pkg state <salt.states.pkg>`.
  888. Utils Removed Options
  889. ---------------------
  890. The ``cloud`` utils module had the following changes:
  891. - Support for the ``cache_nodes_ip`` function in :mod:`salt utils module <salt.utils.cloud>`
  892. has been removed. The function was incomplete and non-functional.
  893. The ``vault`` utils module had the following changes:
  894. - Support for specifying Vault connection data within a 'profile' has been removed.
  895. Please see the :mod:`vault execution module <salt.modules.vault>` documentation for
  896. details on the new configuration schema.
  897. Dependency Deprecations
  898. -----------------------
  899. Salt-Cloud has been updated to use the ``pypsexec`` Python library instead of the
  900. ``winexe`` executable. Both ``winexe`` and ``pypsexec`` run remote commands
  901. against Windows OSes. Since ``winexe`` is not packaged for every system, it has
  902. been deprecated in favor of ``pypsexec``.
  903. Salt-Cloud has deprecated the use ``impacket`` in favor of ``smbprotocol``.
  904. This changes was made because ``impacket`` is not compatible with Python 3.
  905. SaltSSH Major Updates
  906. =====================
  907. SaltSSH now works across different major Python versions. Python 2.7 ~ Python 3.x
  908. are now supported transparently. Requirement is, however, that the SaltMaster should
  909. have installed Salt, including all related dependencies for Python 2 and Python 3.
  910. Everything needs to be importable from the respective Python environment.
  911. SaltSSH can bundle up an arbitrary version of Salt. If there would be an old box for
  912. example, running an outdated and unsupported Python 2.6, it is still possible from
  913. a SaltMaster with Python 3.5 or newer to access it. This feature requires an additional
  914. configuration in /etc/salt/master as follows:
  915. .. code-block:: yaml
  916. ssh_ext_alternatives:
  917. 2016.3: # Namespace, can be actually anything.
  918. py-version: [2, 6] # Constraint to specific interpreter version
  919. path: /opt/2016.3/salt # Main Salt installation
  920. dependencies: # List of dependencies and their installation paths
  921. jinja2: /opt/jinja2
  922. yaml: /opt/yaml
  923. tornado: /opt/tornado
  924. msgpack: /opt/msgpack
  925. certifi: /opt/certifi
  926. singledispatch: /opt/singledispatch.py
  927. singledispatch_helpers: /opt/singledispatch_helpers.py
  928. markupsafe: /opt/markupsafe
  929. backports_abc: /opt/backports_abc.py
  930. It is also possible to use several alternative versions of Salt. You can for
  931. instance generate a minimal tarball using runners and include that. But this is
  932. only possible, when such specific Salt version is also available on the Master
  933. machine, although does not need to be directly installed together with the
  934. older Python interpreter.
  935. SaltSSH now support private key's passphrase. You can configure it by:
  936. * `--priv-passwd` for salt-ssh cli
  937. * `salt_priv_passwd` for salt master configure file
  938. * `priv_passwd` for salt roster file
  939. State Module Changes
  940. ====================
  941. :py:mod:`salt <salt.states.saltmod>` State Module (used in orchestration)
  942. -------------------------------------------------------------------------
  943. The ``test`` option now defaults to None. A value of ``True`` or ``False`` set
  944. here is passed to the state being run and can be used to override a ``test:
  945. True`` option set in the minion's config file. In previous releases the
  946. minion's config option would take precedence and it would be impossible to run
  947. an orchestration on a minion with test mode set to True in the config file.
  948. If a minion is not in permanent test mode due to the config file and the 'test'
  949. argument here is left as None then a value of ``test=True`` on the command-line is
  950. passed correctly to the minion to run an orchestration in test mode. At present
  951. it is not possible to pass ``test=False`` on the command-line to override a
  952. minion in permanent test mode and so the ``test: False`` option must still be set
  953. in the orchestration file.
  954. :py:func:`event.send <salt.states.event.send>` State
  955. ----------------------------------------------------
  956. The :py:func:`event.send <salt.states.event.send>` state does not know the
  957. results of the sent event, so returns changed every state run. It can now be
  958. set to return changed or unchanged.
  959. :py:mod:`influxdb_user.present <salt.states.influxdb_user>` Influxdb User Module State
  960. ---------------------------------------------------------------------------------------
  961. The ``password`` parameter has been changed to ``passwd`` to remove the
  962. name collusion with the influxdb client configuration (``client_kwargs``)
  963. allowing management of users when authentication is enabled on the influxdb
  964. instance
  965. Old behavior:
  966. .. code-block:: yaml
  967. influxdb_user.present:
  968. - name: exampleuser
  969. - password: exampleuserpassword
  970. - user: admin
  971. - password: adminpassword
  972. New behavior:
  973. .. code-block:: yaml
  974. influxdb_user.present:
  975. - name: exampleuser
  976. - passwd: exampleuserpassword
  977. - user: admin
  978. - password: adminpassword
  979. :conf_minion:`winrepo_cache_expire_min` Windows Package Definitions Caching
  980. ---------------------------------------------------------------------------
  981. The :conf_minion:`winrepo_cache_expire_min` has been changed from 0 to 1800 (30 minutes)
  982. For example if you run highstate the package definitions are normally updated,
  983. however now if the package definitions are younger than :conf_minion:`winrepo_cache_expire_min`
  984. (30 minutes) the package definitions will not be refreshed, reducing the amount
  985. of time taken to run a 2nd highstate. To get the old behaviour change the value
  986. back to 0 in the minion configuration file. This also effects the behaviour of
  987. other functions which default to refresh. The ``pkg.refresh_db`` will always
  988. refresh the package definitions.
  989. LDAP External Authentication
  990. ============================
  991. freeipa ``groupattribute`` support
  992. ----------------------------------
  993. Previously, if Salt was using external authentication against a freeipa LDAP
  994. system it could only search for users via the ``accountattributename`` field.
  995. This release add an additional search using the ``groupattribute`` field as
  996. well. The original ``accountattributename`` search is done first then the
  997. ``groupattribute`` allowing for backward compatibility with previous Salt
  998. releases.
  999. Jinja Include Relative Paths
  1000. ============================
  1001. When a jinja include template name begins with ``./`` or
  1002. ``../`` then the import will be relative to the importing file.
  1003. Prior practices required the following construct:
  1004. .. code-block:: jinja
  1005. {% from tpldir ~ '/foo' import bar %}
  1006. A more "natural" construct is now supported:
  1007. .. code-block:: jinja
  1008. {% from './foo' import bar %}
  1009. Comparatively when importing from a parent directory - prior practice:
  1010. .. code-block:: jinja
  1011. {% from tpldir ~ '/../foo' import bar %}
  1012. New style for including from a parent directory:
  1013. .. code-block:: jinja
  1014. {% from '../foo' import bar %}
  1015. salt-api
  1016. ========
  1017. salt-api Windows support
  1018. ------------------------
  1019. Previously, salt-api was was not supported on the Microsoft Windows platforms. Now it is!
  1020. salt-api provides a RESTful interface to a running Salt system. It allows
  1021. for viewing minions, runners, and jobs as well as running execution modules
  1022. and runners of a running Salt system through a REST API that returns JSON.
  1023. See Salt-API_ documentation.
  1024. .. _Salt-API: https://docs.saltstack.com/en/latest/topics/netapi/index.html
  1025. Logging Changes
  1026. ===============
  1027. Include Job ID (JID) in Minion and Master Logs
  1028. ----------------------------------------------
  1029. The Job ID (JID) can now be optionally included in both the minion and master logs
  1030. by including ``jid`` in either the ``log_fmt_console`` or ``log_fmt_logfile``
  1031. configuration option:
  1032. .. code-block:: yaml
  1033. log_fmt_console: "[%(levelname)-8s] %(jid)s %(message)s"
  1034. The will cause the JID to be included in any log entries that are related to a
  1035. particular Salt job. The JID will be included using the default format,
  1036. ``[JID: %(jid)s]`` but can be overriden with the ``log_fmt_jid`` configuration item.
  1037. .. code-block:: yaml
  1038. log_fmt_jid: "[JID: %(jid)s]"
  1039. Security
  1040. ========
  1041. Windows runas changes
  1042. ---------------------
  1043. A password is no longer required with ``runas`` under normal circumstances.
  1044. The password option is only needed if the minion process is run under a
  1045. restricted (non-administrator) account. In the aforementioned case, a password
  1046. is only required when using the ``runas`` argument to run command as a
  1047. different user.
  1048. New Modules
  1049. ===========
  1050. Execution Modules
  1051. -----------------
  1052. - :mod:`salt.modules.ciscoconfparse_mod <salt.modules.ciscoconfparse_mod>`
  1053. - :mod:`salt.modules.jira <salt.modules.jira_mod>`
  1054. - :mod:`salt.modules.google_chat <salt.modules.google_chat>`
  1055. - :mod:`salt.modules.iosconfig <salt.modules.iosconfig>`
  1056. - :mod:`salt.modules.netmiko <salt.modules.netmiko_mod>`
  1057. - :mod:`salt.modules.nxos_api <salt.modules.nxos_api>`
  1058. - :mod:`salt.modules.peeringdb <salt.modules.peeringdb>`
  1059. - :mod:`salt.modules.purefb <salt.modules.purefb>`
  1060. - :mod:`salt.modules.pyeapi <salt.modules.arista_pyeapi>`
  1061. Pillar Modules
  1062. --------------
  1063. - :mod:`netbox <salt.pillar.netbox>`
  1064. Proxy Modules
  1065. -------------
  1066. - :mod:`salt.proxy.netmiko <salt.proxy.netmiko_px>`
  1067. - :mod:`salt.proxy.nxos_api <salt.proxy.nxos_api>`
  1068. - :mod:`salt.proxy.pyeapi <salt.proxy.arista_pyeapi>`