1
0

neon.rst 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625
  1. :orphan:
  2. ==================================
  3. Salt Release Notes - Codename Neon
  4. ==================================
  5. Execution Module for Checking Jinja Map Files
  6. =============================================
  7. To aid in troubleshooting, an execution module has been added, which allows one
  8. to see the data loaded from a jinja map, or imported using ``import_yaml`` or
  9. ``import_json``. See :py:mod:`here <salt.modules.jinja>` for more information.
  10. Saltcheck Updates
  11. =================
  12. Available since 2018.3, the :py:func:`saltcheck module <salt.modules.saltcheck>`
  13. has been enhanced to:
  14. * Support saltenv environments
  15. * Associate tests with states by naming convention
  16. * Adds empty and notempty assertions
  17. * Adds skip keyword
  18. * Adds print_result keyword
  19. * Adds assertion_section keyword
  20. * Use saltcheck.state_apply to run state.apply for test setup or teardown
  21. * Changes output to display test time
  22. Saltcheck provides unittest like functionality requiring only the knowledge of
  23. salt module execution and yaml. Saltcheck uses salt modules to return data, then
  24. runs an assertion against that return. This allows for testing with all the
  25. features included in salt modules.
  26. In order to run state and highstate saltcheck tests, a sub-folder in the state directory
  27. must be created and named ``saltcheck-tests``. Tests for a state should be created in files
  28. ending in ``*.tst`` and placed in the ``saltcheck-tests`` folder. ``tst`` files are run
  29. through the salt rendering system, enabling tests to be written in yaml (or renderer of choice),
  30. and include jinja, as well as the usual grain and pillar information. Like states, multiple tests can
  31. be specified in a ``tst`` file. Multiple ``tst`` files can be created in the ``saltcheck-tests``
  32. folder, and should be named the same as the associated state. The ``id`` of a test works in the
  33. same manner as in salt state files and should be unique and descriptive.
  34. Usage
  35. -----
  36. Example file system layout:
  37. .. code-block:: text
  38. /srv/salt/apache/
  39. init.sls
  40. config.sls
  41. saltcheck-tests/
  42. init.tst
  43. config.tst
  44. deployment_validation.tst
  45. Tests can be run for each state by name, for all ``apache/saltcheck/*.tst`` files,
  46. or for all states assigned to the minion in top.sls. Tests may also be created
  47. with no associated state. These tests will be run through the use of
  48. ``saltcheck.run_state_tests``, but will not be automatically run by
  49. ``saltcheck.run_highstate_tests``.
  50. .. code-block:: bash
  51. salt '*' saltcheck.run_state_tests apache,apache.config
  52. salt '*' saltcheck.run_state_tests apache check_all=True
  53. salt '*' saltcheck.run_highstate_tests
  54. salt '*' saltcheck.run_state_tests apache.deployment_validation
  55. Example Tests
  56. -------------
  57. .. code-block:: jinja
  58. {# will run the common salt state before further testing #}
  59. setup_test_environment:
  60. module_and_function: saltcheck.state_apply
  61. args:
  62. - common
  63. pillar-data:
  64. data: value
  65. {% for package in ["apache2", "openssh"] %}
  66. {# or another example #}
  67. {# for package in salt['pillar.get']("packages") #}
  68. jinja_test_{{ package }}_latest:
  69. module_and_function: pkg.upgrade_available
  70. args:
  71. - {{ package }}
  72. assertion: assertFalse
  73. {% endfor %}
  74. validate_user_present_and_shell:
  75. module_and_function: user.info
  76. args:
  77. - root
  78. assertion: assertEqual
  79. expected-return: /bin/bash
  80. assertion_section: shell
  81. print_result: False
  82. skip_test:
  83. module_and_function: pkg.upgrade_available
  84. args:
  85. - apache2
  86. assertion: assertFalse
  87. skip: True
  88. Output Format Changes
  89. ---------------------
  90. Saltcheck output has been enhanced to display the time taken per test. This results
  91. in a change to the output format.
  92. Previous Output:
  93. .. code-block:: text
  94. local:
  95. |_
  96. ----------
  97. ntp:
  98. ----------
  99. ntp-client-installed:
  100. Pass
  101. ntp-service-status:
  102. Pass
  103. |_
  104. ----------
  105. TEST RESULTS:
  106. ----------
  107. Failed:
  108. 0
  109. Missing Tests:
  110. 0
  111. Passed:
  112. 2
  113. New output:
  114. .. code-block:: text
  115. local:
  116. |_
  117. ----------
  118. ntp:
  119. ----------
  120. ntp-client-installed:
  121. ----------
  122. duration:
  123. 1.0408
  124. status:
  125. Pass
  126. ntp-service-status:
  127. ----------
  128. duration:
  129. 1.464
  130. status:
  131. Pass
  132. |_
  133. ----------
  134. TEST RESULTS:
  135. ----------
  136. Execution Time:
  137. 2.5048
  138. Failed:
  139. 0
  140. Missing Tests:
  141. 0
  142. Passed:
  143. 2
  144. Skipped:
  145. 0
  146. Unless and onlyif Enhancements
  147. ==============================
  148. The ``unless`` and ``onlyif`` requisites can now be operated with salt modules.
  149. The dictionary must contain an argument ``fun`` which is the module that is
  150. being run, and everything else must be passed in under the args key or will be
  151. passed as individual kwargs to the module function.
  152. .. code-block:: yaml
  153. install apache on debian based distros:
  154. cmd.run:
  155. - name: make install
  156. - cwd: /path/to/dir/whatever-2.1.5/
  157. - unless:
  158. - fun: file.file_exists
  159. path: /usr/local/bin/whatever
  160. .. code-block:: yaml
  161. set mysql root password:
  162. debconf.set:
  163. - name: mysql-server-5.7
  164. - data:
  165. 'mysql-server/root_password': {'type': 'password', 'value': {{pillar['mysql.pass']}} }
  166. - unless:
  167. - fun: pkg.version
  168. args:
  169. - mysql-server-5.7
  170. Keystore State and Module
  171. =========================
  172. A new :py:func:`state <salt.states.keystore>` and
  173. :py:func:`execution module <salt.modules.keystore>` for manaing Java
  174. Keystore files is now included. It allows for adding/removing/listing
  175. as well as managing keystore files.
  176. .. code-block:: bash
  177. # salt-call keystore.list /path/to/keystore.jks changeit
  178. local:
  179. |_
  180. ----------
  181. alias:
  182. hostname1
  183. expired:
  184. True
  185. sha1:
  186. CB:5E:DE:50:57:99:51:87:8E:2E:67:13:C5:3B:E9:38:EB:23:7E:40
  187. type:
  188. TrustedCertEntry
  189. valid_start:
  190. August 22 2012
  191. valid_until:
  192. August 21 2017
  193. .. code-block:: yaml
  194. define_keystore:
  195. keystore.managed:
  196. - name: /tmp/statestore.jks
  197. - passphrase: changeit
  198. - force_remove: True
  199. - entries:
  200. - alias: hostname1
  201. certificate: /tmp/testcert.crt
  202. - alias: remotehost
  203. certificate: /tmp/512.cert
  204. private_key: /tmp/512.key
  205. - alias: stringhost
  206. certificate: |
  207. -----BEGIN CERTIFICATE-----
  208. MIICEjCCAX
  209. Hn+GmxZA
  210. -----END CERTIFICATE-----
  211. XML State and Module
  212. ====================
  213. A new :py:func:`state <salt.states.xml>` and
  214. :py:func:`execution module <salt.modules.xml>` for editing XML files is
  215. now included. Currently it allows for editing values from an xpath query, or
  216. editing XML IDs.
  217. .. code-block:: bash
  218. # salt-call xml.set_attribute /tmp/test.xml ".//actor[@id='3']" editedby "Jane Doe"
  219. local:
  220. True
  221. # salt-call xml.get_attribute /tmp/test.xml ".//actor[@id='3']"
  222. local:
  223. ----------
  224. editedby:
  225. Jane Doe
  226. id:
  227. 3
  228. # salt-call xml.get_value /tmp/test.xml ".//actor[@id='2']"
  229. local:
  230. Liam Neeson
  231. # salt-call xml.set_value /tmp/test.xml ".//actor[@id='2']" "Patrick Stewart"
  232. local:
  233. True
  234. # salt-call xml.get_value /tmp/test.xml ".//actor[@id='2']"
  235. local:
  236. Patrick Stewart
  237. .. code-block:: yaml
  238. ensure_value_true:
  239. xml.value_present:
  240. - name: /tmp/test.xml
  241. - xpath: .//actor[@id='1']
  242. - value: William Shatner
  243. Slot Syntax Updates
  244. ===================
  245. The slot syntax has been updated to support parsing dictionary responses and to append text.
  246. .. code-block:: yaml
  247. demo dict parsing and append:
  248. test.configurable_test_state:
  249. - name: slot example
  250. - changes: False
  251. - comment: __slot__:salt:test.arg(shell="/bin/bash").kwargs.shell ~ /appended
  252. .. code-block:: none
  253. local:
  254. ----------
  255. ID: demo dict parsing and append
  256. Function: test.configurable_test_state
  257. Name: slot example
  258. Result: True
  259. Comment: /bin/bash/appended
  260. Started: 09:59:58.623575
  261. Duration: 1.229 ms
  262. Changes:
  263. State Changes
  264. =============
  265. - The :py:func:`file.rename <salt.states.file.rename>` state will now return a
  266. ``True`` result (and make no changes) when the destination file already
  267. exists, and ``Force`` is not set to ``True``. In previous releases, a
  268. ``False`` result would be returned, but this meant that subsequent runs of
  269. the state would fail due to the destination file being present.
  270. - The :py:func:`file.managed <salt.states.file.managed>` state now supports
  271. setting selinux contexts.
  272. .. code-block:: yaml
  273. /tmp/selinux.test
  274. file.managed:
  275. - user: root
  276. - selinux:
  277. seuser: system_u
  278. serole: object_r
  279. setype: system_conf_t
  280. seranage: s0
  281. - The ``onchanges`` and ``prereq`` :ref:`requisites <requisites>` now behave
  282. properly in test mode.
  283. - Adding a new option for the State compiler, ``disabled_requisites`` will allow
  284. requisites to be disabled during State runs.
  285. - Added new :py:func:`ssh_auth.manage <salt.states.ssh_auth.manage>` state to
  286. ensure only the specified ssh keys are present for the specified user.
  287. - Added new :py:func:`saltutil <salt.states.saltutil>` state to use instead of
  288. ``module.run`` to more easily handle change.
  289. - Added new `onfail_all` requisite form to allow for AND logic when adding
  290. onfail states.
  291. Module Changes
  292. ==============
  293. - The :py:func:`debian_ip <salt.modules.debian_ip>` module used by the
  294. :py:func:`network.managed <salt.states.network.managed>` state has been
  295. heavily refactored. The order that options appear in inet/inet6 blocks may
  296. produce cosmetic changes. Many options without an 'ipvX' prefix will now be
  297. shared between inet and inet6 blocks. The options ``enable_ipv4`` and
  298. ``enabled_ipv6`` will now fully remove relevant inet/inet6 blocks. Overriding
  299. options by prefixing them with 'ipvX' will now work with most options (i.e.
  300. ``dns`` can be overriden by ``ipv4dns`` or ``ipv6dns``). The ``proto`` option
  301. is now required.
  302. - Added new :py:func:`boto_ssm <salt.modules.boto_ssm>` module to set and query
  303. secrets in AWS SSM parameters.
  304. - The :py:func:`file.set_selinux_context
  305. <salt.modules.file.set_selinux_context>` module now supports persistant
  306. changes with ``persist=True`` by calling the
  307. :py:func:`selinux.fcontext_add_policy
  308. <salt.modules.selinux.fcontext_add_policy>` module.
  309. - The :py:func:`config.option <salt.modules.config.option>` now also returns
  310. matches from the grains, making it align better with :py:func:`config.get
  311. <salt.modules.config.get>`.
  312. - Configuration for Docker registries is no longer restricted only to pillar
  313. data, and is now loaded using :py:func:`config.option
  314. <salt.modules.config.option>`. More information on registry authentication
  315. can be found :ref:`here <docker-authentication>`.
  316. - The :py:func:`yumpkg <salt.modules.yumpkg>` module has been updated to support
  317. VMWare's Photon OS, which uses tdnf (a C implementation of dnf).
  318. - The :py:func:`chocolatey.bootstrap <salt.modules.chocolatey.bootstrap>` function
  319. has been updated to support offline installation.
  320. - The :py:func:`chocolatey.unbootstrap <salt.modules.chocolatey.unbootstrap>` function
  321. has been added to uninstall Chocolatey.
  322. Runner Changes
  323. ==============
  324. - The :py:func:`saltutil.sync_auth <salt.runners.saltutil.sync_auth>` function
  325. has been added to sync loadable auth modules. :py:func:`saltutil.sync_all <salt.runners.saltutil.sync_all>`
  326. will also include these modules.
  327. Util Changes
  328. ============
  329. - The :py:func:`win_dotnet <salt.utils.win_dotnet>` Salt util has been added to
  330. make it easier to detect the versions of .NET installed on the system. It includes
  331. the following functions:
  332. - :py:func:`versions <salt.utils.win_dotnet.versions>`
  333. - :py:func:`versions_list <salt.utils.win_dotnet.versions_list>`
  334. - :py:func:`versions_details <salt.utils.win_dotnet.versions_details>`
  335. - :py:func:`version_at_least <salt.utils.win_dotnet.version_at_least>`
  336. Serializer Changes
  337. ==================
  338. - The configparser serializer and deserializer functions can now be made to preserve
  339. case of item names by passing 'preserve_case=True' in the options parameter of the function.
  340. .. note::
  341. This is a parameter consumed only by the salt.serializer.configparser serialize and
  342. deserialize functions and not the low-level configparser python object.
  343. For example, in a file.serialze state:
  344. .. code-block:: yaml
  345. some.ini:
  346. - file.serialize:
  347. - formatter: configparser
  348. - merge_if_exists: True
  349. - deserializer_opts:
  350. - preserve_case: True
  351. - serializer_opts:
  352. - preserve_case: True
  353. Enhancements to Engines
  354. =======================
  355. Multiple copies of a particular Salt engine can be configured by including
  356. the ``engine_module`` parameter in the engine configuration.
  357. .. code-block:: yaml
  358. engines:
  359. - production_logstash:
  360. host: production_log.my_network.com
  361. port: 5959
  362. proto: tcp
  363. engine_module: logstash
  364. - develop_logstash:
  365. host: develop_log.my_network.com
  366. port: 5959
  367. proto: tcp
  368. engine_module: logstash
  369. Enhancements to Beacons
  370. =======================
  371. Multiple copies of a particular Salt beacon can be configured by including
  372. the ``beacon_module`` parameter in the beacon configuration.
  373. .. code-block:: yaml
  374. beacons:
  375. watch_importand_file:
  376. - files:
  377. /etc/important_file: {}
  378. - beacon_module: inotify
  379. watch_another_file:
  380. - files:
  381. /etc/another_file: {}
  382. - beacon_module: inotify
  383. Salt Cloud Features
  384. ===================
  385. General
  386. -------
  387. The salt-cloud WinRM util has been extended to allow for an Administrator
  388. account rename during deployment (for example, the Administator account
  389. being renamed by an Active Directory group policy).
  390. GCE Driver
  391. ----------
  392. The GCE salt cloud driver can now be used with GCE instance credentials by
  393. setting the configuration paramaters ``service_account_private_key`` and
  394. ``service_account_private_email`` to an empty string.
  395. VMWware Driver
  396. --------------
  397. The VMWare driver has been updated to:
  398. Allow specifying a Windows domain to join during customization.
  399. Allow specifying timezone for the system during customization.
  400. Allow disabling the Windows autologon after deployment.
  401. Allow specifying the source template/VM's datacenter (to allow cloning between datacenters).
  402. Salt Api
  403. ========
  404. salt-api will now work on Windows platforms with limited support.
  405. You will be able to configure the ``rest_cherrypy`` module, without ``pam``
  406. external authentication and without ssl support.
  407. Example configuration:
  408. .. code-block:: yaml
  409. external_auth:
  410. auto:
  411. saltuser:
  412. -.*
  413. rest_cherrypy:
  414. host: 127.0.0.1
  415. port: 8000
  416. Deprecations
  417. ============
  418. RAET Transport
  419. --------------
  420. Support for RAET has been removed. Please use the ``zeromq`` or ``tcp`` transport
  421. instead of ``raet``.
  422. Module Deprecations
  423. -------------------
  424. - The :py:mod:`dockermod <salt.modules.dockermod>` module has been
  425. changed as follows:
  426. - Support for the ``tags`` kwarg has been removed from the
  427. :py:func:`dockermod.resolve_tag <salt.modules.dockermod.resolve_tag>`
  428. function.
  429. - Support for the ``network_id`` kwarg has been removed from the
  430. :py:func:`dockermod.connect_container_to_network <salt.modules.dockermod.connect_container_to_network>`
  431. function. Please use ``net_id`` instead.
  432. - Support for the ``name`` kwarg has been removed from the
  433. :py:func:`dockermod.sls_build <salt.modules.dockermod.sls_build>`
  434. function. Please use ``repository`` and ``tag`` instead.
  435. - Support for the ``image`` kwarg has been removed from the following
  436. functions. In all cases, please use both the ``repository`` and ``tag``
  437. options instead:
  438. - :py:func:`dockermod.build <salt.modules.dockermod.build>`
  439. - :py:func:`dockermod.commit <salt.modules.dockermod.commit>`
  440. - :py:func:`dockermod.import <salt.modules.dockermod.import_>`
  441. - :py:func:`dockermod.load <salt.modules.dockermod.load>`
  442. - :py:func:`dockermod.tag <salt.modules.dockermod.tag_>`
  443. - The :py:mod`firewalld <salt.modules.firewalld>` module has been changed as
  444. follows:
  445. - Support for the ``force_masquerade`` option has been removed from the
  446. :py:func:`firewalld.add_port <salt.module.firewalld.add_port` function. Please
  447. use the :py:func:`firewalld.add_masquerade <salt.modules.firewalld.add_masquerade`
  448. function instead.
  449. - Support for the ``force_masquerade`` option has been removed from the
  450. :py:func:`firewalld.add_port_fwd <salt.module.firewalld.add_port_fwd` function. Please
  451. use the :py:func:`firewalld.add_masquerade <salt.modules.firewalld.add_masquerade`
  452. function instead.
  453. - The :py:mod:`ssh <salt.modules.ssh>` execution module has been
  454. changed as follows:
  455. - Support for the ``ssh.get_known_host`` function has been removed. Please use the
  456. :py:func:`ssh.get_known_host_entries <salt.modules.ssh.get_known_host_entries>`
  457. function instead.
  458. - Support for the ``ssh.recv_known_host`` function has been removed. Please use the
  459. :py:func:`ssh.recv_known_host_entries <salt.modules.ssh.recv_known_host_entries>`
  460. function instead.
  461. - The :py:mod:`test <salt.modules.test>` execution module has been changed as follows:
  462. - Support for the :py:func:`test.rand_str <salt.modules.test.rand_str>` has been
  463. removed. Please use the :py:func:`test.random_hash <salt.modules.test.random_hash>`
  464. function instead.
  465. - The hipchat module has been removed due to the service being retired.
  466. :py:func:`Google Chat <salt.modules.google_chat>`,
  467. :py:func:`MS Teams <salt.modules.msteams>`, or
  468. :py:func:`Slack <salt.modules.slack_notify>` may be suitable replacements.
  469. State Deprecations
  470. ------------------
  471. - The :py:mod`firewalld <salt.states.firewalld>` state has been changed as follows:
  472. - The default setting for the ``prune_services`` option in the
  473. :py:func:`firewalld.present <salt.states.firewalld.present>` function has changed
  474. from ``True`` to ``False``.
  475. - The :py:mod:`win_servermanager <salt.states.win_servermanager>` state has been
  476. changed as follows:
  477. - Support for the ``force`` kwarg has been removed from the
  478. :py:func:`win_servermanager.installed <salt.states.win_servermanager.installed>`
  479. function. Please use ``recurse`` instead.
  480. - The hipchat state has been removed due to the service being retired.
  481. :py:func:`MS Teams <salt.states.msteams>` or
  482. :py:func:`Slack <salt.states.slack>` may be suitable replacements.
  483. Engine Removal
  484. --------------
  485. - The hipchat engine has been removed due to the service being retired. For users migrating
  486. to Slack, the :py:func:`slack <salt.engines.slack>` engine may be a suitable replacement.
  487. Returner Removal
  488. ----------------
  489. - The hipchat returner has been removed due to the service being retired. For users migrating
  490. to Slack, the :py:func:`slack <salt.returners.slack_returner>` returner may be a suitable
  491. replacement.