Salt 2015.8.8 Release Notes

Important

2015.8.8.2 was released shortly after 2015.8.8 to fix several known issues. If you installed 2015.8.8 before 03/30/2016, you likely have installed 2015.8.8 and can optionally upgrade (find out which version you have installed using salt --version. The latest version is 2015.8.8.2).

Salt 2015.8.8.2

Salt 2015.8.8.2 includes fixes for the following known issues in 2015.8.8:

  • issue 32044: Key master with value [...] has an invalid type of list Error
  • issue 32004: Failed to import module win_dacl Error
  • issue 32114: Wrong validation type for file_ignore_glob key
  • issue 31969: Fix file.managed for windows

Important

issue 32183 prevents Salt Cloud from installing the Salt minion on new systems. To workaround this issue, call salt-cloud -u to update the bootstrap script to the latest version.

Salt 2015.8.8

Security Fix

CVE-2016-3176: Insecure configuration of PAM external authentication service

This issue affects all Salt versions prior to 2015.8.8/2015.5.10 when PAM external authentication is enabled. This issue involves passing an alternative PAM authentication service with a command that is sent to LocalClient, enabling the attacker to bypass the configured authentication service. Thank you to Dylan Frese <dmfrese@gmail.com> for bringing this issue to our attention.

This update defines the PAM eAuth service that users authenticate against in the Salt Master configuration.

Read Before Upgrading Debian 7 (Wheezy) from 2015.8.7 to 2015.8.8

Before you upgrade from 2015.8.7 on Debian 7, you must run the following commands to remove previous packages:

sudo apt-get remove python-pycrypto
sudo apt-get remove python-apache-libcloud

Note that python-pycrypto will likely remove python-apache-libcloud, so the second command might not be necessary. These have been replaced by python-crypto and python-libcloud with ~bpo70+1 moniker.

Read Before Upgrading Debian 8 (Jessie) from Salt Versions Earlier than 2015.8.4

Salt systemd service files are missing the following statement in these versions:

[Service]
KillMode=process

This statement must be added to successfully upgrade on these earlier versions of Salt.

Changes for v2015.8.7..v2015.8.8

Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):

Generated at: 2016-03-17T21:03:44Z

Total Merges: 312

Changes:

  • PR #31947: (cro) Move proxymodule assignment earlier in proxy minion init
  • PR #31948: (rallytime) Revert "not not" deletion and add comment as to why that is there
  • PR #31952: (rallytime) Fix lint for 2015.8 branch
  • PR #31933: (rallytime) Fix linking syntax in testing docs
  • PR #31930: (cro) Backport changes from 2016.3
  • PR #31924: (jfindlay) update 2015.8.8 release notes
  • PR #31922: (cachedout) For 2015.8 head
  • PR #31904: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
  • PR #31906: (sbreidba) Win_dacl module: fix FULLCONTROL / FILE_ALL_ACCESS definition
  • PR #31745: (isbm) Fix the always-false behavior on checking state
  • PR #31911: (rallytime) Merge #31903 with pylint fix
  • PR #31883: (paiou) Fix scaleway cloud provider and manage x86 servers
  • PR #31903: (terminalmage) Use remote_ref instead of local_ref to see if checkout is necessary
  • PR #31845: (sakateka) Now a check_file_meta deletes temporary files when test=True
  • PR #31901: (rallytime) Back-port #31846 to 2015.8
  • PR #31905: (terminalmage) Update versionadded directive
  • PR #31902: (rallytime) Update versionadded tag for new funcs
  • PR #31888: (terminalmage) Fix salt.utils.decorators.Depends
  • PR #31857: (sjorge) gen_password and del_password missing from solaris_shadow
  • PR #31879: (cro) Clarify some comments
  • PR #31815: (dr4Ke) Fix template on contents 2015.8
  • PR #31818: (anlutro) Prevent event logs from writing huge amounts of data
  • PR #31836: (terminalmage) Fix git_pillar race condition
  • PR #31824: (rallytime) Back-port #31819 to 2015.8
  • PR #31856: (szeestraten) Adds missing docs for Virtual Network and Subnet options in salt-cloud Azure cloud profile
  • PR #31839: (jfindlay) add 2015.8.8 release notes
  • PR #31828: (gtmanfred) Remove ability of authenticating user to specify pam service
  • PR #31787: (anlutro) Fix user_create and db_create for new versions of influxdb
  • PR #31800: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
  • PR #31797: (Ch3LL) Change pkg name to less for suse pkg.info_installed test
  • PR #31793: (xopher-mc) fixing init system detection on sles 11, refs `#31617`_
  • PR #31786: (isbm) Bugfix: zypper doesn't detect base product on SLE11 series
  • PR #31780: (gtmanfred) use already created vsphere connection
  • PR #31779: (sbreidba) win_dacl state & module: return comment field as strings, not lists.
  • PR #31723: (sjorge) file_ignore_regex is a list, not bool
  • PR #31747: (techhat) Use get_local_client with MASTER opts, not MINION
  • PR #31688: (whiteinge) Various SMTP returner fixes
  • PR #31752: (rallytime) Back-port #31686 to 2015.8
  • PR #31733: (jacobhammons) docs to clarify cloud configuration
  • PR #31775: (techhat) Show correct provider/driver name
  • PR #31754: (techhat) Check all providers, not just the current one
  • PR #31735: (rallytime) Add reboot, start, and stop actions to digital ocean driver
  • PR #31770: (anlutro) Fix influxdb user functionality for version 0.9+
  • PR #31743: (Talkless) Fix parentheses mismatch in documentation
  • PR #31162: (isbm) Remove MD5 digest from everywhere and default to SHA256
  • PR #31670: (terminalmage) Write lists of minions targeted by syndic masters to job cache
  • PR #31711: (ticosax) [dockerng] Port and Volume comparison should consider Dockerfile
  • PR #31719: (techhat) Don't worry about KeyErrors if the node is already removed
  • PR #31713: (ticosax) [dockerng] Fix dockerng.network_present when container is given by name
  • PR #31705: (peripatetic-sojourner) Foreman pillar
  • PR #31702: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
  • PR #31700: (s0undt3ch) It's a function!
  • PR #31679: (cro) Fix bad link to the sample REST endpoint in salt-contrib.
  • PR #31668: (rallytime) Some more testing documentation improvements
  • PR #31653: (DmitryKuzmenko) Don't attempt to verify token if it wasn't sent to master.
  • PR #31629: (darix) Fix services on sles
  • PR #31641: (rallytime) Improve Salt Testing tutorial to be a more comprehensive intro
  • PR #31651: (dr4Ke) test case: test_list_present_nested_already
  • PR #31643: (opdude) Make sure we are really updating the mercurial repository
  • PR #31598: (terminalmage) Remove limitations on validation types for eauth targets
  • PR #31627: (jakehilton) Handling error from using gevent 1.1.
  • PR #31630: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
  • PR #31594: (rallytime) Back-port #31589 to 2015.8
  • PR #31604: (joejulian) Workaround for non-xml output from gluster cli when not tty
  • PR #31583: (vutny) Remove trailing white spaces
  • PR #31592: (rallytime) Back-port #31546 to 2015.8
  • PR #31593: (rallytime) Back-port #31570 to 2015.8
  • PR #31567: (cachedout) Restore FIPS compliance when using master_finger
  • PR #31568: (twangboy) Grant permissions using SID instead of name
  • PR #31561: (jtand) Skipped test
  • PR #31550: (rallytime) Correct versionadded tag for win_service.config
  • PR #31549: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
  • PR #31544: (DmitryKuzmenko) Protect getattr from recursion
  • PR #31525: (DmitryKuzmenko) Issues/30643 merge forward fixes
  • PR #31536: (virtualguy) Remove debian repo from raspbian installation
  • PR #31528: (vutny) Correct Salt Cloud documentation about updating Salt Bootstrap script
  • PR #31539: (DmitryKuzmenko) Added temporary workaround for CentOS 7 os-release id bug.
  • PR #31508: (mcalmer) Zypper correct exit code checking
  • PR #31510: (vutny) Add installation guide for Raspbian (Debian on Raspberry Pi)
  • PR #31498: (Ch3LL) rename methods in pkg states test
  • PR #31471: (cachedout) Correct issue where duplicate items in grains list during state run will result in duplicate grains
  • PR #31455: (ticosax) [dockerng] Disable notset check
  • PR #31488: (isbm) Unit Test for Zypper's "remove" and "purge"
  • PR #31485: (jacobhammons) Fixed transport description in minion / master config
  • PR #31411: (jtand) Added some beacons execution module integration tests
  • PR #31475: (jacobhammons) Assorted doc issues
  • PR #31477: (vutny) Correct installation documentation for Ubuntu
  • PR #31479: (isbm) Zypper unit tests & fixes
  • PR #31445: (rallytime) Only use LONGSIZE in rpm.info if available. Otherwise, use SIZE.
  • PR #31464: (Ch3LL) integartion test: ensure decorator only runs on one method and not class
  • PR #31458: (vutny) Correct installation documentation for Debian
  • PR #31457: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
  • PR #31439: (rallytime) Fix lowpkg.info function for Ubuntu 12 - make sure we have a pkg name
  • PR #31456: (RabidCicada) Clarified the form of requisite targets/requisite-references
  • PR #31453: (DmitryKuzmenko) Backport cp_geturl fix for large files into 2015.8
  • PR #31444: (jacobhammons) Documentation updates - ddns state, file.line state/exe function, installation dependencies
  • PR #31341: (twangboy) Clarification on Windows Package Manager docs
  • PR #31380: (kiorky) Bring up ext_pillar rendering errors as well
  • PR #31418: (terminalmage) Fix core grains when Debian OS detected as 'Debian GNU/Linux'
  • PR #31429: (mcalmer) fix argument handling for pkg.download
  • PR #31432: (ticosax) [dockerng] Hotfix docker 1.10.2
  • PR #31420: (twangboy) Handle Unversioned Packages
  • PR #31417: (jacobhammons) ddns state docs updated with notes regarding the name, zone, and keyfile.
  • PR #31391: (redmcg) Added sanity check: is 'pillar' in self.opts
  • PR #31376: (cro) Some distros don't have a /lib/systemd
  • PR #31352: (ticosax) [dockerng] Pull missing images when calling dockerng.running
  • PR #31378: (mcalmer) Zypper refresh handling
  • PR #31373: (terminalmage) Use --set-upstream instead of --track to set upstream on older git
  • PR #31390: (abednarik) Fix Logrotate module.
  • PR #31354: (ticosax) [dockerng] Don't require auth for all registries
  • PR #31368: (whiteinge) Update list of netapi clients for autoclass
  • PR #31367: (techhat) Add docs on how to actually use SDB
  • PR #31357: (ticosax) [dockerng] Support docker inconsistencies
  • PR #31353: (ticosax) [dockerng] Fix when ports are integers
  • PR #31346: (ticosax) Backport #31130 to 2015.8
  • PR #31332: (terminalmage) Clarify documentation for gitfs/hgfs/svnfs mountpoint and root options
  • PR #31305: (mcalmer) call zypper with option --non-interactive everywhere
  • PR #31337: (jacobhammons) Release notes and versioning for 2015.8.7
  • PR #31326: (ticosax) [dockerng ] Detect settings removal
  • PR #31292: (twangboy) Fix dunder virtual to check for Remote Administration Tools
  • PR #31287: (joejulian) Rework tests and fix reverse peering with gluster 3.7
  • PR #31196: (sakateka) Here are a few fixes utils.network
  • PR #31299: (rallytime) Allow state-output and state-verbose default settings to be set from CLI
  • PR #31317: (terminalmage) Fix versonadded directive
  • PR #31301: (terminalmage) Corrected fix for `#30999`_
  • PR #31302: (terminalmage) Audit CLI opts used in git states
  • PR #31312: (terminalmage) Merge 2015.5 into 2015.8
  • PR #31225: (pprince) Fix in file_tree pillar (Fixes `#31223`_.)
  • PR #31233: (mcalmer) implement version_cmp for zypper
  • PR #31273: (rallytime) [2015.8] Merge forward from 2015.5 to 2015.8
  • PR #31253: (gtmanfred) allow for nova servers to be built with premade volumes
  • PR #31271: (rallytime) Back-port #30689 to 2015.8
  • PR #31255: (jacobhammons) Fixes `#30461`_
  • PR #31189: (dmacvicar) Fix crash with scheduler and runners (`#31106`_)
  • PR #31201: (The-Loeki) Utilize prepared grains var in master-side ipcidr matching
  • PR #31239: (terminalmage) Improve logging when master cannot decode a payload
  • PR #31190: (twangboy) Clear minion cache before caching from master
  • PR #31226: (pprince) Minor docs fix: file_tree pillar (Fixes #31124)
  • PR #31234: (mcalmer) improve doc for list_pkgs
  • PR #31237: (mcalmer) add handling for OEM products
  • PR #31182: (rallytime) Back-port #31172 to 2015.8
  • PR #31191: (rallytime) Make sure doc example matches kwarg
  • PR #31171: (Ch3LL) added logic to check for installed package
  • PR #31177: (Ch3LL) add integration test for issue `#30934`_
  • PR #31181: (cachedout) Lint 2015.8 branch
  • PR #31169: (rallytime) Back-port #29718 to 2015.8
  • PR #31170: (rallytime) Back-port #31157 to 2015.8
  • PR #31147: (cro) Documentation clarifications.
  • PR #31153: (edencrane) Fixed invalid host causing 'reference to variable before assignment'
  • PR #31152: (garethgreenaway) fixes to beacon module, state module and friends
  • PR #31149: (jfindlay) add 2015.8.7 release notes
  • PR #31134: (isbm) Fix types in the output data and return just a list of products
  • PR #31120: (gtmanfred) Clean up some bugs in the nova driver
  • PR #31132: (rallytime) Make sure required profile configurations passed in a map file work
  • PR #31131: (Ch3LL) integration test for issue `#31014`_
  • PR #31133: (cachedout) Fixup 31121
  • PR #31125: (isbm) Force-kill websocket's child processes faster than default two minutes.
  • PR #31119: (sakateka) fixes for ipv6-only multi-master faliover
  • PR #31107: (techhat) Don't try to add a non-existent IP address
  • PR #31108: (jtand) Changed npm integration test to install request.
  • PR #31105: (cachedout) Lint 30975
  • PR #31100: (jfindlay) states.x509: docs: peer.sls -> peer.conf
  • PR #31103: (twangboy) Point to reg.delete_key_recursive
  • PR #31093: (techhat) Ensure double directories don't get created
  • PR #31095: (jfindlay) modules.file, states.file: explain symbolic links
  • PR #31061: (rallytime) Revert #30217 - was causing salt-cloud -a breakage
  • PR #31090: (rallytime) Back-port #30542 to 2015.8
  • PR #31085: (jacksontj) Correctly remove path we added after loader is completed
  • PR #31037: (vutny) Update RHEL installation guide to reflect latest repo changes
  • PR #31050: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
  • PR #31053: (cachedout) Fix boto test failures
  • PR #31029: (twangboy) Windows defaults to multiprocessing true
  • PR #30998: (dmacvicar) add_key/reject_key: do not crash w/Permission denied: '/var/cache/salt/master/.dfn' (`#27796`_)
  • PR #31049: (twangboy) Fix versionadded in win_service.config
  • PR #30987: (youngnick) Changed glusterfs.peer() module so state can handle localhost peering attempts.
  • PR #31042: (moltob) Allow using Windows path in archive.extracted name attribute
  • PR #31012: (terminalmage) Fix gitfs/git_pillar/winrepo provider to allow lowercase values
  • PR #31024: (jfindlay) modules.aptpkg.upgrade: clarify dist-upgrade usage
  • PR #31028: (twangboy) Fix config overwrite by windows installer
  • PR #31031: (terminalmage) More complete fix for `#31014`_
  • PR #31026: (terminalmage) Fix regression when contents_pillar/contents_grains is a list.
  • PR #30978: (garethgreenaway) fixes to state.py in 2015.8
  • PR #30893: (bdrung) Make build reproducible
  • PR #30945: (cachedout) Note that pillar cli args are sent via pub
  • PR #31002: (rmtmckenzie) Fix lxc cloud provided minion reporting present
  • PR #31007: (jtand) Fixed rabbitmq_vhost test failure.
  • PR #31004: (rallytime) Remove overstate docs and a few references.
  • PR #30965: (anlutro) Fix rabbitmq_vhost.present result when test=True
  • PR #30955: (Ch3LL) docs: add clarification when source is not defined
  • PR #30941: (rallytime) Back-port #30879 to 2015.8
  • PR #30940: (twangboy) Fix Build Process for OSX
  • PR #30944: (jacobhammons) 2015.8.5 release notes linking and clean up
  • PR #30905: (joejulian) Add realpath to lvm.pvdisplay and use it in vg_present
  • PR #30924: (youngnick) Fix small bug with starting volumes after creation.
  • PR #30910: (cro) fix iDRAC state
  • PR #30919: (garethgreenaway) Fixes to ssh_auth state module
  • PR #30920: (jacobhammons) Versioned to 2015.8.5, added known issue `#30300`_ to release notes
  • PR #30894: (terminalmage) git module/state: Handle identity files more gracefully
  • PR #30750: (jfindlay) extract whole war version
  • PR #30884: (rallytime) Move checks for private_key file existence and permissions to create function
  • PR #30888: (ticosax) Backport #30797 to 2015.8
  • PR #30895: (bdrung) Fix various typos
  • PR #30889: (anlutro) Make msgpack an optional dependency in salt.utils.cache
  • PR #30896: (vutny) Update nodegroups parameter examples in master config example and docs
  • PR #30898: (abednarik) Fix pkg install with version.
  • PR #30867: (rallytime) Pass in 'pack' variable to utils.boto.assign_funcs function from ALL boto modules
  • PR #30849: (jfindlay) utils.aws: use time lib to conver to epoch seconds
  • PR #30874: (terminalmage) Fix regression in git_pillar when multiple remotes are configured
  • PR #30850: (jfindlay) modules.dpkg._get_pkg_info: allow for ubuntu 12.04
  • PR #30852: (replicant0wnz) Added more descriptive error message
  • PR #30847: (terminalmage) Backport #30844 to 2015.8 branch
  • PR #30860: (vutny) Correct installation documentation for RHEL-based distributions
  • PR #30841: (jacobhammons) Release notes for 2015.8.5
  • PR #30835: (terminalmage) Integration test for `#30820`_
  • PR #30837: (jacobhammons) Added known issue `#30820`_ to release notes
  • PR #30832: (rallytime) Add grains modules to salt modindex
  • PR #30822: (rallytime) Make sure setting list_user_permissions to ['', '', ''] doesn't stacktrace
  • PR #30833: (terminalmage) Fix regression in scanning for state with 'name' param
  • PR #30823: (yannis666) Fix for mine to merge configuration on update.
  • PR #30827: (jacobhammons) Version to 2015.8.4, added CVE 2016-1866 to release notes
  • PR #30813: (anlutro) Properly set the default value for pillar_merge_lists
  • PR #30826: (cachedout) Fix 30682
  • PR #30818: (rallytime) Back-port #30790 to 2015.8
  • PR #30815: (vutny) Pick right user argument for updating reactor function's low data
  • PR #30747: (jfindlay) modules.lxc.running_systemd: use command -v not which
  • PR #30800: (twangboy) Ability to handle special case installations
  • PR #30794: (rallytime) A spelling fix and some spacing fixes for the boto_ec2 module docs
  • PR #30756: (basepi) [2015.8] Fix two error conditions in the highstate outputter
  • PR #30788: (rallytime) Fix incorrect doc example for dellchassis blade_idrac state
  • PR #30791: (Ch3LL) do not shadow ret function argument for salt.function
  • PR #30726: (sjmh) Fix improper use of yield in generator
  • PR #30752: (terminalmage) Backport systemd and yum/dnf optimizations from develop into 2015.8
  • PR #30759: (thusoy) Allow managing empty files
  • PR #30758: (thusoy) Support mounting labelled volumes with multiple drives
  • PR #30686: (cachedout) Master-side pillar caching
  • PR #30675: (jfindlay) handle non-ascii minion IDs
  • PR #30691: (rallytime) Make sure we use the "instance" kwarg in cloud.action.
  • PR #30713: (rallytime) Fix-up autodoc proxy modules for consistency
  • PR #30741: (jfindlay) states.locale.__virtual__: return exec mod load err
  • PR #30751: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
  • PR #30720: (clinta) x509.pem_managed does not return changes dict
  • PR #30687: (clarkperkins) Setting 'del_root_vol_on_destroy' changes the root volume type to 'standard'
  • PR #30673: (terminalmage) Properly derive the git_pillar cachedir from the id instead of the URL
  • PR #30666: (cachedout) Fix grains cache
  • PR #30623: (twangboy) Added service.config function
  • PR #30678: (rallytime) Back-port #30668 to 2015.8
  • PR #30677: (clarkperkins) Fix EC2 volume creation logic
  • PR #30680: (cro) Merge forward from 2015.5, primarily for #30671
  • PR #30663: (isbm) Zypper: latest version bugfix and epoch support feature
  • PR #30652: (mew1033) Fix sh beacon
  • PR #30657: (jfindlay) [2015.8] Backport #30378 and #29650
  • PR #30656: (rallytime) [2015.8] Merge 2015.5 into 2015.8
  • PR #30644: (tbaker57) Another go at fixing 30573
  • PR #30611: (isbm) Bugfix: Zypper pkg.latest crash fix
  • PR #30631: (rallytime) Refactor rabbitmq_cluster states to use test=true functionality correctly
  • PR #30628: (rallytime) Refactor rabbitmq_policy states to use test=true functionality correctly
  • PR #30624: (cro) Remove bad symlinks from osx pkg dir
  • PR #30622: (rallytime) Add glance state to list of state modules
  • PR #30618: (rallytime) Back-port #30591 to 2015.8
  • PR #30625: (jfindlay) doc.topics.eauth: clarify client_acl vs eauth

Generated on November 28, 2016 at 06:44:15 MST.

You are viewing docs for the previous stable release, 2015.8.12. Switch to docs for the latest stable release, 2016.3.4, or to a recent doc build from the develop branch.


saltstack.com