Path to this page:
Subject: CVS commit: pkgsrc/sysutils
From: Adam Ciarcinski
Date: 2021-11-14 21:01:17
Message id: 20211114200117.7ADEEFAEC@cvs.NetBSD.org
Log Message:
salt salt-docs: updated to 3004
SALT 3004 RELEASE NOTES - CODENAME SILICON
NEW FEATURES
TRANSACTIONAL SYSTEM SUPPORT (MICROOS)
A transactional system, like MicroOS, can present some challenges when the user \
decided to manage it via Salt.
MicroOS provide a read-only rootfs and a tool, transactional-update, that takes \
care of the management of the system (updating, upgrading, installation or \
reboot, among others) in an atomic way.
Atomicity is the main feature of MicroOS, and to guarantee this property, this \
model leverages snapper, zypper, btrfs and overlayfs to create snapshots that \
will be updated independently of the currently running system, and that are \
activated after the reboot. This implies, for example, that some changes made on \
the system are not visible until the next reboot, as those changes are living in \
a different snapshot of the file system.
Salt 3004 (Silicon) support this type of system via two new modules \
(transactional_update and rebootmgr) and a new executor (transactional_update).
The new modules will provide all the low level API for interacting with \
transactional systems, like defining a mantenance window where the system is \
free to reboot and activate the new state, or install new software in a new \
transaction. It will also provide hight level of abstractions that will allows \
us to execute Salt module functions or applying states inside new transactions.
The execution module will help us to treat the transactional system \
transparently (like the traditional ones), using a mechanism that will delegate \
some Salt modules execution into the new transactional_update module.
REMOVED
Removed the deprecated glance state and execution module in favor of the \
glance_image state module and the glanceng execution module.
Removed support for Ubuntu 16.04
Removed the deprecated support for gid_from_name from the user state module
Removed deprecated virt.migrate_non_shared, virt.migrate_non_shared_inc, ssh \
from virt.migrate, and python2/python3 args from salt.utils.thin.gen_min and \
.gen_thin
DEPRECATED
The _ext_nodes alias to the master_tops function was added back in 3004 to \
maintain backwards compatibility with older supported versions. This alias will \
now be removed in 3006. This change will break Master and Minion communication \
compatibility with Salt minions running versions 3003 and lower.
utils/boto3_elasticsearch is no longer needed
Changed "manufacture" grain to "manufacturer" for Solaris on \
SPARC to unify the name across all platforms. The old "manufacture" \
grain is now deprecated and will be removed in Sulfur
Deprecate salt.payload.Serial
CHANGED
Changed nginx.version to return version without nginx/ prefix.
Updated Slack webhook returner to support event returns on salt-master
Parsing Epoch out of version during pkg remove, since yum can't handle that in \
all of the cases.
Add extra onfail req check in the state engine to allow onfail to be used with \
onchanges and other reqs in the same state
Changed the default character set used by utils.pycrypto.secure_password() to \
include symbols and implemented arguments to control the used character set.
FIXED
Set default 'bootstrap_delay' to 0
Fixed issue where multiple args to netapi were not preserved
Handle all repo formats in the aptpkg module.
Do not break master_tops for minion with version lower to 3003 This is going to \
be removed in Salt 3006 (Sulfur)
Reverting changes in 60150. Updating installed and removed functions to return \
changes when test=True.
Handle signals and properly exit, instead of raising exceptions.
Redirect imports of salt.ext.six to six
Surface strerror to user state instead of returning false
Fixing _get_envs() to preserve the order of pillar_roots. _get_envs() returned \
pillar_roots in a non-deterministic order.
Fixes salt-cloud KeyError that occurs when there exists any subnets with no tags \
when profiles use subnetname
Fixes postgres_local_cache by removing duplicate unicode encoding.
Fixing the state aggregation system to properly handle requisities. Fixing pkg \
state to exclude packages from aggregation if the hold attribute is in the \
state.
fix issue that allows case sensitive files to be carried through
Allow GCE Salt Cloud to use previously created IP Addresses.
Fixing rabbitmq.list_user_permissions to ensure we are returning a permission \
list with three elements even when some values are empty.
Periodically restart the fileserver update process to avoid leaks
Fix default value to dictionary for mine_function
Allow user.present to work on Alpine Linux by fixing linux_shadow.info
Ensure that zypper is called with only one --no-refresh parameter
Fixed fileclient cachedir path switching from master to minion due to incorrect \
MasterMinion configuration
Fixed the container detection inside virtual machines
Fix invalid dnf command when obsoletes=True in pkg.update function
Jinja renderer resolves wrong relative paths when importing subdirectories
Fixed bug 55262 where salt.modules.iptables would call cmd.run and receive and \
interpret interspersed stdout and stderr output from subprocesses.
Updated pcs support to handle auth and setup for new syntax supporting version 0.10
Reinstate ignore_cidr option in salt-cloud openstack driver
Fix for network.wolmatch runner displaying 'invalid arguments' error with valid \
arguements
Fixed bug 57490, which prevented package installation for Open Euler and Issabel \
PBX. Both Open Euler and Issabel PBX use Yum for package management, added them \
to yumpkg.py.
Better handling of bad RSA public keys from minions
Fixing various functions in the file state module that use user.info to get \
group information, certain hosts particularly proxy minions do not have the \
user.info function avaiable.
Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules
Fix --subset command line option, and support old 'sub' parameter name in \
cmd_subset for backwards compatibility
When calling salt.utils.http.query with a HEAD method to check for the existence \
of a source ensure that decode_body is False, so the file is not downloaded into \
memory when we don't need the contents.
Update the runas user on freebsd for postgres versions >9.5, since freebsd \
will be removing the package on 2021-05-13.
Fix pip module linked requirements file parsing
Fix incorrect hostname quoting in /etc/sysconfig/networking on Red Hat family OS.
Fix Xen DomU virt detection in grains for long running machines.
add encoding when windows encoding is not defaulting to utf8
Fix "aptpkg.normalize_name" in case the arch is "all" for \
DEB packages
Astra Linux now considered a Debian family distro
Reworking the mysql module and state so that passwordless does not try to use \
unix_socket until unix_socket is set to True.
Fixed the zabbix module to read the connection data from pillar.
Fix crash on "yumpkg" execution module when unexpected output at \
listing patches
Remove return that had left over py2 code from win_path.py
Don't create spicevmc channel for Xen virtual machines
Fix win_servermanager.install so it will reboot when restart=True is passed
Clear the cached network interface grains during minion init and grains refresh
Normalized grain output for LXC containers
Fix typo in 'salt/states/cmd.py' to use "comment" instead of \
"commnd".
add aliyun linux support and set alinux as redhat family
Don't fail updating network without netmask ip attribute
Fixed using reserved keyword 'set' as function argument in modules/ipset.py
Return empty changes when nothing has been done in virt.defined and virt.running \
states
Import salt.utils.azurearm instead of using __utils__ from loader in azure \
cloud. This fixes an issue where __utils__ would become unavailable when we are \
using the ThreadPool in azurearm.
Fix an issue with the LGPO module when the gpt.ini file contains unix style line \
endings (/n). This was happening on a Windows Server 2019 instance created in \
Google Cloud Platform (GCP).
The ansiblegate module now correctly passes keyword arguments to Ansible module calls
Make sure cmdmod._log_cmd handles tuples properly
Updating the add, delete, modify, enable_job, and disable_job functions to \
return appropriate changes.
Apply pre-commit changes to entire codebase.
Fix Hetzner cloud driver does not recognize machines when rolling out a map
Update Windows build deps & DLLs, Use Python 3.8, libsodium.dll 1.0.18, \
OpenSSL dlls to 1.1.1k
Salt api verifies proper log file path when providing '--log-file' from the cli
Detect Mendel Linux as Debian
Fixed compilation of requisite_ins by also checking state type along with name/id
Fix xen._get_vm() to not break silently when a VM and a template on XenServer \
have the same name.
Added missing space for nftables.build_rule when using saddr or daddr.
Add back support to load old entrypoints by iterating instead of type checking
Fixed interrupting salt-call in a pdb session.
Validate we can import map files in states
Update alter_db to return True or False depending on the success of failure of \
the alter. Update grant_exists to only use the full list of available privileges \
when the grant is on the global level, eg. datbase is ".".
Fixed firewalld.list_zones when any "rich rules" is set
IPCMessageSubscriber objects expose their connect method as a corotine so they \
can be wrapped by SyncWrapper.
Allow for Napalm dependency netmiko_mod to load correctly when used by Napalm \
with Cisco IOS
Ensure proper access to the created temporary file when runas is passed to \
cmd.exec_code_all
Fixed an IndexError in pkgng.latest_version when querying an unknown package.
Fixed pkgng.latest_version when querying by origin (e.g. "shells/bash").
Gracefuly handle errors in virt.vm_info
The LGPO Module now uses "Success and Failure" for normal audit \
settings and advanced audit settings
Fixing tests/pytests/unit/utils/scheduler/test_eval.py tests so the sleep \
happens before the status, so the job is given time before we check it.
Update the external ipaddress to the latest 3.9.5 version which has some \
security fixes. Updating the compat.p to use the vendored version if the python \
version is below 3.9.5 and only run the test_ipaddress.py tests if below 3.9.5.
Fixed ValueError exception in state.show_state_usage
Redact the username and password when something goes wrong when using an HTTP \
source and we raise an exception.
Inject the Ansible functions into Salt's ansiblegate module which was broken on \
the 3001 release.
Figure out the available Python version inside containers when executing \
"dockermod.call" function
Handle IPv6 route types such as anycast, multicast, etc when returned from IPv6 \
route table queries
Move the commonly used code that converts a list to a dictionary into \
salt.utils.beacons. Fixing inotify beacon close function to ensure the \
configuration is converted from the provided list format into a dictionary.
Set name of engine subprocesses
Properly discover block devices path in virt.running
Avoid exceptions when handling some exception cases.
Fixed faulty error message in npm.installed state.
Port option reinstated for Junos Proxy (accidentally removed)
Now hosts.rm_host can remove entries from /etc/hosts when this file have inline \
comments.
Fixes issue where the full same name is not used when making rights assignments \
with group policy
Fixed zabbix_host.present to not overwrite inventory_mode to "manual" \
everytime inventory is updated.
Allowed zabbix_host.present to do partial updates of inventory, also don't erase \
everything if inventory is missing in state definition.
Fixing the mysql_cache module to handle binary inserting binary data into the \
database. Initially adding tests.
Fixed host_inventory_get to not throw an exception if host does not exist
Check for /dev/kvm to detect KVM hypervisor.
Fixing file.accumulated handling of dependencies when the state_id is used \
instead of {function: state_id} format.
Adding the ability for yumpkg.remove to handle package names with widdcards.
Pass emulator path to get guest capabilities from libvirt
virt.get_disks: properly report qemu-img errors
Make all platforms have psutils. This prevents a minion from starting if an \
instance is all ready running.
Ignore configuration for 'enable_fqdns_grains' for AIX, Solaris and Juniper, \
assume False
Remove check for TIAMAT_BUILD enforcing USE_STATIC_REQUIREMENTS, this is now \
controled by Tiamat v7.10.1 and above
Have the beacon call run through a try...except, catching any errors, logging \
and firing an event that includes the error. Fixing the swapusage beacon to \
ensure value is a string before we attempt to filter out the %.
Refactor loader into logical sub-modules
Clean up references to ZMQDefaultLoop
change dep warn from Silicon to Phosphorus for the cmd,show,system_info and \
add_config functions in the nxos module.
Fix bug 60602 where the hetzner cloud provider isn't recognized correctly
Fix the pwd.getpwnam caching issue on macOS user module
Fixing beacons that can include a value in their configuration that may or may \
not included a percentage. We want to handle the situation where the percentage \
sign is not included and the value is not handled as a string.
Fix RuntimeError in process manager
Ensure all data that is being passed along to LDAP is in an OrderedSet and \
contains bytes.
Update the AWS API version so VMs spun up by salt-cloud where the VPC has it \
enabled to assign ipv6 addresses by default, actually get ipv6 addresses \
assigned by default.
Remove un-needed singletons from tranports
ADDED
Add windows support for file.patch with patch.exe from git for windows optional \
packages
Added ability to pass exclude kwarg to salt.state inside orchestrate.
Added success_stdout and success_stderr arguments to cmd.run, to override \
default return code behavior.
The netbox pillar now been enhanced to add support for querying virtual machines \
(in addition to devices), as well as minion interfaces and associated IP \
addresses.
Add support for transactional systems, like openSUSE MicroOS
Added namespace headers to allow use of namespace from config to communicate \
with Vault Enterprise namespaces
boto3mod unit tests
New decorators allow_one_of() and require_one_of()
Added nosync switch to disable initial raid synchronization
Expanded the documentation for the netbox pillar.
Rocky Linux has been added to the RedHat os_family.
Add "poudriere -i -j jail_name" option to list jail information for \
poudriere
Added the grains.uuid on Windows platform
Add a salt.util.platform check to detect the AArch64 64-bit extension of the ARM \
architecture.
Adding support for Deltaproxy controlled proxy minions into Salt Open.
Added functions to slsutil execution module to test if files exist in the state \
tree Added funtion to slsutil execution module to search for a file by walking \
up the state tree
Allow module_refresh to also refresh available beacons, eg. following a Python \
library being installed and "refresh_modules" being passed as an \
argument in a state.
Add the detect_remote_minions and remote_minions_port options to allow the \
master to detect remote ports for connected minions. This will allow users to \
detect Heist-Salt minions the master is connected to over port 22 by default.
Add the python rpm-vercmp library in the rpm_lowpkg.py module.
Allow a user to use the aptpkg.py module without installing python-apt.
Files: