Salt 0.16.2 Release Notes¶
Version 0.16.2 is a bugfix release for 0.16.0, and contains a number of fixes.
Windows¶
- Only allow Administrator's group and SYSTEM user access to C:\salt. This eliminates a race condition where a non-admin user could modify a template or managed file before it is executed by the minion (which is running as an elevated user), thus avoiding a potential escalation of privileges. (issue 6361)
Grains¶
- Fixed detection of
virtual
grain on OpenVZ hardware nodes - Gracefully handle lsb_release data when it is enclosed in quotes
- LSB grains are now prefixed with
lsb_distrib_
instead of simplylsb_
. The old naming is not preserved, so SLS may be affected. - Improved grains detection on MacOS
Pillar¶
- Don't try to load git_pillar if not enabled in master config (issue 6052)
- Functions
pillar.item
andpillar.items
added for parity withgrains.item
/grains.items
. The old functionpillar.data
is preserved for backwards compatibility. - Fixed minion traceback when Pillar SLS is malformed (issue 5910)
Peer Publishing¶
- More gracefully handle improperly quoted publish commands (issue 5958)
- Fixed traceback when timeout specified via the CLI fo
publish.publish
,publish.full_data
(issue 5959) - Fixed unintended change in output of
publish.publish
(issue 5928)
Minion¶
- Fixed salt-key usage in minionswarm script
- Quieted warning about SALT_MINION_CONFIG environment variable on
minion startup and for CLI commands run via
salt-call
(issue 5956) - Added minion config parameter
random_reauth_delay
to stagger re-auth attempts when the minion is waiting for the master to approve its public key. This helps prevent SYN flooding in larger environments.
User/Group Management¶
- Implement previously-ignored
unique
option foruser.present
states in FreeBSD - Report in state output when a
group.present
state attempts to use a gid in use by another group - Fixed regression that prevents a
user.present
state to set the password hash to the system default (i.e. an unset password) - Fixed multiple
group.present
states with the same group (issue 6439)
File Management¶
- Fixed file.mkdir setting incorrect permissions (issue 6033)
- Fixed cleanup of source files for templates when
/tmp
is in file_roots (issue 6118) - Fixed caching of zero-byte files when a non-empty file was previously cached at the same path
- Added HTTP authentication support to the cp module (issue 5641)
- Diffs are now suppressed when binary files are changed
Package/Repository Management¶
- Fixed traceback when there is only one target for
pkg.latest
states - Fixed regression in detection of virtual packages (apt)
- Limit number of pkg database refreshes to once per
state.sls
/state.highstate
- YUM: Allow 32-bit packages with arches other than i686 to be managed on 64-bit systems (issue 6299)
- Fixed incorrect reporting in pkgrepo.managed states (issue 5517)
- Fixed 32-bit binary package installs on 64-bit RHEL-based distros, and added proper support for 32-bit packages on 64-bit Debian-based distros (issue 6303)
- Fixed issue where requisites were inadvertently being put into YUM repo files (issue 6471)
Service Management¶
- Fixed inaccurate reporting of results in
service.running
states when the service fails to start (issue 5894) - Fixed handling of custom initscripts in RHEL-based distros so that they are immediately available, negating the need for a second state run to manage the service that the initscript controls
Networking¶
- Function network.hwaddr renamed to
network.hw_addr
to matchnetwork.ip_addrs
andnetwork.ip_addrs6
. All three functions also now work without the underscore in the name, as well. - Fixed traceback in
bridge.show
when interface is not present (issue 6326)
SSH¶
- Fixed incorrect result reporting for some
ssh_known_hosts.present
states - Fixed inaccurate reporting when
ssh_auth.present
states are run withtest=True
, when rsa/dss is used for theenc
param instead of ssh-rsa/ssh-dss (issue 5374)
pip¶
- Properly handle
-f
lines in pip freeze output - Fixed regression in pip.installed states with specifying a requirements file (issue 6003)
- Fixed use of
editable
argument inpip.installed
states (issue 6025) - Deprecated
runas
parameter in execution function calls, in favor ofuser
MySQL¶
- Allow specification of MySQL connection arguments via the CLI, overriding/bypassing minion config params
- Allow
mysql_user.present
states to set a passwordless login (issue 5550) - Fixed endless loop when
mysql.processlist
is run (issue 6297)
PostgreSQL¶
- Fixed traceback in
postgres.user_list
(issue 6352)
Miscellaneous¶
- Don't allow npm states to be used if npm module is not available
- Fixed
alternatives.install
states for which the target is a symlink (issue 6162) - Fixed traceback in sysbench module (issue 6175)
- Fixed traceback in job cache
- Fixed tempfile cleanup for windows
- Fixed issue where SLS files using the pydsl renderer were not being run
- Fixed issue where returners were being passed incorrect information (issue 5518)
- Fixed traceback when numeric args are passed to
cmd.script
states - Fixed bug causing
cp.get_dir
to return more directories than expected (issue 6048) - Fixed traceback when
supervisord.running
states are run withtest=True
(issue 6053) - Fixed tracebacks when Salt encounters problems running rbenv (issue 5888)
- Only make the monit module available if monit binary is present (issue 5871)
- Fixed incorrect behavior of
img.mount_image
- Fixed traceback in
tomcat.deploy_war
in Windows - Don't re-write /etc/fstab if mount fails
- Fixed tracebacks when Salt encounters problems running gem (issue 5886)
- Fixed incorrect behavior of
selinux.boolean
states (issue 5912) - RabbitMQ: Quote passwords to avoid symbols being interpolated by the shell (issue 6338)
- Fixed tracebacks in
extfs.mkfs
andextfs.tune
(issue 6462) - Fixed a regression with the
module.run
state where them_name
andm_fun
arguments were being ignored (issue 6464)