diff --git a/doc/ref/cli/salt-key.rst b/doc/ref/cli/salt-key.rst index ca2d31b171a6..f7a5c8ae0195 100644 --- a/doc/ref/cli/salt-key.rst +++ b/doc/ref/cli/salt-key.rst @@ -137,7 +137,7 @@ Actions Key Generation Options ------------------------ +---------------------- .. option:: --gen-keys=GEN_KEYS @@ -157,10 +157,10 @@ Key Generation Options .. option:: --gen-signature - Create a signature file of the masters public-key named - master_pubkey_signature. The signature can be send to a minion in the - masters auth-reply and enables the minion to verify the masters public-key - cryptographically. This requires a new signing-key- pair which can be + Create a signature file of the master's public-key named + master_pubkey_signature. The signature can be sent to a minion in the + master's auth-reply and enables the minion to verify the master's public-key + cryptographically. This requires a new signing-key-pair which can be auto-created with the --auto-create parameter. .. option:: --priv=PRIV diff --git a/doc/ref/configuration/master.rst b/doc/ref/configuration/master.rst index 8081e1d7f2f0..193f50211852 100644 --- a/doc/ref/configuration/master.rst +++ b/doc/ref/configuration/master.rst @@ -64,7 +64,7 @@ The network port to set up the publication interface. .. conf_master:: master_id ``master_id`` ----------------- +------------- Default: ``None`` @@ -182,7 +182,7 @@ Specify the location of the master pidfile. ``root_dir`` ------------ -Default: :file:`/` +Default: ``/`` The system root directory to operate from, change this to make Salt run from an alternative root. @@ -203,13 +203,13 @@ an alternative root. ``pki_dir`` ----------- -Default: :file:`/etc/salt/pki` +Default: ``/etc/salt/pki/master`` The directory to store the pki authentication keys. .. code-block:: yaml - pki_dir: /etc/salt/pki + pki_dir: /etc/salt/pki/master .. conf_master:: extension_modules @@ -244,7 +244,7 @@ for Salt modules. ``cachedir`` ------------ -Default: :file:`/var/cache/salt` +Default: ``/var/cache/salt/master`` The location used to store cache information, particularly the job information for executed salt commands. @@ -253,7 +253,7 @@ This directory may contain sensitive data and should be protected accordingly. .. code-block:: yaml - cachedir: /var/cache/salt + cachedir: /var/cache/salt/master .. conf_master:: verify_env @@ -277,6 +277,10 @@ Default: ``24`` Set the number of hours to keep old job information. +.. code-block:: yaml + + keep_jobs: 24 + .. conf_master:: timeout ``timeout`` @@ -352,7 +356,7 @@ grains for the master. Default: ``True`` -The master maintains a job cache, while this is a great addition it can be +The master maintains a job cache. While this is a great addition, it can be a burden on the master for larger deployments (over 5000 minions). Disabling the job cache will make previously executed jobs unavailable to the jobs system and is not generally recommended. Normally it is wise to make @@ -382,7 +386,7 @@ predetermine what minions are expected to reply from executions. Default: ``''`` -Used to specify a default returner for all minions, when this option is set +Used to specify a default returner for all minions. When this option is set, the specified returner needs to be properly configured and the minions will always default to sending returns to this returner. This will also disable the local job cache on the master. @@ -394,7 +398,7 @@ local job cache on the master. .. conf_master:: event_return ``event_return`` ------------------ +---------------- .. versionadded:: 2015.5.0 @@ -419,7 +423,7 @@ configuration requirements. Read the returner's documentation. .. versionadded:: 2014.7.0 -Default: 'local_cache' +Default: ``local_cache`` Specify the returner to use for the job cache. The job cache will only be interacted with from the salt master and therefore does not need to be @@ -454,7 +458,7 @@ Default: 0 The maximum number of minion connections allowed by the master. Use this to accommodate the number of minions per master if you have different types of hardware serving your minions. The default of ``0`` means unlimited connections. -Please note, that this can slow down the authentication process a bit in large +Please note that this can slow down the authentication process a bit in large setups. .. code-block:: yaml @@ -719,7 +723,7 @@ security purposes. Default: ``False`` -Sign the master auth-replies with a cryptographic signature of the masters +Sign the master auth-replies with a cryptographic signature of the master's public key. Please see the tutorial how to use these settings in the `Multimaster-PKI with Failover Tutorial `_ @@ -747,8 +751,8 @@ The customizable name of the signing-key-pair without suffix. Default: ``master_pubkey_signature`` -The name of the file in the masters pki-directory that holds the pre-calculated -signature of the masters public-key. +The name of the file in the master's pki-directory that holds the pre-calculated +signature of the master's public-key. .. code-block:: yaml @@ -798,6 +802,11 @@ Default: ``[]`` Set additional directories to search for runner modules. +.. code-block:: yaml + + runner_dirs: + - /var/lib/salt/runners + .. conf_master:: cython_enable ``cython_enable`` @@ -886,7 +895,7 @@ The renderer to use on the minions to render the state data. Default: ``False`` -Set the global failhard flag, this informs all states to stop running states +Set the global failhard flag. This informs all states to stop running states at the moment a single state fails. .. code-block:: yaml @@ -902,8 +911,7 @@ Default: ``True`` Controls the verbosity of state runs. By default, the results of all states are returned, but setting this value to ``False`` will cause salt to only display -output for states which either failed, or succeeded without making any changes -to the minion. +output for states that failed or states that have changes. .. code-block:: yaml @@ -1949,7 +1957,7 @@ functions. The available ext_pillar functions can be found herein: By default, the ext_pillar interface is not configured to run. -Default: ``None`` +Default: ``[]`` .. code-block:: yaml @@ -2400,7 +2408,7 @@ value must be set to True ``syndic_master`` ----------------- -Default: ``None`` +Default: ``''`` If this master will be running a salt-syndic to connect to a higher level master, specify the higher level master with this configuration value. @@ -2714,7 +2722,7 @@ Range Cluster Settings ``range_server`` ---------------- -Default: ``''`` +Default: ``'range:80'`` The range server (and optional port) that serves your cluster information https://github.com/ytoolshed/range/wiki/%22yamlfile%22-module-file-spec diff --git a/doc/ref/configuration/minion.rst b/doc/ref/configuration/minion.rst index c760f2976845..bbca56558373 100644 --- a/doc/ref/configuration/minion.rst +++ b/doc/ref/configuration/minion.rst @@ -112,14 +112,16 @@ the minion and it will connect to the new master. ``master_alive_interval`` ------------------------- -.. code-block:: yaml - - master_alive_interval: 30 +Default: ``0`` Configures how often, in seconds, the minion will verify that the current master is alive and responding. The minion will try to establish a connection to the next master in the list if it finds the existing one is dead. +.. code-block:: yaml + + master_alive_interval: 30 + .. conf_minion:: master_shuffle ``master_shuffle`` @@ -221,7 +223,7 @@ need to be changed to the ownership of the new user. Default: ``''`` -Setting ``sudo_user`` will cause salt to run all execution modules under an +Setting ``sudo_user`` will cause salt to run all execution modules under a sudo to the user given in ``sudo_user``. The user under which the salt minion process itself runs will still be that provided in :conf_minion:`user` above, but all execution modules run by the minion will be rerouted through sudo. @@ -264,13 +266,13 @@ This directory is prepended to the following options: :conf_minion:`pki_dir`, ``pki_dir`` ----------- -Default: ``/etc/salt/pki`` +Default: ``/etc/salt/pki/minion`` The directory used to store the minion's public and private keys. .. code-block:: yaml - pki_dir: /etc/salt/pki + pki_dir: /etc/salt/pki/minion .. conf_minion:: id @@ -312,7 +314,7 @@ FQDN (for instance, Solaris). ``cachedir`` ------------ -Default: ``/var/cache/salt`` +Default: ``/var/cache/salt/minion`` The location for minion cache data. @@ -320,7 +322,7 @@ This directory may contain sensitive data and should be protected accordingly. .. code-block:: yaml - cachedir: /var/cache/salt + cachedir: /var/cache/salt/minion .. conf_minion:: verify_env @@ -392,7 +394,7 @@ The directory where Unix sockets will be kept. ``backup_mode`` --------------- -Default: ``[]`` +Default: ``''`` Backup files replaced by file.managed and file.recurse under cachedir. @@ -419,6 +421,8 @@ master. ``random_reauth_delay`` ----------------------- +Default: ``10`` + When the master key changes, the minion will try to re-auth itself to receive the new master key. In larger environments this can cause a syn-flood on the master because all minions try to re-auth immediately. To prevent this @@ -435,7 +439,7 @@ parameter. The wait-time will be a random number of seconds between ``acceptance_wait_time_max`` ---------------------------- -Default: ``None`` +Default: ``0`` The maximum number of seconds to wait until attempting to re\-authenticate with the master. If set, the wait will increase by acceptance_wait_time @@ -443,7 +447,7 @@ seconds each iteration. .. code-block:: yaml - acceptance_wait_time_max: None + acceptance_wait_time_max: 0 .. conf_minion:: recon_default @@ -490,7 +494,7 @@ Short example: Default: ``True`` Generate a random wait time on minion start. The wait time will be a random value -between recon_default and recon_default and recon_max. Having all minions reconnect +between recon_default and recon_default + recon_max. Having all minions reconnect with the same recon_default and recon_max value kind of defeats the purpose of being able to change these settings. If all minions have the same values and the setup is quite large (several thousand minions), they will still flood the master. The desired @@ -522,7 +526,7 @@ The default timeout for a minion return attempt. Default: ``10`` The maximum timeout for a minion return attempt. If non-zero the minion return -retry timeout will be a random int beween ``return_retry_timer`` and +retry timeout will be a random int between ``return_retry_timer`` and ``return_retry_timer_max`` .. code-block:: yaml @@ -538,7 +542,6 @@ Default: ``True`` The connection to the master ret_port is kept open. When set to False, the minion creates a new connection for every return to the master. -environment, set this value to ``False``. .. code-block:: yaml @@ -665,7 +668,7 @@ A list of extra directories to search for Salt returners .. code-block:: yaml - returners_dirs: + returner_dirs: - /var/lib/salt/returners .. conf_minion:: states_dirs @@ -720,7 +723,7 @@ A list of extra directories to search for Salt renderers Default: ``False`` Set this value to true to enable auto-loading and compiling of ``.pyx`` modules, -This setting requires that ``gcc`` and ``cython`` are installed on the minion +This setting requires that ``gcc`` and ``cython`` are installed on the minion. .. code-block:: yaml @@ -782,12 +785,11 @@ The default renderer used for local state executions ``state_verbose`` ----------------- -Default: ``False`` +Default: ``True`` -state_verbose allows for the data returned from the minion to be more -verbose. Normally only states that fail or states that have changes are -returned, but setting state_verbose to ``True`` will return all states that -were checked +Controls the verbosity of state runs. By default, the results of all states are +returned, but setting this value to ``False`` will cause salt to only display +output for states that failed or states that have changes. .. code-block:: yaml @@ -815,9 +817,9 @@ the output will be shortened to a single line. Default: ``True`` -autoload_dynamic_modules Turns on automatic loading of modules found in the -environments on the master. This is turned on by default, to turn of -auto-loading modules when states run set this value to ``False`` +autoload_dynamic_modules turns on automatic loading of modules found in the +environments on the master. This is turned on by default. To turn off +auto-loading modules when states run, set this value to ``False``. .. code-block:: yaml @@ -828,9 +830,9 @@ auto-loading modules when states run set this value to ``False`` Default: ``True`` clean_dynamic_modules keeps the dynamic modules on the minion in sync with -the dynamic modules on the master, this means that if a dynamic module is +the dynamic modules on the master. This means that if a dynamic module is not on the master it will be deleted from the minion. By default this is -enabled and can be disabled by changing this value to ``False`` +enabled and can be disabled by changing this value to ``False``. .. code-block:: yaml @@ -1005,7 +1007,6 @@ before the initial key exchange. The master fingerprint can be found by running .. conf_minion:: verify_master_pubkey_sign - ``verify_master_pubkey_sign`` ----------------------------- @@ -1049,7 +1050,7 @@ minion's pki directory. Default: ``False`` -If :conf_minion:`verify_master_pubkey_sign` is enabled, the signature is only verified, +If :conf_minion:`verify_master_pubkey_sign` is enabled, the signature is only verified if the public-key of the master changes. If the signature should always be verified, this can be set to ``True``. @@ -1257,10 +1258,9 @@ ZeroMQ is installed. Default: ``False`` -Set the global failhard flag, this informs all states to stop running states +Set the global failhard flag. This informs all states to stop running states at the moment a single state fails - .. code-block:: yaml failhard: False diff --git a/doc/topics/tutorials/intro_scale.rst b/doc/topics/tutorials/intro_scale.rst index 534f5c458ab8..404890251a7c 100644 --- a/doc/topics/tutorials/intro_scale.rst +++ b/doc/topics/tutorials/intro_scale.rst @@ -106,13 +106,15 @@ the sample configuration file (default values) .. code-block:: yaml - recon_default: 100ms + recon_default: 1000 recon_max: 5000 recon_randomize: True -- recon_default: the default value the socket should use, i.e. 100ms +- recon_default: the default value the socket should use, i.e. 1000. This value is in + milliseconds. (1000ms = 1 second) - recon_max: the max value that the socket should use as a delay before trying to reconnect + This value is in milliseconds. (5000ms = 5 seconds) - recon_randomize: enables randomization between recon_default and recon_max To tune this values to an existing environment, a few decision have to be made. diff --git a/salt/config.py b/salt/config.py index 1f83c331589a..6780859a2bdd 100644 --- a/salt/config.py +++ b/salt/config.py @@ -3,9 +3,9 @@ All salt configuration loading and defaults should be in this module ''' -from __future__ import absolute_import, generators - # Import python libs +from __future__ import absolute_import +from __future__ import generators import os import re import sys @@ -63,7 +63,7 @@ VALID_OPTS = { # The address of the salt master. May be specified as IP address or hostname - 'master': (str, list), + 'master': (string_types, list), # The TCP/UDP port of the master to connect to in order to listen to publications 'master_port': int, @@ -348,7 +348,7 @@ # If a minion is running an esky build of salt, upgrades can be performed using the url # defined here. See saltutil.update() for additional information - 'update_url': bool, + 'update_url': (bool, string_types), # If using update_url with saltutil.update(), provide a list of services to be restarted # post-install @@ -367,7 +367,7 @@ # Tells the minion to choose a bounded, random interval to have zeromq attempt to reconnect # in the event of a disconnect event - 'recon_randomize': float, # FIXME This should really be a bool, according to the implementation + 'recon_randomize': bool, 'return_retry_timer': int, 'return_retry_timer_max': int, @@ -531,7 +531,7 @@ 'ping_on_rotate': bool, 'peer': dict, 'preserve_minion_cache': bool, - 'syndic_master': str, + 'syndic_master': (string_types, list), 'runner_dirs': list, 'client_acl': dict, 'client_acl_blacklist': dict, @@ -540,8 +540,8 @@ 'token_expire': int, 'file_recv': bool, 'file_recv_max_size': int, - 'file_ignore_regex': list, - 'file_ignore_glob': list, + 'file_ignore_regex': (list, string_types), + 'file_ignore_glob': (list, string_types), 'fileserver_backend': list, 'fileserver_followsymlinks': bool, 'fileserver_ignoresymlinks': bool, @@ -665,9 +665,6 @@ # The transport system for this daemon. (i.e. zeromq, raet, etc) 'transport': str, - # FIXME Appears to be unused - 'enumerate_proxy_minions': bool, - # The number of seconds to wait when the client is requesting information about running jobs 'gather_job_timeout': int, @@ -784,7 +781,7 @@ 'master': 'salt', 'master_type': 'str', 'master_uri_format': 'default', - 'master_port': '4506', + 'master_port': 4506, 'master_finger': '', 'master_shuffle': False, 'master_alive_interval': 0, @@ -991,7 +988,7 @@ DEFAULT_MASTER_OPTS = { 'interface': '0.0.0.0', - 'publish_port': '4505', + 'publish_port': 4505, 'pub_hwm': 1000, # ZMQ HWM for SaltEvent pub socket - different for minion vs. master 'salt_event_pub_hwm': 2000, @@ -1001,7 +998,7 @@ 'user': 'root', 'worker_threads': 5, 'sock_dir': os.path.join(salt.syspaths.SOCK_DIR, 'master'), - 'ret_port': '4506', + 'ret_port': 4506, 'timeout': 5, 'keep_jobs': 24, 'root_dir': salt.syspaths.ROOT_DIR, @@ -1093,7 +1090,7 @@ 'file_recv_max_size': 100, 'file_buffer_size': 1048576, 'file_ignore_regex': [], - 'file_ignore_glob': None, + 'file_ignore_glob': [], 'fileserver_backend': ['roots'], 'fileserver_followsymlinks': True, 'fileserver_ignoresymlinks': False, @@ -1179,7 +1176,6 @@ 'sign_pub_messages': False, 'keysize': 2048, 'transport': 'zeromq', - 'enumerate_proxy_minions': False, 'gather_job_timeout': 10, 'syndic_event_forward_timeout': 0.5, 'syndic_max_event_process_time': 0.5, @@ -1415,7 +1411,7 @@ def format_multi_opt(valid_type): '\\\\.\\mailslot\\' + opts['sock_dir'].replace(':', '')) for error in errors: - log.debug(error) + log.warning(error) if errors: return False return True diff --git a/salt/modules/yumpkg.py b/salt/modules/yumpkg.py index 5e3228c98402..cbd15fbdba36 100644 --- a/salt/modules/yumpkg.py +++ b/salt/modules/yumpkg.py @@ -234,7 +234,10 @@ def _yum_pkginfo(output): cur['arch'], osarch) else: - if key == 'repoid': + if key == 'version': + # Suppport packages with no 'Release' parameter + value = value.rstrip('-') + elif key == 'repoid': # Installed packages show a '@' at the beginning value = value.lstrip('@') cur[key] = value