Salt 0.16.2 Release Notes

release

2013-08-01

Version 0.16.2 is a bugfix release for 0.16.0, and contains a number of fixes.

Windows

  • Only allow Administrator's group and SYSTEM user access to C:\salt. This eliminates a race condition where a non-admin user could modify a template or managed file before it is executed by the minion (which is running as an elevated user), thus avoiding a potential escalation of privileges. (issue #6361)

Grains

  • Fixed detection of virtual grain on OpenVZ hardware nodes

  • Gracefully handle lsb_release data when it is enclosed in quotes

  • LSB grains are now prefixed with lsb_distrib_ instead of simply lsb_. The old naming is not preserved, so SLS may be affected.

  • Improved grains detection on MacOS

Pillar

Peer Publishing

Minion

  • Fixed salt-key usage in minionswarm script

  • Quieted warning about SALT_MINION_CONFIG environment variable on minion startup and for CLI commands run via salt-call (issue #5956)

  • Added minion config parameter random_reauth_delay to stagger re-auth attempts when the minion is waiting for the master to approve its public key. This helps prevent SYN flooding in larger environments.

User/Group Management

  • Implement previously-ignored unique option for user.present states in FreeBSD

  • Report in state output when a group.present state attempts to use a gid in use by another group

  • Fixed regression that prevents a user.present state to set the password hash to the system default (i.e. an unset password)

  • Fixed multiple group.present states with the same group (issue #6439)

File Management

  • Fixed file.mkdir setting incorrect permissions (issue #6033)

  • Fixed cleanup of source files for templates when /tmp is in file_roots (issue #6118)

  • Fixed caching of zero-byte files when a non-empty file was previously cached at the same path

  • Added HTTP authentication support to the cp module (issue #5641)

  • Diffs are now suppressed when binary files are changed

Package/Repository Management

  • Fixed traceback when there is only one target for pkg.latest states

  • Fixed regression in detection of virtual packages (apt)

  • Limit number of pkg database refreshes to once per state.sls/state.highstate

  • YUM: Allow 32-bit packages with arches other than i686 to be managed on 64-bit systems (issue #6299)

  • Fixed incorrect reporting in pkgrepo.managed states (issue #5517)

  • Fixed 32-bit binary package installs on 64-bit RHEL-based distros, and added proper support for 32-bit packages on 64-bit Debian-based distros (issue #6303)

  • Fixed issue where requisites were inadvertently being put into YUM repo files (issue #6471)

Service Management

  • Fixed inaccurate reporting of results in service.running states when the service fails to start (issue #5894)

  • Fixed handling of custom initscripts in RHEL-based distros so that they are immediately available, negating the need for a second state run to manage the service that the initscript controls

Networking

SSH

pip

  • Properly handle -f lines in pip freeze output

  • Fixed regression in pip.installed states with specifying a requirements file (issue #6003)

  • Fixed use of editable argument in pip.installed states (issue #6025)

  • Deprecated runas parameter in execution function calls, in favor of user

MySQL

PostgreSQL

Miscellaneous