Version 2016.3.9 is a bugfix release for 2016.3.0.
The following options have been added to the master config file:
allow_minion_key_revoke
- This option controls whether a
minion can request that the master revoke its key. When True
, a minion
can request a key revocation and the master will comply. If it is False
,
the key will not be revoked by the msater.
require_minion_sign_messages
- This requires that minions
cryptographically sign the messages they publish to the master. If minions
are not signing, then log this information at loglevel INFO
and drop the
message without acting on it.
drop_messages_signature_fail
- Drop messages from minions when
their signatures do not validate. Note that when this option is False
but
require_minion_sign_messages is True
, minions MUST sign their
messages, but the validity of their signatures is ignored.
minion_sign_messages
- Causes the minion to cryptographically
sign the payload of messages it places on the event bus for the master. The
payloads are signed with the minion's private key so the master can verify
the signature with its public key.