Salt 3005 release notes - Codename Phosphorus

Python 3.5 and 3.6 deprecation

This will be the last release we will support Python versions 3.5 and 3.6. In Salt release 3006, we will only support Python versions 3.7 and higher. Going forward, our policy will be to align with Python's supported versions.

OS support end of life

Debian and Raspbian 9 are now EOL, therefore we will no longer be building packages for these platforms.

Raspberry Pi

We will no longer build the Raspberry Pi packages after the 3005 release but will provide open sources project links in an updated announcement later. Please see the announcement for more details: https://saltproject.io/salt-project-announces-the-open-sourcing-of-several-saltstack-native-minions/

New packages available

With the release of Salt 3005, we are pleased to announce the new onedir packages using pyinstaller are now out of beta and ready for production. These new packages make the installation process easier. Onedir packages install Salt with one directory that includes all the executables Salt needs to run effectively, including the version of Python and the required dependencies that Salt needs. These packages make it easier to use Salt out of the box without installing Python first.

Going forward, any new OS platforms supported by the Salt Project from version 3005 can only be installed using onedir packages. For this release, this includes Redhat 9, Ubuntu 22.04, and Photon OS 3. The Salt Project will phase out the old ("classic") Salt package builds for currently supported operating systems by 3006. See Upgrade to onedir for more information.

On the day of the Phosphorus release, the onedir packages will be available on https://repo.saltproject.io for each platform. The instructions for installing onedir packages and the classic packages will be available on the new Salt Install Guide.

If you want to test out the packages today, you can install them from https://repo.saltproject.io/salt-dev/py3/ using the correct directory for your platform. If you find any issues with the packages, please open an issue on this repo: https://gitlab.com/saltstack/open/salt-pkg

Classic, non-onedir packaging support

The classic, non-onedir packaging system previously used for Salt will also be provided for platforms supported in previous Salt versions. The classic packaging will only be available for the 3005 release. The 3006 release and all releases going forward will only provide the onedir packages.

Platform package support

OS

New onedir packages

Classic, non-onedir packages

RHEL 7

yes

yes

RHEL 8

yes

yes

RHEL 9

yes

no

Ubuntu 18.04

yes

yes

Ubuntu 20.04

yes

yes

Ubuntu 22.04

yes

no

Debian 10

yes

yes

Debian 11

yes

yes

Raspbian 10

no

yes

Raspbian 11

no

yes

Fedora 35

yes

yes

Fedora 36

yes

yes

MacOS

yes

yes

Windows

yes

yes

Repo paths

OS

Onedir path

Classic, Non-onedir path

RHEL

https://repo.saltproject.io/salt/py3/redhat/

https://repo.saltproject.io/py3/redhat/

Ubuntu

https://repo.saltproject.io/salt/py3/ubuntu/

https://repo.saltproject.io/py3/ubuntu/

Debian

https://repo.saltproject.io/salt/py3/debian/

https://repo.saltproject.io/py3/debian/

Raspbian

Not available

https://repo.saltproject.io/py3/debian/

Fedora

Hosted on Fedora Repos

Hosted on Fedora Repos

MacOS

https://repo.saltproject.io/salt/py3/osx/

https://repo.saltproject.io/osx/

Windows

https://repo.saltproject.io/salt/py3/windows/

https://repo.saltproject.io/windows/

Note that the onedir paths above will not be available until the day of the Phosphorus release.

How do I migrate to the onedir packages?

The migration path from the classic, non-onedir packages to the onedir packages will include:

  • Repo File: You need to update your repo file to point to the new repo paths for your platform. After the repo file is updated, upgrade your Salt packages.

  • Pip packages: You need to ensure any 3rd party pip packages are installed in the correct onedir path. This can be accomplished in two ways:

    • salt-pip install <package name>

    • Using the pip.installed Salt state.

To install python packages into the system python environment, users must now provide the pip_bin or bin_env to the pip state module.

For example:

lib-foo:
  pip.installed:
    - pip_bin: /usr/bin/pip3
lib-bar:
  pip.installed:
    - bin_env: /usr/bin/python3

Known issues

  • To make use of Salt 3005 or later on a Salt master connected to SaltStack Config, you must use SaltStack Config version 8.9.0 or later.

    The root cause of the issue is a breaking change to AsyncClient._proc_function()` in Salt, which is the function that the raas-master uses to run salt-run commands. As this is a private API, there's no expectation that the API should remain backward-compatible.

    It is recommended to upgrade SaltStack Config before upgrading your Salt masters. However, if a Salt master is upgraded to version 3005 before upgrading SaltStack Config, the upgrade can still be completed.

    After upgrading SaltStack Config, including the SSC plugin on each Salt master, restart the Salt masters.

  • Salt does not currently support napalm 4. Users will need to install napalm 3.x to ensure they do not run into issue #62468

Removed

  • Deprecating and removing salt-unity. (#56055)

  • Removed support for macos mojave (#61130)

  • Removed salt.utils.MultiprocessingProcess and salt.utils.SignalHandlingMultiprocessingProcess. Please use salt.utils.Process and salt.utils.SignalHandlingProcess instead. (#61573)

  • Remove the grains.get_or_set_hash function. Please reference pillar and SDB documentation for secure ways to manage sensitive information. Grains are an insecure way to store secrets. (#61691)

  • Removed the telnet_port, serial_type and console parameters in salt/modules/virt.py. Use the serials and consoles parameters instead. Use the serials parameter with a value like {{{{'type': 'tcp', 'protocol': 'telnet', 'port': {}}}}} instead and a similar consoles parameter. (#61693)

  • Remove remove_lock in zypperpkg.py in favor of unhold. Remove add_lock in zypperpkg.py in favor of hold. (#61694)

  • Removed support for old-style Windows Group Policy names Recommended policy names will be displayed in comments (#61696)

  • Remove the feature flag feature.enable_slsvars_fixes and enable the fixes for sls_path, tpl_file, and tpldir by default. Enabling this behavior by default will fix the following: - tpldir: If your directory name and your SLS file name are the same tpldir used to return a ., now it returns the correct directory name. - slspath,slsdotpath,slscolonpath,sls_path: If an init.sls file is accessed by its explicit name path.to.init instead of path.to, init shows up as a directory for in various sls context parameters, now it will only show as a file. - tplfile: When using tplfile in a SLS file in the root directory of file roots it returns empty. Now it returns the filename. (#61697)

  • Remove SaltMessageServer.shutdown in favor of close. Remove LoadBalancerWorker.stop in favor of close. (#61698)

  • Removed the PyObjC dependency.

    This addresses problems with building a one dir build for macOS. It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built). Since it's currently not being used, it's removed. (#62432)

Deprecated

  • In etcd_util, the recursive kwarg in the read and delete methods has been deprecated in favor of recurse for both client versions. In etcd_util, the index kwarg in the watch method has been deprecated in favor of start_revision for both client versions. In etcd_util, the waitIndex kwarg in the read method has been deprecated in favor of start_revision for both client versions. The etcd API v2 implementation has been deprecated in favor of etcd API v3. (#60325)

  • Deprecated transport kwarg inside salt.utils.event.get_event (#61275)

  • Deprecated netmiko_conn and pyeapi_conn in napalm_mod.py as these function should not be called from the CLI (#61566)

  • Deprecate all Azure cloud modules (#62183)

  • Deprecated defaults and preserve_context for salt.utils.functools.namespaced_function. Additionally, the behavior when preserve_namespace=True was passed is now the default in order not to require duplicating imports on the modules that are namespacing functions. (#62272)

  • Added a pyinstaller hook that traverses the python used on the tiamat package to add all possible modules as hidden imports. (#62362)

  • Fix use of random shuffle and sample functions as Jinja filters (#62372)

  • All of the requirements provided in the requirements files are now included. The job of evaluating platform markers is not Salt's it's pip's. (#62392)

  • Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x (#62400)

  • Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. (#62405)

  • Deprecated the cassandra module in favor of the cassandra_cql module/returner. (#62327)

Changed

  • alternatives: Do not access /var/lib/dpkg/alternatives directly (#58745)

  • Enhance logging when there are errors at loading beacons (#60402)

  • Updated mysql cache module to also store updated timestamp, making it consistent with default cache module. Users of mysql cache should ensure database size before updating, as ALTER TABLE will add the timestamp column. (#61081)

  • Changed linux_shadow to test success of commands using cmd.retcode instead of cmd.run (#61932)

  • zabbix.user_get returns full user info with groups and medias zabbix.user_addmedia returns error for Zabbix 4.0+ due to user.addmedia method removal zabbix.user_deletemedia returns error for Zabbix 4.0+ due to user.deletemedia method removal (#62012)

  • "Sign before ending the testrun in x509.create_certificate" (#62100)

Fixed

  • Fix salt-ssh using sudo with a password (#8882)

  • Fix SSH password regex to not search for content after password:. (#25721)

  • Addressing a few issues when having keep_symlinks set to True with file.recurse. Also allow symlinks that are outside the salt fileserver root to be discoverable as symlinks when fileserver_followsymlinks is set to False. (#29562)

  • serialize to JSON only non string objects. (#35215)

  • Fix archive.extracted doesn't set user/group ownership correctly (#38605)

  • Make sys.argspec work on functions with annotations (#48735)

  • Fixed pdbedit.list_users with Samba 4.8 (#49648)

  • Fixes a scenario where ipv6 is enabled but the master is configured as an ipv4 IP address. (#49835)

  • Ensure that NOTIFY_SOCKET is not passed to child processes created with cmdmod unless it's set explicitly for such call. (#50851)

  • remove escaping of dbname in mysql.alter_db function. (#51559)

  • Fix runit module failing to find service if it is not symlinked. (#52759)

  • Changed manage.versions to report minions offline if minion call fails. (#53513)

  • Fixed events stream from /events endpoint not halting when auth token has expired. (#53742)

  • Fixed user.present which was breaking when updating workphone,homephone, fullname and "other" fields in case int was passed instead of string (#53961)

  • Fix error in webutil state module when attempting to grep a file that does not exist. (#53977)

  • Fixed ability to modify the "Audit: Force audit policy subcategory settings..." policy (#54301)

  • Fix timeout handling in netapi/saltnado. (#55394)

  • Fixing REST auth so that we actually support using ACLs from the REST server like we said in the documentation. (#55654)

  • Salt now correctly handles macOS after Py3.8 where python defaults to spawn instead of fork. (#55847)

  • Factor out sum and sorting of permissions into separate functions. Additionally, the same logic was applied to the rest_cherrypy netapi (#56495)

  • Display packages that are marked NoRemove in pkg.list_pkgs for Windows platforms (#56864)

  • Attempt to fix 56957 by detecting the broken recusion and stopping it. (#56957)

  • Fixed bytes vs. text issue when using sqlite for sdb backend. (#57133)

  • Ensure test is added to opts when using the state module with salt-ssh. (#57144)

  • Fixed RuntimeError OrderedDict mutated in network.managed for Debian systems. (#57721)

  • Improved the multiprocessing classes to better handle spawning platforms (#57742)

  • Config options are enforced according to config type (#57873)

  • fixed 57992 fix multi item kv v2 items read. (#57992)

  • Fixed thread leak during FQDN lookup when DNS entries had malformed PTR records, or other similar issues. (#58141)

  • Remove unnecessary dot in template that cause the bridge interface to fail on debian. Fixes #58195 (#58195)

  • update salt.module.schedule to check the job_args and job_kwargs for valid formatting. (#58329)

  • Allowe use of roster in salt.function state when using the SSH client. (#58662)

  • Detect new and legacy styles of calling module.run and support them both. (#58763)

  • Clean repo uri before checking if it's present, avoiding ghost change. (#58807)

  • Fix error "'__opts__' is not defined" when using the boto v2 modules (#58934)

  • hgfs: fix bytes vs str issues within hgfs. (#58963)

  • Fixes salt-ssh error when targetting IPs or hostnames directly. (#59033)

  • Allow for multiple configuration entries with keyword strict_config=False on yum-based systems (#59090)

  • Fixed error when running legacy code in winrepo.update_git_repos (#59101)

  • Clarify the persist argument in the scheduler module. Adding code in the list function to indicate if the schedule job is saved or not. (#59102)

  • Swap ret["retcode"] for ret.get("retcode") in the event that there is no retcode, eg. when a function is not passed with a module. (#59331)

  • Fix race condition when caching vault tokens (#59361)

  • The ssh module now accepts all ssh public key types as of openssh server version 8.7. (#59429)

  • Set default transport and port settings for Napalm NXOS, if not set. (#59448)

  • Use __salt_system_encoding__ when retrieving keystore certificate SHA1 str (#59503)

  • Fix error being thrown on empty flags list given to file.replace (#59554)

  • Update url for ez_setup.py script in virtualenv_mod.py (#59604)

  • Changed yumpkg module to normalize versions to strings when they were ambiguously floats (example version=3005.0). (#59705)

  • Fix pillar_roots.write on subdirectories broken after CVE-2021-25282 patch. (#59935)

  • Improved performance of zfs.filesystem_present and zfs.volume_present. When applying these states, only query specified ZFS properties rather than all properties. (#59970)

  • Fixed highstate outputter not displaying with salt.function in orchestration when module returns a dictionary. (#60029)

  • Update docs where python-dateutil is required for schedule. (#60070)

  • Send un-parsed username to LookupAccountName function (#60076)

  • Fix ability to set propagation on a folder to "this_folder_only" (#60103)

  • Fix name attribute access error in spm. (#60106)

  • Fix zeromq stream.send exception message (#60228)

  • Exit gracefully on ctrl+c. (#60242)

  • Corrected import statement for redis_cache in cluster mode. (#60272)

  • loader: Fix loading grains with annotations (#60285)

  • fix docker_network.present when com.docker.network.bridge.name is being used as the unixes can not have a bridge of the same name (#60316)

  • Fix exception in yumpkg.remove for not installed package on calling pkg.remove or pkg.removed (#60356)

  • Batch runs now return proper retcodes in a tuple of the form (result, retcode) (#60361)

  • Fixed issue with ansible roster __virtual__ when ansible is not installed. (#60370)

  • Fixed error being thrown when None was passed as src/defaults or dest to defaults.update and defaults.merge (#60431)

  • Allow for additional options for xmit hash policy in mode 4 NIC bonding on Redhat (#60583)

  • Properly detect VMware grains on Windows Server 2019+ (#60593)

  • Allow for minion failure to respond to job sent in batch mode (#60724)

  • The mac assistive execution module no longer shells out to change the database. (#60819)

  • Fix regression in win_timezone.get_zone which failed to resolve specific timezones that begin or end with d/s/t/o/f/_ characters (#60829)

  • The TCP transport resets it's unpacker on stream disconnects (#60831)

  • Moving the call to the validate function earlier to ensure that beacons are in the right format before we attempt to do anything to the configuration. Adding a generic validation to ensure the beacon configuration is in the wrong format when a validation function does not exist. (#60838)

  • Update the mac installer welcome and conclusion page, add docs for the salt-config tool (#60858)

  • Fixed external node classifier not callable due to wrong parameter (#60872)

  • Adjust Debian/Ubuntu package use of name 'ifenslave-2.6' to 'ifenslave' (#60876)

  • Clear and update the Pillar Cache when running saltutil.refresh_pillar. This only affects users that have pillar_cache set to True. If you do not want to clear the cache you can pass the kwarg clean_cache=False to saltutil.refresh_pillar. (#60897)

  • Handle the situation when apt repo lines have or do not have trailing slashes properly. (#60907)

  • Fixed Python 2 syntax for Python 3, allow for view objects returned by dictionary keys() function (#60909)

  • Fix REST CherryPY append the default permissions every request (#60955)

  • Do not consider "skipped" targets as failed for "ansible.playbooks" states (#60983)

  • Fix behavior for internal "_netlink_tool_remote_on" to filter results based on requested end (#61017)

  • schedule.job_status module: Convert datetime objects into formatted strings (#61043)

  • virt: don't crash if console doesn't have service or type attribute (#61054)

  • Fixed conflict between importlib_metada from Salt and importlib.metadata from Python 3.10 (#61062)

  • sys.argspec now works with pillar.get, vault.read_secret, and vault.list_secrets (#61084)

  • Set virtual grain on FreeBSD EC2 instances (#61094)

  • Fixed v3004 windows minion failing to open log file at C:ProgramDataSalt ProjectSaltvarlogsaltminion (#61113)

  • Correct returned result to False when an error exception occurs for pip.installed (#61117)

  • fixed extend being too strict and wanting the system_type to exist when it is only needed for requisites. (#61121)

  • Fixed bug where deserialization in script engine would throw an error after all output was read. (#61124)

  • Adding missing import for salt.utils.beacons into beacons that were updated to use it. (#61135)

  • added exception catch to salt.utils.vt.terminal.isalive(). (#61160)

  • Re-factor transport to make them more plug-able (#61161)

  • Remove max zeromq pinned version due to issues on FreeBSD (#61163)

  • Fixing deltaproxy code to handle the situation where the control proxy is configured to control a proxy minion whose pillar data could not be loaded. (#61172)

  • Prevent get_tops from performing a Set operation on a List (#61176)

  • Make "state.highstate" to acts on concurrent flag. Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution (#61188)

  • Fix a failure with salt.utils.vault.make_request when namespace is not defined in the connection. (#61191)

  • Fix race condition in salt.utils.verify.verify_env and ignore directories starting with dot (#61192)

  • LGPO: Search for policies in a case-sensitive manner first, then fall back to non case-sensitive names (#61198)

  • Fixed state includes in dynamic environments (#61200)

  • Minimize the number of network connections minions to the master (#61247)

  • Fix salt-call event.event with pillar or grains (#61252)

  • Fixed failing dcs.compile_config where a successful compile errored with AttributeError: 'list' object has no attribute 'get'. (#61261)

  • Make the salt.utils.win_dacl.get_name() function include the "NT Security" prefix for Virtual Accounts. Virtual Accounts can only be added with the fully qualified name. (#61271)

  • Fixed tracebacks and print helpful error message when proxy_return = True but no platform or primary_ip set in NetBox pillar. (#61277)

  • Ensure opts is included in pack for minion_mods and config loads opts from the named_context. (#61297)

  • Added prefix length info for IPv6 addresses in Windows (#61316)

  • Handle MariaDB 10.5+ SLAVE MONITOR grant (#61331)

  • Fix secondary ip addresses being added to ip4_interfaces and ip6_interfaces at the same time (#61370)

  • Do not block the deltaproxy startup. Wrap the call to the individual proxy initialization functions in a try...except, catching the exception, logging an error and moving onto the next proxy minion. (#61377)

  • show_instance of hetzner cloud provider should enforce an action like the other ones (#61392)

  • Fix Hetzner Cloud config loading mechanism (#61399)

  • Sets correctly the lvm grain even when lvm's command execution outputs a WARNING (#61412)

  • Use net instead of sc in salt cloud when restarting the salt service (#61413)

  • Fix use_etag support in fileclient by removing case sensitivity of expected header (#61440)

  • Expand environment variables in the root_dir registry key (#61445)

  • Use salt.utils.path.readlink everywhere instead of os.readlink (#61458)

  • Fix state_aggregate minion option not respected (#61478)

  • Fixed wua.installed and wua.uptodate to return all changes, failures, and supersedences (#61479)

  • When running with test=True and there are no changes, don't show that there are changes. (#61483)

  • Fix issue with certutil when there's a space in the path to the certificate (#61494)

  • Fix cmdmod not respecting config for saltenv (#61507)

  • Convert Py 2'isms to Python 3, and add tests for set_filesystems on AIX (#61509)

  • Fix tracebacks caused by missing block device type and wrong mode used for gzip.open while calling inspector.export (#61530)

  • win_wua: Titles no longer limited to 40 characters (#61533)

  • Fixed error when using network module on RHEL 8 due to the name of the service changing from "network" to "NetworkManager". (#61538)

  • Allow symlink to be created even if source is missing on Windows (#61544)

  • Print jinja error context on UndefinedError. Previously jinja2.exceptions.UndefinedError resulted in a SaltRenderError without source file context, unlike all of the other Jinja exceptions handled in salt/utils/templates.py. (#61553)

  • Fix uptime on AIX systems when less than 24 hours (#61557)

  • Fix issue with state.show_state_usage when a saltenv is not referenced in any topfile (#61614)

  • Making the retry state system feature available when parallel is set to True. (#61630)

  • modules/aptpkg.SourceEntry: fix parsing lines with arbitrary comments in case HAS_APT=False (#61632)

  • Fix file.comment incorrectly reports changes in test mode (#61662)

  • Fix improper master caching of file listing in multiple dynamic environments (#61738)

  • When configured beacons are empty write an empty beacon configuration file. (#61741)

  • Fix file.replace updating mtime with no changes (#61743)

  • Fixed etcd_return being out of sync with the underlying etcd_util. (#61756)

  • Fixing items, values, and keys functions in the data module. (#61812)

  • Ensure that salt:// URIs never contain backslashes, converting them to forward slashes instead. A specific situation to handle is caching files on Windows minions, where Jinja relative imports introduce a backslash into the path. (#61829)

  • Do not raise a UnicodeDecodeError when pillar cache cannot decode binary data. (#61836)

  • Don't rely on importlib.metadata, even on Py3.10, use importlib_metadata instead. (#61839)

  • Fix the reporting of errors for file.directory in test mode (#61846)

  • Update Markup and contextfunction imports for jinja versions >=3.1. (#61848)

  • Update states.chef for version 16.x and 17.x Chef Infra Client output. (#61891)

  • Fixed some whitespace and pathlib.Path issues when not using the sytem aptsources package. (#61936)

  • fixed error when using backslash literal in file.replace (#61944)

  • Fix an issue where under spawning platforms, one could exhaust the available multiprocessing semaphores. (#61945)

  • Fix salt-cloud sync_after_install functionality (#61946)

  • Ensure that common_prefix matching only occurs if a directory name is identified (in the archive.list execution module function, which affects the archive.extracted state). (#61968)

  • When states are running in parallel, ensure that the total run time produced by the highstate outputter takes that into account. (#61999)

  • Temporary logging is now shutdown when logging has been configured. (#62005)

  • modules/lxd.FilesManager: fix memory leak through pylxd.modules.container.Container.FilesManager (#62006)

  • utils/jinja.SaltCacheLoader: fix leaking SaltCacheLoader through atexit.register (#62007)

  • Fixed errors on calling zabbix_user.admin_password_present state, due to changed error message in Zabbix 6.0 Fixed zabbix.host_update not mapping group ids list to list of dicts in format [{"groupid": groupid}, ...] Fixed zabbix.user_update not mapping usergroup id list to list of dicts in format [{"usrgrpid": usrgrpid}, ...] (#62012)

  • utils/yamlloader and yamlloader_old: fix leaking DuplicateKeyWarning through a warnings module (#62021)

  • Fix cache checking for Jinja templates (#62042)

  • Fixed salt.states.file.managed() for follow_symlinks=True and test=True (#62066)

  • Stop trigering the GLIBC race condition when parallelizing the resolution of the fqnds. (#62071)

  • Fix useradd functions hard-coded relative command name (#62087)

  • Fix #62092: Catch zmq.error.ZMQError to set HWM for zmq >= 3.

    Run git show 0be0941 for more info. (#62092)

  • Allow emitatstartup to work when delay option is setup. (#62095)

  • Fix broken relative jinja includes in local mode bug introduced in #62043 (#62117)

  • Fix broken file.comment functionality introduced in #62045 (#62121)

  • Fixed an incompatibility preventing salt-cloud from deploying VMs on Proxmox VE 7 (#62154)

  • Fix sysctl functions hard-coded relative command name (#62164)

  • All of Salt's loaders now accept loaded_base_name as a keyword argument, allowing different namespacing the loaded modules. (#62186)

  • Only functions defined on the modules being loaded will be added to the lazy loader, functions imported from other modules, unless they are properly namespaced, are not included. (#62190)

  • Fixes issue in postgresql privileges detection: privileges on views were never retrieved and always recreated. (#57690)

  • Fix service.enabled error for unavailable service in test mode (#62258)

  • Fix variable reuse causing requisite_in problems (#62264)

  • Adding -G option to pkgdd cmd_prefix list when current_zone_only is True. (#62206)

  • Don't expect lsof to be installed when trying check which minions are connected. (#62303)

  • Fixed urlparse typo in rpmbuild_pkgbuild.py (#62442)

  • Fixing changes dict in pkg state to be consistent when installing and test=True. (#60995)

  • Use fire_event_async when expecting a coroutine (#62453)

  • Fixes import error under windows. (#62459)

  • account for revision number in formulas to account for difference between bottle and formula (#62466)

  • Fixed stacktrace on Windows when running pkg.list_pkgs (#62479)

  • Update sanitizing masking for Salt SSH to include additional password like strings. (#62483)

  • Fixes an issue where the minion could not connect to a master after 2 failed attempts (#62489)

Added

  • Added ability to request VPC peering connections in different AWS regions (boto_vpc). (#50394)

  • Added event return capability to Splunk returner (#50815)

  • Added allow downgrades support to apt upgrade (#52977)

  • added new grain for metadata to handle googles metadata differences (#53223)

  • Added win_shortcut execution and state module that does not prepend the current working directory to paths. Use shortcut.create and shortcut.present instead of file.shortcut. (#53706)

  • Add __env__ substitution inside file and pillar root paths (#55747)

  • Added support cpu hot add/remove, memory hot add, and nested virtualization to VMware salt-cloud driver. (#56144)

  • Add a consul state module with acl_present and acl_absent functions. (#58101)

  • Added restconf module/states/proxy code for network device automation (#59006)

  • Adds the ability to get version information from a file on Windows systems (#59702)

  • Add aptkey=False kwarg option to the aptpkg.py module and pkgrepo state. Apt-key is on the path to be deprecated. This will allow users to not use apt-key to manage the repo keys. It will set aptkey=False automatically if it does not detect apt-key exists on the machine. (#59785)

  • Added "Instant Clone" feature in the existing VMware Cloud module (#60004)

  • Added support for etcd API v3 (#60325)

  • Added pkg.held and pkg.unheld state functions for Zypper, YUM/DNF and APT. Improved zypperpkg.hold and zypperpkg.unhold functions. (#60432)

  • Added suse_ip module allowing to manage network interfaces on SUSE based Linux systems (#60702)

  • Support querying for JSON data in SQL external pillar (#60905)

  • Added support for yum and dnf on AIX (#60912)

  • Added percent success/failure of state runs in highstate summary output via new state_output_pct option (#60990)

  • Add support for retrieve IP-address from qemu agent by Salt-cloud on Proxmox (#61146)

  • Added new shortcut execution and state module to better handle UNC shortcuts and to test more thoroughly (#61170)

  • added yamllint utils module and yaml execution modules (#61182)

  • Add "--no-return-event" option to salt-call to prevent sending return event back to master. (#61188)

  • Add Etag support for file.managed web sources (#61270)

  • Adding the ability to add, delete, purge, and modify Salt scheduler jobs when the Salt minion is not running. (#61324)

  • Added a force option to file.symlink to overwrite an existing symlink with the same name (#61326)

  • gpg_decrypt_must_succeed config to prevent gpg renderer from failing silently (#61418)

  • Do not load a private copy of __grains__ and __salt__ for the sentry log handler if it is disabled. (#61484)

  • Add Jinja filters for itertools functions, flatten, and a state template workflow (#61502)

  • Add feature to allow roll-up of duplicate IDs with different names in highstate output (#61549)

  • Allow cp functions to derive saltenv from config if not explicitly set (#61562)

  • Multiprocessing logging no longer uses multiprocessing queues which penalized performance.

    Instead, each new process configures the terminal and file logging, and also any external logging handlers configured. (#61629)

  • Add a function to the freezer module for comparison of packages and repos in two frozen states (#61682)

  • Add grains_refresh_pre_exec option to allow grains to be refreshed before any operation (#61708)

  • Add possibility to pass extra parameters to salt-ssh pre flight script with ssh_pre_flight_args (#61715)

  • Add Etag support for archive.extracted web sources (#61763)

  • Add regex exclusions, full path matching, symlink following, and mtime/ctime comparison to file.tidied (#61823)

  • Add better handling for unit abbreviations and large values to salt.utils.stringutils.human_to_bytes (#61831)

  • Provide PyInstaller hooks that provide some runtime adjustments when Salt is running from a onedir (PyInstaller) bundled package. (#61864)

  • Add configurable onedir pip pypath location (#61937)

  • Add CNAME record support to the dig exec module (#61991)

  • Added support for changed user object in Zabbix 5.4+ Added compatibility with Zabbix 4.0+ for zabbix.user_getmedia method Added support for setting medias in zabbix.user_update for Zabbix 3.4+ (#62012)

  • Add ignore_missing parameter to file.comment state (#62044)

  • General improvements on the "ansiblegate" module: * Add "ansible.targets" method to gather Ansible inventory * Add "ansible.discover_playbooks" method to help collecting playbooks * Fix crash when running Ansible playbooks if ansible-playbook CLI output is not the expected JSON. * Fix issues when processing inventory and there are groups with no members. * Allow new types of targets for Ansible roster (#60056)

  • Add sample and shuffle functions from random (#62225)

  • Add "<tiamat> python" subcommand to allow execution or arbitrary scripts via bundled Python runtime (#62381)