Salt 2016.3.9 Release Notes

Version 2016.3.9 is a bugfix release for 2016.3.0.

Master Changes

The following options have been added to the master config file:

  • allow_minion_key_revoke - This option controls whether a minion can request that the master revoke its key. When True, a minion can request a key revocation and the master will comply. If it is False, the key will not be revoked by the msater.

  • require_minion_sign_messages - This requires that minions cryptographically sign the messages they publish to the master. If minions are not signing, then log this information at loglevel INFO and drop the message without acting on it.

  • drop_messages_signature_fail - Drop messages from minions when their signatures do not validate. Note that when this option is False but require_minion_sign_messages is True, minions MUST sign their messages, but the validity of their signatures is ignored.

  • minion_sign_messages - Causes the minion to cryptographically sign the payload of messages it places on the event bus for the master. The payloads are signed with the minion's private key so the master can verify the signature with its public key.