linuxadmin
diff --git a/‎HACKING.rst
Lines changed: 13 additions & 0 deletions b/‎HACKING.rst
Lines changed: 13 additions & 0 deletions
diff --git a/‎doc/man/salt.7
Lines changed: 4 additions & 4 deletions b/‎doc/man/salt.7
Lines changed: 4 additions & 4 deletions
diff --git a/‎doc/ref/states/ordering.rst
Lines changed: 15 additions & 0 deletions b/‎doc/ref/states/ordering.rst
Lines changed: 15 additions & 0 deletions
diff --git a/‎doc/ref/states/startup.rst
Lines changed: 44 additions & 0 deletions b/‎doc/ref/states/startup.rst
Lines changed: 44 additions & 0 deletions
diff --git a/‎doc/topics/releases/0.10.3.rst
Lines changed: 29 additions & 1 deletion b/‎doc/topics/releases/0.10.3.rst
Lines changed: 29 additions & 1 deletion
diff --git a/‎salt/config.py
Lines changed: 9 additions & 2 deletions b/‎salt/config.py
Lines changed: 9 additions & 2 deletions
diff --git a/‎salt/master.py
Lines changed: 6 additions & 1 deletion b/‎salt/master.py
Lines changed: 6 additions & 1 deletion
diff --git a/‎salt/minion.py
Lines changed: 24 additions & 2 deletions b/‎salt/minion.py
Lines changed: 24 additions & 2 deletions
diff --git a/‎salt/modules/django.py renamed to ‎salt/modules/djangomod.py
Lines changed: 2 additions & 0 deletions b/‎salt/modules/django.py renamed to ‎salt/modules/djangomod.py
Lines changed: 2 additions & 0 deletions
diff --git a/‎salt/modules/freebsdpkg.py
Lines changed: 18 additions & 6 deletions b/‎salt/modules/freebsdpkg.py
Lines changed: 18 additions & 6 deletions
diff --git a/‎salt/modules/freebsdservice.py
Lines changed: 1 addition & 4 deletions b/‎salt/modules/freebsdservice.py
Lines changed: 1 addition & 4 deletions
diff --git a/‎salt/modules/gentoo_service.py
Lines changed: 1 addition & 4 deletions b/‎salt/modules/gentoo_service.py
Lines changed: 1 addition & 4 deletions
@@ -86,6 +86,12 @@ Install Salt (and dependencies) into the virtualenv::
 
         env SWIG_FEATURES="-cpperraswarn -includeall -D__`uname -m`__ -I/usr/include/openssl" pip install M2Crypto
 
+    Debian and Ubuntu systems have modified openssl libraries and mandate that
+    a patched version of M2Crypto be installed. This means that M2Crypto
+    needs to be installed via apt:
+
+        apt-get install python-m2crypto
+
 Running a self-contained development version
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -116,6 +122,13 @@ Edit the minion config file:
     "saltdev". This isn't strictly necessary but it will serve as a reminder of
     which Salt installation you are working with.
 
+.. note:: Using `salt-call` with a :doc:`Standalone Minion </topics/tutorials/standalone_minion>`
+
+    If you plan to run `salt-call` with this self-contained development
+    environment in a masterless setup, you should invoke `salt-call` with
+    ``-c /path/to/your/virtualenv/etc/salt`` so that salt can find the minion
+    config file. Without the ``-c`` option, Salt finds its config files in `/etc/salt`.
+
 Start the master and minion, accept the minon's key, and verify your local Salt
 installation is working::
 
 
@@ -7705,7 +7705,7 @@ salt \(aq*\(aq pkg.available_version <package name>
 .UNINDENT
 .INDENT 0.0
 .TP
-.B salt.modules.freebsdpkg.install(name, *args, **kwargs)
+.B salt.modules.freebsdpkg.install(name, refresh=False, repo='', **kwargs)
 Install the passed package
 .sp
 Return a dict containing the new package names and versions:
@@ -7807,20 +7807,20 @@ salt \(aq*\(aq pkg.remove <package name>
 .INDENT 0.0
 .TP
 .B salt.modules.freebsdpkg.search(pkg_name)
-Use \fIpkg search\fP if pkg is being used.
+Use \fIpkg search\fP if pkgng is being used.
 .sp
 CLI Example:
 .sp
 .nf
 .ft C
-salt \(aq*\(aq pkg.pkgng_search \(aqmysql\-server\(aq
+salt \(aq*\(aq pkg.search \(aqmysql\-server\(aq
 .ft P
 .fi
 .UNINDENT
 .INDENT 0.0
 .TP
 .B salt.modules.freebsdpkg.upgrade()
-Run a full system upgrade, a \fBfreebsd\-update fetch install\fP
+Run \fBpkg upgrade\fP, if pkgng used. Otherwise do nothing
 .sp
 Return a dict containing the new package names and versions:
 .sp
 
@@ -210,3 +210,18 @@ set the order to ``last``:
     vim:
       pkg.installed:
         - order: last
+
+Remember that requisite statements override the order option. So the order
+option should be applied to the highest component of the requisite chain:
+
+.. code-block:: yaml
+
+    vim:
+      pkg.installed:
+        - order: last
+        - require:
+          - file: /etc/vimrc
+
+    /etc/vimrc:
+      file.managed:
+        - source: salt://edit/vimrc
@@ -0,0 +1,44 @@
+==============
+Startup States
+==============
+
+Sometimes it may be desired that the salt minion execute a state run when it is
+started. This alleviates the need for the master to initiate a state run on a
+new minion and can make provisioning much easier.
+
+As of Salt 0.10.3 the minion config reads options that allow for states to be
+executed at startup. The options are `startup_states`, `sls_list` and
+`top_file`.
+
+The `startup_states` option can be passed one of a number of arguments to
+define how to execute states. The available options are:
+
+highstate
+  Execute ``state.highstate``
+
+sls
+  Read in the ``sls_list`` option and execute the named sls files
+
+top
+  Read in the ``top_file`` option and execute states based on that top file
+  on the Salt Master
+  
+Examples:
+---------
+
+Execute ``state.highstate`` when starting the minion:
+
+
+.. code-block:: yaml
+
+   startup_states: highstate
+
+Execute the sls files `edit.vim` and `hyper`:
+
+.. code-block:: yaml
+
+    startup_states: sls
+
+    sls_list:
+      - edit.vim
+      - hyper
 additions. Modifications have been made to make ZeroMQ connections more
 reliable, the begining of the ACL system is in place, a new command line
 parsing system has been added, dynamic module distribution has become more
-environment aware, the new `master_fingerprint` option and many more!
+environment aware, the new `master_finger` option and many more!
 
 Major Features
 ==============
@@ -32,6 +32,29 @@ and is configured like so:
 Where `fred` is allowed access to functions in the test module and to the
 ``pkg.list_pkgs`` function.
 
+Master Finger Option
+--------------------
+
+The `master_finger` option has been added to improve the security of minion
+provisioning. The `master_finger` option allows for the fingerprint of the
+master public key to be set in the configuration file to double verify that the
+master is valid. This option was added in response to a motivation to pre
+authenticate the master when provisioning new minions to help prevent
+man in the middle attacks in some situations.
+
+Salt Key Fingerprint Generation
+-------------------------------
+
+The ability to generate fingerprints of keys used by Salt has been added to
+``salt-key``. The new option `finger` accepts the name of the key to generate
+and display a fingerprint for.
+
+.. code-block:: base
+
+    salt-key -F master
+
+Will display the fingerprints for the master public and private keys.
+
 Parsing System
 --------------
 
@@ -127,4 +150,9 @@ specifying the text.
     file.append:
         - source: salt://testfile
 
+Security Fix
+============
 
+A timing vulnerability was uncovered in the code which decrypts the AES
+messages sent over the network. This has been fixed and upgrading is
+strongly recommended.
@@ -151,19 +151,23 @@ def minion_config(path):
     '''
     opts = {'master': 'salt',
             'master_port': '4506',
+            'master_finger': '',
             'user': 'root',
             'root_dir': '/',
             'pki_dir': '/etc/salt/pki',
             'id': socket.getfqdn(),
             'cachedir': '/var/cache/salt',
             'cache_jobs': False,
             'conf_file': path,
-            'sock_dir': os.path.join(tempfile.gettempdir(), '.salt-unix'),
+            'sock_dir': '/var/run/salt',
             'renderer': 'yaml_jinja',
             'failhard': False,
             'autoload_dynamic_modules': True,
             'environment': None,
             'state_top': 'top.sls',
+            'startup_states': '',
+            'sls_list': [],
+            'top_file': '',
             'file_client': 'remote',
             'file_roots': {
                 'base': ['/srv/salt'],
@@ -254,7 +258,7 @@ def master_config(path):
             'publish_port': '4505',
             'user': 'root',
             'worker_threads': 5,
-            'sock_dir': os.path.join(tempfile.gettempdir(), '.salt-unix'),
+            'sock_dir': '/var/run/salt',
             'ret_port': '4506',
             'timeout': 5,
             'keep_jobs': 24,
@@ -307,6 +311,9 @@ def master_config(path):
             'default_include': 'master.d/*.conf',
     }
 
+    if len(opts['sock_dir']) > len(opts['cachedir']) + 10:
+        opts['sock_dir'] = os.path.join(opts['cachedir'], '.salt-unix')
+
     load_config(opts, path, 'SALT_MASTER_CONFIG')
 
     default_include = opts.get('default_include', [])
 
@@ -728,7 +728,7 @@ def _minion_event(self, load):
         if 'id' not in load or 'tag' not in load or 'data' not in load:
             return False
         tag = '{0}_{1}'.format(load['tag'], load['id'])
-        return self.event.fire_event(load['data'], tag)
+        return self.event.fire_event(load, tag)
 
     def _return(self, load):
         '''
@@ -737,6 +737,11 @@ def _return(self, load):
         # If the return data is invalid, just ignore it
         if 'return' not in load or 'jid' not in load or 'id' not in load:
             return False
+        if load['jid'] == 'req':
+	    # The minion is returning a standalone job, request a jobid
+            load['jid'] = salt.utils.prep_jid(
+                    self.opts['cachedir'],
+                    self.opts['hash_type'])
         log.info('Got return from {id} for job {jid}'.format(**load))
         self.event.fire_event(load, load['jid'])
         if not self.opts['job_cache']:
 
@@ -9,6 +9,7 @@
 
 import fnmatch
 import os
+import hashlib
 import re
 import threading
 import time
@@ -423,6 +424,23 @@ def _return_pub(self, ret, ret_cmd='_return'):
             open(fn_, 'w+').write(self.serial.dumps(ret))
         return ret_val
 
+    def _state_run(self):
+        '''
+        Execute a state run based on information set in the minion config file
+        '''
+        if self.opts['startup_states']:
+            data = {'jid': 'req', 'ret': ''}
+            if self.opts['startup_states'] == 'sls':
+                data['fun'] = 'state.sls'
+                data['arg'] = [self.opts['sls_list']]
+            elif self.opts['startup_states'] == 'top':
+                data['fun'] = 'state.top'
+                data['arg'] = [self.opts['top_file']]
+            else:
+                data['fun'] = 'state.highstate'
+                data['arg'] = []
+            self._handle_decoded_payload(data)
+
     @property
     def master_pub(self):
         return 'tcp://{ip}:{port}'.format(ip=self.opts['master_ip'],
@@ -482,13 +500,14 @@ def tune_in(self):
         # Prepare the minion event system
         #
         # Start with the publish socket
+        id_hash = hashlib.md5(self.opts['id']).hexdigest()
         epub_sock_path = os.path.join(
                 self.opts['sock_dir'],
-                'minion_event_{0}_pub.ipc'.format(self.opts['id'])
+                'minion_event_{0}_pub.ipc'.format(id_hash)
                 )
         epull_sock_path = os.path.join(
                 self.opts['sock_dir'],
-                'minion_event_{0}_pull.ipc'.format(self.opts['id'])
+                'minion_event_{0}_pull.ipc'.format(id_hash)
                 )
         epub_sock = context.socket(zmq.PUB)
         if self.opts.get('ipc_mode', '') == 'tcp':
@@ -542,6 +561,9 @@ def tune_in(self):
         # Make sure to gracefully handle SIGUSR1
         enable_sigusr1_handler()
 
+        # On first startup execute a state run if configured to do so
+        self._state_run()
+
         if self.opts['sub_timeout']:
             last = time.time()
             while True:
 
@@ -4,6 +4,8 @@
 
 import os
 
+def __virtual__():
+    return 'django'
 
 def _get_django_admin(bin_env):
     '''
 
@@ -19,7 +19,7 @@ def search(pkg_name):
 
     CLI Example::
 
-        salt '*' pkg.pkgng_search 'mysql-server'
+        salt '*' pkg.search 'mysql-server'
     '''
     if _check_pkgng():
         res = __salt__['cmd.run']('pkg search {0}'.format(pkg_name))
@@ -114,7 +114,7 @@ def list_pkgs():
     return ret
 
 
-def install(name, *args, **kwargs):
+def install(name, refresh=False, repo='', **kwargs):
     '''
     Install the passed package
 
@@ -127,12 +127,19 @@ def install(name, *args, **kwargs):
 
         salt '*' pkg.install <package name>
     '''
-    if _check_pkgng:
+    env = ()
+    if _check_pkgng():
         pkg_command = 'pkg install -y'
+        if not refresh:
+            pkg_command += ' -L'
+        if repo:
+            env = (('PACKAGESITE', repo),)
     else:
         pkg_command = 'pkg_add -r'
+        if repo:
+            env = (('PACKAGEROOT', repo),)
     old = list_pkgs()
-    __salt__['cmd.retcode']('%s {0}'.format(name) % pkg_command)
+    __salt__['cmd.retcode']('%s {0}'.format(name) % pkg_command, env=env)
     new = list_pkgs()
     pkgs = {}
     for npkg in new:
@@ -154,7 +161,7 @@ def install(name, *args, **kwargs):
 
 def upgrade():
     '''
-    Run a full system upgrade, a ``freebsd-update fetch install``
+    Run pkg upgrade, if pkgng used. Otherwise do nothing
 
     Return a dict containing the new package names and versions::
 
@@ -165,8 +172,13 @@ def upgrade():
 
         salt '*' pkg.upgrade
     '''
+
+    if not _check_pkgng():
+        # There is not easy way to upgrade packages with old package system
+        return {}
+
     old = list_pkgs()
-    __salt__['cmd.retcode']('freebsd-update fetch install')
+    __salt__['cmd.retcode']('pkg upgrade -y')
     new = list_pkgs()
     pkgs = {}
     for npkg in new:
 
@@ -122,9 +122,6 @@ def status(name, sig=None):
 
         salt '*' service.status <service name> [service signature]
     '''
-    sig = name if not sig else sig
-    cmd = "{0[ps]} | grep {1} | grep -v grep | awk '{{print $2}}'".format(
-            __grains__, sig)
-    return __salt__['cmd.run'](cmd).strip()
+    return __salt__['status.pid'](sig if sig else name)
 
 
@@ -112,10 +112,7 @@ def status(name, sig=None):
 
         salt '*' service.status <service name> [service signature]
     '''
-    sig = name if not sig else sig
-    cmd = "{0[ps]} | grep {1} | grep -v grep | awk '{{print $2}}'".format(
-            __grains__, sig)
-    return __salt__['cmd.run'](cmd).strip()
+    return __salt__['status.pid'](sig if sig else name)
 
 def enable(name):
     '''