Salt 0.16.2 Release Notes

release:2013-08-01

Version 0.16.2 is a bugfix release for 0.16.0, and contains a number of fixes.

Windows

  • Only allow Administrator's group and SYSTEM user access to C:\salt. This eliminates a race condition where a non-admin user could modify a template or managed file before it is executed by the minion (which is running as an elevated user), thus avoiding a potential escalation of privileges. (issue 6361)

Grains

  • Fixed detection of virtual grain on OpenVZ hardware nodes
  • Gracefully handle lsb_release data when it is enclosed in quotes
  • LSB grains are now prefixed with lsb_distrib_ instead of simply lsb_. The old naming is not preserved, so SLS may be affected.
  • Improved grains detection on MacOS

Pillar

Peer Publishing

Minion

  • Fixed salt-key usage in minionswarm script
  • Quieted warning about SALT_MINION_CONFIG environment variable on minion startup and for CLI commands run via salt-call (issue 5956)
  • Added minion config parameter random_reauth_delay to stagger re-auth attempts when the minion is waiting for the master to approve its public key. This helps prevent SYN flooding in larger environments.

User/Group Management

  • Implement previously-ignored unique option for user.present states in FreeBSD
  • Report in state output when a group.present state attempts to use a gid in use by another group
  • Fixed regression that prevents a user.present state to set the password hash to the system default (i.e. an unset password)
  • Fixed multiple group.present states with the same group (issue 6439)

File Management

  • Fixed file.mkdir setting incorrect permissions (issue 6033)
  • Fixed cleanup of source files for templates when /tmp is in file_roots (issue 6118)
  • Fixed caching of zero-byte files when a non-empty file was previously cached at the same path
  • Added HTTP authentication support to the cp module (issue 5641)
  • Diffs are now suppressed when binary files are changed

Package/Repository Management

  • Fixed traceback when there is only one target for pkg.latest states
  • Fixed regression in detection of virtual packages (apt)
  • Limit number of pkg database refreshes to once per state.sls/state.highstate
  • YUM: Allow 32-bit packages with arches other than i686 to be managed on 64-bit systems (issue 6299)
  • Fixed incorrect reporting in pkgrepo.managed states (issue 5517)
  • Fixed 32-bit binary package installs on 64-bit RHEL-based distros, and added proper support for 32-bit packages on 64-bit Debian-based distros (issue 6303)
  • Fixed issue where requisites were inadvertently being put into YUM repo files (issue 6471)

Service Management

  • Fixed inaccurate reporting of results in service.running states when the service fails to start (issue 5894)
  • Fixed handling of custom initscripts in RHEL-based distros so that they are immediately available, negating the need for a second state run to manage the service that the initscript controls

Networking

SSH

pip

  • Properly handle -f lines in pip freeze output
  • Fixed regression in pip.installed states with specifying a requirements file (issue 6003)
  • Fixed use of editable argument in pip.installed states (issue 6025)
  • Deprecated runas parameter in execution function calls, in favor of user

MySQL

PostgreSQL

Miscellaneous