Salt 0.16.2 Release Notes¶

Only allow Administrator's group and SYSTEM user access to C:\salt. This eliminates a race condition where a non-admin user could modify a template or managed file before it is executed by the minion (which is running as an elevated user), thus avoiding a potential escalation of privileges. (issue #6361)

Fixed detection of virtual grain on OpenVZ hardware nodes

Gracefully handle lsb_release data when it is enclosed in quotes

LSB grains are now prefixed with lsb_distrib_ instead of simply lsb_. The old naming is not preserved, so SLS may be affected.

Improved grains detection on MacOS

Don't try to load git_pillar if not enabled in master config (issue #6052)

Functions pillar.item and pillar.items added for parity with grains.item/grains.items. The old function pillar.data is preserved for backwards compatibility.

Fixed minion traceback when Pillar SLS is malformed (issue #5910)

More gracefully handle improperly quoted publish commands (issue #5958)

Fixed traceback when timeout specified via the CLI fo publish.publish, publish.full_data (issue #5959)

Fixed unintended change in output of publish.publish (issue #5928)

Fixed salt-key usage in minionswarm script

Quieted warning about SALT_MINION_CONFIG environment variable on minion startup and for CLI commands run via salt-call (issue #5956)

Added minion config parameter random_reauth_delay to stagger re-auth attempts when the minion is waiting for the master to approve its public key. This helps prevent SYN flooding in larger environments.

Implement previously-ignored unique option for user.present states in FreeBSD

Report in state output when a group.present state attempts to use a gid in use by another group

Fixed regression that prevents a user.present state to set the password hash to the system default (i.e. an unset password)

Fixed multiple group.present states with the same group (issue #6439)

Fixed file.mkdir setting incorrect permissions (issue #6033)

Fixed cleanup of source files for templates when /tmp is in file_roots (issue #6118)

Fixed caching of zero-byte files when a non-empty file was previously cached at the same path

Added HTTP authentication support to the cp module (issue #5641)

Diffs are now suppressed when binary files are changed

Fixed traceback when there is only one target for pkg.latest states

Fixed regression in detection of virtual packages (apt)

Limit number of pkg database refreshes to once per state.sls/state.highstate

YUM: Allow 32-bit packages with arches other than i686 to be managed on 64-bit systems (issue #6299)

Fixed incorrect reporting in pkgrepo.managed states (issue #5517)

Fixed 32-bit binary package installs on 64-bit RHEL-based distros, and added proper support for 32-bit packages on 64-bit Debian-based distros (issue #6303)

Fixed issue where requisites were inadvertently being put into YUM repo files (issue #6471)

Fixed inaccurate reporting of results in service.running states when the service fails to start (issue #5894)

Fixed handling of custom initscripts in RHEL-based distros so that they are immediately available, negating the need for a second state run to manage the service that the initscript controls

Function network.hwaddr renamed to network.hw_addr to match network.ip_addrs and network.ip_addrs6. All three functions also now work without the underscore in the name, as well.

Fixed traceback in bridge.show when interface is not present (issue #6326)

Fixed incorrect result reporting for some ssh_known_hosts.present states

Fixed inaccurate reporting when ssh_auth.present states are run with test=True, when rsa/dss is used for the enc param instead of ssh-rsa/ssh-dss (issue #5374)

Properly handle -f lines in pip freeze output

Fixed regression in pip.installed states with specifying a requirements file (issue #6003)

Fixed use of editable argument in pip.installed states (issue #6025)

Deprecated runas parameter in execution function calls, in favor of user

Allow specification of MySQL connection arguments via the CLI, overriding/bypassing minion config params

Allow mysql_user.present states to set a passwordless login (issue #5550)

Fixed endless loop when mysql.processlist is run (issue #6297)

Fixed traceback in postgres.user_list (issue #6352)

Don't allow npm states to be used if npm module is not available

Fixed alternatives.install states for which the target is a symlink (issue #6162)

Fixed traceback in sysbench module (issue #6175)

Fixed traceback in job cache

Fixed tempfile cleanup for windows

Fixed issue where SLS files using the pydsl renderer were not being run

Fixed issue where returners were being passed incorrect information (issue #5518)

Fixed traceback when numeric args are passed to cmd.script states

Fixed bug causing cp.get_dir to return more directories than expected (issue #6048)

Fixed traceback when supervisord.running states are run with test=True (issue #6053)

Fixed tracebacks when Salt encounters problems running rbenv (issue #5888)

Only make the monit module available if monit binary is present (issue #5871)

Fixed incorrect behavior of img.mount_image

Fixed traceback in tomcat.deploy_war in Windows

Don't re-write /etc/fstab if mount fails

Fixed tracebacks when Salt encounters problems running gem (issue #5886)

Fixed incorrect behavior of selinux.boolean states (issue #5912)

RabbitMQ: Quote passwords to avoid symbols being interpolated by the shell (issue #6338)

Fixed tracebacks in extfs.mkfs and extfs.tune (issue #6462)

Fixed a regression with the module.run state where the m_name and m_fun arguments were being ignored (issue #6464)