By default salt minion meta files are created with wide
permissions.
This makes OS tokens, keystone credentials unprotected.
Patch fixes this.
Prod-Related: CEEMCP-13 unprotected keystone credentials
Customer-Found
Change-Id: I18283cff4aec795e0656b7b3519381792e8a6e54
The patch adds _orchestrate.conf file to salt minion
configuration. Its template searches for "/meta/salt.yml"
file across all installed formulas and parses them if found.
As of now config will contain following data, e.g.:
orchestration:
deploy:
applications:
cinder:
priority: 150
keystone:
priority: 100
Application priorities will be used later for salt deploy
orchestration
Change-Id: I56b0d15e5a13ca4975d98b9675991f84885120e6
Related-PROD: PROD-19973
The patch adds ability to configure REDIS as cache
backed for salt-master to be used as distibuted cache
further.
Change-Id: I62a29713c23ad3f591f6e937bfc5b13eba92f402
Related-PROD: PROD-20581
When proxy parameter was defined and host is empty string, salt is complaining with warning. With this patch when host is empty parameters are not used.
Change-Id: I11150e5f141182d5934564611d6c39b2b379b5e9
salt-minion started via upstart is not using /etc/environment to
source variables therefore is not using system wide http_proxy parameters if
they are set there. With this patch if salt.minion.env_vars is set to engine:
file salt will set envvars in /etc/default/salt-minion and will use them for
all commands executed remotely via salt. Since /etc/default is not used on
systems with systemd override for salt-minion to use /etc/environmnet will be
set.
Change-Id: Icfe122de2486a83820a0bd2e2aeea4be3796c6aa
Closes-bug: PROD-16676
The patch deletes deprecated cmd.run function which actually
was defined in salt 2016 as alias for cmd.shell therefore this
change supports backward compatibility.
Change-Id: I47eae0b8ee45ca1a1a9b3e8e544c893614573fda
Related-PROD: 17056
The patch fixes the issue when reclass adapter crashes if a new node
is tried to register in reclass metadata with reactor/runner mechanism.
This actually happens because of merged PR https://github.com/saltstack/salt/pull/15881 so
ID of master is chnaged to <NODE_NAME>_master https://github.com/saltstack/salt/blame/2017.7/salt/config/__init__.py#L3584
thats why runner modul can't fine the node and crashes.
Change-Id: I12b59db72d58d5b9d09cbd454201a75366545779
Related-PROD: PROD-17051
There was a wrong assumption that if galera.master or
galera.slave or mysql.server was defined in pillar we tried
to pick user/password from pillar.
This patch updates condition to ensure that enabled attribute
set to True.
Related-Prod: PROD-16658
Change-Id: I9cdd9259000d7fc648b41d7402dc8ffe9659955b
Handle this option to allow/deny a minion to push
a file up to the master server (disabled by default).
Change-Id: I08f9bfedbc5356442c314992326dd206484e34ab
This is useful when using proxies. The default Tornado backend does not
utilize proxy environment variables and isn't able to set no_proxy variable.
Change-Id: I4a51c6fc9abe65d46ed4f3adeb30f7a25337857e
This option can configure default output of state calls. Terse (default
option) will make each call to be on single line and make salt output
better.
Change-Id: Id0987561e34a84fb26a796729d6ab3de3b9ae8e5