By default salt minion meta files are created with wide
permissions.
This makes OS tokens, keystone credentials unprotected.
Patch fixes this.
Prod-Related: CEEMCP-13 unprotected keystone credentials
Customer-Found
Change-Id: I18283cff4aec795e0656b7b3519381792e8a6e54
Salt (ca.sls) supports generation a few CA.cert but it works incorrectly.
When we generate a few ca.cert, salt must upload it to mine. But it overwrites previous ones.
Related-Prod: PROD-21740
Change-Id: I60f1089cc58758d3be65371deaaa69348fde86a4
The patch adds _orchestrate.conf file to salt minion
configuration. Its template searches for "/meta/salt.yml"
file across all installed formulas and parses them if found.
As of now config will contain following data, e.g.:
orchestration:
deploy:
applications:
cinder:
priority: 150
keystone:
priority: 100
Application priorities will be used later for salt deploy
orchestration
Change-Id: I56b0d15e5a13ca4975d98b9675991f84885120e6
Related-PROD: PROD-19973
The conflicting ID is 'libvirt_service' and is found in SLS:
- libvirt.server.service
- salt.control.virt
Change-Id: Ibb0b6f0a574a53f1cb8517a9fe0d7f0febb07bb3
The patch adds ability to configure REDIS as cache
backed for salt-master to be used as distibuted cache
further.
Change-Id: I62a29713c23ad3f591f6e937bfc5b13eba92f402
Related-PROD: PROD-20581
When proxy parameter was defined and host is empty string, salt is complaining with warning. With this patch when host is empty parameters are not used.
Change-Id: I11150e5f141182d5934564611d6c39b2b379b5e9
[Fix] Doc
Issue: - It is not possible to pass [R]andom [N]umber [G]enerator
device to libvirt guest xml in order to control entropy.
- Doc has no information on how to provision vms using salt
Solution: - Pass rng parameters via kwargs from node: pillar
Attach rng xml object to generated xml.
- Provide with an example
Prod-Related: PROD-19214
Customer-Found
Change-Id: Iea111f2d927edf46f06bb7ccfad06d37b752fba9
Our formula strictly rely on cherrypy framework when running salt API.
This patch adds that dependency to api packages as when installing
recommended is disabled it won't be installed by default.
Change-Id: I12d9368b17f2d0bc33dded2d1a9c8abd9bfcd0b1
Related-Prod: PROD-18105
salt-minion started via upstart is not using /etc/environment to
source variables therefore is not using system wide http_proxy parameters if
they are set there. With this patch if salt.minion.env_vars is set to engine:
file salt will set envvars in /etc/default/salt-minion and will use them for
all commands executed remotely via salt. Since /etc/default is not used on
systems with systemd override for salt-minion to use /etc/environmnet will be
set.
Change-Id: Icfe122de2486a83820a0bd2e2aeea4be3796c6aa
Closes-bug: PROD-16676
The patch deletes deprecated cmd.run function which actually
was defined in salt 2016 as alias for cmd.shell therefore this
change supports backward compatibility.
Change-Id: I47eae0b8ee45ca1a1a9b3e8e544c893614573fda
Related-PROD: 17056
The patch fixes the issue when reclass adapter crashes if a new node
is tried to register in reclass metadata with reactor/runner mechanism.
This actually happens because of merged PR https://github.com/saltstack/salt/pull/15881 so
ID of master is chnaged to <NODE_NAME>_master https://github.com/saltstack/salt/blame/2017.7/salt/config/__init__.py#L3584
thats why runner modul can't fine the node and crashes.
Change-Id: I12b59db72d58d5b9d09cbd454201a75366545779
Related-PROD: PROD-17051
The patch deletes deprecated cmd.run function which actually was defined
in salt 2016 as alias for cmd.shell therefore this change supports backward
compatibility.
Change-Id: I54c3cc524b9e5ecb7044f39532ca16632355a73b
This change adds support for installation of other formula dependencies
during run of salt.minion state. Due to this, other states are able to
run successfuly on first run because their modules' dependencies are
already satisfied and loaded.
Change-Id: I6e3149b808be641125b82c650f98cd09f79dd631
There was a wrong assumption that if galera.master or
galera.slave or mysql.server was defined in pillar we tried
to pick user/password from pillar.
This patch updates condition to ensure that enabled attribute
set to True.
Related-Prod: PROD-16658
Change-Id: I9cdd9259000d7fc648b41d7402dc8ffe9659955b