Merge remote-tracking branch 'upstream/2015.5' into merge-forward-2015.8

Conflicts: doc/topics/ssh/index.rst
2025-04-17 10:10:20 +00:00 · 2016-01-05 16:11:20 -07:00 · 2016-01-05 16:11:20 -07:00 · d73a7d6c4d
commit d73a7d6c4d
parent bed38d1a65 9363d6f5b6
9 changed files with 50 additions and 8 deletions
--- a/conf/minion
+++ b/conf/minion
@ -20,8 +20,12 @@
 # set to True, the order will be randomized instead. This can be helpful in distributing
 # the load of many minions executing salt-call requests, for example, from a cron job.
 # If only one master is listed, this setting is ignored and a warning will be logged.
+# NOTE: If master_type is set to failover, use master_shuffle instead.
 #random_master: False

+# Use if master_type is set to failover.
+#master_shuffle: False
+
 # Minions can connect to multiple masters simultaneously (all masters
 # are "hot"), or can be configured to failover if a master becomes
 # unavailable.  Multiple hot masters are configured by setting this
--- a/doc/ref/configuration/minion.rst
+++ b/doc/ref/configuration/minion.rst
@ -125,7 +125,7 @@ to the next master in the list if it finds the existing one is dead.

 Default: ``False``

-If :conf_minion:`master` is a list of addresses, shuffle them before trying to
+If :conf_minion:`master` is a list of addresses and :conf_minion`master_type` is ``failover``, shuffle them before trying to
 connect to distribute the minions over all available masters. This uses
 Python's :func:`random.shuffle <python2:random.shuffle>` method.

@ -133,6 +133,19 @@ Python's :func:`random.shuffle <python2:random.shuffle>` method.

    master_shuffle: True

+``random_master``
+------------------
+
+Default: ``False``
+
+If :conf_minion:`master` is a list of addresses, shuffle them before trying to
+connect to distribute the minions over all available masters. This uses
+Python's :func:`random.randint <python2:random.randint>` method.
+
+.. code-block:: yaml
+
+    random_master: True
+
 .. conf_minion:: retry_dns

 ``retry_dns``
--- a/doc/topics/ssh/index.rst
+++ b/doc/topics/ssh/index.rst
@ -207,3 +207,16 @@ Boolean-style options should be specified in their YAML representation.
   be ``wipe_ssh`` and thus this is what should be configured in the
   ``Saltfile``.  Using the names of flags for this option, being ``wipe:
   True`` or ``w: True``, will not work.
+
+Debugging salt-ssh
+==================
+
+One common approach for debugging ``salt-ssh`` is to simply use the tarball that salt
+ships to the remote machine and call ``salt-call`` directly.
+
+To determine the location of ``salt-call``, simply run ``salt-ssh`` with the ``-ldebug``
+flag and look for a line containing the string, ``SALT_ARGV``. This contains the ``salt-call``
+command that ``salt-ssh`` attempted to execute.
+
+It is recommended that one modify this command a bit by removing the ``-l quiet``,
+``--metadata`` and ``--output json`` to get a better idea of what's going on on the target system.
--- a/doc/topics/tutorials/gitfs.rst
+++ b/doc/topics/tutorials/gitfs.rst
@ -29,6 +29,11 @@ If :conf_master:`gitfs_provider` is not configured, then Salt will prefer
 pygit2_ if a suitable version is available, followed by GitPython_ and
 Dulwich_.

+.. note::
+    It is recommended to always run the most recent version of any the below
+    dependencies. Certain features of gitfs may not be available without
+    the most recent version of the chosen library.
+
 .. _pygit2: https://github.com/libgit2/pygit2
 .. _Dulwich: https://www.samba.org/~jelmer/dulwich/
 .. _GitPython: https://github.com/gitpython-developers/GitPython
--- a/doc/topics/tutorials/pillar.rst
+++ b/doc/topics/tutorials/pillar.rst
@ -68,7 +68,8 @@ The default location for the pillar is in /srv/pillar.

    The pillar location can be configured via the `pillar_roots` option inside
    the master configuration file. It must not be in a subdirectory of the state
-    tree.
+    tree or file_roots. If the pillar is under file_roots, any pillar targeting
+    can be bypassed by minions.

 To start setting up the pillar, the /srv/pillar directory needs to be present:

--- a/salt/cloud/clouds/joyent.py
+++ b/salt/cloud/clouds/joyent.py
@ -1079,7 +1079,7 @@ def query(action=None,
        text=True,
        status=True,
        headers=True,
-        verify=verify_ssl,
+        verify_ssl=verify_ssl,
        opts=__opts__,
    )
    log.debug(
--- a/salt/modules/apache.py
+++ b/salt/modules/apache.py
@ -265,10 +265,10 @@ def useradd(pwfile, user, password, opts=''):
    .. code-block:: text

        n  Don't update file; display results on stdout.
-        m  Force MD5 encryption of the password (default).
-        d  Force CRYPT encryption of the password.
-        p  Do not encrypt the password (plaintext).
-        s  Force SHA encryption of the password.
+        m  Force MD5 hashing of the password (default).
+        d  Force CRYPT(3) hashing of the password.
+        p  Do not hash the password (plaintext).
+        s  Force SHA1 hashing of the password.

    CLI Examples:

--- a/salt/modules/shadow.py
+++ b/salt/modules/shadow.py
@ -142,6 +142,12 @@ def gen_password(password, crypt_salt=None, algorithm='sha512'):

    Generate hashed password

+    .. note::
+
+        When called this function is called directly via remote-execution,
+        the password argument may be displayed in the system's process list.
+        This may be a security risk on certain systems.
+
    password
        Plaintext password to be hashed.

--- a/salt/states/user.py
+++ b/salt/states/user.py
@ -121,7 +121,7 @@ def _changes(name,
    if _group_changes(lusr['groups'], wanted_groups, remove_groups):
        change['groups'] = wanted_groups
    if home:
-        if lusr['home'] != home and createhome:
+        if lusr['home'] != home:
            change['home'] = home
    if createhome:
        newhome = home if home else lusr['home']