Merge pull request #37829 from rallytime/merge-2016.11

[2016.11] Merge forward from 2016.3 to 2016.11

doc/topics/cloud/proxmox.rst

@@ -3,7 +3,7 @@ Getting Started With Proxmox
 ============================
 
 Proxmox Virtual Environment is a complete server virtualization management solution,
-based on LXC and full virtualization with KVM.
+based on OpenVZ(in Proxmox up to 3.4)/LXC(from Proxmox 4.0 and up) and full virtualization with KVM.
 Further information can be found at:
 
 http://www.proxmox.org/
@@ -14,8 +14,8 @@ Dependencies
 * requests >= 2.2.1
 
 Please note:
-This module allows you to create both OpenVZ and KVM but installing Salt on it will only be
-done when the VM is an OpenVZ container rather than a KVM virtual machine.
+This module allows you to create OpenVZ/LXC containers and KVM VMs, but installing Salt on it will only be
+done on containers rather than a KVM virtual machine.
 
 * Set up the cloud configuration at
   ``/etc/salt/cloud.providers`` or
@@ -66,7 +66,7 @@ Set up an initial profile at ``/etc/salt/cloud.profiles`` or
     proxmox-ubuntu:
         provider: my-proxmox-config
         image: local:vztmpl/ubuntu-12.04-standard_12.04-1_amd64.tar.gz
-        technology: openvz
+        technology: lxc
 
         # host needs to be set to the configured name of the proxmox host
         # and not the ip address or FQDN of the server
@@ -149,6 +149,12 @@ with their default settings listed.
 
     # The name of the image, from ``salt-cloud --list-images proxmox``
     image: local:vztmpl/ubuntu-12.04-standard_12.04-1_amd64.tar.gz
+    
+    # Whether or not to verify the SSL cert on the Proxmox host
+    verify_ssl: False
+    
+    # Network interfaces, netX
+    net0: name=eth0,bridge=vmbr0,ip=dhcp
 
 QEMU
 ====
@@ -164,7 +170,7 @@ QEMU profile file (for a new VM):
     # Image of the new VM
     image: image.iso # You can get all your available images using 'salt-cloud --list-images provider_name' (Ex: 'salt-cloud --list-images my-proxmox-config')
 
-    # Technology used to create the VM ('qemu' or 'openvz')
+    # Technology used to create the VM ('qemu', 'openvz'(on Proxmox <4.x) or 'lxc'(on Proxmox 4.x+))
     technology: qemu
  
     # Proxmox node name
@@ -223,7 +229,7 @@ QEMU profile file (for a clone):
     # VMID of Template to clone
     clone_from: ID
 
-    # Technology used to create the VM ('qemu' or 'openvz')
+    # Technology used to create the VM ('qemu' or 'lxc')
     technology: qemu
  
     # Proxmox node name

doc/topics/development/contributing.rst

@@ -66,7 +66,7 @@ Fork a Repo Guide_>`_ and is well worth reading.
     .. code-block:: bash
 
         git fetch upstream
-        git checkout -b fix-broken-thing upstream/2015.5
+        git checkout -b fix-broken-thing upstream/2016.3
 
     If you're working on a feature, create your branch from the develop branch.
 
@@ -95,9 +95,9 @@ Fork a Repo Guide_>`_ and is well worth reading.
 
     .. code-block:: bash
 
-        fix broken things in file1 and file2
+        Fix broken things in file1 and file2
 
-        Fixes #31337.  The issue is now eradicated from file1 and file2.
+        Fixes #31337
 
         # Please enter the commit message for your changes. Lines starting
         # with '#' will be ignored, and an empty message aborts the commit.
@@ -130,7 +130,7 @@ Fork a Repo Guide_>`_ and is well worth reading.
         .. code-block:: bash
 
             git fetch upstream
-            git rebase upstream/2015.5 fix-broken-thing
+            git rebase upstream/2016.3 fix-broken-thing
             git push -u origin fix-broken-thing
 
         or
@@ -170,9 +170,9 @@ Fork a Repo Guide_>`_ and is well worth reading.
     https://github.com/my-account/salt/pull/new/fix-broken-thing
 
     #.  If your branch is a fix for a release branch, choose that as the base
-        branch (e.g. ``2015.5``),
+        branch (e.g. ``2016.3``),
 
-        https://github.com/my-account/salt/compare/saltstack:2015.5...fix-broken-thing
+        https://github.com/my-account/salt/compare/saltstack:2016.3...fix-broken-thing
 
         If your branch is a feature, choose ``develop`` as the base branch,
 
@@ -225,7 +225,7 @@ The current release branch
 The current release branch is the most recent stable release. Pull requests
 containing bug fixes should be made against the release branch.
 
-The branch name will be a date-based name such as ``2015.5``.
+The branch name will be a date-based name such as ``2016.3``.
 
 Bug fixes are made on this branch so that minor releases can be cut from this
 branch without introducing surprises and new features. This approach maximizes
@@ -392,7 +392,7 @@ And ``upstream`` is the name of the remote pointing to the main Salt repo.
 
         git rebase --onto <release-branch> <orig-base> bp-1234
 
-    Note, release branches prior to ``2015.5`` will not be able to make use of
+    Note, release branches prior to ``2016.3`` will not be able to make use of
     rebase and must use cherry-picking instead.
 
 5.  Push the back-port branch to GitHub and open a new pull request.

doc/topics/orchestrate/orchestrate_runner.rst

@@ -124,7 +124,7 @@ can specify the "name" argument to avoid conflicting IDs:
           - /path/to/file
           - /tmp/copy_of_file
         - kwarg:
-          - remove_existing: true
+            remove_existing: true
 
 State
 ^^^^^

doc/topics/tutorials/cloud_controller.rst

@@ -7,13 +7,17 @@ private cloud vms to be managed directly with Salt. This system is generally
 referred to as :strong:`Salt Virt`.
 
 The Salt Virt system already exists and is installed within Salt itself, this
-means that beside setting up Salt, no additional salt code needs to be
+means that besides setting up Salt, no additional salt code needs to be
 deployed.
 
+.. note::
+
+    The ``libvirt`` python module and the ``certtool`` binary are required.
+
 The main goal of Salt Virt is to facilitate a very fast and simple cloud. The
-cloud that can scale and fully featured. Salt Virt comes with the
+cloud that can scale and is fully featured. Salt Virt comes with the
 ability to set up and manage complex virtual machine networking, powerful
-image, and disk management, as well as virtual machine migration with and without
+image and disk management, as well as virtual machine migration with and without
 shared storage.
 
 This means that Salt Virt can be used to create a cloud from a blade center

salt/modules/pw_user.py

@@ -401,6 +401,29 @@ def chhomephone(name, homephone):
     return _update_gecos(name, 'homephone', homephone)
 
 
+def chloginclass(name, loginclass, root=None):
+    '''
+    Change the default login class of the user
+
+    .. versionadded:: 2016.3.5
+
+    CLI Example:
+
+    .. code-block:: bash
+
+        salt '*' user.chloginclass foo staff
+    '''
+    if loginclass == get_loginclass(name):
+        return True
+
+    cmd = ['pw', 'usermod', '-L', '{0}'.format(loginclass),
+           '-n', '{0}'.format(name)]
+
+    __salt__['cmd.run'](cmd, python_shell=False)
+
+    return get_loginclass(name) == loginclass
+
+
 def info(name):
     '''
     Return user information

salt/pillar/libvirt.py

@@ -1,6 +1,9 @@
 # -*- coding: utf-8 -*-
 '''
-Load up the libvirt keys into Pillar for a given minion if said keys have been generated using the libvirt key runner
+Load up the libvirt keys into Pillar for a given minion if said keys have been
+generated using the libvirt key runner
+
+:depends: certtool
 '''
 from __future__ import absolute_import
 

salt/states/dockerng.py

@@ -1453,6 +1453,14 @@ def running(name,
         .. note::
 
             This option requires Docker 1.2.0 or newer.
+    privileged
+        Give extended privileges to container.
+
+        .. code-block:: yaml
+            foo:
+              docker.running:
+                - image: bar/baz:lates
+                - privileged: True
 
     extra_hosts
         Additional hosts to add to the container's /etc/hosts file. Can be

salt/states/file.py

@@ -97,9 +97,19 @@ In this example ``foo.conf`` in the ``dev`` environment will be used instead.
 
 .. warning::
 
-        When using a mode that includes a leading zero you must wrap the
-        value in single quotes. If the value is not wrapped in quotes it
-        will be read by YAML as an integer and evaluated as an octal.
+    When using a mode that includes a leading zero you must wrap the
+    value in single quotes. If the value is not wrapped in quotes it
+    will be read by YAML as an integer and evaluated as an octal.
+
+The ``names`` parameter, which is part of the state compiler, can be used to
+expand the contents of a single state declaration into multiple, single state
+declarations. Each item in the ``names`` list receives its own individual state
+``name`` and is converted into its own low-data structure. This is a convenient
+way to manage several files with similar attributes.
+
+There is more documentation about this feature in the
+:ref:`Names declaration<names-declaration>` section of the
+ :ref:`Highstate docs<states-highstate>`.
 
 Special files can be managed via the ``mknod`` function. This function will
 create and enforce the permissions on a special file. The function supports the

salt/states/keystone.py

@@ -111,10 +111,18 @@ def user_present(name,
         The name of the user to manage
 
     password
-        The password to use for this user
+        The password to use for this user.
+
+        .. note::
+
+            If the user already exists and a different password was set for
+            the user than the one specified here, the password for the user
+            will be updated. Please set the ``password_reset`` option to
+            ``False`` if this is not the desired behavior.
 
     password_reset
-        Whether or not to reset password after initial set
+        Whether or not to reset password after initial set. Defaults to
+        ``True``.
 
     email
         The email address for this user

salt/states/virtualenv_mod.py

@@ -68,6 +68,9 @@ def managed(name,
     use_wheel: False
         Prefer wheel archives (requires pip >= 1.4).
 
+    python : None
+        Python executable used to build the virtualenv
+
     user: None
         The user under which to run virtualenv and pip.
 

salt/utils/rsax931.py

@@ -16,6 +16,11 @@ import salt.utils
 from ctypes import cdll, c_char_p, c_int, c_void_p, pointer, create_string_buffer
 from ctypes.util import find_library
 
+# Constants taken from openssl-1.1.0c/include/openssl/crypto.h
+OPENSSL_INIT_ADD_ALL_CIPHERS = 0x00000004
+OPENSSL_INIT_ADD_ALL_DIGESTS = 0x00000008
+OPENSSL_INIT_NO_LOAD_CONFIG = 0x00000080
+
 
 def _load_libcrypto():
     '''
@@ -62,8 +67,15 @@ def _init_libcrypto():
     libcrypto.RSA_private_encrypt.argtypes = (c_int, c_char_p, c_char_p, c_void_p, c_int)
     libcrypto.RSA_public_decrypt.argtypes = (c_int, c_char_p, c_char_p, c_void_p, c_int)
 
-    libcrypto.OPENSSL_no_config()
-    libcrypto.OPENSSL_add_all_algorithms_noconf()
+    try:
+        if libcrypto.OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG |
+                                         OPENSSL_INIT_ADD_ALL_CIPHERS |
+                                         OPENSSL_INIT_ADD_ALL_DIGESTS, None) != 1:
+            raise OSError("Failed to initialize OpenSSL library (OPENSSL_init_crypto failed)")
+    except AttributeError:
+        # Support for OpenSSL < 1.1 (OPENSSL_API_COMPAT < 0x10100000L)
+        libcrypto.OPENSSL_no_config()
+        libcrypto.OPENSSL_add_all_algorithms_noconf()
 
     return libcrypto