mirror of
https://github.com/saltstack/salt.git
synced 2025-04-16 09:40:20 +00:00
422302312a
* Redirect imports of ``salt.ext.six`` to ``six``
Fixes #60966
* Latest changelog update for 3004
* Handle signals and properly exit, instead of raising exceptions.
This was introduced in 26fcda5074
Fixes #60391
Fixes #60963
* Add test for #61003
* Fix #61003
Restored the previously shifted check for version_to_remove in
old[target]. This had been extracted along with the correctly extracted
double pkg_params[target] lookup, but that lost the `target in old`
guard.
Putting the check back here prevents KeyError when looking for a
non-existent target in `old`.
* Handle various architecture formats in aptpkg module
* Write file even if does not exist
* only run test on debian based platforms
* remove extra space for arch
* convert pathlib to string for pkgrepo test
* Use temporary files first then copy to sources files
* fixes saltstack/salt#59182 fix handling of duplicate keys in rest_cherrypy data
* added changelog
* remove log messages to prevent leaks of sensitive info
* Reverting changes in PR #60150. Updating installed and removed functions to return changes when test=True.
* Adding changelog.
* Add a test and fix for extra-filerefs
* Do not break master_tops for minion with version lower to 3003
* Add changelog file
* Add extra comment to clarify discussion
* Update changelog file
* Add deprecated changelog
* Assert that the command didn't finish
Refs https://github.com/saltstack/salt/pull/60972
* Always restore signals, even when exceptions occur
* Reset signal handlers before starting the process
* Make sure that the `ProcessManager` doesn't always ignore signals
* Provide valid default value for bootstrap_delay
* Update changelog for 3004
* Update changelog and release notes for 3004
* Add PR 61020 to changelog
* Change MD5 to SHA256 fingerprint for new github.com fingerprint
* Check only ssh-rsa encyption for set_known_host
* Use main branch for kitchen-docker project
* Add tests for validate_tgt
This function evolved over the years, but never had any tests. We're
adding tests now to cover the various cases:
- there are no valid minions (currently fails, should return False)
- there are target minions that aren't in valid minions (correctly
fails)
- target minions are a subset of valid minions (i.e. all of the target
minions are found in the valid minions -- there are no extras)
(correctly passes)
* Refactor
minions should be a subset of v_minions - the extra code was just
getting in the way. Also, this function evolved over time but the
docstring never kept up. Updated the docstring to more accurately
describe the function's behavior.
* Fix #60413
When using a syndic and user auth, it was possible for v_minions and
minions to be two empty sets, which returned True. This allowed the user
to still publish the function. The Syndic would get the published event
and apply it, even though it should have been rejected.
However, if there are no valid minions, then it doesn't matter what the
targets are -- there are not valid targets, so there's no reason to do
any further checks.
* Rename changelog to security
* add cve# to changelog
* Sign pillar data
* Add regression tests for CVE-2022-22934
* Add changelog for cve-2022-22934
* Provide users with a nice warning when something goes wrong
* Rename changelog file
* Fix wart in tests
* Return bool when using m2crypo
* Limit the amount of empty space while searching ifconfig output
* Update changelog/cve-2020-22937.security
Co-authored-by: Megan Wilhite <megan.wilhite@gmail.com>
* Prevent auth replays and sign replies
* Add tests for cve-2022-22935
* Add changelog for cve-2020-22935
* Fix typo
* Prevent replays of file server requests
* Add regresion tests for fileserver nonce
* Add changelog for cve-2022-22936
* Job replay mitigation
* Fix merge warts
* more test fixes
* Fix auth tests on windows
* Remove unwanted requirements change
* Clean up cruft
* update docs for 3004.1 release
* Fix warts in new minion auth
* Test fix
* Update release notes
* Remove cve from non cve worty issue
* Add serial to payload in publisher process
* Fix channel tests
Fix broken channel tests by populating an AES key and serial.
* Windows test fix
* windows tests plz work
Co-authored-by: Pedro Algarvio <pedro@algarvio.me>
Co-authored-by: ScriptAutomate <derek@icanteven.io>
Co-authored-by: Wayne Werner <wwerner@vmware.com>
Co-authored-by: Megan Wilhite <mwilhite@vmware.com>
Co-authored-by: nicholasmhughes <nicholasmhughes@gmail.com>
Co-authored-by: Gareth J. Greenaway <gareth@saltstack.com>
Co-authored-by: Pablo Suárez Hernández <psuarezhernandez@suse.com>
Co-authored-by: Alyssa Rock <arock@saltstack.com>
Co-authored-by: krionbsd <krion@FreeBSD.org>
Co-authored-by: Megan Wilhite <megan.wilhite@gmail.com>
Co-authored-by: Frode Gundersen <frogunder@gmail.com>
Co-authored-by: MKLeb <calebb@vmware.com>
383 lines
9.7 KiB
Groff
383 lines
9.7 KiB
Groff
.\" Man page generated from reStructuredText.
|
|
.
|
|
.TH "SALT-CLOUD" "1" "Feb 16, 2022" "3004.1" "Salt"
|
|
.SH NAME
|
|
salt-cloud \- Salt Cloud Command
|
|
.
|
|
.nr rst2man-indent-level 0
|
|
.
|
|
.de1 rstReportMargin
|
|
\\$1 \\n[an-margin]
|
|
level \\n[rst2man-indent-level]
|
|
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
-
|
|
\\n[rst2man-indent0]
|
|
\\n[rst2man-indent1]
|
|
\\n[rst2man-indent2]
|
|
..
|
|
.de1 INDENT
|
|
.\" .rstReportMargin pre:
|
|
. RS \\$1
|
|
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
|
|
. nr rst2man-indent-level +1
|
|
.\" .rstReportMargin post:
|
|
..
|
|
.de UNINDENT
|
|
. RE
|
|
.\" indent \\n[an-margin]
|
|
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.nr rst2man-indent-level -1
|
|
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
|
..
|
|
.sp
|
|
Provision virtual machines in the cloud with Salt
|
|
.SH SYNOPSIS
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.nf
|
|
.ft C
|
|
salt\-cloud \-m /etc/salt/cloud.map
|
|
|
|
salt\-cloud \-m /etc/salt/cloud.map NAME
|
|
|
|
salt\-cloud \-m /etc/salt/cloud.map NAME1 NAME2
|
|
|
|
salt\-cloud \-p PROFILE NAME
|
|
|
|
salt\-cloud \-p PROFILE NAME1 NAME2 NAME3 NAME4 NAME5 NAME6
|
|
.ft P
|
|
.fi
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.SH DESCRIPTION
|
|
.sp
|
|
Salt Cloud is the system used to provision virtual machines on various public
|
|
clouds via a cleanly controlled profile and mapping system.
|
|
.SH OPTIONS
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-\-version
|
|
Print the version of Salt that is running.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-\-versions\-report
|
|
Show program\(aqs dependencies and version number, and then exit
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-h, \-\-help
|
|
Show the help message and exit
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-c CONFIG_DIR, \-\-config\-dir=CONFIG_dir
|
|
The location of the Salt configuration directory. This directory contains
|
|
the configuration files for Salt master and minions. The default location
|
|
on most systems is \fB/etc/salt\fP\&.
|
|
.UNINDENT
|
|
.SS Execution Options
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-L LOCATION, \-\-location=LOCATION
|
|
Specify which region to connect to.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-a ACTION, \-\-action=ACTION
|
|
Perform an action that may be specific to this cloud provider. This
|
|
argument requires one or more instance names to be specified.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-f <FUNC\-NAME> <PROVIDER>, \-\-function=<FUNC\-NAME> <PROVIDER>
|
|
Perform an function that may be specific to this cloud provider, that does
|
|
not apply to an instance. This argument requires a provider to be specified
|
|
(i.e.: nova).
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-p PROFILE, \-\-profile=PROFILE
|
|
Select a single profile to build the named cloud VMs from. The profile must
|
|
be defined in the specified profiles file.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-m MAP, \-\-map=MAP
|
|
Specify a map file to use. If used without any other options, this option
|
|
will ensure that all of the mapped VMs are created. If the named VM already
|
|
exists then it will be skipped.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-H, \-\-hard
|
|
When specifying a map file, the default behavior is to ensure that all of
|
|
the VMs specified in the map file are created. If the \-\-hard option is
|
|
set, then any VMs that exist on configured cloud providers that are
|
|
not specified in the map file will be destroyed. Be advised that this can
|
|
be a destructive operation and should be used with care.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-d, \-\-destroy
|
|
Pass in the name(s) of VMs to destroy, salt\-cloud will search the
|
|
configured cloud providers for the specified names and destroy the
|
|
VMs. Be advised that this is a destructive operation and should be used
|
|
with care. Can be used in conjunction with the \-m option to specify a map
|
|
of VMs to be deleted.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-P, \-\-parallel
|
|
Normally when building many cloud VMs they are executed serially. The \-P
|
|
option will run each cloud vm build in a separate process allowing for
|
|
large groups of VMs to be build at once.
|
|
.sp
|
|
Be advised that some cloud provider\(aqs systems don\(aqt seem to be well suited
|
|
for this influx of vm creation. When creating large groups of VMs watch the
|
|
cloud provider carefully.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-u, \-\-update\-bootstrap
|
|
Update salt\-bootstrap to the latest stable bootstrap release.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-y, \-\-assume\-yes
|
|
Default yes in answer to all confirmation questions.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-k, \-\-keep\-tmp
|
|
Do not remove files from /tmp/ after deploy.sh finishes.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-\-show\-deploy\-args
|
|
Include the options used to deploy the minion in the data returned.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-\-script\-args=SCRIPT_ARGS
|
|
Script arguments to be fed to the bootstrap script when deploying the VM.
|
|
.UNINDENT
|
|
.SS Query Options
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-Q, \-\-query
|
|
Execute a query and return some information about the nodes running on
|
|
configured cloud providers
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-F, \-\-full\-query
|
|
Execute a query and print out all available information about all cloud VMs.
|
|
Can be used in conjunction with \-m to display only information about the
|
|
specified map.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-S, \-\-select\-query
|
|
Execute a query and print out selected information about all cloud VMs.
|
|
Can be used in conjunction with \-m to display only information about the
|
|
specified map.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-\-list\-providers
|
|
Display a list of configured providers.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-\-list\-profiles
|
|
New in version 2014.7.0.
|
|
|
|
.sp
|
|
Display a list of configured profiles. Pass in a cloud provider to view
|
|
the provider\(aqs associated profiles, such as \fBdigitalocean\fP, or pass in
|
|
\fBall\fP to list all the configured profiles.
|
|
.UNINDENT
|
|
.SS Cloud Providers Listings
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-\-list\-locations=LIST_LOCATIONS
|
|
Display a list of locations available in configured cloud providers. Pass
|
|
the cloud provider that available locations are desired on, such as "linode",
|
|
or pass "all" to list locations for all configured cloud providers
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-\-list\-images=LIST_IMAGES
|
|
Display a list of images available in configured cloud providers. Pass the
|
|
cloud provider that available images are desired on, such as "linode", or pass
|
|
"all" to list images for all configured cloud providers
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-\-list\-sizes=LIST_SIZES
|
|
Display a list of sizes available in configured cloud providers. Pass the
|
|
cloud provider that available sizes are desired on, such as "AWS", or pass
|
|
"all" to list sizes for all configured cloud providers
|
|
.UNINDENT
|
|
.SS Cloud Credentials
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-\-set\-password=<USERNAME> <PROVIDER>
|
|
Configure password for a cloud provider and save it to the keyring.
|
|
PROVIDER can be specified with or without a driver, for example:
|
|
"\-\-set\-password bob rackspace" or more specific "\-\-set\-password bob
|
|
rackspace:openstack" DEPRECATED!
|
|
.UNINDENT
|
|
.SS Output Options
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-\-out
|
|
Pass in an alternative outputter to display the return of data. This
|
|
outputter can be any of the available outputters:
|
|
.INDENT 7.0
|
|
.INDENT 3.5
|
|
\fBhighstate\fP, \fBjson\fP, \fBkey\fP, \fBoverstatestage\fP, \fBpprint\fP, \fBraw\fP, \fBtxt\fP, \fByaml\fP, and many others\&.
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.sp
|
|
Some outputters are formatted only for data returned from specific functions.
|
|
If an outputter is used that does not support the data passed into it, then
|
|
Salt will fall back on the \fBpprint\fP outputter and display the return data
|
|
using the Python \fBpprint\fP standard library module.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-\-out\-indent OUTPUT_INDENT, \-\-output\-indent OUTPUT_INDENT
|
|
Print the output indented by the provided value in spaces. Negative values
|
|
disable indentation. Only applicable in outputters that support
|
|
indentation.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-\-out\-file=OUTPUT_FILE, \-\-output\-file=OUTPUT_FILE
|
|
Write the output to the specified file.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-\-out\-file\-append, \-\-output\-file\-append
|
|
Append the output to the specified file.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-\-no\-color
|
|
Disable all colored output
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-\-force\-color
|
|
Force colored output
|
|
.sp
|
|
\fBNOTE:\fP
|
|
.INDENT 7.0
|
|
.INDENT 3.5
|
|
When using colored output the color codes are as follows:
|
|
.sp
|
|
\fBgreen\fP denotes success, \fBred\fP denotes failure, \fBblue\fP denotes
|
|
changes and success and \fByellow\fP denotes a expected future change in configuration.
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-\-state\-output=STATE_OUTPUT, \-\-state_output=STATE_OUTPUT
|
|
Override the configured state_output value for minion
|
|
output. One of \(aqfull\(aq, \(aqterse\(aq, \(aqmixed\(aq, \(aqchanges\(aq or
|
|
\(aqfilter\(aq. Default: \(aqnone\(aq.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-\-state\-verbose=STATE_VERBOSE, \-\-state_verbose=STATE_VERBOSE
|
|
Override the configured state_verbose value for minion
|
|
output. Set to True or False. Default: none.
|
|
.UNINDENT
|
|
.SH EXAMPLES
|
|
.sp
|
|
To create 4 VMs named web1, web2, db1, and db2 from specified profiles:
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.nf
|
|
.ft C
|
|
salt\-cloud \-p fedora_rackspace web1 web2 db1 db2
|
|
.ft P
|
|
.fi
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.sp
|
|
To read in a map file and create all VMs specified therein:
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.nf
|
|
.ft C
|
|
salt\-cloud \-m /path/to/cloud.map
|
|
.ft P
|
|
.fi
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.sp
|
|
To read in a map file and create all VMs specified therein in parallel:
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.nf
|
|
.ft C
|
|
salt\-cloud \-m /path/to/cloud.map \-P
|
|
.ft P
|
|
.fi
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.sp
|
|
To delete any VMs specified in the map file:
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.nf
|
|
.ft C
|
|
salt\-cloud \-m /path/to/cloud.map \-d
|
|
.ft P
|
|
.fi
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.sp
|
|
To delete any VMs NOT specified in the map file:
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.nf
|
|
.ft C
|
|
salt\-cloud \-m /path/to/cloud.map \-H
|
|
.ft P
|
|
.fi
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.sp
|
|
To display the status of all VMs specified in the map file:
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.nf
|
|
.ft C
|
|
salt\-cloud \-m /path/to/cloud.map \-Q
|
|
.ft P
|
|
.fi
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.SH SEE ALSO
|
|
.sp
|
|
\fBsalt\-cloud(7)\fP
|
|
\fBsalt(7)\fP
|
|
\fBsalt\-master(1)\fP
|
|
\fBsalt\-minion(1)\fP
|
|
.SH AUTHOR
|
|
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
|
|
.\" Generated by docutils manpage writer.
|
|
.
|