What's new in Salt 3003 Aluminium release
18 minute read Updated:
The Salt Aluminium release is rather modest with new features. There are multiple possible reasons for that: post-acquisition turbulence/reorganization under VMware, rebranding and the new saltproject.io domain, a couple of severe CVEs, etc. In fact, at the end of 2020, the list of notable changes was so small that I almost decided to skip writing this post altogether.
Fortunately, a couple of interesting features landed in the following weeks, plus some noteworthy changes happened under the hood as well. So, please enjoy the next installment of these unofficial Salt release notes!
What's New in Salt 3003 Aluminium: Beacons, Cloud, Development, Salt Extensions, Performance and caching, Juniper minion, FIPS mode, FreeBSD and macOS, Rich Slack messages
- Docs
- Development
- Salt Extensions
- Cloud
- Juniper native minion
- Beacons
- Performance and caching
- TCP transport
- FIPS mode
- FreeBSD
- macOS
- Other OSes
- Rich Slack messages
- Other notable changes
Want to read about the upcoming Argon release?
I’m always hesitant to commit to writing another post like this one (it takes a lot of time!). However, I get bits of motivation to do so when people subscribe to the mailing list:
Powered by Mailgit
Docs
Salt User Guide
It is a new Salt User Guide that was created during February 10 Docs Jam. It covers lots of topics, but there are a couple of them that caught my eye:
- State system behind the scenes
- Using Jinja with Salt
- Map files
- Requisites
- Execution architecture
- Troubleshooting
Go read it, it is awesome!
The guide is temporarily hosted on GitLab Pages, and its source code can be found in the corresponding repository. For more background about the Docs Jam event you can read the blog post by Alyssa Rock (the event organizer).
Other improvements
- Salt System Architecture for newbies. PR #58664 by @barbaricyawps
- New Contributing guidelines. PR #57645 by Wayne Werner and #59289 by Derek Ardolf
- Jinja renderer is now the recommended one amongst other renderers as more secure because of sandboxing. PR #59576 by Derek Ardolf . This change was caused by CVE-2021-25283 fix in 3002.5 and was briefly tested earlier on Dec 8 in public.
- Tons (1248 files changed!) of minor formatting fixes. Worth looking at if you plan to improve the docs and not want to reintroduce the same bad formatting again. PR #59093 by Elias Probst
- A manual Salt key rotation procedure has been added. Check out this comment for some hints on how to automate it. PR #59271 by Derek Ardolf
- An interesting option that was there since 2015 got documented:
state_output_profile
. PR #59165 by Derek Ardolf
If you know some obscure and undocumented config options, please add them to this epic.
Development
runtests
removal 🎉
It is a huge milestone! I already covered the migration progress in the past (1, 2). Now the runtests.py
test runner was finally removed, and lots of tests (but not all) were moved to PyTest.
The new Contributing guide has all the details on how to run the tests, plus I have my own cheatsheet with a couple of useful commands.
PR #59377 by Pedro Algarvio , also many PRs by Kirill Ponomarev and other developers.
Backward compatibility tests
This is a new test suite to test backward compatibility between newer masters and older minions. I haven’t tried to actually run it, but this what I learned by looking at the code:
- It runs tests in dynamically generated Docker containers, using the
saltstack/ci-centos-7
base image. - The minion test matrix includes 2017.7.8, 2018.3.5, 2019.2.4, 3000.6 with Py2/Py3, and 3001.4, 3002.2 with Py3.
- The test suite is fairly minimal (for now) and checks the key acceptance procedure,
test.ping
,state.highstate
(that installs one package and calls a custom module), and asalt-cp
utility test. I’m pretty sure that the test suite will be significantly expanded in the future.
PR #59548 by Pedro Algarvio
Hooks and linters
- Replace some Jenkins jobs with a GH Actions. PR #58983 by Pedro Algarvio
- Start checking code with Bandit. Apparently, the change was caused by this CVE-2020-28243 report. PR #59648 by Pedro Algarvio
- Improved pre-commit hook to prevent badly named changelog files from being committed. PR #59423 by Pedro Algarvio
- Add
salt-rewrite
to pre-commit hooks. It is a set of automated refactoring rules (that use Bowler and Fissix under the hood) to improve the Salt codebase. PR #59323 by Pedro Algarvio - Add
twine check
to GitHub Actions to check the Salt package before uploading it to PyPI. PR #59291 by Derek Ardolf
Stricter object lifecycle control
It seems to be a part of ongoing efforts to eradicate memory leaks.
- Always terminate Salt’s event classes. PR #59190 by Pedro Algarvio
- Make sure all local clients are “destroyed” after being used. PR #59199 by Pedro Algarvio
Loader contexts
Prior to these changes, Salt’s “magic dunders” (__utils__
, __salt__
, __opts__
, etc…) would be added as global attributes to a loaded module’s namespace. It had the unintended side effect of allowing a method call from one loader to change something in another loader. This can be particularly problematic for __context__
and __opts__
, plus it can also cause problems for loaders added with unique configs.
Now loaders use the contextvars
library to provide a context that is specific to the loader that loads the function being called. Every function is wrapped with the new LoadedFunc
class.
There is also an addition of a new pack_self
attribute to Salt’s LazyLoader
class. It allows the loader to expose itself as a magic dunder without creating circular references in the loader’s pack dictionary. Those circular references are the cause of some memory leaks. The pack_self
argument should be used to avoid memory leaks.
I haven’t run any benchmarks, but I expect these changes to make the loader somewhat slower. There is just too much magic inside… On a positive note, it was reported that this change fixes the long-standing reactor race conditions: #54045, #57626. It looks like the fixes shipped in Salt Magnesium weren’t sufficient for that.
PR #58853 by Daniel Wozniak
Other changes
- Replace the custom flaky decorator with flaky. PR #59495 by Pedro Algarvio
- Always store git sha in
_version.py
during installation (was also ported to 3002.6). PR #59137 by Bryce Larson - Fix salt version PEP440 compliance. PR #59359 by Pedro Algarvio
- Update ignored revisions for
git-blame
(to skip big code-reformatting commits). PR #59022 by @amendlik - Tornado 5 preparations. PR #59459 by Daniel Wozniak
- Dependabot has been added to automate dependency upgrades.
- It looks like there is a new freeze branch that will be used during a release candidate code freeze to unblock the master one.
Salt Extensions
For many years it was possible to install custom Salt modules via pip
. In Salt Aluminium this feature was simplified a bit and gained some additional tooling:
- The
salt-extension
utility that simplifies creating new extensions. - The new
extensions.saltproject.io
index (see the project source code). An extension will be automatically added from PyPI if its name starts withsaltext.
,salt-ext-
orsaltext-
, or if the package metadata has thesalt-extension
keyword. - These packages will be automatically tested on supported Salt versions.
The PR itself is fairly simple. Previously it was necessary to specify loader functions to define custom modules using setuptools entry-points in setup.cfg
:
[options.entry_points]
salt.loader=
runner_dirs = my_package.loader:func_to_get_list_of_runner_dirs
module_dirs = my_package.loader:func_to_get_list_of_module_dirs
Now they can be defined in a more succinct way as well:
[options.entry_points]
salt.loader=
namedoesnotmatter = my_package
With this new approach, when the target is a package, Salt looks for the ext_type
being loaded as submodule of the package, and if it exists, it loads from there. If the target is a callable, then that callable should return a dictionary where the keys are the several salt loader names. For salt execution modules, it would be modules
; for salt state modules, it would be states
, etc. The values for those keys need to be iterable (i.e., a list, a generator, etc.), whose values are the paths from where to load the salt loader modules. If a function returns a list, then this is an old-style entry-point, and its name must match the value of ext_type
.
Salt’s versions report salt --versions-report
now includes all installed extensions as well. It may be necessary to restart Salt to activate an installed extension.
PR #58943 by Pedro Algarvio . For more information you can watch this presentation.
P.S. I’m aware of several open source projects that use entrypoints to ship custom Salt modules:
- SpiroStack (see the spirofs and spiro-network components)
- salt-nornir
- salt-ttp
Cloud
Hetzner Cloud provider
The Hetzner Public Cloud provider for salt-cloud has been added in Salt Aluminium. Internally it uses the official hcloud-python library. The list of initially supported functions:
avail_locations
avail_images
avail_sizes
list_ssh_keys
list_nodes_full
list_nodes
wait_until
show_instance
create
start
stop
reboot
destroy
resize
By the way, the spreadsheet I made shows which functions are implemented in various Salt cloud drivers and is somewhat useful for feature parity tracking. If you want to implement a new cloud provider or enhance an existing one, here is a good guide that contains a minimal set of functions the provider needs to have: Writing Cloud Driver Modules. Alternatively, you might want to look at Idem.
PR #59301 by @fkantelberg
Libvirt performance tuning options
It is a GSoC 2020 project that makes lots of existing libvirt tunables configurable through Salt (I won’t even try to list them all!).
PR #58196 by Guoqing Li , #59007 by Cedric Bosdonnat
Enhanced libvirt network options
It is a really huge PR that adds tons of new options to virt.network_defined
and virt.network_running
states.
Execution modules:
- New
host_devices
parameter invirt.init
that defines a list of host devices to passthrough to the guest. - New
mtu
,domain
,nat
,interfaces
,addresses
,physical_function
, anddns
parameters invirt.network_define
. Thevport
andtag
parameters now accept dictionaries. - The existing
ipv4_config
andipv6_config
dictionaries can now contain the following properties:hosts
,bootp
,tftp
. - The new
virt.network_update
function has been added.
State modules:
- New
host_devices
parameter invirt.defined
that defines a list of host devices to passthrough to the guest - The same
host_devices
parameter was also added to thevirt.running
state - New
mtu
,domain
,nat
,interfaces
,addresses
,physical_function
, anddns
parameters invirt.network_defined
andvirt.network_running
states. Thevport
andtag
parameters now accept dictionaries.
Utils:
- New
xmlutil.strip_spaces
function - New
xmlutil.element_to_str
function
PR #59146 by Cedric Bosdonnat . Hat tip to Wayne Werner for reviewing this monster!
Other cloud changes
- Firewall groups support in Vultr Salt Cloud provider; ability to specify SSH keys to be preinstalled on the server. New functions:
avail_firewall_groups
,avail_keys
,list_firewall_groups
,list_keypairs
,show_keypair
. PR #58547 by Richard Simko - Support
io2
volume types in AWS EC2. PR #59242 by Shane Lee . I wonder if the newgp3
volume type (up to 20% cheaper thangp2
) is also supported. - Bump Apache libcloud version to
>=2.5.0
to fix GCE authentication issues, plus a couple of other fixes. PR #59374 by Pedro Algarvio - Support consoles and serials in the
virt.running
,virt.defined
states andvirt.init
andvirt.update
execution modules. PR #58859 by Cedric Bosdonnat - Allow forcing a VM shutdown instead of a reboot via the new
stop_on_reboot
option invirt.init
. PR #58591 by Cedric Bosdonnat
Juniper native minion
Juniper native minion support was merged into the master branch. Previously, it was available in private branches for Neon, Sodium, and Magnesium releases, which were tested and certified by Juniper. Now it is a part of the mainline release process and will be tested using regular CI/CD runs. A brief list of new features and improvements:
junos_rre_keys
redundant routing engine beacon. Copies salt-minion keys to the backup RE when present- Proper grains on Junos:
kernel
,osfullname
,os
,os_family
,model
,osrelease
,osmajorrelease
,osrelease_info
,kernelversion
,kernelrelease
, andjunos_facts
- Timeouts and exceptions handling (and the new
junos/proxy/*/stop
event) - Reboot handling in Junos proxy minion
replace
flag forjunos.install_config
andjunos.load
functionsjunos.rpc_file_list
function to get a list of filesjunos.file_compare
function to compare two filesjunos.fsentry_exists
to check if an entry refers to a file or a non-file (generally a directory)junos.routing_engine
to return the routing engines on the device and their status (Master, Disabled, Backup)junos.dir_copy
to recursively copy a directory- Junos support in
status.cpustats
,status.meminfo
,status.cpuinfo
,status.diskstats
,status.nproc
,status.vmstats
,status.netstats
,status.netdev
,status.w
, andstatus.version
functions - Proper network interface information
PRs #58979 and #59114 by David Murphy . More documentation is available on juniper.net.
Beacons
A mod_beacon
state function
It is an initial implementation of SEP-30 - Event Driven State Enforcer. It can automatically add associated beacons to monitor changes to the pkg
, service
, and file
resources in the state file and fire events to the event bus when changes occur.
# aluminium/modbeacon.sls
/tmp/hello.txt:
file.managed:
- contents: Hello there!
- beacon: true
- beacon_data:
coalesce: false
interval: 60
mask:
- create
- delete
- modify
/tmp/hello_dir:
file.directory:
- beacon: true
- beacon_data:
auto_add: true
recurse: true
exclude: []
coalesce: false
interval: 60
mask:
- create
- delete
- modify
zsh:
pkg.installed: # also works with pkg.removed
- beacon: true
# beacon_data keyword is not supported here
cron:
service.running: # also works with service.dead
- beacon: true
- beacon_data:
onchangeonly: true
interval: 60
delay: 0
emitatstartup: false
uncleanshutdown: /run/crond.pid
The downside is that all these automatically created beacons will be lost when the minion is restarted, so you need to ensure this state is run again after the restart.
PR #59559 by Gareth J. Greenaway
The pkg
beacon improvements
Improve the pkg beacon to fire events not only when there are upgrades to packages, but also when watched packages are installed or removed.
beacons:
pkg:
- pkgs:
- zsh
- refresh: True
salt/beacon/master/pkg/ {
"_stamp": "2021-03-13T12:05:01.648082",
"id": "master",
"pkg": "zsh",
"status": "installed",
"version": "5.8-3ubuntu1"
}
salt/beacon/master/pkg/ {
"_stamp": "2021-03-13T12:05:20.867170",
"id": "master",
"pkg": "zsh",
"status": "not-installed",
"version": null
}
PR #59463 by Gareth J. Greenaway
The swapusage
beacon
The new swapusage
beacon complements the existing memusage
beacon (and depends on the psutil
library as well).
beacons:
swapusage:
- percent: 10%
- interval: 60
Once the threshold is exceeded, the beacon will emit a salt/beacon/*/swapusage/
event:
salt/beacon/master/swapusage/ {
"_stamp": "2021-03-13T10:54:38.640698",
"id": "master",
"swapusage": 16.8
}
PR #59460 by Imran Iqbal
The salt_monitor
beacon
A beacon to execute salt execution module functions. This beacon will fire only if the return data is “truthy”. The function return, function name, and args and/or kwargs, will be passed as data in the event. The configuration can accept a list of salt functions to execute every interval.
beacons:
salt_monitor:
- salt_fun:
- slsutil.renderer:
args:
- salt://aluminium/parallel.sls
kwargs:
- default_renderer: jinja
- test.ping
- interval: 3600
The resulting event will look like this:
salt/beacon/master/salt_monitor/ {
"_stamp": "2021-03-13T11:33:43.558114",
"args": [
"salt://aluminium/parallel.sls"
],
"id": "master",
"kwargs": {
"default_renderer": "jinja"
},
"ret": "barrier:\n test.nop\nblah-1:\n cmd.run:\n - name: sleep 10\n - require:\n - barrier\n - parallel: true\n - require_in:\n - barrier2\n\nblah-2:\n cmd.run:\n - name: sleep 10\n - require:\n - barrier\n - parallel: true\n - require_in:\n - barrier2\n\nblah-3:\n cmd.run:\n - name: sleep 10\n - require:\n - barrier\n - parallel: true\n - require_in:\n - barrier2\n\n\nbarrier2:\n test.nop\n",
"salt_fun": "slsutil.renderer"
}
Performance and caching
Parallel requisites
States that use parallel: true
and have requisites now run in parallel as they should:
# aluminium/parallel.sls
barrier:
test.nop
{%- for x in [1,2,3] %}
blah-{{x}}:
cmd.run:
- name: sleep 10
- require:
- barrier
- parallel: true
- require_in:
- barrier2
{% endfor %}
barrier2:
test.nop
As you can see, the actual time to run is ~11s instead of 30s (although the built-in total time reporting doesn’t make a lot of sense anymore):
time salt-call state.apply aluminium.parallel --state-output terse
local:
Name: barrier - Function: test.nop - Result: Clean Started: - 18:45:07.663767 Duration: 0.544 ms
Name: sleep 10 - Function: cmd.run - Result: Changed Started: - 18:45:07.665067 Duration: 10027.307 ms
Name: sleep 10 - Function: cmd.run - Result: Changed Started: - 18:45:07.669409 Duration: 10046.531 ms
Name: sleep 10 - Function: cmd.run - Result: Changed Started: - 18:45:07.673804 Duration: 10035.852 ms
Name: barrier2 - Function: test.nop - Result: Clean Started: - 18:45:17.740429 Duration: 1.334 ms
Summary for local
------------
Succeeded: 5 (changed=3)
Failed: 0
------------
Total states run: 5
Total run time: 30.112 s
real 0m11.486s
user 0m1.071s
sys 0m0.206s
PR #58976 by Gareth J. Greenaway
That said, it looks like there is still some room for improvement: #59959.
Clear and show the pillar cache
This is a much-needed feature for Salt environments with lots of pillar data and enabled pillar caching (pillar_cache: true
). It allows to inspect and purge pillar cache for any specific minion (or multiple ones).
salt-run pillar.show_pillar_cache '*'
salt-run pillar.clear_pillar_cache 'minion'
The pillarenv
and saltenv
keywords are also supported.
PR #59411 by Gareth J. Greenaway
Other performance changes
- Get rid of two O(n^2) performance bugs in the
sysctl.present
state. PR #58732 by Alan Somers - Invalidate file list cache when cache file has a future last modified time. PR #58529 by Pablo Suárez Hernández
TCP transport
- Make multiple attempts to send messages (e.g., job results) back to the master for TCP transport (as it’s currently done for ZeroMQ). The interval between retries can be defined via
return_retry_timer
andreturn_retry_timer_max
minion settings. PR #59163 by Lukas Raska - Make the number of attempts configurable (
return_retry_tries
) for both TCP and ZeroMQ transports. PR #59237 by Lukas Raska - Allow defining
tcp_reconnect_backoff
minion option (instead of hardcoded 1-second interval). PR #59432 by Lukas Raska
FIPS mode
This change adds a new master/minion option named fips_mode
(False
by default). When enabled, it will disable non-fips compliant crypto libraries such as libnacl. For example, FIPS is enabled on VMware PhotonOS 3 image on CI.
List of affected modules:
modules.libnacl
modules.x509
pillar.nacl
runners.nacl
states.x509
utils.nacl
PR #59833 by Daniel Wozniak
FreeBSD
- Implement the missing
shadow.set_password
function for FreeBSD. PR #59140 by Alan Somers - Add
checklibs
flag topkgng.check
function to regenerate the library dependency metadata. PR #59569 by Kirill Ponomarev - Use
-U
flag instead of deprecated-L
one inpkgng.upgrade
. PR #59565 by Kirill Ponomarev - Add
bytes
option topkgng.stats
to display disk usage in bytes. PR #59540 by Kirill Ponomarev
macOS
- Sign the binaries and notarize the macOS installer for compatibility with Big Sur. PR #59084 by Shane Lee
- Fix
pkg.list_pkgs
to usebrew list --cask
instead of deprecatedbrew cask --list
. PR #58381 by Carlos D. Álvaro - Update
salt.module.mac_brew_pkg
to work with brew’s JSON v2 output. PR #59371 by Pedro Algarvio - Fix installation on Apple M1 Macs. PR #59828 by @hl-tam and Megan Wilhite
Other OSes
- Improve package manager detection on CentOS Stream. PR #59201 by Jerzy Drozdz
- CentOS Stream support in various
os*
core grains. PR #59177 by Alexander Kriventsov - Add AlmaLinux to core grains. PR #59404 by Richard Groux
- Enable
aptpkg
module on Pop!_OS 20.04. PR #58443 by @thehunmonkgroup - Make
pkgrepo
andpkg
modules work on VMWare’s Photon OS. Photon OS is now belongs to the RedHatos_family
grain. PR #58856 by @lomeroe and Ken Crowell - Add support for Powershell 7 to
cmd
module. It is specified by passingshell="pwsh"
. Only valid if Powershell 7 is installed on the system. PR #59240 by Shane Lee - Deprecate
zypperpkg
’sadd_lock
andremove_lock
in favour ofhold
andunhold
functions. PR #56935 by @isbm and Ken Crowell - Add
pkg.services_need_restart
tozypperpkg
,yumpkg
andaptpkg
to list services that use files that have been changed by the package manager. PR #58262 by Alexander Graul
Rich Slack messages
This feature adds two optional parameters to slack.post_message
execution function:
attachments
- attachments to be sent with the messageblocks
- blocks to be sent with the message
To understand how to format Slack messages using these arguments, read the Composing messages documentation page. The corresponding slack.post_message
state does not support these new parameters yet; hopefully, it will be addressed later.
sadserver_quote:
# NOTE: Put use_superseded: ['module.run'] into the minion config
module.run:
- slack.post_message:
- "#random"
- " "
- Salt
- api_key: xoxb-123456789012-0123456789012-ABcdEFghIJklMNopQRstUVwx
- icon: https://saltproject.io/favicon.png
- blocks: >-
[
{"type": "section", "text": {"type": "mrkdwn", "text": "Your daily *Sad Server* quote:"}},
{"type": "divider"},
{"type": "section", "text": {
"type": "plain_text",
"text": {{ salt['cmd.run']('python3 -c \'import json, random, sys, urllib.request; sys.stdout.buffer.write(("{}".format(random.choice(json.loads(urllib.request.urlopen("https://brokenco.de/files/sadserver.json").read().decode("utf-8")))["full_text"].strip())).encode("utf-8"))\'') | yaml_encode }}
},
"accessory": {"type": "image", "image_url": "https://pbs.twimg.com/profile_images/581161893219323904/eGnWc30X_400x400.png", "alt_text": "Sad Server"}
}
]
PR #59428 by Ryan Addessi
P.S. Apparently, this feature will only work with Slack legacy tokens, which are deprecated and no longer can be created. And to be honest, the overall integration with Slack needs some refactoring - there are multiple modules that use different ways to communicate with Slack: modules.slack_notify
, states.slack
, engines.slack
, returners.slack_return
, returners.slack_webhook_return
, and utils.slack
. Also, on Feb 24th, the Slack engine stopped working due to deprecation of the API
Other notable changes
- Add SCRAM-SHA-256 password hash support to PostgreSQL states (
postgres_user.present
,postgres_group.present
). PR #59034 by James Howe - Pass the
waldir
parameter fromdatadir_init
to the underlying initialization function inmodules.postgres
, so it actually works. PR #57770 by Christoph Moench-Tegeder - Add
client_flags
option tomysql_query
state module, for example, to pass the option to support multiple statements in queries. PR #58718 by Gareth J. Greenaway - Fix
systemd_service.get_enabled
,get_disabled
andget_static
on newer systemd version. PR #59525 by Vaarlion - Allow use of query parameters in
cmd.script
to specify asaltenv
. PR #59450 by Shane Lee - The
salt-run
CLI now accepts an explicit job ID via the--jid
argument which allows scripting against it. PR #59523 by Pedro Algarvio - Allow DNS nameservers grain to be populated from systemd-resolve. PR #59310 by Gareth J. Greenaway
- Add
addtag
,alloc
,autobackup
,metadatatype
,zero
parameters tolvm.vgcreate
. PR #58748 by Yashodhan Pise zabbix_host.present
: accept all Zabbix host properties, include the optional parametervisible_name
, plus a couple of other bugfixes. PR #58604 by Piter Punk- Add interface channels management support to
rh_ip
module andnetwork.managed
state. PR #59134 by Krzysztof Pawłowski - Return correct result from
module.run
state. When run in test mode,module.run
will returnNone
, which indicates that changes will be made in in live mode (previously, it showed no changes). Also return an error when run with no functions passed. PR #58752 by @amendlik - Ensure
data
is a valid keyword argument for theevent.wait
function. PR #59555 by Gareth J. Greenaway - Update
salt.utils.data.decode
to handle datetime objects properly, so it can convert those when they show in events. Fix a couple of other serialization issues as well. PR #59260 by Gareth J. Greenaway - Fixing an issue when pillar files are included in the
top.sls
and then later included in another pillar file. PR #58736 by Gareth J. Greenaway - Fix a problem with the logic for
onlyif
andunless
state conditionals that make states with multiple “onlyif” or “unless” conditionals to only take care of the latest condition to compute the results. PR #59345 by Pablo Suárez Hernández - Fix race conditions for corner cases when handling SIGTERM by a minion. PR #59524 by Pablo Suárez Hernández
- Load system grains when custom grains are set. PR #58964 by Megan Wilhite
- Allow using
pillar.get
against integer pillar keys [LABELS=Aluminium] PR #58750 by Gareth J. Greenaway - Make
lvm.lv_present
acceptmb
,gb
,tb
,pb
as size. PR #59610 by Piter Punk - All matcher
match
functions must now accept aminion_id
keyword arg. PR #59717 by Pedro Algarvio - Allow GnuPG 2 users to export keys with and without a passphrase. This behavior can be controlled via the new
use_passphrase
keyword ingpg.export_key
andgpg.delete_key
. PR #59376 by Piter Punk - Update
tojson
Jinja filter to allow arbitrary args, for example, to sort the keys. PR #56022 by Wayne Werner - Remove the
managed_private_key
argument fromsalt.states.x509.certificate_managed
. PR #59247 by Charles McMarrow - Allow netmiko to run outside of proxy minions. PR #59634 by Gareth J. Greenaway
- Remove the deprecated
glance
state and execution module in favor of theglance_image
state module and theglanceng
execution module. PR #59811 by Megan Wilhite
You can find other changes and bugfixes in the official CHANGELOG.md.
Want to read about the upcoming Argon release?
I’m always hesitant to commit to writing another post like this one (it takes a lot of time!). However, I get bits of motivation to do so when people subscribe to the mailing list:
Powered by Mailgit