Salt Documentation Release 2014.7.6 (2024)

Salt Documentation Release 2014.7.6

SaltStack, Inc.

May 19, 2015

Contents

1 Introduction to Salt 1 1.1 e 30 second summary ...... 1 1.2 Simplicity ...... 1 1.3 Parallel execution ...... 1 1.4 Building on proven technology ...... 2 1.5 Python client interface ...... 2 1.6 Fast, ﬂexible, scalable ...... 2 1.7 Open ...... 2 1.8 Salt Community ...... 2 1.9 Mailing List ...... 2 1.10 IRC ...... 3 1.11 Follow on Github ...... 3 1.12 Blogs ...... 3 1.13 Example Salt States ...... 3 1.14 Follow on ohloh ...... 3 1.15 Other community links ...... 4 1.16 Hack the Source ...... 4

2 Installation 5 2.1 ick Install ...... 5 2.2 Platform-speciﬁc Installation Instructions ...... 5 2.3 Dependencies ...... 26 2.4 Optional Dependencies ...... 27 2.5 Upgrading Salt ...... 27

3 Tutorials 29 3.1 Introduction ...... 29 3.2 Basics ...... 31 3.3 States ...... 44 3.4 Advanced Topics ...... 71 3.5 Salt Virt ...... 111 3.6 Halite ...... 115 3.7 Using Salt at scale ...... 118

4 Targeting Minions 123 4.1 Matching the minionid ...... 123 4.2 Grains ...... 124 4.3 Subnet/IP Address Matching ...... 127

i 4.4 Compound matchers ...... 128 4.5 Node groups ...... 129 4.6 Batch Size ...... 129 4.7 SECO Range ...... 129

5 Storing Static Data in the Pillar 131 5.1 Declaring the Master Pillar ...... 131 5.2 Pillar namespace ﬂaened ...... 132 5.3 Pillar Namespace Merges ...... 133 5.4 Including Other Pillars ...... 134 5.5 Viewing Minion Pillar ...... 134 5.6 Pillar ``get'' Function ...... 134 5.7 Refreshing Pillar Data ...... 135 5.8 Targeting with Pillar ...... 135 5.9 Set Pillar Data at the Command Line ...... 135 5.10 Master Conﬁg In Pillar ...... 135

6 Reactor System 137 6.1 Event System ...... 137 6.2 Mapping Events to Reactor SLS Files ...... 137 6.3 Fire an event ...... 138 6.4 Knowing what event is being ﬁred ...... 138 6.5 Debugging the Reactor ...... 139 6.6 Understanding the Structure of Reactor Formulas ...... 139 6.7 A Complete Example ...... 142 6.8 Syncing Custom Types on Minion Start ...... 143

7 e Salt Mine 145 7.1 Mine Functions ...... 145 7.2 Mine Interval ...... 146 7.3 Example ...... 146

8 External Authentication System 147 8.1 Access Control System ...... 147 8.2 Tokens ...... 148 8.3 LDAP and Active Directory ...... 149

9 Job Management 151 9.1 e Minion proc System ...... 151 9.2 Functions in the saltutil Module ...... 151 9.3 e jobs Runner ...... 151 9.4 Scheduling Jobs ...... 152 9.5 States ...... 154 9.6 Highstates ...... 154 9.7 Runners ...... 154 9.8 Scheduler With Returner ...... 155

10 Salt Event System 159 10.1 Event types ...... 159 10.2 Listening for Events ...... 162 10.3 Firing Events ...... 164 10.4 Firing Events from Python ...... 164

11 Salt Syndic 167 11.1 Conﬁguring the Syndic ...... 167 ii 11.2 Running the Syndic ...... 167 11.3 Topology ...... 168 11.4 Syndic and the CLI ...... 168

12 Salt Proxy Minion Documentation 169 12.1 Geing Started ...... 169 12.2 e __proxyenabled__ directive ...... 173

13 Windows Soware Repository 175 13.1 Operation ...... 175 13.2 Usage ...... 176 13.3 Generate Repo Cache File ...... 177 13.4 Install Windows Soware ...... 178 13.5 Uninstall Windows Soware ...... 178 13.6 Standalone Minion Salt Windows Repo Module ...... 178 13.7 Git Hosted Repo ...... 178 13.8 Troubleshooting ...... 179

14 Windows-speciﬁc Behaviour 181 14.1 Group parameter for ﬁles ...... 181 14.2 Dealing with case-insensitive but case-preserving names ...... 181 14.3 Dealing with various username forms ...... 182 14.4 Specifying the None group ...... 182 14.5 Symbolic link loops ...... 182 14.6 Modifying security properties (ACLs) on ﬁles ...... 182

15 Salt Cloud 183 15.1 Geing Started ...... 183 15.2 Using Salt Cloud ...... 183 15.3 Core Conﬁguration ...... 188 15.4 Windows Conﬁguration ...... 198 15.5 Cloud Provider Speciﬁcs ...... 199 15.6 Miscellaneous Options ...... 254 15.7 Troubleshooting Steps ...... 258 15.8 Extending Salt Cloud ...... 261 15.9 Using Salt Cloud from Salt ...... 270 15.10 Feature Comparison ...... 274

16 netapi modules 279 16.1 Writing netapi modules ...... 279 16.2 Introduction to netapi modules ...... 280 16.3 Client interfaces ...... 280

17 Salt Virt 283 17.1 Salt Virt Tutorial ...... 283 17.2 e Salt Virt Runner ...... 283 17.3 Based on Live State Data ...... 284 17.4 Deploy from Network or Disk ...... 284

18 Understanding YAML 287 18.1 Rule One: Indentation ...... 287 18.2 Rule Two: Colons ...... 287 18.3 Rule ree: Dashes ...... 288 18.4 Learning More ...... 288

iii 19 Master Tops System 289

20 Salt SSH 291 20.1 Salt SSH Roster ...... 291 20.2 Calling Salt SSH ...... 292 20.3 States Via Salt SSH ...... 292 20.4 Targeting with Salt SSH ...... 292 20.5 Conﬁguring Salt SSH ...... 292 20.6 Running Salt SSH as non-root user ...... 293 20.7 Deﬁne CLI Options with Saltﬁle ...... 293

21 Salt Rosters 295 21.1 How Rosters Work ...... 295

22 Reference 297 22.1 Full list of builtin auth modules ...... 297 22.2 Command Line Reference ...... 300 22.3 Client ACL system ...... 324 22.4 Python client API ...... 324 22.5 Full list of Salt Cloud modules ...... 334 22.6 Conﬁguration ﬁle examples ...... 376 22.7 Conﬁguring Salt ...... 398 22.8 Conﬁguring the Salt Master ...... 401 22.9 Conﬁguring the Salt Minion ...... 429 22.10 Running the Salt Master/Minion as an Unprivileged User ...... 442 22.11 Logging ...... 443 22.12 External Logging Handlers ...... 444 22.13 Salt File Server ...... 447 22.14 Full list of builtin ﬁleserver modules ...... 452 22.15 Salt code and internals ...... 459 22.16 Full list of builtin execution modules ...... 465 22.17 Full list of netapi modules ...... 915 22.18 Full list of builtin output modules ...... 941 22.19 Peer Communication ...... 947 22.20 Pillars ...... 949 22.21 Full list of builtin pillar modules ...... 949 22.22 Renderers ...... 963 22.23 Returners ...... 987 22.24 Full list of builtin roster modules ...... 1005 22.25 Salt Runners ...... 1006 22.26 State Enforcement ...... 1025 22.27 Full list of builtin state modules ...... 1074 22.28 Execution Modules ...... 1245 22.29 Master Tops ...... 1249 22.30 Full list of builtin master tops modules ...... 1249 22.31 Full list of builtin wheel modules ...... 1252

23 Salt Best Practices 1255 23.1 General rules ...... 1255 23.2 Structuring States and Formulas ...... 1255 23.3 Structuring Pillar Files ...... 1256 23.4 Variable Flexibility ...... 1257 23.5 Modularity Within States ...... 1258 23.6 Storing Secure Data ...... 1261

iv 24 Troubleshooting 1263 24.1 Troubleshooting the Salt Master ...... 1263 24.2 Troubleshooting the Salt Minion ...... 1263 24.3 Running in the Foreground ...... 1263 24.4 What Ports do the Master and Minion Need Open? ...... 1263 24.5 Using salt-call ...... 1264 24.6 Too many open ﬁles ...... 1264 24.7 Salt Master Stops Responding ...... 1264 24.8 Salt and SELinux ...... 1265 24.9 Red Hat Enterprise Linux 5 ...... 1266 24.10 Common YAML Gotchas ...... 1266 24.11 Live Python Debug Output ...... 1266 24.12 Salt 0.16.x minions cannot communicate with a 0.17.x master ...... 1266 24.13 Debugging the Master and Minion ...... 1266

25 Developing Salt 1267 25.1 Overview ...... 1267 25.2 Salt Client ...... 1267 25.3 Salt Master ...... 1267 25.4 Salt Minion ...... 1269 25.5 A Note on ClearFuncs vs. AESFuncs ...... 1270 25.6 Contributing ...... 1271 25.7 Deprecating Code ...... 1274 25.8 Dunder Dictionaries ...... 1275 25.9 External Pillars ...... 1277 25.10 Installing Salt for development ...... 1280 25.11 Logging Internals ...... 1284 25.12 Modular Systems ...... 1284 25.13 Package Providers ...... 1286 25.14 Community Projects at Use Salt ...... 1290 25.15 Salt Topology ...... 1291 25.16 Translating Documentation ...... 1291 25.17 Running e Tests ...... 1292 25.18 Automated Test Runs ...... 1295 25.19 Writing Tests ...... 1295 25.20 raet ...... 1308 25.21 SaltStack Git Policy ...... 1312 25.22 Salt Conventions ...... 1313

26 Release notes 1347 26.1 Latest Stable Release ...... 1347 26.2 Previous Releases ...... 1347

27 Salt Based Projects 1451 27.1 Salt Sandbox ...... 1451

28 Security disclosure policy 1453 28.1 Security response procedure ...... 1454 28.2 Receiving security announcemnts ...... 1454

29 Frequently Asked estions 1455 29.1 Is Salt open-core? ...... 1455 29.2 What ports should I open on my ﬁrewall? ...... 1455 29.3 I'm seeing weird behavior (including but not limited to packages not installing their users properly) 1456 29.4 My script runs every time I run a state.highstate. Why? ...... 1456

v 29.5 When I run test.ping, why don't the Minions that aren't responding return anything? Returning False would be helpful...... 1456 29.6 How does Salt determine the Minion's id? ...... 1457 29.7 I'm trying to manage packages/services but I get an error saying that the state is not available. Why?1457 29.8 I'm using gitfs and my custom modules/states/etc are not syncing. Why? ...... 1457 29.9 Why aren't my custom modules/states/etc. available on my Minions? ...... 1457 29.10 Module X isn't available, even though the shell command it uses is installed. Why? ...... 1457 29.11 Can I run diﬀerent versions of Salt on my Master and Minion? ...... 1458 29.12 Does Salt support backing up managed ﬁles? ...... 1458 29.13 What is the best way to restart a Salt daemon using Salt? ...... 1458 29.14 Salting the Salt Master ...... 1459

30 Glossary 1461

Salt Module Index 1465

Index 1471

vi CHAPTER 1

Introduction to Salt

We’re not just talking about NaCl.

1.1 The 30 second summary

Salt is: • a conﬁguration management system, capable of maintaining remote nodes in deﬁned states (for example, ensuring that speciﬁc packages are installed and speciﬁc services are running) • a distributed remote execution system used to execute commands and query data on remote nodes, either individually or by arbitrary selection criteria It was developed in order to bring the best solutions found in the world of remote execution together and make them beer, faster, and more malleable. Salt accomplishes this through its ability to handle large loads of information, and not just dozens but hundreds and even thousands of individual servers quickly through a simple and manageable interface.

1.2 Simplicity

Providing versatility between massive scale deployments and smaller systems may seem daunting, but Salt is very simple to set up and maintain, regardless of the size of the project. e architecture of Salt is designed to work with any number of servers, from a handful of local network systems to international deployments across diﬀerent data centers. e topology is a simple server/client model with the needed functionality built into a single set of daemons. While the default conﬁguration will work with lile to no modiﬁcation, Salt can be ﬁne tuned to meet speciﬁc needs.

1.3 Parallel execution

e core functions of Salt: • enable commands to remote systems to be called in parallel rather than serially • use a secure and encrypted protocol • use the smallest and fastest network payloads possible • provide a simple programming interface Salt also introduces more granular controls to the realm of remote execution, allowing systems to be targeted not just by hostname, but also by system properties.

1 Salt Documentation, Release 2014.7.6

1.4 Building on proven technology

Salt takes advantage of a number of technologies and techniques. e networking layer is built with the excellent ZeroMQ networking library, so the Salt daemon includes a viable and transparent AMQ broker. Salt uses public keys for authentication with the master daemon, then uses faster AES encryption for payload communication; au- thentication and encryption are integral to Salt. Salt takes advantage of communication via msgpack, enabling fast and light network traﬃc.

1.5 Python client interface

In order to allow for simple expansion, Salt execution routines can be wrien as plain Python modules. e data collected from Salt executions can be sent back to the master server, or to any arbitrary program. Salt can be called from a simple Python API, or from the command line, so that Salt can be used to execute one-oﬀ commands as well as operate as an integral part of a larger application.

1.6 Fast, flexible, scalable

e result is a system that can execute commands at high speed on target server groups ranging from one to very many servers. Salt is very fast, easy to set up, amazingly malleable and provides a single remote execution architec- ture that can manage the diverse requirements of any number of servers. e Salt infrastructure brings together the best of the remote execution world, ampliﬁes its capabilities and expands its range, resulting in a system that is as versatile as it is practical, suitable for any network.

1.7 Open

Salt is developed under the Apache 2.0 license, and can be used for open and proprietary projects. Please submit your expansions back to the Salt project so that we can all beneﬁt together as Salt grows. Please feel free to sprinkle Salt around your systems and let the deliciousness come forth.

1.8 Salt Community

Join the Salt! ere are many ways to participate in and communicate with the Salt community. Salt has an active IRC channel and a mailing list.

1.9 Mailing List

Join the salt-users mailing list. It is the best place to ask questions about Salt and see whats going on with Salt development! e Salt mailing list is hosted by Google Groups. It is open to new members. hps://groups.google.com/forum/#!forum/salt-users

2 Chapter 1. Introduction to Salt Salt Documentation, Release 2014.7.6

1.10 IRC

e #salt IRC channel is hosted on the popular Freenode network. You can use the Freenode webchat client right from your browser. Logs of the IRC channel activity are being collected courtesy of Moritz Lenz. If you wish to discuss the development of Salt itself join us in #salt-devel.

1.11 Follow on Github

e Salt code is developed via Github. Follow Salt for constant updates on what is happening in Salt development: hps://github.com/saltstack/salt

1.12 Blogs

SaltStack Inc. keeps a blog with recent news and advancements: hp://www.saltstack.com/blog/ omas Hatch also shares news and thoughts on Salt and related projects in his personal blog e Red45: hp://red45.wordpress.com/

1.13 Example Salt States

e oﬃcial salt-states repository is: hps://github.com/saltstack/salt-states A few examples of salt states from the community: • hps://github.com/blast-hardcheese/blast-salt-states • hps://github.com/kevingranade/kevingranade-salt-state • hps://github.com/uggedal/states • hps://github.com/mamcclean/salt-openstack/tree/master/salt • hps://github.com/rentalita/ubuntu-setup/ • hps://github.com/brutasse/states • hps://github.com/bclermont/states • hps://github.com/pcrews/salt-data

1.14 Follow on ohloh hps://www.ohloh.net/p/salt

1.10. IRC 3 Salt Documentation, Release 2014.7.6

1.15 Other community links

• Salt Stack Inc. • Subreddit • Google+ • YouTube • Facebook • Twier • Wikipedia page

1.16 Hack the Source

If you want to get involved with the development of source code or the documentation eﬀorts, please review the hacking section!

4 Chapter 1. Introduction to Salt CHAPTER 2

Installation

See also: Installing Salt for development and contributing to the project.

2.1 ick Install

On most distributions, you can set up a Salt Minion with the Salt Bootstrap.

2.2 Platform-specific Installation Instructions

ese guides go into detail how to install Salt on a given platform.

2.2.1 Arch Linux

Installation

Salt (stable) is currently available via the Arch Linux Oﬃcial repositories. ere are currently -git packages available in the Arch User repositories (AUR) as well.

Stable Release

Install Salt stable releases from the Arch Linux Oﬃcial repositories as follows: pacman -S salt-zmq

To install Salt stable releases using the RAET protocol, use the following: pacman -S salt-raet

Tracking develop

To install the bleeding edge version of Salt (may include bugs!), use the -git package. Installing the -git package as follows:

5 Salt Documentation, Release 2014.7.6

wget https://aur.archlinux.org/packages/sa/salt-git/salt-git.tar.gz tar xf salt-git.tar.gz cd salt-git/ makepkg -is

Note: yaourt If a tool such as Yaourt is used, the dependencies will be gathered and built automatically. e command to install salt using the yaourt tool is: yaourt salt-git

Post-installation tasks systemd Activate the Salt Master and/or Minion via systemctl as follows: systemctl enable salt-master.service systemctl enable salt-minion.service

Start the Master Once you've completed all of these steps you're ready to start your Salt Master. You should be able to start your Salt Master now using the command seen here: systemctl start salt-master

Now go to the Conﬁguring Salt page.

2.2.2 Debian Installation

Currently the latest packages for Debian Old Stable, Stable and Unstable (Squeeze, Wheezy and Sid) are published in our (saltstack.com) Debian repository.

Configure Apt

Squeeze (Old Stable)

For squeeze, you will need to enable the Debian backports repository as well as the debian.saltstack.com repository. To do so, add the following to /etc/apt/sources.list or a ﬁle in /etc/apt/sources.list.d: deb http://debian.saltstack.com/debian squeeze-saltstack main deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free

Wheezy (Stable)

For wheezy, the following line is needed in either /etc/apt/sources.list or a ﬁle in /etc/apt/sources.list.d: deb http://debian.saltstack.com/debian wheezy-saltstack main

6 Chapter 2. Installation Salt Documentation, Release 2014.7.6

Jessie (Testing)

For jessie, the following line is needed in either /etc/apt/sources.list or a ﬁle in /etc/apt/sources.list.d: deb http://debian.saltstack.com/debian jessie-saltstack main

Sid (Unstable)

For sid, the following line is needed in either /etc/apt/sources.list or a ﬁle in /etc/apt/sources.list.d: deb http://debian.saltstack.com/debian unstable main

Import the repository key.

You will need to import the key used for signing. wget -q -O- "http://debian.saltstack.com/debian-salt-team-joehealy.gpg.key" | apt-key add -

Note: You can optionally verify the key integrity with sha512sum using the public key signature shown here. E.g: echo "b702969447140d5553e31e9701be13ca11cc0a7ed5fe2b30acb8491567560ee62f834772b5095d735dfcecb2384a5c1a20045f52861c417f50b68dd5ff4660e6 debian-salt-team-joehealy.gpg.key" | sha512sum -c

Update the package database apt-get update

Install packages

Install the Salt master, minion, or syndic from the repository with the apt-get command. ese examples each install one daemon, but more than one package name may be given at a time: apt-get install salt-master apt-get install salt-minion apt-get install salt-syndic

Post-installation tasks

Now, go to the Conﬁguring Salt page.

Notes

1. ese packages will be backported from the packages intended to be uploaded into Debian unstable. is means that the packages will be built for unstable ﬁrst and then backported over the next day or so.

2.2. Platform-specific Installation Instructions 7 Salt Documentation, Release 2014.7.6

2. ese packages will be tracking the released versions of salt rather than maintaining a stable ﬁxed feature set. If a ﬁxed version is what you desire, then either pinning or manual installation may be more appropriate for you. 3. e version numbering and backporting process should provide clean upgrade paths between Debian versions. If you have any questions regarding these, please email the mailing list or look for joehh on IRC.

2.2.3 Fedora

Beginning with version 0.9.4, Salt has been available in the primary Fedora repositories and EPEL. It is installable using yum. Fedora will have more up to date versions of Salt than other members of the Red Hat family, which makes it a great place to help improve Salt! WARNING: Fedora 19 comes with systemd 204. Systemd has known bugs ﬁxed in later revisions that prevent the salt-master from starting reliably or opening the network connections that it needs to. It's not likely that a salt- master will start or run reliably on any distribution that uses systemd version 204 or earlier. Running salt-minions should be OK.

Installation

Salt can be installed using yum and is available in the standard Fedora repositories.

Stable Release

Salt is packaged separately for the minion and the master. It is necessary only to install the appropriate package for the role the machine will play. Typically, there will be one master and multiple minions. yum install salt-master yum install salt-minion

Installing from updates-testing

When a new Salt release is packaged, it is ﬁrst admied into the updates-testing repository, before being moved to the stable repo. To install from updates-testing, use the enablerepo argument for yum: yum --enablerepo=updates-testing install salt-master yum --enablerepo=updates-testing install salt-minion

Post-installation tasks

Master To have the Master start automatically at boot time: systemctl enable salt-master.service

To start the Master: systemctl start salt-master.service

8 Chapter 2. Installation Salt Documentation, Release 2014.7.6

Minion To have the Minion start automatically at boot time: systemctl enable salt-minion.service

To start the Minion: systemctl start salt-minion.service

Now go to the Conﬁguring Salt page.

2.2.4 FreeBSD

Salt was added to the FreeBSD ports tree Dec 26th, 2011 by Christer Edwards . It has been tested on FreeBSD 7.4, 8.2, 9.0 and 9.1 releases. Salt is dependent on the following additional ports. ese will be installed as dependencies of the sysutils/py- salt port:

/devel/py-yaml /devel/py-pyzmq /devel/py-Jinja2 /devel/py-msgpack /security/py-pycrypto /security/py-m2crypto

Installation

On FreeBSD 10 and later, to install Salt from the FreeBSD pkgng repo, use the command: pkg install py27-salt

On older versions of FreeBSD, to install Salt from the FreeBSD ports tree, use the command: make -C /usr/ports/sysutils/py-salt install clean

Post-installation tasks

Master Copy the sample conﬁguration ﬁle: cp /usr/local/etc/salt/master.sample /usr/local/etc/salt/master rc.conf Activate the Salt Master in /etc/rc.conf or /etc/rc.conf.local and add:

+ salt_master_enable="YES"

Start the Master Start the Salt Master as follows: service salt_master start

2.2. Platform-specific Installation Instructions 9 Salt Documentation, Release 2014.7.6

Minion Copy the sample conﬁguration ﬁle: cp /usr/local/etc/salt/minion.sample /usr/local/etc/salt/minion rc.conf Activate the Salt Minion in /etc/rc.conf or /etc/rc.conf.local and add:

+ salt_minion_enable="YES" + salt_minion_paths="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"

Start the Minion Start the Salt Minion as follows: service salt_minion start

Now go to the Conﬁguring Salt page.

2.2.5 Gentoo

Salt can be easily installed on Gentoo via Portage: emerge app-admin/salt

Post-installation tasks

Now go to the Conﬁguring Salt page.

2.2.6 OS X

Dependency Installation

When installing via Homebrew, dependency resolution is handled for you. brew install saltstack

When using macports, zmq, swig, and pip may need to be installed this way: sudo port install py-zmq sudo port install py27-m2crypto sudo port install py27-crypto sudo port install py27-msgpack sudo port install swig-python sudo port install py-pip

For installs using the OS X system python, pip install needs to use `sudo': sudo pip install salt

10 Chapter 2. Installation Salt Documentation, Release 2014.7.6

Salt-Master Customizations

To run salt-master on OS X, the root user maxﬁles limit must be increased:

sudo launchctl limit maxfiles 4096 8192

And sudo add this conﬁguration option to the /etc/salt/master ﬁle:

max_open_files: 8192

Now the salt-master should run without errors:

sudo /usr/local/share/python/salt-master --log-level=all

Post-installation tasks

Now go to the Conﬁguring Salt page.

2.2.7 RHEL / CentOS / Scientific Linux / Amazon Linux / Oracle Linux

Installation Using pip

Since Salt is on PyPI, it can be installed using pip, though most users prefer to install using RPMs (which can be installed from EPEL). Installation from pip is easy:

pip install salt

Warning: If installing from pip (or from source using setup.py install), be advised that the yum-utils package is needed for Salt to manage packages. Also, if the Python dependencies are not already installed, then you will need additional libraries/tools installed to build some of them. More information on this can be found here.

Installation from Repository

RHEL/CentOS 5

Due to the removal of some of Salt's dependencies from EPEL5, we have created a repository on Fedora COPR. Moving forward, this will be the oﬃcial means of installing Salt on RHEL5-based systems. Information on how to enable this repository can be found here.

RHEL/CentOS 6 and 7, Scientific Linux, etc.

Beginning with version 0.9.4, Salt has been available in EPEL. It is installable using yum. Salt should work prop- erly with all mainstream derivatives of RHEL, including CentOS, Scientiﬁc Linux, Oracle Linux and Amazon Linux. Report any bugs or issues on the issue tracker. On RHEL6, the proper Jinja package `python-jinja2' was moved from EPEL to the ``RHEL Server Optional Channel''. Verify this repository is enabled before installing salt on RHEL6.

2.2. Platform-specific Installation Instructions 11 Salt Documentation, Release 2014.7.6

Enabling EPEL If the EPEL repository is not installed on your system, you can download the RPM from here for RHEL/CentOS 6 (or here for RHEL/CentOS 7) and install it using the following command:

rpm -Uvh epel-release-X-Y.rpm

Replace epel-release-X-Y.rpm with the appropriate ﬁlename.

Installing Stable Release Salt is packaged separately for the minion and the master. It is necessary only to install the appropriate package for the role the machine will play. Typically, there will be one master and multiple minions. On the salt-master, run this:

yum install salt-master

On each salt-minion, run this:

yum install salt-minion

Installing from epel-testing When a new Salt release is packaged, it is ﬁrst admied into the epel- testing repository, before being moved to the stable repo. To install from epel-testing, use the enablerepo argument for yum:

yum --enablerepo=epel-testing install salt-minion

ZeroMQ 4

We recommend using ZeroMQ 4 where available. SaltStack provides ZeroMQ 4.0.4 and pyzmq 14.3.1 in a COPR repository. Instructions for adding this repository (as well as for upgrading ZeroMQ and pyzmq on existing minions) can be found here. If this repo is added before Salt is installed, then installing either salt-master or salt-minion will automati- cally pull in ZeroMQ 4.0.4, and additional states to upgrade ZeroMQ and pyzmq are unnecessary.

Note: For RHEL/CentOS 5 installations, if using the new repository to install Salt (as detailed above), then it is not necessary to enable the zeromq4 COPR, as the new EL5 repository includes ZeroMQ 4.

Package Management

Salt's interface to yum makes heavy use of the repoquery utility, from the yum-utils package. is package will be installed as a dependency if salt is installed via EPEL. However, if salt has been installed using pip, or a host is being managed using salt-ssh, then as of version 2014.7.0 yum-utils will be installed automatically to satisfy this dependency.

Post-installation tasks

Master To have the Master start automatically at boot time:

chkconfig salt-master on

To start the Master:

12 Chapter 2. Installation Salt Documentation, Release 2014.7.6

service salt-master start

Minion To have the Minion start automatically at boot time: chkconfig salt-minion on

To start the Minion: service salt-minion start

Now go to the Conﬁguring Salt page.

2.2.8 Solaris

Salt was added to the OpenCSW package repository in September of 2012 by Romeo eriault at version 0.10.2 of Salt. It has mainly been tested on Solaris 10 (sparc), though it is built for and has been tested minimally on Solaris 10 (x86), Solaris 9 (sparc/x86) and 11 (sparc/x86). (Please let me know if you're using it on these platforms!) Most of the testing has also just focused on the minion, though it has veriﬁed that the master starts up successfully on Solaris 10. Comments and patches for beer support on these platforms is very welcome. As of version 0.10.4, Solaris is well supported under salt, with all of the following working well: 1. remote execution 2. grain detection 3. service control with SMF 4. `pkg' states with `pkgadd' and `pkgutil' modules 5. cron modules/states 6. user and group modules/states 7. shadow password management modules/states Salt is dependent on the following additional packages. ese will automatically be installed as dependencies of the py_salt package: • py_yaml • py_pyzmq • py_jinja2 • py_msgpack_python • py_m2crypto • py_crypto • python

Installation

To install Salt from the OpenCSW package repository you ﬁrst need to install pkgutil assuming you don't already have it installed: On Solaris 10:

2.2. Platform-specific Installation Instructions 13 Salt Documentation, Release 2014.7.6

pkgadd -d http://get.opencsw.org/now

On Solaris 9:

wget http://mirror.opencsw.org/opencsw/pkgutil.pkg pkgadd -d pkgutil.pkg all

Once pkgutil is installed you'll need to edit it's conﬁg ﬁle /etc/opt/csw/pkgutil.conf to point it at the unstable catalog:

- #mirror=http://mirror.opencsw.org/opencsw/testing + mirror=http://mirror.opencsw.org/opencsw/unstable

OK, time to install salt.

# Update the catalog root> /opt/csw/bin/pkgutil -U # Install salt root> /opt/csw/bin/pkgutil -i -y py_salt

Minion Configuration

Now that salt is installed you can ﬁnd it's conﬁguration ﬁles in /etc/opt/csw/salt/. You'll want to edit the minion conﬁg ﬁle to set the name of your salt master server:

- #master: salt + master: your-salt-server

If you would like to use pkgutil as the default package provider for your Solaris minions, you can do so using the providers option in the minion conﬁg ﬁle. You can now start the salt minion like so: On Solaris 10:

svcadm enable salt-minion

On Solaris 9:

/etc/init.d/salt-minion start

You should now be able to log onto the salt master and check to see if the salt-minion key is awaiting acceptance:

salt-key -l un

Accept the key:

salt-key -a

Run a simple test against the minion:

salt '' test.ping

Troubleshooting

Logs are in /var/log/salt

14 Chapter 2. Installation Salt Documentation, Release 2014.7.6

2.2.9 Ubuntu Installation

Add repository

e latest packages for Ubuntu are published in the saltstack PPA. If you have the add-apt-repository utility, you can add the repository and import the key in one step:

sudo add-apt-repository ppa:saltstack/salt

add-apt-repository: command not found? e add-apt-repository command is not always present on Ubuntu systems. is can be ﬁxed by installing python-soware-properties:

sudo apt-get install python-software-properties

Note that since Ubuntu 12.10 (Raring Ringtail), add-apt-repository is found in the soware-properties-common package, and is part of the base install. us, add-apt-repository should be able to be used out-of-the-box to add the PPA.

Alternately, manually add the repository and import the PPA key with these commands:

echo deb http://ppa.launchpad.net/saltstack/salt/ubuntu `lsb_release -sc` main | sudo tee /etc/apt/sources.list.d/saltstack.list wget -q -O- "http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0x4759FA960E27C0A6" | sudo apt-key add -

Aer adding the repository, update the package management database:

sudo apt-get update

Install packages

Install the Salt master, minion, or syndic from the repository with the apt-get command. ese examples each install one daemon, but more than one package name may be given at a time:

sudo apt-get install salt-master

sudo apt-get install salt-minion

sudo apt-get install salt-syndic

ZeroMQ 4

ZeroMQ 4 is available by default for Ubuntu 14.04 and newer. However, for Ubuntu 12.04 LTS, starting with Salt version 2014.7.5, ZeroMQ 4 is included with the Salt installation package and nothing additional needs to be done.

Post-installation tasks

Now go to the Conﬁguring Salt page.

2.2. Platform-specific Installation Instructions 15 Salt Documentation, Release 2014.7.6

2.2.10 Windows

Salt has full support for running the Salt Minion on Windows. ere are no plans for the foreseeable future to develop a Salt Master on Windows. For now you must run your Salt Master on a supported operating system to control your Salt Minions on Windows. Many of the standard Salt modules have been ported to work on Windows and many of the Salt States currently work on Windows, as well.

Windows Installer

Salt Minion Windows installers can be found here. e output of md5sum should match the contents of the corresponding md5 ﬁle.

Download here • 2014.7.5 • Salt-Minion-2014.7.5-x86-Setup.exe | md5 • Salt-Minion-2014.7.5-AMD64-Setup.exe | md5 • 2014.7.4 • Salt-Minion-2014.7.4-x86-Setup.exe | md5 • Salt-Minion-2014.7.4-AMD64-Setup.exe | md5 • 2014.7.2 • Salt-Minion-2014.7.2-x86-Setup.exe | md5 • Salt-Minion-2014.7.2-AMD64-Setup.exe | md5 • 2014.7.1 • Salt-Minion-2014.7.1-x86-Setup.exe | md5 • Salt-Minion-2014.7.1-AMD64-Setup.exe | md5 • 2014.7.0 • Salt-Minion-2014.7.0-1-win32-Setup.exe | md5 • Salt-Minion-2014.7.0-AMD64-Setup.exe | md5

Note: e 2014.7.0 installers have been removed because of a regression. Please use the 2014.7.1 release instead.

• 2014.1.13 • Salt-Minion-2014.1.13-x86-Setup.exe | md5 • Salt-Minion-2014.1.13-AMD64-Setup.exe | md5 • 2014.1.11 • Salt-Minion-2014.1.11-win32-Setup.exe | md5 • Salt-Minion-2014.1.11-AMD64-Setup.exe | md5 • 2014.1.10 • Salt-Minion-2014.1.10-win32-Setup.exe | md5 • Salt-Minion-2014.1.10-AMD64-Setup.exe | md5

16 Chapter 2. Installation Salt Documentation, Release 2014.7.6

• 2014.1.7 • Salt-Minion-2014.1.7-win32-Setup.exe | md5 • Salt-Minion-2014.1.7-AMD64-Setup.exe | md5 • 2014.1.5 • Salt-Minion-2014.1.5-win32-Setup.exe | md5 • Salt-Minion-2014.1.5-AMD64-Setup.exe | md5 • 2014.1.4 • Salt-Minion-2014.1.4-win32-Setup.exe | md5 • Salt-Minion-2014.1.4-AMD64-Setup.exe | md5 • 2014.1.3-1 (packaging bugﬁx) • Salt-Minion-2014.1.3-1-win32-Setup.exe | md5 • Salt-Minion-2014.1.3-1-AMD64-Setup.exe | md5 • 2014.1.3 • Salt-Minion-2014.1.3-win32-Setup.exe | md5 • Salt-Minion-2014.1.3-AMD64-Setup.exe | md5 • 2014.1.1 • Salt-Minion-2014.1.1-win32-Setup.exe | md5 • Salt-Minion-2014.1.1-AMD64-Setup.exe | md5 • 2014.1.0 • Salt-Minion-2014.1.0-win32-Setup.exe | md5 • Salt-Minion-2014.1.0-AMD64-Setup.exe | md5 • 0.17.5-2 (bugﬁx release) • hps://docs.saltstack.com/downloads/Salt-Minion-0.17.5-2-win32-Setup.exe • hps://docs.saltstack.com/downloads/Salt-Minion-0.17.5-2-AMD64-Setup.exe • 0.17.5 • hps://docs.saltstack.com/downloads/Salt-Minion-0.17.5-win32-Setup.exe • hps://docs.saltstack.com/downloads/Salt-Minion-0.17.5-AMD64-Setup.exe • 0.17.4 • hps://docs.saltstack.com/downloads/Salt-Minion-0.17.4-win32-Setup.exe • hps://docs.saltstack.com/downloads/Salt-Minion-0.17.4-AMD64-Setup.exe • 0.17.2 • hps://docs.saltstack.com/downloads/Salt-Minion-0.17.2-win32-Setup.exe • hps://docs.saltstack.com/downloads/Salt-Minion-0.17.2-AMD64-Setup.exe • 0.17.1.1 - Windows Installer bugﬁx release • hps://docs.saltstack.com/downloads/Salt-Minion-0.17.1.1-win32-Setup.exe • hps://docs.saltstack.com/downloads/Salt-Minion-0.17.1.1-AMD64-Setup.exe

2.2. Platform-specific Installation Instructions 17 Salt Documentation, Release 2014.7.6

• 0.17.1 • hps://docs.saltstack.com/downloads/Salt-Minion-0.17.1-win32-Setup.exe • hps://docs.saltstack.com/downloads/Salt-Minion-0.17.1-AMD64-Setup.exe • 0.17.0 • hps://docs.saltstack.com/downloads/Salt-Minion-0.17.0-win32-Setup.exe • hps://docs.saltstack.com/downloads/Salt-Minion-0.17.0-AMD64-Setup.exe • 0.16.3 • hps://docs.saltstack.com/downloads/Salt-Minion-0.16.3-win32-Setup.exe • hps://docs.saltstack.com/downloads/Salt-Minion-0.16.3-AMD64-Setup.exe • 0.16.2 • hps://docs.saltstack.com/downloads/Salt-Minion-0.16.2-win32-Setup.exe • hps://docs.saltstack.com/downloads/Salt-Minion-0.16.2-AMD64-Setup.exe • 0.16.0 • hps://docs.saltstack.com/downloads/Salt-Minion-0.16.0-win32-Setup.exe • hps://docs.saltstack.com/downloads/Salt-Minion-0.16.0-AMD64-Setup.exe • 0.15.3 • hps://docs.saltstack.com/downloads/Salt-Minion-0.15.3-win32-Setup.exe • hps://docs.saltstack.com/downloads/Salt-Minion-0.15.3-AMD64-Setup.exe • 0.14.1 • hps://docs.saltstack.com/downloads/Salt-Minion-0.14.1-win32-Setup.exe • hps://docs.saltstack.com/downloads/Salt-Minion-0.14.1-AMD64-Setup.exe • 0.14.0 • hps://docs.saltstack.com/downloads/Salt-Minion-0.14.0-win32-Setup.exe • hps://docs.saltstack.com/downloads/Salt-Minion-0.14.0-AMD64-Setup.exe

Note: e executables above will install dependencies that the Salt minion requires.

e 64bit installer has been tested on Windows 7 64bit and Windows Server 2008R2 64bit. e 32bit installer has been tested on Windows 2003 Server 32bit. Please ﬁle a bug report on our GitHub repo if issues for other platforms are found. e installer asks for 2 bits of information; the master hostname and the minion name. e installer will update the minion conﬁg with these options and then start the minion. e salt-minion service will appear in the Windows Service Manager and can be started and stopped there or with the command line program sc like any other Windows service. If the minion won't start, try installing the Microso Visual C++ 2008 x64 SP1 redistributable. Allow all Windows updates to run salt-minion smoothly.

18 Chapter 2. Installation Salt Documentation, Release 2014.7.6

Silent Installer option

e installer can be run silently by providing the /S option at the command line. e options /master and /minion- name allow for conﬁguring the master hostname and minion name, respectively. Here's an example of using the silent installer:

Salt-Minion-0.17.0-Setup-amd64.exe /S /master=yoursaltmaster /minion-name=yourminionname

Seing up a Windows build environment

is document will explain how to set up a development environment for salt on Windows. e development environment allows you to work with the source code to customize or ﬁx bugs. It will also allow you to build your own installation.

The Easy Way

Prerequisite Soware To do this the easy way you only need to install Git for Windows.

Create the Build Environment 1. Clone the Salt-Windows-Dev repo from github. Open a command line and type:

git clone https://github.com/saltstack/salt-windows-dev

2. Build the Python Environment Go into the salt-windows-dev directory. Right-click the ﬁle named dev_env.ps1 and select Run with Power- Shell If you get an error, you may need to change the execution policy. Open a powershell window and type the following:

Set-ExecutionPolicy RemoteSigned

is will download and install Python with all the dependencies needed to develop and build salt. 3. Build the Salt Environment Right-click on the ﬁle named dev_env_salt.ps1 and select Run with Powershell is will clone salt into C:\Salt-Dev\salt and set it to the 2015.5 branch. You could optionally run the command from a powershell window with a -Version switch to pull a diﬀerent version. For example:

dev_env_salt.ps1 -Version '2014.7'

To view a list of available branches and tags, open a command prompt in your C:Salt-Devsalt directory and type:

git branch -a git tag -n

2.2. Platform-specific Installation Instructions 19 Salt Documentation, Release 2014.7.6

The Hard Way

Prerequisite Soware Install the following soware: 1. Git for Windows 2. Nullso Installer Download the Prerequisite zip ﬁle for your CPU architecture from the SaltStack download site: • Salt32.zip • Salt64.zip ese ﬁles contain all sofware required to build and develop salt. Unzip the contents of the ﬁle to C:\Salt- Dev\temp.

Create the Build Environment 1. Build the Python Environment • Install Python: Browse to the C:\Salt-Dev\temp directory and ﬁnd the Python installation ﬁle for your CPU Ar- chitecture under the corresponding subfolder. Double-click the ﬁle to install python. Make sure the following are in your PATH environment variable:

C:\Python27 C:\Python27\Scripts

• Install Pip Open a command prompt and navigate to C:\Salt-Dev\temp Run the following command:

python get-pip.py

• Easy Install compiled binaries. M2Crypto, PyCrypto, and PyWin32 need to be installed using Easy Install. Open a command prompt and navigate to C:\Salt-Dev\temp\. Run the following commands:

easy_install -Z easy_install -Z easy_install -Z

Note: You can type the ﬁrst part of the ﬁle name and then press the tab key to auto-complete the name of the ﬁle.

• Pip Install Additional Prerequisites All remaining prerequisites need to be pip installed. ese prerequisites are as follow: – MarkupSafe – Jinja – MsgPack – PSUtil – PyYAML – PyZMQ

20 Chapter 2. Installation Salt Documentation, Release 2014.7.6

– WMI – Requests – Certiﬁ Open a command prompt and navigate to C:\Salt-Dev\temp. Run the following commands:

pip install \ pip install pip install \ pip install \ pip install \ pip install \ pip install pip install pip install

2. Build the Salt Environment • Clone Salt Open a command prompt and navigate to C:\Salt-Dev. Run the following command to clone salt:

git clone https://github.com/saltstack/salt

• Checkout Branch Checkout the branch or tag of salt you want to work on or build. Open a command prompt and navigate to C:\Salt-Dev\salt. Get a list of available tags and branches by running the following commands:

git fetch --all

To view a list of available branches: git branch -a

To view a list of availabel tags: git tag -n

Checkout the branch or tag by typing the following command:

git checkout

• Clean the Environment When switching between branches residual ﬁles can be le behind that will interfere with the functional- ity of salt. erefore, aer you check out the branch you want to work on, type the following commands to clean the salt environment:

Developing with Salt

ere are two ways to develop with salt. You can run salt's setup.py each time you make a change to source code or you can use the setup tools develop mode.

Configure the Minion

Both methods require that the minion conﬁguration be in the C:\salt directory. Copy the conf and var directo- ries from C:\Salt-Dev\salt\pkg\ windows\buildenv to C:\salt. Now go into the C:\salt\conf

2.2. Platform-specific Installation Instructions 21 Salt Documentation, Release 2014.7.6

directory and edit the ﬁle name minion (no extension). You need to conﬁgure the master and id parameters in this ﬁle. Edit the following lines:

master: id:

Setup.py Method

Go into the C:\Salt-Dev\salt directory from a cmd prompt and type:

python setup.py install --force

is will install python into your python installation at C:\Python27. Everytime you make an edit to your source code, you'll have to stop the minion, run the setup, and start the minion. To start the salt-minion go into C:\Python27\Scripts from a cmd prompt and type:

salt-minion

For debug mode type:

salt-minion -l debug

To stop the minion press Ctrl+C.

Setup Tools Develop Mode (Preferred Method)

To use the Setup Tools Develop Mode go into C:\Salt-Dev\salt from a cmd prompt and type:

pip install -e .

is will install pointers to your source code that resides at C:\Salt-Dev\salt. When you edit your source code you only have to restart the minion.

Build the windows installer

is is the method of building the installer as of version 2014.7.4.

Clean the Environment

Make sure you don't have any leover salt ﬁles from previous versions of salt in your Python directory. 1. Remove all ﬁles that start with salt in the C:\Python27\Scripts directory 2. Remove all ﬁles and directorys that start with salt in the C:\Python27\Lib\site-packages directory

Install Salt

Install salt using salt's setup.py. From the C:\Salt-Dev\salt directory type the following command:

python setup.py install --force

22 Chapter 2. Installation Salt Documentation, Release 2014.7.6

Build the Installer

From cmd prompt go into the C:\Salt-Dev\salt\pkg\windows directory. Type the following command for the branch or tag of salt you're building:

BuildSalt.bat

is will copy python with salt installed to the buildenv\bin directory, make it portable, and then create the windows installer . e .exe for the windows installer will be placed in the installer directory.

Testing the Salt minion

1. Create the directory C:\salt (if it doesn't exist already) 2. Copy the example conf and var directories from pkg/windows/buildenv/ into C:\salt 3. Edit C:\salt\conf\minion

master: ipaddress or hostname of your salt-master

4. Start the salt-minion

cd C:\Python27\Scripts python salt-minion

5. On the salt-master accept the new minion's key

sudo salt-key -A

is accepts all unaccepted keys. If you're concerned about security just accept the key for this speciﬁc minion. 6. Test that your minion is responding On the salt-master run:

sudo salt '*' test.ping

You should get the following response: {'your minion hostname': True}

Single command bootstrap script

On a 64 bit Windows host the following script makes an unaended install of salt, including all dependencies:

Not up to date. is script is not up to date. Please use the installer found above

# (All in one line.)

"PowerShell (New-Object System.Net.WebClient).DownloadFile('http://csa-net.dk/salt/bootstrap64.bat','C:\bootstrap.bat');(New-Object -com Shell.Application).ShellExecute('C:\bootstrap.bat');"

You can execute the above command remotely from a Linux host using winexe:

winexe -U "administrator" //fqdn "PowerShell (New-Object ...... );"

For more info check hp://csa-net.dk/salt

2.2. Platform-specific Installation Instructions 23 Salt Documentation, Release 2014.7.6

Packages management under Windows 2003

On windows Server 2003, you need to install optional component ``wmi windows installer provider'' to have full list of installed packages. If you don't have this, salt-minion can't report some installed sowares.

2.2.11 SUSE Installation

With openSUSE 13.1, Salt 0.16.4 has been available in the primary repositories. e devel:language:python repo will have more up to date versions of salt, all package development will be done there.

Installation

Salt can be installed using zypper and is available in the standard openSUSE 13.1 repositories.

Stable Release

Post-installation tasks openSUSE

Master To have the Master start automatically at boot time: systemctl enable salt-master.service

To start the Master: systemctl start salt-master.service

Minion To have the Minion start automatically at boot time: systemctl enable salt-minion.service

To start the Minion: systemctl start salt-minion.service

Post-installation tasks SLES

Master To have the Master start automatically at boot time: chkconfig salt-master on

To start the Master:

24 Chapter 2. Installation Salt Documentation, Release 2014.7.6

rcsalt-master start

Minion To have the Minion start automatically at boot time: chkconfig salt-minion on

To start the Minion: rcsalt-minion start

Unstable Release openSUSE

For openSUSE Factory run the following as root: zypper addrepo http://download.opensuse.org/repositories/devel:languages:python/openSUSE_Factory/devel:languages:python.repo zypper refresh zypper install salt salt-minion salt-master

For openSUSE 13.1 run the following as root: zypper addrepo http://download.opensuse.org/repositories/devel:languages:python/openSUSE_13.1/devel:languages:python.repo zypper refresh zypper install salt salt-minion salt-master

For openSUSE 12.3 run the following as root: zypper addrepo http://download.opensuse.org/repositories/devel:languages:python/openSUSE_12.3/devel:languages:python.repo zypper refresh zypper install salt salt-minion salt-master

For openSUSE 12.2 run the following as root: zypper addrepo http://download.opensuse.org/repositories/devel:languages:python/openSUSE_12.2/devel:languages:python.repo zypper refresh zypper install salt salt-minion salt-master

For openSUSE 12.1 run the following as root: zypper addrepo http://download.opensuse.org/repositories/devel:languages:python/openSUSE_12.1/devel:languages:python.repo zypper refresh zypper install salt salt-minion salt-master

For bleeding edge python Factory run the following as root: zypper addrepo http://download.opensuse.org/repositories/devel:languages:python/bleeding_edge_python_Factory/devel:languages:python.repo zypper refresh zypper install salt salt-minion salt-master

Suse Linux Enterprise

For SLE 12 run the following as root:

2.2. Platform-specific Installation Instructions 25 Salt Documentation, Release 2014.7.6

zypper addrepo http://download.opensuse.org/repositories/devel:languages:python/SLE_12/devel:languages:python.repo zypper refresh zypper install salt salt-minion salt-master

For SLE 11 SP3 run the following as root: zypper addrepo http://download.opensuse.org/repositories/devel:languages:python/SLE_11_SP3/devel:languages:python.repo zypper refresh zypper install salt salt-minion salt-master

For SLE 11 SP2 run the following as root: zypper addrepo http://download.opensuse.org/repositories/devel:languages:python/SLE_11_SP2/devel:languages:python.repo zypper refresh zypper install salt salt-minion salt-master

Now go to the Conﬁguring Salt page.

2.3 Dependencies

Salt should run on any Unix-like platform so long as the dependencies are met. • Python 2.6 >= 2.6 <3.0 • msgpack-python - High-performance message interchange format • YAML - Python YAML bindings • Jinja2 - parsing Salt States (conﬁgurable in the master seings) • MarkupSafe - Implements a XML/HTML/XHTML Markup safe string for Python • apache-libcloud - Python lib for interacting with many of the popular cloud service providers using a uniﬁed API • Requests - HTTP library Depending on the chosen Salt transport, ZeroMQ or RAET, dependencies vary: • ZeroMQ: – ZeroMQ >= 3.2.0 – pyzmq >= 2.2.0 - ZeroMQ Python bindings – PyCrypto - e Python cryptography toolkit – M2Crypto - ``Me Too Crypto'' - Python OpenSSL wrapper • RAET: – libnacl - Python bindings to libsodium – ioﬂo - e ﬂo programming interface raet and salt-raet is built on – RAET - e worlds most awesome UDP protocol Salt defaults to the ZeroMQ transport, and the choice can be made at install time, for example: python setup.py install --salt-transport=raet

26 Chapter 2. Installation Salt Documentation, Release 2014.7.6

is way, only the required dependencies are pulled by the setup script if need be. If installing using pip, the --salt-transport install option can be provided like: pip install --install-option="--salt-transport=raet" salt

2.4 Optional Dependencies

• mako - an optional parser for Salt States (conﬁgurable in the master seings) • gcc - dynamic Cython module compiling

2.5 Upgrading Salt

When upgrading Salt, the master(s) should always be upgraded ﬁrst. Backward compatibility for minions running newer versions of salt than their masters is not guaranteed. Whenever possible, backward compatibility between new masters and old minions will be preserved. Generally, the only exception to this policy is in case of a security vulnerability.

2.4. Optional Dependencies 27 Salt Documentation, Release 2014.7.6

28 Chapter 2. Installation CHAPTER 3

Tutorials

3.1 Introduction

3.1.1 Salt Masterless ickstart

Running a masterless salt-minion lets you use Salt's conﬁguration management for a single machine without calling out to a Salt master on another machine. Since the Salt minion contains such extensive functionality it can be useful to run it standalone. A standalone minion can be used to do a number of things: • Stand up a master server via States (Salting a Salt Master) • Use salt-call commands on a system without connectivity to a master • Masterless States, run states entirely from ﬁles local to the minion It is also useful for testing out state trees before deploying to a production setup.

Bootstrap Salt Minion

e salt-bootstrap script makes bootstrapping a server with Salt simple for any OS with a Bourne shell: wget -O - https://bootstrap.saltstack.com | sudo sh

See the salt-bootstrap documentation for other one liners. When using Vagrant to test out salt, the salty-vagrant tool will provision the VM for you.

Telling Salt to Run Masterless

To instruct the minion to not look for a master when running the file_client conﬁguration option needs to be set. By default the file_client is set to remote so that the minion knows that ﬁle server and pillar data are to be gathered from the master. When seing the file_client option to local the minion is conﬁgured to not gather this data from the master. file_client: local

Now the salt minion will not look for a master and will assume that the local system has all of the ﬁle and pillar resources.

Note: When running Salt in masterless mode, do not run the salt-minion daemon. Otherwise, it will aempt to

29 Salt Documentation, Release 2014.7.6

connect to a master and fail. e salt-call command stands on its own and does not need the salt-minion daemon.

Create State Tree

Following the successful installation of a salt-minion, the next step is to create a state tree, which is where the SLS ﬁles that comprise the possible states of the minion are stored. e following example walks through the steps necessary to create a state tree that ensures that the server has the Apache webserver installed.

Note: For a complete explanation on Salt States, see the tutorial.

1. Create the top.sls ﬁle: /srv/salt/top.sls:

base: '*': - webserver

2. Create the webserver state tree: /srv/salt/webserver.sls:

apache: # ID declaration pkg: # state declaration - installed # function declaration

e only thing le is to provision our minion using salt-call and the highstate command.

Salt-call

salt-call --local state.highstate

e --local ﬂag tells the salt-minion to look for the state tree in the local ﬁle system and not to contact a Salt Master for instructions. To provide verbose output, use -l debug:

salt-call --local state.highstate -l debug

e minion ﬁrst examines the top.sls ﬁle and determines that it is a part of the group matched by * glob and that the webserver SLS should be applied. It then examines the webserver.sls ﬁle and ﬁnds the apache state, which installs the Apache package. e minion should now have Apache installed, and the next step is to begin learning how to write more complex states.

30 Chapter 3. Tutorials Salt Documentation, Release 2014.7.6

3.2 Basics

3.2.1 Salt Bootstrap

e Salt Bootstrap script allows for a user to install the Salt Minion or Master on a variety of system distributions and versions. is shell script known as bootstrap-salt.sh runs through a series of checks to determine the operating system type and version. It then installs the Salt binaries using the appropriate methods. e Salt Bootstrap script installs the minimum number of packages required to run Salt. is means that in the event you run the bootstrap to install via package, Git will not be installed. Installing the minimum number of packages helps ensure the script stays as lightweight as possible, assuming the user will install any other required packages aer the Salt binaries are present on the system. e script source is available on GitHub: hps://github.com/saltstack/salt- bootstrap

Supported Operating Systems

• Amazon Linux 2012.09 • Arch • CentOS 5/6 • Debian 6.x/7.x/8(git installations only) • Fedora 17/18 • FreeBSD 9.1/9.2/10 • Gentoo • Linaro • Linux Mint 13/14 • OpenSUSE 12.x • Oracle Linux 5/5 • Red Hat 5/6 • Red Hat Enterprise 5/6 • Scientiﬁc Linux 5/6 • SmartOS • SuSE 11 SP1/11 SP2 • Ubuntu 10.x/11.x/12.x/13.04/13.10 • Elementary OS 0.2

Note: In the event you do not see your distribution or version available please review the develop branch on Github as it main contain updates that are not present in the stable release: hps://github.com/saltstack/salt- bootstrap/tree/develop

Example Usage

If you're looking for the one-liner to install salt, please scroll to the boom and use the instructions for Installing via an Insecure One-Liner

3.2. Basics 31 Salt Documentation, Release 2014.7.6

Note: In every two-step example, you would be well-served to examine the downloaded ﬁle and examine it to ensure that it does what you expect.

Using curl to install latest git: curl -L https://bootstrap.saltstack.com -o install_salt.sh sudo sh install_salt.sh git develop

Using wget to install your distribution's stable packages: wget -O install_salt.sh https://bootstrap.saltstack.com sudo sh install_salt.sh

Install a speciﬁc version from git using wget: wget -O install_salt.sh https://bootstrap.saltstack.com sudo sh install_salt.sh -P git v0.16.4

If you already have python installed, python 2.6, then it's as easy as: python -m urllib "https://bootstrap.saltstack.com" > install_salt.sh sudo sh install_salt.sh git develop

All python versions should support the following one liner: python -c 'import urllib; print urllib.urlopen("https://bootstrap.saltstack.com").read()' > install_salt.sh sudo sh install_salt.sh git develop

On a FreeBSD base system you usually don't have either of the above binaries available. You do have fetch available though: fetch -o install_salt.sh https://bootstrap.saltstack.com sudo sh install_salt.sh

If all you want is to install a salt-master using latest git: curl -o install_salt.sh.sh -L https://bootstrap.saltstack.com sudo sh install_salt.sh.sh -M -N git develop

If you want to install a speciﬁc release version (based on the git tags): curl -o install_salt.sh.sh -L https://bootstrap.saltstack.com sudo sh install_salt.sh.sh git v0.16.4

To install a speciﬁc branch from a git fork: curl -o install_salt.sh.sh -L https://bootstrap.saltstack.com sudo sh install_salt.sh.sh -g https://github.com/myuser/salt.git git mybranch

Installing via an Insecure One-Liner

e following examples illustrate how to install Salt via a one-liner.

Note: Warning! ese methods do not involve a veriﬁcation step and assume that the delivered ﬁle is trustworthy.

32 Chapter 3. Tutorials Salt Documentation, Release 2014.7.6

Examples

Installing the latest develop branch of Salt: curl -L https://bootstrap.saltstack.com | sudo sh -s -- git develop

Any of the example above which use two-lines can be made to run in a single-line conﬁguration with minor modi- ﬁcations.

Example Usage

e Salt Bootstrap script has a wide variety of options that can be passed as well as several ways of obtaining the bootstrap script itself. For example, using curl to install your distribution's stable packages: curl -L https://bootstrap.saltstack.com | sudo sh

Using wget to install your distribution's stable packages: wget -O - https://bootstrap.saltstack.com | sudo sh

Installing the latest version available from git with curl: curl -L https://bootstrap.saltstack.com | sudo sh -s -- git develop

Install a speciﬁc version from git using wget: wget -O - https://bootstrap.saltstack.com | sh -s -- -P git v0.16.4

If you already have python installed, python 2.6, then it's as easy as: python -m urllib "https://bootstrap.saltstack.com" | sudo sh -s -- git develop

All python versions should support the following one liner: python -c 'import urllib; print urllib.urlopen("https://bootstrap.saltstack.com").read()' | \ sudo sh -s -- git develop

On a FreeBSD base system you usually don't have either of the above binaries available. You do have fetch available though: fetch -o - https://bootstrap.saltstack.com | sudo sh

If all you want is to install a salt-master using latest git: curl -L https://bootstrap.saltstack.com | sudo sh -s -- -M -N git develop

If you want to install a speciﬁc release version (based on the git tags): curl -L https://bootstrap.saltstack.com | sudo sh -s -- git v0.16.4

Downloading the develop branch (from here standard command line options may be passed): wget https://bootstrap.saltstack.com/develop

3.2. Basics 33 Salt Documentation, Release 2014.7.6

Command Line Options

Here's a summary of the command line options:

$ sh bootstrap-salt.sh -h

Usage : bootstrap-salt.sh [options]

Installation types: - stable (default) - daily (ubuntu specific) - git

Examples: $ bootstrap-salt.sh $ bootstrap-salt.sh stable $ bootstrap-salt.sh daily $ bootstrap-salt.sh git $ bootstrap-salt.sh git develop $ bootstrap-salt.sh git v0.17.0 $ bootstrap-salt.sh git 8c3fadf15ec183e5ce8c63739850d543617e4357

Options: -h Display this message -v Display script version -n No colours. -D Show debug output. -c Temporary configuration directory -g Salt repository URL. (default: git://github.com/saltstack/salt.git) -k Temporary directory holding the minion keys which will pre-seed the master. -M Also install salt-master -S Also install salt-syndic -N Do not install salt-minion -X Do not start daemons after installation -C Only run the configuration function. This option automatically bypasses any installation. -P Allow pip based installations. On some distributions the required salt packages or its dependencies are not available as a package for that distribution. Using this flag allows the script to use pip as a last resort method. NOTE: This only works for functions which actually implement pip based installations. -F Allow copied files to overwrite existing(config, init.d, etc) -U If set, fully upgrade the system prior to bootstrapping salt -K If set, keep the temporary files in the temporary directories specified with -c and -k. -I If set, allow insecure connections while downloading any files. For example, pass '--no-check-certificate' to 'wget' or '--insecure' to 'curl' -A Pass the salt-master DNS name or IP. This will be stored under ${BS_SALT_ETC_DIR}/minion.d/99-master-address.conf -i Pass the salt-minion id. This will be stored under ${BS_SALT_ETC_DIR}/minion_id -L Install the Apache Libcloud package if possible(required for salt-cloud) -p Extra-package to install while installing salt dependencies. One package per -p flag. You're responsible for providing the proper package name.

34 Chapter 3. Tutorials Salt Documentation, Release 2014.7.6

3.2.2 Standalone Minion

Since the Salt minion contains such extensive functionality it can be useful to run it standalone. A standalone minion can be used to do a number of things: • Use salt-call commands on a system without connectivity to a master • Masterless States, run states entirely from ﬁles local to the minion

Note: When running Salt in masterless mode, do not run the salt-minion daemon. Otherwise, it will aempt to connect to a master and fail. e salt-call command stands on its own and does not need the salt-minion daemon.

Telling Salt Call to Run Masterless

e salt-call command is used to run module functions locally on a minion instead of executing them from the master. Normally the salt-call command checks into the master to retrieve ﬁle server and pillar data, but when running standalone salt-call needs to be instructed to not check the master for this data. To instruct the minion to not look for a master when running salt-call the file_client conﬁguration option needs to be set. By default the file_client is set to remote so that the minion knows that ﬁle server and pillar data are to be gathered from the master. When seing the file_client option to local the minion is conﬁgured to not gather this data from the master.

file_client: local

Now the salt-call command will not look for a master and will assume that the local system has all of the ﬁle and pillar resources.

Running States Masterless

e state system can be easily run without a Salt master, with all needed ﬁles local to the minion. To do this the minion conﬁguration ﬁle needs to be set up to know how to return ﬁle_roots information like the master. e ﬁle_roots seing defaults to /srv/salt for the base environment just like on the master:

file_roots: base: - /srv/salt

Now set up the Salt State Tree, top ﬁle, and SLS modules in the same way that they would be set up on a master. Now, with the file_client option set to local and an available state tree then calls to functions in the state module will use the information in the ﬁle_roots on the minion instead of checking in with the master. Remember that when creating a state tree on a minion there are no syntax or path changes needed, SLS modules wrien to be used from a master do not need to be modiﬁed in any way to work with a minion. is makes it easy to ``script'' deployments with Salt states without having to set up a master, and allows for these SLS modules to be easily moved into a Salt master as the deployment grows. e declared state can now be executed with:

salt-call state.highstate

Or the salt-call command can be executed with the --local ﬂag, this makes it unnecessary to change the conﬁg- uration ﬁle:

salt-call state.highstate --local

3.2. Basics 35 Salt Documentation, Release 2014.7.6

3.2.3 Opening the Firewall up for Salt

e Salt master communicates with the minions using an AES-encrypted ZeroMQ connection. ese communica- tions are done over TCP ports 4505 and 4506, which need to be accessible on the master only. is document outlines suggested ﬁrewall rules for allowing these incoming connections to the master.

Note: No ﬁrewall conﬁguration needs to be done on Salt minions. ese changes refer to the master only.

RHEL 6 / CentOS 6

e lokkit command packaged with some Linux distributions makes opening iptables ﬁrewall ports very simple via the command line. Just be careful to not lock out access to the server by neglecting to open the ssh port. lokkit example: lokkit -p 22:tcp -p 4505:tcp -p 4506:tcp

e system-config-firewall-tui command provides a text-based interface to modifying the ﬁrewall. system-conﬁg-ﬁrewall-tui: system-config-firewall-tui openSUSE

Salt installs ﬁrewall rules in /etc/sysconﬁg/SuSEﬁrewall2.d/services/salt. Enable with:

SuSEfirewall2 open SuSEfirewall2 start

If you have an older package of Salt where the above conﬁguration ﬁle is not included, the SuSEfirewall2 command makes opening iptables ﬁrewall ports very simple via the command line. SuSEﬁrewall example:

SuSEfirewall2 open EXT TCP 4505 SuSEfirewall2 open EXT TCP 4506

e ﬁrewall module in YaST2 provides a text-based interface to modifying the ﬁrewall. YaST2: yast2 firewall iptables

Diﬀerent Linux distributions store their iptables (also known as netﬁlter) rules in diﬀerent places, which makes it diﬃcult to standardize ﬁrewall documentation. Included are some of the more common locations, but your mileage may vary. Fedora / RHEL / CentOS:

/etc/sysconfig/iptables

Ar Linux:

36 Chapter 3. Tutorials Salt Documentation, Release 2014.7.6

/etc/iptables/iptables.rules

Debian Follow these instructions: hps://wiki.debian.org/iptables Once you've found your ﬁrewall rules, you'll need to add the two lines below to allow traﬃc on tcp/4505 and tcp/4506:

-A INPUT -m state --state new -m tcp -p tcp --dport 4505 -j ACCEPT -A INPUT -m state --state new -m tcp -p tcp --dport 4506 -j ACCEPT

Ubuntu Salt installs ﬁrewall rules in /etc/ufw/applications.d/salt.ufw. Enable with:

ufw allow salt

pf.conf

e BSD-family of operating systems uses packet ﬁlter (p). e following example describes the additions to pf.conf needed to access the Salt master.

pass in on $int_if proto tcp from any to $int_if port 4505 pass in on $int_if proto tcp from any to $int_if port 4506

Once these additions have been made to the pf.conf the rules will need to be reloaded. is can be done using the pfctl command.

pfctl -vf /etc/pf.conf

3.2.4 Whitelist communication to Master

ere are situations where you want to selectively allow Minion traﬃc from speciﬁc hosts or networks into your Salt Master. e ﬁrst scenario which comes to mind is to prevent unwanted traﬃc to your Master out of security concerns, but another scenario is to handle Minion upgrades when there are backwards incompatible changes between the installed Salt versions in your environment. Here is an example Linux iptables ruleset to be set on the Master:

# Allow Minions from these networks -I INPUT -s 10.1.2.0/24 -p tcp -m multiport --dports 4505,4506 -j ACCEPT -I INPUT -s 10.1.3.0/24 -p tcp -m multiport --dports 4505,4506 -j ACCEPT # Allow Salt to communicate with Master on the loopback interface -A INPUT -i lo -p tcp -m multiport --dports 4505,4506 -j ACCEPT # Reject everything else -A INPUT -p tcp -m multiport --dports 4505,4506 -j REJECT

Note: e important thing to note here is that the salt command needs to communicate with the listening network socket of salt-master on the loopback interface. Without this you will see no outgoing Salt traﬃc from the master, even for a simple salt '*' test.ping, because the salt client never reached the salt-master to tell it to carry out the execution.

3.2. Basics 37 Salt Documentation, Release 2014.7.6

3.2.5 Using cron with Salt

e Salt Minion can initiate its own highstate using the salt-call command.

$ salt-call state.highstate

is will cause the minion to check in with the master and ensure it is in the correct `state'.

Use cron to initiate a highstate

If you would like the Salt Minion to regularly check in with the master you can use the venerable cron to run the salt-call command.

# PATH=/bin:/sbin:/usr/bin:/usr/sbin

00 00 * * * salt-call state.highstate

e above cron entry will run a highstate every day at midnight.

Note: Be aware that you may need to ensure the PATH for cron includes any scripts or commands that need to be executed.

3.2.6 Remote execution tutorial

Before continuing make sure you have a working Salt installation by following the installation and the conﬁguration instructions.

Stu? ere are many ways to get help from the Salt community including our mailing list and our IRC channel #salt.

Order your minions around

Now that you have a master and at least one minion communicating with each other you can perform commands on the minion via the salt command. Salt calls are comprised of three main components: salt '' [arguments]

Description

Salt SSH allows for salt routines to be executed using only SSH for transport

Options

-r, --raw, --raw-shell Execute a raw shell command. --priv Specify the SSH private key ﬁle to be used for authentication. --roster Deﬁne which roster system to use, this deﬁnes if a database backend, scanner, or custom roster system is used. Default is the ﬂat ﬁle roster.

22.2. Command Line Reference 319 Salt Documentation, Release 2014.7.6

--roster-file Deﬁne an alternative location for the default roster ﬁle location. e default roster ﬁle is called roster and is found in the same directory as the master conﬁg ﬁle. New in version 2014.1.0. --refresh, --refresh-cache Force a refresh of the master side data cache of the target's data. is is needed if a target's grains have been changed and the auto refresh timeframe has not been reached. --max-procs Set the number of concurrent minions to communicate with. is value deﬁnes how many processes are opened up at a time to manage connections, the more running process the faster communication should be, default is 25. -i, --ignore-host-keys Ignore the ssh host keys which by default are honored and connections would ask for approval. --passwd Set the default password to aempt to use when authenticating. --key-deploy Set this ﬂag to aempt to deploy the authorized ssh key with all minions. is combined with --passwd can make initial deployment of keys very fast and easy. --version Print the version of Salt that is running. --versions-report Show program's dependencies and version number, and then exit -h, --help Show the help message and exit -c CONFIG_DIR, --config-dir=CONFIG_dir e location of the Salt conﬁguration directory. is directory contains the conﬁguration ﬁles for Salt master and minions. e default location on most systems is /etc/salt.

320 Chapter 22. Reference Salt Documentation, Release 2014.7.6

-R, --range Instead of using shell globs to evaluate the target, use a range expression to identify targets. Range expressions look like %cluster. Using the Range option requires that a range server is set up and the location of the range server is referenced in the master conﬁguration ﬁle.

Logging Options Logging options which override any seings deﬁned on the conﬁguration ﬁles. -l LOG_LEVEL, --log-level=LOG_LEVEL Console logging log level. One of all, garbage, trace, debug, info, warning, error, quiet. De- fault: warning. --log-file=LOG_FILE Log ﬁle path. Default: /var/log/salt/ssh. --log-file-level=LOG_LEVEL_LOGFILE Logﬁle logging log level. One of all, garbage, trace, debug, info, warning, error, quiet. Default: warning.

22.2. Command Line Reference 321 Salt Documentation, Release 2014.7.6

See also salt(7) salt-master(1) salt-minion(1)

22.2.11 salt-syndic salt-syndic

e Salt syndic daemon, a special minion that passes through commands from a higher master

Synopsis salt-syndic [ options ]

Description

e Salt syndic daemon, a special minion that passes through commands from a higher master.

Options

322 Chapter 22. Reference Salt Documentation, Release 2014.7.6

--log-file-level=LOG_LEVEL_LOGFILE Logﬁle logging log level. One of all, garbage, trace, debug, info, warning, error, quiet. Default: warning.

See also salt(1) salt-master(1) salt-minion(1)

22.2.12 salt-api salt-api

Start interfaces used to remotely connect to the salt master

Synopsis salt-api

Description

e Salt API system manages network api connectors for the Salt Master

Options

22.2. Command Line Reference 323 Salt Documentation, Release 2014.7.6

--log-file-level=LOG_LEVEL_LOGFILE Logﬁle logging log level. One of all, garbage, trace, debug, info, warning, error, quiet. Default: warning.

See also salt-api(7) salt(7) salt-master(1)

22.3 Client ACL system

e salt client ACL system is a means to allow system users other than root to have access to execute select salt commands on minions from the master. e client ACL system is conﬁgured in the master conﬁguration ﬁle via the client_acl conﬁguration option. Un- der the client_acl conﬁguration option the users open to send commands are speciﬁed and then a list of regular expressions which specify the minion functions which will be made available to speciﬁed user. is conﬁguration is much like the peer conﬁguration:

# Allow thatch to execute anything and allow fred to use ping and pkg client_acl: thatch: - .* fred: - test.* - pkg.*

22.3.1 Permission Issues

Directories required for client_acl must be modiﬁed to be readable by the users speciﬁed: chmod 755 /var/cache/salt /var/cache/salt/jobs /var/run/salt

Note: In addition to the changes above you will also need to modify the permissions of /var/log/salt and the existing log ﬁle. If you do not wish to do this then you must disable logging or Salt will generate errors as it cannot write to the logs as the system users.

If you are upgrading from earlier versions of salt you must also remove any existing user keys and re-start the Salt master: rm /var/cache/salt/.*key service salt-master restart

22.4 Python client API

Salt provides several entry points for interfacing with Python applications. ese entry points are oen referred to as *Client() APIs. Each client accesses diﬀerent parts of Salt, either from the master or from a minion. Each client is detailed below. See also: ere are many ways to access Salt programmatically.

324 Chapter 22. Reference Salt Documentation, Release 2014.7.6

Salt can be used from CLI scripts as well as via a REST interface. See Salt's outpuer system to retrieve structured data from Salt as JSON, or as shell-friendly text, or many other formats. See the state.event runner to utilize Salt's event bus from shell scripts. See the salt-api project to access Salt externally via a REST interface. It uses Salt's Python interface documented below and is also useful as a reference implementation.

22.4.1 Salt's opts dictionary

Some clients require access to Salt's opts dictionary. (e dictionary representation of the master or minion conﬁg ﬁles.) A common paern for fetching the opts dictionary is to defer to environment variables if they exist or otherwise fetch the conﬁg from the default location. salt.config.client_config(path, env_var='SALT_CLIENT_CONFIG', defaults=None) Load Master conﬁguration data Usage:

import salt.config master_opts = salt.config.client_config('/etc/salt/master')

Returns a dictionary of the Salt Master conﬁguration ﬁle with necessary options needed to communicate with a locally-running Salt Master daemon. is function searches for client speciﬁc conﬁgurations and adds them to the data from the master conﬁguration. is is useful for master-side operations like LocalClient. salt.config.minion_config(path, env_var='SALT_MINION_CONFIG', defaults=None, min- ion_id=False) Reads in the minion conﬁguration ﬁle and sets up special options is is useful for Minion-side operations, such as the Caller class, and manually running the loader interface.

import salt.client minion_opts = salt.config.minion_config('/etc/salt/minion')

22.4.2 Salt's Loader Interface

Modules in the Salt ecosystem are loaded into memory using a custom loader system. is allows modules to have conditional requirements (OS, OS version, installed libraries, etc) and allows Salt to inject special variables (__salt__, __opts, etc). Most modules can be manually loaded. is is oen useful in third-party Python apps or when writing tests. However some modules require and expect a full, running Salt system underneath. Notably modules that facilitate master- to-minion communication such as the mine, publish, and peer execution modules. e error KeyError: 'master_uri' is a likely indicator for this situation. In those instances use the Caller class to execute those modules instead. Each module type has a corresponding loader function. salt.loader.minion_mods(opts, context=None, whitelist=None, loaded_base_name=None) Load execution modules Returns a dictionary of execution modules appropriate for the current system by evaluating the __virtual__() function in each module.

22.4. Python client API 325 Salt Documentation, Release 2014.7.6

import salt.config import salt.loader

__opts__ = salt.config.minion_config('/etc/salt/minion') __grains__ = salt.loader.grains(__opts__) __opts__['grains'] = __grains__ __salt__ = salt.loader.minion_mods(__opts__) __salt__['test.ping']() salt.loader.raw_mod(opts, name, functions) Returns a single module loaded raw and bypassing the __virtual__ function

import salt.config import salt.loader

__opts__ = salt.config.minion_config('/etc/salt/minion') testmod = salt.loader.raw_mod(__opts__, 'test', None) testmod['test.ping']() salt.loader.states(opts, functions, whitelist=None) Returns the state modules

import salt.config import salt.loader

__opts__ salt.config.minion_config('/etc/salt/minion') statemods = salt.loader.states(__opts__, None) salt.loader.grains(opts, force_refresh=False) Return the functions for the dynamic grains and the values for the static grains.

import salt.config import salt.loader

__opts__ salt.config.minion_config('/etc/salt/minion') __grains__ = salt.loader.grains(__opts__) print __grains__['id']

22.4.3 Salt's Client Interfaces

LocalClient class salt.client.LocalClient(c_path='/etc/salt/master', mopts=None, skip_perm_errors=False) e interface used by the salt CLI tool on the Salt Master LocalClient is used to send a command to Salt minions to execute execution modules and return the results to the Salt Master. Importing and using LocalClient must be done on the same machine as the Salt Master and it must be done using the same user that the Salt Master is running as. (Unless external_auth is conﬁgured and authentication credentials are included in the execution).

import salt.client

local = salt.client.LocalClient() local.cmd('*', 'test.fib',[10])

326 Chapter 22. Reference Salt Documentation, Release 2014.7.6

cmd(tgt, fun, arg=(), timeout=None, expr_form='glob', ret='`, kwarg=None, **kwargs) Synchronously execute a command on targeted minions e cmd method will execute and wait for the timeout period for all minions to reply, then it will return all minion data at once.

>>> import salt.client >>> local = salt.client.LocalClient() >>> local.cmd('*', 'cmd.run',['whoami']) {'jerry': 'root'}

With extra keyword arguments for the command function to be run:

local.cmd('*', 'test.arg',['arg1', 'arg2'], kwarg={'foo': 'bar'})

Compound commands can be used for multiple executions in a single publish. Function names and function arguments are provided in separate lists but the index values must correlate and an empty list must be used if no arguments are required.

>>> local.cmd('*',[ 'grains.items', 'sys.doc', 'cmd.run', ], [ [], [], ['uptime'], ])

Parameters • tgt (string or list) -- Which minions to target for the execution. Default is shell glob. Modiﬁed by the expr_form option. • fun (string or list of strings) -- e module and function to call on the speciﬁed minions of the form module.function. For example test.ping or grains.items. Compound commands Multiple functions may be called in a single publish by passing a list of commands. is can dramatically lower overhead and speed up the application communicating with Salt. is requires that the arg param is a list of lists. e fun list and the arg list must correlate by index meaning a function that does not take arguments must still have a corresponding empty list at the expected index. • arg (list or list-of-lists) -- A list of arguments to pass to the remote function. If the function takes no arguments arg may be omied except when executing a compound command. • timeout -- Seconds to wait aer the last minion returns but before all minions return. • expr_form -- e type of tgt. Allowed values: – glob - Bash glob completion - Default – pcre - Perl style regular expression – list - Python list of hosts – grain - Match based on a grain comparison

22.4. Python client API 327 Salt Documentation, Release 2014.7.6

– grain_pcre - Grain comparison with a regex – pillar - Pillar data comparison – nodegroup - Match on nodegroup – range - Use a Range server for matching – compound - Pass a compound match string • ret -- e returner to use. e value passed can be single returner, or a comma delimited list of returners to call in order on the minions • kwarg -- A dictionary with keyword arguments for the function. • kwargs -- Optional keyword arguments. Authentication credentials may be passed when using external_auth. For example: local.cmd('*', 'test.ping', username='saltdev', password='saltdev', eauth='pam'). Or: local.cmd('*', 'test.ping', token='5871821ea51754fdcea8153c1c745433') Returns A dictionary with the result of the execution, keyed by minion ID. A compound com- mand will return a sub-dictionary keyed by function name.

cmd_async(tgt, fun, arg=(), expr_form='glob', ret='`, kwarg=None, **kwargs) Asynchronously send a command to connected minions e function signature is the same as cmd() with the following exceptions. Returns A job ID or 0 on failure.

>>> local.cmd_async('*', 'test.sleep',[300]) '20131219215921857715'

cmd_batch(tgt, fun, arg=(), expr_form='glob', ret='`, kwarg=None, batch=`10%', **kwargs) Iteratively execute a command on subsets of minions at a time e function signature is the same as cmd() with the following exceptions. Parameters batch -- e batch identiﬁer of systems to execute on Returns A generator of minion returns

>>> returns = local.cmd_batch('*', 'state.highstate', bat='10%') >>> for return in returns: ... print return {'jerry': {...}} {'dave': {...}} {'stewart': {...}}

cmd_iter(tgt, fun, arg=(), timeout=None, expr_form='glob', ret='`, kwarg=None, **kwargs) Yields the individual minion returns as they come in e function signature is the same as cmd() with the following exceptions. Returns A generator

>>> ret = local.cmd_iter('*', 'test.ping') >>> for i in ret: ... print i {'jerry': {'ret': True}} {'dave': {'ret': True}} {'stewart': {'ret': True}}

328 Chapter 22. Reference Salt Documentation, Release 2014.7.6

cmd_iter_no_block(tgt, fun, arg=(), timeout=None, expr_form='glob', ret='`, kwarg=None, **kwargs) Blocks while waiting for individual minions to return. e function signature is the same as cmd() with the following exceptions. Returns None until the next minion returns. is allows for actions to be injected in between minion returns.

>>> ret = local.cmd_iter('*', 'test.ping') >>> for i in ret: ... print i None {'jerry': {'ret': True}} {'dave': {'ret': True}} None {'stewart': {'ret': True}}

cmd_subset(tgt, fun, arg=(), expr_form='glob', ret='`, kwarg=None, sub=3, cli=False, **kwargs) Execute a command on a random subset of the targeted systems e function signature is the same as cmd() with the following exceptions. Parameters sub -- e number of systems to execute on

>>> SLC.cmd_subset('*', 'test.ping', sub=1) {'jerry': True}

get_cli_returns(jid, minions, timeout=None, tgt='*', tgt_type='glob', verbose=False, show_jid=False, **kwargs) Starts a watcher looking at the return data for a speciﬁed JID Returns all of the information for the JID get_event_iter_returns(jid, minions, timeout=None) Gather the return data from the event system, break hard when timeout is reached. run_job(tgt, fun, arg=(), expr_form='glob', ret='`, timeout=None, kwarg=None, **kwargs) Asynchronously send a command to connected minions Prep the job directory and publish a command to any targeted minions. Returns A dictionary of (validated) pub_data or an empty dictionary on failure. e pub_data contains the job ID and a list of all minions that are expected to return data.

>>> local.run_job('*', 'test.sleep',[300]) {'jid': '20131219215650131543', 'minions': ['jerry']}

Salt Caller class salt.client.Caller(c_path='/etc/salt/minion', mopts=None) Caller is the same interface used by the salt-call command-line tool on the Salt Minion. Importing and using Caller must be done on the same machine as a Salt Minion and it must be done using the same user that the Salt Minion is running as. Usage:

import salt.client caller = salt.client.Caller() caller.function('test.ping')

22.4. Python client API 329 Salt Documentation, Release 2014.7.6

# Or call objects directly caller.sminion.functions['cmd.run']('ls -l')

Note, a running master or minion daemon is not required to use this class. Running salt-call --local simply sets file_client to 'local'. e same can be achieved at the Python level by including that seing in a minion conﬁg ﬁle. Instantiate a new Caller() instance using a ﬁle system path to the minion conﬁg ﬁle:

caller = salt.client.Caller('/path/to/custom/minion_config') caller.sminion.functions['grains.items']()

Instantiate a new Caller() instance using a dictionary of the minion conﬁg: New in version 2014.7.0: Pass the minion conﬁg as a dictionary.

import salt.client import salt.config

opts = salt.config.minion_config('/etc/salt/minion') opts['file_client'] = 'local' caller = salt.client.Caller(mopts=opts) caller.sminion.functions['grains.items']()

function(fun, *args, **kwargs) Call a single salt function

RunnerClient class salt.runner.RunnerClient(opts) e interface used by the salt-run CLI tool on the Salt Master It executes runner modules which run on the Salt Master. Importing and using RunnerClient must be done on the same machine as the Salt Master and it must be done using the same user that the Salt Master is running as. Salt's external_auth can be used to authenticate calls. e eauth user must be authorized to execute runner modules: (@runner). Only the master_call() below supports eauth. async(fun, low, user='UNKNOWN') Execute the function in a multiprocess and return the event tag to use to watch for the return cmd(fun, arg, pub_data=None, kwarg=None) Execute a runner function

>>> opts = salt.config.master_config('/etc/salt/master') >>> runner = salt.runner.RunnerClient(opts) >>> runner.cmd('jobs.list_jobs', []) { '20131219215650131543': { 'Arguments': [300], 'Function': 'test.sleep', 'StartTime': '2013, Dec 19 21:56:50.131543', 'Target': '*', 'Target-type': 'glob', 'User': 'saltdev' }, '20131219215921857715': {

330 Chapter 22. Reference Salt Documentation, Release 2014.7.6

'Arguments': [300], 'Function': 'test.sleep', 'StartTime': '2013, Dec 19 21:59:21.857715', 'Target': '*', 'Target-type': 'glob', 'User': 'saltdev' }, }

cmd_async(low) Execute a runner function asynchronously; eauth is respected is function requires that external_auth is conﬁgured and the user is authorized to execute runner functions: (@runner).

runner.eauth_async({ 'fun': 'jobs.list_jobs', 'username': 'saltdev', 'password': 'saltdev', 'eauth': 'pam', })

cmd_sync(low, timeout=None) Execute a runner function synchronously; eauth is respected is function requires that external_auth is conﬁgured and the user is authorized to execute runner functions: (@runner).

runner.eauth_sync({ 'fun': 'jobs.list_jobs', 'username': 'saltdev', 'password': 'saltdev', 'eauth': 'pam', })

WheelClient class salt.wheel.WheelClient(opts=None) An interface to Salt's wheel modules Wheel modules interact with various parts of the Salt Master. Importing and using WheelClient must be done on the same machine as the Salt Master and it must be done using the same user that the Salt Master is running as. Unless external_auth is conﬁgured and the user is authorized to execute wheel functions: (@wheel). async(fun, low, user='UNKNOWN') Execute the function in a multiprocess and return the event tag to use to watch for the return cmd(fun, **kwargs) Execute a wheel function

>>> opts = salt.config.master_config('/etc/salt/master') >>> wheel = salt.wheel.Wheel(opts) >>> wheel.call_func('key.list_all') {'local': ['master.pem', 'master.pub'], 'minions': ['jerry'], 'minions_pre': [], 'minions_rejected': []}

22.4. Python client API 331 Salt Documentation, Release 2014.7.6

cmd_async(low) Execute a wheel function asynchronously; eauth is respected is function requires that external_auth is conﬁgured and the user is authorized to execute runner functions: (@wheel).

>>> wheel.cmd_async({ 'fun': 'key.finger', 'match': 'jerry', 'eauth': 'auto', 'username': 'saltdev', 'password': 'saltdev', }) {'jid': '20131219224744416681', 'tag': 'salt/wheel/20131219224744416681'}

cmd_sync(low, timeout=None) Execute a wheel function synchronously; eauth is respected is function requires that external_auth is conﬁgured and the user is authorized to execute runner functions: (@wheel).

>>> wheel.cmd_sync({ 'fun': 'key.finger', 'match': 'jerry', 'eauth': 'auto', 'username': 'saltdev', 'password': 'saltdev', }) {'minions': {'jerry': '5d:f6:79:43:5e:d4:42:3f:57:b8:45:a8:7e:a4:6e:ca'}}

CloudClient class salt.cloud.CloudClient(path=None, opts=None, conﬁg_dir=None, pillars=None) e client class to wrap cloud interactions action(fun=None, cloudmap=None, names=None, provider=None, instance=None, kwargs=None) Execute a single action via the cloud plugin backend Examples:

client.action(fun='show_instance', names=['myinstance']) client.action(fun='show_image', provider='my-ec2-config', kwargs={'image': 'ami-10314d79'} )

create(provider, names, **kwargs) Create the named VMs, without using a proﬁle Example:

client.create(names=['myinstance'], provider='my-ec2-config', kwargs={'image': 'ami-1624987f', 'size': 'Micro Instance', 'ssh_username': 'ec2-user', 'securitygroup': 'default', 'delvol_on_destroy': True})

destroy(names) Destroy the named VMs

332 Chapter 22. Reference Salt Documentation, Release 2014.7.6

extra_action(names, provider, action, **kwargs) Perform actions with block storage devices Example:

client.extra_action(names=['myblock'], action='volume_create', provider='my-nova', kwargs={'voltype': 'SSD', 'size': 1000} ) client.extra_action(names=['salt-net'], action='network_create', provider='my-nova', kwargs={'cidr': '192.168.100.0/24'} )

full_query(query_type='list_nodes_full') ery all instance information list_images(provider=None) List all available images in conﬁgured cloud systems list_locations(provider=None) List all available locations in conﬁgured cloud systems list_sizes(provider=None) List all available sizes in conﬁgured cloud systems low(fun, low) Pass the cloud function and low data structure to run map_run(path, **kwargs) Pass in a location for a map to execute min_query(query_type='list_nodes_min') ery select instance information profile(proﬁle, names, vm_overrides=None, **kwargs) Pass in a proﬁle to create, names is a list of vm names to allocate vm_overrides is a special dict that will be per node options overrides Example:

>>> client= salt.cloud.CloudClient(path='/etc/salt/cloud') >>> client.profile('do_512_git', names=['minion01',]) {'minion01': {u'backups_active': 'False', u'created_at': '2014-09-04T18:10:15Z', u'droplet': {u'event_id': 31000502, u'id': 2530006, u'image_id': 5140006, u'name': u'minion01', u'size_id': 66}, u'id': '2530006', u'image_id': '5140006', u'ip_address': '107.XXX.XXX.XXX', u'locked': 'True', u'name': 'minion01', u'private_ip_address': None, u'region_id': '4', u'size_id': '66', u'status': 'new'}}

query(query_type='list_nodes') ery basic instance information

22.4. Python client API 333 Salt Documentation, Release 2014.7.6

select_query(query_type='list_nodes_select') ery select instance information

22.5 Full list of Salt Cloud modules

aliyun AliYun ECS Cloud Module botocore_aws e AWS Cloud Module cloudstack CloudStack Cloud Module digital_ocean DigitalOcean Cloud Module ec2 e EC2 Cloud Module gce Copyright 2013 Google Inc. gogrid GoGrid Cloud Module joyent Joyent Cloud Module libcloud_aws e AWS Cloud Module linode Linode Cloud Module using Apache Libcloud OR linode-python bindings lxc Install Salt on an LXC Container msazure Azure Cloud Module nova OpenStack Nova Cloud Module opennebula OpenNebula Cloud Module openstack OpenStack Cloud Module parallels Parallels Cloud Module proxmox Proxmox Cloud Module rackspace Rackspace Cloud Module saltify Saltify Module ======e Saltify module is designed to install Salt on a remote machine, virtual or bare metal, using SSH. softlayer SoLayer Cloud Module softlayer_hw SoLayer HW Cloud Module vsphere vSphere Cloud Module

22.5.1 salt.cloud.clouds.aliyun

AliYun ECS Cloud Module

New in version 2014.7.0. e Aliyun cloud module is used to control access to the aliyun ECS. hp://www.aliyun.com/ Use of this module requires the id and key parameter to be set. Set up the cloud conﬁguration at /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/aliyun.conf: my-aliyun-config: # aliyun Access Key ID id: wFGEwgregeqw3435gDger # aliyun Access Key Secret key: GDE43t43REGTrkilg43934t34qT43t4dgegerGEgg location: cn-qingdao provider: aliyun

depends requests salt.cloud.clouds.aliyun.avail_images(kwargs=None, call=None) Return a list of the images that are on the provider

334 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.cloud.clouds.aliyun.avail_locations(call=None) Return a dict of all available VM locations on the cloud provider with relevant data salt.cloud.clouds.aliyun.avail_sizes(call=None) Return a list of the image sizes that are on the provider salt.cloud.clouds.aliyun.create(vm_) Create a single VM from a data dict salt.cloud.clouds.aliyun.create_node(kwargs) Convenience function to make the rest api call for node creation. salt.cloud.clouds.aliyun.destroy(name, call=None) Destroy a node. CLI Example:

salt-cloud -a destroy myinstance salt-cloud -d myinstance salt.cloud.clouds.aliyun.get_configured_provider() Return the ﬁrst conﬁgured instance. salt.cloud.clouds.aliyun.get_image(vm_) Return the image object to use salt.cloud.clouds.aliyun.get_location(vm_=None) Return the aliyun region to use, in this order: • CLI parameter • VM parameter • Cloud proﬁle seing salt.cloud.clouds.aliyun.get_securitygroup(vm_) Return the security group salt.cloud.clouds.aliyun.get_size(vm_) Return the VM's size. Used by create_node(). salt.cloud.clouds.aliyun.list_availability_zones(call=None) List all availability zones in the current region salt.cloud.clouds.aliyun.list_monitor_data(kwargs=None, call=None) Get monitor data of the instance. If instance name is missing, will show all the instance monitor data on the region. CLI Examples:

salt-cloud -f list_monitor_data aliyun salt-cloud -f list_monitor_data aliyun name=AY14051311071990225bd salt.cloud.clouds.aliyun.list_nodes(call=None) Return a list of the VMs that are on the provider salt.cloud.clouds.aliyun.list_nodes_full(call=None) Return a list of the VMs that are on the provider salt.cloud.clouds.aliyun.list_nodes_min(call=None) Return a list of the VMs that are on the provider. Only a list of VM names, and their state, is returned. is is the minimum amount of information needed to check for existing VMs.

22.5. Full list of Salt Cloud modules 335 Salt Documentation, Release 2014.7.6 salt.cloud.clouds.aliyun.list_nodes_select(call=None) Return a list of the VMs that are on the provider, with select ﬁelds salt.cloud.clouds.aliyun.list_securitygroup(call=None) Return a list of security group salt.cloud.clouds.aliyun.query(params=None) Make a web call to aliyun ECS REST API salt.cloud.clouds.aliyun.reboot(name, call=None) Reboot a node CLI Examples:

salt-cloud -a reboot myinstance salt.cloud.clouds.aliyun.script(vm_) Return the script deployment object salt.cloud.clouds.aliyun.show_disk(name, call=None) Show the disk details of the instance CLI Examples:

salt-cloud -a show_disk aliyun myinstance salt.cloud.clouds.aliyun.show_image(kwargs, call=None) Show the details from aliyun image salt.cloud.clouds.aliyun.show_instance(name, call=None) Show the details from aliyun instance salt.cloud.clouds.aliyun.start(name, call=None) Start a node CLI Examples:

salt-cloud -a start myinstance salt.cloud.clouds.aliyun.stop(name, force=False, call=None) Stop a node CLI Examples:

salt-cloud -a stop myinstance salt-cloud -a stop myinstance force=True

22.5.2 salt.cloud.clouds.botocore_aws

The AWS Cloud Module

336 Chapter 22. Reference Salt Documentation, Release 2014.7.6

my-aws-botocore-config: # The AWS API authentication id id: GKTADJGHEIQSXMKKRBJ08H # The AWS API authentication key key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs # The ssh keyname to use keyname: default # The amazon security group securitygroup: ssh_open # The location of the private key which corresponds to the keyname private_key: /root/default.pem provider: aws salt.cloud.clouds.botocore_aws.disable_term_protect(name, call=None) Disable termination protection on a node CLI Example:

salt-cloud -a disable_term_protect mymachine salt.cloud.clouds.botocore_aws.enable_term_protect(name, call=None) Enable termination protection on a node CLI Example:

salt-cloud -a enable_term_protect mymachine salt.cloud.clouds.botocore_aws.get_configured_provider() Return the ﬁrst conﬁgured instance.

22.5.3 salt.cloud.clouds.cloudstack

CloudStack Cloud Module

e CloudStack cloud module is used to control access to a CloudStack based Public Cloud. depends libcloud Use of this module requires the apikey, secretkey, host and path parameters. my-cloudstack-cloud-config: apikey: secretkey: host: localhost path: /client/api provider: cloudstack salt.cloud.clouds.cloudstack.avail_images(conn=None, call=None) Return a dict of all available VM images on the cloud provider with relevant data salt.cloud.clouds.cloudstack.avail_locations(conn=None, call=None) Return a dict of all available VM locations on the cloud provider with relevant data salt.cloud.clouds.cloudstack.avail_sizes(conn=None, call=None) Return a dict of all available VM images on the cloud provider with relevant data salt.cloud.clouds.cloudstack.create(vm_) Create a single VM from a data dict

22.5. Full list of Salt Cloud modules 337 Salt Documentation, Release 2014.7.6 salt.cloud.clouds.cloudstack.destroy(name, conn=None, call=None) Delete a single VM salt.cloud.clouds.cloudstack.get_configured_provider() Return the ﬁrst conﬁgured instance. salt.cloud.clouds.cloudstack.get_conn() Return a conn object for the passed VM data salt.cloud.clouds.cloudstack.get_image(conn, vm_) Return the image object to use salt.cloud.clouds.cloudstack.get_ip(data) Return the IP address of the VM If the VM has public IP as deﬁned by libcloud module then use it Otherwise try to extract the private IP and use that one. salt.cloud.clouds.cloudstack.get_key() Returns the ssh private key for VM access salt.cloud.clouds.cloudstack.get_keypair(vm_) Return the keypair to use salt.cloud.clouds.cloudstack.get_location(conn, vm_) Return the node location to use salt.cloud.clouds.cloudstack.get_networkid(vm_) Return the networkid to use, only valid for Advanced Zone salt.cloud.clouds.cloudstack.get_node(conn, name) Return a libcloud node for the named VM salt.cloud.clouds.cloudstack.get_password(vm_) Return the password to use salt.cloud.clouds.cloudstack.get_size(conn, vm_) Return the VM's size object salt.cloud.clouds.cloudstack.list_nodes(conn=None, call=None) Return a list of the VMs that are on the provider salt.cloud.clouds.cloudstack.list_nodes_full(conn=None, call=None) Return a list of the VMs that are on the provider, with all ﬁelds salt.cloud.clouds.cloudstack.list_nodes_select(conn=None, call=None) Return a list of the VMs that are on the provider, with select ﬁelds salt.cloud.clouds.cloudstack.script(vm_) Return the script deployment object salt.cloud.clouds.cloudstack.show_instance(name, call=None) Show the details from the provider concerning an instance

22.5.4 salt.cloud.clouds.digital_ocean

DigitalOcean Cloud Module

e DigitalOcean cloud module is used to control access to the DigitalOcean VPS system. Use of this module only requires the api_key parameter to be set. Set up the cloud conﬁguration at /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/digital_ocean.conf:

338 Chapter 22. Reference Salt Documentation, Release 2014.7.6

my-digital-ocean-config: # DigitalOcean account keys client_key: wFGEwgregeqw3435gDger api_key: GDE43t43REGTrkilg43934t34qT43t4dgegerGEgg provider: digital_ocean

depends requests salt.cloud.clouds.digital_ocean.avail_images(call=None) Return a list of the images that are on the provider salt.cloud.clouds.digital_ocean.avail_locations(call=None) Return a dict of all available VM locations on the cloud provider with relevant data salt.cloud.clouds.digital_ocean.avail_sizes(call=None) Return a list of the image sizes that are on the provider salt.cloud.clouds.digital_ocean.create(vm_) Create a single VM from a data dict salt.cloud.clouds.digital_ocean.create_node(args) Create a node salt.cloud.clouds.digital_ocean.destroy(name, call=None) Destroy a node. Will check termination protection and warn if enabled. CLI Example:

salt-cloud --destroy mymachine salt.cloud.clouds.digital_ocean.get_configured_provider() Return the ﬁrst conﬁgured instance. salt.cloud.clouds.digital_ocean.get_image(vm_) Return the image object to use salt.cloud.clouds.digital_ocean.get_keyid(keyname) Return the ID of the keyname salt.cloud.clouds.digital_ocean.get_location(vm_) Return the VM's location salt.cloud.clouds.digital_ocean.get_size(vm_) Return the VM's size. Used by create_node(). salt.cloud.clouds.digital_ocean.list_keypairs(call=None) Return a dict of all available VM locations on the cloud provider with relevant data salt.cloud.clouds.digital_ocean.list_nodes(call=None) Return a list of the VMs that are on the provider salt.cloud.clouds.digital_ocean.list_nodes_full(call=None) Return a list of the VMs that are on the provider salt.cloud.clouds.digital_ocean.list_nodes_select(call=None) Return a list of the VMs that are on the provider, with select ﬁelds salt.cloud.clouds.digital_ocean.query(method='droplets', droplet_id=None, command=None, args=None) Make a web call to DigitalOcean salt.cloud.clouds.digital_ocean.script(vm_) Return the script deployment object

22.5. Full list of Salt Cloud modules 339 Salt Documentation, Release 2014.7.6 salt.cloud.clouds.digital_ocean.show_instance(name, call=None) Show the details from DigitalOcean concerning a droplet salt.cloud.clouds.digital_ocean.show_keypair(kwargs=None, call=None) Show the details of an SSH keypair

22.5.5 salt.cloud.clouds.ec2

The EC2 Cloud Module

e EC2 cloud module is used to interact with the Amazon Elastic Cloud Computing. is driver is highly experi- mental! Use at your own risk! To use the EC2 cloud module, set up the cloud conﬁguration at /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/ec2.conf: my-ec2-config: # The EC2 API authentication id id: GKTADJGHEIQSXMKKRBJ08H # The EC2 API authentication key key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs # The ssh keyname to use keyname: default # The amazon security group securitygroup: ssh_open # The location of the private key which corresponds to the keyname private_key: /root/default.pem

# Be default, service_url is set to amazonaws.com. If you are using this # driver for something other than Amazon EC2, change it here: service_url: amazonaws.com

# The endpoint that is ultimately used is usually formed using the region # and the service_url. If you would like to override that entirely, you # can explicitly define the endpoint: endpoint: myendpoint.example.com:1138/services/Cloud

# SSH Gateways can be used with this provider. Gateways can be used # when a salt-master is not on the same private network as the instance # that is being deployed.

# Defaults to None # Required ssh_gateway: gateway.example.com

# Defaults to port 22 # Optional ssh_gateway_port: 22

# Defaults to root # Optional ssh_gateway_username: root

# One authentication method is required. If both # are specified, Private key wins.

# Private key defaults to None

340 Chapter 22. Reference Salt Documentation, Release 2014.7.6

ssh_gateway_private_key: /path/to/key.pem

# Password defaults to None ssh_gateway_password: ExamplePasswordHere

provider: ec2

depends requests salt.cloud.clouds.ec2.attach_volume(name=None, kwargs=None, instance_id=None, call=None) Aach a volume to an instance salt.cloud.clouds.ec2.avail_images(kwargs=None, call=None) Return a dict of all available VM images on the cloud provider. salt.cloud.clouds.ec2.avail_locations(call=None) List all available locations salt.cloud.clouds.ec2.avail_sizes(call=None) Return a dict of all available VM sizes on the cloud provider with relevant data. Latest version can be found at: hp://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html salt.cloud.clouds.ec2.block_device_mappings(vm_) Return the block device mapping:

[{'DeviceName': '/dev/sdb', 'VirtualName': 'ephemeral0'}, {'DeviceName': '/dev/sdc', 'VirtualName': 'ephemeral1'}] salt.cloud.clouds.ec2.copy_snapshot(kwargs=None, call=None) Copy a snapshot salt.cloud.clouds.ec2.create(vm_=None, call=None) Create a single VM from a data dict salt.cloud.clouds.ec2.create_attach_volumes(name, kwargs, call=None, wait_to_ﬁnish=True) Create and aach volumes to created node salt.cloud.clouds.ec2.create_keypair(kwargs=None, call=None) Create an SSH keypair salt.cloud.clouds.ec2.create_snapshot(kwargs=None, call=None, wait_to_ﬁnish=False) Create a snapshot salt.cloud.clouds.ec2.create_volume(kwargs=None, call=None, wait_to_ﬁnish=False) Create a volume salt.cloud.clouds.ec2.del_tags(name=None, kwargs=None, call=None, instance_id=None, re- source_id=None) Delete tags for a resource. Normally a VM name or instance_id is passed in, but a resource_id may be passed instead. If both are passed in, the instance_id will be used. CLI Examples:

salt-cloud -a del_tags mymachine tags=tag1,tag2,tag3 salt-cloud -a del_tags resource_id=vol-3267ab32 tags=tag1,tag2,tag3 salt.cloud.clouds.ec2.delete_keypair(kwargs=None, call=None) Delete an SSH keypair

22.5. Full list of Salt Cloud modules 341 Salt Documentation, Release 2014.7.6 salt.cloud.clouds.ec2.delete_snapshot(kwargs=None, call=None) Delete a snapshot salt.cloud.clouds.ec2.delete_volume(name=None, kwargs=None, instance_id=None, call=None) Delete a volume salt.cloud.clouds.ec2.delvol_on_destroy(name, kwargs=None, call=None) Delete all/speciﬁed EBS volumes upon instance termination CLI Example:

salt-cloud -a delvol_on_destroy mymachine salt.cloud.clouds.ec2.describe_snapshots(kwargs=None, call=None) Describe a snapshot (or snapshots) snapshot_id One or more snapshot IDs. Multiple IDs must be separated by '',''. owner Return the snapshots owned by the speciﬁed owner. Valid values include: self, amazon, . Multiple values must be separated by '',''. restorable_by One or more AWS accounts IDs that can create volumes from the snapshot. Multiple aws account IDs must be separated by '',''. TODO: Add all of the ﬁlters. salt.cloud.clouds.ec2.describe_volumes(kwargs=None, call=None) Describe a volume (or volumes) volume_id One or more volume IDs. Multiple IDs must be separated by '',''. TODO: Add all of the ﬁlters. salt.cloud.clouds.ec2.destroy(name, call=None) Destroy a node. Will check termination protection and warn if enabled. CLI Example:

salt-cloud --destroy mymachine salt.cloud.clouds.ec2.detach_volume(name=None, kwargs=None, instance_id=None, call=None) Detach a volume from an instance salt.cloud.clouds.ec2.disable_term_protect(name, call=None) Disable termination protection on a node CLI Example:

salt-cloud -a disable_term_protect mymachine salt.cloud.clouds.ec2.enable_term_protect(name, call=None) Enable termination protection on a node CLI Example:

salt-cloud -a enable_term_protect mymachine salt.cloud.clouds.ec2.get_availability_zone(vm_) Return the availability zone to use salt.cloud.clouds.ec2.get_configured_provider() Return the ﬁrst conﬁgured instance.

342 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.cloud.clouds.ec2.get_console_output(name=None, instance_id=None, call=None, kwargs=None) Show the console output from the instance. By default, returns decoded data, not the Base64-encoded data that is actually returned from the EC2 API. salt.cloud.clouds.ec2.get_location(vm_=None) Return the EC2 region to use, in this order: • CLI parameter • VM parameter • Cloud proﬁle seing salt.cloud.clouds.ec2.get_placementgroup(vm_) Returns the PlacementGroup to use salt.cloud.clouds.ec2.get_spot_config(vm_) Returns the spot instance conﬁguration for the provided vm salt.cloud.clouds.ec2.get_ssh_gateway_config(vm_) Return the ssh_gateway conﬁguration. salt.cloud.clouds.ec2.get_subnetid(vm_) Returns the SubnetId to use salt.cloud.clouds.ec2.get_tags(name=None, instance_id=None, call=None, location=None, kwargs=None, resource_id=None) Retrieve tags for a resource. Normally a VM name or instance_id is passed in, but a resource_id may be passed instead. If both are passed in, the instance_id will be used. CLI Examples:

salt-cloud -a get_tags mymachine salt-cloud -a get_tags resource_id=vol-3267ab32 salt.cloud.clouds.ec2.get_tenancy(vm_) Returns the Tenancy to use. Can be ``dedicated'' or ``default''. Cannot be present for spot instances. salt.cloud.clouds.ec2.iam_profile(vm_) Return the IAM proﬁle. e IAM instance proﬁle to associate with the instances. is is either the Amazon Resource Name (ARN) of the instance proﬁle or the name of the role. Type: String Default: None Required: No Example: arn:aws:iam::111111111111:instance-proﬁle/s3access Example: s3access salt.cloud.clouds.ec2.keepvol_on_destroy(name, kwargs=None, call=None) Do not delete all/speciﬁed EBS volumes upon instance termination CLI Example:

salt-cloud -a keepvol_on_destroy mymachine

22.5. Full list of Salt Cloud modules 343 Salt Documentation, Release 2014.7.6 salt.cloud.clouds.ec2.keyname(vm_) Return the keyname salt.cloud.clouds.ec2.list_availability_zones() List all availability zones in the current region salt.cloud.clouds.ec2.list_nodes(call=None) Return a list of the VMs that are on the provider salt.cloud.clouds.ec2.list_nodes_full(location=None, call=None) Return a list of the VMs that are on the provider salt.cloud.clouds.ec2.list_nodes_min(location=None, call=None) Return a list of the VMs that are on the provider. Only a list of VM names, and their state, is returned. is is the minimum amount of information needed to check for existing VMs. salt.cloud.clouds.ec2.list_nodes_select(call=None) Return a list of the VMs that are on the provider, with select ﬁelds salt.cloud.clouds.ec2.optimize_providers(providers) Return an optimized list of providers. We want to reduce the duplication of querying the same region. If a provider is using the same credentials for the same region the same data will be returned for each provider, thus causing un-wanted duplicate data and API calls to EC2. salt.cloud.clouds.ec2.query(params=None, setname=None, requesturl=None, location=None, re- turn_url=False, return_root=False) salt.cloud.clouds.ec2.query_instance(vm_=None, call=None) ery an instance upon creation from the EC2 API salt.cloud.clouds.ec2.queue_instances(instances) eue a set of instances to be provisioned later. Expects a list. Currently this only queries node data, and then places it in the cloud cache (if conﬁgured). If the salt-cloud- reactor is being used, these instances will be automatically provisioned using that. For more information about the salt-cloud-reactor, see: hps://github.com/saltstack-formulas/salt-cloud-reactor salt.cloud.clouds.ec2.reboot(name, call=None) Reboot a node. CLI Example:

salt-cloud -a reboot mymachine salt.cloud.clouds.ec2.rename(name, kwargs, call=None) Properly rename a node. Pass in the new name as ``new name''. CLI Example:

salt-cloud -a rename mymachine newname=yourmachine salt.cloud.clouds.ec2.request_instance(vm_=None, call=None) Put together all of the information necessary to request an instance on EC2, and then ﬁre oﬀ the request the instance. Returns data about the instance salt.cloud.clouds.ec2.script(vm_) Return the script deployment object

344 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.cloud.clouds.ec2.securitygroup(vm_) Return the security group salt.cloud.clouds.ec2.securitygroupid(vm_) Returns the SecurityGroupId salt.cloud.clouds.ec2.set_tags(name=None, tags=None, call=None, location=None, in- stance_id=None, resource_id=None, kwargs=None) Set tags for a resource. Normally a VM name or instance_id is passed in, but a resource_id may be passed instead. If both are passed in, the instance_id will be used. CLI Examples:

salt-cloud -a set_tags mymachine tag1=somestuff tag2='Other stuff' salt-cloud -a set_tags resource_id=vol-3267ab32 tag=somestuff salt.cloud.clouds.ec2.show_delvol_on_destroy(name, kwargs=None, call=None) Do not delete all/speciﬁed EBS volumes upon instance termination CLI Example:

salt-cloud -a show_delvol_on_destroy mymachine salt.cloud.clouds.ec2.show_image(kwargs, call=None) Show the details from EC2 concerning an AMI salt.cloud.clouds.ec2.show_instance(name=None, instance_id=None, call=None, kwargs=None) Show the details from EC2 concerning an AMI. Can be called as an action (which requires a name): salt-cloud -a show_instance myinstance …or as a function (which requires either a name or instance_id): salt-cloud -f show_instance my-ec2 name=myinstance salt-cloud -f show_instance my-ec2 instance_id=i-d34db33f salt.cloud.clouds.ec2.show_keypair(kwargs=None, call=None) Show the details of an SSH keypair salt.cloud.clouds.ec2.show_term_protect(name=None, instance_id=None, call=None, quiet=False) Show the details from EC2 concerning an AMI salt.cloud.clouds.ec2.show_volume(kwargs=None, call=None) Wrapper around describe_volumes. Here just to keep functionality. Might be depreciated later. salt.cloud.clouds.ec2.sign(key, msg) salt.cloud.clouds.ec2.ssh_interface(vm_) Return the ssh_interface type to connect to. Either `public_ips' (default) or `private_ips'. salt.cloud.clouds.ec2.start(name, call=None) Start a node salt.cloud.clouds.ec2.stop(name, call=None) Stop a node salt.cloud.clouds.ec2.wait_for_instance(vm_=None, data=None, ip_address=None, dis- play_ssh_output=True, call=None) Wait for an instance upon creation from the EC2 API, to become available

22.5. Full list of Salt Cloud modules 345 Salt Documentation, Release 2014.7.6

22.5.6 salt.cloud.clouds.gce

Copyright 2013 Google Inc. All Rights Reserved. Licensed under the Apache License, Version 2.0 (the ``License''); you may not use this ﬁle except in compliance with the License. You may obtain a copy of the License at hp://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, soware distributed under the License is distributed on an ``AS IS'' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the speciﬁc language governing permissions and limitations under the License.

Google Compute Engine Module

e Google Compute Engine module. is module interfaces with Google Compute Engine. To authenticate to GCE, you will need to create a Service Account. Setting up Service Account Authentication: • Go to the Cloud Console at: hps://cloud.google.com/console. • Create or navigate to your desired Project. • Make sure Google Compute Engine service is enabled under the Services section. • Go to ``APIs and auth'' and then the ``Registered apps'' section. • Click the ``REGISTER APP'' buon and give it a meaningful name. • Select ``Web Application'' and click ``Register''. • Select Certiﬁcate, then ``Generate Certiﬁcate'' • Copy the Email Address for inclusion in your /etc/salt/cloud ﬁle in the `service_account_email_address' seing. • Download the Private Key • e key that you download is a PKCS12 key. It needs to be converted to the PEM format. • Convert the key using OpenSSL (the default password is `notasecret'): C{openssl pkcs12 -in PRIVKEY.p12 -passin pass:notasecret -nodes -nocerts | openssl rsa -out ~/PRIVKEY.pem} • Add the full path name of the converted private key to your /etc/salt/cloud ﬁle as `ser- vice_account_private_key' seing. • Consider using a more secure location for your private key. Supported commands: # Create a few instances fro proﬁle_name in /etc/salt/cloud.proﬁles - salt-cloud -p pro- ﬁle_name inst1 inst2 inst3 # Delete an instance - salt-cloud -d inst1 # Look up data on an instance - salt- cloud -a show_instance inst2 # List available locations (aka `zones') for provider `gce' - salt-cloud --list- locations gce # List available instance sizes (aka `machine types') for provider `gce' - salt-cloud --list-sizes gce # List available images for provider `gce' - salt-cloud --list-images gce # Create a persistent disk - salt- cloud -f create_disk gce disk_name=pd location=us-central1-b ima… # Permanently delete a persistent disk - salt-cloud -f delete_disk gce disk_name=pd # Aach an existing disk to an existing instance - salt-cloud -a aach_disk myinstance disk_name=mydisk mode=READ_ONLY # Detach a disk from an instance - salt- cloud -a detach_disk myinstance disk_name=mydisk # Show information about the named disk - salt-cloud -a show_disk myinstance disk_name=pd - salt-cloud -f show_disk gce disk_name=pd # Create a snapshot of a persistent disk - salt-cloud -f create_snapshot gce name=snap-1 disk_name=pd # Permanently delete a disk snapshot - salt-cloud -f delete_snapshot gce name=snap-1 # Show information about the named snapshot - salt- cloud -f show_snapshot gce name=snap-1 # Create a network - salt-cloud -f create_network gce name=mynet

346 Chapter 22. Reference Salt Documentation, Release 2014.7.6

cidr=10.10.10.0/24 # Delete a network - salt-cloud -f delete_network gce name=mynet # Show info for a net- work - salt-cloud -f show_network gce name=mynet # Create a ﬁrewall rule - salt-cloud -f create_fwrule gce name=fw1 network=mynet allow=tcp:80 # Delete a ﬁrewall rule - salt-cloud -f delete_fwrule gce name=fw1 # Show info for a ﬁrewall rule -salt-cloud -f show_fwrule gce name=fw1 # Create a load-balancer HTTP health check - salt-cloud -f create_hc gce name=hc path=/ port=80 # Delete a load-balancer HTTP health check - salt- cloud -f delete_hc gce name=hc # Show info about an HTTP health check - salt-cloud -f show_hc gce name=hc # Create a load-balancer conﬁguration - salt-cloud -f create_lb gce name=lb region=us-central1 ports=80 … # Delete a load-balancer conﬁguration - salt-cloud -f delete_lb gce name=lb # Show details about load-balancer - salt-cloud -f show_lb gce name=lb # Add member to load-balancer - salt-cloud -f aach_lb gce name=lb member=www1 # Remove member from load-balancer - salt-cloud -f detach_lb gce name=lb member=www1 my-gce-config: # The Google Cloud Platform Project ID project: google.com:erjohnso # The Service ACcount client ID service_account_email_address: [emailprotected] # The location of the private key (PEM format) service_account_private_key: /home/erjohnso/PRIVKEY.pem provider: gce

maintainer Eric Johnson maturity new depends libcloud >= 0.14.1 depends pycrypto >= 2.1 salt.cloud.clouds.gce.attach_disk(name=None, kwargs=None, call=None) Aach an existing disk to an existing instance. CLI Example:

salt-cloud -a attach_disk myinstance disk_name=mydisk mode=READ_WRITE salt.cloud.clouds.gce.attach_lb(kwargs=None, call=None) Add an existing node/member to an existing load-balancer conﬁguration. CLI Example:

salt-cloud -f attach_lb gce name=lb member=myinstance salt.cloud.clouds.gce.avail_images(conn=None) Return a dict of all available VM images on the cloud provider with relevant data Note that for GCE, there are custom images within the project, but the generic images are in other projects. is returns a dict of images in the project plus images in `debian-cloud' and `centos-cloud' (If there is overlap in names, the one in the current project is used.) salt.cloud.clouds.gce.avail_locations(conn=None, call=None) Return a dict of all available VM locations on the cloud provider with relevant data salt.cloud.clouds.gce.avail_sizes(conn=None) Return a dict of available instances sizes (a.k.a machine types) and convert them to something more serializable. salt.cloud.clouds.gce.create(vm_=None, call=None) Create a single GCE instance from a data dict. salt.cloud.clouds.gce.create_disk(kwargs=None, call=None) Create a new persistent disk. Must specify disk_name and location. Can also specify an image or snapshot but if neither of those are speciﬁed, a size (in GB) is required.

22.5. Full list of Salt Cloud modules 347 Salt Documentation, Release 2014.7.6

CLI Example:

salt-cloud -f create_disk gce disk_name=pd size=300 location=us-central1-b salt.cloud.clouds.gce.create_fwrule(kwargs=None, call=None) Create a GCE ﬁrewall rule. e `default' network is used if not speciﬁed. CLI Example:

salt-cloud -f create_fwrule gce name=allow-http allow=tcp:80 salt.cloud.clouds.gce.create_hc(kwargs=None, call=None) Create an HTTP health check conﬁguration. CLI Example:

salt-cloud -f create_hc gce name=hc path=/healthy port=80 salt.cloud.clouds.gce.create_lb(kwargs=None, call=None) Create a load-balancer conﬁguration. CLI Example:

salt-cloud -f create_lb gce name=lb region=us-central1 ports=80 salt.cloud.clouds.gce.create_network(kwargs=None, call=None) Create a GCE network. CLI Example:

salt-cloud -f create_network gce name=mynet cidr=10.10.10.0/24 salt.cloud.clouds.gce.create_snapshot(kwargs=None, call=None) Create a new disk snapshot. Must specify name and disk_name. CLI Example:

salt-cloud -f create_snapshot gce name=snap1 disk_name=pd salt.cloud.clouds.gce.delete_disk(kwargs=None, call=None) Permanently delete a persistent disk. CLI Example:

salt-cloud -f delete_disk gce disk_name=pd salt.cloud.clouds.gce.delete_fwrule(kwargs=None, call=None) Permanently delete a ﬁrewall rule. CLI Example:

salt-cloud -f delete_fwrule gce name=allow-http salt.cloud.clouds.gce.delete_hc(kwargs=None, call=None) Permanently delete a health check. CLI Example:

salt-cloud -f delete_hc gce name=hc salt.cloud.clouds.gce.delete_lb(kwargs=None, call=None) Permanently delete a load-balancer.

348 Chapter 22. Reference Salt Documentation, Release 2014.7.6

CLI Example:

salt-cloud -f delete_lb gce name=lb salt.cloud.clouds.gce.delete_network(kwargs=None, call=None) Permanently delete a network. CLI Example:

salt-cloud -f delete_network gce name=mynet salt.cloud.clouds.gce.delete_snapshot(kwargs=None, call=None) Permanently delete a disk snapshot. CLI Example:

salt-cloud -f delete_snapshot gce name=disk-snap-1 salt.cloud.clouds.gce.destroy(vm_name, call=None) Call `destroy' on the instance. Can be called with ``-a destroy'' or -d CLI Example:

salt-cloud -a destroy myinstance1 myinstance2 ... salt-cloud -d myinstance1 myinstance2 ... salt.cloud.clouds.gce.detach_disk(name=None, kwargs=None, call=None) Detach a disk from an instance. CLI Example:

salt-cloud -a detach_disk myinstance disk_name=mydisk salt.cloud.clouds.gce.detach_lb(kwargs=None, call=None) Remove an existing node/member from an existing load-balancer conﬁguration. CLI Example:

salt-cloud -f detach_lb gce name=lb member=myinstance salt.cloud.clouds.gce.get_configured_provider() Return the ﬁrst conﬁgured instance. salt.cloud.clouds.gce.get_conn() Return a conn object for the passed VM data salt.cloud.clouds.gce.get_lb_conn(gce_driver=None) Return a load-balancer conn object salt.cloud.clouds.gce.list_nodes(conn=None, call=None) Return a list of the VMs that are on the provider salt.cloud.clouds.gce.list_nodes_full(conn=None, call=None) Return a list of the VMs that are on the provider, with all ﬁelds salt.cloud.clouds.gce.list_nodes_select(conn=None, call=None) Return a list of the VMs that are on the provider, with select ﬁelds salt.cloud.clouds.gce.reboot(vm_name, call=None) Call GCE `reset' on the instance. CLI Example:

22.5. Full list of Salt Cloud modules 349 Salt Documentation, Release 2014.7.6

salt-cloud -a reboot myinstance salt.cloud.clouds.gce.script(vm_) Return the script deployment object salt.cloud.clouds.gce.show_disk(name=None, kwargs=None, call=None) Show the details of an existing disk. CLI Example:

salt-cloud -a show_disk myinstance disk_name=mydisk salt-cloud -f show_disk gce disk_name=mydisk salt.cloud.clouds.gce.show_fwrule(kwargs=None, call=None) Show the details of an existing ﬁrewall rule. CLI Example:

salt-cloud -f show_fwrule gce name=allow-http salt.cloud.clouds.gce.show_hc(kwargs=None, call=None) Show the details of an existing health check. CLI Example:

salt-cloud -f show_hc gce name=hc salt.cloud.clouds.gce.show_instance(vm_name, call=None) Show the details of the existing instance. salt.cloud.clouds.gce.show_lb(kwargs=None, call=None) Show the details of an existing load-balancer. CLI Example:

salt-cloud -f show_lb gce name=lb salt.cloud.clouds.gce.show_network(kwargs=None, call=None) Show the details of an existing network. CLI Example:

salt-cloud -f show_network gce name=mynet salt.cloud.clouds.gce.show_snapshot(kwargs=None, call=None) Show the details of an existing snapshot. CLI Example:

salt-cloud -f show_snapshot gce name=mysnapshot

22.5.7 salt.cloud.clouds.gogrid

GoGrid Cloud Module

e GoGrid cloud module. is module interfaces with the gogrid public cloud service. To use Salt Cloud with GoGrid log into the GoGrid web interface and create an api key. Do this by clicking on ``My Account'' and then going to the API Keys tab. depends libcloud >= 0.13.2

350 Chapter 22. Reference Salt Documentation, Release 2014.7.6

Set up the cloud conﬁguration at /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/gogrid.conf: my-gogrid-config: # The generated api key to use apikey: asdff7896asdh789 # The apikey's shared secret sharedsecret: saltybacon

provider: gogrid salt.cloud.clouds.gogrid.avail_images(conn=None, call=None) Return a dict of all available VM images on the cloud provider with relevant data salt.cloud.clouds.gogrid.avail_sizes(conn=None, call=None) Return a dict of all available VM images on the cloud provider with relevant data salt.cloud.clouds.gogrid.create(vm_) Create a single VM from a data dict salt.cloud.clouds.gogrid.destroy(name, conn=None, call=None) Delete a single VM salt.cloud.clouds.gogrid.get_configured_provider() Return the ﬁrst conﬁgured instance. salt.cloud.clouds.gogrid.get_conn() Return a conn object for the passed VM data salt.cloud.clouds.gogrid.get_image(conn, vm_) Return the image object to use salt.cloud.clouds.gogrid.get_size(conn, vm_) Return the VM's size object salt.cloud.clouds.gogrid.list_nodes(conn=None, call=None) Return a list of the VMs that are on the provider salt.cloud.clouds.gogrid.list_nodes_full(conn=None, call=None) Return a list of the VMs that are on the provider, with all ﬁelds salt.cloud.clouds.gogrid.list_nodes_select(conn=None, call=None) Return a list of the VMs that are on the provider, with select ﬁelds salt.cloud.clouds.gogrid.script(vm_) Return the script deployment object salt.cloud.clouds.gogrid.show_instance(name, call=None) Show the details from the provider concerning an instance

22.5.8 salt.cloud.clouds.joyent

Joyent Cloud Module

e Joyent Cloud module is used to interact with the Joyent cloud system. Set up the cloud conﬁguration at /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/joyent.conf: my-joyent-config: # The Joyent login user user: fred # The Joyent user's password

22.5. Full list of Salt Cloud modules 351 Salt Documentation, Release 2014.7.6

password: saltybacon # The location of the ssh private key that can log into the new VM private_key: /root/joyent.pem provider: joyent

When creating your proﬁles for the joyent cloud, add the location aribute to the proﬁle, this will automatically get picked up when performing tasks associated with that vm. An example proﬁle might look like: joyent_512: provider: my-joyent-config size: Extra Small 512 MB image: centos-6 location: us-east-1

depends requests salt.cloud.clouds.joyent.avail_images(call=None) get list of available images CLI Example:

salt-cloud --list-images salt.cloud.clouds.joyent.avail_locations(call=None) List all available locations salt.cloud.clouds.joyent.avail_sizes(call=None) get list of available packages CLI Example:

salt-cloud --list-sizes salt.cloud.clouds.joyent.create(vm_) Create a single VM from a data dict CLI Example:

salt-cloud -p profile_name vm_name salt.cloud.clouds.joyent.create_node(**kwargs) convenience function to make the rest api call for node creation. salt.cloud.clouds.joyent.delete_key(kwargs=None, call=None) List the keys available CLI Example:

salt-cloud -f delete_key joyent keyname=mykey salt.cloud.clouds.joyent.destroy(name, call=None) destroy a machine by name Parameters • name -- name given to the machine • call -- call value in this case is `action' Returns array of booleans , true if successfully stopped and true if successfully removed CLI Example:

352 Chapter 22. Reference Salt Documentation, Release 2014.7.6

salt-cloud -d vm_name salt.cloud.clouds.joyent.get_configured_provider() Return the ﬁrst conﬁgured instance. salt.cloud.clouds.joyent.get_image(vm_) Return the image object to use salt.cloud.clouds.joyent.get_location(vm_=None) Return the joyent data center to use, in this order: • CLI parameter • VM parameter • Cloud proﬁle seing salt.cloud.clouds.joyent.get_location_path(location='us-east-1') create url from location variable :param location: joyent data center location :return: url salt.cloud.clouds.joyent.get_node(name) gets the node from the full node list by name :param name: name of the vm :return: node object salt.cloud.clouds.joyent.get_size(vm_) Return the VM's size object salt.cloud.clouds.joyent.has_method(obj, method_name) Find if the provided object has a speciﬁc method salt.cloud.clouds.joyent.import_key(kwargs=None, call=None) List the keys available CLI Example:

salt-cloud -f import_key joyent keyname=mykey keyfile=/tmp/mykey.pub salt.cloud.clouds.joyent.joyent_node_state(id_) Convert joyent returned state to state common to other data center return values for consistency Parameters id -- joyent state value Returns libcloudfuncs state value salt.cloud.clouds.joyent.key_list(key='name', items=None) convert list to dictionary using the key as the identiﬁer :param key: identiﬁer - must exist in the arrays elements own dictionary :param items: array to iterate over :return: dictionary salt.cloud.clouds.joyent.list_keys(kwargs=None, call=None) List the keys available salt.cloud.clouds.joyent.list_nodes(full=False, call=None) list of nodes, keeping only a brief listing CLI Example:

salt-cloud -Q salt.cloud.clouds.joyent.list_nodes_full(call=None) list of nodes, maintaining all content provided from joyent listings CLI Example:

22.5. Full list of Salt Cloud modules 353 Salt Documentation, Release 2014.7.6

salt-cloud -F salt.cloud.clouds.joyent.list_nodes_select(call=None) Return a list of the VMs that are on the provider, with select ﬁelds salt.cloud.clouds.joyent.query(action=None, command=None, args=None, method='GET', loca- tion=None, data=None) Make a web call to Joyent salt.cloud.clouds.joyent.reboot(name, call=None) reboot a machine by name :param name: name given to the machine :param call: call value in this case is `action' :return: true if successful CLI Example:

salt-cloud -a reboot vm_name salt.cloud.clouds.joyent.reformat_node(item=None, full=False) Reformat the returned data from joyent, determine public/private IPs and strip out ﬁelds if necessary to provide either full or brief content. Parameters • item -- node dictionary • full -- full or brief output Returns dict salt.cloud.clouds.joyent.show_key(kwargs=None, call=None) List the keys available salt.cloud.clouds.joyent.ssh_interface(vm_) Return the ssh_interface type to connect to. Either `public_ips' (default) or `private_ips'. salt.cloud.clouds.joyent.start(name, call=None) start a machine by name :param name: name given to the machine :param call: call value in this case is `action' :return: true if successful CLI Example:

salt-cloud -a start vm_name salt.cloud.clouds.joyent.stop(name, call=None) stop a machine by name :param name: name given to the machine :param call: call value in this case is `action' :return: true if successful CLI Example:

salt-cloud -a stop vm_name salt.cloud.clouds.joyent.take_action(name=None, call=None, command=None, data=None, method='GET', location='us-east-1') take action call used by start,stop, reboot :param name: name given to the machine :param call: call value in this case is `action' :command: api path :data: any data to be passed to the api, must be in json format :method: GET,POST,or DELETE :location: data center to execute the command on :return: true if successful

354 Chapter 22. Reference Salt Documentation, Release 2014.7.6

22.5.9 salt.cloud.clouds.libcloud_aws

The AWS Cloud Module

e AWS cloud module is used to interact with the Amazon Web Services system. is module has been replaced by the EC2 cloud module, and is no longer supported. e documentation shown here is for reference only; it is highly recommended to change all usages of this driver over to the EC2 driver. If this driver is still needed, set up the cloud conﬁguration at /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/aws.conf: my-aws-config: # The AWS API authentication id id: GKTADJGHEIQSXMKKRBJ08H # The AWS API authentication key key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs # The ssh keyname to use keyname: default # The amazon security group securitygroup: ssh_open # The location of the private key which corresponds to the keyname private_key: /root/default.pem

provider: aws salt.cloud.clouds.libcloud_aws.block_device_mappings(vm_) Return the block device mapping:

[{'DeviceName': '/dev/sdb', 'VirtualName': 'ephemeral0'}, {'DeviceName': '/dev/sdc', 'VirtualName': 'ephemeral1'}] salt.cloud.clouds.libcloud_aws.create(vm_) Create a single VM from a data dict salt.cloud.clouds.libcloud_aws.create_attach_volumes(volumes, location, data) Create and aach volumes to created node salt.cloud.clouds.libcloud_aws.del_tags(name, kwargs, call=None) Delete tags for a node CLI Example:

salt-cloud -a del_tags mymachine tag1,tag2,tag3 salt.cloud.clouds.libcloud_aws.destroy(name) Wrap core libcloudfuncs destroy method, adding check for termination protection salt.cloud.clouds.libcloud_aws.get_availability_zone(conn, vm_) Return the availability zone to use salt.cloud.clouds.libcloud_aws.get_configured_provider() Return the ﬁrst conﬁgured instance. salt.cloud.clouds.libcloud_aws.get_conn(**kwargs) Return a conn object for the passed VM data salt.cloud.clouds.libcloud_aws.get_location(vm_=None) Return the AWS region to use, in this order: • CLI parameter

22.5. Full list of Salt Cloud modules 355 Salt Documentation, Release 2014.7.6

• Cloud proﬁle seing • Global salt-cloud conﬁg salt.cloud.clouds.libcloud_aws.get_tags(name, call=None) Retrieve tags for a node salt.cloud.clouds.libcloud_aws.iam_profile(vm_) Return the IAM role salt.cloud.clouds.libcloud_aws.keyname(vm_) Return the keyname salt.cloud.clouds.libcloud_aws.rename(name, kwargs, call=None) Properly rename a node. Pass in the new name as ``new name''. CLI Example:

salt-cloud -a rename mymachine newname=yourmachine salt.cloud.clouds.libcloud_aws.securitygroup(vm_) Return the security group salt.cloud.clouds.libcloud_aws.set_tags(name, tags, call=None) Set tags for a node CLI Example:

salt-cloud -a set_tags mymachine tag1=somestuff tag2='Other stuff' salt.cloud.clouds.libcloud_aws.ssh_interface(vm_) Return the ssh_interface type to connect to. Either `public_ips' (default) or `private_ips'. salt.cloud.clouds.libcloud_aws.ssh_username(vm_) Return the ssh_username. Defaults to `ec2-user'. salt.cloud.clouds.libcloud_aws.start(name, call=None) Start a node salt.cloud.clouds.libcloud_aws.stop(name, call=None) Stop a node

22.5.10 salt.cloud.clouds.linode

Linode Cloud Module using Apache Libcloud OR linode-python bindings

e Linode cloud module is used to control access to the Linode VPS system Use of this module only requires the apikey parameter. depends linode-python >= 1.1.1 OR :depends: apache-libcloud >= 0.13.2

Note: e linode-python driver will work with earlier versions of linode-python, but it is highly recommended to use a minimum version of 1.1.1. Earlier versions leak sensitive information into the debug logs.

Set up the cloud conﬁguration at /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/linode.conf:

356 Chapter 22. Reference Salt Documentation, Release 2014.7.6 my-linode-conﬁg: # Linode account api key apikey: JVkbSJDGHSDKUKSDJsdklgsjdkﬂhjlsdﬀgdgjkenrtuinv provider: linode When used with linode-python, this provider supports cloning existing Linodes. To clone, add a proﬁle with a clonefrom key, and a script_args: -C. Clonefrom should be the name of the that is the source for the clone. script_args: -C passes a -C to the bootstrap script, which only conﬁgures the minion and doesn't try to install a new copy of salt-minion. is way the minion gets new keys and the keys get pre-seeded on the master, and the /etc/salt/minion ﬁle has the right `id:' declaration. Cloning requires a post 2015-02-01 salt-bootstrap. salt.cloud.clouds.linode.avail_images(conn=None, call=None) Return a dict of all available VM images on the cloud provider with relevant data salt.cloud.clouds.linode.avail_locations(conn=None, call=None) Return a dict of all available VM locations on the cloud provider with relevant data salt.cloud.clouds.linode.avail_sizes(conn=None, call=None) Return a dict of all available VM images on the cloud provider with relevant data salt.cloud.clouds.linode.boot(LinodeID=None, conﬁgid=None) Execute a boot sequence on a linode salt.cloud.clouds.linode.create(vm_) Create a single VM from a data dict salt.cloud.clouds.linode.create_config(vm_, LinodeID=None, root_disk_id=None, swap_disk_id=None) Create a Linode Conﬁg salt.cloud.clouds.linode.create_disk_from_distro(vm_=None, LinodeID=None, swap- size=None) Create the disk for the linode salt.cloud.clouds.linode.create_swap_disk(vm_=None, LinodeID=None, swapsize=None) Create the disk for the linode salt.cloud.clouds.linode.destroy(name, conn=None, call=None) Delete a single VM salt.cloud.clouds.linode.get_auth(vm_) Return either NodeAuthSSHKey or NodeAuthPassword, preferring NodeAuthSSHKey if both are provided. salt.cloud.clouds.linode.get_configured_provider() Return the ﬁrst conﬁgured instance. salt.cloud.clouds.linode.get_conn() Return a conn object for the passed VM data salt.cloud.clouds.linode.get_disk_size(vm_, size, swap) Return the size of of the root disk in MB salt.cloud.clouds.linode.get_image(conn, vm_) Return the image object to use salt.cloud.clouds.linode.get_kernels(conn=None) Get Linode's list of kernels available salt.cloud.clouds.linode.get_location(conn, vm_) Return the node location to use

22.5. Full list of Salt Cloud modules 357 Salt Documentation, Release 2014.7.6 salt.cloud.clouds.linode.get_node(conn, name) Return a libcloud node for the named VM salt.cloud.clouds.linode.get_one_kernel(conn=None, name=None) Return data on one kernel name=None returns latest kernel salt.cloud.clouds.linode.get_password(vm_) Return the password to use salt.cloud.clouds.linode.get_private_ip(vm_) Return True if a private ip address is requested salt.cloud.clouds.linode.get_pubkey(vm_) Return the SSH pubkey to use salt.cloud.clouds.linode.get_size(conn, vm_) Return the VM's size object salt.cloud.clouds.linode.get_ssh_key_filename(vm_) Return path to ﬁlename if get_auth() returns a NodeAuthSSHKey. salt.cloud.clouds.linode.get_swap(vm_) Return the amount of swap space to use in MB salt.cloud.clouds.linode.list_nodes(conn=None, call=None) Return a list of the VMs that are on the provider salt.cloud.clouds.linode.list_nodes_full(conn=None, call=None) Return a list of the VMs that are on the provider, with all ﬁelds salt.cloud.clouds.linode.list_nodes_select(conn=None, call=None) Return a list of the VMs that are on the provider, with select ﬁelds salt.cloud.clouds.linode.remove_complex_types(dictionary) Linode-python is now returning some complex types that are not serializable by msgpack. Kill those. salt.cloud.clouds.linode.script(vm_) Return the script deployment object salt.cloud.clouds.linode.show_instance(name, call=None) Show the details from the provider concerning an instance salt.cloud.clouds.linode.waitfor_job(conn=None, LinodeID=None, JobID=None, timeout=300, quiet=True) salt.cloud.clouds.linode.waitfor_status(conn=None, LinodeID=None, status=None, time- out=300, quiet=True) Wait for a certain status

22.5.11 salt.cloud.clouds.lxc

Install Salt on an LXC Container

New in version 2014.7.0. Please read core conﬁg documentation. salt.cloud.clouds.lxc.avail_images() salt.cloud.clouds.lxc.create(vm_, call=None) Create an lxc Container. is function is idempotent and will try to either provision or ﬁnish the provision of an lxc container.

358 Chapter 22. Reference Salt Documentation, Release 2014.7.6

NOTE: Most of the initialization code has been moved and merged with the lxc runner and lxc.init functions salt.cloud.clouds.lxc.destroy(vm_, call=None) Destroy a lxc container salt.cloud.clouds.lxc.get_configured_provider(vm_=None) Return the contextual provider of None if no conﬁgured one can be found. salt.cloud.clouds.lxc.get_provider(name) salt.cloud.clouds.lxc.list_nodes(conn=None, call=None) salt.cloud.clouds.lxc.list_nodes_full(conn=None, call=None) salt.cloud.clouds.lxc.list_nodes_select(call=None) Return a list of the VMs that are on the provider, with select ﬁelds salt.cloud.clouds.lxc.show_instance(name, call=None) Show the details from the provider concerning an instance

22.5.12 salt.cloud.clouds.msazure

Azure Cloud Module

e Azure cloud module is used to control access to Microso Azure depends • Microso Azure SDK for Python conﬁguration Required provider parameters: • apikey • certificate_path • subscription_id A Management Certiﬁcate (.pem and .crt ﬁles) must be created and the .pem ﬁle placed on the same machine that salt-cloud is run from. Information on creating the pem ﬁle to use, and uploading the associated cer ﬁle can be found at: hp://www.windowsazure.com/en-us/develop/python/how-to-guides/service-management/ Example /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/azure.conf conﬁgu- ration:

my-azure-config: provider: azure subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617 certificate_path: /etc/salt/azure.pem management_host: management.core.windows.net

salt.cloud.clouds.msazure.avail_images(conn=None, call=None) List available images for Azure salt.cloud.clouds.msazure.avail_locations(conn=None, call=None) List available locations for Azure salt.cloud.clouds.msazure.avail_sizes(call=None) Because sizes are built into images with Azure, there will be no sizes to return here

22.5. Full list of Salt Cloud modules 359 Salt Documentation, Release 2014.7.6 salt.cloud.clouds.msazure.create(vm_) Create a single VM from a data dict salt.cloud.clouds.msazure.destroy(name, conn=None, call=None, kwargs=None) Destroy a VM CLI Examples:

salt-cloud -d myminion salt-cloud -a destroy myminion service_name=myservice salt.cloud.clouds.msazure.get_configured_provider() Return the ﬁrst conﬁgured instance. salt.cloud.clouds.msazure.get_conn() Return a conn object for the passed VM data salt.cloud.clouds.msazure.list_disks(conn=None, call=None) Destroy a VM salt.cloud.clouds.msazure.list_hosted_services(conn=None, call=None) List VMs on this Azure account, with full information salt.cloud.clouds.msazure.list_nodes(conn=None, call=None) List VMs on this Azure account salt.cloud.clouds.msazure.list_nodes_full(conn=None, call=None) List VMs on this Azure account, with full information salt.cloud.clouds.msazure.list_nodes_select(conn=None, call=None) Return a list of the VMs that are on the provider, with select ﬁelds salt.cloud.clouds.msazure.list_storage_services(conn=None, call=None) List VMs on this Azure account, with full information salt.cloud.clouds.msazure.script(vm_) Return the script deployment object salt.cloud.clouds.msazure.show_instance(name, call=None) Show the details from the provider concerning an instance

22.5.13 salt.cloud.clouds.nova

OpenStack Nova Cloud Module

PLEASE NOTE: is module is currently in early development, and considered to be experimental and unstable. It is not recommended for production use. Unless you are actively developing code in this module, you should use the OpenStack module instead. OpenStack is an open source project that is in use by a number a cloud providers, each of which have their own ways of using it. e OpenStack Nova module for Salt Cloud was bootstrapped from the OpenStack module for Salt Cloud, which uses a libcloud-based connection. e Nova module is designed to use the nova and glance modules already built into Salt. ese modules use the Python novaclient and glanceclient libraries, respectively. In order to use this module, the proper salt conﬁguration must also be in place. is can be speciﬁed in the master conﬁg, the minion conﬁg, a set of grains or a set of pillars.

360 Chapter 22. Reference Salt Documentation, Release 2014.7.6

my_openstack_profile: keystone.user: admin keystone.password: verybadpass keystone.tenant: admin keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'

Note that there is currently a dependency upon netaddr. is can be installed on Debian-based systems by means of the python-netaddr package. is module currently requires the latest develop branch of Salt to be installed. is module has been tested to work with HP Cloud and Rackspace. See the documentation for spe- ciﬁc options for either of these providers. ese examples could be set up in the cloud conﬁguration at /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/openstack.conf: my-openstack-config: # The ID of the minion that will execute the salt nova functions auth_minion: myminion # The name of the configuration profile to use on said minion config_profile: my_openstack_profile

ssh_key_name: mykey

provider: nova userdata_file: /tmp/userdata.txt

For local installations that only use private IP address ranges, the following option may be useful. Using the old syntax: Note: For api use, you will need an auth plugin. e base novaclient does not support apikeys, but some providers such as rackspace have extended keystone to accept them my-openstack-config: # Ignore IP addresses on this network for bootstrap ignore_cidr: 192.168.50.0/24 my-nova: identity_url: 'https://identity.api.rackspacecloud.com/v2.0/' compute_region: IAD user: myusername password: mypassword tenant: provider: nova my-api: identity_url: 'https://identity.api.rackspacecloud.com/v2.0/' compute_region: IAD user: myusername api_key: os_auth_plugin: rackspace tenant: provider: nova salt.cloud.clouds.nova.attach_volume(name, server_name, device='/dev/xvdb', **kwargs) Aach block volume salt.cloud.clouds.nova.avail_images() Return a dict of all available VM images on the cloud provider.

22.5. Full list of Salt Cloud modules 361 Salt Documentation, Release 2014.7.6 salt.cloud.clouds.nova.avail_locations(conn=None, call=None) Return a list of locations salt.cloud.clouds.nova.avail_sizes() Return a dict of all available VM sizes on the cloud provider. salt.cloud.clouds.nova.create(vm_) Create a single VM from a data dict salt.cloud.clouds.nova.create_attach_volumes(name, call=None, **kwargs) Create and aach volumes to created node salt.cloud.clouds.nova.create_volume(name, size=100, snapshot=None, voltype=None, **kwargs) Create block storage device salt.cloud.clouds.nova.destroy(name, conn=None, call=None) Delete a single VM salt.cloud.clouds.nova.get_configured_provider() Return the ﬁrst conﬁgured instance. salt.cloud.clouds.nova.get_conn() Return a conn object for the passed VM data salt.cloud.clouds.nova.get_image(conn, vm_) Return the image object to use salt.cloud.clouds.nova.get_size(conn, vm_) Return the VM's size object salt.cloud.clouds.nova.ignore_cidr(vm_, ip) Return True if we are to ignore the speciﬁed IP. Compatible with IPv4. salt.cloud.clouds.nova.list_nodes(call=None, **kwargs) Return a list of the VMs that in this location salt.cloud.clouds.nova.list_nodes_full(call=None, **kwargs) Return a list of the VMs that in this location salt.cloud.clouds.nova.list_nodes_select(call=None) Return a list of the VMs that are on the provider, with select ﬁelds salt.cloud.clouds.nova.managedcloud(vm_) Determine if we should wait for the managed cloud automation before running. Either `False' (default) or `True'. salt.cloud.clouds.nova.network_create(name, **kwargs) Create private networks salt.cloud.clouds.nova.network_list(call=None, **kwargs) List private networks salt.cloud.clouds.nova.preferred_ip(vm_, ips) Return the preferred Internet protocol. Either `ipv4' (default) or `ipv6'. salt.cloud.clouds.nova.rackconnect(vm_) Determine if we should wait for rackconnect automation before running. Either `False' (default) or `True'. salt.cloud.clouds.nova.reboot(name, conn=None) Reboot a single VM

362 Chapter 22. Reference Salt Documentation, Release 2014.7.6

salt.cloud.clouds.nova.request_instance(vm_=None, call=None) Put together all of the information necessary to request an instance through Novaclient and then ﬁre oﬀ the request the instance. Returns data about the instance salt.cloud.clouds.nova.script(vm_) Return the script deployment object salt.cloud.clouds.nova.show_instance(name, call=None) Show the details from the provider concerning an instance salt.cloud.clouds.nova.ssh_interface(vm_) Return the ssh_interface type to connect to. Either `public_ips' (default) or `private_ips'. salt.cloud.clouds.nova.virtual_interface_create(name, net_name, **kwargs) Create private networks salt.cloud.clouds.nova.virtual_interface_list(name, **kwargs) Create private networks salt.cloud.clouds.nova.volume_attach(name, server_name, device='/dev/xvdb', **kwargs) Aach block volume salt.cloud.clouds.nova.volume_create(name, size=100, snapshot=None, voltype=None, **kwargs) Create block storage device salt.cloud.clouds.nova.volume_create_attach(name, call=None, **kwargs) Create and aach volumes to created node salt.cloud.clouds.nova.volume_delete(name, **kwargs) Delete block storage device salt.cloud.clouds.nova.volume_detach(name, **kwargs) Detach block volume salt.cloud.clouds.nova.volume_list(**kwargs) List block devices

22.5.14 salt.cloud.clouds.opennebula

OpenNebula Cloud Module

e OpenNebula cloud module is used to control access to an OpenNebula cloud. Use of this module requires the xml_rpc, user and password parameter to be set. Set up the cloud conﬁguration at /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/opennebula.conf:

my-opennebula-config: xml_rpc: http://localhost:2633/RPC2 user: oneadmin password: JHGhgsayu32jsa provider: opennebula

salt.cloud.clouds.opennebula.avail_images(call=None) Return a list of the templates that are on the provider salt.cloud.clouds.opennebula.avail_locations(call=None) Return a dict of all available VM locations on the cloud provider with relevant data

22.5. Full list of Salt Cloud modules 363 Salt Documentation, Release 2014.7.6 salt.cloud.clouds.opennebula.avail_sizes(call=None) Because sizes are built into templates with OpenNebula, there will be no sizes to return here salt.cloud.clouds.opennebula.create(vm_) Create a single VM from a data dict salt.cloud.clouds.opennebula.destroy(name, call=None) Destroy a node. Will check termination protection and warn if enabled. CLI Example:

salt-cloud --destroy mymachine salt.cloud.clouds.opennebula.get_configured_provider() Return the ﬁrst conﬁgured instance. salt.cloud.clouds.opennebula.get_image(vm_) Return the image object to use salt.cloud.clouds.opennebula.get_location(vm_) Return the VM's location salt.cloud.clouds.opennebula.list_nodes(call=None) Return a list of the VMs that are on the provider salt.cloud.clouds.opennebula.list_nodes_full(call=None) Return a list of the VMs that are on the provider salt.cloud.clouds.opennebula.list_nodes_select(call=None) Return a list of the VMs that are on the provider, with select ﬁelds salt.cloud.clouds.opennebula.script(vm_) Return the script deployment object salt.cloud.clouds.opennebula.show_instance(name, call=None) Show the details from OpenNebula concerning a VM

22.5.15 salt.cloud.clouds.openstack

OpenStack Cloud Module

OpenStack is an open source project that is in use by a number a cloud providers, each of which have their own ways of using it. depends libcloud >- 0.13.2 OpenStack provides a number of ways to authenticate. is module uses password- based authentication, using auth v2.0. It is likely to start supporting other methods of authentication provided by OpenStack in the future. Note that there is currently a dependency upon netaddr. is can be installed on Debian-based systems by means of the python-netaddr package. is module has been tested to work with HP Cloud and Rackspace. See the documentation for speciﬁc options for either of these providers. Some examples, using the old cloud conﬁguration syntax, are provided below: Set up in the cloud conﬁguration at /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/openstack.conf: my-openstack-config: # The OpenStack identity service url identity_url: https://region-b.geo-1.identity.hpcloudsvc.com:35357/v2.0/

364 Chapter 22. Reference Salt Documentation, Release 2014.7.6

# The OpenStack compute region compute_region: region-b.geo-1 # The OpenStack compute service name compute_name: Compute # The OpenStack tenant name (not tenant ID) tenant: myuser-tenant1 # The OpenStack user name user: myuser # The OpenStack keypair name ssh_key_name: mykey # Skip SSL certificate validation insecure: false # The ssh key file ssh_key_file: /path/to/keyfile/test.pem # The OpenStack network UUIDs networks: - fixed: - 4402cd51-37ee-435e-a966-8245956dc0e6 - floating: - Ext-Net files: /path/to/dest.txt: /local/path/to/src.txt # Skips the service catalog API endpoint, and uses the following base_url: http://192.168.1.101:3000/v2/12345 provider: openstack userdata_file: /tmp/userdata.txt # config_drive is required for userdata at rackspace config_drive: True

For in-house Openstack Essex installation, libcloud needs the service_type : my-openstack-config: identity_url: 'http://control.openstack.example.org:5000/v2.0/' compute_name : Compute Service service_type : compute

Either a password or an API key must also be speciﬁed: my-openstack-password-or-api-config: # The OpenStack password password: letmein # The OpenStack API key apikey: 901d3f579h23c8v73q9

Optionally, if you don't want to save plain-text password in your conﬁguration ﬁle, you can use keyring: my-openstack-keyring-config: # The OpenStack password is stored in keyring # don't forget to set the password by running something like: # salt-cloud --set-password=myuser my-openstack-keyring-config password: USE_KEYRING

For local installations that only use private IP address ranges, the following option may be useful. Using the old syntax: my-openstack-config: # Ignore IP addresses on this network for bootstrap ignore_cidr: 192.168.50.0/24

22.5. Full list of Salt Cloud modules 365 Salt Documentation, Release 2014.7.6

It is possible to upload a small set of ﬁles (no more than 5, and nothing too large) to the remote server. Generally this should not be needed, as salt itself can upload to the server aer it is spun up, with nowhere near the same restrictions. my-openstack-config: files: /path/to/dest.txt: /local/path/to/src.txt

Alternatively, one could use the private IP to connect by specifying: my-openstack-config: ssh_interface: private_ips salt.cloud.clouds.openstack.avail_images(conn=None, call=None) Return a dict of all available VM images on the cloud provider with relevant data salt.cloud.clouds.openstack.avail_locations(conn=None, call=None) Return a dict of all available VM locations on the cloud provider with relevant data salt.cloud.clouds.openstack.avail_sizes(conn=None, call=None) Return a dict of all available VM images on the cloud provider with relevant data salt.cloud.clouds.openstack.create(vm_) Create a single VM from a data dict salt.cloud.clouds.openstack.destroy(name, conn=None, call=None) Delete a single VM salt.cloud.clouds.openstack.get_configured_provider() Return the ﬁrst conﬁgured instance. salt.cloud.clouds.openstack.get_conn() Return a conn object for the passed VM data salt.cloud.clouds.openstack.get_image(conn, vm_) Return the image object to use salt.cloud.clouds.openstack.get_node(conn, name) Return a libcloud node for the named VM salt.cloud.clouds.openstack.get_size(conn, vm_) Return the VM's size object salt.cloud.clouds.openstack.ignore_cidr(vm_, ip) Return True if we are to ignore the speciﬁed IP. Compatible with IPv4. salt.cloud.clouds.openstack.list_nodes(conn=None, call=None) Return a list of the VMs that are on the provider salt.cloud.clouds.openstack.list_nodes_full(conn=None, call=None) Return a list of the VMs that are on the provider, with all ﬁelds salt.cloud.clouds.openstack.list_nodes_select(conn=None, call=None) Return a list of the VMs that are on the provider, with select ﬁelds salt.cloud.clouds.openstack.managedcloud(vm_) Determine if we should wait for the managed cloud automation before running. Either `False' (default) or `True'. salt.cloud.clouds.openstack.networks(vm_, kwargs=None)

366 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.cloud.clouds.openstack.preferred_ip(vm_, ips) Return the preferred Internet protocol. Either `ipv4' (default) or `ipv6'. salt.cloud.clouds.openstack.rackconnect(vm_) Determine if we should wait for rackconnect automation before running. Either `False' (default) or `True'. salt.cloud.clouds.openstack.reboot(name, conn=None) Reboot a single VM salt.cloud.clouds.openstack.request_instance(vm_=None, call=None) Put together all of the information necessary to request an instance on Openstack and then ﬁre oﬀ the request the instance. Returns data about the instance salt.cloud.clouds.openstack.script(vm_) Return the script deployment object salt.cloud.clouds.openstack.show_instance(name, call=None) Show the details from the provider concerning an instance salt.cloud.clouds.openstack.ssh_interface(vm_) Return the ssh_interface type to connect to. Either `public_ips' (default) or `private_ips'.

22.5.16 salt.cloud.clouds.parallels

Parallels Cloud Module

e Parallels cloud module is used to control access to cloud providers using the Parallels VPS system. Set up the cloud conﬁguration at /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/parallels.conf: my-parallels-config: # Parallels account information user: myuser password: mypassword url: https://api.cloud.xmission.com:4465/paci/v1.0/ provider: parallels salt.cloud.clouds.parallels.avail_images(call=None) Return a list of the images that are on the provider salt.cloud.clouds.parallels.create(vm_) Create a single VM from a data dict salt.cloud.clouds.parallels.create_node(vm_) Build and submit the XML to create a node salt.cloud.clouds.parallels.destroy(name, call=None) Destroy a node. CLI Example:

salt-cloud --destroy mymachine salt.cloud.clouds.parallels.get_configured_provider() Return the ﬁrst conﬁgured instance. salt.cloud.clouds.parallels.get_image(vm_) Return the image object to use

22.5. Full list of Salt Cloud modules 367 Salt Documentation, Release 2014.7.6 salt.cloud.clouds.parallels.list_nodes(call=None) Return a list of the VMs that are on the provider salt.cloud.clouds.parallels.list_nodes_full(call=None) Return a list of the VMs that are on the provider salt.cloud.clouds.parallels.list_nodes_select(call=None) Return a list of the VMs that are on the provider, with select ﬁelds salt.cloud.clouds.parallels.query(action=None, command=None, args=None, method='GET', data=None) Make a web call to a Parallels provider salt.cloud.clouds.parallels.script(vm_) Return the script deployment object salt.cloud.clouds.parallels.show_image(kwargs, call=None) Show the details from Parallels concerning an image salt.cloud.clouds.parallels.show_instance(name, call=None) Show the details from Parallels concerning an instance salt.cloud.clouds.parallels.start(name, call=None) Start a node. CLI Example:

salt-cloud -a start mymachine salt.cloud.clouds.parallels.stop(name, call=None) Stop a node. CLI Example:

salt-cloud -a stop mymachine salt.cloud.clouds.parallels.wait_until(name, state, timeout=300) Wait until a speciﬁc state has been reached on a node

22.5.17 salt.cloud.clouds.proxmox

Proxmox Cloud Module

New in version 2014.7.0. e Proxmox cloud module is used to control access to cloud providers using the Proxmox system (KVM / OpenVZ). Set up the cloud conﬁguration at /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/proxmox.conf: my-proxmox-config: # Proxmox account information user: myuser@pam or myuser@pve password: mypassword url: hypervisor.domain.tld provider: proxmox

maintainer Frank Klaassen maturity new depends requests >= 2.2.1

368 Chapter 22. Reference Salt Documentation, Release 2014.7.6

depends IPy >= 0.81 salt.cloud.clouds.proxmox.avail_images(call=None, location='local') Return a list of the images that are on the provider CLI Example:

salt-cloud --list-images my-proxmox-config salt.cloud.clouds.proxmox.avail_locations(call=None) Return a list of the hypervisors (nodes) which this Proxmox PVE machine manages CLI Example:

salt-cloud --list-locations my-proxmox-config salt.cloud.clouds.proxmox.create(vm_) Create a single VM from a data dict CLI Example:

salt-cloud -p proxmox-ubuntu vmhostname salt.cloud.clouds.proxmox.create_node(vm_) Build and submit the requestdata to create a new node salt.cloud.clouds.proxmox.destroy(name, call=None) Destroy a node. CLI Example:

salt-cloud --destroy mymachine salt.cloud.clouds.proxmox.get_configured_provider() Return the ﬁrst conﬁgured instance. salt.cloud.clouds.proxmox.get_resources_nodes(call=None, resFilter=None) Retrieve all hypervisors (nodes) available on this environment CLI Example:

salt-cloud -f get_resources_nodes my-proxmox-config salt.cloud.clouds.proxmox.get_resources_vms(call=None, resFilter=None, includeCon- ﬁg=True) Retrieve all VMs available on this environment CLI Example:

salt-cloud -f get_resources_vms my-proxmox-config salt.cloud.clouds.proxmox.get_vm_status(vmid=None, name=None) Get the status for a VM, either via the ID or the hostname salt.cloud.clouds.proxmox.get_vmconfig(vmid, node=None, node_type='openvz') Get VM conﬁguration salt.cloud.clouds.proxmox.list_nodes(call=None) Return a list of the VMs that are managed by the provider CLI Example:

salt-cloud -Q my-proxmox-config

22.5. Full list of Salt Cloud modules 369 Salt Documentation, Release 2014.7.6 salt.cloud.clouds.proxmox.list_nodes_full(call=None) Return a list of the VMs that are on the provider CLI Example:

salt-cloud -F my-proxmox-config salt.cloud.clouds.proxmox.list_nodes_select(call=None) Return a list of the VMs that are on the provider, with select ﬁelds CLI Example:

salt-cloud -S my-proxmox-config salt.cloud.clouds.proxmox.query(conn_type, option, post_data=None) Execute the HTTP request to the API salt.cloud.clouds.proxmox.script(vm_) Return the script deployment object salt.cloud.clouds.proxmox.set_vm_status(status, name=None, vmid=None) Convenience function for seing VM status salt.cloud.clouds.proxmox.show_instance(name, call=None) Show the details from Proxmox concerning an instance salt.cloud.clouds.proxmox.shutdown(name=None, vmid=None, call=None) Shutdown a node via ACPI. CLI Example:

salt-cloud -a shutdown mymachine salt.cloud.clouds.proxmox.start(name, vmid=None, call=None) Start a node. CLI Example:

salt-cloud -a start mymachine salt.cloud.clouds.proxmox.stop(name, vmid=None, call=None) Stop a node (``pulling the plug''). CLI Example:

salt-cloud -a stop mymachine salt.cloud.clouds.proxmox.wait_for_created(upid, timeout=300) Wait until a the vm has been created successfully salt.cloud.clouds.proxmox.wait_for_state(vmid, node, nodeType, state, timeout=300) Wait until a speciﬁc state has been reached on a node

22.5.18 salt.cloud.clouds.rackspace

Rackspace Cloud Module

e Rackspace cloud module. is module uses the preferred means to set up a libcloud based cloud module and should be used as the general template for seing up additional libcloud based modules. depends libcloud >= 0.13.2

370 Chapter 22. Reference Salt Documentation, Release 2014.7.6

Please note that the rackspace driver is only intended for 1st gen instances, aka, ``the old cloud'' at Rackspace. It is required for 1st gen instances, but will not work with OpenStack-based instances. Unless you explicitly have a reason to use it, it is highly recommended that you use the openstack driver instead. e rackspace cloud module interfaces with the Rackspace public cloud service and requires that two conﬁguration parameters be set for use, user and apikey. Set up the cloud conﬁguration at /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/rackspace.conf: my-rackspace-config: provider: rackspace # The Rackspace login user user: fred # The Rackspace user's apikey apikey: 901d3f579h23c8v73q9 salt.cloud.clouds.rackspace.avail_images(conn=None, call=None) Return a dict of all available VM images on the cloud provider with relevant data salt.cloud.clouds.rackspace.avail_locations(conn=None, call=None) Return a dict of all available VM locations on the cloud provider with relevant data salt.cloud.clouds.rackspace.avail_sizes(conn=None, call=None) Return a dict of all available VM images on the cloud provider with relevant data salt.cloud.clouds.rackspace.create(vm_) Create a single VM from a data dict salt.cloud.clouds.rackspace.destroy(name, conn=None, call=None) Delete a single VM salt.cloud.clouds.rackspace.get_configured_provider() Return the ﬁrst conﬁgured instance. salt.cloud.clouds.rackspace.get_conn() Return a conn object for the passed VM data salt.cloud.clouds.rackspace.get_image(conn, vm_) Return the image object to use salt.cloud.clouds.rackspace.get_size(conn, vm_) Return the VM's size object salt.cloud.clouds.rackspace.list_nodes(conn=None, call=None) Return a list of the VMs that are on the provider salt.cloud.clouds.rackspace.list_nodes_full(conn=None, call=None) Return a list of the VMs that are on the provider, with all ﬁelds salt.cloud.clouds.rackspace.list_nodes_select(conn=None, call=None) Return a list of the VMs that are on the provider, with select ﬁelds salt.cloud.clouds.rackspace.preferred_ip(vm_, ips) Return the preferred Internet protocol. Either `ipv4' (default) or `ipv6'. salt.cloud.clouds.rackspace.script(vm_) Return the script deployment object salt.cloud.clouds.rackspace.show_instance(name, call=None) Show the details from the provider concerning an instance salt.cloud.clouds.rackspace.ssh_interface(vm_) Return the ssh_interface type to connect to. Either `public_ips' (default) or `private_ips'.

22.5. Full list of Salt Cloud modules 371 Salt Documentation, Release 2014.7.6

22.5.19 salt.cloud.clouds.saltify

Saltify Module

e Saltify module is designed to install Salt on a remote machine, virtual or bare metal, using SSH. is module is useful for provisioning machines which are already installed, but not Salted. Use of this module requires no conﬁguration in the main cloud conﬁguration ﬁle. However, proﬁles must still be conﬁgured, as described in the core conﬁg documentation. salt.cloud.clouds.saltify.create(vm_) Provision a single machine salt.cloud.clouds.saltify.get_configured_provider() Return the ﬁrst conﬁgured instance. salt.cloud.clouds.saltify.list_nodes() Because this module is not speciﬁc to any cloud providers, there will be no nodes to list. salt.cloud.clouds.saltify.list_nodes_full() Because this module is not speciﬁc to any cloud providers, there will be no nodes to list. salt.cloud.clouds.saltify.list_nodes_select() Because this module is not speciﬁc to any cloud providers, there will be no nodes to list. salt.cloud.clouds.saltify.script(vm_) Return the script deployment object

22.5.20 salt.cloud.clouds.solayer

SoLayer Cloud Module

e SoLayer cloud module is used to control access to the SoLayer VPS system. Use of this module only requires the apikey parameter. Set up the cloud conﬁguration at: /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/softlayer.conf: my-softlayer-config: # SoftLayer account api key user: MYLOGIN apikey: JVkbSJDGHSDKUKSDJfhsdklfjgsjdkflhjlsdfffhgdgjkenrtuinv provider: softlayer

e SoLayer Python Library needs to be installed in order to use the SoLayer salt.cloud modules. See: hps://pypi.python.org/pypi/SoLayer depends solayer salt.cloud.clouds.softlayer.avail_images(call=None) Return a dict of all available VM images on the cloud provider. salt.cloud.clouds.softlayer.avail_locations(call=None) List all available locations salt.cloud.clouds.softlayer.avail_sizes(call=None) Return a dict of all available VM sizes on the cloud provider with relevant data. is data is provided in three dicts. salt.cloud.clouds.softlayer.create(vm_) Create a single VM from a data dict

372 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.cloud.clouds.softlayer.destroy(name, call=None) Destroy a node. CLI Example:

salt-cloud --destroy mymachine salt.cloud.clouds.softlayer.get_configured_provider() Return the ﬁrst conﬁgured instance. salt.cloud.clouds.softlayer.get_conn(service='SoLayer_Virtual_Guest') Return a conn object for the passed VM data salt.cloud.clouds.softlayer.get_location(vm_=None) Return the location to use, in this order: • CLI parameter • VM parameter • Cloud proﬁle seing salt.cloud.clouds.softlayer.list_custom_images(call=None) Return a dict of all custom VM images on the cloud provider. salt.cloud.clouds.softlayer.list_nodes(call=None) Return a list of the VMs that are on the provider salt.cloud.clouds.softlayer.list_nodes_full(mask='mask[id]', call=None) Return a list of the VMs that are on the provider salt.cloud.clouds.softlayer.list_nodes_select(call=None) Return a list of the VMs that are on the provider, with select ﬁelds salt.cloud.clouds.softlayer.list_vlans(call=None) List all VLANs associated with the account salt.cloud.clouds.softlayer.script(vm_) Return the script deployment object salt.cloud.clouds.softlayer.show_instance(name, call=None) Show the details from SoLayer concerning a guest

22.5.21 salt.cloud.clouds.solayer_hw

SoLayer HW Cloud Module

e SoLayer HW cloud module is used to control access to the SoLayer hardware cloud system Use of this module only requires the apikey parameter. Set up the cloud conﬁguration at: /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/softlayer.conf: my-softlayer-config: # SoftLayer account api key user: MYLOGIN apikey: JVkbSJDGHSDKUKSDJfhsdklfjgsjdkflhjlsdfffhgdgjkenrtuinv provider: softlayer_hw

e SoLayer Python Library needs to be installed in order to use the SoLayer salt.cloud modules. See: hps://pypi.python.org/pypi/SoLayer

22.5. Full list of Salt Cloud modules 373 Salt Documentation, Release 2014.7.6

depends solayer salt.cloud.clouds.softlayer_hw.avail_images(call=None) Return a dict of all available VM images on the cloud provider. salt.cloud.clouds.softlayer_hw.avail_locations(call=None) List all available locations salt.cloud.clouds.softlayer_hw.avail_sizes(call=None) Return a dict of all available VM sizes on the cloud provider with relevant data. is data is provided in three dicts. salt.cloud.clouds.softlayer_hw.create(vm_) Create a single VM from a data dict salt.cloud.clouds.softlayer_hw.destroy(name, call=None) Destroy a node. CLI Example:

salt-cloud --destroy mymachine salt.cloud.clouds.softlayer_hw.get_configured_provider() Return the ﬁrst conﬁgured instance. salt.cloud.clouds.softlayer_hw.get_conn(service='SoLayer_Hardware') Return a conn object for the passed VM data salt.cloud.clouds.softlayer_hw.get_location(vm_=None) Return the location to use, in this order: • CLI parameter • VM parameter • Cloud proﬁle seing salt.cloud.clouds.softlayer_hw.list_nodes(call=None) Return a list of the VMs that are on the provider salt.cloud.clouds.softlayer_hw.list_nodes_full(mask='mask[id, hostname, primaryI- pAddress, primaryBackendIpAddress, processorPhysicalCoreAmount, memo- ryCount]', call=None) Return a list of the VMs that are on the provider salt.cloud.clouds.softlayer_hw.list_nodes_select(call=None) Return a list of the VMs that are on the provider, with select ﬁelds salt.cloud.clouds.softlayer_hw.list_vlans(call=None) List all VLANs associated with the account salt.cloud.clouds.softlayer_hw.script(vm_) Return the script deployment object salt.cloud.clouds.softlayer_hw.show_instance(name, call=None) Show the details from SoLayer concerning a guest

374 Chapter 22. Reference Salt Documentation, Release 2014.7.6

22.5.22 salt.cloud.clouds.vsphere vSphere Cloud Module

New in version 2014.7.0. e vSphere cloud module is used to control access to VMWare vSphere. depends • PySphere Python module Use of this module only requires a URL, username and password. Set up the cloud conﬁguration at: /etc/salt/cloud.providers or /etc/salt/cloud.providers.d/vsphere.conf: my-vsphere-config: provider: vsphere user: myuser password: verybadpass url: 'https://10.1.1.1:443' folder: Name of the folder that will contain the new VM. If not set, the VM will be added to the folder the origi- nal VM belongs to. resourcepool: MOR of the resourcepool to be used for the new vm. If not set, it uses the same resourcepool than the original vm. datastore: MOR of the datastore where the virtual maine should be located. If not speciﬁed, the current data- store is used. host: MOR of the host where the virtual maine should be registered. IF not speciﬁed: • if resourcepool is not speciﬁed, current host is used. • if resourcepool is speciﬁed, and the target pool represents a stand-alone host, the host is used. • if resourcepool is speciﬁed, and the target pool represents a DRS-enabled cluster, a host selected by DRS is used. • if resourcepool is speciﬁed and the target pool represents a cluster without DRS enabled, an Invali- dArgument exception will be thrown. template: Speciﬁes whether or not the new virtual maine should be marked as a template. Default is False. salt.cloud.clouds.vsphere.avail_images() Return a dict of all available VM images on the cloud provider. salt.cloud.clouds.vsphere.avail_locations() Return a dict of all available VM locations on the cloud provider with relevant data salt.cloud.clouds.vsphere.create(vm_) Create a single VM from a data dict salt.cloud.clouds.vsphere.destroy(name, call=None) Destroy a node. CLI Example:

salt-cloud --destroy mymachine salt.cloud.clouds.vsphere.get_configured_provider() Return the ﬁrst conﬁgured instance.

22.5. Full list of Salt Cloud modules 375 Salt Documentation, Release 2014.7.6 salt.cloud.clouds.vsphere.get_conn() Return a conn object for the passed VM data salt.cloud.clouds.vsphere.list_clusters(kwargs=None, call=None) List the clusters for this VMware environment salt.cloud.clouds.vsphere.list_datacenters(kwargs=None, call=None) List the data centers for this VMware environment salt.cloud.clouds.vsphere.list_datastores(kwargs=None, call=None) List the datastores for this VMware environment salt.cloud.clouds.vsphere.list_folders(kwargs=None, call=None) List the folders for this VMWare environment salt.cloud.clouds.vsphere.list_hosts(kwargs=None, call=None) List the hosts for this VMware environment salt.cloud.clouds.vsphere.list_nodes() Return a list of the VMs that are on the provider salt.cloud.clouds.vsphere.list_nodes_full() Return a list of the VMs that are on the provider salt.cloud.clouds.vsphere.list_nodes_min() Return a list of the nodes in the provider, with no details salt.cloud.clouds.vsphere.list_nodes_select() Return a list of the VMs that are on the provider, with select ﬁelds salt.cloud.clouds.vsphere.list_resourcepools(kwargs=None, call=None) List the hosts for this VMware environment salt.cloud.clouds.vsphere.script(vm_) Return the script deployment object salt.cloud.clouds.vsphere.show_instance(name, call=None) Show the details from vSphere concerning a guest

22.6 Configuration file examples

• Example master conﬁguration ﬁle • Example minion conﬁguration ﬁle

22.6.1 Example master configuration file

##### Primary configuration settings ##### ########################################## # This configuration file is used to manage the behavior of the Salt Master. # Values that are commented out but have an empty line after the comment are # defaults that do not need to be set in the config. If there is no blank line # after the comment then the value is presented as an example and is not the # default.

# Per default, the master will automatically include all config files # from master.d/*.conf (master.d is a directory in the same directory

376 Chapter 22. Reference Salt Documentation, Release 2014.7.6

# as the main master config file). #default_include: master.d/*.conf

# The address of the interface to bind to: #interface: 0.0.0.0

# Whether the master should listen for IPv6 connections. If this is set to True, # the interface option must be adjusted, too. (For example: "interface: '::'") #ipv6: False

# The tcp port used by the publisher: #publish_port: 4505

# The user under which the salt master will run. Salt will update all # permissions to allow the specified user to run the master. The exception is # the job cache, which must be deleted if this user is changed. If the # modified files cause conflicts, set verify_env to False. #user: root

# Max open files # # Each minion connecting to the master uses AT LEAST one file descriptor, the # master subscription connection. If enough minions connect you might start # seeing on the console (and then salt-master crashes): # Too many open files (tcp_listener.cpp:335) # Aborted (core dumped) # # By default this value will be the one of `ulimit -Hn`, ie, the hard limit for # max open files. # # If you wish to set a different value than the default one, uncomment and # configure this setting. Remember that this value CANNOT be higher than the # hard limit. Raising the hard limit depends on your OS and/or distribution, # a good way to find the limit is to search the internet. For example: # raise max open files hard limit debian # #max_open_files: 100000

# The number of worker threads to start. These threads are used to manage # return calls made from minions to the master. If the master seems to be # running slowly, increase the number of threads. #worker_threads: 5

# The port used by the communication interface. The ret (return) port is the # interface used for the file server, authentication, job returns, etc. #ret_port: 4506

# Specify the location of the daemon process ID file: #pidfile: /var/run/salt-master.pid

# The root directory prepended to these options: pki_dir, cachedir, # sock_dir, log_file, autosign_file, autoreject_file, extension_modules, # key_logfile, pidfile: #root_dir: /

# Directory used to store public key data: #pki_dir: /etc/salt/pki/master

22.6. Configuration file examples 377 Salt Documentation, Release 2014.7.6

# Directory to store job and cache data: #cachedir: /var/cache/salt/master

# Directory for custom modules. This directory can contain subdirectories for # each of Salt's module types such as "runners", "output", "wheel", "modules", # "states", "returners", etc. #extension_modules:

# Verify and set permissions on configuration directories at startup: #verify_env: True

# Set the number of hours to keep old job information in the job cache: #keep_jobs: 24

# Set the default timeout for the salt command and api. The default is 5 # seconds. #timeout: 5

# The loop_interval option controls the seconds for the master's maintenance # process check cycle. This process updates file server backends, cleans the # job cache and executes the scheduler. #loop_interval: 60

# Set the default outputter used by the salt command. The default is "nested". #output: nested

# By default, output is colored. To disable colored output, set the color value # to False. #color: True

# Do not strip off the colored output from nested results and state outputs # (true by default). # strip_colors: False

# Set the directory used to hold unix sockets: #sock_dir: /var/run/salt/master

# The master can take a while to start up when lspci and/or dmidecode is used # to populate the grains for the master. Enable if you want to see GPU hardware # data for your master. # enable_gpu_grains: False

# The master maintains a job cache. While this is a great addition, it can be # a burden on the master for larger deployments (over 5000 minions). # Disabling the job cache will make previously executed jobs unavailable to # the jobs system and is not generally recommended. #job_cache: True

# Cache minion grains and pillar data in the cachedir. #minion_data_cache: True

# Passing very large events can cause the minion to consume large amounts of # memory. This value tunes the maximum size of a message allowed onto the # master event bus. The value is expressed in bytes. #max_event_size: 1048576

# By default, the master AES key rotates every 24 hours. The next command # following a key rotation will trigger a key refresh from the minion which may

378 Chapter 22. Reference Salt Documentation, Release 2014.7.6

# result in minions which do not respond to the first command after a key refresh. # # To tell the master to ping all minions immediately after an AES key refresh, set # ping_on_rotate to True. This should mitigate the issue where a minion does not # appear to initially respond after a key is rotated. # # Note that ping_on_rotate may cause high load on the master immediately after # the key rotation event as minions reconnect. Consider this carefully if this # salt master is managing a large number of minions. # # If disabled, it is recommended to handle this event by listening for the # 'aes_key_rotate' event with the 'key' tag and acting appropriately. # ping_on_rotate: False

# By default, the master deletes its cache of minion data when the key for that # minion is removed. To preserve the cache after key deletion, set # 'preserve_minion_cache' to True. # # WARNING: This may have security implications if compromised minions auth with # a previous deleted minion ID. #preserve_minion_cache: False

# If max_minions is used in large installations, the master might experience # high-load situations because of having to check the number of connected # minions for every authentication. This cache provides the minion-ids of # all connected minions to all MWorker-processes and greatly improves the # performance of max_minions. # con_cache: False

# The master can include configuration from other files. To enable this, # pass a list of paths to this option. The paths can be either relative or # absolute; if relative, they are considered to be relative to the directory # the main master configuration file lives in (this file). Paths can make use # of shell-style globbing. If no files are matched by a path passed to this # option, then the master will log a warning message. # # Include a config file from some other path: #include: /etc/salt/extra_config # # Include config from several files and directories: #include: # - /etc/salt/extra_config

##### Security settings ##### ########################################## # Enable "open mode", this mode still maintains encryption, but turns off # authentication, this is only intended for highly secure environments or for # the situation where your keys end up in a bad state. If you run in open mode # you do so at your own risk! #open_mode: False

# Enable auto_accept, this setting will automatically accept all incoming # public keys from the minions. Note that this is insecure. #auto_accept: False

# Time in minutes that a incomming public key with a matching name found in # pki_dir/minion_autosign/keyid is automatically accepted. Expired autosign keys

22.6. Configuration file examples 379 Salt Documentation, Release 2014.7.6

# are removed when the master checks the minion_autosign directory. # 0 equals no timeout # autosign_timeout: 120

# If the autosign_file is specified, incoming keys specified in the # autosign_file will be automatically accepted. This is insecure. Regular # expressions as well as globing lines are supported. #autosign_file: /etc/salt/autosign.conf

# Works like autosign_file, but instead allows you to specify minion IDs for # which keys will automatically be rejected. Will override both membership in # the autosign_file and the auto_accept setting. #autoreject_file: /etc/salt/autoreject.conf

# Enable permissive access to the salt keys. This allows you to run the # master or minion as root, but have a non-root group be given access to # your pki_dir. To make the access explicit, root must belong to the group # you've given access to. This is potentially quite insecure. If an autosign_file # is specified, enabling permissive_pki_access will allow group access to that # specific file. #permissive_pki_access: False

# Allow users on the master access to execute specific commands on minions. # This setting should be treated with care since it opens up execution # capabilities to non root users. By default this capability is completely # disabled. #client_acl: # larry: # - test.ping # - network.* # # Blacklist any of the following users or modules # # This example would blacklist all non sudo users, including root from # running any commands. It would also blacklist any use of the "cmd" # module. This is completely disabled by default. # #client_acl_blacklist: # users: # - root # - '^(?!sudo_).*$' # all non sudo users # modules: # - cmd

# The external auth system uses the Salt auth modules to authenticate and # validate users to access areas of the Salt system. #external_auth: # pam: # fred: # - test.* # # Time (in seconds) for a newly generated token to live. Default: 12 hours #token_expire: 43200

# Allow minions to push files to the master. This is disabled by default, for # security purposes. #file_recv: False

380 Chapter 22. Reference Salt Documentation, Release 2014.7.6

# Set a hard-limit on the size of the files that can be pushed to the master. # It will be interpreted as megabytes. Default: 100 #file_recv_max_size: 100

# Signature verification on messages published from the master. # This causes the master to cryptographically sign all messages published to its event # bus, and minions then verify that signature before acting on the message. # # This is False by default. # # Note that to facilitate interoperability with masters and minions that are different # versions, if sign_pub_messages is True but a message is received by a minion with # no signature, it will still be accepted, and a warning message will be logged. # Conversely, if sign_pub_messages is False, but a minion receives a signed # message it will be accepted, the signature will not be checked, and a warning message # will be logged. This behavior went away in Salt 2014.1.0 and these two situations # will cause minion to throw an exception and drop the message. # sign_pub_messages: False

##### Salt-SSH Configuration ##### ##########################################

# Pass in an alternative location for the salt-ssh roster file #roster_file: /etc/salt/roster

# Pass in minion option overrides that will be inserted into the SHIM for # salt-ssh calls. The local minion config is not used for salt-ssh. Can be # overridden on a per-minion basis in the roster (`minion_opts`) #ssh_minion_opts: # gpg_keydir: /root/gpg

##### Master Module Management ##### ########################################## # Manage how master side modules are loaded.

# Add any additional locations to look for master runners: #runner_dirs: []

# Enable Cython for master side modules: #cython_enable: False

##### State System settings ##### ########################################## # The state system uses a "top" file to tell the minions what environment to # use and what modules to use. The state_top file is defined relative to the # root of the base environment as defined in "File Server settings" below. #state_top: top.sls

# The master_tops option replaces the external_nodes option by creating # a plugable system for the generation of external top data. The external_nodes # option is deprecated by the master_tops option. # # To gain the capabilities of the classic external_nodes system, use the # following configuration: # master_tops: # ext_nodes: #

22.6. Configuration file examples 381 Salt Documentation, Release 2014.7.6

#master_tops: {}

# The external_nodes option allows Salt to gather data that would normally be # placed in a top file. The external_nodes option is the executable that will # return the ENC data. Remember that Salt will look for external nodes AND top # files and combine the results if both are enabled! #external_nodes: None

# The renderer to use on the minions to render the state data #renderer: yaml_jinja

# The Jinja renderer can strip extra carriage returns and whitespace # See http://jinja.pocoo.org/docs/api/#high-level-api # # If this is set to True the first newline after a Jinja block is removed # (block, not variable tag!). Defaults to False, corresponds to the Jinja # environment init variable "trim_blocks". # jinja_trim_blocks: False # # If this is set to True leading spaces and tabs are stripped from the start # of a line to a block. Defaults to False, corresponds to the Jinja # environment init variable "lstrip_blocks". # jinja_lstrip_blocks: False

# The failhard option tells the minions to stop immediately after the first # failure detected in the state execution, defaults to False #failhard: False

# The state_verbose and state_output settings can be used to change the way # state system data is printed to the display. By default all data is printed. # The state_verbose setting can be set to True or False, when set to False # all data that has a result of True and no changes will be suppressed. #state_verbose: True

# The state_output setting changes if the output is the full multi line # output for each changed state if set to 'full', but if set to 'terse' # the output will be shortened to a single line. If set to 'mixed', the output # will be terse unless a state failed, in which case that output will be full. # If set to 'changes', the output will be full unless the state didn't change. #state_output: full

# Automatically aggregate all states that have support for mod_aggregate by # setting to True. Or pass a list of state module names to automatically # aggregate just those types. # # state_aggregate: # - pkg # #state_aggregate: False

##### File Server settings ##### ########################################## # Salt runs a lightweight file server written in zeromq to deliver files to # minions. This file server is built into the master daemon and does not # require a dedicated port.

# The file server works on environments passed to the master, each environment # can have multiple root directories, the subdirectories in the multiple file

382 Chapter 22. Reference Salt Documentation, Release 2014.7.6

# roots cannot match, otherwise the downloaded files will not be able to be # reliably ensured. A base environment is required to house the top file. # Example: # file_roots: # base: # - /srv/salt/ # dev: # - /srv/salt/dev/services # - /srv/salt/dev/states # prod: # - /srv/salt/prod/services # - /srv/salt/prod/states # #file_roots: # base: # - /srv/salt

# The hash_type is the hash to use when discovering the hash of a file on # the master server. The default is md5, but sha1, sha224, sha256, sha384 # and sha512 are also supported. # # Prior to changing this value, the master should be stopped and all Salt # caches should be cleared. #hash_type: md5

# The buffer size in the file server can be adjusted here: #file_buffer_size: 1048576

# A regular expression (or a list of expressions) that will be matched # against the file path before syncing the modules and states to the minions. # This includes files affected by the file.recurse state. # For example, if you manage your custom modules and states in subversion # and don't want all the '.svn' folders and content synced to your minions, # you could set this to '/\.svn($|/)'. By default nothing is ignored. #file_ignore_regex: # - '/\.svn($|/)' # - '/\.git($|/)'

# A file glob (or list of file globs) that will be matched against the file # path before syncing the modules and states to the minions. This is similar # to file_ignore_regex above, but works on globs instead of regex. By default # nothing is ignored. # file_ignore_glob: # - '*.pyc' # - '*/somefolder/*.bak' # - '*.swp'

# File Server Backend # # Salt supports a modular fileserver backend system, this system allows # the salt master to link directly to third party systems to gather and # manage the files available to minions. Multiple backends can be # configured and will be searched for the requested file in the order in which # they are defined here. The default setting only enables the standard backend # "roots" which uses the "file_roots" option. #fileserver_backend: # - roots #

22.6. Configuration file examples 383 Salt Documentation, Release 2014.7.6

# To use multiple backends list them in the order they are searched: #fileserver_backend: # - git # - roots # # Uncomment the line below if you do not want the file_server to follow # symlinks when walking the filesystem tree. This is set to True # by default. Currently this only applies to the default roots # fileserver_backend. #fileserver_followsymlinks: False # # Uncomment the line below if you do not want symlinks to be # treated as the files they are pointing to. By default this is set to # False. By uncommenting the line below, any detected symlink while listing # files on the Master will not be returned to the Minion. #fileserver_ignoresymlinks: True # # By default, the Salt fileserver recurses fully into all defined environments # to attempt to find files. To limit this behavior so that the fileserver only # traverses directories with SLS files and special Salt directories like _modules, # enable the option below. This might be useful for installations where a file root # has a very large number of files and performance is impacted. Default is False. # fileserver_limit_traversal: False # # The fileserver can fire events off every time the fileserver is updated, # these are disabled by default, but can be easily turned on by setting this # flag to True #fileserver_events: False

# Git File Server Backend Configuration # # Gitfs can be provided by one of two python modules: GitPython or pygit2. If # using pygit2, both libgit2 and git must also be installed. #gitfs_provider: gitpython # # When using the git fileserver backend at least one git remote needs to be # defined. The user running the salt master will need read access to the repo. # # The repos will be searched in order to find the file requested by a client # and the first repo to have the file will return it. # When using the git backend branches and tags are translated into salt # environments. # Note: file:// repos will be treated as a remote, so refs you want used must # exist in that repo as *local* refs. #gitfs_remotes: # - git://github.com/saltstack/salt-states.git # - file:///var/git/saltmaster # # The gitfs_ssl_verify option specifies whether to ignore ssl certificate # errors when contacting the gitfs backend. You might want to set this to # false if you're using a git backend that uses a self-signed certificate but # keep in mind that setting this flag to anything other than the default of True # is a security concern, you may want to try using the ssh transport. #gitfs_ssl_verify: True # # The gitfs_root option gives the ability to serve files from a subdirectory # within the repository. The path is defined relative to the root of the # repository and defaults to the repository root.

384 Chapter 22. Reference Salt Documentation, Release 2014.7.6

#gitfs_root: somefolder/otherfolder # # ##### Pillar settings ##### ########################################## # Salt Pillars allow for the building of global data that can be made selectively # available to different minions based on minion grain filtering. The Salt # Pillar is laid out in the same fashion as the file server, with environments, # a top file and sls files. However, pillar data does not need to be in the # highstate format, and is generally just key/value pairs. #pillar_roots: # base: # - /srv/pillar # #ext_pillar: # - hiera: /etc/hiera.yaml # - cmd_yaml: cat /etc/salt/yaml

# The pillar_gitfs_ssl_verify option specifies whether to ignore ssl certificate # errors when contacting the pillar gitfs backend. You might want to set this to # false if you're using a git backend that uses a self-signed certificate but # keep in mind that setting this flag to anything other than the default of True # is a security concern, you may want to try using the ssh transport. #pillar_gitfs_ssl_verify: True

# The pillar_opts option adds the master configuration file data to a dict in # the pillar called "master". This is used to set simple configurations in the # master config file that can then be used on minions. #pillar_opts: True

# The pillar_source_merging_strategy option allows you to configure merging strategy # between different sources. It accepts four values: recurse, aggregate, overwrite, # or smart. Recurse will merge recursively mapping of data. Aggregate instructs # aggregation of elements between sources that use the #!yamlex renderer. Overwrite # will verwrite elements according the order in which they are processed. This is # behavior of the 2014.1 branch and earlier. Smart guesses the best strategy based # on the "renderer" setting and is the default value. #pillar_source_merging_strategy: smart

##### Syndic settings ##### ########################################## # The Salt syndic is used to pass commands through a master from a higher # master. Using the syndic is simple, if this is a master that will have # syndic servers(s) below it set the "order_masters" setting to True, if this # is a master that will be running a syndic daemon for passthrough the # "syndic_master" setting needs to be set to the location of the master server # to receive commands from.

# Set the order_masters setting to True if this master will command lower # masters' syndic interfaces. #order_masters: False

# If this master will be running a salt syndic daemon, syndic_master tells # this master where to receive commands from. #syndic_master: masterofmaster

# This is the 'ret_port' of the MasterOfMaster:

22.6. Configuration file examples 385 Salt Documentation, Release 2014.7.6

#syndic_master_port: 4506

# PID file of the syndic daemon: #syndic_pidfile: /var/run/salt-syndic.pid

# LOG file of the syndic daemon: #syndic_log_file: syndic.log

##### Peer Publish settings ##### ########################################## # Salt minions can send commands to other minions, but only if the minion is # allowed to. By default "Peer Publication" is disabled, and when enabled it # is enabled for specific minions and specific commands. This allows secure # compartmentalization of commands based on individual minions.

# The configuration uses regular expressions to match minions and then a list # of regular expressions to match functions. The following will allow the # minion authenticated as foo.example.com to execute functions from the test # and pkg modules. #peer: # foo.example.com: # - test.* # - pkg.* # # This will allow all minions to execute all commands: #peer: # .*: # - .* # # This is not recommended, since it would allow anyone who gets root on any # single minion to instantly have root on all of the minions!

# Minions can also be allowed to execute runners from the salt master. # Since executing a runner from the minion could be considered a security risk, # it needs to be enabled. This setting functions just like the peer setting # except that it opens up runners instead of module functions. # # All peer runner support is turned off by default and must be enabled before # using. This will enable all peer runners for all minions: #peer_run: # .*: # - .* # # To enable just the manage.up runner for the minion foo.example.com: #peer_run: # foo.example.com: # - manage.up # # ##### Mine settings ##### ########################################## # Restrict mine.get access from minions. By default any minion has a full access # to get all mine data from master cache. In acl definion below, only pcre matches # are allowed. # mine_get: # .*: # - .*

386 Chapter 22. Reference Salt Documentation, Release 2014.7.6

# # The example below enables minion foo.example.com to get 'network.interfaces' mine # data only, minions web* to get all network.* and disk.* mine data and all other # minions won't get any mine data. # mine_get: # foo.example.com: # - network.interfaces # web.*: # - network.* # - disk.*

##### Logging settings ##### ########################################## # The location of the master log file # The master log can be sent to a regular file, local path name, or network # location. Remote logging works best when configured to use rsyslogd(8) (e.g.: # ``file:///dev/log``), with rsyslogd(8) configured for network logging. The URI # format is: ://:/ #log_file: /var/log/salt/master #log_file: file:///dev/log #log_file: udp://loghost:10514

#log_file: /var/log/salt/master #key_logfile: /var/log/salt/key

# The level of messages to send to the console. # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. #log_level: warning

# The level of messages to send to the log file. # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. # If using 'log_granular_levels' this must be set to the highest desired level. #log_level_logfile: warning

# The date and time format used in log messages. Allowed date/time formating # can be seen here: http://docs.python.org/library/time.html#time.strftime #log_datefmt: '%H:%M:%S' #log_datefmt_logfile: '%Y-%m-%d %H:%M:%S'

# The format of the console logging messages. Allowed formatting options can # be seen here: http://docs.python.org/library/logging.html#logrecord-attributes #log_fmt_console: '[%(levelname)-8s] %(message)s' #log_fmt_logfile: '%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s'

# This can be used to control logging levels more specificically. This # example sets the main salt library at the 'warning' level, but sets # 'salt.modules' to log at the 'debug' level: # log_granular_levels: # 'salt': 'warning' # 'salt.modules': 'debug' # #log_granular_levels: {}

##### Node Groups ##### ########################################## # Node groups allow for logical groupings of minion nodes. A group consists of a group

22.6. Configuration file examples 387 Salt Documentation, Release 2014.7.6

# name and a compound target. #nodegroups: # group1: '[emailprotected],bar.domain.com,baz.domain.com and bl*.domain.com' # group2: 'G@os:Debian and foo.domain.com'

##### Range Cluster settings ##### ########################################## # The range server (and optional port) that serves your cluster information # https://github.com/ytoolshed/range/wiki/%22yamlfile%22-module-file-spec # #range_server: range:80

##### Windows Software Repo settings ##### ############################################## # Location of the repo on the master: #win_repo: '/srv/salt/win/repo' # # Location of the master's repo cache file: #win_repo_mastercachefile: '/srv/salt/win/repo/winrepo.p' # # List of git repositories to include with the local repo: #win_gitrepos: # - 'https://github.com/saltstack/salt-winrepo.git' #

22.6.2 Example minion configuration file

##### Primary configuration settings ##### ########################################## # This configuration file is used to manage the behavior of the Salt Minion. # With the exception of the location of the Salt Master Server, values that are # commented out but have an empty line after the comment are defaults that need # not be set in the config. If there is no blank line after the comment, the # value is presented as an example and is not the default.

# Per default the minion will automatically include all config files # from minion.d/*.conf (minion.d is a directory in the same directory # as the main minion config file). #default_include: minion.d/*.conf

# Set the location of the salt master server. If the master server cannot be # resolved, then the minion will fail to start. #master: salt

# If multiple masters are specified in the 'master' setting, the default behavior # is to always try to connect to them in the order they are listed. If random_master is # set to True, the order will be randomized instead. This can be helpful in distributing # the load of many minions executing salt-call requests, for example, from a cron job. # If only one master is listed, this setting is ignored and a warning will be logged. #random_master: False

# Set whether the minion should connect to the master via IPv6: #ipv6: False

388 Chapter 22. Reference Salt Documentation, Release 2014.7.6

# Set the number of seconds to wait before attempting to resolve # the master hostname if name resolution fails. Defaults to 30 seconds. # Set to zero if the minion should shutdown and not retry. # retry_dns: 30

# Set the port used by the master reply and authentication server. #master_port: 4506

# The user to run salt. #user: root

# Specify the location of the daemon process ID file. #pidfile: /var/run/salt-minion.pid

# The root directory prepended to these options: pki_dir, cachedir, log_file, # sock_dir, pidfile. #root_dir: /

# The directory to store the pki information in #pki_dir: /etc/salt/pki/minion

# Explicitly declare the id for this minion to use, if left commented the id # will be the hostname as returned by the python call: socket.getfqdn() # Since salt uses detached ids it is possible to run multiple minions on the # same machine but with different ids, this can be useful for salt compute # clusters. #id:

# Append a domain to a hostname in the event that it does not exist. This is # useful for systems where socket.getfqdn() does not actually result in a # FQDN (for instance, Solaris). #append_domain:

# Custom static grains for this minion can be specified here and used in SLS # files just like all other grains. This example sets 4 custom grains, with # the 'roles' grain having two values that can be matched against. #grains: # roles: # - webserver # - memcache # deployment: datacenter4 # cabinet: 13 # cab_u: 14-15 # # Where cache data goes. #cachedir: /var/cache/salt/minion

# Verify and set permissions on configuration directories at startup. #verify_env: True

# The minion can locally cache the return data from jobs sent to it, this # can be a good way to keep track of jobs the minion has executed # (on the minion side). By default this feature is disabled, to enable, set # cache_jobs to True. #cache_jobs: False

# Set the directory used to hold unix sockets. #sock_dir: /var/run/salt/minion

22.6. Configuration file examples 389 Salt Documentation, Release 2014.7.6

# Set the default outputter used by the salt-call command. The default is # "nested". #output: nested # # By default output is colored. To disable colored output, set the color value # to False. #color: True

# Do not strip off the colored output from nested results and state outputs # (true by default). # strip_colors: False

# Backup files that are replaced by file.managed and file.recurse under # 'cachedir'/file_backups relative to their original location and appended # with a timestamp. The only valid setting is "minion". Disabled by default. # # Alternatively this can be specified for each file in state files: # /etc/ssh/sshd_config: # file.managed: # - source: salt://ssh/sshd_config # - backup: minion # #backup_mode: minion

# When waiting for a master to accept the minion's public key, salt will # continuously attempt to reconnect until successful. This is the time, in # seconds, between those reconnection attempts. #acceptance_wait_time: 10

# If this is nonzero, the time between reconnection attempts will increase by # acceptance_wait_time seconds per iteration, up to this maximum. If this is # set to zero, the time between reconnection attempts will stay constant. #acceptance_wait_time_max: 0

# If the master rejects the minion's public key, retry instead of exiting. # Rejected keys will be handled the same as waiting on acceptance. #rejected_retry: False

# When the master key changes, the minion will try to re-auth itself to receive # the new master key. In larger environments this can cause a SYN flood on the # master because all minions try to re-auth immediately. To prevent this and # have a minion wait for a random amount of time, use this optional parameter. # The wait-time will be a random number of seconds between 0 and the defined value. #random_reauth_delay: 60

# When waiting for a master to accept the minion's public key, salt will # continuously attempt to reconnect until successful. This is the timeout value, # in seconds, for each individual attempt. After this timeout expires, the minion # will wait for acceptance_wait_time seconds before trying again. Unless your master # is under unusually heavy load, this should be left at the default. #auth_timeout: 60

# Number of consecutive SaltReqTimeoutError that are acceptable when trying to # authenticate. #auth_tries: 1

# If authentication fails due to SaltReqTimeoutError, continue without stopping the # minion.

390 Chapter 22. Reference Salt Documentation, Release 2014.7.6

#auth_safemode: False

# If the minion hits an error that is recoverable, restart the minion. #restart_on_error: False

# Ping Master to ensure connection is alive (minutes). #ping_interval: 0

# To auto recover minions if master changes IP address (DDNS) # auth_tries: 10 # auth_safemode: False # ping_interval: 90 # restart_on_error: True # # Minions won't know master is missing until a ping fails. After the ping fail, # the minion will attempt authentication and likely fails out and cause a restart. # When the minion restarts it will resolve the masters IP and attempt to reconnect.

# If you don't have any problems with syn-floods, don't bother with the # three recon_* settings described below, just leave the defaults! # # The ZeroMQ pull-socket that binds to the masters publishing interface tries # to reconnect immediately, if the socket is disconnected (for example if # the master processes are restarted). In large setups this will have all # minions reconnect immediately which might flood the master (the ZeroMQ-default # is usually a 100ms delay). To prevent this, these three recon_* settings # can be used. # recon_default: the interval in milliseconds that the socket should wait before # trying to reconnect to the master (1000ms = 1 second) # # recon_max: the maximum time a socket should wait. each interval the time to wait # is calculated by doubling the previous time. if recon_max is reached, # it starts again at recon_default. Short example: # # reconnect 1: the socket will wait 'recon_default' milliseconds # reconnect 2: 'recon_default' * 2 # reconnect 3: ('recon_default' * 2) * 2 # reconnect 4: value from previous interval * 2 # reconnect 5: value from previous interval * 2 # reconnect x: if value >= recon_max, it starts again with recon_default # # recon_randomize: generate a random wait time on minion start. The wait time will # be a random value between recon_default and recon_default + # recon_max. Having all minions reconnect with the same recon_default # and recon_max value kind of defeats the purpose of being able to # change these settings. If all minions have the same values and your # setup is quite large (several thousand minions), they will still # flood the master. The desired behavior is to have timeframe within # all minions try to reconnect. # # Example on how to use these settings. The goal: have all minions reconnect within a # 60 second timeframe on a disconnect. # recon_default: 1000 # recon_max: 59000 # recon_randomize: True # # Each minion will have a randomized reconnect value between 'recon_default' # and 'recon_default + recon_max', which in this example means between 1000ms

22.6. Configuration file examples 391 Salt Documentation, Release 2014.7.6

# 60000ms (or between 1 and 60 seconds). The generated random-value will be # doubled after each attempt to reconnect. Lets say the generated random # value is 11 seconds (or 11000ms). # reconnect 1: wait 11 seconds # reconnect 2: wait 22 seconds # reconnect 3: wait 33 seconds # reconnect 4: wait 44 seconds # reconnect 5: wait 55 seconds # reconnect 6: wait time is bigger than 60 seconds (recon_default + recon_max) # reconnect 7: wait 11 seconds # reconnect 8: wait 22 seconds # reconnect 9: wait 33 seconds # reconnect x: etc. # # In a setup with ~6000 thousand hosts these settings would average the reconnects # to about 100 per second and all hosts would be reconnected within 60 seconds. # recon_default: 100 # recon_max: 5000 # recon_randomize: False # # # The loop_interval sets how long in seconds the minion will wait between # evaluating the scheduler and running cleanup tasks. This defaults to a # sane 60 seconds, but if the minion scheduler needs to be evaluated more # often lower this value #loop_interval: 60

# The grains_refresh_every setting allows for a minion to periodically check # its grains to see if they have changed and, if so, to inform the master # of the new grains. This operation is moderately expensive, therefore # care should be taken not to set this value too low. # # Note: This value is expressed in __minutes__! # # A value of 10 minutes is a reasonable default. # # If the value is set to zero, this check is disabled. #grains_refresh_every: 1

# Cache grains on the minion. Default is False. #grains_cache: False

# Grains cache expiration, in seconds. If the cache file is older than this # number of seconds then the grains cache will be dumped and fully re-populated # with fresh data. Defaults to 5 minutes. Will have no effect if 'grains_cache' # is not enabled. # grains_cache_expiration: 300

# When healing, a dns_check is run. This is to make sure that the originally # resolved dns has not changed. If this is something that does not happen in # your environment, set this value to False. #dns_check: True

# Windows platforms lack posix IPC and must rely on slower TCP based inter- # process communications. Set ipc_mode to 'tcp' on such systems #ipc_mode: ipc

# Overwrite the default tcp ports used by the minion when in tcp mode

392 Chapter 22. Reference Salt Documentation, Release 2014.7.6

#tcp_pub_port: 4510 #tcp_pull_port: 4511

# Passing very large events can cause the minion to consume large amounts of # memory. This value tunes the maximum size of a message allowed onto the # minion event bus. The value is expressed in bytes. #max_event_size: 1048576

# The minion can include configuration from other files. To enable this, # pass a list of paths to this option. The paths can be either relative or # absolute; if relative, they are considered to be relative to the directory # the main minion configuration file lives in (this file). Paths can make use # of shell-style globbing. If no files are matched by a path passed to this # option then the minion will log a warning message. # # Include a config file from some other path: # include: /etc/salt/extra_config # # Include config from several files and directories: #include: # - /etc/salt/extra_config # - /etc/roles/webserver # # # ##### Minion module management ##### ########################################## # Disable specific modules. This allows the admin to limit the level of # access the master has to the minion. #disable_modules: [cmd,test] #disable_returners: [] # # Modules can be loaded from arbitrary paths. This enables the easy deployment # of third party modules. Modules for returners and minions can be loaded. # Specify a list of extra directories to search for minion modules and # returners. These paths must be fully qualified! #module_dirs: [] #returner_dirs: [] #states_dirs: [] #render_dirs: [] #utils_dirs: [] # # A module provider can be statically overwritten or extended for the minion # via the providers option, in this case the default module will be # overwritten by the specified module. In this example the pkg module will # be provided by the yumpkg5 module instead of the system default. #providers: # pkg: yumpkg5 # # Enable Cython modules searching and loading. (Default: False) #cython_enable: False # # Specify a max size (in bytes) for modules on import. This feature is currently # only supported on *nix operating systems and requires psutil. # modules_max_memory: -1

##### State Management Settings #####

22.6. Configuration file examples 393 Salt Documentation, Release 2014.7.6

########################################### # The state management system executes all of the state templates on the minion # to enable more granular control of system state management. The type of # template and serialization used for state management needs to be configured # on the minion, the default renderer is yaml_jinja. This is a yaml file # rendered from a jinja template, the available options are: # yaml_jinja # yaml_mako # yaml_wempy # json_jinja # json_mako # json_wempy # #renderer: yaml_jinja # # The failhard option tells the minions to stop immediately after the first # failure detected in the state execution. Defaults to False. #failhard: False # # autoload_dynamic_modules turns on automatic loading of modules found in the # environments on the master. This is turned on by default. To turn of # autoloading modules when states run, set this value to False. #autoload_dynamic_modules: True # # clean_dynamic_modules keeps the dynamic modules on the minion in sync with # the dynamic modules on the master, this means that if a dynamic module is # not on the master it will be deleted from the minion. By default, this is # enabled and can be disabled by changing this value to False. #clean_dynamic_modules: True # # Normally, the minion is not isolated to any single environment on the master # when running states, but the environment can be isolated on the minion side # by statically setting it. Remember that the recommended way to manage # environments is to isolate via the top file. #environment: None # # If using the local file directory, then the state top file name needs to be # defined, by default this is top.sls. #state_top: top.sls # # Run states when the minion daemon starts. To enable, set startup_states to: # 'highstate' -- Execute state.highstate # 'sls' -- Read in the sls_list option and execute the named sls files # 'top' -- Read top_file option and execute based on that file on the Master #startup_states: '' # # List of states to run when the minion starts up if startup_states is 'sls': #sls_list: # - edit.vim # - hyper # # Top file to execute if startup_states is 'top': #top_file: ''

# Automatically aggregate all states that have support for mod_aggregate by # setting to True. Or pass a list of state module names to automatically # aggregate just those types. #

394 Chapter 22. Reference Salt Documentation, Release 2014.7.6

# state_aggregate: # - pkg # #state_aggregate: False

##### File Directory Settings ##### ########################################## # The Salt Minion can redirect all file server operations to a local directory, # this allows for the same state tree that is on the master to be used if # copied completely onto the minion. This is a literal copy of the settings on # the master but used to reference a local directory on the minion.

# Set the file client. The client defaults to looking on the master server for # files, but can be directed to look at the local file directory setting # defined below by setting it to local. #file_client: remote

# The file directory works on environments passed to the minion, each environment # can have multiple root directories, the subdirectories in the multiple file # roots cannot match, otherwise the downloaded files will not be able to be # reliably ensured. A base environment is required to house the top file. # Example: # file_roots: # base: # - /srv/salt/ # dev: # - /srv/salt/dev/services # - /srv/salt/dev/states # prod: # - /srv/salt/prod/services # - /srv/salt/prod/states # #file_roots: # base: # - /srv/salt

# By default, the Salt fileserver recurses fully into all defined environments # to attempt to find files. To limit this behavior so that the fileserver only # traverses directories with SLS files and special Salt directories like _modules, # enable the option below. This might be useful for installations where a file root # has a very large number of files and performance is negatively impacted. Default # is False. #fileserver_limit_traversal: False

# The hash_type is the hash to use when discovering the hash of a file in # the local fileserver. The default is md5, but sha1, sha224, sha256, sha384 # and sha512 are also supported. # # Warning: Prior to changing this value, the minion should be stopped and all # Salt caches should be cleared. #hash_type: md5

# The Salt pillar is searched for locally if file_client is set to local. If # this is the case, and pillar data is defined, then the pillar_roots need to # also be configured on the minion: #pillar_roots: # base: # - /srv/pillar

22.6. Configuration file examples 395 Salt Documentation, Release 2014.7.6

# # ###### Security settings ##### ########################################### # Enable "open mode", this mode still maintains encryption, but turns off # authentication, this is only intended for highly secure environments or for # the situation where your keys end up in a bad state. If you run in open mode # you do so at your own risk! #open_mode: False

# The state_output_diff setting changes whether or not the output from # successful states is returned. Useful when even the terse output of these # states is cluttering the logs. Set it to True to ignore them. #state_output_diff: False

# Fingerprint of the master public key to double verify the master is valid, # the master fingerprint can be found by running "salt-key -F master" on the # salt master. #master_finger: ''

###### Thread settings ##### ########################################### # Disable multiprocessing support, by default when a minion receives a # publication a new process is spawned and the command is executed therein. #multiprocessing: True

##### Logging settings ##### ########################################## # The location of the minion log file # The minion log can be sent to a regular file, local path name, or network # location. Remote logging works best when configured to use rsyslogd(8) (e.g.: # ``file:///dev/log``), with rsyslogd(8) configured for network logging. The URI # format is: ://:/ #log_file: /var/log/salt/minion #log_file: file:///dev/log #log_file: udp://loghost:10514 # #log_file: /var/log/salt/minion #key_logfile: /var/log/salt/key

396 Chapter 22. Reference Salt Documentation, Release 2014.7.6

# The level of messages to send to the console. # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. # Default: 'warning' #log_level: warning

###### Module configuration ##### ########################################### # Salt allows for modules to be passed arbitrary configuration data, any data # passed here in valid yaml format will be passed on to the salt minion modules # for use. It is STRONGLY recommended that a naming convention be used in which # the module name is followed by a . and then the value. Also, all top level # data must be applied via the yaml dict construct, some examples: # # You can specify that all modules should run in test mode: #test: True # # A simple value for the test module: #test.foo: foo # # A list for the test module: #test.bar: [baz,quo] # # A dict for the test module: #test.baz: {spam: sausage, cheese: bread} # # ###### Update settings ###### ########################################### # Using the features in Esky, a salt minion can both run as a frozen app and # be updated on the fly. These options control how the update process # (saltutil.update()) behaves. #

22.6. Configuration file examples 397 Salt Documentation, Release 2014.7.6

# The url for finding and downloading updates. Disabled by default. #update_url: False # # The list of services to restart after a successful update. Empty by default. #update_restart_services: []

###### Keepalive settings ###### ############################################ # ZeroMQ now includes support for configuring SO_KEEPALIVE if supported by # the OS. If connections between the minion and the master pass through # a state tracking device such as a firewall or VPN gateway, there is # the risk that it could tear down the connection the master and minion # without informing either party that their connection has been taken away. # Enabling TCP Keepalives prevents this from happening.

# Overall state of TCP Keepalives, enable (1 or True), disable (0 or False) # or leave to the OS defaults (-1), on Linux, typically disabled. Default True, enabled. #tcp_keepalive: True

# How long before the first keepalive should be sent in seconds. Default 300 # to send the first keepalive after 5 minutes, OS default (-1) is typically 7200 seconds # on Linux see /proc/sys/net/ipv4/tcp_keepalive_time. #tcp_keepalive_idle: 300

# How many lost probes are needed to consider the connection lost. Default -1 # to use OS defaults, typically 9 on Linux, see /proc/sys/net/ipv4/tcp_keepalive_probes. #tcp_keepalive_cnt: -1

# How often, in seconds, to send keepalives after the first one. Default -1 to # use OS defaults, typically 75 seconds on Linux, see # /proc/sys/net/ipv4/tcp_keepalive_intvl. #tcp_keepalive_intvl: -1

###### Windows Software settings ###### ############################################ # Location of the repository cache file on the master: #win_repo_cachefile: 'salt://win/repo/winrepo.p' # #

22.7 Configuring Salt

Salt conﬁguration is very simple. e default conﬁguration for the master will work for most installations and the only requirement for seing up a minion is to set the location of the master in the minion conﬁguration ﬁle. e conﬁguration ﬁles will be installed to /etc/salt and are named aer the respective components, /etc/salt/master and /etc/salt/minion.

22.7.1 Master Configuration

By default the Salt master listens on ports 4505 and 4506 on all interfaces (0.0.0.0). To bind Salt to a speciﬁc IP, redeﬁne the ``interface'' directive in the master conﬁguration ﬁle, typically /etc/salt/master, as follows:

398 Chapter 22. Reference Salt Documentation, Release 2014.7.6

- #interface: 0.0.0.0 + interface: 10.0.0.1

Aer updating the conﬁguration ﬁle, restart the Salt master. See the master conﬁguration reference for more details about other conﬁgurable options.

22.7.2 Minion Configuration

Although there are many Salt Minion conﬁguration options, conﬁguring a Salt Minion is very simple. By default a Salt Minion will try to connect to the DNS name ``salt''; if the Minion is able to resolve that name correctly, no conﬁguration is needed. If the DNS name ``salt'' does not resolve to point to the correct location of the Master, redeﬁne the ``master'' directive in the minion conﬁguration ﬁle, typically /etc/salt/minion, as follows:

- #master: salt + master: 10.0.0.1

Aer updating the conﬁguration ﬁle, restart the Salt minion. See the minion conﬁguration reference for more details about other conﬁgurable options.

22.7.3 Running Salt

1. Start the master in the foreground (to daemonize the process, pass the -d flag):

salt-master

2. Start the minion in the foreground (to daemonize the process, pass the -d flag):

salt-minion

Having trouble? e simplest way to troubleshoot Salt is to run the master and minion in the foreground with log level set to debug: salt-master --log-level=debug

For information on salt's logging system please see the logging document.

Run as an unprivileged (non-root) user To run Salt as another user, set the user parameter in the master conﬁg ﬁle. Additionally, ownership and permissions need to be set such that the desired user can read from and write to the following directories (and their subdirectories, where applicable): • /etc/salt • /var/cache/salt • /var/log/salt • /var/run/salt More information about running salt as a non-privileged user can be found here.

ere is also a full troubleshooting guide available.

22.7. Configuring Salt 399 Salt Documentation, Release 2014.7.6

22.7.4 Key Management

Salt uses AES encryption for all communication between the Master and the Minion. is ensures that the commands sent to the Minions cannot be tampered with, and that communication between Master and Minion is authenticated through trusted, accepted keys. Before commands can be sent to a Minion, its key must be accepted on the Master. Run the salt-key command to list the keys known to the Salt Master:

[root@master ~]# salt-key -L Unaccepted Keys: alpha bravo charlie delta Accepted Keys:

is example shows that the Salt Master is aware of four Minions, but none of the keys has been accepted. To accept the keys and allow the Minions to be controlled by the Master, again use the salt-key command:

[root@master ~]# salt-key -A [root@master ~]# salt-key -L Unaccepted Keys: Accepted Keys: alpha bravo charlie delta

e salt-key command allows for signing keys individually or in bulk. e example above, using -A bulk-accepts all pending keys. To accept keys individually use the lowercase of the same option, -a keyname. See also: salt-key manpage

22.7.5 Sending Commands

Communication between the Master and a Minion may be veriﬁed by running the test.ping command:

[root@master ~]# salt alpha test.ping alpha: True

Communication between the Master and all Minions may be tested in a similar way:

[root@master ~]# salt '*' test.ping alpha: True bravo: True charlie: True delta: True

Each of the Minions should send a True response as shown above.

400 Chapter 22. Reference Salt Documentation, Release 2014.7.6

22.7.6 What's Next?

Understanding targeting is important. From there, depending on the way you wish to use Salt, you should also proceed to learn about States and Execution Modules.

22.8 Configuring the Salt Master

e Salt system is amazingly simple and easy to conﬁgure, the two components of the Salt system each have a respective conﬁguration ﬁle. e salt-master is conﬁgured via the master conﬁguration ﬁle, and the salt- minion is conﬁgured via the minion conﬁguration ﬁle. See also: example master conﬁguration ﬁle e conﬁguration ﬁle for the salt-master is located at /etc/salt/master by default. A notable exception is FreeBSD, where the conﬁguration ﬁle is located at /usr/local/etc/salt. e available options are as follows:

22.8.1 Primary Master Configuration

interface

Default: 0.0.0.0 (all interfaces) e local interface to bind to.

interface: 192.168.0.1

ipv6

Default: False Whether the master should listen for IPv6 connections. If this is set to True, the interface option must be adjusted too (for example: ``interface: `::''')

ipv6: True

publish_port

Default: 4505 e network port to set up the publication interface

publish_port: 4505

master_id

Default: None e id to be passed in the publish job to minions. is is used for MultiSyndics to return the job to the requesting master. Note, this must be the same string as the syndic is conﬁgured with.

22.8. Configuring the Salt Master 401 Salt Documentation, Release 2014.7.6

master_id: MasterOfMaster

user

Default: root e user to run the Salt processes user: root

max_open_files

Default: 100000 Each minion connecting to the master uses AT LEAST one ﬁle descriptor, the master subscription connection. If enough minions connect you might start seeing on the console(and then salt-master crashes):

Too many open files (tcp_listener.cpp:335) Aborted (core dumped)

max_open_files: 100000

By default this value will be the one of ulimit -Hn, i.e., the hard limit for max open ﬁles. To set a diﬀerent value than the default one, uncomment and conﬁgure this seing. Remember that this value CANNOT be higher than the hard limit. Raising the hard limit depends on the OS and/or distribution, a good way to ﬁnd the limit is to search the internet for something like this:

raise max open files hard limit debian

worker_threads

Default: 5 e number of threads to start for receiving commands and replies from minions. If minions are stalling on replies because you have many minions, raise the worker_threads value. Worker threads should not be put below 3 when using the peer system, but can drop down to 1 worker otherwise.

worker_threads: 5

ret_port

Default: 4506 e port used by the return server, this is the server used by Salt to receive execution returns and command execu- tions.

ret_port: 4506

402 Chapter 22. Reference Salt Documentation, Release 2014.7.6 pidfile

Default: /var/run/salt-master.pid Specify the location of the master pidﬁle pidfile: /var/run/salt-master.pid root_dir

Default: / e system root directory to operate from, change this to make Salt run from an alternative root. root_dir: /

Note: is directory is prepended to the following options: pki_dir, cachedir, sock_dir, log_file, autosign_file, autoreject_file, pidfile.

pki_dir

Default: /etc/salt/pki e directory to store the pki authentication keys. pki_dir: /etc/salt/pki extension_modules

Directory for custom modules. is directory can contain subdirectories for each of Salt's module types such as ``runners'', ``output'', ``wheel'', ``modules'', ``states'', ``returners'', etc. is path is appended to root_dir. extension_modules: srv/modules cachedir

Default: /var/cache/salt e location used to store cache information, particularly the job information for executed salt commands. cachedir: /var/cache/salt verify_env

Default: True Verify and set permissions on conﬁguration directories at startup. verify_env: True

22.8. Configuring the Salt Master 403 Salt Documentation, Release 2014.7.6 keep_jobs

Default: 24 Set the number of hours to keep old job information timeout

Default: 5 Set the default timeout for the salt command and api. loop_interval

Default: 60 e loop_interval option controls the seconds for the master's maintenance process check cycle. is process updates ﬁle server backends, cleans the job cache and executes the scheduler. output

Default: nested Set the default outpuer used by the salt command. color

Default: True By default output is colored, to disable colored output set the color value to False color: False sock_dir

Default: /var/run/salt/master Set the location to use for creating Unix sockets for master process communication sock_dir: /var/run/salt/master enable_gpu_grains

Default: False e master can take a while to start up when lspci and/or dmidecode is used to populate the grains for the master. Enable if you want to see GPU hardware data for your master.

404 Chapter 22. Reference Salt Documentation, Release 2014.7.6 job_cache

Default: True e master maintains a job cache, while this is a great addition it can be a burden on the master for larger deployments (over 5000 minions). Disabling the job cache will make previously executed jobs unavailable to the jobs system and is not generally recommended. Normally it is wise to make sure the master has access to a faster IO system or a tmpfs is mounted to the jobs dir minion_data_cache

Default: True e minion data cache is a cache of information about the minions stored on the master, this information is primarily the pillar and grains data. e data is cached in the Master cachedir under the name of the minion and used to pre determine what minions are expected to reply from executions. minion_data_cache: True ext_job_cache

Default: '' Used to specify a default returner for all minions, when this option is set the speciﬁed returner needs to be properly conﬁgured and the minions will always default to sending returns to this returner. is will also disable the local job cache on the master ext_job_cache: redis master_job_cache

New in version 2014.7. Default: `local_cache' Specify the returner to use for ther job cache. e job cache will only be interacted with from the salt master and therefore does not need to be accesible from the minions. master_job_cache: redis enforce_mine_cache

Default: False By-default when disabling the minion_data_cache mine will stop working since it is based on cached data, by en- abling this option we explicitly enabling only the cache for the mine system. enforce_mine_cache: False

22.8. Configuring the Salt Master 405 Salt Documentation, Release 2014.7.6 max_minions

Default: 0 e number of minions the master should allow to connect. Use this to accommodate the number of minions per master if you have diﬀerent types of hardware serving your minions. e default of 0 means unlimited connections. Please note, that this can slow down the authentication process a bit in large setups. max_minions: 100 presence_events

Default: False Causes the master to periodically look for actively connected minions. Presence events are ﬁred on the event bus on a regular interval with a list of connected minions, as well as events with lists of newly connected or disconnected minions. is is a master-only operation that does not send executions to minions. Note, this does not detect minions that connect to a master via localhost. presence_events: False

22.8.2 Salt-SSH Configuration roster_file

Default: `/etc/salt/roster' Pass in an alternative location for the salt-ssh roster ﬁle roster_file: /root/roster ssh_minion_opts

Default: None Pass in minion option overrides that will be inserted into the SHIM for salt-ssh calls. e local minion conﬁg is not used for salt-ssh. Can be overridden on a per-minion basis in the roster (minion_opts) minion_opts: gpg_keydir: /root/gpg

22.8.3 Master Security Seings open_mode

Default: False Open mode is a dangerous security feature. One problem encountered with pki authentication systems is that keys can become ``mixed up'' and authentication begins to fail. Open mode turns oﬀ authentication and tells the master to accept all authentication. is will clean up the pki keys received from the minions. Open mode should not be turned on for general use. Open mode should only be used for a short period of time to clean up pki keys. To turn on open mode set this value to True.

406 Chapter 22. Reference Salt Documentation, Release 2014.7.6

open_mode: False auto_accept

Default: False Enable auto_accept. is seing will automatically accept all incoming public keys from minions. auto_accept: False autosign_timeout

New in version 2014.7.0. Default: 120 Time in minutes that a incoming public key with a matching name found in pki_dir/minion_autosign/keyid is au- tomatically accepted. Expired autosign keys are removed when the master checks the minion_autosign directory. is method to auto accept minions can be safer than an autosign_ﬁle because the keyid record can expire and is limited to being an exact name match. is should still be considered a less than secure option, due to the fact that trust is based on just the requesting minion id. autosign_file

Default: not defined If the autosign_file is speciﬁed incoming keys speciﬁed in the autosign_ﬁle will be automatically accepted. Matches will be searched for ﬁrst by string comparison, then by globbing, then by full-string regex matching. is should still be considered a less than secure option, due to the fact that trust is based on just the requesting minion id. autoreject_file

New in version 2014.1.0. Default: not defined Works like autosign_file, but instead allows you to specify minion IDs for which keys will automatically be rejected. Will override both membership in the autosign_file and the auto_accept seing. client_acl

Default: {} Enable user accounts on the master to execute speciﬁc modules. ese modules can be expressed as regular expres- sions client_acl: fred: - test.ping - pkg.*

22.8. Configuring the Salt Master 407 Salt Documentation, Release 2014.7.6 client_acl_blacklist

Default: {} Blacklist users or modules is example would blacklist all non sudo users, including root from running any commands. It would also blacklist any use of the ``cmd'' module. is is completely disabled by default. client_acl_blacklist: users: - root - '^(?!sudo_).*$' # all non sudo users modules: - cmd external_auth

Default: {} e external auth system uses the Salt auth modules to authenticate and validate users to access areas of the Salt system. external_auth: pam: fred: - test.* token_expire

Default: 43200 Time (in seconds) for a newly generated token to live. Default: 12 hours token_expire: 43200 file_recv

Default: False Allow minions to push ﬁles to the master. is is disabled by default, for security purposes. file_recv: False master_sign_pubkey

Default: False Sign the master auth-replies with a cryptographical signature of the masters public key. Please see the tutorial how to use these seings in the Multimaster-PKI with Failover Tutorial master_sign_pubkey: True

408 Chapter 22. Reference Salt Documentation, Release 2014.7.6

master_sign_key_name

Default: master_sign e customizable name of the signing-key-pair without suﬃx.

master_sign_key_name:

master_pubkey_signature

Default: master_pubkey_signature e name of the ﬁle in the masters pki-directory that holds the pre-calculated signature of the masters public-key.

master_pubkey_signature:

master_use_pubkey_signature

Default: False Instead of computing the signature for each auth-reply, use a pre-calculated signature. e mas- ter_pubkey_signature must also be set for this.

master_use_pubkey_signature: True

rotate_aes_key

Default: True Rotate the salt-masters AES-key when a minion-public is deleted with salt-key. is is a very important security- seing. Disabling it will enable deleted minions to still listen in on the messages published by the salt-master. Do not disable this unless it is absolutely clear what this does.

rotate_aes_key: True

22.8.4 Master Module Management

runner_dirs

Default: [] Set additional directories to search for runner modules

cython_enable

Default: False Set to true to enable Cython modules (.pyx ﬁles) to be compiled on the ﬂy on the Salt master

cython_enable: False

22.8. Configuring the Salt Master 409 Salt Documentation, Release 2014.7.6

22.8.5 Master State System Seings state_top

Default: top.sls e state system uses a ``top'' ﬁle to tell the minions what environment to use and what modules to use. e state_top ﬁle is deﬁned relative to the root of the base environment state_top: top.sls master_tops

Default: {} e master_tops option replaces the external_nodes option by creating a pluggable system for the generation of external top data. e external_nodes option is deprecated by the master_tops option. To gain the capabilities of the classic external_nodes system, use the following conﬁguration: master_tops: ext_nodes: external_nodes

Default: None e external_nodes option allows Salt to gather data that would normally be placed in a top ﬁle from and external node controller. e external_nodes option is the executable that will return the ENC data. Remember that Salt will look for external nodes AND top ﬁles and combine the results if both are enabled and available! external_nodes: cobbler-ext-nodes renderer

Default: yaml_jinja e renderer to use on the minions to render the state data renderer: yaml_jinja failhard

Default: False Set the global failhard ﬂag, this informs all states to stop running states at the moment a single state fails failhard: False state_verbose

Default: True

410 Chapter 22. Reference Salt Documentation, Release 2014.7.6

Controls the verbosity of state runs. By default, the results of all states are returned, but seing this value to False will cause salt to only display output for states which either failed, or succeeded without making any changes to the minion. state_verbose: False state_output

Default: full e state_output seing changes if the output is the full multi line output for each changed state if set to `full', but if set to `terse' the output will be shortened to a single line. If set to `mixed', the output will be terse unless a state failed, in which case that output will be full. If set to `changes', the output will be full unless the state didn't change. state_output: full yaml_utf8

Default: False Enable extra routines for yaml renderer used states containing UTF characters yaml_utf8: False test

Default: False Set all state calls to only test if they are going to actually make changes or just post what changes are going to be made test: False

22.8.6 Master File Server Seings fileserver_backend

Default: ['roots'] Salt supports a modular ﬁleserver backend system, this system allows the salt master to link directly to third party systems to gather and manage the ﬁles available to minions. Multiple backends can be conﬁgured and will be searched for the requested ﬁle in the order in which they are deﬁned here. e default seing only enables the standard backend roots, which is conﬁgured using the file_roots option. Example: fileserver_backend: - roots - git

22.8. Configuring the Salt Master 411 Salt Documentation, Release 2014.7.6 hash_type

Default: md5 e hash_type is the hash to use when discovering the hash of a ﬁle on the master server. e default is md5, but sha1, sha224, sha256, sha384 and sha512 are also supported. hash_type: md5 file_buffer_size

Default: 1048576 e buﬀer size in the ﬁle server in bytes file_buffer_size: 1048576 file_ignore_regex

Default: '' A regular expression (or a list of expressions) that will be matched against the ﬁle path before syncing the modules and states to the minions. is includes ﬁles aﬀected by the ﬁle.recurse state. For example, if you manage your custom modules and states in subversion and don't want all the `.svn' folders and content synced to your minions, you could set this to `/.svn($|/)'. By default nothing is ignored. file_ignore_regex: - '/\.svn($|/)' - '/\.git($|/)' file_ignore_glob

Default '' A ﬁle glob (or list of ﬁle globs) that will be matched against the ﬁle path before syncing the modules and states to the minions. is is similar to ﬁle_ignore_regex above, but works on globs instead of regex. By default nothing is ignored. file_ignore_glob: - '\*.pyc' - '\*/somefolder/\*.bak' - '\*.swp' roots: Master's Local File Server file_roots

Default: base: - /srv/salt

412 Chapter 22. Reference Salt Documentation, Release 2014.7.6

Salt runs a lightweight ﬁle server wrien in ZeroMQ to deliver ﬁles to minions. is ﬁle server is built into the master daemon and does not require a dedicated port. e ﬁle server works on environments passed to the master. Each environment can have multiple root directories. e subdirectories in the multiple ﬁle roots cannot match, otherwise the downloaded ﬁles will not be able to be reliably ensured. A base environment is required to house the top ﬁle. Example: file_roots: base: - /srv/salt dev: - /srv/salt/dev/services - /srv/salt/dev/states prod: - /srv/salt/prod/services - /srv/salt/prod/states git: Git Remote File Server Backend gitfs_remotes

Default: [] When using the git ﬁleserver backend at least one git remote needs to be deﬁned. e user running the salt master will need read access to the repo. e repos will be searched in order to ﬁnd the ﬁle requested by a client and the ﬁrst repo to have the ﬁle will return it. Branches and tags are translated into salt environments. gitfs_remotes: - git://github.com/saltstack/salt-states.git - file:///var/git/saltmaster

Note: file:// repos will be treated as a remote and copied into the master's gitfs cache, so only the local refs for those repos will be exposed as ﬁleserver environments.

As of 2014.7.0, it is possible to have per-repo versions of several of the gitfs conﬁguration parameters. For more information, see the GitFS Walkthrough. gitfs_provider

New in version 2014.7.0. Specify the provider to be used for gitfs. More information can be found in the GitFS Walkthrough. gitfs_provider: dulwich

gitfs_ssl_verify

Default: True e gitfs_ssl_verify option speciﬁes whether to ignore SSL certiﬁcate errors when contacting the gitfs back- end. You might want to set this to false if you're using a git backend that uses a self-signed certiﬁcate but keep in

22.8. Configuring the Salt Master 413 Salt Documentation, Release 2014.7.6 mind that seing this ﬂag to anything other than the default of True is a security concern, you may want to try using the ssh transport. gitfs_ssl_verify: True

gitfs_mountpoint

New in version 2014.7.0. Default: '' Speciﬁes a path on the salt ﬁleserver from which gitfs remotes are served. Can be used in conjunction with gitfs_root. Can also be conﬁgured on a per-remote basis, see here for more info. gitfs_mountpoint: salt://foo/bar

Note: e salt:// protocol designation can be le oﬀ (in other words, foo/bar and salt://foo/bar are equivalent).

gitfs_root

Default: '' Serve ﬁles from a subdirectory within the repository, instead of the root. is is useful when there are ﬁles in the repository that should not be available to the Salt ﬁleserver. Can be used in conjunction with gitfs_mountpoint. gitfs_root: somefolder/otherfolder

Changed in version 2014.7.0: Ability to specify gitfs roots on a per-remote basis was added. See here for more info. gitfs_base

Default: master Deﬁnes which branch/tag should be used as the base environment. gitfs_base: salt

Changed in version 2014.7.0: Ability to specify the base on a per-remote basis was added. See here for more info. gitfs_env_whitelist

New in version 2014.7.0. Default: [] Used to restrict which environments are made available. Can speed up state runs if the repos in gitfs_remotes contain many branches/tags. More information can be found in the GitFS Walkthrough. gitfs_env_whitelist: - base - v1.* - 'mybranch\d+'

414 Chapter 22. Reference Salt Documentation, Release 2014.7.6

gitfs_env_blacklist

GitFS Authentication Options

ese parameters only currently apply to the pygit2 gitfs provider. Examples of how to use these can be found in the GitFS Walkthrough. gitfs_user New in version 2014.7.0. Default: '' Along with gitfs_password, is used to authenticate to HTTPS remotes. gitfs_user: git gitfs_password New in version 2014.7.0. Default: '' Along with gitfs_user, is used to authenticate to HTTPS remotes. is parameter is not required if the repository does not use authentication. gitfs_password: mypassword gitfs_insecure_auth New in version 2014.7.0. Default: False By default, Salt will not authenticate to an HTTP (non-HTTPS) remote. is parameter enables authentication over HTTP. Enable this at your own risk. gitfs_insecure_auth: True gitfs_pubkey New in version 2014.7.0. Default: '' Along with gitfs_privkey (and optionally gitfs_passphrase), is used to authenticate to SSH remotes. is parameter (or its per-remote counterpart) is required for SSH remotes. gitfs_pubkey: /path/to/key.pub

22.8. Configuring the Salt Master 415 Salt Documentation, Release 2014.7.6 gitfs_privkey New in version 2014.7.0. Default: '' Along with gitfs_pubkey (and optionally gitfs_passphrase), is used to authenticate to SSH remotes. is parameter (or its per-remote counterpart) is required for SSH remotes. gitfs_privkey: /path/to/key gitfs_passphrase New in version 2014.7.0. Default: '' is parameter is optional, required only when the SSH key being used to authenticate is protected by a passphrase. gitfs_passphrase: mypassphrase hg: Mercurial Remote File Server Backend hgfs_remotes

New in version 0.17.0. Default: [] When using the hg ﬁleserver backend at least one mercurial remote needs to be deﬁned. e user running the salt master will need read access to the repo. e repos will be searched in order to ﬁnd the ﬁle requested by a client and the ﬁrst repo to have the ﬁle will return it. Branches and/or bookmarks are translated into salt environments, as deﬁned by the hgfs_branch_method parameter. hgfs_remotes: - https://[emailprotected]/username/reponame

Note: As of 2014.7.0, it is possible to have per-repo versions of the hgfs_root, hgfs_mountpoint, hgfs_base, and hgfs_branch_method parameters. For example: hgfs_remotes: - https://[emailprotected]/username/repo1 - base: saltstates - https://[emailprotected]/username/repo2: - root: salt - mountpoint: salt://foo/bar/baz - https://[emailprotected]/username/repo3: - root: salt/states - branch_method: mixed

hgfs_branch_method

New in version 0.17.0. Default: branches Deﬁnes the objects that will be used as ﬁleserver environments.

416 Chapter 22. Reference Salt Documentation, Release 2014.7.6

• branches - Only branches and tags will be used • bookmarks - Only bookmarks and tags will be used • mixed - Branches, bookmarks, and tags will be used

hgfs_branch_method: mixed

Note: Starting in version 2014.1.0, the value of the hgfs_base parameter deﬁnes which branch is used as the base environment, allowing for a base environment to be used with an hgfs_branch_method of bookmarks. Prior to this release, the default branch will be used as the base environment.

hgfs_mountpoint

New in version 2014.7.0. Default: '' Speciﬁes a path on the salt ﬁleserver from which hgfs remotes are served. Can be used in conjunction with hgfs_root. Can also be conﬁgured on a per-remote basis, see here for more info.

hgfs_mountpoint: salt://foo/bar

Note: e salt:// protocol designation can be le oﬀ (in other words, foo/bar and salt://foo/bar are equivalent).

hgfs_root

New in version 0.17.0. Default: '' Serve ﬁles from a subdirectory within the repository, instead of the root. is is useful when there are ﬁles in the repository that should not be available to the Salt ﬁleserver. Can be used in conjunction with hgfs_mountpoint.

hgfs_root: somefolder/otherfolder

Changed in version 2014.7.0: Ability to specify hgfs roots on a per-remote basis was added. See here for more info.

hgfs_base

New in version 2014.1.0. Default: default Deﬁnes which branch should be used as the base environment. Change this if hgfs_branch_method is set to bookmarks to specify which bookmark should be used as the base environment.

hgfs_base: salt

22.8. Configuring the Salt Master 417 Salt Documentation, Release 2014.7.6

hgfs_env_whitelist

New in version 2014.7.0. Default: [] Used to restrict which environments are made available. Can speed up state runs if your hgfs remotes contain many branches/bookmarks/tags. Full names, globs, and regular expressions are supported. If using a regular expression, the expression must match the entire minion ID. If used, only branches/bookmarks/tags which match one of the speciﬁed expressions will be exposed as ﬁleserver environments. If used in conjunction with hgfs_env_blacklist, then the subset of branches/bookmarks/tags which match the whitelist but do not match the blacklist will be exposed as ﬁleserver environments. hgfs_env_whitelist: - base - v1.* - 'mybranch\d+'

hgfs_env_blacklist

New in version 2014.7.0. Default: [] Used to restrict which environments are made available. Can speed up state runs if your hgfs remotes contain many branches/bookmarks/tags. Full names, globs, and regular expressions are supported. If using a regular expression, the expression must match the entire minion ID. If used, branches/bookmarks/tags which match one of the speciﬁed expressions will not be exposed as ﬁleserver environments. If used in conjunction with hgfs_env_whitelist, then the subset of branches/bookmarks/tags which match the whitelist but do not match the blacklist will be exposed as ﬁleserver environments. hgfs_env_blacklist: - base - v1.* - 'mybranch\d+' svn: Subversion Remote File Server Backend svnfs_remotes

New in version 0.17.0. Default: [] When using the svn ﬁleserver backend at least one subversion remote needs to be deﬁned. e user running the salt master will need read access to the repo. e repos will be searched in order to ﬁnd the ﬁle requested by a client and the ﬁrst repo to have the ﬁle will return it. e trunk, branches, and tags become environments, with the trunk being the base environment. svnfs_remotes: - svn://foo.com/svn/myproject

418 Chapter 22. Reference Salt Documentation, Release 2014.7.6

Note: As of 2014.7.0, it is possible to have per-repo versions of the following conﬁguration parameters: • svnfs_root • svnfs_mountpoint • svnfs_trunk • svnfs_branches • svnfs_tags For example: svnfs_remotes: - svn://foo.com/svn/project1 - svn://foo.com/svn/project2: - root: salt - mountpoint: salt://foo/bar/baz - svn//foo.com/svn/project3: - root: salt/states - branches: branch - tags: tag

svnfs_mountpoint

New in version 2014.7.0. Default: '' Speciﬁes a path on the salt ﬁleserver from which svnfs remotes are served. Can be used in conjunction with svnfs_root. Can also be conﬁgured on a per-remote basis, see here for more info. svnfs_mountpoint: salt://foo/bar

Note: e salt:// protocol designation can be le oﬀ (in other words, foo/bar and salt://foo/bar are equivalent).

svnfs_root

Changed in version 2014.7.0: Ability to specify svnfs roots on a per-remote basis was added. See here for more info. svnfs_trunk

New in version 2014.7.0.

22.8. Configuring the Salt Master 419 Salt Documentation, Release 2014.7.6

Default: trunk Path relative to the root of the repository where the trunk is located. Can also be conﬁgured on a per-remote basis, see here for more info. svnfs_trunk: trunk svnfs_branches

New in version 2014.7.0. Default: branches Path relative to the root of the repository where the branches are located. Can also be conﬁgured on a per-remote basis, see here for more info. svnfs_branches: branches svnfs_tags

New in version 2014.7.0. Default: tags Path relative to the root of the repository where the tags are located. Can also be conﬁgured on a per-remote basis, see here for more info. svnfs_tags: tags

svnfs_env_whitelist

New in version 2014.7.0. Default: [] Used to restrict which environments are made available. Can speed up state runs if your svnfs remotes contain many branches/tags. Full names, globs, and regular expressions are supported. If using a regular expression, the expression must match the entire minion ID. If used, only branches/tags which match one of the speciﬁed expressions will be exposed as ﬁleserver environments. If used in conjunction with svnfs_env_blacklist, then the subset of branches/tags which match the whitelist but do not match the blacklist will be exposed as ﬁleserver environments. svnfs_env_whitelist: - base - v1.* - 'mybranch\d+'

svnfs_env_blacklist

New in version 2014.7.0. Default: []

420 Chapter 22. Reference Salt Documentation, Release 2014.7.6

Used to restrict which environments are made available. Can speed up state runs if your svnfs remotes contain many branches/tags. Full names, globs, and regular expressions are supported. If using a regular expression, the expression must match the entire minion ID. If used, branches/tags which match one of the speciﬁed expressions will not be exposed as ﬁleserver environments. If used in conjunction with svnfs_env_whitelist, then the subset of branches/tags which match the whitelist but do not match the blacklist will be exposed as ﬁleserver environments. svnfs_env_blacklist: - base - v1.* - 'mybranch\d+' minion: MinionFS Remote File Server Backend minionfs_env

New in version 2014.7.0. Default: base Environment from which MinionFS ﬁles are made available. minionfs_env: minionfs minionfs_mountpoint

New in version 2014.7.0. Default: '' Speciﬁes a path on the salt ﬁleserver from which minionfs ﬁles are served. minionfs_mountpoint: salt://foo/bar

Note: e salt:// protocol designation can be le oﬀ (in other words, foo/bar and salt://foo/bar are equivalent).

minionfs_whitelist

New in version 2014.7.0. Default: [] Used to restrict which minions' pushed ﬁles are exposed via minionfs. If using a regular expression, the expression must match the entire minion ID. If used, only the pushed ﬁles from minions which match one of the speciﬁed expressions will be exposed. If used in conjunction with minionfs_blacklist, then the subset of hosts which match the whitelist but do not match the blacklist will be exposed.

22.8. Configuring the Salt Master 421 Salt Documentation, Release 2014.7.6

minionfs_whitelist: - base - v1.* - 'mybranch\d+'

minionfs_blacklist

New in version 2014.7.0. Default: [] Used to restrict which minions' pushed ﬁles are exposed via minionfs. If using a regular expression, the expression must match the entire minion ID. If used, only the pushed ﬁles from minions which match one of the speciﬁed expressions will not be exposed. If used in conjunction with minionfs_whitelist, then the subset of hosts which match the whitelist but do not match the blacklist will be exposed. minionfs_blacklist: - base - v1.* - 'mybranch\d+'

22.8.7 Pillar Configuration pillar_roots

Default: base: - /srv/pillar

Set the environments and directories used to hold pillar sls data. is conﬁguration is the same as file_roots: pillar_roots: base: - /srv/pillar dev: - /srv/pillar/dev prod: - /srv/pillar/prod ext_pillar

e ext_pillar option allows for any number of external pillar interfaces to be called when populating pillar data. e conﬁguration is based on ext_pillar functions. e available ext_pillar functions can be found herein: hps://github.com/saltstack/salt/blob/develop/salt/pillar By default, the ext_pillar interface is not conﬁgured to run. Default: None

422 Chapter 22. Reference Salt Documentation, Release 2014.7.6

ext_pillar: - hiera: /etc/hiera.yaml - cmd_yaml: cat /etc/salt/yaml - reclass: inventory_base_uri: /etc/reclass

ere are additional details at Pillars pillar_source_merging_strategy

Default: smart e pillar_source_merging_strategy option allows to conﬁgure merging strategy between diﬀerent sources. It ac- cepts 4 values: • recurse: it will merge recursively mapping of data. For example, theses 2 sources:

foo: 42 bar: element1: True

bar: element2: True baz: quux

will be merged as:

foo: 42 bar: element1: True element2: True baz: quux

• aggregate: instructs aggregation of elements between sources that use the #!yamlex renderer. For example, these two documents:

#!yamlex foo: 42 bar: !aggregate { element1: True } baz: !aggregate quux

#!yamlex bar: !aggregate { element2: True } baz: !aggregate quux2

will be merged as:

foo: 42 bar: element1: True

22.8. Configuring the Salt Master 423 Salt Documentation, Release 2014.7.6

element2: True baz: - quux - quux2

• overwrite: Will use the behaviour of the 2014.1 branch and earlier. Overwrites elements according the order in which they are processed. First pillar processed:

A: first_key: blah second_key: blah

Second pillar processed:

A: third_key: blah fourth_key: blah

will be merged as:

A: third_key: blah fourth_key: blah

• smart (default): Guesses the best strategy based on the ``renderer'' seing.

22.8.8 Syndic Server Seings

A Salt syndic is a Salt master used to pass commands from a higher Salt master to minions below the syndic. Using the syndic is simple. If this is a master that will have syndic servers(s) below it, set the ``order_masters'' seing to True. If this is a master that will be running a syndic daemon for passthrough the ``syndic_master'' seing needs to be set to the location of the master server Do not not forget that in other word it means that it shares with the local minion it's ID and PKI_DIR. order_masters

Default: False Extra data needs to be sent with publications if the master is controlling a lower level master via a syndic minion. If this is the case the order_masters value must be set to True order_masters: False syndic_master

Default: None If this master will be running a salt-syndic to connect to a higher level master, specify the higher level master with this conﬁguration value

424 Chapter 22. Reference Salt Documentation, Release 2014.7.6

syndic_master: masterofmasters syndic_master_port

Default: 4506 If this master will be running a salt-syndic to connect to a higher level master, specify the higher level master port with this conﬁguration value syndic_master_port: 4506 syndic_pidfile

Default: salt-syndic.pid If this master will be running a salt-syndic to connect to a higher level master, specify the pidﬁle of the syndic daemon. syndic_pidfile: syndic.pid syndic_log_file

Default: syndic.log If this master will be running a salt-syndic to connect to a higher level master, specify the log_ﬁle of the syndic daemon. syndic_log_file: salt-syndic.log

22.8.9 Peer Publish Seings

Salt minions can send commands to other minions, but only if the minion is allowed to. By default ``Peer Publi- cation'' is disabled, and when enabled it is enabled for speciﬁc minions and speciﬁc commands. is allows secure compartmentalization of commands based on individual minions. peer

Default: {} e conﬁguration uses regular expressions to match minions and then a list of regular expressions to match functions. e following will allow the minion authenticated as foo.example.com to execute functions from the test and pkg modules peer: foo.example.com: - test.* - pkg.*

is will allow all minions to execute all commands: peer: .*: - .*

22.8. Configuring the Salt Master 425 Salt Documentation, Release 2014.7.6

is is not recommended, since it would allow anyone who gets root on any single minion to instantly have root on all of the minions! By adding an additional layer you can limit the target hosts in addition to the accessible commands: peer: foo.example.com: 'db*': - test.* - pkg.* peer_run

Default: {} e peer_run option is used to open up runners on the master to access from the minions. e peer_run conﬁguration matches the format of the peer conﬁguration. e following example would allow foo.example.com to execute the manage.up runner: peer_run: foo.example.com: - manage.up

22.8.10 Master Logging Seings log_file

Default: /var/log/salt/master e master log can be sent to a regular ﬁle, local path name, or network location. See also log_file. Examples: log_file: /var/log/salt/master log_file: file:///dev/log log_file: udp://loghost:10514 log_level

Default: warning e level of messages to send to the console. See also log_level. log_level: warning log_level_logfile

Default: warning e level of messages to send to the log ﬁle. See also log_level_logfile.

426 Chapter 22. Reference Salt Documentation, Release 2014.7.6

log_level_logfile: warning log_datefmt

Default: %H:%M:%S e date and time format used in console log messages. See also log_datefmt. log_datefmt: '%H:%M:%S' log_datefmt_logfile

Default: %Y-%m-%d %H:%M:%S e date and time format used in log ﬁle messages. See also log_datefmt_logfile. log_datefmt_logfile: '%Y-%m-%d %H:%M:%S' log_fmt_console

Default: [%(levelname)-8s] %(message)s e format of the console logging messages. See also log_fmt_console. log_fmt_console: '[%(levelname)-8s] %(message)s' log_fmt_logfile

Default: %(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s e format of the log ﬁle logging messages. See also log_fmt_logfile. log_fmt_logfile: '%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s' log_granular_levels

Default: {} is can be used to control logging levels more speciﬁcally. See also log_granular_levels.

22.8.11 Node Groups

Default: {} Node groups allow for logical groupings of minion nodes. A group consists of a group name and a compound target. nodegroups: group1: '[emailprotected],bar.domain.com,baz.domain.com or bl*.domain.com' group2: 'G@os:Debian and foo.domain.com'

22.8. Configuring the Salt Master 427 Salt Documentation, Release 2014.7.6

22.8.12 Range Cluster Seings range_server

Default: '' e range server (and optional port) that serves your cluster information hps://github.com/ytoolshed/range/wiki/%22yamlﬁle%22-module-ﬁle-spec range_server: range:80

22.8.13 Include Configuration default_include

Default: master.d/*.conf e master can include conﬁguration from other ﬁles. Per default the master will automatically include all conﬁg ﬁles from master.d/*.conf where master.d is relative to the directory of the master conﬁguration ﬁle. include

Default: not defined e master can include conﬁguration from other ﬁles. To enable this, pass a list of paths to this option. e paths can be either relative or absolute; if relative, they are considered to be relative to the directory the main minion conﬁguration ﬁle lives in. Paths can make use of shell-style globbing. If no ﬁles are matched by a path passed to this option then the master will log a warning message.

# Include files from a master.d directory in the same # directory as the master config file include: master.d/*

# Include a single extra file into the configuration include: /etc/roles/webserver

# Include several files and the master.d directory include: - extra_config - master.d/* - /etc/roles/webserver

22.8.14 Windows Soware Repo Seings win_repo

Default: /srv/salt/win/repo Location of the repo on the master win_repo: '/srv/salt/win/repo'

428 Chapter 22. Reference Salt Documentation, Release 2014.7.6 win_repo_mastercachefile

Default: /srv/salt/win/repo/winrepo.p win_repo_mastercachefile: '/srv/salt/win/repo/winrepo.p' win_gitrepos

Default: '' List of git repositories to include with the local repo win_gitrepos: - 'https://github.com/saltstack/salt-winrepo.git'

22.9 Configuring the Salt Minion

e Salt system is amazingly simple and easy to conﬁgure. e two components of the Salt system each have a respective conﬁguration ﬁle. e salt-master is conﬁgured via the master conﬁguration ﬁle, and the salt- minion is conﬁgured via the minion conﬁguration ﬁle. See also: example minion conﬁguration ﬁle e Salt Minion conﬁguration is very simple. Typically, the only value that needs to be set is the master value so the minion knows where to locate its master. By default, the salt-minion conﬁguration will be in /etc/salt/minion. A notable exception is FreeBSD, where the conﬁguration will be in /usr/local/etc/salt/minion.

22.9.1 Minion Primary Configuration master

Default: salt e hostname or ipv4 of the master. Default: salt master: salt

e option can can also be set to a list of masters, enabling multi-master mode. master: - address1 - address2

Changed in version 2014.7.0: e master can be dynamically conﬁgured. e master value can be set to an module function which will be executed and will assume that the returning value is the ip or hostname of the desired master. If a function is being speciﬁed, then the master_type option must be set to func, to tell the minion that the value is a function to be run and not a fully-qualiﬁed domain name. master: module.function master_type: func

22.9. Configuring the Salt Minion 429 Salt Documentation, Release 2014.7.6

In addition, instead of using multi-master mode, the minion can be conﬁgured to use the list of master addresses as a failover list, trying the ﬁrst address, then the second, etc. until the minion successfully connects. To enable this behavior, set master_type to failover: master: - address1 - address2 master_type: failover master_type

New in version 2014.7.0. Default: str e type of the master variable. Can be either func or failover. If the master needs to be dynamically assigned by executing a function instead of reading in the static master value, set this to func. is can be used to manage the minion's master seing from an execution module. By simply changing the algorithm in the module to return a new master ip/fqdn, restart the minion and it will connect to the new master. master_type: func

If this option is set to failover, master must be a list of master addresses. e minion will then try each master in the order speciﬁed in the list until it successfully connects. master_type: failover master_shuffle

New in version 2014.7.0. Default: False If master is a list of addresses, shuﬄe them before trying to connect to distribute the minions over all available masters. is uses Python's random.shuffle method. master_shuffle: True retry_dns

Default: 30 Set the number of seconds to wait before aempting to resolve the master hostname if name resolution fails. Defaults to 30 seconds. Set to zero if the minion should shutdown and not retry. retry_dns: 30 master_port

Default: 4506 e port of the master ret server, this needs to coincide with the ret_port option on the Salt master.

430 Chapter 22. Reference Salt Documentation, Release 2014.7.6

master_port: 4506

user

Default: root e user to run the Salt processes user: root

pidfile

Default: /var/run/salt-minion.pid e location of the daemon's process ID ﬁle

pidfile: /var/run/salt-minion.pid

root_dir

Default: / is directory is prepended to the following options: pki_dir, cachedir, log_file, sock_dir, and pid- file.

root_dir: /

pki_dir

Default: /etc/salt/pki e directory used to store the minion's public and private keys.

pki_dir: /etc/salt/pki

Default: the system's hostname See also: Salt Walkthrough e Setting up a Salt Minion section contains detailed information on how the hostname is determined. Explicitly declare the id for this minion to use. Since Salt uses detached ids it is possible to run multiple minions on the same machine but with diﬀerent ids.

id: foo.bar.com

22.9. Configuring the Salt Minion 431 Salt Documentation, Release 2014.7.6 append_domain

Default: None Append a domain to a hostname in the event that it does not exist. is is useful for systems where socket.getfqdn() does not actually result in a FQDN (for instance, Solaris). append_domain: foo.org cachedir

Default: /var/cache/salt e location for minion cache data. cachedir: /var/cache/salt verify_env

Default: True Verify and set permissions on conﬁguration directories at startup. verify_env: True

Note: When marked as True the verify_env option requires WRITE access to the conﬁguration directory (/etc/salt/). In certain situations such as mounting /etc/salt/ as read-only for templating this will create a stack trace when state.highstate is called.

cache_jobs

Default: False e minion can locally cache the return data from jobs sent to it, this can be a good way to keep track of the minion side of the jobs the minion has executed. By default this feature is disabled, to enable set cache_jobs to True. cache_jobs: False sock_dir

Default: /var/run/salt/minion e directory where Unix sockets will be kept. sock_dir: /var/run/salt/minion backup_mode

Default: [] Backup ﬁles replaced by ﬁle.managed and ﬁle.recurse under cachedir.

432 Chapter 22. Reference Salt Documentation, Release 2014.7.6

backup_mode: minion acceptance_wait_time

Default: 10 e number of seconds to wait until aempting to re-authenticate with the master. acceptance_wait_time: 10 random_reauth_delay

When the master key changes, the minion will try to re-auth itself to receive the new master key. In larger envi- ronments this can cause a syn-ﬂood on the master because all minions try to re-auth immediately. To prevent this and have a minion wait for a random amount of time, use this optional parameter. e wait-time will be a random number of seconds between 0 and the deﬁned value. random_reauth_delay: 60 acceptance_wait_time_max

Default: None e maximum number of seconds to wait until aempting to re-authenticate with the master. If set, the wait will increase by acceptance_wait_time seconds each iteration. acceptance_wait_time_max: None recon_default

Default: 1000 e interval in milliseconds that the socket should wait before trying to reconnect to the master (1000ms = 1 second). recon_default: 1000 recon_max

Default: 10000 e maximum time a socket should wait. Each interval the time to wait is calculated by doubling the previous time. If recon_max is reached, it starts again at the recon_default. Short example: • reconnect 1: the socket will wait `recon_default' milliseconds • reconnect 2: `recon_default' * 2 • reconnect 3: (`recon_default' * 2) * 2 • reconnect 4: value from previous interval * 2 • reconnect 5: value from previous interval * 2

22.9. Configuring the Salt Minion 433 Salt Documentation, Release 2014.7.6

• reconnect x: if value >= recon_max, it starts again with recon_default recon_max: 10000 recon_randomize

Default: True Generate a random wait time on minion start. e wait time will be a random value between recon_default and recon_default and recon_max. Having all minions reconnect with the same recon_default and recon_max value kind of defeats the purpose of being able to change these seings. If all minions have the same values and the setup is quite large (several thousand minions), they will still ﬂood the master. e desired behavior is to have time-frame within all minions try to reconnect. recon_randomize: True dns_check

Default: True When healing, a dns_check is run. is is to make sure that the originally resolved dns has not changed. If this is something that does not happen in your environment, set this value to False. dns_check: True ipc_mode

Default: ipc Windows platforms lack POSIX IPC and must rely on slower TCP based inter- process communications. Set ipc_mode to tcp on such systems. ipc_mode: ipc tcp_pub_port

Default: 4510 Publish port used when ipc_mode is set to tcp. tcp_pub_port: 4510 tcp_pull_port

Default: 4511 Pull port used when ipc_mode is set to tcp. tcp_pull_port: 4511

434 Chapter 22. Reference Salt Documentation, Release 2014.7.6

22.9.2 Minion Module Management disable_modules

Default: [] (all modules are enabled by default) e event may occur in which the administrator desires that a minion should not be able to execute a certain module. e sys module is built into the minion and cannot be disabled. is seing can also tune the minion, as all modules are loaded into ram disabling modules will lover the minion's ram footprint. disable_modules: - test - solr disable_returners

Default: [] (all returners are enabled by default) If certain returners should be disabled, this is the place disable_returners: - mongo_return module_dirs

Default: [] A list of extra directories to search for Salt modules module_dirs: - /var/lib/salt/modules returner_dirs

Default: [] A list of extra directories to search for Salt returners returners_dirs: - /var/lib/salt/returners states_dirs

Default: [] A list of extra directories to search for Salt states states_dirs: - /var/lib/salt/states

22.9. Configuring the Salt Minion 435 Salt Documentation, Release 2014.7.6 grains_dirs

Default: [] A list of extra directories to search for Salt grains grains_dirs: - /var/lib/salt/grains render_dirs

Default: [] A list of extra directories to search for Salt renderers render_dirs: - /var/lib/salt/renderers cython_enable

Default: False Set this value to true to enable auto-loading and compiling of .pyx modules, is seing requires that gcc and cython are installed on the minion cython_enable: False providers

Default: (empty) A module provider can be statically overwrien or extended for the minion via the providers option. is can be done on an individual basis in an SLS ﬁle, or globally here in the minion conﬁg, like below. providers: service: systemd

22.9.3 State Management Seings renderer

Default: yaml_jinja e default renderer used for local state executions renderer: yaml_jinja state_verbose

Default: False state_verbose allows for the data returned from the minion to be more verbose. Normally only states that fail or states that have changes are returned, but seing state_verbose to True will return all states that were checked

436 Chapter 22. Reference Salt Documentation, Release 2014.7.6

state_verbose: True state_output

Default: True autoload_dynamic_modules Turns on automatic loading of modules found in the environments on the master. is is turned on by default, to turn of auto-loading modules when states run set this value to False autoload_dynamic_modules: True

Default: True clean_dynamic_modules keeps the dynamic modules on the minion in sync with the dynamic modules on the master, this means that if a dynamic module is not on the master it will be deleted from the minion. By default this is enabled and can be disabled by changing this value to False clean_dynamic_modules: True environment

Default: None Normally the minion is not isolated to any single environment on the master when running states, but the environ- ment can be isolated on the minion side by statically seing it. Remember that the recommended way to manage environments is to isolate via the top ﬁle. environment: None

22.9.4 File Directory Seings file_client

Default: remote e client defaults to looking on the master server for ﬁles, but can be directed to look on the minion by seing this parameter to local. file_client: remote

22.9. Configuring the Salt Minion 437 Salt Documentation, Release 2014.7.6 file_roots

Default: base: - /srv/salt

When using a local file_client, this parameter is used to setup the ﬁleserver's environments. is parameter operates identically to the master config parameter of the same name. file_roots: base: - /srv/salt dev: - /srv/salt/dev/services - /srv/salt/dev/states prod: - /srv/salt/prod/services - /srv/salt/prod/states hash_type

Default: md5 e hash_type is the hash to use when discovering the hash of a ﬁle on the local ﬁleserver. e default is md5, but sha1, sha224, sha256, sha384 and sha512 are also supported. hash_type: md5 pillar_roots

Default: base: - /srv/pillar

When using a local file_client, this parameter is used to setup the pillar environments. pillar_roots: base: - /srv/pillar dev: - /srv/pillar/dev prod: - /srv/pillar/prod

22.9.5 Security Seings open_mode

Default: False Open mode can be used to clean out the PKI key received from the Salt master, turn on open mode, restart the minion, then turn oﬀ open mode and restart the minion to clean the keys.

438 Chapter 22. Reference Salt Documentation, Release 2014.7.6

open_mode: False verify_master_pubkey_sign

Default: False Enables veriﬁcation of the master-public-signature returned by the master in auth-replies. Please see the tutorial on how to conﬁgure this properly Multimaster-PKI with Failover Tutorial New in version 2014.7.0. verify_master_pubkey_sign: True

If this is set to True, master_sign_pubkey must be also set to True in the master conﬁguration ﬁle. master_sign_key_name

Default: master_sign e ﬁlename without the .pub suﬃx of the public key that should be used for verifying the signature from the master. e ﬁle must be located in the minion's pki directory. New in version 2014.7.0. master_sign_key_name: always_verify_signature

Default: False If verify_master_pubkey_sign is enabled, the signature is only veriﬁed, if the public-key of the master changes. If the signature should always be veriﬁed, this can be set to True. New in version 2014.7.0. always_verify_signature: True

22.9.6 Thread Seings

Default: True Disable multiprocessing support by default when a minion receives a publication a new process is spawned and the command is executed therein. multiprocessing: True

22.9.7 Minion Logging Seings log_file

Default: /var/log/salt/minion e minion log can be sent to a regular ﬁle, local path name, or network location. See also log_file.

22.9. Configuring the Salt Minion 439 Salt Documentation, Release 2014.7.6

Examples: log_file: /var/log/salt/minion log_file: file:///dev/log log_file: udp://loghost:10514 log_level

Default: warning e level of messages to send to the console. See also log_level. log_level: warning log_level_logfile

Default: warning e level of messages to send to the log ﬁle. See also log_level_logfile. log_level_logfile: warning log_datefmt

Default: %H:%M:%S e date and time format used in console log messages. See also log_datefmt. log_datefmt: '%H:%M:%S' log_datefmt_logfile

Default: %Y-%m-%d %H:%M:%S e date and time format used in log ﬁle messages. See also log_datefmt_logfile. log_datefmt_logfile: '%Y-%m-%d %H:%M:%S' log_fmt_console

Default: [%(levelname)-8s] %(message)s e format of the console logging messages. See also log_fmt_console. log_fmt_console: '[%(levelname)-8s] %(message)s'

440 Chapter 22. Reference Salt Documentation, Release 2014.7.6 log_fmt_logfile

Default: {} is can be used to control logging levels more speciﬁcally. See also log_granular_levels. failhard

Default: False Set the global failhard ﬂag, this informs all states to stop running states at the moment a single state fails failhard: False

22.9.8 Include Configuration default_include

Default: minion.d/*.conf e minion can include conﬁguration from other ﬁles. Per default the minion will automatically include all conﬁg ﬁles from minion.d/*.conf where minion.d is relative to the directory of the minion conﬁguration ﬁle. include

Default: not defined e minion can include conﬁguration from other ﬁles. To enable this, pass a list of paths to this option. e paths can be either relative or absolute; if relative, they are considered to be relative to the directory the main minion conﬁguration ﬁle lives in. Paths can make use of shell-style globbing. If no ﬁles are matched by a path passed to this option then the minion will log a warning message.

# Include files from a minion.d directory in the same # directory as the minion config file include: minion.d/*.conf

# Include a single extra file into the configuration include: /etc/roles/webserver

# Include several files and the minion.d directory include: - extra_config - minion.d/* - /etc/roles/webserver

22.9. Configuring the Salt Minion 441 Salt Documentation, Release 2014.7.6

22.9.9 Frozen Build Update Seings

ese options control how salt.modules.saltutil.update() works with esky frozen apps. For more in- formation look at hps://github.com/cloudmatrix/esky/. update_url

Default: False (Update feature is disabled) e url to use when looking for application updates. Esky depends on directory listings to search for new versions. A webserver running on your Master is a good starting point for most setups. update_url: 'http://salt.example.com/minion-updates' update_restart_services

Default: [] (service restarting on update is disabled) A list of services to restart when the minion soware is updated. is would typically just be a list containing the minion's service name, but you may have other services that need to go with it. update_restart_services: ['salt-minion']

22.10 Running the Salt Master/Minion as an Unprivileged User

While the default setup runs the master and minion as the root user, some may consider it an extra measure of security to run the master as a non-root user. Keep in mind that doing so does not change the master's capability to access minions as the user they are running as. Due to this many feel that running the master as a non-root user does not grant any real security advantage which is why the master has remained as root by default.

Note: Some of Salt's operations cannot execute correctly when the master is not running as root, speciﬁcally the pam external auth system, as this system needs root access to check authentication.

As of Salt 0.9.10 it is possible to run Salt as a non-root user. is can be done by seing the user parameter in the master conﬁguration ﬁle. and restarting the salt-master service. e minion has it's own user parameter as well, but running the minion as an unprivileged user will keep it from making changes to things like users, installed packages, etc. unless access controls (sudo, etc.) are setup on the minion to permit the non-root user to make the needed changes. In order to allow Salt to successfully run as a non-root user, ownership and permissions need to be set such that the desired user can read from and write to the following directories (and their subdirectories, where applicable): • /etc/salt • /var/cache/salt • /var/log/salt • /var/run/salt Ownership can be easily changed with chown, like so:

# chown -R user /etc/salt /var/cache/salt /var/log/salt /var/run/salt

442 Chapter 22. Reference Salt Documentation, Release 2014.7.6

Warning: Running either the master or minion with the root_dir parameter speciﬁed will aﬀect these paths, as will seing options like pki_dir, cachedir, log_file, and other options that normally live in the above directories.

22.11 Logging

e salt project tries to get the logging to work for you and help us solve any issues you might ﬁnd along the way. If you want to get some more information on the niy-griy of salt's logging system, please head over to the logging development document, if all you're aer is salt's logging conﬁgurations, please continue reading.

22.11.1 Available Configuration Seings log_file

e log records can be sent to a regular ﬁle, local path name, or network location. Remote logging works best when conﬁgured to use rsyslogd(8) (e.g.: file:///dev/log), with rsyslogd(8) conﬁgured for network logging. e for- mat for remote addresses is: ://:/. Default: Dependent of the binary being executed, for example, for salt-master, /var/log/salt/master. Examples: log_file: /var/log/salt/master log_file: /var/log/salt/minion log_file: file:///dev/log log_file: udp://loghost:10514 log_level

Default: warning e level of log record messages to send to the console. One of all, garbage, trace, debug, info, warning, error, critical, quiet. log_level: warning log_level_logfile

Default: warning e level of messages to send to the log ﬁle. One of all, garbage, trace, debug, info, warning, error, critical, quiet. log_level_logfile: warning

22.11. Logging 443 Salt Documentation, Release 2014.7.6 log_datefmt

Default: %H:%M:%S e date and time format used in console log messages. Allowed date/time formaing can be seen on time.strftime. log_datefmt: '%H:%M:%S' log_datefmt_logfile

Default: %Y-%m-%d %H:%M:%S e date and time format used in log ﬁle messages. Allowed date/time formaing can be seen on time.strftime. log_datefmt_logfile: '%Y-%m-%d %H:%M:%S' log_fmt_console

Default: [%(levelname)-8s] %(message)s e format of the console logging messages. Allowed formaing options can be seen on the LogRecord aributes. log_fmt_console: '[%(levelname)-8s] %(message)s' log_fmt_logfile

Default: %(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s e format of the log ﬁle logging messages. Allowed formaing options can be seen on the LogRecord aributes. log_fmt_logfile: '%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s' log_granular_levels

Default: {} is can be used to control logging levels more speciﬁcally. e example sets the main salt library at the `warning' level, but sets salt.modules to log at the debug level: log_granular_levels: 'salt': 'warning' 'salt.modules': 'debug'

External Logging Handlers

Besides the internal logging handlers used by salt, there are some external which can be used, see the external logging handlers document.

22.12 External Logging Handlers

444 Chapter 22. Reference Salt Documentation, Release 2014.7.6

logstash_mod Logstash Logging Handler sentry_mod Sentry Logging Handler

22.12.1 Logstash Logging Handler

New in version 0.17.0. is module provides some Logstash logging handlers.

UDP Logging Handler

For versions of Logstash before 1.2.0: In the salt conﬁguration ﬁle: logstash_udp_handler: host: 127.0.0.1 port: 9999 version: 0

In the Logstash conﬁguration ﬁle: input { udp { type => "udp-type" format => "json_event" } }

For version 1.2.0 of Logstash and newer: In the salt conﬁguration ﬁle: logstash_udp_handler: host: 127.0.0.1 port: 9999 version: 1

In the Logstash conﬁguration ﬁle: input { udp { port => 9999 codec => json } }

Please read the UDP input conﬁguration page for additional information.

ZeroMQ Logging Handler

For versions of Logstash before 1.2.0: In the salt conﬁguration ﬁle:

22.12. External Logging Handlers 445 Salt Documentation, Release 2014.7.6

logstash_zmq_handler: address: tcp://127.0.0.1:2021 version: 0

In the Logstash conﬁguration ﬁle:

input { zeromq { type => "zeromq-type" mode => "server" topology => "pubsub" address => "tcp://0.0.0.0:2021" charset => "UTF-8" format => "json_event" } }

For version 1.2.0 of Logstash and newer: In the salt conﬁguration ﬁle:

logstash_zmq_handler: address: tcp://127.0.0.1:2021 version: 1

In the Logstash conﬁguration ﬁle:

input { zeromq { topology => "pubsub" address => "tcp://0.0.0.0:2021" codec => json } }

Please read the ZeroMQ input conﬁguration page for additional information.

Important Logstash Setting One of the most important seings that you should not forget on your Logstash conﬁguration ﬁle regarding these logging handlers is format. Both the UDP and ZeroMQ inputs need to have format as json_event which is what we send over the wire.

Log Level

Both the logstash_udp_handler and the logstash_zmq_handler conﬁguration sections accept an addi- tional seing log_level. If not set, the logging level used will be the one deﬁned for log_level in the global conﬁguration ﬁle section.

HWM

e high water mark for the ZMQ socket seing. Only applicable for the logstash_zmq_handler.

Inspiration is work was inspired in pylogstash, python-logstash, canary and the PyZMQ logging handler.

446 Chapter 22. Reference Salt Documentation, Release 2014.7.6

22.12.2 Sentry Logging Handler

New in version 0.17.0. is module provides a Sentry logging handler.

Note e Raven library needs to be installed on the system for this logging handler to be available.

Conﬁguring the python Sentry client, Raven, should be done under the sentry_handler conﬁguration key. At the bare minimum, you need to deﬁne the DSN. As an example: sentry_handler: dsn: https://pub-key:[emailprotected]/app-id

More complex conﬁgurations can be achieved, for example: sentry_handler: servers: - https://sentry.example.com - http://192.168.1.1 project: app-id public_key: deadbeefdeadbeefdeadbeefdeadbeef secret_key: beefdeadbeefdeadbeefdeadbeefdead

All the client conﬁguration keys are supported, please see the Raven client documentation. e default logging level for the sentry handler is ERROR. If you wish to deﬁne a diﬀerent one, deﬁne log_level under the sentry_handler conﬁguration key: sentry_handler: dsn: https://pub-key:[emailprotected]/app-id log_level: warning

e available log levels are those also available for the salt cli tools and conﬁguration; salt --help should give you the required information.

Threaded Transports

Raven's documents rightly suggest using its threaded transport for critical applications. However, don't forget that if you start having troubles with Salt aer enabling the threaded transport, please try switching to a non-threaded transport to see if that ﬁxes your problem.

22.13 Salt File Server

Salt comes with a simple ﬁle server suitable for distributing ﬁles to the Salt minions. e ﬁle server is a stateless ZeroMQ server that is built into the Salt master. e main intent of the Salt ﬁle server is to present ﬁles for use in the Salt state system. With this said, the Salt ﬁle server can be used for any general ﬁle transfer from the master to the minions.

22.13. Salt File Server 447 Salt Documentation, Release 2014.7.6

22.13.1 File Server Backends

In Salt 0.12.0, the modular ﬁleserver was introduced. is feature added the ability for the Salt Master to integrate diﬀerent ﬁle server backends. File server backends allow the Salt ﬁle server to act as a transparent bridge to external resources. A good example of this is the git backend, which allows Salt to serve ﬁles sourced from one or more git repositories, but there are several others as well. Click here for a full list of Salt's ﬁleserver backends.

Enabling a Fileserver Backend

Fileserver backends can be enabled with the fileserver_backend option. fileserver_backend: - git

See the documentation for each backend to ﬁnd the correct value to add to fileserver_backend in order to enable them.

Using Multiple Backends

If fileserver_backend is not deﬁned in the Master conﬁg ﬁle, Salt will use the roots backend, but the file- server_backend option supports multiple backends. When more than one backend is in use, the ﬁles from the enabled backends are merged into a single virtual ﬁlesystem. When a ﬁle is requested, the backends will be searched in order for that ﬁle, and the ﬁrst backend to match will be the one which returns the ﬁle. fileserver_backend: - roots - git

With this conﬁguration, the environments and ﬁles deﬁned in the file_roots parameter will be searched ﬁrst, and if the ﬁle is not found then the git repositories deﬁned in gitfs_remotes will be searched.

Environments

Just as the order of the values in fileserver_backend maers, so too does the order in which diﬀer- ent sources are deﬁned within a ﬁleserver environment. For example, given the below file_roots con- ﬁguration, if both /srv/salt/dev/foo.txt and /srv/salt/prod/foo.txt exist on the Master, then salt://foo.txt would point to /srv/salt/dev/foo.txt in the dev environment, but it would point to /srv/salt/prod/foo.txt in the base environment. file_roots: base: - /srv/salt/prod qa: - /srv/salt/qa - /srv/salt/prod dev: - /srv/salt/dev - /srv/salt/qa - /srv/salt/prod

Similarly, when using the git backend, if both repositories deﬁned below have a hotfix23 branch/tag, and both of them also contain the ﬁle bar.txt in the root of the repository at that branch/tag, then salt://bar.txt in the hotfix23 environment would be served from the first repository.

448 Chapter 22. Reference Salt Documentation, Release 2014.7.6

gitfs_remotes: - https://mydomain.tld/repos/first.git - https://mydomain.tld/repos/second.git

Note: Environments map diﬀerently based on the ﬁleserver backend. For instance, the mappings are explic- itly deﬁned in roots backend, while in the VCS backends (git, hg, svn) the environments are created from branches/tags/bookmarks/etc. For the minion backend, the ﬁles are all in a single environment, which is speciﬁed by the minionfs_env option. See the documentation for each backend for a more detailed explanation of how environments are mapped.

22.13.2 Dynamic Module Distribution

New in version 0.9.5. Salt Python modules can be distributed automatically via the Salt ﬁle server. Under the root of any environment deﬁned via the file_roots option on the master server directories corresponding to the type of module can be used. e directories are prepended with an underscore: 1. _modules 2. _grains 3. _renderers 4. _returners 5. _states e contents of these directories need to be synced over to the minions aer Python modules have been created in them. ere are a number of ways to sync the modules.

Sync Via States

e minion conﬁguration contains an option autoload_dynamic_modules which defaults to True. is op- tion makes the state system refresh all dynamic modules when states are run. To disable this behavior set au- toload_dynamic_modules to False in the minion conﬁg. When dynamic modules are autoloaded via states, modules only pertinent to the environments matched in the master's top ﬁle are downloaded. is is important to remember, because modules can be manually loaded from any speciﬁc environment that envi- ronment speciﬁc modules will be loaded when a state run is executed.

Sync Via the saltutil Module

e saltutil module has a number of functions that can be used to sync all or speciﬁc dynamic modules. e saltutil module function saltutil.sync_all will sync all module types over to a minion. For more information see: salt.modules.saltutil

22.13. Salt File Server 449 Salt Documentation, Release 2014.7.6

22.13.3 File Server Configuration

e Salt ﬁle server is a high performance ﬁle server wrien in ZeroMQ. It manages large ﬁles quickly and with lile overhead, and has been optimized to handle small ﬁles in an extremely eﬃcient manner. e Salt ﬁle server is an environment aware ﬁle server. is means that ﬁles can be allocated within many root directories and accessed by specifying both the ﬁle path and the environment to search. e individual environments can span across multiple directory roots to create overlays and to allow for ﬁles to be organized in many ﬂexible ways.

Environments

e Salt ﬁle server defaults to the mandatory base environment. is environment MUST be deﬁned and is used to download ﬁles when no environment is speciﬁed. Environments allow for ﬁles and sls data to be logically separated, but environments are not isolated from each other. is allows for logical isolation of environments by the engineer using Salt, but also allows for information to be used in multiple environments.

Directory Overlay

e environment seing is a list of directories to publish ﬁles from. ese directories are searched in order to ﬁnd the speciﬁed ﬁle and the ﬁrst ﬁle found is returned. is means that directory data is prioritized based on the order in which they are listed. In the case of this file_roots conﬁguration:

file_roots: base: - /srv/salt/base - /srv/salt/failover

If a ﬁle's URI is salt://httpd/httpd.conf, it will ﬁrst search for the ﬁle at /srv/salt/base/httpd/httpd.conf. If the ﬁle is found there it will be returned. If the ﬁle is not found there, then /srv/salt/failover/httpd/httpd.conf will be used for the source. is allows for directories to be overlaid and prioritized based on the order they are deﬁned in the conﬁguration. It is also possible to have file_roots which supports multiple environments:

file_roots: base: - /srv/salt/base dev: - /srv/salt/dev - /srv/salt/base prod: - /srv/salt/prod - /srv/salt/base

is example ensures that each environment will check the associated environment directory for ﬁles ﬁrst. If a ﬁle is not found in the appropriate directory, the system will default to using the base directory.

Local File Server

New in version 0.9.8.

450 Chapter 22. Reference Salt Documentation, Release 2014.7.6

e ﬁle server can be rerouted to run from the minion. is is primarily to enable running Salt states without a Salt master. To use the local ﬁle server interface, copy the ﬁle server data to the minion and set the ﬁle_roots option on the minion to point to the directories copied from the master. Once the minion file_roots option has been set, change the file_client option to local to make sure that the local ﬁle server interface is used.

22.13.4 The cp Module

e cp module is the home of minion side ﬁle server operations. e cp module is used by the Salt state system, salt-cp and can be used to distribute ﬁles presented by the Salt ﬁle server.

Environments

Since the ﬁle server is made to work with the Salt state system, it supports environments. e environments are deﬁned in the master conﬁg ﬁle and when referencing an environment the ﬁle speciﬁed will be based on the root directory of the environment.

get_file

e cp.get_ﬁle function can be used on the minion to download a ﬁle from the master, the syntax looks like this:

# salt '*' cp.get_file salt://vimrc /etc/vimrc

is will instruct all Salt minions to download the vimrc ﬁle and copy it to /etc/vimrc Template rendering can be enabled on both the source and destination ﬁle names like so:

# salt '*' cp.get_file "salt://{{grains.os}}/vimrc" /etc/vimrc template=jinja

is example would instruct all Salt minions to download the vimrc from a directory with the same name as their OS grain and copy it to /etc/vimrc For larger ﬁles, the cp.get_ﬁle module also supports gzip compression. Because gzip is CPU-intensive, this should only be used in scenarios where the compression ratio is very high (e.g. prey-printed JSON or YAML ﬁles). To use compression, use the gzip named argument. Valid values are integers from 1 to 9, where 1 is the lightest compression and 9 the heaviest. In other words, 1 uses the least CPU on the master (and minion), while 9 uses the most.

# salt '*' cp.get_file salt://vimrc /etc/vimrc gzip=5

Finally, note that by default cp.get_ﬁle does not create new destination directories if they do not exist. To change this, use the makedirs argument:

# salt '*' cp.get_file salt://vimrc /etc/vim/vimrc makedirs=True

In this example, /etc/vim/ would be created if it didn't already exist.

get_dir

e cp.get_dir function can be used on the minion to download an entire directory from the master. e syntax is very similar to get_ﬁle:

# salt '*' cp.get_dir salt://etc/apache2 /etc

cp.get_dir supports template rendering and gzip compression arguments just like get_ﬁle:

22.13. Salt File Server 451 Salt Documentation, Release 2014.7.6

# salt '*' cp.get_dir salt://etc/{{pillar.webserver}} /etc gzip=5 template=jinja

22.13.5 File Server Client API

A client API is available which allows for modules and applications to be wrien which make use of the Salt ﬁle server. e ﬁle server uses the same authentication and encryption used by the rest of the Salt system for network commu- nication.

FileClient Class

e FileClient class is used to set up the communication from the minion to the master. When creating a FileClient object the minion conﬁguration needs to be passed in. When using the FileClient from within a minion module the built in __opts__ data can be passed: import salt.minion def get_file(path, dest, env='base'): ''' Used to get a single file from the Salt master

CLI Example: salt '*' cp.get_file salt://vimrc /etc/vimrc ''' # Create the FileClient object client = salt.minion.FileClient(__opts__) # Call get_file return client.get_file(path, dest, False, env)

Using the FileClient class outside of a minion module where the __opts__ data is not available, it needs to be generated: import salt.minion import salt.config def get_file(path, dest, env='base'): ''' Used to get a single file from the Salt master ''' # Get the configuration data opts = salt.config.minion_config('/etc/salt/minion') # Create the FileClient object client = salt.minion.FileClient(opts) # Call get_file return client.get_file(path, dest, False, env)

22.14 Full list of builtin fileserver modules

gitfs Git Fileserver Backend hgfs Mercurial Fileserver Backend Continued on next page

452 Chapter 22. Reference Salt Documentation, Release 2014.7.6

Table 22.4 -- continued from previous page minionfs Fileserver backend which serves ﬁles pushed to the Master roots e default ﬁle server backend s3fs Amazon S3 Fileserver Backend svnfs Subversion Fileserver Backend

22.14.1 salt.fileserver.gitfs

Git Fileserver Backend With this backend, branches and tags in a remote git repository are exposed to salt as diﬀerent environments. To enable, add git to the fileserver_backend option in the Master conﬁg ﬁle. fileserver_backend: - git

As of Salt 2014.7.0, the Git ﬁleserver backend supports GitPython, pygit2, and dulwich to provide the Python interface to git. If more than one of these are present, the order of preference for which one will be chosen is the same as the order in which they were listed: pygit2, GitPython, dulwich (keep in mind, this order is subject to change). An optional master conﬁg parameter (gitfs_provider) can be used to specify which provider should be used. More detailed information on how to use gitfs can be found in the Gitfs Walkthrough.

Note: Minimum requirements To use GitPython for gitfs requires a minimum GitPython version of 0.3.0, as well as the git CLI utility. Instructions for installing GitPython can be found here. To use pygit2 for gitfs requires a minimum pygit2 version of 0.20.3. pygit2 0.20.3 requires libgit2 0.20.0. pygit2 and libgit2 are developed alongside one another, so it is recommended to keep them both at the same major release to avoid unexpected behavior. For example, pygit2 0.21.x requires libgit2 0.21.x, pygit2 0.22.x will require libgit2 0.22.x, etc. To ﬁnd stale refs, pygit2 additionally requires the git CLI utility to be installed. salt.fileserver.gitfs.clear_cache() Completely clear gitfs cache salt.fileserver.gitfs.clear_lock(remote=None) Clear update.lk remote can either be a dictionary containing repo conﬁguration information, or a paern. If the laer, then remotes for which the URL matches the paern will be locked. salt.fileserver.gitfs.dir_list(load) Return a list of all directories on the master salt.fileserver.gitfs.envs(ignore_cache=False, skip_clean=False) Return a list of refs that can be used as environments salt.fileserver.gitfs.file_hash(load, fnd) Return a ﬁle hash, the hash type is set in the master conﬁg ﬁle salt.fileserver.gitfs.file_list(load) Return a list of all ﬁles on the ﬁle server in a speciﬁed environment salt.fileserver.gitfs.file_list_emptydirs(load) Return a list of all empty directories on the master

22.14. Full list of builtin fileserver modules 453 Salt Documentation, Release 2014.7.6

salt.fileserver.gitfs.find_file(path, tgt_env='base', **kwargs) Find the ﬁrst ﬁle to match the path and ref, read the ﬁle out of git and send the path to the newly cached ﬁle salt.fileserver.gitfs.init() Return the git repo object for this session salt.fileserver.gitfs.lock(remote=None) Place an update.lk remote can either be a dictionary containing repo conﬁguration information, or a paern. If the laer, then remotes for which the URL matches the paern will be locked. salt.fileserver.gitfs.serve_file(load, fnd) Return a chunk from a ﬁle based on the data received salt.fileserver.gitfs.symlink_list(load) Return a dict of all symlinks based on a given path in the repo salt.fileserver.gitfs.update() Execute a git fetch on all of the repos

22.14.2 salt.fileserver.hgfs

Mercurial Fileserver Backend To enable, add hg to the fileserver_backend option in the Master conﬁg ﬁle.

fileserver_backend: - hg

Aer enabling this backend, branches, bookmarks, and tags in a remote mercurial repository are exposed to salt as diﬀerent environments. is feature is managed by the fileserver_backend option in the salt master conﬁg ﬁle. is ﬁleserver has an additional option hgfs_branch_method that will set the desired branch method. Possible values are: branches, bookmarks, or mixed. If using branches or mixed, the default branch will be mapped to base. Changed in version 2014.1.0: e hgfs_base master conﬁg parameter was added, allowing for a branch other than default to be used for the base environment, and allowing for a base environment to be speciﬁed when using an hgfs_branch_method of bookmarks. depends • mercurial • python bindings for mercurial (python-hglib) salt.fileserver.hgfs.clear_cache() Completely clear hgfs cache salt.fileserver.hgfs.clear_lock(remote=None) Clear update.lk remote can either be a dictionary containing repo conﬁguration information, or a paern. If the laer, then remotes for which the URL matches the paern will be locked. salt.fileserver.hgfs.dir_list(load) Return a list of all directories on the master salt.fileserver.hgfs.envs(ignore_cache=False) Return a list of refs that can be used as environments

454 Chapter 22. Reference Salt Documentation, Release 2014.7.6

salt.fileserver.hgfs.file_hash(load, fnd) Return a ﬁle hash, the hash type is set in the master conﬁg ﬁle salt.fileserver.hgfs.file_list(load) Return a list of all ﬁles on the ﬁle server in a speciﬁed environment salt.fileserver.hgfs.file_list_emptydirs(load) Return a list of all empty directories on the master salt.fileserver.hgfs.find_file(path, tgt_env='base', **kwargs) Find the ﬁrst ﬁle to match the path and ref, read the ﬁle out of hg and send the path to the newly cached ﬁle salt.fileserver.hgfs.init() Return a list of hglib objects for the various hgfs remotes salt.fileserver.hgfs.lock(remote=None) Place an update.lk remote can either be a dictionary containing repo conﬁguration information, or a paern. If the laer, then remotes for which the URL matches the paern will be locked. salt.fileserver.hgfs.serve_file(load, fnd) Return a chunk from a ﬁle based on the data received salt.fileserver.hgfs.update() Execute an hg pull on all of the repos

22.14.3 salt.fileserver.minionfs

Fileserver backend which serves ﬁles pushed to the Master e cp.push function allows Minions to push ﬁles up to the Master. Using this backend, these pushed ﬁles are exposed to other Minions via the Salt ﬁleserver. To enable minionfs, file_recv needs to be set to True in the master conﬁg ﬁle (otherwise cp.push will not be allowed to push ﬁles to the Master), and minion must be added to the fileserver_backends list.

fileserver_backend: - minion

Other minionfs seings include: minionfs_whitelist, minionfs_blacklist, min- ionfs_mountpoint, and minionfs_env. See also: MinionFS Backend Walkthrough salt.fileserver.minionfs.dir_list(load) Return a list of all directories on the master CLI Example:

$ salt 'source-minion' cp.push /absolute/path/file # Push the file to the master $ salt 'destination-minion' cp.list_master_dirs destination-minion: - source-minion/absolute - source-minion/absolute/path

salt.fileserver.minionfs.envs() Returns the one environment speciﬁed for minionfs in the master conﬁguration.

22.14. Full list of builtin fileserver modules 455 Salt Documentation, Release 2014.7.6 salt.fileserver.minionfs.file_hash(load, fnd) Return a ﬁle hash, the hash type is set in the master conﬁg ﬁle salt.fileserver.minionfs.file_list(load) Return a list of all ﬁles on the ﬁle server in a speciﬁed environment salt.fileserver.minionfs.find_file(path, tgt_env='base', **kwargs) Search the environment for the relative path salt.fileserver.minionfs.serve_file(load, fnd) Return a chunk from a ﬁle based on the data received CLI Example:

# Push the file to the master $ salt 'source-minion' cp.push /path/to/the/file $ salt 'destination-minion' cp.get_file salt://source-minion/path/to/the/file /destination/file salt.fileserver.minionfs.update() When we are asked to update (regular interval) lets reap the cache

22.14.4 salt.fileserver.roots

e default ﬁle server backend is ﬁleserver backend serves ﬁles from the Master's local ﬁlesystem. If fileserver_backend is not deﬁned in the Master conﬁg ﬁle, then this backend is enabled by default. If it is deﬁned then roots must be in the file- server_backend list to enable this backend. fileserver_backend: - roots

Fileserver environments are deﬁned using the file_roots conﬁguration option. salt.fileserver.roots.dir_list(load) Return a list of all directories on the master salt.fileserver.roots.envs() Return the ﬁle server environments salt.fileserver.roots.file_hash(load, fnd) Return a ﬁle hash, the hash type is set in the master conﬁg ﬁle salt.fileserver.roots.file_list(load) Return a list of all ﬁles on the ﬁle server in a speciﬁed environment salt.fileserver.roots.file_list_emptydirs(load) Return a list of all empty directories on the master salt.fileserver.roots.find_file(path, saltenv='base', env=None, **kwargs) Search the environment for the relative path salt.fileserver.roots.serve_file(load, fnd) Return a chunk from a ﬁle based on the data received salt.fileserver.roots.symlink_list(load) Return a dict of all symlinks based on a given path on the Master salt.fileserver.roots.update() When we are asked to update (regular interval) lets reap the cache

456 Chapter 22. Reference Salt Documentation, Release 2014.7.6

22.14.5 salt.fileserver.s3fs

Amazon S3 Fileserver Backend is backend exposes directories in S3 buckets as Salt environments. To enable this backend, add s3fs to the fileserver_backend option in the Master conﬁg ﬁle. fileserver_backend: - s3fs

S3 credentials must also be set in the master conﬁg ﬁle: s3.keyid: GKTADJGHEIQSXMKKRBJ08H s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

Alternatively, if on EC2 these credentials can be automatically loaded from instance metadata. is ﬁleserver supports two modes of operation for the buckets: 1. A single buet per environment

s3.buckets: production: - bucket1 - bucket2 staging: - bucket3 - bucket4

2. Multiple environments per buet

s3.buckets: - bucket1 - bucket2 - bucket3 - bucket4

Note that bucket names must be all lowercase both in the AWS console and in Salt, otherwise you may encounter SignatureDoesNotMatch errors. A multiple-environment bucket must adhere to the following root directory structure: s3:////

Note: is ﬁleserver back-end requires the use of the MD5 hashing algorithm. MD5 may not be compliant with all security policies. salt.fileserver.s3fs.dir_list(load) Return a list of all directories on the master salt.fileserver.s3fs.envs() Return a list of directories within the bucket that can be used as environments. salt.fileserver.s3fs.file_hash(load, fnd) Return an MD5 ﬁle hash salt.fileserver.s3fs.file_list(load) Return a list of all ﬁles on the ﬁle server in a speciﬁed environment salt.fileserver.s3fs.file_list_emptydirs(load) Return a list of all empty directories on the master

22.14. Full list of builtin fileserver modules 457 Salt Documentation, Release 2014.7.6 salt.fileserver.s3fs.find_file(path, saltenv='base', env=None, **kwargs) Look through the buckets cache ﬁle for a match. If the ﬁeld is found, it is retrieved from S3 only if its cached version is missing, or if the MD5 does not match. salt.fileserver.s3fs.serve_file(load, fnd) Return a chunk from a ﬁle based on the data received salt.fileserver.s3fs.update() Update the cache ﬁle for the bucket.

22.14.6 salt.fileserver.svnfs

Subversion Fileserver Backend Aer enabling this backend, branches, and tags in a remote subversion repository are exposed to salt as diﬀerent environments. To enable this backend, add svn to the fileserver_backend option in the Master conﬁg ﬁle. fileserver_backend: - svn

is backend assumes a standard svn layout with directories for branches, tags, and trunk, at the repository root. depends • subversion • pysvn Changed in version 2014.7.0: e paths to the trunk, branches, and tags have been made conﬁgurable, via the conﬁg options svnfs_trunk, svnfs_branches, and svnfs_tags. svnfs_mountpoint was also added. Finally, support for per-remote conﬁguration parameters was added. See the documentation for more information. salt.fileserver.svnfs.clear_cache() Completely clear svnfs cache salt.fileserver.svnfs.clear_lock(remote=None) Clear update.lk remote can either be a dictionary containing repo conﬁguration information, or a paern. If the laer, then remotes for which the URL matches the paern will be locked. salt.fileserver.svnfs.dir_list(load) Return a list of all directories on the master salt.fileserver.svnfs.envs(ignore_cache=False) Return a list of refs that can be used as environments salt.fileserver.svnfs.file_hash(load, fnd) Return a ﬁle hash, the hash type is set in the master conﬁg ﬁle salt.fileserver.svnfs.file_list(load) Return a list of all ﬁles on the ﬁle server in a speciﬁed environment salt.fileserver.svnfs.file_list_emptydirs(load) Return a list of all empty directories on the master salt.fileserver.svnfs.find_file(path, tgt_env='base', **kwargs) Find the ﬁrst ﬁle to match the path and ref. is operates similarly to the roots ﬁle sever but with assumptions of the directory structure based on svn standard practices.

458 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.fileserver.svnfs.init() Return the list of svn remotes and their conﬁguration information salt.fileserver.svnfs.lock(remote=None) Place an update.lk remote can either be a dictionary containing repo conﬁguration information, or a paern. If the laer, then remotes for which the URL matches the paern will be locked. salt.fileserver.svnfs.serve_file(load, fnd) Return a chunk from a ﬁle based on the data received salt.fileserver.svnfs.update() Execute an svn update on all of the repos

22.15 Salt code and internals

Reference documentation on Salt's internal code.

22.15.1 Contents salt.serializers salt.utils.aggregation

is library allows to introspect dataset and aggregate nodes when it is instructed.

Note: e following examples with be expressed in YAML for convenience sake: • !aggr-scalar will refer to Scalar python function • !aggr-map will refer to Map python object • !aggr-seq will refer for Sequence python object

How to instructs merging is yaml document have duplicate keys: foo: !aggr-scalar first foo: !aggr-scalar second bar: !aggr-map {first: foo} bar: !aggr-map {second: bar} baz: !aggr-scalar 42 but tagged values instruct salt that overlapping values they can be merged together: foo: !aggr-seq [first, second] bar: !aggr-map {first: foo, second: bar} baz: !aggr-seq [42]

Default merge strategy is keep untoued For example, this yaml document have still duplicate keys, but does not instruct aggregation:

22.15. Salt code and internals 459 Salt Documentation, Release 2014.7.6

foo: first foo: second bar: {first: foo} bar: {second: bar} baz: 42

So the late found values prevail: foo: second bar: {second: bar} baz: 42

Limitations Aggregation is permied between tagged objects that share the same type. If not, the default merge strategy prevails. For example, these examples: foo: {first: value} foo: !aggr-map {second: value} bar: !aggr-map {first: value} bar: 42 baz: !aggr-seq [42] baz: [fail] qux: 42 qux: !aggr-scalar fail are interpreted like this: foo: !aggr-map{second: value} bar: 42 baz: [fail] qux: !aggr-seq [fail]

Introspection TODO: write this part salt.utils.aggregation.aggregate(obj_a, obj_b, level=False, map_class=, sequence_class=) Merge obj_b into obj_a.

>>> aggregate('first', 'second', True) == ['first', 'second'] True class salt.utils.aggregation.Aggregate Aggregation base. class salt.utils.aggregation.Map(*args, **kwds) Map aggregation. salt.utils.aggregation.Scalar(obj) Shortcut for Sequence creation

460 Chapter 22. Reference Salt Documentation, Release 2014.7.6

>>> Scalar('foo') == Sequence(['foo']) True class salt.utils.aggregation.Sequence Sequence aggregation.

Exceptions

Salt-speciﬁc exceptions should be thrown as oen as possible so the various interfaces to Salt (CLI, API, etc) can handle those errors appropriately and display error messages appropriately.

salt.exceptions is module is a central location for all salt exceptions salt.exceptions

is module is a central location for all salt exceptions exception salt.exceptions.AuthenticationError If sha256 signature fails during decryption exception salt.exceptions.AuthorizationError rown when runner or wheel execution fails due to permissions exception salt.exceptions.CommandExecutionError Used when a module runs a command which returns an error and wants to show the user the output gracefully instead of dying exception salt.exceptions.CommandNotFoundError Used in modules or grains when a required binary is not available exception salt.exceptions.EauthAuthenticationError rown when eauth authentication fails exception salt.exceptions.FileserverConfigError Used when invalid ﬁleserver seings are detected exception salt.exceptions.LoaderError Problems loading the right renderer exception salt.exceptions.MasterExit Rise when the master exits exception salt.exceptions.MinionError Minion problems reading uris such as salt:// or hp:// exception salt.exceptions.PkgParseError Used when of the pkg modules cannot correctly parse the output from the CLI tool (pacman, yum, apt, aptitude, etc) exception salt.exceptions.SaltClientError Problem reading the master root key exception salt.exceptions.SaltClientTimeout(msg, jid=None, *args, **kwargs) rown when a job sent through one of the Client interfaces times out Takes the jid as a parameter exception salt.exceptions.SaltCloudConfigError Raised when a conﬁguration seing is not found and should exist.

22.15. Salt code and internals 461 Salt Documentation, Release 2014.7.6 exception salt.exceptions.SaltCloudException Generic Salt Cloud Exception exception salt.exceptions.SaltCloudExecutionFailure Raised when too much failures have occurred while querying/waiting for data. exception salt.exceptions.SaltCloudExecutionTimeout Raised when too much time has passed while querying/waiting for data. exception salt.exceptions.SaltCloudNotFound Raised when some cloud provider function cannot ﬁnd what's being searched. exception salt.exceptions.SaltCloudPasswordError Raise when virtual terminal password input failed exception salt.exceptions.SaltCloudSystemExit(message, exit_code=1) is exception is raised when the execution should be stopped. exception salt.exceptions.SaltException Base exception class; all Salt-speciﬁc exceptions should subclass this exception salt.exceptions.SaltInvocationError Used when the wrong number of arguments are sent to modules or invalid arguments are speciﬁed on the command line exception salt.exceptions.SaltMasterError Problem reading the master root key exception salt.exceptions.SaltRenderError(error, line_num=None, buf='`, marker=' <======', trace=None) Used when a renderer needs to raise an explicit error. If a line number and buﬀer string are passed, get_context will be invoked to get the location of the error. exception salt.exceptions.SaltReqTimeoutError rown when a salt master request call fails to return within the timeout exception salt.exceptions.SaltRunnerError Problem in runner exception salt.exceptions.SaltSyndicMasterError Problem while proxying a request in the syndication master exception salt.exceptions.SaltSystemExit(code=0, msg=None) is exception is raised when an unsolvable problem is found. ere's nothing else to do, salt should just exit. exception salt.exceptions.SaltWheelError Problem in wheel exception salt.exceptions.TimedProcTimeoutError rown when a timed subprocess does not terminate within the timeout, or if the speciﬁed timeout is not an int or a ﬂoat exception salt.exceptions.TokenAuthenticationError rown when token authentication fails salt.exceptions

is module is a central location for all salt exceptions exception salt.exceptions.AuthenticationError If sha256 signature fails during decryption

462 Chapter 22. Reference Salt Documentation, Release 2014.7.6 exception salt.exceptions.AuthorizationError rown when runner or wheel execution fails due to permissions exception salt.exceptions.CommandExecutionError Used when a module runs a command which returns an error and wants to show the user the output gracefully instead of dying exception salt.exceptions.CommandNotFoundError Used in modules or grains when a required binary is not available exception salt.exceptions.EauthAuthenticationError rown when eauth authentication fails exception salt.exceptions.FileserverConfigError Used when invalid ﬁleserver seings are detected exception salt.exceptions.LoaderError Problems loading the right renderer exception salt.exceptions.MasterExit Rise when the master exits exception salt.exceptions.MinionError Minion problems reading uris such as salt:// or hp:// exception salt.exceptions.PkgParseError Used when of the pkg modules cannot correctly parse the output from the CLI tool (pacman, yum, apt, aptitude, etc) exception salt.exceptions.SaltClientError Problem reading the master root key exception salt.exceptions.SaltClientTimeout(msg, jid=None, *args, **kwargs) rown when a job sent through one of the Client interfaces times out Takes the jid as a parameter exception salt.exceptions.SaltCloudConfigError Raised when a conﬁguration seing is not found and should exist. exception salt.exceptions.SaltCloudException Generic Salt Cloud Exception exception salt.exceptions.SaltCloudExecutionFailure Raised when too much failures have occurred while querying/waiting for data. exception salt.exceptions.SaltCloudExecutionTimeout Raised when too much time has passed while querying/waiting for data. exception salt.exceptions.SaltCloudNotFound Raised when some cloud provider function cannot ﬁnd what's being searched. exception salt.exceptions.SaltCloudPasswordError Raise when virtual terminal password input failed exception salt.exceptions.SaltCloudSystemExit(message, exit_code=1) is exception is raised when the execution should be stopped. exception salt.exceptions.SaltException Base exception class; all Salt-speciﬁc exceptions should subclass this exception salt.exceptions.SaltInvocationError Used when the wrong number of arguments are sent to modules or invalid arguments are speciﬁed on the command line

22.15. Salt code and internals 463 Salt Documentation, Release 2014.7.6 exception salt.exceptions.SaltMasterError Problem reading the master root key exception salt.exceptions.SaltRenderError(error, line_num=None, buf='`, marker=' <======', trace=None) Used when a renderer needs to raise an explicit error. If a line number and buﬀer string are passed, get_context will be invoked to get the location of the error. exception salt.exceptions.SaltReqTimeoutError rown when a salt master request call fails to return within the timeout exception salt.exceptions.SaltRunnerError Problem in runner exception salt.exceptions.SaltSyndicMasterError Problem while proxying a request in the syndication master exception salt.exceptions.SaltSystemExit(code=0, msg=None) is exception is raised when an unsolvable problem is found. ere's nothing else to do, salt should just exit. exception salt.exceptions.SaltWheelError Problem in wheel exception salt.exceptions.TimedProcTimeoutError rown when a timed subprocess does not terminate within the timeout, or if the speciﬁed timeout is not an int or a ﬂoat exception salt.exceptions.TokenAuthenticationError rown when token authentication fails salt.serializers salt.utils.serializers

is module implements all the serializers needed by salt. Each serializer oﬀers the same functions and aributes: deserialize function for deserializing string or stream serialize function for serializing a Python object available ﬂag that tells if the serializer is available (all dependencies are met etc.) salt.utils.serializers.json

Implements JSON serializer. It's just a wrapper around json (or simplejson if available). salt.utils.serializers.json.deserialize(stream_or_string, **options) Deserialize any string of stream like object into a Python data structure. Parameters • stream_or_string -- stream or string to deserialize. • options -- options given to lower json/simplejson module. salt.utils.serializers.json.serialize(obj, **options) Serialize Python data to JSON. Parameters

464 Chapter 22. Reference Salt Documentation, Release 2014.7.6

• obj -- the data structure to serialize • options -- options given to lower json/simplejson module. salt.utils.serializers.yaml

Implements YAML serializer. Underneath, it is based on pyyaml and use the safe dumper and loader. It also use C bindings if they are available. salt.utils.serializers.yaml.deserialize(stream_or_string, **options) Deserialize any string of stream like object into a Python data structure. Parameters • stream_or_string -- stream or string to deserialize. • options -- options given to lower yaml module. salt.utils.serializers.yaml.serialize(obj, **options) Serialize Python data to YAML. Parameters • obj -- the data structure to serialize • options -- options given to lower yaml module. salt.utils.serializers.msgpack

Implements MsgPack serializer. salt.utils.serializers.msgpack.deserialize(stream_or_string, **options) Deserialize any string of stream like object into a Python data structure. Parameters • stream_or_string -- stream or string to deserialize. • options -- options given to lower msgpack module. salt.utils.serializers.msgpack.serialize(obj, **options) Serialize Python data to MsgPack. Parameters • obj -- the data structure to serialize • options -- options given to lower msgpack module.

22.16 Full list of builtin execution modules

Virtual modules

22.16. Full list of builtin execution modules 465 Salt Documentation, Release 2014.7.6

22.16.1 salt.modules.pkg pkg is a virtual module that is fulﬁlled by one of the following modules: • salt.modules.aptpkg • salt.modules.brew • salt.modules.ebuild • salt.modules.freebsdpkg • salt.modules.openbsdpkg • salt.modules.pacman • salt.modules.pkgin • salt.modules.pkgng • salt.modules.pkgutil • salt.modules.solarispkg • salt.modules.win_pkg • salt.modules.yumpkg • salt.modules.zypper

aliases Manage the information in the aliases ﬁle alternatives Support for Alternatives system apache Support for Apache aptpkg Support for APT (Advanced Packaging Tool) archive A module to wrap (non-Windows) archive calls at Wrapper module for at(1) augeas_cfg Manages conﬁguration ﬁles via augeas aws_sqs Support for the Amazon Simple eue Service. blockdev Module for managing block devices bluez Support for Bluetooth (using BlueZ in Linux). boto_asg Connection module for Amazon Autoscale Groups boto_cloudwatch Connection module for Amazon CloudWatch boto_elasticache Connection module for Amazon Elasticache boto_elb Connection module for Amazon ELB boto_iam Connection module for Amazon IAM boto_route53 Connection module for Amazon Route53 boto_secgroup Connection module for Amazon Security Groups boto_sqs Connection module for Amazon SQS brew Homebrew for Mac OS X bridge Module for gathering and managing bridging information bsd_shadow Manage the password database on BSD systems cassandra Cassandra NoSQL Database Module chef Execute chef in server or solo mode chocolatey A dead simple module wrapping calls to the Chocolatey package manager cloud Salt-speciﬁc interface for calling Salt Cloud directly cmdmod A module for shelling out composer Use composer to install PHP dependencies for a directory config Return conﬁg information Continued on next page

466 Chapter 22. Reference Salt Documentation, Release 2014.7.6

Table 22.6 -- continued from previous page cp Minion side functions for salt-cp cron Work with cron daemontools daemontools service module. is module will create daemontools type darwin_sysctl Module for viewing and modifying sysctl parameters data Manage a local persistent data structure that can hold any arbitrary data ddns Support for RFC 2136 dynamic DNS updates. deb_apache Support for Apache debconfmod Support for Debconf debian_ip e networking module for Debian based distros debian_service Service support for Debian systems (uses update-rc.d and /sbin/service) defaults dig Compendium of generic DNS utilities disk Module for gathering disk information djangomod Manage Django sites dnsmasq Module for managing dnsmasq dnsutil Compendium of generic DNS utilities dockerio Management of Dockers dpkg Support for DEB packages ebuild Support for Portage eix Support for Eix environ Support for geing and seing the environment variables of the current salt process. eselect Support for eselect, Gentoo's conﬁguration and management tool. etcd_mod Execution module to work with etcd event Use the Salt Event System to ﬁre events from the master to the minion and vice-versa. extfs Module for managing ext2/3/4 ﬁle systems file Manage information about regular ﬁles, directories, freebsd_sysctl Module for viewing and modifying sysctl parameters freebsdjail e jail module for FreeBSD freebsdkmod Module to manage FreeBSD kernel modules freebsdpkg Remote package support using pkg_add(1) freebsdports Install soware from the FreeBSD ports(7) system freebsdservice e service module for FreeBSD gem Manage ruby gems. genesis Module for managing container and VM images gentoo_service Top level package command wrapper, used to translate the os detected by grains gentoolkitmod Support for Gentoolkit git Support for the Git SCM glance Module for handling openstack glance calls. glusterfs Manage a glusterfs pool gnomedesktop GNOME implementations grains Return/control aspects of the grains data groupadd Manage groups on Linux and OpenBSD grub_legacy Support for GRUB Legacy guestfs Interact with virtual machine images via libguestfs hadoop Support for hadoop haproxyconn Support for haproxy hashutil A collection of hashing and encoding functions hg Support for the Mercurial SCM hosts Manage the information in the hosts ﬁle htpasswd Support for htpasswd command Continued on next page

22.16. Full list of builtin execution modules 467 Salt Documentation, Release 2014.7.6

Table 22.6 -- continued from previous page img Virtual machine image management tools incron Work with incron influx InﬂuxDB - A distributed time series database ini_manage Edit ini ﬁles introspect Functions to perform introspection on a minion, and return data in a format ipset Support for ipset iptables Support for iptables junos Module for interfacing to Junos devices key Functions to view the minion's public key information keyboard Module for managing keyboards on supported POSIX-like systems using systemd, or such as Redhat, Debian and Gentoo. keystone Module for handling openstack keystone calls. kmod Module to manage Linux kernel modules launchctl Module for the management of MacOS systems that use launchd/launchctl layman Support for Layman ldapmod Salt interface to LDAP commands linux_acl Support for Linux File Access Control Lists linux_lvm Support for Linux LVM2 linux_sysctl Module for viewing and modifying sysctl parameters localemod Module for managing locales on POSIX-like systems. locate Module for using the locate utilities logadm Module for managing Solaris logadm based log rotations. logrotate Module for managing logrotate. lvs Support for LVS (Linux Virtual Server) lxc Control Linux Containers via Salt mac_group Manage groups on Mac OS 10.7+ mac_user Manage users on Mac OS 10.7+ macports Support for MacPorts under Mac OSX. makeconf Support for modifying make.conf under Gentoo match e match module allows for match routines to be run and determine target specs mdadm Salt module to manage RAID arrays with mdadm memcached Module for Management of Memcached Keys mine e function cache system allows for data to be stored on the master so it can be easily read by other minions mod_random New in version 2014.7.0. modjk Control Modjk via the Apache Tomcat ``Status'' worker mongodb Module to provide MongoDB functionality to Salt monit Monit service module. moosefs Module for gathering and managing information about MooseFS mount Salt module to manage unix mounts and the fstab ﬁle munin Run munin plugins/checks from salt and format the output as data. mysql Module to provide MySQL compatibility to salt. nagios Run nagios plugins/checks from salt and get the return as data. netbsd_sysctl Module for viewing and modifying sysctl parameters netbsdservice e service module for NetBSD network Module for gathering and managing network information nfs3 Module for managing NFS version 3. nftables Support for nables nginx Support for nginx nova Module for handling OpenStack Nova calls npm Manage and query NPM packages. omapi is module interacts with an ISC DHCP Server via OMAPI. Continued on next page

468 Chapter 22. Reference Salt Documentation, Release 2014.7.6

Table 22.6 -- continued from previous page openbsdpkg Package support for OpenBSD openbsdservice e service module for OpenBSD openstack_config Modify, retrieve, or delete values from OpenStack conﬁguration ﬁles. oracle Oracle DataBase connection module osxdesktop Mac OS X implementations of various commands in the ``desktop'' interface pacman A module to wrap pacman calls, since Arch is the best pagerduty Module for Firing Events via PagerDuty pam Support for pam parted Module for managing partitions on POSIX-like systems. pecl Manage PHP pecl extensions. pillar Extract the pillar data for this minion pip Install Python packages with pip to either the system or a virtualenv pkg_resource Resources needed by pkg providers pkgin Package support for pkgin based systems, inspired from freebsdpkg module pkgng Support for pkgng, the new package manager for FreeBSD pkgutil Pkgutil support for Solaris portage_config Conﬁgure portage(5) postfix Support for Postﬁx postgres Module to provide Postgres compatibility to salt. poudriere Support for poudriere powerpath powerpath support. ps A salt interface to psutil, a system and process library. publish Publish a command from a minion to a target puppet Execute puppet routines pw_group Manage groups on FreeBSD pw_user Manage users with the useradd command pyenv Manage python installations with pyenv. qemu_img Qemu-img Command Wrapper qemu_nbd Qemu Command Wrapper quota Module for managing quotas on POSIX-like systems. rabbitmq Module to provide RabbitMQ compatibility to Salt. raet_publish Publish a command from a minion to a target rbenv Manage ruby installations with rbenv. rdp Manage RDP Service on Windows servers redismod Module to provide redis functionality to Salt reg Manage the registry on Windows rest_package Service support for the REST example rest_sample Module for interfacing to the REST example rest_service Service support for the REST example ret Module to integrate with the returner system and retrieve data sent to a salt returner rh_ip e networking module for RHEL/Fedora based distros rh_service Service support for RHEL-based systems, including support for both upstart and sysvinit riak Riak Salt Module rpm Support for rpm rsync Wrapper for rsync rvm Manage ruby installations and gemsets with RVM, the Ruby Version Manager. s3 Connection module for Amazon S3 saltcloudmod Control a salt cloud system saltutil e Saltutil module is used to manage the state of the salt minion itself. schedule Module for manging the Salt schedule on a minion Continued on next page

22.16. Full list of builtin execution modules 469 Salt Documentation, Release 2014.7.6

Table 22.6 -- continued from previous page seed Virtual machine image management tools selinux Execute calls on selinux sensors Read lm-sensors serverdensity_device Wrapper around Server Density API service e default service module, if not otherwise speciﬁed salt will fall back shadow Manage the shadow ﬁle smartos_imgadm Module for running imgadm command on SmartOS smartos_vmadm Module for managing VMs on SmartOS smf Service support for Solaris 10 and 11, should work with other systems that use SMF also. smtp Module for Sending Messages via SMTP softwareupdate Support for the sowareupdate command on MacOS. solaris_group Manage groups on Solaris solaris_shadow Manage the password database on Solaris systems solaris_user Manage users with the useradd command solarispkg Package support for Solaris solr Apache Solr Salt Module sqlite3 Support for SQLite3 ssh Manage client ssh components state Control the state system on the minion status Module for returning various status data about a minion. supervisord Provide the service module for system supervisord or supervisord in a svn Subversion SCM swift Module for handling OpenStack Swi calls sysbench e `sysbench' module is used to analyze the performance of the minions, right from the master! It measures various system parameters such as CPU, Memory, File I/O, reads and Mutex. sysmod e sys module provides information about the available functions on the minion system Support for reboot, shutdown, etc systemd Provide the service module for systemd test Module for running arbitrary tests timezone Module for managing timezone on POSIX-like systems. tls A salt module for SSL/TLS. tomcat Support for Tomcat twilio_notify Module for notiﬁcations via Twilio upstart Module for the management of upstart systems. useradd Manage users with the useradd command uwsgi uWSGI stats server hp://uwsgi-docs.readthedocs.org/en/latest/StatsServer.html varnish Support for Varnish virt Work with virtual machines managed by libvirt virtualenv_mod Create virtualenv environments win_autoruns Module for listing programs that automatically run on startup win_disk Module for gathering disk information on Windows win_dns_client Module for conﬁguring DNS Client on Windows systems win_file Manage information about ﬁles on the minion, set/read user, group win_firewall Module for conﬁguring Windows Firewall win_groupadd Manage groups on Windows win_ip e networking module for Windows based systems win_network Module for gathering and managing network information win_ntp Management of NTP servers on Windows win_path Manage the Windows System PATH win_pkg A module to manage soware on Windows win_repo Module to manage Windows soware repo on a Standalone Minion Continued on next page

470 Chapter 22. Reference Salt Documentation, Release 2014.7.6

Table 22.6 -- continued from previous page win_servermanager Manage Windows features via the ServerManager powershell module win_service Windows Service module. win_shadow Manage the shadow ﬁle win_status Module for returning various status data about a minion. win_system Support for reboot, shutdown, etc win_timezone Module for managing timezone on Windows systems. win_update Module for running windows updates. win_useradd Manage Windows users with the net user command xapi is module (mostly) uses the XenAPI to manage Xen virtual machines. xmpp Module for Sending Messages via XMPP (a.k.a. yumpkg Support for YUM zcbuildout Management of zc.buildout zfs Salt interface to ZFS commands znc znc - An advanced IRC bouncer zpool Module for running ZFS zpool command zypper Package support for openSUSE via the zypper package manager

22.16.2 salt.modules.aliases

Manage the information in the aliases ﬁle salt.modules.aliases.get_target(alias) Return the target associated with an alias CLI Example:

salt '*' aliases.get_target alias salt.modules.aliases.has_target(alias, target) Return true if the alias/target is set CLI Example:

salt '*' aliases.has_target alias target salt.modules.aliases.list_aliases() Return the aliases found in the aliases ﬁle in this format:

{'alias': 'target'}

CLI Example:

salt '*' aliases.list_aliases salt.modules.aliases.rm_alias(alias) Remove an entry from the aliases ﬁle CLI Example:

salt '*' aliases.rm_alias alias salt.modules.aliases.set_target(alias, target) Set the entry in the aliases ﬁle for the given alias, this will overwrite any previous entry for the given alias or create a new one if it does not exist. CLI Example:

22.16. Full list of builtin execution modules 471 Salt Documentation, Release 2014.7.6

salt '*' aliases.set_target alias target

22.16.3 salt.modules.alternatives

Support for Alternatives system codeauthor Radek Rada salt.modules.alternatives.auto(name) Trigger alternatives to set the path for as speciﬁed by priority. CLI Example:

salt '*' alternatives.auto name salt.modules.alternatives.check_installed(name, path) Check if the current highest-priority match for a given alternatives link is set to the desired path CLI Example:

salt '*' alternatives.check_installed name path salt.modules.alternatives.display(name) Display alternatives seings for deﬁned command name CLI Example:

salt '*' alternatives.display editor salt.modules.alternatives.install(name, link, path, priority) Install symbolic links determining default commands CLI Example:

salt '*' alternatives.install editor /usr/bin/editor /usr/bin/emacs23 50 salt.modules.alternatives.remove(name, path) Remove symbolic links determining the default commands. CLI Example:

salt '*' alternatives.remove name path salt.modules.alternatives.set_(name, path) Manually set the alternative for . CLI Example:

salt '*' alternatives.set name path salt.modules.alternatives.show_current(name) Display the current highest-priority alternative for a given alternatives link CLI Example:

salt '*' alternatives.show_current editor

472 Chapter 22. Reference Salt Documentation, Release 2014.7.6

22.16.4 salt.modules.apache

Support for Apache Please note: e functions in here are generic functions designed to work with all implementations of Apache. Debian-speciﬁc functions have been moved into deb_apache.py, but will still load under the apache namespace when a Debian-based system is detected. salt.modules.apache.config(name, conﬁg, edit=True) Create VirtualHost conﬁguration ﬁles name File for the virtual host conﬁg VirtualHost conﬁgurations Note: is function is not meant to be used from the command line. Conﬁg is meant to be an ordered dict of all of the apache conﬁgs. CLI Examples:

salt '*' apache.config /etc/httpd/conf.d/ports.conf config="[{'Listen': '22'}]" salt.modules.apache.directives() Return list of directives together with expected arguments and places where the directive is valid (apachectl -L) CLI Example:

salt '*' apache.directives salt.modules.apache.fullversion() Return server version from apachectl -V CLI Example:

salt '*' apache.fullversion salt.modules.apache.modules() Return list of static and shared modules from apachectl -M CLI Example:

salt '*' apache.modules salt.modules.apache.server_status(proﬁle='default') Get Information from the Apache server-status handler NOTE: the server-status handler is disabled by default. in order for this function to work it needs to be enabled. hp://hpd.apache.org/docs/2.2/mod/mod_status.html e following conﬁguration needs to exists in pillar/grains each entry nested in apache.server-status is a proﬁle of a vhost/server this would give support for multiple apache servers/vhosts apae.server-status: `default': `url': hp://localhost/server-status `user': someuser `pass': password `realm': `authentication realm for digest passwords' `timeout': 5 CLI Examples:

salt '*' apache.server_status salt '*' apache.server_status other-profile

22.16. Full list of builtin execution modules 473 Salt Documentation, Release 2014.7.6 salt.modules.apache.servermods() Return list of modules compiled into the server (apachectl -l) CLI Example:

salt '*' apache.servermods salt.modules.apache.signal(signal=None) Signals hpd to start, restart, or stop. CLI Example:

salt '*' apache.signal restart salt.modules.apache.useradd(pwﬁle, user, password, opts='`) Add an HTTP user using the htpasswd command. If the htpasswd ﬁle does not exist, it will be created. Valid options that can be passed are: n Don't update ﬁle; display results on stdout. m Force MD5 encryption of the password (default). d Force CRYPT encryption of the password. p Do not encrypt the password (plaintext). s Force SHA encryption of the password. CLI Examples:

salt '*' apache.useradd /etc/httpd/htpasswd larry badpassword salt '*' apache.useradd /etc/httpd/htpasswd larry badpass opts=ns salt.modules.apache.userdel(pwﬁle, user) Delete an HTTP user from the speciﬁed htpasswd ﬁle. CLI Examples:

salt '*' apache.userdel /etc/httpd/htpasswd larry salt.modules.apache.version() Return server version from apachectl -v CLI Example:

salt '*' apache.version salt.modules.apache.vhosts() Show the seings as parsed from the conﬁg ﬁle (currently only shows the virtualhost seings). (apachectl -S) Because each additional virtual host adds to the execution time, this command may require a long timeout be speciﬁed. CLI Example:

salt -t 10 '*' apache.vhosts

22.16.5 salt.modules.aptpkg

Support for APT (Advanced Packaging Tool)

Note: For virtual package support, either the python-apt or dctrl-tools package must be installed. For repository management, the python-apt package must be installed.

474 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.aptpkg.del_repo(repo, **kwargs) Delete a repo from the sources.list / sources.list.d If the .list ﬁle is in the sources.list.d directory and the ﬁle that the repo exists in does not contain any other repo conﬁguration, the ﬁle itself will be deleted. e repo passed in must be a fully formed repository deﬁnition string. CLI Examples:

salt '*' pkg.del_repo "myrepo definition" salt.modules.aptpkg.expand_repo_def(repokwargs) Take a repository deﬁnition and expand it to the full pkg repository dict that can be used for comparison. is is a helper function to make the Debian/Ubuntu apt sources sane for comparison in the pkgrepo states. ere is no use to calling this function via the CLI. salt.modules.aptpkg.file_dict(*packages) List the ﬁles that belong to a package, grouped by package. Not specifying any packages will return a list of _every_ ﬁle on the system's package database (not generally recommended). CLI Examples:

salt '*' pkg.file_list httpd salt '*' pkg.file_list httpd postfix salt '*' pkg.file_list salt.modules.aptpkg.file_list(*packages) List the ﬁles that belong to a package. Not specifying any packages will return a list of _every_ ﬁle on the system's package database (not generally recommended). CLI Examples:

salt '*' pkg.file_list httpd salt '*' pkg.file_list httpd postfix salt '*' pkg.file_list salt.modules.aptpkg.get_repo(repo, **kwargs) Display a repo from the sources.list / sources.list.d e repo passed in needs to be a complete repo entry. CLI Examples:

salt '*' pkg.get_repo "myrepo definition" salt.modules.aptpkg.get_selections(paern=None, state=None) View package state from the dpkg database. Returns a dict of dicts containing the state, and package names:

{'': {'':['pkg1', ... ] }, ... }

CLI Example:

22.16. Full list of builtin execution modules 475 Salt Documentation, Release 2014.7.6

salt '*' pkg.get_selections salt '*' pkg.get_selections 'python-*' salt '*' pkg.get_selections state=hold salt '*' pkg.get_selections 'openssh*' state=hold salt.modules.aptpkg.hold(name=None, pkgs=None, sources=None, **kwargs) New in version 2014.7.0. Set package in `hold' state, meaning it will not be upgraded. name e name of the package, e.g., `tmux' CLI Example:

salt '*' pkg.hold

pkgs A list of packages to hold. Must be passed as a python list. CLI Example:

salt '*' pkg.hold pkgs='["foo", "bar"]' salt.modules.aptpkg.install(name=None, refresh=False, fromrepo=None, skip_verify=False, deb- conf=None, pkgs=None, sources=None, **kwargs) Install the passed package, add refresh=True to update the dpkg database. name e name of the package to be installed. Note that this parameter is ignored if either ``pkgs'' or ``sources'' is passed. Additionally, please note that this option can only be used to install packages from a soware repository. To install a package ﬁle manually, use the ``sources'' option. 32-bit packages can be installed on 64-bit systems by appending the architecture designation (:i386, etc.) to the end of the package name. CLI Example:

salt '*' pkg.install

refresh Whether or not to refresh the package database before installing. fromrepo Specify a package repository to install from (e.g., apt-get -t unstable install somepackage) skip_verify Skip the GPG veriﬁcation check (e.g., --allow-unauthenticated, or --force-bad- verify for install from package ﬁle). debconf Provide the path to a debconf answers ﬁle, processed before installation. version Install a speciﬁc version of the package, e.g. 1.2.3~0ubuntu0. Ignored if ``pkgs'' or ``sources'' is passed. Multiple Package Installation Options: pkgs A list of packages to install from a soware repository. Must be passed as a python list. CLI Example:

salt '*' pkg.install pkgs='["foo", "bar"]' salt '*' pkg.install pkgs='["foo", {"bar": "1.2.3-0ubuntu0"}]'

sources A list of DEB packages to install. Must be passed as a list of dicts, with the keys being package names, and the values being the source URI or local path to the package. Dependencies are automatically resolved and marked as auto-installed.

476 Chapter 22. Reference Salt Documentation, Release 2014.7.6

32-bit packages can be installed on 64-bit systems by appending the architecture designation (:i386, etc.) to the end of the package name. Changed in version 2014.7.0. CLI Example:

salt '*' pkg.install sources='[{"foo": "salt://foo.deb"},{"bar": "salt://bar.deb"}]'

force_yes Passes --force-yes to the apt-get command. Don't use this unless you know what you're doing. New in version 0.17.4. Returns a dict containing the new package names and versions:

{'':{'old': '', 'new': ''}} salt.modules.aptpkg.latest_version(*names, **kwargs) Return the latest version of the named package available for upgrade or installation. If more than one package name is speciﬁed, a dict of name/version pairs is returned. If the latest version of a given package is already installed, an empty string will be returned for that package. A speciﬁc repo can be requested using the fromrepo keyword argument. CLI Example:

salt '*' pkg.latest_version salt '*' pkg.latest_version fromrepo=unstable salt '*' pkg.latest_version ... salt.modules.aptpkg.list_pkgs(versions_as_list=False, removed=False, purge_desired=False, **kwargs) List the packages currently installed in a dict:

{'': ''}

removed If True, then only packages which have been removed (but not purged) will be returned. purge_desired If True, then only packages which have been marked to be purged, but can't be purged due to their status as dependencies for other installed packages, will be returned. Note that these packages will appear in installed Changed in version 2014.1.1: Packages in this state now correctly show up in the output of this function.

Note: External dependencies Virtual package resolution requires the dctrl-tools package to be installed. Virtual packages will show a version of 1.

CLI Example:

salt '*' pkg.list_pkgs salt '*' pkg.list_pkgs versions_as_list=True salt.modules.aptpkg.list_repos() Lists all repos in the sources.list (and sources.lists.d) ﬁles CLI Example:

22.16. Full list of builtin execution modules 477 Salt Documentation, Release 2014.7.6

salt '*' pkg.list_repos salt '*' pkg.list_repos disabled=True salt.modules.aptpkg.list_upgrades(refresh=True) List all available package upgrades. CLI Example:

salt '*' pkg.list_upgrades salt.modules.aptpkg.mod_repo(repo, saltenv='base', **kwargs) Modify one or more values for a repo. If the repo does not exist, it will be created, so long as the deﬁnition is well formed. For Ubuntu the ``ppa:/repo'' format is acceptable. ``ppa:'' format can only be used to create a new repository. e following options are available to modify a repo deﬁnition:

comps (a comma separated list of components for the repo, e.g. "main") file (a file name to be used) keyserver (keyserver to get gpg key from) keyid (key id to load with the keyserver argument) key_url (URL to a gpg key to add to the apt gpg keyring) consolidate (if true, will attempt to de-dup and consolidate sources)

* Note: Due to the way keys are stored for apt, there is a known issue where the key wont be updated unless another change is made at the same time. Keys should be properly added on initial configuration.

CLI Examples:

salt '*' pkg.mod_repo 'myrepo definition' uri=http://new/uri salt '*' pkg.mod_repo 'myrepo definition' comps=main,universe salt.modules.aptpkg.owner(*paths) New in version 2014.7.0. Return the name of the package that owns the ﬁle. Multiple ﬁle paths can be passed. Like pkg.version

478 Chapter 22. Reference Salt Documentation, Release 2014.7.6

salt '*' pkg.purge salt '*' pkg.purge ,, salt '*' pkg.purge pkgs='["foo", "bar"]' salt.modules.aptpkg.refresh_db() Updates the APT database to latest packages based upon repositories Returns a dict, with the keys being package databases and the values being the result of the update aempt. Values can be one of the following: •True: Database updated successfully •False: Problem updating database •None: Database already up-to-date CLI Example:

salt '*' pkg.refresh_db salt.modules.aptpkg.remove(name=None, pkgs=None, **kwargs) Remove packages using apt-get remove. name e name of the package to be deleted. Multiple Package Options: pkgs A list of packages to delete. Must be passed as a python list. e name parameter will be ignored if this option is passed. New in version 0.16.0. Returns a dict containing the changes. CLI Example:

salt '*' pkg.remove salt '*' pkg.remove ,, salt '*' pkg.remove pkgs='["foo", "bar"]' salt.modules.aptpkg.set_selections(path=None, selection=None, clear=False, saltenv='base') Change package state in the dpkg database. e state can be any one of, documented in dpkg(1): •install •hold •deinstall •purge is command is commonly used to mark speciﬁc packages to be held from being upgraded, that is, to be kept at a certain version. When a state is changed to anything but being held, then it is typically followed by apt-get -u dselect-upgrade. Note: Be careful with the clear argument, since it will start with seing all packages to deinstall state. Returns a dict of dicts containing the package names, and the new and old versions:

{'': {'':{'new': '', 'old': ''} },

22.16. Full list of builtin execution modules 479 Salt Documentation, Release 2014.7.6

... }

CLI Example:

salt '*' pkg.set_selections selection='{"install": ["netcat"]}' salt '*' pkg.set_selections selection='{"hold": ["openssh-server", "openssh-client"]}' salt '*' pkg.set_selections salt://path/to/file salt '*' pkg.set_selections salt://path/to/file clear=True salt.modules.aptpkg.unhold(name=None, pkgs=None, sources=None, **kwargs) New in version 2014.7.0. Set package current in `hold' state to install state, meaning it will be upgraded. name e name of the package, e.g., `tmux' CLI Example:

salt '*' pkg.unhold

pkgs A list of packages to hold. Must be passed as a python list. CLI Example:

salt '*' pkg.unhold pkgs='["foo", "bar"]' salt.modules.aptpkg.upgrade(refresh=True, dist_upgrade=True) Upgrades all packages via apt-get dist-upgrade Returns a dict containing the changes. {`': {`old': `', `new': `'}}

dist_upgrade Whether to perform the upgrade using dist-upgrade vs upgrade. Default is to use dist-upgrade.

New in version 2014.7.0. CLI Example:

salt '*' pkg.upgrade salt.modules.aptpkg.upgrade_available(name) Check whether or not an upgrade is available for a given package CLI Example:

salt '*' pkg.upgrade_available salt.modules.aptpkg.version(*names, **kwargs) Returns a string representing the package version or an empty string if not installed. If more than one package name is speciﬁed, a dict of name/version pairs is returned. CLI Example:

salt '*' pkg.version salt '*' pkg.version ... salt.modules.aptpkg.version_cmp(pkg1, pkg2) Do a cmp-style comparison on two packages. Return -1 if pkg1 < pkg2, 0 if pkg1 == pkg2, and 1 if pkg1 > pkg2. Return None if there was a problem making the comparison. CLI Example:

480 Chapter 22. Reference Salt Documentation, Release 2014.7.6

salt '*' pkg.version_cmp '0.2.4-0ubuntu1' '0.2.4.1-0ubuntu1'

22.16.6 salt.modules.archive

A module to wrap (non-Windows) archive calls New in version 2014.1.0. salt.modules.archive.gunzip(gzipﬁle, template=None) Uses the gunzip command to unpack gzip ﬁles template [None] Can be set to `jinja' or another supported template engine to render the command arguments before execution:

salt '*' archive.gunzip template=jinja /tmp/{{grains.id}}.txt.gz

CLI Example:

# Create /tmp/sourcefile.txt salt '*' archive.gunzip /tmp/sourcefile.txt.gz salt.modules.archive.gzip(sourceﬁle, template=None) Uses the gzip command to create gzip ﬁles template [None] Can be set to `jinja' or another supported template engine to render the command arguments before execution:

salt '*' archive.gzip template=jinja /tmp/{{grains.id}}.txt

CLI Example:

# Create /tmp/sourcefile.txt.gz salt '*' archive.gzip /tmp/sourcefile.txt salt.modules.archive.rar(rarﬁle, sources, template=None, cwd=None) Uses rar for Linux to create rar ﬁles rarﬁle Path of rar ﬁle to be created sources Comma-separated list of sources to include in the rar ﬁle. Sources can also be passed in a python list. cwd [None] Run the rar command from the speciﬁed directory. Use this argument along with relative ﬁle paths to create rar ﬁles which do not contain the leading directories. If not speciﬁed, this will default to the home directory of the user under which the salt minion process is running. New in version 2014.7.1. template [None] Can be set to `jinja' or another supported template engine to render the command arguments before execution:

salt '*' archive.rar template=jinja /tmp/rarfile.rar '/tmp/sourcefile1,/tmp/{{grains.id}}.txt'

CLI Example:

salt '*' archive.rar /tmp/rarfile.rar /tmp/sourcefile1,/tmp/sourcefile2 salt.modules.archive.tar(options, tarﬁle, sources=None, dest=None, cwd=None, template=None)

Note: is function has changed for version 0.17.0. In prior versions, the cwd and template arguments

22.16. Full list of builtin execution modules 481 Salt Documentation, Release 2014.7.6

must be speciﬁed, with the source directories/ﬁles coming as a space-separated list at the end of the command. Beginning with 0.17.0, sources must be a comma-separated list, and the cwd and template arguments are optional.

Uses the tar command to pack, unpack, etc. tar ﬁles options Options to pass to the tar command tarﬁle e ﬁlename of the tar archive to pack/unpack sources Comma delimited list of ﬁles to pa into the tarﬁle. Can also be passed as a python list. dest e destination directory into which to unpa the tarﬁle cwd [None] e directory in which the tar command should be executed. If not speciﬁed, will default to the home directory of the user under which the salt minion process is running. template [None] Can be set to `jinja' or another supported template engine to render the command arguments before execution:

salt '*' archive.tar cjvf /tmp/salt.tar.bz2 {{grains.saltpath}} template=jinja

CLI Examples:

# Create a tarfile salt '*' archive.tar cjvf /tmp/tarfile.tar.bz2 /tmp/file_1,/tmp/file_2 # Unpack a tarfile salt '*' archive.tar xf foo.tar dest=/target/directory salt.modules.archive.unrar(rarﬁle, dest, excludes=None, template=None) Uses rar for Linux to unpack rar ﬁles rarﬁle Name of rar ﬁle to be unpacked dest e destination directory into which to unpa the rar ﬁle template [None] Can be set to `jinja' or another supported template engine to render the command arguments before execution:

salt '*' archive.unrar template=jinja /tmp/rarfile.rar /tmp/{{grains.id}}/ excludes=file_1,file_2

CLI Example:

salt '*' archive.unrar /tmp/rarfile.rar /home/strongbad/ excludes=file_1,file_2 salt.modules.archive.unzip(zipﬁle, dest, excludes=None, template=None, options=None) Uses the unzip command to unpa zip ﬁles. is command is part of the Info-ZIP suite of tools, and is typically packaged as simply unzip. zipﬁle Path of zip ﬁle to be unpacked dest e destination directory into which the ﬁle should be unpacked excludes [None] Comma-separated list of ﬁles not to unpack. Can also be passed in a Python list. template [None] Can be set to `jinja' or another supported template engine to render the command arguments before execution:

salt '*' archive.unzip template=jinja /tmp/zipfile.zip /tmp/{{grains.id}}/ excludes=file_1,file_2

options [None] Additional command-line options to pass to the unzip binary.

482 Chapter 22. Reference Salt Documentation, Release 2014.7.6

CLI Example:

salt '*' archive.unzip /tmp/zipfile.zip /home/strongbad/ excludes=file_1,file_2 salt.modules.archive.zip_(zipﬁle, sources, template=None, cwd=None) Uses the zip command to create zip ﬁles. is command is part of the Info-ZIP suite of tools, and is typically packaged as simply zip. zipﬁle Path of zip ﬁle to be created sources Comma-separated list of sources to include in the zip ﬁle. Sources can also be passed in a Python list. template [None] Can be set to `jinja' or another supported template engine to render the command arguments before execution:

salt '*' archive.zip template=jinja /tmp/zipfile.zip /tmp/sourcefile1,/tmp/{{grains.id}}.txt

cwd [None] Use this argument along with relative paths in sources to create zip ﬁles which do not contain the leading directories. If not speciﬁed, the zip ﬁle will be created as if the cwd was /, and creating a zip ﬁle of /foo/bar/baz.txt will contain the parent directories foo and bar. To create a zip ﬁle containing just baz.txt, the following command would be used:

salt '*' archive.zip /tmp/baz.zip baz.txt cwd=/foo/bar

New in version 2014.7.1. CLI Example:

salt '*' archive.zip /tmp/zipfile.zip /tmp/sourcefile1,/tmp/sourcefile2

22.16.7 salt.modules.at

Wrapper module for at(1) Also, a `tag' feature has been added to more easily tag jobs. salt.modules.at.at(*args, **kwargs) Add a job to the queue. e `timespec' follows the format documented in the at(1) manpage. CLI Example:

salt '*' at.at [tag=] [runas=] salt '*' at.at 12:05am '/sbin/reboot' tag=reboot salt '*' at.at '3:05am +3 days' 'bin/myscript' tag=nightly runas=jim salt.modules.at.atc(jobid) Print the at(1) script that will run for the passed job id. is is mostly for debugging so the output will just be text. CLI Example:

salt '*' at.atc salt.modules.at.atq(tag=None) List all queued and running jobs or only those with an optional `tag'. CLI Example:

22.16. Full list of builtin execution modules 483 Salt Documentation, Release 2014.7.6

salt '*' at.atq salt '*' at.atq [tag] salt '*' at.atq [job number] salt.modules.at.atrm(*args) Remove jobs from the queue. CLI Example:

salt '*' at.atrm .. salt '*' at.atrm all salt '*' at.atrm all [tag] salt.modules.at.jobcheck(**kwargs) Check the job from queue. e kwargs dict include `hour minute day month year tag runas' Other parameters will be ignored. CLI Example:

salt '*' at.jobcheck runas=jam day=13 salt '*' at.jobcheck day=13 month=12 year=13 tag=rose

22.16.8 salt.modules.augeas_cfg

Manages conﬁguration ﬁles via augeas is module requires the augeas Python module.

Warning: Minimal installations of Debian and Ubuntu have been seen to have packaging bugs with python- augeas, causing the augeas module to fail to import. If the minion has the augeas module installed, but the functions in this execution module fail to run due to being unavailable, ﬁrst restart the salt-minion service. If the problem persists past that, the following command can be run from the master to determine what is causing the import to fail:

salt minion-id cmd.run 'python -c "from augeas import Augeas"'

For aﬀected Debian/Ubuntu hosts, installing libpython2.7 has been known to resolve the issue. salt.modules.augeas_cfg.execute(context=None, lens=None, commands=()) Execute Augeas commands New in version 2014.7.0. CLI Example:

salt '*' augeas.execute /files/etc/redis/redis.conf commands='["set bind 0.0.0.0", "set maxmemory 1G"]' salt.modules.augeas_cfg.get(path, value='`) Get a value for a speciﬁc augeas path CLI Example:

salt '*' augeas.get /files/etc/hosts/1/ ipaddr salt.modules.augeas_cfg.ls(path) List the direct children of a node CLI Example:

484 Chapter 22. Reference Salt Documentation, Release 2014.7.6

salt '*' augeas.ls /files/etc/passwd salt.modules.augeas_cfg.match(path, value='`) Get matches for path expression CLI Example:

salt '*' augeas.match /files/etc/services/service-name ssh salt.modules.augeas_cfg.remove(path) Get matches for path expression CLI Example:

salt '*' augeas.remove /files/etc/sysctl.conf/net.ipv4.conf.all.log_martians salt.modules.augeas_cfg.setvalue(*args) Set a value for a speciﬁc augeas path CLI Example:

salt '*' augeas.setvalue /files/etc/hosts/1/canonical localhost

is will set the ﬁrst entry in /etc/hosts to localhost CLI Example:

salt '*' augeas.setvalue /files/etc/hosts/01/ipaddr 192.168.1.1 \ /files/etc/hosts/01/canonical test

Adds a new host to /etc/hosts the ip address 192.168.1.1 and hostname test CLI Example:

salt '*' augeas.setvalue prefix=/files/etc/sudoers/ \ "spec[user = '%wheel']/user" "%wheel" \ "spec[user = '%wheel']/host_group/host" 'ALL' \ "spec[user = '%wheel']/host_group/command[1]" 'ALL' \ "spec[user = '%wheel']/host_group/command[1]/tag" 'PASSWD' \ "spec[user = '%wheel']/host_group/command[2]" '/usr/bin/apt-get' \ "spec[user = '%wheel']/host_group/command[2]/tag" NOPASSWD

Ensures that the following line is present in /etc/sudoers:

%wheel ALL = PASSWD : ALL , NOPASSWD : /usr/bin/apt-get , /usr/bin/aptitude salt.modules.augeas_cfg.tree(path) Returns recursively the complete tree of a node CLI Example:

salt '*' augeas.tree /files/etc/

22.16.9 salt.modules.aws_sqs

Support for the Amazon Simple eue Service. salt.modules.aws_sqs.create_queue(name, region, opts=None, user=None) Creates a queue with the correct name.

22.16. Full list of builtin execution modules 485 Salt Documentation, Release 2014.7.6

name Name of the SQS queue to create region Region to create the SQS queue in opts [None] Any additional options to add to the command line user [None] Run hg as a user other than what the minion runs as salt.modules.aws_sqs.delete_message(queue, region, receipthandle, opts=None, user=None) Delete one or more messages from a queue in a region queue e name of the queue to delete messages from region Region where SQS queues exists receipthandle e ReceiptHandle of the message to delete. e ReceiptHandle is obtained in the return from receive_message opts [None] Any additional options to add to the command line user [None] Run as a user other than what the minion runs as CLI Example:

salt '*' aws_sqs.delete_message receipthandle=''

New in version 2014.7.0. salt.modules.aws_sqs.delete_queue(name, region, opts=None, user=None) Deletes a queue in the region. name Name of the SQS queue to deletes region Name of the region to delete the queue from opts [None] Any additional options to add to the command line user [None] Run hg as a user other than what the minion runs as salt.modules.aws_sqs.list_queues(region, opts=None, user=None) List the queues in the selected region. region Region to list SQS queues for opts [None] Any additional options to add to the command line user [None] Run hg as a user other than what the minion runs as salt.modules.aws_sqs.queue_exists(name, region, opts=None, user=None) Returns True or False on whether the queue exists in the region name Name of the SQS queue to search for region Name of the region to search for the queue in opts [None] Any additional options to add to the command line user [None] Run hg as a user other than what the minion runs as salt.modules.aws_sqs.receive_message(queue, region, num=1, opts=None, user=None) Receive one or more messages from a queue in a region queue e name of the queue to receive messages from region Region where SQS queues exists num [1] e max number of messages to receive opts [None] Any additional options to add to the command line

486 Chapter 22. Reference Salt Documentation, Release 2014.7.6

user [None] Run as a user other than what the minion runs as CLI Example:

salt '*' aws_sqs.receive_message salt '*' aws_sqs.receive_message num=10

New in version 2014.7.0.

22.16.10 salt.modules.blockdev

Module for managing block devices New in version 2014.7.0. salt.modules.blockdev.dump(device, args=None) Return all contents of dumpe2fs for a speciﬁed device CLI Example: .. code-block:: bash salt `*' extfs.dump /dev/sda1 salt.modules.blockdev.tune(device, **kwargs) Set aributes for the speciﬁed device CLI Example:

salt '*' blockdev.tune /dev/sda1 read-ahead=1024 read-write=True

Valid options are: read-ahead, filesystem-read-ahead, read-only, read-write. See the blockdev(8) manpage for a more complete description of these options. salt.modules.blockdev.wipe(device) Remove the ﬁlesystem information CLI Example:

salt '*' blockdev.wipe /dev/sda1

22.16.11 salt.modules.bluez

Support for Bluetooth (using BlueZ in Linux). e following packages are required packages for this module: bluez >= 5.7 bluez-libs >= 5.7 bluez-utils >= 5.7 pybluez >= 0.18 salt.modules.bluez.address_() Get the many addresses of the Bluetooth adapter CLI Example:

salt '*' bluetooth.address salt.modules.bluez.block(bdaddr) Block a speciﬁc bluetooth device by BD Address CLI Example:

salt '*' bluetooth.block DE:AD:BE:EF:CA:FE

22.16. Full list of builtin execution modules 487 Salt Documentation, Release 2014.7.6 salt.modules.bluez.discoverable(dev) Enable this bluetooth device to be discoverable. CLI Example:

salt '*' bluetooth.discoverable hci0 salt.modules.bluez.noscan(dev) Turn oﬀ scanning modes on this device. CLI Example:

salt '*' bluetooth.noscan hci0 salt.modules.bluez.pair(address, key) Pair the bluetooth adapter with a device CLI Example:

salt '*' bluetooth.pair DE:AD:BE:EF:CA:FE 1234

Where DE:AD:BE:EF:CA:FE is the address of the device to pair with, and 1234 is the passphrase. TODO: is function is currently broken, as the bluez-simple-agent program no longer ships with BlueZ >= 5.0. It needs to be refactored. salt.modules.bluez.power(dev, mode) Power a bluetooth device on or oﬀ CLI Examples:

salt '*' bluetooth.power hci0 on salt '*' bluetooth.power hci0 off salt.modules.bluez.scan() Scan for bluetooth devices in the area CLI Example:

salt '*' bluetooth.scan salt.modules.bluez.start() Start the bluetooth service. CLI Example:

salt '*' bluetooth.start salt.modules.bluez.stop() Stop the bluetooth service. CLI Example:

salt '*' bluetooth.stop salt.modules.bluez.unblock(bdaddr) Unblock a speciﬁc bluetooth device by BD Address CLI Example:

salt '*' bluetooth.unblock DE:AD:BE:EF:CA:FE

488 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.bluez.unpair(address) Unpair the bluetooth adapter from a device CLI Example:

salt '*' bluetooth.unpair DE:AD:BE:EF:CA:FE

Where DE:AD:BE:EF:CA:FE is the address of the device to unpair. TODO: is function is currently broken, as the bluez-simple-agent program no longer ships with BlueZ >= 5.0. It needs to be refactored. salt.modules.bluez.version() Return Bluez version from bluetoothd -v CLI Example:

salt '*' bluetoothd.version

22.16.12 salt.modules.boto_asg

Connection module for Amazon Autoscale Groups New in version 2014.7.0. conﬁguration is module accepts explicit autoscale credentials but can also utilize IAM roles assigned to the instance trough Instance Proﬁles. Dynamic credentials are then automatically obtained from AWS API and no further conﬁguration is necessary. More Information available at:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

If IAM roles are not used you need to specify them either in a pillar or in the minion's conﬁg ﬁle:

asg.keyid: GKTADJGHEIQSXMKKRBJ08H asg.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

A region may also be speciﬁed in the conﬁguration:

asg.region: us-east-1

If a region is not speciﬁed, the default is us-east-1. It's also possible to specify key, keyid and region via a proﬁle, either as a passed in dict, or as a string to pull from pillars or minion conﬁg: myproﬁle: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdkghWupUjasdﬂkd- lgjsdajkghs region: us-east-1 depends boto salt.modules.boto_asg.create(name, launch_conﬁg_name, availability_zones, min_size, max_size, desired_capacity=None, load_balancers=None, default_cooldown=None, health_check_type=None, health_check_period=None, placement_group=None, vpc_zone_identiﬁer=None, tags=None, termination_policies=None, suspended_processes=None, scaling_policies=None, region=None, key=None, keyid=None, proﬁle=None) Create an autoscale group. CLI example:

22.16. Full list of builtin execution modules 489 Salt Documentation, Release 2014.7.6

salt myminion boto_asg.create myasg mylc '["us-east-1a", "us-east-1e"]' 1 10 load_balancers='["myelb", "myelb2"]' tags='[{"key": "Name", value="myasg", "propagate_at_launch": True}]' salt.modules.boto_asg.create_launch_configuration(name, image_id, key_name=None, security_groups=None, user_data=None, in- stance_type='m1.small', ker- nel_id=None, ramdisk_id=None, block_device_mappings=None, instance_monitoring=False, spot_price=None, in- stance_proﬁle_name=None, ebs_optimized=False, asso- ciate_public_ip_address=None, volume_type=None, delete_on_termination=True, iops=None, use_block_device_types=False, re- gion=None, key=None, keyid=None, proﬁle=None) Create a launch conﬁguration. CLI example:

salt myminion boto_asg.create_launch_configuration mylc image_id=ami-0b9c9f62 key_name='mykey' security_groups='["mygroup"]' instance_type='c3.2xlarge' salt.modules.boto_asg.delete(name, force=False, region=None, key=None, keyid=None, pro- ﬁle=None) Delete an autoscale group. CLI example:

salt myminion boto_asg.delete myasg region=us-east-1 salt.modules.boto_asg.delete_launch_configuration(name, region=None, key=None, keyid=None, proﬁle=None) Delete a launch conﬁguration. CLI example:

salt myminion boto_asg.delete_launch_configuration mylc salt.modules.boto_asg.exists(name, region=None, key=None, keyid=None, proﬁle=None) Check to see if an autoscale group exists. CLI example:

salt myminion boto_asg.exists myasg region=us-east-1 salt.modules.boto_asg.get_cloud_init_mime(cloud_init) Get a mime multipart encoded string from a cloud-init dict. Currently supports scripts and cloud-conﬁg. CLI Example:

salt myminion boto.get_cloud_init_mime salt.modules.boto_asg.get_config(name, region=None, key=None, keyid=None, proﬁle=None) Get the conﬁguration for an autoscale group. CLI example:

490 Chapter 22. Reference Salt Documentation, Release 2014.7.6

salt myminion boto_asg.get_config myasg region=us-east-1 salt.modules.boto_asg.get_scaling_policy_arn(as_group, scaling_policy_name, re- gion=None, key=None, keyid=None, proﬁle=None) Return the arn for a scaling policy in a speciﬁc autoscale group or None if not found. Mainly used as a helper method for boto_cloudwatch_alarm, for linking alarms to scaling policies. CLI Example:

salt '*' boto_asg.get_scaling_policy_arn mygroup mypolicy salt.modules.boto_asg.launch_configuration_exists(name, region=None, key=None, keyid=None, proﬁle=None) Check for a launch conﬁguration's existence. CLI example:

salt myminion boto_asg.launch_configuration_exists mylc salt.modules.boto_asg.update(name, launch_conﬁg_name, availability_zones, min_size, max_size, desired_capacity=None, load_balancers=None, default_cooldown=None, health_check_type=None, health_check_period=None, placement_group=None, vpc_zone_identiﬁer=None, tags=None, termination_policies=None, suspended_processes=None, scaling_policies=None, region=None, key=None, keyid=None, proﬁle=None) Update an autoscale group. CLI example:

salt myminion boto_asg.update myasg mylc '["us-east-1a", "us-east-1e"]' 1 10 load_balancers='["myelb", "myelb2"]' tags='[{"key": "Name", value="myasg", "propagate_at_launch": True}]'

22.16.13 salt.modules.boto_cloudwatch

Connection module for Amazon CloudWatch New in version 2014.7.0. conﬁguration is module accepts explicit credentials but can also utilize IAM roles assigned to the instance trough Instance Proﬁles. Dynamic credentials are then automatically obtained from AWS API and no further conﬁguration is necessary. More Information available at:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

If IAM roles are not used you need to specify them either in a pillar or in the minion's conﬁg ﬁle:

cloudwatch.keyid: GKTADJGHEIQSXMKKRBJ08H cloudwatch.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

A region may also be speciﬁed in the conﬁguration:

cloudwatch.region: us-east-1

22.16. Full list of builtin execution modules 491 Salt Documentation, Release 2014.7.6

myproﬁle: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdkghWupUjasdﬂkd- lgjsdajkghs region: us-east-1 depends boto salt.modules.boto_cloudwatch.convert_to_arn(arns, region=None, key=None, keyid=None, proﬁle=None) Convert a list of strings into actual arns. Converts convenience names such as `scaling_policy:…' CLI Example:

salt '*' convert_to_arn 'scaling_policy:' salt.modules.boto_cloudwatch.create_or_update_alarm(connection=None, name=None, metric=None, names- pace=None, statistic=None, comparison=None, thresh- old=None, period=None, evalu- ation_periods=None, unit=None, description='`, dimensions=None, alarm_actions=None, insuf- ﬁcient_data_actions=None, ok_actions=None, region=None, key=None, keyid=None, pro- ﬁle=None) Create or update a cloudwatch alarm. Params are the same as: hp://boto.readthedocs.org/en/latest/ref/cloudwatch.html#boto.ec2.cloudwatch.alarm.MetricAlarm. Dimensions must be a dict. If the value of Dimensions is a string, it will be json decoded to produce a dict. alarm_actions, insuﬃcient_data_actions, and ok_actions must be lists of string. If the passed-in value is a string, it will be split on '','' to produce a list. e strings themselves for alarm_actions, insuf- ﬁcient_data_actions, and ok_actions must be Amazon resource names (ARN's); however, this method also supports an arn lookup notation, as follows: arn:aws:…. ARN as per hp://docs.aws.amazon.com/general/latest/gr/aws-arns-and- namespaces.html scaling_policy:: e named autoscale group scaling policy, for the named group (e.g. scaling_policy:my-asg:ScaleDown) is is convenient for seing up autoscaling as follows. First specify a boto_asg.present state for an ASG with scaling_policies, and then set up boto_cloudwatch_alarm.present states which have alarm_actions that reference the scaling_policy. CLI example: salt myminion boto_cloudwatch.create_alarm name=myalarm … region=us-east-1 salt.modules.boto_cloudwatch.delete_alarm(name, region=None, key=None, keyid=None, pro- ﬁle=None) Delete a cloudwatch alarm CLI example to delete a queue:

salt myminion boto_cloudwatch.delete_alarm myalarm region=us-east-1 salt.modules.boto_cloudwatch.get_alarm(name, region=None, key=None, keyid=None, pro- ﬁle=None) Get alarm details. Also can be used to check to see if an alarm exists. CLI example:

492 Chapter 22. Reference Salt Documentation, Release 2014.7.6

salt myminion boto_cloudwatch.get_alarm myalarm region=us-east-1 salt.modules.boto_cloudwatch.get_all_alarms(region=None, preﬁx=None, key=None, keyid=None, proﬁle=None) Get all alarm details. Produces results that can be used to create an sls ﬁle. If preﬁx parameter is given, alarm names in the output will be prepended with the preﬁx; alarms that have the preﬁx will be skipped. is can be used to convert existing alarms to be managed by salt, as follows: 1.Make a ``baup'' of all existing alarms $ salt-call boto_cloudwatch.get_all_alarms --out=txt | sed ``s/local: //'' > legacy_alarms.sls 2.Get all alarms with new preﬁxed names $ salt-call boto_cloudwatch.get_all_alarms ``pre- ﬁx=**MANAGED BY SALT** '' --out=txt | sed ``s/local: //'' > managed_alarms.sls 3.Insert the managed alarms into cloudwat $ salt-call state.template managed_alarms.sls 4.Manually verify that the new alarms look right 5.Delete the original alarms $ sed s/present/absent/ legacy_alarms.sls > remove_legacy_alarms.sls $ salt- call state.template remove_legacy_alarms.sls 6.Get all alarms again, verify no changes $ salt-call boto_cloudwatch.get_all_alarms --out=txt | sed ``s/local: //'' > ﬁnal_alarms.sls $ diﬀ ﬁnal_alarms.sls managed_alarms.sls CLI example:

salt myminion boto_cloudwatch.get_all_alarms region=us-east-1 --out=txt

22.16.14 salt.modules.boto_elasticache

Connection module for Amazon Elasticache New in version 2014.7.0. conﬁguration is module accepts explicit elasticache credentials but can also utilize IAM roles as- signed to the instance trough Instance Proﬁles. Dynamic credentials are then automatically ob- tained from AWS API and no further conﬁguration is necessary. More Information available at:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

If IAM roles are not used you need to specify them either in a pillar or in the minion's conﬁg ﬁle:

elasticache.keyid: GKTADJGHEIQSXMKKRBJ08H elasticache.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

A region may also be speciﬁed in the conﬁguration:

elasticache.region: us-east-1

22.16. Full list of builtin execution modules 493 Salt Documentation, Release 2014.7.6 salt.modules.boto_elasticache.authorize_cache_security_group_ingress(name, ec2_security_group_name, ec2_security_group_owner_id, re- gion=None, key=None, keyid=None, pro- ﬁle=None) Authorize network ingress from an ec2 security group to a cache security group. CLI example:

salt myminion boto_elasticache.authorize_cache_security_group_ingress myelasticachesg myec2sg 879879 salt.modules.boto_elasticache.create(name, num_cache_nodes, engine, cache_node_type, replication_group_id=None, engine_version=None, cache_parameter_group_name=None, cache_subnet_group_name=None, cache_security_group_names=None, secu- rity_group_ids=None, snapshot_arns=None, preferred_availability_zone=None, pre- ferred_maintenance_window=None, port=None, notiﬁcation_topic_arn=None, auto_minor_version_upgrade=True, wait=False, re- gion=None, key=None, keyid=None, proﬁle=None) Create a cache cluster. CLI example:

salt myminion boto_elasticache.create myelasticache 1 redis cache.t1.micro cache_security_group_names='["myelasticachesg"]' salt.modules.boto_elasticache.create_cache_security_group(name, description, re- gion=None, key=None, keyid=None, pro- ﬁle=None) Create a cache security group. CLI example:

salt myminion boto_elasticache.create_cache_security_group myelasticachesg 'My Cache Security Group' salt.modules.boto_elasticache.delete(name, wait=False, region=None, key=None, keyid=None, proﬁle=None) Delete a cache cluster. CLI example:

salt myminion boto_elasticache.delete myelasticache salt.modules.boto_elasticache.delete_cache_security_group(name, region=None, key=None, keyid=None, proﬁle=None) Delete a cache security group. CLI example:

salt myminion boto_elasticache.delete_cache_security_group myelasticachesg 'My Cache Security Group'

494 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.boto_elasticache.exists(name, region=None, key=None, keyid=None, pro- ﬁle=None) Check to see if a cache cluster exists. CLI example:

salt myminion boto_elasticache.exists myelasticache salt.modules.boto_elasticache.get_cache_subnet_group(name, region=None, key=None, keyid=None, proﬁle=None) Get information about a cache subnet group. CLI example:

salt myminion boto_elasticache.get_cache_subnet_group mycache_subnet_group salt.modules.boto_elasticache.get_config(name, region=None, key=None, keyid=None, pro- ﬁle=None) Get the conﬁguration for a cache cluster. CLI example:

salt myminion boto_elasticache.get_config myelasticache salt.modules.boto_elasticache.revoke_cache_security_group_ingress(name, ec2_security_group_name, ec2_security_group_owner_id, re- gion=None, key=None, keyid=None, pro- ﬁle=None) Revoke network ingress from an ec2 security group to a cache security group. CLI example:

salt myminion boto_elasticache.revoke_cache_security_group_ingress myelasticachesg myec2sg 879879

22.16.15 salt.modules.boto_elb

Connection module for Amazon ELB New in version 2014.7.0. conﬁguration is module accepts explicit elb credentials but can also utilize IAM roles assigned to the instance trough Instance Proﬁles. Dynamic credentials are then automatically obtained from AWS API and no further conﬁguration is necessary. More Information available at:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

If IAM roles are not used you need to specify them either in a pillar or in the minion's conﬁg ﬁle:

elb.keyid: GKTADJGHEIQSXMKKRBJ08H elb.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

A region may also be speciﬁed in the conﬁguration:

22.16. Full list of builtin execution modules 495 Salt Documentation, Release 2014.7.6

elb.region: us-east-1

salt myminion boto_elb.attach_subnets myelb '["mysubnet"]' salt.modules.boto_elb.create(name, availability_zones, listeners=None, subnets=None, se- curity_groups=None, scheme='internet-facing', region=None, key=None, keyid=None, proﬁle=None) Create an ELB CLI example to create an ELB:

salt myminion boto_elb.create myelb '["us-east-1a", "us-east-1e"]' listeners='[["HTTPS", "HTTP", 443, 80, "arn:aws:iam::1111111:server-certificate/mycert"]]' region=us-east-1 salt.modules.boto_elb.create_listeners(name, listeners=None, region=None, key=None, keyid=None, proﬁle=None) Create listeners on an ELB. CLI example:

salt myminion boto_elb.create_listeners myelb listeners='[["HTTPS", "HTTP", 443, 80, "arn:aws:iam::11 11111:server-certificate/mycert"]]' salt.modules.boto_elb.delete(name, region=None, key=None, keyid=None, proﬁle=None) Delete an ELB. CLI example to delete an ELB:

salt myminion boto_elb.delete myelb region=us-east-1 salt.modules.boto_elb.delete_listeners(name, ports, region=None, key=None, keyid=None, proﬁle=None) Delete listeners on an ELB. CLI example:

salt myminion boto_elb.delete_listeners myelb '[80,443]' salt.modules.boto_elb.deregister_instances(name, instances, region=None, key=None, keyid=None, proﬁle=None) Deregister instances with an ELB. Instances is either a string instance id or a list of string instance id's. Returns: •True: instance(s) deregistered successfully •False: instance(s) failed to be deregistered •None: instance(s) not valid or not registered, no action taken

496 Chapter 22. Reference Salt Documentation, Release 2014.7.6

CLI example:

salt myminion boto_elb.deregister_instances myelb instance_id salt myminion boto_elb.deregister_instances myelb "[instance_id, instance_id]" salt.modules.boto_elb.detach_subnets(name, subnets, region=None, key=None, keyid=None, proﬁle=None) Detach ELB from subnets. CLI example:

salt myminion boto_elb.detach_subnets myelb '["mysubnet"]' salt.modules.boto_elb.disable_availability_zones(name, availability_zones, re- gion=None, key=None, keyid=None, proﬁle=None) Disable availability zones for ELB. CLI example:

salt myminion boto_elb.disable_availability_zones myelb '["us-east-1a"]' salt.modules.boto_elb.enable_availability_zones(name, availability_zones, region=None, key=None, keyid=None, proﬁle=None) Enable availability zones for ELB. CLI example:

salt myminion boto_elb.enable_availability_zones myelb '["us-east-1a"]' salt.modules.boto_elb.exists(name, region=None, key=None, keyid=None, proﬁle=None) Check to see if an ELB exists. CLI example:

salt myminion boto_elb.exists myelb region=us-east-1 salt.modules.boto_elb.get_attributes(name, region=None, key=None, keyid=None, pro- ﬁle=None) Check to see if aributes are set on an ELB. CLI example:

salt myminion boto_elb.get_attributes myelb salt.modules.boto_elb.get_elb_config(name, region=None, key=None, keyid=None, pro- ﬁle=None) Check to see if an ELB exists. CLI example:

salt myminion boto_elb.exists myelb region=us-east-1 salt.modules.boto_elb.get_health_check(name, region=None, key=None, keyid=None, pro- ﬁle=None) Get the health check conﬁgured for this ELB. CLI example:

salt myminion boto_elb.get_health_check myelb

22.16. Full list of builtin execution modules 497 Salt Documentation, Release 2014.7.6 salt.modules.boto_elb.get_instance_health(name, region=None, key=None, keyid=None, pro- ﬁle=None, instances=None) Get a list of instances and their health state CLI example:

salt myminion boto_elb.get_instance_health myelb salt myminion boto_elb.get_instance_health myelb region=us-east-1 instances="[instance_id,instance_id]" salt.modules.boto_elb.register_instances(name, instances, region=None, key=None, keyid=None, proﬁle=None) Register instances with an ELB. Instances is either a string instance id or a list of string instance id's. Returns: •True: instance(s) registered successfully •False: instance(s) failed to be registered CLI example:

salt myminion boto_elb.register_instances myelb instance_id salt myminion boto_elb.register_instances myelb "[instance_id,instance_id]" salt.modules.boto_elb.set_attributes(name, aributes, region=None, key=None, keyid=None, proﬁle=None) Set aributes on an ELB. CLI example to set aributes on an ELB:

salt myminion boto_elb.set_attributes myelb '{"access_log": {"enabled": "true", "s3_bucket_name": "mybucket", "s3_bucket_prefix": "mylogs/", "emit_interval": "5"}}' region=us-east-1 salt.modules.boto_elb.set_health_check(name, health_check, region=None, key=None, keyid=None, proﬁle=None) Set aributes on an ELB. CLI example to set aributes on an ELB:

salt myminion boto_elb.set_health_check myelb '{"target": "HTTP:80/"}'

22.16.16 salt.modules.boto_iam

Connection module for Amazon IAM New in version 2014.7.0. conﬁguration is module accepts explicit iam credentials but can also utilize IAM roles assigned to the instance trough Instance Proﬁles. Dynamic credentials are then automatically obtained from AWS API and no further conﬁguration is necessary. More Information available at:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

If IAM roles are not used you need to specify them either in a pillar or in the minion's conﬁg ﬁle:

iam.keyid: GKTADJGHEIQSXMKKRBJ08H iam.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs iam.region: us-east-1

It's also possible to specify key, keyid and region via a proﬁle, either as a passed in dict, or as a string to pull from pillars or minion conﬁg:

498 Chapter 22. Reference Salt Documentation, Release 2014.7.6

myproﬁle: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdkghWupUjasdﬂkd- lgjsdajkghs region: us-east-1 depends boto salt.modules.boto_iam.associate_profile_to_role(proﬁle_name, role_name, region=None, key=None, keyid=None, proﬁle=None) Associate an instance proﬁle with an IAM role. CLI example:

salt myminion boto_iam.associate_profile_to_role myirole myiprofile salt.modules.boto_iam.create_instance_profile(name, region=None, key=None, keyid=None, proﬁle=None) Create an instance proﬁle. CLI example:

salt myminion boto_iam.create_instance_profile myiprofile salt.modules.boto_iam.create_role(name, policy_document=None, path=None, region=None, key=None, keyid=None, proﬁle=None) Create an instance role. CLI example:

salt myminion boto_iam.create_role myrole salt.modules.boto_iam.create_role_policy(role_name, policy_name, policy, region=None, key=None, keyid=None, proﬁle=None) Create or modify a role policy. CLI example:

salt myminion boto_iam.create_role_policy myirole mypolicy '{"MyPolicy": "Statement": [{"Action": ["sqs:*"], "Effect": "Allow", "Resource": ["arn:aws:sqs:*:*:*"], "Sid": "MyPolicySqs1"}]}' salt.modules.boto_iam.delete_instance_profile(name, region=None, key=None, keyid=None, proﬁle=None) Delete an instance proﬁle. CLI example:

salt myminion boto_iam.delete_instance_profile myiprofile salt.modules.boto_iam.delete_role(name, region=None, key=None, keyid=None, proﬁle=None) Delete an IAM role. CLI example:

salt myminion boto_iam.delete_role myirole salt.modules.boto_iam.delete_role_policy(role_name, policy_name, region=None, key=None, keyid=None, proﬁle=None) Delete a role policy. CLI example:

salt myminion boto_iam.delete_role_policy myirole mypolicy

22.16. Full list of builtin execution modules 499 Salt Documentation, Release 2014.7.6 salt.modules.boto_iam.disassociate_profile_from_role(proﬁle_name, role_name, region=None, key=None, keyid=None, proﬁle=None) Disassociate an instance proﬁle from an IAM role. CLI example:

salt myminion boto_iam.disassociate_profile_from_role myirole myiprofile salt.modules.boto_iam.get_role_policy(role_name, policy_name, region=None, key=None, keyid=None, proﬁle=None) Get a role policy. CLI example:

salt myminion boto_iam.get_role_policy myirole mypolicy salt.modules.boto_iam.instance_profile_exists(name, region=None, key=None, keyid=None, proﬁle=None) Check to see if an instance proﬁle exists. CLI example:

salt myminion boto_iam.instance_profile_exists myiprofile salt.modules.boto_iam.list_role_policies(role_name, region=None, key=None, keyid=None, proﬁle=None) Get a list of policy names from a role. CLI example:

salt myminion boto_iam.list_role_policies myirole salt.modules.boto_iam.profile_associated(role_name, proﬁle_name, region, key, keyid, pro- ﬁle) Check to see if an instance proﬁle is associated with an IAM role. CLI example:

salt myminion boto_iam.profile_associated myirole myiprofile salt.modules.boto_iam.role_exists(name, region=None, key=None, keyid=None, proﬁle=None) Check to see if an IAM role exists. CLI example:

salt myminion boto_iam.role_exists myirole

22.16.17 salt.modules.boto_route53

Connection module for Amazon Route53 New in version 2014.7.0. conﬁguration is module accepts explicit route53 credentials but can also utilize IAM roles assigned to the instance trough Instance Proﬁles. Dynamic credentials are then automatically obtained from AWS API and no further conﬁguration is necessary. More Information available at:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

500 Chapter 22. Reference Salt Documentation, Release 2014.7.6

If IAM roles are not used you need to specify them either in a pillar or in the minion's conﬁg ﬁle:

route53.keyid: GKTADJGHEIQSXMKKRBJ08H route53.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

A region may also be speciﬁed in the conﬁguration:

route53.region: us-east-1

salt myminion boto_route53.add_record test.example.org 1.1.1.1 example.org A salt.modules.boto_route53.delete_record(name, zone, record_type, identiﬁer=None, all_records=False, region=None, key=None, keyid=None, proﬁle=None, sync_wait=False) Modify a record in a zone. CLI example:

salt myminion boto_route53.delete_record test.example.org example.org A salt.modules.boto_route53.get_record(name, zone, record_type, fetch_all=False, region=None, key=None, keyid=None, proﬁle=None) Get a record from a zone. CLI example:

salt myminion boto_route53.get_record test.example.org example.org A salt.modules.boto_route53.update_record(name, value, zone, record_type, identiﬁer=None, l=None, region=None, key=None, keyid=None, pro- ﬁle=None, sync_wait=False) Modify a record in a zone. CLI example:

salt myminion boto_route53.modify_record test.example.org 1.1.1.1 example.org A

22.16.18 salt.modules.boto_secgroup

Connection module for Amazon Security Groups New in version 2014.7.0.

22.16. Full list of builtin execution modules 501 Salt Documentation, Release 2014.7.6

conﬁguration is module accepts explicit ec2 credentials but can also utilize IAM roles assigned to the instance trough Instance Proﬁles. Dynamic credentials are then automatically obtained from AWS API and no further conﬁguration is necessary. More Information available at:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

If IAM roles are not used you need to specify them either in a pillar or in the minion's conﬁg ﬁle:

secgroup.keyid: GKTADJGHEIQSXMKKRBJ08H secgroup.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

A region may also be speciﬁed in the conﬁguration:

secgroup.region: us-east-1

If a region is not speciﬁed, the default is us-east-1. It's also possible to specify key, keyid and region via a proﬁle, either as a passed in dict, or as a string to pull from pillars or minion conﬁg: myproﬁle: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdkghWupUjasdﬂkd- lgjsdajkghs region: us-east-1 depends boto salt.modules.boto_secgroup.authorize(name=None, source_group_name=None, source_group_owner_id=None, ip_protocol=None, from_port=None, to_port=None, cidr_ip=None, group_id=None, source_group_group_id=None, re- gion=None, key=None, keyid=None, proﬁle=None, vpc_id=None) Add a new rule to an existing security group. CLI example:

salt myminion boto_secgroup.authorize mysecgroup ip_protocol=tcp from_port=80 to_port=80 cidr_ip='['10.0.0.0/8', '192.168.0.0/24']' salt.modules.boto_secgroup.convert_to_group_ids(groups, vpc_id, region=None, key=None, keyid=None, proﬁle=None) Given a list of security groups and a vpc_id, convert_to_group_ids will convert all list items in the given list to security group ids. CLI example:

salt myminion boto_secgroup.convert_to_group_ids mysecgroup vpc-89yhh7h salt.modules.boto_secgroup.create(name, description, vpc_id=None, region=None, key=None, keyid=None, proﬁle=None) Create an autoscale group. CLI example:

salt myminion boto_secgroup.create mysecgroup 'My Security Group' salt.modules.boto_secgroup.delete(name=None, group_id=None, region=None, key=None, keyid=None, proﬁle=None, vpc_id=None) Delete an autoscale group. CLI example:

salt myminion boto_secgroup.delete mysecgroup

502 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.boto_secgroup.exists(name=None, region=None, key=None, keyid=None, pro- ﬁle=None, vpc_id=None, group_id=None) Check to see if an security group exists. CLI example:

salt myminion boto_secgroup.exists mysecgroup salt.modules.boto_secgroup.get_config(name=None, group_id=None, region=None, key=None, keyid=None, proﬁle=None, vpc_id=None) Get the conﬁguration for a security group. CLI example:

salt myminion boto_secgroup.get_config mysecgroup salt.modules.boto_secgroup.get_group_id(name, vpc_id=None, region=None, key=None, keyid=None, proﬁle=None) Get a Group ID given a Group Name or Group Name and VPC ID CLI example:

salt myminion boto_secgroup.get_group_id mysecgroup salt.modules.boto_secgroup.revoke(name=None, source_group_name=None, source_group_owner_id=None, ip_protocol=None, from_port=None, to_port=None, cidr_ip=None, group_id=None, source_group_group_id=None, region=None, key=None, keyid=None, proﬁle=None, vpc_id=None) Remove a rule from an existing security group. CLI example:

salt myminion boto_secgroup.revoke mysecgroup ip_protocol=tcp from_port=80 to_port=80 cidr_ip='10.0.0.0/8'

22.16.19 salt.modules.boto_sqs

Connection module for Amazon SQS New in version 2014.7.0. conﬁguration is module accepts explicit sqs credentials but can also utilize IAM roles assigned to the instance trough Instance Proﬁles. Dynamic credentials are then automatically obtained from AWS API and no further conﬁguration is necessary. More Information available at:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

If IAM roles are not used you need to specify them either in a pillar or in the minion's conﬁg ﬁle:

sqs.keyid: GKTADJGHEIQSXMKKRBJ08H sqs.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

A region may also be speciﬁed in the conﬁguration:

sqs.region: us-east-1

22.16. Full list of builtin execution modules 503 Salt Documentation, Release 2014.7.6

myproﬁle: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdkghWupUjasdﬂkd- lgjsdajkghs region: us-east-1 depends boto salt.modules.boto_sqs.create(name, region=None, key=None, keyid=None, proﬁle=None) Create an SQS queue. CLI example to create a queue:

salt myminion boto_sqs.create myqueue region=us-east-1 salt.modules.boto_sqs.delete(name, region=None, key=None, keyid=None, proﬁle=None) Delete an SQS queue. CLI example to delete a queue:

salt myminion boto_sqs.delete myqueue region=us-east-1 salt.modules.boto_sqs.exists(name, region=None, key=None, keyid=None, proﬁle=None) Check to see if a queue exists. CLI example:

salt myminion boto_sqs.exists myqueue region=us-east-1 salt.modules.boto_sqs.get_attributes(name, region=None, key=None, keyid=None, pro- ﬁle=None) Check to see if aributes are set on an SQS queue. CLI example:

salt myminion boto_sqs.get_attributes myqueue salt.modules.boto_sqs.set_attributes(name, aributes, region=None, key=None, keyid=None, proﬁle=None) Set aributes on an SQS queue. CLI example to set aributes on a queue:

salt myminion boto_sqs.set_attributes myqueue '{ReceiveMessageWaitTimeSeconds: 20}' region=us-east-1

22.16.20 salt.modules.brew

Homebrew for Mac OS X salt.modules.brew.install(name=None, pkgs=None, taps=None, options=None, **kwargs) Install the passed package(s) with brew install name e name of the formula to be installed. Note that this parameter is ignored if ``pkgs'' is passed. CLI Example:

salt '*' pkg.install

taps Unoﬃcial Github repos to use when updating and installing formulas. CLI Example:

salt '*' pkg.install tap='' salt '*' pkg.install zlib taps='homebrew/dupes' salt '*' pkg.install php54 taps='["josegonzalez/php", "homebrew/dupes"]'

504 Chapter 22. Reference Salt Documentation, Release 2014.7.6

options Options to pass to brew. Only applies to initial install. Due to how brew works, modifying chosen options requires a full uninstall followed by a fresh install. Note that if ``pkgs'' is used, all options will be passed to all packages. Unrecognized options for a package will be silently ignored by brew. CLI Example:

salt '*' pkg.install tap='' salt '*' pkg.install php54 taps='["josegonzalez/php", "homebrew/dupes"]' options='["--with-fpm"]'

Multiple Package Installation Options: pkgs A list of formulas to install. Must be passed as a python list. CLI Example:

salt '*' pkg.install pkgs='["foo","bar"]'

Returns a dict containing the new package names and versions:

{'':{'old': '', 'new': ''}}

CLI Example:

salt '*' pkg.install 'package package package' salt.modules.brew.latest_version(*names, **kwargs) Return the latest version of the named package available for upgrade or installation Note that this currently not fully implemented but needs to return something to avoid a traceback when calling pkg.latest. CLI Example:

salt '*' pkg.latest_version salt '*' pkg.latest_version salt.modules.brew.list_pkgs(versions_as_list=False, **kwargs) List the packages currently installed in a dict:

{'': ''}

CLI Example:

salt '*' pkg.list_pkgs salt.modules.brew.list_upgrades() Check whether or not an upgrade is available for all packages CLI Example:

salt '*' pkg.list_upgrades salt.modules.brew.refresh_db() Update the homebrew package repository. CLI Example:

salt '*' pkg.refresh_db salt.modules.brew.remove(name=None, pkgs=None, **kwargs) Removes packages with brew uninstall.

22.16. Full list of builtin execution modules 505 Salt Documentation, Release 2014.7.6

name e name of the package to be deleted. Multiple Package Options: pkgs A list of packages to delete. Must be passed as a python list. e name parameter will be ignored if this option is passed. New in version 0.16.0. Returns a dict containing the changes. CLI Example:

salt '*' pkg.remove salt '*' pkg.remove ,, salt '*' pkg.remove pkgs='["foo", "bar"]' salt.modules.brew.upgrade(refresh=True) Upgrade outdated, unpinned brews. refresh Fetch the newest version of Homebrew and all formulae from GitHub before installing. Return a dict containing the new package names and versions:

{'':{'old': '', 'new': ''}}

CLI Example:

salt '*' pkg.upgrade salt.modules.brew.upgrade_available(pkg) Check whether or not an upgrade is available for a given package CLI Example:

salt '*' pkg.upgrade_available salt.modules.brew.version(*names, **kwargs) Returns a string representing the package version or an empty string if not installed. If more than one package name is speciﬁed, a dict of name/version pairs is returned. CLI Example:

salt '*' pkg.version salt '*' pkg.version

22.16.21 salt.modules.bridge

Module for gathering and managing bridging information salt.modules.bridge.add(br=None) Creates a bridge CLI Example:

salt '*' bridge.add br0 salt.modules.bridge.addif(br=None, iface=None) Adds an interface to a bridge CLI Example:

506 Chapter 22. Reference Salt Documentation, Release 2014.7.6

salt '*' bridge.addif br0 eth0 salt.modules.bridge.delete(br=None) Deletes a bridge CLI Example:

salt '*' bridge.delete br0 salt.modules.bridge.delif(br=None, iface=None) Removes an interface from a bridge CLI Example:

salt '*' bridge.delif br0 eth0 salt.modules.bridge.find_interfaces(*args) Returns the bridge to which the interfaces are bond to CLI Example:

salt '*' bridge.find_interfaces eth0 [eth1...] salt.modules.bridge.interfaces(br=None) Returns interfaces aached to a bridge CLI Example:

salt '*' bridge.interfaces br0 salt.modules.bridge.list_() Returns the machine's bridges list CLI Example:

salt '*' bridge.list salt.modules.bridge.show(br=None) Returns bridges interfaces along with enslaved physical interfaces. If no interface is given, all bridges are shown, else only the speciﬁed bridge values are returned. CLI Example:

salt '*' bridge.show salt '*' bridge.show br0 salt.modules.bridge.stp(br=None, state='disable', iface=None) Sets Spanning Tree Protocol state for a bridge CLI Example:

salt '*' bridge.stp br0 enable salt '*' bridge.stp br0 disable

For BSD-like operating systems, it is required to add the interface on which to enable the STP. CLI Example:

salt '*' bridge.stp bridge0 enable fxp0 salt '*' bridge.stp bridge0 disable fxp0

22.16. Full list of builtin execution modules 507 Salt Documentation, Release 2014.7.6

22.16.22 salt.modules.bsd_shadow

Manage the password database on BSD systems salt.modules.bsd_shadow.default_hash() Returns the default hash used for unset passwords CLI Example:

salt '*' shadow.default_hash salt.modules.bsd_shadow.info(name) Return information for the speciﬁed user CLI Example:

salt '*' shadow.info someuser salt.modules.bsd_shadow.set_password(name, password) Set the password for a named user. e password must be a properly deﬁned hash. e password hash can be generated with this command: python -c "import crypt; print crypt.crypt('password', ciphersalt)" NOTE: When constructing the ciphersalt string, you must escape any dollar signs, to avoid them being interpolated by the shell. 'password' is, of course, the password for which you want to generate a hash. ciphersalt is a combination of a cipher identiﬁer, an optional number of rounds, and the cryptographic salt. e arrangement and format of these ﬁelds depends on the cipher and which ﬂavor of BSD you are using. For more information on this, see the manpage for crpyt(3). On NetBSD, additional information is available in passwd.conf(5). It is important to make sure that a supported cipher is used. CLI Example:

salt '*' shadow.set_password someuser '$1$UYCIxa628.9qXjpQCjM4a..'

22.16.23 salt.modules.cassandra

Cassandra NoSQL Database Module depends • pycassa Cassandra Python adapter conﬁguration e location of the `nodetool' command, host, and thri port needs to be speciﬁed via pillar:

cassandra.nodetool: /usr/local/bin/nodetool cassandra.host: localhost cassandra.thrift_port: 9160 salt.modules.cassandra.column_families(keyspace=None) Return existing column families for all keyspaces or just the provided one. CLI Example:

508 Chapter 22. Reference Salt Documentation, Release 2014.7.6

salt '*' cassandra.column_families salt '*' cassandra.column_families salt.modules.cassandra.column_family_definition(keyspace=None, col- umn_family=None) Return a dictionary of column family deﬁnitions for the given keyspace/column_family CLI Example:

salt '*' cassandra.column_family_definition salt.modules.cassandra.compactionstats() Return compactionstats info CLI Example:

salt '*' cassandra.compactionstats salt.modules.cassandra.info() Return cassandra node info CLI Example:

salt '*' cassandra.info salt.modules.cassandra.keyspaces() Return existing keyspaces CLI Example:

salt '*' cassandra.keyspaces salt.modules.cassandra.netstats() Return netstats info CLI Example:

salt '*' cassandra.netstats salt.modules.cassandra.ring() Return cassandra ring info CLI Example:

salt '*' cassandra.ring salt.modules.cassandra.tpstats() Return tpstats info CLI Example:

salt '*' cassandra.tpstats salt.modules.cassandra.version() Return the cassandra version CLI Example:

salt '*' cassandra.version

22.16. Full list of builtin execution modules 509 Salt Documentation, Release 2014.7.6

22.16.24 salt.modules.chef

Execute chef in server or solo mode salt.modules.chef.client(whyrun=False, localmode=False, logﬁle=None, **kwargs) Execute a chef client run and return a dict with the stderr, stdout, return code, and pid. CLI Example:

salt '*' chef.client server=https://localhost

server e chef server URL client_key Set the client key ﬁle location conﬁg e conﬁguration ﬁle to use conﬁg-ﬁle-jail Directory under which conﬁg ﬁles are allowed to be loaded (no client.rb or knife.rb outside this path will be loaded). environment Set the Chef Environment on the node group Group to set privilege to json-attributes Load aributes from a JSON ﬁle or URL localmode Point chef-client at local repository if True log_level Set the log level (debug, info, warn, error, fatal) logﬁle Set the log ﬁle location node-name e node name for this client override-runlist Replace current run list with speciﬁed items for a single run pid Set the PID ﬁle location, defaults to /tmp/chef-client.pid run-lo-timeout Set maximum duration to wait for another client run to ﬁnish, default is indeﬁnitely. runlist Permanently replace current run list with speciﬁed items user User to set privilege to validation_key Set the validation key ﬁle location, used for registering new clients whyrun Enable whyrun mode when set to True salt.modules.chef.solo(whyrun=False, logﬁle=None, **kwargs) Execute a chef solo run and return a dict with the stderr, stdout, return code, and pid. CLI Example:

salt '*' chef.solo override-runlist=test

conﬁg e conﬁguration ﬁle to use environment Set the Chef Environment on the node group Group to set privilege to json-attributes Load aributes from a JSON ﬁle or URL log_level Set the log level (debug, info, warn, error, fatal) logﬁle Set the log ﬁle location

510 Chapter 22. Reference Salt Documentation, Release 2014.7.6

node-name e node name for this client override-runlist Replace current run list with speciﬁed items for a single run recipe-url Pull down a remote gzipped tarball of recipes and untar it to the cookbook cache run-lo-timeout Set maximum duration to wait for another client run to ﬁnish, default is indeﬁnitely. user User to set privilege to whyrun Enable whyrun mode when set to True

22.16.25 salt.modules.chocolatey

A dead simple module wrapping calls to the Chocolatey package manager (hp://chocolatey.org) New in version 2014.1.0. salt.modules.chocolatey.bootstrap(force=False) Download and install the latest version of the Chocolatey package manager via the oﬃcial bootstrap. Chocolatey requires Windows PowerShell and the .NET v4.0 runtime. Depending on the host's version of Win- dows, chocolatey.bootstrap will aempt to ensure these prerequisites are met by downloading and executing the appropriate installers from Microso. Note that if PowerShell is installed, you may have to restart the host machine for Chocolatey to work. force Run the bootstrap process even if Chocolatey is found in the path. CLI Example:

salt '*' chocolatey.bootstrap salt '*' chocolatey.bootstrap force=True salt.modules.chocolatey.chocolatey_version() New in version 2014.7.0. Returns the version of Chocolatey installed on the minion. CLI Example:

salt '*' chocolatey.chocolatey_version salt.modules.chocolatey.install(name, version=None, source=None, force=False) Instructs Chocolatey to install a package. name e name of the package to be installed. Only accepts a single argument. version Install a speciﬁc version of the package. Defaults to latest version. source Chocolatey repository (directory, share or remote URL feed) the package comes from. Defaults to the oﬃcial Chocolatey feed. force Reinstall the current version of an existing package. CLI Example:

salt '*' chocolatey.install salt '*' chocolatey.install version= salt.modules.chocolatey.install_cygwin(name) Instructs Chocolatey to install a package via Cygwin. name e name of the package to be installed. Only accepts a single argument.

22.16. Full list of builtin execution modules 511 Salt Documentation, Release 2014.7.6

CLI Example:

salt '*' chocolatey.install_cygwin salt.modules.chocolatey.install_gem(name, version=None) Instructs Chocolatey to install a package via Ruby's Gems. name e name of the package to be installed. Only accepts a single argument. version Install a speciﬁc version of the package. Defaults to latest version available. CLI Example:

salt '*' chocolatey.install_gem salt '*' chocolatey.install_gem version= salt.modules.chocolatey.install_missing(name, version=None, source=None) Instructs Chocolatey to install a package if it doesn't already exist. Changed in version 2014.7.0: If the minion has Chocolatey >= 0.9.8.24 installed, this function calls choco- latey.install instead, as installmissing is deprecated as of that version and will be removed in Chocolatey 1.0. name e name of the package to be installed. Only accepts a single argument. version Install a speciﬁc version of the package. Defaults to latest version available. source Chocolatey repository (directory, share or remote URL feed) the package comes from. Defaults to the oﬃcial Chocolatey feed. CLI Example:

salt '*' chocolatey.install_missing salt '*' chocolatey.install_missing version= salt.modules.chocolatey.install_python(name, version=None) Instructs Chocolatey to install a package via Python's easy_install. name e name of the package to be installed. Only accepts a single argument. version Install a speciﬁc version of the package. Defaults to latest version available. CLI Example:

salt '*' chocolatey.install_python salt '*' chocolatey.install_python version= salt.modules.chocolatey.install_webpi(name) Instructs Chocolatey to install a package via the Microso Web PI service. name e name of the package to be installed. Only accepts a single argument. CLI Example:

salt '*' chocolatey.install_webpi salt.modules.chocolatey.install_windowsfeatures(name) Instructs Chocolatey to install a Windows Feature via the Deployment Image Servicing and Management tool. name e name of the feature to be installed. Only accepts a single argument. CLI Example:

512 Chapter 22. Reference Salt Documentation, Release 2014.7.6

salt '*' chocolatey.install_windowsfeatures salt.modules.chocolatey.list_(narrow, all_versions=False, pre_versions=False, source=None) Instructs Chocolatey to pull a vague package list from the repository. narrow Term used to narrow down results. Searches against name/description/tag. all_versions Display all available package versions in results. Defaults to False. pre_versions Display pre-release packages in results. Defaults to False. source Chocolatey repository (directory, share or remote URL feed) the package comes from. Defaults to the oﬃcial Chocolatey feed. CLI Example:

salt '*' chocolatey.list salt '*' chocolatey.list all_versions=True salt.modules.chocolatey.list_webpi() Instructs Chocolatey to pull a full package list from the Microso Web PI repository. CLI Example:

salt '*' chocolatey.list_webpi salt.modules.chocolatey.list_windowsfeatures() Instructs Chocolatey to pull a full package list from the Windows Features list, via the Deployment Image Servicing and Management tool. CLI Example:

salt '*' chocolatey.list_windowsfeatures salt.modules.chocolatey.uninstall(name, version=None) Instructs Chocolatey to uninstall a package. name e name of the package to be uninstalled. Only accepts a single argument. version Uninstalls a speciﬁc version of the package. Defaults to latest version installed. CLI Example:

salt '*' chocolatey.uninstall salt '*' chocolatey.uninstall version= salt.modules.chocolatey.update(name, source=None, pre_versions=False) Instructs Chocolatey to update packages on the system. name e name of the package to update, or ``all'' to update everything installed on the system. source Chocolatey repository (directory, share or remote URL feed) the package comes from. Defaults to the oﬃcial Chocolatey feed. pre_versions Include pre-release packages in comparison. Defaults to False. CLI Example:

salt "*" chocolatey.update all salt "*" chocolatey.update pre_versions=True salt.modules.chocolatey.version(name, check_remote=False, source=None, pre_versions=False) Instructs Chocolatey to check an installed package version, and optionally compare it to one available from a remote feed.

22.16. Full list of builtin execution modules 513 Salt Documentation, Release 2014.7.6

name e name of the package to check. e_remote Get the version number of the latest package from the remote feed. Defaults to False. source Chocolatey repository (directory, share or remote URL feed) the package comes from. Defaults to the oﬃcial Chocolatey feed. pre_versions Include pre-release packages in comparison. Defaults to False. CLI Example:

salt "*" chocolatey.version salt "*" chocolatey.version check_remote=True

22.16.26 salt.modules.cloud

Salt-speciﬁc interface for calling Salt Cloud directly salt.modules.cloud.action(fun=None, cloudmap=None, names=None, provider=None, in- stance=None, **kwargs) Execute a single action on the given provider/instance CLI Example:

salt '*' cloud.action start instance=myinstance salt '*' cloud.action stop instance=myinstance salt '*' cloud.action show_image provider=my-ec2-config image=ami-1624987f salt.modules.cloud.create(provider, names, **kwargs) Create an instance using Salt Cloud CLI Example:

salt minionname cloud.create my-ec2-config myinstance image=ami-1624987f size='Micro Instance' ssh_username=ec2-user securitygroup=default delvol_on_destroy=True salt.modules.cloud.destroy(names) Destroy the named VM(s) CLI Example:

salt '*' cloud.destroy myinstance salt.modules.cloud.full_query(query_type='list_nodes_full') List all available cloud provider data CLI Example:

salt '*' cloud.full_query salt.modules.cloud.list_images(provider='all') List cloud provider images for the given providers CLI Example:

salt '*' cloud.list_images my-gce-config salt.modules.cloud.list_locations(provider='all') List cloud provider locations for the given providers CLI Example:

514 Chapter 22. Reference Salt Documentation, Release 2014.7.6

salt '*' cloud.list_locations my-gce-config salt.modules.cloud.list_sizes(provider='all') List cloud provider sizes for the given providers CLI Example:

salt '*' cloud.list_sizes my-gce-config salt.modules.cloud.network_create(provider, names, **kwargs) Create private network CLI Example:

salt minionname cloud.network_create my-nova names=['salt'] cidr='192.168.100.0/24' salt.modules.cloud.network_list(provider) List private networks CLI Example:

salt minionname cloud.network_list my-nova salt.modules.cloud.profile_(proﬁle, names, vm_overrides=None, **kwargs) Spin up an instance using Salt Cloud CLI Example:

salt '*' cloud.profile my-gce-config myinstance salt.modules.cloud.query(query_type='list_nodes') List cloud provider data for all providers CLI Examples:

salt '*' cloud.query salt '*' cloud.query list_nodes_full salt '*' cloud.query list_nodes_select salt.modules.cloud.select_query(query_type='list_nodes_select') List selected nodes CLI Example:

salt '*' cloud.select_query salt.modules.cloud.virtual_interface_create(provider, names, **kwargs) Aach private interfaces to a server CLI Example:

salt minionname cloud.virtual_interface_create my-nova names=['salt-master'] net_name='salt' salt.modules.cloud.virtual_interface_list(provider, names, **kwargs) List virtual interfaces on a server CLI Example:

salt minionname cloud.virtual_interface_list my-nova names=['salt-master']

22.16. Full list of builtin execution modules 515 Salt Documentation, Release 2014.7.6 salt.modules.cloud.volume_attach(provider, names, **kwargs) Aach volume to a server CLI Example:

salt minionname cloud.volume_attach my-nova myblock server_name=myserver device='/dev/xvdf' salt.modules.cloud.volume_create(provider, names, **kwargs) Create volume CLI Example:

salt minionname cloud.volume_create my-nova myblock size=100 voltype=SSD salt.modules.cloud.volume_delete(provider, names, **kwargs) Delete volume CLI Example:

salt minionname cloud.volume_delete my-nova myblock salt.modules.cloud.volume_detach(provider, names, **kwargs) Detach volume from a server CLI Example:

salt minionname cloud.volume_detach my-nova myblock server_name=myserver salt.modules.cloud.volume_list(provider) List block storage volumes CLI Example:

salt minionname cloud.volume_list my-nova

22.16.27 salt.modules.cmdmod

A module for shelling out Keep in mind that this module is insecure, in that it can give whomever has access to the master root execution access to all salt minions. salt.modules.cmdmod.exec_code(lang, code, cwd=None) Pass in two strings, the ﬁrst naming the executable language, aka - python2, python3, ruby, perl, lua, etc. the second string containing the code you wish to execute. e stdout and stderr will be returned CLI Example:

salt '*' cmd.exec_code ruby 'puts "cheese"' salt.modules.cmdmod.has_exec(cmd) Returns true if the executable is available on the minion, false otherwise CLI Example:

salt '*' cmd.has_exec cat

516 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.cmdmod.retcode(cmd, cwd=None, stdin=None, runas=None, shell='/bin/bash', python_shell=True, env=None, clean_env=False, template=None, umask=None, output_loglevel='debug', quiet=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv='base', use_vt=False, **kwargs) Execute a shell command and return the command's return code. Note that env represents the environment variables for the command, and should be formaed as a dict, or a YAML string which resolves to a dict. Return type int Return type None Returns Return Code as an int or None if there was an exception. CLI Example:

salt '*' cmd.retcode "file /bin/bash"

e template arg can be set to `jinja' or another supported template engine to render the command arguments before execution. For example:

salt '*' cmd.retcode template=jinja "file {{grains.pythonpath[0]}}/python"

A string of standard input can be speciﬁed for the command to be run using the stdin parameter. is can be useful in cases where sensitive information must be read from standard input.:

salt '*' cmd.retcode "grep f" stdin='one\ntwo\nthree\nfour\nfive\n' salt.modules.cmdmod.run(cmd, cwd=None, stdin=None, runas=None, shell='/bin/bash', python_shell=True, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_loglevel='debug', quiet=False, timeout=None, re- set_system_locale=True, ignore_retcode=False, saltenv='base', use_vt=False, **kwargs) Execute the passed command and return the output as a string Note that env represents the environment variables for the command, and should be formaed as a dict, or a YAML string which resolves to a dict. CLI Example:

salt '*' cmd.run "ls -l | awk '/foo/{print \$2}'"

e template arg can be set to `jinja' or another supported template engine to render the command arguments before execution. For example:

salt '*' cmd.run template=jinja "ls -l /tmp/{{grains.id}} | awk '/foo/{print \$2}'"

Specify an alternate shell with the shell parameter:

salt '*' cmd.run "Get-ChildItem C:\ " shell='powershell'

A string of standard input can be speciﬁed for the command to be run using the stdin parameter. is can be useful in cases where sensitive information must be read from standard input.:

salt '*' cmd.run "grep f" stdin='one\ntwo\nthree\nfour\nfive\n'

If an equal sign (=) appears in an argument to a Salt command it is interpreted as a keyword argument in the format key=val. at processing can be bypassed in order to pass an equal sign through to the remote shell command by manually specifying the kwarg:

22.16. Full list of builtin execution modules 517 Salt Documentation, Release 2014.7.6

salt '*' cmd.run cmd='sed -e s/=/:/g' salt.modules.cmdmod.run_all(cmd, cwd=None, stdin=None, runas=None, shell='/bin/bash', python_shell=True, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_loglevel='debug', quiet=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv='base', use_vt=False, **kwargs) Execute the passed command and return a dict of return data Note that env represents the environment variables for the command, and should be formaed as a dict, or a YAML string which resolves to a dict. CLI Example:

salt '*' cmd.run_all "ls -l | awk '/foo/{print \$2}'"

e template arg can be set to `jinja' or another supported template engine to render the command arguments before execution. For example:

salt '*' cmd.run_all template=jinja "ls -l /tmp/{{grains.id}} | awk '/foo/{print \$2}'"

A string of standard input can be speciﬁed for the command to be run using the stdin parameter. is can be useful in cases where sensitive information must be read from standard input.:

salt '*' cmd.run_all "grep f" stdin='one\ntwo\nthree\nfour\nfive\n' salt.modules.cmdmod.run_chroot(root, cmd, cwd=None, stdin=None, runas=None, shell='/bin/bash', python_shell=True, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_loglevel='quiet', quiet=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv='base', use_vt=False, **kwargs) New in version 2014.7.0. is function runs cmd.run_all wrapped within a chroot, with dev and proc mounted in the chroot CLI Example:

salt '*' cmd.run_chroot /var/lib/lxc/container_name/rootfs 'sh /tmp/bootstrap.sh' salt.modules.cmdmod.run_stderr(cmd, cwd=None, stdin=None, runas=None, shell='/bin/bash', python_shell=True, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_loglevel='debug', quiet=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv='base', use_vt=False, **kwargs) Execute a command and only return the standard error Note that env represents the environment variables for the command, and should be formaed as a dict, or a YAML string which resolves to a dict. CLI Example:

salt '*' cmd.run_stderr "ls -l | awk '/foo/{print \$2}'"

e template arg can be set to `jinja' or another supported template engine to render the command arguments before execution. For example:

salt '*' cmd.run_stderr template=jinja "ls -l /tmp/{{grains.id}} | awk '/foo/{print \$2}'"

A string of standard input can be speciﬁed for the command to be run using the stdin parameter. is can be useful in cases where sensitive information must be read from standard input.:

518 Chapter 22. Reference Salt Documentation, Release 2014.7.6

salt '*' cmd.run_stderr "grep f" stdin='one\ntwo\nthree\nfour\nfive\n' salt.modules.cmdmod.run_stdout(cmd, cwd=None, stdin=None, runas=None, shell='/bin/bash', python_shell=True, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_loglevel='debug', quiet=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv='base', use_vt=False, **kwargs) Execute a command, and only return the standard out Note that env represents the environment variables for the command, and should be formaed as a dict, or a YAML string which resolves to a dict. CLI Example:

salt '*' cmd.run_stdout "ls -l | awk '/foo/{print \$2}'"

e template arg can be set to `jinja' or another supported template engine to render the command arguments before execution. For example:

salt '*' cmd.run_stdout template=jinja "ls -l /tmp/{{grains.id}} | awk '/foo/{print \$2}'"

A string of standard input can be speciﬁed for the command to be run using the stdin parameter. is can be useful in cases where sensitive information must be read from standard input.:

salt '*' cmd.run_stdout "grep f" stdin='one\ntwo\nthree\nfour\nfive\n' salt.modules.cmdmod.script(source, args=None, cwd=None, stdin=None, runas=None, shell='/bin/bash', python_shell=True, env=None, template='jinja', umask=None, output_loglevel='debug', quiet=False, timeout=None, reset_system_locale=True, __env__=None, saltenv='base', use_vt=False, **kwargs) Download a script from a remote location and execute the script locally. e script can be located on the salt master ﬁle server or on an HTTP/FTP server. e script will be executed directly, so it can be wrien in any available programming language. e script can also be formaed as a template, the default is jinja. Arguments for the script can be speciﬁed as well. CLI Example:

salt '*' cmd.script salt://scripts/runme.sh salt '*' cmd.script salt://scripts/runme.sh 'arg1 arg2 "arg 3"' salt '*' cmd.script salt://scripts/windows_task.ps1 args=' -Input c:\tmp\infile.txt' shell='powershell'

A string of standard input can be speciﬁed for the command to be run using the stdin parameter. is can be useful in cases where sensitive information must be read from standard input.:

salt '*' cmd.script salt://scripts/runme.sh stdin='one\ntwo\nthree\nfour\nfive\n' salt.modules.cmdmod.script_retcode(source, cwd=None, stdin=None, runas=None, shell='/bin/bash', python_shell=True, env=None, template='jinja', umask=None, timeout=None, re- set_system_locale=True, __env__=None, saltenv='base', output_loglevel='debug', use_vt=False, **kwargs) Download a script from a remote location and execute the script locally. e script can be located on the salt master ﬁle server or on an HTTP/FTP server. e script will be executed directly, so it can be wrien in any available programming language.

22.16. Full list of builtin execution modules 519 Salt Documentation, Release 2014.7.6

e script can also be formaed as a template, the default is jinja. Only evaluate the script return code and do not block for terminal output CLI Example:

salt '*' cmd.script_retcode salt://scripts/runme.sh

A string of standard input can be speciﬁed for the command to be run using the stdin parameter. is can be useful in cases where sensitive information must be read from standard input.:

salt '*' cmd.script_retcode salt://scripts/runme.sh stdin='one\ntwo\nthree\nfour\nfive\n' salt.modules.cmdmod.tty(device, echo=None) Echo a string to a speciﬁc y CLI Example:

salt '*' cmd.tty tty0 'This is a test' salt '*' cmd.tty pts3 'This is a test' salt.modules.cmdmod.which(cmd) Returns the path of an executable available on the minion, None otherwise CLI Example:

salt '*' cmd.which cat salt.modules.cmdmod.which_bin(cmds) Returns the ﬁrst command found in a list of commands CLI Example:

salt '*' cmd.which_bin '[pip2, pip, pip-python]'

22.16.28 salt.modules.composer

Use composer to install PHP dependencies for a directory salt.modules.composer.did_composer_install(dir) Test to see if the vendor directory exists in this directory dir Directory location of the composer.json ﬁle CLI Example:

salt '*' composer.did_composer_install /var/www/application salt.modules.composer.install(dir, composer=None, php=None, runas=None, prefer_source=None, prefer_dist=None, no_scripts=None, no_plugins=None, opti- mize=None, no_dev=None, quiet=False, composer_home='/root') Install composer dependencies for a directory. If composer has not been installed globally making it available in the system PATH & making it executable, the composer and php parameters will need to be set to the location of the executables. dir Directory location of the composer.json ﬁle. composer Location of the composer.phar ﬁle. If not set composer will just execute ``composer'' as if it is installed globally. (i.e. /path/to/composer.phar) php Location of the php executable to use with composer. (i.e. /usr/bin/php)

520 Chapter 22. Reference Salt Documentation, Release 2014.7.6

runas Which system user to run composer as. prefer_source --prefer-source option of composer. prefer_dist --prefer-dist option of composer. no_scripts --no-scripts option of composer. no_plugins --no-plugins option of composer. optimize --optimize-autoloader option of composer. Recommended for production. no_dev --no-dev option for composer. Recommended for production. quiet --quiet option for composer. Whether or not to return output from composer. composer_home $COMPOSER_HOME environment variable CLI Example:

salt '*' composer.install /var/www/application

salt '*' composer.install /var/www/application no_dev=True optimize=True salt.modules.composer.selfupdate(composer=None, php=None, runas=None, quiet=False, com- poser_home='/root') Update composer itself. If composer has not been installed globally making it available in the system PATH & making it executable, the composer and php parameters will need to be set to the location of the executables. composer Location of the composer.phar ﬁle. If not set composer will just execute ``composer'' as if it is installed globally. (i.e. /path/to/composer.phar) php Location of the php executable to use with composer. (i.e. /usr/bin/php) runas Which system user to run composer as. quiet --quiet option for composer. Whether or not to return output from composer. composer_home $COMPOSER_HOME environment variable CLI Example:

salt '*' composer.selfupdate salt.modules.composer.update(dir, composer=None, php=None, runas=None, prefer_source=None, prefer_dist=None, no_scripts=None, no_plugins=None, opti- mize=None, no_dev=None, quiet=False, composer_home='/root') Update composer dependencies for a directory. If composer install has not yet been run, this runs composer install instead. If composer has not been installed globally making it available in the system PATH & making it executable, the composer and php parameters will need to be set to the location of the executables. dir Directory location of the composer.json ﬁle. composer Location of the composer.phar ﬁle. If not set composer will just execute ``composer'' as if it is installed globally. (i.e. /path/to/composer.phar) php Location of the php executable to use with composer. (i.e. /usr/bin/php) runas Which system user to run composer as. prefer_source --prefer-source option of composer.

22.16. Full list of builtin execution modules 521 Salt Documentation, Release 2014.7.6

prefer_dist --prefer-dist option of composer. no_scripts --no-scripts option of composer. no_plugins --no-plugins option of composer. optimize --optimize-autoloader option of composer. Recommended for production. no_dev --no-dev option for composer. Recommended for production. quiet --quiet option for composer. Whether or not to return output from composer. composer_home $COMPOSER_HOME environment variable CLI Example:

salt '*' composer.update /var/www/application

salt '*' composer.update /var/www/application no_dev=True optimize=True

22.16.29 salt.modules.config

Return conﬁg information salt.modules.config.backup_mode(backup='`) Return the backup mode CLI Example:

salt '*' config.backup_mode salt.modules.config.dot_vals(value) Pass in a conﬁguration value that should be preceded by the module name and a dot, this will return a list of all read key/value pairs CLI Example:

salt '*' config.dot_vals host salt.modules.config.gather_bootstrap_script(bootstrap=None) Download the salt-bootstrap script, and return its location bootstrap URL of alternate bootstrap script CLI Example:

salt '*' config.gather_bootstrap_script salt.modules.config.get(key, default='`) Aempt to retrieve the named value from opts, pillar, grains or the master conﬁg, if the named value is not available return the passed default. e default return is an empty string. e value can also represent a value in a nested dict using a '':'' delimiter for the dict. is means that if a dict looks like this:

{'pkg':{'apache': 'httpd'}}

To retrieve the value associated with the apache key in the pkg dict this key can be passed:

pkg:apache

is routine traverses these data stores in this order:

522 Chapter 22. Reference Salt Documentation, Release 2014.7.6

•Local minion conﬁg (opts) •Minion's grains •Minion's pillar •Master conﬁg CLI Example:

salt '*' config.get pkg:apache salt.modules.config.manage_mode(mode) Return a mode value, normalized to a string CLI Example:

salt '*' config.manage_mode salt.modules.config.merge(value, default='`, omit_opts=False, omit_master=False, omit_pillar=False) Retrieves an option based on key, merging all matches. Same as option() except that it merges all matches, rather than taking the ﬁrst match. CLI Example:

salt '*' config.merge schedule salt.modules.config.option(value, default='`, omit_opts=False, omit_master=False, omit_pillar=False) Pass in a generic option and receive the value that will be assigned CLI Example:

salt '*' config.option redis.host salt.modules.config.valid_fileproto(uri) Returns a boolean value based on whether or not the URI passed has a valid remote ﬁle protocol designation CLI Example:

salt '*' config.valid_fileproto salt://path/to/file

22.16.30 salt.modules.cp

Minion side functions for salt-cp salt.modules.cp.cache_dir(path, saltenv='base', include_empty=False, include_pat=None, ex- clude_pat=None, env=None) Download and cache everything under a directory from the master include_pat [None] Glob or regex to narrow down the ﬁles cached from the given path. If matching with a regex, the regex must be preﬁxed with E@, otherwise the expression will be interpreted as a glob. New in version 2014.7.0. exclude_pat [None] Glob or regex to exclude certain ﬁles from being cached from the given path. If matching with a regex, the regex must be preﬁxed with E@, otherwise the expression will be interpreted as a glob.

Note: If used with include_pat, ﬁles matching this paern will be excluded from the subset of ﬁles deﬁned by include_pat.

22.16. Full list of builtin execution modules 523 Salt Documentation, Release 2014.7.6

New in version 2014.7.0. CLI Examples:

salt '*' cp.cache_dir salt://path/to/dir salt '*' cp.cache_dir salt://path/to/dir include_pat='E@*.py$' salt.modules.cp.cache_file(path, saltenv='base', env=None) Used to cache a single ﬁle on the salt-minion Returns the location of the new cached ﬁle on the minion CLI Example:

salt '*' cp.cache_file salt://path/to/file salt.modules.cp.cache_files(paths, saltenv='base', env=None) Used to gather many ﬁles from the master, the gathered ﬁles will be saved in the minion cachedir reﬂective to the paths retrieved from the master. CLI Example:

salt '*' cp.cache_files salt://pathto/file1,salt://pathto/file1 salt.modules.cp.cache_local_file(path) Cache a local ﬁle on the minion in the localﬁles cache CLI Example:

salt '*' cp.cache_local_file /etc/hosts salt.modules.cp.cache_master(saltenv='base', env=None) Retrieve all of the ﬁles on the master and cache them locally CLI Example:

salt '*' cp.cache_master salt.modules.cp.get_dir(path, dest, saltenv='base', template=None, gzip=None, env=None) Used to recursively copy a directory from the salt master CLI Example:

salt '*' cp.get_dir salt://path/to/dir/ /minion/dest

get_dir supports the same template and gzip arguments as get_ﬁle. salt.modules.cp.get_file(path, dest, saltenv='base', makedirs=False, template=None, gzip=None, env=None) Used to get a single ﬁle from the salt master CLI Example:

salt '*' cp.get_file salt://path/to/file /minion/dest

Template rendering can be enabled on both the source and destination ﬁle names like so:

salt '*' cp.get_file "salt://{{grains.os}}/vimrc" /etc/vimrc template=jinja

is example would instruct all Salt minions to download the vimrc from a directory with the same name as their os grain and copy it to /etc/vimrc

524 Chapter 22. Reference Salt Documentation, Release 2014.7.6

For larger ﬁles, the cp.get_ﬁle module also supports gzip compression. Because gzip is CPU-intensive, this should only be used in scenarios where the compression ratio is very high (e.g. prey-printed JSON or YAML ﬁles). Use the gzip named argument to enable it. Valid values are 1..9, where 1 is the lightest compression and 9 the heaviest. 1 uses the least CPU on the master (and minion), 9 uses the most. salt.modules.cp.get_file_str(path, saltenv='base', env=None) Return the contents of a ﬁle from a URL CLI Example:

salt '*' cp.get_file_str salt://my/file salt.modules.cp.get_template(path, dest, template='jinja', saltenv='base', env=None, makedirs=False, **kwargs) Render a ﬁle as a template before seing it down. Warning, order is not the same as in ﬁleclient.cp for non breaking old API. CLI Example:

salt '*' cp.get_template salt://path/to/template /minion/dest salt.modules.cp.get_url(path, dest, saltenv='base', env=None) Used to get a single ﬁle from a URL. CLI Example:

salt '*' cp.get_url salt://my/file /tmp/mine salt '*' cp.get_url http://www.slashdot.org /tmp/index.html salt.modules.cp.hash_file(path, saltenv='base', env=None) Return the hash of a ﬁle, to get the hash of a ﬁle on the salt master ﬁle server prepend the path with salt://<ﬁle on server> otherwise, prepend the ﬁle with / for a local ﬁle. CLI Example:

salt '*' cp.hash_file salt://path/to/file salt.modules.cp.is_cached(path, saltenv='base', env=None) Return a boolean if the given path on the master has been cached on the minion CLI Example:

salt '*' cp.is_cached salt://path/to/file salt.modules.cp.list_master(saltenv='base', preﬁx='`, env=None) List all of the ﬁles stored on the master CLI Example:

salt '*' cp.list_master salt.modules.cp.list_master_dirs(saltenv='base', preﬁx='`, env=None) List all of the directories stored on the master CLI Example:

salt '*' cp.list_master_dirs salt.modules.cp.list_master_symlinks(saltenv='base', preﬁx='`, env=None) List all of the symlinks stored on the master

22.16. Full list of builtin execution modules 525 Salt Documentation, Release 2014.7.6

CLI Example:

salt '*' cp.list_master_symlinks salt.modules.cp.list_minion(saltenv='base', env=None) List all of the ﬁles cached on the minion CLI Example:

salt '*' cp.list_minion salt.modules.cp.list_states(saltenv='base', env=None) List all of the available state modules in an environment CLI Example:

salt '*' cp.list_states salt.modules.cp.push(path) Push a ﬁle from the minion up to the master, the ﬁle will be saved to the salt master in the master's minion ﬁles cachedir (defaults to /var/cache/salt/master/minions/minion-id/files) Since this feature allows a minion to push a ﬁle up to the master server it is disabled by default for security purposes. To enable, set file_recv to True in the master conﬁguration ﬁle, and restart the master. CLI Example:

salt '*' cp.push /etc/fstab salt.modules.cp.push_dir(path, glob=None) Push a directory from the minion up to the master, the ﬁles will be saved to the salt master in the master's minion ﬁles cachedir (defaults to /var/cache/salt/master/minions/minion-id/files). It also has a glob for matching speciﬁc ﬁles using globbing. New in version 2014.7.0. Since this feature allows a minion to push ﬁles up to the master server it is disabled by default for security purposes. To enable, set file_recv to True in the master conﬁguration ﬁle, and restart the master. CLI Example:

salt '*' cp.push /usr/lib/mysql salt '*' cp.push_dir /etc/modprobe.d/ glob='*.conf' salt.modules.cp.recv(ﬁles, dest) Used with salt-cp, pass the ﬁles dict, and the destination. is function receives small fast copy ﬁles from the master via salt-cp. It does not work via the CLI.

22.16.31 salt.modules.cron

Work with cron salt.modules.cron.list_tab(user) Return the contents of the speciﬁed user's crontab CLI Example:

salt '*' cron.list_tab root

526 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.cron.ls(user) Return the contents of the speciﬁed user's crontab CLI Example:

salt '*' cron.list_tab root salt.modules.cron.raw_cron(user) Return the contents of the user's crontab CLI Example:

salt '*' cron.raw_cron root salt.modules.cron.rm(user, cmd, minute=None, hour=None, daymonth=None, month=None, day- week=None, identiﬁer=None) Remove a cron job for a speciﬁed user. If any of the day/time params are speciﬁed, the job will only be removed if the speciﬁed params match. CLI Example:

salt '*' cron.rm_job root /usr/local/weekly salt '*' cron.rm_job root /usr/bin/foo dayweek=1 salt.modules.cron.rm_env(user, name) Remove cron environment variable for a speciﬁed user. CLI Example:

salt '*' cron.rm_env root MAILTO salt.modules.cron.rm_job(user, cmd, minute=None, hour=None, daymonth=None, month=None, day- week=None, identiﬁer=None) Remove a cron job for a speciﬁed user. If any of the day/time params are speciﬁed, the job will only be removed if the speciﬁed params match. CLI Example:

salt '*' cron.rm_job root /usr/local/weekly salt '*' cron.rm_job root /usr/bin/foo dayweek=1 salt.modules.cron.set_env(user, name, value=None) Set up an environment variable in the crontab. CLI Example:

salt '*' cron.set_env root MAILTO [emailprotected] salt.modules.cron.set_job(user, minute, hour, daymonth, month, dayweek, cmd, comment=None, identiﬁer=None) Sets a cron job up for a speciﬁed user. CLI Example:

salt '*' cron.set_job root '*' '*' '*' '*' 1 /usr/local/weekly salt.modules.cron.set_special(user, special, cmd) Set up a special command in the crontab. CLI Example:

22.16. Full list of builtin execution modules 527 Salt Documentation, Release 2014.7.6

salt '*' cron.set_special root @hourly 'echo foobar'

salt.modules.cron.write_cron_file(user, path) Writes the contents of a ﬁle to a user's crontab CLI Example:

salt '*' cron.write_cron_file root /tmp/new_cron

salt.modules.cron.write_cron_file_verbose(user, path) Writes the contents of a ﬁle to a user's crontab and return error message on error CLI Example:

salt '*' cron.write_cron_file_verbose root /tmp/new_cron

22.16.32 salt.modules.daemontools

daemontools service module. is module will create daemontools type service watcher. is module is compatible with the service states, so it can be used to maintain services using the provider argument:

myservice: service.running: - provider: daemontools

salt.modules.daemontools.available(name) Returns True if the speciﬁed service is available, otherwise returns False. CLI Example:

salt '*' daemontools.available foo

salt.modules.daemontools.full_restart(name) Calls daemontools.restart() function CLI Example:

salt '*' daemontools.full_restart

salt.modules.daemontools.get_all() Return a list of all available services CLI Example:

salt '*' daemontools.get_all

salt.modules.daemontools.missing(name) e inverse of daemontools.available. Returns True if the speciﬁed service is not available, otherwise returns False. CLI Example:

salt '*' daemontools.missing foo

salt.modules.daemontools.reload_(name) Wrapper for term() CLI Example:

528 Chapter 22. Reference Salt Documentation, Release 2014.7.6

salt '*' daemontools.reload salt.modules.daemontools.restart(name) Restart service via daemontools. is will stop/start service CLI Example:

salt '*' daemontools.restart salt.modules.daemontools.start(name) Starts service via daemontools CLI Example:

salt '*' daemontools.start salt.modules.daemontools.status(name, sig=None) Return the status for a service via daemontools, return pid if running CLI Example:

salt '*' daemontools.status salt.modules.daemontools.stop(name) Stops service via daemontools CLI Example:

salt '*' daemontools.stop salt.modules.daemontools.term(name) Send a TERM to service via daemontools CLI Example:

salt '*' daemontools.term

22.16.33 salt.modules.darwin_sysctl

Module for viewing and modifying sysctl parameters salt.modules.darwin_sysctl.assign(name, value) Assign a single sysctl parameter for this minion name e name of the sysctl value to edit. value e sysctl value to apply. CLI Example:

salt '*' sysctl.assign net.inet.icmp.icmplim 50 salt.modules.darwin_sysctl.get(name) Return a single sysctl parameter for this minion name e name of the sysctl value to display. CLI Example:

salt '*' sysctl.get hw.physmem

22.16. Full list of builtin execution modules 529 Salt Documentation, Release 2014.7.6 salt.modules.darwin_sysctl.persist(name, value, conﬁg='/etc/sysctl.conf', apply_change=False) Assign and persist a simple sysctl parameter for this minion name e name of the sysctl value to edit. value e sysctl value to apply. conﬁg e location of the sysctl conﬁguration ﬁle. apply_ange Default is False; Default behavior only creates or edits the sysctl.conf ﬁle. If apply is set to True, the changes are applied to the system. CLI Example:

salt '*' sysctl.persist net.inet.icmp.icmplim 50 salt '*' sysctl.persist coretemp_load NO config=/etc/sysctl.conf salt.modules.darwin_sysctl.show(conﬁg_ﬁle=False) Return a list of sysctl parameters for this minion CLI Example:

salt '*' sysctl.show

22.16.34 salt.modules.data

Manage a local persistent data structure that can hold any arbitrary data speciﬁc to the minion salt.modules.data.cas(key, value, old_value) Check and set a value in the minion datastore CLI Example:

salt '*' data.cas salt.modules.data.clear() Clear out all of the data in the minion datastore, this function is destructive! CLI Example:

salt '*' data.clear salt.modules.data.dump(new_data) Replace the entire datastore with a passed data structure CLI Example:

salt '*' data.dump '{'eggs': 'spam'}' salt.modules.data.getval(key) Get a value from the minion datastore CLI Example:

salt '*' data.getval salt.modules.data.getvals(*keys) Get values from the minion datastore CLI Example:

530 Chapter 22. Reference Salt Documentation, Release 2014.7.6

salt '*' data.getvals [ ...] salt.modules.data.load() Return all of the data in the minion datastore CLI Example:

salt '*' data.load salt.modules.data.update(key, value) Update a key with a value in the minion datastore CLI Example:

salt '*' data.update

22.16.35 salt.modules.ddns

Support for RFC 2136 dynamic DNS updates. depends • dnspython Python module conﬁguration If you want to use TSIG authentication for the server, there are a couple of optional conﬁguration parameters made available to support this (the keyname is only needed if the keyring contains more than one key):

keyring: keyring file (default=None) keyname: key name in file (default=None)

e keyring ﬁle needs to be in json format and the key name needs to end with an extra period in the ﬁle, similar to this:

{"keyname.": "keycontent"} salt.modules.ddns.add_host(zone, name, l, ip, nameserver=`127.0.0.1', replace=True, **kwargs) Add, replace, or update the A and PTR (reverse) records for a host. CLI Example:

salt ns1 ddns.add_host example.com host1 60 10.1.1.1 salt.modules.ddns.delete(zone, name, rdtype=None, data=None, nameserver=`127.0.0.1', **kwargs) Delete a DNS record. CLI Example:

salt ns1 ddns.delete example.com host1 A salt.modules.ddns.delete_host(zone, name, nameserver=`127.0.0.1', **kwargs) Delete the forward and reverse records for a host. Returns true if any records are deleted. CLI Example:

salt ns1 ddns.delete_host example.com host1

22.16. Full list of builtin execution modules 531 Salt Documentation, Release 2014.7.6 salt.modules.ddns.update(zone, name, l, rdtype, data, nameserver=`127.0.0.1', replace=False, **kwargs) Add, replace, or update a DNS record. nameserver must be an IP address and the minion running this module must have update privileges on that server. If replace is true, ﬁrst deletes all records for this name and type. CLI Example:

salt ns1 ddns.update example.com host1 60 A 10.0.0.1

22.16.36 salt.modules.deb_apache

Support for Apache Please note: e functions in here are Debian-speciﬁc. Placing them in this separate ﬁle will allow them to load only on Debian-based systems, while still loading under the apache namespace. salt.modules.deb_apache.a2dismod(mod) Runs a2dismod for the given mod. is will only be functional on Debian-based operating systems (Ubuntu, Mint, etc). CLI Examples:

salt '*' apache.a2dismod vhost_alias salt.modules.deb_apache.a2dissite(site) Runs a2dissite for the given site. is will only be functional on Debian-based operating systems (Ubuntu, Mint, etc). CLI Examples:

salt '*' apache.a2dissite example.com salt.modules.deb_apache.a2enmod(mod) Runs a2enmod for the given mod. is will only be functional on Debian-based operating systems (Ubuntu, Mint, etc). CLI Examples:

salt '*' apache.a2enmod vhost_alias salt.modules.deb_apache.a2ensite(site) Runs a2ensite for the given site. is will only be functional on Debian-based operating systems (Ubuntu, Mint, etc). CLI Examples:

salt '*' apache.a2ensite example.com salt.modules.deb_apache.check_mod_enabled(mod) Checks to see if the speciﬁc mod symlink is in /etc/apache2/mods-enabled. is will only be functional on Debian-based operating systems (Ubuntu, Mint, etc). CLI Examples:

salt '*' apache.check_mod_enabled status.conf salt '*' apache.check_mod_enabled status.load

532 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.deb_apache.check_site_enabled(site) Checks to see if the speciﬁc Site symlink is in /etc/apache2/sites-enabled. is will only be functional on Debian-based operating systems (Ubuntu, Mint, etc). CLI Examples:

salt '*' apache.check_site_enabled example.com

22.16.37 salt.modules.debconfmod

Support for Debconf salt.modules.debconfmod.get_selections(fetchempty=True) Answers to debconf questions for all packages in the following format:

{'package': [['question', 'type', 'value'], ...]}

CLI Example:

salt '*' debconf.get_selections salt.modules.debconfmod.set_(package, question, type, value, *extra) Set answers to debconf questions for a package. CLI Example:

salt '*' debconf.set [ ...] salt.modules.debconfmod.set_file(path, saltenv='base', **kwargs) Set answers to debconf questions from a ﬁle. CLI Example:

salt '*' debconf.set_file salt://pathto/pkg.selections salt.modules.debconfmod.show(name) Answers to debconf questions for a package in the following format:

[['question', 'type', 'value'], ...]

If debconf doesn't know about a package, we return None. CLI Example:

salt '*' debconf.show

22.16.38 salt.modules.debian_ip

e networking module for Debian based distros References: • hp://www.debian.org/doc/manuals/debian-reference/ch05.en.html salt.modules.debian_ip.apply_network_settings(**seings) Apply global network conﬁguration. CLI Example:

22.16. Full list of builtin execution modules 533 Salt Documentation, Release 2014.7.6

salt '*' ip.apply_network_settings salt.modules.debian_ip.build_bond(iface, **seings) Create a bond script in /etc/modprobe.d with the passed seings and load the bonding kernel module. CLI Example:

salt '*' ip.build_bond bond0 mode=balance-alb salt.modules.debian_ip.build_interface(iface, iface_type, enabled, **seings) Build an interface script for a network interface. CLI Example:

salt '*' ip.build_interface eth0 eth salt.modules.debian_ip.build_network_settings(**seings) Build the global network script. CLI Example:

salt '*' ip.build_network_settings salt.modules.debian_ip.build_routes(iface, **seings) Add route scripts for a network interface using up commands. CLI Example:

salt '*' ip.build_routes eth0 salt.modules.debian_ip.down(iface, iface_type) Shutdown a network interface CLI Example:

salt '*' ip.down eth0 salt.modules.debian_ip.get_bond(iface) Return the content of a bond script CLI Example:

salt '*' ip.get_bond bond0 salt.modules.debian_ip.get_interface(iface) Return the contents of an interface script CLI Example:

salt '*' ip.get_interface eth0 salt.modules.debian_ip.get_network_settings() Return the contents of the global network script. CLI Example:

salt '*' ip.get_network_settings salt.modules.debian_ip.get_routes(iface) Return the routes for the interface CLI Example:

534 Chapter 22. Reference Salt Documentation, Release 2014.7.6

salt '*' ip.get_interface eth0 salt.modules.debian_ip.up(iface, iface_type) Start up a network interface CLI Example:

salt '*' ip.up eth0

22.16.39 salt.modules.debian_service

Service support for Debian systems (uses update-rc.d and /sbin/service) salt.modules.debian_service.available(name) Returns True if the speciﬁed service is available, otherwise returns False. CLI Example:

salt '*' service.available sshd salt.modules.debian_service.disable(name, **kwargs) Disable the named service to start at boot CLI Example:

salt '*' service.disable salt.modules.debian_service.disabled(name) Return True if the named service is enabled, false otherwise CLI Example:

salt '*' service.disabled salt.modules.debian_service.enable(name, **kwargs) Enable the named service to start at boot CLI Example:

salt '*' service.enable salt.modules.debian_service.enabled(name) Return True if the named service is enabled, false otherwise CLI Example:

salt '*' service.enabled salt.modules.debian_service.force_reload(name) Force-reload the named service CLI Example:

salt '*' service.force_reload salt.modules.debian_service.get_all() Return all available boot services CLI Example:

22.16. Full list of builtin execution modules 535 Salt Documentation, Release 2014.7.6

salt '*' service.get_all salt.modules.debian_service.get_disabled() Return a set of services that are installed but disabled CLI Example:

salt '*' service.get_disabled salt.modules.debian_service.get_enabled() Return a list of service that are enabled on boot CLI Example:

salt '*' service.get_enabled salt.modules.debian_service.missing(name) e inverse of service.available. Returns True if the speciﬁed service is not available, otherwise returns False. CLI Example:

salt '*' service.missing sshd salt.modules.debian_service.reload_(name) Reload the named service CLI Example:

salt '*' service.reload salt.modules.debian_service.restart(name) Restart the named service CLI Example:

salt '*' service.restart salt.modules.debian_service.start(name) Start the speciﬁed service CLI Example:

salt '*' service.start salt.modules.debian_service.status(name, sig=None) Return the status for a service, pass a signature to use to ﬁnd the service via ps CLI Example:

salt '*' service.status salt.modules.debian_service.stop(name) Stop the speciﬁed service CLI Example:

salt '*' service.stop

536 Chapter 22. Reference Salt Documentation, Release 2014.7.6

22.16.40 salt.modules.defaults salt.modules.defaults.get(key, default='`) defaults.get is used much like pillar.get except that it will read a default value for a pillar from defaults.json or defaults.yaml ﬁles that are stored in the root of a salt formula. When called from the CLI it works exactly like pillar.get. CLI Example:

salt '*' defaults.get core:users:root

When called from an SLS ﬁle, it works by ﬁrst reading a defaults.json and second a defaults.yaml ﬁle. If the key exists in these ﬁles and does not exist in a pillar named aer the formula, the value from the defaults ﬁle is used. Example core/defaults.json ﬁle for the `core' formula:

{ "users":{ "root": 0 } }

With this, from a state ﬁle you can use salt['defaults.get'](`users:root') to read the `0' value from defaults.json if a core:users:root pillar key is not deﬁned.

22.16.41 salt.modules.dig

Compendium of generic DNS utilities salt.modules.dig.A(host, nameserver=None) Return the A record for host. Always returns a list. CLI Example:

salt ns1 dig.A www.google.com salt.modules.dig.AAAA(host, nameserver=None) Return the AAAA record for host. Always returns a list. CLI Example:

salt ns1 dig.AAAA www.google.com salt.modules.dig.MX(domain, resolve=False, nameserver=None) Return a list of lists for the MX of domain. If the resolve argument is True, resolve IPs for the servers. It's limited to one IP, because although in practice it's very rarely a round robin, it is an acceptable conﬁguration and pulling just one IP lets the data be similar to the non-resolved version. If you think an MX has multiple IPs, don't use the resolver here, resolve them in a separate step. CLI Example:

22.16. Full list of builtin execution modules 537 Salt Documentation, Release 2014.7.6

salt ns1 dig.MX google.com salt.modules.dig.NS(domain, resolve=True, nameserver=None) Return a list of IPs of the nameservers for domain If resolve is False, don't resolve names. CLI Example:

salt ns1 dig.NS google.com salt.modules.dig.SPF(domain, record='SPF', nameserver=None) Return the allowed IPv4 ranges in the SPF record for domain. If record is SPF and the SPF record is empty, the TXT record will be searched automatically. If you know the domain uses TXT and not SPF, specifying that will save a lookup. CLI Example:

salt ns1 dig.SPF google.com salt.modules.dig.TXT(host, nameserver=None) Return the TXT record for host. Always returns a list. CLI Example:

salt ns1 dig.TXT google.com salt.modules.dig.check_ip(addr) Check if address is a valid IP. returns True if valid, otherwise False. CLI Example:

salt ns1 dig.check_ip 127.0.0.1 salt ns1 dig.check_ip 1111:2222:3333:4444:5555:6666:7777:8888

22.16.42 salt.modules.disk

Module for gathering disk information salt.modules.disk.blkid(device=None) Return block device aributes: UUID, LABEL, etc. is function only works on systems where blkid is avail- able. CLI Example:

salt '*' disk.blkid salt '*' disk.blkid /dev/sda salt.modules.disk.inodeusage(args=None) Return inode usage information for volumes mounted on this minion CLI Example:

salt '*' disk.inodeusage salt.modules.disk.percent(args=None) Return partition information for volumes mounted on this minion

538 Chapter 22. Reference Salt Documentation, Release 2014.7.6

CLI Example:

salt '*' disk.percent /var salt.modules.disk.usage(args=None) Return usage information for volumes mounted on this minion CLI Example:

salt '*' disk.usage

22.16.43 salt.modules.djangomod

Manage Django sites salt.modules.djangomod.collectstatic(seings_module, bin_env=None, no_post_process=False, ignore=None, dry_run=False, clear=False, link=False, no_default_ignore=False, pythonpath=None, env=None) Collect static ﬁles from each of your applications into a single location that can easily be served in production. CLI Example:

salt '*' django.collectstatic salt.modules.djangomod.command(seings_module, command, bin_env=None, pythonpath=None, env=None, *args, **kwargs) Run arbitrary django management command CLI Example:

salt '*' django.command salt.modules.djangomod.createsuperuser(seings_module, username, email, bin_env=None, database=None, pythonpath=None, env=None) Create a super user for the database. is function defaults to use the --noinput ﬂag which prevents the creation of a password for the superuser. CLI Example:

salt '*' django.createsuperuser user [emailprotected] salt.modules.djangomod.loaddata(seings_module, ﬁxtures, bin_env=None, database=None, pythonpath=None, env=None) Load ﬁxture data Fixtures: comma separated list of ﬁxtures to load CLI Example:

salt '*' django.loaddata salt.modules.djangomod.syncdb(seings_module, bin_env=None, migrate=False, database=None, pythonpath=None, env=None, noinput=True) Run syncdb Execute the Django-Admin syncdb command, if South is available on the minion the migrate option can be passed as True calling the migrations to run aer the syncdb completes CLI Example:

22.16. Full list of builtin execution modules 539 Salt Documentation, Release 2014.7.6

salt '*' django.syncdb

22.16.44 salt.modules.dnsmasq

Module for managing dnsmasq salt.modules.dnsmasq.fullversion() Shows installed version of dnsmasq and compile options. CLI Example:

salt '*' dnsmasq.version salt.modules.dnsmasq.get_config(conﬁg_ﬁle='/etc/dnsmasq.conf') Dumps all options from the conﬁg ﬁle. CLI Examples:

salt '*' dnsmasq.get_config salt '*' dnsmasq.get_config file=/etc/dnsmasq.conf salt.modules.dnsmasq.set_config(conﬁg_ﬁle='/etc/dnsmasq.conf', follow=True, **kwargs) Sets a value or a set of values in the speciﬁed ﬁle. By default, if conf-dir is conﬁgured in this ﬁle, salt will aempt to set the option in any ﬁle inside the conf-dir where it has already been enabled. If it does not ﬁnd it inside any ﬁles, it will append it to the main conﬁg ﬁle. Seing follow to False will turn oﬀ this behavior. If a conﬁg option currently appears multiple times (such as dhcp-host, which is speciﬁed at least once per host), the new option will be added to the end of the main conﬁg ﬁle (and not to any includes). If you need an option added to a speciﬁc include ﬁle, specify it as the conﬁg_ﬁle. CLI Examples:

salt '*' dnsmasq.set_config domain=mydomain.com salt '*' dnsmasq.set_config follow=False domain=mydomain.com salt '*' dnsmasq.set_config file=/etc/dnsmasq.conf domain=mydomain.com salt.modules.dnsmasq.version() Shows installed version of dnsmasq. CLI Example:

salt '*' dnsmasq.version

22.16.45 salt.modules.dnsutil

Compendium of generic DNS utilities salt.modules.dnsutil.A(host, nameserver=None) Return the A record(s) for host. Always returns a list. CLI Example:

salt ns1 dnsutil.A www.google.com

540 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.dnsutil.AAAA(host, nameserver=None) Return the AAAA record(s) for host. Always returns a list. New in version 2014.7.5. CLI Example:

salt ns1 dnsutil.AAAA www.google.com salt.modules.dnsutil.MX(domain, resolve=False, nameserver=None) Return a list of lists for the MX of domain. If the `resolve' argument is True, resolve IPs for the servers. It's limited to one IP, because although in practice it's very rarely a round robin, it is an acceptable conﬁguration and pulling just one IP lets the data be similar to the non-resolved version. If you think an MX has multiple IPs, don't use the resolver here, resolve them in a separate step. CLI Example:

salt ns1 dig.MX google.com salt.modules.dnsutil.NS(domain, resolve=True, nameserver=None) Return a list of IPs of the nameservers for domain If `resolve' is False, don't resolve names. CLI Example:

salt ns1 dig.NS google.com salt.modules.dnsutil.SPF(domain, record='SPF', nameserver=None) Return the allowed IPv4 ranges in the SPF record for domain. If record is SPF and the SPF record is empty, the TXT record will be searched automatically. If you know the domain uses TXT and not SPF, specifying that will save a lookup. CLI Example:

salt ns1 dig.SPF google.com salt.modules.dnsutil.check_ip(ip_addr) Check that string ip_addr is a valid IP CLI Example:

salt ns1 dig.check_ip 127.0.0.1 salt.modules.dnsutil.hosts_append(hostsﬁle='/etc/hosts', ip_addr=None, entries=None) Append a single line to the /etc/hosts ﬁle. CLI Example:

salt '*' dnsutil.hosts_append /etc/hosts 127.0.0.1 ad1.yuk.co,ad2.yuk.co salt.modules.dnsutil.hosts_remove(hostsﬁle='/etc/hosts', entries=None) Remove a host from the /etc/hosts ﬁle. If doing so will leave a line containing only an IP address, then the line will be deleted. is function will leave comments and blank lines intact. CLI Examples:

22.16. Full list of builtin execution modules 541 Salt Documentation, Release 2014.7.6

salt '*' dnsutil.hosts_remove /etc/hosts ad1.yuk.co salt '*' dnsutil.hosts_remove /etc/hosts ad2.yuk.co,ad1.yuk.co salt.modules.dnsutil.parse_hosts(hostsﬁle='/etc/hosts', hosts=None) Parse /etc/hosts ﬁle. CLI Example:

salt '*' dnsutil.parse_hosts salt.modules.dnsutil.parse_zone(zoneﬁle=None, zone=None) Parses a zone ﬁle. Can be passed raw zone data on the API level. CLI Example:

salt ns1 dnsutil.parse_zone /var/lib/named/example.com.zone

22.16.46 salt.modules.dockerio

Management of Dockers

New in version 2014.1.0.

Note: e DockerIO integration is still in beta; the API is subject to change

General Notes

As we use states, we don't want to be continuously popping dockers, so we will map each container id (or image) with a grain whenever it is relevant. As a corollary, we will resolve a container id either directly by the id or try to ﬁnd a container id matching something stocked in grain.

Installation Prerequisites

• You will need the docker-py python package in your python installation path that is running salt. Its version should support Docker Remote API v1.12. Currently, docker-py 0.5.0 is known to support Docker Remote API v1.12

pip install docker-py==0.5.0

Prerequisite Pillar Configuration for Authentication

• To push or pull you will need to be authenticated as the docker-py bindings require it • For this to happen, you will need to conﬁgure a mapping in the pillar representing your per URL authentication bits:

docker-registries: registry_url: email: [emailprotected]

542 Chapter 22. Reference Salt Documentation, Release 2014.7.6

password: s3cr3t username: foo

• You need at least an entry to the default docker index:

docker-registries: https://index.docker.io/v1/: email: [emailprotected] password: s3cr3t username: foo

• You can deﬁne multiple registry blocks for them to be aggregated. e only thing to keep in mind is that their ID must ﬁnish with -docker-registries:

ac-docker-registries: https://index.bar.io/v1/: email: [emailprotected] password: s3cr3t username: foo

ab-docker-registries: https://index.foo.io/v1/: email: [emailprotected] password: s3cr3t username: foo

is could be also wrien as:

docker-registries: https://index.bar.io/v1/: email: [emailprotected] password: s3cr3t username: foo https://index.foo.io/v1/: email: [emailprotected] password: s3cr3t username: foo

Methods • Registry Dialog – login – push – pull • Doer Management – version – info • Image Management – search – inspect_image – get_images – remove_image

22.16. Full list of builtin execution modules 543 Salt Documentation, Release 2014.7.6

– import_image – build – tag • Container Management – start – stop – restart – kill – wait – get_containers – inspect_container – remove_container – is_running – top – port – logs – diff – commit – create_container – export – get_container_root

Runtime Execution within a specific, already existing/running container

Idea is to use lxc-aach to execute inside the container context. We do not want to use docker run but want to execute something inside a running container. ese are the available methods: • retcode • run • run_all • run_stderr • run_stdout • script • script_retcode salt.modules.dockerio.build(path=None, tag=None, quiet=False, ﬁleobj=None, nocache=False, rm=True, timeout=None) Build a docker image from a dockerﬁle or an URL path url/branch/docker_dir or path on the ﬁlesystem to the dockerﬁle

544 Chapter 22. Reference Salt Documentation, Release 2014.7.6

tag tag of the image quiet quiet mode, Default is False nocae do not use docker image cache, Default is False rm remove intermediate commits, Default is True timeout timeout value before aborting (in seconds) CLI Example:

salt '*' docker.build vieux/apache salt '*' docker.build github.com/creack/docker-firefox salt.modules.dockerio.commit(container, repository=None, tag=None, message=None, author=None, conf=None) Commit a container (promotes it to an image) container container id repository repository/image to commit to tag tag of the image (Optional) message commit message (Optional) author author name (Optional) conf conf (Optional) CLI Example:

salt '*' docker.commit salt.modules.dockerio.create_container(image, command=None, hostname=None, user=None, detach=True, stdin_open=False, y=False, mem_limit=0, ports=None, environment=None, dns=None, volumes=None, volumes_from=None, name=None) Create a new container image image to create the container from command command to execute while starting hostname hostname of the container user user to run docker as deta daemon mode, Default is True environment environment variable mapping ({'foo':'BAR'}) ports port redirections ({'222': {}}) volumes list of volume mappings:

(['/mountpoint/in/container:/guest/foo', '/same/path/mounted/point'])

tty aach ys, Default is False stdin_open let stdin open, Default is False name name given to container CLI Example:

22.16. Full list of builtin execution modules 545 Salt Documentation, Release 2014.7.6

salt '*' docker.create_container o/ubuntu volumes="['/s','/m:/f']" salt.modules.dockerio.diff(container) Get container diﬀs container container id CLI Example:

salt '*' docker.diff salt.modules.dockerio.exists(container) Check if a given container exists container container id Returns True if container exists otherwise returns False CLI Example:

salt '*' docker.exists salt.modules.dockerio.export(container, path) Export a container to a ﬁle container container id path path to which ﬁle is to be exported CLI Example:

salt '*' docker.export salt.modules.dockerio.get_container_root(container) Get the container rootfs path container container id or grain CLI Example:

salt '*' docker.get_container_root salt.modules.dockerio.get_containers(all=True, trunc=False, since=None, before=None, limit=- 1, host=False, inspect=False) Get a list of mappings representing all containers all return all containers, Default is True trunc set it to True to have the short ID, Default is False host include the Docker host's ipv4 and ipv6 address in return, Default is False inspect Get more granular information about each container by running a docker inspect CLI Example:

salt '*' docker.get_containers salt '*' docker.get_containers host=True salt '*' docker.get_containers host=True inspect=True salt.modules.dockerio.get_images(name=None, quiet=False, all=True) List docker images name repository name

546 Chapter 22. Reference Salt Documentation, Release 2014.7.6

quiet only show image id, Default is False all show all images, Default is True CLI Example:

salt '*' docker.get_images [quiet=True|False] [all=True|False] salt.modules.dockerio.import_image(src, repo, tag=None) Import content from a local tarball or a URL to a docker image src content to import (URL or absolute path to a tarball) repo repository to import to tag set tag of the image (Optional) CLI Example:

salt '*' docker.import_image [tag] salt.modules.dockerio.info() Get the version information about docker. is is similar to docker info command CLI Example:

salt '*' docker.info salt.modules.dockerio.inspect_container(container) Get container information. is is similar to docker inspect command but only for containers container container id CLI Example:

salt '*' docker.inspect_container salt.modules.dockerio.inspect_image(image) Inspect the status of an image and return relative data. is is similar to docker inspect command but only for images image name of the image CLI Example:

salt '*' docker.inspect_image salt.modules.dockerio.is_running(container) Check if the speciﬁed container is running container container id Returns True if container is running otherwise returns False CLI Example:

salt '*' docker.is_running salt.modules.dockerio.kill(container) Kill a running container container container id CLI Example:

22.16. Full list of builtin execution modules 547 Salt Documentation, Release 2014.7.6

salt '*' docker.kill salt.modules.dockerio.login(url=None, username=None, password=None, email=None) Wrapper to the docker.py login method (does not do much yet) url registry url to authenticate to username username to authenticate password password to authenticate email email to authenticate CLI Example:

salt '*' docker.login salt.modules.dockerio.logs(container) Return logs for a speciﬁed container container container id CLI Example:

salt '*' docker.logs salt.modules.dockerio.port(container, private_port) Private port mapping allocation information. is method is broken on docker-py side. Just use the result of inspect to mangle port allocation container container id private_port private port on the container to query for CLI Example:

salt '*' docker.port salt.modules.dockerio.pull(repo, tag=None) Pulls an image from any registry. See documentation at top of this page to conﬁgure authenticated access repo name of repository tag speciﬁc tag to pull (Optional) CLI Example:

salt '*' docker.pull [tag] salt.modules.dockerio.push(repo, tag=None, quiet=False) Pushes an image to any registry. See documentation at top of this page to conﬁgure authenticated access repo name of repository tag speciﬁc tag to push (Optional) quiet set as True to quiet output, Default is False CLI Example:

salt '*' docker.push [tag] [quiet=True|False] salt.modules.dockerio.remove_container(container, force=False, v=False) Remove a container from a docker installation

548 Chapter 22. Reference Salt Documentation, Release 2014.7.6

container container id force remove a running container, Default is False v remove the volumes associated to the container, Default is False CLI Example:

salt '*' docker.remove_container [force=True|False] [v=True|False] salt.modules.dockerio.remove_image(image) Remove an image from a system. image name of image CLI Example:

salt '*' docker.remove_image salt.modules.dockerio.restart(container, timeout=10) Restart a running container container container id timeout timeout for container to exit gracefully before killing it, Default is 10 seconds CLI Example:

salt '*' docker.restart [timeout=20] salt.modules.dockerio.retcode(container, cmd) Wrapper for cmdmod.retcode inside a container context container container id (or grain) cmd command to execute

Note: e return is a bit diﬀerent as we use the docker struct. Output of the command is in `out' and result is False if command failed to execute.

Warning: Be advised that this function allows for raw shell access to the named container! If allowing users to execute this directly it may allow more rights than intended!

CLI Example:

salt '*' docker.retcode 'ls -l /etc' salt.modules.dockerio.run(container, cmd) Wrapper for cmdmod.run inside a container context container container id (or grain) cmd command to execute

Note: e return is a bit diﬀerent as we use the docker struct. Output of the command is in `out' and result is always True.

Warning: Be advised that this function allows for raw shell access to the named container! If allowing users to execute this directly it may allow more rights than intended!

22.16. Full list of builtin execution modules 549 Salt Documentation, Release 2014.7.6

CLI Example:

salt '*' docker.run 'ls -l /etc' salt.modules.dockerio.run_all(container, cmd) Wrapper for cmdmod.run_all inside a container context container container id (or grain) cmd command to execute

Note: e return is a bit diﬀerent as we use the docker struct. Output of the command is in `out' and result is False if command failed to execute.

Warning: Be advised that this function allows for raw shell access to the named container! If allowing users to execute this directly it may allow more rights than intended!

CLI Example:

salt '*' docker.run_all 'ls -l /etc' salt.modules.dockerio.run_stderr(container, cmd) Wrapper for cmdmod.run_stderr inside a container context container container id (or grain) cmd command to execute

Note: e return is a bit diﬀerent as we use the docker struct. Output of the command is in `out' and result is always True.

Warning: Be advised that this function allows for raw shell access to the named container! If allowing users to execute this directly it may allow more rights than intended!

CLI Example:

salt '*' docker.run_stderr 'ls -l /etc' salt.modules.dockerio.run_stdout(container, cmd) Wrapper for cmdmod.run_stdout inside a container context container container id (or grain) cmd command to execute

Note: e return is a bit diﬀerent as we use the docker struct. Output of the command is in `out' and result is always True.

Warning: Be advised that this function allows for raw shell access to the named container! If allowing users to execute this directly it may allow more rights than intended!

CLI Example:

salt '*' docker.run_stdout 'ls -l /etc'

550 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.dockerio.script(container, source, args=None, cwd=None, stdin=None, runas=None, shell='/bin/bash', env=None, template='jinja', umask=None, timeout=None, reset_system_locale=True, no_clean=False, saltenv='base') Wrapper for cmdmod.script inside a container context container container id (or grain) additional parameters See cmd.script

Warning: Be advised that this function allows for raw shell access to the named container! If allowing users to execute this directly it may allow more rights than intended!

Download a script from a remote location and execute the script in the container. e script can be located on the salt master ﬁle server or on an HTTP/FTP server. e script will be executed directly, so it can be wrien in any available programming language. e script can also be formaed as a template, the default is jinja. Arguments for the script can be speciﬁed as well. CLI Example:

salt '*' docker.script salt://docker_script.py salt '*' docker.script salt://scripts/runme.sh 'arg1 arg2 "arg 3"' salt '*' docker.script salt://scripts/windows_task.ps1 args=' -Input c:\tmp\infile.txt' shell='powershell'

A string of standard input can be speciﬁed for the command to be run using the stdin parameter. is can be useful in cases where sensitive information must be read from standard input: CLI Example:

salt '*' docker.script salt://scripts/runme.sh stdin='one\ntwo\nthree\nfour\nfive\n' salt.modules.dockerio.script_retcode(container, source, cwd=None, stdin=None, runas=None, shell='/bin/bash', env=None, template='jinja', umask=None, timeout=None, reset_system_locale=True, no_clean=False, saltenv='base') Wrapper for cmdmod.script_retcode inside a container context container container id (or grain) additional parameters See cmd.script_retcode

Warning: Be advised that this function allows for raw shell access to the named container! If allowing users to execute this directly it may allow more rights than intended!

CLI Example:

salt '*' docker.script_retcode salt://docker_script.py salt.modules.dockerio.search(term) Search for an image on the registry term search keyword CLI Example:

salt '*' docker.search

22.16. Full list of builtin execution modules 551 Salt Documentation, Release 2014.7.6 salt.modules.dockerio.start(container, binds=None, port_bindings=None, lxc_conf=None, pub- lish_all_ports=None, links=None, privileged=False, dns=None, volumes_from=None, network_mode=None, restart_policy=None, cap_add=None, cap_drop=None) Start the speciﬁed container container container id CLI Example:

salt '*' docker.start salt.modules.dockerio.stop(container, timeout=10) Stop a running container container container id timeout timeout for container to exit gracefully before killing it, Default is 10 seconds CLI Example:

salt '*' docker.stop [timeout=20] salt.modules.dockerio.tag(image, repository, tag=None, force=False) Tag an image into a repository image name of image repository name of repository tag tag to apply (Optional) force force apply tag, Default is False CLI Example:

salt '*' docker.tag [tag] [force=True|False] salt.modules.dockerio.top(container) Run the docker top command on a speciﬁc container container container id CLI Example:

salt '*' docker.top salt.modules.dockerio.version() Get docker version CLI Example:

salt '*' docker.version salt.modules.dockerio.wait(container) Wait for a container to exit gracefully container container id CLI Example:

salt '*' docker.wait

552 Chapter 22. Reference Salt Documentation, Release 2014.7.6

22.16.47 salt.modules.dpkg

Support for DEB packages salt.modules.dpkg.file_dict(*packages) List the ﬁles that belong to a package, grouped by package. Not specifying any packages will return a list of _every_ ﬁle on the system's package database (not generally recommended). CLI Examples:

salt '*' lowpkg.file_list httpd salt '*' lowpkg.file_list httpd postfix salt '*' lowpkg.file_list salt.modules.dpkg.file_list(*packages) List the ﬁles that belong to a package. Not specifying any packages will return a list of _every_ ﬁle on the system's package database (not generally recommended). CLI Examples:

salt '*' lowpkg.file_list httpd salt '*' lowpkg.file_list httpd postfix salt '*' lowpkg.file_list salt.modules.dpkg.list_pkgs(*packages) List the packages currently installed in a dict:

{'': ''}

External dependencies:

Virtual package resolution requires aptitude. Because this function uses dpkg, virtual packages will be reported as not installed.

CLI Example:

salt '*' lowpkg.list_pkgs salt '*' lowpkg.list_pkgs httpd salt.modules.dpkg.unpurge(*packages) Change package selection for each package speciﬁed to `install' CLI Example:

salt '*' lowpkg.unpurge curl

22.16.48 salt.modules.ebuild

Support for Portage optdepends • portage Python adapter For now all package names MUST include the package category, i.e. 'vim' will not work, 'app-editors/vim' will. salt.modules.ebuild.check_db(*names, **kwargs) New in version 0.17.0. Returns a dict containing the following information for each speciﬁed package:

22.16. Full list of builtin execution modules 553 Salt Documentation, Release 2014.7.6

1.A key found, which will be a boolean value denoting if a match was found in the package database. 2.If found is False, then a second key called suggestions will be present, which will contain a list of possible matches. is list will be empty if the package name was speciﬁed in category/pkgname format, since the suggestions are only intended to disambiguate ambiguous package names (ones sub- mied without a category). CLI Examples:

salt '*' pkg.check_db salt.modules.ebuild.check_extra_requirements(pkgname, pkgver) Check if the installed package already has the given requirements. CLI Example:

salt '*' pkg.check_extra_requirements 'sys-devel/gcc' '~>4.1.2:4.1::gentoo[nls,fortran]' salt.modules.ebuild.depclean(name=None, slot=None, fromrepo=None, pkgs=None) Portage has a function to remove unused dependencies. If a package is provided, it will only removed the package if no other package depends on it. name e name of the package to be cleaned. slot Restrict the remove to a speciﬁc slot. Ignored if name is None. fromrepo Restrict the remove to a speciﬁc slot. Ignored if name is None. pkgs Clean multiple packages. slot and fromrepo arguments are ignored if this argument is present. Must be passed as a python list. Return a list containing the removed packages: CLI Example:

salt '*' pkg.depclean salt.modules.ebuild.ex_mod_init(low) If the conﬁg option ebuild.enforce_nice_config is set to True, this module will enforce a nice tree structure for /etc/portage/package.* conﬁguration ﬁles. New in version 0.17.0: Initial automatic enforcement added when pkg is used on a Gentoo system. Changed in version 2014.1.0: Conﬁgure option added to make this behavior optional, defaulting to oﬀ. See also: ebuild.ex_mod_init is called automatically when a state invokes a pkg state on a Gentoo system. salt.states.pkg.mod_init() ebuild.ex_mod_init uses portage_config.enforce_nice_config to do the liing. salt.modules.portage_config.enforce_nice_config() CLI Example:

salt '*' pkg.ex_mod_init salt.modules.ebuild.install(name=None, refresh=False, pkgs=None, sources=None, slot=None, fromrepo=None, uses=None, **kwargs) Install the passed package(s), add refresh=True to sync the portage tree before package is installed. name e name of the package to be installed. Note that this parameter is ignored if either ``pkgs'' or ``sources'' is passed. Additionally, please note that this option can only be used to emerge a package from the portage tree. To install a tbz2 package manually, use the ``sources'' option described below.

554 Chapter 22. Reference Salt Documentation, Release 2014.7.6

CLI Example:

salt '*' pkg.install

refresh Whether or not to sync the portage tree before installing. version Install a speciﬁc version of the package, e.g. 1.0.9-r1. Ignored if ``pkgs'' or ``sources'' is passed. slot Similar to version, but speciﬁes a valid slot to be installed. It will install the latest available version in the speciﬁed slot. Ignored if ``pkgs'' or ``sources'' or ``version'' is passed. CLI Example:

salt '*' pkg.install sys-devel/gcc slot='4.4'

fromrepo Similar to slot, but speciﬁes the repository from the package will be installed. It will install the latest available version in the speciﬁed repository. Ignored if ``pkgs'' or ``sources'' or ``version'' is passed. CLI Example:

salt '*' pkg.install salt fromrepo='gentoo'

uses Similar to slot, but speciﬁes a list of use ﬂag. Ignored if ``pkgs'' or ``sources'' or ``version'' is passed. CLI Example:

salt '*' pkg.install sys-devel/gcc uses='["nptl","-nossp"]'

Multiple Package Installation Options: pkgs A list of packages to install from the portage tree. Must be passed as a python list. CLI Example:

salt '*' pkg.install pkgs='["foo","bar","~category/package:slot::repository[use]"]'

sources A list of tbz2 packages to install. Must be passed as a list of dicts, with the keys being package names, and the values being the source URI or local path to the package. CLI Example:

salt '*' pkg.install sources='[{"foo": "salt://foo.tbz2"},{"bar": "salt://bar.tbz2"}]'

Returns a dict containing the new package names and versions:

{'':{'old': '', 'new': ''}} salt.modules.ebuild.latest_version(*names, **kwargs) Return the latest version of the named package available for upgrade or installation. If more than one package name is speciﬁed, a dict of name/version pairs is returned. If the latest version of a given package is already installed, an empty string will be returned for that package. CLI Example:

salt '*' pkg.latest_version salt '*' pkg.latest_version ... salt.modules.ebuild.list_pkgs(versions_as_list=False, **kwargs) List the packages currently installed in a dict:

22.16. Full list of builtin execution modules 555 Salt Documentation, Release 2014.7.6

{'': ''}

CLI Example:

salt '*' pkg.list_pkgs salt.modules.ebuild.list_upgrades(refresh=True) List all available package upgrades. CLI Example:

salt '*' pkg.list_upgrades salt.modules.ebuild.porttree_matches(name) Returns a list containing the matches for a given package name from the portage tree. Note that the speciﬁc version of the package will not be provided for packages that have several versions in the portage tree, but rather the name of the package (i.e. ``dev-python/paramiko''). salt.modules.ebuild.purge(name=None, slot=None, fromrepo=None, pkgs=None, **kwargs) Portage does not have a purge, this function calls remove followed by depclean to emulate a purge process name e name of the package to be deleted. slot Restrict the remove to a speciﬁc slot. Ignored if name is None. fromrepo Restrict the remove to a speciﬁc slot. Ignored if name is None. Multiple Package Options: pkgs Uninstall multiple packages. slot and fromrepo arguments are ignored if this argument is present. Must be passed as a python list. New in version 0.16.0. Returns a dict containing the changes. CLI Example:

salt '*' pkg.purge salt '*' pkg.purge slot=4.4 salt '*' pkg.purge ,, salt '*' pkg.purge pkgs='["foo", "bar"]' salt.modules.ebuild.refresh_db() Updates the portage tree (emerge --sync). Uses eix-sync if available. CLI Example:

salt '*' pkg.refresh_db salt.modules.ebuild.remove(name=None, slot=None, fromrepo=None, pkgs=None, **kwargs) Remove packages via emerge --unmerge. name e name of the package to be deleted. slot Restrict the remove to a speciﬁc slot. Ignored if name is None. fromrepo Restrict the remove to a speciﬁc slot. Ignored if name is None. Multiple Package Options: pkgs Uninstall multiple packages. slot and fromrepo arguments are ignored if this argument is present. Must be passed as a python list.

556 Chapter 22. Reference Salt Documentation, Release 2014.7.6

New in version 0.16.0. Returns a dict containing the changes. CLI Example:

salt '*' pkg.remove salt '*' pkg.remove slot=4.4 fromrepo=gentoo salt '*' pkg.remove ,, salt '*' pkg.remove pkgs='["foo", "bar"]' salt.modules.ebuild.update(pkg, slot=None, fromrepo=None, refresh=False) Updates the passed package (emerge --update package) slot Restrict the update to a particular slot. It will update to the latest version within the slot. fromrepo Restrict the update to a particular repository. It will update to the latest version within the reposi- tory. Return a dict containing the new package names and versions:

{'':{'old': '', 'new': ''}}

CLI Example:

salt '*' pkg.update salt.modules.ebuild.upgrade(refresh=True) Run a full system upgrade (emerge --update world) Return a dict containing the new package names and versions:

{'':{'old': '', 'new': ''}}

CLI Example:

salt '*' pkg.upgrade salt.modules.ebuild.upgrade_available(name) Check whether or not an upgrade is available for a given package CLI Example:

salt '*' pkg.upgrade_available salt.modules.ebuild.version(*names, **kwargs) Returns a string representing the package version or an empty string if not installed. If more than one package name is speciﬁed, a dict of name/version pairs is returned. CLI Example:

salt '*' pkg.version salt '*' pkg.version ... salt.modules.ebuild.version_clean(version) Clean the version string removing extra data. CLI Example:

salt '*' pkg.version_clean

22.16. Full list of builtin execution modules 557 Salt Documentation, Release 2014.7.6 salt.modules.ebuild.version_cmp(pkg1, pkg2) Do a cmp-style comparison on two packages. Return -1 if pkg1 < pkg2, 0 if pkg1 == pkg2, and 1 if pkg1 > pkg2. Return None if there was a problem making the comparison. CLI Example:

salt '*' pkg.version_cmp '0.2.4-0' '0.2.4.1-0'

22.16.49 salt.modules.eix

Support for Eix salt.modules.eix.sync() Sync portage/overlay trees and update the eix database CLI Example:

salt '*' eix.sync salt.modules.eix.update() Update the eix database CLI Example:

salt '*' eix.update

22.16.50 salt.modules.environ

Support for geing and seing the environment variables of the current salt process. salt.modules.environ.get(key, default='`) Get a single salt process environment variable. key String used as the key for environment lookup. default If the key is not found in the environment, return this value. Default: `' CLI Example:

salt '*' environ.get foo salt '*' environ.get baz default=False salt.modules.environ.has_value(key, value=None) Determine whether the key exists in the current salt process environment dictionary. Optionally compare the current value of the environment against the supplied value string. key Must be a string. Used as key for environment lookup. value: Optional. If key exists in the environment, compare the current value with this value. Return True if they are equal. CLI Example:

salt '*' environ.has_value foo salt.modules.environ.item(keys, default='`) Get one or more salt process environment variables. Returns a dict. keys Either a string or a list of strings that will be used as the keys for environment lookup.

558 Chapter 22. Reference Salt Documentation, Release 2014.7.6

default If the key is not found in the environment, return this value. Default: `' CLI Example:

salt '*' environ.item foo salt '*' environ.item '[foo, baz]' default=None salt.modules.environ.items() Return a dict of the entire environment set for the salt process CLI Example:

salt '*' environ.items salt.modules.environ.setenv(environ, false_unsets=False, clear_all=False, update_minion=False) Set multiple salt process environment variables from a dict. Returns a dict. environ Must be a dict. e top-level keys of the dict are the names of the environment variables to set. Each key's value must be a string or False. Refer to the `false_unsets' parameter for behavior when a value set to False. false_unsets If a key's value is False and false_unsets is True, then the key will be removed from the salt processes environment dict entirely. If a key's value is False and false_unsets is not True, then the key's value will be set to an empty string. Default: False clear_all USE WITH CAUTION! is option can unset environment variables needed for salt to function properly. If clear_all is True, then any environment variables not deﬁned in the environ dict will be deleted. Default: False update_minion If True, apply these environ changes to the main salt-minion process. If False, the environ changes will only aﬀect the current salt subprocess. Default: False CLI Example:

salt '*' environ.setenv '{"foo": "bar", "baz": "quux"}' salt '*' environ.setenv '{"a": "b", "c": False}' false_unsets=True salt.modules.environ.setval(key, val, false_unsets=False) Set a single salt process environment variable. Returns True on success. key e environment key to set. Must be a string. val e value to set. Must be a string or False. Refer to the `false_unsets' parameter for behavior when set to False. false_unsets If val is False and false_unsets is True, then the key will be removed from the salt processes environment dict entirely. If val is False and false_unsets is not True, then the key's value will be set to an empty string. Default: False. CLI Example:

salt '*' environ.setval foo bar salt '*' environ.setval baz val=False false_unsets=True

22.16.51 salt.modules.eselect

Support for eselect, Gentoo's conﬁguration and management tool. salt.modules.eselect.exec_action(module, action, module_parameter=None, ac- tion_parameter=None, parameter=None, state_only=False) Execute an arbitrary action on a module.

22.16. Full list of builtin execution modules 559 Salt Documentation, Release 2014.7.6

module name of the module to be executed action name of the module's action to be run module_parameter additional params passed to the deﬁned module action_parameter additional params passed to the deﬁned action parameter additional params passed to the deﬁned action .. deprecated:: Lithium state_only don't return any output but only the success/failure of the operation CLI Example (updating the php implementation used for apache2):

salt '*' eselect.exec_action php update action_parameter='apache2' salt.modules.eselect.get_current_target(module, module_parameter=None, ac- tion_parameter=None) Get the currently selected target for the given module. module name of the module to be queried for its current target module_parameter additional params passed to the deﬁned module action_parameter additional params passed to the `show' action CLI Example (current target of system-wide java-vm):

salt '*' eselect.get_current_target java-vm action_parameter='system'

CLI Example (current target of kernel symlink):

salt '*' eselect.get_current_target kernel salt.modules.eselect.get_modules() List available eselect modules. CLI Example:

salt '*' eselect.get_modules salt.modules.eselect.get_target_list(module) List available targets for the given module. module name of the module to be queried for its targets CLI Example:

salt '*' eselect.get_target_list kernel salt.modules.eselect.set_target(module, target, module_parameter=None, ac- tion_parameter=None) Set the target for the given module. Target can be speciﬁed by index or name. module name of the module for which a target should be set target name of the target to be set for this module module_parameter additional params passed to the deﬁned module action_parameter additional params passed to the deﬁned action CLI Example (seing target of system-wide java-vm):

salt '*' eselect.set_target java-vm icedtea-bin-7 action_parameter='system'

560 Chapter 22. Reference Salt Documentation, Release 2014.7.6

CLI Example (seing target of kernel symlink): salt '*' eselect.set_target kernel linux-3.17.5-gentoo

22.16.52 salt.modules.etcd_mod

Execution module to work with etcd depends • python-etcd In order to use an etcd server, a proﬁle should be created in the master conﬁguration ﬁle: my_etd_config: etcd.host: 127.0.0.1 etcd.port: 4001

It is technically possible to conﬁgure etcd without using a proﬁle, but this is not considered to be a best practice, especially when multiple etcd servers or clusters are available. etcd.host: 127.0.0.1 etcd.port: 4001 salt.modules.etcd_mod.get_(key, recurse=False, proﬁle=None) New in version 2014.7.0. Get a value from etcd, by direct path CLI Examples:

salt myminion etcd.get /path/to/key salt myminion etcd.get /path/to/key profile=my_etcd_config salt myminion etcd.get /path/to/key recurse=True profile=my_etcd_config salt.modules.etcd_mod.ls_(path='/', proﬁle=None) New in version 2014.7.0. Return all keys and dirs inside a speciﬁc path CLI Example:

salt myminion etcd.ls /path/to/dir/ salt myminion etcd.ls /path/to/dir/ profile=my_etcd_config salt.modules.etcd_mod.rm_(key, recurse=False, proﬁle=None) New in version 2014.7.0. Delete a key from etcd CLI Example:

salt myminion etcd.rm /path/to/key salt myminion etcd.rm /path/to/key profile=my_etcd_config salt myminion etcd.rm /path/to/dir recurse=True profile=my_etcd_config salt.modules.etcd_mod.set_(key, value, proﬁle=None) New in version 2014.7.0. Set a value in etcd, by direct path CLI Example:

22.16. Full list of builtin execution modules 561 Salt Documentation, Release 2014.7.6

salt myminion etcd.set /path/to/key value salt myminion etcd.set /path/to/key value profile=my_etcd_config salt.modules.etcd_mod.tree(path='/', proﬁle=None) New in version 2014.7.0. Recurse through etcd and return all values CLI Example:

salt myminion etcd.tree salt myminion etcd.tree profile=my_etcd_config salt myminion etcd.tree /path/to/keys profile=my_etcd_config

22.16.53 salt.modules.event

Use the Salt Event System to ﬁre events from the master to the minion and vice-versa. salt.modules.event.fire(data, tag) Fire an event on the local minion event bus. Data must be formed as a dict. CLI Example:

salt '*' event.fire '{"data":"my event data"}' 'tag' salt.modules.event.fire_master(data, tag, preload=None) Fire an event oﬀ up to the master server CLI Example:

salt '*' event.fire_master '{"data":"my event data"}' 'tag' salt.modules.event.send(tag, data=None, preload=None, with_env=False, with_grains=False, with_pillar=False, **kwargs) Send an event to the Salt Master New in version 2014.7.0. Parameters • tag -- A tag to give the event. Use slashes to create a names- pace for related events. E.g., myco/build/buildserver1/start, myco/build/buildserver1/success, myco/build/buildserver1/failure. • data -- A dictionary of data to send in the event. is is free-form. Send any data points that are needed for whoever is consuming the event. Arguments on the CLI are interpreted as YAML so complex data structures are possible. • with_env (Specify True to include all environment variables, or specify a list of strings of variable names to include.) -- Include environment variables from the current shell environment in the event data as environ.. is is a short-hand for working with systems that seed the environment with relevant data such as Jenkins. • with_grains (Specify True to include all grains, or specify a list of strings of grain names to include.) -- Include grains from the current minion in the event data as grains. • with_pillar (Specify True to include all Pillar values, or specify a list of strings of Pillar keys to include. It is a best-practice to only specify a relevant subset of Pillar data.) -- Include Pillar values from the current minion in the event data as pillar. Remember Pillar data is oen sensitive data so be careful. is is useful for passing ephemeral Pillar

562 Chapter 22. Reference Salt Documentation, Release 2014.7.6

values through an event. Such as passing the pillar={} kwarg in state.sls from the Master, through an event on the Minion, then back to the Master. • kwargs -- Any additional keyword arguments passed to this function will be interpreted as key-value pairs and included in the event data. is provides a convenient alternative to YAML for simple values. CLI Example:

salt-call event.send myco/mytag foo=Foo bar=Bar salt-call event.send 'myco/mytag' '{foo: Foo, bar: Bar}'

A convenient way to allow Jenkins to execute salt-call is via sudo. e following rule in sudoers will allow the jenkins user to run only the following command. /etc/sudoers (allow preserving the environment):

jenkins ALL=(ALL) NOPASSWD:SETENV: /usr/bin/salt-call event.send*

Call Jenkins via sudo (preserve the environment):

sudo -E salt-call event.send myco/jenkins/build/success with_env=[BUILD_ID, BUILD_URL, GIT_BRANCH, GIT_COMMIT]

22.16.54 salt.modules.extfs

Module for managing ext2/3/4 ﬁle systems salt.modules.extfs.attributes(device, args=None) Return aributes from dumpe2fs for a speciﬁed device CLI Example:

salt '*' extfs.attributes /dev/sda1 salt.modules.extfs.blocks(device, args=None) Return block and inode info from dumpe2fs for a speciﬁed device CLI Example:

salt '*' extfs.blocks /dev/sda1 salt.modules.extfs.dump(device, args=None) Return all contents of dumpe2fs for a speciﬁed device CLI Example:

salt '*' extfs.dump /dev/sda1 salt.modules.extfs.mkfs(device, fs_type, **kwargs) Create a ﬁle system on the speciﬁed device CLI Example:

salt '*' extfs.mkfs /dev/sda1 fs_type=ext4 opts='acl,noexec'

Valid options are: •blo_size: 1024, 2048 or 4096 •e: check for bad blocks •direct: use direct IO

22.16. Full list of builtin execution modules 563 Salt Documentation, Release 2014.7.6

•ext_opts: extended ﬁle system options (comma-separated) •fragment_size: size of fragments •force: seing force to True will cause mke2fs to specify the -F option twice (it is already set once); this is truly dangerous •blos_per_group: number of blocks in a block group •number_of_groups: ext4 option for a virtual block group •bytes_per_inode: set the bytes/inode ratio •inode_size: size of the inode •journal: set to True to create a journal (default on ext3/4) •journal_opts: options for the fs journal (comma separated) •blos_ﬁle: read bad blocks from ﬁle •label: label to apply to the ﬁle system •reserved: percentage of blocks reserved for super-user •last_dir: last mounted directory •test: set to True to not actually create the ﬁle system (mke2fs -n) •number_of_inodes: override default number of inodes •creator_os: override ``creator operating system'' ﬁeld •opts: mount options (comma separated) •revision: set the ﬁlesystem revision (default 1) •super: write superblock and group descriptors only •fs_type: set the ﬁlesystem type (REQUIRED) •usage_type: how the ﬁlesystem is going to be used •uuid: set the UUID for the ﬁle system See the mke2fs(8) manpage for a more complete description of these options. salt.modules.extfs.tune(device, **kwargs) Set aributes for the speciﬁed device (using tune2fs) CLI Example:

salt '*' extfs.tune /dev/sda1 force=True label=wildstallyns opts='acl,noexec'

Valid options are: •max: max mount count •count: mount count •error: error behavior •extended_opts: extended options (comma separated) •force: force, even if there are errors (set to True) •group: group name or gid that can use the reserved blocks •interval: interval between checks

564 Chapter 22. Reference Salt Documentation, Release 2014.7.6

•journal: set to True to create a journal (default on ext3/4) •journal_opts: options for the fs journal (comma separated) •label: label to apply to the ﬁle system •reserved: percentage of blocks reserved for super-user •last_dir: last mounted directory •opts: mount options (comma separated) •feature: set or clear a feature (comma separated) •mmp_e: mmp check interval •reserved: reserved blocks count •quota_opts: quota options (comma separated) •time: time last checked •user: user or uid who can use the reserved blocks •uuid: set the UUID for the ﬁle system See the mke2fs(8) manpage for a more complete description of these options.

22.16.55 salt.modules.file

Manage information about regular ﬁles, directories, and special ﬁles on the minion, set/read user, group, mode, and data salt.modules.file.access(path, mode) New in version 2014.1.0. Test whether the Salt process has the speciﬁed access to the ﬁle. One of the following modes must be speciﬁed: f: Test the existence of the path r: Test the readability of the path w: Test the writability of the path x: Test whether the path can be executed CLI Example:

salt '*' file.access /path/to/file f salt '*' file.access /path/to/file x salt.modules.file.append(path, *args, **kwargs) New in version 0.9.5. Append text to the end of a ﬁle path path to ﬁle args strings to append to ﬁle CLI Example:

salt '*' file.append /etc/motd \ "With all thine offerings thou shalt offer salt." \ "Salt is what makes things taste bad when it isn't in them."

Attention If you need to pass a string to append and that string contains an equal sign, you must include the argument name, args. For example:

22.16. Full list of builtin execution modules 565 Salt Documentation, Release 2014.7.6

salt '*' file.append /etc/motd args='cheese=spam'

salt '*' file.append /etc/motd args="['cheese=spam','spam=cheese']" salt.modules.file.blockreplace(path, marker_start='#-- start managed zone --`, marker_end='#-- end managed zone --`, content='`, append_if_not_found=False, prepend_if_not_found=False, backup='.bak', dry_run=False, show_changes=True) New in version 2014.1.0. Replace content of a text block in a ﬁle, delimited by line markers A block of content delimited by comments can help you manage several lines entries without worrying about old entries removal.

Note: is function will store two copies of the ﬁle in-memory (the original version and the edited version) in order to detect changes and only edit the targeted ﬁle if necessary.

path Filesystem path to the ﬁle to be edited marker_start e line content identifying a line as the start of the content block. Note that the whole line containing this marker will be considered, so whitespace or extra content before or aer the marker is included in ﬁnal output marker_end e line content identifying a line as the end of the content block. Note that the whole line containing this marker will be considered, so whitespace or extra content before or aer the marker is included in ﬁnal output content e content to be used between the two lines identiﬁed by marker_start and marker_stop. append_if_not_found [False] If markers are not found and set to True then, the markers and content will be appended to the ﬁle. prepend_if_not_found [False] If markers are not found and set to True then, the markers and content will be prepended to the ﬁle. baup e ﬁle extension to use for a backup of the ﬁle if any edit is made. Set to False to skip making a backup. dry_run Don't make any edits to the ﬁle. show_anges Output a uniﬁed diﬀ of the old ﬁle and the new ﬁle. If False, return a boolean if any changes were made.

CLI Example:

salt '*' file.blockreplace /etc/hosts '#-- start managed zone foobar : DO NOT EDIT --' \ '#-- end managed zone foobar --' $'10.0.1.1 foo.foobar\n10.0.1.2 bar.foobar' True salt.modules.file.check_file_meta(name, sfn, source, source_sum, user, group, mode, saltenv, template=None, contents=None) Check for the changes in the ﬁle metadata. CLI Example:

salt '*' file.check_file_meta /etc/httpd/conf.d/httpd.conf salt://http/httpd.conf '{hash_type: 'md5', 'hsum': }' root, root, '755' base

Note: Supported hash types include sha512, sha384, sha256, sha224, sha1, and md5.

566 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.file.check_hash(path, ﬁle_hash) Check if a ﬁle matches the given hash string Returns true if the hash matched, otherwise false. Raises ValueError if the hash was not formaed correctly. path A ﬁle path hash A string in the form :. For example: md5:e138491e9d5b97023cea823fe17bac22 CLI Example:

salt '*' file.check_hash /etc/fstab md5: salt.modules.file.check_managed(name, source, source_hash, user, group, mode, template, context, defaults, saltenv, contents=None, **kwargs) Check to see what changes need to be made for a ﬁle CLI Example:

salt '*' file.check_managed /etc/httpd/conf.d/httpd.conf salt://http/httpd.conf '{hash_type: 'md5', 'hsum': }' root, root, '755' jinja True None None base salt.modules.file.check_managed_changes(name, source, source_hash, user, group, mode, tem- plate, context, defaults, saltenv, contents=None, **kwargs) Return a dictionary of what changes need to be made for a ﬁle CLI Example:

salt '*' file.check_managed_changes /etc/httpd/conf.d/httpd.conf salt://http/httpd.conf '{hash_type: 'md5', 'hsum': }' root, root, '755' jinja True None None base salt.modules.file.check_perms(name, ret, user, group, mode, follow_symlinks=False) Check the permissions on ﬁles and chown if needed CLI Example:

salt '*' file.check_perms /etc/sudoers '{}' root root 400

Changed in version 2014.1.3: follow_symlinks option added salt.modules.file.chgrp(path, group) Change the group of a ﬁle path path to the ﬁle or directory group group owner CLI Example:

salt '*' file.chgrp /etc/passwd root salt.modules.file.chown(path, user, group) Chown a ﬁle, pass the ﬁle the desired user and group path path to the ﬁle or directory user user owner group group owner CLI Example:

salt '*' file.chown /etc/passwd root root

22.16. Full list of builtin execution modules 567 Salt Documentation, Release 2014.7.6 salt.modules.file.comment(path, regex, char='#', backup='.bak') Deprecated since version 0.17.0: Use replace() instead. Comment out speciﬁed lines in a ﬁle path e full path to the ﬁle to be edited regex A regular expression used to ﬁnd the lines that are to be commented; this paern will be wrapped in parenthesis and will move any preceding/trailing ^ or $ characters outside the parenthesis (e.g., the paern ^foo$ will be rewrien as ^(foo)$) ar [#] e character to be inserted at the beginning of a line in order to comment it out baup [.bak] e ﬁle will be backed up before edit with this ﬁle extension

Warning: is backup will be overwrien each time sed / comment / uncomment is called. Meaning the backup will only be useful aer the ﬁrst invocation.

CLI Example:

salt '*' file.comment /etc/modules pcspkr salt.modules.file.contains(path, text) Deprecated since version 0.17.0: Use search() instead. Return True if the ﬁle at path contains text CLI Example:

salt '*' file.contains /etc/crontab 'mymaintenance.sh' salt.modules.file.contains_glob(path, glob_expr) Deprecated since version 0.17.0: Use search() instead. Return True if the given glob matches a string in the named ﬁle CLI Example:

salt '*' file.contains_glob /etc/foobar '*cheese*' salt.modules.file.contains_regex(path, regex, lchar='`) Deprecated since version 0.17.0: Use search() instead. Return True if the given regular expression matches on any line in the text of a given ﬁle. If the lchar argument (leading char) is speciﬁed, it will strip lchar from the le side of each line before trying to match CLI Example:

salt '*' file.contains_regex /etc/crontab salt.modules.file.contains_regex_multiline(path, regex) Deprecated since version 0.17.0: Use search() instead. Return True if the given regular expression matches anything in the text of a given ﬁle Traverses multiple lines at a time, via the salt BuﬀeredReader (reads in chunks) CLI Example:

salt '*' file.contains_regex_multiline /etc/crontab '^maint'

568 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.file.copy(src, dst, recurse=False, remove_existing=False) Copy a ﬁle or directory from source to dst In order to copy a directory, the recurse ﬂag is required, and will by default overwrite ﬁles in the destination with the same path, and retain all other existing ﬁles. (similar to cp -r on unix) remove_existing will remove all ﬁles in the target directory, and then copy ﬁles from the source. CLI Example:

salt '*' file.copy /path/to/src /path/to/dst salt '*' file.copy /path/to/src_dir /path/to/dst_dir recurse=True salt '*' file.copy /path/to/src_dir /path/to/dst_dir recurse=True remove_existing=True salt.modules.file.delete_backup(path, backup_id) New in version 0.17.0. Delete a previous version of a ﬁle that was backed up using Salt's ﬁle state backup system. path e path on the minion to check for backups baup_id e numeric id for the backup you wish to delete, as found using file.list_backups CLI Example:

salt '*' file.restore_backup /foo/bar/baz.txt 0 salt.modules.file.directory_exists(path) Tests to see if path is a valid directory. Returns True/False. CLI Example:

salt '*' file.directory_exists /etc salt.modules.file.extract_hash(hash_fn, hash_type='sha256', ﬁle_name='`) is routine is called from the file.managed state to pull a hash from a remote ﬁle. Regular expressions are used line by line on the source_hash ﬁle, to ﬁnd a potential candidate of the indicated hash type. is avoids many problems of arbitrary ﬁle lay out rules. It speciﬁcally permits pulling hash codes from debian *.dsc ﬁles. For example:

openerp_7.0-latest-1.tar.gz: file.managed: - name: /tmp/openerp_7.0-20121227-075624-1_all.deb - source: http://nightly.openerp.com/7.0/nightly/deb/openerp_7.0-20121227-075624-1.tar.gz - source_hash: http://nightly.openerp.com/7.0/nightly/deb/openerp_7.0-20121227-075624-1.dsc

CLI Example:

salt '*' file.extract_hash /etc/foo sha512 /path/to/hash/file salt.modules.file.file_exists(path) Tests to see if path is a valid ﬁle. Returns True/False. CLI Example:

salt '*' file.file_exists /etc/passwd salt.modules.file.find(path, **kwargs) Approximate the Unix find(1) command and return a list of paths that meet the speciﬁed criteria. e options include match criteria:

22.16. Full list of builtin execution modules 569 Salt Documentation, Release 2014.7.6

name = path-glob # case sensitive iname = path-glob # case insensitive regex = path-regex # case sensitive iregex = path-regex # case insensitive type = file-types # match any listed type user = users # match any listed user group = groups # match any listed group size = [+-]number[size-unit] # default unit = byte mtime = interval # modified since date grep = regex # search file contents

and/or actions:

delete [= file-types] # default type = 'f' exec = command [arg ...] # where {} is replaced by pathname print [= print-opts]

e default action is `print=path'. ﬁle-glob:

* = match zero or more chars ? = match any char [abc] = match a, b, or c [!abc] or [^abc] = match anything except a, b, and c [x-y] = match chars x through y [!x-y] or [^x-y] = match anything except chars x through y {a,b,c} = match a or b or c

path-regex: a Python re (regular expression) paern to match pathnames ﬁle-types: a string of one or more of the following:

a: all file types b: block device c: character device d: directory p: FIFO (named pipe) f: plain file l: symlink s: socket

users: a space and/or comma separated list of user names and/or uids groups: a space and/or comma separated list of group names and/or gids size-unit:

b: bytes k: kilobytes m: megabytes g: gigabytes t: terabytes

interval:

[w] [d] [h] [m] [s]

where: w: week d: day

570 Chapter 22. Reference Salt Documentation, Release 2014.7.6

h: hour m: minute s: second

print-opts: a comma and/or space separated list of one or more of the following: group: group name md5: MD5 digest of file contents mode: file permissions (as integer) mtime: last modification time (as time_t) name: file basename path: file absolute path size: file size in bytes type: file type user: user name

CLI Examples:

salt '*' file.find / type=f name=\*.bak size=+10m salt '*' file.find /var mtime=+30d size=+10m print=path,size,mtime salt '*' file.find /var/log name=\*.[0-9] mtime=+30d size=+10m delete salt.modules.file.get_devmm(name) Get major/minor info from a device CLI Example:

salt '*' file.get_devmm /dev/chr salt.modules.file.get_diff(minionﬁle, masterﬁle, env=None, saltenv='base') Return uniﬁed diﬀ of ﬁle compared to ﬁle on master CLI Example:

salt '*' file.get_diff /home/fred/.vimrc salt://users/fred/.vimrc salt.modules.file.get_gid(path, follow_symlinks=True) Return the id of the group that owns a given ﬁle path ﬁle or directory of which to get the gid follow_symlinks indicated if symlinks should be followed CLI Example:

salt '*' file.get_gid /etc/passwd

Changed in version 0.16.4: follow_symlinks option added salt.modules.file.get_group(path, follow_symlinks=True) Return the group that owns a given ﬁle path ﬁle or directory of which to get the group follow_symlinks indicated if symlinks should be followed CLI Example:

salt '*' file.get_group /etc/passwd

Changed in version 0.16.4: follow_symlinks option added

22.16. Full list of builtin execution modules 571 Salt Documentation, Release 2014.7.6 salt.modules.file.get_hash(path, form='sha256', chunk_size=4096) Get the hash sum of a ﬁle is is better than get_sum for the following reasons: • It does not read the entire ﬁle into memory. • It does not return a string on error. e returned value of get_sum cannot really be trusted since it is vulnerable to collisions: get_sum(..., 'xyz') == 'Hash xyz not sup- ported' path path to the ﬁle or directory form desired sum format unk_size amount to sum at once CLI Example:

salt '*' file.get_hash /etc/shadow salt.modules.file.get_managed(name, template, source, source_hash, user, group, mode, saltenv, context, defaults, **kwargs) Return the managed ﬁle data for ﬁle.managed name location where the ﬁle lives on the server template template format source managed source ﬁle source_hash hash of the source ﬁle user user owner group group owner mode ﬁle mode context variables to add to the environment default default values of for context_dict CLI Example:

salt '*' file.get_managed /etc/httpd/conf.d/httpd.conf jinja salt://http/httpd.conf '{hash_type: 'md5', 'hsum': }' root root '755' base None None salt.modules.file.get_mode(path, follow_symlinks=True) Return the mode of a ﬁle path ﬁle or directory of which to get the mode follow_symlinks indicated if symlinks should be followed CLI Example:

salt '*' file.get_mode /etc/passwd

Changed in version 2014.1.0: follow_symlinks option added salt.modules.file.get_selinux_context(path) Get an SELinux context from a given path CLI Example:

salt '*' file.get_selinux_context /etc/hosts

572 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.file.get_sum(path, form='sha256') Return the sum for the given ﬁle, default is md5, sha1, sha224, sha256, sha384, sha512 are supported path path to the ﬁle or directory form desired sum format CLI Example:

salt '*' file.get_sum /etc/passwd sha512 salt.modules.file.get_uid(path, follow_symlinks=True) Return the id of the user that owns a given ﬁle path ﬁle or directory of which to get the uid follow_symlinks indicated if symlinks should be followed CLI Example:

salt '*' file.get_uid /etc/passwd

Changed in version 0.16.4: follow_symlinks option added salt.modules.file.get_user(path, follow_symlinks=True) Return the user that owns a given ﬁle path ﬁle or directory of which to get the user follow_symlinks indicated if symlinks should be followed CLI Example:

salt '*' file.get_user /etc/passwd

Changed in version 0.16.4: follow_symlinks option added salt.modules.file.gid_to_group(gid) Convert the group id to the group name on this system gid gid to convert to a group name CLI Example:

salt '*' file.gid_to_group 0 salt.modules.file.grep(path, paern, *args) Grep for a string in the speciﬁed ﬁle

Note: is function's return value is slated for reﬁnement in future versions of Salt

path A ﬁle path pattern A string. For example: test a[0-5] args grep options. For example: " -v" " -i -B2"

CLI Example:

salt '*' file.grep /etc/passwd nobody salt '*' file.grep /etc/sysconfig/network-scripts/ifcfg-eth0 ipaddr " -i" salt '*' file.grep /etc/sysconfig/network-scripts/ifcfg-eth0 ipaddr " -i -B2" salt '*' file.grep "/etc/sysconfig/network-scripts/*" ipaddr " -i -l"

22.16. Full list of builtin execution modules 573 Salt Documentation, Release 2014.7.6 salt.modules.file.group_to_gid(group) Convert the group to the gid on this system group group to convert to its gid CLI Example:

salt '*' file.group_to_gid root salt.modules.file.is_blkdev(name) Check if a ﬁle exists and is a block device. CLI Example:

salt '*' file.is_blkdev /dev/blk salt.modules.file.is_chrdev(name) Check if a ﬁle exists and is a character device. CLI Example:

salt '*' file.is_chrdev /dev/chr salt.modules.file.is_fifo(name) Check if a ﬁle exists and is a FIFO. CLI Example:

salt '*' file.is_fifo /dev/fifo salt.modules.file.is_link(path) Check if the path is a symlink CLI Example:

salt '*' file.is_link /path/to/link salt.modules.file.join(*args) Return a normalized ﬁle system path for the underlying OS New in version 2014.7.0. is can be useful at the CLI but is frequently useful when scripting combining path variables:

{% set www_root = '/var' %} {% set app_dir = 'myapp' %}

myapp_config: file: - managed - name: {{ salt['file.join'](www_root, app_dir, 'config.yaml') }}

CLI Example:

salt '*' file.join '/' 'usr' 'local' 'bin' salt.modules.file.lchown(path, user, group) Chown a ﬁle, pass the ﬁle the desired user and group without following symlinks. path path to the ﬁle or directory user user owner group group owner

574 Chapter 22. Reference Salt Documentation, Release 2014.7.6

CLI Example:

salt '*' file.chown /etc/passwd root root salt.modules.file.link(src, path) New in version 2014.1.0. Create a hard link to a ﬁle CLI Example:

salt '*' file.link /path/to/file /path/to/link salt.modules.file.list_backups(path, limit=None) New in version 0.17.0. Lists the previous versions of a ﬁle backed up using Salt's ﬁle state backup system. path e path on the minion to check for backups limit Limit the number of results to the most recent N backups CLI Example:

salt '*' file.list_backups /foo/bar/baz.txt salt.modules.file.lstat(path) New in version 2014.1.0. Returns the lstat aributes for the given ﬁle or dir. Does not support symbolic links. CLI Example:

salt '*' file.lstat /path/to/file salt.modules.file.makedirs_(path, user=None, group=None, mode=None) Ensure that the directory containing this path is available.

Note: e path must end with a trailing slash otherwise the directory/directories will be created up to the parent directory. For example if path is /opt/code, then it would be treated as /opt/ but if the path ends with a trailing slash like /opt/code/, then it would be treated as /opt/code/.

CLI Example:

salt '*' file.makedirs /opt/code/ salt.modules.file.makedirs_perms(name, user=None, group=None, mode=`0755') Taken and modiﬁed from os.makedirs to set user, group and mode for each directory created. CLI Example:

salt '*' file.makedirs_perms /opt/code salt.modules.file.manage_file(name, sfn, ret, source, source_sum, user, group, mode, saltenv, backup, makedirs=False, template=None, show_diﬀ=True, con- tents=None, dir_mode=None, follow_symlinks=True) Checks the destination against what was retrieved with get_managed and makes the appropriate modiﬁcations (if necessary). name location to place the ﬁle

22.16. Full list of builtin execution modules 575 Salt Documentation, Release 2014.7.6

sfn location of cached ﬁle on the minion is is the path to the ﬁle stored on the minion. is ﬁle is placed on the minion using cp.cache_ﬁle. If the hash sum of that ﬁle matches the source_sum, we do not transfer the ﬁle to the minion again. is ﬁle is then grabbed and if it has template set, it renders the ﬁle to be placed into the correct place on the system using salt.ﬁles.utils.copyﬁle() source ﬁle reference on the master source_hash sum hash for source user user owner group group owner baup backup_mode makedirs make directories if they do not exist template format of templating show_diﬀ Include diﬀ in state return contents: contents to be placed in the ﬁle dir_mode mode for directories created with makedirs CLI Example:

salt '*' file.manage_file /etc/httpd/conf.d/httpd.conf '' '{}' salt://http/httpd.conf '{hash_type: 'md5', 'hsum': }' root root '755' base ''

Changed in version 2014.7.0: follow_symlinks option added salt.modules.file.mkdir(dir_path, user=None, group=None, mode=None) Ensure that a directory is available. CLI Example:

salt '*' file.mkdir /opt/jetty/context salt.modules.file.mknod(name, ntype, major=0, minor=0, user=None, group=None, mode=`0600') New in version 0.17.0. Create a block device, character device, or ﬁfo pipe. Identical to the gnu mknod. CLI Examples:

salt '*' file.mknod /dev/chr c 180 31 salt '*' file.mknod /dev/blk b 8 999 salt '*' file.nknod /dev/fifo p salt.modules.file.mknod_blkdev(name, major, minor, user=None, group=None, mode=`0660') New in version 0.17.0. Create a block device. CLI Example:

salt '*' file.mknod_blkdev /dev/blk 8 999 salt.modules.file.mknod_chrdev(name, major, minor, user=None, group=None, mode=`0660') New in version 0.17.0. Create a character device.

576 Chapter 22. Reference Salt Documentation, Release 2014.7.6

CLI Example:

salt '*' file.mknod_chrdev /dev/chr 180 31 salt.modules.file.mknod_fifo(name, user=None, group=None, mode=`0660') New in version 0.17.0. Create a FIFO pipe. CLI Example:

salt '*' file.mknod_fifo /dev/fifo salt.modules.file.open_files(by_pid=False) Return a list of all physical open ﬁles on the system. CLI Examples: salt `*' ﬁle.open_ﬁles salt `*' ﬁle.open_ﬁles by_pid=True salt.modules.file.pardir() Return the relative parent directory path symbol for underlying OS New in version 2014.7.0. is can be useful when constructing Salt Formulas.

{% set pardir = salt['file.pardir']() %} {% set final_path = salt['file.join']('subdir', pardir, 'confdir') %}

CLI Example:

salt '*' file.pardir salt.modules.file.patch(originalﬁle, patchﬁle, options='`, dry_run=False) New in version 0.10.4. Apply a patch to a ﬁle Equivalent to:

patch

originalﬁle e full path to the ﬁle or directory to be patched patﬁle A patch ﬁle to apply to originalfile options Options to pass to patch.

CLI Example:

salt '*' file.patch /opt/file.txt /tmp/file.txt.patch salt.modules.file.path_exists_glob(path) Tests to see if path aer expansion is a valid path (ﬁle or directory). Expansion allows usage of ? * and character ranges []. Tilde expansion is not supported. Returns True/False. New in version Hellium. CLI Example:

salt '*' file.path_exists_glob /etc/pam*/pass*

22.16. Full list of builtin execution modules 577 Salt Documentation, Release 2014.7.6 salt.modules.file.prepend(path, *args, **kwargs) New in version 2014.7.0. Prepend text to the beginning of a ﬁle path path to ﬁle args strings to prepend to the ﬁle CLI Example:

salt '*' file.prepend /etc/motd \ "With all thine offerings thou shalt offer salt." \ "Salt is what makes things taste bad when it isn't in them."

Attention If you need to pass a string to append and that string contains an equal sign, you must include the argument name, args. For example:

salt '*' file.prepend /etc/motd args='cheese=spam'

salt '*' file.prepend /etc/motd args="['cheese=spam','spam=cheese']" salt.modules.file.psed(path, before, aer, limit='`, backup='.bak', ﬂags='gMS', escape_all=False, multi=False) Deprecated since version 0.17.0: Use replace() instead. Make a simple edit to a ﬁle (pure Python version) Equivalent to:

sed "// s/// "

path e full path to the ﬁle to be edited before A paern to ﬁnd in order to replace with after aer Text that will replace before limit [''] An initial paern to search for before searching for before baup [.bak] e ﬁle will be backed up before edit with this ﬁle extension; WARNING: each time sed/comment/uncomment is called will overwrite this backup ﬂags [gMS] Flags to modify the sear. Valid values are: • g: Replace all occurrences of the paern, not just the ﬁrst. • I: Ignore case. • L: Make \w, \W, \b, \B, \s and \S dependent on the locale. • M: Treat multiple lines as a single line. • S: Make . match all characters, including newlines. • U: Make \w, \W, \b, \B, \d, \D, \s and \S dependent on Unicode. • X: Verbose (whitespace is ignored). multi: False If True, treat the entire ﬁle as a single line

578 Chapter 22. Reference Salt Documentation, Release 2014.7.6

Forward slashes and single quotes will be escaped automatically in the before and after paerns. CLI Example:

salt '*' file.sed /etc/httpd/httpd.conf 'LogLevel warn' 'LogLevel info' salt.modules.file.readdir(path) New in version 2014.1.0. Return a list containing the contents of a directory CLI Example:

salt '*' file.readdir /path/to/dir/ salt.modules.file.readlink(path) New in version 2014.1.0. Return the path that a symlink points to CLI Example:

salt '*' file.readlink /path/to/link salt.modules.file.remove(path) Remove the named ﬁle CLI Example:

salt '*' file.remove /tmp/foo salt.modules.file.rename(src, dst) Rename a ﬁle or directory CLI Example:

salt '*' file.rename /path/to/src /path/to/dst salt.modules.file.replace(path, paern, repl, count=0, ﬂags=0, bufsize=1, ap- pend_if_not_found=False, prepend_if_not_found=False, not_found_content=None, backup='.bak', dry_run=False, search_only=False, show_changes=True) New in version 0.17.0. Replace occurrences of a paern in a ﬁle is is a pure Python implementation that wraps Python's sub(). Parameters • path -- Filesystem path to the ﬁle to be edited • pattern -- Python's regular expression search hps://docs.python.org/2/library/re.html

salt '*' file.replace /path/to/file pattern="bind-address\s*=" repl='bind-address:'

Parameters • repl -- e replacement text • count -- Maximum number of paern occurrences to be replaced

22.16. Full list of builtin execution modules 579 Salt Documentation, Release 2014.7.6

• flags (list or int) -- A list of ﬂags deﬁned in the re module documentation. Each list item should be a string that will correlate to the human-friendly ﬂag name. E.g., ['IGNORE- CASE', 'MULTILINE']. Note: multiline searches must specify file as the bufsize argument below. • bufsize (int or str) -- How much of the ﬁle to buﬀer into memory at once. e default value 1 processes one line at a time. e special value file may be speciﬁed which will read the entire ﬁle into memory before processing. Note: multiline searches must specify file buﬀering. • append_if_not_found -- If paern is not found and set to True then, the content will be appended to the ﬁle. New in version 2014.7.0. • prepend_if_not_found -- If paern is not found and set to True then, the content will be prepended to the ﬁle. New in version 2014.7.0. • not_found_content -- Content to use for append/prepend if not found. If None (de- fault), uses repl. Useful when repl uses references to group in paern. New in version 2014.7.0. • backup -- e ﬁle extension to use for a backup of the ﬁle before editing. Set to False to skip making a backup. • dry_run -- Don't make any edits to the ﬁle • search_only -- Just search for the paern; ignore the replacement; stop on the ﬁrst match • show_changes -- Output a uniﬁed diﬀ of the old ﬁle and the new ﬁle. If False return a boolean if any changes were made. Note: using this option will store two copies of the ﬁle in-memory (the original version and the edited version) in order to generate the diﬀ. Return type bool or str

salt '*' file.replace /path/to/file pattern='=' repl=':'

CLI Example:

salt '*' file.replace /etc/httpd/httpd.conf pattern='LogLevel warn' repl='LogLevel info' salt '*' file.replace /some/file pattern='before' repl='after' flags='[MULTILINE, IGNORECASE]' salt.modules.file.restore_backup(path, backup_id) New in version 0.17.0. Restore a previous version of a ﬁle that was backed up using Salt's ﬁle state backup system. path e path on the minion to check for backups baup_id e numeric id for the backup you wish to restore, as found using file.list_backups CLI Example:

salt '*' file.restore_backup /foo/bar/baz.txt 0

580 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.file.restorecon(path, recursive=False) Reset the SELinux context on a given path CLI Example:

salt '*' file.restorecon /home/user/.ssh/authorized_keys salt.modules.file.rmdir(path) New in version 2014.1.0. Remove the speciﬁed directory. Fails if a directory is not empty. CLI Example:

salt '*' file.rmdir /tmp/foo/ salt.modules.file.search(path, paern, ﬂags=0, bufsize=1) New in version 0.17.0. Search for occurrences of a paern in a ﬁle Params are identical to replace(). CLI Example:

salt '*' file.search /etc/crontab 'mymaintenance.sh' salt.modules.file.sed(path, before, aer, limit='`, backup='.bak', options='-r -e', ﬂags='g', es- cape_all=False, negate_match=False) Deprecated since version 0.17.0: Use replace() instead. Make a simple edit to a ﬁle Equivalent to:

sed "// s/// "

Forward slashes and single quotes will be escaped automatically in the before and after paerns. CLI Example:

salt '*' file.sed /etc/httpd/httpd.conf 'LogLevel warn' 'LogLevel info'

22.16. Full list of builtin execution modules 581 Salt Documentation, Release 2014.7.6 salt.modules.file.sed_contains(path, text, limit='`, ﬂags='g') Deprecated since version 0.17.0: Use search() instead. Return True if the ﬁle at path contains text. Utilizes sed to perform the search (line-wise search). Note: the p ﬂag will be added to any ﬂags you pass in. CLI Example:

salt '*' file.contains /etc/crontab 'mymaintenance.sh' salt.modules.file.seek_read(path, size, oﬀset) New in version 2014.1.0. Seek to a position on a ﬁle and read it path path to ﬁle seek amount to read at once oﬀset oﬀset to start into the ﬁle CLI Example:

salt '*' file.seek_read /path/to/file 4096 0 salt.modules.file.seek_write(path, data, oﬀset) New in version 2014.1.0. Seek to a position on a ﬁle and write to it path path to ﬁle data data to write to ﬁle oﬀset position in ﬁle to start writing CLI Example:

salt '*' file.seek_write /path/to/file 'some data' 4096 salt.modules.file.set_mode(path, mode) Set the mode of a ﬁle path ﬁle or directory of which to set the mode mode mode to set the path to CLI Example:

salt '*' file.set_mode /etc/passwd 0644 salt.modules.file.set_selinux_context(path, user=None, role=None, type=None, range=None) Set a speciﬁc SELinux label on a given path CLI Example:

salt '*' file.set_selinux_context path salt.modules.file.source_list(source, source_hash, saltenv) Check the source list and return the source to use CLI Example:

salt '*' file.source_list salt://http/httpd.conf '{hash_type: 'md5', 'hsum': }' base

582 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.file.stats(path, hash_type=None, follow_symlinks=True) Return a dict containing the stats for a given ﬁle CLI Example:

salt '*' file.stats /etc/passwd salt.modules.file.statvfs(path) New in version 2014.1.0. Perform a statvfs call against the ﬁlesystem that the ﬁle resides on CLI Example:

salt '*' file.statvfs /path/to/file salt.modules.file.symlink(src, path) Create a symbolic link to a ﬁle CLI Example:

salt '*' file.symlink /path/to/file /path/to/link salt.modules.file.touch(name, atime=None, mtime=None) New in version 0.9.5. Just like the touch command, create a ﬁle if it doesn't exist or simply update the atime and mtime if it already does. atime: Access time in Unix epoch time mtime: Last modiﬁcation in Unix epoch time CLI Example:

salt '*' file.touch /var/log/emptyfile salt.modules.file.truncate(path, length) New in version 2014.1.0. Seek to a position on a ﬁle and delete everything aer that point path path to ﬁle length oﬀset into ﬁle to truncate CLI Example:

salt '*' file.truncate /path/to/file 512 salt.modules.file.uid_to_user(uid) Convert a uid to a user name uid uid to convert to a username CLI Example:

salt '*' file.uid_to_user 0 salt.modules.file.uncomment(path, regex, char='#', backup='.bak') Deprecated since version 0.17.0: Use replace() instead. Uncomment speciﬁed commented lines in a ﬁle path e full path to the ﬁle to be edited

22.16. Full list of builtin execution modules 583 Salt Documentation, Release 2014.7.6

regex A regular expression used to ﬁnd the lines that are to be uncommented. is regex should not include the comment character. A leading ^ character will be stripped for convenience (for easily switching between comment() and uncomment()). ar [#] e character to remove in order to uncomment a line baup [.bak] e ﬁle will be backed up before edit with this ﬁle extension; WARNING: each time sed/comment/uncomment is called will overwrite this backup CLI Example:

salt '*' file.uncomment /etc/hosts.deny 'ALL: PARANOID' salt.modules.file.user_to_uid(user) Convert user name to a uid user user name to convert to its uid CLI Example:

salt '*' file.user_to_uid root salt.modules.file.write(path, *args, **kwargs) New in version 2014.7.0. Write text to a ﬁle, overwriting any existing contents. path path to ﬁle args strings to write to the ﬁle CLI Example:

salt '*' file.write /etc/motd \ "With all thine offerings thou shalt offer salt."

Attention If you need to pass a string to append and that string contains an equal sign, you must include the argument name, args. For example:

salt '*' file.write /etc/motd args='cheese=spam'

salt '*' file.write /etc/motd args="['cheese=spam','spam=cheese']"

22.16.56 salt.modules.freebsd_sysctl

Module for viewing and modifying sysctl parameters salt.modules.freebsd_sysctl.assign(name, value) Assign a single sysctl parameter for this minion CLI Example:

salt '*' sysctl.assign net.inet.icmp.icmplim 50 salt.modules.freebsd_sysctl.get(name) Return a single sysctl parameter for this minion CLI Example:

584 Chapter 22. Reference Salt Documentation, Release 2014.7.6

salt '*' sysctl.get hw.physmem salt.modules.freebsd_sysctl.persist(name, value, conﬁg='/etc/sysctl.conf') Assign and persist a simple sysctl parameter for this minion CLI Example:

salt '*' sysctl.persist net.inet.icmp.icmplim 50 salt '*' sysctl.persist coretemp_load NO config=/boot/loader.conf salt.modules.freebsd_sysctl.show(conﬁg_ﬁle=False) Return a list of sysctl parameters for this minion CLI Example:

salt '*' sysctl.show

22.16.57 salt.modules.freebsdjail

e jail module for FreeBSD salt.modules.freebsdjail.fstab(jail) Display contents of a fstab(5) ﬁle deﬁned in speciﬁed jail's conﬁguration. If no ﬁle is deﬁned, return False. CLI Example:

salt '*' jail.fstab salt.modules.freebsdjail.get_enabled() Return which jails are set to be run CLI Example:

salt '*' jail.get_enabled salt.modules.freebsdjail.is_enabled() See if jail service is actually enabled on boot CLI Example:

salt '*' jail.is_enabled salt.modules.freebsdjail.restart(jail='`) Restart the speciﬁed jail or all, if none speciﬁed CLI Example:

salt '*' jail.restart [] salt.modules.freebsdjail.show_config(jail) Display speciﬁed jail's conﬁguration CLI Example:

salt '*' jail.show_config salt.modules.freebsdjail.start(jail='`) Start the speciﬁed jail or all, if none speciﬁed CLI Example:

22.16. Full list of builtin execution modules 585 Salt Documentation, Release 2014.7.6

salt '*' jail.start [] salt.modules.freebsdjail.status(jail) See if speciﬁed jail is currently running CLI Example:

salt '*' jail.status salt.modules.freebsdjail.stop(jail='`) Stop the speciﬁed jail or all, if none speciﬁed CLI Example:

salt '*' jail.stop [] salt.modules.freebsdjail.sysctl() Dump all jail related kernel states (sysctl) CLI Example:

salt '*' jail.sysctl

22.16.58 salt.modules.freebsdkmod

Module to manage FreeBSD kernel modules salt.modules.freebsdkmod.available() Return a list of all available kernel modules CLI Example:

salt '*' kmod.available salt.modules.freebsdkmod.check_available(mod) Check to see if the speciﬁed kernel module is available CLI Example:

salt '*' kmod.check_available vmm salt.modules.freebsdkmod.is_loaded(mod) Check to see if the speciﬁed kernel module is loaded CLI Example:

salt '*' kmod.is_loaded vmm salt.modules.freebsdkmod.load(mod, persist=False) Load the speciﬁed kernel module mod Name of the module to add persist Write the module to sysrc kld_modules to make it load on system reboot CLI Example:

salt '*' kmod.load bhyve

586 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.freebsdkmod.lsmod() Return a dict containing information about currently loaded modules CLI Example:

salt '*' kmod.lsmod salt.modules.freebsdkmod.mod_list(only_persist=False) Return a list of the loaded module names CLI Example:

salt '*' kmod.mod_list salt.modules.freebsdkmod.remove(mod, persist=False) Remove the speciﬁed kernel module CLI Example:

salt '*' kmod.remove vmm

22.16.59 salt.modules.freebsdpkg

Remote package support using pkg_add(1)

Warning: is module has been completely rewrien. Up to and including version 0.17.0, it supported pkg_add(1), but checked for the existence of a pkgng local database and, if found, would provide some of pkgng's functionality. e rewrite of this module has removed all pkgng support, and moved it to the pkgng execution module. For versions <= 0.17.0, the documentation here should not be considered accurate. If your Min- ion is running one of these versions, then the documentation for this module can be viewed using the sys.doc function:

salt bsdminion sys.doc pkg

is module acts as the default package provider for FreeBSD 9 and older. If you need to use pkgng on a FreeBSD 9 system, you will need to override the pkg provider by seing the providers parameter in your Minion conﬁg ﬁle, in order to use pkgng. providers: pkg: pkgng

More information on pkgng support can be found in the documentation for the pkgng module. is module will respect the PACKAGEROOT and PACKAGESITE environment variables, if set, but these values can also be overridden in several ways: 1. Salt conﬁguration parameters. e conﬁguration parameters freebsdpkg.PACKAGEROOT and freeb- sdpkg.PACKAGESITE are recognized. ese conﬁg parameters are looked up using config.get and can thus be speciﬁed in the Master conﬁg ﬁle, Grains, Pillar, or in the Minion conﬁg ﬁle. Example:

freebsdpkg.PACKAGEROOT: ftp://ftp.freebsd.org/ freebsdpkg.PACKAGESITE: ftp://ftp.freebsd.org/pub/FreeBSD/ports/ia64/packages-9-stable/Latest/

2. CLI arguments. Both the packageroot (used interchangeably with fromrepo for API compatibility) and packagesite CLI arguments are recognized, and override their conﬁg counterparts from section 1 above.

22.16. Full list of builtin execution modules 587 Salt Documentation, Release 2014.7.6

salt -G 'os:FreeBSD' pkg.install zsh fromrepo=ftp://ftp2.freebsd.org/ salt -G 'os:FreeBSD' pkg.install zsh packageroot=ftp://ftp2.freebsd.org/ salt -G 'os:FreeBSD' pkg.install zsh packagesite=ftp://ftp2.freebsd.org/pub/FreeBSD/ports/ia64/packages-9-stable/Latest/

.. note::

These arguments can also be passed through in states:

.. code-block:: yaml

zsh: pkg.installed: - fromrepo: ftp://ftp2.freebsd.org/ salt.modules.freebsdpkg.file_dict(*packages) List the ﬁles that belong to a package, grouped by package. Not specifying any packages will return a list of _every_ ﬁle on the system's package database (not generally recommended). CLI Examples:

salt '*' pkg.file_list httpd salt '*' pkg.file_list httpd postfix salt '*' pkg.file_list salt.modules.freebsdpkg.file_list(*packages) List the ﬁles that belong to a package. Not specifying any packages will return a list of _every_ ﬁle on the system's package database (not generally recommended). CLI Examples:

salt '*' pkg.file_list httpd salt '*' pkg.file_list httpd postfix salt '*' pkg.file_list salt.modules.freebsdpkg.install(name=None, refresh=False, fromrepo=None, pkgs=None, sources=None, **kwargs) Install package(s) using pkg_add(1) name e name of the package to be installed. refresh Whether or not to refresh the package database before installing. fromrepo or paageroot Specify a package repository from which to install. Overrides the system default, as well as the PACKAGEROOT environment variable. paagesite Specify the exact directory from which to install the remote package. Overrides the PACKAGE- SITE environment variable, if present. Multiple Package Installation Options: pkgs A list of packages to install from a soware repository. Must be passed as a python list. CLI Example:

salt '*' pkg.install pkgs='["foo", "bar"]'

sources A list of packages to install. Must be passed as a list of dicts, with the keys being package names, and the values being the source URI or local path to the package. CLI Example:

588 Chapter 22. Reference Salt Documentation, Release 2014.7.6

salt '*' pkg.install sources='[{"foo": "salt://foo.deb"}, {"bar": "salt://bar.deb"}]'

Return a dict containing the new package names and versions:

{'':{'old': '', 'new': ''}}

CLI Example:

salt '*' pkg.install salt.modules.freebsdpkg.latest_version(*names, **kwargs) pkg_add(1) is not capable of querying for remote packages, so this function will always return results as if there is no package available for install or upgrade. CLI Example:

salt '*' pkg.latest_version salt '*' pkg.latest_version ... salt.modules.freebsdpkg.list_pkgs(versions_as_list=False, with_origin=False, **kwargs) List the packages currently installed as a dict:

{'': ''}

with_origin [False] Return a nested dictionary containing both the origin name and version for each installed package. New in version 2014.1.0.

CLI Example:

salt '*' pkg.list_pkgs salt.modules.freebsdpkg.refresh_db() pkg_add(1) does not use a local database of available packages, so this function simply returns True. it exists merely for API compatibility. CLI Example:

salt '*' pkg.refresh_db salt.modules.freebsdpkg.remove(name=None, pkgs=None, **kwargs) Remove packages using pkg_delete(1) name e name of the package to be deleted. Multiple Package Options: pkgs A list of packages to delete. Must be passed as a python list. e name parameter will be ignored if this option is passed. New in version 0.16.0. Returns a dict containing the changes. CLI Example:

salt '*' pkg.remove salt '*' pkg.remove ,, salt '*' pkg.remove pkgs='["foo", "bar"]'

22.16. Full list of builtin execution modules 589 Salt Documentation, Release 2014.7.6 salt.modules.freebsdpkg.upgrade() Upgrades are not supported with pkg_add(1). is function is included for API compatibility only and always returns an empty dict. CLI Example:

salt '*' pkg.upgrade salt.modules.freebsdpkg.version(*names, **kwargs) Returns a string representing the package version or an empty string if not installed. If more than one package name is speciﬁed, a dict of name/version pairs is returned. with_origin [False] Return a nested dictionary containing both the origin name and version for each speciﬁed package. New in version 2014.1.0. CLI Example:

salt '*' pkg.version salt '*' pkg.version ...

22.16.60 salt.modules.freebsdports

Install soware from the FreeBSD ports(7) system New in version 2014.1.0. is module allows you to install ports using BATCH=yes to bypass conﬁguration prompts. It is recommended to use the the ports state to install ports, but it it also possible to use this module exclusively from the command line. salt minion-id ports.config security/nmap IPV6=off salt minion-id ports.install security/nmap salt.modules.freebsdports.config(name, reset=False, **kwargs) Modify conﬁguration options for a given port. Multiple options can be speciﬁed. To see the available options for a port, use ports.showconfig. name e port name, in category/name format reset [False] If True, runs a make rmconfig for the port, clearing its conﬁguration before seing the desired options CLI Examples:

salt '*' ports.config security/nmap IPV6=off salt.modules.freebsdports.deinstall(name) De-install a port. CLI Example:

salt '*' ports.deinstall security/nmap salt.modules.freebsdports.install(name, clean=True) Install a port from the ports tree. Installs using BATCH=yes for non-interactive building. To set conﬁg options for a given port, use ports.config. clean [True] If True, cleans aer installation. Equivalent to running make install clean BATCH=yes.

590 Chapter 22. Reference Salt Documentation, Release 2014.7.6

Note: It may be helpful to run this function using the -t option to set a higher timeout, since compiling a port may cause the Salt command to exceed the default timeout.

CLI Example:

salt -t 1200 '*' ports.install security/nmap salt.modules.freebsdports.list_all() Lists all ports available. CLI Example:

salt '*' ports.list_all

Warning: Takes a while to run, and returns a LOT of output salt.modules.freebsdports.rmconfig(name) Clear the cached options for the speciﬁed port; run a make rmconfig name e name of the port to clear CLI Example:

salt '*' ports.rmconfig security/nmap salt.modules.freebsdports.search(name) Search for matches in the ports tree. Globs are supported, and the category is optional CLI Examples:

salt '*' ports.search 'security/*' salt '*' ports.search 'security/n*' salt '*' ports.search nmap

Warning: Takes a while to run salt.modules.freebsdports.showconfig(name, default=False, dict_return=False) Show the conﬁguration options for a given port. default [False] Show the default options for a port (not necessarily the same as the current conﬁguration) dict_return [False] Instead of returning the output of make showconfig, return the data in an dictionary CLI Example:

salt '*' ports.showconfig security/nmap salt '*' ports.showconfig security/nmap default=True salt.modules.freebsdports.update(extract=False) Update the ports tree extract [False] If True, runs a portsnap extract aer fetching, should be used for ﬁrst-time installation of the ports tree. CLI Example:

salt '*' ports.update

22.16. Full list of builtin execution modules 591 Salt Documentation, Release 2014.7.6

22.16.61 salt.modules.freebsdservice

e service module for FreeBSD salt.modules.freebsdservice.available(name) Check that the given service is available. CLI Example:

salt '*' service.available sshd salt.modules.freebsdservice.disable(name, **kwargs) Disable the named service to start at boot Arguments the same as for enable() CLI Example:

salt '*' service.disable salt.modules.freebsdservice.disabled(name) Return True if the named service is enabled, false otherwise CLI Example:

salt '*' service.disabled salt.modules.freebsdservice.enable(name, **kwargs) Enable the named service to start at boot name service name conﬁg [/etc/rc.con] Conﬁg ﬁle for managing service. If conﬁg value is empty string, then /etc/rc.conf.d/ used. See man rc.conf(5) for details. Also service.conﬁg variable can be used to change default. CLI Example:

salt '*' service.enable salt.modules.freebsdservice.enabled(name) Return True if the named service is enabled, false otherwise name Service name CLI Example:

salt '*' service.enabled salt.modules.freebsdservice.get_all() Return a list of all available services CLI Example:

salt '*' service.get_all salt.modules.freebsdservice.get_disabled() Return what services are available but not enabled to start at boot CLI Example:

salt '*' service.get_disabled

592 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.freebsdservice.get_enabled() Return what services are set to run on boot CLI Example:

salt '*' service.get_enabled salt.modules.freebsdservice.missing(name) e inverse of service.available. Returns True if the speciﬁed service is not available, otherwise returns False. CLI Example:

salt '*' service.missing sshd salt.modules.freebsdservice.reload_(name) Restart the named service CLI Example:

salt '*' service.reload salt.modules.freebsdservice.restart(name) Restart the named service CLI Example:

salt '*' service.restart salt.modules.freebsdservice.start(name) Start the speciﬁed service CLI Example:

salt '*' service.start salt.modules.freebsdservice.status(name, sig=None) Return the status for a service (True or False). name Name of service CLI Example:

salt '*' service.status salt.modules.freebsdservice.stop(name) Stop the speciﬁed service CLI Example:

salt '*' service.stop

22.16.62 salt.modules.gem

Manage ruby gems. salt.modules.gem.install(gems, ruby=None, runas=None, version=None, rdoc=False, ri=False, proxy=None) Installs one or several gems. gems e gems to install

22.16. Full list of builtin execution modules 593 Salt Documentation, Release 2014.7.6

ruby [None] If RVM or rbenv are installed, the ruby version and gemset to use. runas [None] e user to run gem as. version [None] Specify the version to install for the gem. Doesn't play nice with multiple gems at once rdoc [False] Generate RDoc documentation for the gem(s). ri [False] Generate RI documentation for the gem(s). proxy [None] Use the speciﬁed HTTP proxy server for all outgoing traﬃc. Format: hp://hostname[:port] CLI Example:

salt '*' gem.install vagrant salt.modules.gem.list_(preﬁx='`, ruby=None, runas=None) List locally installed gems. preﬁx : Only list gems when the name matches this preﬁx. ruby [None] If RVM or rbenv are installed, the ruby version and gemset to use. runas [None] e user to run gem as. CLI Example:

salt '*' gem.list salt.modules.gem.sources_add(source_uri, ruby=None, runas=None) Add a gem source. source_uri e source URI to add. ruby [None] If RVM or rbenv are installed, the ruby version and gemset to use. runas [None] e user to run gem as. CLI Example:

salt '*' gem.sources_add http://rubygems.org/ salt.modules.gem.sources_list(ruby=None, runas=None) List the conﬁgured gem sources. ruby [None] If RVM or rbenv are installed, the ruby version and gemset to use. runas [None] e user to run gem as. CLI Example:

salt '*' gem.sources_list salt.modules.gem.sources_remove(source_uri, ruby=None, runas=None) Remove a gem source. source_uri e source URI to remove. ruby [None] If RVM or rbenv are installed, the ruby version and gemset to use. runas [None] e user to run gem as. CLI Example:

salt '*' gem.sources_remove http://rubygems.org/

594 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.gem.uninstall(gems, ruby=None, runas=None) Uninstall one or several gems. gems e gems to uninstall. ruby [None] If RVM or rbenv are installed, the ruby version and gemset to use. runas [None] e user to run gem as. CLI Example:

salt '*' gem.uninstall vagrant salt.modules.gem.update(gems, ruby=None, runas=None) Update one or several gems. gems e gems to update. ruby [None] If RVM or rbenv are installed, the ruby version and gemset to use. runas [None] e user to run gem as. CLI Example:

salt '*' gem.update vagrant salt.modules.gem.update_system(version='`, ruby=None, runas=None) Update rubygems. version [(newest)] e version of rubygems to install. ruby [None] If RVM or rbenv are installed, the ruby version and gemset to use. runas [None] e user to run gem as. CLI Example:

salt '*' gem.update_system

22.16.63 salt.modules.genesis

Module for managing container and VM images New in version 2014.7.0. salt.modules.genesis.avail_platforms() Return which platforms are available CLI Example:

salt myminion genesis.avail_platforms salt.modules.genesis.bootstrap(platform, root, img_format='dir', fs_format='ext2', arch=None, ﬂa- vor=None, repo_url=None, static_qemu=None) Create an image for a speciﬁc platform. Please note that this function MUST be run as root, as images that are created make ﬁles belonging to root. platform Which platform to use to create the image. Currently supported platforms are rpm, deb and pacman. root Local path to create the root of the image ﬁlesystem. img_format Which format to create the image in. By default, just copies ﬁles into a directory on the local ﬁlesystem (dir). Future support will exist for sparse.

22.16. Full list of builtin execution modules 595 Salt Documentation, Release 2014.7.6

fs_format When using a non-dir img_format, which ﬁlesystem to format the image to. By default, ext2. ar Architecture to install packages for, if supported by the underlying bootstrap tool. Currently only used for deb. ﬂavor Which ﬂavor of operating system to install. is correlates to a speciﬁc directory on the distribution repositories. For instance, wheezy on Debian. repo_url Mainly important for Debian-based repos. Base URL for the mirror to install from. (e.x.: hp://p.debian.org/debian/) static_qemu Local path to the static qemu binary required for this arch. (e.x.: /usr/bin/qemu-amd64-static) pkg_confs e location of the conf ﬁles to copy into the image, to point the installer to the right repos and conﬁguration. CLI Examples:

salt myminion genesis.bootstrap pacman /root/arch salt myminion genesis.bootstrap rpm /root/redhat salt myminion genesis.bootstrap deb /root/wheezy arch=amd64 flavor=wheezy static_qemu=/usr/bin/qemu-x86_64-static salt.modules.genesis.pack(name, root, path=None, pack_format='tar', compress='bzip2') Pack up a directory structure, into a speciﬁc format CLI Examples:

salt myminion genesis.pack centos /root/centos salt myminion genesis.pack centos /root/centos pack_format='tar' salt.modules.genesis.unpack(name, dest=None, path=None, pack_format='tar', compress='bz2') Unpack an image into a directory structure CLI Example:

salt myminion genesis.unpack centos /root/centos

22.16.64 salt.modules.gentoo_service

Top level package command wrapper, used to translate the os detected by grains to the correct service manager salt.modules.gentoo_service.available(name) Returns True if the speciﬁed service is available, otherwise returns False. CLI Example:

salt '*' service.available sshd salt.modules.gentoo_service.disable(name, **kwargs) Disable the named service to start at boot CLI Example:

salt '*' service.disable salt.modules.gentoo_service.disabled(name) Return True if the named service is enabled, false otherwise CLI Example:

salt '*' service.disabled

596 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.gentoo_service.enable(name, **kwargs) Enable the named service to start at boot CLI Example:

salt '*' service.enable salt.modules.gentoo_service.enabled(name) Return True if the named service is enabled, false otherwise CLI Example:

salt '*' service.enabled salt.modules.gentoo_service.get_all() Return all available boot services CLI Example:

salt '*' service.get_all salt.modules.gentoo_service.get_disabled() Return a set of services that are installed but disabled CLI Example:

salt '*' service.get_disabled salt.modules.gentoo_service.get_enabled() Return a list of service that are enabled on boot CLI Example:

salt '*' service.get_enabled salt.modules.gentoo_service.missing(name) e inverse of service.available. Returns True if the speciﬁed service is not available, otherwise returns False. CLI Example:

salt '*' service.missing sshd salt.modules.gentoo_service.restart(name) Restart the named service CLI Example:

salt '*' service.restart salt.modules.gentoo_service.start(name) Start the speciﬁed service CLI Example:

salt '*' service.start salt.modules.gentoo_service.status(name, sig=None) Return the status for a service, returns the PID or an empty string if the service is running or not, pass a signature to use to ﬁnd the service via ps CLI Example:

22.16. Full list of builtin execution modules 597 Salt Documentation, Release 2014.7.6

salt '*' service.status [service signature] salt.modules.gentoo_service.stop(name) Stop the speciﬁed service CLI Example:

salt '*' service.stop

22.16.65 salt.modules.gentoolkitmod

Support for Gentoolkit salt.modules.gentoolkitmod.eclean_dist(destructive=False, package_names=False, size_limit=0, time_limit=0, fetch_restricted=False, exclude_ﬁle='/etc/eclean/distﬁles.exclude') Clean obsolete portage sources destructive Only keep minimum for reinstallation paage_names Protect all versions of installed packages. Only meaningful if used with destructive=True size_limit Don't delete distﬁles bigger than . is a size speciﬁcation: ``10M'' is ``ten megabytes'', ``200K'' is ``two hundreds kilobytes'', etc. Units are: G, M, K and B. time_limit Don't delete distﬁles ﬁles modiﬁed since is an amount of time: ``1y'' is ``one year'', ``2w'' is ``two weeks'', etc. Units are: y (years), m (months), w (weeks), d (days) and h (hours). fet_restricted Protect fetch-restricted ﬁles. Only meaningful if used with destructive=True exclude_ﬁle Path to exclusion ﬁle. Default is /etc/eclean/distﬁles.exclude is is the same default eclean-dist uses. Use None if this ﬁle exists and you want to ignore. Returns a dict containing the cleaned, saved, and deprecated dists:

{'cleaned':{: }, 'deprecated':{: }, 'saved':{: }, 'total_cleaned': }

CLI Example:

salt '*' gentoolkit.eclean_dist destructive=True salt.modules.gentoolkitmod.eclean_pkg(destructive=False, package_names=False, time_limit=0, exclude_ﬁle='/etc/eclean/packages.exclude') Clean obsolete binary packages destructive Only keep minimum for reinstallation paage_names Protect all versions of installed packages. Only meaningful if used with destructive=True time_limit Don't delete distﬁles ﬁles modiﬁed since is an amount of time: ``1y'' is ``one year'', ``2w'' is ``two weeks'', etc. Units are: y (years), m (months), w (weeks), d (days) and h (hours). exclude_ﬁle Path to exclusion ﬁle. Default is /etc/eclean/packages.exclude is is the same default eclean-pkg uses. Use None if this ﬁle exists and you want to ignore. Returns a dict containing the cleaned binary packages:

598 Chapter 22. Reference Salt Documentation, Release 2014.7.6

{'cleaned':{: }, 'total_cleaned': }

CLI Example:

salt '*' gentoolkit.eclean_pkg destructive=True salt.modules.gentoolkitmod.glsa_check_list(glsa_list) List the status of Gentoo Linux Security Advisories glsa_list can contain an arbitrary number of GLSA ids, ﬁlenames containing GLSAs or the special identiﬁers `all' and `aﬀected' Returns a dict containing glsa ids with a description, status, and CVEs:

{:{'description': , 'status': , 'CVEs':[]}}

CLI Example:

salt '*' gentoolkit.glsa_check_list 'affected' salt.modules.gentoolkitmod.revdep_rebuild(lib=None) Fix up broken reverse dependencies lib Search for reverse dependencies for a particular library rather than every library on the system. It can be a full path to a library or basic regular expression. CLI Example:

salt '*' gentoolkit.revdep_rebuild

22.16.66 salt.modules.git

Support for the Git SCM salt.modules.git.add(cwd, ﬁle_name, user=None, opts=None) add a ﬁle to git cwd e path to the Git repository ﬁle_name Path to the ﬁle in the cwd opts [None] Any additional options to add to the command line user [None] Run git as a user other than what the minion runs as CLI Example:

salt '*' git.add /path/to/git/repo /path/to/file salt.modules.git.archive(cwd, output, rev='HEAD', fmt=None, preﬁx=None, user=None) Export a tarball from the repository cwd e path to the Git repository output e path to the archive tarball rev: HEAD e revision to create an archive from fmt: None Format of the resulting archive, zip and tar are commonly used

22.16. Full list of builtin execution modules 599 Salt Documentation, Release 2014.7.6

preﬁx [None] Prepend

/ to every ﬁlename in the archive user [None] Run git as a user other than what the minion runs as If prefix is not speciﬁed it defaults to the basename of the repo directory. CLI Example:

salt '*' git.archive /path/to/repo /path/to/archive.tar.gz salt.modules.git.branch(cwd, rev, opts=None, user=None) Interacts with branches. cwd e path to the Git repository rev e branch/revision to be used in the command. opts [None] Any additional options to add to the command line user [None] Run git as a user other than what the minion runs as CLI Example:

salt '*' git.branch mybranch --set-upstream-to=origin/mybranch salt.modules.git.checkout(cwd, rev, force=False, opts=None, user=None) Checkout a given revision cwd e path to the Git repository rev e remote branch or revision to checkout force [False] Force a checkout even if there might be overwrien changes opts [None] Any additional options to add to the command line user [None] Run git as a user other than what the minion runs as CLI Examples:

salt '*' git.checkout /path/to/repo somebranch user=jeff

salt '*' git.checkout /path/to/repo opts='testbranch -- conf/file1 file2'

salt '*' git.checkout /path/to/repo rev=origin/mybranch opts=--track salt.modules.git.clone(cwd, repository, opts=None, user=None, identity=None) Clone a new repository cwd e path to the Git repository repository e git URI of the repository opts [None] Any additional options to add to the command line user [None] Run git as a user other than what the minion runs as identity [None] A path to a private key to use over SSH CLI Example:

salt '*' git.clone /path/to/repo git://github.com/saltstack/salt.git

salt '*' git.clone /path/to/repo.git\ git://github.com/saltstack/salt.git '--bare --origin github'

600 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.git.commit(cwd, message, user=None, opts=None) create a commit cwd e path to the Git repository message e commit message opts [None] Any additional options to add to the command line user [None] Run git as a user other than what the minion runs as CLI Example:

salt '*' git.commit /path/to/git/repo 'The commit message' salt.modules.git.config_get(cwd=None, seing_name=None, user=None) Get a key or keys from the git conﬁguration ﬁle (.git/conﬁg). cwd [None] Optional path to a Git repository Changed in version 2014.7.0: Made cwd optional setting_name [None] e name of the conﬁguration key to get. Required. user [None] Run git as a user other than what the minion runs as CLI Example:

salt '*' git.config_get setting_name=user.email salt '*' git.config_get /path/to/repo user.name arthur salt.modules.git.config_set(cwd=None, seing_name=None, seing_value=None, user=None, is_global=False) Set a key in the git conﬁguration ﬁle (.git/conﬁg) of the repository or globally. cwd [None] Options path to the Git repository Changed in version 2014.7.0: Made cwd optional setting_name [None] e name of the conﬁguration key to set. Required. setting_value [None] e (new) value to set. Required. user [None] Run git as a user other than what the minion runs as is_global [False] Set to True to use the `--global' ﬂag with `git conﬁg' CLI Example:

salt '*' git.config_set /path/to/repo user.email [emailprotected] salt.modules.git.current_branch(cwd, user=None) Returns the current branch name, if on a branch. CLI Example:

salt '*' git.current_branch /path/to/repo salt.modules.git.describe(cwd, rev='HEAD', user=None) Returns the git describe string (or the SHA hash if there are no tags) for the given revision cwd e path to the Git repository rev: HEAD e revision to describe user [None] Run git as a user other than what the minion runs as

22.16. Full list of builtin execution modules 601 Salt Documentation, Release 2014.7.6

CLI Examples:

salt '*' git.describe /path/to/repo

salt '*' git.describe /path/to/repo develop salt.modules.git.fetch(cwd, opts=None, user=None, identity=None) Perform a fetch on the given repository cwd e path to the Git repository opts [None] Any additional options to add to the command line user [None] Run git as a user other than what the minion runs as identity [None] A path to a private key to use over SSH CLI Example:

salt '*' git.fetch /path/to/repo '--all'

salt '*' git.fetch cwd=/path/to/repo opts='--all' user=johnny salt.modules.git.init(cwd, opts=None, user=None) Initialize a new git repository cwd e path to the Git repository opts [None] Any additional options to add to the command line user [None] Run git as a user other than what the minion runs as CLI Example:

salt '*' git.init /path/to/repo.git opts='--bare' salt.modules.git.ls_remote(cwd, repository='origin', branch='master', user=None, identity=None) Returns the upstream hash for any given URL and branch. cwd e path to the Git repository repository: origin e name of the repository to get the revision from. Can be the name of a remote, an URL, etc. bran: master e name of the branch to get the revision from. user [none] run git as a user other than what the minion runs as identity [none] a path to a private key to use over ssh CLI Example:

salt '*' git.ls_remote /pat/to/repo origin master salt.modules.git.merge(cwd, branch='@{upstream}', opts=None, user=None) Merge a given branch cwd e path to the Git repository bran [@{upstream}] e remote branch or revision to merge into the current branch opts [None] Any additional options to add to the command line user [None] Run git as a user other than what the minion runs as CLI Example:

602 Chapter 22. Reference Salt Documentation, Release 2014.7.6

salt '*' git.fetch /path/to/repo salt '*' git.merge /path/to/repo @{upstream} salt.modules.git.pull(cwd, opts=None, user=None, identity=None) Perform a pull on the given repository cwd e path to the Git repository opts [None] Any additional options to add to the command line user [None] Run git as a user other than what the minion runs as identity [None] A path to a private key to use over SSH CLI Example:

salt '*' git.pull /path/to/repo opts='--rebase origin master' salt.modules.git.push(cwd, remote_name, branch='master', user=None, opts=None, identity=None) Push to remote cwd e path to the Git repository remote_name Name of the remote to push to bran [master] Name of the branch to push opts [None] Any additional options to add to the command line user [None] Run git as a user other than what the minion runs as identity [None] A path to a private key to use over SSH CLI Example:

salt '*' git.push /path/to/git/repo remote-name salt.modules.git.rebase(cwd, rev='master', opts=None, user=None) Rebase the current branch cwd e path to the Git repository rev [master] e revision to rebase onto the current branch opts [None] Any additional options to add to the command line user [None] Run git as a user other than what the minion runs as CLI Example:

salt '*' git.rebase /path/to/repo master salt '*' git.rebase /path/to/repo 'origin master'

at is the same as:

git rebase master git rebase origin master salt.modules.git.remote_get(cwd, remote='origin', user=None) get the fetch and push URL for a speciﬁed remote name remote [origin] the remote name used to deﬁne the fetch and push URL user [None] Run git as a user other than what the minion runs as

22.16. Full list of builtin execution modules 603 Salt Documentation, Release 2014.7.6

CLI Example:

salt '*' git.remote_get /path/to/repo salt '*' git.remote_get /path/to/repo upstream salt.modules.git.remote_set(cwd, name='origin', url=None, user=None) sets a remote with name and URL like git remote add remote_name [origin] deﬁnes the remote name remote_url [None] deﬁnes the remote URL; should not be None! user [None] Run git as a user other than what the minion runs as CLI Example:

salt '*' git.remote_set /path/to/repo [emailprotected]:saltstack/salt.git salt '*' git.remote_set /path/to/repo origin [emailprotected]:saltstack/salt.git salt.modules.git.remotes(cwd, user=None) Get remotes like git remote -v cwd e path to the Git repository user [None] Run git as a user other than what the minion runs as CLI Example:

salt '*' git.remotes /path/to/repo salt.modules.git.reset(cwd, opts=None, user=None) Reset the repository checkout cwd e path to the Git repository opts [None] Any additional options to add to the command line user [None] Run git as a user other than what the minion runs as CLI Example:

salt '*' git.reset /path/to/repo master salt.modules.git.revision(cwd, rev='HEAD', short=False, user=None) Returns the long hash of a given identiﬁer (hash, branch, tag, HEAD, etc) cwd e path to the Git repository rev: HEAD e revision short: False Return an abbreviated SHA1 git hash user [None] Run git as a user other than what the minion runs as CLI Example:

salt '*' git.revision /path/to/repo mybranch salt.modules.git.rm(cwd, ﬁle_name, user=None, opts=None) Remove a ﬁle from git cwd e path to the Git repository ﬁle_name Path to the ﬁle in the cwd opts [None] Any additional options to add to the command line

604 Chapter 22. Reference Salt Documentation, Release 2014.7.6

user [None] Run git as a user other than what the minion runs as CLI Example:

salt '*' git.rm /path/to/git/repo /path/to/file salt.modules.git.stash(cwd, opts=None, user=None) Stash changes in the repository checkout cwd e path to the Git repository opts [None] Any additional options to add to the command line user [None] Run git as a user other than what the minion runs as CLI Example:

salt '*' git.stash /path/to/repo master salt.modules.git.status(cwd, user=None) Return the status of the repository. e returned format uses the status codes of git's `porcelain' output mode cwd e path to the Git repository user [None] Run git as a user other than what the minion runs as CLI Example:

salt '*' git.status /path/to/git/repo salt.modules.git.submodule(cwd, init=True, opts=None, user=None, identity=None) Initialize git submodules cwd e path to the Git repository init [True] Ensure that new submodules are initialized opts [None] Any additional options to add to the command line user [None] Run git as a user other than what the minion runs as identity [None] A path to a private key to use over SSH CLI Example:

salt '*' git.submodule /path/to/repo.git/sub/repo

22.16.67 salt.modules.glance

Module for handling openstack glance calls. optdepends • glanceclient Python adapter conﬁguration is module is not usable until the following are speciﬁed either in a pillar or in the minion's conﬁg ﬁle:

keystone.user: admin keystone.password: verybadpass keystone.tenant: admin keystone.tenant_id: f80919baedab48ec8931f200c65a50df keystone.insecure: False #(optional) keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'

22.16. Full list of builtin execution modules 605 Salt Documentation, Release 2014.7.6

If conﬁguration for multiple openstack accounts is required, they can be set up as diﬀerent conﬁg- uration proﬁles: For example:

openstack1: keystone.user: admin keystone.password: verybadpass keystone.tenant: admin keystone.tenant_id: f80919baedab48ec8931f200c65a50df keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'

openstack2: keystone.user: admin keystone.password: verybadpass keystone.tenant: admin keystone.tenant_id: f80919baedab48ec8931f200c65a50df keystone.auth_url: 'http://127.0.0.2:5000/v2.0/'

With this conﬁguration in place, any of the keystone functions can make use of a conﬁguration proﬁle by declaring it explicitly. For example:

salt '*' glance.image_list profile=openstack1 salt.modules.glance.image_create(proﬁle=None, **kwargs) Create an image (glance image-create) CLI Example:

salt '*' glance.image_create name=f16-jeos is_public=true \ disk_format=qcow2 container_format=ovf \ copy_from=http://berrange.fedorapeople.org/images/2012-02-29/f16-x86_64-openstack-sda.qcow2

For all possible values, run glance help image-create on the minion. salt.modules.glance.image_delete(id=None, name=None, proﬁle=None) Delete an image (glance image-delete) CLI Examples:

salt '*' glance.image_delete c2eb2eb0-53e1-4a80-b990-8ec887eae7df salt '*' glance.image_delete id=c2eb2eb0-53e1-4a80-b990-8ec887eae7df salt '*' glance.image_delete name=f16-jeos salt.modules.glance.image_list(id=None, proﬁle=None) Return a list of available images (glance image-list) CLI Example:

salt '*' glance.image_list salt.modules.glance.image_show(id=None, name=None, proﬁle=None) Return details about a speciﬁc image (glance image-show) CLI Example:

salt '*' glance.image_get

22.16.68 salt.modules.glusterfs

Manage a glusterfs pool

606 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.glusterfs.create(name, bricks, stripe=False, replica=False, device_vg=False, trans- port='tcp', start=False) Create a glusterfs volume. name Name of the gluster volume bris Bricks to create volume from, in : format. For multiple bricks use list format: `['':'', ``:'']' stripe Stripe count, the number of bricks should be a multiple of the stripe count for a distributed striped volume replica Replica count, the number of bricks should be a multiple of the replica count for a distributed replicated volume device_vg If true, speciﬁes volume should use block backend instead of regular posix backend. Block device backend volume does not support multiple bricks transport Transport protocol to use, can be `tcp', `rdma' or `tcp,rdma' start Start the volume aer creation CLI Example:

salt host1 glusterfs.create newvolume host1:/brick

salt gluster1 glusterfs.create vol2 '["gluster1:/export/vol2/brick", "gluster2:/export/vol2/brick"]' replica=2 start=True salt.modules.glusterfs.delete(target, stop=True) Deletes a gluster volume target Volume to delete stop Stop volume before delete if it is started, True by default salt.modules.glusterfs.list_peers() Return a list of gluster peers CLI Example:

salt '*' glusterfs.list_peers salt.modules.glusterfs.list_volumes() List conﬁgured volumes CLI Example:

salt '*' glusterfs.list_volumes salt.modules.glusterfs.peer(name) Add another node into the peer list. name e remote host to probe. CLI Example:

salt 'one.gluster.*' glusterfs.peer two salt.modules.glusterfs.start_volume(name) Start a gluster volume. name Volume name CLI Example:

22.16. Full list of builtin execution modules 607 Salt Documentation, Release 2014.7.6

salt '*' glusterfs.start mycluster salt.modules.glusterfs.status(name) Check the status of a gluster volume. name Volume name CLI Example:

salt '*' glusterfs.status myvolume salt.modules.glusterfs.stop_volume(name) Stop a gluster volume. name Volume name CLI Example:

salt '*' glusterfs.stop_volume mycluster

22.16.69 salt.modules.gnomedesktop

GNOME implementations salt.modules.gnomedesktop.get(schema=None, key=None, user=None, **kwargs) Get key in a particular GNOME schema CLI Example:

salt '*' gnome.get user= schema=org.gnome.desktop.screensaver key=idle-activation-enabled salt.modules.gnomedesktop.getClockFormat(**kwargs) Return the current clock format, either 12h or 24h format. CLI Example:

salt '*' gnome.getClockFormat user= salt.modules.gnomedesktop.getClockShowDate(**kwargs) Return the current seing, if the date is shown in the clock CLI Example:

salt '*' gnome.getClockShowDate user= salt.modules.gnomedesktop.getIdleActivation(**kwargs) Get whether the idle activation is enabled CLI Example:

salt '*' gnome.getIdleActivation user= salt.modules.gnomedesktop.getIdleDelay(**kwargs) Return the current idle delay seing in seconds CLI Example:

salt '*' gnome.getIdleDelay user=

608 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.gnomedesktop.ping(**kwargs) A test to ensure the GNOME module is loaded CLI Example:

salt '*' gnome.ping user= salt.modules.gnomedesktop.setClockFormat(clockFormat, **kwargs) Set the clock format, either 12h or 24h format. CLI Example:

salt '*' gnome.setClockFormat <12h|24h> user= salt.modules.gnomedesktop.setClockShowDate(kvalue, **kwargs) Set whether the date is visible in the clock CLI Example:

salt '*' gnome.setClockShowDate user= salt.modules.gnomedesktop.setIdleActivation(kvalue, **kwargs) Set whether the idle activation is enabled CLI Example:

salt '*' gnome.setIdleActivation user= salt.modules.gnomedesktop.setIdleDelay(delaySeconds, **kwargs) Set the current idle delay seing in seconds CLI Example:

salt '*' gnome.setIdleDelay user= salt.modules.gnomedesktop.set_(schema=None, key=None, user=None, value=None, **kwargs) Set key in a particular GNOME schema CLI Example:

salt '*' gnome.set user= schema=org.gnome.desktop.screensaver key=idle-activation-enabled value=False

22.16.70 salt.modules.grains

Return/control aspects of the grains data salt.modules.grains.append(key, val, convert=False, delimiter=':') New in version 0.17.0. Append a value to a list in the grains conﬁg ﬁle. If the grain doesn't exist, the grain key is added and the value is appended to the new grain as a list item. key e grain key to be appended to val e value to append to the grain key

Parameters • convert -- If convert is True, convert non-list contents into a list. If convert is False and the grain contains non-list contents, an error is given. Defaults to False.

22.16. Full list of builtin execution modules 609 Salt Documentation, Release 2014.7.6

• delimiter -- e key can be a nested dict key. Use this parameter to specify the delimiter you use. You can now append values to a list in nested dictionnary grains. If the list doesn't exist at this level, it will be created. .. versionadded:: 2014.7.6

CLI Example:

salt '*' grains.append key val salt.modules.grains.delval(key, destructive=False) New in version 0.17.0. Delete a grain from the grains conﬁg ﬁle Parameters destructive -- Delete the key, too. Defaults to False. CLI Example:

salt '*' grains.delval key salt.modules.grains.filter_by(lookup_dict, grain='os_family', merge=None, default='default') New in version 0.17.0. Look up the given grain in a given dictionary for the current OS and return the result Although this may occasionally be useful at the CLI, the primary intent of this function is for use in Jinja to make short work of creating lookup tables for OS-speciﬁc data. For example:

{% set apache = salt['grains.filter_by']({ 'Debian': {'pkg': 'apache2', 'srv': 'apache2'}, 'RedHat': {'pkg': 'httpd', 'srv': 'httpd'}, }), default='Debian' %}

myapache: pkg.installed: - name: {{ apache.pkg }} service.running: - name: {{ apache.srv }}

Values in the lookup table may be overridden by values in Pillar. An example Pillar to override values in the example above could be as follows:

apache: lookup: pkg: apache_13 srv: apache

e call to filter_by() would be modiﬁed as follows to reference those Pillar values:

{% set apache = salt['grains.filter_by']({ ... }, merge=salt['pillar.get']('apache:lookup')) %}

Parameters • lookup_dict -- A dictionary, keyed by a grain, containing a value or values relevant to systems matching that grain. For example, a key could be the grain for an OS and the value could the name of a package on that particular OS. • grain -- e name of a grain to match with the current system's grains. For example, the value of the ``os_family'' grain for the current system could be used to pull values from the lookup_dict dictionary.

610 Chapter 22. Reference Salt Documentation, Release 2014.7.6

• merge -- A dictionary to merge with the lookup_dict before doing the lookup. is allows Pillar to override the values in the lookup_dict. is could be useful, for exam- ple, to override the values for non-standard package names such as when using a diﬀerent Python version from the default Python version provided by the OS (e.g., python26- mysql instead of python-mysql). • default -- default lookup_dict's key used if the grain does not exists or if the grain value has no match on lookup_dict. New in version 2014.1.0.

CLI Example:

salt '*' grains.filter_by '{Debian: Debheads rule, RedHat: I love my hat}' # this one will render {D: {E: I, G: H}, J: K} salt '*' grains.filter_by '{A: B, C: {D: {E: F,G: H}}}' 'xxx' '{D: {E: I},J: K}' 'C' salt.modules.grains.get(key, default='`, delimiter=':') Aempt to retrieve the named value from grains, if the named value is not available return the passed default. e default return is an empty string. e value can also represent a value in a nested dict using a '':'' delimiter for the dict. is means that if a dict in grains looks like this:

{'pkg':{'apache': 'httpd'}}

To retrieve the value associated with the apache key in the pkg dict this key can be passed:

pkg:apache

delimiter Specify an alternate delimiter to use when traversing a nested dict New in version 2014.7.0.

CLI Example:

salt '*' grains.get pkg:apache salt.modules.grains.get_or_set_hash(name, length=8, chars='abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(- _=+)') Perform a one-time generation of a hash and write it to the local grains. If that grain has already been set return the value instead. is is useful for generating passwords or keys that are speciﬁc to a single minion that don't need to be stored somewhere centrally. State Example:

some_mysql_user: mysql_user: - present - host: localhost - password: {{ salt['grains.get_or_set_hash']('mysql:some_mysql_user') }}

CLI Example:

salt '*' grains.get_or_set_hash 'django:SECRET_KEY' 50

22.16. Full list of builtin execution modules 611 Salt Documentation, Release 2014.7.6

Warning: is function could return strings which may contain characters which are reserved as directives by the YAML parser, such as strings beginning with %. To avoid issues when using the output of this function in an SLS ﬁle containing YAML+Jinja, surround the call with single quotes. salt.modules.grains.has_value(key) Determine whether a named value exists in the grains dictionary. Given a grains dictionary that contains the following structure:

{'pkg':{'apache': 'httpd'}}

One would determine if the apache key in the pkg dict exists by:

pkg:apache

CLI Example:

salt '*' grains.has_value pkg:apache salt.modules.grains.item(*args, **kwargs) Return one or more grains CLI Example:

salt '*' grains.item os salt '*' grains.item os osrelease oscodename

Sanitized CLI Example:

salt '*' grains.item host sanitize=True salt.modules.grains.items(sanitize=False) Return all of the minion's grains CLI Example:

salt '*' grains.items

Sanitized CLI Example:

salt '*' grains.items sanitize=True salt.modules.grains.ls() Return a list of all available grains CLI Example:

salt '*' grains.ls salt.modules.grains.remove(key, val) New in version 0.17.0. Remove a value from a list in the grains conﬁg ﬁle CLI Example:

salt '*' grains.remove key val salt.modules.grains.setval(key, val, destructive=False) Set a grains value in the grains conﬁg ﬁle

612 Chapter 22. Reference Salt Documentation, Release 2014.7.6

Parameters Destructive -- If an operation results in a key being removed, delete the key, too. Defaults to False. CLI Example:

salt '*' grains.setval key val salt '*' grains.setval key "{'sub-key': 'val', 'sub-key2': 'val2'}" salt.modules.grains.setvals(grains, destructive=False) Set new grains values in the grains conﬁg ﬁle Parameters Destructive -- If an operation results in a key being removed, delete the key, too. Defaults to False. CLI Example:

salt '*' grains.setvals "{'key1': 'val1', 'key2': 'val2'}"

22.16.71 salt.modules.groupadd

Manage groups on Linux and OpenBSD salt.modules.groupadd.add(name, gid=None, system=False) Add the speciﬁed group CLI Example:

salt '*' group.add foo 3456 salt.modules.groupadd.adduser(name, username) Add a user in the group. CLI Example:

salt '*' group.adduser foo bar

Veriﬁes if a valid username `bar' as a member of an existing group `foo', if not then adds it. salt.modules.groupadd.chgid(name, gid) Change the gid for a named group CLI Example:

salt '*' group.chgid foo 4376 salt.modules.groupadd.delete(name) Remove the named group CLI Example:

salt '*' group.delete foo salt.modules.groupadd.deluser(name, username) Remove a user from the group. CLI Example:

salt '*' group.deluser foo bar

Removes a member user `bar' from a group `foo'. If group is not present then returns True.

22.16. Full list of builtin execution modules 613 Salt Documentation, Release 2014.7.6 salt.modules.groupadd.getent(refresh=False) Return info on all groups CLI Example:

salt '*' group.getent salt.modules.groupadd.info(name) Return information about a group CLI Example:

salt '*' group.info foo salt.modules.groupadd.members(name, members_list) Replaces members of the group with a provided list. CLI Example: salt `*' group.members foo `user1,user2,user3,…'

Replaces a membership list for a local group `foo'. foo:x:1234:user1,user2,user3,…

22.16.72 salt.modules.grub_legacy

Support for GRUB Legacy salt.modules.grub_legacy.conf() Parse GRUB conf ﬁle CLI Example:

salt '*' grub.conf salt.modules.grub_legacy.version() Return server version from grub --version CLI Example:

salt '*' grub.version

22.16.73 salt.modules.guestfs

Interact with virtual machine images via libguestfs depends • libguestfs salt.modules.guestfs.mount(location, access='rw') Mount an image CLI Example:

salt '*' guest.mount /srv/images/fedora.qcow

614 Chapter 22. Reference Salt Documentation, Release 2014.7.6

22.16.74 salt.modules.hadoop

Support for hadoop maintainer Yann Jouanin maturity new depends platform linux salt.modules.hadoop.dfs(command=None, *args) Execute a command on DFS CLI Example:

salt '*' hadoop.dfs ls / salt.modules.hadoop.dfs_absent(path) Check if a ﬁle or directory is absent on the distributed FS. CLI Example:

salt '*' hadoop.dfs_absent /some_random_file

Returns True if the ﬁle is absent salt.modules.hadoop.dfs_present(path) Check if a ﬁle or directory is present on the distributed FS. CLI Example:

salt '*' hadoop.dfs_present /some_random_file

Returns True if the ﬁle is present salt.modules.hadoop.namenode_format(force=None) Format a name node

salt '*' hadoop.namenode_format force=True salt.modules.hadoop.version() Return version from hadoop version CLI Example:

salt '*' hadoop.version

22.16.75 salt.modules.haproxyconn

Support for haproxy New in version 2014.7.0. salt.modules.haproxyconn.disable_server(name, backend, socket='/var/run/haproxy.sock') Disable server in haproxy. name Server to disable baend haproxy backend soet haproxy stats socket

22.16. Full list of builtin execution modules 615 Salt Documentation, Release 2014.7.6

salt '*' haproxy.disable_server db1.example.com mysql salt.modules.haproxyconn.enable_server(name, backend, socket='/var/run/haproxy.sock') Enable Server in haproxy name Server to enable baend haproxy backend soet haproxy stats socket

salt '*' haproxy.enable_server web1.example.com www salt.modules.haproxyconn.get_weight(name, backend, socket='/var/run/haproxy.sock') Get server weight name Server name baend haproxy backend soet haproxy stats socket

salt '*' haproxy.get_weight web1.example.com www salt.modules.haproxyconn.list_servers(backend, socket='/var/run/haproxy.sock') List servers in haproxy backend. baend haproxy backend soet haproxy stats socket

salt '*' haproxy.list_servers mysql salt.modules.haproxyconn.set_weight(name, backend, weight=0, socket='/var/run/haproxy.sock') Set server weight name Server name baend haproxy backend weight Server Weight soet haproxy stats socket

salt '*' haproxy.set_weight web1.example.com www 13 salt.modules.haproxyconn.show_backends(socket='/var/run/haproxy.sock') Show HaProxy Backends soet haproxy stats socket

salt '*' haproxy.show_backends salt.modules.haproxyconn.show_frontends(socket='/var/run/haproxy.sock') Show HaProxy frontends soet haproxy stats socket

salt '*' haproxy.show_frontends

616 Chapter 22. Reference Salt Documentation, Release 2014.7.6

22.16.76 salt.modules.hashutil

A collection of hashing and encoding functions salt.modules.hashutil.base64_decodestring(instr) Decode a base64-encoded string New in version 2014.7.0. CLI Example:

salt '*' hashutil.base64_decodestring 'Z2V0IHNhbHRlZA==

` salt.modules.hashutil.base64_encodestring(instr) Encode a string as base64 New in version 2014.7.0. CLI Example:

salt '*' hashutil.base64_encodestring 'get salted' salt.modules.hashutil.hmac_signature(string, shared_secret, challenge_hmac) Verify a challenging hmac signature against a string / shared-secret New in version 2014.7.0. Returns a boolean if the veriﬁcation succeeded or failed. CLI Example:

salt '*' hashutil.hmac_signature 'get salted' 'shared secret' 'NS2BvKxFRk+rndAlFbCYIFNVkPtI/3KiIYQw4okNKU8=' salt.modules.hashutil.md5_digest(instr) Generate an md5 hash of a given string New in version 2014.7.0. CLI Example:

salt '*' hashutil.md5_digest 'get salted' salt.modules.hashutil.sha256_digest(instr) Generate an sha256 hash of a given string New in version 2014.7.0. CLI Example:

salt '*' hashutil.sha256_digest 'get salted' salt.modules.hashutil.sha512_digest(instr) Generate an sha512 hash of a given string New in version 2014.7.0. CLI Example:

salt '*' hashutil.sha512_digest 'get salted'

22.16. Full list of builtin execution modules 617 Salt Documentation, Release 2014.7.6

22.16.77 salt.modules.hg

Support for the Mercurial SCM salt.modules.hg.archive(cwd, output, rev='tip', fmt=None, preﬁx=None, user=None) Export a tarball from the repository cwd e path to the Mercurial repository output e path to the archive tarball rev: tip e revision to create an archive from fmt: None Format of the resulting archive. Mercurial supports: tar, tbz2, tgz, zip, uzip, and ﬁles formats. preﬁx [None] Prepend

/ to every ﬁlename in the archive user [None] Run hg as a user other than what the minion runs as If prefix is not speciﬁed it defaults to the basename of the repo directory. CLI Example: salt '*' hg.archive /path/to/repo output=/tmp/archive.tgz fmt=tgz salt.modules.hg.clone(cwd, repository, opts=None, user=None) Clone a new repository cwd e path to the Mercurial repository repository e hg URI of the repository opts [None] Any additional options to add to the command line user [None] Run hg as a user other than what the minion runs as CLI Example:
 salt '*' hg.clone /path/to/repo https://bitbucket.org/birkenfeld/sphinx salt.modules.hg.describe(cwd, rev='tip', user=None) Mimic git describe and return an identiﬁer for the given revision cwd e path to the Mercurial repository rev: tip e path to the archive tarball user [None] Run hg as a user other than what the minion runs as CLI Example:
 salt '*' hg.describe /path/to/repo salt.modules.hg.pull(cwd, opts=None, user=None) Perform a pull on the given repository cwd e path to the Mercurial repository opts [None] Any additional options to add to the command line user [None] Run hg as a user other than what the minion runs as CLI Example:
 salt '*' hg.pull /path/to/repo opts=-u
618 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.hg.revision(cwd, rev='tip', short=False, user=None) Returns the long hash of a given identiﬁer (hash, branch, tag, HEAD, etc) cwd e path to the Mercurial repository rev: tip e revision short: False Return an abbreviated commit hash user [None] Run hg as a user other than what the minion runs as CLI Example:
 salt '*' hg.revision /path/to/repo mybranch salt.modules.hg.update(cwd, rev, force=False, user=None) Update to a given revision cwd e path to the Mercurial repository rev e revision to update to force [False] Force an update user [None] Run hg as a user other than what the minion runs as CLI Example:
 salt devserver1 hg.update /path/to/repo somebranch
22.16.78 salt.modules.hosts
Manage the information in the hosts ﬁle salt.modules.hosts.add_host(ip, alias) Add a host to an existing entry, if the entry is not in place then create it with the given host CLI Example:
 salt '*' hosts.add_host   salt.modules.hosts.get_alias(ip) Return the list of aliases associated with an ip CLI Example:
 salt '*' hosts.get_alias  salt.modules.hosts.get_ip(host) Return the ip associated with the named host CLI Example:
 salt '*' hosts.get_ip  salt.modules.hosts.has_pair(ip, alias) Return true if the alias is set CLI Example:
 salt '*' hosts.has_pair  
22.16. Full list of builtin execution modules 619 Salt Documentation, Release 2014.7.6 salt.modules.hosts.list_hosts() Return the hosts found in the hosts ﬁle in this format:
{'':['alias1', 'alias2', ...]}
CLI Example:
 salt '*' hosts.list_hosts salt.modules.hosts.rm_host(ip, alias) Remove a host entry from the hosts ﬁle CLI Example:
 salt '*' hosts.rm_host   salt.modules.hosts.set_host(ip, alias) Set the host entry in the hosts ﬁle for the given ip, this will overwrite any previous entry for the given ip CLI Example:
 salt '*' hosts.set_host  
22.16.79 salt.modules.htpasswd
Support for htpasswd command New in version 2014.1.0. e functions here will load inside the webutil module. is allows other functions that don't use htpasswd to use the webutil module name. salt.modules.htpasswd.useradd(pwﬁle, user, password, opts='`) Add an HTTP user using the htpasswd command. If the htpasswd ﬁle does not exist, it will be created. Valid options that can be passed are: n Don't update ﬁle; display results on stdout. m Force MD5 encryption of the password (default). d Force CRYPT encryption of the password. p Do not encrypt the password (plaintext). s Force SHA encryption of the password. CLI Examples:
 salt '*' webutil.useradd /etc/httpd/htpasswd larry badpassword salt '*' webutil.useradd /etc/httpd/htpasswd larry badpass opts=ns salt.modules.htpasswd.useradd_all(pwﬁle, user, password, opts='`) Add an HTTP user using the htpasswd command. If the htpasswd ﬁle does not exist, it will be created. Valid options that can be passed are: n Don't update ﬁle; display results on stdout. m Force MD5 encryption of the password (default). d Force CRYPT encryption of the password. p Do not encrypt the password (plaintext). s Force SHA encryption of the password. CLI Examples:
 salt '*' webutil.useradd /etc/httpd/htpasswd larry badpassword salt '*' webutil.useradd /etc/httpd/htpasswd larry badpass opts=ns salt.modules.htpasswd.userdel(pwﬁle, user) Delete an HTTP user from the speciﬁed htpasswd ﬁle.
620 Chapter 22. Reference Salt Documentation, Release 2014.7.6
CLI Examples:
 salt '*' webutil.userdel /etc/httpd/htpasswd larry
22.16.80 salt.modules.img
Virtual machine image management tools salt.modules.img.bootstrap(location, size, fmt) HIGHLY EXPERIMENTAL Bootstrap a virtual machine image location: e location to create the image size: e size of the image to create in megabytes fmt: e image format, raw or qcow2 CLI Example:
 salt '*' img.bootstrap /srv/salt-images/host.qcow 4096 qcow2 salt.modules.img.mount_image(location) Mount the named image and return the mount point CLI Example:
 salt '*' img.mount_image /tmp/foo salt.modules.img.umount_image(mnt) Unmount an image mountpoint CLI Example:
 salt '*' img.umount_image /mnt/foo
22.16.81 salt.modules.incron
Work with incron salt.modules.incron.list_tab(user) Return the contents of the speciﬁed user's incrontab CLI Example:
 salt '*' incron.list_tab root salt.modules.incron.ls(user) Return the contents of the speciﬁed user's incrontab CLI Example:
 salt '*' incron.list_tab root salt.modules.incron.raw_incron(user) Return the contents of the user's incrontab CLI Example:
 salt '*' incron.raw_cron root
22.16. Full list of builtin execution modules 621 Salt Documentation, Release 2014.7.6 salt.modules.incron.raw_system_incron() Return the contents of the system wide incrontab CLI Example:
 salt '*' incron.raw_system_cron salt.modules.incron.rm(user, path, mask, cmd) Remove a cron job for a speciﬁed user. If any of the day/time params are speciﬁed, the job will only be removed if the speciﬁed params match. CLI Example:
 salt '*' incron.rm_job root /path salt.modules.incron.rm_job(user, path, mask, cmd) Remove a cron job for a speciﬁed user. If any of the day/time params are speciﬁed, the job will only be removed if the speciﬁed params match. CLI Example:
 salt '*' incron.rm_job root /path salt.modules.incron.set_job(user, path, mask, cmd) Sets a cron job up for a speciﬁed user. CLI Example:
 salt '*' incron.set_job root '/root' 'IN_MODIFY' 'echo "$$ $@ $# $% $&"' salt.modules.incron.write_cron_file_verbose(user, path) Writes the contents of a ﬁle to a user's crontab and return error message on error CLI Example:
 salt '*' incron.write_incron_file_verbose root /tmp/new_cron salt.modules.incron.write_incron_file(user, path) Writes the contents of a ﬁle to a user's crontab CLI Example:
 salt '*' incron.write_cron_file root /tmp/new_cron
22.16.82 salt.modules.influx
InﬂuxDB - A distributed time series database Module to provide InﬂuxDB compatibility to Salt (compatible with InﬂuxDB version 0.5+) New in version 2014.7.0. depends • inﬂuxdb Python module conﬁguration is module accepts connection conﬁguration details either as parameters or as conﬁg- uration seings in /etc/salt/minion on the relevant minions:
622 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 influxdb.host: 'localhost' influxdb.port: 8086 influxdb.user: 'root' influxdb.password: 'root'
is data can also be passed into pillar. Options passed into opts will overwrite options passed into pillar. salt.modules.influx.db_create(name, user=None, password=None, host=None, port=None) Create a database name Database name to create user e user to connect as password e password of the user host e host to connect to port e port to connect to CLI Example:
 salt '*' influxdb.db_create  salt '*' influxdb.db_create      salt.modules.influx.db_exists(name, user=None, password=None, host=None, port=None) Checks if a database exists in InﬂuxDB name Database name to create user e user to connect as password e password of the user host e host to connect to port e port to connect to CLI Example:
 salt '*' influxdb.db_exists  salt '*' influxdb.db_exists      salt.modules.influx.db_list(user=None, password=None, host=None, port=None) List all InﬂuxDB databases user e user to connect as password e password of the user host e host to connect to port e port to connect to CLI Example:
 salt '*' influxdb.db_list salt '*' influxdb.db_list     salt.modules.influx.db_remove(name, user=None, password=None, host=None, port=None) Remove a database name Database name to remove user e user to connect as
22.16. Full list of builtin execution modules 623 Salt Documentation, Release 2014.7.6
 password e password of the user host e host to connect to port e port to connect to CLI Example:
 salt '*' influxdb.db_remove  salt '*' influxdb.db_remove      salt.modules.influx.query(database, query, time_precision='s', chunked=False, user=None, pass- word=None, host=None, port=None) erying data database e database to query query ery to be executed time_precision Time precision to use (`s', `m', or `u') unked Whether is chunked or not user e user to connect as password e password of the user host e host to connect to port e port to connect to CLI Example:
 salt '*' influxdb.query   salt '*' influxdb.query         salt.modules.influx.user_chpass(name, passwd, database=None, user=None, password=None, host=None, port=None) Change password for a cluster admin or a database user. If a database is speciﬁed: it will update database user password. If a database is not speciﬁed: it will update cluster admin password. name User name for whom to change the password passwd New password database e database on which to operate user e user to connect as password e password of the user host e host to connect to port e port to connect to CLI Example:
 salt '*' influxdb.user_chpass   salt '*' influxdb.user_chpass    salt '*' influxdb.user_chpass        salt.modules.influx.user_create(name, passwd, database=None, user=None, password=None, host=None, port=None) Create a cluster admin or a database user.
624 Chapter 22. Reference Salt Documentation, Release 2014.7.6
If a database is speciﬁed: it will create database user. If a database is not speciﬁed: it will create a cluster admin. name User name for the new user to create passwd Password for the new user to create database e database to create the user in user e user to connect as password e password of the user host e host to connect to port e port to connect to CLI Example:
 salt '*' influxdb.user_create   salt '*' influxdb.user_create    salt '*' influxdb.user_create        salt.modules.influx.user_exists(name, database=None, user=None, password=None, host=None, port=None) Checks if a cluster admin or database user exists. If a database is speciﬁed: it will check for database user existence. If a database is not speciﬁed: it will check for cluster admin existence. name User name database e database to check for the user to exist user e user to connect as password e password of the user host e host to connect to port e port to connect to CLI Example:
 salt '*' influxdb.user_exists  salt '*' influxdb.user_exists   salt '*' influxdb.user_exists       salt.modules.influx.user_list(database=None, user=None, password=None, host=None, port=None) List cluster admins or database users. If a database is speciﬁed: it will return database users list. If a database is not speciﬁed: it will return cluster admins list. database e database to list the users from user e user to connect as password e password of the user host e host to connect to port e port to connect to CLI Example:
22.16. Full list of builtin execution modules 625 Salt Documentation, Release 2014.7.6
 salt '*' influxdb.user_list salt '*' influxdb.user_list  salt '*' influxdb.user_list      salt.modules.influx.user_remove(name, database=None, user=None, password=None, host=None, port=None) Remove a cluster admin or a database user. If a database is speciﬁed: it will remove the database user. If a database is not speciﬁed: it will remove the cluster admin. name User name to remove database e database to remove the user from user User name for the new user to delete user e user to connect as password e password of the user host e host to connect to port e port to connect to CLI Example:
 salt '*' influxdb.user_remove  salt '*' influxdb.user_remove   salt '*' influxdb.user_remove      
22.16.83 salt.modules.ini_manage
Edit ini ﬁles maintainer  maturity new depends re platform all Use section as DEFAULT_IMPLICIT if your ini ﬁle does not have any section (for example /etc/sysctl.con) salt.modules.ini_manage.get_option(ﬁle_name, section, option) Get value of a key from a section in an ini ﬁle. Returns None if no matching key was found. API Example:
 import salt sc = salt.client.get_local_client() sc.cmd('target', 'ini.get_option', [path_to_ini_file, section_name, option])
CLI Example:
 salt '*' ini.get_option /path/to/ini section_name option_name salt.modules.ini_manage.get_section(ﬁle_name, section) Retrieve a section from an ini ﬁle. Returns the section as dictionary. If the section is not found, an empty dictionary is returned.
626 Chapter 22. Reference Salt Documentation, Release 2014.7.6
API Example:
 import salt sc = salt.client.get_local_client() sc.cmd('target', 'ini.get_section', [path_to_ini_file, section_name])
CLI Example:
 salt '*' ini.get_section /path/to/ini section_name salt.modules.ini_manage.remove_option(ﬁle_name, section, option) Remove a key/value pair from a section in an ini ﬁle. Returns the value of the removed key, or None if nothing was removed. API Example:
 import salt sc = salt.client.get_local_client() sc.cmd('target', 'ini.remove_option', [path_to_ini_file, section_name, option])
CLI Example:
 salt '*' ini.remove_option /path/to/ini section_name option_name salt.modules.ini_manage.remove_section(ﬁle_name, section) Remove a section in an ini ﬁle. Returns the removed section as dictionary, or None if nothing was removed. API Example:
 import salt sc = salt.client.get_local_client() sc.cmd('target', 'ini.remove_section', [path_to_ini_file, section_name])
CLI Example:
 salt '*' ini.remove_section /path/to/ini section_name salt.modules.ini_manage.set_option(ﬁle_name, sections=None, summary=True) Edit an ini ﬁle, replacing one or more sections. Returns a dictionary containing the changes made. ﬁle_name path of ini_ﬁle sections [None] A dictionary representing the sections to be edited ini ﬁle Set summary=False if return data need not have previous option value API Example:
 import salt sc = salt.client.get_local_client() sc.cmd('target', 'ini.set_option', ['path_to_ini_file', '{"section_to_change":{"key": "value"}}'])
CLI Example:
 salt '*' ini.set_option /path/to/ini '{section_foo: {key: value}}'
22.16. Full list of builtin execution modules 627 Salt Documentation, Release 2014.7.6
22.16.84 salt.modules.introspect
Functions to perform introspection on a minion, and return data in a format usable by Salt States salt.modules.introspect.enabled_service_owners() Return which packages own each of the services that are currently enabled. CLI Example: salt myminion introspect.enabled_service_owners salt.modules.introspect.running_service_owners(exclude=(`/dev', `/home', `/media', `/proc', `/run', `/sys/', `/tmp', `/var')) Determine which packages own the currently running services. By default, excludes ﬁles whose full path starts with /dev, /home, /media, /proc, /run, /sys, /tmp and /var. is can be overridden by passing in a new list to exclude. CLI Example: salt myminion introspect.running_service_owners salt.modules.introspect.service_highstate(requires=True) Return running and enabled services in a highstate structure. By default also returns package dependencies for those services, which means that package deﬁnitions must be created outside this function. To drop the package dependencies, set requires to False. CLI Example: salt myminion introspect.service_highstate salt myminion introspect.service_highstate re- quires=False
22.16.85 salt.modules.ipset
Support for ipset salt.modules.ipset.add(set=None, entry=None, family='ipv4', **kwargs) Append an entry to the speciﬁed set. CLI Example:
 salt '*' ipset.add setname 192.168.1.26
 salt '*' ipset.add setname 192.168.0.3,AA:BB:CC:DD:EE:FF salt.modules.ipset.check(set=None, entry=None, family='ipv4') Check that an entry exists in the speciﬁed set. CLI Example:
 salt '*' ipset.check setname '192.168.0.1 comment "Hello"' salt.modules.ipset.check_set(set=None, family='ipv4') New in version 2014.7.0. Check that given ipset set exists. CLI Example:
 salt '*' ipset.check_set setname
628 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.ipset.delete(set=None, entry=None, family='ipv4', **kwargs) Delete an entry from the speciﬁed set. CLI Example:
 salt '*' ipset.delete setname 192.168.0.3,AA:BB:CC:DD:EE:FF salt.modules.ipset.delete_set(set=None, family='ipv4') New in version 2014.7.0. Delete ipset set. CLI Example:
 salt '*' ipset.delete_set custom_set
IPv6: salt '*' ipset.delete_set custom_set family=ipv6 salt.modules.ipset.flush(set=None, family='ipv4') Flush entries in the speciﬁed set, Flush all sets if set is not speciﬁed. CLI Example:
 salt '*' ipset.flush
 salt '*' ipset.flush set
IPv6: salt '*' ipset.flush
 salt '*' ipset.flush set salt.modules.ipset.list_sets(family='ipv4') New in version 2014.7.0. List all ipset sets. CLI Example:
 salt '*' ipset.list_sets salt.modules.ipset.new_set(set=None, set_type=None, family='ipv4', comment=False, **kwargs) New in version 2014.7.0. Create new custom set CLI Example:
 salt '*' ipset.new_set custom_set list:set
 salt '*' ipset.new_set custom_set list:set comment=True
IPv6: salt '*' ipset.new_set custom_set list:set family=ipv6 salt.modules.ipset.rename_set(set=None, new_set=None, family='ipv4') New in version 2014.7.0. Delete ipset set. CLI Example:
22.16. Full list of builtin execution modules 629 Salt Documentation, Release 2014.7.6
 salt '*' ipset.rename_set custom_set new_set=new_set_name
IPv6: salt '*' ipset.rename_set custom_set new_set=new_set_name family=ipv6 salt.modules.ipset.test(set=None, entry=None, family='ipv4', **kwargs) Test if an entry is in the speciﬁed set. CLI Example:
 salt '*' ipset.test setname 192.168.0.2
IPv6: salt '*' ipset.test setname fd81:fc56:9ac7::/48 salt.modules.ipset.version() Return version from ipset --version CLI Example:
 salt '*' ipset.version
22.16.86 salt.modules.iptables
Support for iptables salt.modules.iptables.append(table='ﬁlter', chain=None, rule=None, family='ipv4') Append a rule to the speciﬁed table/chain. is function accepts a rule in a standard iptables command format, starting with the chain. Trying to force users to adapt to a new method of creating rules would be irritating at best, and we already have a parser that can handle it. CLI Example:
 salt '*' iptables.append filter INPUT \ rule='-m state --state RELATED,ESTABLISHED -j ACCEPT'
IPv6: salt '*' iptables.append filter INPUT \ rule='-m state --state RELATED,ESTABLISHED -j ACCEPT' \ family=ipv6 salt.modules.iptables.build_rule(table=None, chain=None, command=None, position='`, full=None, family='ipv4', **kwargs) Build a well-formaed iptables rule based on kwargs. Long options must be used (--jump instead of -j) because they will have the -- added to them. A table and chain are not required, unless full is True. If full is True, then table, chain and command are required. command may be speciﬁed as either a short option (`I') or a long option (--insert). is will return the iptables command, exactly as it would be used from the command line. If a position is required (as with -I or -D), it may be speciﬁed as position. is will only be useful if full is True. If connstate is passed in, it will automatically be changed to state. CLI Examples:
630 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' iptables.build_rule match=state \ connstate=RELATED,ESTABLISHED jump=ACCEPT
 salt '*' iptables.build_rule filter INPUT command=I position=3 \ full=True match=state state=RELATED,ESTABLISHED jump=ACCEPT
 salt '*' iptables.build_rule filter INPUT command=A \ full=True match=state state=RELATED,ESTABLISHED \ source='127.0.0.1' jump=ACCEPT
.. Invert Rules salt '*' iptables.build_rule filter INPUT command=A \ full=True match=state state=RELATED,ESTABLISHED \ source='! 127.0.0.1' jump=ACCEPT
 salt '*' iptables.build_rule filter INPUT command=A \ full=True match=state state=RELATED,ESTABLISHED \ destination='not 127.0.0.1' jump=ACCEPT
IPv6: salt '*' iptables.build_rule match=state \ connstate=RELATED,ESTABLISHED jump=ACCEPT \ family=ipv6 salt '*' iptables.build_rule filter INPUT command=I position=3 \ full=True match=state state=RELATED,ESTABLISHED jump=ACCEPT \ family=ipv6 salt.modules.iptables.check(table='ﬁlter', chain=None, rule=None, family='ipv4') Check for the existence of a rule in the table and chain is function accepts a rule in a standard iptables command format, starting with the chain. Trying to force users to adapt to a new method of creating rules would be irritating at best, and we already have a parser that can handle it. CLI Example:
 salt '*' iptables.check filter INPUT \ rule='-m state --state RELATED,ESTABLISHED -j ACCEPT'
IPv6: salt '*' iptables.check filter INPUT \ rule='-m state --state RELATED,ESTABLISHED -j ACCEPT' \ family=ipv6 salt.modules.iptables.check_chain(table='ﬁlter', chain=None, family='ipv4') New in version 2014.1.0. Check for the existence of a chain in the table CLI Example:
 salt '*' iptables.check_chain filter INPUT
IPv6: salt '*' iptables.check_chain filter INPUT family=ipv6 salt.modules.iptables.delete(table, chain=None, position=None, rule=None, family='ipv4') Delete a rule from the speciﬁed table/ain, specifying either the rule in its entirety, or the rule's position in the chain.
22.16. Full list of builtin execution modules 631 Salt Documentation, Release 2014.7.6
is function accepts a rule in a standard iptables command format, starting with the chain. Trying to force users to adapt to a new method of creating rules would be irritating at best, and we already have a parser that can handle it. CLI Examples:
 salt '*' iptables.delete filter INPUT position=3 salt '*' iptables.delete filter INPUT \ rule='-m state --state RELATED,ESTABLISHED -j ACCEPT'
IPv6: salt '*' iptables.delete filter INPUT position=3 family=ipv6 salt '*' iptables.delete filter INPUT \ rule='-m state --state RELATED,ESTABLISHED -j ACCEPT' \ family=ipv6 salt.modules.iptables.delete_chain(table='ﬁlter', chain=None, family='ipv4') New in version 2014.1.0. Delete custom chain to the speciﬁed table. CLI Example:
 salt '*' iptables.delete_chain filter CUSTOM_CHAIN
IPv6: salt '*' iptables.delete_chain filter CUSTOM_CHAIN family=ipv6 salt.modules.iptables.flush(table='ﬁlter', chain='`, family='ipv4') Flush the chain in the speciﬁed table, ﬂush all chains in the speciﬁed table if not speciﬁed chain. CLI Example:
 salt '*' iptables.flush filter INPUT
IPv6: salt '*' iptables.flush filter INPUT family=ipv6 salt.modules.iptables.get_policy(table='ﬁlter', chain=None, family='ipv4') Return the current policy for the speciﬁed table/chain CLI Example:
 salt '*' iptables.get_policy filter INPUT
IPv6: salt '*' iptables.get_policy filter INPUT family=ipv6 salt.modules.iptables.get_rules(family='ipv4') Return a data structure of the current, in-memory rules CLI Example:
 salt '*' iptables.get_rules
IPv6: salt '*' iptables.get_rules family=ipv6 salt.modules.iptables.get_saved_policy(table='ﬁlter', chain=None, conf_ﬁle=None, fam- ily='ipv4') Return the current policy for the speciﬁed table/chain
632 Chapter 22. Reference Salt Documentation, Release 2014.7.6
CLI Examples:
 salt '*' iptables.get_saved_policy filter INPUT salt '*' iptables.get_saved_policy filter INPUT \ conf_file=/etc/iptables.saved
IPv6: salt '*' iptables.get_saved_policy filter INPUT family=ipv6 salt '*' iptables.get_saved_policy filter INPUT \ conf_file=/etc/iptables.saved family=ipv6 salt.modules.iptables.get_saved_rules(conf_ﬁle=None, family='ipv4') Return a data structure of the rules in the conf ﬁle CLI Example:
 salt '*' iptables.get_saved_rules
IPv6: salt '*' iptables.get_saved_rules family=ipv6 salt.modules.iptables.insert(table='ﬁlter', chain=None, position=None, rule=None, family='ipv4') Insert a rule into the speciﬁed table/chain, at the speciﬁed position. is function accepts a rule in a standard iptables command format, starting with the chain. Trying to force users to adapt to a new method of creating rules would be irritating at best, and we already have a parser that can handle it. If the position speciﬁed is a negative number, then the insert will be performed counting from the end of the list. For instance, a position of -1 will insert the rule as the second to last rule. To insert a rule in the last position, use the append function instead. CLI Examples:
 salt '*' iptables.insert filter INPUT position=3 \ rule='-m state --state RELATED,ESTABLISHED -j ACCEPT'
IPv6: salt '*' iptables.insert filter INPUT position=3 \ rule='-m state --state RELATED,ESTABLISHED -j ACCEPT' \ family=ipv6 salt.modules.iptables.new_chain(table='ﬁlter', chain=None, family='ipv4') New in version 2014.1.0. Create new custom chain to the speciﬁed table. CLI Example:
 salt '*' iptables.new_chain filter CUSTOM_CHAIN
IPv6: salt '*' iptables.new_chain filter CUSTOM_CHAIN family=ipv6 salt.modules.iptables.save(ﬁlename=None, family='ipv4') Save the current in-memory rules to disk CLI Example:
 salt '*' iptables.save /etc/sysconfig/iptables
22.16. Full list of builtin execution modules 633 Salt Documentation, Release 2014.7.6
IPv6: salt '*' iptables.save /etc/sysconfig/iptables family=ipv6 salt.modules.iptables.set_policy(table='ﬁlter', chain=None, policy=None, family='ipv4') Set the current policy for the speciﬁed table/chain CLI Example:
 salt '*' iptables.set_policy filter INPUT ACCEPT
IPv6: salt '*' iptables.set_policy filter INPUT ACCEPT family=ipv6 salt.modules.iptables.version(family='ipv4') Return version from iptables --version CLI Example:
 salt '*' iptables.version
IPv6: salt '*' iptables.version family=ipv6
22.16.87 salt.modules.junos
Module for interfacing to Junos devices ALPHA QUALITY code. salt.modules.junos.commit() salt.modules.junos.diff() salt.modules.junos.facts_refresh() Reload the facts dictionary from the device. Usually only needed if the device conﬁguration is changed by some other actor. salt.modules.junos.ping() salt.modules.junos.rollback() salt.modules.junos.set_hostname(hostname=None, commit_change=True)
22.16.88 salt.modules.key
Functions to view the minion's public key information salt.modules.key.finger() Return the minion's public key ﬁngerprint CLI Example:
 salt '*' key.finger salt.modules.key.finger_master() Return the ﬁngerprint of the master's public key on the minion. CLI Example:
634 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' key.finger_master
22.16.89 salt.modules.keyboard
Module for managing keyboards on supported POSIX-like systems using systemd, or such as Redhat, Debian and Gentoo. salt.modules.keyboard.get_sys() Get current system keyboard seing CLI Example:
 salt '*' keyboard.get_sys salt.modules.keyboard.get_x() Get current X keyboard seing CLI Example:
 salt '*' keyboard.get_x salt.modules.keyboard.set_sys(layout) Set current system keyboard seing CLI Example:
 salt '*' keyboard.set_sys dvorak salt.modules.keyboard.set_x(layout) Set current X keyboard seing CLI Example:
 salt '*' keyboard.set_x dvorak
22.16.90 salt.modules.keystone
Module for handling openstack keystone calls. optdepends • keystoneclient Python adapter conﬁguration is module is not usable until the following are speciﬁed either in a pillar or in the minion's conﬁg ﬁle:
 keystone.user: admin keystone.password: verybadpass keystone.tenant: admin keystone.tenant_id: f80919baedab48ec8931f200c65a50df keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'
OR (for token based authentication)
 keystone.token: 'ADMIN' keystone.endpoint: 'http://127.0.0.1:35357/v2.0'
22.16. Full list of builtin execution modules 635 Salt Documentation, Release 2014.7.6
If conﬁguration for multiple openstack accounts is required, they can be set up as diﬀerent conﬁg- uration proﬁles: For example:
 openstack1: keystone.user: admin keystone.password: verybadpass keystone.tenant: admin keystone.tenant_id: f80919baedab48ec8931f200c65a50df keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'
 openstack2: keystone.user: admin keystone.password: verybadpass keystone.tenant: admin keystone.tenant_id: f80919baedab48ec8931f200c65a50df keystone.auth_url: 'http://127.0.0.2:5000/v2.0/'
With this conﬁguration in place, any of the keystone functions can make use of a conﬁguration proﬁle by declaring it explicitly. For example:
 salt '*' keystone.tenant_list profile=openstack1 salt.modules.keystone.auth(proﬁle=None, **connection_args) Set up keystone credentials Only intended to be used within Keystone-enabled modules salt.modules.keystone.ec2_credentials_create(user_id=None, name=None, ten- ant_id=None, tenant=None, proﬁle=None, **connection_args) Create EC2-compatible credentials for user per tenant CLI Examples:
 salt '*' keystone.ec2_credentials_create name=admin tenant=admin salt '*' keystone.ec2_credentials_create user_id=c965f79c4f864eaaa9c3b41904e67082 tenant_id=722787eb540849158668370dc627ec5f salt.modules.keystone.ec2_credentials_delete(user_id=None, name=None, ac- cess_key=None, proﬁle=None, **connec- tion_args) Delete EC2-compatible credentials CLI Examples:
 salt '*' keystone.ec2_credentials_delete 860f8c2c38ca4fab989f9bc56a061a64 access_key=5f66d2f24f604b8bb9cd28886106f442 salt '*' keystone.ec2_credentials_delete name=admin access_key=5f66d2f24f604b8bb9cd28886106f442 salt.modules.keystone.ec2_credentials_get(user_id=None, name=None, access=None, pro- ﬁle=None, **connection_args) Return ec2_credentials for a user (keystone ec2-credentials-get) CLI Examples:
 salt '*' keystone.ec2_credentials_get c965f79c4f864eaaa9c3b41904e67082 access=722787eb540849158668370dc627ec5f salt '*' keystone.ec2_credentials_get user_id=c965f79c4f864eaaa9c3b41904e67082 access=722787eb540849158668370dc627ec5f salt '*' keystone.ec2_credentials_get name=nova access=722787eb540849158668370dc627ec5f salt.modules.keystone.ec2_credentials_list(user_id=None, name=None, proﬁle=None, **connection_args) Return a list of ec2_credentials for a speciﬁc user (keystone ec2-credentials-list)
636 Chapter 22. Reference Salt Documentation, Release 2014.7.6
CLI Examples:
 salt '*' keystone.ec2_credentials_list 298ce377245c4ec9b70e1c639c89e654 salt '*' keystone.ec2_credentials_list user_id=298ce377245c4ec9b70e1c639c89e654 salt '*' keystone.ec2_credentials_list name=jack salt.modules.keystone.endpoint_create(service, publicurl=None, internalurl=None, admin- url=None, region=None, proﬁle=None, **connec- tion_args) Create an endpoint for an Openstack service CLI Examples:
 salt '*' keystone.endpoint_create nova 'http://public/url' 'http://internal/url' 'http://adminurl/url' region salt.modules.keystone.endpoint_delete(service, proﬁle=None, **connection_args) Delete endpoints of an Openstack service CLI Examples:
 salt '*' keystone.endpoint_delete nova salt.modules.keystone.endpoint_get(service, proﬁle=None, **connection_args) Return a speciﬁc endpoint (keystone endpoint-get) CLI Example:
 salt '*' keystone.endpoint_get nova salt.modules.keystone.endpoint_list(proﬁle=None, **connection_args) Return a list of available endpoints (keystone endpoints-list) CLI Example:
 salt '*' keystone.endpoint_list salt.modules.keystone.role_create(name, proﬁle=None, **connection_args) Create named role
 salt '*' keystone.role_create admin salt.modules.keystone.role_delete(role_id=None, name=None, proﬁle=None, **connec- tion_args) Delete a role (keystone role-delete) CLI Examples:
 salt '*' keystone.role_delete c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.role_delete role_id=c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.role_delete name=admin salt.modules.keystone.role_get(role_id=None, name=None, proﬁle=None, **connection_args) Return a speciﬁc roles (keystone role-get) CLI Examples:
 salt '*' keystone.role_get c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.role_get role_id=c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.role_get name=nova
22.16. Full list of builtin execution modules 637 Salt Documentation, Release 2014.7.6 salt.modules.keystone.role_list(proﬁle=None, **connection_args) Return a list of available roles (keystone role-list) CLI Example: salt '*' keystone.role_list salt.modules.keystone.service_create(name, service_type, description=None, proﬁle=None, **connection_args) Add service to Keystone service catalog CLI Examples: salt '*' keystone.service_create nova compute 'OpenStack Compute Service' salt.modules.keystone.service_delete(service_id=None, name=None, proﬁle=None, **connec- tion_args) Delete a service from Keystone service catalog CLI Examples: salt '*' keystone.service_delete c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.service_delete name=nova salt.modules.keystone.service_get(service_id=None, name=None, proﬁle=None, **connec- tion_args) Return a speciﬁc services (keystone service-get) CLI Examples: salt '*' keystone.service_get c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.service_get service_id=c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.service_get name=nova salt.modules.keystone.service_list(proﬁle=None, **connection_args) Return a list of available services (keystone services-list) CLI Example: salt '*' keystone.service_list salt.modules.keystone.tenant_create(name, description=None, enabled=True, proﬁle=None, **connection_args) Create a keystone tenant CLI Examples: salt '*' keystone.tenant_create nova description='nova tenant' salt '*' keystone.tenant_create test enabled=False salt.modules.keystone.tenant_delete(tenant_id=None, name=None, proﬁle=None, **connec- tion_args) Delete a tenant (keystone tenant-delete) CLI Examples: salt '*' keystone.tenant_delete c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.tenant_delete tenant_id=c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.tenant_delete name=demo salt.modules.keystone.tenant_get(tenant_id=None, name=None, proﬁle=None, **connec- tion_args) Return a speciﬁc tenants (keystone tenant-get)
638 Chapter 22. Reference Salt Documentation, Release 2014.7.6
CLI Examples:
 salt '*' keystone.tenant_get c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.tenant_get tenant_id=c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.tenant_get name=nova salt.modules.keystone.tenant_list(proﬁle=None, **connection_args) Return a list of available tenants (keystone tenants-list) CLI Example:
 salt '*' keystone.tenant_list salt.modules.keystone.tenant_update(tenant_id=None, name=None, description=None, en- abled=None, proﬁle=None, **connection_args) Update a tenant's information (keystone tenant-update) e following ﬁelds may be updated: name, email, enabled. Can only update name if targeting by ID CLI Examples:
 salt '*' keystone.tenant_update name=admin enabled=True salt '*' keystone.tenant_update c965f79c4f864eaaa9c3b41904e67082 name=admin [emailprotected] salt.modules.keystone.token_get(proﬁle=None, **connection_args) Return the conﬁgured tokens (keystone token-get) CLI Example:
 salt '*' keystone.token_get c965f79c4f864eaaa9c3b41904e67082 salt.modules.keystone.user_create(name, password, email, tenant_id=None, enabled=True, pro- ﬁle=None, **connection_args) Create a user (keystone user-create) CLI Examples:
 salt '*' keystone.user_create name=jack password=zero [emailprotected] tenant_id=a28a7b5a999a455f84b1f5210264375e enabled=True salt.modules.keystone.user_delete(user_id=None, name=None, proﬁle=None, **connec- tion_args) Delete a user (keystone user-delete) CLI Examples:
 salt '*' keystone.user_delete c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.user_delete user_id=c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.user_delete name=nova salt.modules.keystone.user_get(user_id=None, name=None, proﬁle=None, **connection_args) Return a speciﬁc users (keystone user-get) CLI Examples:
 salt '*' keystone.user_get c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.user_get user_id=c965f79c4f864eaaa9c3b41904e67082 salt '*' keystone.user_get name=nova salt.modules.keystone.user_list(proﬁle=None, **connection_args) Return a list of available users (keystone user-list) CLI Example:
22.16. Full list of builtin execution modules 639 Salt Documentation, Release 2014.7.6
 salt '*' keystone.user_list salt.modules.keystone.user_password_update(user_id=None, name=None, password=None, proﬁle=None, **connection_args) Update a user's password (keystone user-password-update) CLI Examples:
 salt '*' keystone.user_password_update c965f79c4f864eaaa9c3b41904e67082 password=12345 salt '*' keystone.user_password_update user_id=c965f79c4f864eaaa9c3b41904e67082 password=12345 salt '*' keystone.user_password_update name=nova password=12345 salt.modules.keystone.user_role_add(user_id=None, user=None, tenant_id=None, tenant=None, role_id=None, role=None, proﬁle=None, **connec- tion_args) Add role for user in tenant (keystone user-role-add) CLI Examples:
 salt '*' keystone.user_role_add user_id=298ce377245c4ec9b70e1c639c89e654 tenant_id=7167a092ece84bae8cead4bf9d15bb3b role_id=ce377245c4ec9b70e1c639c89e8cead4 salt '*' keystone.user_role_add user=admin tenant=admin role=admin salt.modules.keystone.user_role_list(user_id=None, tenant_id=None, user_name=None, ten- ant_name=None, proﬁle=None, **connection_args) Return a list of available user_roles (keystone user-roles-list) CLI Examples:
 salt '*' keystone.user_role_list user_id=298ce377245c4ec9b70e1c639c89e654 tenant_id=7167a092ece84bae8cead4bf9d15bb3b salt '*' keystone.user_role_list user_name=admin tenant_name=admin salt.modules.keystone.user_role_remove(user_id=None, user=None, tenant_id=None, ten- ant=None, role_id=None, role=None, proﬁle=None, **connection_args) Remove role for user in tenant (keystone user-role-remove) CLI Examples:
 salt '*' keystone.user_role_remove user_id=298ce377245c4ec9b70e1c639c89e654 tenant_id=7167a092ece84bae8cead4bf9d15bb3b role_id=ce377245c4ec9b70e1c639c89e8cead4 salt '*' keystone.user_role_remove user=admin tenant=admin role=admin salt.modules.keystone.user_update(user_id=None, name=None, email=None, enabled=None, ten- ant=None, proﬁle=None, **connection_args) Update a user's information (keystone user-update) e following ﬁelds may be updated: name, email, enabled, tenant. Because the name is one of the ﬁelds, a valid user id is required. CLI Examples:
 salt '*' keystone.user_update user_id=c965f79c4f864eaaa9c3b41904e67082 name=newname salt '*' keystone.user_update c965f79c4f864eaaa9c3b41904e67082 name=newname [emailprotected] salt.modules.keystone.user_verify_password(user_id=None, name=None, password=None, proﬁle=None, **connection_args) Verify a user's password CLI Examples:
 salt '*' keystone.user_verify_password name=test password=foobar salt '*' keystone.user_verify_password user_id=c965f79c4f864eaaa9c3b41904e67082 password=foobar
640 Chapter 22. Reference Salt Documentation, Release 2014.7.6
22.16.91 salt.modules.kmod
Module to manage Linux kernel modules salt.modules.kmod.available() Return a list of all available kernel modules CLI Example:
 salt '*' kmod.available salt.modules.kmod.check_available(mod) Check to see if the speciﬁed kernel module is available CLI Example:
 salt '*' kmod.check_available kvm salt.modules.kmod.is_loaded(mod) Check to see if the speciﬁed kernel module is loaded CLI Example:
 salt '*' kmod.is_loaded kvm salt.modules.kmod.load(mod, persist=False) Load the speciﬁed kernel module mod Name of module to add persist Write module to /etc/modules to make it load on system reboot CLI Example:
 salt '*' kmod.load kvm salt.modules.kmod.lsmod() Return a dict containing information about currently loaded modules CLI Example:
 salt '*' kmod.lsmod salt.modules.kmod.mod_list(only_persist=False) Return a list of the loaded module names CLI Example:
 salt '*' kmod.mod_list salt.modules.kmod.remove(mod, persist=False, comment=True) Remove the speciﬁed kernel module mod Name of module to remove persist Also remove module from /etc/modules comment If persist is set don't remove line from /etc/modules but only comment it CLI Example:
 salt '*' kmod.remove kvm
22.16. Full list of builtin execution modules 641 Salt Documentation, Release 2014.7.6
22.16.92 salt.modules.launchctl
Module for the management of MacOS systems that use launchd/launchctl depends • plistlib Python module salt.modules.launchctl.available(job_label) Check that the given service is available. CLI Example:
 salt '*' service.available com.openssh.sshd salt.modules.launchctl.get_all() Return all installed services CLI Example:
 salt '*' service.get_all salt.modules.launchctl.missing(job_label) e inverse of service.available Check that the given service is not available. CLI Example:
 salt '*' service.missing com.openssh.sshd salt.modules.launchctl.restart(job_label, runas=None) Restart the named service CLI Example:
 salt '*' service.restart  salt.modules.launchctl.start(job_label, runas=None) Start the speciﬁed service CLI Example:
 salt '*' service.start  salt '*' service.start org.ntp.ntpd salt '*' service.start /System/Library/LaunchDaemons/org.ntp.ntpd.plist salt.modules.launchctl.status(job_label, runas=None) Return the status for a service, returns a bool whether the service is running. CLI Example:
 salt '*' service.status  salt.modules.launchctl.stop(job_label, runas=None) Stop the speciﬁed service CLI Example:
 salt '*' service.stop  salt '*' service.stop org.ntp.ntpd salt '*' service.stop /System/Library/LaunchDaemons/org.ntp.ntpd.plist
642 Chapter 22. Reference Salt Documentation, Release 2014.7.6
22.16.93 salt.modules.layman
Support for Layman salt.modules.layman.add(overlay) Add the given overlay from the cached remote list to your locally installed overlays. Specify `ALL' to add all overlays from the remote list. Return a list of the new overlay(s) added: CLI Example:
 salt '*' layman.add  salt.modules.layman.delete(overlay) Remove the given overlay from the your locally installed overlays. Specify `ALL' to remove all overlays. Return a list of the overlays(s) that were removed: CLI Example:
 salt '*' layman.delete  salt.modules.layman.list_local() List the locally installed overlays. Return a list of installed overlays: CLI Example:
 salt '*' layman.list_local salt.modules.layman.sync(overlay='ALL') Update the speciﬁed overlay. Use `ALL' to synchronize all overlays. is is the default if no overlay is speciﬁed. overlay Name of the overlay to sync. (Defaults to `ALL') CLI Example:
 salt '*' layman.sync
22.16.94 salt.modules.ldapmod
Salt interface to LDAP commands depends • ldap Python module conﬁguration In order to connect to LDAP, certain conﬁguration is required in the minion conﬁg on the LDAP server. e minimum conﬁguration items that must be set are:
 ldap.basedn: dc=acme,dc=com (example values, adjust to suit)
If your LDAP server requires authentication then you must also set:
 ldap.anonymous: False ldap.binddn: admin ldap.bindpw: password
In addition, the following optional values may be set:
22.16. Full list of builtin execution modules 643 Salt Documentation, Release 2014.7.6
 ldap.server: localhost (default=localhost, see warning below) ldap.port: 389 (default=389, standard port) ldap.tls: False (default=False, no TLS) ldap.no_verify: False (default=False, verify TLS) ldap.anonymous: True (default=True, bind anonymous) ldap.scope: 2 (default=2, ldap.SCOPE_SUBTREE) ldap.attrs: [saltAttr] (default=None, return all attributes)
Warning: At the moment this module only recommends connection to LDAP services listening on localhost. is is deliberate to avoid the potentially dangerous situation of multiple minions sending identical update com- mands to the same LDAP server. It's easy enough to override this behavior, but badness may ensue - you have been warned. salt.modules.ldapmod.search(ﬁlter, dn=None, scope=None, ars=None, **kwargs) Run an arbitrary LDAP query and return the results. CLI Example:
 salt 'ldaphost' ldap.search "filter=cn=myhost"
Return data:
{'myhost':{'count': 1, 'results': [['cn=myhost,ou=hosts,o=acme,c=gb', {'saltKeyValue':['ntpserver=ntp.acme.local', 'foo=myfoo'], 'saltState':['foo', 'bar']}]], 'time':{'human': '1.2ms', 'raw': '0.00123'}}}
Search and connection options can be overridden by specifying the relevant option as key=value pairs, for example:
 salt 'ldaphost' ldap.search filter=cn=myhost dn=ou=hosts,o=acme,c=gb scope=1 attrs='' server='localhost' port='7393' tls=True bindpw='ssh'
22.16.95 salt.modules.linux_acl
Support for Linux File Access Control Lists salt.modules.linux_acl.delfacl(acl_type, acl_name, *args) Remove speciﬁc FACL from the speciﬁed ﬁle(s) CLI Examples:
 salt '*' acl.delfacl user myuser /tmp/house/kitchen salt '*' acl.delfacl default:group mygroup /tmp/house/kitchen salt '*' acl.delfacl d:u myuser /tmp/house/kitchen salt '*' acl.delfacl g myuser /tmp/house/kitchen /tmp/house/livingroom salt.modules.linux_acl.getfacl(*args) Return (extremely verbose) map of FACLs on speciﬁed ﬁle(s) CLI Examples:
 salt '*' acl.getfacl /tmp/house/kitchen salt '*' acl.getfacl /tmp/house/kitchen /tmp/house/livingroom
644 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.linux_acl.modfacl(acl_type, acl_name, perms, *args) Add or modify a FACL for the speciﬁed ﬁle(s) CLI Examples:
 salt '*' acl.addfacl user myuser rwx /tmp/house/kitchen salt '*' acl.addfacl default:group mygroup rx /tmp/house/kitchen salt '*' acl.addfacl d:u myuser 7 /tmp/house/kitchen salt '*' acl.addfacl g mygroup 0 /tmp/house/kitchen /tmp/house/livingroom salt.modules.linux_acl.version() Return facl version from getfacl --version CLI Example:
 salt '*' acl.version salt.modules.linux_acl.wipefacls(*args) Remove all FACLs from the speciﬁed ﬁle(s) CLI Examples:
 salt '*' acl.wipefacls /tmp/house/kitchen salt '*' acl.wipefacls /tmp/house/kitchen /tmp/house/livingroom
22.16.96 salt.modules.linux_lvm
Support for Linux LVM2 salt.modules.linux_lvm.fullversion() Return all version info from lvm version CLI Example:
 salt '*' lvm.fullversion salt.modules.linux_lvm.lvcreate(lvname, vgname, size=None, extents=None, snapshot=None, pv=None, **kwargs) Create a new logical volume, with option for which physical volume to be used CLI Examples:
 salt '*' lvm.lvcreate new_volume_name vg_name size=10G salt '*' lvm.lvcreate new_volume_name vg_name extents=100 pv=/dev/sdb salt '*' lvm.lvcreate new_snapshot vg_name snapshot=volume_name size=3G salt.modules.linux_lvm.lvdisplay(lvname='`) Return information about the logical volume(s) CLI Examples:
 salt '*' lvm.lvdisplay salt '*' lvm.lvdisplay /dev/vg_myserver/root salt.modules.linux_lvm.lvremove(lvname, vgname) Remove a given existing logical volume from a named existing volume group CLI Example:
 salt '*' lvm.lvremove lvname vgname force=True
22.16. Full list of builtin execution modules 645 Salt Documentation, Release 2014.7.6 salt.modules.linux_lvm.pvcreate(devices, **kwargs) Set a physical device to be used as an LVM physical volume CLI Examples:
 salt mymachine lvm.pvcreate /dev/sdb1,/dev/sdb2 salt mymachine lvm.pvcreate /dev/sdb1 dataalignmentoffset=7s salt.modules.linux_lvm.pvdisplay(pvname='`) Return information about the physical volume(s) CLI Examples:
 salt '*' lvm.pvdisplay salt '*' lvm.pvdisplay /dev/md0 salt.modules.linux_lvm.pvremove(devices) Remove a physical device being used as an LVM physical volume CLI Examples:
 salt mymachine lvm.pvremove /dev/sdb1,/dev/sdb2 salt.modules.linux_lvm.version() Return LVM version from lvm version CLI Example:
 salt '*' lvm.version salt.modules.linux_lvm.vgcreate(vgname, devices, **kwargs) Create an LVM volume group CLI Examples:
 salt mymachine lvm.vgcreate my_vg /dev/sdb1,/dev/sdb2 salt mymachine lvm.vgcreate my_vg /dev/sdb1 clustered=y salt.modules.linux_lvm.vgdisplay(vgname='`) Return information about the volume group(s) CLI Examples:
 salt '*' lvm.vgdisplay salt '*' lvm.vgdisplay nova-volumes salt.modules.linux_lvm.vgremove(vgname) Remove an LVM volume group CLI Examples:
 salt mymachine lvm.vgremove vgname salt mymachine lvm.vgremove vgname force=True
22.16.97 salt.modules.linux_sysctl
Module for viewing and modifying sysctl parameters salt.modules.linux_sysctl.assign(name, value) Assign a single sysctl parameter for this minion
646 Chapter 22. Reference Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' sysctl.assign net.ipv4.ip_forward 1 salt.modules.linux_sysctl.default_config() Linux hosts using systemd 207 or later ignore /etc/sysctl.conf and only load from /etc/sysctl.d/*.conf. is function will do the proper checks and return a default conﬁg ﬁle which will be valid for the Minion. Hosts running systemd >= 207 will use /etc/sysctl.d/99-salt.conf. CLI Example:
 salt -G 'kernel:Linux' sysctl.default_config salt.modules.linux_sysctl.get(name) Return a single sysctl parameter for this minion CLI Example:
 salt '*' sysctl.get net.ipv4.ip_forward salt.modules.linux_sysctl.persist(name, value, conﬁg=None) Assign and persist a simple sysctl parameter for this minion. If config is not speciﬁed, a sensible default will be chosen using sysctl.default_config. CLI Example:
 salt '*' sysctl.persist net.ipv4.ip_forward 1 salt.modules.linux_sysctl.show(conﬁg_ﬁle=False) Return a list of sysctl parameters for this minion conﬁg: Pull the data from the system conﬁguration ﬁle instead of the live data. CLI Example:
 salt '*' sysctl.show
22.16.98 salt.modules.localemod
Module for managing locales on POSIX-like systems. salt.modules.localemod.avail(locale) Check if a locale is available. New in version 2014.7.0. CLI Example:
 salt '*' locale.avail 'en_US.UTF-8' salt.modules.localemod.gen_locale(locale) Generate a locale. New in version 2014.7.0. Parameters locale -- Any locale listed in /usr/share/i18n/locales or /usr/share/i18n/SUPPORTED for debian and gentoo based distros CLI Example:
22.16. Full list of builtin execution modules 647 Salt Documentation, Release 2014.7.6
 salt '*' locale.gen_locale en_US.UTF-8 salt '*' locale.gen_locale 'en_IE@euro ISO-8859-15' salt.modules.localemod.get_locale() Get the current system locale CLI Example:
 salt '*' locale.get_locale salt.modules.localemod.list_avail() Lists available (compiled) locales CLI Example:
 salt '*' locale.list_avail salt.modules.localemod.set_locale(locale) Sets the current system locale CLI Example:
 salt '*' locale.set_locale 'en_US.UTF-8'
22.16.99 salt.modules.locate
Module for using the locate utilities salt.modules.locate.locate(paern, database='`, limit=0, **kwargs) Performs a ﬁle lookup. Valid options (and their defaults) are:
 basename=False count=False existing=False follow=True ignore=False nofollow=False wholename=True regex=False database= limit=
See the manpage for locate(1) for further explanation of these options. CLI Example:
 salt '*' locate.locate salt.modules.locate.stats() Returns statistics about the locate database CLI Example:
 salt '*' locate.stats salt.modules.locate.updatedb() Updates the locate database CLI Example:
648 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' locate.updatedb salt.modules.locate.version() Returns the version of locate CLI Example:
 salt '*' locate.version
22.16.100 salt.modules.logadm
Module for managing Solaris logadm based log rotations. salt.modules.logadm.remove(name, conf_ﬁle='/etc/logadm.conf') Remove log paern from logadm CLI Example:
 salt '*' logadm.remove myapplog salt.modules.logadm.rotate(name, paern=False, count=False, age=False, size=False, copy=True, conf_ﬁle='/etc/logadm.conf') Set up paern for logging. CLI Example:
 salt '*' logadm.rotate myapplog pattern='/var/log/myapp/*.log' count=7 salt.modules.logadm.show_conf(conf_ﬁle='/etc/logadm.conf') Show parsed conﬁguration CLI Example:
 salt '*' logadm.show_conf
22.16.101 salt.modules.logrotate
Module for managing logrotate. salt.modules.logrotate.set_(key, value, seing=None, conf_ﬁle='/etc/logrotate.conf') Set a new value for a speciﬁc conﬁguration line CLI Example:
 salt '*' logrotate.set rotate 2
Can also be used to set a single value inside a multiline conﬁguration block. For instance, to change rotate in the following block:
/var/log/wtmp { monthly create 0664 root root rotate 1 }
Use the following command:
22.16. Full list of builtin execution modules 649 Salt Documentation, Release 2014.7.6
 salt '*' logrotate.set /var/log/wtmp rotate 2
is module also has the ability to scan ﬁles inside an include directory, and make changes in the appropriate ﬁle. salt.modules.logrotate.show_conf(conf_ﬁle='/etc/logrotate.conf') Show parsed conﬁguration CLI Example:
 salt '*' logrotate.show_conf
22.16.102 salt.modules.lvs
Support for LVS (Linux Virtual Server) salt.modules.lvs.add_server(protocol=None, service_address=None, server_address=None, packet_forward_method='dr', weight=1, **kwargs) Add a real server to a virtual service. protocol e service protocol(only support tcp, udp and fwmark service). service_address e LVS service address. server_address e real server address. paet_forward_method e LVS packet forwarding method(dr for direct routing, tunnel for tunneling, nat for network access translation). weight e capacity of a server relative to the others in the pool. CLI Example:
 salt '*' lvs.add_server tcp 1.1.1.1:80 192.168.0.11:8080 nat 1 salt.modules.lvs.add_service(protocol=None, service_address=None, scheduler='wlc') Add a virtual service. protocol e service protocol(only support tcp, udp and fwmark service). service_address e LVS service address. seduler Algorithm for allocating TCP connections and UDP datagrams to real servers. CLI Example:
 salt '*' lvs.add_service tcp 1.1.1.1:80 rr salt.modules.lvs.check_server(protocol=None, service_address=None, server_address=None, **kwargs) Check the real server exists in the speciﬁed service. CLI Example:
 salt '*' lvs.check_server tcp 1.1.1.1:80 192.168.0.11:8080 salt.modules.lvs.check_service(protocol=None, service_address=None, **kwargs) Check the virtual service exists. CLI Example:
650 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' lvs.check_service tcp 1.1.1.1:80 salt.modules.lvs.clear() Clear the virtual server table CLI Example:
 salt '*' lvs.clear salt.modules.lvs.delete_server(protocol=None, service_address=None, server_address=None) Delete the realserver from the virtual service. protocol e service protocol(only support tcp, udp and fwmark service). service_address e LVS service address. server_address e real server address. CLI Example:
 salt '*' lvs.delete_server tcp 1.1.1.1:80 192.168.0.11:8080 salt.modules.lvs.delete_service(protocol=None, service_address=None) Delete the virtual service. protocol e service protocol(only support tcp, udp and fwmark service). service_address e LVS service address. CLI Example:
 salt '*' lvs.delete_service tcp 1.1.1.1:80 salt.modules.lvs.edit_server(protocol=None, service_address=None, server_address=None, packet_forward_method=None, weight=None, **kwargs) Edit a real server to a virtual service. protocol e service protocol(only support tcp, udp and fwmark service). service_address e LVS service address. server_address e real server address. paet_forward_method e LVS packet forwarding method(dr for direct routing, tunnel for tunneling, nat for network access translation). weight e capacity of a server relative to the others in the pool. CLI Example:
 salt '*' lvs.edit_server tcp 1.1.1.1:80 192.168.0.11:8080 nat 1 salt.modules.lvs.edit_service(protocol=None, service_address=None, scheduler=None) Edit the virtual service. protocol e service protocol(only support tcp, udp and fwmark service). service_address e LVS service address. seduler Algorithm for allocating TCP connections and UDP datagrams to real servers. CLI Example:
 salt '*' lvs.edit_service tcp 1.1.1.1:80 rr
22.16. Full list of builtin execution modules 651 Salt Documentation, Release 2014.7.6 salt.modules.lvs.get_rules() Get the virtual server rules CLI Example:
 salt '*' lvs.get_rules salt.modules.lvs.list_(protocol=None, service_address=None) List the virtual server table if service_address is not speciﬁed. If a service_address is selected, list this service only. CLI Example:
 salt '*' lvs.list salt.modules.lvs.zero(protocol=None, service_address=None) Zero the packet, byte and rate counters in a service or all services. CLI Example:
 salt '*' lvs.zero
22.16.103 salt.modules.lxc
Control Linux Containers via Salt depends lxc package for distribution lxc >= 1.0 (even beta alpha) is required salt.modules.lxc.attachable(name) Return True if the named container can be aached to via the lxc-aach command CLI Example:
 salt 'minion' lxc.attachable ubuntu salt.modules.lxc.bootstrap(name, conﬁg=None, approve_key=True, install=True, pub_key=None, priv_key=None, bootstrap_url=None, force_install=False, uncondi- tional_install=False, bootstrap_args=None, bootstrap_shell=None) Install and conﬁgure salt in a container.
 salt 'minion' lxc.bootstrap name [config=config_data] \ [approve_key=(True|False)] [install=(True|False)]
 conﬁg Minion conﬁguration options. By default, the master option is set to the target host's master. approve_key Request a pre-approval of the generated minion key. Requires that the salt-master be conﬁgured to either auto-accept all keys or expect a signing request from the target host. Default: True pub_key Explicit public key to pressed the minion with (optional). is can be either a ﬁlepath or a string representing the key priv_key Explicit private key to pressed the minion with (optional). is can be either a ﬁlepath or a string representing the key bootstrap_url url, content or ﬁlepath to the salt bootstrap script bootstrap_args salt bootstrap script arguments bootstrap_shell shell to execute the script into
652 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 install Whether to aempt a full installation of salt-minion if needed. force_install Force installation even if salt-minion is detected, this is the way to run vendor bootstrap scripts even if a salt minion is already present in the container unconditional_install Run the script even if the container seems seeded
CLI Example:
 salt '*' lxc.bootstrap ubuntu salt.modules.lxc.clone(name, orig, snapshot=False, proﬁle=None, **kwargs) Create a new container. CLI Example:
 salt 'minion' lxc.clone name orig [snapshot=(True|False)] \ [size=filesystem_size] [vgname=volume_group] \ [profile=profile_name]
 name Name of the container. orig Name of the cloned original container snapshot Do we use Copy On Write snapshots (LVM) size Size of the container vgname LVM volume group(lxc) proﬁle A LXC proﬁle (deﬁned in conﬁg or pillar).
CLI Example:
 salt '*' lxc.clone myclone ubuntu "snapshot=True" salt.modules.lxc.cloud_init(name, vm_=None, **kwargs) in wrapper to lxc.init to be used from the saltcloud lxc driver CLI Example:
 salt '*' lxc.cloud_init foo
 name Name of the container. May be None and then guessed from saltcloud mapping. vm_ saltcloud mapping defaults for the vm salt.modules.lxc.cloud_init_interface(name, vm_=None, **kwargs) Interface between salt.cloud.lxc driver and lxc.init vm_ is a mapping of vm opts in the salt.cloud format as documented for the lxc driver. is can be used either: •from the salt cloud driver •because you ﬁnd the argument to give easier here than using directly lxc.init
WARNING: BE REALLY CAREFUL CHANGING DEFAULTS ‼! IT'S A RETRO COMPATIBLE INTERFACE WITH THE SALT CLOUD DRIVER (ask kiorky).
CLI Example:
22.16. Full list of builtin execution modules 653 Salt Documentation, Release 2014.7.6
 salt '*' lxc.cloud_init_interface foo
 name name of the lxc container to create from_container which container we use as a template when running lxc.clone image which template do we use when we are using lxc.create. is is the default mode unless you specify something in from_container baing which backing store to use. Values can be: overlayfs, dir(default), lvm, zfs, brtfs fstype When using a blockdevice level backing store, which ﬁlesystem to use on size When using a blockdevice level backing store, which size for the ﬁlesystem to use on snapshot Use snapshot when cloning the container source vgname if using LVM: vgname lgname if using LVM: lvname pub_key public key to preseed the minion with. Can be the keycontent or a ﬁlepath priv_key private key to preseed the minion with. Can be the keycontent or a ﬁlepath ip ip for the primary nic mac mac for the primary nic netmask netmask for the primary nic (24) = vm_.get('netmask', '24') bridge bridge for the primary nic (lxcbr0) gateway network gateway for the container additional_ips additionnal ips which will be wired on the main bridge (br0) which is connected to internet. Be aware that you may use manual virtual mac addresses providen by you provider (online, ovh, etc). is is a list of mappings {ip: `', mac: `',netmask:'`} Set gateway to None and an interface with a gateway to escape from another interface that eth0. eg:
- {'mac': '00:16:3e:01:29:40', 'gateway': None, (default) 'link': 'br0', (default) 'netmask': '', (default) 'ip': '22.1.4.25'}
 unconditional_install given to lxc.bootstrap (see relative doc) force_install given to lxc.bootstrap (see relative doc) conﬁg any extra argument for the salt minion conﬁg dnsservers dns servers to set inside the container autostart autostart the container at boot time password administrative password for the container users administrative users for the container default: [root] and [root, ubuntu] on ubuntu salt.modules.lxc.cp(name, src, dest) Copy a ﬁle or directory from the host into a container CLI Example:
654 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt 'minion' lxc.cp /tmp/foo /root/foo salt.modules.lxc.create(name, conﬁg=None, proﬁle=None, options=None, **kwargs) Create a new container. CLI Example:
 salt 'minion' lxc.create name [config=config_file] \ [profile=profile] [template=template_name] \ [backing=backing_store] [vgname=volume_group] \ [size=filesystem_size] [options=template_options]
 name Name of the container. conﬁg e conﬁg ﬁle to use for the container. Defaults to system-wide conﬁg (usually in /etc/lxc/lxc.con). proﬁle A LXC proﬁle (deﬁned in conﬁg or pillar). template e template to use. E.g., `ubuntu' or `fedora'. baing e type of storage to use. Set to `lvm' to use an LVM group. Defaults to ﬁlesystem within /var/lib/lxc/. vgname Name of the LVM volume group in which to create the volume for this container. Only applicable if backing=lvm. Defaults to `lxc'. fstype fstype to use on LVM lv. size Size of the volume to create. Only applicable if backing=lvm. Defaults to 1G. options Template speciﬁc options to pass to the lxc-create command. salt.modules.lxc.destroy(name, stop=True) Destroy the named container. WARNING: Destroys all data associated with the container. CLI Example:
 salt '*' lxc.destroy name [stop=(True|False)] salt.modules.lxc.edit_conf(conf_ﬁle, out_format='simple', **kwargs) Edit an LXC conﬁguration ﬁle. If a seing is already present inside the ﬁle, its value will be replaced. If it does not exist, it will be appended to the end of the ﬁle. Comments and blank lines will be kept in-tact if they already exist in the ﬁle. Aer the ﬁle is edited, its contents will be returned. By default, it will be returned in simple format, meaning an unordered dict (which may not represent the actual ﬁle order). Passing in an out_format of commented will return a data structure which accurately represents the order and content of the ﬁle. CLI Examples:
 salt 'minion' lxc.edit_conf /etc/lxc/mycontainer.conf out_format=commented lxc.network.type=veth salt.modules.lxc.exists(name) Returns whether the named container exists. CLI Example:
 salt '*' lxc.exists name salt.modules.lxc.freeze(name) Freeze the named container. CLI Example:
22.16. Full list of builtin execution modules 655 Salt Documentation, Release 2014.7.6
 salt '*' lxc.freeze name salt.modules.lxc.get_base(**kwargs) If the needed base does not exist, then create it, if it does exist create nothing and return the name of the base lxc container so it can be cloned. CLI Example:
 salt 'minion' lxc.init name [cpuset=cgroups_cpuset] \ [nic=nic_profile] [profile=lxc_profile] \ [nic_opts=nic_opts] [image=network image path]\ [seed=(True|False)] [install=(True|False)] \ [config=minion_config] salt.modules.lxc.get_parameter(name, parameter) Returns the value of a cgroup parameter for a container. CLI Example:
 salt '*' lxc.get_parameter name parameter salt.modules.lxc.info(name) Returns information about a container. CLI Example:
 salt '*' lxc.info name salt.modules.lxc.init(name, cpuset=None, cpushare=None, memory=None, nic='default', pro- ﬁle=None, nic_opts=None, cpu=None, autostart=True, password=None, users=None, dnsservers=None, bridge=None, gateway=None, pub_key=None, priv_key=None, force_install=False, unconditional_install=False, boot- strap_args=None, bootstrap_shell=None, bootstrap_url=None, **kwargs) Initialize a new container. is is a partial idempotent function as if it is already provisioned, we will reset a bit the lxc conﬁguration ﬁle but much of the hard work will be escaped as markers will prevent re-execution of harmful tasks. CLI Example:
 salt 'minion' lxc.init name [cpuset=cgroups_cpuset] \ [cpushare=cgroups_cpushare] [memory=cgroups_memory] \ [nic=nic_profile] [profile=lxc_profile] \ [nic_opts=nic_opts] [start=(True|False)] \ [seed=(True|False)] [install=(True|False)] \ [config=minion_config] [approve_key=(True|False) \ [clone=original] [autostart=True] \ [priv_key=/path_or_content] [pub_key=/path_or_content] \ [bridge=lxcbr0] [gateway=10.0.3.1] \ [dnsservers[dns1,dns2]] \ [users=[foo]] password='secret'
 name Name of the container. cpus Select a random number of cpu cores and assign it to the cpuset, if the cpuset option is set then this option will be ignored cpuset Explicitly deﬁne the cpus this container will be bound to cpushare cgroups cpu shares.
656 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 autostart autostart container on reboot memory cgroups memory limit, in MB. (0 for nolimit, None for old default 1024MB) gateway the ipv4 gateway to use the default does nothing more than lxcutils does bridge the bridge to use the default does nothing more than lxcutils does nic Network interfaces proﬁle (deﬁned in conﬁg or pillar). users Sysadmins users to set the administrative password to e.g. [root, ubuntu, sysadmin], default [root] and [root, ubuntu] on ubuntu password Set the initial password for default sysadmin users, at least root but also can be used for sudoers, e.g. [root, ubuntu, sysadmin] proﬁle A LXC proﬁle (deﬁned in conﬁg or pillar). is can be either a real proﬁle mapping or a string to retrieve it in conﬁguration nic_opts Extra options for network interfaces. E.g: {"eth0": {"mac": "aa:bb:cc:dd:ee:ff", "ipv4": "10.1.1.1", "ipv6": "2001:db8::ff00:42:8329"}} or {"eth0": {"mac": "aa:bb:cc:dd:ee:ff", "ipv4": "10.1.1.1/24", "ipv6": "2001:db8::ff00:42:8329"}} start Start the newly created container. dnsservers list of dns servers to set in the container, default [] (no seing) seed Seed the container with the minion conﬁg. Default: True install If salt-minion is not already installed, install it. Default: True conﬁg Optional conﬁg parameters. By default, the id is set to the name of the container. pub_key Explicit public key to preseed the minion with (optional). is can be either a ﬁlepath or a string representing the key priv_key Explicit private key to preseed the minion with (optional). is can be either a ﬁlepath or a string representing the key approve_key If explicit preseeding is not used; Aempt to request key approval from the master. Default: True clone Original from which to use a clone operation to create the container. Default: None bootstrap_url See lxc.bootstrap * bootstrap_shell See lxc.bootstrap bootstrap_args See lxc.bootstrap force_install Force installation even if salt-minion is detected, this is the way to run vendor bootstrap scripts even if a salt minion is already present in the container unconditional_install Run the script even if the container seems seeded salt.modules.lxc.list_(extra=False) List deﬁned containers classiﬁed by status. Status can be running, stopped, and frozen. extra Also get per container speciﬁc info at once. Warning: it will not return a collection of list but a collection of mappings by status and then per container name:
22.16. Full list of builtin execution modules 657 Salt Documentation, Release 2014.7.6
{'running': ['foo']} # normal mode {'running': {'foo': {'info1': 'bar'}} # extra mode
CLI Example:
 salt '*' lxc.list salt '*' lxc.list extra=True salt.modules.lxc.ls() Return just a list of the containers available CLI Example:
 salt '*' lxc.ls salt.modules.lxc.read_conf(conf_ﬁle, out_format='simple') Read in an LXC conﬁguration ﬁle. By default returns a simple, unsorted dict, but can also return a more detailed structure including blank lines and comments. CLI Examples:
 salt 'minion' lxc.read_conf /etc/lxc/mycontainer.conf salt 'minion' lxc.read_conf /etc/lxc/mycontainer.conf out_format=commented salt.modules.lxc.run_cmd(name, cmd, no_start=False, preserve_state=True, stdout=True, stderr=False, use_vt=False, keep_env='hp_proxy, hps_proxy, no_proxy') Run a command inside the container. CLI Example:
 salt 'minion' name command [no_start=(True|False)] \ [preserve_state=(True|False)] [stdout=(True|False)] \ [stderr=(True|False)]
 name Name of the container on which to operate. cmd Command to run no_start If the container is not running, don't start it. Default: False preserve_state Aer running the command, return the container to its previous state. Default: True stdout: Return stdout. Default: True stderr: Return stderr. Default: False use_vt use saltstack utils.vt to stream output to console keep_env A list of env vars to preserve. May be passed as commma-delimited list. Defaults to hp_proxy,hps_proxy.
Note: If stderr and stdout are both False, the return code is returned. If stderr and stdout are both True, the pid and return code are also returned. salt.modules.lxc.set_dns(name, dnsservers=None, searchdomains=None) Update container DNS conﬁguration and possibly also resolv.conf one. CLI Example:
658 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt-call -lall lxc.set_dns ubuntu ['8.8.8.8', '4.4.4.4'] salt.modules.lxc.set_parameter(name, parameter, value) Set the value of a cgroup parameter for a container. CLI Example:
 salt '*' lxc.set_parameter name parameter value salt.modules.lxc.set_pass(name, users, password) Set the password of one or more system users inside containers CLI Example:
 salt '*' lxc.set_pass container-name root foo salt.modules.lxc.start(name, restart=False) Start the named container. CLI Example:
 salt '*' lxc.start name salt.modules.lxc.state(name) Returns the state of a container. CLI Example:
 salt '*' lxc.state name salt.modules.lxc.stop(name, kill=True) Stop the named container. CLI Example:
 salt '*' lxc.stop name salt.modules.lxc.templates(templates_dir='/usr/share/lxc/templates') Returns a list of existing templates CLI Example:
 salt '*' lxc.templates salt.modules.lxc.unfreeze(name) Unfreeze the named container. CLI Example:
 salt '*' lxc.unfreeze name salt.modules.lxc.update_lxc_conf(name, lxc_conf, lxc_conf_unset) Edit LXC conﬁguration options CLI Example:
 salt-call -lall lxc.update_lxc_conf ubuntu lxc_conf="[{'network.ipv4.ip':'10.0.3.5'}]" lxc_conf_unset="['lxc.utsname']" salt.modules.lxc.write_conf(conf_ﬁle, conf ) Write out an LXC conﬁguration ﬁle is is normally only used internally. e format of the data structure must match that which is returned from lxc.read_conf(), with out_format set to commented.
22.16. Full list of builtin execution modules 659 Salt Documentation, Release 2014.7.6
An example might look like:
[ {'lxc.utsname': '$CONTAINER_NAME'}, '# This is a commented line\n', '\n', {'lxc.mount': '$CONTAINER_FSTAB'}, {'lxc.rootfs':{'comment': 'This is another test', 'value': 'This is another test'}}, '\n', {'lxc.network.type': 'veth'}, {'lxc.network.flags': 'up'}, {'lxc.network.link': 'br0'}, {'lxc.network.hwaddr': '$CONTAINER_MACADDR'}, {'lxc.network.ipv4': '$CONTAINER_IPADDR'}, {'lxc.network.name': '$CONTAINER_DEVICENAME'}, ]
CLI Examples:
 salt 'minion' lxc.write_conf /etc/lxc/mycontainer.conf \ out_format=commented
22.16.104 salt.modules.mac_group
Manage groups on Mac OS 10.7+ salt.modules.mac_group.add(name, gid=None, **kwargs) Add the speciﬁed group CLI Example:
 salt '*' group.add foo 3456 salt.modules.mac_group.chgid(name, gid) Change the gid for a named group CLI Example:
 salt '*' group.chgid foo 4376 salt.modules.mac_group.delete(name) Remove the named group CLI Example:
 salt '*' group.delete foo salt.modules.mac_group.getent(refresh=False) Return info on all groups CLI Example:
 salt '*' group.getent salt.modules.mac_group.info(name) Return information about a group CLI Example:
660 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' group.info foo
22.16.105 salt.modules.mac_user
Manage users on Mac OS 10.7+ salt.modules.mac_user.add(name, uid=None, gid=None, groups=None, home=None, shell=None, full- name=None, createhome=True, **kwargs) Add a user to the minion CLI Example:
 salt '*' user.add name      salt.modules.mac_user.chfullname(name, fullname) Change the user's Full Name CLI Example:
 salt '*' user.chfullname foo 'Foo Bar' salt.modules.mac_user.chgid(name, gid) Change the default group of the user CLI Example:
 salt '*' user.chgid foo 4376 salt.modules.mac_user.chgroups(name, groups, append=False) Change the groups to which the user belongs. Note that the user's primary group does not have to be one of the groups passed, membership in the user's primary group is automatically assumed. groups Groups to which the user should belong, can be passed either as a python list or a comma-separated string append Instead of removing user from groups not included in the groups parameter, just add user to any groups for which they are not members CLI Example:
 salt '*' user.chgroups foo wheel,root salt.modules.mac_user.chhome(name, home) Change the home directory of the user CLI Example:
 salt '*' user.chhome foo /Users/foo salt.modules.mac_user.chshell(name, shell) Change the default shell of the user CLI Example:
 salt '*' user.chshell foo /bin/zsh salt.modules.mac_user.chuid(name, uid) Change the uid for a named user CLI Example:
22.16. Full list of builtin execution modules 661 Salt Documentation, Release 2014.7.6
 salt '*' user.chuid foo 4376 salt.modules.mac_user.delete(name, *args) Remove a user from the minion CLI Example: salt '*' user.delete foo salt.modules.mac_user.getent(refresh=False) Return the list of all info for all users CLI Example: salt '*' user.getent salt.modules.mac_user.info(name) Return user information CLI Example: salt '*' user.info root salt.modules.mac_user.list_groups(name) Return a list of groups the named user belongs to CLI Example: salt '*' user.list_groups foo salt.modules.mac_user.list_users() Return a list of all users CLI Example: salt '*' user.list_users
22.16.106 salt.modules.macports
Support for MacPorts under Mac OSX. is module has some caveats. 1. Updating the database of available ports is quite resource-intensive. However, refresh=True is the default for all operations that need an up-to-date copy of available ports. Consider refresh=False when you are sure no db update is needed. 2. In some cases MacPorts doesn't always realize when another copy of itself is running and will gleefully tromp all over the available ports database. is makes MacPorts behave in undeﬁned ways until a fresh complete copy is retrieved. Because of 1 and 2 it is possible to get the salt-minion into a state where salt mac-machine pkg./something/ won't want to return. Use salt-run jobs.active on the master to check for potentially long-running calls to port. Finally, ports database updates are always handled with port selfupdate as opposed to port sync. is makes sense in the MacPorts user commmunity but may confuse experienced Linux admins as Linux package managers don't up- grade the packaging soware when doing a package database update. In other words salt mac-machine pkg.refresh_db is more like apt-get update; apt-get upgrade dpkg apt-get than simply apt-get update.
662 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.macports.available_version(*names, **kwargs) Return the latest version of the named package available for upgrade or installation Options: refresh Update ports with port selfupdate CLI Example:
 salt '*' pkg.latest_version  salt '*' pkg.latest_version    salt.modules.macports.install(name=None, refresh=False, pkgs=None, **kwargs) Install the passed package(s) with port install name e name of the formula to be installed. Note that this parameter is ignored if ``pkgs'' is passed. CLI Example:
 salt '*' pkg.install 
 version Specify a version to pkg to install. Ignored if pkgs is speciﬁed. CLI Example:
 salt '*' pkg.install  salt '*' pkg.install git-core version='1.8.5.5'
 variant Specify a variant to pkg to install. Ignored if pkgs is speciﬁed. CLI Example:
 salt '*' pkg.install  salt '*' pkg.install git-core version='1.8.5.5' variant='+credential_osxkeychain+doc+pcre'
Multiple Package Installation Options: pkgs A list of formulas to install. Must be passed as a python list. CLI Example:
 salt '*' pkg.install pkgs='["foo","bar"]' salt '*' pkg.install pkgs='["[emailprotected]","bar"]' salt '*' pkg.install pkgs='["[emailprotected]+ssl","[emailprotected]"]'
Returns a dict containing the new package names and versions:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' pkg.install 'package package package' salt.modules.macports.latest_version(*names, **kwargs) Return the latest version of the named package available for upgrade or installation Options: refresh Update ports with port selfupdate CLI Example:
22.16. Full list of builtin execution modules 663 Salt Documentation, Release 2014.7.6
 salt '*' pkg.latest_version  salt '*' pkg.latest_version    salt.modules.macports.list_pkgs(versions_as_list=False, **kwargs) List the packages currently installed in a dict:
{'': ''}
CLI Example:
 salt '*' pkg.list_pkgs salt.modules.macports.list_upgrades(refresh=True) Check whether or not an upgrade is available for all packages Options: refresh Update ports with port selfupdate CLI Example:
 salt '*' pkg.list_upgrades salt.modules.macports.refresh_db() Update ports with port selfupdate salt.modules.macports.remove(name=None, pkgs=None, **kwargs) Removes packages with port uninstall. name e name of the package to be deleted. Multiple Package Options: pkgs A list of packages to delete. Must be passed as a python list. e name parameter will be ignored if this option is passed. New in version 0.16.0. Returns a dict containing the changes. CLI Example:
 salt '*' pkg.remove  salt '*' pkg.remove ,, salt '*' pkg.remove pkgs='["foo", "bar"]' salt.modules.macports.upgrade(refresh=True) Run a full upgrade using MacPorts `port upgrade outdated' Options: refresh Update ports with port selfupdate Return a dict containing the new package names and versions:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' pkg.upgrade
664 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.macports.upgrade_available(pkg, refresh=True) Check whether or not an upgrade is available for a given package CLI Example:
 salt '*' pkg.upgrade_available  salt.modules.macports.version(*names, **kwargs) Returns a string representing the package version or an empty string if not installed. If more than one package name is speciﬁed, a dict of name/version pairs is returned. CLI Example:
 salt '*' pkg.version  salt '*' pkg.version   
22.16.107 salt.modules.makeconf
Support for modifying make.conf under Gentoo salt.modules.makeconf.append_cflags(value) Add to or create a new CFLAGS in the make.conf Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.append_cflags '-pipe' salt.modules.makeconf.append_cxxflags(value) Add to or create a new CXXFLAGS in the make.conf Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.append_cxxflags '-pipe' salt.modules.makeconf.append_emerge_default_opts(value) Add to or create a new EMERGE_DEFAULT_OPTS in the make.conf Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.append_emerge_default_opts '--jobs' salt.modules.makeconf.append_features(value) Add to or create a new FEATURES in the make.conf Return a dict containing the new value for variable:
22.16. Full list of builtin execution modules 665 Salt Documentation, Release 2014.7.6
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.append_features 'webrsync-gpg' salt.modules.makeconf.append_gentoo_mirrors(value) Add to or create a new GENTOO_MIRRORS in the make.conf Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.append_gentoo_mirrors 'http://distfiles.gentoo.org' salt.modules.makeconf.append_makeopts(value) Add to or create a new MAKEOPTS in the make.conf Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.append_makeopts '-j3' salt.modules.makeconf.append_var(var, value) Add to or create a new variable in the make.conf Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.append_var 'LINGUAS' 'en' salt.modules.makeconf.cflags_contains(value) Verify if CFLAGS variable contains a value in make.conf Return True if value is set for var CLI Example:
 salt '*' makeconf.cflags_contains '-pipe' salt.modules.makeconf.chost_contains(value) Verify if CHOST variable contains a value in make.conf Return True if value is set for var CLI Example:
 salt '*' makeconf.chost_contains 'x86_64-pc-linux-gnu'
666 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.makeconf.cxxflags_contains(value) Verify if CXXFLAGS variable contains a value in make.conf Return True if value is set for var CLI Example:
 salt '*' makeconf.cxxflags_contains '-pipe' salt.modules.makeconf.emerge_default_opts_contains(value) Verify if EMERGE_DEFAULT_OPTS variable contains a value in make.conf Return True if value is set for var CLI Example:
 salt '*' makeconf.emerge_default_opts_contains '--jobs' salt.modules.makeconf.features_contains(value) Verify if FEATURES variable contains a value in make.conf Return True if value is set for var CLI Example:
 salt '*' makeconf.features_contains 'webrsync-gpg' salt.modules.makeconf.gentoo_mirrors_contains(value) Verify if GENTOO_MIRRORS variable contains a value in make.conf Return True if value is set for var CLI Example:
 salt '*' makeconf.gentoo_mirrors_contains 'http://distfiles.gentoo.org' salt.modules.makeconf.get_cflags() Get the value of CFLAGS variable in the make.conf Return the value of the variable or None if the variable is not in the make.conf CLI Example:
 salt '*' makeconf.get_cflags salt.modules.makeconf.get_chost() Get the value of CHOST variable in the make.conf Return the value of the variable or None if the variable is not in the make.conf CLI Example:
 salt '*' makeconf.get_chost salt.modules.makeconf.get_cxxflags() Get the value of CXXFLAGS variable in the make.conf Return the value of the variable or None if the variable is not in the make.conf CLI Example:
 salt '*' makeconf.get_cxxflags
22.16. Full list of builtin execution modules 667 Salt Documentation, Release 2014.7.6 salt.modules.makeconf.get_emerge_default_opts() Get the value of EMERGE_DEFAULT_OPTS variable in the make.conf Return the value of the variable or None if the variable is not in the make.conf CLI Example:
 salt '*' makeconf.get_emerge_default_opts salt.modules.makeconf.get_features() Get the value of FEATURES variable in the make.conf Return the value of the variable or None if the variable is not in the make.conf CLI Example:
 salt '*' makeconf.get_features salt.modules.makeconf.get_gentoo_mirrors() Get the value of GENTOO_MIRRORS variable in the make.conf Return the value of the variable or None if the variable is not in the make.conf CLI Example:
 salt '*' makeconf.get_gentoo_mirrors salt.modules.makeconf.get_makeopts() Get the value of MAKEOPTS variable in the make.conf Return the value of the variable or None if the variable is not in the make.conf CLI Example:
 salt '*' makeconf.get_makeopts salt.modules.makeconf.get_sync() Get the value of SYNC variable in the make.conf Return the value of the variable or None if the variable is not in the make.conf CLI Example:
 salt '*' makeconf.get_sync salt.modules.makeconf.get_var(var) Get the value of a variable in make.conf Return the value of the variable or None if the variable is not in make.conf CLI Example:
 salt '*' makeconf.get_var 'LINGUAS' salt.modules.makeconf.makeopts_contains(value) Verify if MAKEOPTS variable contains a value in make.conf Return True if value is set for var CLI Example:
 salt '*' makeconf.makeopts_contains '-j3'
668 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.makeconf.remove_var(var) Remove a variable from the make.conf Return a dict containing the new value for the variable:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.remove_var 'LINGUAS' salt.modules.makeconf.set_cflags(value) Set the CFLAGS variable Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.set_cflags '-march=native -O2 -pipe' salt.modules.makeconf.set_chost(value) Set the CHOST variable Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.set_chost 'x86_64-pc-linux-gnu' salt.modules.makeconf.set_cxxflags(value) Set the CXXFLAGS variable Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.set_cxxflags '-march=native -O2 -pipe' salt.modules.makeconf.set_emerge_default_opts(value) Set the EMERGE_DEFAULT_OPTS variable Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.set_emerge_default_opts '--jobs' salt.modules.makeconf.set_gentoo_mirrors(value) Set the GENTOO_MIRRORS variable
22.16. Full list of builtin execution modules 669 Salt Documentation, Release 2014.7.6
Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.set_gentoo_mirrors 'http://distfiles.gentoo.org' salt.modules.makeconf.set_makeopts(value) Set the MAKEOPTS variable Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.set_makeopts '-j3' salt.modules.makeconf.set_sync(value) Set the SYNC variable Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.set_sync 'rsync://rsync.namerica.gentoo.org/gentoo-portage' salt.modules.makeconf.set_var(var, value) Set a variable in the make.conf Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.set_var 'LINGUAS' 'en' salt.modules.makeconf.sync_contains(value) Verify if SYNC variable contains a value in make.conf Return True if value is set for var CLI Example:
 salt '*' makeconf.sync_contains 'rsync://rsync.namerica.gentoo.org/gentoo-portage' salt.modules.makeconf.trim_cflags(value) Remove a value from CFLAGS variable in the make.conf Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
670 Chapter 22. Reference Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' makeconf.trim_cflags '-pipe' salt.modules.makeconf.trim_cxxflags(value) Remove a value from CXXFLAGS variable in the make.conf Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.trim_cxxflags '-pipe' salt.modules.makeconf.trim_emerge_default_opts(value) Remove a value from EMERGE_DEFAULT_OPTS variable in the make.conf Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.trim_emerge_default_opts '--jobs' salt.modules.makeconf.trim_features(value) Remove a value from FEATURES variable in the make.conf Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.trim_features 'webrsync-gpg' salt.modules.makeconf.trim_gentoo_mirrors(value) Remove a value from GENTOO_MIRRORS variable in the make.conf Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.trim_gentoo_mirrors 'http://distfiles.gentoo.org' salt.modules.makeconf.trim_makeopts(value) Remove a value from MAKEOPTS variable in the make.conf Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
CLI Example:
22.16. Full list of builtin execution modules 671 Salt Documentation, Release 2014.7.6
 salt '*' makeconf.trim_makeopts '-j3' salt.modules.makeconf.trim_var(var, value) Remove a value from a variable in the make.conf Return a dict containing the new value for variable:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' makeconf.trim_var 'LINGUAS' 'en' salt.modules.makeconf.var_contains(var, value) Verify if variable contains a value in make.conf Return True if value is set for var CLI Example:
 salt '*' makeconf.var_contains 'LINGUAS' 'en'
22.16.108 salt.modules.match
e match module allows for match routines to be run and determine target specs salt.modules.match.compound(tgt, minion_id=None) Return True if the minion ID matches the given compound target minion_id Specify the minion ID to match against the target expression New in version 2014.7.0. CLI Example:
 salt '*' match.compound 'L@cheese,foo and *' salt.modules.match.data(tgt) Return True if the minion matches the given data target CLI Example:
 salt '*' match.data 'spam:eggs' salt.modules.match.filter_by(lookup, expr_form='compound', minion_id=None) Return the ﬁrst match in a dictionary of target paerns New in version 2014.7.0. CLI Example:
 salt '*' match.filter_by '{foo*: Foo!, bar*: Bar!}' minion_id=bar03
Pillar Example:
{% set roles = salt['match.filter_by']({ 'web*': ['app', 'caching'], 'db*': ['db'], }) %}
672 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.match.glob(tgt, minion_id=None) Return True if the minion ID matches the given glob target minion_id Specify the minion ID to match against the target expression New in version 2014.7.0. CLI Example:
 salt '*' match.glob '*' salt.modules.match.grain(tgt, delimiter=':', delim=None) Return True if the minion matches the given grain target. e delimiter argument can be used to specify a diﬀerent delimiter. CLI Example:
 salt '*' match.grain 'os:Ubuntu' salt '*' match.grain 'ipv6|2001:db8::ff00:42:8329' delimiter='|'
 delimiter Specify an alternate delimiter to use when traversing a nested dict New in version 2014.7.0. delim Specify an alternate delimiter to use when traversing a nested dict New in version 0.16.4. Deprecated since version 2014.7.0. salt.modules.match.grain_pcre(tgt, delimiter=':', delim=None) Return True if the minion matches the given grain_pcre target. e delimiter argument can be used to specify a diﬀerent delimiter. CLI Example:
 salt '*' match.grain_pcre 'os:Fedo.*' salt '*' match.grain_pcre 'ipv6|2001:.*' delimiter='|'
 delimiter Specify an alternate delimiter to use when traversing a nested dict New in version 2014.7.0. delim Specify an alternate delimiter to use when traversing a nested dict New in version 0.16.4. Deprecated since version 2014.7.0. salt.modules.match.ipcidr(tgt) Return True if the minion matches the given ipcidr target CLI Example:
 salt '*' match.ipcidr '192.168.44.0/24' salt.modules.match.list_(tgt, minion_id=None) Return True if the minion ID matches the given list target minion_id Specify the minion ID to match against the target expression New in version 2014.7.0.
22.16. Full list of builtin execution modules 673 Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' match.list 'server1,server2' salt.modules.match.pcre(tgt, minion_id=None) Return True if the minion ID matches the given pcre target minion_id Specify the minion ID to match against the target expression New in version 2014.7.0. CLI Example:
 salt '*' match.pcre '.*' salt.modules.match.pillar(tgt, delimiter=':', delim=None) Return True if the minion matches the given pillar target. e delimiter argument can be used to specify a diﬀerent delimiter. CLI Example:
 salt '*' match.pillar 'cheese:foo' salt '*' match.pillar 'clone_url|https://github.com/saltstack/salt.git' delimiter='|'
 delimiter Specify an alternate delimiter to use when traversing a nested dict New in version 2014.7.0. delim Specify an alternate delimiter to use when traversing a nested dict New in version 0.16.4. Deprecated since version 2014.7.0.
22.16.109 salt.modules.mdadm
Salt module to manage RAID arrays with mdadm salt.modules.mdadm.assemble(name, devices, test_mode=False, **kwargs) Assemble a RAID device. CLI Examples:
 salt '*' raid.assemble /dev/md0 ['/dev/xvdd', '/dev/xvde']
Note: Adding test_mode=True as an argument will print out the mdadm command that would have been run.
 name e name of the array to assemble. devices e list of devices comprising the array to assemble. kwargs Optional arguments to be passed to mdadm. returns test_mode=True: Prints out the full command. test_mode=False (Default): Executes command on the host(s) and prints out the mdadm output.
For more info, read the mdadm manpage.
674 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.mdadm.create(name, level, devices, metadata='default', test_mode=False, **kwargs) Create a RAID device. Changed in version 2014.7.0.
Warning: Use with CAUTION, as this function can be very destructive if not used properly!
CLI Examples:
 salt '*' raid.create /dev/md0 level=1 chunk=256 devices="['/dev/xvdd', '/dev/xvde']" test_mode=True
Note: Adding test_mode=True as an argument will print out the mdadm command that would have been run.
 name e name of the array to create. level e RAID level to use when creating the raid. devices A list of devices used to build the array. kwargs Optional arguments to be passed to mdadm. returns test_mode=True: Prints out the full command. test_mode=False (Default): Executes command on remote the host(s) and Prints out the mdadm output.
Note: It takes time to create a RAID array. You can check the progress in ``resync_status:'' ﬁeld of the results from the following command:
 salt '*' raid.detail /dev/md0
For more info, read the mdadm(8) manpage salt.modules.mdadm.destroy(device) Destroy a RAID device. WARNING is will zero the superblock of all members of the RAID array.. CLI Example:
 salt '*' raid.destroy /dev/md0 salt.modules.mdadm.detail(device='/dev/md0') Show detail for a speciﬁed RAID device CLI Example:
 salt '*' raid.detail '/dev/md0' salt.modules.mdadm.list_() List the RAID devices. CLI Example:
 salt '*' raid.list
22.16. Full list of builtin execution modules 675 Salt Documentation, Release 2014.7.6 salt.modules.mdadm.save_config() Save RAID conﬁguration to conﬁg ﬁle. Same as: mdadm --detail --scan >> /etc/mdadm/mdadm.conf Fixes this issue with Ubuntu REF: hp://askubuntu.com/questions/209702/why-is-my-raid-dev-md1-showing- up-as-dev-md126-is-mdadm-conf-being-ignored CLI Example:
 salt '*' raid.save_config
22.16.110 salt.modules.memcached
Module for Management of Memcached Keys
New in version 2014.1.0. salt.modules.memcached.add(key, value, host=`127.0.0.1', port=11211, time=0, min_compress_len=0) Add a key to the memcached server, but only if it does not exist. Returns False if the key already exists. CLI Example:
 salt '*' memcached.add   salt.modules.memcached.decrement(key, delta=1, host=`127.0.0.1', port=11211) Decrement the value of a key CLI Example: salt '*' memcached.decrement  salt '*' memcached.decrement  2 salt.modules.memcached.delete(key, host=`127.0.0.1', port=11211, time=0) Delete a key from memcache server CLI Example: salt '*' memcached.delete  salt.modules.memcached.get(key, host=`127.0.0.1', port=11211) Retrieve value for a key CLI Example: salt '*' memcached.get  salt.modules.memcached.increment(key, delta=1, host=`127.0.0.1', port=11211) Increment the value of a key CLI Example:
 salt '*' memcached.increment  salt '*' memcached.increment  2 salt.modules.memcached.replace(key, value, host=`127.0.0.1', port=11211, time=0, min_compress_len=0) Replace a key on the memcached server. is only succeeds if the key already exists. is is the opposite of memcached.add CLI Example:
676 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' memcached.replace   salt.modules.memcached.set_(key, value, host=`127.0.0.1', port=11211, time=0, min_compress_len=0) Set a key on the memcached server, overwriting the value if it exists. CLI Example:
 salt '*' memcached.set   salt.modules.memcached.status(host=`127.0.0.1', port=11211) Get memcached status CLI Example:
 salt '*' memcached.status
22.16.111 salt.modules.mine
e function cache system allows for data to be stored on the master so it can be easily read by other minions salt.modules.mine.delete(fun) Remove speciﬁc function contents of minion. Returns True on success. CLI Example:
 salt '*' mine.delete 'network.interfaces' salt.modules.mine.flush() Remove all mine contents of minion. Returns True on success. CLI Example:
 salt '*' mine.flush salt.modules.mine.get(tgt, fun, expr_form='glob') Get data from the mine based on the target, function and expr_form Targets can be matched based on any standard matching system that can be matched on the master via these keywords:
 glob pcre grain grain_pcre compound pillar
Note that all pillar matches, whether using the compound matching system or the pillar matching system, will be exact matches, with globbing disabled. CLI Example:
 salt '*' mine.get '*' network.interfaces salt '*' mine.get 'os:Fedora' network.interfaces grain salt '*' mine.get 'os:Fedora and [emailprotected]/24' network.ipaddrs compound salt.modules.mine.get_docker(interfaces=None, cidrs=None) Get all mine data for `docker.get_containers' and run an aggregation routine. e ``interfaces'' parameter allows for specifying which network interfaces to select ip addresses from. e ``cidrs'' parameter allows for specifying a list of cidrs which the ip address must match.
22.16. Full list of builtin execution modules 677 Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' mine.get_docker salt '*' mine.get_docker interfaces='eth0' salt '*' mine.get_docker interfaces='["eth0", "eth1"]' salt '*' mine.get_docker cidrs='107.170.147.0/24' salt '*' mine.get_docker cidrs='["107.170.147.0/24", "172.17.42.0/24"]' salt '*' mine.get_docker interfaces='["eth0", "eth1"]' cidrs='["107.170.147.0/24", "172.17.42.0/24"]' salt.modules.mine.send(func, *args, **kwargs) Send a speciﬁc function to the mine. CLI Example:
 salt '*' mine.send network.interfaces eth0 salt.modules.mine.update(clear=False) Execute the conﬁgured functions and send the data back up to the master e functions to be executed are merged from the master conﬁg, pillar and minion conﬁg under the option ``function_cache'':
 mine_functions: network.ip_addrs: - eth0 disk.usage: []
e function cache will be populated with information from executing these functions CLI Example:
 salt '*' mine.update
22.16.112 salt.modules.mod_random
New in version 2014.7.0. Provides access to randomness generators. salt.modules.mod_random.get_str(length=20) New in version 2014.7.0. Returns a random string of the speciﬁed length. length [20] Any valid number of bytes. CLI Example:
 salt '*' random.get_str 128 salt.modules.mod_random.hash(value, algorithm='sha512') New in version 2014.7.0. Encodes a value with the speciﬁed encoder. value e value to be hashed. algorithm [sha512] e algorithm to use. May be any valid algorithm supported by hashlib. CLI Example:
 salt '*' random.hash 'I am a string' md5
678 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.mod_random.shadow_hash(crypt_salt=None, password=None, algorithm='sha512') Generates a salted hash suitable for /etc/shadow. crypt_salt [None] Salt to be used in the generation of the hash. If one is not provided, a random salt will be generated. password [None] Value to be salted and hashed. If one is not provided, a random password will be generated. algorithm [sha512] Hash algorithm to use. CLI Example:
 salt '*' random.shadow_hash 'My5alT' 'MyP@asswd' md5 salt.modules.mod_random.str_encode(value, encoder='base64') New in version 2014.7.0. value e value to be encoded. encoder [base64] e encoder to use on the subsequent string. CLI Example:
 salt '*' random.str_encode 'I am a new string' base64
22.16.113 salt.modules.modjk
Control Modjk via the Apache Tomcat ``Status'' worker (hp://tomcat.apache.org/connectors- doc/reference/status.html) Below is an example of the conﬁguration needed for this module. is conﬁguration data can be placed either in grains or pillar. If using grains, this can be accomplished statically or via a grain module. If using pillar, the yaml conﬁguration can be placed directly into a pillar SLS ﬁle, making this both the easier and more dynamic method of conﬁguring this module. modjk: default: url: http://localhost/jkstatus user: modjk pass: secret realm: authentication realm for digest passwords timeout: 5 otherVhost: url: http://otherVhost/jkstatus user: modjk pass: secret2 realm: authentication realm2 for digest passwords timeout: 600 salt.modules.modjk.bulk_activate(workers, lbn, proﬁle='default') Activate all the given workers in the speciﬁc load balancer CLI Examples:
 salt '*' modjk.bulk_activate node1,node2,node3 loadbalancer1 salt '*' modjk.bulk_activate node1,node2,node3 loadbalancer1 other-profile
22.16. Full list of builtin execution modules 679 Salt Documentation, Release 2014.7.6
 salt '*' modjk.bulk_activate ["node1","node2","node3"] loadbalancer1 salt '*' modjk.bulk_activate ["node1","node2","node3"] loadbalancer1 other-profile salt.modules.modjk.bulk_disable(workers, lbn, proﬁle='default') Disable all the given workers in the speciﬁc load balancer CLI Examples:
 salt '*' modjk.bulk_disable node1,node2,node3 loadbalancer1 salt '*' modjk.bulk_disable node1,node2,node3 loadbalancer1 other-profile
 salt '*' modjk.bulk_disable ["node1","node2","node3"] loadbalancer1 salt '*' modjk.bulk_disable ["node1","node2","node3"] loadbalancer1 other-profile salt.modules.modjk.bulk_recover(workers, lbn, proﬁle='default') Recover all the given workers in the speciﬁc load balancer CLI Examples:
 salt '*' modjk.bulk_recover node1,node2,node3 loadbalancer1 salt '*' modjk.bulk_recover node1,node2,node3 loadbalancer1 other-profile
 salt '*' modjk.bulk_recover ["node1","node2","node3"] loadbalancer1 salt '*' modjk.bulk_recover ["node1","node2","node3"] loadbalancer1 other-profile salt.modules.modjk.bulk_stop(workers, lbn, proﬁle='default') Stop all the given workers in the speciﬁc load balancer CLI Examples:
 salt '*' modjk.bulk_stop node1,node2,node3 loadbalancer1 salt '*' modjk.bulk_stop node1,node2,node3 loadbalancer1 other-profile
 salt '*' modjk.bulk_stop ["node1","node2","node3"] loadbalancer1 salt '*' modjk.bulk_stop ["node1","node2","node3"] loadbalancer1 other-profile salt.modules.modjk.dump_config(proﬁle='default') Dump the original conﬁguration that was loaded from disk CLI Examples:
 salt '*' modjk.dump_config salt '*' modjk.dump_config other-profile salt.modules.modjk.get_running(proﬁle='default') Get the current running conﬁg (not from disk) CLI Examples:
 salt '*' modjk.get_running salt '*' modjk.get_running other-profile salt.modules.modjk.lb_edit(lbn, seings, proﬁle='default') Edit the loadbalancer seings Note: hp://tomcat.apache.org/connectors-doc/reference/status.html Data Parameters for the standard Up- date Action CLI Examples:
680 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' modjk.lb_edit loadbalancer1 "{'vlr': 1, 'vlt': 60}" salt '*' modjk.lb_edit loadbalancer1 "{'vlr': 1, 'vlt': 60}" other-profile salt.modules.modjk.list_configured_members(lbn, proﬁle='default') Return a list of member workers from the conﬁguration ﬁles CLI Examples:
 salt '*' modjk.list_configured_members loadbalancer1 salt '*' modjk.list_configured_members loadbalancer1 other-profile salt.modules.modjk.recover_all(lbn, proﬁle='default') Set the all the workers in lbn to recover and activate them if they are not CLI Examples:
 salt '*' modjk.recover_all loadbalancer1 salt '*' modjk.recover_all loadbalancer1 other-profile salt.modules.modjk.reset_stats(lbn, proﬁle='default') Reset all runtime statistics for the load balancer CLI Examples:
 salt '*' modjk.reset_stats loadbalancer1 salt '*' modjk.reset_stats loadbalancer1 other-profile salt.modules.modjk.version(proﬁle='default') Return the modjk version CLI Examples:
 salt '*' modjk.version salt '*' modjk.version other-profile salt.modules.modjk.worker_activate(worker, lbn, proﬁle='default') Set the worker to activate state in the lbn load balancer CLI Examples:
 salt '*' modjk.worker_activate node1 loadbalancer1 salt '*' modjk.worker_activate node1 loadbalancer1 other-profile salt.modules.modjk.worker_disable(worker, lbn, proﬁle='default') Set the worker to disable state in the lbn load balancer CLI Examples:
 salt '*' modjk.worker_disable node1 loadbalancer1 salt '*' modjk.worker_disable node1 loadbalancer1 other-profile salt.modules.modjk.worker_edit(worker, lbn, seings, proﬁle='default') Edit the worker seings Note: hp://tomcat.apache.org/connectors-doc/reference/status.html Data Parameters for the standard Up- date Action CLI Examples:
 salt '*' modjk.worker_edit node1 loadbalancer1 "{'vwf': 500, 'vwd': 60}" salt '*' modjk.worker_edit node1 loadbalancer1 "{'vwf': 500, 'vwd': 60}" other-profile
22.16. Full list of builtin execution modules 681 Salt Documentation, Release 2014.7.6 salt.modules.modjk.worker_recover(worker, lbn, proﬁle='default') Set the worker to recover this module will fail if it is in OK state CLI Examples:
 salt '*' modjk.worker_recover node1 loadbalancer1 salt '*' modjk.worker_recover node1 loadbalancer1 other-profile salt.modules.modjk.worker_status(worker, proﬁle='default') Return the state of the worker CLI Examples:
 salt '*' modjk.worker_status node1 salt '*' modjk.worker_status node1 other-profile salt.modules.modjk.worker_stop(worker, lbn, proﬁle='default') Set the worker to stopped state in the lbn load balancer CLI Examples:
 salt '*' modjk.worker_activate node1 loadbalancer1 salt '*' modjk.worker_activate node1 loadbalancer1 other-profile salt.modules.modjk.workers(proﬁle='default') Return a list of member workers and their status CLI Examples:
 salt '*' modjk.workers salt '*' modjk.workers other-profile
22.16.114 salt.modules.mongodb
Module to provide MongoDB functionality to Salt conﬁguration is module uses PyMongo, and accepts conﬁguration details as parameters as well as conﬁguration seings:
 mongodb.host: 'localhost' mongodb.port: 27017 mongodb.user: '' mongodb.password: ''
is data can also be passed into pillar. Options passed into opts will overwrite options passed into pillar. salt.modules.mongodb.db_exists(name, user=None, password=None, host=None, port=None) Checks if a database exists in Mongodb CLI Example:
 salt '*' mongodb.db_exists      salt.modules.mongodb.db_list(user=None, password=None, host=None, port=None) List all Mongodb databases CLI Example:
682 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' mongodb.db_list     salt.modules.mongodb.db_remove(name, user=None, password=None, host=None, port=None) Remove a Mongodb database CLI Example:
 salt '*' mongodb.db_remove      salt.modules.mongodb.user_create(name, passwd, user=None, password=None, host=None, port=None, database='admin') Create a Mongodb user CLI Example:
 salt '*' mongodb.user_create       salt.modules.mongodb.user_exists(name, user=None, password=None, host=None, port=None, database='admin') Checks if a user exists in Mongodb CLI Example:
 salt '*' mongodb.user_exists       salt.modules.mongodb.user_list(user=None, password=None, host=None, port=None, database='admin') List users of a Mongodb database CLI Example:
 salt '*' mongodb.user_list      salt.modules.mongodb.user_remove(name, user=None, password=None, host=None, port=None, database='admin') Remove a Mongodb user CLI Example:
 salt '*' mongodb.user_remove      
22.16.115 salt.modules.monit
Monit service module. is module will create a monit type service watcher. salt.modules.monit.monitor(name) monitor service via monit CLI Example:
 salt '*' monit.monitor  salt.modules.monit.restart(name) Restart service via monit CLI Example:
 salt '*' monit.restart  salt.modules.monit.start(name) CLI Example:
22.16. Full list of builtin execution modules 683 Salt Documentation, Release 2014.7.6
 salt '*' monit.start  salt.modules.monit.stop(name) Stops service via monit CLI Example:
 salt '*' monit.stop  salt.modules.monit.summary(svc_name='`) Display a summary from monit CLI Example:
 salt '*' monit.summary salt '*' monit.summary  salt.modules.monit.unmonitor(name) Unmonitor service via monit CLI Example:
 salt '*' monit.unmonitor 
22.16.116 salt.modules.moosefs
Module for gathering and managing information about MooseFS salt.modules.moosefs.dirinfo(path, opts=None) Return information on a directory located on the Moose CLI Example:
 salt '*' moosefs.dirinfo /path/to/dir/ [-[n][h|H]] salt.modules.moosefs.fileinfo(path) Return information on a ﬁle located on the Moose CLI Example:
 salt '*' moosefs.fileinfo /path/to/dir/ salt.modules.moosefs.getgoal(path, opts=None) Return goal(s) for a ﬁle or directory CLI Example:
 salt '*' moosefs.getgoal /path/to/file [-[n][h|H]] salt '*' moosefs.getgoal /path/to/dir/ [-[n][h|H][r]] salt.modules.moosefs.mounts() Return a list of current MooseFS mounts CLI Example:
 salt '*' moosefs.mounts
684 Chapter 22. Reference Salt Documentation, Release 2014.7.6
22.16.117 salt.modules.mount
Salt module to manage unix mounts and the fstab ﬁle salt.modules.mount.active(extended=False) List the active mounts. CLI Example:
 salt '*' mount.active salt.modules.mount.fstab(conﬁg='/etc/fstab') List the contents of the fstab CLI Example:
 salt '*' mount.fstab salt.modules.mount.is_fuse_exec(cmd) Returns true if the command passed is a fuse mountable application. CLI Example:
 salt '*' mount.is_fuse_exec sshfs salt.modules.mount.is_mounted(name) New in version 2014.7.0. Provide information if the path is mounted CLI Example:
 salt '*' mount.is_mounted /mnt/share salt.modules.mount.mount(name, device, mkmnt=False, fstype='`, opts='defaults') Mount a device CLI Example:
 salt '*' mount.mount /mnt/foo /dev/sdz1 True salt.modules.mount.remount(name, device, mkmnt=False, fstype='`, opts='defaults') Aempt to remount a device, if the device is not already mounted, mount is called CLI Example:
 salt '*' mount.remount /mnt/foo /dev/sdz1 True salt.modules.mount.rm_fstab(name, conﬁg='/etc/fstab') Remove the mount point from the fstab CLI Example:
 salt '*' mount.rm_fstab /mnt/foo salt.modules.mount.set_fstab(name, device, fstype, opts='defaults', dump=0, pass_num=0, con- ﬁg='/etc/fstab', test=False, **kwargs) Verify that this mount is represented in the fstab, change the mount to match the data passed, or add the mount if it is not present. CLI Example:
22.16. Full list of builtin execution modules 685 Salt Documentation, Release 2014.7.6
 salt '*' mount.set_fstab /mnt/foo /dev/sdz1 ext4 salt.modules.mount.swapoff(name) Deactivate a named swap mount CLI Example:
 salt '*' mount.swapoff /root/swapfile salt.modules.mount.swapon(name, priority=None) Activate a swap disk CLI Example:
 salt '*' mount.swapon /root/swapfile salt.modules.mount.swaps() Return a dict containing information on active swap CLI Example:
 salt '*' mount.swaps salt.modules.mount.umount(name) Aempt to unmount a device by specifying the directory it is mounted on CLI Example:
 salt '*' mount.umount /mnt/foo
22.16.118 salt.modules.munin
Run munin plugins/checks from salt and format the output as data. salt.modules.munin.list_plugins() List all the munin plugins CLI Example:
 salt '*' munin.list_plugins salt.modules.munin.run(plugins) Run one or more named munin plugins CLI Example:
 salt '*' munin.run uptime salt '*' munin.run uptime,cpu,load,memory salt.modules.munin.run_all() Run all the munin plugins CLI Example:
 salt '*' munin.run_all
686 Chapter 22. Reference Salt Documentation, Release 2014.7.6
22.16.119 salt.modules.mysql
Module to provide MySQL compatibility to salt. depends • MySQLdb Python module
Note: On CentOS 5 (and possibly RHEL 5) both MySQL-python and python26-mysqldb need to be installed.
 conﬁguration In order to connect to MySQL, certain conﬁguration is required in /etc/salt/minion on the relevant minions. Some sample conﬁgs might look like:
 mysql.host: 'localhost' mysql.port: 3306 mysql.user: 'root' mysql.pass: '' mysql.db: 'mysql' mysql.unix_socket: '/tmp/mysql.sock' mysql.charset: 'utf8'
You can also use a defaults ﬁle:
 mysql.default_file: '/etc/mysql/debian.cnf'
Changed in version 2014.1.0: charset connection argument added. is is a MySQL charset, not a python one Changed in version 0.16.2: Connection arguments from the minion conﬁg ﬁle can be overridden on the CLI by using the arguments deﬁned here. Additionally, it is now possible to setup a user with no password. salt.modules.mysql.db_check(name, table=None, **connection_args) Repairs the full database or just a given table CLI Example:
 salt '*' mysql.db_check dbname salt '*' mysql.db_check dbname dbtable salt.modules.mysql.db_create(name, character_set=None, collate=None, **connection_args) Adds a databases to the MySQL server. name e name of the database to manage aracter_set e character set, if le empty the MySQL default will be used collate e collation, if le empty the MySQL default will be used CLI Example:
 salt '*' mysql.db_create 'dbname' salt '*' mysql.db_create 'dbname' 'utf8' 'utf8_general_ci' salt.modules.mysql.db_exists(name, **connection_args) Checks if a database exists on the MySQL server. CLI Example:
 salt '*' mysql.db_exists 'dbname' salt.modules.mysql.db_list(**connection_args) Return a list of databases of a MySQL server using the output from the SHOW DATABASES query.
22.16. Full list of builtin execution modules 687 Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' mysql.db_list salt.modules.mysql.db_optimize(name, table=None, **connection_args) Optimizes the full database or just a given table CLI Example:
 salt '*' mysql.db_optimize dbname salt.modules.mysql.db_remove(name, **connection_args) Removes a databases from the MySQL server. CLI Example:
 salt '*' mysql.db_remove 'dbname' salt.modules.mysql.db_repair(name, table=None, **connection_args) Repairs the full database or just a given table CLI Example:
 salt '*' mysql.db_repair dbname salt.modules.mysql.db_tables(name, **connection_args) Shows the tables in the given MySQL database (if exists) CLI Example:
 salt '*' mysql.db_tables 'database' salt.modules.mysql.free_slave(**connection_args) Frees a slave from its master. is is a WIP, do not use. CLI Example:
 salt '*' mysql.free_slave salt.modules.mysql.get_master_status(**connection_args) Retrieves the master status from the minion. Returns: {`host.domain.com': {`Binlog_Do_DB': `', `Binlog_Ignore_DB': `', `File': `mysql-bin.000021', `Position': 107}} CLI Example:
 salt '*' mysql.get_master_status salt.modules.mysql.get_slave_status(**connection_args) Retrieves the slave status from the minion. Returns:
{'host.domain.com':{'Connect_Retry': 60, 'Exec_Master_Log_Pos': 107, 'Last_Errno': 0, 'Last_Error': '', 'Last_IO_Errno': 0, 'Last_IO_Error': '', 'Last_SQL_Errno': 0,
688 Chapter 22. Reference Salt Documentation, Release 2014.7.6
'Last_SQL_Error': '', 'Master_Host': 'comet.scion-eng.com', 'Master_Log_File': 'mysql-bin.000021', 'Master_Port': 3306, 'Master_SSL_Allowed': 'No', 'Master_SSL_CA_File': '', 'Master_SSL_CA_Path': '', 'Master_SSL_Cert': '', 'Master_SSL_Cipher': '', 'Master_SSL_Key': '', 'Master_SSL_Verify_Server_Cert': 'No', 'Master_Server_Id': 1, 'Master_User': 'replu', 'Read_Master_Log_Pos': 107, 'Relay_Log_File': 'klo-relay-bin.000071', 'Relay_Log_Pos': 253, 'Relay_Log_Space': 553, 'Relay_Master_Log_File': 'mysql-bin.000021', 'Replicate_Do_DB': '', 'Replicate_Do_Table': '', 'Replicate_Ignore_DB': '', 'Replicate_Ignore_Server_Ids': '', 'Replicate_Ignore_Table': '', 'Replicate_Wild_Do_Table': '', 'Replicate_Wild_Ignore_Table': '', 'Seconds_Behind_Master': 0, 'Skip_Counter': 0, 'Slave_IO_Running': 'Yes', 'Slave_IO_State': 'Waiting for master to send event', 'Slave_SQL_Running': 'Yes', 'Until_Condition': 'None', 'Until_Log_File': '', 'Until_Log_Pos': 0}}
CLI Example:
 salt '*' mysql.get_slave_status salt.modules.mysql.grant_add(grant, database, user, host='localhost', grant_option=False, es- cape=True, ssl_option=False, **connection_args) Adds a grant to the MySQL server. For database, make sure you specify database.table or database.* CLI Example:
 salt '*' mysql.grant_add 'SELECT,INSERT,UPDATE,...' 'database.*' 'frank' 'localhost' salt.modules.mysql.grant_exists(grant, database, user, host='localhost', grant_option=False, es- cape=True, **connection_args) Checks to see if a grant exists in the database CLI Example:
 salt '*' mysql.grant_exists 'SELECT,INSERT,UPDATE,...' 'database.*' 'frank' 'localhost' salt.modules.mysql.grant_revoke(grant, database, user, host='localhost', grant_option=False, es- cape=True, **connection_args) Removes a grant from the MySQL server.
22.16. Full list of builtin execution modules 689 Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' mysql.grant_revoke 'SELECT,INSERT,UPDATE' 'database.*' 'frank' 'localhost' salt.modules.mysql.processlist(**connection_args) Retrieves the processlist from the MySQL server via ``SHOW FULL PROCESSLIST''. Returns: a list of dicts, with ea dict representing a process: {`Command': `ery', `Host': `localhost', `Id': 39, `Info': `SHOW FULL PROCESSLIST', `Rows_examined': 0, `Rows_read': 1, `Rows_sent': 0, `State': None, `Time': 0, `User': `root', `db': `mysql'} CLI Example:
 salt '*' mysql.processlist salt.modules.mysql.query(database, query, **connection_args) Run an arbitrary SQL query and return the results or the number of aﬀected rows. CLI Example:
 salt '*' mysql.query mydb "UPDATE mytable set myfield=1 limit 1"
Return data:
{'query time':{'human': '39.0ms', 'raw': '0.03899'}, 'rows affected': 1L}
CLI Example:
 salt '*' mysql.query mydb "SELECT id,name,cash from users limit 3"
Return data:
{'columns':('id', 'name', 'cash'), 'query time':{'human': '1.0ms', 'raw': '0.001'}, 'results': ((1L, 'User 1', Decimal('110.000000')), (2L, 'User 2', Decimal('215.636756')), (3L, 'User 3', Decimal('0.040000'))), 'rows returned': 3L}
CLI Example:
 salt '*' mysql.query mydb 'INSERT into users values (null,"user 4", 5)'
Return data:
{'query time':{'human': '25.6ms', 'raw': '0.02563'}, 'rows affected': 1L}
CLI Example:
 salt '*' mysql.query mydb 'DELETE from users where id = 4 limit 1'
Return data:
{'query time':{'human': '39.0ms', 'raw': '0.03899'}, 'rows affected': 1L}
Jinja Example: Run a query on mydb and use row 0, column 0's data.
{{ salt['mysql.query']('mydb', 'SELECT info from mytable limit 1')['results'][0][0] }}
690 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.mysql.quote_identifier(identiﬁer, for_grants=False) Return an identiﬁer name (column, table, database, etc) escaped for MySQL is means surrounded by ```'' character and escaping this character inside. It also means doubling the `%' character for MySQLdb internal usage. Parameters • identifier -- the table, column or database identiﬁer • for_grants -- is False by default, when using database names on grant queries you should set it to True to also escape ``_'' and ``%'' characters as requested by MySQL. Note that theses characters should only be escaped when requesting grants on the database level (my_%db.*) but not for table level grants (my_%db.`foo`) CLI Example:
 salt '*' mysql.quote_identifier 'foo`bar' salt.modules.mysql.showglobal(**connection_args) Retrieves the show global variables from the minion. Returns:: show global variables full dict CLI Example:
 salt '*' mysql.showglobal salt.modules.mysql.showvariables(**connection_args) Retrieves the show variables from the minion. Returns:: show variables full dict CLI Example:
 salt '*' mysql.showvariables salt.modules.mysql.slave_lag(**connection_args) Return the number of seconds that a slave SQL server is lagging behind the master, if the host is not a slave it will return -1. If the server is conﬁgured to be a slave for replication but slave IO is not running then -2 will be returned. If there was an error connecting to the database or checking the slave status, -3 will be returned. CLI Example:
 salt '*' mysql.slave_lag salt.modules.mysql.status(**connection_args) Return the status of a MySQL server using the output from the SHOW STATUS query. CLI Example:
 salt '*' mysql.status salt.modules.mysql.tokenize_grant(grant) External wrapper function :param grant: :return: dict CLI Example:
 salt '*' mysql.tokenize_grant "GRANT SELECT, INSERT ON testdb.* TO 'testuser'@'localhost'" salt.modules.mysql.user_chpass(user, host='localhost', password=None, password_hash=None, al- low_passwordless=False, unix_socket=None, **connection_args) Change password for a MySQL user
22.16. Full list of builtin execution modules 691 Salt Documentation, Release 2014.7.6
 host Host for which this user/password combo applies password e password to set for the new user. Will take precedence over the password_hash option if both are speciﬁed. password_hash e password in hashed form. Be sure to quote the password because YAML doesn't like the *. A password hash can be obtained from the mysql command-line client like so:
 mysql> SELECT PASSWORD('mypass'); +------+ | PASSWORD('mypass') | +------+ | *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4 | +------+ 1 row in set (0.00 sec)
 allow_passwordless If True, then password and password_hash can be omied (or set to None) to permit a passwordless login. New in version 0.16.2: e allow_passwordless option was added. CLI Examples:
 salt '*' mysql.user_chpass frank localhost newpassword salt '*' mysql.user_chpass frank localhost password_hash='hash' salt '*' mysql.user_chpass frank localhost allow_passwordless=True salt.modules.mysql.user_create(user, host='localhost', password=None, password_hash=None, al- low_passwordless=False, unix_socket=False, **connection_args) Creates a MySQL user host Host for which this user/password combo applies password e password to use for the new user. Will take precedence over the password_hash option if both are speciﬁed. password_hash e password in hashed form. Be sure to quote the password because YAML doesn't like the *. A password hash can be obtained from the mysql command-line client like so:
 mysql> SELECT PASSWORD('mypass'); +------+ | PASSWORD('mypass') | +------+ | *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4 | +------+ 1 row in set (0.00 sec)
 allow_passwordless If True, then password and password_hash can be omied (or set to None) to permit a passwordless login. unix_soet If True and allow_passwordless is True then will be used unix_socket auth plugin. New in version 0.16.2: e allow_passwordless option was added. CLI Examples:
 salt '*' mysql.user_create 'username' 'hostname' 'password' salt '*' mysql.user_create 'username' 'hostname' password_hash='hash' salt '*' mysql.user_create 'username' 'hostname' allow_passwordless=True salt.modules.mysql.user_exists(user, host='localhost', password=None, password_hash=None, passwordless=False, unix_socket=False, **connection_args) Checks if a user exists on the MySQL server. A login can be checked to see if passwordless login is permied
692 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 by omiing password and password_hash, and using passwordless=True. New in version 0.16.2: e passwordless option was added. CLI Example:
 salt '*' mysql.user_exists 'username' 'hostname' 'password' salt '*' mysql.user_exists 'username' 'hostname' password_hash='hash' salt '*' mysql.user_exists 'username' passwordless=True salt.modules.mysql.user_grants(user, host='localhost', **connection_args) Shows the grants for the given MySQL user (if it exists) CLI Example:
 salt '*' mysql.user_grants 'frank' 'localhost' salt.modules.mysql.user_info(user, host='localhost', **connection_args) Get full info on a MySQL user CLI Example:
 salt '*' mysql.user_info root localhost salt.modules.mysql.user_list(**connection_args) Return a list of users on a MySQL server CLI Example:
 salt '*' mysql.user_list salt.modules.mysql.user_remove(user, host='localhost', **connection_args) Delete MySQL user CLI Example:
 salt '*' mysql.user_remove frank localhost salt.modules.mysql.version(**connection_args) Return the version of a MySQL server using the output from the SELECT VERSION() query. CLI Example:
 salt '*' mysql.version
22.16.120 salt.modules.nagios
Run nagios plugins/checks from salt and get the return as data. salt.modules.nagios.list_plugins() List all the nagios plugins CLI Example:
 salt '*' nagios.list_plugins salt.modules.nagios.retcode(plugin, args='`, key_name=None) Run one nagios plugin and return retcode of the execution CLI Example:
22.16. Full list of builtin execution modules 693 Salt Documentation, Release 2014.7.6
 salt '*' nagios.run check_apt salt '*' nagios.run check_icmp '8.8.8.8' salt.modules.nagios.retcode_pillar(pillar_name) Run one or more nagios plugins from pillar data and get the result of cmd.retcode e pillar have to be in this format: ------webserver: Ping_google: - check_icmp:8.8.8.8 - check_icmp:google.com Load: - check_load:-w 0.8 -c 1 APT: - check_apt ------
 webserver is the role to check, the next keys are the group and the items the check with the arguments if needed You must to group diﬀerent checks(one o more) and always it will return the highest value of all the checks CLI Example:
 salt '*' nagios.retcode webserver salt.modules.nagios.run(plugin, args='`) Run nagios plugin and return all the data execution with cmd.run salt.modules.nagios.run_all(plugin, args='`) Run nagios plugin and return all the data execution with cmd.run_all salt.modules.nagios.run_all_pillar(pillar_name) Run one or more nagios plugins from pillar data and get the result of cmd.run_all e pillar have to be in this format: ------webserver: Ping_google: - check_icmp:8.8.8.8 - check_icmp:google.com Load: - check_load:-w 0.8 -c 1 APT: - check_apt ------
 webserver is the role to check, the next keys are the group and the items the check with the arguments if needed You have to group diﬀerent checks in a group CLI Example:
 salt '*' nagios.run webserver salt.modules.nagios.run_pillar(pillar_name) Run one or more nagios plugins from pillar data and get the result of cmd.run e pillar have to be in this format:
694 Chapter 22. Reference Salt Documentation, Release 2014.7.6
------webserver: Ping_google: - check_icmp:8.8.8.8 - check_icmp:google.com Load: - check_load:-w 0.8 -c 1 APT: - check_apt ------
 webserver is the role to check, the next keys are the group and the items the check with the arguments if needed You have to group diﬀerent checks in a group CLI Example:
 salt '*' nagios.run webserver
22.16.121 salt.modules.netbsd_sysctl
Module for viewing and modifying sysctl parameters salt.modules.netbsd_sysctl.assign(name, value) Assign a single sysctl parameter for this minion CLI Example:
 salt '*' sysctl.assign net.inet.icmp.icmplim 50 salt.modules.netbsd_sysctl.get(name) Return a single sysctl parameter for this minion CLI Example:
 salt '*' sysctl.get hw.physmem salt.modules.netbsd_sysctl.persist(name, value, conﬁg='/etc/sysctl.conf') Assign and persist a simple sysctl parameter for this minion CLI Example:
 salt '*' sysctl.persist net.inet.icmp.icmplim 50 salt.modules.netbsd_sysctl.show(conﬁg_ﬁle=False) Return a list of sysctl parameters for this minion CLI Example:
 salt '*' sysctl.show
22.16.122 salt.modules.netbsdservice
e service module for NetBSD salt.modules.netbsdservice.available(name) Returns True if the speciﬁed service is available, otherwise returns False.
22.16. Full list of builtin execution modules 695 Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' service.available sshd salt.modules.netbsdservice.disable(name, **kwargs) Disable the named service to start at boot CLI Example:
 salt '*' service.disable  salt.modules.netbsdservice.disabled(name) Return True if the named service is enabled, false otherwise CLI Example:
 salt '*' service.disabled  salt.modules.netbsdservice.enable(name, **kwargs) Enable the named service to start at boot CLI Example:
 salt '*' service.enable  salt.modules.netbsdservice.enabled(name) Return True if the named service is enabled, false otherwise CLI Example:
 salt '*' service.enabled  salt.modules.netbsdservice.force_reload(name) Force-reload the named service CLI Example:
 salt '*' service.force_reload  salt.modules.netbsdservice.get_all() Return all available boot services CLI Example:
 salt '*' service.get_all salt.modules.netbsdservice.get_disabled() Return a set of services that are installed but disabled CLI Example:
 salt '*' service.get_disabled salt.modules.netbsdservice.get_enabled() Return a list of service that are enabled on boot CLI Example:
 salt '*' service.get_enabled salt.modules.netbsdservice.missing(name) e inverse of service.available. Returns True if the speciﬁed service is not available, otherwise returns False.
696 Chapter 22. Reference Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' service.missing sshd salt.modules.netbsdservice.reload_(name) Reload the named service CLI Example:
 salt '*' service.reload  salt.modules.netbsdservice.restart(name) Restart the named service CLI Example:
 salt '*' service.restart  salt.modules.netbsdservice.start(name) Start the speciﬁed service CLI Example:
 salt '*' service.start  salt.modules.netbsdservice.status(name, sig=None) Return the status for a service, returns a bool whether the service is running. CLI Example:
 salt '*' service.status  salt.modules.netbsdservice.stop(name) Stop the speciﬁed service CLI Example:
 salt '*' service.stop 
22.16.123 salt.modules.network
Module for gathering and managing network information salt.modules.network.active_tcp() Return a dict containing information on all of the running TCP connections CLI Example:
 salt '*' network.active_tcp salt.modules.network.arp() Return the arp table from the minion CLI Example:
 salt '*' network.arp salt.modules.network.connect(host, port=None, **kwargs) Test connectivity to a host using a particular port from the minion. New in version 2014.7.
22.16. Full list of builtin execution modules 697 Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' network.connect archlinux.org 80
 salt '*' network.connect archlinux.org 80 timeout=3
 salt '*' network.connect archlinux.org 80 timeout=3 family=ipv4
 salt '*' network.connect google-public-dns-a.google.com port=53 proto=udp timeout=3 salt.modules.network.dig(host) Performs a DNS lookup with dig CLI Example:
 salt '*' network.dig archlinux.org salt.modules.network.get_hostname() Get hostname CLI Example:
 salt '*' network.get_hostname salt.modules.network.hw_addr(iface) Return the hardware address (a.k.a. MAC address) for a given interface CLI Example:
 salt '*' network.hw_addr eth0 salt.modules.network.hwaddr(iface) Return the hardware address (a.k.a. MAC address) for a given interface CLI Example:
 salt '*' network.hw_addr eth0 salt.modules.network.in_subnet(cidr) Returns True if host is within speciﬁed subnet, otherwise False. CLI Example:
 salt '*' network.in_subnet 10.0.0.0/16 salt.modules.network.interface(iface) Return the inet address for a given interface New in version 2014.7. CLI Example:
 salt '*' network.interface eth0 salt.modules.network.interface_ip(iface) Return the inet address for a given interface New in version 2014.7. CLI Example:
 salt '*' network.interface_ip eth0
698 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.network.interfaces() Return a dictionary of information about all the interfaces on the minion CLI Example: salt '*' network.interfaces salt.modules.network.ip_addrs(interface=None, include_loopback=False, cidr=None) Returns a list of IPv4 addresses assigned to the host. 127.0.0.1 is ignored, unless `include_loopback=True' is indicated. If `interface' is provided, then only IP addresses from that interface will be returned. Providing a CIDR via `cidr=''10.0.0.0/8''' will return only the addresses which are within that subnet. CLI Example: salt '*' network.ip_addrs salt.modules.network.ip_addrs6(interface=None, include_loopback=False) Returns a list of IPv6 addresses assigned to the host. ::1 is ignored, unless `include_loopback=True' is indicated. If `interface' is provided, then only IP addresses from that interface will be returned. CLI Example: salt '*' network.ip_addrs6 salt.modules.network.ipaddrs(interface=None, include_loopback=False, cidr=None) Returns a list of IPv4 addresses assigned to the host. 127.0.0.1 is ignored, unless `include_loopback=True' is indicated. If `interface' is provided, then only IP addresses from that interface will be returned. Providing a CIDR via `cidr=''10.0.0.0/8''' will return only the addresses which are within that subnet. CLI Example: salt '*' network.ip_addrs salt.modules.network.ipaddrs6(interface=None, include_loopback=False) Returns a list of IPv6 addresses assigned to the host. ::1 is ignored, unless `include_loopback=True' is indicated. If `interface' is provided, then only IP addresses from that interface will be returned. CLI Example: salt '*' network.ip_addrs6 salt.modules.network.is_loopback(ip_addr) Check if the given IP address is a loopback address New in version 2014.7.0. CLI Example: salt '*' network.is_loopback 127.0.0.1 salt.modules.network.is_private(ip_addr) Check if the given IP address is a private address New in version 2014.7.0. CLI Example: salt '*' network.is_private 10.0.0.3 salt.modules.network.mod_hostname(hostname) Modify hostname CLI Example:
22.16. Full list of builtin execution modules 699 Salt Documentation, Release 2014.7.6
 salt '*' network.mod_hostname master.saltstack.com salt.modules.network.netstat() Return information on open ports and states
Note: On BSD minions, the output contains PID info (where available) for each netstat entry, fetched from sockstat/fstat output.
Changed in version 2014.1.4: Added support for OpenBSD, FreeBSD, and NetBSD CLI Example:
 salt '*' network.netstat salt.modules.network.ping(host) Performs a ping to a host CLI Example:
 salt '*' network.ping archlinux.org salt.modules.network.subnets() Returns a list of subnets to which the host belongs CLI Example:
 salt '*' network.subnets salt.modules.network.traceroute(host) Performs a traceroute to a 3rd party host CLI Example:
 salt '*' network.traceroute archlinux.org
22.16.124 salt.modules.nfs3
Module for managing NFS version 3. salt.modules.nfs3.del_export(exports='/etc/exports', path=None) Remove an export CLI Example:
 salt '*' nfs.del_export /media/storage salt.modules.nfs3.list_exports(exports='/etc/exports') List conﬁgured exports CLI Example:
 salt '*' nfs.list_exports
22.16.125 salt.modules.nables
Support for nables
700 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.nftables.append(table='ﬁlter', chain=None, rule=None, family='ipv4') Append a rule to the speciﬁed table & chain. is function accepts a rule in a standard nables command format, starting with the chain. Trying to force users to adapt to a new method of creating rules would be irritating at best, and we already have a parser that can handle it. CLI Example:
 salt '*' nftables.append filter input \ rule='input tcp dport 22 log accept'
IPv6: salt '*' nftables.append filter input \ rule='input tcp dport 22 log accept' \ family=ipv6 salt.modules.nftables.build_rule(table=None, chain=None, command=None, position='`, full=None, family='ipv4', **kwargs) Build a well-formaed nables rule based on kwargs. A table and chain are not required, unless full is True. If full is True, then table, chain and command are required. command may be speciﬁed as either insert, append, or delete. is will return the nables command, exactly as it would be used from the command line. If a position is required (as with insert or delete), it may be speciﬁed as position. is will only be useful if full is True. If connstate is passed in, it will automatically be changed to state. CLI Examples:
 salt '*' nftables.build_rule match=state \ connstate=RELATED,ESTABLISHED jump=ACCEPT salt '*' nftables.build_rule filter input command=insert position=3 \ full=True match=state state=related,established jump=accept
IPv6: salt '*' nftables.build_rule match=state \ connstate=related,established jump=accept \ family=ipv6 salt '*' nftables.build_rule filter input command=insert position=3 \ full=True match=state state=related,established jump=accept \ family=ipv6 salt.modules.nftables.check(table='ﬁlter', chain=None, rule=None, family='ipv4') Check for the existence of a rule in the table and chain is function accepts a rule in a standard nables command format, starting with the chain. Trying to force users to adapt to a new method of creating rules would be irritating at best, and we already have a parser that can handle it. CLI Example:
 salt '*' nftables.check filter input \ rule='input tcp dport 22 log accept'
IPv6: salt '*' nftables.check filter input \ rule='input tcp dport 22 log accept' \ family=ipv6
22.16. Full list of builtin execution modules 701 Salt Documentation, Release 2014.7.6 salt.modules.nftables.check_chain(table='ﬁlter', chain=None, family='ipv4') New in version 2014.7.0. Check for the existence of a chain in the table CLI Example:
 salt '*' nftables.check_chain filter input
IPv6: salt '*' nftables.check_chain filter input family=ipv6 salt.modules.nftables.check_table(table=None, family='ipv4') Check for the existence of a table CLI Example:
 salt '*' nftables.check_table nat salt.modules.nftables.delete(table, chain=None, position=None, rule=None, family='ipv4') Delete a rule from the speciﬁed table & ain, specifying either the rule in its entirety, or the rule's posi- tion in the chain. is function accepts a rule in a standard nables command format, starting with the chain. Trying to force users to adapt to a new method of creating rules would be irritating at best, and we already have a parser that can handle it. CLI Examples:
 salt '*' nftables.delete filter input position=3
 salt '*' nftables.delete filter input \ rule='input tcp dport 22 log accept'
IPv6: salt '*' nftables.delete filter input position=3 family=ipv6
 salt '*' nftables.delete filter input \ rule='input tcp dport 22 log accept' \ family=ipv6 salt.modules.nftables.delete_chain(table='ﬁlter', chain=None, family='ipv4') New in version 2014.7.0. Delete the chain from the speciﬁed table. CLI Example:
 salt '*' nftables.delete_chain filter input
 salt '*' nftables.delete_chain filter foo
IPv6: salt '*' nftables.delete_chain filter input family=ipv6
 salt '*' nftables.delete_chain filter foo family=ipv6 salt.modules.nftables.delete_table(table, family='ipv4') New in version 2014.7.0. Create new custom table.
702 Chapter 22. Reference Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' nftables.delete_table filter
IPv6: salt '*' nftables.delete_table filter family=ipv6 salt.modules.nftables.flush(table='ﬁlter', chain='`, family='ipv4') Flush the chain in the speciﬁed table, ﬂush all chains in the speciﬁed table if chain is not speciﬁed. CLI Example:
 salt '*' nftables.flush filter
 salt '*' nftables.flush filter input
IPv6: salt '*' nftables.flush filter input family=ipv6 salt.modules.nftables.get_rule_handle(table='ﬁlter', chain=None, rule=None, family='ipv4') Get the handle for a particular rule is function accepts a rule in a standard nables command format, starting with the chain. Trying to force users to adapt to a new method of creating rules would be irritating at best, and we already have a parser that can handle it. CLI Example:
 salt '*' nftables.get_rule_handle filter input \ rule='input tcp dport 22 log accept'
IPv6: salt '*' nftables.get_rule_handle filter input \ rule='input tcp dport 22 log accept' \ family=ipv6 salt.modules.nftables.get_rules(family='ipv4') Return a data structure of the current, in-memory rules CLI Example:
 salt '*' nftables.get_rules
 salt '*' nftables.get_rules family=ipv6 salt.modules.nftables.get_saved_rules(conf_ﬁle=None, family='ipv4') Return a data structure of the rules in the conf ﬁle CLI Example:
 salt '*' nftables.get_saved_rules salt.modules.nftables.insert(table='ﬁlter', chain=None, position=None, rule=None, family='ipv4') Insert a rule into the speciﬁed table & chain, at the speciﬁed position. If position is not speciﬁed, rule will be inserted in ﬁrst position. is function accepts a rule in a standard nables command format, starting with the chain. Trying to force users to adapt to a new method of creating rules would be irritating at best, and we already have a parser that can handle it.
22.16. Full list of builtin execution modules 703 Salt Documentation, Release 2014.7.6
CLI Examples:
 salt '*' nftables.insert filter input \ rule='input tcp dport 22 log accept'
 salt '*' nftables.insert filter input position=3 \ rule='input tcp dport 22 log accept'
IPv6: salt '*' nftables.insert filter input \ rule='input tcp dport 22 log accept' \ family=ipv6
 salt '*' nftables.insert filter input position=3 \ rule='input tcp dport 22 log accept' \ family=ipv6 salt.modules.nftables.new_chain(table='ﬁlter', chain=None, table_type=None, hook=None, prior- ity=None, family='ipv4') New in version 2014.7.0. Create new chain to the speciﬁed table. CLI Example:
 salt '*' nftables.new_chain filter input
 salt '*' nftables.new_chain filter input \ table_type=filter hook=input priority=0
 salt '*' nftables.new_chain filter foo
IPv6: salt '*' nftables.new_chain filter input family=ipv6
 salt '*' nftables.new_chain filter input \ table_type=filter hook=input priority=0 family=ipv6
 salt '*' nftables.new_chain filter foo family=ipv6 salt.modules.nftables.new_table(table, family='ipv4') New in version 2014.7.0. Create new custom table. CLI Example:
 salt '*' nftables.new_table filter
IPv6: salt '*' nftables.new_table filter family=ipv6 salt.modules.nftables.save(ﬁlename=None, family='ipv4') Save the current in-memory rules to disk CLI Example:
 salt '*' nftables.save /etc/nftables salt.modules.nftables.version() Return version from nables --version
704 Chapter 22. Reference Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' nftables.version
22.16.126 salt.modules.nginx
Support for nginx salt.modules.nginx.configtest() test conﬁguration and exit CLI Example:
 salt '*' nginx.configtest salt.modules.nginx.signal(signal=None) Signals nginx to start, reload, reopen or stop. CLI Example:
 salt '*' nginx.signal reload salt.modules.nginx.status(url='hp://127.0.0.1/status') Return the data from an Nginx status page as a dictionary. hp://wiki.nginx.org/HpStubStatusModule url e URL of the status page. Defaults to `hp://127.0.0.1/status` CLI Example:
 salt '*' nginx.status salt.modules.nginx.version() Return server version from nginx -v CLI Example:
 salt '*' nginx.version
22.16.127 salt.modules.nova
Module for handling OpenStack Nova calls depends • novaclient Python module conﬁguration is module is not usable until the user, password, tenant, and auth URL are speciﬁed either in a pillar or in the minion's conﬁg ﬁle. For example:
 keystone.user: admin keystone.password: verybadpass keystone.tenant: admin keystone.auth_url: 'http://127.0.0.1:5000/v2.0/' # Optional keystone.region_name: 'regionOne'
If conﬁguration for multiple OpenStack accounts is required, they can be set up as diﬀerent con- ﬁguration proﬁles: For example:
22.16. Full list of builtin execution modules 705 Salt Documentation, Release 2014.7.6
 openstack1: keystone.user: admin keystone.password: verybadpass keystone.tenant: admin keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'
 openstack2: keystone.user: admin keystone.password: verybadpass keystone.tenant: admin keystone.auth_url: 'http://127.0.0.2:5000/v2.0/'
With this conﬁguration in place, any of the nova functions can make use of a conﬁguration proﬁle by declaring it explicitly. For example:
 salt '*' nova.flavor_list profile=openstack1 salt.modules.nova.boot(name, ﬂavor_id=0, image_id=0, proﬁle=None, timeout=300) Boot (create) a new instance name Name of the new instance (must be ﬁrst) ﬂavor_id Unique integer ID for the ﬂavor image_id Unique integer ID for the image timeout How long to wait, aer creating the instance, for the provider to return information about it (default 300 seconds). New in version 2014.1.0. CLI Example:
 salt '*' nova.boot myinstance flavor_id=4596 image_id=2
e ﬂavor_id and image_id are obtained from nova.ﬂavor_list and nova.image_list
 salt '*' nova.flavor_list salt '*' nova.image_list salt.modules.nova.delete(instance_id, proﬁle=None) Delete an instance instance_id ID of the instance to be deleted CLI Example:
 salt '*' nova.delete 1138 salt.modules.nova.flavor_create(name, ﬂavor_id=0, ram=0, disk=0, vcpus=1, proﬁle=None) Add a ﬂavor to nova (nova ﬂavor-create). e following parameters are required: name Name of the new ﬂavor (must be ﬁrst) ﬂavor_id Unique integer ID for the new ﬂavor ram Memory size in MB disk Disk size in GB vcpus Number of vcpus CLI Example:
706 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' nova.flavor_create myflavor flavor_id=6 ram=4096 disk=10 vcpus=1 salt.modules.nova.flavor_delete(ﬂavor_id, proﬁle=None) Delete a ﬂavor from nova by id (nova ﬂavor-delete) CLI Example:
 salt '*' nova.flavor_delete 7 salt.modules.nova.flavor_list(proﬁle=None) Return a list of available ﬂavors (nova ﬂavor-list) CLI Example:
 salt '*' nova.flavor_list salt.modules.nova.image_list(name=None, proﬁle=None) Return a list of available images (nova images-list + nova image-show) If a name is provided, only that image will be displayed. CLI Examples:
 salt '*' nova.image_list salt '*' nova.image_list myimage salt.modules.nova.image_meta_delete(image_id=None, name=None, keys=None, proﬁle=None) Delete a key=value pair from the metadata for an image (nova image-meta set) CLI Examples:
 salt '*' nova.image_meta_delete 6f52b2ff-0b31-4d84-8fd1-af45b84824f6 keys=cheese salt '*' nova.image_meta_delete name=myimage keys=salad,beans salt.modules.nova.image_meta_set(image_id=None, name=None, proﬁle=None, **kwargs) Sets a key=value pair in the metadata for an image (nova image-meta set) CLI Examples:
 salt '*' nova.image_meta_set 6f52b2ff-0b31-4d84-8fd1-af45b84824f6 cheese=gruyere salt '*' nova.image_meta_set name=myimage salad=pasta beans=baked salt.modules.nova.keypair_add(name, pubﬁle=None, pubkey=None, proﬁle=None) Add a keypair to nova (nova keypair-add) CLI Examples:
 salt '*' nova.keypair_add mykey pubfile='/home/myuser/.ssh/id_rsa.pub' salt '*' nova.keypair_add mykey pubkey='ssh-rsa  myuser@mybox' salt.modules.nova.keypair_delete(name, proﬁle=None) Add a keypair to nova (nova keypair-delete) CLI Example:
 salt '*' nova.keypair_delete mykey' salt.modules.nova.keypair_list(proﬁle=None) Return a list of available keypairs (nova keypair-list) CLI Example:
22.16. Full list of builtin execution modules 707 Salt Documentation, Release 2014.7.6
 salt '*' nova.keypair_list salt.modules.nova.list_(proﬁle=None) To maintain the feel of the nova command line, this function simply calls the server_list function. salt.modules.nova.lock(instance_id, proﬁle=None) Lock an instance instance_id ID of the instance to be locked CLI Example: salt '*' nova.lock 1138 salt.modules.nova.resume(instance_id, proﬁle=None) Resume an instance instance_id ID of the instance to be resumed CLI Example: salt '*' nova.resume 1138 salt.modules.nova.secgroup_create(name, description, proﬁle=None) Add a secgroup to nova (nova secgroup-create) CLI Example: salt '*' nova.secgroup_create mygroup 'This is my security group' salt.modules.nova.secgroup_delete(name, proﬁle=None) Delete a secgroup to nova (nova secgroup-delete) CLI Example: salt '*' nova.secgroup_delete mygroup salt.modules.nova.secgroup_list(proﬁle=None) Return a list of available security groups (nova items-list) CLI Example: salt '*' nova.secgroup_list salt.modules.nova.server_by_name(name, proﬁle=None) Return information about a server name Server Name CLI Example: salt '*' nova.server_by_name myserver profile=openstack salt.modules.nova.server_list(proﬁle=None) Return list of active servers CLI Example: salt '*' nova.show salt.modules.nova.server_list_detailed(proﬁle=None) Return detailed list of active servers CLI Example:
708 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' nova.server_list_detailed salt.modules.nova.server_show(server_id, proﬁle=None) Return detailed information for an active server CLI Example:
 salt '*' nova.server_show  salt.modules.nova.show(server_id, proﬁle=None) To maintain the feel of the nova command line, this function simply calls the server_show function. CLI Example:
 salt '*' nova.show salt.modules.nova.suspend(instance_id, proﬁle=None) Suspend an instance instance_id ID of the instance to be suspended CLI Example:
 salt '*' nova.suspend 1138 salt.modules.nova.volume_attach(name, server_name, device='/dev/xvdb', proﬁle=None, time- out=300) Aach a block storage volume name Name of the new volume to aach server_name Name of the server to aach to device Name of the device on the server proﬁle Proﬁle to build on CLI Example:
 salt '*' nova.volume_attach myblock slice.example.com profile=openstack salt '*' nova.volume_attach myblock server.example.com device='/dev/xvdb' profile=openstack salt.modules.nova.volume_create(name, size=100, snapshot=None, voltype=None, proﬁle=None) Create a block storage volume name Name of the new volume (must be ﬁrst) size Volume size snapshot Block storage snapshot id voltype Type of storage proﬁle Proﬁle to build on CLI Example:
 salt '*' nova.volume_create myblock size=300 profile=openstack salt.modules.nova.volume_delete(name, proﬁle=None) Destroy the volume name Name of the volume proﬁle Proﬁle to build on
22.16. Full list of builtin execution modules 709 Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' nova.volume_delete myblock profile=openstack salt.modules.nova.volume_detach(name, proﬁle=None, timeout=300) Aach a block storage volume name Name of the new volume to aach server_name Name of the server to detach from proﬁle Proﬁle to build on CLI Example:
 salt '*' nova.volume_detach myblock profile=openstack salt.modules.nova.volume_list(search_opts=None, proﬁle=None) List storage volumes sear_opts Dictionary of search options proﬁle Proﬁle to use CLI Example:
 salt '*' nova.volume_list search_opts='{"display_name": "myblock"}' profile=openstack salt.modules.nova.volume_show(name, proﬁle=None) Create a block storage volume name Name of the volume proﬁle Proﬁle to use CLI Example:
 salt '*' nova.volume_show myblock profile=openstack
22.16.128 salt.modules.npm
Manage and query NPM packages. salt.modules.npm.install(pkg=None, pkgs=None, dir=None, runas=None, registry=None, env=None) Install an NPM package. If no directory is speciﬁed, the package will be installed globally. If no package is speciﬁed, the dependencies (from package.json) of the package in the given directory will be installed. pkg A package name in any format accepted by NPM, including a version identiﬁer pkgs A list of package names in the same format as the name parameter New in version 2014.7.0. dir e target directory in which to install the package, or None for global installation runas e user to run NPM with registry e NPM registry to install the package from. New in version 2014.7.0.
710 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 env Environment variables to set when invoking npm. Uses the same env format as the cmd.run execution function. New in version 2014.7.0. CLI Example:
 salt '*' npm.install coffee-script
 salt '*' npm.install [emailprotected] salt.modules.npm.list_(pkg=None, dir=None, runas=None, env=None) List installed NPM packages. If no directory is speciﬁed, this will return the list of globally- installed packages. pkg Limit package listing by name dir e directory whose packages will be listed, or None for global installation runas e user to run NPM with New in version 2014.7.0. env Environment variables to set when invoking npm. Uses the same env format as the cmd.run execution function. New in version 2014.7.0. CLI Example:
 salt '*' npm.list salt.modules.npm.uninstall(pkg, dir=None, runas=None) Uninstall an NPM package. If no directory is speciﬁed, the package will be uninstalled globally. pkg A package name in any format accepted by NPM dir e target directory from which to uninstall the package, or None for global installation runas e user to run NPM with CLI Example:
 salt '*' npm.uninstall coffee-script
22.16.129 salt.modules.omapi
is module interacts with an ISC DHCP Server via OMAPI. server_ip and server_port params may be set in the minion conﬁg or pillar: omapi.server_ip: 127.0.0.1 omapi.server_port: 7991
 depends pypureomapi Python module salt.modules.omapi.add_host(mac, name=None, ip=None, ddns=False, group=None, super- sede_host=False) Add a host object for the given mac. CLI Example:
22.16. Full list of builtin execution modules 711 Salt Documentation, Release 2014.7.6
 salt dhcp-server omapi.add_host ab:ab:ab:ab:ab:ab name=host1
Add ddns-hostname and a ﬁxed-ip statements:
 salt dhcp-server omapi.add_host ab:ab:ab:ab:ab:ab name=host1 ip=10.1.1.1 ddns=true salt.modules.omapi.delete_host(mac=None, name=None) Delete the host with the given mac or name. CLI Examples:
 salt dhcp-server omapi.delete_host name=host1 salt dhcp-server omapi.delete_host mac=ab:ab:ab:ab:ab:ab
22.16.130 salt.modules.openbsdpkg
Package support for OpenBSD salt.modules.openbsdpkg.install(name=None, pkgs=None, sources=None, **kwargs) Install the passed package Return a dict containing the new package names and versions:
{'':{'old': '', 'new': ''}}
CLI Example, Install one package:
 salt '*' pkg.install 
CLI Example, Install more than one package:
 salt '*' pkg.install pkgs='["", ""]'
CLI Example, Install more than one package from a alternate source (e.g. salt ﬁle-server, HTTP, FTP, local ﬁlesystem):
 salt '*' pkg.install sources='[{"": "salt://pkgs/"}]' salt.modules.openbsdpkg.latest_version(*names, **kwargs) e available version of the package in the repository CLI Example:
 salt '*' pkg.latest_version  salt.modules.openbsdpkg.list_pkgs(versions_as_list=False, **kwargs) List the packages currently installed as a dict:
{'': ''}
CLI Example:
 salt '*' pkg.list_pkgs salt.modules.openbsdpkg.purge(name=None, pkgs=None, **kwargs) Package purges are not supported, this function is identical to remove(). name e name of the package to be deleted.
712 Chapter 22. Reference Salt Documentation, Release 2014.7.6
Multiple Package Options: pkgs A list of packages to delete. Must be passed as a python list. e name parameter will be ignored if this option is passed. New in version 0.16.0. Returns a dict containing the changes. CLI Example:
 salt '*' pkg.purge  salt '*' pkg.purge ,, salt '*' pkg.purge pkgs='["foo", "bar"]' salt.modules.openbsdpkg.remove(name=None, pkgs=None, **kwargs) Remove a single package with pkg_delete Multiple Package Options: pkgs A list of packages to delete. Must be passed as a python list. e name parameter will be ignored if this option is passed. New in version 0.16.0. Returns a dict containing the changes. CLI Example:
 salt '*' pkg.remove  salt '*' pkg.remove ,, salt '*' pkg.remove pkgs='["foo", "bar"]' salt.modules.openbsdpkg.version(*names, **kwargs) Returns a string representing the package version or an empty string if not installed. If more than one package name is speciﬁed, a dict of name/version pairs is returned. CLI Example:
 salt '*' pkg.version  salt '*' pkg.version    ...
22.16.131 salt.modules.openbsdservice
e service module for OpenBSD salt.modules.openbsdservice.available(name) New in version 2014.7.0. Returns True if the speciﬁed service is available, otherwise returns False. CLI Example:
 salt '*' service.available sshd salt.modules.openbsdservice.disabled(name) New in version 2014.7.0. Return True if the named service is disabled, false otherwise CLI Example:
22.16. Full list of builtin execution modules 713 Salt Documentation, Release 2014.7.6
 salt '*' service.disabled  salt.modules.openbsdservice.enabled(name) New in version 2014.7.0. Return True if the named service is enabled, false otherwise CLI Example:
 salt '*' service.enabled  salt.modules.openbsdservice.get_all() New in version 2014.7.0. Return all available boot services CLI Example:
 salt '*' service.get_all salt.modules.openbsdservice.get_disabled() New in version 2014.7.0. Return a set of services that are installed but disabled CLI Example:
 salt '*' service.get_disabled salt.modules.openbsdservice.get_enabled() New in version 2014.7.0. Return a list of service that are enabled on boot CLI Example:
 salt '*' service.get_enabled salt.modules.openbsdservice.missing(name) New in version 2014.7.0. e inverse of service.available. Returns True if the speciﬁed service is not available, otherwise returns False. CLI Example:
 salt '*' service.missing sshd salt.modules.openbsdservice.reload_(name) New in version 2014.7.0. Reload the named service CLI Example:
 salt '*' service.reload  salt.modules.openbsdservice.restart(name) Restart the named service CLI Example:
 salt '*' service.restart 
714 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.openbsdservice.start(name) Start the speciﬁed service CLI Example:
See Also
Analyze and Troubleshoot 802.11 Wireless Sniffing
 salt '*' service.start  salt.modules.openbsdservice.status(name, sig=None) Return the status for a service, returns a bool whether the service is running. CLI Example:
 salt '*' service.status  salt.modules.openbsdservice.stop(name) Stop the speciﬁed service CLI Example:
 salt '*' service.stop 
22.16.132 salt.modules.openstack_config
Modify, retrieve, or delete values from OpenStack conﬁguration ﬁles. maintainer Jeﬀrey C. Ollie  maturity new depends platform linux salt.modules.openstack_config.delete(ﬁlename, section, parameter) Delete a value from an OpenStack conﬁguration ﬁle. ﬁlename e full path to the conﬁguration ﬁle section e section from which to delete the parameter parameter e parameter to delete CLI Example:
 salt-call openstack_config.delete /etc/keystone/keystone.conf sql connection salt.modules.openstack_config.get(ﬁlename, section, parameter) Get a value from an OpenStack conﬁguration ﬁle. ﬁlename e full path to the conﬁguration ﬁle section e section from which to search for the parameter parameter e parameter to return CLI Example:
 salt-call openstack_config.get /etc/keystone/keystone.conf sql connection salt.modules.openstack_config.set_(ﬁlename, section, parameter, value) Set a value in an OpenStack conﬁguration ﬁle. ﬁlename e full path to the conﬁguration ﬁle
22.16. Full list of builtin execution modules 715 Salt Documentation, Release 2014.7.6
 section e section in which the parameter will be set parameter e parameter to change value e value to set CLI Example:
 salt-call openstack_config.set /etc/keystone/keystone.conf sql connection foo
22.16.133 salt.modules.oracle
Oracle DataBase connection module mainteiner Vladimir Bormotov  maturity new depends cx_Oracle platform all conﬁguration module provide connections for multiple Oracle DB instances. OS Environment
ORACLE_HOME: path to oracle product PATH: path to Oracle Client libs need to be in PATH
 pillar
 oracle.dbs: list of known based oracle.dbs..uri: connection credentials in format: user/password@host[:port]/sid[ as {sysdba|sysoper}] salt.modules.oracle.client_version() Oracle Client Version CLI Example:
 salt '*' oracle.client_version salt.modules.oracle.run_query(db, query) Run SQL query and return result CLI example:
 salt '*' oracle.run_query my_db "select * from my_table" salt.modules.oracle.show_dbs(*dbs) Show databases conﬁguration from pillar. Filter by args
 salt '*' oracle.show_dbs salt '*' oracle.show_dbs my_db salt.modules.oracle.show_env() Show Environment used by Oracle Client CLI Example:
 salt '*' oracle.show_env
716 Chapter 22. Reference Salt Documentation, Release 2014.7.6
Note: at ﬁrst _connect() NLS_LANG will forced to `.AL32UTF8' salt.modules.oracle.show_pillar(item=None) Show Pillar segment oracle.* and subitem with notation ``item:subitem'' CLI Example:
 salt '*' oracle.show_pillar salt '*' oracle.show_pillar dbs:my_db salt.modules.oracle.version(*dbs) Server Version (select banner from v$version) CLI Example:
 salt '*' oracle.version salt '*' oracle.version my_db
22.16.134 salt.modules.osxdesktop
Mac OS X implementations of various commands in the ``desktop'' interface salt.modules.osxdesktop.get_output_volume() Get the output volume (range 0 to 100) CLI Example:
 salt '*' desktop.get_output_volume salt.modules.osxdesktop.lock() Lock the desktop session CLI Example:
 salt '*' desktop.lock salt.modules.osxdesktop.say(*words) Say some words. CLI Example:
 salt '*' desktop.say   ...  salt.modules.osxdesktop.screensaver() Launch the screensaver CLI Example:
 salt '*' desktop.screensaver salt.modules.osxdesktop.set_output_volume(volume) Set the volume of sound (range 0 to 100) CLI Example:
 salt '*' desktop.set_output_volume 
22.16. Full list of builtin execution modules 717 Salt Documentation, Release 2014.7.6
22.16.135 salt.modules.pacman
A module to wrap pacman calls, since Arch is the best (hps://wiki.archlinux.org/index.php/Arch_is_the_best) salt.modules.pacman.file_dict(*packages) List the ﬁles that belong to a package, grouped by package. Not specifying any packages will return a list of _every_ ﬁle on the system's package database (not generally recommended). CLI Examples:
 salt '*' pkg.file_list httpd salt '*' pkg.file_list httpd postfix salt '*' pkg.file_list salt.modules.pacman.file_list(*packages) List the ﬁles that belong to a package. Not specifying any packages will return a list of _every_ ﬁle on the system's package database (not generally recommended). CLI Examples:
 salt '*' pkg.file_list httpd salt '*' pkg.file_list httpd postfix salt '*' pkg.file_list salt.modules.pacman.install(name=None, refresh=False, sysupgrade=False, pkgs=None, sources=None, **kwargs) Install (pacman -S) the passed package, add refresh=True to install with -y, add sysupgrade=True to install with -u. name e name of the package to be installed. Note that this parameter is ignored if either ``pkgs'' or ``sources'' is passed. Additionally, please note that this option can only be used to install packages from a soware repository. To install a package ﬁle manually, use the ``sources'' option. CLI Example:
 salt '*' pkg.install 
 refresh Whether or not to refresh the package database before installing. sysupgrade Whether or not to upgrade the system packages before installing. Multiple Package Installation Options: pkgs A list of packages to install from a soware repository. Must be passed as a python list. A speciﬁc version number can be speciﬁed by using a single-element dict representing the package and its version. As with the version parameter above, comparison operators can be used to target a speciﬁc version of a package. CLI Examples:
 salt '*' pkg.install pkgs='["foo", "bar"]' salt '*' pkg.install pkgs='["foo", {"bar": "1.2.3-4"}]' salt '*' pkg.install pkgs='["foo", {"bar": "<1.2.3-4"}]'
 sources A list of packages to install. Must be passed as a list of dicts, with the keys being package names, and the values being the source URI or local path to the package. CLI Example:
 salt '*' pkg.install sources='[{"foo": "salt://foo.pkg.tar.xz"}, {"bar": "salt://bar.pkg.tar.xz"}]'
Returns a dict containing the new package names and versions:
718 Chapter 22. Reference Salt Documentation, Release 2014.7.6
{'':{'old': '', 'new': ''}} salt.modules.pacman.latest_version(*names, **kwargs) Return the latest version of the named package available for upgrade or installation. If more than one package name is speciﬁed, a dict of name/version pairs is returned. If the latest version of a given package is already installed, an empty string will be returned for that package. CLI Example:
 salt '*' pkg.latest_version  salt '*' pkg.latest_version    ... salt.modules.pacman.list_pkgs(versions_as_list=False, **kwargs) List the packages currently installed as a dict:
{'': ''}
CLI Example:
 salt '*' pkg.list_pkgs salt.modules.pacman.list_upgrades(refresh=False) List all available package upgrades on this system CLI Example:
 salt '*' pkg.list_upgrades salt.modules.pacman.owner(*paths) New in version 2014.7.0. Return the name of the package that owns the ﬁle. Multiple ﬁle paths can be passed. Like pkg.version 
 salt '*' pkg.purge  salt '*' pkg.purge ,, salt '*' pkg.purge pkgs='["foo", "bar"]'
22.16. Full list of builtin execution modules 719 Salt Documentation, Release 2014.7.6 salt.modules.pacman.refresh_db() Just run a pacman -Sy, return a dict:
{'': Bool}
CLI Example:
 salt '*' pkg.refresh_db salt.modules.pacman.remove(name=None, pkgs=None, **kwargs) Remove packages with pacman -R. name e name of the package to be deleted. Multiple Package Options: pkgs A list of packages to delete. Must be passed as a python list. e name parameter will be ignored if this option is passed. New in version 0.16.0. Returns a dict containing the changes. CLI Example:
 salt '*' pkg.remove  salt '*' pkg.remove ,, salt '*' pkg.remove pkgs='["foo", "bar"]' salt.modules.pacman.upgrade(refresh=False) Run a full system upgrade, a pacman -Syu refresh Whether or not to refresh the package database before installing. Return a dict containing the new package names and versions:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' pkg.upgrade salt.modules.pacman.upgrade_available(name) Check whether or not an upgrade is available for a given package CLI Example:
 salt '*' pkg.upgrade_available  salt.modules.pacman.version(*names, **kwargs) Returns a string representing the package version or an empty string if not installed. If more than one package name is speciﬁed, a dict of name/version pairs is returned. CLI Example:
 salt '*' pkg.version  salt '*' pkg.version    ...
720 Chapter 22. Reference Salt Documentation, Release 2014.7.6
22.16.136 salt.modules.pagerduty
Module for Firing Events via PagerDuty New in version 2014.1.0. conﬁguration is module can be used by specifying the name of a conﬁguration proﬁle in the minion conﬁg, minion pillar, or master conﬁg. For example:
 my-pagerduty-account: pagerduty.api_key: F3Rbyjbve43rfFWf2214 pagerduty.subdomain: mysubdomain salt.modules.pagerduty.create_event(service_key=None, description=None, details=None, inci- dent_key=None, proﬁle=None) Create an event in PagerDuty. Designed for use in states. CLI Example: pagerduty.create_event   
 proﬁle=my-pagerduty- account
: e following parameters are required: service_key is key can be found by using pagerduty.list_services. description is is a short description of the event. details is can be a more detailed description of the event. proﬁle is refers to the conﬁguration proﬁle to use to connect to the PagerDuty service. salt.modules.pagerduty.list_incidents(proﬁle=None, api_key=None) List services belonging to this account CLI Example: pagerduty.list_incidents my-pagerduty-account salt.modules.pagerduty.list_services(proﬁle=None, api_key=None) List services belonging to this account CLI Example: pagerduty.list_services my-pagerduty-account
22.16.137 salt.modules.pam
Support for pam salt.modules.pam.read_file(ﬁle_name) is is just a test function, to make sure parsing works CLI Example:
 salt '*' pam.read_file /etc/pam.d/login
22.16. Full list of builtin execution modules 721 Salt Documentation, Release 2014.7.6
22.16.138 salt.modules.parted
Module for managing partitions on POSIX-like systems. depends • parted, partprobe, lsblk (usually parted and util-linux packages) Some functions may not be available, depending on your version of parted. Check the manpage for parted(8) for more information, or the online docs at: hp://www.gnu.org/soware/parted/manual/html_chapter/parted_2.html In light of parted not directly supporting partition IDs, some of this module has been wrien to utilize sfdisk instead. For further information, please reference the man page for sfdisk(8). salt.modules.parted.align_check(device, part_type, partition) partition.align_check device part_type partition Check if partition satisﬁes the alignment constraint of part_type. Type must be ``minimal'' or ``optimal''. CLI Example:
 salt '*' partition.align_check /dev/sda minimal 1 salt.modules.parted.check(device, minor) partition.check device minor Checks if the ﬁle system on partition  has any errors. CLI Example:
 salt '*' partition.check 1 salt.modules.parted.cp(device, from_minor, to_minor) partition.check device from_minor to_minor Copies the ﬁle system on the partition  to partition , deleting the original con- tents of the destination partition. CLI Example:
 salt '*' partition.cp /dev/sda 2 3 salt.modules.parted.exists(device='`) partition.exists device Check to see if the partition exists CLI Example:
 salt '*' partition.exists /dev/sdb1 salt.modules.parted.get_block_device() Retrieve a list of disk devices New in version 2014.7.0. CLI Example:
 salt '*' partition.get_block_device salt.modules.parted.get_id(device, minor) Prints the system ID for the partition. Some typical values are:
722 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 b: FAT32 (vfat) 7: HPFS/NTFS 82: Linux Swap 83: Linux 8e: Linux LVM fd: Linux RAID Auto
CLI Example:
 salt '*' partition.get_id /dev/sda 1 salt.modules.parted.list_(device, unit=None) partition.list device unit Prints partition information of given  CLI Examples:
 salt '*' partition.list /dev/sda salt '*' partition.list /dev/sda unit=s salt '*' partition.list /dev/sda unit=kB salt.modules.parted.mkfs(device, fs_type) partition.mkfs device fs_type Makes a ﬁle system  on partition , destroying all data that resides on that partition.  must be one of ``ext2'', ``fat32'', ``fat16'', ``linux-swap'' or ``reiserfs'' (if libreiserfs is installed) CLI Example:
 salt '*' partition.mkfs /dev/sda2 fat32 salt.modules.parted.mklabel(device, label_type) partition.mklabel device label_type Create a new disklabel (partition table) of label_type. Type should be one of ``aix'', ``amiga'', ``bsd'', ``dvh'', ``gpt'', ``loop'', ``mac'', ``msdos'', ``pc98'', or ``sun''. CLI Example:
 salt '*' partition.mklabel /dev/sda msdos salt.modules.parted.mkpart(device, part_type, fs_type=None, start=None, end=None) partition.mkpart device part_type fs_type start end Make a part_type partition for ﬁlesystem fs_type, beginning at start and ending at end (by default in megabytes). part_type should be one of ``primary'', ``logical'', or ``extended''. CLI Examples:
 salt '*' partition.mkpart /dev/sda primary fs_type=fat32 start=0 end=639 salt '*' partition.mkpart /dev/sda primary start=0 end=639 salt.modules.parted.mkpartfs(device, part_type, fs_type, start, end) partition.mkpartfs device part_type fs_type start end Make a  partition with a new ﬁlesystem of , beginning at  and ending at  (by default in megabytes).  should be one of ``primary'', ``logical'', or ``extended''.  must be one of ``ext2'', ``fat32'', ``fat16'', ``linux-swap'' or ``reiserfs'' (if libreiserfs is installed) CLI Example:
22.16. Full list of builtin execution modules 723 Salt Documentation, Release 2014.7.6
 salt '*' partition.mkpartfs /dev/sda logical ext2 440 670 salt.modules.parted.name(device, partition, name) partition.name device partition name Set the name of partition to name. is option works only on Mac, PC98, and GPT disklabels. e name can be placed in quotes, if necessary. CLI Example:
 salt '*' partition.name /dev/sda 1 'My Documents' salt.modules.parted.part_list(device, unit=None) Deprecated. Calls partition.list. CLI Examples:
 salt '*' partition.part_list /dev/sda salt '*' partition.part_list /dev/sda unit=s salt '*' partition.part_list /dev/sda unit=kB salt.modules.parted.probe(device='`) Ask the kernel to update its local partition data CLI Examples:
 salt '*' partition.probe salt '*' partition.probe /dev/sda salt.modules.parted.rescue(device, start, end) partition.rescue device start end Rescue a lost partition that was located somewhere between start and end. If a partition is found, parted will ask if you want to create an entry for it in the partition table. CLI Example:
 salt '*' partition.rescue /dev/sda 0 8056 salt.modules.parted.resize(device, minor, start, end) partition.resize device minor, start, end Resizes the partition with number . e partition will start  from the beginning of the disk, and end  from the beginning of the disk. resize never changes the minor number. Extended parti- tions can be resized, so long as the new extended partition completely contains all logical partitions. CLI Example:
 salt '*' partition.resize /dev/sda 3 200 850 salt.modules.parted.rm(device, minor) partition.rm device minor Removes the partition with number . CLI Example:
 salt '*' partition.rm /dev/sda 5 salt.modules.parted.set_(device, minor, ﬂag, state) partition.set device minor ﬂag state
724 Chapter 22. Reference Salt Documentation, Release 2014.7.6
Changes a ﬂag on the partition with number . A ﬂag can be either ``on'' or ``oﬀ''. Some or all of these ﬂags will be available, depending on what disk label you are using. CLI Example:
 salt '*' partition.set /dev/sda 1 boot on salt.modules.parted.set_id(device, minor, system_id) Sets the system ID for the partition. Some typical values are:
 b: FAT32 (vfat) 7: HPFS/NTFS 82: Linux Swap 83: Linux 8e: Linux LVM fd: Linux RAID Auto
CLI Example:
 salt '*' partition.set_id /dev/sda 1 83 salt.modules.parted.system_types() List the system types that are supported by the installed version of sfdisk CLI Example:
 salt '*' partition.system_types salt.modules.parted.toggle(device, partition, ﬂag) partition.toggle device partition ﬂag Toggle the state of <ﬂag> on  CLI Example:
 salt '*' partition.name /dev/sda 1 boot
22.16.139 salt.modules.pecl
Manage PHP pecl extensions. salt.modules.pecl.install(pecls, defaults=False, force=False, preferred_state='stable') New in version 0.17.0. Installs one or several pecl extensions. pecls e pecl extensions to install. defaults Use default answers for extensions such as pecl_hp which ask questions before installation. With- out this option, the pecl.installed state will hang indeﬁnitely when trying to install these extensions. force Whether to force the installed version or not CLI Example:
 salt '*' pecl.install fuse salt.modules.pecl.list_(channel=None) List installed pecl extensions. CLI Example:
22.16. Full list of builtin execution modules 725 Salt Documentation, Release 2014.7.6
 salt '*' pecl.list salt.modules.pecl.uninstall(pecls) Uninstall one or several pecl extensions. pecls e pecl extensions to uninstall. CLI Example:
 salt '*' pecl.uninstall fuse salt.modules.pecl.update(pecls) Update one or several pecl extensions. pecls e pecl extensions to update. CLI Example:
 salt '*' pecl.update fuse
22.16.140 salt.modules.pillar
Extract the pillar data for this minion salt.modules.pillar.ext(external) Generate the pillar and apply an explicit external pillar CLI Example:
 salt '*' pillar.ext '{libvirt: _}' salt.modules.pillar.get(key, default='`, merge=False, delimiter=':') New in version 0.14. Aempt to retrieve the named value from pillar, if the named value is not available return the passed default. e default return is an empty string. If the merge parameter is set to True, the default will be recursively merged into the returned pillar data. e value can also represent a value in a nested dict using a '':'' delimiter for the dict. is means that if a dict in pillar looks like this:
{'pkg':{'apache': 'httpd'}}
To retrieve the value associated with the apache key in the pkg dict this key can be passed:
 pkg:apache
 merge Specify whether or not the retrieved values should be recursively merged into the passed default. New in version 2014.7.0. delimiter Specify an alternate delimiter to use when traversing a nested dict New in version 2014.7.0.
CLI Example:
 salt '*' pillar.get pkg:apache
726 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.pillar.item(*args) New in version 0.16.2. Return one ore more pillar entries CLI Examples:
 salt '*' pillar.item foo salt '*' pillar.item foo bar baz salt.modules.pillar.items(*args) Calls the master for a fresh pillar and generates the pillar data on the ﬂy Contrast with raw() which returns the pillar data that is currently loaded into the minion. CLI Example:
 salt '*' pillar.items salt.modules.pillar.raw(key=None) Return the raw pillar data that is currently loaded into the minion. Contrast with items() which calls the master to fetch the most up-to-date Pillar. CLI Example:
 salt '*' pillar.raw
With the optional key argument, you can select a subtree of the pillar raw data.:
 salt '*' pillar.raw key='roles'
22.16.141 salt.modules.pip
Install Python packages with pip to either the system or a virtualenv
Windows Support
New in version 2014.7.4. Salt now uses a portable python. As a result the entire pip module is now functional on the salt installation itself. You can pip install dependencies for your custom modules. You can even upgrade salt itself using pip. For this to work properly, you must specify the Current Working Directory (cwd) and the Pip Binary (bin_env) salt should use. For example, the following command will list all soware installed using pip to your current salt environment: salt  pip.list cwd='C:\salt\bin\Scripts' bin_env='C:\salt\bin\Scripts\pip.exe'
Specifying the cwd and bin_env options ensures you're modifying the salt environment. If these are omied, it will default to the local installation of python. If python is not installed locally it will fail saying it couldn't ﬁnd pip.
State File Support
is functionality works in states as well. If you need to pip install colorama with a state, for example, the following will work:
22.16. Full list of builtin execution modules 727 Salt Documentation, Release 2014.7.6
 install_colorama: pip.installed: - name: colorama - cwd: 'C:\salt\bin\scripts' - bin_env: 'C:\salt\bin\scripts\pip.exe' - upgrade: True
Upgrading Salt using Pip
You can now update salt using pip to any version from the 2014.7 branch forward. Previous version require recom- piling some of the dependencies which is painful in windows. To do this you just use pip with git to update to the version you want and then restart the service. Here is a sample state ﬁle that upgrades salt to the head of the 2015.5 branch: install_salt: pip.installed: - cwd: 'C:\salt\bin\scripts' - bin_env: 'C:\salt\bin\scripts\pip.exe' - editable: git+https://github.com/saltstack/[emailprotected]#egg=salt - upgrade: True restart_service: service.running: - name: salt-minion - enable: True - watch: - pip: install_salt
Note: If you're having problems, you might try doubling the back slashes. For example, cwd: `C:\salt\bin\scripts'. Sometimes python thinks the single back slash is an escape character. salt.modules.pip.freeze(bin_env=None, user=None, runas=None, cwd=None) Return a list of installed packages either globally or in the speciﬁed virtualenv bin_env path to pip bin or path to virtualenv. If doing an uninstall from the system python and want to use a speciﬁc pip bin (pip-2.7, pip-2.6, etc..) just specify the pip bin you want. If uninstalling from a virtualenv, just use the path to the virtualenv (/home/code/path/to/virtualenv/) user e user under which to run pip
Note: e runas argument is deprecated as of 0.16.2. user should be used instead.
 cwd Current working directory to run pip from
CLI Example:
 salt '*' pip.freeze /home/code/path/to/virtualenv/
728 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.pip.install(pkgs=None, requirements=None, env=None, bin_env=None, use_wheel=False, no_use_wheel=False, log=None, proxy=None, time- out=None, editable=None, ﬁnd_links=None, index_url=None, ex- tra_index_url=None, no_index=False, mirrors=None, build=None, target=None, download=None, download_cache=None, source=None, upgrade=False, force_reinstall=False, ignore_installed=False, ex- ists_action=None, no_deps=False, no_install=False, no_download=False, global_options=None, install_options=None, user=None, runas=None, no_chown=False, cwd=None, activate=False, pre_releases=False, cert=None, allow_all_external=False, allow_external=None, allow_unveriﬁed=None, process_dependency_links=False, __env__=None, saltenv='base') Install packages with pip Install packages individually or from a pip requirements ﬁle. Install packages globally or to a virtualenv. pkgs Comma separated list of packages to install requirements Path to requirements bin_env Path to pip bin or path to virtualenv. If doing a system install, and want to use a speciﬁc pip bin (pip-2.7, pip-2.6, etc..) just specify the pip bin you want. If installing into a virtualenv, just use the path to the virtualenv (/home/code/path/to/virtualenv/) env Deprecated, use bin_env now use_wheel Prefer wheel archives (requires pip>=1.4) no_use_wheel Force to not use wheel archives (requires pip>=1.4) log Log ﬁle where a complete (maximum verbosity) record will be kept proxy Specify a proxy in the form user:[emailprotected]:port. Note that the user:password@ is optional and required only if you are behind an authenticated proxy. If you provide [emailprotected]:port then you will be prompted for a password. timeout Set the socket timeout (default 15 seconds) editable install something editable (i.e. git+hps://github.com/worldcompany/djangoembed.git#egg=djangoembed) ﬁnd_links URL to look for packages at index_url Base URL of Python Package Index extra_index_url Extra URLs of package indexes to use in addition to index_url no_index Ignore package index mirrors Speciﬁc mirror URL(s) to query (automatically adds --use-mirrors) build Unpack packages into build dir target Install packages into target dir download Download packages into download instead of installing them download_cae Cache downloaded packages in download_cache dir source Check out editable packages into source dir upgrade Upgrade all packages to the newest available version force_reinstall When upgrading, reinstall all packages even if they are already up-to-date. ignore_installed Ignore the installed packages (reinstalling instead) exists_action Default action when a path already exists: (s)witch, (i)gnore, (w)ipe, (b)ackup
22.16. Full list of builtin execution modules 729 Salt Documentation, Release 2014.7.6
 no_deps Ignore package dependencies no_install Download and unpack all packages, but don't actually install them no_download Don't download any packages, just install the ones already downloaded (completes an install run with --no-install) install_options Extra arguments to be supplied to the setup.py install command (use like --install-option=''-- install- scripts=/usr/local/bin''). Use multiple --install- option options to pass multiple options to setup.py install. If you are using an option with a directory path, be sure to use absolute path. global_options Extra global options to be supplied to the setup.py call before the install command. user e user under which to run pip
Note: e runas argument is deprecated as of 0.16.2. user should be used instead.
 no_own When user is given, do not aempt to copy and chown a requirements ﬁle cwd Current working directory to run pip from activate Activates the virtual environment, if given via bin_env, before running install. Deprecated since version 2014.7.2: If bin_env is given, pip will already be sourced from that virualenv, making activate eﬀectively a noop. pre_releases Include pre-releases in the available versions cert Provide a path to an alternate CA bundle allow_all_external Allow the installation of all externally hosted ﬁles allow_external Allow the installation of externally hosted ﬁles (comma separated list) allow_unveriﬁed Allow the installation of insecure and unveriﬁable ﬁles (comma separated list) process_dependency_links Enable the processing of dependency links
CLI Example:
 salt '*' pip.install , salt '*' pip.install requirements=/path/to/requirements.txt salt '*' pip.install  bin_env=/path/to/virtualenv salt '*' pip.install  bin_env=/path/to/pip_bin
Complicated CLI example:
 salt '*' pip.install markdown,django editable=git+https://github.com/worldcompany/djangoembed.git#egg=djangoembed upgrade=True no_deps=True salt.modules.pip.list_(preﬁx=None, bin_env=None, user=None, runas=None, cwd=None) Filter list of installed apps from freeze and check to see if prefix exists in the list of packages installed. CLI Example:
 salt '*' pip.list salt salt.modules.pip.uninstall(pkgs=None, requirements=None, bin_env=None, log=None, proxy=None, timeout=None, user=None, runas=None, no_chown=False, cwd=None, __env__=None, saltenv='base') Uninstall packages with pip Uninstall packages individually or from a pip requirements ﬁle. Uninstall packages globally or from a vir- tualenv.
730 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 pkgs comma separated list of packages to install requirements path to requirements. bin_env path to pip bin or path to virtualenv. If doing an uninstall from the system python and want to use a speciﬁc pip bin (pip-2.7, pip-2.6, etc..) just specify the pip bin you want. If uninstalling from a virtualenv, just use the path to the virtualenv (/home/code/path/to/virtualenv/) log Log ﬁle where a complete (maximum verbosity) record will be kept proxy Specify a proxy in the form user:[emailprotected]:port. Note that the user:password@ is optional and required only if you are behind an authenticated proxy. If you provide [emailprotected]:port then you will be prompted for a password. timeout Set the socket timeout (default 15 seconds) user e user under which to run pip
Note: e runas argument is deprecated as of 0.16.2. user should be used instead.
 no_own When user is given, do not aempt to copy and chown a requirements ﬁle cwd Current working directory to run pip from
CLI Example:
 salt '*' pip.uninstall , salt '*' pip.uninstall requirements=/path/to/requirements.txt salt '*' pip.uninstall  bin_env=/path/to/virtualenv salt '*' pip.uninstall  bin_env=/path/to/pip_bin salt.modules.pip.version(bin_env=None) New in version 0.17.0. Returns the version of pip. Use bin_env to specify the path to a virtualenv and get the version of pip in that virtualenv. If unable to detect the pip version, returns None. CLI Example:
 salt '*' pip.version
22.16.142 salt.modules.pkg_resource
Resources needed by pkg providers salt.modules.pkg_resource.add_pkg(pkgs, name, version) Add a package to a dict of installed packages. CLI Example:
 salt '*' pkg_resource.add_pkg '{}' bind 9 salt.modules.pkg_resource.check_extra_requirements(pkgname, pkgver) Check if the installed package already has the given requirements. is function will simply try to call ``pkg.check_extra_requirements''. CLI Example:
22.16. Full list of builtin execution modules 731 Salt Documentation, Release 2014.7.6
 salt '*' pkg_resource.check_extra_requirements   salt.modules.pkg_resource.pack_sources(sources) Accepts list of dicts (or a string representing a list of dicts) and packs the key/value pairs into a single dict. '[{"foo": "salt://foo.rpm"}, {"bar": "salt://bar.rpm"}]' would become {"foo": "salt://foo.rpm", "bar": "salt://bar.rpm"} CLI Example:
 salt '*' pkg_resource.pack_sources '[{"foo": "salt://foo.rpm"}, {"bar": "salt://bar.rpm"}]' salt.modules.pkg_resource.parse_targets(name=None, pkgs=None, sources=None, saltenv='base', normalize=True, **kwargs) Parses the input to pkg.install and returns back the package(s) to be installed. Returns a list of packages, as well as a string noting whether the packages are to come from a repository or a binary package. CLI Example:
 salt '*' pkg_resource.parse_targets salt.modules.pkg_resource.sort_pkglist(pkgs) Accepts a dict obtained from pkg.list_pkgs() and sorts in place the list of versions for any packages that have multiple versions installed, so that two package lists can be compared to one another. CLI Example:
 salt '*' pkg_resource.sort_pkglist '["3.45", "2.13"]' salt.modules.pkg_resource.stringify(pkgs) Takes a dict of package name/version information and joins each list of installed versions into a string. CLI Example:
 salt '*' pkg_resource.stringify 'vim: 7.127' salt.modules.pkg_resource.version(*names, **kwargs) Common interface for obtaining the version of installed packages. CLI Example:
 salt '*' pkg_resource.version vim salt '*' pkg_resource.version foo bar baz salt '*' pkg_resource.version 'python*' salt.modules.pkg_resource.version_clean(version) Clean the version string removing extra data. is function will simply try to call pkg.version_clean. CLI Example:
 salt '*' pkg_resource.version_clean 
22.16.143 salt.modules.pkgin
Package support for pkgin based systems, inspired from freebsdpkg module salt.modules.pkgin.available_version(*names, **kwargs) Return the latest version of the named package available for upgrade or installation. If the latest version of a given package is already installed, an empty string will be returned for that package.
732 Chapter 22. Reference Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' pkg.latest_version  salt '*' pkg.latest_version   ... salt.modules.pkgin.file_dict(package) List the ﬁles that belong to a package. CLI Examples:
 salt '*' pkg.file_list nginx salt.modules.pkgin.file_list(package) List the ﬁles that belong to a package. CLI Examples:
 salt '*' pkg.file_list nginx salt.modules.pkgin.install(name=None, refresh=False, fromrepo=None, pkgs=None, sources=None, **kwargs) Install the passed package name e name of the package to be installed. refresh Whether or not to refresh the package database before installing. fromrepo Specify a package repository to install from. Multiple Package Installation Options: pkgs A list of packages to install from a soware repository. Must be passed as a python list. CLI Example:
 salt '*' pkg.install pkgs='["foo","bar"]'
 sources A list of packages to install. Must be passed as a list of dicts, with the keys being package names, and the values being the source URI or local path to the package. CLI Example:
 salt '*' pkg.install sources='[{"foo": "salt://foo.deb"},{"bar": "salt://bar.deb"}]'
Return a dict containing the new package names and versions:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' pkg.install  salt.modules.pkgin.latest_version(*names, **kwargs) Return the latest version of the named package available for upgrade or installation. If the latest version of a given package is already installed, an empty string will be returned for that package. CLI Example:
 salt '*' pkg.latest_version  salt '*' pkg.latest_version   ...
22.16. Full list of builtin execution modules 733 Salt Documentation, Release 2014.7.6 salt.modules.pkgin.list_pkgs(versions_as_list=False, **kwargs) List the packages currently installed as a dict:
{'': ''}
CLI Example:
 salt '*' pkg.list_pkgs salt.modules.pkgin.purge(name=None, pkgs=None, **kwargs) Package purges are not supported, this function is identical to remove(). name e name of the package to be deleted. Multiple Package Options: pkgs A list of packages to delete. Must be passed as a python list. e name parameter will be ignored if this option is passed. New in version 0.16.0. Returns a dict containing the changes. CLI Example:
 salt '*' pkg.purge  salt '*' pkg.purge ,, salt '*' pkg.purge pkgs='["foo", "bar"]' salt.modules.pkgin.refresh_db() Use pkg update to get latest pkg_summary CLI Example:
 salt '*' pkg.refresh_db salt.modules.pkgin.remove(name=None, pkgs=None, **kwargs) name e name of the package to be deleted. Multiple Package Options: pkgs A list of packages to delete. Must be passed as a python list. e name parameter will be ignored if this option is passed. New in version 0.16.0. Returns a list containing the removed packages. CLI Example:
 salt '*' pkg.remove  salt '*' pkg.remove ,, salt '*' pkg.remove pkgs='["foo", "bar"]' salt.modules.pkgin.search(pkg_name) Searches for an exact match using pkgin ^package$ CLI Example:
 salt '*' pkg.search 'mysql-server' salt.modules.pkgin.upgrade() Run pkg upgrade, if pkgin used. Otherwise do nothing
734 Chapter 22. Reference Salt Documentation, Release 2014.7.6
Return a dict containing the new package names and versions:
{'':{'old': '', 'new': ''}}
CLI Example:
 salt '*' pkg.upgrade
 salt.modules.pkgin.version(*names, **kwargs) Returns a string representing the package version or an empty string if not installed. If more than one package name is speciﬁed, a dict of name/version pairs is returned. CLI Example:
 salt '*' pkg.version  salt '*' pkg.version    ...
22.16.144 salt.modules.pkgng
Support for pkgng, the new package manager for FreeBSD
Warning: is module has been completely rewrien. Up to and including version 0.17.x, it was available as the pkgng module, (pkgng.install, pkgng.delete, etc.), but moving forward this module will no longer be available as pkgng, as it will behave like a normal Salt pkg provider. e documentation below should not be considered to apply to this module in versions <= 0.17.x. If your minion is running a 0.17.x release or older, then the documentation for this module can be viewed using the sys.doc function:
 salt bsdminion sys.doc pkgng
is module provides an interface to pkg(8). It acts as the default package provider for FreeBSD 10 and newer. For FreeBSD hosts which have been upgraded to use pkgng, you will need to override the pkg provider by seing the providers parameter in your Minion conﬁg ﬁle, in order to use this module to manage packages, like so:
 providers: pkg: pkgng
 salt.modules.pkgng.audit(jail=None, chroot=None) Audits installed packages against known vulnerabilities CLI Example:
 salt '*' pkg.audit
 jail Audit packages within the speciﬁed jail CLI Example:
 salt '*' pkg.audit jail=
root Audit packages within the speciﬁed chroot (ignored if jail is speciﬁed) CLI Example:
 salt '*' pkg.audit chroot=/path/to/chroot
22.16. Full list of builtin execution modules 735 Salt Documentation, Release 2014.7.6 salt.modules.pkgng.autoremove(jail=None, chroot=None, dryrun=False) Delete packages which were automatically installed as dependencies and are not required anymore. dryrun Dry-run mode. e list of changes to packages is always printed, but no changes are actually made. CLI Example:
 salt '*' pkg.autoremove salt '*' pkg.autoremove jail= salt '*' pkg.autoremove dryrun=True salt '*' pkg.autoremove jail= dryrun=True salt.modules.pkgng.backup(ﬁle_name, jail=None, chroot=None) Export installed packages into yaml+mtree ﬁle CLI Example:
 salt '*' pkg.backup /tmp/pkg
 jail Backup packages from the speciﬁed jail. Note that this will run the command within the jail, and so the path to the backup ﬁle will be relative to the root of the jail CLI Example:
 salt '*' pkg.backup /tmp/pkg jail=
root Backup packages from the speciﬁed chroot (ignored if jail is speciﬁed). Note that this will run the command within the chroot, and so the path to the backup ﬁle will be relative to the root of the chroot. CLI Example:
 salt '*' pkg.backup /tmp/pkg chroot=/path/to/chroot salt.modules.pkgng.check(jail=None, chroot=None, depends=False, recompute=False, check- sum=False) Sanity checks installed packages jail Perform the sanity check in the speciﬁed jail CLI Example:
 salt '*' pkg.check jail=
root Perform the sanity check in the speciﬁed chroot (ignored if jail is speciﬁed) CLI Example:
 salt '*' pkg.check chroot=/path/to/chroot
Of the below, at least one must be set to True. depends Check for and install missing dependencies. CLI Example:
 salt '*' pkg.check recompute=True
 recompute Recompute sizes and checksums of installed packages. CLI Example:
736 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' pkg.check depends=True
esum Find invalid checksums for installed packages. CLI Example:
 salt '*' pkg.check checksum=True salt.modules.pkgng.clean(jail=None, chroot=None) Cleans the local cache of fetched remote packages CLI Example:
 salt '*' pkg.clean salt '*' pkg.clean jail= salt '*' pkg.clean chroot=/path/to/chroot salt.modules.pkgng.fetch(name, jail=None, chroot=None, fetch_all=False, quiet=False, from- repo=None, glob=True, regex=False, pcre=False, local=False, de- pends=False) Fetches remote packages CLI Example:
 salt '*' pkg.fetch 
 jail Fetch package in the speciﬁed jail CLI Example:
 salt '*' pkg.fetch  jail=
root Fetch package in the speciﬁed chroot (ignored if jail is speciﬁed) CLI Example:
 salt '*' pkg.fetch  chroot=/path/to/chroot
 fet_all Fetch all packages. CLI Example:
 salt '*' pkg.fetch  fetch_all=True
 quiet iet mode. Show less output. CLI Example:
 salt '*' pkg.fetch  quiet=True
 fromrepo Fetches packages from the given repo if multiple repo support is enabled. See pkg.conf(5). CLI Example:
 salt '*' pkg.fetch  fromrepo=repo
 glob Treat pkg_name as a shell glob paern. CLI Example:
 salt '*' pkg.fetch  glob=True
22.16. Full list of builtin execution modules 737 Salt Documentation, Release 2014.7.6
 regex Treat pkg_name as a regular expression. CLI Example:
 salt '*' pkg.fetch  regex=True
 pcre Treat pkg_name is an extended regular expression. CLI Example:
 salt '*' pkg.fetch  pcre=True
 local Skip updating the repository catalogs with pkg-update(8). Use the local cache only. CLI Example:
 salt '*' pkg.fetch  local=True
 depends Fetch the package and its dependencies as well. CLI Example:
 salt '*' pkg.fetch  depends=True salt.modules.pkgng.install(name=None, fromrepo=None, pkgs=None, sources=None, jail=None, chroot=None, orphan=False, force=False, glob=False, local=False, dryrun=False, quiet=False, reinstall_requires=False, regex=False, pcre=False, **kwargs) Install package(s) from a repository name e name of the package to install CLI Example:
 salt '*' pkg.install 
 jail Install the package into the speciﬁed jail root Install the package into the speciﬁed chroot (ignored if jail is speciﬁed) orphan Mark the installed package as orphan. Will be automatically removed if no other packages depend on them. For more information please refer to pkg-autoremove(8). CLI Example:
 salt '*' pkg.install  orphan=True
 force Force the reinstallation of the package if already installed. CLI Example:
 salt '*' pkg.install  force=True
 glob Treat the package names as shell glob paerns. CLI Example:
 salt '*' pkg.install  glob=True
 local Do not update the repository catalogs with pkg-update(8). A value of True here is equivalent to using the -U ﬂag with pkg install. CLI Example:
738 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' pkg.install  local=True
 dryrun Dru-run mode. e list of changes to packages is always printed, but no changes are actually made. CLI Example:
 salt '*' pkg.install  dryrun=True
 quiet Force quiet output, except when dryrun is used, where pkg install will always show packages to be installed, upgraded or deleted. CLI Example:
 salt '*' pkg.install  quiet=True
 reinstall_requires When used with force, reinstalls any packages that require the given package. CLI Example:
 salt '*' pkg.install  reinstall_requires=True force=True
Changed in version 2014.7.0: require kwarg renamed to reinstall_requires fromrepo In multi-repo mode, override the pkg.conf ordering and only aempt to download packages from the named repository. CLI Example:
 salt '*' pkg.install  fromrepo=repo
 regex Treat the package names as a regular expression CLI Example:
 salt '*' pkg.install  regex=True
 pcre Treat the package names as extended regular expressions. CLI Example:
 salt '*' pkg.install  pcre=True salt.modules.pkgng.latest_version(*names, **kwargs) Return the latest version of the named package available for upgrade or installation. If more than one package name is speciﬁed, a dict of name/version pairs is returned. If the latest version of a given package is already installed, an empty string will be returned for that package. CLI Example:
 salt '*' pkg.latest_version  salt '*' pkg.latest_version  jail= salt '*' pkg.latest_version  chroot=/path/to/chroot salt.modules.pkgng.list_pkgs(versions_as_list=False, jail=None, chroot=None, with_origin=False, **kwargs) List the packages currently installed as a dict:
{'': ''}
 jail List the packages in the speciﬁed jail
22.16. Full list of builtin execution modules 739 Salt Documentation, Release 2014.7.6
root List the packages in the speciﬁed chroot (ignored if jail is speciﬁed) with_origin [False] Return a nested dictionary containing both the origin name and version for each installed package. New in version 2014.1.0.
CLI Example:
 salt '*' pkg.list_pkgs salt '*' pkg.list_pkgs jail= salt '*' pkg.list_pkgs chroot=/path/to/chroot salt.modules.pkgng.parse_config(ﬁle_name='/usr/local/etc/pkg.conf') Return dict of uncommented global variables. CLI Example:
 salt '*' pkg.parse_config
NOTE: not working properly right now salt.modules.pkgng.refresh_db(jail=None, chroot=None, force=False) Refresh PACKAGESITE contents
Note: is function can accessed using pkg.update in addition to pkg.refresh_db, to more closely match the CLI usage of pkg(8).
CLI Example:
 salt '*' pkg.refresh_db
 jail Refresh the pkg database within the speciﬁed jail root Refresh the pkg database within the speciﬁed chroot (ignored if jail is speciﬁed) force Force a full download of the repository catalog without regard to the respective ages of the local and remote copies of the catalog. CLI Example:
 salt '*' pkg.refresh_db force=True salt.modules.pkgng.remove(name=None, pkgs=None, jail=None, chroot=None, all_installed=False, force=False, glob=False, dryrun=False, recurse=False, regex=False, pcre=False, **kwargs) Remove a package from the database and system
Note: is function can accessed using pkg.delete in addition to pkg.remove, to more closely match the CLI usage of pkg(8).
 name e package to remove CLI Example:
 salt '*' pkg.remove 
 jail Delete the package from the speciﬁed jail
740 Chapter 22. Reference Salt Documentation, Release 2014.7.6
root Delete the package from the speciﬁed chroot (ignored if jail is speciﬁed) all_installed Deletes all installed packages from the system and empties the database. USE WITH CAUTION! CLI Example:
 salt '*' pkg.remove all all_installed=True force=True
 force Forces packages to be removed despite leaving unresolved dependencies. CLI Example:
 salt '*' pkg.remove  force=True
 glob Treat the package names as shell glob paerns. CLI Example:
 salt '*' pkg.remove  glob=True
 dryrun Dry run mode. e list of packages to delete is always printed, but no packages are actually deleted. CLI Example:
 salt '*' pkg.remove  dryrun=True
 recurse Delete all packages that require the listed package as well. CLI Example:
 salt '*' pkg.remove  recurse=True
 regex Treat the package names as regular expressions. CLI Example:
 salt '*' pkg.remove  regex=True
 pcre Treat the package names as extended regular expressions. CLI Example:
 salt '*' pkg.remove  pcre=True salt.modules.pkgng.restore(ﬁle_name, jail=None, chroot=None) Reads archive created by pkg backup -d and recreates the database. CLI Example:
 salt '*' pkg.restore /tmp/pkg
 jail Restore database to the speciﬁed jail. Note that this will run the command within the jail, and so the path to the ﬁle from which the pkg database will be restored is relative to the root of the jail. CLI Example:
 salt '*' pkg.restore /tmp/pkg jail=
root Restore database to the speciﬁed chroot (ignored if jail is speciﬁed). Note that this will run the command within the chroot, and so the path to the ﬁle from which the pkg database will be restored is relative to the root of the chroot. CLI Example:
22.16. Full list of builtin execution modules 741 Salt Documentation, Release 2014.7.6
 salt '*' pkg.restore /tmp/pkg chroot=/path/to/chroot salt.modules.pkgng.search(name, jail=None, chroot=None, exact=False, glob=False, regex=False, pcre=False, comment=False, desc=False, full=False, depends=False, size=False, quiet=False, origin=False, preﬁx=False) Searches in remote package repositories CLI Example:
 salt '*' pkg.search pattern
 jail Perform the search using the pkg.conf(5) from the speciﬁed jail CLI Example:
 salt '*' pkg.search pattern jail=
root Perform the search using the pkg.conf(5) from the speciﬁed chroot (ignored if jail is speciﬁed) CLI Example:
 salt '*' pkg.search pattern chroot=/path/to/chroot
 exact Treat paern as exact paern. CLI Example:
 salt '*' pkg.search pattern exact=True
 glob Treat paern as a shell glob paern. CLI Example:
 salt '*' pkg.search pattern glob=True
 regex Treat paern as a regular expression. CLI Example:
 salt '*' pkg.search pattern regex=True
 pcre Treat paern as an extended regular expression. CLI Example:
 salt '*' pkg.search pattern pcre=True
 comment Search for paern in the package comment one-line description. CLI Example:
 salt '*' pkg.search pattern comment=True
 desc Search for paern in the package description. CLI Example:
 salt '*' pkg.search pattern desc=True
 full Displays full information about the matching packages. CLI Example:
742 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' pkg.search pattern full=True
 depends Displays the dependencies of paern. CLI Example:
 salt '*' pkg.search pattern depends=True
 size Displays the size of the package CLI Example:
 salt '*' pkg.search pattern size=True
 quiet Be quiet. Prints only the requested information without displaying many hints. CLI Example:
 salt '*' pkg.search pattern quiet=True
 origin Displays paern origin. CLI Example:
 salt '*' pkg.search pattern origin=True
 preﬁx Displays the installation preﬁx for each package matching paern. CLI Example:
 salt '*' pkg.search pattern prefix=True salt.modules.pkgng.stats(local=False, remote=False, jail=None, chroot=None) Return pkgng stats. CLI Example:
 salt '*' pkg.stats
 local Display stats only for the local package database. CLI Example:
 salt '*' pkg.stats local=True
 remote Display stats only for the remote package database(s). CLI Example:
 salt '*' pkg.stats remote=True
 jail Retrieve stats from the speciﬁed jail. CLI Example:
 salt '*' pkg.stats jail= salt '*' pkg.stats jail= local=True salt '*' pkg.stats jail= remote=True
root Retrieve stats from the speciﬁed chroot (ignored if jail is speciﬁed). CLI Example:
22.16. Full list of builtin execution modules 743 Salt Documentation, Release 2014.7.6
 salt '*' pkg.stats chroot=/path/to/chroot salt '*' pkg.stats chroot=/path/to/chroot local=True salt '*' pkg.stats chroot=/path/to/chroot remote=True salt.modules.pkgng.update_package_site(new_url) Updates remote package repo URL, PACKAGESITE var to be exact. Must use http://, ftp://, or https:// protocol CLI Example:
 salt '*' pkg.update_package_site http://127.0.0.1/ salt.modules.pkgng.updating(name, jail=None, chroot=None, ﬁledate=None, ﬁlename=None) ` Displays UPDATING entries of soware packages CLI Example:
 salt '*' pkg.updating foo
 jail Perform the action in the speciﬁed jail CLI Example:
 salt '*' pkg.updating foo jail=
root Perform the action in the speciﬁed chroot (ignored if jail is speciﬁed) CLI Example:
 salt '*' pkg.updating foo chroot=/path/to/chroot
ﬁledate Only entries newer than date are shown. Use a YYYYMMDD date format. CLI Example:
 salt '*' pkg.updating foo filedate=20130101
ﬁlename Deﬁnes an alternative location of the UPDATING ﬁle. CLI Example:
 salt '*' pkg.updating foo filename=/tmp/UPDATING salt.modules.pkgng.upgrade(jail=None, chroot=None, force=False, local=False, dryrun=False) Upgrade all packages (run a pkg upgrade) CLI Example:
 salt '*' pkg.upgrade
 jail Audit packages within the speciﬁed jail CLI Example:
 salt '*' pkg.upgrade jail=
root Audit packages within the speciﬁed chroot (ignored if jail is speciﬁed) CLI Example:
744 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' pkg.upgrade chroot=/path/to/chroot
Any of the below options can also be used with jail or chroot. force Force reinstalling/upgrading the whole set of packages. CLI Example:
 salt '*' pkg.upgrade force=True
 local Do not update the repository catalogs with pkg-update(8). A value of True here is equivalent to using the -U ﬂag with pkg upgrade. CLI Example:
 salt '*' pkg.upgrade local=True
 dryrun Dry-run mode: show what packages have updates available, but do not perform any upgrades. Repos- itory catalogs will be updated as usual unless the local option is also given. CLI Example:
 salt '*' pkg.upgrade dryrun=True salt.modules.pkgng.version(*names, **kwargs) Returns a string representing the package version or an empty string if not installed. If more than one package name is speciﬁed, a dict of name/version pairs is returned.
Note: is function can accessed using pkg.info in addition to pkg.version, to more closely match the CLI usage of pkg(8).
 jail Get package version information for the speciﬁed jail root Get package version information for the speciﬁed chroot (ignored if jail is speciﬁed) with_origin [False] Return a nested dictionary containing both the origin name and version for each speciﬁed package. New in version 2014.1.0.
CLI Example:
 salt '*' pkg.version  salt '*' pkg.version  jail= salt '*' pkg.version    ... salt.modules.pkgng.which(path, jail=None, chroot=None, origin=False, quiet=False) Displays which package installed a speciﬁc ﬁle CLI Example:
 salt '*' pkg.which 
 jail Perform the check in the speciﬁed jail CLI Example:
 salt '*' pkg.which  jail=
22.16. Full list of builtin execution modules 745 Salt Documentation, Release 2014.7.6
root Perform the check in the speciﬁed chroot (ignored if jail is speciﬁed) CLI Example:
 salt '*' pkg.which  chroot=/path/to/chroot
 origin Shows the origin of the package instead of name-version. CLI Example:
 salt '*' pkg.which  origin=True
 quiet iet output. CLI Example:
 salt '*' pkg.which  quiet=True
22.16.145 salt.modules.pkgutil
Pkgutil support for Solaris salt.modules.pkgutil.install(name=None, refresh=False, version=None, pkgs=None, **kwargs) Install packages using the pkgutil tool. CLI Example:
 salt '*' pkg.install  salt '*' pkg.install SMClgcc346
Multiple Package Installation Options: pkgs A list of packages to install from OpenCSW. Must be passed as a python list. CLI Example:
 salt '*' pkg.install pkgs='["foo", "bar"]' salt '*' pkg.install pkgs='["foo", {"bar": "1.2.3"}]'
Returns a dict containing the new package names and versions:
{'':{'old': '', 'new': ''}} salt.modules.pkgutil.latest_version(*names, **kwargs) Return the latest version of the named package available for upgrade or installation. If more than one package name is speciﬁed, a dict of name/version pairs is returned. If the latest version of a given package is already installed, an empty string will be returned for that package. CLI Example:
 salt '*' pkgutil.latest_version CSWpython salt '*' pkgutil.latest_version    ... salt.modules.pkgutil.list_pkgs(versions_as_list=False, **kwargs) List the packages currently installed as a dict:
{'': ''}
CLI Example:
746 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' pkg.list_pkgs salt '*' pkg.list_pkgs versions_as_list=True salt.modules.pkgutil.list_upgrades(refresh=True) List all available package upgrades on this system CLI Example:
 salt '*' pkgutil.list_upgrades salt.modules.pkgutil.purge(name=None, pkgs=None, **kwargs) Package purges are not supported, this function is identical to remove(). name e name of the package to be deleted. Multiple Package Options: pkgs A list of packages to delete. Must be passed as a python list. e name parameter will be ignored if this option is passed. New in version 0.16.0. Returns a dict containing the changes. CLI Example:
 salt '*' pkg.purge  salt '*' pkg.purge ,, salt '*' pkg.purge pkgs='["foo", "bar"]' salt.modules.pkgutil.refresh_db() Updates the pkgutil repo database (pkgutil -U) CLI Example:
 salt '*' pkgutil.refresh_db salt.modules.pkgutil.remove(name=None, pkgs=None, **kwargs) Remove a package and all its dependencies which are not in use by other packages. name e name of the package to be deleted. Multiple Package Options: pkgs A list of packages to delete. Must be passed as a python list. e name parameter will be ignored if this option is passed. New in version 0.16.0. Returns a dict containing the changes. CLI Example:
 salt '*' pkg.remove  salt '*' pkg.remove ,, salt '*' pkg.remove pkgs='["foo", "bar"]' salt.modules.pkgutil.upgrade(refresh=True) Upgrade all of the packages to the latest available version. Returns a dict containing the changes:
{'':{'old': '', 'new': ''}}
22.16. Full list of builtin execution modules 747 Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' pkgutil.upgrade salt.modules.pkgutil.upgrade_available(name) Check if there is an upgrade available for a certain package CLI Example:
 salt '*' pkgutil.upgrade_available CSWpython salt.modules.pkgutil.version(*names, **kwargs) Returns a version if the package is installed, else returns an empty string CLI Example:
 salt '*' pkgutil.version CSWpython
22.16.146 salt.modules.portage_config
Conﬁgure portage(5) salt.modules.portage_config.append_to_package_conf(conf, atom='`, ﬂags=None, string='`, overwrite=False) Append a string or a list of ﬂags for a given package or DEPEND atom to a given conﬁguration ﬁle. CLI Example:
 salt '*' portage_config.append_to_package_conf use string="app-admin/salt ldap -libvirt" salt '*' portage_config.append_to_package_conf use atom="> = app-admin/salt-0.14.1" flags="['ldap', '-libvirt']" salt.modules.portage_config.append_use_flags(atom, uses=None, overwrite=False) Append a list of use ﬂags for a given package or DEPEND atom CLI Example:
 salt '*' portage_config.append_use_flags "app-admin/salt[ldap, -libvirt]" salt '*' portage_config.append_use_flags ">=app-admin/salt-0.14.1" "['ldap', '-libvirt']" salt.modules.portage_config.enforce_nice_config() Enforce a nice tree structure for /etc/portage/package.* conﬁguration ﬁles. See also:
 salt.modules.ebuild.ex_mod_init() for information on automatically running this when pkg is used.
CLI Example:
 salt '*' portage_config.enforce_nice_config salt.modules.portage_config.get_flags_from_package_conf(conf, atom) Get ﬂags for a given package or DEPEND atom. Warning: is only works if the conﬁguration ﬁles tree is in the correct format (the one enforced by enforce_nice_conﬁg) CLI Example:
 salt '*' portage_config.get_flags_from_package_conf license salt
748 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.portage_config.get_missing_flags(conf, atom, ﬂags) Find out which of the given ﬂags are currently not set. CLI Example:
 salt '*' portage_config.get_missing_flags use salt "['ldap', '-libvirt', 'openssl']" salt.modules.portage_config.has_flag(conf, atom, ﬂag) Verify if the given package or DEPEND atom has the given ﬂag. Warning: is only works if the conﬁguration ﬁles tree is in the correct format (the one enforced by enforce_nice_conﬁg) CLI Example:
 salt '*' portage_config.has_flag license salt Apache-2.0 salt.modules.portage_config.has_use(atom, use) Verify if the given package or DEPEND atom has the given use ﬂag. Warning: is only works if the conﬁgu- ration ﬁles tree is in the correct format (the one enforced by enforce_nice_conﬁg) CLI Example:
 salt '*' portage_config.has_use salt libvirt salt.modules.portage_config.is_present(conf, atom) Tell if a given package or DEPEND atom is present in the conﬁguration ﬁles tree. Warning: is only works if the conﬁguration ﬁles tree is in the correct format (the one enforced by enforce_nice_conﬁg) CLI Example:
 salt '*' portage_config.is_present unmask salt
22.16.147 salt.modules.postfix
Support for Postﬁx is module is currently lile more than a conﬁg ﬁle viewer and editor. It is able to read the master.cf ﬁle (which is one style) and ﬁles in the style of main.cf (which is a diﬀerent style, that is used in multiple postﬁx conﬁguration ﬁles). e design of this module is such that when ﬁles are edited, a minimum of changes are made to them. Each ﬁle should look as if it has been edited by hand; order, comments and whitespace are all preserved. salt.modules.postfix.set_main(key, value, path='/etc/postﬁx/main.cf') Set a single conﬁg value in the main.cf ﬁle. If the value does not already exist, it will be appended to the end. CLI Example: salt  postﬁx.set_main mailq_path /usr/bin/mailq salt.modules.postfix.set_master(service, conn_type, private='y', unpriv='y', chroot='y', wakeup='n', maxproc=`100', command='`, write_conf=True, path='/etc/postﬁx/master.cf') Set a single conﬁg value in the master.cf ﬁle. If the value does not already exist, it will be appended to the end. Because of shell parsing issues, `-` cannot be set as a value, as is normal in the master.cf ﬁle; either `y', `n' or a number should be used when calling this function from the command line. If the value used matches the default, it will internally be converted to a `-`. Calling this function from the Python API is not aﬀected by this limitation e seings and their default values, in order, are: service (required), conn_type (required), private (y), unpriv (y), chroot (y), wakeup (n), maxproc (100), command (required).
22.16. Full list of builtin execution modules 749 Salt Documentation, Release 2014.7.6
By default, this function will write out the changes to the master.cf ﬁle, and then returns the full contents of the ﬁle. By seing the write_conf option to False, it will skip writing the ﬁle. CLI Example: salt  postﬁx.set_master smtp inet n y n n 100 smtpd salt.modules.postfix.show_main(path='/etc/postﬁx/main.cf') Return a dict of active conﬁg values. is does not include comments, spacing or order. Bear in mind that order is functionally important in the main.cf ﬁle, since keys can be referred to as variables. is means that the data returned from this function should not be used for direct modiﬁcation of the main.cf ﬁle; other functions are available for that. CLI Examples: salt  postﬁx.show_main salt  postﬁx.show_main path=/path/to/main.cf salt.modules.postfix.show_master(path='/etc/postﬁx/master.cf') Return a dict of active conﬁg values. is does not include comments, spacing or order. e data returned from this function should not be used for direct modiﬁcation of the main.cf ﬁle; other functions are available for that. CLI Examples: salt  postﬁx.show_master salt  postﬁx.show_master path=/path/to/master.cf
22.16.148 salt.modules.postgres
Module to provide Postgres compatibility to salt. conﬁguration In order to connect to Postgres, certain conﬁguration is required in /etc/salt/minion on the relevant minions. Some sample conﬁgs might look like:
 postgres.host: 'localhost' postgres.port: '5432' postgres.user: 'postgres' -> db user postgres.pass: '' postgres.maintenance_db: 'postgres'
e default for the maintenance_db is `postgres' and in most cases it can be le at the default seing. is data can also be passed into pillar. Options passed into opts will overwrite options passed into pillar note is module uses MD5 hashing which may not be compliant with certain security audits. salt.modules.postgres.available_extensions(user=None, host=None, port=None, maintenance_db=None, password=None, runas=None) List available postgresql extensions CLI Example:
 salt '*' postgres.available_extensions salt.modules.postgres.create_extension(name, if_not_exists=None, schema=None, ext_version=None, from_version=None, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None) Install a postgresql extension CLI Example:
750 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' postgres.create_extension 'adminpack' salt.modules.postgres.create_metadata(name, ext_version=None, schema=None, user=None, host=None, port=None, maintenance_db=None, pass- word=None, runas=None) Get lifecycle informations about an extension CLI Example:
 salt '*' postgres.create_metadata adminpack salt.modules.postgres.db_alter(name, user=None, host=None, port=None, maintenance_db=None, password=None, tablespace=None, owner=None, runas=None) Change tablespace or/and owner of database. CLI Example:
 salt '*' postgres.db_alter dbname owner=otheruser salt.modules.postgres.db_create(name, user=None, host=None, port=None, mainte- nance_db=None, password=None, tablespace=None, encod- ing=None, lc_collate=None, lc_ctype=None, owner=None, template=None, runas=None) Adds a databases to the Postgres server. CLI Example:
 salt '*' postgres.db_create 'dbname'
 salt '*' postgres.db_create 'dbname' template=template_postgis salt.modules.postgres.db_exists(name, user=None, host=None, port=None, mainte- nance_db=None, password=None, runas=None) Checks if a database exists on the Postgres server. CLI Example:
 salt '*' postgres.db_exists 'dbname' salt.modules.postgres.db_list(user=None, host=None, port=None, maintenance_db=None, pass- word=None, runas=None) Return dictionary with information about databases of a Postgres server. CLI Example:
 salt '*' postgres.db_list salt.modules.postgres.db_remove(name, user=None, host=None, port=None, mainte- nance_db=None, password=None, runas=None) Removes a databases from the Postgres server. CLI Example:
 salt '*' postgres.db_remove 'dbname' salt.modules.postgres.drop_extension(name, if_exists=None, restrict=None, cascade=None, user=None, host=None, port=None, mainte- nance_db=None, password=None, runas=None) Drop an installed postgresql extension CLI Example:
22.16. Full list of builtin execution modules 751 Salt Documentation, Release 2014.7.6
 salt '*' postgres.drop_extension 'adminpack' salt.modules.postgres.get_available_extension(name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None) Get info about an available postgresql extension CLI Example:
 salt '*' postgres.get_available_extension plpgsql salt.modules.postgres.get_installed_extension(name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None) Get info about an installed postgresql extension CLI Example:
 salt '*' postgres.get_installed_extension plpgsql salt.modules.postgres.group_create(groupname, user=None, host=None, port=None, main- tenance_db=None, password=None, createdb=None, createuser=None, createroles=None, encrypted=None, login=None, inherit=None, superuser=None, repli- cation=None, rolepassword=None, groups=None, runas=None) Creates a Postgres group. A group is postgres is similar to a user, but cannot login. CLI Example:
 salt '*' postgres.group_create 'groupname' user='user' \ host='hostname' port='port' password='password' \ rolepassword='rolepassword' salt.modules.postgres.group_remove(groupname, user=None, host=None, port=None, mainte- nance_db=None, password=None, runas=None) Removes a group from the Postgres server. CLI Example:
 salt '*' postgres.group_remove 'groupname' salt.modules.postgres.group_update(groupname, user=None, host=None, port=None, main- tenance_db=None, password=None, createdb=None, createroles=None, createuser=None, encrypted=None, in- herit=None, login=None, superuser=None, replication=None, rolepassword=None, groups=None, runas=None) Updated a postgres group CLI Examples:
 salt '*' postgres.group_update 'username' user='user' \ host='hostname' port='port' password='password' \ rolepassword='rolepassword' salt.modules.postgres.installed_extensions(user=None, host=None, port=None, maintenance_db=None, password=None, runas=None) List installed postgresql extensions CLI Example:
752 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' postgres.installed_extensions salt.modules.postgres.is_available_extension(name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None) Test if a speciﬁc extension is installed CLI Example: salt '*' postgres.is_installed_extension salt.modules.postgres.is_installed_extension(name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None) Test if a speciﬁc extension is installed CLI Example: salt '*' postgres.is_installed_extension salt.modules.postgres.owner_to(dbname, ownername, user=None, host=None, port=None, pass- word=None, runas=None) Set the owner of all schemas, functions, tables, views and sequences to the given username. CLI Example: salt '*' postgres.owner_to 'dbname' 'username' salt.modules.postgres.psql_query(query, user=None, host=None, port=None, mainte- nance_db=None, password=None, runas=None) Run an SQL-ery and return the results as a list. is command only supports SELECT statements. is limitation can be worked around with a query like this: WITH updated AS (UPDATE pg_authid SET rolconnlimit = 2000 WHERE rolname = `rolename' RETURNING rolconnlimit) SELECT * FROM updated; CLI Example:
 salt '*' postgres.psql_query 'select * from pg_stat_activity' salt.modules.postgres.role_get(name, user=None, host=None, port=None, maintenance_db=None, password=None, runas=None, return_password=False) Return a dict with information about users of a Postgres server. Set return_password to True to get password hash in the result. CLI Example: salt '*' postgres.role_get postgres salt.modules.postgres.user_create(username, user=None, host=None, port=None, mainte- nance_db=None, password=None, createdb=None, crea- teuser=None, createroles=None, inherit=None, login=None, encrypted=None, superuser=None, replication=None, rolepassword=None, groups=None, runas=None) Creates a Postgres user. CLI Examples: salt '*' postgres.user_create 'username' user='user' \ host='hostname' port='port' password='password' \ rolepassword='rolepassword'
22.16. Full list of builtin execution modules 753 Salt Documentation, Release 2014.7.6 salt.modules.postgres.user_exists(name, user=None, host=None, port=None, mainte- nance_db=None, password=None, runas=None) Checks if a user exists on the Postgres server. CLI Example:
 salt '*' postgres.user_exists 'username' salt.modules.postgres.user_list(user=None, host=None, port=None, maintenance_db=None, pass- word=None, runas=None, return_password=False) Return a dict with information about users of a Postgres server. Set return_password to True to get password hash in the result. CLI Example:
 salt '*' postgres.user_list salt.modules.postgres.user_remove(username, user=None, host=None, port=None, mainte- nance_db=None, password=None, runas=None) Removes a user from the Postgres server. CLI Example:
 salt '*' postgres.user_remove 'username' salt.modules.postgres.user_update(username, user=None, host=None, port=None, mainte- nance_db=None, password=None, createdb=None, crea- teuser=None, createroles=None, encrypted=None, supe- ruser=None, inherit=None, login=None, replication=None, rolepassword=None, groups=None, runas=None) Updates a Postgres user. CLI Examples:
 salt '*' postgres.user_update 'username' user='user' \ host='hostname' port='port' password='password' \ rolepassword='rolepassword' salt.modules.postgres.version(user=None, host=None, port=None, maintenance_db=None, pass- word=None, runas=None) Return the version of a Postgres server. CLI Example:
 salt '*' postgres.version
22.16.149 salt.modules.poudriere
Support for poudriere salt.modules.poudriere.bulk_build(jail, pkg_ﬁle, keep=False) Run bulk build on poudriere server. Return number of pkg builds, failures, and errors, on error dump to CLI CLI Example:
 salt -N buildbox_group poudriere.bulk_build 90amd64 /root/pkg_list
754 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.poudriere.create_jail(name, arch, version=`9.0-RELEASE') Creates a new poudriere jail if one does not exist NOTE creating a new jail will take some time the master is not hanging CLI Example:
 salt '*' poudriere.create_jail 90amd64 amd64 salt.modules.poudriere.create_ports_tree() Not working need to run portfetch non interactive salt.modules.poudriere.delete_jail(name) Deletes poudriere jail with name CLI Example:
 salt '*' poudriere.delete_jail 90amd64 salt.modules.poudriere.is_jail(name) Return True if jail exists False if not CLI Example:
 salt '*' poudriere.is_jail  salt.modules.poudriere.list_jails() Return a list of current jails managed by poudriere CLI Example:
 salt '*' poudriere.list_jails salt.modules.poudriere.list_ports() Return a list of current port trees managed by poudriere CLI Example:
 salt '*' poudriere.list_ports salt.modules.poudriere.make_pkgng_aware(jname) Make jail jname pkgng aware CLI Example:
 salt '*' poudriere.make_pkgng_aware  salt.modules.poudriere.parse_config(conﬁg_ﬁle=None) Returns a dict of poudriere main conﬁguration deﬁnitions CLI Example:
 salt '*' poudriere.parse_config salt.modules.poudriere.update_jail(name) Run freebsd-update on name poudriere jail CLI Example:
 salt '*' poudriere.update_jail freebsd:10:x86:64
22.16. Full list of builtin execution modules 755 Salt Documentation, Release 2014.7.6 salt.modules.poudriere.update_ports_tree(ports_tree) Updates the ports tree, either the default or the ports_tree speciﬁed CLI Example:
 salt '*' poudriere.update_ports_tree staging salt.modules.poudriere.version() Return poudriere version CLI Example:
 salt '*' poudriere.version
22.16.150 salt.modules.powerpath powerpath support. Assumes RedHat salt.modules.powerpath.add_license(key) Add a license salt.modules.powerpath.has_powerpath() salt.modules.powerpath.list_licenses() returns a list of applied powerpath license keys salt.modules.powerpath.remove_license(key) Remove a license
22.16.151 salt.modules.ps
A salt interface to psutil, a system and process library. See hp://code.google.com/p/psutil. depends • psutil Python module, version 0.3.0 or later • python-utmp package (optional) salt.modules.ps.boot_time(time_format=None) Return the boot time in number of seconds since the epoch began. CLI Example: time_format Optionally specify a strime format string. Use time_format='%c' to get a nicely-formaed locale speciﬁc date and time (i.e. Fri May 2 19:08:32 2014). New in version 2014.1.4.
 salt '*' ps.boot_time salt.modules.ps.cpu_percent(interval=0.1, per_cpu=False) Return the percent of time the CPU is busy. interval the number of seconds to sample CPU usage over per_cpu if True return an array of CPU percent busy for each CPU, otherwise aggregate all percents into one number
756 Chapter 22. Reference Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' ps.cpu_percent salt.modules.ps.cpu_times(per_cpu=False) Return the percent of time the CPU spends in each state, e.g. user, system, idle, nice, iowait, irq, soirq. per_cpu if True return an array of percents for each CPU, otherwise aggregate all percents into one number CLI Example:
 salt '*' ps.cpu_times salt.modules.ps.disk_io_counters(device=None) Return disk I/O statistics. CLI Example:
 salt '*' ps.disk_io_counters
 salt '*' ps.disk_io_counters device=sda1 salt.modules.ps.disk_partition_usage(all=False) Return a list of disk partitions plus the mount point, ﬁlesystem and usage statistics. CLI Example:
 salt '*' ps.disk_partition_usage salt.modules.ps.disk_partitions(all=False) Return a list of disk partitions and their device, mount point, and ﬁlesystem type. all if set to False, only return local, physical partitions (hard disk, USB, CD/DVD partitions). If True, return all ﬁlesystems. CLI Example:
 salt '*' ps.disk_partitions salt.modules.ps.disk_usage(path) Given a path, return a dict listing the total available space as well as the free space, and used space. CLI Example:
 salt '*' ps.disk_usage /home salt.modules.ps.get_pid_list() Return a list of process ids (PIDs) for all running processes. CLI Example:
 salt '*' ps.get_pid_list salt.modules.ps.get_users() Return logged-in users. CLI Example:
 salt '*' ps.get_users salt.modules.ps.kill_pid(pid, signal=15) Kill a process by PID.
22.16. Full list of builtin execution modules 757 Salt Documentation, Release 2014.7.6
 salt 'minion' ps.kill_pid pid [signal=signal_number]
 pid PID of process to kill. signal Signal to send to the process. See manpage entry for kill for possible values. Default: 15 (SIGTERM).
Example: Send SIGKILL to process with PID 2000:
 salt 'minion' ps.kill_pid 2000 signal=9 salt.modules.ps.network_io_counters(interface=None) Return network I/O statistics. CLI Example:
 salt '*' ps.network_io_counters
 salt '*' ps.network_io_counters interface=eth0 salt.modules.ps.num_cpus() Return the number of CPUs. CLI Example:
 salt '*' ps.num_cpus salt.modules.ps.pgrep(paern, user=None, full=False) Return the pids for processes matching a paern. If full is true, the full command line is searched for a match, otherwise only the name of the command is searched.
 salt '*' ps.pgrep pattern [user=username] [full=(true|false)]
 pattern Paern to search for in the process list. user Limit matches to the given username. Default: All users. full A boolean value indicating whether only the name of the command or the full command line should be matched against the paern.
Examples: Find all hpd processes on all `www' minions:
 salt 'www.*' ps.pgrep httpd
Find all bash processes owned by user `tom':
 salt '*' ps.pgrep bash user=tom salt.modules.ps.pkill(paern, user=None, signal=15, full=False) Kill processes matching a paern.
 salt '*' ps.pkill pattern [user=username] [signal=signal_number] \ [full=(true|false)]
 pattern Paern to search for in the process list.
758 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 user Limit matches to the given username. Default: All users. signal Signal to send to the process(es). See manpage entry for kill for possible values. Default: 15 (SIGTERM). full A boolean value indicating whether only the name of the command or the full command line should be matched against the paern.
Examples: Send SIGHUP to all hpd processes on all `www' minions:
 salt 'www.*' ps.pkill httpd signal=1
Send SIGKILL to all bash processes owned by user `tom':
 salt '*' ps.pkill bash signal=9 user=tom salt.modules.ps.swap_memory() New in version 2014.7.0. Return a dict that describes swap memory statistics.
Note: is function is only available in psutil version 0.6.0 and above.
CLI Example:
 salt '*' ps.swap_memory salt.modules.ps.top(num_processes=5, interval=3) Return a list of top CPU consuming processes during the interval. num_processes = return the top N CPU consuming processes interval = the number of seconds to sample CPU usage over CLI Examples:
 salt '*' ps.top
 salt '*' ps.top 5 10 salt.modules.ps.total_physical_memory() Return the total number of bytes of physical memory. CLI Example:
 salt '*' ps.total_physical_memory salt.modules.ps.virtual_memory() New in version 2014.7.0. Return a dict that describes statistics about system memory usage.
Note: is function is only available in psutil version 0.6.0 and above.
CLI Example:
 salt '*' ps.virtual_memory
22.16.152 salt.modules.publish
Publish a command from a minion to a target
22.16. Full list of builtin execution modules 759 Salt Documentation, Release 2014.7.6 salt.modules.publish.full_data(tgt, fun, arg=None, expr_form='glob', returner='`, timeout=5) Return the full data about the publication, this is invoked in the same way as the publish function CLI Example:
 salt system.example.com publish.full_data '*' cmd.run 'ls -la /tmp'
Attention If you need to pass a value to a function argument and that value contains an equal sign, you must include the argument name. For example:
 salt '*' publish.full_data test.kwarg arg='cheese=spam' salt.modules.publish.publish(tgt, fun, arg=None, expr_form='glob', returner='`, timeout=5) Publish a command from the minion out to other minions. Publications need to be enabled on the Salt master and the minion needs to have permission to publish the command. e Salt master will also prevent a recursive publication loop, this means that a minion cannot command another minion to command another minion as that would create an inﬁnite command loop. e expr_form argument is used to pass a target other than a glob into the execution, the available options are: •glob •pcre •grain •grain_pcre •pillar •ipcidr •range •compound Note that for pillar matches must be exact, both in the pillar matcher and the compound matcher. No globbing is supported. e arguments sent to the minion publish function are separated with commas. is means that for a minion executing a command with multiple args it will look like this:
 salt system.example.com publish.publish '*' user.add 'foo,1020,1020' salt system.example.com publish.publish 'os:Fedora' network.interfaces '' grain
CLI Example:
 salt system.example.com publish.publish '*' cmd.run 'ls -la /tmp'
Attention If you need to pass a value to a function argument and that value contains an equal sign, you must include the argument name. For example:
 salt '*' publish.publish test.kwarg arg='cheese=spam'
760 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.publish.runner(fun, arg=None, timeout=5) Execute a runner on the master and return the data from the runner function CLI Example:
 salt publish.runner manage.down
22.16.153 salt.modules.puppet
Execute puppet routines salt.modules.puppet.disable() New in version 2014.7.0. Disable the puppet agent CLI Example:
 salt '*' puppet.disable salt.modules.puppet.enable() New in version 2014.7.0. Enable the puppet agent CLI Example:
 salt '*' puppet.disable salt.modules.puppet.fact(name, puppet=False) Run facter for a speciﬁc fact CLI Example:
 salt '*' puppet.fact kernel salt.modules.puppet.facts(puppet=False) Run facter and return the results CLI Example:
 salt '*' puppet.facts salt.modules.puppet.noop(*args, **kwargs) Execute a puppet noop run and return a dict with the stderr, stdout, return code, etc. Usage is the same as for puppet.run. CLI Example:
 salt '*' puppet.noop salt '*' puppet.noop tags=basefiles::edit,apache::server salt '*' puppet.noop debug salt '*' puppet.noop apply /a/b/manifest.pp modulepath=/a/b/modules tags=basefiles::edit,apache::server salt.modules.puppet.run(*args, **kwargs) Execute a puppet run and return a dict with the stderr, stdout, return code, etc. e ﬁrst positional argument given is checked as a subcommand. Following positional arguments should be ordered with arguments re- quired by the subcommand ﬁrst, followed by non-keyword arguments. Tags are speciﬁed by a tag keyword and comma separated list of values. -- hp://docs.puppetlabs.com/puppet/latest/reference/lang_tags.html CLI Examples:
22.16. Full list of builtin execution modules 761 Salt Documentation, Release 2014.7.6
 salt '*' puppet.run salt '*' puppet.run tags=basefiles::edit,apache::server salt '*' puppet.run agent onetime no-daemonize no-usecacheonfailure no-splay ignorecache salt '*' puppet.run debug salt '*' puppet.run apply /a/b/manifest.pp modulepath=/a/b/modules tags=basefiles::edit,apache::server salt.modules.puppet.status() New in version 2014.7.0. Display puppet agent status CLI Example:
 salt '*' puppet.status salt.modules.puppet.summary() New in version 2014.7.0. Show a summary of the last puppet agent run CLI Example:
 salt '*' puppet.summary
22.16.154 salt.modules.pw_group
Manage groups on FreeBSD salt.modules.pw_group.add(name, gid=None, **kwargs) Add the speciﬁed group CLI Example:
 salt '*' group.add foo 3456 salt.modules.pw_group.chgid(name, gid) Change the gid for a named group CLI Example:
 salt '*' group.chgid foo 4376 salt.modules.pw_group.delete(name) Remove the named group CLI Example:
 salt '*' group.delete foo salt.modules.pw_group.getent(refresh=False) Return info on all groups CLI Example:
 salt '*' group.getent salt.modules.pw_group.info(name) Return information about a group CLI Example:
762 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' group.info foo
22.16.155 salt.modules.pw_user
Manage users with the useradd command salt.modules.pw_user.add(name, uid=None, gid=None, groups=None, home=None, shell=None, unique=True, fullname='`, roomnumber='`, workphone='`, homephone='`, createhome=True, **kwargs) Add a user to the minion CLI Example:
 salt '*' user.add name      salt.modules.pw_user.chfullname(name, fullname) Change the user's Full Name CLI Example:
 salt '*' user.chfullname foo "Foo Bar" salt.modules.pw_user.chgid(name, gid) Change the default group of the user CLI Example:
 salt '*' user.chgid foo 4376 salt.modules.pw_user.chgroups(name, groups, append=False) Change the groups this user belongs to, add append to append the speciﬁed groups CLI Example:
 salt '*' user.chgroups foo wheel,root True salt.modules.pw_user.chhome(name, home, persist=False) Change the home directory of the user, pass true for persist to copy ﬁles to the new home dir CLI Example:
 salt '*' user.chhome foo /home/users/foo True salt.modules.pw_user.chhomephone(name, homephone) Change the user's Home Phone CLI Example:
 salt '*' user.chhomephone foo "7735551234" salt.modules.pw_user.chroomnumber(name, roomnumber) Change the user's Room Number CLI Example:
 salt '*' user.chroomnumber foo 123 salt.modules.pw_user.chshell(name, shell) Change the default shell of the user CLI Example:
22.16. Full list of builtin execution modules 763 Salt Documentation, Release 2014.7.6
 salt '*' user.chshell foo /bin/zsh salt.modules.pw_user.chuid(name, uid) Change the uid for a named user CLI Example:
 salt '*' user.chuid foo 4376 salt.modules.pw_user.chworkphone(name, workphone) Change the user's Work Phone CLI Example:
 salt '*' user.chworkphone foo "7735550123" salt.modules.pw_user.delete(name, remove=False, force=False) Remove a user from the minion CLI Example:
 salt '*' user.delete name remove=True force=True salt.modules.pw_user.getent(refresh=False) Return the list of all info for all users CLI Example:
 salt '*' user.getent salt.modules.pw_user.info(name) Return user information CLI Example:
 salt '*' user.info root salt.modules.pw_user.list_groups(name) Return a list of groups the named user belongs to CLI Example:
 salt '*' user.list_groups foo salt.modules.pw_user.list_users() Return a list of all users CLI Example:
 salt '*' user.list_users
22.16.156 salt.modules.pyenv
Manage python installations with pyenv. New in version v2014.04. salt.modules.pyenv.default(python=None, runas=None) Returns or sets the currently deﬁned default python.
764 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 python=None e version to set as the default. Should match one of the versions listed by pyenv.versions. Leave blank to return the current default. CLI Example:
 salt '*' pyenv.default salt '*' pyenv.default 2.0.0-p0 salt.modules.pyenv.do(cmdline=None, runas=None) Execute a python command with pyenv's shims from the user or the system. CLI Example:
 salt '*' pyenv.do 'gem list bundler' salt '*' pyenv.do 'gem list bundler' deploy salt.modules.pyenv.do_with_python(python, cmdline, runas=None) Execute a python command with pyenv's shims using a speciﬁc python version. CLI Example:
 salt '*' pyenv.do_with_python 2.0.0-p0 'gem list bundler' salt '*' pyenv.do_with_python 2.0.0-p0 'gem list bundler' deploy salt.modules.pyenv.install(runas=None, path=None) Install pyenv systemwide CLI Example:
 salt '*' pyenv.install salt.modules.pyenv.install_python(python, runas=None) Install a python implementation. python e version of python to install, should match one of the versions listed by pyenv.list CLI Example:
 salt '*' pyenv.install_python 2.0.0-p0 salt.modules.pyenv.is_installed(runas=None) Check if pyenv is installed. CLI Example:
 salt '*' pyenv.is_installed salt.modules.pyenv.list_(runas=None) List the installable versions of python. CLI Example:
 salt '*' pyenv.list salt.modules.pyenv.rehash(runas=None) Run pyenv rehash to update the installed shims. CLI Example:
 salt '*' pyenv.rehash salt.modules.pyenv.uninstall_python(python, runas=None) Uninstall a python implementation.
22.16. Full list of builtin execution modules 765 Salt Documentation, Release 2014.7.6
 python e version of python to uninstall. Should match one of the versions listed by pyenv.versions CLI Example:
 salt '*' pyenv.uninstall_python 2.0.0-p0 salt.modules.pyenv.update(runas=None, path=None) Updates the current versions of pyenv and python-Build CLI Example:
 salt '*' pyenv.update salt.modules.pyenv.versions(runas=None) List the installed versions of python. CLI Example:
 salt '*' pyenv.versions
22.16.157 salt.modules.qemu_img
Qemu-img Command Wrapper
e qemu img command is wrapped for speciﬁc functions depends qemu-img salt.modules.qemu_img.make_image(location, size, fmt) Create a blank virtual machine image ﬁle of the speciﬁed size in megabytes. e image can be created in any format supported by qemu CLI Example:
 salt '*' qemu_img.make_image /tmp/image.qcow 2048 qcow2 salt '*' qemu_img.make_image /tmp/image.raw 10240 raw
22.16.158 salt.modules.qemu_nbd
Qemu Command Wrapper
e qemu system comes with powerful tools, such as qemu-img and qemu-nbd which are used here to build up kvm images. salt.modules.qemu_nbd.clear(mnt) Pass in the mnt dict returned from nbd_mount to unmount and disconnect the image from nbd. If all of the partitions are unmounted return an empty dict, otherwise return a dict containing the still mounted partitions CLI Example:
 salt '*' qemu_nbd.clear '{"/mnt/foo": "/dev/nbd0p1"}' salt.modules.qemu_nbd.connect(image) Activate nbd for an image ﬁle. CLI Example:
766 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' qemu_nbd.connect /tmp/image.raw salt.modules.qemu_nbd.init(image) Mount the named image via qemu-nbd and return the mounted roots CLI Example:
 salt '*' qemu_nbd.init /srv/image.qcow2 salt.modules.qemu_nbd.mount(nbd) Pass in the nbd connection device location, mount all partitions and return a dict of mount points CLI Example:
 salt '*' qemu_nbd.mount /dev/nbd0
22.16.159 salt.modules.quota
Module for managing quotas on POSIX-like systems. salt.modules.quota.get_mode(device) Report whether the quota system for this device is on or oﬀ CLI Example:
 salt '*' quota.get_mode salt.modules.quota.off(device) Turns oﬀ the quota system CLI Example:
 salt '*' quota.off salt.modules.quota.on(device) Turns on the quota system CLI Example:
 salt '*' quota.on salt.modules.quota.report(mount) Report on quotas for a speciﬁc volume CLI Example:
 salt '*' quota.report /media/data salt.modules.quota.set_(device, **kwargs) Calls out to setquota, for a speciﬁc user or group CLI Example:
 salt '*' quota.set /media/data user=larry block-soft-limit=1048576 salt '*' quota.set /media/data group=painters file-hard-limit=1000 salt.modules.quota.stats() Runs the quotastats command, and returns the parsed output CLI Example:
22.16. Full list of builtin execution modules 767 Salt Documentation, Release 2014.7.6
 salt '*' quota.stats salt.modules.quota.warn() Runs the warnquota command, to send warning emails to users who are over their quota limit. CLI Example:
 salt '*' quota.warn
22.16.160 salt.modules.rabbitmq
Module to provide RabbitMQ compatibility to Salt. Todo: A lot, need to add cluster support, logging, and minion conﬁguration data. salt.modules.rabbitmq.add_user(name, password=None, runas=None) Add a rabbitMQ user via rabbitmqctl user_add   CLI Example:
 salt '*' rabbitmq.add_user rabbit_user password salt.modules.rabbitmq.add_vhost(vhost, runas=None) Adds a vhost via rabbitmqctl add_vhost. CLI Example:
 salt '*' rabbitmq add_vhost '' salt.modules.rabbitmq.change_password(name, password, runas=None) Changes a user's password. CLI Example:
 salt '*' rabbitmq.change_password rabbit_user password salt.modules.rabbitmq.clear_password(name, runas=None) Removes a user's password. CLI Example:
 salt '*' rabbitmq.clear_password rabbit_user salt.modules.rabbitmq.cluster_status(runas=None) return rabbitmq cluster_status CLI Example:
 salt '*' rabbitmq.cluster_status salt.modules.rabbitmq.delete_policy(vhost, name, runas=None) Delete a policy based on rabbitmqctl clear_policy. Reference: hp://www.rabbitmq.com/ha.html CLI Example:
 salt '*' rabbitmq.delete_policy / HA' salt.modules.rabbitmq.delete_user(name, runas=None) Deletes a user via rabbitmqctl delete_user.
768 Chapter 22. Reference Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' rabbitmq.delete_user rabbit_user salt.modules.rabbitmq.delete_vhost(vhost, runas=None) Deletes a vhost rabbitmqctl delete_vhost. CLI Example:
 salt '*' rabbitmq.delete_vhost '' salt.modules.rabbitmq.disable_plugin(name, runas=None) Disable a RabbitMQ plugin via the rabbitmq-plugins command. CLI Example:
 salt '*' rabbitmq.disable_plugin foo salt.modules.rabbitmq.enable_plugin(name, runas=None) Enable a RabbitMQ plugin via the rabbitmq-plugins command. CLI Example:
 salt '*' rabbitmq.enable_plugin foo salt.modules.rabbitmq.force_reset(runas=None) Forcefully Return a RabbitMQ node to its virgin state CLI Example:
 salt '*' rabbitmq.force_reset salt.modules.rabbitmq.join_cluster(host, user='rabbit', runas=None) Join a rabbit cluster CLI Example:
 salt '*' rabbitmq.join_cluster 'rabbit' 'rabbit.example.com' salt.modules.rabbitmq.list_permissions(vhost, runas=None) Lists permissions for vhost via rabbitmqctl list_permissions CLI Example:
 salt '*' rabbitmq.list_permissions '/myvhost' salt.modules.rabbitmq.list_policies(runas=None) Return a dictionary of policies nested by vhost and name based on the data returned from rabbitmqctl list_policies. Reference: hp://www.rabbitmq.com/ha.html CLI Example:
 salt '*' rabbitmq.list_policies' salt.modules.rabbitmq.list_queues(runas=None, *kwargs) Returns queue details of the / virtual host CLI Example:
 salt '*' rabbitmq.list_queues messages consumers
22.16. Full list of builtin execution modules 769 Salt Documentation, Release 2014.7.6 salt.modules.rabbitmq.list_queues_vhost(vhost, runas=None, *kwargs) Returns queue details of speciﬁed virtual host. is command will consider ﬁrst parameter as the vhost name and rest will be treated as queueinfoitem. For geing details on vhost /, use list_queues instead). CLI Example:
 salt '*' rabbitmq.list_queues messages consumers salt.modules.rabbitmq.list_user_permissions(name, runas=None) List permissions for a user via rabbitmqctl list_user_permissions CLI Example:
 salt '*' rabbitmq.list_user_permissions 'user'. salt.modules.rabbitmq.list_users(runas=None) Return a list of users based oﬀ of rabbitmqctl user_list. CLI Example:
 salt '*' rabbitmq.list_users salt.modules.rabbitmq.list_vhosts(runas=None) Return a list of vhost based on rabbitmqctl list_vhosts. CLI Example:
 salt '*' rabbitmq.list_vhosts salt.modules.rabbitmq.plugin_is_enabled(name, runas=None) Return whether the plugin is enabled. CLI Example:
 salt '*' rabbitmq.plugin_is_enabled foo salt.modules.rabbitmq.policy_exists(vhost, name, runas=None) Return whether the policy exists based on rabbitmqctl list_policies. Reference: hp://www.rabbitmq.com/ha.html CLI Example:
 salt '*' rabbitmq.policy_exists / HA salt.modules.rabbitmq.reset(runas=None) Return a RabbitMQ node to its virgin state CLI Example:
 salt '*' rabbitmq.reset salt.modules.rabbitmq.set_permissions(vhost, user, conf='.*', write='.*', read='.*', runas=None) Sets permissions for vhost via rabbitmqctl set_permissions CLI Example:
 salt '*' rabbitmq.set_permissions 'myvhost' 'myuser' salt.modules.rabbitmq.set_policy(vhost, name, paern, deﬁnition, priority=None, runas=None) Set a policy based on rabbitmqctl set_policy. Reference: hp://www.rabbitmq.com/ha.html
770 Chapter 22. Reference Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' rabbitmq.set_policy / HA '.*' '{"ha-mode": "all"}' salt.modules.rabbitmq.set_user_tags(name, tags, runas=None) Add user tags via rabbitmqctl set_user_tags CLI Example:
 salt '*' rabbitmq.set_user_tags 'myadmin' 'administrator' salt.modules.rabbitmq.start_app(runas=None) Start the RabbitMQ application. CLI Example:
 salt '*' rabbitmq.start_app salt.modules.rabbitmq.status(runas=None) return rabbitmq status CLI Example:
 salt '*' rabbitmq.status salt.modules.rabbitmq.stop_app(runas=None) Stops the RabbitMQ application, leaving the Erlang node running. CLI Example:
 salt '*' rabbitmq.stop_app salt.modules.rabbitmq.user_exists(name, runas=None) Return whether the user exists based on rabbitmqctl list_users. CLI Example:
 salt '*' rabbitmq.user_exists rabbit_user salt.modules.rabbitmq.vhost_exists(name, runas=None) Return whether the vhost exists based on rabbitmqctl list_vhosts. CLI Example:
 salt '*' rabbitmq.vhost_exists rabbit_host
22.16.161 salt.modules.raet_publish
Publish a command from a minion to a target salt.modules.raet_publish.full_data(tgt, fun, arg=None, expr_form='glob', returner='`, time- out=5) Return the full data about the publication, this is invoked in the same way as the publish function CLI Example:
 salt system.example.com publish.full_data '*' cmd.run 'ls -la /tmp'
Attention
22.16. Full list of builtin execution modules 771 Salt Documentation, Release 2014.7.6
If you need to pass a value to a function argument and that value contains an equal sign, you must include the argument name. For example:
 salt '*' publish.full_data test.kwarg arg='cheese=spam' salt.modules.raet_publish.publish(tgt, fun, arg=None, expr_form='glob', returner='`, timeout=5) Publish a command from the minion out to other minions. Publications need to be enabled on the Salt master and the minion needs to have permission to publish the command. e Salt master will also prevent a recursive publication loop, this means that a minion cannot command another minion to command another minion as that would create an inﬁnite command loop. e expr_form argument is used to pass a target other than a glob into the execution, the available options are: •glob •pcre •grain •grain_pcre •pillar •ipcidr •range •compound e arguments sent to the minion publish function are separated with commas. is means that for a minion executing a command with multiple args it will look like this:
 salt system.example.com publish.publish '*' user.add 'foo,1020,1020' salt system.example.com publish.publish 'os:Fedora' network.interfaces '' grain
CLI Example:
 salt system.example.com publish.publish '*' cmd.run 'ls -la /tmp'
Attention If you need to pass a value to a function argument and that value contains an equal sign, you must include the argument name. For example:
 salt '*' publish.publish test.kwarg arg='cheese=spam' salt.modules.raet_publish.runner(fun, arg=None, timeout=5) Execute a runner on the master and return the data from the runner function CLI Example:
 salt publish.runner manage.down
22.16.162 salt.modules.rbenv
Manage ruby installations with rbenv. New in version 0.16.0.
772 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.rbenv.default(ruby=None, runas=None) Returns or sets the currently deﬁned default ruby. ruby=None e version to set as the default. Should match one of the versions listed by rbenv.versions. Leave blank to return the current default. CLI Example:
 salt '*' rbenv.default salt '*' rbenv.default 2.0.0-p0 salt.modules.rbenv.do(cmdline=None, runas=None) Execute a ruby command with rbenv's shims from the user or the system. CLI Example:
 salt '*' rbenv.do 'gem list bundler' salt '*' rbenv.do 'gem list bundler' deploy salt.modules.rbenv.do_with_ruby(ruby, cmdline, runas=None) Execute a ruby command with rbenv's shims using a speciﬁc ruby version. CLI Example:
 salt '*' rbenv.do_with_ruby 2.0.0-p0 'gem list bundler' salt '*' rbenv.do_with_ruby 2.0.0-p0 'gem list bundler' deploy salt.modules.rbenv.install(runas=None, path=None) Install Rbenv systemwide CLI Example:
 salt '*' rbenv.install salt.modules.rbenv.install_ruby(ruby, runas=None) Install a ruby implementation. ruby e version of Ruby to install, should match one of the versions listed by rbenv.list Additional environment variables can be conﬁgured in pillar / grains / master:
 rbenv: build_env: 'CONFIGURE_OPTS="--no-tcmalloc" CFLAGS="-fno-tree-dce"'
CLI Example:
 salt '*' rbenv.install_ruby 2.0.0-p0 salt.modules.rbenv.is_installed(runas=None) Check if Rbenv is installed. CLI Example:
 salt '*' rbenv.is_installed salt.modules.rbenv.list_(runas=None) List the installable versions of ruby. CLI Example:
 salt '*' rbenv.list
22.16. Full list of builtin execution modules 773 Salt Documentation, Release 2014.7.6 salt.modules.rbenv.rehash(runas=None) Run rbenv rehash to update the installed shims. CLI Example:
 salt '*' rbenv.rehash salt.modules.rbenv.uninstall_ruby(ruby, runas=None) Uninstall a ruby implementation. ruby e version of ruby to uninstall. Should match one of the versions listed by rbenv.versions CLI Example:
 salt '*' rbenv.uninstall_ruby 2.0.0-p0 salt.modules.rbenv.update(runas=None, path=None) Updates the current versions of Rbenv and Ruby-Build CLI Example:
 salt '*' rbenv.update salt.modules.rbenv.versions(runas=None) List the installed versions of ruby. CLI Example:
 salt '*' rbenv.versions
22.16.163 salt.modules.rdp
Manage RDP Service on Windows servers salt.modules.rdp.disable() Disable RDP the service on the server CLI Example:
 salt '*' rdp.disable salt.modules.rdp.enable() Enable RDP the service on the server CLI Example:
 salt '*' rdp.enable salt.modules.rdp.status() Show if rdp is enabled on the server CLI Example:
 salt '*' rdp.status
22.16.164 salt.modules.redis
Module to provide redis functionality to Salt New in version 2014.7.0.
774 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 conﬁguration is module requires the redis python module and uses the following defaults which may be overridden in the minion conﬁguration: redis.host: 'localhost' redis.port: 6379 redis.db: 0 redis.password: None salt.modules.redismod.bgrewriteaof(host=None, port=None, db=None, password=None) Asynchronously rewrite the append-only ﬁle CLI Example:
 salt '*' redis.bgrewriteaof salt.modules.redismod.bgsave(host=None, port=None, db=None, password=None) Asynchronously save the dataset to disk CLI Example:
 salt '*' redis.bgsave salt.modules.redismod.config_get(paern='*', host=None, port=None, db=None, password=None) Get redis server conﬁguration values CLI Example:
 salt '*' redis.config_get salt '*' redis.config_get port salt.modules.redismod.config_set(name, value, host=None, port=None, db=None, pass- word=None) Set redis server conﬁguration values CLI Example:
 salt '*' redis.config_set masterauth luv_kittens salt.modules.redismod.dbsize(host=None, port=None, db=None, password=None) Return the number of keys in the selected database CLI Example:
 salt '*' redis.dbsize salt.modules.redismod.delete(*keys, **connection_args) Deletes the keys from redis, returns number of keys deleted CLI Example:
 salt '*' redis.delete foo salt.modules.redismod.exists(key, host=None, port=None, db=None, password=None) Return true if the key exists in redis CLI Example:
 salt '*' redis.exists foo salt.modules.redismod.expire(key, seconds, host=None, port=None, db=None, password=None) Set a keys time to live in seconds CLI Example:
22.16. Full list of builtin execution modules 775 Salt Documentation, Release 2014.7.6
 salt '*' redis.expire foo 300 salt.modules.redismod.expireat(key, timestamp, host=None, port=None, db=None, pass- word=None) Set a keys expire at given UNIX time CLI Example:
 salt '*' redis.expireat foo 1400000000 salt.modules.redismod.flushall(host=None, port=None, db=None, password=None) Remove all keys from all databases CLI Example:
 salt '*' redis.flushall salt.modules.redismod.flushdb(host=None, port=None, db=None, password=None) Remove all keys from the selected database CLI Example:
 salt '*' redis.flushdb salt.modules.redismod.get_key(key, host=None, port=None, db=None, password=None) Get redis key value CLI Example:
 salt '*' redis.get_key foo salt.modules.redismod.hget(key, ﬁeld, host=None, port=None, db=None, password=None) Get speciﬁc ﬁeld value from a redis hash, returns dict CLI Example:
 salt '*' redis.hget foo_hash bar_field salt.modules.redismod.hgetall(key, host=None, port=None, db=None, password=None) Get all ﬁelds and values from a redis hash, returns dict CLI Example:
 salt '*' redis.hgetall foo_hash salt.modules.redismod.info(host=None, port=None, db=None, password=None) Get information and statistics about the server CLI Example:
 salt '*' redis.info salt.modules.redismod.key_type(key, host=None, port=None, db=None, password=None) Get redis key type CLI Example:
 salt '*' redis.type foo salt.modules.redismod.keys(paern='*', host=None, port=None, db=None, password=None) Get redis keys, supports glob style paerns CLI Example:
776 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' redis.keys salt '*' redis.keys test* salt.modules.redismod.lastsave(host=None, port=None, db=None, password=None) Get the UNIX time in seconds of the last successful save to disk CLI Example:
 salt '*' redis.lastsave salt.modules.redismod.llen(key, host=None, port=None, db=None, password=None) Get the length of a list in Redis CLI Example:
 salt '*' redis.llen foo_list salt.modules.redismod.lrange(key, start, stop, host=None, port=None, db=None, password=None) Get a range of values from a list in Redis CLI Example:
 salt '*' redis.lrange foo_list 0 10 salt.modules.redismod.ping(host=None, port=None, db=None, password=None) Ping the server, returns False on connection errors CLI Example:
 salt '*' redis.ping salt.modules.redismod.save(host=None, port=None, db=None, password=None) Synchronously save the dataset to disk CLI Example:
 salt '*' redis.save salt.modules.redismod.set_key(key, value, host=None, port=None, db=None, password=None) Set redis key value CLI Example:
 salt '*' redis.set_key foo bar salt.modules.redismod.shutdown(host=None, port=None, db=None, password=None) Synchronously save the dataset to disk and then shut down the server CLI Example:
 salt '*' redis.shutdown salt.modules.redismod.slaveof(master_host=None, master_port=None, host=None, port=None, db=None, password=None) Make the server a slave of another instance, or promote it as master CLI Example:
# Become slave of redis-n01.example.com:6379 salt '*' redis.slaveof redis-n01.example.com 6379 salt '*' redis.slaveof redis-n01.example.com # Become master salt '*' redis.slaveof
22.16. Full list of builtin execution modules 777 Salt Documentation, Release 2014.7.6 salt.modules.redismod.smembers(key, host=None, port=None, db=None, password=None) Get members in a Redis set CLI Example:
 salt '*' redis.smembers foo_set salt.modules.redismod.time(host=None, port=None, db=None, password=None) Return the current server UNIX time in seconds CLI Example:
 salt '*' redis.time salt.modules.redismod.zcard(key, host=None, port=None, db=None, password=None) Get the length of a sorted set in Redis CLI Example:
 salt '*' redis.zcard foo_sorted salt.modules.redismod.zrange(key, start, stop, host=None, port=None, db=None, password=None) Get a range of values from a sorted set in Redis by index CLI Example:
 salt '*' redis.zrange foo_sorted 0 10
22.16.165 salt.modules.reg
Manage the registry on Windows depends • winreg Python module class salt.modules.reg.Registry Delay `_winreg' usage until this module is used salt.modules.reg.create_key(hkey, path, key, value=None, reﬂection=True) Create a registry key CLI Example:
 salt '*' reg.create_key HKEY_CURRENT_USER 'SOFTWARE\Salt' 'version' '0.97' salt.modules.reg.delete_key(hkey, path, key, reﬂection=True) Delete a registry key Note: is cannot delete a key with subkeys CLI Example:
 salt '*' reg.delete_key HKEY_CURRENT_USER 'SOFTWARE\Salt' 'version' salt.modules.reg.read_key(hkey, path, key, reﬂection=True) Read registry key value CLI Example:
 salt '*' reg.read_key HKEY_LOCAL_MACHINE 'SOFTWARE\Salt' 'version'
778 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.reg.set_key(hkey, path, key, value, vtype='REG_DWORD', reﬂection=True) Set a registry key vtype: hp://docs.python.org/2/library/_winreg.html#value-types CLI Example:
 salt '*' reg.set_key HKEY_CURRENT_USER 'SOFTWARE\Salt' 'version' '0.97' REG_DWORD
22.16.166 salt.modules.rest_package
Service support for the REST example salt.modules.rest_package.install(name=None, refresh=False, fromrepo=None, pkgs=None, sources=None, **kwargs) salt.modules.rest_package.installed(name, version=None, refresh=False, fromrepo=None, skip_verify=False, pkgs=None, sources=None, **kwargs) salt.modules.rest_package.list_pkgs(versions_as_list=False, **kwargs) salt.modules.rest_package.remove(name=None, pkgs=None, **kwargs) salt.modules.rest_package.version(*names, **kwargs) Returns a string representing the package version or an empty string if not installed. If more than one package name is speciﬁed, a dict of name/version pairs is returned. CLI Example:
 salt '*' pkg.version  salt '*' pkg.version    ...
22.16.167 salt.modules.rest_sample
Module for interfacing to the REST example pre-pre-ALPHA QUALITY code. salt.modules.rest_sample.grains_refresh() Refresh the cache. salt.modules.rest_sample.ping()
22.16.168 salt.modules.rest_service
Service support for the REST example salt.modules.rest_service.list_() List services. CLI Example:
 salt '*' rest_service.list  salt.modules.rest_service.restart(name) Restart the named service CLI Example:
 salt '*' rest_service.restart 
22.16. Full list of builtin execution modules 779 Salt Documentation, Release 2014.7.6 salt.modules.rest_service.start(name) Start the speciﬁed service CLI Example:
 salt '*' rest_service.start  salt.modules.rest_service.status(name) Return the status for a service, returns a bool whether the service is running. CLI Example:
 salt '*' rest_service.status  salt.modules.rest_service.stop(name) Stop the speciﬁed service CLI Example:
 salt '*' rest_service.stop 
22.16.169 salt.modules.ret
Module to integrate with the returner system and retrieve data sent to a salt returner salt.modules.ret.get_fun(returner, fun) Return info about last time fun was called on each minion CLI Example:
 salt '*' ret.get_fun mysql network.interfaces salt.modules.ret.get_jid(returner, jid) Return the information for a speciﬁed job id CLI Example:
 salt '*' ret.get_jid redis 20421104181954700505 salt.modules.ret.get_jids(returner) Return a list of all job ids CLI Example:
 salt '*' ret.get_jids mysql salt.modules.ret.get_minions(returner) Return a list of all minions CLI Example:
 salt '*' ret.get_minions mysql
22.16.170 salt.modules.rh_ip
e networking module for RHEL/Fedora based distros
780 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.rh_ip.apply_network_settings(**seings) Apply global network conﬁguration. CLI Example:
 salt '*' ip.apply_network_settings salt.modules.rh_ip.build_bond(iface, **seings) Create a bond script in /etc/modprobe.d with the passed seings and load the bonding kernel module. CLI Example:
 salt '*' ip.build_bond bond0 mode=balance-alb salt.modules.rh_ip.build_interface(iface, iface_type, enabled, **seings) Build an interface script for a network interface. CLI Example:
 salt '*' ip.build_interface eth0 eth  salt.modules.rh_ip.build_network_settings(**seings) Build the global network script. CLI Example:
 salt '*' ip.build_network_settings  salt.modules.rh_ip.build_routes(iface, **seings) Build a route script for a network interface. CLI Example:
 salt '*' ip.build_routes eth0  salt.modules.rh_ip.down(iface, iface_type) Shutdown a network interface CLI Example:
 salt '*' ip.down eth0 salt.modules.rh_ip.get_bond(iface) Return the content of a bond script CLI Example:
 salt '*' ip.get_bond bond0 salt.modules.rh_ip.get_interface(iface) Return the contents of an interface script CLI Example:
 salt '*' ip.get_interface eth0 salt.modules.rh_ip.get_network_settings() Return the contents of the global network script. CLI Example:
22.16. Full list of builtin execution modules 781 Salt Documentation, Release 2014.7.6
 salt '*' ip.get_network_settings salt.modules.rh_ip.get_routes(iface) Return the contents of the interface routes script. CLI Example:
 salt '*' ip.get_routes eth0 salt.modules.rh_ip.up(iface, iface_type) Start up a network interface CLI Example:
 salt '*' ip.up eth0
22.16.171 salt.modules.rh_service
Service support for RHEL-based systems, including support for both upstart and sysvinit salt.modules.rh_service.available(name, limit='`) Return True if the named service is available. Use the limit param to restrict results to services of that type. CLI Examples:
 salt '*' service.available sshd salt '*' service.available sshd limit=upstart salt '*' service.available sshd limit=sysvinit salt.modules.rh_service.disable(name, **kwargs) Disable the named service to start at boot CLI Example:
 salt '*' service.disable  salt.modules.rh_service.disabled(name) Check to see if the named service is disabled to start on boot CLI Example:
 salt '*' service.disabled  salt.modules.rh_service.enable(name, **kwargs) Enable the named service to start at boot CLI Example:
 salt '*' service.enable  salt.modules.rh_service.enabled(name) Check to see if the named service is enabled to start on boot CLI Example:
 salt '*' service.enabled  salt.modules.rh_service.get_all(limit='`) Return all installed services. Use the limit param to restrict results to services of that type. CLI Example:
782 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' service.get_all salt '*' service.get_all limit=upstart salt '*' service.get_all limit=sysvinit salt.modules.rh_service.get_disabled(limit='`) Return the disabled services. Use the limit param to restrict results to services of that type. CLI Example:
 salt '*' service.get_disabled salt '*' service.get_disabled limit=upstart salt '*' service.get_disabled limit=sysvinit salt.modules.rh_service.get_enabled(limit='`) Return the enabled services. Use the limit param to restrict results to services of that type. CLI Examples:
 salt '*' service.get_enabled salt '*' service.get_enabled limit=upstart salt '*' service.get_enabled limit=sysvinit salt.modules.rh_service.missing(name, limit='`) e inverse of service.available. Return True if the named service is not available. Use the limit param to restrict results to services of that type. CLI Examples:
 salt '*' service.missing sshd salt '*' service.missing sshd limit=upstart salt '*' service.missing sshd limit=sysvinit salt.modules.rh_service.reload_(name) Reload the named service CLI Example:
 salt '*' service.reload  salt.modules.rh_service.restart(name) Restart the named service CLI Example:
 salt '*' service.restart  salt.modules.rh_service.start(name) Start the speciﬁed service CLI Example:
 salt '*' service.start  salt.modules.rh_service.status(name, sig=None) Return the status for a service, returns a bool whether the service is running. CLI Example:
 salt '*' service.status  salt.modules.rh_service.stop(name) Stop the speciﬁed service
22.16. Full list of builtin execution modules 783 Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' service.stop 
22.16.172 salt.modules.riak
Riak Salt Module
Author: David Boucha  salt.modules.riak.cluster_commit() Commit Cluster Changes CLI Example:
 salt '*' riak.cluster_commit salt.modules.riak.cluster_join(riak_user=None, riak_host=None) Join a Riak cluster CLI Example:
 salt '*' riak.cluster_join   salt.modules.riak.cluster_plan() Review Cluster Plan CLI Example:
 salt '*' riak.cluster_plan salt.modules.riak.member_status() Get cluster member status CLI Example:
 salt '*' riak.member_status salt.modules.riak.start() Start Riak CLI Example:
 salt '*' riak.start salt.modules.riak.stop() Stop Riak CLI Example:
 salt '*' riak.stop
22.16.173 salt.modules.rpm
Support for rpm salt.modules.rpm.file_dict(*packages) List the ﬁles that belong to a package, sorted by group. Not specifying any packages will return a list of _every_ ﬁle on the system's rpm database (not generally recommended).
784 Chapter 22. Reference Salt Documentation, Release 2014.7.6
CLI Examples:
 salt '*' lowpkg.file_dict httpd salt '*' lowpkg.file_dict httpd postfix salt '*' lowpkg.file_dict salt.modules.rpm.file_list(*packages) List the ﬁles that belong to a package. Not specifying any packages will return a list of _every_ ﬁle on the system's rpm database (not generally recommended). CLI Examples:
 salt '*' lowpkg.file_list httpd salt '*' lowpkg.file_list httpd postfix salt '*' lowpkg.file_list salt.modules.rpm.list_pkgs(*packages) List the packages currently installed in a dict:
{'': ''}
CLI Example:
 salt '*' lowpkg.list_pkgs salt.modules.rpm.verify(*package, **kwargs) Runs an rpm -Va on a system, and returns the results in a dict Files with an aribute of conﬁg, doc, ghost, license or readme in the package header can be ignored using the ignore_types keyword argument CLI Example:
 salt '*' lowpkg.verify salt '*' lowpkg.verify httpd salt '*' lowpkg.verify 'httpd postfix' salt '*' lowpkg.verify 'httpd postfix' ignore_types=['config','doc']
22.16.174 salt.modules.rsync
Wrapper for rsync New in version 2014.1.0. is data can also be passed into pillar. Options passed into opts will overwrite options passed into pillar. salt.modules.rsync.config(conﬁle='/etc/rsyncd.conf') Return rsync conﬁg CLI Example:
 salt '*' rsync.config salt.modules.rsync.rsync(src, dst, delete=False, force=False, update=False, passwordﬁle=None, ex- clude=None, excludefrom=None) Rsync ﬁles from src to dst CLI Example:
22.16. Full list of builtin execution modules 785 Salt Documentation, Release 2014.7.6
 salt '*' rsync.rsync {src} {dst} {delete=True} {update=True} {passwordfile=/etc/pass.crt} {exclude=xx} salt '*' rsync.rsync {src} {dst} {delete=True} {excludefrom=/xx.ini} salt.modules.rsync.version() Return rsync version CLI Example:
 salt '*' rsync.version
22.16.175 salt.modules.rvm
Manage ruby installations and gemsets with RVM, the Ruby Version Manager. salt.modules.rvm.do(ruby, command, runas=None, cwd=None) Execute a command in an RVM controlled environment. ruby: e ruby to use. command: e command to execute. runas [None] e user to run rvm as. cwd [None] e current working directory. CLI Example:
 salt '*' rvm.do 2.0.0  salt.modules.rvm.gemset_copy(source, destination, runas=None) Copy all gems from one gemset to another. source e name of the gemset to copy, complete with ruby version. destination e destination gemset. runas [None] e user to run rvm as. CLI Example:
 salt '*' rvm.gemset_copy foobar bazquo salt.modules.rvm.gemset_create(ruby, gemset, runas=None) Creates a gemset. ruby e ruby version to create the gemset for. gemset e name of the gemset to create. runas [None] e user to run rvm as. CLI Example:
 salt '*' rvm.gemset_create 2.0.0 foobar salt.modules.rvm.gemset_delete(ruby, gemset, runas=None) Deletes a gemset. ruby e ruby version the gemset belongs to. gemset e gemset to delete. runas [None] e user to run rvm as.
786 Chapter 22. Reference Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' rvm.gemset_delete 2.0.0 foobar salt.modules.rvm.gemset_empty(ruby, gemset, runas=None) Remove all gems from a gemset. ruby e ruby version the gemset belongs to. gemset e gemset to empty. runas [None] e user to run rvm as. CLI Example:
 salt '*' rvm.gemset_empty 2.0.0 foobar salt.modules.rvm.gemset_list(ruby='default', runas=None) List all gemsets for the given ruby. ruby [default] e ruby version to list the gemsets for runas [None] e user to run rvm as. CLI Example:
 salt '*' rvm.gemset_list salt.modules.rvm.gemset_list_all(runas=None) List all gemsets for all installed rubies. Note that you must have set a default ruby before this can work. runas [None] e user to run rvm as. CLI Example:
 salt '*' rvm.gemset_list_all salt.modules.rvm.get(version='stable', runas=None) Update RVM. version [stable] Which version of RVM to install, e.g. stable or head. ruby e version of ruby to reinstall. CLI Example:
 salt '*' rvm.get salt.modules.rvm.install(runas=None) Install RVM system wide. CLI Example:
 salt '*' rvm.install salt.modules.rvm.install_ruby(ruby, runas=None) Install a ruby implementation. ruby e version of ruby to install. runas [None] e user to run rvm as. CLI Example:
22.16. Full list of builtin execution modules 787 Salt Documentation, Release 2014.7.6
 salt '*' rvm.install_ruby 1.9.3-p385 salt.modules.rvm.is_installed(runas=None) Check if RVM is installed. CLI Example:
 salt '*' rvm.is_installed salt.modules.rvm.list_(runas=None) List all rvm installed rubies. runas [None] e user to run rvm as. CLI Example:
 salt '*' rvm.list salt.modules.rvm.reinstall_ruby(ruby, runas=None) Reinstall a ruby implementation. ruby e version of ruby to reinstall. runas [None] e user to run rvm as. CLI Example:
 salt '*' rvm.reinstall_ruby 1.9.3-p385 salt.modules.rvm.rubygems(ruby, version, runas=None) Installs a speciﬁc rubygems version in the given ruby. ruby e ruby to install rubygems for. version e version of rubygems to install or `remove' to use the version that ships with 1.9 runas [None] e user to run rvm as. CLI Example:
 salt '*' rvm.rubygems 2.0.0 1.8.24 salt.modules.rvm.set_default(ruby, runas=None) Set the default ruby. ruby e version of ruby to make the default. runas [None] e user to run rvm as. CLI Example:
 salt '*' rvm.set_default 2.0.0 salt.modules.rvm.wrapper(ruby_string, wrapper_preﬁx, runas=None, *binaries) Install RVM wrapper scripts. ruby_string Ruby/gemset to install wrappers for. wrapper_preﬁx What to prepend to the name of the generated wrapper binaries. runas [None] e user to run rvm as. binaries [None] e names of the binaries to create wrappers for. When nothing is given, wrappers for ruby, gem, rake, irb, rdoc, ri and testrb are generated.
788 Chapter 22. Reference Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' rvm.wrapper  
22.16.176 salt.modules.s3
Connection module for Amazon S3 conﬁguration is module accepts explicit s3 credentials but can also utilize IAM roles assigned to the instance trough Instance Proﬁles. Dynamic credentials are then automatically obtained from AWS API and no further conﬁguration is necessary. More Information available at:
 http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
If IAM roles are not used you need to specify them either in a pillar or in the minion's conﬁg ﬁle:
 s3.keyid: GKTADJGHEIQSXMKKRBJ08H s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
A service_url may also be speciﬁed in the conﬁguration:
 s3.service_url: s3.amazonaws.com
If a service_url is not speciﬁed, the default is s3.amazonaws.com. is may appear in various documentation as an ``endpoint''. A comprehensive list for Amazon S3 may be found at:
 http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
e service_url will form the basis for the ﬁnal endpoint that is used to query the service. SSL veriﬁcation may also be turned oﬀ in the conﬁguration: s3.verify_ssl: False is is required if using S3 bucket names that contain a period, as these will not match Amazon's S3 wildcard certiﬁcates. Certiﬁcate veriﬁcation is enabled by default. is module should be usable to query other S3-like services, such as Eucalyptus. depends requests salt.modules.s3.delete(bucket, path=None, action=None, key=None, keyid=None, service_url=None, verify_ssl=None) Delete a bucket, or delete an object from a bucket. CLI Example to delete a bucket:
 salt myminion s3.delete mybucket
CLI Example to delete an object from a bucket:
 salt myminion s3.delete mybucket remoteobject salt.modules.s3.get(bucket=None, path=None, return_bin=False, action=None, local_ﬁle=None, key=None, keyid=None, service_url=None, verify_ssl=None) List the contents of a bucket, or return an object from a bucket. Set return_bin to True in order to retrieve an object wholesale. Otherwise, Salt will aempt to parse an XML response. CLI Example to list buckets:
22.16. Full list of builtin execution modules 789 Salt Documentation, Release 2014.7.6
 salt myminion s3.get
CLI Example to list the contents of a bucket:
 salt myminion s3.get mybucket
CLI Example to return the binary contents of an object:
 salt myminion s3.get mybucket myfile.png return_bin=True
CLI Example to save the binary contents of an object to a local ﬁle:
 salt myminion s3.get mybucket myfile.png local_file=/tmp/myfile.png
It is also possible to perform an action on a bucket. Currently, S3 supports the following actions:
 acl cors lifecycle policy location logging notification tagging versions requestPayment versioning website
To perform an action on a bucket:
 salt myminion s3.get mybucket myfile.png action=acl salt.modules.s3.head(bucket, path=None, key=None, keyid=None, service_url=None, verify_ssl=None) Return the metadata for a bucket, or an object in a bucket. CLI Examples:
 salt myminion s3.head mybucket salt myminion s3.head mybucket myfile.png salt.modules.s3.put(bucket, path=None, return_bin=False, action=None, local_ﬁle=None, key=None, keyid=None, service_url=None, verify_ssl=None) Create a new bucket, or upload an object to a bucket. CLI Example to create a bucket:
 salt myminion s3.put mybucket
CLI Example to upload an object to a bucket:
 salt myminion s3.put mybucket remotepath local_file=/path/to/file
22.16.177 salt.modules.saltcloudmod
Control a salt cloud system salt.modules.saltcloudmod.create(name, proﬁle) Create the named vm
790 Chapter 22. Reference Salt Documentation, Release 2014.7.6
CLI Example:
 salt  saltcloud.create webserver rackspace_centos_512
22.16.178 salt.modules.saltutil
e Saltutil module is used to manage the state of the salt minion itself. It is used to manage minion modules as well as automate updates to the salt minion. depends • esky Python module for update functionality salt.modules.saltutil.clear_cache() Forcibly removes all caches on a minion. New in version 2014.7.0. WARNING: e safest way to clear a minion cache is by ﬁrst stopping the minion and then deleting the cache ﬁles before restarting it. CLI Example:
 salt '*' saltutil.clear_cache salt.modules.saltutil.cmd(tgt, fun, arg=(), timeout=None, expr_form='glob', ret='`, kwarg=None, ssh=False, **kwargs) Assuming this minion is a master, execute a salt command CLI Example:
 salt '*' saltutil.cmd salt.modules.saltutil.cmd_iter(tgt, fun, arg=(), timeout=None, expr_form='glob', ret='`, kwarg=None, ssh=False, **kwargs) Assuming this minion is a master, execute a salt command CLI Example:
 salt '*' saltutil.cmd salt.modules.saltutil.find_cached_job(jid) Return the data for a speciﬁc cached job id CLI Example:
 salt '*' saltutil.find_cached_job  salt.modules.saltutil.find_job(jid) Return the data for a speciﬁc job id CLI Example:
 salt '*' saltutil.find_job  salt.modules.saltutil.is_running(fun) If the named function is running return the data associated with it/them. e argument can be a glob CLI Example:
 salt '*' saltutil.is_running state.highstate
22.16. Full list of builtin execution modules 791 Salt Documentation, Release 2014.7.6 salt.modules.saltutil.kill_job(jid) Sends a kill signal (SIGKILL 9) to the named salt job's process CLI Example:
 salt '*' saltutil.kill_job  salt.modules.saltutil.mmodule(saltenv, fun, *args, **kwargs) Loads minion modules from an environment so that they can be used in pillars for that environment CLI Example:
 salt '*' saltutil.mmodule base test.ping salt.modules.saltutil.refresh_modules() Signal the minion to refresh the module and grain data CLI Example:
 salt '*' saltutil.refresh_modules salt.modules.saltutil.refresh_pillar() Signal the minion to refresh the pillar data. CLI Example:
 salt '*' saltutil.refresh_pillar salt.modules.saltutil.regen_keys() Used to regenerate the minion keys. CLI Example:
 salt '*' saltutil.regen_keys salt.modules.saltutil.revoke_auth() e minion sends a request to the master to revoke its own key. Note that the minion session will be revoked and the minion may not be able to return the result of this command back to the master. CLI Example:
 salt '*' saltutil.revoke_auth salt.modules.saltutil.runner(fun, **kwargs) Execute a runner module (this function must be run on the master) New in version 2014.7. name e name of the function to run kwargs Any keyword arguments to pass to the runner function CLI Example:
 salt '*' saltutil.runner jobs.list_jobs salt.modules.saltutil.running() Return the data on all running salt processes on the minion CLI Example:
 salt '*' saltutil.running
792 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.saltutil.signal_job(jid, sig) Sends a signal to the named salt job's process CLI Example:
 salt '*' saltutil.signal_job  15 salt.modules.saltutil.sync_all(saltenv=None, refresh=True) Sync down all of the dynamic modules from the ﬁle server for a speciﬁc environment refresh [True] Also refresh the execution modules available to the minion. CLI Example:
 salt '*' saltutil.sync_all salt.modules.saltutil.sync_grains(saltenv=None, refresh=True) Sync the grains from the _grains directory on the salt master ﬁle server. is function is environment aware, pass the desired environment to grab the contents of the _grains directory, base is the default environment. CLI Example:
 salt '*' saltutil.sync_grains salt.modules.saltutil.sync_modules(saltenv=None, refresh=True) Sync the modules from the _modules directory on the salt master ﬁle server. is function is environment aware, pass the desired environment to grab the contents of the _modules directory, base is the default envi- ronment. CLI Example:
 salt '*' saltutil.sync_modules salt.modules.saltutil.sync_outputters(saltenv=None, refresh=True) Sync the outpuers from the _outpuers directory on the salt master ﬁle server. is function is environment aware, pass the desired environment to grab the contents of the _outpuers directory, base is the default environment. CLI Example:
 salt '*' saltutil.sync_outputters salt.modules.saltutil.sync_renderers(saltenv=None, refresh=True) Sync the renderers from the _renderers directory on the salt master ﬁle server. is function is environment aware, pass the desired environment to grab the contents of the _renderers directory, base is the default envi- ronment. CLI Example:
 salt '*' saltutil.sync_renderers salt.modules.saltutil.sync_returners(saltenv=None, refresh=True) Sync the returners from the _returners directory on the salt master ﬁle server. is function is environment aware, pass the desired environment to grab the contents of the _returners directory, base is the default envi- ronment. CLI Example:
 salt '*' saltutil.sync_returners
22.16. Full list of builtin execution modules 793 Salt Documentation, Release 2014.7.6 salt.modules.saltutil.sync_states(saltenv=None, refresh=True) Sync the states from the _states directory on the salt master ﬁle server. is function is environment aware, pass the desired environment to grab the contents of the _states directory, base is the default environment. CLI Example:
 salt '*' saltutil.sync_states salt.modules.saltutil.sync_utils(saltenv=None, refresh=True) Sync utility source ﬁles from the _utils directory on the salt master ﬁle server. is function is environment aware, pass the desired environment to grab the contents of the _utils directory, base is the default environ- ment. CLI Example:
 salt '*' saltutil.sync_utils salt.modules.saltutil.term_job(jid) Sends a termination signal (SIGTERM 15) to the named salt job's process CLI Example:
 salt '*' saltutil.term_job  salt.modules.saltutil.update(version=None) Update the salt minion from the URL deﬁned in opts['update_url'] SaltStack, Inc provides the latest builds here: update_url: hp://docs.saltstack.com/downloads/ Be aware that as of 2014-8-11 there's a bug in esky such that only the latest version available in the update_url can be downloaded and installed. is feature requires the minion to be running a bdist_esky build. e version number is optional and will default to the most recent version available at opts['update_url']. Returns details about the transaction upon completion. CLI Example:
 salt '*' saltutil.update salt '*' saltutil.update 0.10.3 salt.modules.saltutil.wheel(fun, **kwargs) Execute a wheel module (this function must be run on the master) New in version 2014.7. name e name of the function to run kwargs Any keyword arguments to pass to the wheel function CLI Example:
 salt '*' saltutil.wheel key.accept match=jerry
22.16.179 salt.modules.schedule
Module for manging the Salt schedule on a minion New in version 2014.7.0.
794 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.schedule.add(name, **kwargs) Add a job to the schedule CLI Example:
 salt '*' schedule.add job1 function='test.ping' seconds=3600 salt.modules.schedule.build_schedule_item(name, **kwargs) Build a schedule job CLI Example:
 salt '*' schedule.build_schedule_item job1 function='test.ping' seconds=3600 salt.modules.schedule.delete(name, **kwargs) Delete a job from the minion's schedule CLI Example:
 salt '*' schedule.delete job1 salt.modules.schedule.disable(**kwargs) Disable all scheduled jobs on the minion CLI Example:
 salt '*' schedule.disable salt.modules.schedule.disable_job(name, **kwargs) Disable a job in the minion's schedule CLI Example:
 salt '*' schedule.disable_job job1 salt.modules.schedule.enable(**kwargs) Enable all scheduled jobs on the minion CLI Example:
 salt '*' schedule.enable salt.modules.schedule.enable_job(name, **kwargs) Enable a job in the minion's schedule CLI Example:
 salt '*' schedule.enable_job job1 salt.modules.schedule.list_(show_all=False, return_yaml=True) List the jobs currently scheduled on the minion CLI Example:
 salt '*' schedule.list
 salt '*' schedule.list show_all=True salt.modules.schedule.modify(name, **kwargs) Modify an existing job in the schedule CLI Example:
22.16. Full list of builtin execution modules 795 Salt Documentation, Release 2014.7.6
 salt '*' schedule.modify job1 function='test.ping' seconds=3600 salt.modules.schedule.purge(**kwargs) Purge all the jobs currently scheduled on the minion CLI Example:
 salt '*' schedule.purge salt.modules.schedule.reload_() Reload saved scheduled jobs on the minion CLI Example:
 salt '*' schedule.reload salt.modules.schedule.run_job(name, force=False) Run a scheduled job on the minion immediately CLI Example:
 salt '*' schedule.run_job job1
 salt '*' schedule.run_job job1 force=True Force the job to run even if it is disabled. salt.modules.schedule.save() Save all scheduled jobs on the minion CLI Example:
 salt '*' schedule.save
22.16.180 salt.modules.seed
Virtual machine image management tools salt.modules.seed.apply_(path, id_=None, conﬁg=None, approve_key=True, install=True, prep_install=False) Seed a location (disk image, directory, or block device) with the minion conﬁg, approve the minion's key, and/or install salt-minion. CLI Example:
 salt 'minion' seed.apply path id [config=config_data] \ [gen_key=(true|false)] [approve_key=(true|false)] \ [install=(true|false)]
 path Full path to the directory, device, or disk image on the target minion's ﬁle system. id Minion id with which to seed the path. conﬁg Minion conﬁguration options. By default, the `master' option is set to the target host's `master'. approve_key Request a pre-approval of the generated minion key. Requires that the salt-master be conﬁgured to either auto-accept all keys or expect a signing request from the target host. Default: true. install Install salt-minion, if absent. Default: true. prep_install Prepare the bootstrap script, but don't run it. Default: false
796 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.seed.mkconfig(conﬁg=None, tmp=None, id_=None, approve_key=True, pub_key=None, priv_key=None) Generate keys and conﬁg and put them in a tmp directory. pub_key absolute path or ﬁle content of an optional preseeded salt key priv_key absolute path or ﬁle content of an optional preseeded salt key CLI Example:
 salt 'minion' seed.mkconfig [config=config_data] [tmp=tmp_dir] \ [id_=minion_id] [approve_key=(true|false)]
22.16.181 salt.modules.selinux
Execute calls on selinux
Note: is module requires the semanage and setsebool commands to be available on the minion. On RHEL- based distros, this means that the policycoreutils and policycoreutils-python packages must be in- stalled. If not on a RHEL-based distribution, consult the selinux documentation for your distro to ensure that the proper packages are installed. salt.modules.selinux.getenforce() Return the mode selinux is running in CLI Example:
 salt '*' selinux.getenforce salt.modules.selinux.getsebool(boolean) Return the information on a speciﬁc selinux boolean CLI Example:
 salt '*' selinux.getsebool virt_use_usb salt.modules.selinux.list_sebool() Return a structure listing all of the selinux booleans on the system and what state they are in CLI Example:
 salt '*' selinux.list_sebool salt.modules.selinux.selinux_fs_path(*args) Return the location of the SELinux VFS directory CLI Example:
 salt '*' selinux.selinux_fs_path salt.modules.selinux.setenforce(mode) Set the SELinux enforcing mode CLI Example:
 salt '*' selinux.setenforce enforcing salt.modules.selinux.setsebool(boolean, value, persist=False) Set the value for a boolean
22.16. Full list of builtin execution modules 797 Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' selinux.setsebool virt_use_usb off salt.modules.selinux.setsebools(pairs, persist=False) Set the value of multiple booleans CLI Example:
 salt '*' selinux.setsebools '{virt_use_usb: on, squid_use_tproxy: off}'
22.16.182 salt.modules.sensors
Read lm-sensors New in version 2014.1.3. salt.modules.sensors.sense(chip, fahrenheit=False) Gather lm-sensors data from a given chip To determine the chip to query, use the `sensors' command and see the leading line in the block. Example: /usr/bin/sensors coretemp-isa-0000 Adapter: ISA adapter Physical id 0: +56.0℃ (high = +87.0℃, crit = +105.0℃) Core 0: +52.0℃ (high = +87.0℃, crit = +105.0℃) Core 1: +50.0℃ (high = +87.0℃, crit = +105.0℃) Core 2: +56.0℃ (high = +87.0℃, crit = +105.0℃) Core 3: +53.0℃ (high = +87.0℃, crit = +105.0℃) Given the above, the chip is `coretemp-isa-0000'.
22.16.183 salt.modules.serverdensity_device
Wrapper around Server Density API
New in version 2014.7.0. salt.modules.serverdensity_device.create(name, **params) Function to create device in Server Density. For more info, see the API docs. CLI Example:
 salt '*' serverdensity_device.create lama salt '*' serverdensity_device.create rich_lama group=lama_band installedRAM=32768 salt.modules.serverdensity_device.delete(device_id) Delete a device from Server Density. For more information, see the API docs. CLI Example:
 salt '*' serverdensity_device.delete 51f7eafcdba4bb235e000ae4 salt.modules.serverdensity_device.get_sd_auth(val, sd_auth_pillar_name='serverdensity') Returns requested Server Density authentication value from pillar. CLI Example:
 salt '*' serverdensity_device.get_sd_auth 
798 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.serverdensity_device.install_agent(agent_key) Function downloads Server Density installation agent, and installs sd-agent with agent_key. CLI Example:
 salt '*' serverdensity_device.install_agent c2bbdd6689ff46282bdaa07555641498 salt.modules.serverdensity_device.ls(**params) List devices in Server Density Results will be ﬁltered by any params passed to this function. For more information, see the API docs on listing and searching. CLI Example:
 salt '*' serverdensity_device.ls salt '*' serverdensity_device.ls name=lama salt '*' serverdensity_device.ls name=lama group=lama_band installedRAM=32768 salt.modules.serverdensity_device.update(device_id, **params) Updates device information in Server Density. For more information see the API docs. CLI Example:
 salt '*' serverdensity_device.update 51f7eafcdba4bb235e000ae4 name=lama group=lama_band salt '*' serverdensity_device.update 51f7eafcdba4bb235e000ae4 name=better_lama group=rock_lamas swapSpace=512
22.16.184 salt.modules.service
e default service module, if not otherwise speciﬁed salt will fall back to this basic module salt.modules.service.available(name) Returns True if the speciﬁed service is available, otherwise returns False. CLI Example:
 salt '*' service.available sshd salt.modules.service.get_all() Return a list of all available services CLI Example:
 salt '*' service.get_all salt.modules.service.missing(name) e inverse of service.available. Returns True if the speciﬁed service is not available, otherwise returns False. CLI Example:
 salt '*' service.missing sshd salt.modules.service.reload_(name) Refreshes conﬁg ﬁles by calling service reload. Does not perform a full restart. CLI Example:
 salt '*' service.reload 
22.16. Full list of builtin execution modules 799 Salt Documentation, Release 2014.7.6 salt.modules.service.restart(name) Restart the speciﬁed service CLI Example:
 salt '*' service.restart  salt.modules.service.start(name) Start the speciﬁed service CLI Example:
 salt '*' service.start  salt.modules.service.status(name, sig=None) Return the status for a service, returns the PID or an empty string if the service is running or not, pass a signature to use to ﬁnd the service via ps CLI Example:
 salt '*' service.status  [service signature] salt.modules.service.stop(name) Stop the speciﬁed service CLI Example:
 salt '*' service.stop 
22.16.185 salt.modules.shadow
Manage the shadow ﬁle salt.modules.shadow.default_hash() Returns the default hash used for unset passwords CLI Example:
 salt '*' shadow.default_hash salt.modules.shadow.del_password(name) Delete the password from name user CLI Example:
 salt '*' shadow.del_password username salt.modules.shadow.gen_password(password, crypt_salt=None, algorithm='sha512') Generate hashed password password Plaintext password to be hashed. crypt_salt Crpytographic salt. If not given, a random 8-character salt will be generated. algorithm e following hash algorithms are supported: • md5 • blowﬁsh (not in mainline glibc, only available in distros that add it) • sha256 • sha512 (default)
800 Chapter 22. Reference Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' shadow.gen_password 'I_am_password' salt '*' shadow.gen_password 'I_am_password' crypt_salt'I_am_salt' algorithm=sha256 salt.modules.shadow.info(name) Return information for the speciﬁed user CLI Example:
 salt '*' shadow.info root salt.modules.shadow.set_date(name, date) Sets the value for the date the password was last changed to days since the epoch (January 1, 1970). See man chage. CLI Example:
 salt '*' shadow.set_date username 0 salt.modules.shadow.set_expire(name, expire) Changed in version 2014.7.0. Sets the value for the date the account expires as days since the epoch (January 1, 1970). Using a value of -1 will clear expiration. See man chage. CLI Example:
 salt '*' shadow.set_expire username -1 salt.modules.shadow.set_inactdays(name, inactdays) Set the number of days of inactivity aer a password has expired before the account is locked. See man chage. CLI Example:
 salt '*' shadow.set_inactdays username 7 salt.modules.shadow.set_maxdays(name, maxdays) Set the maximum number of days during which a password is valid. See man chage. CLI Example:
 salt '*' shadow.set_maxdays username 90 salt.modules.shadow.set_mindays(name, mindays) Set the minimum number of days between password changes. See man chage. CLI Example:
 salt '*' shadow.set_mindays username 7 salt.modules.shadow.set_password(name, password, use_usermod=False) Set the password for a named user. e password must be a properly deﬁned hash. e password hash can be generated with this command: python -c "import crypt; print crypt.crypt('password', '\$6\$SALTsalt')" SALTsalt is the 8-character crpytographic salt. Valid characters in the salt are ., /, and any alphanumeric character. Keep in mind that the $6 represents a sha512 hash, if your OS is using a diﬀerent hashing algorithm this needs to be changed accordingly
22.16. Full list of builtin execution modules 801 Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' shadow.set_password root '$1$UYCIxa628.9qXjpQCjM4a..' salt.modules.shadow.set_warndays(name, warndays) Set the number of days of warning before a password change is required. See man chage. CLI Example:
 salt '*' shadow.set_warndays username 7
22.16.186 salt.modules.smartos_imgadm
Module for running imgadm command on SmartOS salt.modules.smartos_imgadm.avail(search=None) Return a list of available images CLI Example:
 salt '*' imgadm.avail [percona] salt.modules.smartos_imgadm.delete(uuid=None) Remove an installed image CLI Example:
 salt '*' imgadm.delete e42f8c84-bbea-11e2-b920-078fab2aab1f salt.modules.smartos_imgadm.get(uuid=None) Return info on an installed image CLI Example:
 salt '*' imgadm.get e42f8c84-bbea-11e2-b920-078fab2aab1f salt.modules.smartos_imgadm.import_image(uuid=None) Import an image from the repository CLI Example:
 salt '*' imgadm.import_image e42f8c84-bbea-11e2-b920-078fab2aab1f salt.modules.smartos_imgadm.list_installed() Return a list of installed images CLI Example:
 salt '*' imgadm.list_installed salt.modules.smartos_imgadm.show(uuid=None) Show manifest of a given image CLI Example:
 salt '*' imgadm.show e42f8c84-bbea-11e2-b920-078fab2aab1f salt.modules.smartos_imgadm.update_installed() Gather info on unknown images (locally installed) CLI Example:
802 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 salt '*' imgadm.update_installed() salt.modules.smartos_imgadm.version() Return imgadm version CLI Example:
 salt '*' imgadm.version
22.16.187 salt.modules.smartos_vmadm
Module for managing VMs on SmartOS salt.modules.smartos_vmadm.destroy(uuid=None) Hard power down the virtual machine, this is equivalent to pulling the power CLI Example:
 salt '*' virt.destroy  salt.modules.smartos_vmadm.get_macs(uuid=None) Return a list oﬀ MAC addresses from the named VM CLI Example:
 salt '*' virt.get_macs  salt.modules.smartos_vmadm.init(**kwargs) Initialize a new VM CLI Example:
 salt '*' virt.init image_uuid='...' alias='...' [...] salt.modules.smartos_vmadm.list_active_vms() Return a list of uuids for active virtual machine on the minion CLI Example:
 salt '*' virt.list_active_vms salt.modules.smartos_vmadm.list_inactive_vms() Return a list of uuids for inactive virtual machine on the minion CLI Example:
 salt '*' virt.list_inactive_vms salt.modules.smartos_vmadm.list_vms() Return a list of virtual machine names on the minion CLI Example:
 salt '*' virt.list_vms salt.modules.smartos_vmadm.reboot(uuid=None) Reboot a domain via ACPI request CLI Example:
22.16. Full list of builtin execution modules 803 Salt Documentation, Release 2014.7.6
 salt '*' virt.reboot  salt.modules.smartos_vmadm.setmem(uuid, memory) Change the amount of memory allocated to VM.  is to be speciﬁed in MB. Note for KVM : this would require a restart of the VM. CLI Example:
 salt '*' virt.setmem  512 salt.modules.smartos_vmadm.shutdown(uuid=None) Send a so shutdown signal to the named vm CLI Example:
 salt '*' virt.shutdown  salt.modules.smartos_vmadm.start(uuid=None) Start a deﬁned domain CLI Example:
 salt '*' virt.start  salt.modules.smartos_vmadm.vm_info(uuid=None) Return a dict with information about the speciﬁed VM on this CN CLI Example:
 salt '*' virt.vm_info  salt.modules.smartos_vmadm.vm_virt_type(uuid=None) Return VM virtualization type : OS or KVM CLI Example:
 salt '*' virt.vm_virt_type 
22.16.188 salt.modules.smf
Service support for Solaris 10 and 11, should work with other systems that use SMF also. (e.g. SmartOS) salt.modules.smf.available(name) Returns True if the speciﬁed service is available, otherwise returns False. e Solaris and SmartOS ``if'' statement uses svcs to return the service name from the package name. CLI Example:
 salt '*' service.available net-snmp salt.modules.smf.disable(name, **kwargs) Disable the named service to start at boot CLI Example:
 salt '*' service.disable  salt.modules.smf.disabled(name) Check to see if the named service is disabled to start on boot
804 Chapter 22. Reference Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' service.disabled  salt.modules.smf.enable(name, **kwargs) Enable the named service to start at boot CLI Example:
 salt '*' service.enable  salt.modules.smf.enabled(name) Check to see if the named service is enabled to start on boot CLI Example:
 salt '*' service.enabled  salt.modules.smf.get_all() Return all installed services CLI Example:
 salt '*' service.get_all salt.modules.smf.get_disabled() Return the disabled services CLI Example:
 salt '*' service.get_disabled salt.modules.smf.get_enabled() Return the enabled services CLI Example:
 salt '*' service.get_enabled salt.modules.smf.get_running() Return the running services CLI Example:
 salt '*' service.get_running salt.modules.smf.get_stopped() Return the stopped services CLI Example:
 salt '*' service.get_stopped salt.modules.smf.missing(name) e inverse of service.available. Returns True if the speciﬁed service is not available, otherwise returns False. CLI Example:
 salt '*' service.missing net-snmp
22.16. Full list of builtin execution modules 805 Salt Documentation, Release 2014.7.6 salt.modules.smf.reload_(name) Reload the named service CLI Example:
 salt '*' service.reload  salt.modules.smf.restart(name) Restart the named service CLI Example:
 salt '*' service.restart  salt.modules.smf.start(name) Start the speciﬁed service CLI Example:
 salt '*' service.start  salt.modules.smf.status(name, sig=None) Return the status for a service, returns a bool whether the service is running. CLI Example:
 salt '*' service.status  salt.modules.smf.stop(name) Stop the speciﬁed service CLI Example:
 salt '*' service.stop 
22.16.189 salt.modules.smtp
Module for Sending Messages via SMTP New in version 2014.7.0. depends • smtplib python module conﬁguration is module can be used by either passing a jid and password directly to send_message, or by specifying the name of a conﬁguration proﬁle in the minion conﬁg, minion pillar, or master conﬁg. For example:
 my-smtp-login: smtp.server: smtp.domain.com smtp.sender: [emailprotected] smtp.username: myuser smtp.password: verybadpass
e resourcename refers to the resource that is using this account. It is user-deﬁnable, and optional. e following conﬁgurations are both valid:
806 Chapter 22. Reference Salt Documentation, Release 2014.7.6
 my-smtp-login: smtp.server: smtp.domain.com smtp.sender: [emailprotected] smtp.username: myuser smtp.password: verybadpass
 another-smtp-login: smtp.server: smtp.domain.com smtp.sender: [emailprotected] smtp.username: myuser smtp.password: verybadpass salt.modules.smtp.send_msg(recipient, message, subject='Message from Salt', sender=None, server=None, use_ssl='True', username=None, password=None, pro- ﬁle=None) Send a message to an SMTP recipient. Designed for use in states. CLI Examples:
 smtp.send_msg '[emailprotected]' 'This is a salt module test' profile='my-smtp-account' smtp.send_msg '[emailprotected]' 'This is a salt module test' username='myuser' password='verybadpass' sender="[emailprotected]' server='smtp.domain.com'
22.16.190 salt.modules.sowareupdate
Support for the sowareupdate command on MacOS. salt.modules.softwareupdate.download(*updates) Download a named update so that it can be installed later with the install or upgrade function. It returns a list of all updates that are now downloaded. CLI Example:
 salt '*' softwareupdate.download  salt '*' softwareupdate.download "" salt '*' softwareupdate.download    salt.modules.softwareupdate.download_all(rec=False, restart=True) Download all available updates so that they can be installed later with the install or upgrade function. It returns a list of updates that are now downloaded. CLI Example:
 salt '*' softwareupdate.download_all salt.modules.softwareupdate.ignore(*updates) Ignore a speciﬁc program update. When an update is ignored the `-` and version number at the end will be omied, so ``SecUpd2014-001-1.0'' becomes ``SecUpd2014-001''. It will be removed automatically if present. An update is successfully ignored when it no longer shows up aer list_upgrades. CLI Example:
 salt '*' softwareupdate.ignore  salt '*' softwareupdate.ignore "" salt '*' softwareupdate.ignore    salt.modules.softwareupdate.install(*updates) Install a named upgrade. Returns a dictionary containing the name of the update and the status of its instal- lation.
22.16. Full list of builtin execution modules 807 Salt Documentation, Release 2014.7.6
Return values: - True: e update was installed. - False: e update was not installed. - None: ere is no update available with that name. CLI Example:
 salt '*' softwareupdate.install  salt '*' softwareupdate.install "" salt '*' softwareupdate.install    salt.modules.softwareupdate.list_downloads() Return a list of all updates that have been downloaded locally. CLI Example:
 salt '*' softwareupdate.list_downloads salt.modules.softwareupdate.list_ignored() List all upgrades that has been ignored. Ignored updates are shown without the `-` and version number at the end, this is how the sowareupdate command works. CLI Example:
 salt '*' softwareupdate.list_ignored salt.modules.softwareupdate.list_upgrades(rec=False, restart=False) List all available updates. rec Return only the recommended updates. restart Return only the updates that require a restart. CLI Example:
 salt '*' softwareupdate.list_upgrades salt.modules.softwareupdate.reset_ignored() Make sure the ignored updates are not ignored anymore, returns a list of the updates that are no longer ignored. CLI Example:
 salt '*' softwareupdate.reset_ignored salt.modules.softwareupdate.schedule(*status) Decide if automatic checking for upgrades should be on or oﬀ. If no arguments are given it will return the current status. Append on or oﬀ to change the status. Return values: - True: Automatic checking is now on, - False: Automatic checking is now oﬀ, - None: Invalid argument. CLI Example:
 salt '*' softwareupdate.schedule salt '*' softwareupdate.schedule on|off salt.modules.softwareupdate.upgrade(rec=False, restart=True) Install all available upgrades. Returns a dictionary containing the name of the update and the status of its installation. Return values: - True: e update was installed. - False: e update was not installed. rec If set to True, only install all the recommended updates. restart Set this to False if you do not want to install updates that require a restart.
808 Chapter 22. Reference Salt Documentation, Release 2014.7.6
CLI Example:
 salt '*' softwareupdate.upgrade salt.modules.softwareupdate.upgrade_available(update) Check whether or not an upgrade is available with a given name. CLI Example:
 salt '*' softwareupdate.upgrade_available  salt '*' softwareupdate.upgrade_available ""
22.16.191 salt.modules.solaris_group
Manage groups on Solaris salt.modules.solaris_group.add(name, gid=None, **kwargs) Add the speciﬁed group CLI Example:
 salt '*' group.add foo 3456 salt.modules.solaris_group.chgid(name, gid) Change the gid for a named group CLI Example:
 salt '*' group.chgid foo 4376 salt.modules.solaris_group.delete(name) Remove the named group CLI Example:
 salt '*' group.delete foo salt.modules.solaris_group.getent(refresh=False) Return info on all groups CLI Example:
 salt '*' group.getent salt.modules.solaris_group.info(name) Return information about a group CLI Example:
 salt '*' group.info foo
22.16.192 salt.modules.solaris_shadow
Manage the password database on Solaris systems salt.modules.solaris_shadow.default_hash() Returns the default hash used for unset passwords CLI Example:
22.16. Full list of builtin execution modules 809 Salt Documentation, Release 2014.7.6
 salt '*' shadow.default_hash salt.modules.solaris_shadow.info(name) Return information for the speciﬁed user CLI Example:
 salt '*' shadow.info root salt.modules.solaris_shadow.set_maxdays(name, maxdays) Set the maximum number of days during which a password is valid. See man passwd. CLI Example:
 salt '*' shadow.set_maxdays username 90 salt.modules.solaris_shadow.set_mindays(name, mindays) Set the minimum number of days between password changes. See man passwd. CLI Example:
 salt '*' shadow.set_mindays username 7 salt.modules.solaris_shadow.set_password(name, password) Set the password for a named user. e password must be a properly deﬁned hash, the password hash can be generated with this command: openssl passwd -1 
 CLI Example:</plaintext></p><p> salt '*' shadow.set_password root $1$UYCIxa628.9qXjpQCjM4a.. salt.modules.solaris_shadow.set_warndays(name, warndays) Set the number of days of warning before a password change is required. See man passwd. CLI Example:</p><p> salt '*' shadow.set_warndays username 7</p><p>22.16.193 salt.modules.solaris_user</p><p>Manage users with the useradd command salt.modules.solaris_user.add(name, uid=None, gid=None, groups=None, home=None, shell=None, unique=True, fullname='`, roomnumber='`, workphone='`, home- phone='`, createhome=True, **kwargs) Add a user to the minion CLI Example:</p><p> salt '*' user.add name <uid> <gid> <groups> <home> <shell> salt.modules.solaris_user.chfullname(name, fullname) Change the user's Full Name CLI Example:</shell></home></groups></gid></uid></p><p> salt '*' user.chfullname foo "Foo Bar" salt.modules.solaris_user.chgid(name, gid) Change the default group of the user</p><p>810 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>CLI Example:</p><p> salt '*' user.chgid foo 4376 salt.modules.solaris_user.chgroups(name, groups, append=False) Change the groups this user belongs to, add append to append the speciﬁed groups CLI Example:</p><p> salt '*' user.chgroups foo wheel,root True salt.modules.solaris_user.chhome(name, home, persist=False) Change the home directory of the user, pass true for persist to copy ﬁles to the new home dir CLI Example:</p><p> salt '*' user.chhome foo /home/users/foo True salt.modules.solaris_user.chhomephone(name, homephone) Change the user's Home Phone CLI Example:</p><p> salt '*' user.chhomephone foo "7735551234" salt.modules.solaris_user.chroomnumber(name, roomnumber) Change the user's Room Number CLI Example:</p><p> salt '*' user.chroomnumber foo 123 salt.modules.solaris_user.chshell(name, shell) Change the default shell of the user CLI Example:</p><p> salt '*' user.chshell foo /bin/zsh salt.modules.solaris_user.chuid(name, uid) Change the uid for a named user CLI Example:</p><p> salt '*' user.chuid foo 4376 salt.modules.solaris_user.chworkphone(name, workphone) Change the user's Work Phone CLI Example:</p><p> salt '*' user.chworkphone foo "7735550123" salt.modules.solaris_user.delete(name, remove=False, force=False) Remove a user from the minion CLI Example:</p><p> salt '*' user.delete name remove=True force=True salt.modules.solaris_user.getent(refresh=False) Return the list of all info for all users</p><p>22.16. Full list of builtin execution modules 811 Salt Documentation, Release 2014.7.6</p><p>CLI Example:</p><p> salt '*' user.getent salt.modules.solaris_user.info(name) Return user information CLI Example:</p><p> salt '*' user.info root salt.modules.solaris_user.list_groups(name) Return a list of groups the named user belongs to CLI Example:</p><p> salt '*' user.list_groups foo</p><p>22.16.194 salt.modules.solarispkg</p><p>Package support for Solaris salt.modules.solarispkg.install(name=None, sources=None, saltenv='base', **kwargs) Install the passed package. Can install packages from the following sources:</p><p>* Locally (package already exists on the minion * HTTP/HTTPS server * FTP server * Salt master</p><p>Returns a dict containing the new package names and versions:</p><p>{'<package>':{'old': '<old-version>', 'new': '<new-version>'}}</new-version></old-version></package></p><p>CLI Example, installing a data stream pkg that already exists on the minion:</p><p> salt '*' pkg.install sources='[{"<pkg name="">": "/dir/on/minion/<pkg filename="">"}]' salt '*' pkg.install sources='[{"SMClgcc346": "/var/spool/pkg/gcc-3.4.6-sol10-sparc-local.pkg"}]'</pkg></pkg></p><p>CLI Example, installing a data stream pkg that exists on the salt master:</p><p> salt '*' pkg.install sources='[{"<pkg name="">": "salt://pkgs/<pkg filename="">"}]' salt '*' pkg.install sources='[{"SMClgcc346": "salt://pkgs/gcc-3.4.6-sol10-sparc-local.pkg"}]'</pkg></pkg></p><p>CLI Example, installing a data stream pkg that exists on a HTTP server:</p><p> salt '*' pkg.install sources='[{"<pkg name="">": "http://packages.server.com/<pkg filename="">"}]' salt '*' pkg.install sources='[{"SMClgcc346": "http://packages.server.com/gcc-3.4.6-sol10-sparc-local.pkg"}]'</pkg></pkg></p><p>If working with solaris zones and you want to install a package only in the global zone you can pass `cur- rent_zone_only=True' to salt to have the package only installed in the global zone. (Behind the scenes this is passing `-G' to the pkgadd command.) Solaris default when installing a package in the global zone is to install it in all zones. is overrides that and installs the package only in the global. CLI Example, installing a data stream package only in the global zone:</p><p> salt 'global_zone' pkg.install sources='[{"SMClgcc346": "/var/spool/pkg/gcc-3.4.6-sol10-sparc-local.pkg"}]' current_zone_only=True</p><p>By default salt automatically provides an adminﬁle, to automate package installation, with these options set:</p><p>812 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> email= instance=quit partial=nocheck runlevel=nocheck idepend=nocheck rdepend=nocheck space=nocheck setuid=nocheck conflict=nocheck action=nocheck basedir=default</p><p>You can override any of these options in two ways. First you can optionally pass any of the options as a kwarg to the module/state to override the default value or you can optionally pass the `admin_source' option providing your own adminﬁle to the minions. Note: You can ﬁnd all of the possible options to provide to the adminﬁle by reading the admin man page:</p><p> man -s 4 admin</p><p>CLI Example - Overriding the `instance' adminﬁle option when calling the module directly:</p><p> salt '*' pkg.install sources='[{"<pkg name="">": "salt://pkgs/<pkg filename="">"}]' instance="overwrite"</pkg></pkg></p><p>CLI Example - Overriding the `instance' adminﬁle option when used in a state:</p><p>SMClgcc346: pkg.installed: - sources: - SMClgcc346: salt://srv/salt/pkgs/gcc-3.4.6-sol10-sparc-local.pkg - instance: overwrite</p><p>Note: the ID declaration is ignored, as the package name is read from the ``sources'' parameter. CLI Example - Providing your own adminﬁle when calling the module directly:</p><p> salt '*' pkg.install sources='[{"<pkg name="">": "salt://pkgs/<pkg filename="">"}]' admin_source='salt://pkgs/<adminfile filename="">'</adminfile></pkg></pkg></p><p>CLI Example - Providing your own adminﬁle when using states:</p><p><pkg name="">: pkg.installed: - sources: - <pkg name="">: salt://pkgs/<pkg filename=""> - admin_source: salt://pkgs/<adminfile filename=""></adminfile></pkg></pkg></pkg></p><p>Note: the ID declaration is ignored, as the package name is read from the ``sources'' parameter. salt.modules.solarispkg.latest_version(*names, **kwargs) Return the latest version of the named package available for upgrade or installation. If more than one package name is speciﬁed, a dict of name/version pairs is returned. If the latest version of a given package is already installed, an empty string will be returned for that package. CLI Example:</p><p> salt '*' pkg.latest_version <package name=""> salt '*' pkg.latest_version <package1> <package2> <package3> ...</package3></package2></package1></package></p><p>NOTE: As package repositories are not presently supported for Solaris pkgadd, this function will always return an empty string for a given package.</p><p>22.16. Full list of builtin execution modules 813 Salt Documentation, Release 2014.7.6 salt.modules.solarispkg.list_pkgs(versions_as_list=False, **kwargs) List the packages currently installed as a dict:</p><p>{'<package_name>': '<version>'}</version></package_name></p><p>CLI Example:</p><p> salt '*' pkg.list_pkgs salt.modules.solarispkg.purge(name=None, pkgs=None, **kwargs) Package purges are not supported, this function is identical to remove(). name e name of the package to be deleted Multiple Package Options: pkgs A list of packages to delete. Must be passed as a python list. e name parameter will be ignored if this option is passed. New in version 0.16.0. Returns a dict containing the changes. CLI Example:</p><p> salt '*' pkg.purge <package name=""> salt '*' pkg.purge <package1>,<package2>,<package3> salt '*' pkg.purge pkgs='["foo", "bar"]' salt.modules.solarispkg.remove(name=None, pkgs=None, saltenv='base', **kwargs) Remove packages with pkgrm name e name of the package to be deleted By default salt automatically provides an adminﬁle, to automate package removal, with these options set:</package3></package2></package1></package></p><p> email= instance=quit partial=nocheck runlevel=nocheck idepend=nocheck rdepend=nocheck space=nocheck setuid=nocheck conflict=nocheck action=nocheck basedir=default</p><p>You can override any of these options in two ways. First you can optionally pass any of the options as a kwarg to the module/state to override the default value or you can optionally pass the `admin_source' option providing your own adminﬁle to the minions. Note: You can ﬁnd all of the possible options to provide to the adminﬁle by reading the admin man page:</p><p> man -s 4 admin</p><p>Multiple Package Options: pkgs A list of packages to delete. Must be passed as a python list. e name parameter will be ignored if this option is passed. New in version 0.16.0. Returns a dict containing the changes.</p><p>814 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>CLI Example:</p><p> salt '*' pkg.remove <package name=""> salt '*' pkg.remove SUNWgit salt '*' pkg.remove <package1>,<package2>,<package3> salt '*' pkg.remove pkgs='["foo", "bar"]' salt.modules.solarispkg.upgrade_available(name) Check whether or not an upgrade is available for a given package CLI Example:</package3></package2></package1></package></p><p> salt '*' pkg.upgrade_available <package name=""> salt.modules.solarispkg.version(*names, **kwargs) Returns a string representing the package version or an empty string if not installed. If more than one package name is speciﬁed, a dict of name/version pairs is returned. CLI Example:</package></p><p> salt '*' pkg.version <package name=""> salt '*' pkg.version <package1> <package2> <package3> ...</package3></package2></package1></package></p><p>22.16.195 salt.modules.solr</p><p>Apache Solr Salt Module</p><p>Author: Jed Glazner Version: 0.2.1 Modiﬁed: 12/09/2011 is module uses HTTP requests to talk to the apache solr request handlers to gather information and report errors. Because of this the minion doesn't necessarily need to reside on the actual slave. However if you want to use the signal function the minion must reside on the physical solr host. is module supports multi-core and standard setups. Certain methods are master/slave speciﬁc. Make sure you set the solr.type. If you have questions or want a feature request please ask.</p><p>Coming Features in 0.3</p><p>1. Add command for checking for replication failures on slaves 2. Improve match_index_versions since it's pointless on busy solr masters 3. Add additional local fs checks for backups to make sure they succeeded</p><p>Override these in the minion config solr.cores A list of core names e.g. ['core1','core2']. An empty list indicates non-multicore setup. solr.baseurl e root level URL to access solr via HTTP solr.request_timeout e number of seconds before timing out an HTTP/HTTPS/FTP request. If nothing is speci- ﬁed then the python global timeout seing is used. solr.type Possible values are `master' or `slave' solr.baup_path e path to store your backups. If you are using cores and you can specify to append the core name to the path in the backup method.</p><p>22.16. Full list of builtin execution modules 815 Salt Documentation, Release 2014.7.6 solr.num_baups For versions of solr &gt;= 3.5. Indicates the number of backups to keep. is option is ignored if your version is less. solr.init_script e full path to your init script with start/stop options solr.dih.options A list of options to pass to the DIH.</p><p>Required Options for DIH clean [False] Clear the index before importing commit [True] Commit the documents to the index upon completion optimize [True] Optimize the index aer commit is complete verbose [True] Get verbose output salt.modules.solr.abort_import(handler, host=None, core_name=None, verbose=False) MASTER ONLY Aborts an existing import command to the speciﬁed handler. is command can only be run if the minion is conﬁgured with solr.type=master handler [str] e name of the data import handler. host [str (None)] e solr host to query. __opts__['host'] is default. core [str (None)] e core the handler belongs to. verbose [boolean (False)] Run the command with verbose output. Return : dict<str>:</str></p><p>{'success':boolean, 'data':dict, 'errors':list, 'warnings':list}</p><p>CLI Example:</p><p> salt '*' solr.abort_import dataimport None music {'clean':True} salt.modules.solr.backup(host=None, core_name=None, append_core_to_path=False) Tell solr make a backup. is method can be mis-leading since it uses the backup API. If an error happens during the backup you are not notiﬁed. e status: `OK' in the response simply means that solr received the request successfully. host [str (None)] e solr host to query. __opts__['host'] is default. core_name [str (None)] e name of the solr core if using cores. Leave this blank if you are not using cores or if you want to check all cores. append_core_to_path [boolean (False)] If True add the name of the core to the backup path. Assumes that minion backup path is not None. Return : dict<str>:</str></p><p>{'success':boolean, 'data':dict, 'errors':list, 'warnings':list}</p><p>CLI Example:</p><p> salt '*' solr.backup music salt.modules.solr.core_status(host=None, core_name=None) MULTI-CORE HOSTS ONLY Get the status for a given core or all cores if no core is speciﬁed host [str (None)] e solr host to query. __opts__['host'] is default. core_name [str] e name of the core to reload</p><p>816 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Return : dict<str>:</str></p><p>{'success':boolean, 'data':dict, 'errors':list, 'warnings':list}</p><p>CLI Example:</p><p> salt '*' solr.core_status None music salt.modules.solr.delta_import(handler, host=None, core_name=None, options=None, ex- tra=None) Submits an import command to the speciﬁed handler using speciﬁed options. is command can only be run if the minion is conﬁgured with solr.type=master handler [str] e name of the data import handler. host [str (None)] e solr host to query. __opts__['host'] is default. core [str (None)] e core the handler belongs to. options [dict (__opts__)] A list of options such as clean, optimize commit, verbose, and pause_replication. leave blank to use __opts__ defaults. options will be merged with __opts__ extra [dict ([])] Extra name value pairs to pass to the handler. e.g. [''name=value''] Return : dict<str>:</str></p><p>{'success':boolean, 'data':dict, 'errors':list, 'warnings':list}</p><p>CLI Example:</p><p> salt '*' solr.delta_import dataimport None music {'clean':True} salt.modules.solr.full_import(handler, host=None, core_name=None, options=None, extra=None) MASTER ONLY Submits an import command to the speciﬁed handler using speciﬁed options. is command can only be run if the minion is conﬁgured with solr.type=master handler [str] e name of the data import handler. host [str (None)] e solr host to query. __opts__['host'] is default. core [str (None)] e core the handler belongs to. options [dict (__opts__)] A list of options such as clean, optimize commit, verbose, and pause_replication. leave blank to use __opts__ defaults. options will be merged with __opts__ extra [dict ([])] Extra name value pairs to pass to the handler. e.g. [''name=value''] Return : dict<str>:</str></p><p>{'success':boolean, 'data':dict, 'errors':list, 'warnings':list}</p><p>CLI Example:</p><p> salt '*' solr.full_import dataimport None music {'clean':True} salt.modules.solr.import_status(handler, host=None, core_name=None, verbose=False) Submits an import command to the speciﬁed handler using speciﬁed options. is command can only be run if the minion is conﬁgured with solr.type: `master' handler [str] e name of the data import handler. host [str (None)] e solr host to query. __opts__['host'] is default. core [str (None)] e core the handler belongs to.</p><p>22.16. Full list of builtin execution modules 817 Salt Documentation, Release 2014.7.6</p><p> verbose [boolean (False)] Speciﬁes verbose output Return : dict<str>:</str></p><p>{'success':boolean, 'data':dict, 'errors':list, 'warnings':list}</p><p>CLI Example:</p><p> salt '*' solr.import_status dataimport None music False salt.modules.solr.is_replication_enabled(host=None, core_name=None) SLAVE CALL Check for errors, and determine if a slave is replicating or not. host [str (None)] e solr host to query. __opts__['host'] is default. core_name [str (None)] e name of the solr core if using cores. Leave this blank if you are not using cores or if you want to check all cores. Return : dict<str>:</str></p><p>{'success':boolean, 'data':dict, 'errors':list, 'warnings':list}</p><p>CLI Example:</p><p> salt '*' solr.is_replication_enabled music salt.modules.solr.lucene_version(core_name=None) Gets the lucene version that solr is using. If you are running a multi-core setup you should specify a core name since all the cores run under the same servlet container, they will all have the same version. core_name [str (None)] e name of the solr core if using cores. Leave this blank if you are not using cores or if you want to check all cores. Return: dict<str>:</str></p><p>{'success':boolean, 'data':dict, 'errors':list, 'warnings':list}</p><p>CLI Example:</p><p> salt '*' solr.lucene_version salt.modules.solr.match_index_versions(host=None, core_name=None) SLAVE CALL Veriﬁes that the master and the slave versions are in sync by comparing the index version. If you are constantly pushing updates the index the master and slave versions will seldom match. A solution to this is pause indexing every so oen to allow the slave to replicate and then call this method before allowing indexing to resume. host [str (None)] e solr host to query. __opts__['host'] is default. core_name [str (None)] e name of the solr core if using cores. Leave this blank if you are not using cores or if you want to check all cores. Return : dict<str>:</str></p><p>{'success':boolean, 'data':dict, 'errors':list, 'warnings':list}</p><p>CLI Example:</p><p> salt '*' solr.match_index_versions music salt.modules.solr.optimize(host=None, core_name=None) Search queries fast, but it is a very expensive operation. e ideal process is to run this with a master/slave conﬁguration. en you can optimize the master, and push the optimized index to the slaves. If you are</p><p>818 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> running a single solr instance, or if you are going to run this on a slave be aware than search performance will be horrible while this command is being run. Additionally it can take a LONG time to run and your HTTP request may timeout. If that happens adjust your timeout seings. host [str (None)] e solr host to query. __opts__['host'] is default. core_name [str (None)] e name of the solr core if using cores. Leave this blank if you are not using cores or if you want to check all cores. Return : dict<str>:</str></p><p>{'success':boolean, 'data':dict, 'errors':list, 'warnings':list}</p><p>CLI Example:</p><p> salt '*' solr.optimize music salt.modules.solr.ping(host=None, core_name=None) Does a health check on solr, makes sure solr can talk to the indexes. host [str (None)] e solr host to query. __opts__['host'] is default. core_name [str (None)] e name of the solr core if using cores. Leave this blank if you are not using cores or if you want to check all cores. Return : dict<str>:</str></p><p>{'success':boolean, 'data':dict, 'errors':list, 'warnings':list}</p><p>CLI Example:</p><p> salt '*' solr.ping music salt.modules.solr.reload_core(host=None, core_name=None) MULTI-CORE HOSTS ONLY Load a new core from the same conﬁguration as an existing registered core. While the ``new'' core is initializing, the ``old'' one will continue to accept requests. Once it has ﬁnished, all new request will go to the ``new'' core, and the ``old'' core will be unloaded. host [str (None)] e solr host to query. __opts__['host'] is default. core_name [str] e name of the core to reload Return : dict<str>:</str></p><p>{'success':boolean, 'data':dict, 'errors':list, 'warnings':list}</p><p>CLI Example:</p><p> salt '*' solr.reload_core None music</p><p>Return data is in the following format:</p><p>{'success':bool, 'data':dict, 'errors':list, 'warnings':list} salt.modules.solr.reload_import_config(handler, host=None, core_name=None, ver- bose=False) MASTER ONLY re-loads the handler conﬁg XML ﬁle. is command can only be run if the minion is a `master' type handler [str] e name of the data import handler. host [str (None)] e solr host to query. __opts__['host'] is default. core [str (None)] e core the handler belongs to.</p><p>22.16. Full list of builtin execution modules 819 Salt Documentation, Release 2014.7.6</p><p> verbose [boolean (False)] Run the command with verbose output. Return : dict<str>:</str></p><p>{'success':boolean, 'data':dict, 'errors':list, 'warnings':list}</p><p>CLI Example:</p><p> salt '*' solr.reload_import_config dataimport None music {'clean':True} salt.modules.solr.replication_details(host=None, core_name=None) Get the full replication details. host [str (None)] e solr host to query. __opts__['host'] is default. core_name [str (None)] e name of the solr core if using cores. Leave this blank if you are not using cores or if you want to check all cores. Return : dict<str>:</str></p><p>{'success':boolean, 'data':dict, 'errors':list, 'warnings':list}</p><p>CLI Example:</p><p> salt '*' solr.replication_details music salt.modules.solr.set_is_polling(polling, host=None, core_name=None) SLAVE CALL Prevent the slaves from polling the master for updates. polling [boolean] True will enable polling. False will disable it. host [str (None)] e solr host to query. __opts__['host'] is default. core_name [str (None)] e name of the solr core if using cores. Leave this blank if you are not using cores or if you want to check all cores. Return : dict<str>:</str></p><p>{'success':boolean, 'data':dict, 'errors':list, 'warnings':list}</p><p>CLI Example:</p><p> salt '*' solr.set_is_polling False salt.modules.solr.set_replication_enabled(status, host=None, core_name=None) MASTER ONLY Sets the master to ignore poll requests from the slaves. Useful when you don't want the slaves replicating during indexing or when clearing the index. status [boolean] Sets the replication status to the speciﬁed state. host [str (None)] e solr host to query. __opts__['host'] is default. core_name [str (None)] e name of the solr core if using cores. Leave this blank if you are not using cores or if you want to set the status on all cores. Return : dict<str>:</str></p><p>{'success':boolean, 'data':dict, 'errors':list, 'warnings':list}</p><p>CLI Example:</p><p> salt '*' solr.set_replication_enabled false, None, music</p><p>820 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.solr.signal(signal=None) Signals Apache Solr to start, stop, or restart. Obviously this is only going to work if the minion resides on the solr host. Additionally Solr doesn't ship with an init script so one must be created. signal [str (None)] e command to pass to the apache solr init valid values are `start', `stop', and `restart' CLI Example:</p><p> salt '*' solr.signal restart salt.modules.solr.version(core_name=None) Gets the solr version for the core speciﬁed. You should specify a core here as all the cores will run under the same servlet container and so will all have the same version. core_name [str (None)] e name of the solr core if using cores. Leave this blank if you are not using cores or if you want to check all cores. Return : dict<str>:</str></p><p>{'success':boolean, 'data':dict, 'errors':list, 'warnings':list}</p><p>CLI Example:</p><p> salt '*' solr.version</p><p>22.16.196 salt.modules.sqlite3</p><p>Support for SQLite3 salt.modules.sqlite3.fetch(db=None, sql=None) Retrieve data from an sqlite3 db (returns all rows, be careful!) CLI Example:</p><p> salt '*' sqlite3.fetch /root/test.db 'SELECT * FROM test;' salt.modules.sqlite3.indexes(db=None) Show all indices in the database, for people with poor spelling <a class="als" href="https://tipsdex.com" title="skills" target="_blank" rel="noopener">skills</a> CLI Example:</p><p> salt '*' sqlite3.indexes /root/test.db salt.modules.sqlite3.indices(db=None) Show all indices in the database CLI Example:</p><p> salt '*' sqlite3.indices /root/test.db salt.modules.sqlite3.modify(db=None, sql=None) Issue an SQL query to sqlite3 (with no return data), usually used to modify the database in some way (insert, delete, create, etc) CLI Example:</p><p> salt '*' sqlite3.modify /root/test.db 'CREATE TABLE test(id INT, testdata TEXT);' salt.modules.sqlite3.sqlite_version() Return version of sqlite</p><p>22.16. Full list of builtin execution modules 821 Salt Documentation, Release 2014.7.6</p><p>CLI Example:</p><p> salt '*' sqlite3.sqlite_version salt.modules.sqlite3.tables(db=None) Show all tables in the database CLI Example:</p><p> salt '*' sqlite3.tables /root/test.db salt.modules.sqlite3.version() Return version of pysqlite CLI Example:</p><p> salt '*' sqlite3.version</p><p>22.16.197 salt.modules.ssh</p><p>Manage client ssh components</p><p>Note: is module requires the use of MD5 hashing. Certain security audits may not permit the use of MD5. For those cases, this module should be disabled or removed. salt.modules.ssh.auth_keys(user, conﬁg='.ssh/authorized_keys') Return the authorized keys for the speciﬁed user CLI Example:</p><p> salt '*' ssh.auth_keys root salt.modules.ssh.check_key(user, key, enc, comment, options, conﬁg='.ssh/authorized_keys', cache_keys=None) Check to see if a key needs updating, returns ``update'', ``add'' or ``exists'' CLI Example:</p><p> salt '*' ssh.check_key <user> <key> <enc> <comment> <options> salt.modules.ssh.check_key_file(user, source, conﬁg='.ssh/authorized_keys', saltenv='base', env=None) Check a keyﬁle from a source destination against the local keys and return the keys to change CLI Example:</options></comment></enc></key></user></p><p> salt '*' root salt://ssh/keyfile salt.modules.ssh.check_known_host(user=None, hostname=None, key=None, ﬁngerprint=None, conﬁg=None) Check the record in known_hosts ﬁle, either by its value or by ﬁngerprint (it's enough to set up either key or ﬁngerprint, you don't need to set up both). If provided key or ﬁngerprint doesn't match with stored value, return ``update'', if no value is found for a given host, return ``add'', otherwise return ``exists''. If neither key, nor ﬁngerprint is deﬁned, then additional validation is not performed. CLI Example:</p><p>822 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt '*' ssh.check_known_host <user> <hostname> key='AAAA...FAaQ==' salt.modules.ssh.get_known_host(user, hostname, conﬁg=None) Return information about known host from the conﬁgﬁle, if any. If there is no such key, return None. CLI Example:</hostname></user></p><p> salt '*' ssh.get_known_host <user> <hostname> salt.modules.ssh.hash_known_hosts(user=None, conﬁg=None) Hash all the hostnames in the known hosts ﬁle. New in version 2014.7.0. CLI Example:</hostname></user></p><p> salt '*' ssh.hash_known_hosts salt.modules.ssh.host_keys(keydir=None) Return the minion's host keys CLI Example:</p><p> salt '*' ssh.host_keys salt.modules.ssh.recv_known_host(hostname, enc=None, port=None, hash_hostname=False) Retrieve information about host public key from remote server CLI Example:</p><p> salt '*' ssh.recv_known_host <hostname> enc=<enc> port=<port> salt.modules.ssh.rm_auth_key(user, key, conﬁg='.ssh/authorized_keys') Remove an authorized key from the speciﬁed user's authorized key ﬁle CLI Example:</port></enc></hostname></p><p> salt '*' ssh.rm_auth_key <user> <key> salt.modules.ssh.rm_known_host(user=None, hostname=None, conﬁg=None) Remove all keys belonging to hostname from a known_hosts ﬁle. CLI Example:</key></user></p><p> salt '*' ssh.rm_known_host <user> <hostname> salt.modules.ssh.set_auth_key(user, key, enc='ssh-rsa', comment='`, options=None, con- ﬁg='.ssh/authorized_keys', cache_keys=None) Add a key to the authorized_keys ﬁle. e ``key'' parameter must only be the string of text that is the encoded key. If the key begins with ``ssh-rsa'' or ends with user@host, remove those from the key before passing it to this function. CLI Example:</hostname></user></p><p> salt '*' ssh.set_auth_key <user> '<key>' enc='dsa' salt.modules.ssh.set_auth_key_from_file(user, source, conﬁg='.ssh/authorized_keys', saltenv='base', env=None) Add a key to the authorized_keys ﬁle, using a ﬁle as the source. CLI Example:</key></user></p><p>22.16. Full list of builtin execution modules 823 Salt Documentation, Release 2014.7.6</p><p> salt '*' ssh.set_auth_key_from_file <user> salt://ssh_keys/<user>.id_rsa.pub salt.modules.ssh.set_known_host(user=None, hostname=None, ﬁngerprint=None, key=None, port=None, enc=None, hash_hostname=True, conﬁg=None) Download SSH public key from remote host ``hostname'', optionally validate its ﬁngerprint against ``ﬁnger- print'' variable and save the record in the known_hosts ﬁle. If such a record does already exists in there, do nothing. CLI Example:</user></user></p><p> salt '*' ssh.set_known_host <user> fingerprint='xx:xx:..:xx' enc='ssh-rsa' config='.ssh/known_hosts' salt.modules.ssh.user_keys(user=None, pubﬁle=None, prvﬁle=None) Return the user's ssh keys on the minion New in version 2014.7.0. CLI Example:</user></p><p> salt '*' ssh.user_keys salt '*' ssh.user_keys user=user1 salt '*' ssh.user_keys user=user1 pubfile=/home/user1/.ssh/id_rsa.pub prvfile=/home/user1/.ssh/id_rsa salt '*' ssh.user_keys user="['user1','user2'] pubfile=id_rsa.pub prvfile=id_rsa</p><p>22.16.198 salt.modules.state</p><p>Control the state system on the minion salt.modules.state.clear_cache() Clear out cached state ﬁles, forcing even cache runs to refresh the cache on the next state execution. Remember that the state cache is completely disabled by default, this execution only applies if cache=True is used in states CLI Example:</p><p> salt '*' state.clear_cache salt.modules.state.high(data, queue=False, **kwargs) Execute the compound calls stored in a single set of high data is function is mostly intended for testing the state system CLI Example:</p><p> salt '*' state.high '{"vim": {"pkg": ["installed"]}}' salt.modules.state.highstate(test=None, queue=False, **kwargs) Retrieve the state data from the salt master for this minion and execute it test Notify states to execute in test-only (dry-run) mode. Sets the test variable in the minion opts for the duration of the state run. pillar Custom Pillar data can be passed with the pillar kwarg. Values passed here will override hard-coded Pillar values. queue [False] Instead of failing immediately when another state run is in progress, queue the new state run to begin running once the other has ﬁnished. is option starts a new thread for each queued state run so use this option sparingly.</p><p>824 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> localconﬁg: Instead of using running minion opts, load localconfig and merge that with the running minion opts. is functionality is intended for using ``roots'' of salt directories (with their own minion conﬁg, pillars, ﬁle_roots) to run highstate out of. CLI Example:</p><p> salt '*' state.highstate</p><p> salt '*' state.highstate whitelist=sls1_to_run,sls2_to_run salt '*' state.highstate exclude=sls_to_exclude salt '*' state.highstate exclude="[{'id': 'id_to_exclude'}, {'sls': 'sls_to_exclude'}]"</p><p> salt '*' state.highstate pillar="{foo: 'Foo!', bar: 'Bar!'}" salt.modules.state.low(data, queue=False, **kwargs) Execute a single low data call is function is mostly intended for testing the state system CLI Example:</p><p> salt '*' state.low '{"state": "pkg", "fun": "installed", "name": "vi"}' salt.modules.state.pkg(pkg_path, pkg_sum, hash_type, test=False, **kwargs) Execute a packaged state run, the packaged state run will exist in a tarball available locally. is packaged state can be generated using salt-ssh. CLI Example:</p><p> salt '*' state.pkg /tmp/state_pkg.tgz salt.modules.state.running(concurrent=False) Return a dict of state return data if a state function is already running. is function is used to prevent multiple state calls from being run at the same time. CLI Example:</p><p> salt '*' state.running salt.modules.state.show_highstate(queue=False, **kwargs) Retrieve the highstate data from the salt master and display it Custom Pillar data can be passed with the pillar kwarg. CLI Example:</p><p> salt '*' state.show_highstate salt.modules.state.show_low_sls(mods, saltenv='base', test=None, queue=False, env=None, **kwargs) Display the low data from a speciﬁc sls. e default environment is base, use saltenv (env in Salt 0.17.x and older) to specify a diﬀerent environment. CLI Example:</p><p> salt '*' state.show_low_sls foo salt.modules.state.show_lowstate(queue=False, **kwargs) List out the low data that will be applied to this minion CLI Example:</p><p> salt '*' state.show_lowstate</p><p>22.16. Full list of builtin execution modules 825 Salt Documentation, Release 2014.7.6 salt.modules.state.show_sls(mods, saltenv='base', test=None, queue=False, env=None, **kwargs) Display the state data from a speciﬁc sls or list of sls ﬁles on the master. e default environment is base, use saltenv (env in Salt 0.17.x and older) to specify a diﬀerent environment. is function does not support topﬁles. For top.sls please use show_top instead. Custom Pillar data can be passed with the pillar kwarg. CLI Example:</p><p> salt '*' state.show_sls core,edit.vim dev salt.modules.state.show_top(queue=False, **kwargs) Return the top data that the minion will use for a highstate CLI Example:</p><p> salt '*' state.show_top salt.modules.state.single(fun, name, test=None, queue=False, **kwargs) Execute a single state function with the named kwargs, returns False if insuﬃcient data is sent to the command By default, the values of the kwargs will be parsed as YAML. So, you can specify lists values, or lists of single entry key-value maps, as you would in a YAML salt ﬁle. Alternatively, JSON format of keyword values is also supported. CLI Example:</p><p> salt '*' state.single pkg.installed name=vim salt.modules.state.sls(mods, saltenv='base', test=None, exclude=None, queue=False, env=None, **kwargs) Execute a set list of state ﬁles from an environment. test Notify states to execute in test-only (dry-run) mode. Sets the test variable in the minion opts for the duration of the state run. pillar Custom Pillar data can be passed with the pillar kwarg. Values passed here will override hard-coded Pillar values. queue [False] Instead of failing immediately when another state run is in progress, queue the new state run to begin running once the other has ﬁnished. is option starts a new thread for each queued state run so use this option sparingly. saltenv [base] Specify a file_roots environment. Changed in version 0.17.0: Argument name changed from env to saltenv. concurrent: WARNING: is ﬂag is potentially dangerous. It is designed for use when multiple state runs can safely be run at the same Do not use this ﬂag for performance optimization. localconﬁg: Instead of using running minion opts, load localconfig and merge that with the running minion opts. is functionality is intended for using ``roots'' of salt directories (with their own minion conﬁg, pillars, ﬁle_roots) to run highstate out of. CLI Example:</p><p> salt '*' state.sls core,edit.vim dev salt '*' state.sls core exclude="[{'id': 'id_to_exclude'}, {'sls': 'sls_to_exclude'}]"</p><p> salt '*' state.sls myslsfile pillar="{foo: 'Foo!', bar: 'Bar!'}"</p><p>826 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.state.sls_id(id_, mods, saltenv='base', test=None, queue=False, **kwargs) Call a single ID from the named module(s) and handle all requisites New in version 2014.7.0. CLI Example:</p><p> salt '*' state.sls_id apache http salt.modules.state.template(tem, queue=False, **kwargs) Execute the information stored in a template ﬁle on the minion. is function does not ask a master for a SLS ﬁle to render but instead directly processes the ﬁle at the provided path on the minion. CLI Example:</p><p> salt '*' state.template '<path minion="" on="" template="" the="" to="">' salt.modules.state.template_str(tem, queue=False, **kwargs) Execute the information stored in a string from an sls template CLI Example:</path></p><p> salt '*' state.template_str '<template string="">' salt.modules.state.top(topfn, test=None, queue=False, **kwargs) Execute a speciﬁc top ﬁle instead of the default CLI Example:</template></p><p> salt '*' state.top reverse_top.sls salt '*' state.top reverse_top.sls exclude=sls_to_exclude salt '*' state.top reverse_top.sls exclude="[{'id': 'id_to_exclude'}, {'sls': 'sls_to_exclude'}]"</p><p>22.16.199 salt.modules.status</p><p>Module for returning various status data about a minion. ese data can be useful for compiling into stats later. salt.modules.status.all_status() Return a composite of all status data and info for this minion. Warning: ere is a LOT here! CLI Example:</p><p> salt '*' status.all_status salt.modules.status.cpuinfo() Return the CPU info for this minion CLI Example:</p><p> salt '*' status.cpuinfo salt.modules.status.cpustats() Return the CPU stats for this minion CLI Example:</p><p> salt '*' status.cpustats</p><p>22.16. Full list of builtin execution modules 827 Salt Documentation, Release 2014.7.6 salt.modules.status.custom() Return a custom composite of status data and info for this minion, based on the minion conﬁg ﬁle. An example conﬁg like might be:</p><p> status.cpustats.custom: [ 'cpu', 'ctxt', 'btime', 'processes' ]</p><p>Where status refers to status.py, cpustats is the function where we get our data, and custom is this function It is followed by a list of keys that we want returned. is function is meant to replace all_status(), which returns anything and everything, which we probably don't want. By default, nothing is returned. Warning: Depending on what you include, there can be a LOT here! CLI Example:</p><p> salt '*' status.custom salt.modules.status.diskstats() Return the disk stats for this minion CLI Example:</p><p> salt '*' status.diskstats salt.modules.status.diskusage(*args) Return the disk usage for this minion Usage:</p><p> salt '*' status.diskusage [paths and/or filesystem types]</p><p>CLI Example:</p><p> salt '*' status.diskusage # usage for all filesystems salt '*' status.diskusage / /tmp # usage for / and /tmp salt '*' status.diskusage ext? # usage for ext[234] filesystems salt '*' status.diskusage / ext? # usage for / and all ext filesystems salt.modules.status.loadavg() Return the load averages for this minion CLI Example:</p><p> salt '*' status.loadavg salt.modules.status.master(master=None, connected=True) New in version 2014.7.0. Fire an event if the minion gets disconnected from its master. is function is meant to be run via a scheduled job from the minion. If master_ip is an FQDN/Hostname, is must be resolvable to a valid IPv4 address. CLI Example:</p><p> salt '*' status.master salt.modules.status.meminfo() Return the memory info for this minion CLI Example:</p><p> salt '*' status.meminfo</p><p>828 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.status.netdev() Return the network device stats for this minion CLI Example:</p><p> salt '*' status.netdev salt.modules.status.netstats() Return the network stats for this minion CLI Example:</p><p> salt '*' status.netstats salt.modules.status.nproc() Return the number of processing units available on this system CLI Example:</p><p> salt '*' status.nproc salt.modules.status.pid(sig) Return the PID or an empty string if the process is running or not. Pass a signature to use to ﬁnd the process via ps. Note you can pass a Python-compatible regular expression to return all pids of processes matching the regexp. CLI Example:</p><p> salt '*' status.pid <sig> salt.modules.status.procs() Return the process data CLI Example:</sig></p><p> salt '*' status.procs salt.modules.status.uptime() Return the uptime for this minion CLI Example:</p><p> salt '*' status.uptime salt.modules.status.version() Return the system version for this minion CLI Example:</p><p> salt '*' status.version salt.modules.status.vmstats() Return the virtual memory stats for this minion CLI Example:</p><p> salt '*' status.vmstats salt.modules.status.w() Return a list of logged in users for this minion, using the w command CLI Example:</p><p>22.16. Full list of builtin execution modules 829 Salt Documentation, Release 2014.7.6</p><p> salt '*' status.w</p><p>22.16.200 salt.modules.supervisord</p><p>Provide the service module for system supervisord or supervisord in a virtualenv salt.modules.supervisord.add(name, user=None, conf_ﬁle=None, bin_env=None) Activates any updates in conﬁg for process/group. user user to run supervisorctl as conf_ﬁle path to supervisord conﬁg ﬁle bin_env path to supervisorctl bin or path to virtualenv with supervisor installed CLI Example:</p><p> salt '*' supervisord.add <name> salt.modules.supervisord.custom(command, user=None, conf_ﬁle=None, bin_env=None) Run any custom supervisord command user user to run supervisorctl as conf_ﬁle path to supervisord conﬁg ﬁle bin_env path to supervisorctl bin or path to virtualenv with supervisor installed CLI Example:</name></p><p> salt '*' supervisord.custom "mstop '*gunicorn*'" salt.modules.supervisord.options(name, conf_ﬁle=None) New in version 2014.1.0. Read the conﬁg ﬁle and return the conﬁg options for a given process name Name of the conﬁgured process conf_ﬁle path to supervisord conﬁg ﬁle CLI Example:</p><p> salt '*' supervisord.options foo salt.modules.supervisord.remove(name, user=None, conf_ﬁle=None, bin_env=None) Removes process/group from active conﬁg user user to run supervisorctl as conf_ﬁle path to supervisord conﬁg ﬁle bin_env path to supervisorctl bin or path to virtualenv with supervisor installed CLI Example:</p><p> salt '*' supervisord.remove <name> salt.modules.supervisord.reread(user=None, conf_ﬁle=None, bin_env=None) Reload the daemon's conﬁguration ﬁles user user to run supervisorctl as conf_ﬁle path to supervisord conﬁg ﬁle</name></p><p>830 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> bin_env path to supervisorctl bin or path to virtualenv with supervisor installed CLI Example:</p><p> salt '*' supervisord.reread salt.modules.supervisord.restart(name='all', user=None, conf_ﬁle=None, bin_env=None) Restart the named service. Process group names should not include a trailing asterisk. user user to run supervisorctl as conf_ﬁle path to supervisord conﬁg ﬁle bin_env path to supervisorctl bin or path to virtualenv with supervisor installed CLI Example:</p><p> salt '*' supervisord.restart <service> salt '*' supervisord.restart <group>: salt.modules.supervisord.start(name='all', user=None, conf_ﬁle=None, bin_env=None) Start the named service. Process group names should not include a trailing asterisk. user user to run supervisorctl as conf_ﬁle path to supervisord conﬁg ﬁle bin_env path to supervisorctl bin or path to virtualenv with supervisor installed CLI Example:</group></service></p><p> salt '*' supervisord.start <service> salt '*' supervisord.start <group>: salt.modules.supervisord.status(name=None, user=None, conf_ﬁle=None, bin_env=None) List programs and its state user user to run supervisorctl as conf_ﬁle path to supervisord conﬁg ﬁle bin_env path to supervisorctl bin or path to virtualenv with supervisor installed CLI Example:</group></service></p><p> salt '*' supervisord.status salt.modules.supervisord.status_raw(name=None, user=None, conf_ﬁle=None, bin_env=None) Display the raw output of status user user to run supervisorctl as conf_ﬁle path to supervisord conﬁg ﬁle bin_env path to supervisorctl bin or path to virtualenv with supervisor installed CLI Example:</p><p> salt '*' supervisord.status_raw salt.modules.supervisord.stop(name='all', user=None, conf_ﬁle=None, bin_env=None) Stop the named service. Process group names should not include a trailing asterisk. user user to run supervisorctl as conf_ﬁle path to supervisord conﬁg ﬁle</p><p>22.16. Full list of builtin execution modules 831 Salt Documentation, Release 2014.7.6</p><p> bin_env path to supervisorctl bin or path to virtualenv with supervisor installed CLI Example:</p><p> salt '*' supervisord.stop <service> salt '*' supervisord.stop <group>: salt.modules.supervisord.update(user=None, conf_ﬁle=None, bin_env=None) Reload conﬁg and add/remove as necessary user user to run supervisorctl as conf_ﬁle path to supervisord conﬁg ﬁle bin_env path to supervisorctl bin or path to virtualenv with supervisor installed CLI Example:</group></service></p><p> salt '*' supervisord.update</p><p>22.16.201 salt.modules.svn</p><p>Subversion SCM salt.modules.svn.add(cwd, targets, user=None, username=None, password=None, *opts) Add ﬁles to be tracked by the Subversion working-copy checkout cwd e path to the Subversion repository targets [None] ﬁles and directories to pass to the command as arguments user [None] Run svn as a user other than what the minion runs as username [None] Connect to the Subversion server as another user password [None] Connect to the Subversion server with this password New in version 0.17.0. CLI Example:</p><p> salt '*' svn.add /path/to/repo /path/to/new/file salt.modules.svn.checkout(cwd, remote, target=None, user=None, username=None, password=None, *opts) Download a working copy of the remote Subversion repository directory or ﬁle cwd e path to the Subversion repository remote [None] URL to checkout target [None] e name to give the ﬁle or directory working copy Default: svn uses the remote basename user [None] Run svn as a user other than what the minion runs as username [None] Connect to the Subversion server as another user password [None] Connect to the Subversion server with this password New in version 0.17.0. CLI Example:</p><p> salt '*' svn.checkout /path/to/repo svn://remote/repo</p><p>832 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.svn.commit(cwd, targets=None, msg=None, user=None, username=None, password=None, *opts) Commit the current directory, ﬁles, or directories to the remote Subversion repository cwd e path to the Subversion repository targets [None] ﬁles and directories to pass to the command as arguments Default: svn uses `.' msg [None] Message to aach to the commit log user [None] Run svn as a user other than what the minion runs as username [None] Connect to the Subversion server as another user password [None] Connect to the Subversion server with this password New in version 0.17.0. CLI Example:</p><p> salt '*' svn.commit /path/to/repo salt.modules.svn.diff(cwd, targets=None, user=None, username=None, password=None, *opts) Return the diﬀ of the current directory, ﬁles, or directories from the remote Subversion repository cwd e path to the Subversion repository targets [None] ﬁles and directories to pass to the command as arguments Default: svn uses `.' user [None] Run svn as a user other than what the minion runs as username [None] Connect to the Subversion server as another user password [None] Connect to the Subversion server with this password New in version 0.17.0. CLI Example:</p><p> salt '*' svn.diff /path/to/repo salt.modules.svn.export(cwd, remote, target=None, user=None, username=None, password=None, re- vision='HEAD', *opts) Create an unversioned copy of a tree. cwd e path to the Subversion repository remote [None] URL and path to ﬁle or directory checkout target [None] e name to give the ﬁle or directory working copy Default: svn uses the remote basename user [None] Run svn as a user other than what the minion runs as username [None] Connect to the Subversion server as another user password [None] Connect to the Subversion server with this password New in version 0.17.0. CLI Example:</p><p> salt '*' svn.export /path/to/repo svn://remote/repo salt.modules.svn.info(cwd, targets=None, user=None, username=None, password=None, fmt='str') Display the Subversion information from the checkout. cwd e path to the Subversion repository</p><p>22.16. Full list of builtin execution modules 833 Salt Documentation, Release 2014.7.6</p><p> targets [None] ﬁles, directories, and URLs to pass to the command as arguments svn uses `.' by default user [None] Run svn as a user other than what the minion runs as username [None] Connect to the Subversion server as another user password [None] Connect to the Subversion server with this password New in version 0.17.0. fmt [str] How to fmt the output from info. (str, xml, list, dict) CLI Example:</p><p> salt '*' svn.info /path/to/svn/repo salt.modules.svn.remove(cwd, targets, msg=None, user=None, username=None, password=None, *opts) Remove ﬁles and directories from the Subversion repository cwd e path to the Subversion repository targets [None] ﬁles, directories, and URLs to pass to the command as arguments msg [None] Message to aach to the commit log user [None] Run svn as a user other than what the minion runs as username [None] Connect to the Subversion server as another user password [None] Connect to the Subversion server with this password New in version 0.17.0. CLI Example:</p><p> salt '*' svn.remove /path/to/repo /path/to/repo/remove salt.modules.svn.status(cwd, targets=None, user=None, username=None, password=None, *opts) Display the status of the current directory, ﬁles, or directories in the Subversion repository cwd e path to the Subversion repository targets [None] ﬁles, directories, and URLs to pass to the command as arguments Default: svn uses `.' user [None] Run svn as a user other than what the minion runs as username [None] Connect to the Subversion server as another user password [None] Connect to the Subversion server with this password New in version 0.17.0. CLI Example:</p><p> salt '*' svn.status /path/to/repo salt.modules.svn.switch(cwd, remote, target=None, user=None, username=None, password=None, *opts) New in version 2014.1.0. Switch a working copy of a remote Subversion repository directory cwd e path to the Subversion repository remote [None] URL to switch target [None] e name to give the ﬁle or directory working copy Default: svn uses the remote basename</p><p>834 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> user [None] Run svn as a user other than what the minion runs as username [None] Connect to the Subversion server as another user password [None] Connect to the Subversion server with this password CLI Example:</p><p> salt '*' svn.switch /path/to/repo svn://remote/repo salt.modules.svn.update(cwd, targets=None, user=None, username=None, password=None, *opts) Update the current directory, ﬁles, or directories from the remote Subversion repository cwd e path to the Subversion repository targets [None] ﬁles and directories to pass to the command as arguments Default: svn uses `.' user [None] Run svn as a user other than what the minion runs as password [None] Connect to the Subversion server with this password New in version 0.17.0. username [None] Connect to the Subversion server as another user CLI Example:</p><p> salt '*' svn.update /path/to/repo</p><p>22.16.202 salt.modules.swi</p><p>Module for handling OpenStack Swi calls Author: Anthony Stanton <anthony.stanton> Inspired by the S3 and Nova modules depends • swiclient Python module conﬁguration is module is not usable until the user, password, tenant, and auth URL are speciﬁed either in a pillar or in the minion's conﬁg ﬁle. For example:</anthony.stanton></p><p> keystone.user: admin keystone.password: verybadpass keystone.tenant: admin keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'</p><p>If conﬁguration for multiple OpenStack accounts is required, they can be set up as diﬀerent con- ﬁguration proﬁles: For example:</p><p> openstack1: keystone.user: admin keystone.password: verybadpass keystone.tenant: admin keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'</p><p> openstack2: keystone.user: admin keystone.password: verybadpass keystone.tenant: admin keystone.auth_url: 'http://127.0.0.2:5000/v2.0/'</p><p>22.16. Full list of builtin execution modules 835 Salt Documentation, Release 2014.7.6</p><p>With this conﬁguration in place, any of the swi functions can make use of a conﬁguration proﬁle by declaring it explicitly. For example:</p><p> salt '*' swift.get mycontainer myfile /tmp/file profile=openstack1 salt.modules.swift.delete(cont, path=None, proﬁle=None) Delete a container, or delete an object from a container. CLI Example to delete a container:</p><p> salt myminion swift.delete mycontainer</p><p>CLI Example to delete an object from a container:</p><p> salt myminion swift.delete mycontainer remoteobject salt.modules.swift.get(cont=None, path=None, local_ﬁle=None, return_bin=False, proﬁle=None) List the contents of a container, or return an object from a container. Set return_bin to True in order to retrieve an object wholesale. Otherwise, Salt will aempt to parse an XML response. CLI Example to list containers:</p><p> salt myminion swift.get</p><p>CLI Example to list the contents of a container:</p><p> salt myminion swift.get mycontainer</p><p>CLI Example to return the binary contents of an object:</p><p> salt myminion swift.get mycontainer myfile.png return_bin=True</p><p>CLI Example to save the binary contents of an object to a local ﬁle:</p><p> salt myminion swift.get mycontainer myfile.png local_file=/tmp/myfile.png salt.modules.swift.head() salt.modules.swift.put(cont, path=None, local_ﬁle=None, proﬁle=None) Create a new container, or upload an object to a container. CLI Example to create a container:</p><p> salt myminion swift.put mycontainer</p><p>CLI Example to upload an object to a container:</p><p> salt myminion swift.put mycontainer remotepath local_file=/path/to/file</p><p>22.16.203 salt.modules.sysbench</p><p>e `sysbench' module is used to analyze the performance of the minions, right from the master! It measures various system parameters such as CPU, Memory, File I/O, reads and Mutex. salt.modules.sysbench.cpu() Tests for the CPU performance of minions. CLI Examples:</p><p>836 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt '*' sysbench.cpu salt.modules.sysbench.fileio() is tests for the ﬁle read and write operations Various modes of operations are •sequential write •sequential rewrite •sequential read •random read •random write •random read and write e test works with 32 ﬁles with each ﬁle being 1Gb in size e test consumes a lot of time. Be patient! CLI Examples:</p><p> salt '*' sysbench.fileio salt.modules.sysbench.memory() is tests the memory for read and write operations. CLI Examples:</p><p> salt '*' sysbench.memory salt.modules.sysbench.mutex() Tests the implementation of mutex CLI Examples:</p><p> salt '*' sysbench.mutex salt.modules.sysbench.ping() salt.modules.sysbench.threads() is tests the performance of the processor's scheduler CLI Example:</p><p> salt '*' sysbench.threads</p><p>22.16.204 salt.modules.sysmod</p><p>e sys module provides information about the available functions on the minion salt.modules.sysmod.argspec(module='`) Return the argument speciﬁcation of functions in Salt execution modules. CLI Example:</p><p> salt '*' sys.argspec pkg.install salt '*' sys.argspec sys salt '*' sys.argspec salt.modules.sysmod.doc(*args) Return the docstrings for all modules. Optionally, specify a module or a function to narrow the selection. e strings are aggregated into a single document on the master for easy reading.</p><p>22.16. Full list of builtin execution modules 837 Salt Documentation, Release 2014.7.6</p><p>Multiple modules/functions can be speciﬁed. CLI Example:</p><p> salt '*' sys.doc salt '*' sys.doc sys salt '*' sys.doc sys.doc salt '*' sys.doc network.traceroute user.info salt.modules.sysmod.list_functions(*args, **kwargs) List the functions for all modules. Optionally, specify a module or modules from which to list. CLI Example:</p><p> salt '*' sys.list_functions salt '*' sys.list_functions sys salt '*' sys.list_functions sys user salt.modules.sysmod.list_modules() List the modules loaded on the minion CLI Example:</p><p> salt '*' sys.list_modules salt.modules.sysmod.list_returner_functions(*args, **kwargs) New in version 2014.7.0. List the functions for all returner modules. Optionally, specify a returner module or modules from which to list. CLI Example:</p><p> salt '*' sys.list_returner_functions salt '*' sys.list_returner_functions mysql salt '*' sys.list_returner_functions mysql etcd salt.modules.sysmod.list_returners() New in version 2014.7.0. List the runners loaded on the minion CLI Example:</p><p> salt '*' sys.list_returners salt.modules.sysmod.list_runner_functions(*args, **kwargs) New in version 2014.7.0. List the functions for all runner modules. Optionally, specify a runner module or modules from which to list. CLI Example:</p><p> salt '*' sys.list_runner_functions salt '*' sys.list_runner_functions state salt '*' sys.list_runner_functions state virt salt.modules.sysmod.list_runners() New in version 2014.7.0. List the runners loaded on the minion CLI Example:</p><p>838 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt '*' sys.list_runners salt.modules.sysmod.list_state_functions(*args, **kwargs) New in version 2014.7.0. List the functions for all state modules. Optionally, specify a state module or modules from which to list. CLI Example:</p><p> salt '*' sys.list_state_functions salt '*' sys.list_state_functions file salt '*' sys.list_state_functions pkg user salt.modules.sysmod.list_state_modules() New in version 2014.7.0. List the modules loaded on the minion CLI Example:</p><p> salt '*' sys.list_state_modules salt.modules.sysmod.reload_modules() Tell the minion to reload the execution modules CLI Example:</p><p> salt '*' sys.reload_modules salt.modules.sysmod.returner_doc(*args) New in version 2014.7.0. Return the docstrings for all returners. Optionally, specify a returner or a function to narrow the selection. e strings are aggregated into a single document on the master for easy reading. Multiple returners/functions can be speciﬁed. CLI Example:</p><p> salt '*' sys.returner_doc salt '*' sys.returner_doc sqlite3 salt '*' sys.returner_doc sqlite3.get_fun salt '*' sys.returner_doc sqlite3.get_fun etcd.get_fun salt.modules.sysmod.runner_doc(*args) New in version 2014.7.0. Return the docstrings for all runners. Optionally, specify a runner or a function to narrow the selection. e strings are aggregated into a single document on the master for easy reading. Multiple runners/functions can be speciﬁed. CLI Example:</p><p> salt '*' sys.runner_doc salt '*' sys.runner_doc cache salt '*' sys.runner_doc cache.grains salt '*' sys.runner_doc cache.grains mine.get salt.modules.sysmod.state_doc(*args) New in version 2014.7.0.</p><p>22.16. Full list of builtin execution modules 839 Salt Documentation, Release 2014.7.6</p><p>Return the docstrings for all states. Optionally, specify a state or a function to narrow the selection. e strings are aggregated into a single document on the master for easy reading. Multiple states/functions can be speciﬁed. CLI Example:</p><p> salt '*' sys.state_doc salt '*' sys.state_doc service salt '*' sys.state_doc service.running salt '*' sys.state_doc service.running ipables.append</p><p>22.16.205 salt.modules.system</p><p>Support for reboot, shutdown, etc salt.modules.system.halt() Halt a running system CLI Example:</p><p> salt '*' system.halt salt.modules.system.init(runlevel) Change the system runlevel on sysV compatible systems CLI Example:</p><p> salt '*' system.init 3 salt.modules.system.poweroff() Poweroﬀ a running system CLI Example:</p><p> salt '*' system.poweroff salt.modules.system.reboot() Reboot the system using the `reboot' command CLI Example:</p><p> salt '*' system.reboot salt.modules.system.shutdown(at_time=None) Shutdown a running system CLI Example:</p><p> salt '*' system.shutdown</p><p>22.16.206 salt.modules.systemd</p><p>Provide the service module for systemd salt.modules.systemd.available(name) Check that the given service is available taking into account template units. CLI Example:</p><p>840 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt '*' service.available sshd salt.modules.systemd.disable(name, **kwargs) Disable the named service to not start when the system boots CLI Example:</p><p> salt '*' service.disable <service name=""> salt.modules.systemd.disabled(name) Return if the named service is disabled to start on boot CLI Example:</service></p><p> salt '*' service.disabled <service name=""> salt.modules.systemd.enable(name, **kwargs) Enable the named service to start when the system boots CLI Example:</service></p><p> salt '*' service.enable <service name=""> salt.modules.systemd.enabled(name) Return if the named service is enabled to start on boot CLI Example:</service></p><p> salt '*' service.enabled <service name=""> salt.modules.systemd.execs() Return a list of all ﬁles speciﬁed as ExecStart for all services. CLI Example: salt `*' service.execs salt.modules.systemd.force_reload(name) Force-reload the speciﬁed service with systemd CLI Example:</service></p><p> salt '*' service.force_reload <service name=""> salt.modules.systemd.get_all() Return a list of all available services CLI Example:</service></p><p> salt '*' service.get_all salt.modules.systemd.get_disabled() Return a list of all disabled services CLI Example:</p><p> salt '*' service.get_disabled salt.modules.systemd.get_enabled() Return a list of all enabled services CLI Example:</p><p>22.16. Full list of builtin execution modules 841 Salt Documentation, Release 2014.7.6</p><p> salt '*' service.get_enabled salt.modules.systemd.missing(name) e inverse of service.available. Returns True if the speciﬁed service is not available, otherwise returns False. CLI Example:</p><p> salt '*' service.missing sshd salt.modules.systemd.reload_(name) Reload the speciﬁed service with systemd CLI Example:</p><p> salt '*' service.reload <service name=""> salt.modules.systemd.restart(name) Restart the speciﬁed service with systemd CLI Example:</service></p><p> salt '*' service.restart <service name=""> salt.modules.systemd.show(name) Show properties of one or more units/jobs or the manager CLI Example: salt `*' service.show <service name=""> salt.modules.systemd.start(name) Start the speciﬁed service with systemd CLI Example:</service></service></p><p> salt '*' service.start <service name=""> salt.modules.systemd.status(name, sig=None) Return the status for a service via systemd, returns a bool whether the service is running. CLI Example:</service></p><p> salt '*' service.status <service name=""> salt.modules.systemd.stop(name) Stop the speciﬁed service with systemd CLI Example:</service></p><p> salt '*' service.stop <service name=""> salt.modules.systemd.systemctl_reload() Reloads systemctl, an action needed whenever unit ﬁles are updated. CLI Example:</service></p><p> salt '*' service.systemctl_reload</p><p>842 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>22.16.207 salt.modules.test</p><p>Module for running arbitrary tests salt.modules.test.arg(*args, **kwargs) Print out the data passed into the function *args and `kwargs, this is used to both test the publication data and cli argument passing, but also to display the information available within the publication data. Returns {``args'': args, ``kwargs'': kwargs}. CLI Example:</p><p> salt '*' test.arg 1 "two" 3.1 txt="hello" wow='{a: 1, b: "hello"}' salt.modules.test.arg_repr(*args, **kwargs) Print out the data passed into the function *args and `kwargs, this is used to both test the publication data and cli argument passing, but also to display the information available within the publication data. Returns {``args'': repr(args), ``kwargs'': repr(kwargs)}. CLI Example:</p><p> salt '*' test.arg_repr 1 "two" 3.1 txt="hello" wow='{a: 1, b: "hello"}' salt.modules.test.arg_type(*args, **kwargs) Print out the types of the args and kwargs. is is used to test the types of the args and kwargs passed down to the minion CLI Example:</p><p> salt '*' test.arg_type 1 'int' salt.modules.test.collatz(start) Execute the collatz conjecture from the passed starting number, returns the sequence and the time it took to compute. Used for performance tests. CLI Example:</p><p> salt '*' test.collatz 3 salt.modules.test.conf_test() Return the value for test.foo in the minion conﬁguration ﬁle, or return the default value CLI Example:</p><p> salt '*' test.conf_test salt.modules.test.cross_test(func, args=None) Execute a minion function via the __salt__ object in the test module, used to verify that the minion functions can be called via the __salt__ module. CLI Example:</p><p> salt '*' test.cross_test file.gid_to_group 0 salt.modules.test.echo(text) Return a string - used for testing the connection CLI Example:</p><p> salt '*' test.echo 'foo bar baz quo qux'</p><p>22.16. Full list of builtin execution modules 843 Salt Documentation, Release 2014.7.6 salt.modules.test.exception(message='Test Exception') Raise an exception Optionally provide an error message or output the full stack. CLI Example:</p><p> salt '*' test.exception 'Oh noes!' salt.modules.test.fib(num) Return a Fibonacci sequence up to the passed number, and the timeit took to compute in seconds. Used for performance tests CLI Example:</p><p> salt '*' test.fib 3 salt.modules.test.get_opts() Return the conﬁguration options passed to this minion CLI Example:</p><p> salt '*' test.get_opts salt.modules.test.kwarg(**kwargs) Print out the data passed into the function **kwargs, this is used to both test the publication data and cli kwarg passing, but also to display the information available within the publication data. CLI Example:</p><p> salt '*' test.kwarg num=1 txt="two" env='{a: 1, b: "hello"}' salt.modules.test.not_loaded() List the modules that were not loaded by the salt loader system CLI Example:</p><p> salt '*' test.not_loaded salt.modules.test.opts_pkg() Return an opts package with the grains and opts for this minion. is is primarily used to create the options used for master side state compiling routines CLI Example:</p><p> salt '*' test.opts_pkg salt.modules.test.outputter(data) Test the outpuer, pass in data to return CLI Example:</p><p> salt '*' test.outputter foobar salt.modules.test.ping() Used to make sure the minion is up and responding. Not an ICMP ping. Returns True. CLI Example:</p><p> salt '*' test.ping</p><p>844 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.test.provider(module) Pass in a function name to discover what provider is being used CLI Example:</p><p> salt '*' test.provider service salt.modules.test.providers() Return a dict of the provider names and the ﬁles that provided them CLI Example:</p><p> salt '*' test.providers salt.modules.test.rand_sleep(max=60) Sleep for a random number of seconds, used to test long-running commands and minions returning at diﬀering intervals CLI Example:</p><p> salt '*' test.rand_sleep 60 salt.modules.test.rand_str(size=9999999999) Return a random string CLI Example:</p><p> salt '*' test.rand_str salt.modules.test.retcode(code=42) Test that the returncode system is functioning correctly CLI Example:</p><p> salt '*' test.retcode 42 salt.modules.test.sleep(length) Instruct the minion to initiate a process that will sleep for a given period of time. CLI Example:</p><p> salt '*' test.sleep 20 salt.modules.test.stack() Return the current stack trace CLI Example:</p><p> salt '*' test.stack salt.modules.test.tty(*args, **kwargs) Deprecated! Moved to cmdmod. CLI Example:</p><p> salt '*' test.tty tty0 'This is a test' salt '*' test.tty pts3 'This is a test' salt.modules.test.version() Return the version of salt on the minion CLI Example:</p><p>22.16. Full list of builtin execution modules 845 Salt Documentation, Release 2014.7.6</p><p> salt '*' test.version salt.modules.test.versions_information() Returns versions of components used by salt as a dict CLI Example:</p><p> salt '*' test.versions_information salt.modules.test.versions_report() Returns versions of components used by salt CLI Example:</p><p> salt '*' test.versions_report</p><p>22.16.208 salt.modules.timezone</p><p>Module for managing timezone on POSIX-like systems. salt.modules.timezone.get_hwclock() Get current hardware clock seing (UTC or localtime) CLI Example:</p><p> salt '*' timezone.get_hwclock salt.modules.timezone.get_offset() Get current numeric timezone oﬀset from UCT (i.e. -0700) CLI Example:</p><p> salt '*' timezone.get_offset salt.modules.timezone.get_zone() Get current timezone (i.e. America/Denver) CLI Example:</p><p> salt '*' timezone.get_zone salt.modules.timezone.get_zonecode() Get current timezone (i.e. PST, MDT, etc) CLI Example:</p><p> salt '*' timezone.get_zonecode salt.modules.timezone.set_hwclock(clock) Sets the hardware clock to be either UTC or localtime CLI Example:</p><p> salt '*' timezone.set_hwclock UTC salt.modules.timezone.set_zone(timezone) Unlinks, then symlinks /etc/localtime to the set timezone. e timezone is crucial to several system processes, each of which SHOULD be restarted (for instance, whatever you system uses as its cron and syslog daemons). is will not be magically done for you!</p><p>846 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>CLI Example:</p><p> salt '*' timezone.set_zone 'America/Denver' salt.modules.timezone.zone_compare(timezone) Checks the hash sum between the given timezone, and the one set in /etc/localtime. Returns True if they match, and False if not. Mostly useful for running state checks. CLI Example:</p><p> salt '*' timezone.zone_compare 'America/Denver'</p><p>22.16.209 salt.modules.tls</p><p>A salt module for SSL/TLS. Can create a Certiﬁcate Authority (CA) or use Self-Signed certiﬁcates. depends • PyOpenSSL Python module conﬁguration Add the following values in /etc/salt/minion for the CA module to function prop- erly:</p><p> ca.cert_base_path: '/etc/pki' salt.modules.tls.ca_exists(ca_name, cacert_path=None) Verify whether a Certiﬁcate Authority (CA) already exists ca_name name of the CA cacert_path absolute path to ca certiﬁcates root directory CLI Example:</p><p> salt '*' tls.ca_exists test_ca /etc/certs salt.modules.tls.cert_base_path(cacert_path=None) Return the base path for certs from CLI or from options CLI Example:</p><p> salt '*' tls.cert_base_path salt.modules.tls.create_ca(ca_name, bits=2048, days=365, CN='localhost', C='US', ST='Utah', L='Salt Lake City', O='SaltStack', OU=None, emailAddress='xyz@pdq.net', ﬁx- mode=False, cacert_path=None, digest='sha256') Create a Certiﬁcate Authority (CA) ca_name name of the CA bits number of RSA key bits, Default is 2048 days number of days the CA will be valid, Default is 365 CN common name in the request, Default is localhost C country, Default is US ST state, Default is Utah L locality, Default is Salt Lake City O organization, Default is SaltStack</p><p>22.16. Full list of builtin execution modules 847 Salt Documentation, Release 2014.7.6</p><p>OU organizational unit, Default is None emailAddress email address for the CA owner, Default is xyz@pdq.net cacert_path absolute path to ca certiﬁcates root directory digest e message digest algorithm. Must be a string describing a digest algorithm supported by OpenSSL (by EVP_get_digestbyname, speciﬁcally). For example, ``md5'' or ``sha1''. Default: `sha256' Writes out a CA certiﬁcate based upon deﬁned conﬁg values. If the ﬁle already exists, the function just returns assuming the CA certiﬁcate already exists. If the following values were set:</p><p> ca.cert_base_path='/etc/pki' ca_name='koji'</p><p> the resulting CA, and corresponding key, would be wrien in the following location:</p><p>/etc/pki/koji/koji_ca_cert.crt /etc/pki/koji/koji_ca_cert.key</p><p>CLI Example:</p><p> salt '*' tls.create_ca test_ca salt.modules.tls.create_ca_signed_cert(ca_name, CN, days=365, cacert_path=None, di- gest='sha256', **extensions) Create a Certiﬁcate (CERT) signed by a named Certiﬁcate Authority (CA) If the certiﬁcate ﬁle already exists, the function just returns assuming the CERT already exists. e CN must match an existing CSR generated by create_csr. If it does not, this method does nothing. ca_name name of the CA CN common name matching the certiﬁcate signing request days number of days certiﬁcate is valid, Default is 365 (1 year) cacert_path absolute path to ca certiﬁcates root directory digest e message digest algorithm. Must be a string describing a digest algorithm supported by OpenSSL (by EVP_get_digestbyname, speciﬁcally). For example, ``md5'' or ``sha1''. Default: `sha256' **extensions X509 V3 certiﬁcate extension Writes out a Certiﬁcate (CERT). If the ﬁle already exists, the function just returns assuming the CERT already exists. e CN must match an existing CSR generated by create_csr. If it does not, this method does nothing. If the following values were set:</p><p> ca.cert_base_path='/etc/pki' ca_name='koji' CN='test.egavas.org'</p><p> the resulting signed certiﬁcate would be wrien in the following location:</p><p>/etc/pki/koji/certs/test.egavas.org.crt</p><p>CLI Example:</p><p>848 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt '*' tls.create_ca_signed_cert test localhost salt.modules.tls.create_csr(ca_name, bits=2048, CN='localhost', C='US', ST='Utah', L='Salt Lake City', O='SaltStack', OU=None, emailAddress='xyz@pdq.net', subjec- tAltName=None, cacert_path=None, digest='sha256') Create a Certiﬁcate Signing Request (CSR) for a particular Certiﬁcate Authority (CA) ca_name name of the CA bits number of RSA key bits, Default is 2048 CN common name in the request, Default is localhost C country, Default is US ST state, Default is Utah L locality, Default is Salt Lake City O organization. Must the same as CA certiﬁcate or an error will be raised, Default is SaltStack OU organizational unit, Default is None emailAddress email address for the request, Default is xyz@pdq.net subjectAltName valid subjectAltNames in full form, e.g. to add DNS entry you would call this function with this value: ['DNS:myapp.foo.comm'] cacert_path absolute path to ca certiﬁcates root directory digest e message digest algorithm. Must be a string describing a digest algorithm supported by OpenSSL (by EVP_get_digestbyname, speciﬁcally). For example, ``md5'' or ``sha1''. Default: `sha256' Writes out a Certiﬁcate Signing Request (CSR) If the ﬁle already exists, the function just returns assuming the CSR already exists. If the following values were set:</p><p> ca.cert_base_path='/etc/pki' ca_name='koji' CN='test.egavas.org'</p><p> the resulting CSR, and corresponding key, would be wrien in the following location:</p><p>/etc/pki/koji/certs/test.egavas.org.csr /etc/pki/koji/certs/test.egavas.org.key</p><p>CLI Example:</p><p> salt '*' tls.create_csr test salt.modules.tls.create_pkcs12(ca_name, CN, passphrase='`, cacert_path=None) Create a PKCS#12 browser certiﬁcate for a particular Certiﬁcate (CN) ca_name name of the CA CN common name matching the certiﬁcate signing request passphrase used to unlock the PKCS#12 certiﬁcate when loaded into the browser cacert_path absolute path to ca certiﬁcates root directory If the following values were set:</p><p>22.16. Full list of builtin execution modules 849 Salt Documentation, Release 2014.7.6</p><p> ca.cert_base_path='/etc/pki' ca_name='koji' CN='test.egavas.org'</p><p> the resulting signed certiﬁcate would be wrien in the following location:</p><p>/etc/pki/koji/certs/test.egavas.org.p12</p><p>CLI Example:</p><p> salt '*' tls.create_pkcs12 test localhost salt.modules.tls.create_self_signed_cert(tls_dir='tls', bits=2048, days=365, CN='localhost', C='US', ST='Utah', L='Salt Lake City', O='SaltStack', OU=None, emailAd- dress='xyz@pdq.net', cacert_path=None, di- gest='sha256') Create a Self-Signed Certiﬁcate (CERT) tls_dir location appended to the ca.cert_base_path, Default is tls bits number of RSA key bits, Default is 2048 days validity of certiﬁcate, Default is 365 CN common name in the request, Default is localhost C country, Default is US ST state, Default is Utah L locality, Default is Salt Lake City O organization. Must the same as CA certiﬁcate or an error will be raised, Default is SaltStack OU organizational unit, Default is None emailAddress email address for the request, Default is xyz@pdq.net cacert_path absolute path to ca certiﬁcates root directory digest e message digest algorithm. Must be a string describing a digest algorithm supported by OpenSSL (by EVP_get_digestbyname, speciﬁcally). For example, ``md5'' or ``sha1''. Default: `sha256' Writes out a Self-Signed Certiﬁcate (CERT). If the ﬁle already exists, the function just returns. If the following values were set:</p><p> ca.cert_base_path='/etc/pki' tls_dir='koji' CN='test.egavas.org'</p><p> the resulting CERT, and corresponding key, would be wrien in the following location:</p><p>/etc/pki/koji/certs/test.egavas.org.crt /etc/pki/koji/certs/test.egavas.org.key</p><p>CLI Examples:</p><p> salt '*' tls.create_self_signed_cert salt 'minion' tls.create_self_signed_cert CN='test.mysite.org' salt.modules.tls.get_ca(ca_name, as_text=False, cacert_path=None) Get the certiﬁcate path or content</p><p>850 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> ca_name name of the CA as_text if true, return the certiﬁcate content instead of the path cacert_path absolute path to ca certiﬁcates root directory CLI Example:</p><p> salt '*' tls.get_ca test_ca as_text=False cacert_path=/etc/certs salt.modules.tls.maybe_fix_ssl_version(ca_name, cacert_path=None) Check that the X509 version is correct (was incorrectly set in previous salt versions). is will ﬁx the version if needed. ca_name ca authority name cacert_path absolute path to ca certiﬁcates root directory CLI Example:</p><p> salt '*' tls.maybe_fix_ssl_version test_ca /etc/certs salt.modules.tls.set_ca_path(cacert_path) If wanted, store the aforementioned cacert_path in context to be used as the basepath for further operations CLI Example:</p><p> salt '*' tls.set_ca_path /etc/certs</p><p>22.16.210 salt.modules.tomcat</p><p>Support for Tomcat is module uses the manager webapp to manage Apache tomcat webapps. If the manager webapp is not conﬁgured some of the functions won't work.</p><p>Note: e conﬁg format was changed in 2014.7.0, but backwards compatibility for the old-style conﬁg will be in the 2014.7.1 release.</p><p>e following grains/pillar should be set: tomcat-manager: user: <username> passwd: <password> or the old format: tomcat-manager.user: <username> tomcat-manager.passwd: <password></password></username></password></username></p><p>Also conﬁgure a user in the conf/tomcat-users.xml ﬁle:</p><p>Note:</p><p>22.16. Full list of builtin execution modules 851 Salt Documentation, Release 2014.7.6</p><p>• More information about tomcat manager: hp://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html • if you use only this module for deployments you've might want to strict access to the man- ager only from localhost for more info: hp://tomcat.apache.org/tomcat-7.0-doc/manager- howto.html#Conﬁguring_Manager_Application_Access • Tested on: JVM Vendor: Sun Microsystems Inc. JVM Version: 1.6.0_43-b01 OS Aritecture: amd64 OS Name: Linux OS Version: 2.6.32-358.el6.x86_64 Tomcat Version: Apache Tomcat/7.0.37 salt.modules.tomcat.deploy_war(war, context, force='no', url='hp://localhost:8080/manager', saltenv='base', timeout=180, env=None, temp_war_location=None) Deploy a WAR ﬁle war absolute path to WAR ﬁle (should be accessible by the user running tomcat) or a path supported by the salt.modules.cp.get_ﬁle function context the context path to deploy force [False] set True to deploy the webapp even one is deployed in the context url [hp://localhost:8080/manager] the URL of the server manager webapp saltenv [base] the environment for WAR ﬁle in used by salt.modules.cp.get_url function timeout [180] timeout for HTTP request temp_war_location [None] use another location to temporarily copy to war ﬁle by default the system's temp directory is used CLI Examples: cp module</p><p> salt '*' tomcat.deploy_war salt://application.war /api salt '*' tomcat.deploy_war salt://application.war /api no salt '*' tomcat.deploy_war salt://application.war /api yes http://localhost:8080/manager</p><p> minion local ﬁle system</p><p> salt '*' tomcat.deploy_war /tmp/application.war /api salt '*' tomcat.deploy_war /tmp/application.war /api no salt '*' tomcat.deploy_war /tmp/application.war /api yes http://localhost:8080/manager salt.modules.tomcat.fullversion() Return all server information from catalina.sh version CLI Example:</p><p> salt '*' tomcat.fullversion salt.modules.tomcat.leaks(url='hp://localhost:8080/manager', timeout=180) Find memory leaks in tomcat</p><p>852 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> url [hp://localhost:8080/manager] the URL of the server manager webapp timeout [180] timeout for HTTP request CLI Examples:</p><p> salt '*' tomcat.leaks salt.modules.tomcat.ls(url='hp://localhost:8080/manager', timeout=180) list all the deployed webapps url [hp://localhost:8080/manager] the URL of the server manager webapp timeout [180] timeout for HTTP request CLI Examples:</p><p> salt '*' tomcat.ls salt '*' tomcat.ls http://localhost:8080/manager salt.modules.tomcat.passwd(passwd, user='`, alg='md5', realm=None) is function replaces the $CATALINA_HOME/bin/digest.sh script convert a clear-text password to the $CATALINA_BASE/conf/tomcat-users.xml format CLI Examples:</p><p> salt '*' tomcat.passwd secret salt '*' tomcat.passwd secret tomcat sha1 salt '*' tomcat.passwd secret tomcat sha1 'Protected Realm' salt.modules.tomcat.reload_(app, url='hp://localhost:8080/manager', timeout=180) Reload the webapp app the webapp context path url [hp://localhost:8080/manager] the URL of the server manager webapp timeout [180] timeout for HTTP request CLI Examples:</p><p> salt '*' tomcat.reload /jenkins salt '*' tomcat.reload /jenkins http://localhost:8080/manager salt.modules.tomcat.serverinfo(url='hp://localhost:8080/manager', timeout=180) return details about the server url [hp://localhost:8080/manager] the URL of the server manager webapp timeout [180] timeout for HTTP request CLI Examples:</p><p> salt '*' tomcat.serverinfo salt '*' tomcat.serverinfo http://localhost:8080/manager salt.modules.tomcat.sessions(app, url='hp://localhost:8080/manager', timeout=180) return the status of the webapp sessions app the webapp context path url [hp://localhost:8080/manager] the URL of the server manager webapp timeout [180] timeout for HTTP request</p><p>22.16. Full list of builtin execution modules 853 Salt Documentation, Release 2014.7.6</p><p>CLI Examples:</p><p> salt '*' tomcat.sessions /jenkins salt '*' tomcat.sessions /jenkins http://localhost:8080/manager salt.modules.tomcat.signal(signal=None) Signals catalina to start, stop, securestart, forcestop. CLI Example:</p><p> salt '*' tomcat.signal start salt.modules.tomcat.start(app, url='hp://localhost:8080/manager', timeout=180) Start the webapp app the webapp context path url [hp://localhost:8080/manager] the URL of the server manager webapp timeout timeout for HTTP request CLI Examples:</p><p> salt '*' tomcat.start /jenkins salt '*' tomcat.start /jenkins http://localhost:8080/manager salt.modules.tomcat.status(url='hp://localhost:8080/manager', timeout=180) Used to test if the tomcat manager is up url [hp://localhost:8080/manager] the URL of the server manager webapp timeout [180] timeout for HTTP request CLI Examples:</p><p> salt '*' tomcat.status salt '*' tomcat.status http://localhost:8080/manager salt.modules.tomcat.status_webapp(app, url='hp://localhost:8080/manager', timeout=180) return the status of the webapp (stopped | running | missing) app the webapp context path url [hp://localhost:8080/manager] the URL of the server manager webapp timeout [180] timeout for HTTP request CLI Examples:</p><p> salt '*' tomcat.status_webapp /jenkins salt '*' tomcat.status_webapp /jenkins http://localhost:8080/manager salt.modules.tomcat.stop(app, url='hp://localhost:8080/manager', timeout=180) Stop the webapp app the webapp context path url [hp://localhost:8080/manager] the URL of the server manager webapp timeout [180] timeout for HTTP request CLI Examples:</p><p> salt '*' tomcat.stop /jenkins salt '*' tomcat.stop /jenkins http://localhost:8080/manager</p><p>854 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.tomcat.undeploy(app, url='hp://localhost:8080/manager', timeout=180) Undeploy a webapp app the webapp context path url [hp://localhost:8080/manager] the URL of the server manager webapp timeout [180] timeout for HTTP request CLI Examples:</p><p> salt '*' tomcat.undeploy /jenkins salt '*' tomcat.undeploy /jenkins http://localhost:8080/manager salt.modules.tomcat.version() Return server version from catalina.sh version CLI Example:</p><p> salt '*' tomcat.version</p><p>22.16.211 salt.modules.twilio_notify</p><p>Module for notiﬁcations via Twilio New in version 2014.7.0. depends • twilio python module conﬁguration Conﬁgure this module by specifying the name of a conﬁguration proﬁle in the minion conﬁg, minion pillar, or master conﬁg. For example:</p><p> my-twilio-account: twilio.account_sid: AC32a3c83990934481addd5ce1659f04d2 twilio.auth_token: mytoken salt.modules.twilio_notify.send_sms(proﬁle, body, to, from_) Send an sms CLI Example: twilio.send_sms twilio-account `Test sms' `+18019999999' `+18011111111'</p><p>22.16.212 salt.modules.upstart</p><p>Module for the management of upstart systems. e Upstart system only supports service starting, stopping and restarting. Currently (as of Ubuntu 12.04) there is no tool available to disable Upstart services (like update-rc.d). is[1] is the recommended way to disable an Upstart service. So we assume that all Upstart services that have not been disabled in this manner are enabled. But this is broken because we do not check to see that the dependent services are enabled. Otherwise we would have to do something like parse the output of ``initctl show-conﬁg'' to determine if all service dependencies are enabled to start on boot. For example, see the ``start on'' condition for the lightdm service below[2]. And this would be too hard. So we wait until the upstart developers have solved this problem. :) is is to say that an Upstart service that is enabled may not really be enabled.</p><p>22.16. Full list of builtin execution modules 855 Salt Documentation, Release 2014.7.6</p><p>Also, when an Upstart service is enabled, should the dependent services be enabled too? Probably not. But there should be a notice about this, at least. [1] hp://upstart.ubuntu.com/cookbook/#disabling-a-job-from-automatically-starting [2] example upstart conﬁguration ﬁle: lightdm emits login-session-start emits desktop-session-start emits desktop-shutdown start on ((((filesystem and runlevel [!06]) and started dbus) and (drm-device-added card0 PRIMARY_DEVICE_FOR_DISPLAY=1 or stopped udev-fallback-graphics)) or runlevel PREVLEVEL=S) stop on runlevel [016]</p><p>Warning: is module should not be used on Red Hat systems. For these, the rh_service module should be used, as it supports the hybrid upstart/sysvinit system used in RHEL/CentOS 6. salt.modules.upstart.available(name) Returns True if the speciﬁed service is available, otherwise returns False. CLI Example:</p><p> salt '*' service.available sshd salt.modules.upstart.disable(name, **kwargs) Disable the named service from starting on boot CLI Example:</p><p> salt '*' service.disable <service name=""> salt.modules.upstart.disabled(name) Check to see if the named service is disabled to start on boot CLI Example:</service></p><p> salt '*' service.disabled <service name=""> salt.modules.upstart.enable(name, **kwargs) Enable the named service to start at boot CLI Example:</service></p><p> salt '*' service.enable <service name=""> salt.modules.upstart.enabled(name) Check to see if the named service is enabled to start on boot CLI Example:</service></p><p> salt '*' service.enabled <service name=""> salt.modules.upstart.force_reload(name) Force-reload the named service CLI Example:</service></p><p> salt '*' service.force_reload <service name=""> salt.modules.upstart.full_restart(name) Do a full restart (stop/start) of the named service CLI Example:</service></p><p>856 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt '*' service.full_restart <service name=""> salt.modules.upstart.get_all() Return all installed services CLI Example:</service></p><p> salt '*' service.get_all salt.modules.upstart.get_disabled() Return the disabled services CLI Example:</p><p> salt '*' service.get_disabled salt.modules.upstart.get_enabled() Return the enabled services CLI Example:</p><p> salt '*' service.get_enabled salt.modules.upstart.missing(name) e inverse of service.available. Returns True if the speciﬁed service is not available, otherwise returns False. CLI Example:</p><p> salt '*' service.missing sshd salt.modules.upstart.reload_(name) Reload the named service CLI Example:</p><p> salt '*' service.reload <service name=""> salt.modules.upstart.restart(name) Restart the named service CLI Example:</service></p><p> salt '*' service.restart <service name=""> salt.modules.upstart.start(name) Start the speciﬁed service CLI Example:</service></p><p> salt '*' service.start <service name=""> salt.modules.upstart.status(name, sig=None) Return the status for a service, returns a bool whether the service is running. CLI Example:</service></p><p> salt '*' service.status <service name=""> salt.modules.upstart.stop(name) Stop the speciﬁed service CLI Example:</service></p><p>22.16. Full list of builtin execution modules 857 Salt Documentation, Release 2014.7.6</p><p> salt '*' service.stop <service name=""></service></p><p>22.16.213 salt.modules.useradd</p><p>Manage users with the useradd command salt.modules.useradd.add(name, uid=None, gid=None, groups=None, home=None, shell=None, unique=True, system=False, fullname='`, roomnumber='`, workphone='`, homephone='`, createhome=True) Add a user to the minion CLI Example:</p><p> salt '*' user.add name <uid> <gid> <groups> <home> <shell> salt.modules.useradd.chfullname(name, fullname) Change the user's Full Name CLI Example:</shell></home></groups></gid></uid></p><p> salt '*' user.chfullname foo "Foo Bar" salt.modules.useradd.chgid(name, gid) Change the default group of the user CLI Example:</p><p> salt '*' user.chgid foo 4376 salt.modules.useradd.chgroups(name, groups, append=False) Change the groups this user belongs to, add append to append the speciﬁed groups CLI Example:</p><p> salt '*' user.chgroups foo wheel,root True salt.modules.useradd.chhome(name, home, persist=False) Change the home directory of the user, pass True for persist to move ﬁles to the new home directory if the old home directory exist. CLI Example:</p><p> salt '*' user.chhome foo /home/users/foo True salt.modules.useradd.chhomephone(name, homephone) Change the user's Home Phone CLI Example:</p><p> salt '*' user.chhomephone foo "7735551234" salt.modules.useradd.chroomnumber(name, roomnumber) Change the user's Room Number CLI Example:</p><p> salt '*' user.chroomnumber foo 123 salt.modules.useradd.chshell(name, shell) Change the default shell of the user</p><p>858 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>CLI Example:</p><p> salt '*' user.chshell foo /bin/zsh salt.modules.useradd.chuid(name, uid) Change the uid for a named user CLI Example:</p><p> salt '*' user.chuid foo 4376 salt.modules.useradd.chworkphone(name, workphone) Change the user's Work Phone CLI Example:</p><p> salt '*' user.chworkphone foo "7735550123" salt.modules.useradd.delete(name, remove=False, force=False) Remove a user from the minion CLI Example:</p><p> salt '*' user.delete name remove=True force=True salt.modules.useradd.getent(refresh=False) Return the list of all info for all users CLI Example:</p><p> salt '*' user.getent salt.modules.useradd.info(name) Return user information CLI Example:</p><p> salt '*' user.info root salt.modules.useradd.list_groups(name) Return a list of groups the named user belongs to CLI Example:</p><p> salt '*' user.list_groups foo salt.modules.useradd.list_users() Return a list of all users CLI Example:</p><p> salt '*' user.list_users</p><p>22.16.214 salt.modules.uwsgi uWSGI stats server hp://uwsgi-docs.readthedocs.org/en/latest/StatsServer.html maintainer Peter Baumgartner <pete> maturity new platform all</pete></p><p>22.16. Full list of builtin execution modules 859 Salt Documentation, Release 2014.7.6 salt.modules.uwsgi.stats(socket) Return the data from uwsgi --connect-and-read as a dictionary. soet e socket the uWSGI stats server is listening on CLI Example:</p><p> salt '*' uwsgi.stats /var/run/mystatsserver.sock</p><p> salt '*' uwsgi.stats 127.0.0.1:5050</p><p>22.16.215 salt.modules.varnish</p><p>Support for Varnish New in version 2014.7.0.</p><p>Note: ese functions are designed to work with all implementations of Varnish from 3.x onwards salt.modules.varnish.ban(ban_expression) Add ban to the varnish cache CLI Example:</p><p> salt '*' varnish.ban ban_expression salt.modules.varnish.ban_list() List varnish cache current bans CLI Example:</p><p> salt '*' varnish.ban_list salt.modules.varnish.param_set(param, value) Set a param in varnish cache CLI Example:</p><p> salt '*' varnish.param_set param value salt.modules.varnish.param_show(param=None) Show params of varnish cache CLI Example:</p><p> salt '*' varnish.param_show param salt.modules.varnish.purge() Purge the varnish cache CLI Example:</p><p> salt '*' varnish.purge salt.modules.varnish.version() Return server version from varnishd -V CLI Example:</p><p>860 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt '*' varnish.version</p><p>22.16.216 salt.modules.virt</p><p>Work with virtual machines managed by libvirt depends libvirt Python module salt.modules.virt.create(vm_) Start a deﬁned domain CLI Example:</p><p> salt '*' virt.create <vm name=""> salt.modules.virt.create_xml_path(path) Start a domain based on the XML-ﬁle path passed to the function CLI Example:</vm></p><p> salt '*' virt.create_xml_path <path file="" node="" on="" the="" to="" xml=""> salt.modules.virt.create_xml_str(xml) Start a domain based on the XML passed to the function CLI Example:</path></p><p> salt '*' virt.create_xml_str <xml format="" in="" string=""> salt.modules.virt.ctrl_alt_del(vm_) Sends CTRL+ALT+DEL to a VM CLI Example:</xml></p><p> salt '*' virt.ctrl_alt_del <vm name=""> salt.modules.virt.define_vol_xml_path(path) Deﬁne a volume based on the XML-ﬁle path passed to the function CLI Example:</vm></p><p> salt '*' virt.define_vol_xml_path <path file="" node="" on="" the="" to="" xml=""> salt.modules.virt.define_vol_xml_str(xml) Deﬁne a volume based on the XML passed to the function CLI Example:</path></p><p> salt '*' virt.define_vol_xml_str <xml format="" in="" string=""> salt.modules.virt.define_xml_path(path) Deﬁne a domain based on the XML-ﬁle path passed to the function CLI Example:</xml></p><p> salt '*' virt.define_xml_path <path file="" node="" on="" the="" to="" xml=""> salt.modules.virt.define_xml_str(xml) Deﬁne a domain based on the XML passed to the function CLI Example:</path></p><p>22.16. Full list of builtin execution modules 861 Salt Documentation, Release 2014.7.6</p><p> salt '*' virt.define_xml_str <xml format="" in="" string=""> salt.modules.virt.destroy(vm_) Hard power down the virtual machine, this is equivalent to pulling the power CLI Example:</xml></p><p> salt '*' virt.destroy <vm name=""> salt.modules.virt.freecpu() Return an int representing the number of unallocated cpus on this hypervisor CLI Example:</vm></p><p> salt '*' virt.freecpu salt.modules.virt.freemem() Return an int representing the amount of memory that has not been given to virtual machines on this node CLI Example:</p><p> salt '*' virt.freemem salt.modules.virt.full_info() Return the node_info, vm_info and freemem CLI Example:</p><p> salt '*' virt.full_info salt.modules.virt.get_disks(vm_) Return the disks of a named vm CLI Example:</p><p> salt '*' virt.get_disks <vm name=""> salt.modules.virt.get_graphics(vm_) Returns the information on vnc for a given vm CLI Example:</vm></p><p> salt '*' virt.get_graphics <vm name=""> salt.modules.virt.get_macs(vm_) Return a list oﬀ MAC addresses from the named vm CLI Example:</vm></p><p> salt '*' virt.get_macs <vm name=""> salt.modules.virt.get_nics(vm_) Return info about the network interfaces of a named vm CLI Example:</vm></p><p> salt '*' virt.get_nics <vm name=""> salt.modules.virt.get_profiles(hypervisor=None) Return the virt proﬁles for hypervisor. Currently there are proﬁles for:</vm></p><p>862 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>•nic •disk CLI Example:</p><p> salt '*' virt.get_profiles salt '*' virt.get_profiles hypervisor=esxi salt.modules.virt.get_xml(vm_) Returns the XML for a given vm CLI Example:</p><p> salt '*' virt.get_xml <vm name=""> salt.modules.virt.init(name, cpu, mem, image=None, nic='default', hypervisor='kvm', start=True, disk='default', saltenv='base', **kwargs) Initialize a new vm CLI Example:</vm></p><p> salt 'hypervisor' virt.init vm_name 4 512 salt://path/to/image.raw salt 'hypervisor' virt.init vm_name 4 512 nic=profile disk=profile salt.modules.virt.is_hyper() Returns a bool whether or not this node is a hypervisor of any kind CLI Example:</p><p> salt '*' virt.is_hyper salt.modules.virt.is_kvm_hyper() Returns a bool whether or not this node is a KVM hypervisor CLI Example:</p><p> salt '*' virt.is_kvm_hyper salt.modules.virt.is_xen_hyper() Returns a bool whether or not this node is a XEN hypervisor CLI Example:</p><p> salt '*' virt.is_xen_hyper salt.modules.virt.list_active_vms() Return a list of names for active virtual machine on the minion CLI Example:</p><p> salt '*' virt.list_active_vms salt.modules.virt.list_inactive_vms() Return a list of names for inactive virtual machine on the minion CLI Example:</p><p> salt '*' virt.list_inactive_vms salt.modules.virt.list_vms() Return a list of virtual machine names on the minion</p><p>22.16. Full list of builtin execution modules 863 Salt Documentation, Release 2014.7.6</p><p>CLI Example:</p><p> salt '*' virt.list_vms salt.modules.virt.migrate(vm_, target, ssh=False) Shared storage migration CLI Example:</p><p> salt '*' virt.migrate <vm name=""> <target hypervisor=""> salt.modules.virt.migrate_non_shared(vm_, target, ssh=False) Aempt to execute non-shared storage ``all'' migration CLI Example:</target></vm></p><p> salt '*' virt.migrate_non_shared <vm name=""> <target hypervisor=""> salt.modules.virt.migrate_non_shared_inc(vm_, target, ssh=False) Aempt to execute non-shared storage ``all'' migration CLI Example:</target></vm></p><p> salt '*' virt.migrate_non_shared_inc <vm name=""> <target hypervisor=""> salt.modules.virt.node_info() Return a dict with information about this node CLI Example:</target></vm></p><p> salt '*' virt.node_info salt.modules.virt.pause(vm_) Pause the named vm CLI Example:</p><p> salt '*' virt.pause <vm name=""> salt.modules.virt.purge(vm_, dirs=False) Recursively destroy and delete a virtual machine, pass True for dir's to also delete the directories containing the virtual machine disk images - USE WITH EXTREME CAUTION! CLI Example:</vm></p><p> salt '*' virt.purge <vm name=""> salt.modules.virt.reboot(vm_) Reboot a domain via ACPI request CLI Example:</vm></p><p> salt '*' virt.reboot <vm name=""> salt.modules.virt.reset(vm_) Reset a VM by emulating the reset buon on a physical machine CLI Example:</vm></p><p> salt '*' virt.reset <vm name=""></vm></p><p>864 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.virt.resume(vm_) Resume the named vm CLI Example:</p><p> salt '*' virt.resume <vm name=""> salt.modules.virt.seed_non_shared_migrate(disks, force=False) Non shared migration requires that the disks be present on the migration destination, pass the disks informa- tion via this function, to the migration destination before executing the migration. CLI Example:</vm></p><p> salt '*' virt.seed_non_shared_migrate <disks> salt.modules.virt.set_autostart(vm_, state='on') Set the autostart ﬂag on a VM so that the VM will start with the host system on reboot. CLI Example:</disks></p><p> salt "*" virt.set_autostart <vm name=""> <on off=""> salt.modules.virt.setmem(vm_, memory, conﬁg=False) Changes the amount of memory allocated to VM. e VM must be shutdown for this to work. memory is to be speciﬁed in MB If conﬁg is True then we ask libvirt to modify the conﬁg as well CLI Example:</on></vm></p><p> salt '*' virt.setmem myvm 768 salt.modules.virt.setvcpus(vm_, vcpus, conﬁg=False) Changes the amount of vcpus allocated to VM. e VM must be shutdown for this to work. vcpus is an int representing the number to be assigned If conﬁg is True then we ask libvirt to modify the conﬁg as well CLI Example:</p><p> salt '*' virt.setvcpus myvm 2 salt.modules.virt.shutdown(vm_) Send a so shutdown signal to the named vm CLI Example:</p><p> salt '*' virt.shutdown <vm name=""> salt.modules.virt.start(vm_) Alias for the obscurely named `create' function CLI Example:</vm></p><p> salt '*' virt.start <vm name=""> salt.modules.virt.stop(vm_) Alias for the obscurely named `destroy' function CLI Example:</vm></p><p> salt '*' virt.stop <vm name=""></vm></p><p>22.16. Full list of builtin execution modules 865 Salt Documentation, Release 2014.7.6 salt.modules.virt.undefine(vm_) Remove a deﬁned vm, this does not purge the virtual machine image, and this only works if the vm is powered down CLI Example:</p><p> salt '*' virt.undefine <vm name=""> salt.modules.virt.virt_type() Returns the virtual machine type as a string CLI Example:</vm></p><p> salt '*' virt.virt_type salt.modules.virt.vm_cputime(vm_=None) Return cputime used by the vms on this hyper in a list of dicts:</p><p>[ 'your-vm':{ 'cputime' <int> 'cputime_percent' <int> }, ... ]</int></int></p><p>If you pass a VM name in as an argument then it will return info for just the named VM, otherwise it will return all VMs. CLI Example:</p><p> salt '*' virt.vm_cputime salt.modules.virt.vm_diskstats(vm_=None) Return disk usage counters used by the vms on this hyper in a list of dicts:</p><p>[ 'your-vm':{ 'rd_req' : 0, 'rd_bytes' : 0, 'wr_req' : 0, 'wr_bytes' : 0, 'errs' : 0 }, ... ]</p><p>If you pass a VM name in as an argument then it will return info for just the named VM, otherwise it will return all VMs. CLI Example:</p><p> salt '*' virt.vm_blockstats salt.modules.virt.vm_info(vm_=None) Return detailed information about the vms on this hyper in a list of dicts:</p><p>[ 'your-vm':{ 'cpu': <int>, 'maxMem': <int>,</int></int></p><p>866 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>'mem': <int>, 'state': '<state>', 'cputime' <int> }, ... ]</int></state></int></p><p>If you pass a VM name in as an argument then it will return info for just the named VM, otherwise it will return all VMs. CLI Example:</p><p> salt '*' virt.vm_info salt.modules.virt.vm_netstats(vm_=None) Return combined network counters used by the vms on this hyper in a list of dicts:</p><p>[ 'your-vm':{ 'rx_bytes' : 0, 'rx_packets' : 0, 'rx_errs' : 0, 'rx_drop' : 0, 'tx_bytes' : 0, 'tx_packets' : 0, 'tx_errs' : 0, 'tx_drop' : 0 }, ... ]</p><p>If you pass a VM name in as an argument then it will return info for just the named VM, otherwise it will return all VMs. CLI Example:</p><p> salt '*' virt.vm_netstats salt.modules.virt.vm_state(vm_=None) Return list of all the vms and their state. If you pass a VM name in as an argument then it will return info for just the named VM, otherwise it will return all VMs. CLI Example:</p><p> salt '*' virt.vm_state <vm name=""></vm></p><p>22.16.217 salt.modules.virtualenv</p><p>Create virtualenv environments salt.modules.virtualenv_mod.create(path, venv_bin=None, system_site_packages=False, distribute=False, clear=False, python=None, ex- tra_search_dir=None, never_download=None, prompt=None, pip=False, symlinks=None, upgrade=None, user=None, runas=None, saltenv='base') Create a virtualenv</p><p>22.16. Full list of builtin execution modules 867 Salt Documentation, Release 2014.7.6</p><p> path e path to create the virtualenv venv_bin [None (default `virtualenv')] e name (and optionally path) of the virtualenv command. is can also be set globally in the minion conﬁg ﬁle as virtualenv.venv_bin. system_site_paages [False] Passthrough argument given to virtualenv or pyvenv distribute [False] Passthrough argument given to virtualenv pip [False] Install pip aer creating a virtual environment, implies distribute=True clear [False] Passthrough argument given to virtualenv or pyvenv python [None (default)] Passthrough argument given to virtualenv extra_sear_dir [None (default)] Passthrough argument given to virtualenv never_download [None (default)] Passthrough argument given to virtualenv if True prompt [None (default)] Passthrough argument given to virtualenv if not None symlinks [None] Passthrough argument given to pyvenv if True upgrade [None] Passthrough argument given to pyvenv if True user [None] Set ownership for the virtualenv runas [None] Set ownership for the virtualenv</p><p>Note: e runas argument is deprecated as of 2014.1.0. user should be used instead.</p><p>CLI Example:</p><p> salt '*' virtualenv.create /path/to/new/virtualenv salt.modules.virtualenv_mod.get_site_packages(venv) Returns the path to the site-packages directory inside a virtualenv CLI Example:</p><p> salt '*' virtualenv.get_site_packages /path/to/my/venv</p><p>22.16.218 salt.modules.win_autoruns</p><p>Module for listing programs that automatically run on startup (very alpha…not tested on anything but my Win 7x64) salt.modules.win_autoruns.list_() Get a list of automatically running programs CLI Example:</p><p> salt '*' autoruns.list</p><p>22.16.219 salt.modules.win_disk</p><p>Module for gathering disk information on Windows depends • win32api Python module</p><p>868 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.win_disk.usage() Return usage information for volumes mounted on this minion CLI Example:</p><p> salt '*' disk.usage</p><p>22.16.220 salt.modules.win_dns_client</p><p>Module for conﬁguring DNS Client on Windows systems salt.modules.win_dns_client.add_dns(ip, interface='Local Area Connection', index=1) Add the DNS server to the network interface (index starts from 1) Note: if the interface DNS is conﬁgured by DHCP, all the DNS servers will be removed from the interface and the requested DNS will be the only one CLI Example:</p><p> salt '*' win_dns_client.add_dns <ip> <interface> <index> salt.modules.win_dns_client.dns_dhcp(interface='Local Area Connection') Conﬁgure the interface to get its DNS servers from the DHCP server CLI Example:</index></interface></ip></p><p> salt '*' win_dns_client.dns_dhcp <interface> salt.modules.win_dns_client.get_dns_config(interface='Local Area Connection') Get the type of DNS conﬁguration (dhcp / static) CLI Example:</interface></p><p> salt '*' win_dns_client.get_dns_config 'Local Area Connection' salt.modules.win_dns_client.get_dns_servers(interface='Local Area Connection') Return a list of the conﬁgured DNS servers of the speciﬁed interface CLI Example:</p><p> salt '*' win_dns_client.get_dns_servers 'Local Area Connection' salt.modules.win_dns_client.rm_dns(ip, interface='Local Area Connection') Remove the DNS server from the network interface CLI Example:</p><p> salt '*' win_dns_client.rm_dns <ip> <interface></interface></ip></p><p>22.16.221 salt.modules.win_file</p><p>Manage information about ﬁles on the minion, set/read user, group data depends • win32api • win32ﬁle • win32security</p><p>22.16. Full list of builtin execution modules 869 Salt Documentation, Release 2014.7.6 salt.modules.win_file.chgrp(path, group) Change the group of a ﬁle Under Windows, this will do nothing. While a ﬁle in Windows does have a `primary group', this rarely used aribute generally has no bearing on permissions unless intentionally conﬁgured and is only used to support Unix compatibility features (e.g. Services For Unix, NFS services). Salt, therefore, remaps this function to do nothing while still being compatible with Unix behavior. When managing Windows systems, this function is superﬂuous and will generate an info level log entry if used directly. If you do actually want to set the `primary group' of a ﬁle, use ﬁle .chpgrp. CLI Example:</p><p> salt '*' file.chpgrp c:\temp\test.txt administrators salt.modules.win_file.chown(path, user, group=None, pgroup=None, follow_symlinks=True) Chown a ﬁle, pass the ﬁle the desired user and group Under Windows, the group parameter will be ignored. is is because while ﬁles in Windows do have a `primary group' property, this is rarely used. It generally has no bearing on permissions unless intentionally conﬁgured and is most commonly used to provide Unix compatibility (e.g. Services For Unix, NFS services). If you do want to change the `primary group' property and understand the implications, pass the Windows only parameter, pgroup, instead. To set the primary group to `None', it must be speciﬁed in quotes. Otherwise Salt will interpret it as the Python value of None and no primary group changes will occur. See the example below. CLI Example:</p><p> salt '*' file.chown c:\temp\test.txt myusername salt '*' file.chown c:\temp\test.txt myusername pgroup=Administrators salt '*' file.chown c:\temp\test.txt myusername "pgroup='None'" salt.modules.win_file.chpgrp(path, group) Change the group of a ﬁle Under Windows, this will set the rarely used primary group of a ﬁle. is generally has no bearing on permis- sions unless intentionally conﬁgured and is most commonly used to provide Unix compatibility (e.g. Services For Unix, NFS services). Ensure you know what you are doing before using this function. To set the primary group to `None', it must be speciﬁed in quotes. Otherwise Salt will interpret it as the Python value of None and no primary group changes will occur. See the example below. CLI Example:</p><p> salt '*' file.chpgrp c:\temp\test.txt Administrators salt '*' file.chpgrp c:\temp\test.txt "'None'" salt.modules.win_file.get_attributes(path) Return a dictionary object with the Windows ﬁle aributes for a ﬁle. CLI Example:</p><p>870 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt '*' file.get_attributes c:\temp\a.txt salt.modules.win_file.get_gid(path, follow_symlinks=True) Return the id of the group that owns a given ﬁle Under Windows, this will return the uid of the ﬁle. While a ﬁle in Windows does have a `primary group', this rarely used aribute generally has no bearing on permissions unless intentionally conﬁgured and is only used to support Unix compatibility features (e.g. Services For Unix, NFS services). Salt, therefore, remaps this function to provide functionality that somewhat resembles Unix behavior for API compatibility reasons. When managing Windows systems, this function is superﬂuous and will generate an info level log entry if used directly. If you do actually want to access the `primary group' of a ﬁle, use ﬁle.get_pgid. CLI Example:</p><p> salt '*' file.get_gid c:\temp\test.txt salt.modules.win_file.get_group(path, follow_symlinks=True) Return the group that owns a given ﬁle Under Windows, this will return the user (owner) of the ﬁle. While a ﬁle in Windows does have a `primary group', this rarely used aribute generally has no bearing on permissions unless intentionally conﬁgured and is only used to support Unix compatibility features (e.g. Services For Unix, NFS services). Salt, therefore, remaps this function to provide functionality that somewhat resembles Unix behavior for API compatibility reasons. When managing Windows systems, this function is superﬂuous and will generate an info level log entry if used directly. If you do actually want to access the `primary group' of a ﬁle, use ﬁle.get_pgroup. CLI Example:</p><p> salt '*' file.get_group c:\temp\test.txt salt.modules.win_file.get_mode(path) Return the mode of a ﬁle Right now we're just returning None because Windows' doesn't have a mode like Linux CLI Example:</p><p> salt '*' file.get_mode /etc/passwd salt.modules.win_file.get_pgid(path, follow_symlinks=True) Return the id of the primary group that owns a given ﬁle (Windows only) is function will return the rarely used primary group of a ﬁle. is generally has no bearing on permissions unless intentionally conﬁgured and is most commonly used to provide Unix compatibility (e.g. Services For Unix, NFS services). Ensure you know what you are doing before using this function. CLI Example:</p><p> salt '*' file.get_pgid c:\temp\test.txt</p><p>22.16. Full list of builtin execution modules 871 Salt Documentation, Release 2014.7.6 salt.modules.win_file.get_pgroup(path, follow_symlinks=True) Return the name of the primary group that owns a given ﬁle (Windows only) is function will return the rarely used primary group of a ﬁle. is generally has no bearing on permissions unless intentionally conﬁgured and is most commonly used to provide Unix compatibility (e.g. Services For Unix, NFS services). Ensure you know what you are doing before using this function. e return value may be `None', e.g. if the user is not on a domain. is is a valid group - do not confuse this with the Salt/Python value of None which means no value was returned. To be certain, use the get_pgid function which will return the SID, including for the system `None' group. CLI Example:</p><p> salt '*' file.get_pgroup c:\temp\test.txt salt.modules.win_file.get_uid(path, follow_symlinks=True) Return the id of the user that owns a given ﬁle Symlinks are followed by default to mimic Unix behavior. Specify follow_symlinks=False to turn oﬀ this be- havior. CLI Example:</p><p> salt '*' file.get_uid c:\temp\test.txt salt '*' file.get_uid c:\temp\test.txt follow_symlinks=False salt.modules.win_file.get_user(path, follow_symlinks=True) Return the user that owns a given ﬁle Symlinks are followed by default to mimic Unix behavior. Specify follow_symlinks=False to turn oﬀ this be- havior. CLI Example:</p><p> salt '*' file.get_user c:\temp\test.txt salt '*' file.get_user c:\temp\test.txt follow_symlinks=False salt.modules.win_file.gid_to_group(gid) Convert the group id to the group name on this system Under Windows, because groups are just another ACL entity, this function behaves the same as uid_to_user. For maintaining Windows systems, this function is superﬂuous and only exists for API compatibility with Unix. Use the uid_to_user function instead; an info level log entry will be generated if this function is used directly. CLI Example:</p><p> salt '*' file.gid_to_group S-1-5-21-626487655-2533044672-482107328-1010 salt.modules.win_file.group_to_gid(group) Convert the group to the gid on this system Under Windows, because groups are just another ACL entity, this function behaves the same as user_to_uid, except if None is given, `' is returned. For maintaining Windows systems, this function is superﬂuous and only exists for API compatibility with Unix. Use the user_to_uid function instead; an info level log entry will be generated if this function is used directly. CLI Example:</p><p>872 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt '*' file.group_to_gid administrators salt.modules.win_file.is_link(path) Return the path that a symlink points to is is only supported on Windows Vista or later. Inline with Unix behavior, this function will raise an error if the path is not a symlink, however, the error raised will be a SaltInvocationError, not an OSError. CLI Example:</p><p> salt '*' file.is_link /path/to/link salt.modules.win_file.lchown(path, user, group=None, pgroup=None) Chown a ﬁle, pass the ﬁle the desired user and group without following any symlinks. Under Windows, the group parameter will be ignored. is is because while ﬁles in Windows do have a `primary group' property, this is rarely used. It generally has no bearing on permissions unless intentionally conﬁgured and is most commonly used to provide Unix compatibility (e.g. Services For Unix, NFS services). If you do want to change the `primary group' property and understand the implications, pass the Windows only parameter, pgroup, instead. To set the primary group to `None', it must be speciﬁed in quotes. Otherwise Salt will interpret it as the Python value of None and no primary group changes will occur. See the example below. CLI Example:</p><p> salt '*' file.lchown c:\temp\test.txt myusername salt '*' file.lchown c:\temp\test.txt myusername pgroup=Administrators salt '*' file.lchown c:\temp\test.txt myusername "pgroup='None'" salt.modules.win_file.readlink(path) Return the path that a symlink points to is is only supported on Windows Vista or later. Inline with Unix behavior, this function will raise an error if the path is not a symlink, however, the error raised will be a SaltInvocationError, not an OSError. CLI Example:</p><p> salt '*' file.readlink /path/to/link salt.modules.win_file.set_attributes(path, archive=None, hidden=None, normal=None, notIn- dexed=None, readonly=None, system=None, tempo- rary=None) Set ﬁle aributes for a ﬁle. Note that the normal aribute means that all others are false. So seing it will clear all others. CLI Example:</p><p> salt '*' file.set_attributes c:\temp\a.txt normal=True salt '*' file.set_attributes c:\temp\a.txt readonly=True hidden=True salt.modules.win_file.set_mode(path, mode) Set the mode of a ﬁle is just calls get_mode, which returns None because we don't use mode on Windows</p><p>22.16. Full list of builtin execution modules 873 Salt Documentation, Release 2014.7.6</p><p>CLI Example: salt '*' file.set_mode /etc/passwd 0644 salt.modules.win_file.stats(path, hash_type='md5', follow_symlinks=True) Return a dict containing the stats for a given ﬁle Under Windows, gid will equal uid and group will equal user. While a ﬁle in Windows does have a `primary group', this rarely used aribute generally has no bearing on permissions unless intentionally conﬁgured and is only used to support Unix compatibility features (e.g. Services For Unix, NFS services). Salt, therefore, remaps these properties to keep some kind of compatibility with Unix behavior. If the `primary group' is required, it can be accessed in the pgroup and pgid properties. CLI Example: salt '*' file.stats /etc/passwd salt.modules.win_file.symlink(src, link) Create a symbolic link to a ﬁle is is only supported with Windows Vista or later and must be executed by a user with the SeCreateSymbol- icLink privilege. e behavior of this function matches the Unix equivalent, with one exception - invalid symlinks cannot be created. e source path must exist. If it doesn't, an error will be raised. CLI Example: salt '*' file.symlink /path/to/file /path/to/link salt.modules.win_file.uid_to_user(uid) Convert a uid to a user name CLI Example: salt '*' file.uid_to_user S-1-5-21-626487655-2533044672-482107328-1010 salt.modules.win_file.user_to_uid(user) Convert user name to a uid CLI Example: salt '*' file.user_to_uid myusername</p><p>22.16.222 salt.modules.win_firewall</p><p>Module for conﬁguring Windows Firewall salt.modules.win_firewall.add_rule(name, localport, protocol='tcp', action='allow', dir='in') Add a new ﬁrewall rule CLI Example: salt '*' firewall.add_rule "test" "tcp" "8080" salt.modules.win_firewall.disable() Disable all the ﬁrewall proﬁles CLI Example:</p><p>874 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt '*' firewall.disable salt.modules.win_firewall.get_config() Get the status of all the ﬁrewall proﬁles CLI Example:</p><p> salt '*' firewall.get_config salt.modules.win_firewall.get_rule(name='all') Get ﬁrewall rule(s) info CLI Example:</p><p> salt '*' firewall.get_rule "MyAppPort"</p><p>22.16.223 salt.modules.win_groupadd</p><p>Manage groups on Windows salt.modules.win_groupadd.add(name, gid=None, system=False) Add the speciﬁed group CLI Example:</p><p> salt '*' group.add foo salt.modules.win_groupadd.delete(name) Remove the named group CLI Example:</p><p> salt '*' group.delete foo salt.modules.win_groupadd.getent(refresh=False) Return info on all groups CLI Example:</p><p> salt '*' group.getent salt.modules.win_groupadd.info(name) Return information about a group CLI Example:</p><p> salt '*' group.info foo</p><p>22.16.224 salt.modules.win_ip</p><p>e networking module for Windows based systems salt.modules.win_ip.disable(iface) Disable an interface CLI Example:</p><p> salt -G 'os_family:Windows' ip.disable 'Local Area Connection #2'</p><p>22.16. Full list of builtin execution modules 875 Salt Documentation, Release 2014.7.6 salt.modules.win_ip.enable(iface) Enable an interface CLI Example:</p><p> salt -G 'os_family:Windows' ip.enable 'Local Area Connection #2' salt.modules.win_ip.get_all_interfaces() Return conﬁgs for all interfaces CLI Example:</p><p> salt -G 'os_family:Windows' ip.get_all_interfaces salt.modules.win_ip.get_default_gateway() Set DNS source to DHCP on Windows CLI Example:</p><p> salt -G 'os_family:Windows' ip.get_default_gateway salt.modules.win_ip.get_interface(iface) Return the conﬁguration of a network interface CLI Example:</p><p> salt -G 'os_family:Windows' ip.get_interface 'Local Area Connection' salt.modules.win_ip.get_subnet_length(mask) Convenience function to convert the netmask to the CIDR subnet length CLI Example:</p><p> salt -G 'os_family:Windows' ip.get_subnet_length 255.255.255.0 salt.modules.win_ip.is_disabled(iface) Returns True if interface is disabled, otherwise False CLI Example:</p><p> salt -G 'os_family:Windows' ip.is_disabled 'Local Area Connection #2' salt.modules.win_ip.is_enabled(iface) Returns True if interface is enabled, otherwise False CLI Example:</p><p> salt -G 'os_family:Windows' ip.is_enabled 'Local Area Connection #2' salt.modules.win_ip.raw_interface_configs() Return raw conﬁgs for all interfaces CLI Example:</p><p> salt -G 'os_family:Windows' ip.raw_interface_configs salt.modules.win_ip.set_dhcp_all(iface) Set both IP Address and DNS to DHCP CLI Example:</p><p>876 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt -G 'os_family:Windows' ip.set_dhcp_all 'Local Area Connection' salt.modules.win_ip.set_dhcp_dns(iface) Set DNS source to DHCP on Windows CLI Example:</p><p> salt -G 'os_family:Windows' ip.set_dhcp_dns 'Local Area Connection' salt.modules.win_ip.set_dhcp_ip(iface) Set Windows NIC to get IP from DHCP CLI Example:</p><p> salt -G 'os_family:Windows' ip.set_dhcp_ip 'Local Area Connection' salt.modules.win_ip.set_static_dns(iface, *addrs) Set static DNS conﬁguration on a Windows NIC CLI Example:</p><p> salt -G 'os_family:Windows' ip.set_static_dns 'Local Area Connection' '192.168.1.1' salt -G 'os_family:Windows' ip.set_static_dns 'Local Area Connection' '192.168.1.252' '192.168.1.253' salt.modules.win_ip.set_static_ip(iface, addr, gateway=None, append=False) Set static IP conﬁguration on a Windows NIC iface e name of the interface to manage addr IP address with subnet length (ex. 10.1.2.3/24). e ip.get_subnet_length function can be used to calculate the subnet length from a netmask. gateway [None] If speciﬁed, the default gateway will be set to this value. append [False] If True, this IP address will be added to the interface. Default is False, which overrides any existing conﬁguration for the interface and sets addr as the only address on the interface. CLI Example:</p><p> salt -G 'os_family:Windows' ip.set_static_ip 'Local Area Connection' 10.1.2.3/24 gateway=10.1.2.1 salt -G 'os_family:Windows' ip.set_static_ip 'Local Area Connection' 10.1.2.4/24 append=True</p><p>22.16.225 salt.modules.win_network</p><p>Module for gathering and managing network information salt.modules.win_network.dig(host) Performs a DNS lookup with dig Note: dig must be installed on the Windows minion CLI Example:</p><p> salt '*' network.dig archlinux.org salt.modules.win_network.hw_addr(iface) Return the hardware address (a.k.a. MAC address) for a given interface CLI Example:</p><p>22.16. Full list of builtin execution modules 877 Salt Documentation, Release 2014.7.6</p><p> salt '*' network.hw_addr 'Wireless Connection #1' salt.modules.win_network.hwaddr(iface) Return the hardware address (a.k.a. MAC address) for a given interface CLI Example:</p><p> salt '*' network.hw_addr 'Wireless Connection #1' salt.modules.win_network.in_subnet(cidr) Returns True if host is within speciﬁed subnet, otherwise False CLI Example:</p><p> salt '*' network.in_subnet 10.0.0.0/16 salt.modules.win_network.interfaces() Return a dictionary of information about all the interfaces on the minion CLI Example:</p><p> salt '*' network.interfaces salt.modules.win_network.interfaces_names() Return a list of all the interfaces names CLI Example:</p><p> salt '*' network.interfaces_names salt.modules.win_network.ip_addrs(interface=None, include_loopback=False) Returns a list of IPv4 addresses assigned to the host. 127.0.0.1 is ignored, unless `include_loopback=True' is indicated. If `interface' is provided, then only IP addresses from that interface will be returned. CLI Example:</p><p> salt '*' network.ip_addrs salt.modules.win_network.ip_addrs6(interface=None, include_loopback=False) Returns a list of IPv6 addresses assigned to the host. ::1 is ignored, unless `include_loopback=True' is indicated. If `interface' is provided, then only IP addresses from that interface will be returned. CLI Example:</p><p> salt '*' network.ip_addrs6 salt.modules.win_network.ipaddrs(interface=None, include_loopback=False) Returns a list of IPv4 addresses assigned to the host. 127.0.0.1 is ignored, unless `include_loopback=True' is indicated. If `interface' is provided, then only IP addresses from that interface will be returned. CLI Example:</p><p> salt '*' network.ip_addrs salt.modules.win_network.ipaddrs6(interface=None, include_loopback=False) Returns a list of IPv6 addresses assigned to the host. ::1 is ignored, unless `include_loopback=True' is indicated. If `interface' is provided, then only IP addresses from that interface will be returned. CLI Example:</p><p> salt '*' network.ip_addrs6</p><p>878 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.win_network.netstat() Return information on open ports and states CLI Example:</p><p> salt '*' network.netstat salt.modules.win_network.nslookup(host) ery DNS for information about a domain or ip address CLI Example:</p><p> salt '*' network.nslookup archlinux.org salt.modules.win_network.ping(host) Performs a ping to a host CLI Example:</p><p> salt '*' network.ping archlinux.org salt.modules.win_network.subnets() Returns a list of subnets to which the host belongs CLI Example:</p><p> salt '*' network.subnets salt.modules.win_network.traceroute(host) Performs a traceroute to a 3rd party host CLI Example:</p><p> salt '*' network.traceroute archlinux.org</p><p>22.16.226 salt.modules.win_ntp</p><p>Management of NTP servers on Windows New in version 2014.1.0. salt.modules.win_ntp.get_servers() Get list of conﬁgured NTP servers CLI Example:</p><p> salt '*' ntp.get_servers salt.modules.win_ntp.set_servers(*servers) Set Windows to use a list of NTP servers CLI Example:</p><p> salt '*' ntp.set_servers 'pool.ntp.org' 'us.pool.ntp.org'</p><p>22.16.227 salt.modules.win_path</p><p>Manage the Windows System PATH</p><p>22.16. Full list of builtin execution modules 879 Salt Documentation, Release 2014.7.6</p><p>Note that not all Windows applications will rehash the PATH environment variable, Only the ones that listen to the WM_SETTINGCHANGE message hp://support.microso.com/kb/104011 salt.modules.win_path.add(path, index=0) Add the directory to the SYSTEM path in the index location CLI Example:</p><p># Will add to the beginning of the path salt '*' win_path.add 'c:\python27' 0</p><p># Will add to the end of the path salt '*' win_path.add 'c:\python27' index='-1' salt.modules.win_path.exists(path) Check if the directory is conﬁgured in the SYSTEM path Case-insensitive and ignores trailing backslash CLI Example:</p><p> salt '*' win_path.exists 'c:\python27' salt '*' win_path.exists 'c:\python27\' salt '*' win_path.exists 'C:\pyThon27' salt.modules.win_path.get_path() Returns the system path salt.modules.win_path.rehash() Send a WM_SETTINGCHANGE Broadcast to Windows to rehash the Environment variables salt.modules.win_path.remove(path) Remove the directory from the SYSTEM path</p><p>22.16.228 salt.modules.win_pkg</p><p>A module to manage soware on Windows depends • win32com • win32con • win32api • pywintypes salt.modules.win_pkg.get_repo_data(saltenv='base') Returns the cached winrepo data CLI Example:</p><p> salt '*' pkg.get_repo_data salt.modules.win_pkg.install(name=None, refresh=False, pkgs=None, saltenv='base', **kwargs) Install the passed package Return a dict containing the new package names and versions:</p><p>{'<package>':{'old': '<old-version>', 'new': '<new-version>'}}</new-version></old-version></package></p><p>CLI Example:</p><p>880 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt '*' pkg.install <package name=""> salt.modules.win_pkg.latest_version(*names, **kwargs) Return the latest version of the named package available for upgrade or installation. If more than one package name is speciﬁed, a dict of name/version pairs is returned. If the latest version of a given package is already installed, an empty string will be returned for that package. CLI Example:</package></p><p> salt '*' pkg.latest_version <package name=""> salt '*' pkg.latest_version <package1> <package2> <package3> ... salt.modules.win_pkg.list_available(*names) Return a list of available versions of the speciﬁed package. CLI Example:</package3></package2></package1></package></p><p> salt '*' pkg.list_available <package name=""> salt '*' pkg.list_available <package name01=""> <package name02=""> salt.modules.win_pkg.list_pkgs(versions_as_list=False, **kwargs) List the packages currently installed in a dict:</package></package></package></p><p>{'<package_name>': '<version>'}</version></package_name></p><p>CLI Example:</p><p> salt '*' pkg.list_pkgs salt '*' pkg.list_pkgs versions_as_list=True salt.modules.win_pkg.list_upgrades(refresh=True) List all available package upgrades on this system CLI Example:</p><p> salt '*' pkg.list_upgrades salt.modules.win_pkg.purge(name=None, pkgs=None, version=None, **kwargs) Package purges are not supported, this function is identical to remove(). name e name of the package to be deleted. version e version of the package to be deleted. If this option is used in combination with the pkgs option below, then this version will be applied to all targeted packages. Multiple Package Options: pkgs A list of packages to delete. Must be passed as a python list. e name parameter will be ignored if this option is passed. New in version 0.16.0. Returns a dict containing the changes. CLI Example:</p><p> salt '*' pkg.purge <package name=""> salt '*' pkg.purge <package1>,<package2>,<package3> salt '*' pkg.purge pkgs='["foo", "bar"]'</package3></package2></package1></package></p><p>22.16. Full list of builtin execution modules 881 Salt Documentation, Release 2014.7.6 salt.modules.win_pkg.refresh_db(saltenv='base') Just recheck the repository and return a dict:</p><p>{'<database name="">': Bool}</database></p><p>CLI Example:</p><p> salt '*' pkg.refresh_db salt.modules.win_pkg.remove(name=None, pkgs=None, version=None, extra_uninstall_ﬂags=None, **kwargs) Remove packages. name e name of the package to be deleted. version e version of the package to be deleted. If this option is used in combination with the pkgs option below, then this version will be applied to all targeted packages. Multiple Package Options: pkgs A list of packages to delete. Must be passed as a python list. e name parameter will be ignored if this option is passed. New in version 0.16.0. Returns a dict containing the changes. CLI Example:</p><p> salt '*' pkg.remove <package name=""> salt '*' pkg.remove <package1>,<package2>,<package3> salt '*' pkg.remove pkgs='["foo", "bar"]' salt.modules.win_pkg.upgrade(refresh=True) Run a full system upgrade Return a dict containing the new package names and versions:</package3></package2></package1></package></p><p>{'<package>':{'old': '<old-version>', 'new': '<new-version>'}}</new-version></old-version></package></p><p>CLI Example:</p><p> salt '*' pkg.upgrade salt.modules.win_pkg.upgrade_available(name) Check whether or not an upgrade is available for a given package CLI Example:</p><p> salt '*' pkg.upgrade_available <package name=""> salt.modules.win_pkg.version(*names, **kwargs) Returns a version if the package is installed, else returns an empty string CLI Example:</package></p><p> salt '*' pkg.version <package name=""></package></p><p>22.16.229 salt.modules.win_repo</p><p>Module to manage Windows soware repo on a Standalone Minion</p><p>882 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>e following options must be set in the Minion conﬁg: ﬁle_client: local win_repo_cacheﬁle: c:saltﬁle_rootswinrepowinrepo.p win_repo: c:saltﬁle_rootswinrepo Place all Windows package ﬁles in the `win_repo' directory. salt.modules.win_repo.genrepo() Generate win_repo_cacheﬁle based on sls ﬁles in the win_repo CLI Example:</p><p> salt-call winrepo.genrepo -c c:\salt\conf</p><p> salt.modules.win_repo.update_git_repos() Checkout git repos containing Windows Soware Package Deﬁnitions</p><p>Note: is function will not work unless git is installed and the git module is further updated to work on Windows. In the meantime just place all Windows package ﬁles in the win_repo directory.</p><p>22.16.230 salt.modules.win_servermanager</p><p>Manage Windows features via the ServerManager powershell module salt.modules.win_servermanager.install(feature, recurse=False) Install a feature Note: Some features requires reboot aer un/installation, if so until the server is restarted Other features can not be installed ! Note: Some features takes a long time to complete un/installation, set -t with a long timeout CLI Example:</p><p> salt '*' win_servermanager.install Telnet-Client salt '*' win_servermanager.install SNMP-Services True</p><p> salt.modules.win_servermanager.list_available() List available features to install CLI Example:</p><p> salt '*' win_servermanager.list_available</p><p> salt.modules.win_servermanager.list_installed() List installed features CLI Example:</p><p> salt '*' win_servermanager.list_installed</p><p> salt.modules.win_servermanager.remove(feature) Remove an installed feature</p><p>Note: Some features require a reboot aer installation/uninstallation. If one of these features are modiﬁed, then other features cannot be installed until the server is restarted. Additionally, some features take a while to complete installation/uninstallation, so it is a good idea to use the -t option to set a longer timeout.</p><p>CLI Example:</p><p>22.16. Full list of builtin execution modules 883 Salt Documentation, Release 2014.7.6</p><p> salt -t 600 '*' win_servermanager.remove Telnet-Client</p><p>22.16.231 salt.modules.win_service</p><p>Windows Service module. salt.modules.win_service.available(name) Returns True if the speciﬁed service is available, otherwise returns False. CLI Example:</p><p> salt '*' service.available <service name=""> salt.modules.win_service.create_win_salt_restart_task() Create a task in Windows task scheduler to enable restarting the salt-minion CLI Example:</service></p><p> salt '*' service.create_win_salt_restart_task() salt.modules.win_service.disable(name, **kwargs) Disable the named service to start at boot CLI Example:</p><p> salt '*' service.disable <service name=""> salt.modules.win_service.disabled(name) Check to see if the named service is disabled to start on boot CLI Example:</service></p><p> salt '*' service.disabled <service name=""> salt.modules.win_service.enable(name, **kwargs) Enable the named service to start at boot CLI Example:</service></p><p> salt '*' service.enable <service name=""> salt.modules.win_service.enabled(name) Check to see if the named service is enabled to start on boot CLI Example:</service></p><p> salt '*' service.enabled <service name=""> salt.modules.win_service.execute_salt_restart_task() Run the Windows Salt restart task CLI Example:</service></p><p> salt '*' service.execute_salt_restart_task() salt.modules.win_service.get_all() Return all installed services CLI Example:</p><p>884 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt '*' service.get_all salt.modules.win_service.get_disabled() Return the disabled services CLI Example:</p><p> salt '*' service.get_disabled salt.modules.win_service.get_enabled() Return the enabled services CLI Example:</p><p> salt '*' service.get_enabled salt.modules.win_service.get_service_name(*args) e Display Name is what is displayed in Windows when services.msc is executed. Each Display Name has an associated Service Name which is the actual name of the service. is function allows you to discover the Service Name by returning a dictionary of Display Names and Service Names, or ﬁlter by adding arguments of Display Names. If no args are passed, return a dict of all services where the keys are the service Display Names and the values are the Service Names. If arguments are passed, create a dict of Display Names and Service Names CLI Example:</p><p> salt '*' service.get_service_name salt '*' service.get_service_name 'Google Update Service (gupdate)' 'DHCP Client' salt.modules.win_service.getsid(name) Return the sid for this windows service CLI Example:</p><p> salt '*' service.getsid <service name=""> salt.modules.win_service.has_powershell() Conﬁrm if Powershell is available CLI Example:</service></p><p> salt '*' service.has_powershell salt.modules.win_service.missing(name) e inverse of service.available. Returns True if the speciﬁed service is not available, otherwise returns False. CLI Example:</p><p> salt '*' service.missing <service name=""> salt.modules.win_service.restart(name) Restart the named service CLI Example:</service></p><p> salt '*' service.restart <service name=""></service></p><p>22.16. Full list of builtin execution modules 885 Salt Documentation, Release 2014.7.6 salt.modules.win_service.start(name) Start the speciﬁed service CLI Example:</p><p> salt '*' service.start <service name=""> salt.modules.win_service.status(name, sig=None) Return the status for a service, returns the PID or an empty string if the service is running or not, pass a signature to use to ﬁnd the service via ps CLI Example:</service></p><p> salt '*' service.status <service name=""> [service signature] salt.modules.win_service.stop(name) Stop the speciﬁed service CLI Example:</service></p><p> salt '*' service.stop <service name=""></service></p><p>22.16.232 salt.modules.win_shadow</p><p>Manage the shadow ﬁle salt.modules.win_shadow.info(name) Return information for the speciﬁed user is is just returns dummy data so that salt states can work. CLI Example:</p><p> salt '*' shadow.info root salt.modules.win_shadow.set_password(name, password) Set the password for a named user. CLI Example:</p><p> salt '*' shadow.set_password root mysecretpassword</p><p>22.16.233 salt.modules.win_status</p><p>Module for returning various status data about a minion. ese data can be useful for compiling into stats later. depends • pythoncom • wmi salt.modules.win_status.master(master=None, connected=True) Fire an event if the minion gets disconnected from its master. is function is meant to be run via a scheduled job from the minion. If master_ip is an FQDN/Hostname, is must be resolvable to a valid IPv4 address. CLI Example:</p><p> salt '*' status.master</p><p>886 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.win_status.procs() Return the process data CLI Example:</p><p> salt '*' status.procs</p><p>22.16.234 salt.modules.win_system</p><p>Support for reboot, shutdown, etc salt.modules.win_system.get_computer_desc() Get the Windows computer description CLI Example:</p><p> salt 'minion-id' system.get_computer_desc salt.modules.win_system.get_computer_name() Get the Windows computer name CLI Example:</p><p> salt 'minion-id' system.get_computer_name salt.modules.win_system.get_pending_computer_name() Get a pending computer name. If the computer name has been changed, and the change is pending a system reboot, this function will return the pending computer name. Otherwise, None will be returned. If there was an error retrieving the pending computer name, False will be returned, and an error message will be logged to the minion log. CLI Example:</p><p> salt 'minion-id' system.get_pending_computer_name salt.modules.win_system.get_system_date() Get the Windows system date CLI Example:</p><p> salt '*' system.get_system_date salt.modules.win_system.get_system_time() Get the Windows system time CLI Example:</p><p> salt '*' system.get_system_time salt.modules.win_system.halt(timeout=5) Halt a running system CLI Example:</p><p> salt '*' system.halt salt.modules.win_system.init(runlevel) Change the system runlevel on sysV compatible systems CLI Example:</p><p>22.16. Full list of builtin execution modules 887 Salt Documentation, Release 2014.7.6</p><p> salt '*' system.init 3 salt.modules.win_system.join_domain(domain=None, username=None, password=None, ac- count_ou=None, account_exists=False) Join a computer to an Active Directory domain domain e domain to which the computer should be joined, e.g. my-company.com username Username of an account which is authorized to join computers to the speciﬁed domain. Need to be either fully qualiﬁed like user@domain.tld or simply user password Password of the speciﬁed user account_ou [None] e DN of the OU below which the account for this computer should be created when joining the domain, e.g. ou=computers,ou=departm_432,dc=my-company,dc=com account_exists [False] Needs to be set to True to allow re-using an existing account CLI Example:</p><p> salt 'minion-id' system.join_domain domain='domain.tld' \ username='joinuser' password='joinpassword' \ account_ou='ou=clients,ou=org,dc=domain,dc=tld' \ account_exists=False salt.modules.win_system.poweroff(timeout=5) Poweroﬀ a running system CLI Example:</p><p> salt '*' system.poweroff salt.modules.win_system.reboot(timeout=5) Reboot the system CLI Example:</p><p> salt '*' system.reboot salt.modules.win_system.set_computer_desc(desc) Set the Windows computer description CLI Example:</p><p> salt 'minion-id' system.set_computer_desc 'This computer belongs to Dave!' salt.modules.win_system.set_computer_name(name) Set the Windows computer name CLI Example:</p><p> salt 'minion-id' system.set_computer_name 'DavesComputer' salt.modules.win_system.set_system_date(newdate) Set the Windows system date. Use <mm-dd-yy> format for the date. CLI Example:</mm-dd-yy></p><p> salt '*' system.set_system_date '03-28-13' salt.modules.win_system.set_system_time(newtime) Set the Windows system time</p><p>888 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>CLI Example:</p><p> salt '*' system.set_system_time '11:31:15 AM' salt.modules.win_system.shutdown(timeout=5) Shutdown a running system CLI Example:</p><p> salt '*' system.shutdown salt.modules.win_system.shutdown_hard() Shutdown a running system with no timeout or warning CLI Example:</p><p> salt '*' system.shutdown_hard salt.modules.win_system.start_time_service() Start the Windows time service CLI Example:</p><p> salt '*' system.start_time_service salt.modules.win_system.stop_time_service() Stop the Windows time service CLI Example:</p><p> salt '*' system.stop_time_service</p><p>22.16.235 salt.modules.win_timezone</p><p>Module for managing timezone on Windows systems. salt.modules.win_timezone.get_hwclock() Get current hardware clock seing (UTC or localtime) CLI Example:</p><p> salt '*' timezone.get_hwclock salt.modules.win_timezone.get_offset() Get current numeric timezone oﬀset from UCT (i.e. -0700) CLI Example:</p><p> salt '*' timezone.get_offset salt.modules.win_timezone.get_zone() Get current timezone (i.e. America/Denver) CLI Example:</p><p> salt '*' timezone.get_zone salt.modules.win_timezone.get_zonecode() Get current timezone (i.e. PST, MDT, etc) CLI Example:</p><p>22.16. Full list of builtin execution modules 889 Salt Documentation, Release 2014.7.6</p><p> salt '*' timezone.get_zonecode salt.modules.win_timezone.set_hwclock(clock) Sets the hardware clock to be either UTC or localtime CLI Example:</p><p> salt '*' timezone.set_hwclock UTC salt.modules.win_timezone.set_zone(timezone) Unlinks, then symlinks /etc/localtime to the set timezone. e timezone is crucial to several system processes, each of which SHOULD be restarted (for instance, whatever you system uses as its cron and syslog daemons). is will not be magically done for you! CLI Example:</p><p> salt '*' timezone.set_zone 'America/Denver' salt.modules.win_timezone.zone_compare(timezone) Checks the md5sum between the given timezone, and the one set in /etc/localtime. Returns True if they match, and False if not. Mostly useful for running state checks. Example:</p><p> salt '*' timezone.zone_compare 'America/Denver'</p><p>22.16.236 salt.modules.win_update</p><p>Module for running windows updates. depends • win32com • win32con • win32api • pywintypes New in version 2014.7.0. class salt.modules.win_update.PyWinUpdater(categories=None, skipUI=True, skip- Downloaded=False, skipInstalled=True, skipReboot=False, skipPresent=False, soware- Updates=True, driverUpdates=False, skipHid- den=True)</p><p>AutoSearch() this function generates a search string. simplifying the search function while still providing as many features as possible. Download() GetAvailableCategories() GetCategories() GetDownloadResults()</p><p>890 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>GetInstallationResults() this gets results of installation process. GetInstallationResultsPretty() converts the installation results into a prey print. GetSearchResults() GetSearchResultsPretty() Install() Search(searchString) SetCategories(categories) SetInclude(include, state) SetIncludes(includes) salt.modules.win_update.download_updates(includes=None, retries=5, categories=None) Downloads all available updates, skipping those that require user interaction. Various aspects of the updates can be included or excluded. this feature is still in development. retries Number of retries to make before giving up. is is total, not per step. categories Specify the categories to update. Must be passed as a list.</p><p> salt '*' win_update.download_updates categories="['Updates']"</p><p>Categories include the following: • Updates • Windows 7 • Critical Updates • Security Updates • Update Rollups CLI Examples:</p><p># Normal Usage salt '*' win_update.download_updates</p><p># Download critical updates only salt '*' win_update.download_updates categories="['Critical Updates']" salt.modules.win_update.install_updates(includes=None, retries=5, categories=None) Downloads and installs all available updates, skipping those that require user interaction. various aspects of the updates can be included or excluded. this feature is still in development. retries Number of retries to make before giving up. is is total, not per step. categories Specify the categories to install. Must be passed as a list.</p><p> salt '*' win_update.install_updates categories="['Updates']"</p><p>Categories include the following: • Updates • Windows 7</p><p>22.16. Full list of builtin execution modules 891 Salt Documentation, Release 2014.7.6</p><p>• Critical Updates • Security Updates • Update Rollups CLI Examples:</p><p># Normal Usage salt '*' win_update.install_updates</p><p># Install all critical updates salt '*' win_update.install_updates categories="['Critical Updates']" salt.modules.win_update.list_updates(verbose=False, includes=None, retries=5, cate- gories=None) Returns a summary of available updates, grouped into their non-mutually exclusive categories. verbose Print results in greater detail retries Number of retries to make before giving up. is is total, not per step. categories Specify the categories to list. Must be passed as a list.</p><p> salt '*' win_update.list_updates categories="['Updates']"</p><p>Categories include the following: • Updates • Windows 7 • Critical Updates • Security Updates • Update Rollups CLI Examples:</p><p># Normal Usage salt '*' win_update.list_updates</p><p># List all critical updates list in verbose detail salt '*' win_update.list_updates categories=['Critical Updates'] verbose=True</p><p>22.16.237 salt.modules.win_useradd</p><p>Manage Windows users with the net user command NOTE: is currently only works with local user accounts, not domain accounts salt.modules.win_useradd.add(name, password=None, uid=None, gid=None, groups=None, home=False, shell=None, unique=False, system=False, full- name=False, roomnumber=False, workphone=False, home- phone=False, createhome=False) Add a user to the minion CLI Example:</p><p> salt '*' user.add name password</p><p>892 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.win_useradd.addgroup(name, group) Add user to a group CLI Example:</p><p> salt '*' user.addgroup username groupname salt.modules.win_useradd.chfullname(name, fullname) Change the full name of the user CLI Example:</p><p> salt '*' user.chfullname user 'First Last' salt.modules.win_useradd.chgroups(name, groups, append=False) Change the groups this user belongs to, add append to append the speciﬁed groups CLI Example:</p><p> salt '*' user.chgroups foo wheel,root True salt.modules.win_useradd.chhome(name, home) Change the home directory of the user CLI Example:</p><p> salt '*' user.chhome foo \\fileserver\home\foo salt.modules.win_useradd.chprofile(name, proﬁle) Change the proﬁle directory of the user CLI Example:</p><p> salt '*' user.chprofile foo \\fileserver\profiles\foo salt.modules.win_useradd.delete(name, purge=False, force=False) Remove a user from the minion NOTE: purge and force have not been implemented on Windows yet CLI Example:</p><p> salt '*' user.delete name salt.modules.win_useradd.getent(refresh=False) Return the list of all info for all users CLI Example:</p><p> salt '*' user.getent salt.modules.win_useradd.info(name) Return user information CLI Example:</p><p> salt '*' user.info root salt.modules.win_useradd.list_groups(name) Return a list of groups the named user belongs to CLI Example:</p><p> salt '*' user.list_groups foo</p><p>22.16. Full list of builtin execution modules 893 Salt Documentation, Release 2014.7.6 salt.modules.win_useradd.list_users() Return a list of users on Windows salt.modules.win_useradd.removegroup(name, group) Remove user from a group CLI Example:</p><p> salt '*' user.removegroup username groupname salt.modules.win_useradd.setpassword(name, password) Set a user's password CLI Example:</p><p> salt '*' user.setpassword name password</p><p>22.16.238 salt.modules.xapi</p><p>is module (mostly) uses the XenAPI to manage Xen virtual machines. Big fat warning: the XenAPI used in this ﬁle is the one bundled with Xen Source, NOT XenServer nor Xen Cloud Platform. As a maer of fact it will fail under those platforms. From what I've read, lile work is needed to adapt this code to XS/XCP, mostly playing with XenAPI version, but as XCP is not taking precedence on Xen Source on many platforms, please keep compatibility in mind. Useful documentation: . hp://downloads.xen.org/Wiki/XenAPI/xenapi-1.0.6.pdf . hp://docs.vmd.citrix.com/XenServer/6.0.0/1.0/en_gb/api/ . hps://github.com/xapi-project/xen-api/tree/master/scripts/examples/python . hp://xenbits.xen.org/gitweb/?p=xen.git;a=tree;f=tools/python/xen/xm;hb=HEAD salt.modules.xapi.create(conﬁg_) Start a deﬁned domain CLI Example:</p><p> salt '*' virt.create <path cfg="" file="" to="" xen=""> salt.modules.xapi.destroy(vm_) Hard power down the virtual machine, this is equivalent to pulling the power CLI Example:</path></p><p> salt '*' virt.destroy <vm name=""> salt.modules.xapi.freecpu() Return an int representing the number of unallocated cpus on this hypervisor CLI Example:</vm></p><p> salt '*' virt.freecpu salt.modules.xapi.freemem() Return an int representing the amount of memory that has not been given to virtual machines on this node CLI Example:</p><p> salt '*' virt.freemem</p><p>894 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.xapi.full_info() Return the node_info, vm_info and freemem CLI Example:</p><p> salt '*' virt.full_info salt.modules.xapi.get_disks(vm_) Return the disks of a named vm CLI Example:</p><p> salt '*' virt.get_disks <vm name=""> salt.modules.xapi.get_macs(vm_) Return a list oﬀ MAC addresses from the named vm CLI Example:</vm></p><p> salt '*' virt.get_macs <vm name=""> salt.modules.xapi.get_nics(vm_) Return info about the network interfaces of a named vm CLI Example:</vm></p><p> salt '*' virt.get_nics <vm name=""> salt.modules.xapi.is_hyper() Returns a bool whether or not this node is a hypervisor of any kind CLI Example:</vm></p><p> salt '*' virt.is_hyper salt.modules.xapi.list_vms() Return a list of virtual machine names on the minion CLI Example:</p><p> salt '*' virt.list_vms salt.modules.xapi.migrate(vm_, target, live=1, port=0, node=-1, ssl=None, change_home_server=0) Migrates the virtual machine to another hypervisor CLI Example:</p><p> salt '*' virt.migrate <vm name=""> <target hypervisor=""> [live] [port] [node] [ssl] [change_home_server]</target></vm></p><p>Optional values: live Use live migration port Use a speciﬁed port node Use speciﬁed NUMA node on target ssl use ssl connection for migration ange_home_server change home server for managed domains salt.modules.xapi.node_info() Return a dict with information about this node CLI Example:</p><p>22.16. Full list of builtin execution modules 895 Salt Documentation, Release 2014.7.6</p><p> salt '*' virt.node_info salt.modules.xapi.pause(vm_) Pause the named vm CLI Example:</p><p> salt '*' virt.pause <vm name=""> salt.modules.xapi.reboot(vm_) Reboot a domain via ACPI request CLI Example:</vm></p><p> salt '*' virt.reboot <vm name=""> salt.modules.xapi.reset(vm_) Reset a VM by emulating the reset buon on a physical machine CLI Example:</vm></p><p> salt '*' virt.reset <vm name=""> salt.modules.xapi.resume(vm_) Resume the named vm CLI Example:</vm></p><p> salt '*' virt.resume <vm name=""> salt.modules.xapi.setmem(vm_, memory) Changes the amount of memory allocated to VM. Memory is to be speciﬁed in MB CLI Example:</vm></p><p> salt '*' virt.setmem myvm 768 salt.modules.xapi.setvcpus(vm_, vcpus) Changes the amount of vcpus allocated to VM. vcpus is an int representing the number to be assigned CLI Example:</p><p> salt '*' virt.setvcpus myvm 2 salt.modules.xapi.shutdown(vm_) Send a so shutdown signal to the named vm CLI Example:</p><p> salt '*' virt.shutdown <vm name=""> salt.modules.xapi.start(conﬁg_) Alias for the obscurely named `create' function CLI Example:</vm></p><p> salt '*' virt.start <path cfg="" file="" to="" xen=""></path></p><p>896 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.xapi.vcpu_pin(vm_, vcpu, cpus) Set which CPUs a VCPU can use. CLI Example:</p><p> salt 'foo' virt.vcpu_pin domU-id 2 1 salt 'foo' virt.vcpu_pin domU-id 2 2-6 salt.modules.xapi.vm_cputime(vm_=None) Return cputime used by the vms on this hyper in a list of dicts:</p><p>[ 'your-vm':{ 'cputime' <int> 'cputime_percent' <int> }, ... ]</int></int></p><p>If you pass a VM name in as an argument then it will return info for just the named VM, otherwise it will return all VMs. CLI Example:</p><p> salt '*' virt.vm_cputime salt.modules.xapi.vm_diskstats(vm_=None) Return disk usage counters used by the vms on this hyper in a list of dicts:</p><p>[ 'your-vm':{ 'io_read_kbs' : 0, 'io_write_kbs' : 0 }, ... ]</p><p>If you pass a VM name in as an argument then it will return info for just the named VM, otherwise it will return all VMs. CLI Example:</p><p> salt '*' virt.vm_diskstats salt.modules.xapi.vm_info(vm_=None) Return detailed information about the vms. If you pass a VM name in as an argument then it will return info for just the named VM, otherwise it will return all VMs. CLI Example:</p><p> salt '*' virt.vm_info salt.modules.xapi.vm_netstats(vm_=None) Return combined network counters used by the vms on this hyper in a list of dicts:</p><p>[ 'your-vm':{ 'io_read_kbs' : 0, 'io_total_read_kbs' : 0,</p><p>22.16. Full list of builtin execution modules 897 Salt Documentation, Release 2014.7.6</p><p>'io_total_write_kbs' : 0, 'io_write_kbs' : 0 }, ... ]</p><p>If you pass a VM name in as an argument then it will return info for just the named VM, otherwise it will return all VMs. CLI Example:</p><p> salt '*' virt.vm_netstats salt.modules.xapi.vm_state(vm_=None) Return list of all the vms and their state. If you pass a VM name in as an argument then it will return info for just the named VM, otherwise it will return all VMs. CLI Example:</p><p> salt '*' virt.vm_state <vm name=""></vm></p><p>22.16.239 salt.modules.xmpp</p><p>Module for Sending Messages via XMPP (a.k.a. Jabber) New in version 2014.1.0. depends • sleekxmpp python module conﬁguration is module can be used by either passing a jid and password directly to send_message, or by specifying the name of a conﬁguration proﬁle in the minion conﬁg, minion pillar, or master conﬁg. For example:</p><p> my-xmpp-login: xmpp.jid: myuser@jabber.example.org/resourcename xmpp.password: verybadpass</p><p>e resourcename refers to the resource that is using this account. It is user-deﬁnable, and optional. e following conﬁgurations are both valid:</p><p> my-xmpp-login: xmpp.jid: myuser@jabber.example.org/salt xmpp.password: verybadpass</p><p> my-xmpp-login: xmpp.jid: myuser@jabber.example.org xmpp.password: verybadpass class salt.modules.xmpp.SendMsgBot(jid, password, recipient, msg)</p><p> start(event)</p><p>898 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.modules.xmpp.send_msg(recipient, message, jid=None, password=None, proﬁle=None) Send a message to an XMPP recipient. Designed for use in states. CLI Examples:</p><p> xmpp.send_msg 'admins@xmpp.example.com' 'This is a salt module test' profile='my-xmpp-account' xmpp.send_msg 'admins@xmpp.example.com' 'This is a salt module test' jid='myuser@xmpp.example.com/salt' password='verybadpass'</p><p>22.16.240 salt.modules.yumpkg</p><p>Support for YUM</p><p>Note: is module makes heavy use of the repoquery utility, from the yum-utils package. is package will be installed as a dependency if salt is installed via EPEL. However, if salt has been installed using pip, or a host is being managed using salt-ssh, then as of version 2014.7.0 yum-utils will be installed automatically to satisfy this dependency. salt.modules.yumpkg.check_db(*names, **kwargs) New in version 0.17.0. Returns a dict containing the following information for each speciﬁed package: 1.A key found, which will be a boolean value denoting if a match was found in the package database. 2.If found is False, then a second key called suggestions will be present, which will contain a list of possible matches. e fromrepo, enablerepo and disablerepo arguments are supported, as used in pkg states, and the disableexcludes option is also supported. New in version 2014.7.0: Support for the disableexcludes option CLI Examples:</p><p> salt '*' pkg.check_db <package1> <package2> <package3> salt '*' pkg.check_db <package1> <package2> <package3> fromrepo=epel-testing salt '*' pkg.check_db <package1> <package2> <package3> disableexcludes=main salt.modules.yumpkg.clean_metadata(**kwargs) New in version 2014.1.0. Cleans local yum metadata. Functionally identical to refresh_db(). CLI Example:</package3></package2></package1></package3></package2></package1></package3></package2></package1></p><p> salt '*' pkg.clean_metadata salt.modules.yumpkg.del_repo(repo, basedir=None, **kwargs) Delete a repo from <basedir> (default basedir: all dirs in reposdir yum option). If the .repo ﬁle that the repo exists in does not contain any other repo conﬁguration, the ﬁle itself will be deleted. CLI Examples:</basedir></p><p> salt '*' pkg.del_repo myrepo salt '*' pkg.del_repo myrepo basedir=/path/to/dir salt '*' pkg.del_repo myrepo basedir=/path/to/dir,/path/to/another/dir</p><p>22.16. Full list of builtin execution modules 899 Salt Documentation, Release 2014.7.6 salt.modules.yumpkg.expand_repo_def(repokwargs) Take a repository deﬁnition and expand it to the full pkg repository dict that can be used for comparison. is is a helper function to make certain repo managers sane for comparison in the pkgrepo states. ere is no use to calling this function via the CLI. salt.modules.yumpkg.file_dict(*packages) New in version 2014.1.0. List the ﬁles that belong to a package, grouped by package. Not specifying any packages will return a list of every ﬁle on the system's rpm database (not generally recommended). CLI Examples:</p><p> salt '*' pkg.file_list httpd salt '*' pkg.file_list httpd postfix salt '*' pkg.file_list salt.modules.yumpkg.file_list(*packages) New in version 2014.1.0. List the ﬁles that belong to a package. Not specifying any packages will return a list of every ﬁle on the system's rpm database (not generally recommended). CLI Examples:</p><p> salt '*' pkg.file_list httpd salt '*' pkg.file_list httpd postfix salt '*' pkg.file_list salt.modules.yumpkg.get_locked_packages(paern=None, full=True) Get packages that are currently locked yum -q versionlock list. CLI Example:</p><p> salt '*' pkg.get_locked_packages salt.modules.yumpkg.get_repo(repo, basedir=None, **kwargs) Display a repo from <basedir> (default basedir: all dirs in reposdir yum option). CLI Examples:</basedir></p><p> salt '*' pkg.get_repo myrepo salt '*' pkg.get_repo myrepo basedir=/path/to/dir salt '*' pkg.get_repo myrepo basedir=/path/to/dir,/path/to/another/dir salt.modules.yumpkg.group_diff(name) New in version 2014.1.0. Lists packages belonging to a certain group, and which are installed CLI Example:</p><p> salt '*' pkg.group_diff 'Perl Support' salt.modules.yumpkg.group_info(name) New in version 2014.1.0. Lists packages belonging to a certain group CLI Example:</p><p>900 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt '*' pkg.group_info 'Perl Support' salt.modules.yumpkg.group_install(name, skip=(), include=(), **kwargs) New in version 2014.1.0. Install the passed package group(s). is is basically a wrapper around pkg.install, which performs package group resolution for the user. is function is currently considered experimental, and should be expected to undergo changes. name Package group to install. To install more than one group, either use a comma-separated list or pass the value as a python list. CLI Examples:</p><p> salt '*' pkg.group_install 'Group 1' salt '*' pkg.group_install 'Group 1,Group 2' salt '*' pkg.group_install '["Group 1", "Group 2"]'</p><p> skip e name(s), in a list, of any packages that would normally be installed by the package group (``default'' packages), which should not be installed. Can be passed either as a comma-separated list or a python list. CLI Examples:</p><p> salt '*' pkg.group_install 'My Group' skip='foo,bar' salt '*' pkg.group_install 'My Group' skip='["foo", "bar"]'</p><p> include e name(s), in a list, of any packages which are included in a group, which would not normally be installed (``optional'' packages). Note that this will not enforce group membership; if you include packages which are not members of the speciﬁed groups, they will still be installed. Can be passed either as a comma-separated list or a python list. CLI Examples:</p><p> salt '*' pkg.group_install 'My Group' include='foo,bar' salt '*' pkg.group_install 'My Group' include='["foo", "bar"]'</p><p>Note: Because this is essentially a wrapper around pkg.install, any argument which can be passed to pkg.install may also be included here, and it will be passed along wholesale. salt.modules.yumpkg.group_list() New in version 2014.1.0. Lists all groups known by yum on this system CLI Example:</p><p> salt '*' pkg.group_list salt.modules.yumpkg.hold(name=None, pkgs=None, sources=None, **kwargs) New in version 2014.7.0. Hold packages with yum -q versionlock. name e name of the package to be deleted. Multiple Package Options: pkgs A list of packages to hold. Must be passed as a python list. e name parameter will be ignored if this option is passed.</p><p>22.16. Full list of builtin execution modules 901 Salt Documentation, Release 2014.7.6</p><p>Returns a dict containing the changes. CLI Example:</p><p> salt '*' pkg.hold <package name=""> salt '*' pkg.hold pkgs='["foo", "bar"]' salt.modules.yumpkg.install(name=None, refresh=False, fromrepo=None, skip_verify=False, pkgs=None, sources=None, reinstall=False, normalize=True, **kwargs) Install the passed package(s), add refresh=True to clean the yum database before package is installed. name e name of the package to be installed. Note that this parameter is ignored if either ``pkgs'' or ``sources'' is passed. Additionally, please note that this option can only be used to install packages from a soware repository. To install a package ﬁle manually, use the ``sources'' option. 32-bit packages can be installed on 64-bit systems by appending the architecture designation (.i686, .i586, etc.) to the end of the package name. CLI Example:</package></p><p> salt '*' pkg.install <package name=""></package></p><p> refresh Whether or not to update the yum database before executing. reinstall Specifying reinstall=True will use yum reinstall rather than yum install for requested packages that are already installed. If a version is speciﬁed with the requested package, then yum reinstall will only be used if the installed version matches the requested version. Works with sources when the package header of the source can be matched to the name and version of an installed package. New in version 2014.7.0. skip_verify Skip the GPG veriﬁcation check (e.g., --nogpgcheck) version Install a speciﬁc version of the package, e.g. 1.2.3-4.el5. Ignored if ``pkgs'' or ``sources'' is passed. Repository Options: fromrepo Specify a package repository (or repositories) from which to install. (e.g., yum -- disablerepo='*' --enablerepo='somerepo') enablerepo (ignored if fromrepo is speciﬁed) Specify a disabled package repository (or repositories) to en- able. (e.g., yum --enablerepo='somerepo') disablerepo (ignored if fromrepo is speciﬁed) Specify an enabled package repository (or repositories) to disable. (e.g., yum --disablerepo='somerepo') disableexcludes Disable exclude from main, for a repo or for everything. (e.g., yum -- disableexcludes='main') New in version 2014.7.0. Multiple Package Installation Options: pkgs A list of packages to install from a soware repository. Must be passed as a python list. A speciﬁc version number can be speciﬁed by using a single-element dict representing the package and its version. CLI Examples:</p><p> salt '*' pkg.install pkgs='["foo", "bar"]' salt '*' pkg.install pkgs='["foo", {"bar": "1.2.3-4.el5"}]'</p><p>902 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> sources A list of RPM packages to install. Must be passed as a list of dicts, with the keys being package names, and the values being the source URI or local path to the package. CLI Example:</p><p> salt '*' pkg.install sources='[{"foo": "salt://foo.rpm"}, {"bar": "salt://bar.rpm"}]'</p><p> normalize Normalize the package name by removing the architecture. Default is True. is is useful for poorly created packages which might include the architecture as an actual part of the name such as kernel modules which match a speciﬁc kernel version. New in version 2014.7.0. Example:</p><p> salt -G role:nsd pkg.install gpfs.gplbin-2.6.32-279.31.1.el6.x86_64 normalize=False</p><p>Returns a dict containing the new package names and versions:</p><p>{'<package>':{'old': '<old-version>', 'new': '<new-version>'}} salt.modules.yumpkg.latest_version(*names, **kwargs) Return the latest version of the named package available for upgrade or installation. If more than one package name is speciﬁed, a dict of name/version pairs is returned. If the latest version of a given package is already installed, an empty string will be returned for that package. A speciﬁc repo can be requested using the fromrepo keyword argument, and the disableexcludes option is also supported. New in version 2014.7.0: Support for the disableexcludes option CLI Example:</new-version></old-version></package></p><p> salt '*' pkg.latest_version <package name=""> salt '*' pkg.latest_version <package name=""> fromrepo=epel-testing salt '*' pkg.latest_version <package name=""> disableexcludes=main salt '*' pkg.latest_version <package1> <package2> <package3> ... salt.modules.yumpkg.list_pkgs(versions_as_list=False, **kwargs) List the packages currently installed in a dict:</package3></package2></package1></package></package></package></p><p>{'<package_name>': '<version>'}</version></package_name></p><p>CLI Example:</p><p> salt '*' pkg.list_pkgs salt.modules.yumpkg.list_repo_pkgs(*args, **kwargs) New in version 2014.1.0. Changed in version 2014.7.0: All available versions of each package are now returned. is required a slight modiﬁcation to the structure of the return dict. e return data shown below reﬂects the updated return dict structure. Returns all available packages. Optionally, package names (and name globs) can be passed and the results will be ﬁltered to packages matching those names. is is recommended as it speeds up the function considerably. is function can be helpful in discovering the version or repo to specify in a pkg.installed state. e return data is a dictionary of repo names, with each repo containing a dictionary in which the keys are package names, and the values are a list of version numbers. Here is an example of the return data:</p><p>22.16. Full list of builtin execution modules 903 Salt Documentation, Release 2014.7.6</p><p>{ 'base':{ 'bash':['4.1.2-15.el6_4'], 'kernel':['2.6.32-431.el6'] }, 'updates':{ 'bash':['4.1.2-15.el6_5.2', '4.1.2-15.el6_5.1'], 'kernel':['2.6.32-431.29.2.el6', '2.6.32-431.23.3.el6', '2.6.32-431.20.5.el6', '2.6.32-431.20.3.el6', '2.6.32-431.17.1.el6', '2.6.32-431.11.2.el6', '2.6.32-431.5.1.el6', '2.6.32-431.3.1.el6', '2.6.32-431.1.2.0.1.el6'] } }</p><p> fromrepo [None] Only include results from the speciﬁed repo(s). Multiple repos can be speciﬁed, comma- separated.</p><p>CLI Example:</p><p> salt '*' pkg.list_repo_pkgs salt '*' pkg.list_repo_pkgs foo bar baz salt '*' pkg.list_repo_pkgs 'samba4*' fromrepo=base,updates salt.modules.yumpkg.list_repos(basedir=None) Lists all repos in <basedir> (default: all dirs in reposdir yum option). CLI Example:</basedir></p><p> salt '*' pkg.list_repos salt '*' pkg.list_repos basedir=/path/to/dir salt '*' pkg.list_repos basedir=/path/to/dir,/path/to/another/dir salt.modules.yumpkg.list_upgrades(refresh=True, **kwargs) Check whether or not an upgrade is available for all packages e fromrepo, enablerepo, and disablerepo arguments are supported, as used in pkg states, and the disableexcludes option is also supported. New in version 2014.7.0: Support for the disableexcludes option CLI Example:</p><p> salt '*' pkg.list_upgrades salt.modules.yumpkg.mod_repo(repo, basedir=None, **kwargs) Modify one or more values for a repo. If the repo does not exist, it will be created, so long as the following values are speciﬁed: repo name by which the yum refers to the repo name a human-readable name for the repo baseurl the URL for yum to reference mirrorlist the URL for yum to reference</p><p>904 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Key/Value pairs may also be removed from a repo's conﬁguration by seing a key to a blank value. Bear in mind that a name cannot be deleted, and a baseurl can only be deleted if a mirrorlist is speciﬁed (or vice versa). CLI Examples:</p><p> salt '*' pkg.mod_repo reponame enabled=1 gpgcheck=1 salt '*' pkg.mod_repo reponame basedir=/path/to/dir enabled=1 salt '*' pkg.mod_repo reponame baseurl= mirrorlist=http://host.com/ salt.modules.yumpkg.normalize_name(name) Strips the architecture from the speciﬁed package name, if necessary. Circ*mstances where this would be done include: •If the arch is 32 bit and the package name ends in a 32-bit arch. •If the arch matches the OS arch, or is noarch. CLI Example:</p><p> salt '*' pkg.normalize_name zsh.x86_64 salt.modules.yumpkg.owner(*paths) New in version 2014.7.0. Return the name of the package that owns the ﬁle. Multiple ﬁle paths can be passed. Like pkg.version <salt.modules.yumpkg.version a="" an="" and="" are="" as="" be="" by="" changes.="" cli="" containing="" delete.="" deleted.="" dict="" dictionary="" empty="" example:="" for="" function="" identical="" if="" ignored="" in="" is="" list="" list.="" minion="" multiple must="" name="" new="" not="" of="" on="" option="" options:="" or="" owned="" package="" packages="" pairs="" parameter="" passed="" passed.="" path="" path.="" paths="" pkg.owner="" pkg.remove.="" pkgs="None," present="" purges="" python="" returned="" returned.="" returns="" salt="" salt.modules.yumpkg.purge="" single="" string="" supported="" that="" the="" then="" this="" to="" version="" will="" yum=""><p> salt '*' pkg.purge <package name=""> salt '*' pkg.purge <package1>,<package2>,<package3> salt '*' pkg.purge pkgs='["foo", "bar"]' salt.modules.yumpkg.refresh_db(**kwargs) Check the yum repos for updated packages Returns: •True: Updates are available •False: An error occurred</package3></package2></package1></package></p><p>22.16. Full list of builtin execution modules 905 Salt Documentation, Release 2014.7.6</p><p>•None: No updates are available CLI Example:</p><p> salt '*' pkg.refresh_db salt.modules.yumpkg.remove(name=None, pkgs=None, **kwargs) Remove packages with yum -q -y remove. name e name of the package to be deleted. Multiple Package Options: pkgs A list of packages to delete. Must be passed as a python list. e name parameter will be ignored if this option is passed. New in version 0.16.0. Returns a dict containing the changes. CLI Example:</p><p> salt '*' pkg.remove <package name=""> salt '*' pkg.remove <package1>,<package2>,<package3> salt '*' pkg.remove pkgs='["foo", "bar"]' salt.modules.yumpkg.unhold(name=None, pkgs=None, sources=None, **kwargs) New in version 2014.7.0. Hold packages with yum -q versionlock. name e name of the package to be deleted. Multiple Package Options: pkgs A list of packages to unhold. Must be passed as a python list. e name parameter will be ignored if this option is passed. Returns a dict containing the changes. CLI Example:</package3></package2></package1></package></p><p> salt '*' pkg.unhold <package name=""> salt '*' pkg.unhold pkgs='["foo", "bar"]' salt.modules.yumpkg.upgrade(refresh=True, fromrepo=None, skip_verify=False, **kwargs) Run a full system upgrade, a yum upgrade Changed in version 2014.7.0. Return a dict containing the new package names and versions:</package></p><p>{'<package>':{'old': '<old-version>', 'new': '<new-version>'}}</new-version></old-version></package></p><p>CLI Example:</p><p> salt '*' pkg.upgrade</p><p>Repository Options: fromrepo Specify a package repository (or repositories) from which to install. (e.g., yum -- disablerepo='*' --enablerepo='somerepo')</p><p>906 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> enablerepo (ignored if fromrepo is speciﬁed) Specify a disabled package repository (or repositories) to en- able. (e.g., yum --enablerepo='somerepo') disablerepo (ignored if fromrepo is speciﬁed) Specify an enabled package repository (or repositories) to disable. (e.g., yum --disablerepo='somerepo') disableexcludes Disable exclude from main, for a repo or for everything. (e.g., yum -- disableexcludes='main') New in version 2014.7.0. salt.modules.yumpkg.upgrade_available(name) Check whether or not an upgrade is available for a given package CLI Example:</p><p> salt '*' pkg.upgrade_available <package name=""> salt.modules.yumpkg.verify(*names, **kwargs) New in version 2014.1.0. Runs an rpm -Va on a system, and returns the results in a dict Files with an aribute of conﬁg, doc, ghost, license or readme in the package header can be ignored using the ignore_types keyword argument CLI Example:</package></p><p> salt '*' pkg.verify salt '*' pkg.verify httpd salt '*' pkg.verify 'httpd postfix' salt '*' pkg.verify 'httpd postfix' ignore_types=['config','doc'] salt.modules.yumpkg.version(*names, **kwargs) Returns a string representing the package version or an empty string if not installed. If more than one package name is speciﬁed, a dict of name/version pairs is returned. CLI Example:</p><p> salt '*' pkg.version <package name=""> salt '*' pkg.version <package1> <package2> <package3> ...</package3></package2></package1></package></p><p>22.16.241 salt.modules.zcbuildout</p><p>Management of zc.buildout</p><p>New in version 2014.1.0. is module is inspired by minitage's buildout maker</p><p>Note: e zc.buildout integration is still in beta; the API is subject to change</p><p>General notes</p><p>You have those following methods: • upgrade_bootstrap • bootstrap</p><p>22.16. Full list of builtin execution modules 907 Salt Documentation, Release 2014.7.6</p><p>• run_buildout • buildout salt.modules.zcbuildout.bootstrap(*a, **kw) Run the buildout bootstrap dance (python bootstrap.py). directory directory to execute in conﬁg alternative buildout conﬁguration ﬁle to use runas User used to run buildout as env environment variables to set when running buildout_ver force a speciﬁc buildout version (1 | 2) test_release buildout accept test release oﬄine are we executing buildout in oﬄine mode distribute Forcing use of distribute new_st Forcing use of <span>setuptools</span> &gt;= 0.7 python path to a python executable to use in place of default (salt one) onlyif Only execute cmd if statement on the host return 0 unless Do not execute cmd if statement on the host return 0 use_vt Use the new salt VT to stream output [experimental] CLI Example:</p><p> salt '*' buildout.bootstrap /srv/mybuildout salt.modules.zcbuildout.buildout(*a, **kw) Run buildout in a directory. directory directory to execute in conﬁg buildout conﬁg to use parts speciﬁc buildout parts to run runas user used to run buildout as env environment variables to set when running buildout_ver force a speciﬁc buildout version (1 | 2) test_release buildout accept test release new_st Forcing use of setuptools &gt;= 0.7 distribute use distribute over setuptools if possible oﬄine does buildout run oﬄine python python to use debug run buildout with -D debug ﬂag onlyif Only execute cmd if statement on the host return 0 unless Do not execute cmd if statement on the host return 0 newest run buildout in newest mode</p><p>908 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> verbose run buildout in verbose mode (-vvvvv) use_vt Use the new salt VT to stream output [experimental] CLI Example:</p><p> salt '*' buildout.buildout /srv/mybuildout salt.modules.zcbuildout.run_buildout(*a, **kw) Run a buildout in a directory. directory directory to execute in conﬁg alternative buildout conﬁguration ﬁle to use oﬄine are we executing buildout in oﬄine mode runas user used to run buildout as env environment variables to set when running onlyif Only execute cmd if statement on the host return 0 unless Do not execute cmd if statement on the host return 0 newest run buildout in newest mode force run buildout unconditionally verbose run buildout in verbose mode (-vvvvv) use_vt Use the new salt VT to stream output [experimental] CLI Example:</p><p> salt '*' buildout.run_buildout /srv/mybuildout salt.modules.zcbuildout.upgrade_bootstrap(*a, **kw) Upgrade current bootstrap.py with the last released one. Indeed, when we ﬁrst run a buildout, a common source of problem is to have a locally stale bootstrap, we just try to grab a new copy directory directory to execute in oﬄine are we executing buildout in oﬄine mode buildout_ver forcing to use a speciﬁc buildout version (1 | 2) onlyif Only execute cmd if statement on the host return 0 unless Do not execute cmd if statement on the host return 0 CLI Example:</p><p> salt '*' buildout.upgrade_bootstrap /srv/mybuildout</p><p>22.16.242 salt.modules.zfs</p><p>Salt interface to ZFS commands</p><p>22.16. Full list of builtin execution modules 909 Salt Documentation, Release 2014.7.6</p><p>22.16.243 salt.modules.znc znc - An advanced IRC bouncer New in version 2014.7.0. Provides an interface to basic ZNC functionality salt.modules.znc.buildmod(*modules) Build module using znc-buildmod CLI Example:</p><p> salt '*' znc.buildmod module.cpp [...] salt.modules.znc.dumpconf() Write the active conﬁguration state to conﬁg ﬁle CLI Example:</p><p> salt '*' znc.dumpconf salt.modules.znc.rehashconf() Rehash the active conﬁguration state from conﬁg ﬁle CLI Example:</p><p> salt '*' znc.rehashconf salt.modules.znc.version() Return server version from znc --version CLI Example:</p><p> salt '*' znc.version</p><p>22.16.244 salt.modules.zpool</p><p>Module for running ZFS zpool command salt.modules.zpool.add(pool_name, vdev) Add the speciﬁed vdev to the given pool CLI Example:</p><p> salt '*' zpool.add myzpool /path/to/vdev salt.modules.zpool.create(pool_name, *vdevs) Create a new storage pool CLI Example:</p><p> salt '*' zpool.create myzpool /path/to/vdev1 [/path/to/vdev2] [...] salt.modules.zpool.create_file_vdev(size, *vdevs) Creates ﬁle based virtual devices for a zpool *vdevs is a list of full paths for mkﬁle to create CLI Example:</p><p>910 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt '*' zpool.create_file_vdev 7g /path/to/vdev1 [/path/to/vdev2] [...]</p><p>Depending on file size this may take a while to return salt.modules.zpool.destroy(pool_name) Destroys a storage pool CLI Example:</p><p> salt '*' zpool.destroy myzpool salt.modules.zpool.exists(pool_name) Check if a ZFS storage pool is active CLI Example:</p><p> salt '*' zpool.exists myzpool salt.modules.zpool.iostat(name='`) Display I/O statistics for the given pools CLI Example:</p><p> salt '*' zpool.iostat myzpool salt.modules.zpool.replace(pool_name, old, new) Replaces old device with new device. CLI Example:</p><p> salt '*' zpool.replace myzpool /path/to/vdev1 /path/to/vdev2 salt.modules.zpool.scrub(pool_name=None) Begin a scrub CLI Example:</p><p> salt '*' zpool.scrub myzpool salt.modules.zpool.status(name='`) Return the status of the named zpool CLI Example:</p><p> salt '*' zpool.status myzpool salt.modules.zpool.zpool_list() Return a list of all pools in the system with health status and space usage CLI Example:</p><p> salt '*' zpool.zpool_list</p><p>22.16.245 salt.modules.zypper</p><p>Package support for openSUSE via the zypper package manager depends • <span>zypp</span> Python module. Install with zypper install python-zypp</p><p>22.16. Full list of builtin execution modules 911 Salt Documentation, Release 2014.7.6 salt.modules.zypper.del_repo(repo, **kwargs) Delete a repo. CLI Examples:</p><p> salt '*' pkg.del_repo alias salt '*' pkg.del_repo alias salt.modules.zypper.get_repo(repo, **kwargs) Display a repo. CLI Example:</p><p> salt '*' pkg.get_repo alias salt.modules.zypper.install(name=None, refresh=False, fromrepo=None, pkgs=None, sources=None, **kwargs) Install the passed package(s), add refresh=True to run `zypper refresh' before package is installed. name e name of the package to be installed. Note that this parameter is ignored if either ``pkgs'' or ``sources'' is passed. Additionally, please note that this option can only be used to install packages from a soware repository. To install a package ﬁle manually, use the ``sources'' option. CLI Example:</p><p> salt '*' pkg.install <package name=""></package></p><p> refresh Whether or not to refresh the package database before installing. fromrepo Specify a package repository to install from. version Can be either a version number, or the combination of a comparison operator (&lt;, &gt;, &lt;=, &gt;=, =) and a version number (ex. `&gt;1.2.3-4'). is parameter is ignored if ``pkgs'' or ``sources'' is passed. Multiple Package Installation Options: pkgs A list of packages to install from a soware repository. Must be passed as a python list. A speciﬁc version number can be speciﬁed by using a single-element dict representing the package and its version. As with the version parameter above, comparison operators can be used to target a speciﬁc version of a package. CLI Examples:</p><p> salt '*' pkg.install pkgs='["foo", "bar"]' salt '*' pkg.install pkgs='["foo", {"bar": "1.2.3-4"}]' salt '*' pkg.install pkgs='["foo", {"bar": "&lt;1.2.3-4"}]'</p><p> sources A list of RPM packages to install. Must be passed as a list of dicts, with the keys being package names, and the values being the source URI or local path to the package. CLI Example:</p><p> salt '*' pkg.install sources='[{"foo": "salt://foo.rpm"},{"bar": "salt://bar.rpm"}]'</p><p>Returns a dict containing the new package names and versions:</p><p>{'<package>':{'old': '<old-version>', 'new': '<new-version>'}} salt.modules.zypper.latest_version(*names, **kwargs) Return the latest version of the named package available for upgrade or installation. If more than one package name is speciﬁed, a dict of name/version pairs is returned.</new-version></old-version></package></p><p>912 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>If the latest version of a given package is already installed, an empty string will be returned for that package. CLI Example:</p><p> salt '*' pkg.latest_version <package name=""> salt '*' pkg.latest_version <package1> <package2> <package3> ... salt.modules.zypper.list_pkgs(versions_as_list=False, **kwargs) List the packages currently installed as a dict:</package3></package2></package1></package></p><p>{'<package_name>': '<version>'}</version></package_name></p><p>CLI Example:</p><p> salt '*' pkg.list_pkgs salt.modules.zypper.list_repos() Lists all repos. CLI Example:</p><p> salt '*' pkg.list_repos salt.modules.zypper.list_upgrades(refresh=True) List all available package upgrades on this system CLI Example:</p><p> salt '*' pkg.list_upgrades salt.modules.zypper.mod_repo(repo, **kwargs) Modify one or more values for a repo. If the repo does not exist, it will be created, so long as the following values are speciﬁed: repo alias by which the zypper refers to the repo url or mirrorlist the URL for zypper to reference Key/Value pairs may also be removed from a repo's conﬁguration by seing a key to a blank value. Bear in mind that a name cannot be deleted, and a url can only be deleted if a mirrorlist is speciﬁed (or vice versa). CLI Examples:</p><p> salt '*' pkg.mod_repo alias alias=new_alias salt '*' pkg.mod_repo alias enabled=True salt '*' pkg.mod_repo alias url= mirrorlist=http://host.com/ salt.modules.zypper.purge(name=None, pkgs=None, **kwargs) Recursively remove a package and all dependencies which were installed with it, this will call a zypper -n remove -u name e name of the package to be deleted. Multiple Package Options: pkgs A list of packages to delete. Must be passed as a python list. e name parameter will be ignored if this option is passed. New in version 0.16.0. Returns a dict containing the changes. CLI Example:</p><p>22.16. Full list of builtin execution modules 913 Salt Documentation, Release 2014.7.6</p><p> salt '*' pkg.purge <package name=""> salt '*' pkg.purge <package1>,<package2>,<package3> salt '*' pkg.purge pkgs='["foo", "bar"]' salt.modules.zypper.refresh_db() Just run a zypper refresh, return a dict:</package3></package2></package1></package></p><p>{'<database name="">': Bool}</database></p><p>CLI Example:</p><p> salt '*' pkg.refresh_db salt.modules.zypper.remove(name=None, pkgs=None, **kwargs) Remove packages with zypper -n remove name e name of the package to be deleted. Multiple Package Options: pkgs A list of packages to delete. Must be passed as a python list. e name parameter will be ignored if this option is passed. New in version 0.16.0. Returns a dict containing the changes. CLI Example:</p><p> salt '*' pkg.remove <package name=""> salt '*' pkg.remove <package1>,<package2>,<package3> salt '*' pkg.remove pkgs='["foo", "bar"]' salt.modules.zypper.upgrade(refresh=True) Run a full system upgrade, a zypper upgrade Return a dict containing the new package names and versions:</package3></package2></package1></package></p><p>{'<package>':{'old': '<old-version>', 'new': '<new-version>'}}</new-version></old-version></package></p><p>CLI Example:</p><p> salt '*' pkg.upgrade salt.modules.zypper.upgrade_available(name) Check whether or not an upgrade is available for a given package CLI Example:</p><p> salt '*' pkg.upgrade_available <package name=""> salt.modules.zypper.version(*names, **kwargs) Returns a string representing the package version or an empty string if not installed. If more than one package name is speciﬁed, a dict of name/version pairs is returned. CLI Example:</package></p><p> salt '*' pkg.version <package name=""> salt '*' pkg.version <package1> <package2> <package3> ...</package3></package2></package1></package></p><p>914 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>22.17 Full list of netapi modules</p><p>22.17.1 rest_cherrypy</p><p>A REST API for Salt</p><p>New in version 2014.7.0. depends • CherryPy Python module (strongly recommend 3.2.x versions due to an as yet unknown SSL error). optdepends • ws4py Python module for websockets support. conﬁguration All authentication is done through Salt's external auth system which requires additional conﬁguration not described here. Example production-ready conﬁguration; add to the Salt master conﬁg ﬁle and restart the salt- master and salt-api daemons:</p><p> rest_cherrypy: port: 8000 ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/certs/localhost.key</p><p>Using only a secure HTTPS connection is strongly recommended since Salt authentication creden- tials will be sent over the wire. A self-signed certiﬁcate can be generated using the create_self_signed_cert() execution function. Running this function requires pyOpenSSL and the salt-call script is available in the salt-minion package.</p><p> salt-call --local tls.create_self_signed_cert</p><p>All available conﬁguration options are detailed below. ese seings conﬁgure the CherryPy HTTP server and do not apply when using an external server such as Apache or Nginx. port Required e port for the webserver to listen on. host [0.0.0.0] e socket interface for the HTTP server to listen on. debug [False] Starts the web server in development mode. It will reload itself when the under- lying code is changed and will output more debugging info. ssl_crt e path to a SSL certiﬁcate. (See below) ssl_key e path to the private key for your SSL certiﬁcate. (See below) disable_ssl A ﬂag to disable SSL. Warning: your Salt authentication credentials will be sent in the clear! webhook_disable_auth [False] e Webhook URL requires authentication by default but external services cannot always be conﬁgured to send authentication. See the Webhook documentation for suggestions on securing this interface. webhook_url [/hook] Conﬁgure the URL endpoint for the Webhook entry point.</p><p>22.17. Full list of netapi modules 915 Salt Documentation, Release 2014.7.6</p><p> thread_pool [100] e number of worker threads to start up in the pool. soet_queue_size [30] Specify the maximum number of HTTP connections to queue. expire_responses [True] Whether to check for and kill HTTP responses that have exceeded the default timeout. max_request_body_size [1048576] Maximum size for the HTTP request body. collect_stats [False] Collect and report statistics about the CherryPy server Reports are available via the Stats URL. static A ﬁlesystem path to static HTML/JavaScript/CSS/image assets. static_path [/static] e URL preﬁx to use when serving static assets out of the directory speciﬁed in the static seing. app A ﬁlesystem path to an HTML ﬁle that will be served as a static ﬁle. is is useful for boot- strapping a single-page JavaScript app. app_path [/app] e URL preﬁx to use for serving the HTML ﬁle speciﬁed in the app seing. is should be a simple name containing no slashes. Any path information aer the speciﬁed path is ignored; this is useful for apps that utilize the HTML5 history API. root_preﬁx [/] A URL path to the main entry point for the application. is is useful for serving multiple applications from the same URL.</p><p>Authentication</p><p>Authentication is performed by passing a session token with each request. Tokens are generated via the Login URL. e token may be sent in one of two ways: • Include a custom header named X-Auth-Token. For example, using curl:</p><p> curl -sSk https://localhost:8000/login -H 'Accept: application/x-yaml' -d username=saltdev -d password=saltdev -d eauth=auto</p><p>Copy the token value from the output and include it in subsequent requests:</p><p> curl -sSk hps://localhost:8000 -H `Accept: application/x-yaml' -H `X-Auth-Token: 697adbdc8fe971d09ae4c2a3add7248859c87079' -d client=local -d tgt='*' -d fun=test.ping • Sent via a cookie. is option is a convenience for HTTP clients that automatically handle cookie support (such as browsers). For example, using curl:</p><p># Write the cookie file: curl -sSk https://localhost:8000/login -c ~/cookies.txt -H 'Accept: application/x-yaml' -d username=saltdev -d password=saltdev -d eauth=auto</p><p># Read the cookie file: curl -sSk https://localhost:8000 -b ~/cookies.txt -H 'Accept: application/x-yaml' -d client=local -d tgt='*' -d fun=test.ping</p><p>See also: You can bypass the session handling via the Run URL.</p><p>916 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Usage</p><p>Commands are sent to a running Salt master via this module by sending HTTP requests to the URLs detailed below.</p><p>Content negotiation is REST interface is ﬂexible in what data formats it will accept as well as what formats it will return (e.g., JSON, YAML, x-www-form-urlencoded). • Specify the format of data in the request body by including the Content-Type header. • Specify the desired data format for the response body with the Accept header.</p><p>Data sent in POST and PUT requests must be in the format of a list of lowstate dictionaries. is allows multiple commands to be executed in a single HTTP request. e order of commands in the request corresponds to the return for each command in the response. Lowstate, broadly, is a dictionary of values that are mapped to a function call. is paern is used pervasively throughout Salt. e functions called from netapi modules are described in Client Interfaces. e following example (in JSON format) causes Salt to execute two commands, a command sent to minions as well as a runner function on the master:</p><p>[{ "client": "local", "tgt": "*", "fun": "test.fib", "arg":["10"] }, { "client": "runner", "fun": "jobs.lookup_jid", "jid": "20130603122505459265" }] x-www-form-urlencoded Sending JSON or YAML in the request body is simple and most ﬂexible, however sending data in urlencoded format is also supported with the caveats below. It is the default format for HTML forms, many JavaScript libraries, and the curl command. For example, the equivalent to running salt '*' test.ping is sending fun=test.ping&amp;arg&amp;client=local&amp;tgt=* in the HTTP request body. Caveats: • Only a single command may be sent per HTTP request. • Repeating the arg parameter multiple times will cause those parameters to be combined into a single list. Note, some popular frameworks and languages (notably jery, PHP, and Ruby on Rails) will automatically append empty brackets onto repeated parameters. E.g., arg=one, arg=two will be sent as arg[]=one, arg[]=two. is is not supported; send JSON or YAML instead.</p><p>Deployment</p><p>e rest_cherrypy netapi module is a standard Python WSGI app. It can be deployed one of two ways.</p><p>22.17. Full list of netapi modules 917 Salt Documentation, Release 2014.7.6</p><p> salt-api using the CherryPy server</p><p>e default conﬁguration is to run this module using salt-api to start the Python-based CherryPy server. is server is lightweight, multi-threaded, encrypted with SSL, and should be considered production-ready.</p><p>Using a WSGI-compliant web server</p><p>is module may be deployed on any WSGI-compliant server such as Apache with mod_wsgi or Nginx with FastCGI, to name just two (there are many). Note, external WSGI servers handle URLs, paths, and SSL certs directly. e rest_cherrypy conﬁguration op- tions are ignored and the salt-api daemon does not need to be running at all. Remember Salt authentication credentials are sent in the clear unless SSL is being enforced! An example Apache virtual host conﬁguration:</p><p><virtualhost> ServerName example.com ServerAlias *.example.com</virtualhost></p><p>ServerAdmin webmaster@example.com</p><p>LogLevel warn ErrorLog /var/www/example.com/logs/error.log CustomLog /var/www/example.com/logs/access.log combined</p><p>DocumentRoot /var/www/example.com/htdocs</p><p>WSGIScriptAlias / /path/to/salt/netapi/rest_cherrypy/wsgi.py </p><p>REST URI Reference</p><p>• / • /login • /logout • /minions • /jobs • /run • /events • /hook • /key • /ws • /stats</p><p>/</p><p> class salt.netapi.rest_cherrypy.app.LowDataAdapter e primary entry point to Salt's REST API GET() An explanation of the API with links of where to go next</p><p>918 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>GET / Request Headers • Accept -- the desired response format. Status Codes • 200 -- success • 401 -- authentication required • 406 -- requested Content-Type not available Example request:</p><p> curl -i localhost:8000</p><p>GET / HTTP/1.1 Host: localhost:8000 Accept: application/json</p><p>Example response:</p><p>HTTP/1.1 200 OK Content-Type: application/json</p><p>POST Mock out speciﬁed imports is allows autodoc to do its thing without having oodles of req'd installed libs. is doesn't work with import * imports. hp://read-the-docs.readthedocs.org/en/latest/faq.html#i-get-import-errors-on-libraries-that-depend- on-c-modules</p><p>/login class salt.netapi.rest_cherrypy.app.Login(*args, **kwargs) Log in to receive a session token Authentication information. GET() Present the login interface GET /login An explanation of how to log in. Status Codes • 200 -- success • 401 -- authentication required • 406 -- requested Content-Type not available Example request:</p><p> curl -i localhost:8000/login</p><p>GET /login HTTP/1.1 Host: localhost:8000 Accept: text/html</p><p>Example response:</p><p>HTTP/1.1 200 OK Content-Type: text/html</p><p>22.17. Full list of netapi modules 919 Salt Documentation, Release 2014.7.6</p><p>POST(**kwargs) Authenticate against Salt's eauth system POST /login Request Headers • X-Auth-Token -- a session token from Login. • Accept -- the desired response format. • Content-Type -- the format of the request body. Form Parameters • eauth -- the eauth backend conﬁgured for the user • username -- username • password -- password Status Codes • 200 -- success • 401 -- authentication required • 406 -- requested Content-Type not available Example request:</p><p> curl -si localhost:8000/login \ -H "Accept: application/json" \ -d username='saltuser' \ -d password='saltpass' \ -d eauth='pam'</p><p>POST / HTTP/1.1 Host: localhost:8000 Content-Length: 42 Content-Type: application/x-www-form-urlencoded Accept: application/json</p><p> username=saltuser&amp;password=saltpass&amp;eauth=pam</p><p>Example response:</p><p>HTTP/1.1 200 OK Content-Type: application/json Content-Length: 206 X-Auth-Token: 6d1b722e Set-Cookie: session_id=6d1b722e; expires=Sat, 17 Nov 2012 03:23:52 GMT; Path=/</p><p>{"return":{ "token": "6d1b722e", "start": 1363805943.776223, "expire": 1363849143.776224, "user": "saltuser", "eauth": "pam", "perms":[ "grains.*", "status.*", "sys.*", "test.*" ] }}</p><p>920 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>/logout class salt.netapi.rest_cherrypy.app.Logout Class to remove or invalidate sessions POST() Destroy the currently active session and expire the session cookie</p><p>/minions class salt.netapi.rest_cherrypy.app.Minions Convenience URLs for working with minions GET(mid=None) A convenience URL for geing lists of minions or geing minion details GET /minions/(mid) Request Headers • X-Auth-Token -- a session token from Login. • Accept -- the desired response format. Status Codes • 200 -- success • 401 -- authentication required • 406 -- requested Content-Type not available Example request:</p><p> curl -i localhost:8000/minions/ms-3</p><p>GET /minions/ms-3 HTTP/1.1 Host: localhost:8000 Accept: application/x-yaml</p><p>Example response:</p><p>HTTP/1.1 200 OK Content-Length: 129005 Content-Type: application/x-yaml</p><p> return: - ms-3: grains.items: ...</p><p>POST(**kwargs) Start an execution command and immediately return the job id POST /minions Request Headers • X-Auth-Token -- a session token from Login. • Accept -- the desired response format. • Content-Type -- the format of the request body. Response Headers • Content-Type -- the format of the response body; depends on the Accept request header. Status Codes • 200 -- success</p><p>22.17. Full list of netapi modules 921 Salt Documentation, Release 2014.7.6</p><p>• 401 -- authentication required • 406 -- requested Content-Type not available lowstate data describing Salt commands must be sent in the request body. e client option will be set to local_async(). Example request:</p><p> curl -sSi localhost:8000/minions \ -H "Accept: application/x-yaml" \ -d tgt='*' \ -d fun='status.diskusage'</p><p>POST /minions HTTP/1.1 Host: localhost:8000 Accept: application/x-yaml Content-Length: 26 Content-Type: application/x-www-form-urlencoded</p><p> tgt=*&amp;fun=status.diskusage</p><p>Example response:</p><p>HTTP/1.1 202 Accepted Content-Length: 86 Content-Type: application/x-yaml</p><p> return: - jid: '20130603122505459265' minions: [ms-4, ms-3, ms-2, ms-1, ms-0] _links: jobs: - href: /jobs/20130603122505459265</p><p>/jobs class salt.netapi.rest_cherrypy.app.Jobs</p><p>GET(jid=None) A convenience URL for geing lists of previously run jobs or geing the return from a single job GET /jobs/(jid) List jobs or show a single job from the job cache. Status Codes • 200 -- success • 401 -- authentication required • 406 -- requested Content-Type not available Example request:</p><p> curl -i localhost:8000/jobs</p><p>GET /jobs HTTP/1.1 Host: localhost:8000 Accept: application/x-yaml</p><p>Example response:</p><p>922 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>HTTP/1.1 200 OK Content-Length: 165 Content-Type: application/x-yaml</p><p> return: - '20121130104633606931': Arguments: - '3' Function: test.fib Start Time: 2012, Nov 30 10:46:33.606931 Target: jerry Target-type: glob</p><p>Example request:</p><p> curl -i localhost:8000/jobs/20121130104633606931</p><p>GET /jobs/20121130104633606931 HTTP/1.1 Host: localhost:8000 Accept: application/x-yaml</p><p>Example response:</p><p>HTTP/1.1 200 OK Content-Length: 73 Content-Type: application/x-yaml</p><p> info: - Arguments: - '3' Function: test.fib Minions: - jerry Start Time: 2012, Nov 30 10:46:33.606931 Target: '*' Target-type: glob User: saltdev jid: '20121130104633606931' return: - jerry: - - 0 - 1 - 1 - 2 - 6.9141387939453125e-06</p><p>/run class salt.netapi.rest_cherrypy.app.Run Class to run commands without normal session handling POST(**kwargs) Run commands bypassing the normal session handling POST /run is entry point is primarily for ``one-oﬀ'' commands. Each request must pass full Salt authentica- tion credentials. Otherwise this URL is identical to the root URL (/).</p><p>22.17. Full list of netapi modules 923 Salt Documentation, Release 2014.7.6</p><p> lowstate data describing Salt commands must be sent in the request body. Status Codes • 200 -- success • 401 -- authentication required • 406 -- requested Content-Type not available Example request:</p><p> curl -sS localhost:8000/run \ -H 'Accept: application/x-yaml' \ -d client='local' \ -d tgt='*' \ -d fun='test.ping' \ -d username='saltdev' \ -d password='saltdev' \ -d eauth='pam'</p><p>POST /run HTTP/1.1 Host: localhost:8000 Accept: application/x-yaml Content-Length: 75 Content-Type: application/x-www-form-urlencoded</p><p> client=local&amp;tgt=*&amp;fun=test.ping&amp;username=saltdev&amp;password=saltdev&amp;eauth=pam</p><p>Example response:</p><p>HTTP/1.1 200 OK Content-Length: 73 Content-Type: application/x-yaml</p><p> return: - ms-0: true ms-1: true ms-2: true ms-3: true ms-4: true</p><p>/events class salt.netapi.rest_cherrypy.app.Events Expose the Salt event bus e event bus on the Salt master exposes a large variety of things, notably when executions are started on the master and also when minions ultimately return their results. is URL provides a real-time window into a running Salt infrastructure. See also: events GET(token=None) An HTTP stream of the Salt master event bus is stream is formaed per the Server Sent Events (SSE) spec. Each event is formaed as JSON. GET /events Status Codes • 200 -- success</p><p>924 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>• 401 -- authentication required • 406 -- requested Content-Type not available Example request:</p><p> curl -NsS localhost:8000/events</p><p>GET /events HTTP/1.1 Host: localhost:8000</p><p>Example response: Note, the tag ﬁeld is not part of the spec. SSE compliant clients should ignore unknown ﬁelds. is addition allows non-compliant clients to only watch for certain tags without having to deserialze the JSON object each time.</p><p>HTTP/1.1 200 OK Connection: keep-alive Cache-Control: no-cache Content-Type: text/event-stream;charset=utf-8</p><p> retry: 400</p><p> tag: salt/job/20130802115730568475/new data: {'tag': 'salt/job/20130802115730568475/new', 'data': {'minions': ['ms-4', 'ms-3', 'ms-2', 'ms-1', 'ms-0']}}</p><p> tag: salt/job/20130802115730568475/ret/jerry data: {'tag': 'salt/job/20130802115730568475/ret/jerry', 'data': {'jid': '20130802115730568475', 'return': True, 'retcode': 0, 'success': True, 'cmd': '_return', 'fun': 'test.ping', 'id': 'ms-1'}}</p><p>e event stream can be easily consumed via JavaScript:</p><p># Note, you must be authenticated! var source = new EventSource('/events'); source.onopen = function() { console.debug('opening') }; source.onerror = function(e) { console.debug('error!', e) }; source.onmessage = function(e) { console.debug('Tag: ', e.data.tag) console.debug('Data: ', e.data.data) };</p><p>Or using CORS:</p><p> var source = new EventSource('/events', {withCredentials: true});</p><p>Some browser clients lack CORS support for the EventSource() API. Such clients may instead pass the X-Auth-Token value as an URL parameter:</p><p> curl -NsS localhost:8000/events/6d1b722e</p><p>It is also possible to consume the stream via the shell. Records are separated by blank lines; the data: and tag: preﬁxes will need to be removed manually before aempting to unserialize the JSON. curl's -N ﬂag turns oﬀ input buﬀering which is required to process the stream incrementally. Here is a basic example of printing each event as it comes in:</p><p> curl -NsS localhost:8000/events |\ while IFS= read -r line ; do</p><p>22.17. Full list of netapi modules 925 Salt Documentation, Release 2014.7.6</p><p> echo $line done</p><p>Here is an example of using awk to ﬁlter events based on tag:</p><p> curl -NsS localhost:8000/events |\ awk ' BEGIN { RS=""; FS="\\n" } $1 ~ /^tag: salt\/job\/[0-9]+\/new$/ { print $0 } ' tag: salt/job/20140112010149808995/new data: {"tag": "salt/job/20140112010149808995/new", "data": {"tgt_type": "glob", "jid": "20140112010149808995", "tgt": "jerry", "_stamp": "2014-01-12_01:01:49.809617", "user": "shouse", "arg": [], "fun": "test.ping", "minions": ["jerry"]}} tag: 20140112010149808995 data: {"tag": "20140112010149808995", "data": {"fun_args": [], "jid": "20140112010149808995", "return": true, "retcode": 0, "success": true, "cmd": "_return", "_stamp": "2014-01-12_01:01:49.819316", "fun": "test.ping", "id": "jerry"}}</p><p>/hook class salt.netapi.rest_cherrypy.app.Webhook A generic web hook entry point that ﬁres an event on Salt's event bus External services can POST data to this URL to trigger an event in Salt. For example, Amazon SNS, Jenkins-CI or Travis-CI, or GitHub web hooks.</p><p>Note: Be mindful of security Salt's Reactor can run any code. A Reactor SLS that responds to a hook event is responsible for validating that the event came from a trusted source and contains valid data. is is a generic interface and securing it is up to you! is URL requires authentication however not all external services can be conﬁgured to authenticate. For this reason authentication can be selectively disabled for this URL. Follow best practices -- always use SSL, pass a secret key, conﬁgure the ﬁrewall to only allow traﬃc from a known source, etc.</p><p>e event data is taken from the request body. e Content-Type header is respected for the payload. e event tag is preﬁxed with salt/netapi/hook and the URL path is appended to the end. For exam- ple, a POST request sent to /hook/mycompany/myapp/mydata will produce a Salt event with the tag salt/netapi/hook/mycompany/myapp/mydata. e following is an example .travis.yml ﬁle to send notiﬁcations to Salt of successful test runs:</p><p> language: python script: python -m unittest tests after_success: - | curl -sSk https://saltapi-url.example.com:8000/hook/travis/build/success -d branch="${TRAVIS_BRANCH}" -d commit="${TRAVIS_COMMIT}"</p><p>See also: events, reactor POST(*args, **kwargs) Fire an event in Salt with a custom event tag and data POST /hook Status Codes • 200 -- success • 401 -- authentication required</p><p>926 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>• 406 -- requested Content-Type not available • 413 -- request body is too large Example request:</p><p> curl -sS localhost:8000/hook -d foo='Foo!' -d bar='Bar!'</p><p>POST /hook HTTP/1.1 Host: localhost:8000 Content-Length: 16 Content-Type: application/x-www-form-urlencoded</p><p> foo=Foo&amp;bar=Bar!</p><p>Example response:</p><p>HTTP/1.1 200 OK Content-Length: 14 Content-Type: application/json</p><p>{"success": true}</p><p>As a practical example, an internal continuous-integration build server could send an HTTP POST request to the URL https://localhost:8000/hook/mycompany/build/success which contains the result of a build and the SHA of the version that was built as JSON. at would then produce the following event in Salt that could be used to kick oﬀ a deployment via Salt's Reactor:</p><p>Event fired at Fri Feb 14 17:40:11 2014 ************************* Tag: salt/netapi/hook/mycompany/build/success Data: {'_stamp': '2014-02-14_17:40:11.440996', 'headers': { 'X-My-Secret-Key': 'F0fa*goQjIT@W', 'Content-Length': '37', 'Content-Type': 'application/json', 'Host': 'localhost:8000', 'Remote-Addr': '127.0.0.1'}, 'post': {'revision': 'aa22a3c4b2e7', 'result': True}}</p><p>Salt's Reactor could listen for the event: reactor: - 'salt/netapi/hook/mycompany/build/*': - /srv/reactor/react_ci_builds.sls</p><p>And ﬁnally deploy the new build:</p><p>{% set secret_key = data.get('headers', {}).get('X-My-Secret-Key') %} {% set build = data.get('post', {}) %}</p><p>{% if secret_key == 'F0fa*goQjIT@W' and build.result == True %} deploy_my_app: cmd.state.sls: - tgt: 'application*' - arg: - myapp.deploy - kwarg: pillar:</p><p>22.17. Full list of netapi modules 927 Salt Documentation, Release 2014.7.6</p><p> revision: {{ revision }} {% endif %}</p><p>/key class salt.netapi.rest_cherrypy.app.Keys Convenience URLs for working with minion keys New in version 2014.7.0. ese URLs wrap the functionality provided by the key wheel module functions. GET(mid=None) Show the list of minion keys or detail on a speciﬁc key New in version 2014.7.0. GET /keys/(mid) List all keys or show a speciﬁc key Status Codes • 200 -- success • 401 -- authentication required • 406 -- requested Content-Type not available Example request:</p><p> curl -i localhost:8000/keys</p><p>GET /keys HTTP/1.1 Host: localhost:8000 Accept: application/x-yaml</p><p>Example response:</p><p>HTTP/1.1 200 OK Content-Length: 165 Content-Type: application/x-yaml</p><p> return: local: - master.pem - master.pub minions: - jerry minions_pre: [] minions_rejected: []</p><p>Example request:</p><p> curl -i localhost:8000/keys/jerry</p><p>GET /keys/jerry HTTP/1.1 Host: localhost:8000 Accept: application/x-yaml</p><p>Example response:</p><p>928 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>HTTP/1.1 200 OK Content-Length: 73 Content-Type: application/x-yaml</p><p> return: minions: jerry: 51:93:b3:d0:9f:3a:6d:e5:28:67:c2:4b:27:d6:cd:2b</p><p>POST(mid, keysize=None, force=None, **kwargs) Easily generate keys for a minion and auto-accept the new key New in version 2014.7.0. Example partial kickstart script to bootstrap a new minion:</p><p>%post mkdir -p /etc/salt/pki/minion curl -sSk https://localhost:8000/keys \ -d mid=jerry \ -d username=kickstart \ -d password=kickstart \ -d eauth=pam \ | tar -C /etc/salt/pki/minion -xf -</p><p> mkdir -p /etc/salt/minion.d printf 'master: 10.0.0.5\nid: jerry' &gt; /etc/salt/minion.d/id.conf %end</p><p>POST /keys Generate a public and private key and return both as a tarball Authentication credentials must be passed in the request. Status Codes • 200 -- success • 401 -- authentication required • 406 -- requested Content-Type not available Example request:</p><p> curl -sSk https://localhost:8000/keys \ -d mid=jerry \ -d username=kickstart \ -d password=kickstart \ -d eauth=pam \ -o jerry-salt-keys.tar</p><p>POST /keys HTTP/1.1 Host: localhost:8000</p><p>Example response:</p><p>HTTP/1.1 200 OK Content-Length: 10240 Content-Disposition: attachment; filename="saltkeys-jerry.tar" Content-Type: application/x-tar</p><p> jerry.pub0000644000000000000000000000070300000000000010730 0ustar 00000000000000</p><p>22.17. Full list of netapi modules 929 Salt Documentation, Release 2014.7.6</p><p>/ws class salt.netapi.rest_cherrypy.app.WebsocketEndpoint Open a WebSocket connection to Salt's event bus e event bus on the Salt master exposes a large variety of things, notably when executions are started on the master and also when minions ultimately return their results. is URL provides a real-time window into a running Salt infrastructure. Uses websocket as the transport mechanism. See also: events GET(token=None, **kwargs) Return a websocket connection of Salt's event stream GET /ws/(token) ery Parameters • format_events -- e event stream will undergo server-side formaing if the for- mat_events URL parameter is included in the request. is can be useful to avoid formaing on the client-side:</p><p> curl -NsS &lt;...snip...&gt; localhost:8000/ws?format_events Request Headers • X-Auth-Token -- an authentication token from Login. Status Codes • 101 -- switching to the websockets protocol • 401 -- authentication required • 406 -- requested Content-Type not available Example request: curl -NsSk -H `X-Auth-Token: ﬀedf49d' -H `Host: localhost:8000' -H `Connection: Upgrade' -H `Upgrade: websocket' -H `Origin: hps://localhost:8000' -H `Sec-WebSocket-Version: 13' -H `Sec-WebSocket-Key: `''$(echo -n $RANDOM | base64)'' localhost:8000/ws</p><p>GET /ws HTTP/1.1 Connection: Upgrade Upgrade: websocket Host: localhost:8000 Origin: https://localhost:8000 Sec-WebSocket-Version: 13 Sec-WebSocket-Key: s65VsgHigh7v/Jcf4nXHnA== X-Auth-Token: ffedf49d</p><p>Example response:</p><p>HTTP/1.1 101 Switching Protocols Upgrade: websocket Connection: Upgrade Sec-WebSocket-Accept: mWZjBV9FCglzn1rIKJAxrTFlnJE= Sec-WebSocket-Version: 13</p><p>An authentication token may optionally be passed as part of the URL for browsers that cannot be con- ﬁgured to send the authentication header or cookie:</p><p> curl -NsS &lt;...snip...&gt; localhost:8000/ws/ffedf49d</p><p>e event stream can be easily consumed via JavaScript:</p><p>930 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>// Note, you must be authenticated! var source = new Websocket('ws://localhost:8000/ws/d0ce6c1a'); source.onerror = function(e) { console.debug('error!', e); }; source.onmessage = function(e) { console.debug(e.data); };</p><p> source.send('websocket client ready')</p><p> source.close();</p><p>Or via Python, using the Python module websocket-client for example.</p><p># Note, you must be authenticated!</p><p> from websocket import create_connection</p><p> ws = create_connection('ws://localhost:8000/ws/d0ce6c1a') ws.send('websocket client ready')</p><p># Look at https://pypi.python.org/pypi/websocket-client/ for more # examples. while listening_to_events: print ws.recv()</p><p> ws.close()</p><p>Above examples show how to establish a websocket connection to Salt and activating real time updates from Salt's event stream by signaling websocket client ready.</p><p>/stats class salt.netapi.rest_cherrypy.app.Stats Expose statistics on the running CherryPy server GET() Return a dump of statistics collected from the CherryPy server GET /stats Request Headers • X-Auth-Token -- a session token from Login. • Accept -- the desired response format. Response Headers • Content-Type -- the format of the response body; depends on the Accept request header. Status Codes • 200 -- success • 401 -- authentication required • 406 -- requested Content-Type not available</p><p>22.17. Full list of netapi modules 931 Salt Documentation, Release 2014.7.6</p><p>22.17.2 rest_tornado</p><p>A non-blocking REST API for Salt</p><p> depends • tornado Python module conﬁguration All authentication is done through Salt's external auth system which requires additional conﬁguration not described here. In order to run rest_tornado with the salt-master add the following to the Salt master conﬁg ﬁle. rest_tornado: # can be any port port: 8000 ssl_crt: /etc/pki/api/certs/server.crt # no need to specify ssl_key if cert and key # are in one single file ssl_key: /etc/pki/api/certs/server.key debug: False disable_ssl: False</p><p>Authentication</p><p>Authentication is performed by passing a session token with each request. Tokens are generated via the SaltAu- thHandler URL. e token may be sent in one of two ways: • Include a custom header named X-Auth-Token. • Sent via a cookie. is option is a convenience for HTTP clients that automatically handle cookie support (such as browsers). See also: You can bypass the session handling via the RunSaltAPIHandler URL.</p><p>Usage</p><p>Commands are sent to a running Salt master via this module by sending HTTP requests to the URLs detailed below.</p><p>Content negotiation is REST interface is ﬂexible in what data formats it will accept as well as what formats it will return (e.g., JSON, YAML, x-www-form-urlencoded). • Specify the format of data in the request body by including the Content-Type header. • Specify the desired data format for the response body with the Accept header.</p><p>Data sent in POST and PUT requests must be in the format of a list of lowstate dictionaries. is allows multiple commands to be executed in a single HTTP request.</p><p>932 Chapter 22. Reference Salt Documentation, Release 2014.7.6 lowstate A dictionary containing various keys that instruct Salt which command to run, where that command lives, any parameters for that command, any authentication credentials, what returner to use, etc. Salt uses the lowstate data format internally in many places to pass command data between functions. Salt also uses lowstate for the LocalClient() Python API interface. e following example (in JSON format) causes Salt to execute two commands:</p><p>[{ "client": "local", "tgt": "*", "fun": "test.fib", "arg":["10"] }, { "client": "runner", "fun": "jobs.lookup_jid", "jid": "20130603122505459265" }]</p><p>Multiple commands in a Salt API request will be executed in serial and makes no gaurantees that all com- mands will run. Meaning that if test.ﬁb (from the example above) had an exception, the API would still execute ``jobs.lookup_jid''. Responses to these lowstates are an in-order list of dicts containing the return data, a yaml response could look like:</p><p>- ms-1: true ms-2: true - ms-1: foo ms-2: bar</p><p>In the event of an exception while executing a command the return for that lowstate will be a string, for example if no minions matched the ﬁrst lowstate we would get a return like:</p><p>- No minions matched the target. No command was sent, no jid was assigned. - ms-1: true ms-2: true x-www-form-urlencoded Sending JSON or YAML in the request body is simple and most ﬂexible, however sending data in urlencoded format is also supported with the caveats below. It is the default format for HTML forms, many JavaScript libraries, and the curl command. For example, the equivalent to running salt '*' test.ping is sending fun=test.ping&amp;arg&amp;client=local&amp;tgt=* in the HTTP request body. Caveats: • Only a single command may be sent per HTTP request. • Repeating the arg parameter multiple times will cause those parameters to be combined into a single list. Note, some popular frameworks and languages (notably jery, PHP, and Ruby on Rails) will automatically append empty brackets onto repeated parameters. E.g., arg=one, arg=two will be sent as arg[]=one, arg[]=two. is is not supported; send JSON or YAML instead.</p><p>22.17. Full list of netapi modules 933 Salt Documentation, Release 2014.7.6</p><p>A Websockets add-on to saltnado</p><p> depends • tornado Python module In order to enable saltnado_websockets you must add websockets: True to your saltnado conﬁg block. rest_tornado: # can be any port port: 8000 ssl_crt: /etc/pki/api/certs/server.crt # no need to specify ssl_key if cert and key # are in one single file ssl_key: /etc/pki/api/certs/server.key debug: False disable_ssl: False websockets: True</p><p>All Events</p><p>Exposes all ``real-time'' events from Salt's event bus on a websocket connection. It should be noted that ``Real- time'' here means these events are made available to the server as soon as any salt related action (changes to minions, new jobs etc) happens. Clients are however assumed to be able to tolerate any network transport related latencies. Functionality provided by this endpoint is similar to the /events end point. e event bus on the Salt master exposes a large variety of things, notably when executions are started on the master and also when minions ultimately return their results. is URL provides a real-time window into a running Salt infrastructure. Uses websocket as the transport mechanism. Exposes GET method to return websocket connections. All requests should include an auth token. A way to obtain obtain authentication tokens is shown below.</p><p>% curl -si localhost:8000/login \ -H "Accept: application/json" \ -d username='salt' \ -d password='salt' \ -d eauth='pam'</p><p>Which results in the response</p><p>{ "return": [{ "perms":[".*", "@runner", "@wheel"], "start": 1400556492.277421, "token": "d0ce6c1a37e99dcc0374392f272fe19c0090cca7", "expire": 1400599692.277422, "user": "salt", "eauth": "pam" }] }</p><p>In this example the token returned is d0ce6c1a37e99dcc0374392f272fe19c0090cca7 and can be in- cluded in subsequent websocket requests (as part of the URL). e event stream can be easily consumed via JavaScript:</p><p>934 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>// Note, you must be authenticated!</p><p>// Get the Websocket connection to Salt var source = new Websocket('wss://localhost:8000/all_events/d0ce6c1a37e99dcc0374392f272fe19c0090cca7');</p><p>// Get Salt's "real time" event stream. source.onopen = function() { source.send('websocket client ready'); };</p><p>// Other handlers source.onerror = function(e) { console.debug('error!', e); };</p><p>// e.data represents Salt's "real time" event data as serialized JSON. source.onmessage = function(e) { console.debug(e.data); };</p><p>// Terminates websocket connection and Salt's "real time" event stream on the server. source.close();</p><p>Or via Python, using the Python module websocket-client for example. Or the tornado client.</p><p># Note, you must be authenticated! from websocket import create_connection</p><p># Get the Websocket connection to Salt ws = create_connection('wss://localhost:8000/all_events/d0ce6c1a37e99dcc0374392f272fe19c0090cca7')</p><p># Get Salt's "real time" event stream. ws.send('websocket client ready')</p><p># Simple listener to print results of Salt's "real time" event stream. # Look at https://pypi.python.org/pypi/websocket-client/ for more examples. while listening_to_events: print ws.recv() # Salt's "real time" event data as serialized JSON.</p><p># Terminates websocket connection and Salt's "real time" event stream on the server. ws.close()</p><p># Please refer to https://github.com/liris/websocket-client/issues/81 when using a self signed cert</p><p>Above examples show how to establish a websocket connection to Salt and activating real time updates from Salt's event stream by signaling websocket client ready.</p><p>Formaed Events</p><p>Exposes formatted ``real-time'' events from Salt's event bus on a websocket connection. It should be noted that ``Real-time'' here means these events are made available to the server as soon as any salt related action (changes to minions, new jobs etc) happens. Clients are however assumed to be able to tolerate any network transport related latencies. Functionality provided by this endpoint is similar to the /events end point. e event bus on the Salt master exposes a large variety of things, notably when executions are started on the master and also when minions ultimately return their results. is URL provides a real-time window into a running Salt infrastructure. Uses websocket as the transport mechanism. Formaed events parses the raw ``real time'' event stream and maintains a current view of the following:</p><p>22.17. Full list of netapi modules 935 Salt Documentation, Release 2014.7.6</p><p>• minions • jobs A change to the minions (such as addition, removal of keys or connection drops) or jobs is processed and clients are updated. Since we use salt's presence events to track minions, please enable presence_events and set a small value for the loop_interval in the salt master conﬁg ﬁle. Exposes GET method to return websocket connections. All requests should include an auth token. A way to obtain obtain authentication tokens is shown below.</p><p>% curl -si localhost:8000/login \ -H "Accept: application/json" \ -d username='salt' \ -d password='salt' \ -d eauth='pam'</p><p>Which results in the response</p><p>{ "return": [{ "perms":[".*", "@runner", "@wheel"], "start": 1400556492.277421, "token": "d0ce6c1a37e99dcc0374392f272fe19c0090cca7", "expire": 1400599692.277422, "user": "salt", "eauth": "pam" }] }</p><p>In this example the token returned is d0ce6c1a37e99dcc0374392f272fe19c0090cca7 and can be in- cluded in subsequent websocket requests (as part of the URL). e event stream can be easily consumed via JavaScript:</p><p>// Note, you must be authenticated!</p><p>// Get the Websocket connection to Salt var source = new Websocket('wss://localhost:8000/formatted_events/d0ce6c1a37e99dcc0374392f272fe19c0090cca7');</p><p>// Get Salt's "real time" event stream. source.onopen = function() { source.send('websocket client ready'); };</p><p>// Other handlers source.onerror = function(e) { console.debug('error!', e); };</p><p>// e.data represents Salt's "real time" event data as serialized JSON. source.onmessage = function(e) { console.debug(e.data); };</p><p>// Terminates websocket connection and Salt's "real time" event stream on the server. source.close();</p><p>Or via Python, using the Python module websocket-client for example. Or the tornado client.</p><p># Note, you must be authenticated! from websocket import create_connection</p><p>936 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p># Get the Websocket connection to Salt ws = create_connection('wss://localhost:8000/formatted_events/d0ce6c1a37e99dcc0374392f272fe19c0090cca7')</p><p># Get Salt's "real time" event stream. ws.send('websocket client ready')</p><p># Simple listener to print results of Salt's "real time" event stream. # Look at https://pypi.python.org/pypi/websocket-client/ for more examples. while listening_to_events: print ws.recv() # Salt's "real time" event data as serialized JSON.</p><p># Terminates websocket connection and Salt's "real time" event stream on the server. ws.close()</p><p># Please refer to https://github.com/liris/websocket-client/issues/81 when using a self signed cert</p><p>Above examples show how to establish a websocket connection to Salt and activating real time updates from Salt's event stream by signaling websocket client ready.</p><p>Example responses</p><p>Minion information is a dictionary keyed by each connected minion's id (mid), grains information for each minion is also included. Minion information is sent in response to the following minion events: • connection drops – requires running manage.present periodically every loop_interval seconds • minion addition • minon removal</p><p># Not all grains are shown data: { "minions":{ "minion1":{ "id": "minion1", "grains":{ "kernel": "Darwin", "domain": "local", "zmqversion": "4.0.3", "kernelrelease": "13.2.0" } } } }</p><p>Job information is also tracked and delivered. Job information is also a dictionary in which each job's information is keyed by salt's jid. data: { "jobs":{ "20140609153646699137":{</p><p>22.17. Full list of netapi modules 937 Salt Documentation, Release 2014.7.6</p><p>"tgt_type": "glob", "jid": "20140609153646699137", "tgt": "*", "start_time": "2014-06-09T15:36:46.700315", "state": "complete", "fun": "test.ping", "minions":{ "minion1":{ "return": true, "retcode": 0, "success": true } } } } }</p><p>Setup</p><p>REST URI Reference</p><p>• / • /login • /minions • /jobs • /run • /events • /hook</p><p>/ salt.netapi.rest_tornado.saltnado.SaltAPIHandler alias of <mock at="" object=""></mock></p><p>/login salt.netapi.rest_tornado.saltnado.SaltAuthHandler alias of <mock at="" object=""></mock></p><p>/minions salt.netapi.rest_tornado.saltnado.MinionSaltAPIHandler alias of <mock at="" object=""></mock></p><p>/jobs salt.netapi.rest_tornado.saltnado.JobsSaltAPIHandler alias of <mock at="" object=""></mock></p><p>938 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>/run salt.netapi.rest_tornado.saltnado.RunSaltAPIHandler alias of <mock at="" object=""></mock></p><p>/events salt.netapi.rest_tornado.saltnado.EventsSaltAPIHandler alias of <mock at="" object=""></mock></p><p>/hook salt.netapi.rest_tornado.saltnado.WebhookSaltAPIHandler alias of <mock at="" object=""></mock></p><p>22.17.3 rest_wsgi</p><p>A minimalist REST API for Salt</p><p>is rest_wsgi module provides a no-frills REST interface for sending commands to the Salt master. ere are no dependencies. Extra care must be taken when deploying this module into production. Please read this documentation in entirety. All authentication is done through Salt's external auth system.</p><p>Usage</p><p>• All requests must be sent to the root URL (/). • All requests must be sent as a POST request with JSON content in the request body. • All responses are in JSON. See also: rest_cherrypy e rest_cherrypy module is more full-featured, production-ready, and has builtin security features.</p><p>Deployment</p><p>e rest_wsgi netapi module is a standard Python WSGI app. It can be deployed one of two ways.</p><p>Using a WSGI-compliant web server</p><p>is module may be run via any WSGI-compliant production server such as Apache with mod_wsgi or Nginx with FastCGI. It is strongly recommended that this app be used with a server that supports HTTPS encryption since raw Salt authentication credentials must be sent with every request. Any apps that access Salt through this interface will need to manually manage authentication credentials (either username and password or a Salt token). Tread carefully.</p><p>22.17. Full list of netapi modules 939 Salt Documentation, Release 2014.7.6</p><p> salt-api using a development-only server</p><p>If run directly via the salt-api daemon it uses the wsgiref.simple_server() that ships in the Python standard library. is is a single-threaded server that is intended for testing and development. is server does not use encryption; please note that raw Salt authentication credentials must be sent with every HTTP request. Running this module via salt-api is not recommended! In order to start this module via the salt-api daemon the following must be put into the Salt master conﬁg: rest_wsgi: port: 8001</p><p>Usage examples</p><p>POST / Example request for a basic test.ping:</p><p>% curl -sS -i \ -H 'Content-Type: application/json' \ -d '[{"eauth":"pam","username":"saltdev","password":"saltdev","client":"local","tgt":"*","fun":"test.ping"}]' localhost:8001</p><p>Example response:</p><p>HTTP/1.0 200 OK Content-Length: 89 Content-Type: application/json</p><p>{"return": [{"ms--4": true, "ms--3": true, "ms--2": true, "ms--1": true, "ms--0": true}]}</p><p>Example request for an asynchronous test.ping:</p><p>% curl -sS -i \ -H 'Content-Type: application/json' \ -d '[{"eauth":"pam","username":"saltdev","password":"saltdev","client":"local_async","tgt":"*","fun":"test.ping"}]' localhost:8001</p><p>Example response:</p><p>HTTP/1.0 200 OK Content-Length: 103 Content-Type: application/json</p><p>{"return": [{"jid": "20130412192112593739", "minions":["ms--4", "ms--3", "ms--2", "ms--1", "ms--0"]}]}</p><p>Example request for looking up a job ID:</p><p>% curl -sS -i \ -H 'Content-Type: application/json' \ -d '[{"eauth":"pam","username":"saltdev","password":"saltdev","client":"runner","fun":"jobs.lookup_jid","jid":"20130412192112593739"}]' localhost:8001</p><p>Example response:</p><p>HTTP/1.0 200 OK Content-Length: 89 Content-Type: application/json</p><p>{"return": [{"ms--4": true, "ms--3": true, "ms--2": true, "ms--1": true, "ms--0": true}]}</p><p>940 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> form lowstate A list of lowstate data appropriate for the client interface you are calling. status 200 success status 401 authentication required</p><p>22.18 Full list of builtin output modules</p><p>Follow one of the below links for further information and examples</p><p> grains Special outpuer for grains highstate Outpuer for displaying results of state runs json_out Display return data in JSON format key Display salt-key output nested Recursively display nested data newline_values_only Display values only, separated by newlines no_out Display no output no_return Display output for minions that did not return overstatestage Display clean output of an overstate stage pprint_out Python prey-print (pprint) raw Display raw output data structure txt Simple text outpuer virt_query virt.query outpuer yaml_out Display return data in YAML format</p><p>22.18.1 salt.output.grains</p><p>Special outpuer for grains</p><p>is outpuer is a more condensed version of the nested outpuer, used by default to display grains when the following functions are invoked: • grains.item • grains.items • grains.setval Example output: myminion: dictionary: {'abc': 123, 'def': 456} list: Hello World bar: baz salt.output.grains.output(grains) Output the grains in a clean way</p><p>22.18. Full list of builtin output modules 941 Salt Documentation, Release 2014.7.6</p><p>22.18.2 salt.output.highstate</p><p>Outpuer for displaying results of state runs</p><p>e return data from the Highstate command is a standard data structure which is parsed by the highstate outpuer to deliver a clean and readable set of information about the HighState run on minions. Two conﬁgurations can be set to modify the highstate outpuer. ese values can be set in the master conﬁg to change the output of the salt command or set in the minion conﬁg to change the output of the salt-call command. state_verbose: By default state_verbose is set to True, seing this to False will instruct the highstate outpuer to omit displaying anything in green, this means that nothing with a result of True and no changes will not be printed state_output: e highstate outpuer has ﬁve output modes, full, terse, mixed, changes and filter. • e default is set to full, which will display many lines of detailed information for each executed chunk. • If terse is used, then the output is greatly simpliﬁed and shown in only one line. • If mixed is used, then terse output will be used unless a state failed, in which case full output will be used. • If changes is used, then terse output will be used if there was no error and no changes, otherwise full output will be used. • If filter is used, then either or both of two diﬀerent ﬁlters can be used: exclude or terse. ese can be set as such from the command line, or in the Salt conﬁg as state_output_exclude or state_output_terse, respectively. e values to exclude must be a comma-separated list of True, False and/or None. Because of parsing nuances, if only one of these is used, it must still contain a comma. For instance: exclude=True,. state_tabular: If state_output uses the terse output, set this to True for an aligned output format. If you wish to use a custom format, this can be set to a string. Example output: myminion: ------ID: test.ping Function: module.run Result: True Comment: Module function test.ping executed Changes: ------ret: True</p><p>Summary ------Succeeded: 1 Failed: 0 ------Total: 0 salt.output.highstate.output(data) e HighState Outpuer is only meant to be used with the state.highstate function, or a function that returns highstate return data.</p><p>942 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>22.18.3 salt.output.json_out</p><p>Display return data in JSON format</p><p> conﬁguration e output format can be conﬁgured in two ways: Using the --out-indent CLI ﬂag and specifying a positive integer or a negative integer to group JSON from each minion to a single line. Or seing the output_indent seing in the Master or Minion conﬁguration ﬁle with one of the following values: • Null: put each minion return on a single line. • pretty: use four-space indents and sort the keys. • An integer: specify the indentation level. Salt's outpuers operate on a per-minion basis. Each minion return will be output as a single JSON object once it comes in to the master. Some JSON parsers can guess when an object ends and a new one begins but many can not. A good way to diﬀeren- tiate between each minion return is to use the single-line output format and to parse each line individually. Example output (truncated):</p><p>{"dave": {"en0": {"hwaddr": "02:b0:26:32:4c:69", ...}}} {"jerry": {"en0": {"hwaddr": "02:26:ab:0d:b9:0d", ...}}} {"kevin": {"en0": {"hwaddr": "02:6d:7f:ce:9f:ee", ...}}} {"mike": {"en0": {"hwaddr": "02:48:a2:4b:70:a0", ...}}} {"phill": {"en0": {"hwaddr": "02:1d:cc:a2:33:55", ...}}} {"stuart": {"en0": {"hwaddr": "02:9a:e0:ea:9e:3c", ...}}} salt.output.json_out.output(data) Print the output data in JSON</p><p>22.18.4 salt.output.key</p><p>Display salt-key output</p><p>e salt-key command makes use of this outpuer to format its output. salt.output.key.output(data) Read in the dict structure generated by the salt key API methods and print the structure.</p><p>22.18.5 salt.output.nested</p><p>Recursively display nested data</p><p>is is the default outpuer for most execution functions. Example output: myminion: ------foo: ------bar:</p><p>22.18. Full list of builtin output modules 943 Salt Documentation, Release 2014.7.6</p><p> baz dictionary: ------abc: 123 def: 456 list: - Hello - World class salt.output.nested.NestDisplay Manage the nested display contents display(ret, indent, preﬁx, out) Recursively iterate down through data structures to determine output ustring(indent, color, msg, preﬁx='`, suﬃx='`, endc=None) salt.output.nested.output(ret) Display ret data</p><p>22.18.6 salt.output.newline_values_only</p><p>Display values only, separated by newlines</p><p>New in version Lithium. is outpuer is designed for Salt CLI return data. It will do the following to the return dict: 1. Get just the values (ignoring the minion IDs). 2. Each value, if it is iterable, is split a separate line. 3. Each minion's values are separated by newlines. is results in a single string of return data containing all the values from the various minions.</p><p>Warning: As noted above, this outpuer will discard the minion ID. If the minion ID is important, then an outpuer that returns the full return dictionary in a parsable format (such as json, pprint,, or yaml) may be more suitable.</p><p>Example 1</p><p>Input</p><p>{ 'myminion':['127.0.0.1', '10.0.0.1'], 'second-minion':['127.0.0.1', '10.0.0.2'] }</p><p>Output</p><p>944 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>127.0.0.1 10.0.0.1 127.0.0.1 10.0.0.2</p><p>Example 2</p><p>Input</p><p>{ 'myminion': 8, 'second-minion': 10 }</p><p>Output</p><p>8 10 salt.output.newline_values_only.output(data) Display modiﬁed ret data</p><p>22.18.7 salt.output.no_out</p><p>Display no output</p><p>No output is produced when this outpuer is selected salt.output.no_out.output(ret) Don't display data. Used when you only are interested in the return.</p><p>22.18.8 salt.output.no_return</p><p>Display output for minions that did not return</p><p>is outpuer is used to display notices about which minions failed to return when a salt function is run with -v or --verbose. It should not be called directly from the CLI. Example output: virtucentos: Minion did not return class salt.output.no_return.NestDisplay Create generator for nested output display(ret, indent, preﬁx, out) Recursively iterate down through data structures to determine output salt.output.no_return.output(ret) Display ret data</p><p>22.18. Full list of builtin output modules 945 Salt Documentation, Release 2014.7.6</p><p>22.18.9 salt.output.overstatestage</p><p>Display clean output of an overstate stage</p><p>is outpuer is used to display OverState stages, and should not be called directly. salt.output.overstatestage.output(data) Format the data for printing stage information from the overstate system</p><p>22.18.10 salt.output.pprint_out</p><p>Python prey-print (pprint)</p><p>e python prey-print system was once the default outpuer. It simply passes the return data through to pprint.pformat and prints the results. Example output:</p><p>{'saltmine':{'foo':{'bar': 'baz', 'dictionary':{'abc': 123, 'def': 456}, 'list':['Hello', 'World']}}} salt.output.pprint_out.output(data) Print out via prey print</p><p>22.18.11 salt.output.raw</p><p>Display raw output data structure</p><p>is outpuer simply displays the output as a python data structure, by printing a string representation of it. It is similar to the pprint outpuer, only the data is not nicely formaed/indented. is was the original outpuer used by Salt before the outpuer system was developed. Example output:</p><p>{'myminion':{'foo':{'list':['Hello', 'World'], 'bar': 'baz', 'dictionary':{'abc': 123, 'def': 456}}}} salt.output.raw.output(data) Rather basic….</p><p>22.18.12 salt.output.txt</p><p>Simple text outpuer</p><p>e txt outpuer has been developed to make the output from shell commands on minions appear as they do when the command is executed on the minion. salt.output.txt.output(data) Output the data in lines, very nice for running commands</p><p>946 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>22.18.13 salt.output.virt_query virt.query outpuer</p><p>Used to display the output from the virt.query runner. salt.output.virt_query.output(data) Display output for the salt-run virt.query function</p><p>22.18.14 salt.output.yaml_out</p><p>Display return data in YAML format</p><p>is outpuer defaults to printing in YAML block mode for beer readability. Example output: saltmine: foo: bar: baz dictionary: abc: 123 def: 456 list: - Hello - World salt.output.yaml_out.output(data) Print out YAML using the block mode</p><p>22.19 Peer Communication</p><p>Salt 0.9.0 introduced the capability for Salt minions to publish commands. e intent of this feature is not for Salt minions to act as independent brokers one with another, but to allow Salt minions to pass commands to each other. In Salt 0.10.0 the ability to execute runners from the master was added. is allows for the master to return collective data from runners back to the minions via the peer interface. e peer interface is conﬁgured through two options in the master conﬁguration ﬁle. For minions to send commands from the master the peer conﬁguration is used. To allow for minions to execute runners from the master the peer_run conﬁguration is used. Since this presents a viable security risk by allowing minions access to the master publisher the capability is turned oﬀ by default. e minions can be allowed access to the master publisher on a per minion basis based on regular expressions. Minions with speciﬁc ids can be allowed access to certain Salt modules and functions.</p><p>22.19.1 Peer Configuration</p><p>e conﬁguration is done under the peer seing in the Salt master conﬁguration ﬁle, here are a number of conﬁg- uration possibilities. e simplest approach is to enable all communication for all minions, this is only recommended for very secure environments.</p><p>22.19. Peer Communication 947 Salt Documentation, Release 2014.7.6</p><p> peer: .*: - .*</p><p>is conﬁguration will allow minions with IDs ending in example.com access to the test, ps, and pkg module func- tions. peer: .*example.com: - test.* - ps.* - pkg.*</p><p>e conﬁguration logic is simple, a regular expression is passed for matching minion ids, and then a list of expressions matching minion functions is associated with the named minion. For instance, this conﬁguration will also allow minions ending with foo.org access to the publisher. peer: .*example.com: - test.* - ps.* - pkg.* .*foo.org: - test.* - ps.* - pkg.*</p><p>22.19.2 Peer Runner Communication</p><p>Conﬁguration to allow minions to execute runners from the master is done via the peer_run option on the master. e peer_run conﬁguration follows the same logic as the peer option. e only diﬀerence is that access is granted to runner modules. To open up access to all minions to all runners: peer_run: .*: - .*</p><p>is conﬁguration will allow minions with IDs ending in example.com access to the manage and jobs runner func- tions. peer_run: .*example.com: - manage.* - jobs.*</p><p>22.19.3 Using Peer Communication</p><p>e publish module was created to manage peer communication. e publish module comes with a number of func- tions to execute peer communication in diﬀerent ways. Currently there are three functions in the publish module. ese examples will show how to test the peer system via the salt-call command.</p><p>948 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>To execute test.ping on all minions:</p><p># salt-call publish.publish \* test.ping</p><p>To execute the manage.up runner:</p><p># salt-call publish.runner manage.up</p><p>To match minions using other matchers, use expr_form:</p><p># salt-call publish.publish 'webserv* and not G@os:Ubuntu' test.ping expr_form='compound'</p><p>22.20 Pillars</p><p>Salt includes a number of built-in external pillars, listed at Full list of builtin pillar modules. You may also wish to look at the standard pillar documentation, at Pillar Conﬁguration e source for the built-in Salt pillars can be found here: hps://github.com/saltstack/salt/blob/develop/salt/pillar</p><p>22.21 Full list of builtin pillar modules</p><p> cmd_json Execute a command and read the output as JSON. cmd_yaml Execute a command and read the output as YAML. cmd_yamlex Execute a command and read the output as YAMLEX. cobbler A module to pull data from Cobbler via its API into the Pillar dictionary django_orm Generate Pillar data from Django models through the Django ORM etcd_pillar Use etcd data as a Pillar source <span>foreman</span> A module to pull data from Foreman via its API into the Pillar dictionary git_pillar Clone a remote git repository and use the ﬁlesystem as a Pillar source hiera Use hiera data as a Pillar source libvirt Load up the libvirt keys into Pillar for a given minion if said keys have been generated using the libvirt key runner mongo Read Pillar data from a mongodb collection mysql Retrieve Pillar data by doing a MySQL query pillar_ldap Use LDAP data as a Pillar source puppet Execute an unmodiﬁed puppet_node_classiﬁer and read the output as YAML. reclass_adapter Use the ``reclass'' database as a Pillar source redismod Read pillar data from a Redis backend s3 Copy pillar data from a bucket in Amazon S3 svn_pillar Clone a remote SVN repository and use the ﬁlesystem as a Pillar source virtkey Accept a key from a hypervisor if the virt runner has already submied an authorization request</p><p>22.21.1 salt.pillar.cmd_json</p><p>Execute a command and read the output as JSON. e JSON data is then directly overlaid onto the minion's Pillar data. salt.pillar.cmd_json.ext_pillar(minion_id, pillar, command)</p><p>22.21. Full list of builtin pillar modules 949 Salt Documentation, Release 2014.7.6</p><p>Execute a command and read the output as JSON</p><p>22.21.2 salt.pillar.cmd_yaml</p><p>Execute a command and read the output as YAML. e YAML data is then directly overlaid onto the minion's Pillar data salt.pillar.cmd_yaml.ext_pillar(minion_id, pillar, command) Execute a command and read the output as YAML</p><p>22.21.3 salt.pillar.cmd_yamlex</p><p>Execute a command and read the output as YAMLEX. e YAMLEX data is then directly overlaid onto the minion's Pillar data salt.pillar.cmd_yamlex.ext_pillar(minion_id, pillar, command) Execute a command and read the output as YAMLEX</p><p>22.21.4 salt.pillar.cobbler</p><p>A module to pull data from Cobbler via its API into the Pillar dictionary</p><p>Configuring the Cobbler ext_pillar</p><p>e same cobbler.* parameters are used for both the Cobbler tops and Cobbler pillar modules. ext_pillar: - cobbler: key: cobbler # Nest results within this key. By default, values are not nested. only: [parameters] # Add only these keys to pillar. cobbler.url: https://example.com/cobbler_api #default is http://localhost/cobbler_api cobbler.user: username # default is no username cobbler.password: password # default is no password</p><p>Module Documentation salt.pillar.cobbler.ext_pillar(minion_id, pillar, key=None, only=()) Read pillar data from Cobbler via its API.</p><p>22.21.5 salt.pillar.django_orm</p><p>Generate Pillar data from Django models through the Django ORM maintainer Micah Hausler <micah.hausler> maturity new</micah.hausler></p><p>950 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Configuring the django_orm ext_pillar</p><p>To use this module, your Django project must be on the salt master server with database access. is assumes you are using virtualenv with all the project's requirements installed. ext_pillar: - django_orm: pillar_name: my_application project_path: /path/to/project/ settings_module: my_application.settings env_file: /path/to/env/file.sh # Optional: If your project is not using the system python, # add your virtualenv path below. env: /path/to/virtualenv/</p><p> django_app:</p><p># Required: the app that is included in INSTALLED_APPS my_application.clients:</p><p># Required: the model name Client:</p><p># Required: model field to use as the key in the rendered # Pillar. Must be unique; must also be included in the # ``fields`` list below. name: shortname</p><p># Optional: # See Django's QuerySet documentation for how to use .filter() filter: {'kw': 'args'}</p><p># Required: a list of field names # List items will be used as arguments to the .values() method. # See Django's QuerySet documentation for how to use .values() fields: - field_1 - field_2</p><p>is would return pillar data that would look like my_application: my_application.clients: Client: client_1: field_1: data_from_field_1 field_2: data_from_field_2 client_2: field_1: data_from_field_1 field_2: data_from_field_2</p><p>As another example, data from multiple database tables can be fetched using Django's regular lookup syntax. Note, using ManyToManyFields will not currently work since the return from values() changes if a ManyToMany is present. ext_pillar: - django_orm:</p><p>22.21. Full list of builtin pillar modules 951 Salt Documentation, Release 2014.7.6</p><p> pillar_name: djangotutorial project_path: /path/to/mysite settings_module: mysite.settings</p><p> django_app: mysite.polls: Choices: name: poll__question fields: - poll__question - poll__id - choice_text - votes</p><p>Module Documentation salt.pillar.django_orm.ext_pillar(minion_id, pillar, pillar_name, project_path, set- tings_module, django_app, env=None, env_ﬁle=None, *args, **kwargs) Connect to a Django database through the ORM and retrieve model ﬁelds Parameters • pillar_name (str) -- e name of the pillar to be returned • project_path (str) -- e full path to your Django project (the directory manage.py is in) • settings_module (str) -- e seings module for your project. is can be found in your manage.py ﬁle • django_app (str) -- A dictionary containing your apps, models, and ﬁelds • env (str) -- e full path to the virtualenv for your Django project • env_file (str) -- An optional bash ﬁle that sets up your environment. e ﬁle is run in a subprocess and the changed variables are then added</p><p>22.21.6 salt.pillar.etcd_pillar</p><p>Use etcd data as a Pillar source New in version 2014.7.0. depends • python-etcd In order to use an etcd server, a proﬁle must be created in the master conﬁguration ﬁle: my_etcd_config: etcd.host: 127.0.0.1 etcd.port: 4001</p><p>Aer the proﬁle is created, conﬁgure the external pillar system to use it. Optionally, a root may be speciﬁed.</p><p>952 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> ext_pillar: - etcd: my_etcd_config ext_pillar: - etcd: my_etcd_config root=/salt</p><p>Using these conﬁguration proﬁles, multiple etcd sources may also be used: ext_pillar: - etcd: my_etcd_config - etcd: my_other_etcd_config</p><p>e minion_id may be used in the root path to expose minion-speciﬁc information stored in etcd. ext_pillar: - etcd: my_etcd_config root=/salt/%(minion_id)s</p><p>Minion-speciﬁc values may override shared values when the minion-speciﬁc root appears aer the shared root: ext_pillar: - etcd: my_etcd_config root=/salt-shared - etcd: my_other_etcd_config root=/salt-private/%(minion_id)s</p><p>Using the conﬁguration above, the following commands could be used to share a key with all minions but override its value for a speciﬁc minion: etcdctl set /salt-shared/mykey my_value etcdctl set /salt-private/special_minion_id/mykey my_other_value salt.pillar.etcd_pillar.ext_pillar(minion_id, pillar, conf ) Check etcd for all data</p><p>22.21.7 salt.pillar.foreman</p><p>A module to pull data from Foreman via its API into the Pillar dictionary</p><p>Configuring the Foreman ext_pillar</p><p>Set the following Salt conﬁg to setup Foreman as external pillar source: ext_pillar: - foreman: key: foreman # Nest results within this key only: ['hostgroup_name', 'parameters'] # Add only these keys to pillar foreman.url: https://example.com/foreman_api foreman.user: username # default is admin foreman.password: password # default is changeme</p><p>e following options are optional:</p><p>22.21. Full list of builtin pillar modules 953 Salt Documentation, Release 2014.7.6</p><p> foreman.api: apiversion # default is 2 (1 is not supported yet) foreman.verifyssl: False # default is True foreman.certfile: /etc/ssl/certs/mycert.pem # default is None foreman.keyfile: /etc/ssl/private/mykey.pem # default is None foreman.cafile: /etc/ssl/certs/mycert.ca.pem # default is None foreman.lookup_parameters: True # default is True</p><p>Module Documentation salt.pillar.foreman.ext_pillar(minion_id, pillar, key=None, only=()) Read pillar data from Foreman via its API.</p><p>22.21.8 salt.pillar.git_pillar</p><p>Clone a remote git repository and use the ﬁlesystem as a Pillar source Currently GitPython is the only supported provider for git Pillars is external Pillar source can be conﬁgured in the master conﬁg ﬁle like so: ext_pillar: - git: master git://gitserver/git-pillar.git root=subdirectory</p><p>e root= parameter is optional and used to set the subdirectory from where to look for Pillar ﬁles (such as top.sls). Changed in version 2014.7.0: e optional root parameter will be added. Note that this is not the same thing as conﬁguring pillar data using the pillar_roots parameter. e branch referenced in the ext_pillar entry above (master), would evaluate to the base environment, so this branch needs to contain a top.sls with a base section in it, like this: base: '*': - foo</p><p>To use other environments from the same git repo as git_pillar sources, just add additional lines, like so: ext_pillar: - git: master git://gitserver/git-pillar.git - git: dev git://gitserver/git-pillar.git</p><p>To remap a speciﬁc branch to a speciﬁc environment separate the branch name and the environment name with a colon: ext_pillar: - git: develop:dev git://gitserver/git-pillar.git - git: master:prod git://gitserver/git-pillar.git</p><p>In this case, the dev branch would need its own top.sls with a dev section in it, like this:</p><p>954 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> dev: '*': - bar class salt.pillar.git_pillar.GitPillar(branch, repo_location, opts) Deal with the remote git repository for Pillar envs() Return a list of refs that can be used as environments update() Ensure you are following the latest changes on the remote Return boolean whether it worked salt.pillar.git_pillar.envs(branch, repo_location) Return a list of refs that can be used as environments salt.pillar.git_pillar.ext_pillar(minion_id, repo_string, pillar_dirs) Execute a command and read the output as YAML salt.pillar.git_pillar.update(branch, repo_location) Ensure you are following the latest changes on the remote return boolean whether it worked</p><p>22.21.9 salt.pillar.hiera</p><p>Use hiera data as a Pillar source salt.pillar.hiera.ext_pillar(minion_id, pillar, conf ) Execute hiera and return the data</p><p>22.21.10 salt.pillar.libvirt</p><p>Load up the libvirt keys into Pillar for a given minion if said keys have been generated using the libvirt key runner salt.pillar.libvirt.ext_pillar(minion_id, pillar, command) Read in the generated libvirt keys salt.pillar.libvirt.gen_hyper_keys(minion_id, country='US', state='Utah', locality='Salt Lake City', organization='Salted') Generate the keys to be used by libvirt hypervisors, this routine gens the keys and applies them to the pillar for the hypervisor minions</p><p>22.21.11 salt.pillar.mongo</p><p>Read Pillar data from a mongodb collection depends pymongo (for salt-master) is module will load a node-speciﬁc pillar dictionary from a mongo collection. It uses the node's id for lookups and can load either the whole document, or just a speciﬁc ﬁeld from that document as the pillar dictionary.</p><p>22.21. Full list of builtin pillar modules 955 Salt Documentation, Release 2014.7.6</p><p>Salt Master Mongo Configuration</p><p>e module shares the same base mongo connection variables as salt.returners.mongo_return. ese variables go in your master conﬁg ﬁle. • mongo.db - e mongo database to connect to. Defaults to 'salt'. • mongo.host - e mongo host to connect to. Supports replica sets by specifying all hosts in the set, comma- delimited. Defaults to 'salt'. • mongo.port - e port that the mongo database is running on. Defaults to 27017. • mongo.user - e username for connecting to mongo. Only required if you are using mongo authentication. Defaults to ''. • mongo.password - e password for connecting to mongo. Only required if you are using mongo authen- tication. Defaults to ''.</p><p>Configuring the Mongo ext_pillar</p><p>e Mongo ext_pillar takes advantage of the fact that the Salt Master conﬁguration ﬁle is yaml. It uses a sub- dictionary of values to adjust speciﬁc features of the pillar. is is the explicit single-line dictionary notation for yaml. One may be able to get the easier-to-read multi-line dict to work correctly with some experimentation.</p><p> ext_pillar: - mongo: {collection: vm, id_field: name, re_pattern: \.example\.com, fields:[customer_id, software, apache_vhosts]}</p><p>In the example above, we've decided to use the vm collection in the database to store the data. Minion ids are stored in the name ﬁeld on documents in that collection. And, since minion ids are FQDNs in most cases, we'll need to trim the domain name in order to ﬁnd the minion by hostname in the collection. When we ﬁnd a minion, return only the customer_id, software, and apache_vhosts ﬁelds, as that will contain the data we want for a given node. ey will be available directly inside the pillar dict in your SLS templates.</p><p>Module Documentation</p><p> salt.pillar.mongo.ext_pillar(minion_id, pillar, collection='pillar', id_ﬁeld='_id', re_paern=None, re_replace='`, ﬁelds=None) Connect to a mongo database and read per-node pillar information. Parameters: • collection: e mongodb collection to read data from. Defaults to 'pillar'. • id_ﬁeld: e ﬁeld in the collection that represents an individual minion id. Defaults to '_id'. • re_paern: If your naming convention in the collection is shorter than the minion id, you can use this to trim the name. re_paern will be used to match the name, and re_replace will be used to replace it. Backrefs are supported as they are in the Python standard library. If None, no mangling of the name will be performed - the collection will be searched with the entire minion id. Defaults to None. • re_replace: Use as the replacement value in node ids matched with re_paern. Defaults to `'. Feel free to use backreferences here. • ﬁelds: e speciﬁc ﬁelds in the document to use for the pillar data. If None, will use the entire document. If using the entire document, the _id ﬁeld will be converted to string. Be careful with other ﬁelds in the document as they must be string serializable. Defaults to None.</p><p>956 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>22.21.12 salt.pillar.mysql</p><p>Retrieve Pillar data by doing a MySQL query maturity new depends python-mysqldb platform all</p><p>Theory of mysql ext_pillar</p><p>Ok, here's the theory for how this works… • If there's a keyword arg of mysql_query, that'll go ﬁrst. • en any non-keyword args are processed in order. • Finally, remaining keywords are processed. We do this so that it's backward compatible with older conﬁgs. Keyword arguments are sorted before being appended, so that they're predictable, but they will always be applied last so overall it's moot. For each of those items we process, it depends on the object type: • Strings are executed as is and the pillar depth is determined by the number of ﬁelds returned. • A list has the ﬁrst entry used as the query, the second as the pillar depth. • A mapping uses the keys ``query'' and ``depth'' as the tuple You can retrieve as many ﬁelds as you like, how the get used depends on the exact seings.</p><p>Configuring the mysql ext_pillar</p><p>First an example of how legacy queries were speciﬁed. ext_pillar: - mysql: mysql_query: "SELECT pillar,value FROM pillars WHERE minion_id = %s"</p><p>Alternatively, a list of queries can be passed in ext_pillar: - mysql: - "SELECT pillar,value FROM pillars WHERE minion_id = %s" - "SELECT pillar,value FROM more_pillars WHERE minion_id = %s"</p><p>Or you can pass in a mapping ext_pillar: - mysql: main: "SELECT pillar,value FROM pillars WHERE minion_id = %s" extras: "SELECT pillar,value FROM more_pillars WHERE minion_id = %s"</p><p>e query can be provided as a string as we have just shown, but they can be provided as lists</p><p>22.21. Full list of builtin pillar modules 957 Salt Documentation, Release 2014.7.6</p><p> ext_pillar: - mysql: - "SELECT pillar,value FROM pillars WHERE minion_id = %s" 2</p><p>Or as a mapping ext_pillar: - mysql: - query: "SELECT pillar,value FROM pillars WHERE minion_id = %s" depth: 2</p><p>e depth deﬁnes how the dicts are constructed. Essentially if you query for ﬁelds a,b,c,d for each row you'll get: • With depth 1: {a: {``b'': b, ``c'': c, ``d'': d}} • With depth 2: {a: {b: {``c'': c, ``d'': d}}} • With depth 3: {a: {b: {c: d}}} Depth greater than 3 wouldn't be diﬀerent from 3 itself. Depth of 0 translates to the largest depth needed, so 3 in this case. (max depth == key count - 1) e legacy compatibility translates to depth 1. en they are merged the in a similar way to plain pillar data, in the order returned by MySQL. us subsequent results overwrite previous ones when they collide. If you specify as_list: True in the mapping expression it will convert collisions to lists. If you specify with_lists: `…' in the mapping expression it will convert the speciﬁed depths to list. e string provided is a sequence numbers that are comma separated. e string `1,3' will result in: a,b,c,d,e,1 # field 1 same, field 3 differs a,b,c,f,g,2 # ^^^^ a,z,h,y,j,3 # field 1 same, field 3 same a,z,h,y,k,4 # ^^^^ ^ ^</p><p>ese columns deﬁne list grouping</p><p>{a: [ {c: [ {e: 1}, {g: 2} ] }, {h: [ {j: 3, k: 4 } ] } ]}</p><p>e range for with_lists is 1 to number_of_ﬁelds, inclusive. Numbers outside this range are ignored. Finally, if you use pass the queries in via a mapping, the key will be the ﬁrst level name where as passing them in as a list will place them in the root. is isolates the query results in to their own subtrees. is may be a help or hindrance to your aims and can be used as such.</p><p>958 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>You can basically use any SELECT query that gets you the information, you could even do joins or subqueries in case your minion_id is stored elsewhere. It is capable of handling single rows or multiple rows per minion. MySQL conﬁguration of the MySQL returner is being used (mysql.db, mysql.user, mysql.pass, mysql.port, mysql.host) Required python modules: MySQLdb</p><p>More complete example mysql: user: 'salt' pass: 'super_secret_password' db: 'salt_db' ext_pillar: - mysql: fromdb: query: 'SELECT col1,col2,col3,col4,col5,col6,col7 FROM some_random_table WHERE minion_pattern LIKE %s' depth: 5 as_list: True with_lists: [1,3] salt.pillar.mysql.ext_pillar(minion_id, pillar, *args, **kwargs) Execute queries, merge and return as a dict class salt.pillar.mysql.merger is class receives and processes the database rows in a database agnostic way. as_list = False depth = 0 enter_root(root) Set self.focus for kwarg queries extract_queries(args, kwargs) is function normalizes the conﬁg block in to a set of queries we can use. e return is a list of consis- tently laid out dicts. field_names = None focus = None num_fields = 0 process_fields(ﬁeld_names, depth) e primary purpose of this function is to store the sql ﬁeld list and the depth to which we process. process_results(rows) is function takes a list of database results and iterates over, merging them in to a dict form. result = None with_lists = None</p><p>22.21. Full list of builtin pillar modules 959 Salt Documentation, Release 2014.7.6</p><p>22.21.13 salt.pillar.pillar_ldap</p><p>Use LDAP data as a Pillar source is pillar module parses a conﬁg ﬁle (speciﬁed in the salt master conﬁg), and executes a series of LDAP searches based on that conﬁg. Data returned by these searches is aggregated, with data items found later in the LDAP search order overriding data found earlier on. e ﬁnal result set is merged with the pillar data. salt.pillar.pillar_ldap.ext_pillar(minion_id, pillar, conﬁg_ﬁle) Execute LDAP searches and return the aggregated data</p><p>22.21.14 salt.pillar.puppet</p><p>Execute an unmodiﬁed puppet_node_classiﬁer and read the output as YAML. e YAML data is then directly overlaid onto the minion's Pillar data. salt.pillar.puppet.ext_pillar(minion_id, pillar, command) Execute an unmodiﬁed puppet_node_classiﬁer and read the output as YAML</p><p>22.21.15 salt.pillar.reclass_adapter</p><p>Use the ``reclass'' database as a Pillar source is ext_pillar plugin provides access to the reclass database, such that Pillar data for a speciﬁc minion are fetched using reclass. You can ﬁnd more information about reclass at hp://reclass.pantsfullofunix.net. To use the plugin, add it to the ext_pillar list in the Salt master conﬁg and tell reclass by way of a few options how and where to ﬁnd the inventory:</p><p> ext_pillar: - reclass: storage_type: yaml_fs inventory_base_uri: /srv/salt</p><p>is would cause reclass to read the inventory from YAML ﬁles in /srv/salt/nodes and /srv/salt/classes. If you are also using reclass as master_tops plugin, and you want to avoid having to specify the same information for both, use YAML anchors (take note of the diﬀering data types for ext_pillar and master_tops):</p><p> reclass: &amp;reclass storage_type: yaml_fs inventory_base_uri: /srv/salt reclass_source_path: ~/code/reclass</p><p> ext_pillar: - reclass: *reclass</p><p> master_tops: reclass: *reclass</p><p>If you want to run reclass from source, rather than installing it, you can either let the master know via the PYTHON- PATH environment variable, or by seing the conﬁguration option, like in the example above.</p><p>960 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.pillar.reclass_adapter.ext_pillar(minion_id, pillar, **kwargs) Obtain the Pillar data from reclass for the given minion_id.</p><p>22.21.16 salt.pillar.redismod</p><p>Read pillar data from a Redis backend</p><p>New in version 2014.7.0. depends • redis Python module (on master)</p><p>Salt Master Redis Configuration</p><p>e module shares the same base Redis connection variables as salt.returners.redis_return. ese vari- ables go in your master conﬁg ﬁle. • redis.db - e Redis database to use. Defaults to 0. • redis.host - e Redis host to connect to. Defaults to 'salt'. • redis.port - e port that the Redis database is listening on. Defaults to 6379. • redis.password - e password for authenticating with Redis. Only required if you are using master auth. Defaults to None.</p><p>Configuring the Redis ext_pillar</p><p> ext_pillar: - redis: {function: key_value} salt.pillar.redismod.ext_pillar(minion_id, pillar, function, **kwargs) Grabs external pillar data based on conﬁgured function salt.pillar.redismod.key_json(minion_id, pillar, pillar_key=None) Pulls a string from redis and deserializes it from json. Deserialized dictionary data loaded directly into top level if pillar_key is not set. pillar_key Pillar key to return data into salt.pillar.redismod.key_value(minion_id, pillar, pillar_key='redis_pillar') Looks for key in redis matching minion_id, returns a structure based on the data type of the redis key. String for string type, dict for hash type and lists for lists, sets and sorted sets. pillar_key Pillar key to return data into</p><p>22.21.17 salt.pillar.s3</p><p>Copy pillar data from a bucket in Amazon S3 e S3 pillar can be conﬁgured in the master conﬁg ﬁle with the following options</p><p>22.21. Full list of builtin pillar modules 961 Salt Documentation, Release 2014.7.6</p><p> ext_pillar: - s3: bucket: my.fancy.pillar.bucket keyid: KASKFJWAKJASJKDAJKSD key: ksladfDLKDALSFKSD93q032sdDasdfasdflsadkf multiple_env: False environment: base prefix: somewhere/overthere verify_ssl: True service_url: s3.amazonaws.com</p><p>e bucket= parameter speciﬁes the target S3 bucket. It is required. e keyid= parameter speciﬁes the key id to use when access the S3 bucket. It is required. e key= parameter speciﬁes the key to use when access the S3 bucket. It is required. e multiple_env= defaults to False. It speciﬁes whether the pillar should interpret top level folders as pillar envi- ronments (see mode section below). e environment= defaults to `base'. It speciﬁes which environment the bucket represents when in single environ- ments mode (see mode section below). It is ignored if multiple_env is True. e preﬁx= defaults to `'. It speciﬁes a key preﬁx to use when searching for data in the bucket for the pillar. It works when multiple_env is True or False. Essentially it tells ext_pillar to look for your pillar data in a `subdirectory' of your S3 bucket e verify_ssl= parameter defaults to True. It speciﬁes whether to check for valid S3 SSL certiﬁcates. NOTE If you use bucket names with periods, this must be set to False else an invalid certiﬁcate error will be thrown (issue #12200). e service_url= parameter defaults to `s3.amazonaws.com'. It speciﬁes the base url to use for accessing S3. is pillar can operate in two modes, single environment per bucket or multiple environments per bucket. Single environment mode must have this bucket structure:</p><p> s3://<bucket name="">/<prefix>/<files></files></prefix></bucket></p><p>Multiple environment mode must have this bucket structure:</p><p> s3://<bucket name="">/<prefix>/<environment>/<files></files></environment></prefix></bucket></p><p>If you wish to deﬁne your pillar data entirely within S3 it's recommended that you use the preﬁx= parameter and specify one entry in ext_pillar for each environment rather than specifying multiple_env. is is due to issue #22471 (hps://github.com/saltstack/salt/issues/22471) class salt.pillar.s3.S3Credentials(key, keyid, bucket, service_url, verify_ssl=True) salt.pillar.s3.ext_pillar(minion_id, pillar, bucket, key, keyid, verify_ssl, multiple_env=False, envi- ronment='base', preﬁx='`, service_url=None) Execute a command and read the output as YAML</p><p>22.21.18 salt.pillar.svn_pillar</p><p>Clone a remote SVN repository and use the ﬁlesystem as a Pillar source is external Pillar source can be conﬁgured in the master conﬁg ﬁle like so:</p><p>962 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> ext_pillar: - svn: trunk svn://svnserver/repo root=subdirectory</p><p>e root= parameter is optional and used to set the subdirectory from where to look for Pillar ﬁles (such as top.sls). Changed in version 2014.7.0: e optional root parameter will be added. Note that this is not the same thing as conﬁguring pillar data using the pillar_roots parameter. e branch referenced in the ext_pillar entry above (master), would evaluate to the base environment, so this branch needs to contain a top.sls with a base section in it, like this: base: '*': - foo</p><p>To use other environments from the same SVN repo as svn_pillar sources, just add additional lines, like so: ext_pillar: - svn: trunk svn://svnserver/repo - svn: dev svn://svnserver/repo</p><p>In this case, the dev branch would need its own top.sls with a dev section in it, like this: dev: '*': - bar class salt.pillar.svn_pillar.SvnPillar(branch, repo_location, root, opts) Deal with the remote SVN repository for Pillar pillar_dir() Returns the directory of the pillars (repo cache + branch + root) update() salt.pillar.svn_pillar.ext_pillar(minion_id, pillar, repo_string) Execute a command and read the output as YAML</p><p>22.21.19 salt.pillar.virtkey</p><p>Accept a key from a hypervisor if the virt runner has already submied an authorization request salt.pillar.virtkey.ext_pillar(hyper_id, pillar, name, key) Accept the key for the VM on the hyper, if authorized.</p><p>22.22 Renderers</p><p>e Salt state system operates by gathering information from common data types such as lists, dictionaries and strings that would be familiar to any developer. SLS ﬁles are translated from whatever data templating format they are wrien in back into Python data types to be consumed by Salt.</p><p>22.22. Renderers 963 Salt Documentation, Release 2014.7.6</p><p>By default SLS ﬁles are rendered as Jinja templates and then parsed as YAML documents. But since the only thing the state system cares about is raw data, the SLS ﬁles can be any structured format that can be dreamed up. Currently there is support for Jinja + YAML, Mako + YAML, Wempy + YAML, Jinja + json, Mako + json and Wempy + json. Renderers can be wrien to support any template type. is means that the Salt states could be managed by XML ﬁles, HTML ﬁles, Puppet ﬁles, or any format that can be translated into the Pythonic data structure used by the state system.</p><p>22.22.1 Multiple Renderers</p><p>A default renderer is selected in the master conﬁguration ﬁle by providing a value to the renderer key. When evaluating an SLS, more than one renderer can be used. When rendering SLS ﬁles, Salt checks for the presence of a Salt-speciﬁc shebang line. e shebang line directly calls the name of the renderer as it is speciﬁed within Salt. One of the most common reasons to use multiple renderers is to use the Python or py renderer. Below, the ﬁrst line is a shebang that references the py renderer.</p><p>#!py</p><p> def run(): ''' Install the python-mako package ''' return {'include':['python'], 'python-mako':{'pkg':['installed']}}</p><p>22.22.2 Composing Renderers</p><p>A renderer can be composed from other renderers by connecting them in a series of pipes(|). In fact, the default Jinja + YAML renderer is implemented by connecting a YAML renderer to a Jinja renderer. Such renderer conﬁguration is speciﬁed as: jinja | yaml. Other renderer combinations are possible: yaml i.e, just YAML, no templating. mako | yaml pass the input to the mako renderer, whose output is then fed into the yaml renderer. jinja | mako | yaml is one allows you to use both jinja and mako templating syntax in the input and then parse the ﬁnal rendered output as YAML. e following is a contrived example SLS ﬁle using the jinja | mako | yaml renderer:</p><p>#!jinja|mako|yaml</p><p>An_Example: cmd.run: - name: | echo "Using Salt ${grains['saltversion']}" \ "from path {{grains['saltpath']}}." - cwd: /</p><p>964 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>&lt;%doc&gt; ${...} is Mako's notation, and so is this comment. %doc&gt; {# Similarly, {{...}} is Jinja's notation, and so is this comment. #}</p><p>For backward compatibility, jinja | yaml can also be wrien as yaml_jinja, and similarly, the yaml_mako, yaml_wempy, json_jinja, json_mako, and json_wempy renderers are all supported. Keep in mind that not all renderers can be used alone or with any other renderers. For example, the template renderers shouldn't be used alone as their outputs are just strings, which still need to be parsed by another renderer to turn them into highstate data structures. For example, it doesn't make sense to specify yaml | jinja because the output of the YAML renderer is a highstate data structure (a dict in Python), which cannot be used as the input to a template renderer. erefore, when combining renderers, you should know what each renderer accepts as input and what it returns as output.</p><p>22.22.3 Writing Renderers</p><p>A custom renderer must be a Python module placed in the rendered directory and the module implement the render function. e render function will be passed the path of the SLS ﬁle as an argument. e purpose of of render function is to parse the passed ﬁle and to return the Python data structure derived from the ﬁle. Custom renderers must be placed in a _renderers directory within the file_roots speciﬁed by the master conﬁg ﬁle. Custom renderers are distributed when any of the following are run: state.highstate saltutil.sync_renderers saltutil.sync_all Any custom renderers which have been synced to a minion, that are named the same as one of Salt's default set of renderers, will take the place of the default renderer with the same name.</p><p>22.22.4 Examples</p><p>e best place to ﬁnd examples of renderers is in the Salt source code. Documentation for renderers included with Salt can be found here: hps://github.com/saltstack/salt/blob/develop/salt/renderers Here is a simple YAML renderer example:</p><p> import yaml def render(yaml_data, env='', sls='', **kws): if not isinstance(yaml_data, basestring): yaml_data = yaml_data.read() data = yaml.load(yaml_data) return data if data else {}</p><p>22.22. Renderers 965 Salt Documentation, Release 2014.7.6</p><p>22.22.5 Full List of Renderers</p><p>Full list of builtin renderer modules</p><p> gpg Renderer that will decrypt GPG ciphers jinja Jinja loading utils to enable a more powerful backend for jinja templates json JSON Renderer for Salt mako Mako Renderer for Salt msgpack py Pure python state renderer pydsl A Python-based DSL pyobjects Python renderer that includes a Pythonic Object based interface stateconf A ﬂexible renderer that takes a templating engine and a data format wempy yaml YAML Renderer for Salt yamlex salt.renderers.gpg</p><p>Renderer that will decrypt GPG ciphers Any key in the SLS ﬁle can be a GPG cipher, and this renderer will decrypt it before passing it oﬀ to Salt. is allows you to safely store secrets in source control, in such a way that only your Salt master can decrypt them and distribute them only to the minions that need them. e typical use-case would be to use ciphers in your pillar data, and keep a secret key on your master. You can put the public key in source control so that developers can add new secrets quickly and easily. is renderer requires the python-gnupg package. Be careful to install the python-gnupg package, not the gnupg package, or you will get errors. To set things up, you will ﬁrst need to generate a keypair. On your master, run:</p><p># gpg --gen-key --homedir /etc/salt/gpgkeys</p><p>Do not supply a password for your keypair, and use a name that makes sense for your application. Be sure to back up your gpg directory someplace safe! To retrieve the public key:</p><p># gpg --armor --homedir /etc/salt/gpgkeys --armor --export <key-name> &gt; exported_pubkey.gpg</key-name></p><p>Now, to encrypt secrets, copy the public key to your local machine and run:</p><p>$ gpg --import exported_pubkey.gpg</p><p>To generate a cipher from a secret:</p><p>$ echo -n"supersecret" | gpg --homedir --armor --encrypt -r <key-name></key-name></p><p>Set up the renderer on your master by adding something like this line to your conﬁg:</p><p>966 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> renderer: jinja | yaml | gpg</p><p>Now you can include your ciphers in your pillar data like so: a-secret: | -----BEGIN PGP MESSAGE----- Version: GnuPG v1</p><p> hQEMAweRHKaPCfNeAQf9GLTN16hCfXAbPwU6BbBK0unOc7i9/etGuVc5CyU9Q6um QuetdvQVLFO/HkrC4lgeNQdM6D9E8PKonMlgJPyUvC8ggxhj0/IPFEKmrsnv2k6+ cnEfmVexS7o/U1VOVjoyUeliMCJlAz/30RXaME49Cpi6No2+vKD8a4q4nZN1UZcG RhkhC0S22zNxOXQ38TBkmtJcqxnqT6YWKTUsjVubW3bVC+u2HGqJHu79wmwuN8tz m4wBkfCAd8Eyo2jEnWQcM4TcXiF01XPL4z4g1/9AAxh+Q4d8RIRP4fbw7ct4nCJv Gr9v2DTF7HNigIMl4ivMIn9fp+EZurJNiQskLgNbktJGAeEKYkqX5iCuB1b693hJ FKlwHiJt5yA8X2dDtfk8/Ph1Jx2TwGS+lGjlZaNqp3R1xuAZzXzZMLyZDe5+i3RJ skqmFTbOiA== =Eqsm -----END PGP MESSAGE----- salt.renderers.gpg.decrypt_ciphertext(c, gpg) Given a block of ciphertext as a string, and a gpg object, try to decrypt the cipher and return the decrypted string. If the cipher cannot be decrypted, log the error, and return the ciphertext back out. salt.renderers.gpg.decrypt_object(o, gpg) Recursively try to decrypt any object. If the object is a string, and it contains a valid GPG header, decrypt it, otherwise keep going until a string is found. salt.renderers.gpg.render(gpg_data, saltenv='base', sls='`, argline='`, **kwargs) Create a gpg object given a gpg_keydir, and then use it to try to decrypt the data to be rendered. salt.renderers.jinja</p><p>Jinja loading utils to enable a more powerful backend for jinja templates</p><p>Jinja in States e most basic usage of Jinja in state ﬁles is using control structures to wrap conditional or redundant state elements:</p><p>{% if grains['os'] != 'FreeBSD' %} tcsh: pkg: - installed {% endif %} motd: file.managed: {% if grains['os'] == 'FreeBSD' %} - name: /etc/motd {% elif grains['os'] == 'Debian' %} - name: /etc/motd.tail {% endif %} - source: salt://motd</p><p>In this example, the ﬁrst if block will only be evaluated on minions that aren't running FreeBSD, and the second block changes the ﬁle name based on the os grain.</p><p>22.22. Renderers 967 Salt Documentation, Release 2014.7.6</p><p>Writing if-else blocks can lead to very redundant state ﬁles however. In this case, using pillars, or using a previously deﬁned variable might be easier:</p><p>{% set motd = ['/etc/motd'] %} {% if grains['os'] == 'Debian' %} {% set motd = ['/etc/motd.tail', '/var/run/motd'] %} {% endif %}</p><p>{% for motdfile in motd %} {{ motdfile }}: file.managed: - source: salt://motd {% endfor %}</p><p>Using a variable set by the template, the for loop will iterate over the list of MOTD ﬁles to update, adding a state block for each ﬁle.</p><p>Include and Import Includes and imports can be used to share common, reusable state conﬁguration between state ﬁles and between ﬁles.</p><p>{% from 'lib.sls' import test %}</p><p>is would import the test template variable or macro, not the test state element, from the ﬁle lib.sls. In the case that the included ﬁle performs checks again grains, or something else that requires context, passing the context into the included ﬁle is required:</p><p>{% from 'lib.sls' import test with context %}</p><p>Macros Macros are helpful for eliminating redundant code, however stripping whitespace from the template block, as well as contained blocks, may be necessary to emulate a variable return from the macro.</p><p># init.sls {% from 'lib.sls' import pythonpkg with context %} python-virtualenv: pkg.installed: - name: {{ pythonpkg('virtualenv') }} python-fabric: pkg.installed: - name: {{ pythonpkg('fabric') }}</p><p># lib.sls {% macro pythonpkg(pkg) -%} {%- if grains['os'] == 'FreeBSD' -%} py27-{{ pkg }} {%- elif grains['os'] == 'Debian' -%} python-{{ pkg }} {%- endif -%} {%- endmacro %}</p><p>968 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>is would deﬁne a macro that would return a string of the full package name, depending on the packaging system's naming convention. e whitespace of the macro was eliminated, so that the macro would return a string without line breaks, using whitespace control.</p><p>Template Inheritance Template inheritance works ﬁne from state ﬁles and ﬁles. e search path starts at the root of the state tree or pillar.</p><p>Filters Saltstack extends builtin ﬁlters with his custom ﬁlters: strime Converts any time related object into a time based string. It requires a valid strime directives. An exhaustive list can be found in the oﬃcial Python documentation. Fuzzy dates are parsed by timelib python module. Some examples are available on this pages.</p><p>{{ "2002/12/25"|strftime("%y") }} {{ "1040814000"|strftime("%Y-%m-%d") }} {{ datetime|strftime("%u") }} {{ "now"|strftime }}</p><p>Jinja in Files Jinja can be used in the same way in managed ﬁles:</p><p># redis.sls /etc/redis/redis.conf: file.managed: - source: salt://redis.conf - template: jinja - context: bind: 127.0.0.1</p><p># lib.sls {% set port = 6379 %}</p><p># redis.conf {% from 'lib.sls' import port with context %} port {{ port }} bind {{ bind }}</p><p>As an example, conﬁguration was pulled from the ﬁle context and from an external template ﬁle.</p><p>Note: Macros and variables can be shared across templates. ey should not be starting with one or more un- derscores, and should be managed by one of the following tags: macro, set, load_yaml, load_json, import_yaml and import_json.</p><p>Calling Salt Functions e Jinja renderer provides a shorthand lookup syntax for the salt dictionary of execution function. New in version 2014.7.0.</p><p># The following two function calls are equivalent. {{ salt['cmd.run']('whoami') }} {{ salt.cmd.run('whoami') }}</p><p>22.22. Renderers 969 Salt Documentation, Release 2014.7.6</p><p>Debugging e show_full_context function can be used to output all variables present in the current Jinja context. New in version 2014.7.0.</p><p>Context is: {{ show_full_context() }} salt.renderers.jinja.render(template_ﬁle, saltenv='base', sls='`, argline='`, context=None, tm- plpath=None, **kws) Render the template_ﬁle, passing the functions and grains into the Jinja rendering system. Return type string class salt.utils.jinja.SerializerExtension(environment) Yaml and Json manipulation. Format ﬁlters Allows to jsonify or yamlify any data structure. For example, this dataset:</p><p> data = { 'foo': True, 'bar': 42, 'baz':[1, 2, 3], 'qux': 2.0 }</p><p> yaml = {{ data|yaml }} json = {{ data|json }} python = {{ data|python }}</p><p> will be rendered as:</p><p> yaml = {bar: 42, baz: [1, 2, 3], foo: true, qux: 2.0} json = {"baz":[1, 2, 3], "foo": true, "bar": 42, "qux": 2.0} python = {'bar': 42, 'baz':[1, 2, 3], 'foo': True, 'qux': 2.0}</p><p>e yaml ﬁlter takes an optional ﬂow_style parameter to control the default-ﬂow-style parameter of the YAML dumper.</p><p>{{ data|yaml(False) }}</p><p> will be rendered as:</p><p> bar: 42 baz: - 1 - 2 - 3 foo: true qux: 2.0</p><p>Load ﬁlters Strings and variables can be deserialized with load_yaml and load_json tags and ﬁlters. It allows one to manipulate data directly in templates, easily:</p><p>{%- set yaml_src = "{foo: it works}"|load_yaml %} {%- set json_src = "{'bar': 'for real'}"|load_yaml %} Dude, {{ yaml_src.foo }} {{ json_src.bar }}!</p><p>970 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> will be rendered has:</p><p>Dude, it works for real!</p><p>Load tags Salt implements import_yaml and import_json tags. ey work like the import tag, except that the document is also deserialized. Syntaxes are {% load_yaml as [VARIABLE] %}[YOUR DATA]{% endload %} and {% load_json as [VARIABLE] %}[YOUR DATA]{% endload %} For example:</p><p>{% load_yaml as yaml_src %} foo: it works {% endload %} {% load_json as json_src %} { "bar": "for real" } {% endload %} Dude, {{ yaml_src.foo }} {{ json_src.bar }}!</p><p> will be rendered has:</p><p>Dude, it works for real!</p><p>Import tags External ﬁles can be imported and made available as a Jinja variable.</p><p>{% import_yaml "myfile.yml" as myfile %} {% import_json "defaults.json" as defaults %} {% import_text "completeworksofshakespeare.txt" as poems %}</p><p>Catalog import_* and load_* tags will automatically expose their target variable to import. is feature makes catalog of data to handle. for example:</p><p># doc1.sls {% load_yaml as var1 %} foo: it works {% endload %} {% load_yaml as var2 %} bar: for real {% endload %}</p><p># doc2.sls {% from "doc1.sls" import var1, var2 as local2 %} {{ var1.foo }} {{ local2.bar }} salt.renderers.json</p><p>JSON Renderer for Salt</p><p>22.22. Renderers 971 Salt Documentation, Release 2014.7.6</p><p> salt.renderers.json.render(json_data, saltenv='base', sls='`, **kws) Accepts JSON as a string or as a ﬁle object and runs it through the JSON parser. Return type A Python data structure</p><p> salt.renderers.mako</p><p>Mako Renderer for Salt salt.renderers.mako.render(template_ﬁle, saltenv='base', sls='`, context=None, tmplpath=None, **kws) Render the template_ﬁle, passing the functions and grains into the Mako rendering system. Return type string</p><p> salt.renderers.msgpack</p><p> salt.renderers.msgpack.render(msgpack_data, saltenv='base', sls='`, **kws) Accepts a message pack string or a ﬁle object, renders said data back to a python dict. Return type A Python data structure</p><p> salt.renderers.py</p><p>Pure python state renderer e SLS ﬁle should contain a function called run which returns high state data. In this module, a few objects are deﬁned for you, giving access to Salt's execution functions, grains, pillar, etc. ey are: • __salt__ - Execution functions (i.e. __salt__['test.echo']('foo')) • __grains__ - Grains (i.e. __grains__['os']) • __pillar__ - Pillar data (i.e. __pillar__['foo']) • __opts__ - Minion conﬁguration options • __env__ - e eﬀective salt ﬁleserver environment (i.e. base). Also referred to as a ``saltenv''. __env__ should not be modiﬁed in a pure python SLS ﬁle. To use a diﬀerent environment, the environment should be set when executing the state. is can be done in a couple diﬀerent ways: – Using the saltenv argument on the salt CLI (i.e. salt '*' state.sls foo.bar.baz saltenv=env_name). – By adding a saltenv argument to an individual state within the SLS ﬁle. In other words, adding a line like this to the state's data structure: {'saltenv': 'env_name'} • __sls__ - e SLS path of the ﬁle. For example, if the root of the base environment is /srv/salt, and the SLS ﬁle is /srv/salt/foo/bar/baz.sls, then __sls__ in that ﬁle will be foo.bar.baz.</p><p>1 #!py 2 3 def run(): 4 config = {} 5 6 if __grains__['os'] == 'Ubuntu': 7 user = 'ubuntu'</p><p>972 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>8 group = 'ubuntu' 9 home = '/home/{0}'.format(user) 10 else: 11 user = 'root' 12 group = 'root' 13 home = '/root/' 14 15 config['s3cmd'] = { 16 'pkg':[ 17 'installed', 18 {'name': 's3cmd'}, 19 ], 20 } 21 22 config[home + '/.s3cfg'] = { 23 'file.managed':[ 24 {'source': 'salt://s3cfg/templates/s3cfg'}, 25 {'template': 'jinja'}, 26 {'user': user}, 27 {'group': group}, 28 {'mode': 600}, 29 {'context':{ 30 'aws_key': __pillar__['AWS_ACCESS_KEY_ID'], 31 'aws_secret_key': __pillar__['AWS_SECRET_ACCESS_KEY'], 32 }, 33 }, 34 ], 35 } 36 37 return config</p><p> salt.renderers.py.render(template, saltenv='base', sls='`, tmplpath=None, **kws) Render the python module's components Return type string</p><p> salt.renderers.pydsl</p><p>A Python-based DSL maintainer Jack Kuan <kjkuan> maturity new platform all e pydsl renderer allows one to author salt formulas (.sls ﬁles) in pure Python using a DSL that's easy to write and easy to read. Here's an example:</kjkuan></p><p>1 #!pydsl 2 3 apache = state('apache') 4 apache.pkg.installed() 5 apache.service.running() 6 state('/var/www/index.html')\ 7 .file('managed', 8 source='salt://webserver/index.html')\ 9 .require(pkg='apache')</p><p>22.22. Renderers 973 Salt Documentation, Release 2014.7.6</p><p>Notice that any Python code is allow in the ﬁle as it's really a Python module, so you have the full power of Python at your disposal. In this module, a few objects are deﬁned for you, including the usual (with __ added) __salt__ dictionary, __grains__, __pillar__, __opts__, __env__, and __sls__, plus a few more: __file__ local ﬁle system path to the sls module. __pydsl__ Salt PyDSL object, useful for conﬁguring DSL behavior per sls rendering. include Salt PyDSL function for creating Include declaration`s. extend Salt PyDSL function for creating Extend declaration`s. state Salt PyDSL function for creating ID declaration`s. A state ID declaration is created with a state(id) function call. Subsequent state(id) call with the same id returns the same object. is singleton access paern applies to all declaration objects created with the DSL. state('example') assert state('example') is state('example') assert state('example').cmd is state('example').cmd assert state('example').cmd.running is state('example').cmd.running</p><p>e id argument is optional. If omied, an UUID will be generated and used as the id. state(id) returns an object under which you can create a State declaration object by accessing an aribute named aer any state module available in Salt. state('example').cmd state('example').file state('example').pkg ...</p><p>en, a Function declaration object can be created from a State declaration object by one of the following two ways: 1. by calling a method named aer the state function on the State declaration object. state('example').file.managed(...)</p><p>2. by directly calling the aribute named for the State declaration, and supplying the state function name as the ﬁrst argument. state('example').file('managed', ...)</p><p>With either way of creating a Function declaration object, any Function arg declaration`s can be passed as keyword arguments to the call. Subsequent calls of a Function declaration will update the arg declarations.</p><p>974 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> state('example').file('managed', source='salt://webserver/index.html') state('example').file.managed(source='salt://webserver/index.html')</p><p>As a shortcut, the special name argument can also be passed as the ﬁrst or second positional argument depending on the ﬁrst or second way of calling the State declaration object. In the following two examples ls -la is the name argument.</p><p> state('example').cmd.run('ls -la', cwd='/') state('example').cmd('run', 'ls -la', cwd='/')</p><p>Finally, a Requisite declaration object with its Requisite reference`s can be created by invoking one of the requisite methods (see State Requisites) on either a Function declaration object or a State declaration object. e return value of a requisite call is also a Function declaration object, so you can chain several requisite calls together. Arguments to a requisite call can be a list of State declaration objects and/or a set of keyword arguments whose names are state modules and values are IDs of ID declaration`s or names of Name declaration`s.</p><p> apache2 = state('apache2') apache2.pkg.installed() state('libapache2-mod-wsgi').pkg.installed()</p><p># you can call requisites on function declaration apache2.service.running() \ .require(apache2.pkg, pkg='libapache2-mod-wsgi')\ .watch(file='/etc/apache2/httpd.conf')</p><p># or you can call requisites on state declaration. # this actually creates an anonymous function declaration object # to add the requisites. apache2.service.require(state('libapache2-mod-wsgi').pkg, pkg='apache2')\ .watch(file='/etc/apache2/httpd.conf')</p><p># we still need to set the name of the function declaration. apache2.service.running()</p><p>Include declaration objects can be created with the include function, while Extend declaration objects can be created with the extend function, whose arguments are just Function declaration objects.</p><p> include('edit.vim', 'http.server') extend(state('apache2').service.watch(file='/etc/httpd/httpd.conf')</p><p>e include function, by default, causes the included sls ﬁle to be rendered as soon as the include function is called. It returns a list of rendered module objects; sls ﬁles not rendered with the pydsl renderer return None`s. is behavior creates no Include declaration`s in the resulting high state data structure.</p><p> import types</p><p># including multiple sls returns a list. _, mod = include('a-non-pydsl-sls', 'a-pydsl-sls')</p><p> assert _ is None assert isinstance(slsmods[1], types.ModuleType)</p><p>22.22. Renderers 975 Salt Documentation, Release 2014.7.6</p><p># including a single sls returns a single object mod = include('a-pydsl-sls')</p><p># myfunc is a function that calls state(...) to create more states. mod.myfunc(1, 2, "three")</p><p>Notice how you can deﬁne a reusable function in your pydsl sls module and then call it via the module returned by include. It's still possible to do late includes by passing the delayed=True keyword argument to include.</p><p> include('edit.vim', 'http.server', delayed=True)</p><p>Above will just create a Include declaration in the rendered result, and such call always returns None.</p><p>Special integration with the cmd state Taking advantage of rendering a Python module, PyDSL allows you to declare a state that calls a pre-deﬁned Python function when the state is executed.</p><p> greeting = "hello world" def helper(something, *args, **kws): print greeting # hello world print something, args, kws # test123 ['a', 'b', 'c'] {'x': 1, 'y': 2}</p><p> state().cmd.call(helper, "test123", 'a', 'b', 'c', x=1, y=2)</p><p>e cmd.call state function takes care of calling our helper function with the arguments we speciﬁed in the states, and translates the return value of our function into a structure expected by the state system. See salt.states.cmd.call() for more information.</p><p>Implicit ordering of states Salt states are explicitly ordered via Requisite declaration`s. However, with pydsl it's possible to let the renderer track the order of creation for Function declaration objects, and implicitly add re- quire requisites for your states to enforce the ordering. is feature is enabled by seing the ordered option on __pydsl__.</p><p>Note: this feature is only available if your minions are using Python &gt;= 2.7.</p><p> include('some.sls.file')</p><p>A = state('A').cmd.run(cwd='/var/tmp') extend(A)</p><p>__pydsl__.set(ordered=True)</p><p> for i in range(10): i = str(i) state(i).cmd.run('echo '+i, cwd='/') state('1').cmd.run('echo one') state('2').cmd.run(name='echo two')</p><p>Notice that the ordered option needs to be set aer any extend calls. is is to prevent pydsl from tracking the creation of a state function that's passed to an extend call. Above example should create states from 0 to 9 that will output 0, one, two, 3,… 9, in that order.</p><p>976 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>It's important to know that pydsl tracks the creations of Function declaration objects, and automatically adds a re- quire requisite to a Function declaration object that requires the last Function declaration object created before it in the sls ﬁle. is means later calls (perhaps to update the function's Function arg declaration) to a previously created function declaration will not change the order.</p><p>Render time state execution When Salt processes a salt formula ﬁle, the ﬁle is rendered to salt's high state data representation by a renderer before the states can be executed. In the case of the pydsl renderer, the .sls ﬁle is executed as a python module as it is being rendered which makes it easy to execute a state at render time. In pydsl, executing one or more states at render time can be done by calling a conﬁgured ID declaration object.</p><p>#!pydsl</p><p> s = state() # save for later invocation</p><p># configure it s.cmd.run('echo at render time', cwd='/') s.file.managed('target.txt', source='salt://source.txt')</p><p> s() # execute the two states now</p><p>Once an ID declaration is called at render time it is detached from the sls module as if it was never deﬁned.</p><p>Note: If implicit ordering is enabled (ie, via __pydsl__.set(ordered=True)) then the ﬁrst invocation of a ID declaration object must be done before a new Function declaration is created.</p><p>Integration with the stateconf renderer e salt.renderers.stateconf renderer oﬀers a few interesting features that can be leveraged by the pydsl renderer. In particular, when using with the pydsl renderer, we are interested in stateconf `s sls namespacing feature (via dot-preﬁxed id declarations), as well as, the automatic start and goal states generation. Now you can use pydsl with stateconf like this:</p><p>#!pydsl|stateconf -ps</p><p> include('xxx', 'yyy')</p><p># ensure that states in xxx run BEFORE states in this file. extend(state('.start').stateconf.require(stateconf='xxx::goal'))</p><p># ensure that states in yyy run AFTER states in this file. extend(state('.goal').stateconf.require_in(stateconf='yyy::start'))</p><p>__pydsl__.set(ordered=True)</p><p>...</p><p>-s enables the generation of a stateconf start state, and -p lets us pipe high state data rendered by pydsl to stateconf. is example shows that by require-ing or require_in-ing the included sls' start or goal states, it's possible to ensure that the included sls ﬁles can be made to execute before or aer a state in the including sls ﬁle.</p><p>22.22. Renderers 977 Salt Documentation, Release 2014.7.6</p><p>Importing custom Python modules To use a custom Python module inside a PyDSL state, place the module some- where that it can be loaded by the Salt loader, such as _modules in the /srv/salt directory. en, copy it to any minions as necessary by using saltutil.sync_modules. To import into a PyDSL SLS, one must bypass the Python importer and insert it manually by geing a reference from Python's sys.modules dictionary. For example:</p><p>#!pydsl|stateconf -ps</p><p> def main(): my_mod = sys.modules['salt.loaded.ext.module.my_mod']</p><p> salt.renderers.pydsl.render(template, saltenv='base', sls='`, tmplpath=None, rendered_sls=None, **kws)</p><p> salt.renderers.pyobjects</p><p>Python renderer that includes a Pythonic Object based interface maintainer Evan Borgstrom <evan> Let's take a look at how you use pyobjects in a state ﬁle. Here's a quick example that ensures the /tmp directory is in the correct state.</evan></p><p>1 #!pyobjects 2 3 File.managed("/tmp", user='root', group='root', mode='1777')</p><p>Nice and Pythonic! By using the ``shebang'' syntax to switch to the pyobjects renderer we can now write our state data using an object based interface that should feel at home to python developers. You can import any module and do anything that you'd like (with caution, importing sqlalchemy, django or other large frameworks has not been tested yet). Using the pyobjects renderer is exactly the same as using the built-in Python renderer with the exception that pyobjects provides you with an object based interface for generating state data.</p><p>Creating state data Pyobjects takes care of creating an object for each of the available states on the minion. Each state is represented by an object that is the CamelCase version of its name (ie. File, Service, User, etc), and these objects expose all of their available state functions (ie. File.managed, Service.running, etc). e name of the state is split based upon underscores (_), then each part is capitalized and ﬁnally the parts are joined back together. Some examples: • postgres_user becomes PostgresUser • ssh_known_hosts becomes SshKnownHosts</p><p>Context Managers and requisites How about something a lile more complex. Here we're going to get into the core of how to use pyobjects to write states.</p><p>978 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>1 #!pyobjects 2 3 with Pkg.installed("nginx"): 4 Service.running("nginx", enable=True) 5 6 with Service("nginx", "watch_in"): 7 File.managed("/etc/nginx/conf.d/mysite.conf", 8 owner='root', group='root', mode='0444', 9 source='salt://nginx/mysite.conf')</p><p>e objects that are returned from each of the magic method calls are setup to be used a Python context managers (with) and when you use them as such all declarations made within the scope will automatically use the enclosing state as a requisite! e above could have also been wrien use direct requisite statements as.</p><p>1 #!pyobjects 2 3 Pkg.installed("nginx") 4 Service.running("nginx", enable=True, require=Pkg("nginx")) 5 File.managed("/etc/nginx/conf.d/mysite.conf", 6 owner='root', group='root', mode='0444', 7 source='salt://nginx/mysite.conf', 8 watch_in=Service("nginx"))</p><p>You can use the direct requisite statement for referencing states that are generated outside of the current ﬁle.</p><p>1 #!pyobjects 2 3 # some-other-package is defined in some other state file 4 Pkg.installed("nginx", require=Pkg("some-other-package"))</p><p>e last thing that direct requisites provide is the ability to select which of the SaltStack requisites you want to use (require, require_in, watch, watch_in, use &amp; use_in) when using the requisite as a context manager.</p><p>1 #!pyobjects 2 3 with Service("my-service", "watch_in"): 4 ...</p><p>e above example would cause all declarations inside the scope of the context manager to automatically have their watch_in set to Service("my-service").</p><p>Including and Extending To include other states use the include() function. It takes one name per state to include. To extend another state use the extend() function on the name when creating a state.</p><p>1 #!pyobjects 2 3 include('http', 'ssh') 4 5 Service.running(extend('apache'), 6 watch=[File('/etc/httpd/extra/httpd-vhosts.conf')])</p><p>22.22. Renderers 979 Salt Documentation, Release 2014.7.6</p><p>Importing from other state ﬁles Like any Python project that grows you will likely reach a point where you want to create reusability in your state tree and share objects between state ﬁles, Map Data (described below) is a perfect example of this. To facilitate this Python's import statement has been augmented to allow for a special case when working with a Salt state tree. If you specify a Salt url (salt://...) as the target for importing from then the pyobjects renderer will take care of fetching the ﬁle for you, parsing it with all of the pyobjects features available and then place the requested objects in the global scope of the template being rendered. is works for both types of import statements, import X and from X import Y.</p><p>1 #!pyobjects 2 3 import salt://myfile.sls 4 from salt://something/data.sls import Object</p><p>See the Map Data section for a more practical use. Caveats: • You cannot use the as syntax, you can only import objects using their existing name. • Imported objects are ALWAYS put into the global scope of your template, regardless of where your import statement is.</p><p>Salt object In the spirit of the object interface for creating state data pyobjects also provides a simple object interface to the __salt__ object. A function named salt exists in scope for your sls ﬁles and will dispatch its aributes to the __salt__ dictionary. e following lines are functionally equivalent:</p><p>1 #!pyobjects 2 3 ret = salt.cmd.run(bar) 4 ret = __salt__['cmd.run'](bar)</p><p>Pillar, grain, mine &amp; conﬁg data Pyobjects provides shortcut functions for calling pillar.get, grains.get, mine.get &amp; config.get on the __salt__ object. is helps maintain the readability of your state ﬁles. Each type of data can be access by a function of the same name: pillar(), grains(), mine() and config(). e following pairs of lines are functionally equivalent:</p><p>1 #!pyobjects 2 3 value = pillar('foo:bar:baz', 'qux') 4 value = __salt__['pillar.get']('foo:bar:baz', 'qux') 5 6 value = grains('pkg:apache') 7 value = __salt__['grains.get']('pkg:apache') 8 9 value = mine('os:Fedora', 'network.interfaces', 'grain') 10 value = __salt__['mine.get']('os:Fedora', 'network.interfaces', 'grain') 11 12 value = config('foo:bar:baz', 'qux') 13 value = __salt__['config.get']('foo:bar:baz', 'qux')</p><p>980 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Map Data When building complex states or formulas you oen need a way of building up a map of data based on grain data. e most common use of this is tracking the package and service name diﬀerences between distributions. To build map data using pyobjects we provide a class named Map that you use to build your own classes with inner classes for each set of values for the diﬀerent grain matches.</p><p>1 #!pyobjects 2 3 class Samba(Map): 4 merge = 'samba:lookup' 5 6 class Debian: 7 server = 'samba' 8 client = 'samba-client' 9 service = 'samba' 10 11 class Ubuntu: 12 __grain__ = 'os' 13 service = 'smbd' 14 15 class RedHat: 16 server = 'samba' 17 client = 'samba' 18 service = 'smb'</p><p>To use this new data you can import it into your state ﬁle and then access your aributes. To access the data in the map you simply access the aribute name on the base class that is extending Map. Assuming the above Map was in the ﬁle samba/map.sls, you could do the following.</p><p>1 #!pyobjects 2 3 from salt://samba/map.sls import Samba 4 5 with Pkg.installed("samba", names=[Samba.server, Samba.client]): 6 Service.running("samba", name=Samba.service)</p><p>TODO • Interface for working with reactor ﬁles salt.renderers.pyobjects.load_states() is loads our states into the salt __context__ salt.renderers.pyobjects.render(template, saltenv='base', sls='`, salt_data=True, **kwargs)</p><p> salt.renderers.stateconf</p><p> maintainer Jack Kuan <kjkuan> maturity new platform all is module provides a custom renderer that processes a salt ﬁle with a speciﬁed templating engine (e.g., Jinja) and a chosen data renderer (e.g., YAML), extracts arguments for any stateconf.set state, and provides the extracted arguments (including Salt-speciﬁc args, such as require, etc) as template context. e goal is to make writing reusable/conﬁgurable/parameterized salt ﬁles easier and cleaner.</kjkuan></p><p>22.22. Renderers 981 Salt Documentation, Release 2014.7.6</p><p>To use this renderer, either set it as the default renderer via the renderer option in master/minion's conﬁg, or use the shebang line in each individual sls ﬁle, like so: #!stateconf. Note, due to the way this renderer works, it must be speciﬁed as the ﬁrst renderer in a render pipeline. at is, you cannot specify #!mako|yaml|stateconf, for example. Instead, you specify them as renderer arguments: #!stateconf mako . yaml. Here's a list of features enabled by this renderer. • Preﬁxes any state id (declaration or reference) that starts with a dot (.) to avoid duplicated state ids when the salt ﬁle is included by other salt ﬁles. For example, in the salt://some/ﬁle.sls, a state id such as .sls_params will be turned into some.file::sls_params. Example:</p><p>#!stateconf yaml . jinja</p><p>.vim: pkg.installed</p><p>Above will be translated into:</p><p> some.file::vim: pkg.installed: - name: vim</p><p>Notice how that if a state under a dot-preﬁxed state id has no name argument then one will be added auto- matically by using the state id with the leading dot stripped oﬀ. e leading dot trick can be used with extending state ids as well, so you can include relatively and extend relatively. For example, when extending a state in salt://some/other_ﬁle.sls, e.g.,:</p><p>#!stateconf yaml . jinja</p><p> include: - .file</p><p> extend: .file::sls_params: stateconf.set: - name1: something</p><p>Above will be pre-processed into:</p><p> include: - some.file</p><p> extend: some.file::sls_params: stateconf.set: - name1: something</p><p>• Adds a sls_dir context variable that expands to the directory containing the rendering salt ﬁle. So, you can write salt://{{sls_dir}}/... to reference templates ﬁles used by your salt ﬁle. • Recognizes the special state function, stateconf.set, that conﬁgures a default list of named arguments usable within the template context of the salt ﬁle. Example:</p><p>#!stateconf yaml . jinja</p><p>.sls_params: stateconf.set: - name1: value1</p><p>982 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>- name2: value2 - name3: - value1 - value2 - value3 - require_in: - cmd: output</p><p># --- end of state config ---</p><p>.output: cmd.run: - name: | echo 'name1={{sls_params.name1}} name2={{sls_params.name2}} name3[1]={{sls_params.name3[1]}} '</p><p>is even works with include + extend so that you can override the default conﬁgured arguments by including the salt ﬁle and then extend the stateconf.set states that come from the included salt ﬁle. (IMPORTANT: Both the included and the extending sls ﬁles must use the stateconf renderer for this ``extend`` to work!) Notice that the end of conﬁguration marker (# --- end of state config --) is needed to separate the use of `stateconf.set' form the rest of your salt ﬁle. e regex that matches such marker can be conﬁgured via the stateconf_end_marker option in your master or minion conﬁg ﬁle. Sometimes, it is desirable to set a default argument value that's based on earlier arguments in the same state- conf.set. For example, it may be tempting to do something like this:</p><p>#!stateconf yaml . jinja</p><p>.apache: stateconf.set: - host: localhost - port: 1234 - url: 'http://{{host}}:{{port}}/'</p><p># --- end of state config ---</p><p>.test: cmd.run: - name: echo '{{apache.url}}' - cwd: /</p><p>However, this won't work. It can however be worked around like so:</p><p>#!stateconf yaml . jinja</p><p>.apache: stateconf.set: - host: localhost - port: 1234 {# - url: 'http://{{host}}:{{port}}/' #}</p><p># --- end of state config --- # {{ apache.setdefault('url', "http://%(host)s:%(port)s/" % apache) }}</p><p>.test:</p><p>22.22. Renderers 983 Salt Documentation, Release 2014.7.6</p><p> cmd.run: - name: echo '{{apache.url}}' - cwd: /</p><p>• Adds support for relative include and exclude of .sls ﬁles. Example:</p><p>#!stateconf yaml . jinja</p><p> include: - .apache - .db.mysql</p><p> exclude: - sls: .users</p><p>If the above is wrien in a salt ﬁle at salt://some/where.sls then it will include salt://some/apache.sls and salt://some/db/mysql.sls, and exclude salt://some/users.ssl. Actually, it does that by rewriting the above in- clude and exclude into:</p><p> include: - some.apache - some.db.mysql</p><p> exclude: - sls: some.users</p><p>• Optionally (enabled by default, disable via the -G renderer option, e.g., in the shebang line: #!stateconf -G), generates a stateconf.set goal state (state id named as .goal by default, conﬁgurable via the mas- ter/minion conﬁg option, stateconf_goal_state) that requires all other states in the salt ﬁle. Note, the .goal state id is subject to dot-preﬁx rename rule mentioned earlier. Such goal state is intended to be required by some state in an including salt ﬁle. For example, in your webapp salt ﬁle, if you include a sls ﬁle that is supposed to setup Tomcat, you might want to make sure that all states in the Tomcat sls ﬁle will be executed before some state in the webapp sls ﬁle. • Optionally (enable via the -o renderer option, e.g., in the shebang line: #!stateconf -o), orders the states in a sls ﬁle by adding a require requisite to each state such that every state requires the state deﬁned just before it. e order of the states here is the order they are deﬁned in the sls ﬁle. (Note: this feature is only available if your minions are using Python &gt;= 2.7. For Python2.6, it should also work if you install the ordereddict module from PyPI) By enabling this feature, you are basically agreeing to author your sls ﬁles in a way that gives up the explicit (or implicit?) ordering imposed by the use of require, watch, require_in or watch_in requisites, and instead, you rely on the order of states you deﬁne in the sls ﬁles. is may or may not be a beer way for you. However, if there are many states deﬁned in a sls ﬁle, then it tends to be easier to see the order they will be executed with this feature. You are still allowed to use all the requisites, with a few restrictions. You cannot require or watch a state deﬁned aer the current state. Similarly, in a state, you cannot require_in or watch_in a state deﬁned before it. Breaking any of the two restrictions above will result in a state loop. e renderer will check for such incorrect uses if this feature is enabled. Additionally, names declarations cannot be used with this feature because the way they are compiled into low states make it impossible to guarantee the order in which they will be executed. is is also checked by the renderer. As a workaround for not being able to use names, you can achieve the same eﬀect, by generate your states with the template engine available within your sls ﬁle. Finally, with the use of this feature, it becomes possible to easily make an included sls ﬁle execute all its states aer some state (say, with id X) in the including sls ﬁle. All you have to do is to make state, X, require_in</p><p>984 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> the ﬁrst state deﬁned in the included sls ﬁle. When writing sls ﬁles with this renderer, one should avoid using what can be deﬁned in a name argument of a state as the state's id. at is, avoid writing states like this:</p><p>/path/to/some/file: file.managed: - source: salt://some/file</p><p> cp /path/to/some/file file2: cmd.run: - cwd: / - require: - file: /path/to/some/file</p><p>Instead, deﬁne the state id and the name argument separately for each state. Also, the ID should be something meaningful and easy to reference within a requisite (which is a good habit anyway, and such extra indirection would also makes the sls ﬁle easier to modify later). us, the above states should be wrien like this:</p><p> add-some-file: file.managed: - name: /path/to/some/file - source: salt://some/file</p><p> copy-files: cmd.run: - name: cp /path/to/some/file file2 - cwd: / - require: - file: add-some-file</p><p>Moreover, when referencing a state from a requisite, you should reference the state's id plus the state name rather than the state name plus its name argument. (Yes, in the above example, you can actually require the file: /path/to/some/file, instead of the file: add-some-file). e reason is that this renderer will re-write or rename state id's and their references for state id's preﬁxed with .. So, if you reference name then there's no way to reliably rewrite such reference.</p><p> salt.renderers.wempy</p><p> salt.renderers.wempy.render(template_ﬁle, saltenv='base', sls='`, argline='`, context=None, **kws) Render the data passing the functions and grains into the rendering system Return type string</p><p> salt.renderers.yaml</p><p>Understanding YAML e default renderer for SLS ﬁles is the YAML renderer. YAML is a markup language with many powerful features. However, Salt uses a small subset of YAML that maps over very commonly used data structures, like lists and dictionaries. It is the job of the YAML renderer to take the YAML data structure and compile it into a Python data structure for use by Salt. ough YAML syntax may seem daunting and terse at ﬁrst, there are only three very simple rules to remember when writing YAML for SLS ﬁles.</p><p>22.22. Renderers 985 Salt Documentation, Release 2014.7.6</p><p>Rule One: Indentation YAML uses a ﬁxed indentation scheme to represent relationships between data layers. Salt requires that the indentation for each level consists of exactly two spaces. Do not use tabs.</p><p>Rule Two: Colons Python dictionaries are, of course, simply key-value pairs. Users from other languages may recognize this data type as hashes or associative arrays. Dictionary keys are represented in YAML as strings terminated by a trailing colon. Values are represented by either a string following the colon, separated by a space: my_key: my_value</p><p>In Python, the above maps to:</p><p>{'my_key': 'my_value'}</p><p>In Python, the above maps to:</p><p>{'my_key': 'my_value'}</p><p>Dictionaries can be nested: first_level_dict_key: second_level_dict_key: value_in_second_level_dict</p><p>And in Python:</p><p>{'first_level_dict_key':{'second_level_dict_key': 'value_in_second_level_dict' }</p><p>Rule ree: Dashes To represent lists of items, a single dash followed by a space is used. Multiple items are a part of the same list as a function of their having the same level of indentation.</p><p>- list_value_one - list_value_two - list_value_three</p><p>Lists can be the value of a key-value pair. is is quite common in Salt: my_dictionary: - list_value_one - list_value_two - list_value_three</p><p>Reference YAML Renderer for Salt salt.renderers.yaml.get_yaml_loader(argline) Return the ordered dict yaml loader salt.renderers.yaml.render(yaml_data, saltenv='base', sls='`, argline='`, **kws) Accepts YAML as a string or as a ﬁle object and runs it through the YAML parser. Return type A Python data structure</p><p>986 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt.renderers.yamlex</p><p>YAMLEX renderer is a replacement of the YAML renderer. It's 100% YAML with a pinch of Salt magic: • All mappings are automatically OrderedDict • All strings are automatically str obj • data aggregation with !aggregation yaml tag, based on the salt.utils.aggregation module. • data aggregation over documents for pillar Instructed aggregation within the !aggregation and the !reset tags:</p><p>#!yamlex foo: !aggregate first foo: !aggregate second bar: !aggregate {first: foo} bar: !aggregate {second: bar} baz: !aggregate 42 qux: !aggregate default !reset qux: !aggregate my custom data is roughly equivalent to foo: [first, second] bar: {first: foo, second: bar} baz: [42] qux: [my custom data]</p><p>Reference salt.renderers.yamlex.render(sls_data, saltenv='base', sls='`, **kws) Accepts YAML_EX as a string or as a ﬁle object and runs it through the YAML_EX parser. Return type A Python data structure</p><p>22.23 Returners</p><p>By default the return values of the commands sent to the Salt minions are returned to the Salt master, however anything at all can be done with the results data. By using a Salt returner, results data can be redirected to external data-stores for analysis and archival. Returners pull their conﬁguration values from the Salt minions. Returners are only conﬁgured once, which is gen- erally at load time. e returner interface allows the return data to be sent to any system that can receive data. is means that return data can be sent to a Redis server, a MongoDB server, a MySQL server, or any system. See also: Full list of builtin returners</p><p>22.23. Returners 987 Salt Documentation, Release 2014.7.6</p><p>22.23.1 Using Returners</p><p>All Salt commands will return the command data back to the master. Specifying returners will ensure that the data is _also_ sent to the speciﬁed returner interfaces. Specifying what returners to use is done when the command is invoked: salt '*' test.ping --return redis_return</p><p>is command will ensure that the redis_return returner is used. It is also possible to specify multiple returners: salt '*' test.ping --return mongo_return,redis_return,cassandra_return</p><p>In this scenario all three returners will be called and the data from the test.ping command will be sent out to the three named returners.</p><p>22.23.2 Writing a Returner</p><p>A returner is a Python module which contains a function called returner. e returner function must accept a single argument for the return data from the called minion function. So if the minion function test.ping is called the value of the argument will be True. A simple returner is implemented below: import redis import json def returner(ret): ''' Return information to a redis server ''' # Get a redis connection serv = redis.Redis( host='redis-serv.example.com', port=6379, db='0') serv.sadd("%(id)s:jobs" % ret, ret['jid']) serv.set("%(jid)s:%(id)s" % ret, json.dumps(ret['return'])) serv.sadd('jobs', ret['jid']) serv.sadd(ret['jid'], ret['id'])</p><p>e above example of a returner set to send the data to a Redis server serializes the data as JSON and sets it in redis. Place custom returners in a _returners directory within the file_roots speciﬁed by the master conﬁg ﬁle. Custom returners are distributed when any of the following are called: state.highstate saltutil.sync_returners saltutil.sync_all Any custom returners which have been synced to a minion that are named the same as one of Salt's default set of returners will take the place of the default returner with the same name.</p><p>988 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Note that a returner's default name is its ﬁlename (i.e. foo.py becomes returner foo), but that its name can be overridden by using a __virtual__ function. A good example of this can be found in the redis returner, which is named redis_return.py but is loaded as simply redis: try: import redis HAS_REDIS = True except ImportError: HAS_REDIS = False</p><p>__virtualname__ = 'redis' def __virtual__(): if not HAS_REDIS: return False return __virtualname__</p><p>22.23.3 Full List of Returners</p><p>Full list of builtin returner modules</p><p> carbon_return Take data from salt and ``return'' it into a carbon receiver cassandra_return Return data to a Cassandra ColumnFamily couchbase_return Simple returner for Couchbase. couchdb_return Simple returner for CouchDB. elasticsearch_return Return data to an elasticsearch server for indexing. etcd_return Return data to an etcd server or cluster local e local returner is used to test the returner interface, it just prints the local_cache Return data to local job cache memcache_return Return data to a memcache server mongo_future_return Return data to a mongodb server mongo_return Return data to a mongodb server multi_returner Read/Write multiple returners mysql Return data to a mysql server odbc Return data to an ODBC compliant server. postgres Return data to a postgresql server redis_return Return data to a redis server sentry_return Salt returner that report execution results back to sentry. smtp_return Return salt data via email sqlite3_return Insert minion return data into a sqlite3 database syslog_return Return data to the host operating system's syslog facility salt.returners.carbon_return</p><p>Take data from salt and ``return'' it into a carbon receiver Add the following conﬁguration to the minion conﬁguration ﬁles: carbon.host: <server address="" ip=""> carbon.port: 2003</server></p><p>22.23. Returners 989 Salt Documentation, Release 2014.7.6</p><p>Errors when trying to convert data to numbers may be ignored by seing carbon.skip_on_error to True: carbon.skip_on_error: True</p><p>By default, data will be sent to carbon using the plaintext protocol. To use the pickle protocol, set carbon.mode to pickle: carbon.mode: pickle</p><p>Carbon seings may also be conﬁgured as:</p><p> carbon: host: <server hostname="" ip="" or=""> port: <carbon port=""> skip_on_error: True mode: (pickle|text)</carbon></server></p><p>To use the carbon returner, append '--return carbon' to the salt command. ex:</p><p> salt '*' test.ping --return carbon salt.returners.carbon_return.prep_jid(nocache, passed_jid=None) Do any work necessary to prepare a JID, including sending a custom id salt.returners.carbon_return.returner(ret) Return data to a remote carbon server using the text metric protocol Each metric will look like:</p><p>[module].[function].[minion_id].[metric path [...]].[metric name]</p><p> salt.returners.cassandra_return</p><p>Return data to a Cassandra ColumnFamily Here's an example Keyspace / ColumnFamily setup that works with this returner: create keyspace salt; use salt; create column family returns with key_validation_class='UTF8Type' and comparator='UTF8Type' and default_validation_class='UTF8Type';</p><p>Required python modules: pycassa To use the cassandra returner, append `--return cassandra' to the salt command. ex: salt `*' test.ping --return cassandra salt.returners.cassandra_return.prep_jid(nocache, passed_jid=None) Do any work necessary to prepare a JID, including sending a custom id salt.returners.cassandra_return.returner(ret) Return data to a Cassandra ColumnFamily</p><p>990 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt.returners.couchbase_return</p><p>Simple returner for Couchbase. Optional conﬁguration seings are listed below, along with sane defaults. couchbase.host: `salt' couchbase.port: 8091 couchbase.bucket: `salt' couchbase.skip_verify_views: False To use the couchbase returner, append `--return couchbase' to the salt command. ex: salt `*' test.ping --return couchbase All of the return data will be stored in documents as follows:</p><p>JID load: load obj tgt_minions: list of minions targeted nocache: should we not cache the return data</p><p>JID/MINION_ID return: return_data out: out_data salt.returners.couchbase_return.get_jid(jid) Return the information returned when the speciﬁed job id was executed salt.returners.couchbase_return.get_jids() Return a list of all job ids salt.returners.couchbase_return.get_load(jid) Return the load data that marks a speciﬁed jid salt.returners.couchbase_return.prep_jid(nocache=False, passed_jid=None) Return a job id and prepare the job id directory is is the function responsible for making sure jids don't collide (unless its passed a jid) So do what you have to do to make sure that stays the case salt.returners.couchbase_return.returner(load) Return data to the local job cache salt.returners.couchbase_return.save_load(jid, clear_load) Save the load to the speciﬁed jid salt.returners.couchdb_return</p><p>Simple returner for CouchDB. Optional conﬁguration seings are listed below, along with sane defaults. couchdb.db: `salt' couchdb.url: `hp://salt:5984/` To use the couchdb returner, append `--return couchdb' to the salt command. ex: salt `*' test.ping --return couchdb salt.returners.couchdb_return.ensure_views() is function makes sure that all the views that should exist in the design document do exist. salt.returners.couchdb_return.get_fun(fun) Return a dict with key being minion and value being the job details of the last run of function `fun'. salt.returners.couchdb_return.get_jid(jid) Get the document with a given JID. salt.returners.couchdb_return.get_jids() List all the jobs that we have.. salt.returners.couchdb_return.get_minions() Return a list of minion identiﬁers from a request of the view.</p><p>22.23. Returners 991 Salt Documentation, Release 2014.7.6 salt.returners.couchdb_return.get_valid_salt_views() Returns a dict object of views that should be part of the salt design document. salt.returners.couchdb_return.prep_jid(nocache, passed_jid=None) Do any work necessary to prepare a JID, including sending a custom id salt.returners.couchdb_return.returner(ret) Take in the return and shove it into the couchdb database. salt.returners.couchdb_return.set_salt_view() Helper function that sets the salt design document. Uses get_valid_salt_views and some hardcoded values. salt.returners.elasticsearch_return</p><p>Return data to an elasticsearch server for indexing. maintainer Jurnell co*ckhren <jurnell.co> maturity New depends elasticsearch-py platform all To enable this returner the elasticsearch python client must be installed on the desired minions (all or some subset). e required conﬁguration is as follows: elasticsear: host: `somehost.example.com:9200' index: `salt' number_of_shards: 1 (optional) num- ber_of_replicas: 0 (optional) e above conﬁguration can be placed in a targeted pillar, minion or master conﬁgurations. To use the returner per salt call: salt `*' test.ping --return elasticsearch In order to have the returner apply to all minions: ext_job_cache: elasticsearch salt.returners.elasticsearch_return.prep_jid(nocache, passed_jid=None) Do any work necessary to prepare a JID, including sending a custom id salt.returners.elasticsearch_return.returner(ret) Process the return from Salt salt.returners.etcd_return</jurnell.co></p><p>Return data to an etcd server or cluster depends • python-etcd In order to return to an etcd server, a proﬁle should be created in the master conﬁguration ﬁle: my_etd_config: etcd.host: 127.0.0.1 etcd.port: 4001</p><p>992 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>It is technically possible to conﬁgure etcd without using a proﬁle, but this is not considered to be a best practice, especially when multiple etcd servers or clusters are available. etcd.host: 127.0.0.1 etcd.port: 4001</p><p>Additionally, two more options must be speciﬁed in the top-level conﬁguration in order to use the etcd returner: etcd.returner: my_etcd_config etcd.returner_root: /salt/return</p><p>e etcd.returner option speciﬁes which conﬁguration proﬁle to use. e etcd.returner_root option speciﬁes the path inside etcd to use as the root of the returner system. Once the etcd options are conﬁgured, the returner may be used: CLI Example: salt `*' test.ping --return etcd salt.returners.etcd_return.get_fun() Return a dict of the last function called for all minions salt.returners.etcd_return.get_jid(jid) Return the information returned when the speciﬁed job id was executed salt.returners.etcd_return.get_jids() Return a list of all job ids salt.returners.etcd_return.get_load(jid) Return the load data that marks a speciﬁed jid salt.returners.etcd_return.get_minions() Return a list of minions salt.returners.etcd_return.prep_jid(nocache, passed_jid=None) Do any work necessary to prepare a JID, including sending a custom id salt.returners.etcd_return.returner(ret) Return data to an etcd server or cluster salt.returners.etcd_return.save_load(jid, load) Save the load to the speciﬁed jid salt.returners.local</p><p>e local returner is used to test the returner interface, it just prints the return data to the console to verify that it is being passed properly To use the local returner, append `--return local' to the salt command. ex: salt `*' test.ping --return local salt.returners.local.returner(ret) Print the return data to the terminal to verify functionality</p><p>22.23. Returners 993 Salt Documentation, Release 2014.7.6</p><p> salt.returners.local_cache</p><p>Return data to local job cache salt.returners.local_cache.clean_old_jobs() Clean out the old jobs from the job cache salt.returners.local_cache.get_jid(jid) Return the information returned when the speciﬁed job id was executed salt.returners.local_cache.get_jids() Return a list of all job ids salt.returners.local_cache.get_load(jid) Return the load data that marks a speciﬁed jid salt.returners.local_cache.prep_jid(nocache=False, passed_jid=None) Return a job id and prepare the job id directory is is the function responsible for making sure jids don't collide (unless its passed a jid) So do what you have to do to make sure that stays the case salt.returners.local_cache.returner(load) Return data to the local job cache salt.returners.local_cache.save_load(jid, clear_load) Save the load to the speciﬁed jid salt.returners.memcache_return</p><p>Return data to a memcache server To enable this returner the minion will need the python client for memcache installed and the following values conﬁgured in the minion or master conﬁg, these are the defaults: memcache.host: `localhost' memcache.port: `11211' python2-memcache uses `localhost' and `11211' as syntax on connection. salt.returners.memcache_return.get_fun(fun) Return a dict of the last function called for all minions salt.returners.memcache_return.get_jid(jid) Return the information returned when the speciﬁed job id was executed salt.returners.memcache_return.get_jids() Return a list of all job ids salt.returners.memcache_return.get_load(jid) Return the load data that marks a speciﬁed jid salt.returners.memcache_return.get_minions() Return a list of minions salt.returners.memcache_return.prep_jid(nocache, passed_jid=None) Do any work necessary to prepare a JID, including sending a custom id salt.returners.memcache_return.returner(ret) Return data to a memcache data store salt.returners.memcache_return.save_load(jid, load) Save the load to the speciﬁed jid</p><p>994 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt.returners.mongo_future_return</p><p>Return data to a mongodb server Required python modules: pymongo is returner will send data from the minions to a MongoDB server. To conﬁgure the seings for your MongoDB server, add the following lines to the minion conﬁg ﬁles: mongo.db: <database name=""> mongo.host: <server address="" ip=""> mongo.user: <mongodb username=""> mongo.password: <mongodb password="" user=""> mongo.port: 27017</mongodb></mongodb></server></database></p><p>is mongo returner is being developed to replace the default mongodb returner in the future and should not be considered API stable yet. To use the mongo returner, append `--return mongo' to the salt command. ex: salt `*' test.ping --return mongo salt.returners.mongo_future_return.get_fun(fun) Return the most recent jobs that have executed the named function salt.returners.mongo_future_return.get_jid(jid) Return the return information associated with a jid salt.returners.mongo_future_return.get_jids() Return a list of job ids salt.returners.mongo_future_return.get_load(jid) Return the load associated with a given job id salt.returners.mongo_future_return.get_minions() Return a list of minions salt.returners.mongo_future_return.prep_jid(nocache, passed_jid=None) Do any work necessary to prepare a JID, including sending a custom id salt.returners.mongo_future_return.returner(ret) Return data to a mongodb server salt.returners.mongo_future_return.save_load(jid, load) Save the load for a given job id salt.returners.mongo_return</p><p>Return data to a mongodb server Required python modules: pymongo is returner will send data from the minions to a MongoDB server. To conﬁgure the seings for your MongoDB server, add the following lines to the minion conﬁg ﬁles:</p><p> mongo.db: <database name=""> mongo.host: <server address="" ip=""> mongo.user: <mongodb username=""> mongo.password: <mongodb password="" user=""> mongo.port: 27017</mongodb></mongodb></server></database></p><p>22.23. Returners 995 Salt Documentation, Release 2014.7.6</p><p>To use the mongo returner, append '--return mongo' to the salt command. ex:</p><p> salt '*' test.ping --return mongo salt.returners.mongo_return.get_fun(fun) Return the most recent jobs that have executed the named function salt.returners.mongo_return.get_jid(jid) Return the return information associated with a jid salt.returners.mongo_return.prep_jid(nocache, passed_jid=None) Do any work necessary to prepare a JID, including sending a custom id salt.returners.mongo_return.returner(ret) Return data to a mongodb server salt.returners.multi_returner</p><p>Read/Write multiple returners salt.returners.multi_returner.clean_old_jobs() Clean out the old jobs from all returners (if you have it) salt.returners.multi_returner.get_jid(jid) Merge the return data from all returners salt.returners.multi_returner.get_jids() Return all job data from all returners salt.returners.multi_returner.get_load(jid) Merge the load data from all returners salt.returners.multi_returner.prep_jid(nocache=False, passed_jid=None) Call both with prep_jid on all returners in multi_returner TODO: ﬁnish this, what do do when you get diﬀerent jids from 2 returners… since our jids are time based, this make this problem hard, because they aren't unique, meaning that we have to make sure that no one else got the jid and if they did we spin to get a new one, which means ``locking'' the jid in 2 returners is non-trivial salt.returners.multi_returner.returner(load) Write return to all returners in multi_returner salt.returners.multi_returner.save_load(jid, clear_load) Write load to all returners in multi_returner salt.returners.mysql</p><p>Return data to a mysql server maintainer Dave Boucha <dave>, Seth House <shouse> maturity new depends python-mysqldb platform all To enable this returner the minion will need the python client for mysql installed and the following values conﬁgured in the minion or master conﬁg, these are the defaults:</shouse></dave></p><p>996 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> mysql.host: 'salt' mysql.user: 'salt' mysql.pass: 'salt' mysql.db: 'salt' mysql.port: 3306</p><p>Use the following mysql database schema:</p><p>CREATE DATABASE `salt` DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;</p><p>USE `salt`;</p><p>-- -- Table structure for table `jids` --</p><p>DROP TABLE IF EXISTS `jids`; CREATE TABLE `jids` ( `jid` varchar(255) NOT NULL, `load` mediumtext NOT NULL, UNIQUE KEY `jid` (`jid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8;</p><p>-- -- Table structure for table `salt_returns` --</p><p>DROP TABLE IF EXISTS `salt_returns`; CREATE TABLE `salt_returns` ( `fun` varchar(50) NOT NULL, `jid` varchar(255) NOT NULL, `return` mediumtext NOT NULL, `id` varchar(255) NOT NULL, `success` varchar(10) NOT NULL, `full_ret` mediumtext NOT NULL, `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, KEY `id` (`id`), KEY `jid` (`jid`), KEY `fun` (`fun`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8;</p><p>Required python modules: MySQLdb To use the mysql returner, append `--return mysql' to the salt command. ex: salt `*' test.ping --return mysql salt.returners.mysql.get_fun(fun) Return a dict of the last function called for all minions salt.returners.mysql.get_jid(jid) Return the information returned when the speciﬁed job id was executed salt.returners.mysql.get_jids() Return a list of all job ids</p><p>22.23. Returners 997 Salt Documentation, Release 2014.7.6 salt.returners.mysql.get_load(jid) Return the load data that marks a speciﬁed jid salt.returners.mysql.get_minions() Return a list of minions salt.returners.mysql.prep_jid(nocache, passed_jid=None) Do any work necessary to prepare a JID, including sending a custom id salt.returners.mysql.returner(ret) Return data to a mysql server salt.returners.mysql.save_load(jid, load) Save the load to the speciﬁed jid id salt.returners.odbc</p><p>Return data to an ODBC compliant server. is driver was developed with Microso SQL Server in mind, but theoretically could be used to return data to any compliant ODBC database as long as there is a working ODBC driver for it on your minion platform. maintainer 3. (a) Oldham (cr@saltstack.com) maturity New depends unixodbc, pyodbc, freetds (for SQL Server) platform all To enable this returner the minion will need On Linux: unixodbc (hp://www.unixodbc.org) pyodbc (pip install pyodbc) e FreeTDS ODBC driver for SQL Server (hp://www.freetds.org) or another compatible ODBC driver On Windows: TBD unixODBC and FreeTDS need to be conﬁgured via /etc/odbcinst.ini and /etc/odbc.ini. /etc/odbcinst.ini:</p><p>[TDS] Description=TDS Driver=/usr/lib/x86_64-linux-gnu/odbc/libtdsodbc.so</p><p>(Note the above Driver line needs to point to the location of the FreeTDS shared library. is example is for Ubuntu 14.04.) /etc/odbc.ini:</p><p>[TS] Description = "Salt Returner" Driver=TDS Server = <your fqdn="" ip="" or="" server=""> Port = 1433 Database = salt Trace = No</your></p><p>998 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Also you need the following values conﬁgured in the minion or master conﬁg. Conﬁgure as you see ﬁt: returner.odbc.dsn: 'TS' returner.odbc.user: 'salt' returner.odbc.passwd: 'salt'</p><p>Running the following commands against Microso SQL Server in the desired database as the appropriate user should create the database tables correctly. Replace with equivalent SQL for other ODBC-compliant servers:</p><p>-- -- Table structure for table 'jids' --</p><p> if OBJECT_ID('dbo.jids', 'U') is not null DROP TABLE dbo.jids</p><p>CREATE TABLE dbo.jids ( jid varchar(255) PRIMARY KEY, load varchar(MAX) NOT NULL );</p><p>-- -- Table structure for table 'salt_returns' -- IF OBJECT_ID('dbo.salt_returns', 'U') IS NOT NULL DROP TABLE dbo.salt_returns;</p><p>CREATE TABLE dbo.salt_returns ( added datetime not null default (getdate()), fun varchar(100) NOT NULL, jid varchar(255) NOT NULL, retval varchar(MAX) NOT NULL, id varchar(255) NOT NULL, success bit default(0) NOT NULL, full_ret varchar(MAX) );</p><p>CREATE INDEX salt_returns_added on dbo.salt_returns(added); CREATE INDEX salt_returns_id on dbo.salt_returns(id); CREATE INDEX salt_returns_jid on dbo.salt_returns(jid); CREATE INDEX salt_returns_fun on dbo.salt_returns(fun);</p><p>To use this returner, append '--return odbc' to the salt command. ex:</p><p> salt '*' status.diskusage --return odbc salt.returners.odbc.get_fun(fun) Return a dict of the last function called for all minions salt.returners.odbc.get_jid(jid) Return the information returned when the speciﬁed job id was executed salt.returners.odbc.get_jids() Return a list of all job ids</p><p>22.23. Returners 999 Salt Documentation, Release 2014.7.6 salt.returners.odbc.get_load(jid) Return the load data that marks a speciﬁed jid salt.returners.odbc.get_minions() Return a list of minions salt.returners.odbc.prep_jid(nocache, passed_jid=None) Do any work necessary to prepare a JID, including sending a custom id salt.returners.odbc.returner(ret) Return data to an odbc server salt.returners.odbc.save_load(jid, load) Save the load to the speciﬁed jid id salt.returners.postgres</p><p>Return data to a postgresql server maintainer None maturity New depends psycopg2 platform all To enable this returner the minion will need the psycopg2 installed and the following values conﬁgured in the minion or master conﬁg: returner.postgres.host: 'salt' returner.postgres.user: 'salt' returner.postgres.passwd: 'salt' returner.postgres.db: 'salt' returner.postgres.port: 5432</p><p>Running the following commands as the postgres user should create the database correctly: psql &lt;&lt; EOF CREATE ROLE salt WITH PASSWORD 'salt'; CREATE DATABASE salt WITH OWNER salt; EOF psql -h localhost -U salt &lt;&lt; EOF -- -- Table structure for table 'jids' --</p><p>DROP TABLE IF EXISTS jids; CREATE TABLE jids ( jid varchar(20) PRIMARY KEY, load text NOT NULL );</p><p>-- -- Table structure for table 'salt_returns' --</p><p>DROP TABLE IF EXISTS salt_returns;</p><p>1000 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>CREATE TABLE salt_returns ( added TIMESTAMP WITH TIME ZONE DEFAULT now(), fun text NOT NULL, jid varchar(20) NOT NULL, return text NOT NULL, id text NOT NULL, success boolean ); CREATE INDEX ON salt_returns (added); CREATE INDEX ON salt_returns (id); CREATE INDEX ON salt_returns (jid); CREATE INDEX ON salt_returns (fun); EOF</p><p>Required python modules: psycopg2 To use the postgres returner, append `--return postgres' to the salt command. ex: salt `*' test.ping --return postgres salt.returners.postgres.get_fun(fun) Return a dict of the last function called for all minions salt.returners.postgres.get_jid(jid) Return the information returned when the speciﬁed job id was executed salt.returners.postgres.get_jids() Return a list of all job ids salt.returners.postgres.get_load(jid) Return the load data that marks a speciﬁed jid salt.returners.postgres.get_minions() Return a list of minions salt.returners.postgres.prep_jid(nocache, passed_jid=None) Do any work necessary to prepare a JID, including sending a custom id salt.returners.postgres.returner(ret) Return data to a postgres server salt.returners.postgres.save_load(jid, load) Save the load to the speciﬁed jid id salt.returners.redis_return</p><p>Return data to a redis server To enable this returner the minion will need the python client for redis installed and the following values conﬁgured in the minion or master conﬁg, these are the defaults: redis.db: `0' redis.host: `salt' redis.port: 6379 To use the redis returner, append `--return redis' to the salt command. ex: salt `*' test.ping --return redis salt.returners.redis_return.get_fun(fun) Return a dict of the last function called for all minions salt.returners.redis_return.get_jid(jid) Return the information returned when the speciﬁed job id was executed</p><p>22.23. Returners 1001 Salt Documentation, Release 2014.7.6 salt.returners.redis_return.get_jids() Return a list of all job ids salt.returners.redis_return.get_load(jid) Return the load data that marks a speciﬁed jid salt.returners.redis_return.get_minions() Return a list of minions salt.returners.redis_return.prep_jid(nocache, passed_jid=None) Do any work necessary to prepare a JID, including sending a custom id salt.returners.redis_return.returner(ret) Return data to a redis data store salt.returners.redis_return.save_load(jid, load) Save the load to the speciﬁed jid salt.returners.sentry_return</p><p>Salt returner that report execution results back to sentry. e returner will inspect the payload to identify errors and ﬂag them as such. Pillar need something like: raven: servers: - http://192.168.1.1 - https://sentry.example.com public_key: deadbeefdeadbeefdeadbeefdeadbeef secret_key: beefdeadbeefdeadbeefdeadbeefdead project: 1 tags: - os - master - saltversion - cpuarch and hps://pypi.python.org/pypi/raven installed e tags list (optional) speciﬁes grains items that will be used as sentry tags, allowing tagging of events in the sentry ui. salt.returners.sentry_return.prep_jid(nocache, passed_jid=None) Do any work necessary to prepare a JID, including sending a custom id salt.returners.sentry_return.returner(ret) Log outcome to sentry. e returner tries to identify errors and report them as such. All other messages will be reported at info level. salt.returners.smtp_return</p><p>Return salt data via email e following ﬁelds can be set in the minion conf ﬁle:</p><p>1002 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> smtp.from (required) smtp.to (required) smtp.host (required) smtp.port (optional, defaults to 25) smtp.username (optional) smtp.password (optional) smtp.tls (optional, defaults to False) smtp.subject (optional, but helpful) smtp.gpgowner (optional) smtp.fields (optional)</p><p>ere are a few things to keep in mind: • If a username is used, a password is also required. It is recommended (but not required) to use the TLS seing when authenticating. • You should at least declare a subject, but you don't have to. • e use of encryption, i.e. seing gpgowner in your seings, requires python-gnupg to be installed. • e ﬁeld gpgowner speciﬁes a user's ~/.gpg directory. is must contain a gpg public key matching the address the mail is sent to. If le unset, no encryption will be used. • smtp.ﬁelds lets you include the value(s) of various ﬁelds in the subject line of the email. ese are comma- delimited. For instance:</p><p> smtp.fields: id,fun</p><p>…will display the id of the minion and the name of the function in the subject line. You may also use `jid' (the job id), but it is generally recommended not to use `return', which contains the entire return data structure (which can be very large). Also note that the subject is always unencrypted. To use the SMTP returner, append `--return smtp' to the salt command. ex:</p><p> salt '*' test.ping --return smtp salt.returners.smtp_return.prep_jid(nocache, passed_jid=None) Do any work necessary to prepare a JID, including sending a custom id salt.returners.smtp_return.returner(ret) Send an email with the data salt.returners.sqlite3</p><p>Insert minion return data into a sqlite3 database maintainer Mickey Malone <mickey.malone> maturity New depends None platform All Sqlite3 is a serverless database that lives in a single ﬁle. In order to use this returner the database ﬁle must exist, have the appropriate schema deﬁned, and be accessible to the user whom the minion process is running as. is returner requires the following values conﬁgured in the master or minion conﬁg: returner.sqlite3.database: /usr/lib/salt/salt.db returner.sqlite3.timeout: 5.0</mickey.malone></p><p>22.23. Returners 1003 Salt Documentation, Release 2014.7.6</p><p>Use the commands to create the sqlite3 database and tables:</p><p> sqlite3 /usr/lib/salt/salt.db &lt;&lt; EOF -- -- Table structure for table 'jids' --</p><p>CREATE TABLE jids ( jid TEXT PRIMARY KEY, load TEXT NOT NULL );</p><p>-- -- Table structure for table 'salt_returns' --</p><p>CREATE TABLE salt_returns ( fun TEXT KEY, jid TEXT KEY, id TEXT KEY, fun_args TEXT, date TEXT NOT NULL, full_ret TEXT NOT NULL, success TEXT NOT NULL ); EOF</p><p>To use the sqlite returner, append '--return sqlite' to the salt command. ex:</p><p> salt '*' test.ping --return sqlite salt.returners.sqlite3_return.get_fun(fun) Return a dict of the last function called for all minions salt.returners.sqlite3_return.get_jid(jid) Return the information returned from a speciﬁed jid salt.returners.sqlite3_return.get_jids() Return a list of all job ids salt.returners.sqlite3_return.get_load(jid) Return the load from a speciﬁed jid salt.returners.sqlite3_return.get_minions() Return a list of minions salt.returners.sqlite3_return.prep_jid(nocache, passed_jid=None) Do any work necessary to prepare a JID, including sending a custom id salt.returners.sqlite3_return.returner(ret) Insert minion return data into the sqlite3 database salt.returners.sqlite3_return.save_load(jid, load) Save the load to the speciﬁed jid salt.returners.syslog_return</p><p>Return data to the host operating system's syslog facility</p><p>1004 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Required python modules: syslog, json e syslog returner simply reuses the operating system's syslog facility to log return data To use the syslog returner, append `--return syslog' to the salt command. ex: salt `*' test.ping --return syslog salt.returners.syslog_return.prep_jid(nocache, passed_jid=None) Do any work necessary to prepare a JID, including sending a custom id salt.returners.syslog_return.returner(ret) Return data to the local syslog</p><p>22.24 Full list of builtin roster modules</p><p> flat Read in the roster from a ﬂat ﬁle using the renderer system scan Scan a netmask or ipaddr for open ssh ports</p><p>22.24.1 salt.roster.flat</p><p>Read in the roster from a ﬂat ﬁle using the renderer system class salt.roster.flat.RosterMatcher(raw, tgt, tgt_type, ipv='ipv4') Matcher for the roster data structure get_data(minion) Return the conﬁgured ip ret_glob_minions() Return minions that match via glob ret_list_minions() Return minions that match via list ret_pcre_minions() Return minions that match via pcre targets() Execute the correct tgt_type routine and return salt.roster.flat.targets(tgt, tgt_type='glob', **kwargs) Return the targets from the ﬂat yaml ﬁle, checks opts for location but defaults to /etc/salt/roster</p><p>22.24.2 salt.roster.scan</p><p>Scan a netmask or ipaddr for open ssh ports class salt.roster.scan.RosterMatcher(tgt, tgt_type) Matcher for the roster data structure targets() Return ip addrs based on netmask, siing in the ``glob'' spot because it is the default salt.roster.scan.targets(tgt, tgt_type='glob', **kwargs) Return the targets from the ﬂat yaml ﬁle, checks opts for location but defaults to /etc/salt/roster</p><p>22.24. Full list of builtin roster modules 1005 Salt Documentation, Release 2014.7.6</p><p>22.25 Salt Runners</p><p>Salt runners are convenience applications executed with the salt-run command. Salt runners work similarly to Salt execution modules however they execute on the Salt master itself instead of remote Salt minions. A Salt runner can be a simple client call or a complex application. See also: e full list of runners</p><p>22.25.1 Full list of runner modules</p><p> cache Return cached data from minions cloud e Salt Cloud Runner doc A runner module to collect and display the inline documentation from the error Error generator to enable integration testing of salt runner error handling fileserver Directly manage the Salt ﬁleserver plugins git_pillar Directly manage the salt git_pillar plugin jobs A convenience system to manage jobs, both active and already run launchd Manage launchd plist ﬁles lxc Control Linux Containers via Salt manage General management functions for salt, tools like seeing what hosts are up mine A runner to access data from the salt mine network Network tools to run from the Master pillar Functions to interact with the pillar compiler on the master queue General management and processing of queues. search Runner frontend to search system state Execute overstate functions survey A general map/reduce style salt runner for aggregating results returned by several diﬀerent minions. thin e thin runner is used to manage the salt thin systems. virt Control virtual machines via Salt winrepo Runner to manage Windows soware repo salt.runners.cache</p><p>Return cached data from minions salt.runners.cache.clear_all(tgt=None, expr_form='glob') Clear the cached pillar, grains, and mine data of the targeted minions CLI Example:</p><p> salt-run cache.clear_all salt.runners.cache.clear_grains(tgt=None, expr_form='glob') Clear the cached grains data of the targeted minions CLI Example:</p><p> salt-run cache.clear_grains</p><p>1006 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.runners.cache.clear_mine(tgt=None, expr_form='glob') Clear the cached mine data of the targeted minions CLI Example:</p><p> salt-run cache.clear_mine salt.runners.cache.clear_mine_func(tgt=None, expr_form='glob', clear_mine_func=None) Clear the cached mine function data of the targeted minions CLI Example:</p><p> salt-run cache.clear_mine_func tgt='*' clear_mine_func='network.interfaces' salt.runners.cache.clear_pillar(tgt=None, expr_form='glob') Clear the cached pillar data of the targeted minions CLI Example:</p><p> salt-run cache.clear_pillar salt.runners.cache.grains(tgt=None, expr_form='glob', **kwargs) Return cached grains of the targeted minions CLI Example:</p><p> salt-run cache.grains salt.runners.cache.mine(tgt=None, expr_form='glob', **kwargs) Return cached mine data of the targeted minions CLI Example:</p><p> salt-run cache.mine salt.runners.cache.pillar(tgt=None, expr_form='glob', **kwargs) Return cached pillars of the targeted minions CLI Example:</p><p> salt-run cache.pillar salt.runners.cloud</p><p>The Salt Cloud Runner</p><p>is runner wraps the functionality of salt cloud making salt cloud routines available to all internal apis via the runner system salt.runners.cloud.action(func=None, cloudmap=None, instances=None, provider=None, in- stance=None, **kwargs) Execute a single action on the given map/provider/instance salt.runners.cloud.create(provider, instances, **kwargs) Create an instance using Salt Cloud CLI Example:</p><p> salt-run cloud.create my-ec2-config myinstance image=ami-1624987f size='Micro Instance' ssh_username=ec2-user securitygroup=default delvol_on_destroy=True</p><p>22.25. Salt Runners 1007 Salt Documentation, Release 2014.7.6 salt.runners.cloud.destroy(instances) Destroy the named vm(s) salt.runners.cloud.full_query(query_type='list_nodes_full') List all available cloud provider data salt.runners.cloud.list_images(provider='all') List cloud provider images for the given providers salt.runners.cloud.list_locations(provider='all') List cloud provider sizes for the given providers salt.runners.cloud.list_sizes(provider='all') List cloud provider sizes for the given providers salt.runners.cloud.map_run(path, **kwargs) Execute a salt cloud map ﬁle salt.runners.cloud.profile(prof, instances, **kwargs) Create a cloud vm with the given proﬁle and instances, instances can be a list or comma delimited string salt.runners.cloud.query(query_type='list_nodes') List cloud provider data for all providers salt.runners.cloud.select_query(query_type='list_nodes_select') List selected nodes salt.runners.doc</p><p>A runner module to collect and display the inline documentation from the various module types salt.runners.doc.execution() Collect all the sys.doc output from each minion and return the aggregate CLI Example:</p><p> salt-run doc.execution salt.runners.doc.runner() Return all inline documentation for runner modules CLI Example:</p><p> salt-run doc.runner salt.runners.doc.wheel() Return all inline documentation for wheel modules CLI Example:</p><p> salt-run doc.wheel salt.runners.error</p><p>Error generator to enable integration testing of salt runner error handling salt.runners.error.error(name=None, message='`) If name is None en return empty dict Otherwise raise an exception with __name__ from name, message from message CLI Example:</p><p>1008 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt-run error salt-run error.error name="Exception" message="This is an error." salt.runners.fileserver</p><p>Directly manage the Salt ﬁleserver plugins salt.runners.fileserver.clear_cache(backend=None) New in version 2015.5.0. Clear the ﬁleserver cache from VCS ﬁleserver backends (git, hg, svn). Executing this runner with no ar- guments will clear the cache for all enabled VCS ﬁleserver backends, but this can be narrowed using the backend argument. baend Only clear the update lock for the speciﬁed backend(s). If all passed backends start with a minus sign (-), then these backends will be excluded from the enabled backends. However, if there is a mix of backends with and without a minus sign (ex: backend=-roots,git) then the ones starting with a minus sign will be disregarded. CLI Example:</p><p> salt-run fileserver.clear_cache salt-run fileserver.clear_cache backend=git,hg salt-run fileserver.clear_cache hg salt-run fileserver.clear_cache -roots salt.runners.fileserver.clear_lock(backend=None, remote=None) New in version 2015.5.0. Clear the ﬁleserver update lock from VCS ﬁleserver backends (git, hg, svn). is should only need to be done if a ﬁleserver update was interrupted and a remote is not updating (generating a warning in the Master's log ﬁle). Executing this runner with no arguments will remove all update locks from all enabled VCS ﬁleserver backends, but this can be narrowed by using the following arguments: baend Only clear the update lock for the speciﬁed backend(s). remote If not None, then any remotes which contain the passed string will have their lock cleared. For ex- ample, a remote value of github will remove the lock from all github.com remotes. CLI Example:</p><p> salt-run fileserver.clear_lock salt-run fileserver.clear_lock backend=git,hg salt-run fileserver.clear_lock backend=git remote=github salt-run fileserver.clear_lock remote=bitbucket salt.runners.fileserver.dir_list(saltenv='base', backend=None, outpuer='nested') Return a list of directories in the given environment saltenv [base] e salt ﬁleserver environment to be listed baend Narrow ﬁleserver backends to a subset of the enabled ones. If all passed backends start with a minus sign (-), then these backends will be excluded from the enabled backends. However, if there is a mix of backends with and without a minus sign (ex: backend=-roots,git) then the ones starting with a minus sign will be disregarded. New in version 2015.5.0. CLI Example:</p><p>22.25. Salt Runners 1009 Salt Documentation, Release 2014.7.6</p><p> salt-run fileserver.dir_list salt-run fileserver.dir_list saltenv=prod salt-run fileserver.dir_list saltenv=dev backend=git salt-run fileserver.dir_list base hg,roots salt-run fileserver.dir_list -git salt.runners.fileserver.empty_dir_list(saltenv='base', backend=None, outpuer='nested') New in version 2015.5.0. Return a list of empty directories in the given environment saltenv [base] e salt ﬁleserver environment to be listed baend Narrow ﬁleserver backends to a subset of the enabled ones. If all passed backends start with a minus sign (-), then these backends will be excluded from the enabled backends. However, if there is a mix of backends with and without a minus sign (ex: backend=-roots,git) then the ones starting with a minus sign will be disregarded.</p><p>Note: Some backends (such as git and hg) do not support empty directories. So, passing back- end=git or backend=hg will result in an empty list being returned.</p><p>CLI Example:</p><p> salt-run fileserver.empty_dir_list salt-run fileserver.empty_dir_list saltenv=prod salt-run fileserver.empty_dir_list backend=roots salt.runners.fileserver.envs(backend=None, sources=False, outpuer='nested') Return the available ﬁleserver environments. If no backend is provided, then the environments for all conﬁg- ured backends will be returned. baend Narrow ﬁleserver backends to a subset of the enabled ones. Changed in version 2015.5.0: If all passed backends start with a minus sign (-), then these backends will be excluded from the enabled backends. However, if there is a mix of backends with and without a minus sign (ex: backend=-roots,git) then the ones starting with a minus sign will be disregarded. Additionally, ﬁleserver backends can now be passed as a comma-separated list. In earlier versions, they needed to be passed as a python list (ex: backend="['roots', 'git']") CLI Example:</p><p> salt-run fileserver.envs salt-run fileserver.envs outputter=nested salt-run fileserver.envs backend=roots,git salt-run fileserver.envs git salt.runners.fileserver.file_list(saltenv='base', backend=None, outpuer='nested') Return a list of ﬁles from the salt ﬁleserver saltenv [base] e salt ﬁleserver environment to be listed baend Narrow ﬁleserver backends to a subset of the enabled ones. If all passed backends start with a minus sign (-), then these backends will be excluded from the enabled backends. However, if there is a mix of backends with and without a minus sign (ex: backend=-roots,git) then the ones starting with a minus sign will be disregarded. New in version 2015.5.0. CLI Examples:</p><p>1010 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt-run fileserver.file_list salt-run fileserver.file_list saltenv=prod salt-run fileserver.file_list saltenv=dev backend=git salt-run fileserver.file_list base hg,roots salt-run fileserver.file_list -git salt.runners.fileserver.lock(backend=None, remote=None) New in version 2015.5.0. Set a ﬁleserver update lock for VCS ﬁleserver backends (git, hg, svn).</p><p>Note: is will only operate on enabled backends (those conﬁgured in :master_conf:`ﬁleserver_baend`).</p><p> baend Only set the update lock for the speciﬁed backend(s). remote If not None, then any remotes which contain the passed string will have their lock cleared. For ex- ample, a remote value of *github.com* will remove the lock from all github.com remotes.</p><p>CLI Example:</p><p> salt-run fileserver.lock salt-run fileserver.lock backend=git,hg salt-run fileserver.lock backend=git remote='*github.com*' salt-run fileserver.lock remote=bitbucket salt.runners.fileserver.symlink_list(saltenv='base', backend=None, outpuer='nested') Return a list of symlinked ﬁles and dirs saltenv [base] e salt ﬁleserver environment to be listed baend Narrow ﬁleserver backends to a subset of the enabled ones. If all passed backends start with a minus sign (-), then these backends will be excluded from the enabled backends. However, if there is a mix of backends with and without a minus sign (ex: backend=-roots,git) then the ones starting with a minus sign will be disregarded. New in version 2015.5.0. CLI Example:</p><p> salt-run fileserver.symlink_list salt-run fileserver.symlink_list saltenv=prod salt-run fileserver.symlink_list saltenv=dev backend=git salt-run fileserver.symlink_list base hg,roots salt-run fileserver.symlink_list -git salt.runners.fileserver.update(backend=None) Update the ﬁleserver cache. If no backend is provided, then the cache for all conﬁgured backends will be updated. baend Narrow ﬁleserver backends to a subset of the enabled ones. Changed in version 2015.5.0: If all passed backends start with a minus sign (-), then these backends will be excluded from the enabled backends. However, if there is a mix of backends with and without a minus sign (ex: backend=-roots,git) then the ones starting with a minus sign will be disregarded. Additionally, ﬁleserver backends can now be passed as a comma-separated list. In earlier versions, they needed to be passed as a python list (ex: backend="['roots', 'git']") CLI Example:</p><p>22.25. Salt Runners 1011 Salt Documentation, Release 2014.7.6</p><p> salt-run fileserver.update salt-run fileserver.update backend=roots,git salt.runners.git_pillar</p><p>Directly manage the salt git_pillar plugin salt.runners.git_pillar.update(branch, repo) Execute an update for the conﬁgured git ﬁleserver backend for Pillar CLI Example:</p><p> salt-run git_pillar.update branch='branch' repo='location' salt.runners.jobs</p><p>A convenience system to manage jobs, both active and already run salt.runners.jobs.active() Return a report on all actively running jobs from a job id centric perspective CLI Example:</p><p> salt-run jobs.active salt.runners.jobs.list_job(jid, ext_source=None) List a speciﬁc job given by its jid CLI Example:</p><p> salt-run jobs.list_job 20130916125524463507 salt.runners.jobs.list_jobs(ext_source=None) List all detectable jobs and associated functions CLI Example:</p><p> salt-run jobs.list_jobs salt.runners.jobs.lookup_jid(jid, ext_source=None, missing=False) Return the printout from a previously executed job CLI Example:</p><p> salt-run jobs.lookup_jid 20130916125524463507 salt.runners.jobs.print_job(jid, ext_source=None) Print job available details, including return data. CLI Example:</p><p> salt-run jobs.print_job salt.runners.launchd</p><p>Manage launchd plist ﬁles</p><p>1012 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.runners.launchd.write_launchd_plist(program) Write a launchd plist for managing salt-master or salt-minion CLI Example:</p><p> salt-run launchd.write_launchd_plist salt-master salt.runners.lxc</p><p>Control Linux Containers via Salt depends lxc execution module salt.runners.lxc.cloud_init(names, host=None, quiet=False, **kwargs) Wrapper for using lxc.init in saltcloud compatibility mode names Name of the containers, supports a single name or a comma delimited list of names. host Minion to start the container on. Required. saltcloud_mode init the container with the saltcloud opts format instead salt.runners.lxc.find_guest(name, quiet=False) Returns the host for a container.</p><p> salt-run lxc.find_guest name salt.runners.lxc.find_guests(names) Return a dict of hosts and named guests salt.runners.lxc.freeze(name, quiet=False) Freeze the named container</p><p> salt-run lxc.freeze name salt.runners.lxc.info(name, quiet=False) Returns information about a container.</p><p> salt-run lxc.info name salt.runners.lxc.init(names, host=None, saltcloud_mode=False, quiet=False, **kwargs) Initialize a new container</p><p> salt-run lxc.init name host=minion_id [cpuset=cgroups_cpuset] \ [cpushare=cgroups_cpushare] [memory=cgroups_memory] \ [template=lxc template name] [clone=original name] \ [nic=nic_profile] [profile=lxc_profile] \ [nic_opts=nic_opts] [start=(true|false)] \ [seed=(true|false)] [install=(true|false)] \ [config=minion_config] [snapshot=(true|false)]</p><p> names Name of the containers, supports a single name or a comma delimited list of names. host Minion to start the container on. Required. saltcloud_mode init the container with the saltcloud opts format instead See lxc.init_interface module docu- mentation cpuset cgroups cpuset. cpushare cgroups cpu shares.</p><p>22.25. Salt Runners 1013 Salt Documentation, Release 2014.7.6</p><p> memory cgroups memory limit, in MB. template Name of LXC template on which to base this container clone Clone this container from an existing container nic Network interfaces proﬁle (deﬁned in conﬁg or pillar). proﬁle A LXC proﬁle (deﬁned in conﬁg or pillar). nic_opts Extra options for network interfaces. E.g: {"eth0": {"mac": "aa:bb:cc:dd:ee:ff", "ipv4": "10.1.1.1", "ipv6": "2001:db8::ff00:42:8329"}} start Start the newly created container. seed Seed the container with the minion conﬁg and autosign its key. Default: true install If salt-minion is not already installed, install it. Default: true conﬁg Optional conﬁg parameters. By default, the id is set to the name of the container. salt.runners.lxc.list_(host=None, quiet=False) List deﬁned containers (running, stopped, and frozen) for the named (or all) host(s).</p><p> salt-run lxc.list [host=minion_id] salt.runners.lxc.purge(name, delete_key=True, quiet=False) Purge the named container and delete its minion key if present. WARNING: Destroys all data associated with the container.</p><p> salt-run lxc.purge name salt.runners.lxc.start(name, quiet=False) Start the named container.</p><p> salt-run lxc.start name salt.runners.lxc.stop(name, quiet=False) Stop the named container.</p><p> salt-run lxc.stop name salt.runners.lxc.unfreeze(name, quiet=False) Unfreeze the named container</p><p> salt-run lxc.unfreeze name salt.runners.manage</p><p>General management functions for salt, tools like seeing what hosts are up and what hosts are down salt.runners.manage.bootstrap(version='develop', script=None, hosts='`, root_user=True) Bootstrap minions with salt-bootstrap version [develop] Git tag of version to install script [hps://bootstrap.saltstack.com] Script to execute hosts Comma separated hosts [example: hosts=''host1.local,host2.local''] root_user [True] Prepend root@ to each host.</p><p>1014 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>CLI Example:</p><p> salt-run manage.bootstrap hosts="host1,host2" salt-run manage.bootstrap hosts="host1,host2" version="v0.17" salt-run manage.bootstrap hosts="host1,host2" version="v0.17" script="https://bootstrap.saltstack.com/develop" salt-run manage.bootstrap hosts="ec2-user@host1,ec2-user@host2" root_user=False salt.runners.manage.bootstrap_psexec(hosts='`, master=None, version=None, arch='win32', in- staller_url=None, username=None, password=None) Bootstrap Windows minions via PsExec. hosts Comma separated list of hosts to deploy the Windows Salt minion. master Address of the Salt master passed as an argument to the installer. version Point release of installer to download. Defaults to the most recent. ar Architecture of installer to download. Defaults to win32. installer_url URL of minion installer executable. Defaults to the latest version from hp://docs.saltstack.com/downloads username Optional user name for login on remote computer. password Password for optional username. If omied, PsExec will prompt for one to be entered for each host. CLI Example:</p><p> salt-run manage.bootstrap_psexec hosts='host1,host2' salt-run manage.bootstrap_psexec hosts='host1,host2' version='0.17' username='DOMAIN\Administrator' salt-run manage.bootstrap_psexec hosts='host1,host2' installer_url='http://exampledomain/salt-installer.exe' salt.runners.manage.down(removekeys=False) Print a list of all the down or unresponsive salt minions Optionally remove keys of down minions CLI Example:</p><p> salt-run manage.down salt-run manage.down removekeys=True salt.runners.manage.key_regen() is routine is used to regenerate all keys in an environment. is is invasive! ALL KEYS IN THE SALT ENVIRONMENT WILL BE REGENERATED‼ e key_regen routine sends a command out to minions to revoke the master key and remove all minion keys, it then removes all keys from the master and prompts the user to restart the master. e minions will all reconnect and keys will be placed in pending. Aer the master is restarted and minion keys are in the pending directory execute a salt-key -A command to accept the regenerated minion keys. e master must be restarted within 60 seconds of running this command or the minions will think there is something wrong with the keys and abort. Only Execute this runner aer upgrading minions and master to 0.15.1 or higher! CLI Example:</p><p> salt-run manage.key_regen salt.runners.manage.present(subset=None, show_ipv4=False) Print a list of all minions that are up according to Salt's presence detection, no commands will be sent subset [None] Pass in a CIDR range to ﬁlter minions by IP address.</p><p>22.25. Salt Runners 1015 Salt Documentation, Release 2014.7.6</p><p> show_ipv4 [False] Also show the IP address each minion is connecting from. CLI Example:</p><p> salt-run manage.present salt.runners.manage.safe_accept(target, expr_form='glob') Accept a minion's public key aer checking the ﬁngerprint over salt-ssh CLI Example:</p><p> salt-run manage.safe_accept my_minion salt-run manage.safe_accept minion1,minion2 expr_form=list salt.runners.manage.status(output=True) Print the status of all known salt minions CLI Example:</p><p> salt-run manage.status salt.runners.manage.up() Print a list of all of the minions that are up CLI Example:</p><p> salt-run manage.up salt.runners.manage.versions() Check the version of active minions CLI Example:</p><p> salt-run manage.versions salt.runners.mine</p><p>A runner to access data from the salt mine salt.runners.mine.get(tgt, fun, tgt_type='glob', output='yaml') Gathers the data from the speciﬁed minions' mine, pass in the target, function to look up and the target type CLI Example:</p><p> salt-run mine.get '*' network.interfaces salt.runners.network</p><p>Network tools to run from the Master salt.runners.network.wol(mac, bcast=`255.255.255.255', destport=9) Send a ``Magic Packet'' to wake up a Minion CLI Example:</p><p> salt-run network.wol 08-00-27-13-69-77 salt-run network.wol 080027136977 255.255.255.255 7 salt-run network.wol 08:00:27:13:69:77 255.255.255.255 7</p><p>1016 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.runners.network.wollist(maclist, bcast=`255.255.255.255', destport=9) Send a ``Magic Packet'' to wake up a list of Minions. is list must contain one MAC hardware address per line CLI Example:</p><p> salt-run network.wollist '/path/to/maclist' salt-run network.wollist '/path/to/maclist' 255.255.255.255 7 salt-run network.wollist '/path/to/maclist' 255.255.255.255 7 salt.runners.pillar</p><p>Functions to interact with the pillar compiler on the master salt.runners.pillar.show_pillar(minion='*', **kwargs) Returns the compiled pillar either of a speciﬁc minion or just the global available pillars. I assume that no minion is using the id *. CLI Example: shows minion speciﬁc pillar:</p><p> salt-run pillar.show_pillar 'www.example.com'</p><p> shows global pillar:</p><p> salt-run pillar.show_pillar</p><p> shows global pillar for `dev' pillar environment:</p><p> salt-run pillar.show_pillar 'saltenv=dev'</p><p>API Example:</p><p> import salt.config import salt.runner opts = salt.config.master_config('/etc/salt/master') runner = salt.runner.RunnerClient(opts) pillar = runner.cmd('pillar.show_pillar', []) print pillar¬ salt.runners.pillar.show_top(minion=None, saltenv='base') Returns the compiled top data for pillar for a speciﬁc minion. If no minion is speciﬁed, we use the ﬁrst minion we ﬁnd. CLI Example:</p><p> salt-run pillar.show_top salt.runners.queue</p><p>General management and processing of queues. is runner facilitates interacting with various queue backends such as the included sqlite3 queue or the planned AWS SQS and Redis queues e queue functions such as insert, delete, and pop can be used for typical management of the queue.</p><p>22.25. Salt Runners 1017 Salt Documentation, Release 2014.7.6</p><p>e process_queue function pops the requested number of items from the queue and creates a Salt Event that can then be processed by a Reactor. e process_queue function can be called manually, or can be conﬁgured to run on a schedule with the Salt Scheduler or regular system cron. It is also possible to use the peer system to allow a minion to call the runner. is runner, as well as the eues system, is not api stable at this time. ere are many things that could potentially be done with queues within Salt. For the time being the focus will be on queueing infrastructure actions on speciﬁc minions. e queues generally will be populated with minion IDs. When the process_queue runner function is called events are created on the Salt Event bus that indicate the queue and a list of one or more minion IDs. e reactor is set up to match on event tags for a speciﬁc queue and then take infrastructure actions on those minion IDs. ese actions might be to delete the minion's key from the master, use salt-cloud to destroy the vm, or some other custom action. salt.runners.queue.delete(queue, items, backend='sqlite') Delete an item or items from a queue CLI Example:</p><p> salt-run queue.delete myqueue myitem salt-run queue.delete myqueue myitem backend=sqlite salt-run queue.delete myqueue "['item1', 'item2', 'item3']" salt.runners.queue.insert(queue, items, backend='sqlite') Add an item or items to a queue CLI Example:</p><p> salt-run queue.insert myqueue myitem salt-run queue.insert myqueue "['item1', 'item2', 'item3']" salt-run queue.insert myqueue myitem backend=sqlite salt-run queue.insert myqueue "['item1', 'item2', 'item3']" backend=sqlite salt.runners.queue.list_items(queue, backend='sqlite') List contents of a queue CLI Example:</p><p> salt-run queue.list_items myqueue salt-run queue.list_items myqueue backend=sqlite salt.runners.queue.list_length(queue, backend='sqlite') Provide the number of items in a queue CLI Example:</p><p> salt-run queue.list_length myqueue salt-run queue.list_length myqueue backend=sqlite salt.runners.queue.list_queues(backend='sqlite') Return a list of Salt eues on the backend CLI Example: salt-run queue.list_queues salt-run queue.list_queues backend=sqlite salt.runners.queue.pop(queue, quantity=1, backend='sqlite') Pop one or more or all items from a queue CLI Example:</p><p>1018 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt-run queue.pop myqueue salt-run queue.pop myqueue 6 salt-run queue.pop myqueue all salt-run queue.pop myqueue 6 backend=sqlite salt-run queue.pop myqueue all backend=sqlite salt.runners.queue.process_queue(queue, quantity=1, backend='sqlite') Pop items oﬀ a queue and create an event on the Salt event bus to be processed by a Reactor. CLI Example:</p><p> salt-run queue.process_queue myqueue salt-run queue.process_queue myqueue 6 salt-run queue.process_queue myqueue all backend=sqlite salt.runners.search</p><p>Runner frontend to search system salt.runners.search.query(term) ery the search system CLI Example:</p><p> salt-run search.query foo salt.runners.state</p><p>Execute overstate functions salt.runners.state.event(tagmatch='*', count=-1, quiet=False, sock_dir=None, prey=False) Watch Salt's event bus and block until the given tag is matched New in version 2014.7.0. is is useful for utilizing Salt's event bus from shell scripts or for taking simple actions directly from the CLI. Enable debug logging to see ignored events. Parameters • tagmatch -- the event is wrien to stdout for each tag that matches this paern; uses the same matching semantics as Salt's Reactor. • count -- this number is decremented for each event that matches the tagmatch pa- rameter; pass -1 to listen forever. • quiet -- do not print to stdout; just block • sock_dir -- path to the Salt master's event socket ﬁle. • pretty -- Output the JSON all on a single line if False (useful for shell tools); prey- print the JSON output if True. CLI Examples:</p><p># Reboot a minion and run highstate when it comes back online salt 'jerry' system.reboot &amp;&amp; \\ salt-run state.event 'salt/minion/jerry/start' count=1 quiet=True &amp;&amp; \\ salt 'jerry' state.highstate</p><p>22.25. Salt Runners 1019 Salt Documentation, Release 2014.7.6</p><p># Reboot multiple minions and run highstate when all are back online salt -L 'kevin,stewart,dave' system.reboot &amp;&amp; \\ salt-run state.event 'salt/minion/*/start' count=3 quiet=True &amp;&amp; \\ salt -L 'kevin,stewart,dave' state.highstate</p><p># Watch the event bus forever in a shell while-loop. salt-run state.event | while read -r tag data; do echo $tag echo $data | jq -colour-output . done</p><p>e following example monitors Salt's event bus in a background process watching for returns for a given job. Requires a POSIX environment and jq <h></h>.</p><p>#!/bin/sh # Usage: ./eventlisten.sh '*' test.sleep 10</p><p># Mimic fnmatch from the Python stdlib. fnmatch() { case "$2" in $1) return 0 ;; *) return 1 ;; esac ; } count() { printf '%s\n' "$#" ;}</p><p> listen() { events='events' mkfifo $events exec 3&lt;&gt;$events # Hold the fd open.</p><p># Start listening to events before starting the command to avoid race # conditions. salt-run state.event count=-1 &gt;&amp;3 &amp; events_pid=$!</p><p>( timeout=$(( 60 * 60 )) sleep $timeout kill -s USR2 $$ )&amp; timeout_pid=$!</p><p># Give the runner a few to connect to the event bus. printf 'Subscribing to the Salt event bus...\n' sleep 4</p><p> trap ' excode=$?; trap - EXIT; exec 3&gt;&amp;- kill '"${timeout_pid}"' kill '"${events_pid}"' rm '"${events}"' exit echo $excode ' INT TERM EXIT</p><p> trap ' printf '\''Timeout reached; exiting.\n'\'' exit 4 ' USR2</p><p># Run the command and get the JID.</p><p>1020 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> jid=$(salt --async "$@") jid="${jid#*: }" # Remove leading text up to the colon.</p><p># Create the event tags to listen for. start_tag="salt/job/${jid}/new" ret_tag="salt/job/${jid}/ret/*"</p><p># ``read`` will block when no events are going through the bus. printf 'Waiting for tag %s\n' "$ret_tag" while read -r tag data; do if fnmatch "$start_tag""$tag"; then minions=$(printf '%s\n' "${data}" | jq -r '.["minions"][]') num_minions=$(count $minions) printf 'Waiting for %s minions.\n' "$num_minions" continue fi</p><p> if fnmatch "$ret_tag""$tag"; then mid="${tag##*/}" printf 'Got return for %s.\n' "$mid" printf 'Pretty-printing event: %s\n' "$tag" printf '%s\n' "$data" | jq .</p><p> minions="$(printf '%s\n' "$minions" | sed -e '/'"$mid"'/d')" num_minions=$(count $minions) if [ $((num_minions)) -eq 0 ]; then printf 'All minions returned.\n' break else printf 'Remaining minions: %s\n' "$num_minions" fi else printf 'Skipping tag: %s\n' "$tag" continue fi done &lt;&amp;3 }</p><p> listen "$@" salt.runners.state.orchestrate(mods, saltenv='base', test=None, exclude=None, pillar=None) New in version 0.17.0. Execute a state run from the master, used as a powerful orchestration system. See also: More Orchestrate documentation •Full Orchestrate Tutorial •Docs for the master-side state module CLI Examples:</p><p> salt-run state.orchestrate webserver salt-run state.orchestrate webserver saltenv=dev test=True</p><p>Changed in version 2014.1.1: Runner renamed from state.sls to state.orchestrate Changed in version 2014.7.0: Runner uses the pillar variable</p><p>22.25. Salt Runners 1021 Salt Documentation, Release 2014.7.6 salt.runners.state.over(saltenv='base', os_fn=None) New in version 0.11.0.</p><p>Warning: state.over is deprecated in favor of state.orchestrate, and will be removed in the Salt feature release codenamed Boron. (ree feature releases aer the 2014.7.0 release, which is codenamed Helium)</p><p>Execute an overstate sequence to orchestrate the executing of states over a group of systems CLI Examples:</p><p> salt-run state.over base /path/to/myoverstate.sls salt.runners.state.show_stages(saltenv='base', os_fn=None) New in version 0.11.0. Display the OverState's stage data CLI Examples:</p><p> salt-run state.show_stages salt-run state.show_stages saltenv=dev /root/overstate.sls salt.runners.survey</p><p>A general map/reduce style salt runner for aggregating results returned by several diﬀerent minions. New in version 2014.7.0. Aggregated results are sorted by the size of the minion pools which returned matching results. Useful for playing the game: '' some of these things are not like the others… '' when identifying discrepancies in a large infrastructure managed by salt. salt.runners.survey.diff(*args, **kwargs) Return the DIFFERENCE of the result sets returned by each matching minion pool New in version 2014.7.0. ese pools are determined from the aggregated and sorted results of a salt command. is command displays the ``diﬀs'' as a series of 2-way diﬀerences-- namely the diﬀerence between the FIRST displayed minion pool (according to sort order) and EACH SUBSEQUENT minion pool result set. Diﬀerences are displayed according to the Python ``diﬄib.uniﬁed_diﬀ()'' as in the case of the salt execution module ``ﬁle.get_diﬀ''. is command is submied via a salt runner using the general form: salt-run survey.diﬀ [survey_sort=up/down] <target> <salt-execution-module> <salt- execution-module="" parameters=""> Optionally accept a ``survey_sort='' parameter. Default: ``survey_sort=down'' CLI Example #1: ( Example to display the ``diﬀerences of ﬁles'' )</salt-></salt-execution-module></target></p><p> salt-run survey.diff survey_sort=up "*" cp.get_file_str file:///etc/hosts salt.runners.survey.hash(*args, **kwargs) Return the MATCHING minion pools from the aggregated and sorted results of a salt command New in version 2014.7.0. is command is submied via a salt runner using the general form:</p><p>1022 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt-run survey.hash [survey_sort=up/down] <target> <salt-execution-module> <salt- execution-module="" parameters=""> Optionally accept a ``survey_sort='' parameter. Default: ``survey_sort=down'' CLI Example #1: ( functionally equivalent to ``salt-run manage.up'' )</salt-></salt-execution-module></target></p><p> salt-run survey.hash "*" test.ping</p><p>CLI Example #2: ( ﬁnd an ``outlier'' minion conﬁg ﬁle )</p><p> salt-run survey.hash "*" file.get_hash /etc/salt/minion survey_sort=up salt.runners.thin</p><p>e thin runner is used to manage the salt thin systems. Salt in is a transport-less version of Salt that can be used to run routines in a standalone way. is runner has tools which generate the standalone salt system for easy consumption. salt.runners.thin.generate(extra_mods='`, overwrite=False, so_mods='`) Generate the salt-thin tarball and print the location of the tarball Optional additional mods to include (e.g. mako) can be supplied as a comma delimited string. Permits forcing an overwrite of the output ﬁle as well. CLI Example:</p><p> salt-run thin.generate salt-run thin.generate mako salt-run thin.generate mako,wempy 1 salt-run thin.generate overwrite=1 salt.runners.virt</p><p>Control virtual machines via Salt salt.runners.virt.force_off(name) Force power down the named virtual machine salt.runners.virt.hyper_info(hyper=None) Return information about the hypervisors connected to this master salt.runners.virt.init(name, cpu, mem, image, hyper=None, seed=True, nic='default', install=True) is routine is used to create a new virtual machine. is routines takes a number of options to determine what the newly created virtual machine will look like. name e mandatory name of the new virtual machine. e name option is also the minion id, all minions must have an id. cpu e number of cpus to allocate to this new virtual machine. mem e amount of memory to allocate tot his virtual machine. e number is interpreted in megabytes. image e network location of the virtual machine image, commonly a location on the salt ﬁleserver, but hp, hps and p can also be used. hyper e hypervisor to use for the new virtual machine, if this is omied Salt will automatically detect what hypervisor to use. seed Set to False to prevent Salt from seeding the new virtual machine.</p><p>22.25. Salt Runners 1023 Salt Documentation, Release 2014.7.6</p><p> nic e nic proﬁle to use, defaults to the ``default'' nic proﬁle which assumes a single network interface per vm associated with the ``br0'' bridge on the master. install Set to False to prevent Salt from installing a minion on the new vm before it spins up. salt.runners.virt.list(hyper=None, quiet=False) List the virtual machines on each hyper, this is a simpliﬁed query, showing only the virtual machine names belonging to each hypervisor. A single hypervisor can be passed in to specify an individual hypervisor to list. salt.runners.virt.migrate(name, target='`) Migrate a vm from one hypervisor to another. is routine will just start the migration and display information on how to look up the progress. salt.runners.virt.next_hyper() Return the hypervisor to use for the next autodeployed vm. is queries the available hypervisors and executes some math the determine the most ``available'' next hypervisor. salt.runners.virt.pause(name) Pause the named vm salt.runners.virt.purge(name, delete_key=True) Destroy the named vm salt.runners.virt.query(hyper=None, quiet=False) ery the virtual machines. When called without options all hypervisors are detected and a full query is returned. A single hypervisor can be passed in to specify an individual hypervisor to query. salt.runners.virt.reset(name) Force power down and restart an existing vm salt.runners.virt.resume(name) Resume a paused vm salt.runners.virt.start(name) Start a named virtual machine salt.runners.virt.vm_info(name, quiet=False) Return the information on the named vm salt.runners.winrepo</p><p>Runner to manage Windows soware repo salt.runners.winrepo.genrepo() Generate win_repo_cacheﬁle based on sls ﬁles in the win_repo CLI Example:</p><p> salt-run winrepo.genrepo salt.runners.winrepo.update_git_repos() Checkout git repos containing Windows Soware Package Deﬁnitions CLI Example:</p><p> salt-run winrepo.update_git_repos</p><p>1024 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>22.25.2 Writing Salt Runners</p><p>A Salt runner is wrien in a similar manner to a Salt execution module. Both are Python modules which contain functions and each public function is a runner which may be executed via the salt-run command. For example, if a Python module named test.py is created in the runners directory and contains a function called foo, the test runner could be invoked with the following command:</p><p># salt-run test.foo</p><p>To add custom runners, put them in a directory and add it to runner_dirs in the master conﬁguration ﬁle.</p><p>22.25.3 Examples</p><p>Examples of runners can be found in the Salt distribution: hps://github.com/saltstack/salt/blob/develop/salt/runners A simple runner that returns a well-formaed list of the minions that are responding to Salt calls could look like this:</p><p># Import salt modules import salt.client def up(): ''' Print a list of all of the minions that are up ''' client = salt.client.LocalClient(__opts__['conf_file']) minions = client.cmd('*', 'test.ping', timeout=1) for minion in sorted(minions): print minion</p><p>22.26 State Enforcement</p><p>Salt oﬀers an optional interface to manage the conﬁguration or ``state'' of the Salt minions. is interface is a fully capable mechanism used to enforce the state of systems from a central manager.</p><p>22.26.1 Mod Aggregate State Runtime Modifications</p><p>New in version 2014.7.0. e mod_aggregate system was added in the 2014.7.0 release of Salt and allows for runtime modiﬁcation of the executing state data. Simply put, it allows for the data used by Salt's state system to be changed on the ﬂy at runtime, kind of like a conﬁguration management JIT compiler or a runtime import system. All in all, it makes Salt much more dynamic.</p><p>How it Works</p><p>e best example is the pkg state. One of the major requests in Salt has long been adding the ability to install all packages deﬁned at the same time. e mod_aggregate system makes this a reality. While executing Salt's state system, when a pkg state is reached the mod_aggregate function in the state module is called. For pkg this</p><p>22.26. State Enforcement 1025 Salt Documentation, Release 2014.7.6</p><p> function scans all of the other states that are slated to run, and picks up the references to name and pkgs, then adds them to pkgs in the ﬁrst state. e result is a single call to yum, apt-get, pacman, etc as part of the ﬁrst package install.</p><p>How to Use it</p><p>Note: Since this option changes the basic behavior of the state runtime, aer it is enabled states should be executed using test=True to ensure that the desired behavior is preserved.</p><p>In config files</p><p>e ﬁrst way to enable aggregation is with a conﬁguration option in either the master or minion conﬁguration ﬁles. Salt will invoke mod_aggregate the ﬁrst time it encounters a state module that has aggregate support. If this option is set in the master conﬁg it will apply to all state runs on all minions, if set in the minion conﬁg it will only apply to said minion. Enable for all states:</p><p> state_aggregate: True</p><p>Enable for only speciﬁc state modules:</p><p> state_aggregate: - pkg</p><p>In states</p><p>e second way to enable aggregation is with the state-level aggregate keyword. In this conﬁguration, Salt will invoke the mod_aggregate function the ﬁrst time it encounters this keyword. Any additional occurances of the keyword will be ignored as the aggregation has already taken place. e following example will trigger mod_aggregate when the lamp_stack state is processed resulting in a single call to the underlying package manager.</p><p> lamp_stack: pkg.installed: - pkgs: - php - mysql-client - aggregate: True</p><p> memcached: pkg.installed: - name: memcached</p><p>1026 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Adding mod_aggregate to a State Module</p><p>Adding a mod_aggregate routine to an existing state module only requires adding an additional function to the state module called mod_aggregate. e mod_aggregate function just needs to accept three parameters and return the low data to use. Since mod_aggregate is working on the state runtime level it does need to manipulate low data. e three parameters are low, chunks and running. e low option is the low data for the state execution which is about to be called. e chunks is the list of all of the low data dictionaries which are being executed by the runtime and the running dictionary is the return data from all of the state executions which have already be executed. is example, simpliﬁed from the pkg state, shows how to create mod_aggregate functions: def mod_aggregate(low, chunks, running): ''' The mod_aggregate function which looks up all packages in the available low chunks and merges them into a single pkgs ref in the present low data ''' pkgs = [] # What functions should we aggregate? agg_enabled = [ 'installed', 'latest', 'removed', 'purged', ] # The `low` data is just a dict with the state, function (fun) and # arguments passed in from the sls if low.get('fun') not in agg_enabled: return low # Now look into what other things are set to execute for chunk in chunks: # The state runtime uses "tags" to track completed jobs, it may # look familiar with the _|- tag = salt.utils.gen_state_tag(chunk) if tag in running: # Already ran the pkg state, skip aggregation continue if chunk.get('state') == 'pkg': if '__agg__' in chunk: continue # Check for the same function if chunk.get('fun') != low.get('fun'): continue # Pull out the pkg names! if 'pkgs' in chunk: pkgs.extend(chunk['pkgs']) chunk['__agg__'] = True elif 'name' in chunk: pkgs.append(chunk['name']) chunk['__agg__'] = True if pkgs: if 'pkgs' in low: low['pkgs'].extend(pkgs) else: low['pkgs'] = pkgs # The low has been modified and needs to be returned to the state</p><p>22.26. State Enforcement 1027 Salt Documentation, Release 2014.7.6</p><p># runtime for execution return low</p><p>22.26.2 Altering States</p><p>Note: is documentation has been moved here.</p><p>22.26.3 File State Backups</p><p>In 0.10.2 a new feature was added for backing up ﬁles that are replaced by the ﬁle.managed and ﬁle.recurse states. e new feature is called the backup mode. Seing the backup mode is easy, but it can be set in a number of places. e backup_mode can be set in the minion conﬁg ﬁle: backup_mode: minion</p><p>Or it can be set for each ﬁle:</p><p>/etc/ssh/sshd_config: file.managed: - source: salt://ssh/sshd_config - backup: minion</p><p>Backed-up Files</p><p>e ﬁles will be saved in the minion cachedir under the directory named file_backup. e ﬁles will be in the location relative to where they were under the root ﬁlesystem and be appended with a timestamp. is should make them easy to browse.</p><p>Interacting with Backups</p><p>Starting with version 0.17.0, it will be possible to list, restore, and delete previously-created backups.</p><p>Listing</p><p>e backups for a given ﬁle can be listed using file.list_backups:</p><p># salt foo.bar.com file.list_backups /tmp/foo.txt foo.bar.com: ------0: ------Backup Time: Sat Jul 27 2013 17:48:41.738027 Location: /var/cache/salt/minion/file_backup/tmp/foo.txt_Sat_Jul_27_17:48:41_738027_2013 Size: 13</p><p>1028 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>1: ------Backup Time: Sat Jul 27 2013 17:48:28.369804 Location: /var/cache/salt/minion/file_backup/tmp/foo.txt_Sat_Jul_27_17:48:28_369804_2013 Size: 35</p><p>Restoring</p><p>Restoring is easy using file.restore_backup, just pass the path and the numeric id found with file.list_backups:</p><p># salt foo.bar.com file.restore_backup /tmp/foo.txt 1 foo.bar.com: ------comment: Successfully restored /var/cache/salt/minion/file_backup/tmp/foo.txt_Sat_Jul_27_17:48:28_369804_2013 to /tmp/foo.txt result: True</p><p>e existing ﬁle will be backed up, just in case, as can be seen if file.list_backups is run again:</p><p># salt foo.bar.com file.list_backups /tmp/foo.txt foo.bar.com: ------0: ------Backup Time: Sat Jul 27 2013 18:00:19.822550 Location: /var/cache/salt/minion/file_backup/tmp/foo.txt_Sat_Jul_27_18:00:19_822550_2013 Size: 53 1: ------Backup Time: Sat Jul 27 2013 17:48:41.738027 Location: /var/cache/salt/minion/file_backup/tmp/foo.txt_Sat_Jul_27_17:48:41_738027_2013 Size: 13 2: ------Backup Time: Sat Jul 27 2013 17:48:28.369804 Location: /var/cache/salt/minion/file_backup/tmp/foo.txt_Sat_Jul_27_17:48:28_369804_2013 Size: 35</p><p>Note: Since no state is being run, restoring a ﬁle will not trigger any watches for the ﬁle. So, if you are restoring a conﬁg ﬁle for a service, it will likely still be necessary to run a service.restart.</p><p>22.26. State Enforcement 1029 Salt Documentation, Release 2014.7.6</p><p>Deleting</p><p>Deleting backups can be done using mod:ﬁle.delete_backup <salt.modules.>:</salt.modules.></p><p># salt foo.bar.com file.delete_backup /tmp/foo.txt 0 foo.bar.com: ------comment: Successfully removed /var/cache/salt/minion/file_backup/tmp/foo.txt_Sat_Jul_27_18:00:19_822550_2013 result: True</p><p>22.26.4 Understanding State Compiler Ordering</p><p>Note: is tutorial is an intermediate level tutorial. Some basic understanding of the state system and writing Salt Formulas is assumed.</p><p>Salt's state system is built to deliver all of the power of conﬁguration management systems without sacriﬁcing simplicity. is tutorial is made to help users understand in detail just how the order is deﬁned for state executions in Salt. is tutorial is wrien to represent the behavior of Salt as of version 0.17.0.</p><p>Compiler Basics</p><p>To understand ordering in depth some very basic knowledge about the state compiler is very helpful. No need to worry though, this is very high level!</p><p>High Data and Low Data</p><p>When deﬁning Salt Formulas in YAML the data that is being represented is referred to by the compiler as High Data. When the data is initially loaded into the compiler it is a single large python dictionary, this dictionary can be viewed raw by running: salt '*' state.show_highstate</p><p>is ``High Data'' structure is then compiled down to ``Low Data''. e Low Data is what is matched up to create individual executions in Salt's conﬁguration management system. e low data is an ordered list of single state calls to execute. Once the low data is compiled the evaluation order can be seen. e low data can be viewed by running: salt '*' state.show_lowstate</p><p>Note: e state execution module contains MANY functions for evaluating the state system and is well worth a read! ese routines can be very useful when debugging states or to help deepen one's understanding of Salt's state system.</p><p>As an example, a state wrien thusly:</p><p>1030 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> apache: pkg.installed: - name: httpd service.running: - name: httpd - watch: - file: apache_conf - pkg: apache apache_conf: file.managed: - name: /etc/httpd/conf.d/httpd.conf - source: salt://apache/httpd.conf</p><p>Will have High Data which looks like this represented in json:</p><p>{ "apache":{ "pkg":[ { "name": "httpd" }, "installed", { "order": 10000 } ], "service":[ { "name": "httpd" }, { "watch":[ { "file": "apache_conf" }, { "pkg": "apache" } ] }, "running", { "order": 10001 } ], "__sls__": "blah", "__env__": "base" }, "apache_conf":{ "file":[ { "name": "/etc/httpd/conf.d/httpd.conf" }, { "source": "salt://apache/httpd.conf" },</p><p>22.26. State Enforcement 1031 Salt Documentation, Release 2014.7.6</p><p>"managed", { "order": 10002 } ], "__sls__": "blah", "__env__": "base" } }</p><p>e subsequent Low Data will look like this:</p><p>[ { "name": "httpd", "state": "pkg", "__id__": "apache", "fun": "installed", "__env__": "base", "__sls__": "blah", "order": 10000 }, { "name": "httpd", "watch":[ { "file": "apache_conf" }, { "pkg": "apache" } ], "state": "service", "__id__": "apache", "fun": "running", "__env__": "base", "__sls__": "blah", "order": 10001 }, { "name": "/etc/httpd/conf.d/httpd.conf", "source": "salt://apache/httpd.conf", "state": "file", "__id__": "apache_conf", "fun": "managed", "__env__": "base", "__sls__": "blah", "order": 10002 } ]</p><p>is tutorial discusses the Low Data evaluation and the state runtime.</p><p>1032 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Ordering Layers</p><p>Salt deﬁnes 2 order interfaces which are evaluated in the state runtime and deﬁnes these orders in a number of passes.</p><p>Definition Order</p><p>Note: e Deﬁnition Order system can be disabled by turning the option state_auto_order to False in the master conﬁguration ﬁle.</p><p>e top level of ordering is the Deﬁnition Order. e Deﬁnition Order is the order in which states are deﬁned in salt formulas. is is very straightforward on basic states which do not contain include statements or a top ﬁle, as the states are just ordered from the top of the ﬁle, but the include system starts to bring in some simple rules for how the Deﬁnition Order is deﬁned. Looking back at the ``Low Data'' and ``High Data'' shown above, the order key has been transparently added to the data to enable the Deﬁnition Order.</p><p>e Include Statement Basically, if there is an include statement in a formula, then the formulas which are included will be run BEFORE the contents of the formula which is including them. Also, the include statement is a list, so they will be loaded in the order in which they are included. In the following case: foo.sls include: - bar - baz bar.sls include: - quo baz.sls include: - qux</p><p>In the above case if state.sls foo were called then the formulas will be loaded in the following order: 1. quo 2. bar 3. qux 4. baz 5. foo</p><p>22.26. State Enforcement 1033 Salt Documentation, Release 2014.7.6</p><p>The order Flag</p><p>e Deﬁnition Order happens transparently in the background, but the ordering can be explicitly overridden using the order ﬂag in states: apache: pkg.installed: - name: httpd - order: 1</p><p>is order ﬂag will over ride the deﬁnition order, this makes it very simple to create states that are always executed ﬁrst, last or in speciﬁc stages, a great example is deﬁning a number of package repositories that need to be set up before anything else, or ﬁnal checks that need to be run at the end of a state run by using order: last or order: -1. When the order ﬂag is explicitly set the Deﬁnition Order system will omit seing an order for that state and directly use the order ﬂag deﬁned.</p><p>Lexicographical Fall-back</p><p>Salt states were wrien to ALWAYS execute in the same order. Before the introduction of Deﬁnition Order in version 0.17.0 everything was ordered lexicographically according to the name of the state, then function then id. is is the way Salt has always ensured that states always run in the same order regardless of where they are deployed, the addition of the Deﬁnition Order method mealy makes this ﬁnite ordering easier to follow. e lexicographical ordering is still applied but it only has any eﬀect when two order statements collide. is means that if multiple states are assigned the same order number that they will fall back to lexicographical ordering to ensure that every execution still happens in a ﬁnite order.</p><p>Note: If running with state_auto_order: False the order key is not set automatically, since the Lexicographical order can be derived from other keys.</p><p>Requisite Ordering</p><p>Salt states are fully declarative, in that they are wrien to declare the state in which a system should be. is means that components can require that other components have been set up successfully. Unlike the other ordering systems, the Requisite system in Salt is evaluated at runtime. e requisite system is also built to ensure that the ordering of execution never changes, but is always the same for a given set of states. is is accomplished by using a runtime that processes states in a completely predictable order instead of using an event loop based system like other declarative conﬁguration management systems.</p><p>Runtime Requisite Evaluation</p><p>e requisite system is evaluated as the components are found, and the requisites are always evaluated in the same order. is explanation will be followed by an example, as the raw explanation may be a lile dizzying at ﬁrst as it creates a linear dependency evaluation sequence. e ``Low Data'' is an ordered list or dictionaries, the state runtime evaluates each dictionary in the order in which they are arranged in the list. When evaluating a single dictionary it is checked for requisites, requisites are evaluated in order, require then watch then prereq.</p><p>Note: If using requisite in statements like require_in and watch_in these will be compiled down to require and</p><p>1034 Chapter 22. Reference Salt Documentation, Release 2014.7.6 watch statements before runtime evaluation.</p><p>Each requisite contains an ordered list of requisites, these requisites are looked up in the list of dictionaries and then executed. Once all requisites have been evaluated and executed then the requiring state can safely be run (or not run if requisites have not been met). is means that the requisites are always evaluated in the same order, again ensuring one of the core design principals of Salt's State system to ensure that execution is always ﬁnite is intact.</p><p>Simple Runtime Evaluation Example</p><p>Given the above ``Low Data'' the states will be evaluated in the following order: 1. e pkg.installed is executed ensuring that the apache package is installed, it contains no requisites and is therefore the ﬁrst deﬁned state to execute. 2. e service.running state is evaluated but NOT executed, a watch requisite is found, therefore they are read in order, the runtime ﬁrst checks for the ﬁle, sees that it has not been executed and calls for the ﬁle state to be evaluated. 3. e ﬁle state is evaluated AND executed, since it, like the pkg state does not contain any requisites. 4. e evaluation of the service state continues, it next checks the pkg requisite and sees that it is met, with all requisites met the service state is now executed.</p><p>Best Practice</p><p>e best practice in Salt is to choose a method and stick with it, oﬃcial states are wrien using requisites for all associations since requisites create clean, traceable dependency trails and make for the most portable formulas. To accomplish something similar to how classical imperative systems function all requisites can be omied and the failhard option then set to True in the master conﬁguration, this will stop all state runs at the ﬁrst instance of a failure. In the end, using requisites creates very tight and ﬁne grained states, not using requisites makes full sequence runs and while slightly easier to write, and gives much less control over the executions.</p><p>22.26.5 Extending External SLS Data</p><p>Sometimes a state deﬁned in one SLS ﬁle will need to be modiﬁed from a separate SLS ﬁle. A good example of this is when an argument needs to be overwrien or when a service needs to watch an additional state.</p><p>The Extend Declaration</p><p>e standard way to extend is via the extend declaration. e extend declaration is a top level declaration like include and encapsulates ID declaration data included from other SLS ﬁles. A standard extend looks like this: include: - http - ssh extend: apache: file:</p><p>22.26. State Enforcement 1035 Salt Documentation, Release 2014.7.6</p><p>- name: /etc/httpd/conf/httpd.conf - source: salt://http/httpd2.conf ssh-server: service: - watch: - file: /etc/ssh/banner</p><p>/etc/ssh/banner: file.managed: - source: salt://ssh/banner</p><p>A few critical things happened here, ﬁrst oﬀ the SLS ﬁles that are going to be extended are included, then the extend dec is deﬁned. Under the extend dec 2 IDs are extended, the apache ID's ﬁle state is overwrien with a new name and source. an the ssh server is extended to watch the banner ﬁle in addition to anything it is already watching.</p><p>Extend is a Top Level Declaration</p><p>is means that extend can only be called once in an sls, if if is used twice then only one of the extend blocks will be read. So this is WRONG:</p><p> include: - http - ssh</p><p> extend: apache: file: - name: /etc/httpd/conf/httpd.conf - source: salt://http/httpd2.conf # Second extend will overwrite the first!! Only make one extend: ssh-server: service: - watch: - file: /etc/ssh/banner</p><p>The Requisite ``in'' Statement</p><p>Since one of the most common things to do when extending another SLS is to add states for a service to watch, or anything for a watcher to watch, the requisite in statement was added to 0.9.8 to make extending the watch and require lists easier. e ssh-server extend statement above could be more cleanly deﬁned like so:</p><p> include: - ssh</p><p>/etc/ssh/banner: file.managed: - source: salt://ssh/banner - watch_in: - service: ssh-server</p><p>1036 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Rules to Extend By</p><p>ere are a few rules to remember when extending states: 1. Always include the SLS being extended with an include declaration 2. Requisites (watch and require) are appended to, everything else is overwrien 3. extend is a top level declaration, like an ID declaration, cannot be declared twice in a single SLS 4. Many IDs can be extended under the extend declaration</p><p>22.26.6 Failhard Global Option</p><p>Normally, when a state fails Salt continues to execute the remainder of the deﬁned states and will only refuse to execute states that require the failed state. But the situation may exist, where you would want all state execution to stop if a single state execution fails. e capability to do this is called failing hard.</p><p>State Level Failhard</p><p>A single state can have a failhard set, this means that if this individual state fails that all state execution will immedi- ately stop. is is a great thing to do if there is a state that sets up a critical conﬁg ﬁle and seing a require for each state that reads the conﬁg would be cumbersome. A good example of this would be seing up a package manager early on:</p><p>/etc/yum.repos.d/company.repo: file.managed: - source: salt://company/yumrepo.conf - user: root - group: root - mode: 644 - order: 1 - failhard: True</p><p>In this situation, the yum repo is going to be conﬁgured before other states, and if it fails to lay down the conﬁg ﬁle, than no other states will be executed.</p><p>Global Failhard</p><p>It may be desired to have failhard be applied to every state that is executed, if this is the case, then failhard can be set in the master conﬁguration ﬁle. Seing failhard in the master conﬁguration ﬁle will result in failing hard when any minion gathering states from the master have a state fail. is is NOT the default behavior, normally Salt will only fail states that require a failed state. Using the global failhard is generally not recommended, since it can result in states not being executed or even checked. It can also be confusing to see states failhard if an admin is not actively aware that the failhard has been set. To use the global failhard set failhard: True in the master conﬁguration ﬁle.</p><p>22.26. State Enforcement 1037 Salt Documentation, Release 2014.7.6</p><p>22.26.7 Global State Arguments</p><p>Note: is documentation has been moved here.</p><p>22.26.8 Highstate data structure definitions</p><p>The Salt State Tree</p><p>A state tree is a collection of SLS ﬁles that live under the directory speciﬁed in file_roots. A state tree can be organized into SLS modules.</p><p>Top file</p><p>e main state ﬁle that instructs minions what environment and modules to use during state execution. Conﬁgurable via state_top. See also: A detailed description of the top ﬁle</p><p>Include declaration</p><p>Deﬁnes a list of Module reference strings to include in this SLS. Occurs only in the top level of the highstate structure. Example:</p><p> include: - edit.vim - http.server</p><p>Module reference</p><p>e name of a SLS module deﬁned by a separate SLS ﬁle and residing on the Salt Master. A module named edit.vim is a reference to the SLS ﬁle salt://edit/vim.sls.</p><p>ID declaration</p><p>Deﬁnes an individual highstate component. Always references a value of a dictionary containing keys referencing State declaration and Requisite declaration. Can be overridden by a Name declaration or a Names declaration. Occurs on the top level or under the Extend declaration. Must be unique across entire state tree. If the same ID declaration is used twice, only the ﬁrst one matched will be used. All subsequent ID declarations with the same name will be ignored.</p><p>Note: Naming gotchas In Salt versions earlier than 0.9.7, ID declarations containing dots would result in unpredictable highstate output.</p><p>1038 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Extend declaration</p><p>Extends a Name declaration from an included SLS module. e keys of the extend declaration always deﬁne existing :ref`ID declaration` which have been deﬁned in included SLS modules. Occurs only in the top level and deﬁnes a dictionary. States cannot be extended more than once in a single state run. Extend declarations are useful for adding-to or overriding parts of a State declaration that is deﬁned in another SLS ﬁle. In the following contrived example, the shown mywebsite.sls ﬁle is include -ing and extend -ing the apache.sls module in order to add a watch declaration that will restart Apache whenever the Apache conﬁguration ﬁle, mywebsite changes.</p><p> include: - apache</p><p> extend: apache: service: - watch: - file: mywebsite</p><p> mywebsite: file.managed: - name: /var/www/mysite</p><p>See also: watch_in and require_in Sometimes it is more convenient to use the watch_in or require_in syntax instead of extending another SLS ﬁle. State Requisites</p><p>State declaration</p><p>A list which contains one string deﬁning the Function declaration and any number of Function arg declaration dictio- naries. Can, optionally, contain a number of additional components like the name override components — name and names. Can also contain requisite declarations. Occurs under an ID declaration.</p><p>Requisite declaration</p><p>A list containing requisite references. Used to build the action dependency tree. While Salt states are made to execute in a deterministic order, this order is managed by requiring and watching other Salt states. Occurs as a list component under a State declaration or as a key under an ID declaration.</p><p>22.26. State Enforcement 1039 Salt Documentation, Release 2014.7.6</p><p>Requisite reference</p><p>A single key dictionary. e key is the name of the referenced State declaration and the value is the ID of the referenced ID declaration. Occurs as a single index in a Requisite declaration list.</p><p>Function declaration</p><p>e name of the function to call within the state. A state declaration can contain only a single function declaration. For example, the following state declaration calls the installed function in the pkg state module:</p><p> httpd: pkg.installed: []</p><p>e function can be declared inline with the state as a shortcut. e actual data structure is compiled to this form:</p><p> httpd: pkg: - installed</p><p>Where the function is a string in the body of the state declaration. Technically when the function is declared in dot notation the compiler converts it to be a string in the state declaration list. Note that the use of the ﬁrst example more than once in an ID declaration is invalid yaml. INVALID:</p><p> httpd: pkg.installed service.running</p><p>When passing a function without arguments and another state declaration within a single ID declaration, then the long or ``standard'' format needs to be used since otherwise it does not represent a valid data structure. VALID:</p><p> httpd: pkg.installed: [] service.running: []</p><p>Occurs as the only index in the State declaration list.</p><p>Function arg declaration</p><p>A single key dictionary referencing a Python type which is to be passed to the named Function declaration as a parameter. e type must be the data type expected by the function. Occurs under a Function declaration. For example in the following state declaration user, group, and mode are passed as arguments to the managed function in the file state module:</p><p>1040 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>/etc/http/conf/http.conf: file.managed: - user: root - group: root - mode: 644</p><p>Name declaration</p><p>Overrides the name argument of a State declaration. If name is not speciﬁed the ID declaration satisﬁes the name argument. e name is always a single key dictionary referencing a string. Overriding name is useful for a variety of scenarios. For example, avoiding clashing ID declarations. e following two state declarations cannot both have /etc/motd as the ID declaration:</p><p> motd_perms: file.managed: - name: /etc/motd - mode: 644</p><p> motd_quote: file.append: - name: /etc/motd - text: "Of all smells, bread; of all tastes, salt."</p><p>Another common reason to override name is if the ID declaration is long and needs to be referenced in multiple places. In the example below it is much easier to specify mywebsite than to specify /etc/apache2/sites- available/mywebsite.com multiple times:</p><p> mywebsite: file.managed: - name: /etc/apache2/sites-available/mywebsite.com - source: salt://mywebsite.com</p><p> a2ensite mywebsite.com: cmd.wait: - unless: test -L /etc/apache2/sites-enabled/mywebsite.com - watch: - file: mywebsite</p><p> apache2: service.running: - watch: - file: mywebsite</p><p>Names declaration</p><p>Expands the contents of the containing State declaration into multiple state declarations, each with its own name. For example, given the following state declaration:</p><p>22.26. State Enforcement 1041 Salt Documentation, Release 2014.7.6</p><p> python-pkgs: pkg.installed: - names: - python-django - python-crypto - python-yaml</p><p>Once converted into the lowstate data structure the above state declaration will be expanded into the following three state declarations: python-django: pkg.installed python-crypto: pkg.installed python-yaml: pkg.installed</p><p>Other values can be overridden during the expansion by providing an additional dictionary level. New in version 2014.7.0. ius: pkgrepo.managed: - humanname: IUS Community Packages for Enterprise Linux 6 - $basearch - gpgcheck: 1 - baseurl: http://mirror.rackspace.com/ius/stable/CentOS/6/$basearch - gpgkey: http://dl.iuscommunity.org/pub/ius/IUS-COMMUNITY-GPG-KEY - names: - ius - ius-devel: - baseurl: http://mirror.rackspace.com/ius/development/CentOS/6/$basearch</p><p>Large example</p><p>Here is the layout in yaml using the names of the highdata structure components.</p><p><include declaration="">: - <module reference=""> - <module reference=""></module></module></include></p><p><extend declaration="">: <id declaration="">: [<overrides>]</overrides></id></extend></p><p># standard declaration</p><p><id declaration="">: <state module="">: - <function> - <function arg=""> - <function arg=""></function></function></function></state></id></p><p>1042 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>- <function arg=""> - <name>: <name> - <requisite declaration="">: - <requisite reference=""> - <requisite reference=""></requisite></requisite></requisite></name></name></function></p><p># inline function and names</p><p><id declaration="">: <state module="">.<function>: - <function arg=""> - <function arg=""> - <function arg=""> - <names>: - <name> - <name> - <name> - <requisite declaration="">: - <requisite reference=""> - <requisite reference=""></requisite></requisite></requisite></name></name></name></names></function></function></function></function></state></id></p><p># multiple states for single id</p><p><id declaration="">: <state module="">: - <function> - <function arg=""> - <name>: <name> - <requisite declaration="">: - <requisite reference=""> <state module="">: - <function> - <function arg=""> - <names>: - <name> - <name> - <requisite declaration="">: - <requisite reference=""></requisite></requisite></name></name></names></function></function></state></requisite></requisite></name></name></function></function></state></id></p><p>22.26.9 Include and Exclude</p><p>Salt sls ﬁles can include other sls ﬁles and exclude sls ﬁles that have been otherwise included. is allows for an sls ﬁle to easily extend or manipulate other sls ﬁles.</p><p>Include</p><p>When other sls ﬁles are included, everything deﬁned in the included sls ﬁle will be added to the state run. When including deﬁne a list of sls formulas to include: include: - http - libvirt</p><p>22.26. State Enforcement 1043 Salt Documentation, Release 2014.7.6</p><p>e include statement will include sls formulas from the same environment that the including sls formula is in. But the environment can be explicitly deﬁned in the conﬁguration to override the running environment, therefore if an sls formula needs to be included from an external environment named ``dev'' the following syntax is used: include: - dev: http</p><p>Relative Include</p><p>In Salt 0.16.0 the capability to include sls formulas which are relative to the running sls formula was added, simply precede the formula name with a .: include: - .virt - .virt.hyper</p><p>Exclude</p><p>e exclude statement, added in Salt 0.10.3 allows an sls to hard exclude another sls ﬁle or a speciﬁc id. e compo- nent is excluded aer the high data has been compiled, so nothing should be able to override an exclude. Since the exclude can remove an id or an sls the type of component to exclude needs to be deﬁned. an exclude statement that veriﬁes that the running highstate does not contain the hp sls and the /etc/vimrc id would look like this: exclude: - sls: http - id: /etc/vimrc</p><p>22.26.10 State System Layers</p><p>e Salt state system is comprised of multiple layers. While using Salt does not require an understanding of the state layers, a deeper understanding of how Salt compiles and manages states can be very beneﬁcial.</p><p>Function Call</p><p>e lowest layer of functionality in the state system is the direct state function call. State executions are executions of single state functions at the core. ese individual functions are deﬁned in state modules and can be called directly via the state.single command. salt '*' state.single pkg.installed name='vim'</p><p>Low Chunk</p><p>e low chunk is the boom of the Salt state compiler. is is a data representation of a single function call. e low chunk is sent to the state caller and used to execute a single state function. A single low chunk can be executed manually via the state.low command.</p><p>1044 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> salt '*' state.low '{name: vim, state: pkg, fun: installed}'</p><p>e passed data reﬂects what the state execution system gets aer compiling the data down from sls formulas.</p><p>Low State</p><p>e Low State layer is the list of low chunks ``evaluated'' in order. To see what the low state looks like for a highstate, run:</p><p> salt '*' state.show_lowstate</p><p>is will display the raw lowstate in the order which each low chunk will be evaluated. e order of evaluation is not necessarily the order of execution, since requisites are evaluated at runtime. Requisite execution and evaluation is ﬁnite; this means that the order of execution can be ascertained with 100% certainty based on the order of the low state.</p><p>High Data</p><p>High data is the data structure represented in YAML via SLS ﬁles. e High data structure is created by merging the data components rendered inside sls ﬁles (or other render systems). e High data can be easily viewed by executing the state.show_highstate or state.show_sls functions. Since this data is a somewhat complex data structure, it may be easier to read using the json, yaml, or pprint outpuers:</p><p> salt '*' state.show_highstate --out yaml salt '*' state.show_sls edit.vim --out pprint</p><p>SLS</p><p>Above ``High Data'', the logical layers are no longer technically required to be executed, or to be executed in a hierarchy. is means that how the High data is generated is optional and very ﬂexible. e SLS layer allows for many mechanisms to be used to render sls data from ﬁles or to use the ﬁleserver backend to generate sls and ﬁle data from external systems. e SLS layer can be called directly to execute individual sls formulas.</p><p>Note: SLS Formulas have historically been called ``SLS ﬁles''. is is because a single SLS was only constituted in a single ﬁle. Now the term ``SLS Formula'' beer expresses how a compartmentalized SLS can be expressed in a much more dynamic way by combining pillar and other sources, and the SLS can be dynamically generated.</p><p>To call a single SLS formula named edit.vim, execute state.sls:</p><p> salt '*' state.sls edit.vim</p><p>HighState</p><p>Calling SLS directly logically assigns what states should be executed from the context of the calling minion. e Highstate layer is used to allow for full contextual assignment of what is executed where to be tied to groups of, or individual, minions entirely from the master. is means that the environment of a minion, and all associated execution data pertinent to said minion, can be assigned from the master without needing to execute or conﬁgure</p><p>22.26. State Enforcement 1045 Salt Documentation, Release 2014.7.6 anything on the target minion. is also means that the minion can independently retrieve information about its complete conﬁguration from the master. To execute the High State call state.highstate: salt '*' state.highstate</p><p>OverState</p><p>e overstate layer expresses the highest functional layer of Salt's automated logic systems. e Overstate allows for stateful and functional orchestration of routines from the master. e overstate deﬁnes in data execution stages which minions should execute states, or functions, and in what order using requisite logic.</p><p>22.26.11 The Orchestrate Runner</p><p>Note: is documentation has been moved here.</p><p>22.26.12 Ordering States</p><p>e way in which conﬁguration management systems are executed is a hotly debated topic in the conﬁguration management world. Two major philosophies exist on the subject, to either execute in an imperative fashion where things are executed in the order in which they are deﬁned, or in a declarative fashion where dependencies need to be mapped between objects. Imperative ordering is ﬁnite and generally considered easier to write, but declarative ordering is much more powerful and ﬂexible but generally considered more diﬃcult to create. Salt has been created to get the best of both worlds. States are evaluated in a ﬁnite order, which guarantees that states are always executed in the same order, and the states runtime is declarative, making Salt fully aware of dependencies via the requisite system.</p><p>State Auto Ordering</p><p>Salt always executes states in a ﬁnite manner, meaning that they will always execute in the same order regardless of the system that is executing them. But in Salt 0.17.0, the state_auto_order option was added. is option makes states get evaluated in the order in which they are deﬁned in sls ﬁles. e evaluation order makes it easy to know what order the states will be executed in, but it is important to note that the requisite system will override the ordering deﬁned in the ﬁles, and the order option described below will also override the order in which states are deﬁned in sls ﬁles. If the classic ordering is preferred (lexicographic), then set state_auto_order to False in the master conﬁg- uration ﬁle.</p><p>Requisite Statements</p><p>Note: is document represents behavior exhibited by Salt requisites as of version 0.9.7 of Salt.</p><p>Oen when seing up states any single action will require or depend on another action. Salt allows for the building of relationships between states with requisite statements. A requisite statement ensures that the named state is</p><p>1046 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> evaluated before the state requiring it. ere are three types of requisite statements in Salt, require, wat and prereq. ese requisite statements are applied to a speciﬁc state declaration:</p><p> httpd: pkg.installed: [] file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://httpd/httpd.conf - require: - pkg: httpd</p><p>In this example, the require requisite is used to declare that the ﬁle /etc/hpd/conf/hpd.conf should only be set up if the pkg state executes successfully. e requisite system works by ﬁnding the states that are required and executing them before the state that requires them. en the required states can be evaluated to see if they have executed correctly. Require statements can refer to any state deﬁned in Salt. e basic examples are pkg, service and ﬁle, but any used state can be referenced. In addition to state declarations such as pkg, ﬁle, etc., sls type requisites are also recognized, and essentially allow `chaining' of states. is provides a mechanism to ensure the proper sequence for complex state formulas, especially when the discrete states are split or groups into separate sls ﬁles:</p><p> include: - network</p><p> httpd: pkg.installed: [] service.running: - require: - pkg: httpd - sls: network</p><p>In this example, the hpd service running state will not be applied (i.e., the hpd service will not be started) unless both the hps package is installed AND the network state is satisﬁed.</p><p>Note: Requisite matching Requisites match on both the ID Declaration and the name parameter. erefore, if using the pkgs or sources argument to install a list of packages in a pkg state, it's important to note that it is impossible to match an individual package in the list, since all packages are installed as a single state.</p><p>Multiple Requisites</p><p>e requisite statement is passed as a list, allowing for the easy addition of more requisites. Both requisite types can also be separately declared:</p><p> httpd: pkg.installed: [] service.running: - enable: True - watch: - file: /etc/httpd/conf/httpd.conf</p><p>22.26. State Enforcement 1047 Salt Documentation, Release 2014.7.6</p><p>- require: - pkg: httpd - user: httpd - group: httpd file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://httpd/httpd.conf - require: - pkg: httpd user.present: [] group.present: []</p><p>In this example, the hpd service is only going to be started if the package, user, group and ﬁle are executed suc- cessfully.</p><p>Requisite Documentation</p><p>For detailed information on each of the individual requisites, please look here.</p><p>The Order Option</p><p>Before using the order option, remember that the majority of state ordering should be done with a Requisite decla- ration, and that a requisite declaration will override an order option, so a state with order option should not require or required by other states. e order option is used by adding an order number to a state declaration with the option order:</p><p> vim: pkg.installed: - order: 1</p><p>By adding the order option to 1 this ensures that the vim package will be installed in tandem with any other state declaration set to the order 1. Any state declared without an order option will be executed aer all states with order options are executed. But this construct can only handle ordering states from the beginning. Certain circ*mstances will present a situation where it is desirable to send a state to the end of the line. To do this, set the order to last:</p><p> vim: pkg.installed: - order: last</p><p>22.26.13 OverState System</p><p>Note: is documentation has been moved here.</p><p>22.26.14 State Providers</p><p>New in version 0.9.8.</p><p>1048 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Salt predetermines what modules should be mapped to what uses based on the properties of a system. ese deter- minations are generally made for modules that provide things like package and service management. Sometimes in states, it may be necessary to use an alternative module to provide the needed functionality. For instance, an older Arch Linux system may not be running systemd, so instead of using the systemd service module, you can revert to the default service module: httpd: service.running: - enable: True - provider: service</p><p>In this instance, the basic service module (which manages sysvinit-based services) will replace the systemd module which is used by default on Arch Linux. However, if it is necessary to make this override for most or every service, it is beer to just override the provider in the minion conﬁg ﬁle, as described in the section below.</p><p>Seing a Provider in the Minion Config File</p><p>Sometimes, when running Salt on custom Linux spins, or distribution that are derived from other distributions, Salt does not successfully detect providers. e providers which are most likely to be aﬀected by this are: • pkg • service • user • group When something like this happens, rather than specifying the provider manually in each state, it easier to use the providers parameter in the minion conﬁg ﬁle to set the provider. If you end up needing to override a provider because it was not detected, please let us know! File an issue on the issue tracker, and provide the output from the grains.items function, taking care to sanitize any sensitive information. Below are tables that should help with deciding which provider to use if one needs to be overridden.</p><p>Provider: pkg</p><p>Execution Module Used for apt Debian/Ubuntu-based distros which use apt-get(8) for package management brew Mac OS soware management using Homebrew ebuild Gentoo-based systems (utilizes the portage python module as well as emerge(1)) freebsdpkg FreeBSD-based OSes using pkg_add(1) openbsdpkg OpenBSD-based OSes using pkg_add(1) pacman Arch Linux-based distros using pacman(8) pkgin NetBSD-based OSes using pkgin(1) pkgng FreeBSD-based OSes using pkg(8) pkgutil Solaris-based OSes using OpenCSW`s pkgutil(1) solarispkg Solaris-based OSes using pkgadd(1M) win_pkg Windows yumpkg RedHat-based distros and derivatives (wraps yum(8)) zypper SUSE-based distros using zypper(8)</p><p>22.26. State Enforcement 1049 Salt Documentation, Release 2014.7.6</p><p>Provider: service</p><p>Execution Used for Module de- Debian (non-systemd) bian_service freebsdser- FreeBSD-based OSes using service(8) vice gen- Gentoo Linux using sysvinit and rc-update(8) too_service launchctl Mac OS hosts using launchctl(1) netbsdser- NetBSD-based OSes vice openbsdser- OpenBSD-based OSes vice rh_service RedHat-based distros and derivatives using service(8) and chkconfig(8). Supports both pure sysvinit and mixed sysvinit/upstart systems. service Fallback which simply wraps sysvinit scripts smf Solaris-based OSes which use SMF systemd Linux distros which use systemd upstart Ubuntu-based distros using upstart win_service Windows</p><p>Provider: user</p><p>Execution Used for Module useradd Linux, NetBSD, and OpenBSD systems using useradd(8), userdel(8), and usermod(8) pw_user FreeBSD-based OSes using pw(8) solaris_user Solaris-based OSes using useradd(1M), userdel(1M), and usermod(1M) win_useradd Windows</p><p>Provider: group</p><p>Execution Used for Module groupadd Linux, NetBSD, and OpenBSD systems using groupadd(8), groupdel(8), and groupmod(8) pw_group FreeBSD-based OSes using pw(8) solaris_group Solaris-based OSes using groupadd(1M), groupdel(1M), and groupmod(1M) win_groupadd Windows</p><p>Arbitrary Module Redirects</p><p>e provider statement can also be used for more powerful means, instead of overwriting or extending the module used for the named service an arbitrary module can be used to provide certain functionality.</p><p>1050 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> emacs: pkg.installed: - provider: - cmd: customcmd</p><p>In this example, the state is being instructed to use a custom module to invoke commands. Arbitrary module redirects can be used to dramatically change the behavior of a given state.</p><p>22.26.15 Requisites and Other Global State Arguments</p><p>Requisites</p><p>e Salt requisite system is used to create relationships between states. e core idea being that, when one state is dependent somehow on another, that inter-dependency can be easily deﬁned. Requisites come in two types: Direct requisites (such as require), and requisite_ins (such as require_in). e relationships are directional: a direct requisite requires something from another state. However, a requisite_in inserts a requisite into the targeted state pointing to the targeting state. e following example demonstrates a direct requisite:</p><p> vim: pkg.installed: []</p><p>/etc/vimrc: file.managed: - source: salt://edit/vimrc - require: - pkg: vim</p><p>In the example above, the ﬁle /etc/vimrc depends on the vim package. Requisite_in statements are the opposite. Instead of saying ``I depend on something'', requisite_ins say ``Someone depends on me'':</p><p> vim: pkg.installed: - require_in: - file: /etc/vimrc</p><p>/etc/vimrc: file.managed: - source: salt://edit/vimrc</p><p>So here, with a requisite_in, the same thing is accomplished as in the ﬁrst example, but the other way around. e vim package is saying ``/etc/vimrc depends on me''. is will result in a require being inserted into the /etc/vimrc state which targets the vim state. In the end, a single dependency map is created and everything is executed in a ﬁnite and predictable order.</p><p>Note: Requisite matching Requisites match on both the ID Declaration and the name parameter. is means that, in the example above, the require_in requisite would also have been matched if the /etc/vimrc state was wrien as follows:</p><p>22.26. State Enforcement 1051 Salt Documentation, Release 2014.7.6</p><p> vimrc: file.managed: - name: /etc/vimrc - source: salt://edit/vimrc</p><p>Direct Requisite and Requisite_in types</p><p>ere are six direct requisite statements that can be used in Salt: require, watch, prereq, use, onchanges, and onfail. Each direct requisite also has a corresponding requisite_in: require_in, watch_in, prereq_in, use_in, onchanges_in, and onfail_in. All of the requisites deﬁne speciﬁc relationships and always work with the dependency logic deﬁned above.</p><p> require e use of require demands that the dependent state executes before the depending state. e state containing the require requisite is deﬁned as the depending state. e state speciﬁed in the require statement is deﬁned as the dependent state. If the dependent state's execution succeeds, the depending state will then execute. If the dependent state's execution fails, the depending state will not execute. In the ﬁrst example above, the ﬁle /etc/vimrc will only execute aer the vim package is installed successfully.</p><p>Require an entire sls ﬁle As of Salt 0.16.0, it is possible to require an entire sls ﬁle. Do this ﬁrst by including the sls ﬁle and then seing a state to require the included sls ﬁle:</p><p> include: - foo</p><p> bar: pkg.installed: - require: - sls: foo</p><p> wat watch statements are used to add additional behavior when there are changes in other states.</p><p>Note: If a state should only execute when another state has changes, and otherwise do nothing, the new on- changes requisite should be used instead of watch. watch is designed to add additional behavior when there are changes, but otherwise execute normally.</p><p>e state containing the watch requisite is deﬁned as the watching state. e state speciﬁed in the watch statement is deﬁned as the watched state. When the watched state executes, it will return a dictionary containing a key named ``changes''. Here are two examples of state return dictionaries, shown in json for clarity:</p><p>"local": { "file_|-/tmp/foo_|-/tmp/foo_|-directory": { "comment": "Directory /tmp/foo updated", "__run_num__": 0, "changes": { "user": "bar" }, "name": "/tmp/foo", "result": true }</p><p>1052 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>}</p><p>"local": { "pkgrepo_|-salt-minion_|-salt-minion_|-managed": { "comment": "Package repo 'salt-minion' already configured", "__run_num__": 0, "changes": {}, "name": "salt-minion", "result": true } }</p><p>If the ``result'' of the watched state is True, the watching state will execute normally. is part of watch mirrors the functionality of the require requisite. If the ``result'' of the watched state is False, the watching state will never run, nor will the watching state's mod_watch function execute. However, if the ``result'' of the watched state is True, and the ``changes'' key contains a populated dictionary (changes occurred in the watched state), then the watch requisite can add additional behavior. is additional behavior is deﬁned by the mod_watch function within the watching state module. If the mod_watch function exists in the watching state module, it will be called in addition to the normal watching state. e return data from the mod_watch function is what will be returned to the master in this case; the return data from the main watching function is discarded. If the ``changes'' key contains an empty dictionary, the watch requisite acts exactly like the require requisite (the watching state will execute if ``result'' is True, and fail if ``result'' is False in the watched state).</p><p>Note: Not all state modules contain mod_watch. If mod_watch is absent from the watching state module, the watch requisite behaves exactly like a require requisite.</p><p>A good example of using watch is with a service.running state. When a service watches a state, then the service is reloaded/restarted when the watched state changes, in addition to Salt ensuring that the service is running.</p><p> ntpd: service.running: - watch: - file: /etc/ntp.conf file.managed: - name: /etc/ntp.conf - source: salt://ntp/files/ntp.conf</p><p> prereq New in version 0.16.0. prereq allows for actions to be taken based on the expected results of a state that has not yet been executed. e state containing the prereq requisite is deﬁned as the pre-requiring state. e state speciﬁed in the prereq statement is deﬁned as the pre-required state. When a prereq requisite is evaluated, the pre-required state reports if it expects to have any changes. It does this by running the pre-required single state as a test-run by enabling test=True. is test-run will return a dictionary containing a key named ``changes''. (See the watch section above for examples of ``changes'' dictionaries.) If the ``changes'' key contains a populated dictionary, it means that the pre-required state expects changes to occur when the state is actually executed, as opposed to the test-run. e pre-requiring state will now actually run. If the pre-requiring state executes successfully, the pre-required state will then execute. If the pre-requiring state fails, the pre-required state will not execute.</p><p>22.26. State Enforcement 1053 Salt Documentation, Release 2014.7.6</p><p>If the ``changes'' key contains an empty dictionary, this means that changes are not expected by the pre-required state. Neither the pre-required state nor the pre-requiring state will run. e best way to deﬁne how prereq operates is displayed in the following practical example: When a service should be shut down because underlying code is going to change, the service should be oﬀ-line while the update occurs. In this example, graceful-down is the pre-requiring state and site-code is the pre-required state. graceful-down: cmd.run: - name: service apache graceful - prereq: - file: site-code site-code: file.recurse: - name: /opt/site_code - source: salt://site/code</p><p>In this case the apache server will only be shutdown if the site-code state expects to deploy fresh code via the ﬁle.recurse call. e site-code deployment will only be executed if the graceful-down run completes successfully. onfail New in version 2014.7.0. e onfail requisite allows for reactions to happen strictly as a response to the failure of another state. is can be used in a number of ways, such as executing a second aempt to set up a service or begin to execute a separate thread of states because of a failure. e onfail requisite is applied in the same way as require as watch: primary_mount: mount.mounted: - name: /mnt/share - device: 10.0.0.45:/share - fstype: nfs backup_mount: mount.mounted: - name: /mnt/share - device: 192.168.40.34:/share - fstype: nfs - onfail: - mount: primary_mount</p><p> onanges New in version 2014.7.0. e onchanges requisite makes a state only apply if the required states generate changes, and if the watched state's ``result'' is True. is can be a useful way to execute a post hook aer changing aspects of a system. use e use requisite is used to inherit the arguments passed in another id declaration. is is useful when many ﬁles need to have the same defaults.</p><p>/etc/foo.conf: file.managed: - source: salt://foo.conf</p><p>1054 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>- template: jinja - mkdirs: True - user: apache - group: apache - mode: 755</p><p>/etc/bar.conf file.managed: - source: salt://bar.conf - use: - file: /etc/foo.conf</p><p>e use statement was developed primarily for the networking states but can be used on any states in Salt. is makes sense for the networking state because it can deﬁne a long list of options that need to be applied to multiple network interfaces. e use statement does not inherit the requisites arguments of the targeted state. is means also a chain of use requisites would not inherit inherited options.</p><p>e _in versions of requisites All of the requisites also have corresponding requisite_in versions, which do the reverse of their normal counterparts. e examples below all use require_in as the example, but note that all of the _in requisites work the same way: ey result in a normal requisite in the targeted state, which targets the state which has deﬁnes the requisite_in. us, a require_in causes the target state to require the targeting state. Similarly, a watch_in causes the target state to watch the targeting state. is paern continues for the rest of the requisites. If a state declaration needs to be required by another state declaration then require_in can accommodate it. erefore, these two sls ﬁles would be the same in the end: Using require httpd: pkg.installed: [] service.running: - require: - pkg: httpd</p><p>Using require_in httpd: pkg.installed: - require_in: - service: httpd service.running: []</p><p>e require_in statement is particularly useful when assigning a require in a separate sls ﬁle. For instance it may be common for hpd to require components used to set up PHP or mod_python, but the HTTP state does not need to be aware of the additional components that require it when it is set up: hp.sls httpd: pkg.installed: [] service.running: - require: - pkg: httpd</p><p>22.26. State Enforcement 1055 Salt Documentation, Release 2014.7.6</p><p> php.sls</p><p> include: - http</p><p> php: pkg.installed: - require_in: - service: httpd</p><p> mod_python.sls</p><p> include: - http</p><p> mod_python: pkg.installed: - require_in: - service: httpd</p><p>Now the hpd server will only start if php or mod_python are ﬁrst veriﬁed to be installed. us allowing for a requisite to be deﬁned ``aer the fact''.</p><p>Altering States</p><p>e state altering system is used to make sure that states are evaluated exactly as the user expects. It can be used to double check that a state preformed exactly how it was expected to, or to make 100% sure that a state only runs under certain conditions. e use of unless or onlyif options help make states even more stateful. e check_cmds option helps ensure that the result of a state is evaluated correctly.</p><p>Unless</p><p>New in version 2014.7.0. e unless requisite speciﬁes that a state should only run when any of the speciﬁed commands return False. e unless requisite operates as NOR and is useful in giving more granular control over when a state should execute.</p><p> vim: pkg.installed: - unless: - rpm -q vim-enhanced - ls /usr/bin/vim</p><p>In the example above, the state will only run if either the vim-enhanced package is not installed (returns False) or if /usr/bin/vim does not exist (returns False). e state will run if both commands return False. However, the state will not run if both commands return True.</p><p>1056 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Onlyif</p><p>New in version 2014.7.0. onlyif is the opposite of unless. If all of the commands in onlyif return True, then the state is run. If any of the speciﬁed commands return False, the state will not run. stop-volume: module.run: - name: glusterfs.stop_volume - m_name: work - onlyif: - gluster volume status work - order: 1 remove-volume: module.run: - name: glusterfs.delete - m_name: work - onlyif: - gluster volume info work - watch: - cmd: stop-volume</p><p>e above example ensures that the stop_volume and delete modules only run if the gluster commands return a 0 ret value. check_cmd</p><p>New in version 2014.7.0. Check Command is used for determining that a state did or did not run as expected. comment-repo: file.replace: - path: /etc/yum.repos.d/fedora.repo - pattern: ^enabled=0 - repl: enabled=1 - check_cmd: - grep 'enabled=0' /etc/yum.repos.d/fedora.repo &amp;&amp; return 1 || return 0</p><p>is will aempt to do a replace on all enabled=0 in the .repo ﬁle, and replace them with enabled=1. e check_cmd is just a bash command. It will do a grep for enabled=0 in the ﬁle, and if it ﬁnds any, it will return a 0, which will prompt the &amp;&amp; portion of the command to return a 1, causing check_cmd to set the state as failed. If it returns a 1, meaning it didn't ﬁnd any `enabled=0' it will hit the || portion of the command, returning a 0, and declaring the function succeeded.</p><p>Overriding Checks</p><p>ere are two commands used for the above checks. mod_run_check is used to check for onlyif and unless. If the goal is to override the global check for these to variables, include a mod_run_check in the salt/states/ ﬁle.</p><p>22.26. State Enforcement 1057 Salt Documentation, Release 2014.7.6 mod_run_check_cmd is used to check for the check_cmd options. To override this one, include a mod_run_check_cmd in the states ﬁle for the state.</p><p>22.26.16 Startup States</p><p>Sometimes it may be desired that the salt minion execute a state run when it is started. is alleviates the need for the master to initiate a state run on a new minion and can make provisioning much easier. As of Salt 0.10.3 the minion conﬁg reads options that allow for states to be executed at startup. e options are startup_states, sls_list and top_ﬁle. e startup_states option can be passed one of a number of arguments to deﬁne how to execute states. e available options are: highstate Execute state.highstate sls Read in the sls_list option and execute the named sls ﬁles top Read in the top_file option and execute states based on that top ﬁle on the Salt Master</p><p>Examples:</p><p>Execute state.highstate when starting the minion: startup_states: highstate</p><p>Execute the sls ﬁles edit.vim and hyper: startup_states: sls sls_list: - edit.vim - hyper</p><p>22.26.17 State Testing</p><p>Executing a Salt state run can potentially change many aspects of a system and it may be desirable to ﬁrst see what a state run is going to change before applying the run. Salt has a test interface to report on exactly what will be changed, this interface can be invoked on any of the major state run functions: salt '*' state.highstate test=True salt '*' state.sls test=True salt '*' state.single test=True</p><p>e test run is mandated by adding the test=True option to the states. e return information will show states that will be applied in yellow and the result is reported as None.</p><p>1058 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Default Test</p><p>If the value test is set to True in the minion conﬁguration ﬁle then states will default to being executed in test mode. If this value is set then states can still be run by calling test=False:</p><p> salt '*' state.highstate test=False salt '*' state.sls test=False salt '*' state.single test=False</p><p>22.26.18 The Top File</p><p>e top ﬁle is used to map what SLS modules get loaded onto what minions via the state system. e top ﬁle creates a few general abstractions. First it maps what nodes should pull from which environments, next it deﬁnes which matches systems should draw from.</p><p>Environments</p><p>Environments allow conceptually organizing state tree directories. Environments can be made to be self-contained or state trees can be made to bleed through environments.</p><p>Note: Environments in Salt are very ﬂexible, this section deﬁnes how the top ﬁle can be used to deﬁne what states from what environments are to be used for speciﬁc minions. If the intent is to bind minions to speciﬁc environments, then the environment option can be set in the minion conﬁguration ﬁle.</p><p>e environments in the top ﬁle corresponds with the environments deﬁned in the file_roots variable. In a simple, single environment setup you only have the base environment, and therefore only one state tree. Here is a simple example of file_roots in the master conﬁguration:</p><p> file_roots: base: - /srv/salt</p><p>is means that the top ﬁle will only have one environment to pull from, here is a simple, single environment top ﬁle:</p><p> base: '*': - core - edit</p><p>is also means that /srv/salt has a state tree. But if you want to use multiple environments, or partition the ﬁle server to serve more than just the state tree, then the file_roots option can be expanded:</p><p> file_roots: base: - /srv/salt/base dev: - /srv/salt/dev qa: - /srv/salt/qa</p><p>22.26. State Enforcement 1059 Salt Documentation, Release 2014.7.6</p><p> prod: - /srv/salt/prod</p><p>en our top ﬁle could reference the environments: dev: 'webserver*dev*': - webserver 'db*dev*': - db qa: 'webserver*qa*': - webserver 'db*qa*': - db prod: 'webserver*prod*': - webserver 'db*prod*': - db</p><p>In this setup we have state trees in three of the four environments, and no state tree in the base environment. Notice that the targets for the minions specify environment data. In Salt the master determines who is in what environment, and many environments can be crossed together. For instance, a separate global state tree could be added to the base environment if it suits your deployment: base: '*': - global dev: 'webserver*dev*': - webserver 'db*dev*': - db qa: 'webserver*qa*': - webserver 'db*qa*': - db prod: 'webserver*prod*': - webserver 'db*prod*': - db</p><p>In this setup all systems will pull the global SLS from the base environment, as well as pull from their respective environments. If you assign only one SLS to a system, as in this example, a shorthand is also available: base: '*': global dev: 'webserver*dev*': webserver 'db*dev*': db qa: 'webserver*qa*': webserver 'db*qa*': db</p><p>1060 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> prod: 'webserver*prod*': webserver 'db*prod*': db</p><p>Note: e top ﬁles from all deﬁned environments will be compiled into a single top ﬁle for all states. Top ﬁles are environment agnostic.</p><p>Remember, that since everything is a ﬁle in Salt, the environments are primarily ﬁle server environments, this means that environments that have nothing to do with states can be deﬁned and used to distribute other ﬁles. A clean and recommended setup for multiple environments would look like this:</p><p># Master file_roots configuration: file_roots: base: - /srv/salt/base dev: - /srv/salt/dev qa: - /srv/salt/qa prod: - /srv/salt/prod</p><p>en only place state trees in the dev, qa and prod environments, leaving the base environment open for generic ﬁle transfers. en the top.sls ﬁle would look something like this: dev: 'webserver*dev*': - webserver 'db*dev*': - db qa: 'webserver*qa*': - webserver 'db*qa*': - db prod: 'webserver*prod*': - webserver 'db*prod*': - db</p><p>Other Ways of Targeting Minions</p><p>In addition to globs, minions can be speciﬁed in top ﬁles a few other ways. Some common ones are compound matches and node groups. Here is a slightly more complex top ﬁle example, showing the diﬀerent types of matches you can perform: base: '*': - ldap-client - networking - salt.minion</p><p>22.26. State Enforcement 1061 Salt Documentation, Release 2014.7.6</p><p>'salt-master*': - salt.master</p><p>'^(memcache|web).(qa|prod).loc$': - match: pcre - nagios.mon.web - apache.server</p><p>'os:Ubuntu': - match: grain - repos.ubuntu</p><p>'os:(RedHat|CentOS)': - match: grain_pcre - repos.epel</p><p>'foo,bar,baz': - match: list - database</p><p>'somekey:abc': - match: pillar - xyz</p><p>'nag1* or G@role:monitoring': - match: compound - nagios.server</p><p>In this example top.sls, all minions get the ldap-client, networking and salt.minion states. Any minion with an id matching the salt-master* glob will get the salt.master state. Any minion with ids matching the regular expression ^(memcache|web).(qa|prod).loc$ will get the nagios.mon.web and apache.server states. All Ubuntu minions will receive the repos.ubuntu state, while all RHEL and CentOS minions will receive the repos.epel state. e minions foo, bar, and baz will receive the database state. Any minion with a pillar named somekey, having a value of abc will receive the xyz state. Finally, minions with ids matching the nag1* glob or with a grain named role equal to monitoring will receive the nagios.server state.</p><p>How Top Files Are Compiled</p><p>Warning: ere is currently a known issue with the topﬁle compilation. e below may not be completely valid until hps://github.com/saltstack/salt/issues/12483#issuecomment-64181598 is closed.</p><p>As mentioned earlier, the top ﬁles in the diﬀerent environments are compiled into a single set of data. e way in which this is done follows a few rules, which are important to understand when arranging top ﬁles in diﬀerent environments. e examples below all assume that the file_roots are set as in the above multi-environment example. 1. e base environment's top ﬁle is processed ﬁrst. Any environment which is deﬁned in the base top.sls as well as another environment's top ﬁle, will use the instance of the environment conﬁgured in base and ignore all other instances. In other words, the base top ﬁle is authoritative when deﬁning environments. erefore, in the example below, the dev section in /srv/salt/dev/top.sls would be completely ignored. /srv/salt/base/top.sls: base: '*':</p><p>1062 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>- common dev: 'webserver*dev*': - webserver 'db*dev*': - db</p><p>/srv/salt/dev/top.sls: dev: '10.10.100.0/24': - match: ipcidr - deployments.dev.site1 '10.10.101.0/24': - match: ipcidr - deployments.dev.site2</p><p>Note: e rules below assume that the environments being discussed were not deﬁned in the base top ﬁle.</p><p>2. If, for some reason, the base environment is not conﬁgured in the base environment's top ﬁle, then the other environments will be checked in alphabetical order. e ﬁrst top ﬁle found to contain a section for the base environment wins, and the other top ﬁles' base sections are ignored. So, provided there is no base section in the base top ﬁle, with the below two top ﬁles the dev environment would win out, and the common.centos SLS would not be applied to CentOS hosts. /srv/salt/dev/top.sls: base: 'os:Ubuntu': - common.ubuntu dev: 'webserver*dev*': - webserver 'db*dev*': - db</p><p>/srv/salt/qa/top.sls: base: 'os:Ubuntu': - common.ubuntu 'os:CentOS': - common.centos qa: 'webserver*qa*': - webserver 'db*qa*': - db</p><p>3. For environments other than base, the top ﬁle in a given environment will be checked for a section matching the environment's name. If one is found, then it is used. Otherwise, the remaining (non-base) environments will be checked in alphabetical order. In the below example, the qa section in /srv/salt/dev/top.sls will be ignored, but if /srv/salt/qa/top.sls were cleared or removed, then the states conﬁgured for the qa environment in /srv/salt/dev/top.sls will be applied.</p><p>22.26. State Enforcement 1063 Salt Documentation, Release 2014.7.6</p><p>/srv/salt/dev/top.sls: dev: 'webserver*dev*': - webserver 'db*dev*': - db qa: '10.10.200.0/24': - match: ipcidr - deployments.qa.site1 '10.10.201.0/24': - match: ipcidr - deployments.qa.site2</p><p>/srv/salt/qa/top.sls: qa: 'webserver*qa*': - webserver 'db*qa*': - db</p><p>Note: When in doubt, the simplest way to conﬁgure your states is with a single top.sls in the base environment.</p><p>22.26.19 SLS Template Variable Reference</p><p>e template engines available to sls ﬁles and ﬁle templates come loaded with a number of context variables. ese variables contain information and functions to assist in the generation of templates. See each variable below for its availability -- not all variables are available in all templating contexts.</p><p>Salt</p><p>e salt variable is available to abstract the salt library functions. is variable is a python dictionary containing all of the functions available to the running salt minion. It is available in all salt templates.</p><p>{% for file in salt['cmd.run']('ls -1 /opt/to_remove').splitlines() %} /opt/to_remove/{{ file }}: file.absent {% endfor %}</p><p>Opts</p><p>e opts variable abstracts the contents of the minion's conﬁguration ﬁle directly to the template. e opts variable is a dictionary. It is available in all templates.</p><p>{{ opts['cachedir'] }}</p><p>e config.get function also searches for values in the opts dictionary.</p><p>1064 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Pillar</p><p>e pillar dictionary can be referenced directly, and is available in all templates:</p><p>{{ pillar['key'] }}</p><p>Using the pillar.get function via the salt variable is generally recommended since a default can be safely set in the event that the value is not available in pillar and dictionaries can be traversed directly:</p><p>{{ salt['pillar.get']('key', 'failover_value') }} {{ salt['pillar.get']('stuff:more:deeper') }}</p><p>Grains</p><p>e grains dictionary makes the minion's grains directly available, and is available in all templates:</p><p>{{ grains['os'] }}</p><p>e grains.get function can be used to traverse deeper grains and set defaults:</p><p>{{ salt['grains.get']('os') }}</p><p> env</p><p>e env variable is available in only in sls ﬁles when gathering the sls from an environment.</p><p>{{ env }}</p><p> sls</p><p>e sls variable contains the sls reference value, and is only available in the actual SLS ﬁle (not in any ﬁles referenced in that SLS). e sls reference value is the value used to include the sls in top ﬁles or via the include option.</p><p>{{ sls }}</p><p>22.26.20 State Modules</p><p>State Modules are the components that map to actual enforcement and management of Salt states.</p><p>States are Easy to Write!</p><p>State Modules should be easy to write and straightforward. e information passed to the SLS data structures will map directly to the states modules. Mapping the information from the SLS data is simple, this example should illustrate:</p><p>22.26. State Enforcement 1065 Salt Documentation, Release 2014.7.6</p><p>/etc/salt/master: # maps to "name" file: # maps to State module filename e.g. https://github.com/saltstack/salt/tree/develop/salt/states/file.py - managed # maps to the managed function in the file State module - user: root # one of many options passed to the manage function - group: root - mode: 644 - source: salt://salt/master</p><p>erefore this SLS data can be directly linked to a module, function and arguments passed to that function. is does issue the burden, that function names, state names and function arguments should be very human readable inside state modules, since they directly deﬁne the user interface.</p><p>Keyword Arguments Salt passes a number of keyword arguments to states when rendering them, including the environment, a unique identiﬁer for the state, and more. Additionally, keep in mind that the requisites for a state are part of the keyword arguments. erefore, if you need to iterate through the keyword arguments in a state, these must be considered and handled appropriately. One such example is in the pkgrepo.managed state, which needs to be able to handle arbitrary keyword arguments and pass them to module execution functions. An example of how these keyword arguments can be handled can be found here.</p><p>Using Custom State Modules</p><p>Place your custom state modules inside a _states directory within the file_roots speciﬁed by the mas- ter conﬁg ﬁle. ese custom state modules can then be distributed in a number of ways. Custom state mod- ules are distributed when state.highstate is run, or by executing the saltutil.sync_states or saltutil.sync_all functions. Any custom states which have been synced to a minion, that are named the same as one of Salt's default set of states, will take the place of the default state with the same name. Note that a state's default name is its ﬁlename (i.e. foo.py becomes state foo), but that its name can be overridden by using a __virtual__ function.</p><p>Cross Calling Modules</p><p>As with Execution Modules, State Modules can also make use of the __salt__ and __grains__ data. It is important to note that the real work of state management should not be done in the state module unless it is needed. A good example is the pkg state module. is module does not do any package management work, it just calls the pkg execution module. is makes the pkg state module completely generic, which is why there is only one pkg state module and many backend pkg execution modules. On the other hand some modules will require that the logic be placed in the state module, a good example of this is the ﬁle module. But in the vast majority of cases this is not the best approach, and writing speciﬁc execution modules to do the backend work will be the optimal solution.</p><p>Return Data</p><p>A State Module must return a dict containing the following keys/values: • name: e same value passed to the state as ``name''. • anges: A dict describing the changes made. Each thing changed should be a key, with its value being another dict with keys called ``old'' and ``new'' containing the old/new values. For example, the pkg state's anges</p><p>1066 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> dict has one key for each package changed, with the ``old'' and ``new'' keys in its sub-dict containing the old and new versions of the package. • result: A boolean value. True if the action was successful, otherwise False. • comment: A string containing a summary of the result.</p><p>Test State</p><p>All states should check for and support test being passed in the options. is will return data about what changes would occur if the state were actually run. An example of such a check could look like this:</p><p># Return comment of changes if test. if __opts__['test']: ret['result'] = None ret['comment'] = 'State Foo will execute with param {0}'.format(bar) return ret</p><p>Make sure to test and return before performing any real actions on the minion.</p><p>Watcher Function</p><p>If the state being wrien should support the watch requisite then a watcher function needs to be declared. e watcher function is called whenever the watch requisite is invoked and should be generic to the behavior of the state itself. e watcher function should accept all of the options that the normal state functions accept (as they will be passed into the watcher function). A watcher function typically is used to execute state speciﬁc reactive behavior, for instance, the watcher for the service module restarts the named service and makes it useful for the watcher to make the service react to changes in the environment. e watcher function also needs to return the same data that a normal state function returns.</p><p>Mod_init Interface</p><p>Some states need to execute something only once to ensure that an environment has been set up, or certain conditions global to the state behavior can be predeﬁned. is is the realm of the mod_init interface. A state module can have a function called mod_init which executes when the ﬁrst state of this type is called. is interface was created primarily to improve the pkg state. When packages are installed the package metadata needs to be refreshed, but refreshing the package metadata every time a package is installed is wasteful. e mod_init function for the pkg state sets a ﬂag down so that the ﬁrst, and only the ﬁrst, package installation aempt will refresh the package database (the package database can of course be manually called to refresh via the refresh option in the pkg state). e mod_init function must accept the Low State Data for the given executing state as an argument. e low state data is a dict and can be seen by executing the state.show_lowstate function. en the mod_init function must return a bool. If the return value is True, then the mod_init function will not be executed again, meaning that the needed behavior has been set up. Otherwise, if the mod_init function returns False, then the function will be called the next time. A good example of the mod_init function is found in the pkg state module:</p><p>22.26. State Enforcement 1067 Salt Documentation, Release 2014.7.6</p><p> def mod_init(low): ''' Refresh the package database here so that it only needs to happen once ''' if low['fun'] == 'installed' or low['fun'] == 'latest': rtag = __gen_rtag() if not os.path.exists(rtag): open(rtag, 'w+').write('') return True else: return False</p><p>e mod_init function in the pkg state accepts the low state data as low and then checks to see if the function being called is going to install packages, if the function is not going to install packages then there is no need to refresh the package database. erefore if the package database is prepared to refresh, then return True and the mod_init will not be called the next time a pkg state is evaluated, otherwise return False and the mod_init will be called next time a pkg state is evaluated.</p><p>Full State Module Example</p><p>e following is a simplistic example of a full state module and function. Remember to call out to execution modules to perform all the real work. e state module should only perform ``before'' and ``aer'' checks. 1. Make a custom state module by puing the code into a ﬁle at the following path: /srv/salt/_states/my_custom_state.py. 2. Distribute the custom state module to the minions:</p><p> salt '*' saltutil.sync_states</p><p>3. Write a new state to use the custom state by making a new state ﬁle, for instance /srv/salt/my_custom_state.sls. 4. Add the following SLS conﬁguration to the ﬁle created in Step 3:</p><p> human_friendly_state_id: # An arbitrary state ID declaration. my_custom_state: # The custom state module name. - enforce_custom_thing # The function in the custom state module. - name: a_value # Maps to the ``name`` parameter in the custom function. - foo: Foo # Specify the required ``foo`` parameter. - bar: False # Override the default value for the ``bar`` parameter.</p><p>Example state module import salt.exceptions def enforce_custom_thing(name, foo, baz=True): ''' Enforce the state of a custom thing</p><p>This state module does a custom thing. It calls out to the execution module ``my_custom_module`` in order to check the current system and perform any needed changes.</p><p> name</p><p>1068 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>The thing to do something to foo A required argument bar : True An argument with a default value ''' ret = {'name': name, 'changes': {}, 'result': False, 'comment': ''}</p><p># Start with basic error-checking. Do all the passed parameters make sense # and agree with each-other? if baz == True and foo.startswith('Foo'): raise salt.exceptions.SaltInvocationError( 'Argument "foo" cannot start with "Foo" if argument "baz" is True.')</p><p># Check the current state of the system. Does anything need to change? current_state = __salt__['my_custom_module.current_state'](name)</p><p> if current_state == foo: ret['result'] = True ret['comment'] = 'System already in the correct state' return ret</p><p># The state of the system does need to be changed. Check if we're running # in ``test=true`` mode. if __opts__['test'] == True: ret['comment'] = 'The state of "{0}" will be changed.'.format(name) ret['changes'] = { 'old': current_state, 'new': 'Description, diff, whatever of the new state', }</p><p># Return ``None`` when running with ``test=true``. ret['result'] = None</p><p> return ret</p><p># Finally, make the actual change and return the result. new_state = __salt__['my_custom_module.change_state'](name, foo)</p><p> ret['comment'] = 'The state of "{0}" was changed!'.format(name)</p><p> ret['changes'] = { 'old': current_state, 'new': new_state, }</p><p> ret['result'] = True</p><p> return ret</p><p>22.26.21 State Management</p><p>State management, also frequently called Soware Conﬁguration Management (SCM), is a program that puts and keeps a system into a predetermined state. It installs soware packages, starts or restarts services or puts conﬁgu- ration ﬁles in place and watches them for changes. Having a state management system in place allows one to easily and reliably conﬁgure and manage a few servers or</p><p>22.26. State Enforcement 1069 Salt Documentation, Release 2014.7.6 a few thousand servers. It allows conﬁgurations to be kept under version control. Salt States is an extension of the Salt Modules that we discussed in the previous remote execution tutorial. Instead of calling one-oﬀ executions the state of a system can be easily deﬁned and then enforced.</p><p>22.26.22 Understanding the Salt State System Components</p><p>e Salt state system is comprised of a number of components. As a user, an understanding of the SLS and renderer systems are needed. But as a developer, an understanding of Salt states and how to write the states is needed as well.</p><p>Note: States are compiled and executed only on minions that have been targeted. To execute functions directly on masters, see runners.</p><p>Salt SLS System</p><p>e primary system used by the Salt state system is the SLS system. SLS stands for SaLt State. e Salt States are ﬁles which contain the information about how to conﬁgure Salt minions. e states are laid out in a directory tree and can be wrien in many diﬀerent formats. e contents of the ﬁles and they way they are laid out is intended to be as simple as possible while allowing for maximum ﬂexibility. e ﬁles are laid out in states and contains information about how the minion needs to be conﬁgured.</p><p>SLS File Layout</p><p>SLS ﬁles are laid out in the Salt ﬁle server. A simple layout can look like this: top.sls ssh.sls sshd_config users/init.sls users/admin.sls salt/master.sls web/init.sls</p><p>e top.sls ﬁle is a key component. e top.sls ﬁles is used to determine which SLS ﬁles should be applied to which minions. e rest of the ﬁles with the .sls extension in the above example are state ﬁles. Files without a .sls extensions are seen by the Salt master as ﬁles that can be downloaded to a Salt minion. States are translated into dot notation. For example, the ssh.sls ﬁle is seen as the ssh state and the users/admin.sls ﬁle is seen as the users.admin state. Files named init.sls are translated to be the state name of the parent directory, so the web/init.sls ﬁle translates to the web state. In Salt, everything is a ﬁle; there is no ``magic translation'' of ﬁles and ﬁle types. is means that a state ﬁle can be distributed to minions just like a plain text or binary ﬁle.</p><p>1070 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>SLS Files</p><p>e Salt state ﬁles are simple sets of data. Since SLS ﬁles are just data they can be represented in a number of diﬀerent ways. e default format is YAML generated from a Jinja template. is allows for the states ﬁles to have all the language constructs of Python and the simplicity of YAML. State ﬁles can then be complicated Jinja templates that translate down to YAML, or just plain and simple YAML ﬁles. e State ﬁles are simply common data structures such as dictionaries and lists, constructed using a templating language such as YAML. Here is an example of a Salt State: vim: pkg.installed: [] salt: pkg.latest: - name: salt service.running: - names: - salt-master - salt-minion - require: - pkg: salt - watch: - file: /etc/salt/minion</p><p>/etc/salt/minion: file.managed: - source: salt://salt/minion - user: root - group: root - mode: 644 - require: - pkg: salt</p><p>is short stanza will ensure that vim is installed, Salt is installed and up to date, the salt-master and salt-minion daemons are running and the Salt minion conﬁguration ﬁle is in place. It will also ensure everything is deployed in the right order and that the Salt services are restarted when the watched ﬁle updated.</p><p>The Top File</p><p>e top ﬁle controls the mapping between minions and the states which should be applied to them. e top ﬁle speciﬁes which minions should have which SLS ﬁles applied and which environments they should draw those SLS ﬁles from. e top ﬁle works by specifying environments on the top-level. Each environment contains globs to match minions. Finally, each glob contains a list of lists of Salt states to apply to matching minions: base: '*':</p><p>22.26. State Enforcement 1071 Salt Documentation, Release 2014.7.6</p><p>- salt - users - users.admin 'saltmaster.*': - match: pcre - salt.master</p><p>is above example uses the base environment which is built into the default Salt setup. e base environment has two globs. First, the `*' glob contains a list of SLS ﬁles to apply to all minions. e second glob contains a regular expression that will match all minions with an ID matching saltmaster.* and speciﬁes that for those minions, the salt.master state should be applied.</p><p>Reloading Modules</p><p>Some Salt states require that speciﬁc packages be installed in order for the module to load. As an example the pip state module requires the pip package for proper name and version parsing. In most of the common cases, Salt is clever enough to transparently reload the modules. For example, if you install a package, Salt reloads modules because some other module or state might require just that package which was installed. On some edge-cases salt might need to be told to reload the modules. Consider the following state ﬁle which we'll call pep8.sls:</p><p> python-pip: cmd.run: - name: | easy_install --script-dir=/usr/bin -U pip - cwd: /</p><p> pep8: pip.installed: - require: - cmd: python-pip</p><p>e above example installs pip using easy_install from setuptools and installs pep8 using pip, which, as told earlier, requires pip to be installed system-wide. Let's execute this state:</p><p> salt-call state.sls pep8</p><p>e execution output would be something like:</p><p>------State: - pip Name: pep8 Function: installed Result: False Comment: State pip.installed found in sls pep8 is unavailable</p><p>Changes:</p><p>Summary ------Succeeded: 1</p><p>1072 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Failed: 1 ------Total: 2</p><p>If we executed the state again the output would be:</p><p>------State: - pip Name: pep8 Function: installed Result: True Comment: Package was successfully installed Changes: pep8==1.4.6: Installed</p><p>Summary ------Succeeded: 2 Failed: 0 ------Total: 2</p><p>Since we installed pip using cmd, Salt has no way to know that a system-wide package was installed. On the second execution, since the required pip package was installed, the state executed correctly.</p><p>Note: Salt does not reload modules on every state run because doing so would greatly slow down state execution.</p><p>So how do we solve this edge-case? reload_modules! reload_modules is a boolean option recognized by salt on all available states which forces salt to reload its modules once a given state ﬁnishes. e modiﬁed state ﬁle would now be:</p><p> python-pip: cmd.run: - name: | easy_install --script-dir=/usr/bin -U pip - cwd: / - reload_modules: true</p><p> pep8: pip.installed: - require: - cmd: python-pip</p><p>Let's run it, once:</p><p> salt-call state.sls pep8</p><p>e output is:</p><p>------State: - pip Name: pep8 Function: installed Result: True</p><p>22.26. State Enforcement 1073 Salt Documentation, Release 2014.7.6</p><p>Comment: Package was successfully installed Changes: pep8==1.4.6: Installed</p><p>Summary ------Succeeded: 2 Failed: 0 ------Total: 2</p><p>22.27 Full list of builtin state modules</p><p> alias Conﬁguration of email aliases alternatives Conﬁguration of the alternatives system apache Apache state apache_module Manage Apache Modules apt Package management operations speciﬁc to APT- and DEB-based systems archive Extract an archive at Conﬁguration disposable regularly scheduled tasks for at. augeas Conﬁguration management using Augeas aws_sqs Manage SQS eues blockdev Management of Block Devices boto_asg Manage Autoscale Groups boto_cloudwatch_alarm Manage Cloudwatch alarms boto_elasticache Manage Elasticache boto_elb Manage ELBs boto_iam_role Manage IAM roles. boto_lc Manage Launch Conﬁgurations boto_route53 Manage Route53 records boto_secgroup Manage Security Groups boto_sqs Manage SQS eues cloud Using states instead of maps to deploy clouds cmd Execution of arbitrary commands composer Installation of Composer Packages cron Management of cron, the Unix command scheduler ddns Dynamic DNS updates debconfmod Management of debconf selections disk Disk monitoring state dockerio Manage Docker containers environ Support for geing and seing the environment variables of the current salt process. eselect Management of Gentoo conﬁguration using eselect event Send events through Salt's event system during state runs file Operations on regular ﬁles, special ﬁles, directories, and symlinks gem Installation of Ruby modules packaged as gems git Interaction with Git repositories glusterfs Manage glusterfs pool. gnomedesktop Conﬁguration of the GNOME desktop grains Manage grains on the minion group Management of user groups Continued on next page</p><p>1074 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Table 22.13 -- continued from previous page hg Interaction with Mercurial repositories host Management of addresses and names in hosts ﬁle htpasswd Support for htpasswd module incron Management of incron, the inotify cron influxdb_database Management of InﬂuxDB databases influxdb_user Management of InﬂuxDB users ini_manage Manage ini ﬁles ipset Management of ipsets iptables Management of iptables keyboard Management of keyboard layouts keystone Management of Keystone users kmod Loading and unloading of kernel modules layman Management of Gentoo Overlays using layman libvirt Manage libvirt certiﬁcates locale Management of languages/locales lvm Management of Linux logical volumes lvs_server Management of LVS (Linux Virtual Server) Real Server lvs_service Management of LVS (Linux Virtual Server) Service lxc lxc / Spin up and control LXC containers makeconf Management of Gentoo make.conf mdadm Managing soware RAID with mdadm memcached States for Management of Memcached Keys modjk State to control Apache modjk modjk_worker Manage modjk workers module Execution of Salt modules from within states mongodb_database Management of Mongodb databases mongodb_user Management of Mongodb users mount Mounting of ﬁlesystems mysql_database Management of MySQL databases (schemas) mysql_grants Management of MySQL grants (user permissions) mysql_query Execution of MySQL queries mysql_user Management of MySQL users network Conﬁguration of network interfaces nftables Management of nables npm Installation of NPM Packages ntp Management of NTP servers openstack_config Manage OpenStack conﬁguration ﬁle seings. pagerduty Create an Event in PagerDuty pecl Installation of PHP Extensions Using pecl pip_state Installation of Python Packages Using pip pkg Installation of packages using OS package managers such as yum or apt-get pkgng Manage package remote repo using FreeBSD pkgng pkgrepo Management of APT/YUM package repos portage_config Management of Portage package conﬁguration on Gentoo ports Manage soware from FreeBSD ports postgres_database Management of PostgreSQL databases postgres_extension Management of PostgreSQL extensions (e.g.: postgis) postgres_group Management of PostgreSQL groups (roles) postgres_user Management of PostgreSQL users (roles) powerpath Powerpath conﬁguration support Continued on next page</p><p>22.27. Full list of builtin state modules 1075 Salt Documentation, Release 2014.7.6</p><p>Table 22.13 -- continued from previous page process Process Management pyenv Managing python installations with pyenv quota Management of POSIX otas rabbitmq_cluster Manage RabbitMQ Clusters rabbitmq_plugin Manage RabbitMQ Plugins rabbitmq_policy Manage RabbitMQ Policies rabbitmq_user Manage RabbitMQ Users rabbitmq_vhost Manage RabbitMQ Virtual Hosts rbenv Managing Ruby installations with rbenv rdp Manage RDP Service on Windows servers redismod Management of Redis server reg Manage the registry on Windows rvm Managing Ruby installations and gemsets with Ruby Version Manager (RVM) saltmod Control the Salt command interface schedule Management of the Salt scheduler selinux Management of SELinux rules serverdensity_device Monitor Server with Server Density service Starting or restarting of services and daemons smtp Sending Messages via SMTP ssh_auth Control of entries in SSH authorized_key ﬁles ssh_known_hosts Control of SSH known_hosts entries stateconf Stateconf System status Minion status monitoring supervisord Interaction with the Supervisor daemon svn Manage SVN repositories sysctl Conﬁguration of the Linux kernel using sysctl test Test States timezone Management of timezones tomcat is state uses the manager webapp to manage Apache tomcat webapps user Management of user accounts virtualenv_mod Setup of Python virtualenv sandboxes win_dns_client Module for conﬁguring DNS Client on Windows systems win_firewall State for conﬁguring Windows Firewall win_network Conﬁguration of network interfaces on Windows hosts win_path Manage the Windows System PATH win_servermanager Manage Windows features via the ServerManager powershell module win_system Management of Windows system information win_update Management of the windows update agent winrepo Manage Windows Package Repository xmpp Sending Messages over XMPP zcbuildout Management of zc.buildout zk_concurrency Control concurrency of steps within state execution using zookeeper</p><p>22.27.1 salt.states.alias</p><p>Configuration of email aliases</p><p>e mail aliases ﬁle can be managed to contain deﬁnitions for speciﬁc email aliases:</p><p>1076 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> username: alias.present: - target: user@example.com salt.states.alias.absent(name) Ensure that the named alias is absent name e alias to remove salt.states.alias.present(name, target) Ensures that the named alias is present with the given target or list of targets. If the alias exists but the target diﬀers from the previous entry, the target(s) will be overwrien. If the alias does not exist, the alias will be created. name e local user/address to assign an alias to target e forwarding address</p><p>22.27.2 salt.states.alternatives</p><p>Configuration of the alternatives system</p><p>Control the alternatives system</p><p>{% set my_hadoop_conf = '/opt/hadoop/conf' %}</p><p>{{ my_hadoop_conf }}: file.directory hadoop-0.20-conf: alternatives.install: - name: hadoop-0.20-conf - link: /etc/hadoop-0.20/conf - path: {{ my_hadoop_conf }} - priority: 30 - require: - file: {{ my_hadoop_conf }} hadoop-0.20-conf: alternatives.remove: - name: hadoop-0.20-conf - path: {{ my_hadoop_conf }} salt.states.alternatives.auto(name) New in version 0.17.0. Instruct alternatives to use the highest priority path for <name> name is the master name for this link group (e.g. pager) salt.states.alternatives.install(name, link, path, priority) Install new alternative for deﬁned <name> name is the master name for this link group (e.g. pager) link is the symlink pointing to /etc/alternatives/<name>. (e.g. /usr/bin/pager) path is the location of the new alternative target. NB: is ﬁle / directory must already exist. (e.g. /usr/bin/less)</name></name></name></p><p>22.27. Full list of builtin state modules 1077 Salt Documentation, Release 2014.7.6</p><p> priority is an integer; options with higher numbers have higher priority in automatic mode. salt.states.alternatives.remove(name, path) Removes installed alternative for deﬁned <name> and <path> or fallback to default alternative, if some deﬁned before. name is the master name for this link group (e.g. pager) path is the location of one of the alternative target ﬁles. (e.g. /usr/bin/less) salt.states.alternatives.set_(name, path) New in version 0.17.0. Sets alternative for <name> to <path>, if <path> is deﬁned as an alternative for <name>. name is the master name for this link group (e.g. pager) path is the location of one of the alternative target ﬁles. (e.g. /usr/bin/less)</name></path></path></name></path></name></p><p>22.27.3 salt.states.apache</p><p>Apache state New in version 2014.7.0. Allows for inpuing a yaml dictionary into a ﬁle for apache conﬁguration ﬁles. e variable this is special and signiﬁes what should be included with the above word between angle brackets (&lt;&gt;).</p><p>/etc/httpd/conf.d/website.com.conf: apache.configfile: - config: - VirtualHost: this: '*:80' ServerName: - website.com ServerAlias: - www.website.com - dev.website.com ErrorLog: logs/website.com-error_log CustomLog: logs/website.com-access_log combined DocumentRoot: /var/www/vhosts/website.com Directory: this: /var/www/vhosts/website.com Order: Deny,Allow Deny from: all Allow from: - 127.0.0.1 - 192.168.100.0/24 Options: - +Indexes - FollowSymlinks AllowOverride: All salt.states.apache.configfile(name, conﬁg)</p><p>1078 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>22.27.4 salt.states.apache_module</p><p>Manage Apache Modules</p><p>New in version 2014.7.0. Enable and disable apache modules.</p><p>Enable cgi module: apache_module.enable: - name: cgi</p><p>Disable cgi module: apache_module.disable: - name: cgi salt.states.apache_module.disable(name) Ensure an Apache module is disabled. name Name of the Apache module salt.states.apache_module.enable(name) Ensure an Apache module is enabled. name Name of the Apache module</p><p>22.27.5 salt.states.apt</p><p>Package management operations specific to APT- and DEB-based systems salt.states.apt.held(name) Set package in `hold' state, meaning it will not be upgraded. name e name of the package, e.g., `tmux'</p><p>22.27.6 salt.states.archive</p><p>Extract an archive New in version 2014.1.0. salt.states.archive.extracted(name, source, archive_format, tar_options=None, source_hash=None, if_missing=None, keep=False) New in version 2014.1.0. State that make sure an archive is extracted in a directory. e downloaded archive is erased if successfully extracted. e archive is downloaded only if necessary.</p><p>Note: If if_missing is not deﬁned, this state will check for name instead. If name exists, it will assume the archive was previously extracted successfully and will not extract it again.</p><p> graylog2-server: archive.extracted: - name: /opt/ - source: https://github.com/downloads/Graylog2/graylog2-server/graylog2-server-0.9.6p1.tar.lzma - source_hash: md5=499ae16dcae71eeb7c3a30c75ea7a1a6</p><p>22.27. Full list of builtin state modules 1079 Salt Documentation, Release 2014.7.6</p><p>- tar_options: J - archive_format: tar - if_missing: /opt/graylog2-server-0.9.6p1/</p><p> graylog2-server: archive.extracted: - name: /opt/ - source: https://github.com/downloads/Graylog2/graylog2-server/graylog2-server-0.9.6p1.tar.gz - source_hash: md5=499ae16dcae71eeb7c3a30c75ea7a1a6 - archive_format: tar - if_missing: /opt/graylog2-server-0.9.6p1/</p><p> name Directory name where to extract the archive source Archive source, same syntax as ﬁle.managed source argument. source_hash Hash of source ﬁle, or ﬁle with list of hash-to-ﬁle mappings. It uses the same syntax as the ﬁle.managed source_hash argument. arive_format tar, zip or rar if_missing Some archives, such as tar, extract themselves in a subfolder. is directive can be used to validate if the archive had been previously extracted. tar_options Required if used with archive_format: tar, otherwise optional. It needs to be the tar argument speciﬁc to the archive being extracted, such as `J' for LZMA or `v' to verbosely list ﬁles pro- cessed. Using this option means that the tar executable on the target will be used, which is less platform independent. Main operators like -x, --extract, --get, -c, etc. and -f/--ﬁle are shoult not be used here. If this option is not set, then the Python tarﬁle module is used. e tarﬁle module supports gzip and bz2 in Python 2. keep Keep the archive in the minion's cache</p><p>22.27.7 salt.states.at</p><p>Configuration disposable regularly scheduled tasks for at.</p><p>e at state can be add disposable regularly scheduled tasks for your system. salt.states.at.absent(name, jobid=None, **kwargs) Remove a job from queue e `kwargs' can include hour. minute. day. month. year limit Target range tag Job's tag runas Runs user-speciﬁed jobs</p><p> example1: at.absent: - limit: all</p><p> example2: at.absent: - limit: all - year: 13</p><p>1080 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> example3: at.absent: - limit: all - tag: rose - runas: jim</p><p> example4: at.absent: - limit: all - tag: rose - day: 13 - hour: 16 salt.states.at.present(name, timespec, tag=None, runas=None, user=None, job=None) Add a job to queue. job Command to run. timespec e `timespec' follows the format documented in the at(1) manpage. tag Make a tag for the job. runas Users run the job. Deprecated since version 2014.1.4. user e user to run the at job New in version 2014.1.4. rose: at.present: - job: 'echo "I love saltstack" &gt; love' - timespec: '9:09 11/09/13' - tag: love - user: jam</p><p>22.27.8 salt.states.augeas</p><p>Configuration management using Augeas</p><p>New in version 0.17.0. is state requires the augeas Python module. Augeas can be used to manage conﬁguration ﬁles.</p><p>Warning: Minimal installations of Debian and Ubuntu have been seen to have packaging bugs with python- augeas, causing the augeas module to fail to import. If the minion has the augeas module installed, and the state fails with a comment saying that the state is unavailable, ﬁrst restart the salt-minion service. If the problem persists past that, the following command can be run from the master to determine what is causing the import to fail:</p><p> salt minion-id cmd.run 'python -c "from augeas import Augeas"'</p><p>For aﬀected Debian/Ubuntu hosts, installing libpython2.7 has been known to resolve the issue. salt.states.augeas.change(name, context=None, changes=None, lens=None, **kwargs) New in version 2014.7.0.</p><p>22.27. Full list of builtin state modules 1081 Salt Documentation, Release 2014.7.6</p><p>is state replaces setvalue(). Issue changes to Augeas, optionally for a speciﬁc context, with a speciﬁc lens. name State name context e context to use. Set this to a ﬁle path, preﬁxed by /files, to avoid redundancy, e.g.:</p><p> redis-conf: augeas.change: - context: /files/etc/redis/redis.conf - changes: - set bind 0.0.0.0 - set maxmemory 1G</p><p>anges List of changes that are issued to Augeas. Available commands are set, mv/move, ins/insert, and rm/remove. lens e lens to use, needs to be suﬃxed with .lns, e.g.: Nginx.lns. See the list of stock lenses shipped with Augeas. Usage examples: Set the bind parameter in /etc/redis/redis.conf:</p><p> redis-conf: augeas.change: - changes: - set /files/etc/redis/redis.conf/bind 0.0.0.0</p><p>Note: Use the context parameter to specify the ﬁle you want to manipulate. is way you don't have to include this in the changes every time:</p><p> redis-conf: augeas.change: - context: /files/etc/redis/redis.conf - changes: - set bind 0.0.0.0 - set databases 4 - set maxmemory 1G</p><p>Augeas is aware of a lot of common conﬁguration ﬁles and their syntax. It knows the diﬀerence between for example ini and yaml ﬁles, but also ﬁles with very speciﬁc syntax, like the hosts ﬁle. is is done with lenses, which provide mappings between the Augeas tree and the ﬁle. ere are many preconﬁgured lenses that come with Augeas by default, and they specify the common locations for conﬁguration ﬁles. So most of the time Augeas will know how to manipulate a ﬁle. In the event that you need to manipulate a ﬁle that Augeas doesn't know about, you can specify the lens to use like this:</p><p> redis-conf: augeas.change: - lens: redis - context: /files/etc/redis/redis.conf - changes: - set bind 0.0.0.0</p><p>Note: Even though Augeas knows that /etc/redis/redis.conf is a Redis conﬁguration ﬁle and knows how to parse it, it is recommended to specify the lens anyway. is is because by default, Augeas loads all known lenses and their associated ﬁle paths. All these ﬁles are parsed when Augeas is loaded, which can take some time. When specifying a lens, Augeas is loaded with only that lens, which speeds things up quite a bit.</p><p>1082 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>A more complex example, this adds an entry to the services ﬁle for Zabbix, and removes an obsolete service:</p><p> zabbix-service: augeas.change: - lens: services - context: /files/etc/services - changes: - ins service-name after service-name[last()] - set service-name[last()] zabbix-agent - set service-name[. = 'zabbix-agent']/#comment "Zabbix Agent service" - set service-name[. = 'zabbix-agent']/port 10050 - set service-name[. = 'zabbix-agent']/protocol tcp - rm service-name[. = 'im-obsolete'] - unless: grep "zabbix-agent" /etc/services</p><p>Warning: Don't forget the unless here, otherwise a new entry will be added every time this state is run. salt.states.augeas.setvalue(name, preﬁx=None, changes=None, **kwargs) Deprecated since version 2014.7.0: Use change() instead. Set a value for a speciﬁc augeas path</p><p>22.27.9 salt.states.aws_sqs</p><p>Manage SQS eues</p><p>Create and destroy SQS queues. Be aware that this interacts with Amazon's services, and so may incur charges. is module uses the awscli tool provided by Amazon. is can be downloaded from pip. Also check the documen- tation for awscli for conﬁguration information. myqueue: aws_sqs.exists: - region: eu-west-1 salt.states.aws_sqs.absent(name, region, user=None, opts=False) Remove the named SQS queue if it exists. name Name of the SQS queue. region Region to remove the queue from user Name of the user performing the SQS operations opts Include additional arguments and options to the aws command line salt.states.aws_sqs.exists(name, region, user=None, opts=False) Ensure the SQS queue exists. name Name of the SQS queue. region Region to create the queue user Name of the user performing the SQS operations opts Include additional arguments and options to the aws command line</p><p>22.27. Full list of builtin state modules 1083 Salt Documentation, Release 2014.7.6</p><p>22.27.10 salt.states.blockdev</p><p>Management of Block Devices</p><p>A state module to manage blockdevices</p><p>/dev/sda: blockdev.tuned: - read-only: True master-data: blockdev.tuned:: - name : /dev/vg/master-data - read-only: True - read-ahead: 1024 salt.states.blockdev.formatted(name, fs_type='ext4', **kwargs) Manage ﬁlesystems of partitions. name e name of the block device fs_type e ﬁlesystem it should be formaed as salt.states.blockdev.tuned(name, **kwargs) Manage options of block device name e name of the block device opts: • read-ahead Read-ahead buﬀer size • ﬁlesystem-read-ahead Filesystem Read-ahead buﬀer size • read-only Set Read-Only • read-write Set Read-Write</p><p>22.27.11 salt.states.boto_asg</p><p>Manage Autoscale Groups</p><p>New in version 2014.7.0. Create and destroy autoscale groups. Be aware that this interacts with Amazon's services, and so may incur charges. is module uses boto, which can be installed via package, or pip. is module accepts explicit autoscale credentials but can also utilize IAM roles assigned to the instance trough Instance Proﬁles. Dynamic credentials are then automatically obtained from AWS API and no further conﬁguration is necessary. More Information available at: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html</p><p>If IAM roles are not used you need to specify them either in a pillar or in the minion's conﬁg ﬁle: asg.keyid: GKTADJGHEIQSXMKKRBJ08H asg.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs</p><p>1084 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>It's also possible to specify key, keyid and region via a proﬁle, either as a passed in dict, or as a string to pull from pillars or minion conﬁg: myproﬁle: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdkghWupUjasdﬂkdlgjsdajkghs re- gion: us-east-1</p><p>Ensure myasg exists: boto_asg.present: - name: myasg - launch_config_name: mylc - availability_zones: - us-east-1a - us-east-1b - min_size: 1 - max_size: 1 - desired_capacity: 1 - load_balancers: - myelb - suspended_processes: - AddToLoadBalancer - AlarmNotification - scaling_policies ------adjustment_type: ChangeInCapacity - as_name: api-production-iad - cooldown: 1800 - min_adjustment_step: None - name: ScaleDown - scaling_adjustment: -1 - region: us-east-1 - keyid: GKTADJGHEIQSXMKKRBJ08H - key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs</p><p># Using a profile from pillars. Ensure myasg exists: boto_asg.present: - name: myasg - launch_config_name: mylc - availability_zones: - us-east-1a - us-east-1b - min_size: 1 - max_size: 1 - desired_capacity: 1 - load_balancers: - myelb - profile: myprofile</p><p># Passing in a profile. Ensure myasg exists: boto_asg.present: - name: myasg - launch_config_name: mylc - availability_zones: - us-east-1a - us-east-1b - min_size: 1 - max_size: 1</p><p>22.27. Full list of builtin state modules 1085 Salt Documentation, Release 2014.7.6</p><p>- desired_capacity: 1 - load_balancers: - myelb - profile: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs region: us-east-1</p><p># Deleting an autoscale group with running instances. Ensure myasg is deleted: boto_asg.absent: - name: myasg # If instances exist, we must force the deletion of the asg. - force: True salt.states.boto_asg.absent(name, force=False, region=None, key=None, keyid=None, pro- ﬁle=None) Ensure the named autoscale group is deleted. name Name of the autoscale group. force Force deletion of autoscale group. region e region to connect to. key Secret key to be used. keyid Access key to be used. proﬁle A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid. salt.states.boto_asg.present(name, launch_conﬁg_name, availability_zones, min_size, max_size, launch_conﬁg=None, desired_capacity=None, load_balancers=None, default_cooldown=None, health_check_type=None, health_check_period=None, placement_group=None, vpc_zone_identiﬁer=None, tags=None, termination_policies=None, suspended_processes=None, scaling_policies=None, region=None, key=None, keyid=None, proﬁle=None) Ensure the autoscale group exists. name Name of the autoscale group. launch_conﬁg_name Name of the launch conﬁg to use for the group. Or, if launch_conﬁg is speciﬁed, this will be the launch conﬁg name's preﬁx. (see below) launch_conﬁg A dictionary of launch conﬁg aributes. If speciﬁed, a launch conﬁg will be used or created, matching this set of aributes, and the autoscale group will be set to use that launch conﬁg. e launch conﬁg name will be the launch_conﬁg_name followed by a hyphen followed by a hash of the launch_conﬁg dict contents. availability_zones List of availability zones for the group. min_size Minimum size of the group. max_size Maximum size of the group. desired_capacity e desired capacity of the group. load_balancers List of load balancers for the group. Once set this can not be updated (Amazon restriction). default_cooldown Number of seconds aer a Scaling Activity completes before any further scaling activities can start.</p><p>1086 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> health_e_type e service you want the health status from, Amazon EC2 or Elastic Load Balancer (EC2 or ELB). health_e_period Length of time in seconds aer a new EC2 instance comes into service that Auto Scaling starts checking its health. placement_group Physical location of your cluster placement group created in Amazon EC2. Once set this can not be updated (Amazon restriction). vpc_zone_identiﬁer A list of the subnet identiﬁers of the Virtual Private Cloud. tags A list of tags. Example: • key: `key' value: `value' propagate_at_launch: true termination_policies A list of termination policies. Valid values are: “OldestInstance”, “NewestInstance”, “OldestLaunchConﬁguration”, “ClosestToNextInstanceHour”, “Default”. If no value is speciﬁed, the “De- fault” value is used. suspended_processes List of processes to be suspended. see hp://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/US_SuspendResume.html scaling_policies List of scaling policies. Each policy is a dict of key-values described by hp://boto.readthedocs.org/en/latest/ref/autoscale.html#boto.ec2.autoscale.policy.ScalingPolicy region e region to connect to. key Secret key to be used. keyid Access key to be used. proﬁle A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.</p><p>22.27.12 salt.states.boto_cloudwatch_alarm</p><p>Manage Cloudwatch alarms</p><p>New in version 2014.7.0. Create and destroy cloudwatch alarms. Be aware that this interacts with Amazon's services, and so may incur charges. is module uses boto, which can be installed via package, or pip. is module accepts explicit credentials but can also utilize IAM roles assigned to the instance trough Instance Pro- ﬁles. Dynamic credentials are then automatically obtained from AWS API and no further conﬁguration is necessary. More Information available at: hp://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html If IAM roles are not used you need to specify them either in a pillar or in the minion's conﬁg ﬁle: cloudwatch.keyid: GKTADJGHEIQSXMKKRBJ08H cloudwatch.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs</p><p>It's also possible to specify key, keyid and region via a proﬁle, either as a passed in dict, or as a string to pull from pillars or minion conﬁg:</p><p>22.27. Full list of builtin state modules 1087 Salt Documentation, Release 2014.7.6</p><p> myprofile: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs region: us-east-1 my test alarm: boto_cloudwatch_alarm.present: - name: my test alarm - attributes: metric: ApproximateNumberOfMessagesVisible namespace: AWS/SQS statistic: Average comparison: "&gt;=" threshold: 20000.0 period: 60 evaluation_periods: 1 description: test alarm via salt dimensions: QueueName: - the-sqs-queue-name alarm_actions: - arn:aws:sns:us-east-1:1111111:myalerting-action salt.states.boto_cloudwatch_alarm.absent(name, region=None, key=None, keyid=None, pro- ﬁle=None) Ensure the named cloudwatch alarm is deleted. name Name of the alarm. region Region to connect to. key Secret key to be used. keyid Access key to be used. proﬁle A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid. salt.states.boto_cloudwatch_alarm.present(name, aributes, region=None, key=None, keyid=None, proﬁle=None) Ensure the cloudwatch alarm exists. name Name of the alarm attributes A dict of key/value cloudwatch alarm aributes. region Region to connect to. key Secret key to be used. keyid Access key to be used. proﬁle A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.</p><p>1088 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>22.27.13 salt.states.boto_elasticache</p><p>Manage Elasticache</p><p>New in version 2014.7.0. Create, destroy and update Elasticache clusters. Be aware that this interacts with Amazon's services, and so may incur charges. Note: is module currently only supports creation and deletion of elasticache resources and will not modify clusters when their conﬁguration changes in your state ﬁles. is module uses boto, which can be installed via package, or pip. is module accepts explicit elasticache credentials but can also utilize IAM roles assigned to the instance through Instance Proﬁles. Dynamic credentials are then automatically obtained from AWS API and no further conﬁguration is necessary. More information available here. If IAM roles are not used you need to specify them either in a pillar ﬁle or in the minion's conﬁg ﬁle: elasticache.keyid: GKTADJGHEIQSXMKKRBJ08H elasticache.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs</p><p>It's also possible to specify key, keyid and region via a proﬁle, either passed in as a dict, or as a string to pull from pillars or minion conﬁg: myprofile: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs region: us-east-1</p><p>Ensure myelasticache exists: boto_elasticache.present: - name: myelasticache - engine: redis - cache_node_type: cache.t1.micro - num_cache_nodes: 1 - notification_topic_arn: arn:aws:sns:us-east-1:879879:my-sns-topic - region: us-east-1 - keyid: GKTADJGHEIQSXMKKRBJ08H - key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs</p><p># Using a profile from pillars Ensure myelasticache exists: boto_elasticache.present: - name: myelasticache - engine: redis - cache_node_type: cache.t1.micro - num_cache_nodes: 1 - notification_topic_arn: arn:aws:sns:us-east-1:879879:my-sns-topic - region: us-east-1 - profile: myprofile</p><p># Passing in a profile Ensure myelasticache exists: boto_elasticache.present: - name: myelasticache</p><p>22.27. Full list of builtin state modules 1089 Salt Documentation, Release 2014.7.6</p><p>- engine: redis - cache_node_type: cache.t1.micro - num_cache_nodes: 1 - notification_topic_arn: arn:aws:sns:us-east-1:879879:my-sns-topic - region: us-east-1 - profile: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs salt.states.boto_elasticache.absent(name, wait=True, region=None, key=None, keyid=None, proﬁle=None) Ensure the named elasticache cluster is deleted. name Name of the cache cluster. wait Boolean. Wait for conﬁrmation from boto that the cluster is in the deleting state. region Region to connect to. key Secret key to be used. keyid Access key to be used. proﬁle A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid. salt.states.boto_elasticache.present(name, engine, cache_node_type, num_cache_nodes=1, preferred_availability_zone=None, port=None, cache_parameter_group_name=None, cache_security_group_names=None, replication_group_id=None, auto_minor_version_upgrade=True, secu- rity_group_ids=None, cache_subnet_group_name=None, engine_version=None, notiﬁcation_topic_arn=None, preferred_maintenance_window=None, wait=True, region=None, key=None, keyid=None, proﬁle=None) Ensure the cache cluster exists. name Name of the cache cluster (cache cluster id). engine e name of the cache engine to be used for this cache cluster. Valid values are memcached or redis. cae_node_type e compute and memory capacity of the nodes in the cache cluster. cache.t1.micro, cache.m1.small, etc. See: hp://boto.readthedocs.org/en/latest/ref/elasticache.html#boto.elasticache.layer1.ElastiCacheConnection.create_cache_cluster num_cae_nodes e number of cache nodes that the cache cluster will have. preferred_availability_zone e EC2 Availability Zone in which the cache cluster will be created. All cache nodes belonging to a cache cluster are placed in the preferred availability zone. port e port number on which each of the cache nodes will accept connections. cae_parameter_group_name e name of the cache parameter group to associate with this cache cluster. If this argument is omied, the default cache parameter group for the speciﬁed engine will be used. cae_security_group_names A list of cache security group names to associate with this cache cluster. Use this parameter only when you are creating a cluster outside of a VPC. replication_group_id e replication group to which this cache cluster should belong. If this parameter is speciﬁed, the cache cluster will be added to the speciﬁed replication group as a read replica; otherwise, the cache cluster will be a standalone primary that is not part of any replication group.</p><p>1090 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> auto_minor_version_upgrade Determines whether minor engine upgrades will be applied automatically to the cache cluster during the maintenance window. A value of True allows these upgrades to occur; False disables automatic upgrades. security_group_ids One or more VPC security groups associated with the cache cluster. Use this parameter only when you are creating a cluster in a VPC. cae_subnet_group_name e name of the cache subnet group to be used for the cache cluster. Use this parameter only when you are creating a cluster in a VPC. engine_version e version number of the cache engine to be used for this cluster. notiﬁcation_topic_arn e Amazon Resource Name (ARN) of the Amazon Simple Notiﬁcation Service (SNS) topic to which notiﬁcations will be sent. e Amazon SNS topic owner must be the same as the cache cluster owner. preferred_maintenance_window e weekly time range (in UTC) during which system maintenance can occur. Example: sun:05:00-sun:09:00 wait Boolean. Wait for conﬁrmation from boto that the cluster is in the creating state. region Region to connect to. key Secret key to be used. keyid Access key to be used. proﬁle A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.</p><p>22.27.14 salt.states.boto_elb</p><p>Manage ELBs</p><p>New in version 2014.7.0. Create and destroy ELBs. Be aware that this interacts with Amazon's services, and so may incur charges. is module uses boto, which can be installed via package, or pip. is module accepts explicit elb credentials but can also utilize IAM roles assigned to the instance through Instance Proﬁles. Dynamic credentials are then automatically obtained from AWS API and no further conﬁguration is neces- sary. More information available here. If IAM roles are not used you need to specify them either in a pillar ﬁle or in the minion's conﬁg ﬁle: elb.keyid: GKTADJGHEIQSXMKKRBJ08H elb.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs</p><p>It's also possible to specify key, keyid and region via a proﬁle, either passed in as a dict, or as a string to pull from pillars or minion conﬁg: myprofile: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs region: us-east-1</p><p>22.27. Full list of builtin state modules 1091 Salt Documentation, Release 2014.7.6</p><p>Ensure myelb ELB exists: boto_elb.present: - name: myelb - region: us-east-1 - keyid: GKTADJGHEIQSXMKKRBJ08H - key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs - listeners: - elb_port: 443 instance_port: 80 elb_protocol: HTTPS instance_protocol: HTTP certificate: 'arn:aws:iam::1111111:server-certificate/mycert' - elb_port: 8210 instance_port: 8210 elb_protocol: TCP - health_check: target: 'HTTP:80/' - attributes: cross_zone_load_balancing: enabled: true access_log: enabled: true s3_bucket_name: 'mybucket' s3_bucket_prefix: 'my-logs' emit_interval: 5 - cnames: - name: mycname.example.com. zone: example.com. ttl: 60 - name: myothercname.example.com. zone: example.com.</p><p># Using a profile from pillars Ensure myelb ELB exists: boto_elb.present: - name: myelb - region: us-east-1 - profile: myelbprofile</p><p># Passing in a profile Ensure myelb ELB exists: boto_elb.present: - name: myelb - region: us-east-1 - profile: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs salt.states.boto_elb.absent(name, region=None, key=None, keyid=None, proﬁle=None) salt.states.boto_elb.present(name, listeners, availability_zones=None, subnets=None, secu- rity_groups=None, scheme='internet-facing', health_check=None, at- tributes=None, cnames=None, region=None, key=None, keyid=None, proﬁle=None) Ensure the IAM role exists. name Name of the IAM role. availability_zones A list of availability zones for this ELB.</p><p>1092 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> listeners A list of listener lists; example: [[`443', `HTTPS', `arn:aws:iam::1111111:server-certiﬁcate/mycert'], [`8443', `80', `HTTPS', `HTTP', `arn:aws:iam::1111111:server-certiﬁcate/mycert']] subnets A list of subnet IDs in your VPC to aach to your LoadBalancer. security_groups e security groups assigned to your LoadBalancer within your VPC. seme e type of a LoadBalancer. internet-facing or internal. Once set, can not be modiﬁed. health_e A dict deﬁning the health check for this ELB. attributes A dict deﬁning the aributes to set on this ELB. cnames A list of cname dicts with aributes: name, zone, l, and identiﬁer. See the boto_route53 state for information about these aributes. region Region to connect to. key Secret key to be used. keyid Access key to be used. proﬁle A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.</p><p>22.27.15 salt.states.boto_iam_role</p><p>Manage IAM roles.</p><p>New in version 2014.7.0. is module uses boto, which can be installed via package, or pip. is module accepts explicit IAM credentials but can also utilize IAM roles assigned to the instance through In- stance Proﬁles. Dynamic credentials are then automatically obtained from AWS API and no further conﬁguration is necessary. More information available here. If IAM roles are not used you need to specify them either in a pillar ﬁle or in the minion's conﬁg ﬁle: iam.keyid: GKTADJGHEIQSXMKKRBJ08H iam.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs</p><p>It's also possible to specify key, keyid and region via a proﬁle, either passed in as a dict, or as a string to pull from pillars or minion conﬁg: myprofile: keyid: GKTADJGHEIQSXMKKRBJ08H key: askjghsdfjkghWupUjasdflkdfklgjsdfjajkghs region: us-east-1</p><p>Creating a role will automatically create an instance proﬁle and associate it with the role. is is the default behavior of the AWS console. myrole: boto_iam_role.present: - region: us-east-1 - key: GKTADJGHEIQSXMKKRBJ08H - keyid: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs - policies:</p><p>22.27. Full list of builtin state modules 1093 Salt Documentation, Release 2014.7.6</p><p>MySQSPolicy: Statement: - Action: - sqs:* Effect: Allow Resource: - arn:aws:sqs:*:*:* Sid: MyPolicySQS1 MyS3Policy: Statement: - Action: - s3:GetObject Effect: Allow Resource: - arn:aws:s3:*:*:mybucket/*</p><p># Using a credentials profile from pillars myrole: boto_iam_role.present: - region: us-east-1 - profile: myiamprofile</p><p># Passing in a credentials profile myrole: boto_iam_role.present: - region: us-east-1 - profile: key: GKTADJGHEIQSXMKKRBJ08H keyid: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs salt.states.boto_iam_role.absent(name, region=None, key=None, keyid=None, proﬁle=None) Ensure the IAM role is deleted. name Name of the IAM role. region Region to connect to. key Secret key to be used. keyid Access key to be used. proﬁle A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid. salt.states.boto_iam_role.present(name, policy_document=None, path=None, policies=None, re- gion=None, key=None, keyid=None, proﬁle=None) Ensure the IAM role exists. name Name of the IAM role. policy_document e policy that grants an entity permission to assume the role. (See hp://boto.readthedocs.org/en/latest/ref/iam.html#boto.iam.connection.IAMConnection.create_role) path e path to the instance proﬁle. (See hp://boto.readthedocs.org/en/latest/ref/iam.html#boto.iam.connection.IAMConnection.create_role) policies A dict of IAM role policies. region Region to connect to. key Secret key to be used. keyid Access key to be used.</p><p>1094 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> proﬁle A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.</p><p>22.27.16 salt.states.boto_lc</p><p>Manage Launch Configurations</p><p>New in version 2014.7.0. Create and destroy Launch Conﬁgurations. Be aware that this interacts with Amazon's services, and so may incur charges. A limitation of this module is that you can not modify launch conﬁgurations once they have been created. If a launch conﬁguration with the speciﬁed name exists, this module will always report success, even if the speciﬁed conﬁguration doesn't match. is is due to a limitation in Amazon's launch conﬁguration API, as it only allows launch conﬁgurations to be created and deleted. Also note that a launch conﬁguration that's in use by an autoscale group can not be deleted until the autoscale group is no longer using it. is may aﬀect the way in which you want to order your states. is module uses boto, which can be installed via package, or pip. is module accepts explicit autoscale credentials but can also utilize IAM roles assigned to the instance through Instance Proﬁles. Dynamic credentials are then automatically obtained from AWS API and no further conﬁguration is necessary. More information available here. If IAM roles are not used you need to specify them either in a pillar ﬁle or in the minion's conﬁg ﬁle: asg.keyid: GKTADJGHEIQSXMKKRBJ08H asg.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs</p><p>It's also possible to specify key, keyid and region via a proﬁle, either passed in as a dict, or as a string to pull from pillars or minion conﬁg: myprofile: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs region: us-east-1</p><p>Credential information is shared with autoscale groups as launch conﬁgurations and autoscale groups are completely dependent on each other.</p><p>Ensure mylc exists: boto_lc.present: - name: mylc - image_id: ami-0b9c9f62 - key_name: mykey - security_groups: - mygroup - instance_type: m1.small - instance_monitoring: true - block_device_mappings: - '/dev/sda1': size: 20 - cloud_init: scripts:</p><p>22.27. Full list of builtin state modules 1095 Salt Documentation, Release 2014.7.6</p><p>'run_salt.sh': | #!/bin/bash</p><p> add-apt-repository -y ppa:saltstack/salt apt-get update apt-get install -y salt-minion salt-call state.highstate - region: us-east-1 - keyid: GKTADJGHEIQSXMKKRBJ08H - key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs</p><p># Using a profile from pillars. Ensure mylc exists: boto_lc.present: - name: mylc - image_id: ami-0b9c9f62 - profile: myprofile</p><p># Passing in a profile. Ensure mylc exists: boto_lc.present: - name: mylc - image_id: ami-0b9c9f62 - profile: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs region: us-east-1 salt.states.boto_lc.absent(name, region=None, key=None, keyid=None, proﬁle=None) Ensure the named launch conﬁguration is deleted. name Name of the launch conﬁguration. region e region to connect to. key Secret key to be used. keyid Access key to be used. proﬁle A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid. salt.states.boto_lc.present(name, image_id, key_name=None, secu- rity_groups=None, user_data=None, cloud_init=None, in- stance_type='m1.small', kernel_id=None, ramdisk_id=None, block_device_mappings=None, instance_monitoring=False, spot_price=None, instance_proﬁle_name=None, ebs_optimized=False, associate_public_ip_address=None, vol- ume_type=None, delete_on_termination=True, iops=None, use_block_device_types=False, region=None, key=None, keyid=None, proﬁle=None) Ensure the launch conﬁguration exists. name Name of the launch conﬁguration. image_id AMI to use for instances. AMI must exist or creation of the launch conﬁguration will fail. key_name Name of the EC2 key pair to use for instances. Key must exist or creation of the launch conﬁgura- tion will fail.</p><p>1096 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> security_groups List of Names or security group id’s of the security groups with which to associate the EC2 instances or VPC instances, respectively. Security groups must exist, or creation of the launch conﬁgu- ration will fail. user_data e user data available to launched EC2 instances. cloud_init A dict of cloud_init conﬁguration. Currently supported values: scripts, cloud-conﬁg. Mutually exlusive with user_data. instance_type e instance type. ex: m1.small. kernel_id e kernel id for the instance. ramdisk_id e RAM disk ID for the instance. blo_device_mappings A dict of block device mappings. instance_monitoring Whether instances in group are launched with detailed monitoring. spot_price e spot price you are bidding. Only applies if you are building an autoscaling group with spot instances. instance_proﬁle_name e name or the Amazon Resource Name (ARN) of the instance proﬁle associated with the IAM role for the instance. Instance proﬁle must exist or the creation of the launch conﬁguration will fail. ebs_optimized Speciﬁes whether the instance is optimized for EBS I/O (true) or not (false). associate_public_ip_address Used for Auto Scaling groups that launch instances into an Amazon Virtual Private Cloud. Speciﬁes whether to assign a public IP address to each instance launched in a Amazon VPC. volume_type Undocumented in boto. delete_on_termination Undocumented in boto. iops Undocumented in boto. use_blo_device_types Undocumented in boto. region e region to connect to. key Secret key to be used. keyid Access key to be used. proﬁle A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.</p><p>22.27.17 salt.states.boto_route53</p><p>Manage Route53 records</p><p>New in version 2014.7.0. Create and delete Route53 records. Be aware that this interacts with Amazon's services, and so may incur charges. is module uses boto, which can be installed via package, or pip. is module accepts explicit route53 credentials but can also utilize IAM roles assigned to the instance through Instance Proﬁles. Dynamic credentials are then automatically obtained from AWS API and no further conﬁguration is necessary. More information available here. If IAM roles are not used you need to specify them either in a pillar ﬁle or in the minion's conﬁg ﬁle:</p><p>22.27. Full list of builtin state modules 1097 Salt Documentation, Release 2014.7.6</p><p> route53.keyid: GKTADJGHEIQSXMKKRBJ08H route53.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs</p><p>It's also possible to specify key, keyid and region via a proﬁle, either passed in as a dict, or as a string to pull from pillars or minion conﬁg: myprofile: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs region: us-east-1 mycnamerecord: boto_route53.present: - name: test.example.com. - value: my-elb.us-east-1.elb.amazonaws.com. - zone: example.com. - ttl: 60 - record_type: CNAME - region: us-east-1 - keyid: GKTADJGHEIQSXMKKRBJ08H - key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs</p><p># Using a profile from pillars myarecord: boto_route53.present: - name: test.example.com. - value: 1.1.1.1 - zone: example.com. - ttl: 60 - record_type: A - region: us-east-1 - profile: myprofile</p><p># Passing in a profile myarecord: boto_route53.present: - name: test.example.com. - value: 1.1.1.1 - zone: example.com. - ttl: 60 - record_type: A - region: us-east-1 - profile: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs salt.states.boto_route53.absent(name, zone, record_type, identiﬁer=None, region=None, key=None, keyid=None, proﬁle=None) Ensure the Route53 record is deleted. name Name of the record. zone e zone to delete the record from. identiﬁer An identiﬁer to match for deletion. region e region to connect to.</p><p>1098 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> key Secret key to be used. keyid Access key to be used. proﬁle A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid. salt.states.boto_route53.present(name, value, zone, record_type, l=None, identiﬁer=None, re- gion=None, key=None, keyid=None, proﬁle=None) Ensure the Route53 record is present. name Name of the record. value Value of the record. zone e zone to create the record in. record_type e record type. Currently supported values: A, CNAME, MX ttl e time to live for the record. identiﬁer e unique identiﬁer to use for this record. region e region to connect to. key Secret key to be used. keyid Access key to be used. proﬁle A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.</p><p>22.27.18 salt.states.boto_secgroup</p><p>Manage Security Groups</p><p>New in version 2014.7.0. Create and destroy Security Groups. Be aware that this interacts with Amazon's services, and so may incur charges. is module uses boto, which can be installed via package, or pip. is module accepts explicit EC2 credentials but can also utilize IAM roles assigned to the instance through In- stance Proﬁles. Dynamic credentials are then automatically obtained from AWS API and no further conﬁguration is necessary. More information available here. If IAM roles are not used you need to specify them either in a pillar ﬁle or in the minion's conﬁg ﬁle: secgroup.keyid: GKTADJGHEIQSXMKKRBJ08H secgroup.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs</p><p>It's also possible to specify key, keyid and region via a proﬁle, either passed in as a dict, or as a string to pull from pillars or minion conﬁg: myprofile: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs region: us-east-1</p><p>22.27. Full list of builtin state modules 1099 Salt Documentation, Release 2014.7.6</p><p>Ensure mysecgroup exists: boto_secgroup.present: - name: mysecgroup - description: My security group - rules: - ip_protocol: tcp from_port: 80 to_port: 80 cidr_ip: - 10.0.0.0/0 - 192.168.0.0/0 - region: us-east-1 - keyid: GKTADJGHEIQSXMKKRBJ08H - key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs</p><p># Using a profile from pillars Ensure mysecgroup exists: boto_secgroup.present: - name: mysecgroup - description: My security group - region: us-east-1 - profile: myprofile</p><p># Passing in a profile Ensure mysecgroup exists: boto_secgroup.present: - name: mysecgroup - description: My security group - region: us-east-1 - profile: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs salt.states.boto_secgroup.absent(name, vpc_id=None, region=None, key=None, keyid=None, pro- ﬁle=None) Ensure a security group with the speciﬁed name does not exist. name Name of the security group. vpc_id e ID of the VPC to create the security group in, if any. region Region to connect to. key Secret key to be used. keyid Access key to be used. proﬁle A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid. salt.states.boto_secgroup.present(name, description, vpc_id=None, rules=None, region=None, key=None, keyid=None, proﬁle=None) Ensure the security group exists with the speciﬁed rules. name Name of the security group. description A description of this security group. vpc_id e ID of the VPC to create the security group in, if any. rules A list of ingress rule dicts.</p><p>1100 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> region Region to connect to. key Secret key to be used. keyid Access key to be used. proﬁle A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.</p><p>22.27.19 salt.states.boto_sqs</p><p>Manage SQS eues</p><p>New in version 2014.7.0. Create and destroy SQS queues. Be aware that this interacts with Amazon's services, and so may incur charges. is module uses boto, which can be installed via package, or pip. is module accepts explicit SQS credentials but can also utilize IAM roles assigned to the instance through In- stance Proﬁles. Dynamic credentials are then automatically obtained from AWS API and no further conﬁguration is necessary. More information available here. If IAM roles are not used you need to specify them either in a pillar ﬁle or in the minion's conﬁg ﬁle: sqs.keyid: GKTADJGHEIQSXMKKRBJ08H sqs.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs</p><p>It's also possible to specify key, keyid and region via a proﬁle, either passed in as a dict, or as a string to pull from pillars or minion conﬁg: myprofile: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs region: us-east-1 myqueue: boto_sqs.present: - region: us-east-1 - keyid: GKTADJGHEIQSXMKKRBJ08H - key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs - attributes: ReceiveMessageWaitTimeSeconds: 20</p><p># Using a profile from pillars myqueue: boto_sqs.present: - region: us-east-1 - profile: mysqsprofile</p><p># Passing in a profile myqueue: boto_sqs.present: - region: us-east-1 - profile: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs</p><p>22.27. Full list of builtin state modules 1101 Salt Documentation, Release 2014.7.6 salt.states.boto_sqs.absent(name, region=None, key=None, keyid=None, proﬁle=None) Ensure the named sqs queue is deleted. name Name of the SQS queue. region Region to connect to. key Secret key to be used. keyid Access key to be used. proﬁle A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid. salt.states.boto_sqs.present(name, aributes=None, region=None, key=None, keyid=None, pro- ﬁle=None) Ensure the SQS queue exists. name Name of the SQS queue. attributes A dict of key/value SQS aributes. region Region to connect to. key Secret key to be used. keyid Access key to be used. proﬁle A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.</p><p>22.27.20 salt.states.cloud</p><p>Using states instead of maps to deploy clouds</p><p>New in version 2014.1.0. Use this minion to spin up a cloud instance: my-ec2-instance: cloud.profile: my-ec2-config salt.states.cloud.absent(name, onlyif=None, unless=None) Ensure that no instances with the speciﬁed names exist. CAUTION: is is a destructive state, which will search all conﬁgured cloud providers for the named instance, and destroy it. name e name of the instance to destroy onlyif Do run the state only if is unless succeed unless Do not run the state at least unless succeed salt.states.cloud.present(name, cloud_provider, onlyif=None, unless=None, **kwargs) Spin up a single instance on a cloud provider, using salt-cloud. is state does not take a proﬁle argument; rather, it takes the arguments that would normally be conﬁgured as part of the state. Note that while this function does take any conﬁguration argument that would normally be used to create an instance, it will not verify the state of any of those arguments on an existing instance. Stateful properties of an instance should be conﬁgured using their own individual state (i.e., cloud.tagged, cloud.untagged, etc).</p><p>1102 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> name e name of the instance to create cloud_provider e name of the cloud provider to use onlyif Do run the state only if is unless succeed unless Do not run the state at least unless succeed salt.states.cloud.profile(name, proﬁle, onlyif=None, unless=None, **kwargs) Create a single instance on a cloud provider, using a salt-cloud proﬁle. Note that while proﬁles used this function do take any conﬁguration argument that would normally be used to create an instance using a proﬁle, this state will not verify the state of any of those arguments on an existing instance. Stateful properties of an instance should be conﬁgured using their own individual state (i.e., cloud.tagged, cloud.untagged, etc). name e name of the instance to create proﬁle e name of the cloud proﬁle to use onlyif Do run the state only if is unless succeed unless Do not run the state at least unless succeed kwargs Any proﬁle override or addition salt.states.cloud.volume_absent(name, provider=None, **kwargs) Check that a block volume exists. salt.states.cloud.volume_attached(name, server_name, provider=None, **kwargs) Check if a block volume is aached. salt.states.cloud.volume_detached(name, server_name=None, provider=None, **kwargs) Check if a block volume is aached. Returns True if server or Volume do not exist. salt.states.cloud.volume_present(name, provider=None, **kwargs) Check that a block volume exists.</p><p>22.27.21 salt.states.cmd</p><p>Execution of arbitrary commands</p><p>e cmd state module manages the enforcement of executed commands, this state can tell a command to run under certain circ*mstances. A simple example to execute a command: date &gt; /tmp/salt-run: cmd.run</p><p>Only run if another execution failed, in this case truncate syslog if there is no disk space:</p><p>&gt; /var/log/messages: cmd.run: - unless: echo 'foo' &gt; /tmp/.test</p><p>Only run if the ﬁle speciﬁed by creates does not exist, in this case touch /tmp/foo if it does not exist.</p><p>22.27. Full list of builtin state modules 1103 Salt Documentation, Release 2014.7.6</p><p> touch /tmp/foo: cmd.run: - creates: /tmp/foo</p><p>Note: e creates option was added to version 2014.7.0</p><p>Salt determines whether the cmd state is successfully enforced based on the exit code returned by the command. If the command returns a zero exit code, then salt determines that the state was successfully enforced. If the script returns a non-zero exit code, then salt determines that it failed to successfully enforce the state. If a command returns a non-zero exit code but you wish to treat this as a success, then you must place the command in a script and explicitly set the exit code of the script to zero. Please note that the success or failure of the state is not aﬀected by whether a state change occurred nor the stateful argument. When executing a command or script, the state (i.e., changed or not) of the command is unknown to Salt's state system. erefore, by default, the cmd state assumes that any command execution results in a changed state. is means that if a cmd state is watched by another state then the state that's watching will always be executed due to the changed state in the cmd state. Many state functions in this module now also accept a stateful argument. If stateful is speciﬁed to be true then it is assumed that the command or script will determine its own state and communicate it back by following a simple protocol described below: 1. If there's nothing in the stdout of the command, then assume no anges. Otherwise, the stdout must be either in JSON or its last non-empty line must be a string of key=value pairs delimited by spaces (no spaces on either side of =). 2. If it's JSON then it must be a JSON object (e.g., {}). If it's key=value pairs then quoting may be used to include spaces. (Python's shlex module is used to parse the key=value string) Two special keys or aributes are recognized in the output:</p><p> changed: bool (i.e., 'yes', 'no', 'true', 'false', case-insensitive) comment: str (i.e., any string)</p><p>So, only if changed is True then assume the command execution has changed the state, and any other key values or aributes in the output will be set as part of the changes. 3. If there's a comment then it will be used as the comment of the state. Here's an example of how one might write a shell script for use with a stateful command:</p><p>#!/bin/bash # echo "Working hard..."</p><p># writing the state line echo # an empty line here so the next line will be the last. echo "changed=yes comment='something has changed' whatever=123"</p><p>And an example SLS ﬁle using this module:</p><p>Run myscript: cmd.run: - name: /path/to/myscript - cwd: / - stateful: True</p><p>1104 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Run only if myscript changed something: cmd.wait: - name: echo hello - cwd: / - watch: - cmd: Run myscript</p><p>Note that if the cmd.wait state also speciﬁes stateful: True it can then be watched by some other states as well. cmd.wait is not restricted to watching only cmd states. For example it can also watch a git state for changes</p><p># Watch for changes to a git repo and rebuild the project on updates my-project: git.latest: - name: git@github.com/repo/foo - target: /opt/foo - rev: master cmd.wait: - name: make install - cwd: /opt/foo - watch: - git: my-project</p><p>Should I use cmd.run or cmd.wait? ------ese two states are oen confused. e important thing to remember about them is that cmd.run states are run each time the SLS ﬁle that contains them is applied. If it is more desirable to have a command that only runs aer some other state changes, then cmd.wait does just that. cmd.wait is designed to watch other states, and is executed when the state it is watching changes. Example:</p><p>/usr/local/bin/postinstall.sh: cmd.wait: - watch: - pkg: mycustompkg file.managed: - source: salt://utils/scripts/postinstall.sh</p><p> mycustompkg: pkg.installed: - require: - file: /usr/local/bin/postinstall.sh</p><p>How do I create an environment from a pillar map?</p><p>e map that comes from a pillar cannot be directly consumed by the env option. To use it one must convert it to a list. Example:</p><p> printenv: cmd.run: - env: {% for key, value in pillar['keys'].iteritems() %} - '{{ key }}': '{{ value }}' {% endfor %}</p><p>22.27. Full list of builtin state modules 1105 Salt Documentation, Release 2014.7.6 salt.states.cmd.call(name, func, args=(), kws=None, onlyif=None, unless=None, creates=None, out- put_loglevel='debug', use_vt=False, **kwargs) Invoke a pre-deﬁned Python function with arguments speciﬁed in the state declaration. is function is mainly used by the salt.renderers.pydsl renderer. e interpretation of onlyif and unless arguments are identical to those of cmd.run, and all other arguments(cwd, runas, …) allowed by cmd.run are allowed here, except that their eﬀects apply only to the commands speciﬁed in onlyif and unless rather than to the function to be invoked. In addition, the stateful argument has no eﬀects here. e return value of the invoked function will be interpreted as follows. If it's a dictionary then it will be passed through to the state system, which expects it to have the usual structure returned by any salt state function. Otherwise, the return value (denoted as result in the code below) is expected to be a JSON serializable object, and this dictionary is returned:</p><p>{ 'name': name 'changes':{'retval': result}, 'result': True if result is None else bool(result), 'comment': result if isinstance(result, string_types) else '' } salt.states.cmd.mod_run_check(cmd_kwargs, onlyif, unless, group, creates) Execute the onlyif and unless logic. Return a result dict if: * group is not available * onlyif failed (onlyif != 0) * unless succeeded (unless == 0) else return True salt.states.cmd.mod_watch(name, **kwargs) Execute a cmd function based on a watch call salt.states.cmd.run(name, onlyif=None, unless=None, creates=None, cwd=None, user=None, group=None, shell=None, env=None, stateful=False, umask=None, out- put_loglevel='debug', quiet=False, timeout=None, use_vt=False, **kwargs) Run a command if certain circ*mstances are met. Use cmd.wait if you want to use the watch requisite. name e command to execute, remember that the command will execute with the path and permissions of the salt-minion. onlyif A command to run as a check, run the named command only if the command passed to the onlyif option returns true unless A command to run as a check, only run the named command if the command passed to the unless option returns false cwd e current working directory to execute the command in, defaults to /root user e user name to run the command as group e group context to run the command as shell e shell to use for execution, defaults to the shell grain env A list of environment variables to be set prior to execution. Example:</p><p> salt://scripts/foo.sh: cmd.script: - env: - BATCH: 'yes'</p><p>1106 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Warning: e above illustrates a common PyYAML pitfall, that yes, no, on, oﬀ, true, and false are all loaded as boolean True and False values, and must be enclosed in quotes to be used as strings. More info on this (and other) PyYAML idiosyncrasies can be found here.</p><p> stateful e command being executed is expected to return data about executing a state umask e umask (in octal) to use when running the command. output_loglevel Control the loglevel at which the output from the command is logged. Note that the com- mand being run will still be logged (loglevel: DEBUG) regardless, unless quiet is used for this value. quiet e command will be executed quietly, meaning no log entries of the actual command or its return data. is is deprecated as of the 2014.1.0 release, and is being replaced with output_loglevel: quiet. timeout If the command has not terminated aer timeout seconds, send the subprocess sigterm, and if sigterm is ignored, follow up with sigkill creates Only run if the ﬁle speciﬁed by creates does not exist. New in version 2014.7.0. use_vt Use VT utils (saltstack) to stream the command output more interactively to the console and the logs. is is experimental.</p><p>Note: cmd.run supports the usage of reload_modules. is functionality allows you to force Salt to reload all modules. You should only use reload_modules if your cmd.run does some sort of installation (such as pip), if you do not reload the modules future items in your state which rely on the soware being installed will fail.</p><p> getpip: cmd.run: - name: /usr/bin/python /usr/local/sbin/get-pip.py - unless: which pip - require: - pkg: python - file: /usr/local/sbin/get-pip.py - reload_modules: True salt.states.cmd.script(name, source=None, template=None, onlyif=None, unless=None, creates=None, cwd=None, user=None, group=None, shell=None, env=None, stateful=False, umask=None, timeout=None, use_vt=False, output_loglevel='debug', **kwargs) Download a script and execute it with speciﬁed arguments. source e location of the script to download. If the ﬁle is located on the master in the directory named spam, and is called eggs, the source string is salt://spam/eggs template If this seing is applied then the named templating engine will be used to render the downloaded ﬁle. Currently jinja, mako, and wempy are supported name Either ``cmd arg1 arg2 arg3…'' (cmd is not used) or a source ``salt://…''. onlyif Run the named command only if the command passed to the onlyif option returns true unless Run the named command only if the command passed to the unless option returns false cwd e current working directory to execute the command in, defaults to /root user e name of the user to run the command as group e group context to run the command as</p><p>22.27. Full list of builtin state modules 1107 Salt Documentation, Release 2014.7.6</p><p> shell e shell to use for execution. e default is set in grains['shell'] env A list of environment variables to be set prior to execution. Example:</p><p> salt://scripts/foo.sh: cmd.script: - env: - BATCH: 'yes'</p><p>Warning: e above illustrates a common PyYAML pitfall, that yes, no, on, oﬀ, true, and false are all loaded as boolean True and False values, and must be enclosed in quotes to be used as strings. More info on this (and other) PyYAML idiosyncrasies can be found here.</p><p> umask e umask (in octal) to use when running the command. stateful e command being executed is expected to return data about executing a state timeout If the command has not terminated aer timeout seconds, send the subprocess sigterm, and if sigterm is ignored, follow up with sigkill args String of command line args to pass to the script. Only used if no args are speciﬁed as part of the name argument. To pass a string containing spaces in YAML, you will need to doubly-quote it: ``arg1 `arg two' arg3'' creates Only run if the ﬁle speciﬁed by creates does not exist. New in version 2014.7.0. use_vt Use VT utils (saltstack) to stream the command output more interactively to the console and the logs. is is experimental. output_loglevel Control the loglevel at which the output from the command is logged. Note that the com- mand being run will still be logged (loglevel: DEBUG) regardless, unless quiet is used for this value. salt.states.cmd.wait(name, onlyif=None, unless=None, creates=None, cwd=None, user=None, group=None, shell=None, env=(), stateful=False, umask=None, out- put_loglevel='debug', use_vt=False, **kwargs) Run the given command only if the watch statement calls it name e command to execute, remember that the command will execute with the path and permissions of the salt-minion. onlyif A command to run as a check, run the named command only if the command passed to the onlyif option returns true unless A command to run as a check, only run the named command if the command passed to the unless option returns false cwd e current working directory to execute the command in, defaults to /root user e user name to run the command as group e group context to run the command as shell e shell to use for execution, defaults to /bin/sh env A list of environment variables to be set prior to execution. Example:</p><p> salt://scripts/foo.sh: cmd.script: - env: - BATCH: 'yes'</p><p>1108 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Warning: e above illustrates a common PyYAML pitfall, that yes, no, on, oﬀ, true, and false are all loaded as boolean True and False values, and must be enclosed in quotes to be used as strings. More info on this (and other) PyYAML idiosyncrasies can be found here.</p><p> umask e umask (in octal) to use when running the command. stateful e command being executed is expected to return data about executing a state creates Only run if the ﬁle speciﬁed by creates does not exist. New in version 2014.7.0. output_loglevel Control the loglevel at which the output from the command is logged. Note that the com- mand being run will still be logged (loglevel: DEBUG) regardless, unless quiet is used for this value. use_vt Use VT utils (saltstack) to stream the command output more interactively to the console and the logs. is is experimental. salt.states.cmd.wait_call(name, func, args=(), kws=None, onlyif=None, unless=None, creates=None, stateful=False, use_vt=False, output_loglevel='debug', **kwargs) salt.states.cmd.wait_script(name, source=None, template=None, onlyif=None, unless=None, cwd=None, user=None, group=None, shell=None, env=None, state- ful=False, umask=None, use_vt=False, output_loglevel='debug', **kwargs) Download a script from a remote source and execute it only if a watch statement calls it. source e source script being downloaded to the minion, this source script is hosted on the salt master server. If the ﬁle is located on the master in the directory named spam, and is called eggs, the source string is salt://spam/eggs template If this seing is applied then the named templating engine will be used to render the downloaded ﬁle, currently jinja, mako, and wempy are supported name e command to execute, remember that the command will execute with the path and permissions of the salt-minion. onlyif A command to run as a check, run the named command only if the command passed to the onlyif option returns true unless A command to run as a check, only run the named command if the command passed to the unless option returns false cwd e current working directory to execute the command in, defaults to /root user e user name to run the command as group e group context to run the command as shell e shell to use for execution, defaults to the shell grain env A list of environment variables to be set prior to execution. Example:</p><p> salt://scripts/foo.sh: cmd.script: - env: - BATCH: 'yes'</p><p>Warning: e above illustrates a common PyYAML pitfall, that yes, no, on, oﬀ, true, and false are all loaded as boolean True and False values, and must be enclosed in quotes to be used as strings. More info on this (and other) PyYAML idiosyncrasies can be found here.</p><p>22.27. Full list of builtin state modules 1109 Salt Documentation, Release 2014.7.6</p><p> umask e umask (in octal) to use when running the command. stateful e command being executed is expected to return data about executing a state use_vt Use VT utils (saltstack) to stream the command output more interactively to the console and the logs. is is experimental.</p><p> output_loglevel Control the loglevel at which the output from the command is logged. Note that the command being run will still be logged (loglevel: DEBUG) regardless, unless quiet is used for this value.</p><p>22.27.22 salt.states.composer</p><p>Installation of Composer Packages</p><p>ese states manage the installed packages for composer for PHP. Note that either composer is installed and acces- sible via a bin directory or you can pass the location of composer in the state. get-composer: cmd.run: - name: 'CURL=`which curl`; $CURL -sS https://getcomposer.org/installer | php' - unless: test -f /usr/local/bin/composer - cwd: /root/ install-composer: cmd.wait: - name: mv /root/composer.phar /usr/local/bin/composer - cwd: /root/ - watch: - cmd: get-composer</p><p>/path/to/project: composer.installed: - no_dev: true - require: - cmd: install-composer</p><p># Without composer installed in your PATH # Note: composer.phar must be executable for state to work properly /path/to/project: composer.installed: - composer: /path/to/composer.phar - php: /usr/local/bin/php - no_dev: true salt.states.composer.installed(name, composer=None, php=None, user=None, pre- fer_source=None, prefer_dist=None, no_scripts=None, no_plugins=None, optimize=None, no_dev=None, quiet=False, composer_home='/root', always_check=True) Verify that the correct versions of composer dependencies are present. dir Directory location of the composer.json ﬁle. composer Location of the composer.phar ﬁle. If not set composer will just execute ``composer'' as if it is installed globally. (i.e. /path/to/composer.phar)</p><p>1110 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> php Location of the php executable to use with composer. (i.e. /usr/bin/php) user Which system user to run composer as. New in version 2014.1.4. prefer_source --prefer-source option of composer. prefer_dist --prefer-dist option of composer. no_scripts --no-scripts option of composer. no_plugins --no-plugins option of composer. optimize --optimize-autoloader option of composer. Recommended for production. no_dev --no-dev option for composer. Recommended for production. quiet --quiet option for composer. Whether or not to return output from composer. composer_home $COMPOSER_HOME environment variable always_e If True, _always_ run composer install in the directory. is is the default behavior. If False, only run composer install if there is no vendor directory present. salt.states.composer.update(name, composer=None, php=None, user=None, prefer_source=None, prefer_dist=None, no_scripts=None, no_plugins=None, optimize=None, no_dev=None, quiet=False, composer_home='/root') Composer update the directory to ensure we have the latest versions of all project dependencies. dir Directory location of the composer.json ﬁle. composer Location of the composer.phar ﬁle. If not set composer will just execute ``composer'' as if it is installed globally. (i.e. /path/to/composer.phar) php Location of the php executable to use with composer. (i.e. /usr/bin/php) user Which system user to run composer as. New in version 2014.1.4. prefer_source --prefer-source option of composer. prefer_dist --prefer-dist option of composer. no_scripts --no-scripts option of composer. no_plugins --no-plugins option of composer. optimize --optimize-autoloader option of composer. Recommended for production. no_dev --no-dev option for composer. Recommended for production. quiet --quiet option for composer. Whether or not to return output from composer. composer_home $COMPOSER_HOME environment variable</p><p>22.27.23 salt.states.cron</p><p>Management of cron, the Unix command scheduler</p><p>Cron declarations require a number of parameters. e following are the parameters used by Salt to deﬁne the various timing values for a cron job: • minute</p><p>22.27. Full list of builtin state modules 1111 Salt Documentation, Release 2014.7.6</p><p>• hour • daymonth • month • dayweek (0 to 6 are Sunday through Saturday, 7 can also be used for Sunday)</p><p>Warning: Any timing arguments not speciﬁed take a value of *. is means that seing hour to 5, while not deﬁning the minute param, will result in Salt adding a job that will execute every minute between 5 and 6 A.M.! Additionally, the default user for these states is root. erefore, if the cron job is for another user, it is necessary to specify that user with the user parameter.</p><p>A long time ago (before 2014.2), when making changes to an existing cron job, the name declaration is the parameter used to uniquely identify the job, so if an existing cron that looks like this: date &gt; /tmp/crontest: cron.present: - user: root - minute: 5</p><p>Is changed to this: date &gt; /tmp/crontest: cron.present: - user: root - minute: 7 - hour: 2</p><p>en the existing cron will be updated, but if the cron command is changed, then a new cron job will be added to the user's crontab. e current behavior is still relying on that mechanism, but you can also specify an identiﬁer to identify your crontabs: date &gt; /tmp/crontest: cron.present: - identifier: SUPERCRON - user: root - minute: 7 - hour: 2</p><p>New in version 2014.1.2. And, some months later, you modify it: superscript &gt; /tmp/crontest: cron.present: - identifier: SUPERCRON - user: root - minute: 3 - hour: 4</p><p>New in version 2014.1.2. e old date &gt; /tmp/crontest will be replaced by superscript &gt; /tmp/crontest.</p><p>1112 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Additionally, Salt also supports running a cron every x minutes very similarly to the Unix convention of using */5 to have a job run every ﬁve minutes. In Salt, this looks like:</p><p> date &gt; /tmp/crontest: cron.present: - user: root - minute: '*/5'</p><p>e job will now run every 5 minutes. Additionally, the temporal parameters (minute, hour, etc.) can be randomized by using random instead of using a speciﬁc value. For example, by using the random keyword in the minute parameter of a cron state, the same cron job can be pushed to hundreds or thousands of hosts, and they would each use a randomly-generated minute. is can be helpful when the cron job accesses a network resource, and it is not desirable for all hosts to run the job concurrently.</p><p>/path/to/cron/script: cron.present: - user: root - minute: random - hour: 2</p><p>New in version 0.16.0. Since Salt assumes a value of * for unspeciﬁed temporal parameters, adding a parameter to the state and seing it to random will change that value from * to a randomized numeric value. However, if that ﬁeld in the cron entry on the minion already contains a numeric value, then using the random keyword will not modify it. salt.states.cron.absent(name, user='root', identiﬁer=None, **kwargs) Veriﬁes that the speciﬁed cron job is absent for the speciﬁed user; only the name is matched when removing a cron job. name e command that should be absent in the user crontab. user e name of the user whose crontab needs to be modiﬁed, defaults to the root user identiﬁer Custom-deﬁned identiﬁer for tracking the cron line for future crontab edits. is defaults to the state id salt.states.cron.env_absent(name, user='root') Veriﬁes that the speciﬁed environment variable is absent from the crontab for the speciﬁed user name e name of the environment variable to remove from the user crontab user e name of the user whose crontab needs to be modiﬁed, defaults to the root user salt.states.cron.env_present(name, value=None, user='root') Veriﬁes that the speciﬁed environment variable is present in the crontab for the speciﬁed user. name e name of the environment variable to set in the user crontab user e name of the user whose crontab needs to be modiﬁed, defaults to the root user value e value to set for the given environment variable salt.states.cron.file(name, source_hash='`, user='root', template=None, context=None, replace=True, defaults=None, env=None, backup='`, **kwargs) Provides ﬁle.managed-like functionality (templating, etc.) for a pre-made crontab ﬁle, to be assigned to a given user.</p><p>22.27. Full list of builtin state modules 1113 Salt Documentation, Release 2014.7.6</p><p> name e source ﬁle to be used as the crontab. is source ﬁle can be hosted on either the salt master server, or on an HTTP or FTP server. For ﬁles hosted on the salt ﬁle server, if the ﬁle is located on the master in the directory named spam, and is called eggs, the source string is salt://spam/eggs If the ﬁle is hosted on a HTTP or FTP server then the source_hash argument is also required source_hash is can be either a ﬁle which contains a source hash string for the source, or a source hash string. e source hash string is the hash algorithm followed by the hash of the ﬁle: md5=e138491e9d5b97023cea823fe17bac22 user e user to whom the crontab should be assigned. is defaults to root. template If this seing is applied then the named templating engine will be used to render the downloaded ﬁle. Currently, jinja and mako are supported. context Overrides default context variables passed to the template. replace If the crontab should be replaced, if False then this command will be ignored if a crontab exists for the speciﬁed user. Default is True. defaults Default context passed to the template. baup Overrides the default backup mode for the user's crontab. salt.states.cron.present(name, user='root', minute='*', hour='*', daymonth='*', month='*', day- week='*', comment=None, identiﬁer=None) Veriﬁes that the speciﬁed cron job is present for the speciﬁed user. For more advanced information about what exactly can be set in the cron timing parameters, check your cron system's documentation. Most Unix-like systems' cron documentation can be found via the crontab man page: man 5 crontab. name e command that should be executed by the cron job. user e name of the user whose crontab needs to be modiﬁed, defaults to the root user minute e information to be set into the minute section, this can be any string supported by your cron system's the minute ﬁeld. Default is * hour e information to be set in the hour section. Default is * daymonth e information to be set in the day of month section. Default is * month e information to be set in the month section. Default is * dayweek e information to be set in the day of week section. Default is * comment User comment to be added on line previous the cron job identiﬁer Custom-deﬁned identiﬁer for tracking the cron line for future crontab edits. is defaults to the state id</p><p>22.27.24 salt.states.ddns</p><p>Dynamic DNS updates</p><p>Ensure a DNS record is present or absent utilizing RFC 2136 type dynamic updates. Requires dnspython module. webserver: ddns.present: - zone: example.com - ttl: 60 - data: 111.222.333.444</p><p>1114 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>- nameserver: 123.234.345.456 - keyfile: /srv/salt/tsig_key.txt salt.states.ddns.absent(name, zone, data=None, rdtype=None, **kwargs) Ensures that the named DNS record is absent. name e host portion of the DNS record, e.g., `webserver' zone e zone to check data Data for the DNS record. E.g., the IP address for an A record. If omied, all records matching name (and rdtype, if provided) will be purged. rdtype DNS resource type. If omied, all types will be purged. **kwargs Additional arguments the ddns.delete function may need (e.g. nameserver, keyﬁle, keyname). salt.states.ddns.present(name, zone, l, data, rdtype='A', **kwargs) Ensures that the named DNS record is present with the given l. name e host portion of the DNS record, e.g., `webserver' zone e zone to check/update ttl TTL for the record data Data for the DNS record. E.g., the IP address for an A record. rdtype DNS resource type. Default `A'. **kwargs Additional arguments the ddns.update function may need (e.g. nameserver, keyﬁle, keyname).</p><p>22.27.25 salt.states.debconfmod</p><p>Management of debconf selections</p><p> depends • debconf-utils package e debconfmod state module manages the enforcement of debconf selections, this state can set those selections prior to package installation.</p><p>Available Functions</p><p>e debconfmod state has two functions, the set and set_file functions set Set debconf selections from the state itself set_ﬁle Set debconf selections from a ﬁle nullmailer-debconf: debconf.set: - name: nullmailer - data: 'shared/mailname':{'type': 'string', 'value': 'server.domain.tld'} 'nullmailer/relayhost':{'type': 'string', 'value': 'mail.domain.tld'} ferm-debconf: debconf.set: - name: ferm</p><p>22.27. Full list of builtin state modules 1115 Salt Documentation, Release 2014.7.6</p><p>- data: 'ferm/enable':{'type': 'boolean', 'value': True}</p><p>Note: Due to how PyYAML imports nested dicts (see here), the values in the data dict must be indented four spaces instead of two. salt.states.debconfmod.set(name, data) Set debconf selections</p><p><state_id>: debconf.set: - name: <name> - data: <question>: {'type': <type>, 'value': <value>} <question>: {'type': <type>, 'value': <value>}</value></type></question></value></type></question></name></state_id></p><p><state_id>: debconf.set: - name: <name> - data: <question>: {'type': <type>, 'value': <value>} <question>: {'type': <type>, 'value': <value>}</value></type></question></value></type></question></name></state_id></p><p> name: e package name to set answers for. data: A set of questions/answers for debconf. Note that everything under this must be indented twice. question: e question the is being pre-answered type: e type of question that is being asked (string, boolean, select, etc.) value: e answer to the question salt.states.debconfmod.set_file(name, source, **kwargs) Set debconf selections from a ﬁle</p><p><state_id>: debconf.set_file: - source: salt://pathto/pkg.selections</state_id></p><p><state_id>: debconf.set_file: - source: salt://pathto/pkg.selections?saltenv=myenvironment</state_id></p><p> source: e location of the ﬁle containing the package selections</p><p>22.27.26 salt.states.disk</p><p>Disk monitoring state Monitor the state of disk resources salt.states.disk.status(name, maximum=None, minimum=None) Return the current disk usage stats for the named mount point</p><p>1116 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>22.27.27 salt.states.dockerio</p><p>Manage Docker containers</p><p>Docker is a lightweight, portable, self-suﬃcient soware container wrapper. e base supported wrapper type is LXC, cgroups, and the Linux Kernel.</p><p>Warning: is state module is beta. e API is subject to change. No promise as to performance or functionality is yet present.</p><p>Note: is state module requires docker-py which supports Docker Remote API version 1.6.</p><p>Available Functions</p><p>• built</p><p> corp/mysuperdocker_img: docker.built: - path: /path/to/dir/container</p><p>• pulled</p><p> ubuntu: docker.pulled: - tag: latest</p><p>• pushed</p><p> corp/mysuperdocker_img: docker.pushed</p><p>• installed</p><p> mysuperdocker-container: docker.installed: - name: mysuperdocker - hostname: superdocker - image: corp/mysuperdocker_img</p><p>• running</p><p> my_service: docker.running: - container: mysuperdocker - port_bindings: "5000/tcp": HostIp: "" HostPort: "5000"</p><p>Note: e port_bindings argument above is a dictionary. Note the double-indentation, this is required for PyYAML to load the data structure properly as a dictionary. More information can be found here</p><p>• absent</p><p>22.27. Full list of builtin state modules 1117 Salt Documentation, Release 2014.7.6</p><p> mys_old_uperdocker: docker.absent</p><p>• run</p><p>/finish-install.sh: docker.run: - cid: mysuperdocker - unless: grep -q something /var/log/foo - docker_unless: grep -q done /install_log</p><p>Note: e docker modules are named dockerio because the name `docker' would conﬂict with the underlying docker-py library. We should add magic to all methods to also match containers by name now that the `naming link' stuﬀ has been merged in docker. is applies for example to: • running • absent • run salt.states.dockerio.absent(name) Ensure that the container is absent; if not, it will will be killed and destroyed. (docker inspect) name: Either the container name or id salt.states.dockerio.built(name, path=None, quiet=False, nocache=False, rm=True, force=False, timeout=None, *args, **kwargs) Build a docker image from a path or URL to a dockerﬁle. (docker build) name Name of the image path URL (e.g. url/branch/docker_dir/dockerﬁle) or ﬁlesystem path to the dockerﬁle salt.states.dockerio.installed(name, image, command=None, hostname=None, user=None, detach=True, stdin_open=False, y=False, mem_limit=0, ports=None, environment=None, dns=None, volumes=None, volumes_from=None, *args, **kwargs) Ensure that a container with the given name exists; if not, build a new container from the speciﬁed image. (docker run) name Name for the container image Image from which to build this container environment Environment variables for the container, either • a mapping of key, values • a list of mappings of key, values ports List of ports deﬁnitions, either: • a port to map • a mapping of mapping portInHost : PortInContainer volumes List of volumes</p><p>1118 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>For other parameters, see absolutely ﬁrst the salt.modules.dockerio execution module and the docker- py python bindings for docker documentation <h>`_ for docker.create_container.</h></p><p>Note: is command does not verify that the named container is running the speciﬁed image. salt.states.dockerio.mod_watch(name, sfun=None, *args, **kw) salt.states.dockerio.present(name) If a container with the given name is not present, this state will fail. (docker inspect) name: container id salt.states.dockerio.pulled(name, tag='latest', force=False, *args, **kwargs) Pull an image from a docker registry. (docker pull)</p><p>Note: See ﬁrst the documentation for docker login, docker pull, docker push, and docker.import_image (docker import). NOTE that we added in SaltStack a way to authenticate yourself with the Docker Hub Reg- istry by supplying your credentials (username, email &amp; password) using pillars. For more information, see salt.modules.dockerio execution module.</p><p> name Name of the image tag Tag of the image force Pull even if the image is already pulled salt.states.dockerio.pushed(name, tag='latest') Push an image from a docker registry. (docker push)</p><p>Note: See ﬁrst the documentation for docker login, docker pull, docker push, and docker.import_image (docker import). NOTE that we added in SaltStack a way to authenticate yourself with the Docker Hub Reg- istry by supplying your credentials (username, email &amp; password) using pillars. For more information, see salt.modules.dockerio execution module.</p><p> name Name of the image tag Tag of the image [Optional] salt.states.dockerio.run(name, cid=None, hostname=None, onlyif=None, unless=None, docked_onlyif=None, docked_unless=None, *args, **kwargs) Run a command in a speciﬁc container You can match by either name or hostname name command to run in the container cid Container id state_id state_id onlyif Only execute cmd if statement on the host returns 0 unless Do not execute cmd if statement on the host returns 0 doed_onlyif Only execute cmd if statement in the container returns 0 doed_unless Do not execute cmd if statement in the container returns 0</p><p>22.27. Full list of builtin state modules 1119 Salt Documentation, Release 2014.7.6 salt.states.dockerio.running(name, container=None, port_bindings=None, binds=None, publish_all_ports=False, links=None, lxc_conf=None, privi- leged=False, dns=None, volumes_from=None, network_mode=None, restart_policy=None, cap_add=None, cap_drop=None, check_is_running=True) Ensure that a container is running. (docker inspect) name name of the service container name of the container to start publish_all_ports links Link several container together</p><p>- links: name_other_container: alias_for_other_container</p><p> port_bindings List of ports to expose on host system • a mapping port's guest, hostname's host and port's host.</p><p>- port_bindings: "5000/tcp": HostIp: "" HostPort: "5000"</p><p> binds List of volumes to mount (like -v of docker run command), mapping host directory to container directory. For read-write mounting, use the short form:</p><p>- binds: /var/log/service: /var/log/service</p><p>Or, to specify read-only mounting, use the extended form:</p><p>- binds: /home/user1: bind: /mnt/vol2 ro: true /var/www: bind: /mnt/vol1 ro: false</p><p> dns List of DNS servers.</p><p>- dns: - 127.0.0.1</p><p> volumes_from List of container names to get volumes deﬁnition from</p><p>- volumes_from: - name_other_container</p><p> network_mode • `bridge': creates a new network stack for the container on the docker bridge • `none': no networking for this container • `container:[name|id]': reuses another container network stack)</p><p>1120 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>• `host': use the host network stack inside the container</p><p>- network_mode: host</p><p> restart_policy Restart policy to apply when a container exits (no, on-failure[:max-retry], always)</p><p>- restart_policy: MaximumRetryCount: 5 Name: on-failure</p><p> cap_add List of capabilities to add in a container. cap_drop List of capabilities to drop in a container. e_is_running Enable checking if a container should run or not. Useful for data-only containers that must be linked to another one. e.g. nginx &lt;- static-ﬁles salt.states.dockerio.script(*args, **kw) Placeholder function for a cmd.script alike.</p><p>Note: Not yet implemented. Its implementation might be very similar from salt.states.dockerio.run</p><p>22.27.28 salt.states.environ</p><p>Support for geing and seing the environment variables of the current salt process. salt.states.environ.setenv(name, value, false_unsets=False, clear_all=False, update_minion=False) Set the salt process environment variables. name e environment key to set. Must be a string. value Either a string or dict. When string, it will be the value set for the environment key of `name' above. When a dict, each key/value pair represents an environment variable to set. false_unsets If a key's value is False and false_unsets is True, then the key will be removed from the salt processes environment dict entirely. If a key's value is False and false_unsets is not True, then the key's value will be set to an empty string. Default: False clear_all USE WITH CAUTION! is option can unset environment variables needed for salt to function properly. If clear_all is True, then any environment variables not deﬁned in the environ dict will be deleted. Default: False update_minion If True, apply these environ changes to the main salt-minion process. If False, the environ changes will only aﬀect the current salt subprocess. Default: False CLI Example:</p><p> a_string_env: environ.set: - name: foo - value: bar - update_minion: True</p><p> a_dict_env: environ.set: - name: does_not_matter - value: foo: bar baz: quux</p><p>22.27. Full list of builtin state modules 1121 Salt Documentation, Release 2014.7.6</p><p>22.27.29 salt.states.eselect</p><p>Management of Gentoo configuration using eselect</p><p>A state module to manage Gentoo conﬁguration via eselect profile: eselect.set: target: hardened/linux/amd64 salt.states.eselect.set_(name, target, parameter=None, module_parameter=None, ac- tion_parameter=None) Verify that the given module is set to the given target name e name of the module target e target to be set for this module module_parameter additional params passed to the deﬁned module action_parameter additional params passed to the deﬁned action parameter additional params passed to the deﬁned action Deprecated since version Lithium.</p><p>22.27.30 salt.states.event</p><p>Send events through Salt's event system during state runs salt.states.event.send(name, data=None, preload=None, with_env=False, with_grains=False, with_pillar=False, **kwargs) Send an event to the Salt Master New in version 2014.7.0. Accepts the same arguments as the event.send execution module of the same name. Example:</p><p># ...snip bunch of states above</p><p> mycompany/mystaterun/status/update: event.send: - data: status: "Half-way through the state run!"</p><p># ...snip bunch of states below salt.states.event.wait(name, sfun=None) Fire an event on the Salt master event bus if called from a watch statement New in version 2014.7.0. Example:</p><p># Stand up a new web server. apache: pkg: - installed</p><p>1122 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>- name: httpd service: - running - enable: True - name: httpd</p><p># Notify the load balancer to update the pool once Apache is running. refresh_pool: event: - wait - name: mycompany/loadbalancer/pool/update - data: new_web_server_ip: {{ grains['ipv4'] | first() }} - watch: - pkg: apache</p><p>22.27.31 salt.states.file</p><p>Operations on regular files, special files, directories, and symlinks</p><p>Salt States can aggressively manipulate ﬁles on a system. ere are a number of ways in which ﬁles can be managed. Regular ﬁles can be enforced with the file.managed state. is state downloads ﬁles from the salt master and places them on the target system. Managed ﬁles can be rendered as a jinja, mako, or wempy template, adding a dynamic component to ﬁle management. An example of file.managed which makes use of the jinja templating system would look like this:</p><p>/etc/http/conf/http.conf: file.managed: - source: salt://apache/http.conf - user: root - group: root - mode: 644 - template: jinja - defaults: custom_var: "default value" other_var: 123 {% if grains['os'] == 'Ubuntu' %} - context: custom_var: "override" {% endif %}</p><p>It is also possible to use the py renderer as a templating option. e template would be a python script which would need to contain a function called run(), which returns a string. e returned string will be the contents of the managed ﬁle. For example: def run(): lines = ('foo', 'bar', 'baz') return '\n\n'.join(lines)</p><p>Note: e defaults and context arguments require extra indentation (four spaces instead of the normal two) in order to create a nested dictionary. More information.</p><p>22.27. Full list of builtin state modules 1123 Salt Documentation, Release 2014.7.6</p><p>If using a template, any user-deﬁned template variables in the ﬁle deﬁned in source must be passed in using the defaults and/or context arguments. e general best practice is to place default values in defaults, with conditional overrides going into context, as seen above. e template will receive a variable custom_var, which would be accessed in the template using {{ custom_var }}. If the operating system is Ubuntu, the value of the variable custom_var would be override, otherwise it is the default default value e source parameter can be speciﬁed as a list. If this is done, then the ﬁrst ﬁle to be matched will be the one that is used. is allows you to have a default ﬁle on which to fall back if the desired ﬁle does not exist on the salt ﬁleserver. Here's an example:</p><p>/etc/foo.conf: file.managed: - source: - salt://foo.conf.{{ grains['fqdn'] }} - salt://foo.conf.fallback - user: foo - group: users - mode: 644 - backup: minion</p><p>Note: Salt supports backing up managed ﬁles via the backup option. For more details on this functionality please review the backup_mode documentation.</p><p>e source parameter can also specify a ﬁle in another Salt environment. In this example foo.conf in the dev environment will be used instead.</p><p>/etc/foo.conf: file.managed: - source: - salt://foo.conf?saltenv=dev - user: foo - group: users - mode: '0644'</p><p>Warning: When using a mode that includes a leading zero you must wrap the value in single quotes. If the value is not wrapped in quotes it will be read by YAML as an integer and evaluated as an octal.</p><p>Special ﬁles can be managed via the mknod function. is function will create and enforce the permissions on a special ﬁle. e function supports the creation of character devices, block devices, and ﬁfo pipes. e function will create the directory structure up to the special ﬁle if it is needed on the minion. e function will not overwrite or operate on (change major/minor numbers) existing special ﬁles with the exception of user, group, and permissions. In most cases the creation of some special ﬁles require root permisisons on the minion. is would require that the minion to be run as the root user. Here is an example of a character device:</p><p>/var/named/chroot/dev/random: file.mknod: - ntype: c - major: 1 - minor: 8 - user: named - group: named - mode: 660</p><p>1124 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Here is an example of a block device:</p><p>/var/named/chroot/dev/loop0: file.mknod: - ntype: b - major: 7 - minor: 0 - user: named - group: named - mode: 660</p><p>Here is an example of a ﬁfo pipe:</p><p>/var/named/chroot/var/log/logfifo: file.mknod: - ntype: p - user: named - group: named - mode: 660</p><p>Directories can be managed via the directory function. is function can create and enforce the permissions on a directory. A directory statement will look like this:</p><p>/srv/stuff/substuf: file.directory: - user: fred - group: users - mode: 755 - makedirs: True</p><p>If you need to enforce user and/or group ownership or permissions recursively on the directory's contents, you can do so by adding a recurse directive:</p><p>/srv/stuff/substuf: file.directory: - user: fred - group: users - mode: 755 - makedirs: True - recurse: - user - group - mode</p><p>As a default, mode will resolve to dir_mode and file_mode, to specify both directory and ﬁle permissions, use this form:</p><p>/srv/stuff/substuf: file.directory: - user: fred - group: users - file_mode: 744 - dir_mode: 755 - makedirs: True - recurse: - user</p><p>22.27. Full list of builtin state modules 1125 Salt Documentation, Release 2014.7.6</p><p>- group - mode</p><p>Symlinks can be easily created; the symlink function is very simple and only takes a few arguments:</p><p>/etc/grub.conf: file.symlink: - target: /boot/grub/grub.conf</p><p>Recursive directory management can also be set via the recurse function. Recursive directory management allows for a directory on the salt master to be recursively copied down to the minion. is is a great tool for deploying large code and conﬁguration systems. A state using recurse would look something like this:</p><p>/opt/code/flask: file.recurse: - source: salt://code/flask - include_empty: True</p><p>A more complex recurse example:</p><p>{% set site_user = 'testuser' %} {% set site_name = 'test_site' %} {% set project_name = 'test_proj' %} {% set sites_dir = 'test_dir' %} django-project: file.recurse: - name: {{ sites_dir }}/{{ site_name }}/{{ project_name }} - user: {{ site_user }} - dir_mode: 2775 - file_mode: '0644' - template: jinja - source: salt://project/templates_dir - include_empty: True salt.states.file.absent(name) Make sure that the named ﬁle or directory is absent. If it exists, it will be deleted. is will work to reverse any of the functions in the ﬁle state module. name e path which should be deleted salt.states.file.accumulated(name, ﬁlename, text, **kwargs) Prepare accumulator which can be used in template in ﬁle.managed state. Accumulator dictionary becomes available in template. It can also be used in ﬁle.blockreplace. name Accumulator name ﬁlename Filename which would receive this accumulator (see ﬁle.managed state documentation about name) text String or list for adding in accumulator require_in / wat_in One of them required for sure we ﬁll up accumulator before we manage the ﬁle. Prob- ably the same as ﬁlename Example: Given the following:</p><p>1126 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> animals_doing_things: file.accumulated: - filename: /tmp/animal_file.txt - text: ' jumps over the lazy <a class="als" href="https://dogmemo.com" title="dog" target="_blank" rel="noopener">dog</a>.' - require_in: - file: animal_file</p><p> animal_file: file.managed: - name: /tmp/animal_file.txt - source: salt://animal_file.txt - template: jinja</p><p>One might write a template for animal_file.txt like the following:</p><p>The quick brown fox{% for animal in accumulator['animals_doing_things'] %}{{ animal }}{% endfor %}</p><p>Collectively, the above states and template ﬁle will produce:</p><p>The quick brown fox jumps over the lazy dog.</p><p>Multiple accumulators can be ``chained'' together.</p><p>Note: e `accumulator' data structure is a Python dictionary. Do not expect any loop over the keys in a deterministic order! salt.states.file.append(name, text=None, makedirs=False, source=None, source_hash=None, tem- plate='jinja', sources=None, source_hashes=None, defaults=None, con- text=None) Ensure that some text appears at the end of a ﬁle. e text will not be appended if it already exists in the ﬁle. A single string of text or a list of strings may be appended. name e location of the ﬁle to append to. text e text to be appended, which can be a single string or a list of strings. makedirs If the ﬁle is located in a path without a parent directory, then the state will fail. If makedirs is set to True, then the parent directories will be created to facilitate the creation of the named ﬁle. Defaults to False. source A single source ﬁle to append. is source ﬁle can be hosted on either the salt master server, or on an HTTP or FTP server. Both HTTPS and HTTP are supported as well as downloading di- rectly from Amazon S3 compatible URLs with both pre-conﬁgured and automatic IAM credentials (see s3.get state documentation). File retrieval from Openstack Swi object storage is supported via swi://container/object_path URLs (see swi.get documentation). For ﬁles hosted on the salt ﬁle server, if the ﬁle is located on the master in the directory named spam, and is called eggs, the source string is salt://spam/eggs. If the ﬁle is hosted on an HTTP or FTP server, the source_hash argument is also required. source_hash is can be one of the following: 1. a source hash string 2. the URI of a ﬁle that contains source hash strings</p><p>22.27. Full list of builtin state modules 1127 Salt Documentation, Release 2014.7.6</p><p>e function accepts the ﬁrst encountered long unbroken alphanumeric string of correct length as a valid hash, in order from most secure to least secure:</p><p>Type Length ======sha512 128 sha384 96 sha256 64 sha224 56 sha1 40 md5 32</p><p>e ﬁle can contain several checksums for several ﬁles. Each line must contain both the ﬁle name and the hash. If no ﬁle name is matched, the ﬁrst hash encountered will be used, otherwise the most secure hash with the correct source ﬁle name will be used. Debian ﬁle type *.dsc is supported. Examples:</p><p>/etc/rc.conf ef6e82e4006dee563d98ada2a2a80a27 sha254c8525aee419eb649f0233be91c151178b30f0dff8ebbdcc8de71b1d5c8bcc06a /etc/resolv.conf ead48423703509d37c4a90e6a0d53e143b6fc268</p><p>Known issues: If the remote server URL has the hash ﬁle as an apparent sub-directory of the source ﬁle, the module will discover that it has already cached a directory where a ﬁle should be cached. For example:</p><p> tomdroid-src-0.7.3.tar.gz: file.managed: - name: /tmp/tomdroid-src-0.7.3.tar.gz - source: https://launchpad.net/tomdroid/beta/0.7.3/+download/tomdroid-src-0.7.3.tar.gz - source_hash: https://launchpad.net/tomdroid/beta/0.7.3/+download/tomdroid-src-0.7.3.tar.gz/+md5</p><p> template [jinja] e named templating engine will be used to render the appended-to ﬁle. Defaults to jinja. sources A list of source ﬁles to append. If the ﬁles are hosted on an HTTP or FTP server, the source_hashes argument is also required. source_hashes A list of source_hashes corresponding to the sources list speciﬁed in the sources argument. defaults Default context passed to the template. context Overrides default context variables passed to the template. Multi-line example:</p><p>/etc/motd: file.append: - text: | Thou hadst better eat salt with the Philosophers of Greece, than sugar with the Courtiers of Italy. - Benjamin Franklin</p><p>Multiple lines of text:</p><p>/etc/motd: file.append: - text: - Trust no one unless you have eaten much salt with him. - "Salt is born of the purest of <a class="als" href="https://parentsdex.com" title="parents" target="_blank" rel="noopener">parents</a>: the sun and the sea."</p><p>1128 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Gather text from multiple template ﬁles:</p><p>/etc/motd: file: - append - template: jinja - sources: - salt://motd/devops-messages.tmpl - salt://motd/hr-messages.tmpl - salt://motd/general-messages.tmpl</p><p>New in version 0.9.5. salt.states.file.blockreplace(name, marker_start='#-- start managed zone --`, marker_end='#- - end managed zone --`, content='`, append_if_not_found=False, prepend_if_not_found=False, backup='.bak', show_changes=True) Maintain an edit in a ﬁle in a zone delimited by two line markers New in version 2014.1.0. A block of content delimited by comments can help you manage several lines entries without worrying about old entries removal. is can help you maintaining an un-managed ﬁle containing manual edits. Note: this function will store two copies of the ﬁle in-memory (the original version and the edited version) in order to detect changes and only edit the targeted ﬁle if necessary. Parameters • name -- Filesystem path to the ﬁle to be edited • marker_start -- e line content identifying a line as the start of the content block. Note that the whole line containing this marker will be considered, so whitespace or extra content before or aer the marker is included in ﬁnal output • marker_end -- e line content identifying a line as the end of the content block. Note that the whole line containing this marker will be considered, so whitespace or extra content before or aer the marker is included in ﬁnal output. Note: you can use ﬁle.accumulated and target this state. All accumulated data dictionaries content will be added as new lines in the content. • content -- e content to be used between the two lines identiﬁed by marker_start and marker_stop. • append_if_not_found -- False by default, if markers are not found and set to True then the markers and content will be appended to the ﬁle • prepend_if_not_found -- False by default, if markers are not found and set to True then the markers and content will be prepended to the ﬁle • backup -- e ﬁle extension to use for a backup of the ﬁle if any edit is made. Set to False to skip making a backup. • dry_run -- Don't make any edits to the ﬁle • show_changes -- Output a uniﬁed diﬀ of the old ﬁle and the new ﬁle. If False return a boolean if any changes were made. Return type bool or str Example of usage with an accumulator and with a variable:</p><p>{% set myvar = 42 %} hosts-config-block-{{ myvar }}: file.blockreplace:</p><p>22.27. Full list of builtin state modules 1129 Salt Documentation, Release 2014.7.6</p><p>- name: /etc/hosts - marker_start: "# START managed zone {{ myvar }} -DO-NOT-EDIT-" - marker_end: "# END managed zone {{ myvar }} --" - content: 'First line of content' - append_if_not_found: True - backup: '.bak' - show_changes: True</p><p> hosts-config-block-{{ myvar }}-accumulated1: file.accumulated: - filename: /etc/hosts - name: my-accumulator-{{ myvar }} - text: "text 2" - require_in: - file: hosts-config-block-{{ myvar }}</p><p> hosts-config-block-{{ myvar }}-accumulated2: file.accumulated: - filename: /etc/hosts - name: my-accumulator-{{ myvar }} - text: | text 3 text 4 - require_in: - file: hosts-config-block-{{ myvar }}</p><p> will generate and maintain a block of content in /etc/hosts:</p><p># START managed zone 42 -DO-NOT-EDIT- First line of content text 2 text 3 text 4 # END managed zone 42 -- salt.states.file.comment(name, regex, char='#', backup='.bak') Comment out speciﬁed lines in a ﬁle. name e full path to the ﬁle to be edited regex A regular expression used to ﬁnd the lines that are to be commented; this paern will be wrapped in parenthesis and will move any preceding/trailing ^ or $ characters outside the parenthesis (e.g., the paern ^foo$ will be rewrien as ^(foo)$) Note that you _need_ the leading ^, otherwise each time you run highstate, another comment char will be inserted. ar [#] e character to be inserted at the beginning of a line in order to comment it out baup [.bak] e ﬁle will be backed up before edit with this ﬁle extension</p><p>Warning: is backup will be overwrien each time sed / comment / uncomment is called. Meaning the backup will only be useful aer the ﬁrst invocation.</p><p>Usage:</p><p>/etc/fstab: file.comment: - regex: ^bind 127.0.0.1</p><p>New in version 0.9.5.</p><p>1130 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.states.file.copy(name, source, force=False, makedirs=False) If the source ﬁle exists on the system, copy it to the named ﬁle. e named ﬁle will not be overwrien if it already exists unless the force option is set to True. name e location of the ﬁle to copy to source e location of the ﬁle to copy to the location speciﬁed with name force If the target location is present then the ﬁle will not be moved, specify ``force: True'' to overwrite the target ﬁle makedirs If the target subdirectories don't exist create them salt.states.file.directory(name, user=None, group=None, recurse=None, dir_mode=None, ﬁle_mode=None, makedirs=False, clean=False, require=None, exclude_pat=None, follow_symlinks=False, force=False, backup- name=None, **kwargs) Ensure that a named directory is present and has the right perms name e location to create or manage a directory user e user to own the directory; this defaults to the user salt is running as on the minion group e group ownership set for the directory; this defaults to the group salt is running as on the minion. On Windows, this is ignored recurse Enforce user/group ownership and mode of directory recursively. Accepts a list of strings represent- ing what you would like to recurse. If `mode' is deﬁned, will recurse on both `ﬁle_mode' and `dir_mode' if they are deﬁned. Example:</p><p>/var/log/httpd: file.directory: - user: root - group: root - dir_mode: 755 - file_mode: 644 - recurse: - user - group - mode</p><p> dir_mode / mode e permissions mode to set any directories created. Not supported on Windows ﬁle_mode e permissions mode to set any ﬁles created if `mode' is run in `recurse'. is defaults to dir_mode. Not supported on Windows makedirs If the directory is located in a path without a parent directory, then the state will fail. If makedirs is set to True, then the parent directories will be created to facilitate the creation of the named ﬁle. clean Make sure that only ﬁles that are set up by salt and required by this function are kept. If this option is set then everything in this directory will be deleted unless it is required. require Require other resources such as packages or ﬁles exclude_pat When `clean' is set to True, exclude this paern from removal list and preserve in the destination. follow_symlinks [False] If the desired path is a symlink (or recurse is deﬁned and a symlink is encountered while recursing), follow it and check the permissions of the directory/ﬁle to which the symlink points. New in version 2014.1.4. force If the name of the directory exists and is not a directory and force is set to False, the state will fail. If force is set to True, the ﬁle in the way of the directory will be deleted to make room for the directory, unless backupname is set, then it will be renamed.</p><p>22.27. Full list of builtin state modules 1131 Salt Documentation, Release 2014.7.6</p><p>New in version 2014.7.0. baupname If the name of the directory exists and is not a directory, it will be renamed to the backupname. If the backupname already exists and force is False, the state will fail. Otherwise, the backupname will be removed ﬁrst. New in version 2014.7.0. salt.states.file.exists(name) Verify that the named ﬁle or directory is present or exists. Ensures pre-requisites outside of Salt's purview (e.g., keytabs, private keys, etc.) have been previously satisﬁed before deployment. name Absolute path which must exist salt.states.file.managed(name, source=None, source_hash='`, user=None, group=None, mode=None, template=None, makedirs=False, dir_mode=None, context=None, re- place=True, defaults=None, env=None, backup='`, show_diﬀ=True, create=True, contents=None, contents_pillar=None, contents_grains=None, contents_newline=True, follow_symlinks=True, check_cmd=None, **kwargs) Manage a given ﬁle, this function allows for a ﬁle to be downloaded from the salt master and potentially run through a templating system. name e location of the ﬁle to manage source e source ﬁle to download to the minion, this source ﬁle can be hosted on either the salt master server, or on an HTTP or FTP server. Both HTTPS and HTTP are supported as well as download- ing directly from Amazon S3 compatible URLs with both pre-conﬁgured and automatic IAM creden- tials. (see s3.get state documentation) File retrieval from Openstack Swi object storage is supported via swi://container/object_path URLs, see swi.get documentation. For ﬁles hosted on the salt ﬁle server, if the ﬁle is located on the master in the directory named spam, and is called eggs, the source string is salt://spam/eggs. If source is le blank or None (use ~ in YAML), the ﬁle will be created as an empty ﬁle and the content will not be managed If the ﬁle is hosted on a HTTP or FTP server then the source_hash argument is also required A list of sources can also be passed in to provide a default source and a set of fallbacks. e ﬁrst source in the list that is found to exist will be used and subsequent entries in the list will be ignored.</p><p> file_override_example: file.managed: - source: - salt://file_that_does_not_exist - salt://file_that_exists</p><p> source_hash is can be one of the following: 1. a source hash string 2. the URI of a ﬁle that contains source hash strings e function accepts the ﬁrst encountered long unbroken alphanumeric string of correct length as a valid hash, in order from most secure to least secure:</p><p>Type Length ======sha512 128 sha384 96 sha256 64 sha224 56</p><p>1132 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> sha1 40 md5 32</p><p>e ﬁle can contain several checksums for several ﬁles. Each line must contain both the ﬁle name and the hash. If no ﬁle name is matched, the ﬁrst hash encountered will be used, otherwise the most secure hash with the correct source ﬁle name will be used. Debian ﬁle type *.dsc is supported. Examples:</p><p>/etc/rc.conf ef6e82e4006dee563d98ada2a2a80a27 sha254c8525aee419eb649f0233be91c151178b30f0dff8ebbdcc8de71b1d5c8bcc06a /etc/resolv.conf ead48423703509d37c4a90e6a0d53e143b6fc268</p><p>Known issues: If the remote server URL has the hash ﬁle as an apparent sub-directory of the source ﬁle, the module will discover that it has already cached a directory where a ﬁle should be cached. For example:</p><p> tomdroid-src-0.7.3.tar.gz: file.managed: - name: /tmp/tomdroid-src-0.7.3.tar.gz - source: https://launchpad.net/tomdroid/beta/0.7.3/+download/tomdroid-src-0.7.3.tar.gz - source_hash: https://launchpad.net/tomdroid/beta/0.7.3/+download/tomdroid-src-0.7.3.tar.gz/+md5</p><p> user e user to own the ﬁle, this defaults to the user salt is running as on the minion group e group ownership set for the ﬁle, this defaults to the group salt is running as on the minion On Windows, this is ignored mode e permissions to set on this ﬁle, aka 644, 0775, 4664. Not supported on Windows template If this seing is applied then the named templating engine will be used to render the downloaded ﬁle, currently jinja, mako, and wempy are supported makedirs If the ﬁle is located in a path without a parent directory, then the state will fail. If makedirs is set to True, then the parent directories will be created to facilitate the creation of the named ﬁle. dir_mode If directories are to be created, passing this option speciﬁes the permissions for those directories. If this is not set, directories will be assigned permissions from the `mode' argument. replace If this ﬁle should be replaced. If false, this command will not overwrite ﬁle contents but will enforce permissions if the ﬁle exists already. Default is True. context Overrides default context variables passed to the template. defaults Default context passed to the template. baup Overrides the default backup mode for this speciﬁc ﬁle. show_diﬀ If set to False, the diﬀ will not be shown. create Default is True, if create is set to False then the ﬁle will only be managed if the ﬁle already exists on the system. contents Default is None. If speciﬁed, will use the given string as the contents of the ﬁle. Should not be used in conjunction with a source ﬁle of any kind. Ignores hashes and does not use a templating engine. contents_pillar New in version 0.17.0.</p><p>22.27. Full list of builtin state modules 1133 Salt Documentation, Release 2014.7.6</p><p>Operates like contents, but draws from a value stored in pillar, using the pillar path syntax used in pillar.get. is is useful when the pillar value contains newlines, as referencing a pillar variable us- ing a jinja/mako template can result in YAML formaing issues due to the newlines causing indentation mismatches. For example, the following could be used to deploy an SSH private key:</p><p>/home/deployer/.ssh/id_rsa: file.managed: - user: deployer - group: deployer - mode: 600 - contents_pillar: userdata:deployer:id_rsa</p><p>is would populate /home/deployer/.ssh/id_rsa with the contents of pil- lar['userdata']['deployer']['id_rsa']. An example of this pillar setup would be like so:</p><p> userdata: deployer: id_rsa: | -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2HcWUVBgh+vY U7sCwx/dH6+VvNwmCoqmNnP+8gTPKGl1vgAObJAnMT623dMXjVKwnEagZPRJIxDy B/HaAre9euNiY3LvIzBTWRSeMfT+rWvIKVBpvwlgGrfgz70m0pqxu+UyFbAGLin+ GpxzZAMaFpZw4sSbIlRuissXZj/sHpQb8p9M5IeO4Z3rjkCP1cxI -----END RSA PRIVATE KEY-----</p><p>Note: e private key above is shortened to keep the example brief, but shows how to do multiline string in YAML. e key is followed by a pipe character, and the mutliline string is indented two more spaces.</p><p> contents_grains New in version 2014.7.0. Same as contents_pillar, but with grains contents_newline New in version 2014.7.0. When using contents, contents_pillar, or contents_grains, this option ensures the ﬁle will have a newline at the end. When loading some data this newline is beer le oﬀ. Seing contents_newline to False will omit this ﬁnal newline. follow_symlinks [True] New in version 2014.7.0. If the desired path is a symlink follow it and make changes to the ﬁle to which the symlink points. e_cmd New in version 2014.7.0. e speciﬁed command will be run with the managed ﬁle as an argument. If the command exits with a nonzero exit code, the command will not be run. salt.states.file.missing(name) Verify that the named ﬁle or directory is missing, this returns True only if the named ﬁle is missing but does not remove the ﬁle if it is present. name Absolute path which must NOT exist salt.states.file.mknod(name, ntype, major=0, minor=0, user=None, group=None, mode=`0600') Create a special ﬁle similar to the `nix mknod command. e supported device types are p (ﬁfo pipe), c (character device), and b (block device). Provide the major and minor numbers when specifying a character device or block device. A ﬁfo pipe does not require this information. e command will create the necessary</p><p>1134 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> dirs if needed. If a ﬁle of the same name not of the same type/major/minor exists, it will not be overwrien or unlinked (deleted). is is logically in place as a safety measure because you can really shoot yourself in the foot here and it is the behavior of `nix mknod. It is also important to note that not just anyone can create special devices. Usually this is only done as root. If the state is executed as none other than root on a minion, you may receive a permission error. name name of the ﬁle ntype node type `p' (ﬁfo pipe), `c' (character device), or `b' (block device) major major number of the device does not apply to a ﬁfo pipe minor minor number of the device does not apply to a ﬁfo pipe user owning user of the device/pipe group owning group of the device/pipe mode permissions on the device/pipe Usage:</p><p>/dev/chr: file.mknod: - ntype: c - major: 180 - minor: 31 - user: root - group: root - mode: 660</p><p>/dev/blk: file.mknod: - ntype: b - major: 8 - minor: 999 - user: root - group: root - mode: 660</p><p>/dev/fifo: file.mknod: - ntype: p - user: root - group: root - mode: 660</p><p>New in version 0.17.0. salt.states.file.mod_run_check_cmd(cmd, ﬁlename, **check_cmd_opts) Execute the check_cmd logic Return a result dict if: * check_cmd succeeded (check_cmd == 0) else return True salt.states.file.patch(name, source=None, hash=None, options='`, dry_run_ﬁrst=True, env=None, **kwargs) Apply a patch to a ﬁle. Note: a suitable patch executable must be available on the minion when using this state function. name e ﬁle to with the patch will be applied. source e source patch to download to the minion, this source ﬁle must be hosted on the salt master server. If the ﬁle is located in the directory named spam, and is called eggs, the source string is salt://spam/eggs. A source is required.</p><p>22.27. Full list of builtin state modules 1135 Salt Documentation, Release 2014.7.6</p><p> hash Hash of the patched ﬁle. If the hash of the target ﬁle matches this value then the patch is as- sumed to have been applied. e hash string is the hash algorithm followed by the hash of the ﬁle: md5=e138491e9d5b97023cea823fe17bac22 options Extra options to pass to patch. dry_run_ﬁrst [True] Run patch with --dry-run ﬁrst to check if it will apply cleanly. env Specify the environment from which to retrieve the patch ﬁle indicated by the source parameter. If not provided, this defaults to the environment from which the state is being executed. Usage:</p><p># Equivalent to ``patch --forward /opt/file.txt file.patch`` /opt/file.txt: file.patch: - source: salt://file.patch - hash: md5=e138491e9d5b97023cea823fe17bac22 salt.states.file.prepend(name, text=None, makedirs=False, source=None, source_hash=None, tem- plate='jinja', sources=None, source_hashes=None, defaults=None, con- text=None) Ensure that some text appears at the beginning of a ﬁle e text will not be prepended again if it already exists in the ﬁle. You may specify a single line of text or a list of lines to append. Multi-line example:</p><p>/etc/motd: file.prepend: - text: | Thou hadst better eat salt with the Philosophers of Greece, than sugar with the Courtiers of Italy. - Benjamin Franklin</p><p>Multiple lines of text:</p><p>/etc/motd: file.prepend: - text: - Trust no one unless you have eaten much salt with him. - "Salt is born of the purest of parents: the sun and the sea."</p><p>Gather text from multiple template ﬁles:</p><p>/etc/motd: file: - prepend - template: jinja - sources: - salt://motd/devops-messages.tmpl - salt://motd/hr-messages.tmpl - salt://motd/general-messages.tmpl</p><p>New in version 2014.7.0. salt.states.file.recurse(name, source, clean=False, require=None, user=None, group=None, dir_mode=None, ﬁle_mode=None, sym_mode=None, template=None, context=None, defaults=None, env=None, include_empty=False, backup='`, include_pat=None, exclude_pat=None, maxdepth=None, keep_symlinks=False, force_symlinks=False, **kwargs)</p><p>1136 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Recurse through a subdirectory on the master and copy said subdirectory over to the speciﬁed path. name e directory to set the recursion in source e source directory, this directory is located on the salt master ﬁle server and is speciﬁed with the salt:// protocol. If the directory is located on the master in the directory named spam, and is called eggs, the source string is salt://spam/eggs clean Make sure that only ﬁles that are set up by salt and required by this function are kept. If this option is set then everything in this directory will be deleted unless it is required. require Require other resources such as packages or ﬁles user e user to own the directory. is defaults to the user salt is running as on the minion group e group ownership set for the directory. is defaults to the group salt is running as on the minion. On Windows, this is ignored dir_mode e permissions mode to set on any directories created. Not supported on Windows ﬁle_mode e permissions mode to set on any ﬁles created. Not supported on Windows sym_mode e permissions mode to set on any symlink created. Not supported on Windows template If this seing is applied then the named templating engine will be used to render the downloaded ﬁle. Supported templates are: jinja, mako and wempy.</p><p>Note: e template option is required when recursively applying templates.</p><p> context Overrides default context variables passed to the template. defaults Default context passed to the template. include_empty Set this to True if empty directories should also be created (default is False) include_pat When copying, include only this paern from the source. Default is glob match; if preﬁxed with `E@', then regexp match. Example:</p><p>- include_pat: hello* :: glob matches 'hello01', 'hello02' ... but not 'otherhello' - include_pat: E@hello :: regexp matches 'otherhello', 'hello01' ...</p><p> exclude_pat Exclude this paern from the source when copying. If both include_pat and exclude_pat are supplied, then it will apply conditions cumulatively. i.e. ﬁrst select based on include_pat, and then within that result apply exclude_pat. Also, when `clean=True', exclude this paern from the removal list and preserve in the destination. Example:</p><p>- exclude_pat: APPDATA* :: glob matches APPDATA.01, APPDATA.02,.. for exclusion - exclude_pat: E@(APPDATA)|(TEMPDATA) :: regexp matches APPDATA or TEMPDATA for exclusion</p><p> maxdepth When copying, only copy paths which are of depth maxdepth from the source path. Example:</p><p>- maxdepth: 0 :: Only include files located in the source directory - maxdepth: 1 :: Only include files located in the source or immediate subdirectories</p><p>22.27. Full list of builtin state modules 1137 Salt Documentation, Release 2014.7.6</p><p> keep_symlinks Keep symlinks when copying from the source. is option will cause the copy operation to terminate at the symlink. If desire behavior similar to rsync, then set this to True. force_symlinks Force symlink creation. is option will force the symlink creation. If a ﬁle or directory is obstructing symlink creation it will be recursively removed so that symlink creation can proceed. is option is usually not needed except in special circ*mstances. salt.states.file.rename(name, source, force=False, makedirs=False) If the source ﬁle exists on the system, rename it to the named ﬁle. e named ﬁle will not be overwrien if it already exists unless the force option is set to True. name e location of the ﬁle to rename to source e location of the ﬁle to move to the location speciﬁed with name force If the target location is present then the ﬁle will not be moved, specify ``force: True'' to overwrite the target ﬁle makedirs If the target subdirectories don't exist create them salt.states.file.replace(name, paern, repl, count=0, ﬂags=0, bufsize=1, ap- pend_if_not_found=False, prepend_if_not_found=False, not_found_content=None, backup='.bak', show_changes=True) Maintain an edit in a ﬁle. New in version 0.17.0. name Filesystem path to the ﬁle to be edited. pattern Python's `regular expression sear<https:>`_. repl e replacement text. count Maximum number of paern occurrences to be replaced. ﬂags A list of ﬂags deﬁned in the re module documentation. Each list item should be a string that will correlate to the human-friendly ﬂag name. E.g., ['IGNORECASE', 'MULTILINE']. Note: multiline searches must specify file as the bufsize argument below. Defaults to 0 and can be a list or an int. bufsize How much of the ﬁle to buﬀer into memory at once. e default value 1 processes one line at a time. e special value file may be speciﬁed which will read the entire ﬁle into memory before processing. Note: multiline searches must specify file buﬀering. Can be an int or a str. append_if_not_found If paern is not found and set to True then, the content will be appended to the ﬁle. New in version 2014.7.0. prepend_if_not_found If paern is not found and set to True then, the content will be prepended to the ﬁle. New in version 2014.7.0. not_found_content Content to use for append/prepend if not found. If None (default), uses repl. Useful when repl uses references to group in paern. New in version 2014.7.0. baup e ﬁle extension to use for a backup of the ﬁle before editing. Set to False to skip making a backup. show_anges Output a uniﬁed diﬀ of the old ﬁle and the new ﬁle. If False return a boolean if any changes were made. Returns a boolean or a string. For complex regex paerns it can be useful to avoid the need for complex quoting and escape sequences by making use of YAML's multiline string syntax.</https:></p><p>1138 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> complex_search_and_replace: file.replace: # &lt;...snip...&gt; - pattern: | CentOS \(2.6.32[^\n]+\n\s+root[^\n]+\n\)+ salt.states.file.sed(name, before, aer, limit='`, backup='.bak', options='-r -e', ﬂags='g', negate_match=False) Deprecated since version 0.17.0: Use the file.replace state instead. Maintain a simple edit to a ﬁle e ﬁle will be searched for the before paern before making the edit. In general the limit paern should be as speciﬁc as possible and before and after should contain the minimal text to be changed. before A paern that should exist in the ﬁle before the edit. aer A paern that should exist in the ﬁle aer the edit. limit An optional second paern that can limit the scope of the before paern. baup [`.bak'] e extension for the backed-up version of the ﬁle before the edit. If no backups is desired, pass in the empty string: `' options [-r -e] Any options to pass to the sed command. -r uses extended regular expression syntax and -e denotes that what follows is an expression that sed will execute. ﬂags [g] Any ﬂags to append to the sed expression. g speciﬁes the edit should be made globally (and not stop aer the ﬁrst replacement). negate_mat [False] Negate the search command (!) New in version 0.17.0. Usage:</p><p># Disable the epel repo by default /etc/yum.repos.d/epel.repo: file.sed: - before: 1 - after: 0 - limit: ^enabled=</p><p># Remove ldap from nsswitch /etc/nsswitch.conf: file.sed: - before: 'ldap' - after: '' - limit: '^passwd:'</p><p>New in version 0.9.5. salt.states.file.serialize(name, dataset, user=None, group=None, mode=None, env=None, backup='`, makedirs=False, show_diﬀ=True, create=True, merge_if_exists=False, **kwargs) Serializes dataset and store it into managed ﬁle. Useful for sharing simple conﬁguration ﬁles. name e location of the ﬁle to create dataset the dataset that will be serialized formatter Write the data as this format. Supported output formats: • JSON</p><p>22.27. Full list of builtin state modules 1139 Salt Documentation, Release 2014.7.6</p><p>• YAML • Python (via pprint.pformat) user e user to own the directory, this defaults to the user salt is running as on the minion group e group ownership set for the directory, this defaults to the group salt is running as on the minion mode e permissions to set on this ﬁle, aka 644, 0775, 4664 baup Overrides the default backup mode for this speciﬁc ﬁle. makedirs Create parent directories for destination ﬁle. New in version 2014.1.3. show_diﬀ If set to False, the diﬀ will not be shown. create Default is True, if create is set to False then the ﬁle will only be managed if the ﬁle already exists on the system. merge_if_exists Default is False, if merge_if_exists is True then the existing ﬁle will be parsed and the dataset passed in will be merged with the existing content New in version 2014.7.0. For example, this state:</p><p>/etc/dummy/package.json: file.serialize: - dataset: name: naive description: A package using naive versioning author: A confused individual <iam> dependencies: express: &gt;= 1.2.0 optimist: &gt;= 0.1.0 engine: node 0.4.1 - formatter: json</iam></p><p> will manage the ﬁle /etc/dummy/package.json:</p><p>{ "author": "A confused individual <iam>", "dependencies":{ "express": "&gt;= 1.2.0", "optimist": "&gt;= 0.1.0" }, "description": "A package using naive versioning", "engine": "node 0.4.1", "name": "naive" } salt.states.file.symlink(name, target, force=False, backupname=None, makedirs=False, user=None, group=None, mode=None, **kwargs) Create a symlink If the ﬁle already exists and is a symlink pointing to any location other than the speciﬁed target, the symlink will be replaced. If the symlink is a regular ﬁle or directory then the state will return False. If the regular ﬁle or directory is desired to be replaced with a symlink pass force: True, if it is to be renamed, pass a backupname. name e location of the symlink to create target e location that the symlink points to</iam></p><p>1140 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> force If the name of the symlink exists and is not a symlink and force is set to False, the state will fail. If force is set to True, the ﬁle or directory in the way of the symlink ﬁle will be deleted to make room for the symlink, unless backupname is set, when it will be renamed baupname If the name of the symlink exists and is not a symlink, it will be renamed to the backupname. If the backupname already exists and force is False, the state will fail. Otherwise, the backupname will be removed ﬁrst. makedirs If the location of the symlink does not already have a parent directory then the state will fail, seing makedirs to True will allow Salt to create the parent directory user e user to own the ﬁle, this defaults to the user salt is running as on the minion group e group ownership set for the ﬁle, this defaults to the group salt is running as on the minion. On Windows, this is ignored mode e permissions to set on this ﬁle, aka 644, 0775, 4664. Not supported on Windows salt.states.file.touch(name, atime=None, mtime=None, makedirs=False) Replicate the `nix ``touch'' command to create a new empty ﬁle or update the atime and mtime of an existing ﬁle. Note that if you just want to create a ﬁle and don't care about atime or mtime, you should use file.managed instead, as it is more feature-complete. (Just leave out the source/template/contents arguments, and it will just create the ﬁle and/or check its permissions, without messing with contents) name name of the ﬁle atime atime of the ﬁle mtime mtime of the ﬁle makedirs whether we should create the parent directory/directories in order to touch the ﬁle Usage:</p><p>/var/log/httpd/logrotate.empty: file.touch</p><p>New in version 0.9.5. salt.states.file.uncomment(name, regex, char='#', backup='.bak') Uncomment speciﬁed commented lines in a ﬁle name e full path to the ﬁle to be edited regex A regular expression used to ﬁnd the lines that are to be uncommented. is regex should not include the comment character. A leading ^ character will be stripped for convenience (for easily switching between comment() and uncomment()). e regex will be searched for from the beginning of the line, ignoring leading spaces (we prepend `^[ t]*') ar [#] e character to remove in order to uncomment a line baup [.bak] e ﬁle will be backed up before edit with this ﬁle extension; WARNING: each time sed/comment/uncomment is called will overwrite this backup Usage:</p><p>/etc/adduser.conf: file.uncomment: - regex: EXTRA_GROUPS</p><p>New in version 0.9.5.</p><p>22.27. Full list of builtin state modules 1141 Salt Documentation, Release 2014.7.6</p><p>22.27.32 salt.states.gem</p><p>Installation of Ruby modules packaged as gems</p><p>A state module to manage rubygems. Gems can be set up to be installed or removed. is module will use RVM or rbenv if they are installed. In that case, you can specify what ruby version and gemset to target. addressable: gem.installed: - user: rvm - ruby: jruby@jgemset salt.states.gem.installed(name, ruby=None, runas=None, user=None, version=None, rdoc=False, ri=False, proxy=None) Make sure that a gem is installed. name e name of the gem to install ruby: None For RVM or rbenv installations: the ruby version and gemset to target. runas: None e user under which to run the gem command Deprecated since version 0.17.0. user: None e user under which to run the gem command New in version 0.17.0. version [None] Specify the version to install for the gem. Doesn't play nice with multiple gems at once rdoc [False] Generate RDoc documentation for the gem(s). ri [False] Generate RI documentation for the gem(s). proxy [None] Use the speciﬁed HTTP proxy server for all outgoing traﬃc. Format: hp://hostname[:port] salt.states.gem.removed(name, ruby=None, runas=None, user=None) Make sure that a gem is not installed. name e name of the gem to uninstall ruby: None For RVM or rbenv installations: the ruby version and gemset to target. runas: None e user under which to run the gem command Deprecated since version 0.17.0. user: None e user under which to run the gem command New in version 0.17.0.</p><p>22.27.33 salt.states.git</p><p>Interaction with Git repositories</p><p>Important: Before using git over ssh, make sure your remote host ﬁngerprint exists in ``~/.ssh/known_hosts'' ﬁle. To avoid requiring password authentication, it is also possible to pass private keys to use explicitly.</p><p>1142 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> https://github.com/saltstack/salt.git: git.latest: - rev: develop - target: /tmp/salt salt.states.git.config(name, value, repo=None, user=None, is_global=False) New in version 2014.7.0. Manage a git conﬁg seing for a user or repository name Name of the git conﬁg value to set value Value to set repo [None] An optional location of a git repository for local operations user [None] Optional name of a user as whom git conﬁg will be run is_global [False] Whether or not to pass the --global option to git conﬁg Local conﬁg example:</p><p> mylocalrepo: git.config: - name: user.email - value: fester@bestertester.net - repo: file://my/path/to/repo</p><p>Global conﬁg example:</p><p> mylocalrepo: git.config: - name: user.name - value: Esther Bestertester - user: ebestertester - is_global: True salt.states.git.latest(name, rev=None, target=None, runas=None, user=None, force=None, force_checkout=False, force_reset=False, submodules=False, mirror=False, bare=False, remote_name='origin', always_fetch=False, identity=None, onlyif=False, unless=False) Make sure the repository is cloned to the given directory and is up to date name Address of the remote repository as passed to ``git clone'' rev e remote branch, tag, or revision ID to checkout aer clone / before update target Name of the target directory where repository is about to be cloned runas Name of the user performing repository management operations Deprecated since version 0.17.0. user Name of the user performing repository management operations New in version 0.17.0. force Force git to clone into pre-existing directories (deletes contents) force_eout Force a checkout even if there might be overwrien changes (Default: False) submodules Update submodules on clone or branch change (Default: False)</p><p>22.27. Full list of builtin state modules 1143 Salt Documentation, Release 2014.7.6</p><p> mirror True if the repository is to be a mirror of the remote repository. is implies bare, and thus is incom- patible with rev. bare True if the repository is to be a bare clone of the remote repository. is is incompatible with rev, as nothing will be checked out. remote_name deﬁnes a diﬀerent remote name. For the ﬁrst clone the given name is set to the default remote, else it is just a additional remote. (Default: `origin') always_fet If a tag or branch name is used as the rev a fetch will not occur until the tag or branch name changes. Seing this to true will force a fetch to occur. Only applies when rev is set. (Default: False) identity A path to a private key to use over SSH onlyif A command to run as a check, run the named command only if the command passed to the onlyif option returns true unless A command to run as a check, only run the named command if the command passed to the unless option returns false</p><p>Note: Clashing ID declarations can be avoided when including diﬀerent branches from the same git repository in the same sls ﬁle by using the name declaration. e example below checks out the gh-pages and gh- pages-prod branches from the same repository into separate directories. e example also sets up the ssh_known_hosts ssh key required to perform the git checkout.</p><p> gitlab.example.com: ssh_known_hosts: - present - user: root - enc: ecdsa - fingerprint: 4e:94:b0:54:c1:5b:29:a2:70:0e:e1:a3:51:ee:ee:e3</p><p> git-website-staging: git.latest: - name: git@gitlab.example.com:user/website.git - rev: gh-pages - target: /usr/share/nginx/staging - identity: /root/.ssh/website_id_rsa - require: - pkg: git - ssh_known_hosts: gitlab.example.com</p><p> git-website-prod: git.latest: - name: git@gitlab.example.com:user/website.git - rev: gh-pages-prod - target: /usr/share/nginx/prod - identity: /root/.ssh/website_id_rsa - require: - pkg: git - ssh_known_hosts: gitlab.example.com salt.states.git.mod_run_check(cmd_kwargs, onlyif, unless) Execute the onlyif and unless logic. Return a result dict if: * onlyif failed (onlyif != 0) * unless succeeded (unless == 0) else return True salt.states.git.present(name, bare=True, runas=None, user=None, force=False) Make sure the repository is present in the given directory name Name of the directory where the repository is about to be created</p><p>1144 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> bare Create a bare repository (Default: True) runas Name of the user performing repository management operations Deprecated since version 0.17.0. user Name of the user performing repository management operations New in version 0.17.0. force Force-create a new repository into an pre-existing non-git directory (deletes contents)</p><p>22.27.34 salt.states.glusterfs</p><p>Manage glusterfs pool. salt.states.glusterfs.created(name, bricks, stripe=False, replica=False, device_vg=False, trans- port='tcp', start=False) Check if volume already exists name name of the volume</p><p> myvolume: glusterfs.created: - bricks: - host1:/srv/gluster/drive1 - host2:/srv/gluster/drive2</p><p>Replicated Volume: glusterfs.created: - name: volume2 - bricks: - host1:/srv/gluster/drive2 - host2:/srv/gluster/drive3 - replica: 2 - start: True salt.states.glusterfs.peered(name) Check if node is peered. name e remote host with which to peer.</p><p> peer-cluster: glusterfs.peered: - name: two</p><p> peer-clusters: glusterfs.peered: - names: - one - two - three - four salt.states.glusterfs.started(name) Check if volume has been started name name of the volume</p><p> mycluster: glusterfs.started: []</p><p>22.27. Full list of builtin state modules 1145 Salt Documentation, Release 2014.7.6</p><p>22.27.35 salt.states.gnomedesktop</p><p>Configuration of the GNOME desktop</p><p>Control the GNOME seings localdesktop_wm_prefs: gnomedesktop.wm_preferences: - user: username - audible_bell: false - action_double_click_titlebar: 'toggle-maximize' - visual_bell: true - num_workspaces: 6 localdesktop_lockdown: gnomedesktop.desktop_lockdown: - user: username - disable_user_switching: true localdesktop_interface: gnomedesktop.desktop_interface: - user: username - clock_show_date: true - clock_format: 12h salt.states.gnomedesktop.desktop_interface(name, user=None, auto- matic_mnemonics=None, buons_have_icons=None, can_change_accels=None, clock_format=None, clock_show_date=None, clock_show_seconds=None, cur- sor_blink=None, cursor_blink_time=None, cursor_blink_timeout=None, cur- sor_size=None, cursor_theme=None, document_font_name=None, enable_animations=None, font_name=None, gtk_color_palee=None, gtk_color_scheme=None, gtk_im_module=None, gtk_im_preedit_style=None, gtk_im_status_style=None, gtk_key_theme=None, gtk_theme=None, gtk_timeout_initial=None, gtk_timeout_repeat=None, icon_theme=None, menubar_accel=None, menubar_detachable=None, menus_have_icons=None, menus_have_tearoﬀ=None, monospace_font_name=None, show_input_method_menu=None, show_unicode_menu=None, text_scaling_factor=None, tool- bar_detachable=None, tool- bar_icons_size=None, toolbar_style=None, toolkit_accessibility=None, **kwargs) desktop_interface: sets values in the org.gnome.desktop.interface schema</p><p>1146 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.states.gnomedesktop.desktop_lockdown(name, user=None, dis- able_application_handlers=None, disable_command_line=None, dis- able_lock_screen=None, dis- able_log_out=None, disable_print_setup=None, disable_printing=None, dis- able_save_to_disk=None, dis- able_user_switching=None, user_administration_disabled=None, **kwargs) desktop_lockdown: sets values in the org.gnome.desktop.lockdown schema salt.states.gnomedesktop.wm_preferences(name, user=None, ac- tion_double_click_titlebar=None, ac- tion_middle_click_titlebar=None, ac- tion_right_click_titlebar=None, appli- cation_based=None, audible_bell=None, auto_raise=None, auto_raise_delay=None, but- ton_layout=None, disable_workarounds=None, focus_mode=None, focus_new_windows=None, mouse_buon_modiﬁer=None, num_workspaces=None, raise_on_click=None, resize_with_right_buon=None, theme=None, title- bar_font=None, titlebar_uses_system_font=None, visual_bell=None, visual_bell_type=None, workspace_names=None, **kwargs) wm_preferences: sets values in the org.gnome.desktop.wm.preferences schema</p><p>22.27.36 salt.states.grains</p><p>Manage grains on the minion</p><p>is state allows for grains to be set. Grains set or altered this way are stored in the `grains' ﬁle on the minions, by default at: /etc/salt/grains Note: is does NOT override any grains set in the minion ﬁle. salt.states.grains.absent(name, destructive=False) New in version 2014.7.0. Delete a grain from the grains conﬁg ﬁle name e grain name</p><p>Parameters destructive -- If destructive is True, delete the entire grain. If destructive is False, set the grain's value to None. Defaults to False.</p><p> grain_name: grains.absent salt.states.grains.append(name, value, convert=False) New in version 2014.7.0. Append a value to a list in the grains conﬁg ﬁle name e grain name value e value to append</p><p>22.27. Full list of builtin state modules 1147 Salt Documentation, Release 2014.7.6</p><p>Parameters convert -- If convert is True, convert non-list contents into a list. If convert is False and the grain contains non-list contents, an error is given. Defaults to False.</p><p> grain_name: grains.append: - value: to_be_appended salt.states.grains.list_absent(name, value) Delete a value from a grain formed as a list. New in version 2014.1.0. name e grain name. value e value to delete from the grain list. e grain should be list type</p><p> roles: grains.list_absent: - value: db</p><p>For multiple grains, the syntax looks like:</p><p> roles: grains.list_absent: - value: - web - dev salt.states.grains.list_present(name, value) New in version 2014.1.0. Ensure the value is present in the list type grain. name e grain name. value e value is present in the list type grain. e grain should be list type</p><p> roles: grains.list_present: - value: web</p><p>For multiple grains, the syntax looks like:</p><p> roles: grains.list_present: - value: - web - dev salt.states.grains.present(name, value) Ensure that a grain is set name e grain name value e value to set on the grain If the grain with the given name exists, its value is updated to the new value. If the grain does not yet exist, a new grain is set to the given value.</p><p>1148 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> cheese: grains.present: - value: edam</p><p>22.27.37 salt.states.group</p><p>Management of user groups</p><p>e group module is used to create and manage unix group seings, groups can be either present or absent: cheese: group.present: - gid: 7648 - system: True - addusers: - user1 - users2 - delusers: - foo cheese: group.present: - gid: 7648 - system: True - members: - foo - bar - user1 - user2 salt.states.group.absent(name) Ensure that the named group is absent name e name of the group to remove salt.states.group.present(name, gid=None, system=False, addusers=None, delusers=None, mem- bers=None) Ensure that a group is present name e name of the group to manage gid e group id to assign to the named group; if le empty, then the next available group id will be assigned system Whether or not the named group is a system group. is is essentially the `-r' option of `groupadd'. addusers List of additional users to be added as a group members. delusers Ensure these user are removed from the group membership. members Replace existing group members with a list of new members. Note: Options `members' and `addusers/delusers' are mutually exclusive and can not be used together.</p><p>22.27. Full list of builtin state modules 1149 Salt Documentation, Release 2014.7.6</p><p>22.27.38 salt.states.hg</p><p>Interaction with Mercurial repositories</p><p>Before using hg over ssh, make sure the remote host ﬁngerprint already exists in ~/.ssh/known_hosts, and the remote host has this host's public key. https://bitbucket.org/example_user/example_repo: hg.latest: - rev: tip - target: /tmp/example_repo salt.states.hg.latest(name, rev=None, target=None, clean=False, runas=None, user=None, force=False, opts=False) Make sure the repository is cloned to the given directory and is up to date name Address of the remote repository as passed to ``hg clone'' rev e remote branch, tag, or revision hash to clone/pull target Name of the target directory where repository is about to be cloned clean Force a clean update with -C (Default: False) runas Name of the user performing repository management operations Deprecated since version 0.17.0. user Name of the user performing repository management operations force Force hg to clone into pre-existing directories (deletes contents) opts Include additional arguments and options to the hg command line</p><p>22.27.39 salt.states.host</p><p>Management of addresses and names in hosts file</p><p>e /etc/hosts ﬁle can be managed to contain deﬁnitions for speciﬁc hosts: salt-master: host.present: - ip: 192.168.0.42</p><p>Or using the names directive, you can put several names for the same IP. (Do not try one name with space-separated values). server1: host.present: - ip: 192.168.0.42 - names: - server1 - florida</p><p>Note: Changing the names in host.present does not cause an update to remove the old entry.</p><p>1150 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> server1: host.present: - ip: - 192.168.0.42 - 192.168.0.43 - 192.168.0.44 - names: - server1 salt.states.host.absent(name, ip) Ensure that the named host is absent name e host to remove ip e ip addr(s) of the host to remove salt.states.host.present(name, ip) Ensures that the named host is present with the given ip name e host to assign an ip to ip e ip addr(s) to apply to the host</p><p>22.27.40 salt.states.htpasswd</p><p>Support for htpasswd module New in version 2014.7.0. username: webutil.user_exists: - password: secr3t - htpasswd_file: /etc/nginx/htpasswd - options: d - force: true salt.states.htpasswd.user_exists(name, password=None, htpasswd_ﬁle=None, options='`, force=False, **kwargs) Make sure the user is inside the /etc/nginx/htpasswd name username password password of the user htpasswd_file path to the ﬁle that htpasswd will handle options see salt.module.htpasswd.useradd force touch the ﬁle even if user already created</p><p>22.27.41 salt.states.incron</p><p>Management of incron, the inotify cron</p><p>e incron state module allows for user incrontabs to be cleanly managed. Incron declarations require a number of parameters. e parameters needed to be declared: path, mask, and cmd. e user whose incrontab is to be edited also needs to be deﬁned.</p><p>22.27. Full list of builtin state modules 1151 Salt Documentation, Release 2014.7.6</p><p>When making changes to an existing incron job, the path declaration is the unique factor, so if an existing cron that looks like this:</p><p>Watch for modifications in /home/user: incron.present: - user: root - path: /home/user - mask: - IN_MODIFY - cmd: 'echo "$$ $@"'</p><p>Is changed to this:</p><p>Watch for modifications and access in /home/user: incron.present: - user: root - path: /home/user - mask: - IN_MODIFY - IN_ACCESS - cmd: 'echo "$$ $@"'</p><p>en the existing cron will be updated, but if the cron command is changed, then a new cron job will be added to the user's crontab. New in version 0.17.0. salt.states.incron.absent(name, path, mask, cmd, user='root') Veriﬁes that the speciﬁed incron job is absent for the speciﬁed user; only the name is matched when removing a incron job. name Unique comment describing the entry path e path that should be watched user e name of the user who's crontab needs to be modiﬁed, defaults to the root user mask e mask of events that should be monitored for cmd e cmd that should be executed salt.states.incron.present(name, path, mask, cmd, user='root') Veriﬁes that the speciﬁed incron job is present for the speciﬁed user. For more advanced information about what exactly can be set in the cron timing parameters, check your incron system's documentation. Most Unix-like systems' incron documentation can be found via the incrontab man page: man 5 incrontab. name Unique comment describing the entry path e path that should be watched user e name of the user who's crontab needs to be modiﬁed, defaults to the root user mask e mask of events that should be monitored for cmd e cmd that should be executed</p><p>1152 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>22.27.42 salt.states.influxdb_database</p><p>Management of InfluxDB databases</p><p>(compatible with InﬂuxDB version 0.5+) New in version 2014.7.0. salt.states.influxdb_database.absent(name, user=None, password=None, host=None, port=None) Ensure that the named database is absent name e name of the database to remove user e user to connect as (must be able to remove the database) password e password of the user host e host to connect to port e port to connect to salt.states.influxdb_database.present(name, user=None, password=None, host=None, port=None) Ensure that the named database is present name e name of the database to create user e user to connect as (must be able to remove the database) password e password of the user host e host to connect to port e port to connect to</p><p>22.27.43 salt.states.influxdb_user</p><p>Management of InfluxDB users</p><p>(compatible with InﬂuxDB version 0.5+) New in version 2014.7.0. salt.states.influxdb_user.absent(name, database=None, user=None, password=None, host=None, port=None) Ensure that the named cluster admin or database user is absent. name e name of the user to remove database e database to remove the user from user e user to connect as (must be able to remove the user) password e password of the user host e host to connect to port e port to connect to salt.states.influxdb_user.present(name, passwd, database=None, user=None, password=None, host=None, port=None) Ensure that the cluster admin or database user is present. name e name of the user to manage</p><p>22.27. Full list of builtin state modules 1153 Salt Documentation, Release 2014.7.6</p><p> passwd e password of the user database e database to create the user in user e user to connect as (must be able to create the user) password e password of the user host e host to connect to port e port to connect to</p><p>22.27.44 salt.states.ini_manage</p><p>Manage ini files</p><p> maintainer <akilesh1597> maturity new depends re platform all use section as DEFAULT_IMPLICIT if your ini ﬁle does not have any section for example /etc/sysctl.conf salt.states.ini_manage.options_absent(name, sections=None)</akilesh1597></p><p>/home/saltminion/api-paste.ini: ini_manage: - options_absent - sections: test: - testkey - secondoption test1: - testkey1</p><p> options present in ﬁle and not speciﬁed in sections dict will be untouched changes dict will contain the list of changes made salt.states.ini_manage.options_present(name, sections=None)</p><p>/home/saltminion/api-paste.ini: ini_manage: - options_present - sections: test: testkey: 'testval' secondoption: 'secondvalue' test1: testkey1: 'testval121'</p><p> options present in ﬁle and not speciﬁed in sections dict will be untouched changes dict will contain the list of changes made salt.states.ini_manage.sections_absent(name, sections=None)</p><p>1154 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>/home/saltminion/api-paste.ini: ini_manage: - sections_absent - sections: - test - test1</p><p> options present in ﬁle and not speciﬁed in sections will be deleted changes dict will contain the sections that changed salt.states.ini_manage.sections_present(name, sections=None)</p><p>/home/saltminion/api-paste.ini: ini_manage: - sections_present - sections: test: testkey: testval secondoption: secondvalue test1: testkey1: 'testval121'</p><p> options present in ﬁle and not speciﬁed in sections will be deleted changes dict will contain the sections that changed</p><p>22.27.45 salt.states.ipset</p><p>Management of ipsets</p><p>is is an ipset-speciﬁc module designed to manage IPSets for use in IPTables Firewalls. setname: ipset.set_present: - set_type: bitmap:ip - range: 192.168.0.0/16 - comment: True setname: ipset.set_absent: - set_type: bitmap:ip - range: 192.168.0.0/16 - comment: True setname_entries: ipset.present: - set_name: setname - entry: 192.168.0.3 - comment: Hello - require: - ipset: baz setname_entries: ipset.present: - set_name: setname - entry: - 192.168.0.3</p><p>22.27. Full list of builtin state modules 1155 Salt Documentation, Release 2014.7.6</p><p>- 192.168.1.3 - comment: Hello - require: - ipset: baz setname_entries: ipset.absent: - set_name: setname - entry: - 192.168.0.3 - 192.168.1.3 - comment: Hello - require: - ipset: baz setname: ipset.flush: salt.states.ipset.absent(name, entry=None, entries=None, family='ipv4', **kwargs) New in version 2014.7.0. Remove a entry or entries from a chain name A user-deﬁned name to call this entry by in another part of a state or formula. is should not be an actual entry. family Network family, ipv4 or ipv6. salt.states.ipset.flush(name, family='ipv4', **kwargs) New in version 2014.7.0. Flush current ipset set family Networking family, either ipv4 or ipv6 salt.states.ipset.present(name, entry=None, family='ipv4', **kwargs) New in version 2014.7.0. Append a entry to a set name A user-deﬁned name to call this entry by in another part of a state or formula. is should not be an actual entry. entry A single entry to add to a set or a list of entries to add to a set family Network family, ipv4 or ipv6. salt.states.ipset.set_absent(name, family='ipv4', **kwargs) New in version 2014.7.0. Verify the set is absent. family Networking family, either ipv4 or ipv6 salt.states.ipset.set_present(name, set_type, family='ipv4', **kwargs) New in version 2014.7.0. Verify the chain is exist. name A user-deﬁned set name. set_type e type for the set family Networking family, either ipv4 or ipv6</p><p>1156 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>22.27.46 salt.states.iptables</p><p>Management of iptables</p><p>is is an iptables-speciﬁc module designed to manage Linux ﬁrewalls. It is expected that this state module, and other system-speciﬁc ﬁrewall states, may at some point be deprecated in favor of a more generic ﬁrewall state. httpd: iptables.append: - table: filter - chain: INPUT - jump: ACCEPT - match: state - connstate: NEW - dport: 80 - proto: tcp - sport: 1025:65535 - save: True httpd: iptables.append: - table: filter - chain: INPUT - jump: ACCEPT - match: - state - comment - comment: "Allow HTTP" - connstate: NEW - dport: 80 - proto: tcp - sport: 1025:65535 - save: True httpd: iptables.append: - table: filter - chain: INPUT - jump: ACCEPT - match: - state - comment - comment: "Allow HTTP" - connstate: NEW - source: '127.0.0.1' - dport: 80 - proto: tcp - sport: 1025:65535 - save: True</p><p>.. Invert Rule httpd: iptables.append: - table: filter - chain: INPUT - jump: ACCEPT - match: - state</p><p>22.27. Full list of builtin state modules 1157 Salt Documentation, Release 2014.7.6</p><p>- comment - comment: "Allow HTTP" - connstate: NEW - source: '! 127.0.0.1' - dport: 80 - proto: tcp - sport: 1025:65535 - save: True httpd: iptables.append: - table: filter - chain: INPUT - jump: ACCEPT - match: - state - comment - comment: "Allow HTTP" - connstate: NEW - source: 'not 127.0.0.1' - dport: 80 - proto: tcp - sport: 1025:65535 - save: True httpd: iptables.append: - table: filter - family: ipv6 - chain: INPUT - jump: ACCEPT - match: state - connstate: NEW - dport: 80 - proto: tcp - sport: 1025:65535 - save: True httpd: iptables.append: - table: filter - family: ipv4 - chain: INPUT - jump: ACCEPT - match: state - connstate: NEW - dports: - 80 - 443 - proto: tcp - sport: 1025:65535 - save: True httpd: iptables.insert: - position: 1 - table: filter - chain: INPUT</p><p>1158 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>- jump: ACCEPT - match: state - connstate: NEW - dport: 80 - proto: tcp - sport: 1025:65535 - save: True httpd: iptables.insert: - position: 1 - table: filter - family: ipv6 - chain: INPUT - jump: ACCEPT - match: state - connstate: NEW - dport: 80 - proto: tcp - sport: 1025:65535 - save: True httpd: iptables.delete: - table: filter - chain: INPUT - jump: ACCEPT - match: state - connstate: NEW - dport: 80 - proto: tcp - sport: 1025:65535 - save: True httpd: iptables.delete: - position: 1 - table: filter - chain: INPUT - jump: ACCEPT - match: state - connstate: NEW - dport: 80 - proto: tcp - sport: 1025:65535 - save: True httpd: iptables.delete: - table: filter - family: ipv6 - chain: INPUT - jump: ACCEPT - match: state - connstate: NEW - dport: 80 - proto: tcp - sport: 1025:65535</p><p>22.27. Full list of builtin state modules 1159 Salt Documentation, Release 2014.7.6</p><p>- save: True salt.states.iptables.append(name, family='ipv4', **kwargs) New in version 0.17.0. Append a rule to a chain name A user-deﬁned name to call this rule by in another part of a state or formula. is should not be an actual rule. family Network family, ipv4 or ipv6. All other arguments are passed in with the same name as the long option that would normally be used for iptables, with one exception: --state is speciﬁed as connstate instead of state (not to be confused with ctstate). salt.states.iptables.chain_absent(name, table='ﬁlter', family='ipv4') New in version 2014.1.0. Verify the chain is absent. family Networking family, either ipv4 or ipv6 salt.states.iptables.chain_present(name, table='ﬁlter', family='ipv4') New in version 2014.1.0. Verify the chain is exist. name A user-deﬁned chain name. table e table to own the chain. family Networking family, either ipv4 or ipv6 salt.states.iptables.delete(name, family='ipv4', **kwargs) New in version 2014.1.0. Delete a rule to a chain name A user-deﬁned name to call this rule by in another part of a state or formula. is should not be an actual rule. family Networking family, either ipv4 or ipv6 All other arguments are passed in with the same name as the long option that would normally be used for iptables, with one exception: --state is speciﬁed as connstate instead of state (not to be confused with ctstate). salt.states.iptables.flush(name, family='ipv4', **kwargs) New in version 2014.1.0. Flush current iptables state family Networking family, either ipv4 or ipv6 salt.states.iptables.insert(name, family='ipv4', **kwargs) New in version 2014.1.0. Insert a rule into a chain name A user-deﬁned name to call this rule by in another part of a state or formula. is should not be an actual rule. family Networking family, either ipv4 or ipv6</p><p>1160 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>All other arguments are passed in with the same name as the long option that would normally be used for iptables, with one exception: --state is speciﬁed as connstate instead of state (not to be confused with ctstate). salt.states.iptables.set_policy(name, family='ipv4', **kwargs) New in version 2014.1.0. Sets the default policy for iptables ﬁrewall tables family Networking family, either ipv4 or ipv6</p><p>22.27.47 salt.states.keyboard</p><p>Management of keyboard layouts</p><p>e keyboard layout can be managed for the system: us: keyboard.system</p><p>Or it can be managed for XOrg: us: keyboard.xorg salt.states.keyboard.system(name) Set the keyboard layout for the system name e keyboard layout to use salt.states.keyboard.xorg(name) Set the keyboard layout for XOrg layout e keyboard layout to use</p><p>22.27.48 salt.states.keystone</p><p>Management of Keystone users</p><p> depends • keystoneclient Python module conﬁguration See salt.modules.keystone for setup instructions.</p><p>Keystone tenants: keystone.tenant_present: - names: - admin - demo - service</p><p>Keystone roles: keystone.role_present: - names: - admin</p><p>22.27. Full list of builtin state modules 1161 Salt Documentation, Release 2014.7.6</p><p>- Member admin: keystone.user_present: - password: R00T_4CC3SS - email: admin@domain.com - roles: admin: # tenants - admin # roles service: - admin - Member - require: - keystone: Keystone tenants - keystone: Keystone roles nova: keystone.user_present: - password: '$up3rn0v4' - email: nova@domain.com - tenant: service - roles: service: - admin - require: - keystone: Keystone tenants - keystone: Keystone roles demo: keystone.user_present: - password: 'd3m0n$trati0n' - email: demo@domain.com - tenant: demo - roles: demo: - Member - require: - keystone: Keystone tenants - keystone: Keystone roles nova service: keystone.service_present: - name: nova - service_type: compute - description: OpenStack Compute Service salt.states.keystone.endpoint_absent(name, proﬁle=None, **connection_args) Ensure that the endpoint for a service doesn't exist in Keystone catalog name e name of the service whose endpoints should not exist salt.states.keystone.endpoint_present(name, publicurl=None, internalurl=None, admin- url=None, region='RegionOne', proﬁle=None, **connec- tion_args) Ensure the speciﬁed endpoints exists for service name e Service name public url e public url of service endpoint</p><p>1162 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> internal url e internal url of service endpoint admin url e admin url of the service endpoint region e region of the endpoint salt.states.keystone.role_absent(name, proﬁle=None, **connection_args) Ensure that the keystone role is absent. name e name of the role that should not exist salt.states.keystone.role_present(name, proﬁle=None, **connection_args) ` Ensures that the keystone role exists name e name of the role that should be present salt.states.keystone.service_absent(name, proﬁle=None, **connection_args) Ensure that the service doesn't exist in Keystone catalog name e name of the service that should not exist salt.states.keystone.service_present(name, service_type, description=None, proﬁle=None, **connection_args) Ensure service present in Keystone catalog name e name of the service service_type e type of Openstack Service description (optional) Description of the service salt.states.keystone.tenant_absent(name, proﬁle=None, **connection_args) Ensure that the keystone tenant is absent. name e name of the tenant that should not exist salt.states.keystone.tenant_present(name, description=None, enabled=True, proﬁle=None, **connection_args) Ensures that the keystone tenant exists name e name of the tenant to manage description e description to use for this tenant enabled Availability state for this tenant salt.states.keystone.user_absent(name, proﬁle=None, **connection_args) Ensure that the keystone user is absent. name e name of the user that should not exist salt.states.keystone.user_present(name, password, email, tenant=None, enabled=True, roles=None, proﬁle=None, **connection_args) Ensure that the keystone user is present with the speciﬁed properties. name e name of the user to manage password e password to use for this user email e email address for this user tenant e tenant for this user enabled Availability state for this user roles e roles the user should have under given tenants. Passed as a dictionary mapping tenant names to a list of roles in this tenant, i.e.:</p><p>22.27. Full list of builtin state modules 1163 Salt Documentation, Release 2014.7.6</p><p> roles: admin: # tenant - admin # role service: - admin - Member</p><p>22.27.49 salt.states.kmod</p><p>Loading and unloading of kernel modules</p><p>e Kernel modules on a system can be managed cleanly with the kmod state module: kvm_amd: kmod.present pcspkr: kmod.absent salt.states.kmod.absent(name, persist=False, comment=True) Verify that the named kernel module is not loaded name e name of the kernel module to verify is not loaded persist Delete module from /etc/modules comment Don't remove module from /etc/modules, only comment it salt.states.kmod.present(name, persist=False) Ensure that the speciﬁed kernel module is loaded name e name of the kernel module to verify is loaded persist Also add module to /etc/modules</p><p>22.27.50 salt.states.layman</p><p>Management of Gentoo Overlays using layman</p><p>A state module to manage Gentoo package overlays via layman sunrise: layman.present salt.states.layman.absent(name) Verify that the overlay is absent name e name of the overlay to delete salt.states.layman.present(name) Verify that the overlay is present name e name of the overlay to add</p><p>1164 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>22.27.51 salt.states.libvirt</p><p>Manage libvirt certificates</p><p>is state uses the external pillar in the master to call for the generation and signing of certiﬁcates for systems running libvirt: libvirt_keys: libvirt.keys salt.states.libvirt.keys(name, basepath='/etc/pki') Manage libvirt keys. name e name variable used to track the execution basepath Defaults to /etc/pki, this is the root location used for libvirt keys on the hypervisor</p><p>22.27.52 salt.states.locale</p><p>Management of languages/locales</p><p>e locale can be managed for the system: en_US.UTF-8: locale.system salt.states.locale.present(name) Generate a locale if it is not present New in version 2014.7.0. name e name of the locale to be present salt.states.locale.system(name) Set the locale for the system name e name of the locale to use</p><p>22.27.53 salt.states.lvm</p><p>Management of Linux logical volumes</p><p>A state module to manage LVMs</p><p>/dev/sda: lvm.pv_present my_vg: lvm.vg_present: - devices: /dev/sda lvroot: lvm.lv_present: - vgname: my_vg - size: 10G</p><p>22.27. Full list of builtin state modules 1165 Salt Documentation, Release 2014.7.6</p><p>- stripes: 5 - stripesize: 8K salt.states.lvm.lv_absent(name, vgname=None) Remove a given existing logical volume from a named existing volume group name e logical volume to remove vgname e volume group name salt.states.lvm.lv_present(name, vgname=None, size=None, extents=None, snapshot=None, pv='`, **kwargs) Create a new logical volume name e name of the logical volume vgname e volume group name for this logical volume size e initial size of the logical volume extents e number of logical extents to allocate snapshot e name of the snapshot pv e physical volume to use kwargs Any supported options to lvcreate. See linux_lvm for more details. salt.states.lvm.pv_absent(name) Ensure that a Physical Device is not being used by lvm name e device name to initialize. salt.states.lvm.pv_present(name, **kwargs) Set a physical device to be used as an LVM physical volume name e device name to initialize. kwargs Any supported options to pvcreate. See linux_lvm for more details. salt.states.lvm.vg_absent(name) Remove an LVM volume group name e volume group to remove salt.states.lvm.vg_present(name, devices=None, **kwargs) Create an LVM volume group name e volume group name to create devices A list of devices that will be added to the volume group kwargs Any supported options to vgcreate. See linux_lvm for more details.</p><p>22.27.54 salt.states.lvs_server</p><p>Management of LVS (Linux Virtual Server) Real Server salt.states.lvs_server.absent(name, protocol=None, service_address=None, server_address=None) Ensure the LVS Real Server in speciﬁed service is absent. name e name of the LVS server.</p><p>1166 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> protocol e service protocol(only support tcp, udp and fwmark service). service_address e LVS service address. server_address e LVS real server address. salt.states.lvs_server.present(name, protocol=None, service_address=None, server_address=None, packet_forward_method='dr', weight=1) Ensure that the named service is present. name e LVS server name protocol e service protocol service_address e LVS service address server_address e real server address. paet_forward_method e LVS packet forwarding method(dr for direct routing, tunnel for tunneling, nat for network access translation). weight e capacity of a server relative to the others in the pool.</p><p> lvsrs: lvs_server.present: - protocol: tcp - service_address: 1.1.1.1:80 - server_address: 192.168.0.11:8080 - packet_forward_method: dr - weight: 10</p><p>22.27.55 salt.states.lvs_service</p><p>Management of LVS (Linux Virtual Server) Service salt.states.lvs_service.absent(name, protocol=None, service_address=None) Ensure the LVS service is absent. name e name of the LVS service protocol e service protocol service_address e LVS service address salt.states.lvs_service.present(name, protocol=None, service_address=None, scheduler='wlc') Ensure that the named service is present. name e LVS service name protocol e service protocol service_address e LVS service address seduler Algorithm for allocating TCP connections and UDP datagrams to real servers.</p><p> lvstest: lvs_service.present: - service_address: 1.1.1.1:80 - protocol: tcp - scheduler: rr</p><p>22.27. Full list of builtin state modules 1167 Salt Documentation, Release 2014.7.6</p><p>22.27.56 salt.states.lxc lxc / Spin up and control LXC containers salt.states.lxc.absent(name) Destroy a container name id of the container to destroy</p><p> destroyer: lxc.absent: - name: my_instance_name2 salt.states.lxc.cloned(name, orig, snapshot=True, size=None, vgname=None, proﬁle=None) Clone a container name id of the container to clone to orig id of the container to clone from snapshot do we use snapshots size Which size vgname If LVM, which volume group proﬁle pillar lxc proﬁle</p><p> myclone: lxc.cloned: - name: my_instance_name2 - orig: ubuntu - vgname: lxc - snapshot: true salt.states.lxc.created(name, template='ubuntu', proﬁle=None, fstype=None, size=None, back- ing=None, vgname=None, lvname=None) Create a container using a template name id of the container to act on template template to create from proﬁle pillar lxc proﬁle fstype fstype to use size Which size baing Which backing None Filesystem lvm lv brtfs brtfs vgname If LVM, which volume group lvname If LVM, which lv</p><p> mycreation: lxc.created: - name: my_instance_name2 - backing: lvm</p><p>1168 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>- size: 1G - template: ubuntu salt.states.lxc.edited_conf(name, lxc_conf=None, lxc_conf_unset=None) Edit LXC conﬁguration options</p><p> setconf: lxc.edited_conf: - name: ubuntu - lxc_conf: - network.ipv4.ip: 10.0.3.6 - lxc_conf_unset: - lxc.utsname salt.states.lxc.set_pass(name, password=None, user=None, users=None) Set the password of system users inside containers name id of the container to act on user user to set password users users to set password to setpass: lxc.stopped: - name: my_instance_name2 - password: s3cret - user: foo</p><p> setpass2: lxc.stopped: - name: my_instance_name2 - password: s3cret - users: - foo - bar salt.states.lxc.started(name, restart=False) Start a container name id of the container to start force force reboot</p><p> destroyer: lxc.started: - name: my_instance_name2 salt.states.lxc.stopped(name) Stop a container name id of the container to stop</p><p> sleepingcontainer: lxc.stopped: - name: my_instance_name2</p><p>22.27. Full list of builtin state modules 1169 Salt Documentation, Release 2014.7.6</p><p>22.27.57 salt.states.makeconf</p><p>Management of Gentoo make.conf</p><p>A state module to manage Gentoo's make.conf ﬁle makeopts: makeconf.present: - value: '-j3' salt.states.makeconf.absent(name) Verify that the variable is not in the make.conf. name e variable name. is will automatically be converted to upper case since variables in make.conf are in upper case salt.states.makeconf.present(name, value=None, contains=None, excludes=None) Verify that the variable is in the make.conf and has the provided seings. If value is set, contains and excludes will be ignored. name e variable name. is will automatically be converted to upper case since variables in make.conf are in upper case value Enforce that the value of the variable is set to the provided value contains Enforce that the value of the variable contains the provided value excludes Enforce that the value of the variable does not contain the provided value.</p><p>22.27.58 salt.states.mdadm</p><p>Managing soware RAID with mdadm</p><p>A state module for creating or destroying soware RAID devices.</p><p>/dev/md0: raid.present: - opts: level=1 chunk=256 raid-devices=2 /dev/xvdd /dev/xvde salt.states.mdadm.absent(name) Verify that the raid is absent name e name of raid device to be destroyed</p><p>/dev/md0: raid: - absent salt.states.mdadm.present(name, level, devices, **kwargs) Verify that the raid is present Changed in version 2014.7.0. name e name of raid device to be created level e RAID level to use when creating the raid. devices A list of devices used to build the array.</p><p>1170 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Example:</p><p>/dev/md0: raid.present: - level: 5 - devices: - /dev/xvdd - /dev/xvde - /dev/xvdf - chunk: 256 - run: True</p><p>22.27.59 salt.states.memcached</p><p>States for Management of Memcached Keys</p><p>New in version 2014.1.0. salt.states.memcached.absent(name, value=None, host=`127.0.0.1', port=11211, time=0) Ensure that a memcached key is not present. name e key value [None] If speciﬁed, only ensure that the key is absent if it matches the speciﬁed value. host e memcached server IP address port e memcached server port</p><p> foo: memcached.absent</p><p> bar: memcached.absent: - host: 10.0.0.1 salt.states.memcached.managed(name, value=None, host=`127.0.0.1', port=11211, time=0, min_compress_len=0) Manage a memcached key. name e key to manage value e value to set for that key host e memcached server IP address port e memcached server port</p><p> foo: memcached.managed: - value: bar</p><p>22.27.60 salt.states.modjk</p><p>State to control Apache modjk salt.states.modjk.worker_activated(name, workers=None, proﬁle='default') Activate all the workers in the modjk load balancer Example:</p><p>22.27. Full list of builtin state modules 1171 Salt Documentation, Release 2014.7.6</p><p> loadbalancer: modjk.worker_activated: - workers: - app1 - app2 salt.states.modjk.worker_disabled(name, workers=None, proﬁle='default') Disable all the workers in the modjk load balancer Example:</p><p> loadbalancer: modjk.worker_disabled: - workers: - app1 - app2 salt.states.modjk.worker_recover(name, workers=None, proﬁle='default') Recover all the workers in the modjk load balancer Example:</p><p> loadbalancer: modjk.worker_recover: - workers: - app1 - app2 salt.states.modjk.worker_stopped(name, workers=None, proﬁle='default') Stop all the workers in the modjk load balancer Example:</p><p> loadbalancer: modjk.worker_stopped: - workers: - app1 - app2</p><p>22.27.61 salt.states.modjk_worker</p><p>Manage modjk workers</p><p>Send commands to a modjk load balancer via the peer system. is module can be used with the prereq requisite to remove/add the worker from the load balancer before deploy- ing/restarting service. Mandatory Seings: • e minion needs to have permission to publish the modjk.* functions (see here for information on conﬁguring peer publishing permissions) • e modjk load balancer must be conﬁgured as stated in the modjk execution module documentation salt.states.modjk_worker.activate(name, lbn, target, proﬁle='default', expr_form='glob') Activate the named worker from the lbn load balancers at the targeted minions Example:</p><p>1172 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> disable-before-deploy: modjk_worker.activate: - name: {{ grains['id'] }} - lbn: application - target: 'roles:balancer' - expr_form: grain salt.states.modjk_worker.disable(name, lbn, target, proﬁle='default', expr_form='glob') Disable the named worker from the lbn load balancers at the targeted minions. e worker will get traﬃc only for current sessions and won't get new ones. Example:</p><p> disable-before-deploy: modjk_worker.disable: - name: {{ grains['id'] }} - lbn: application - target: 'roles:balancer' - expr_form: grain salt.states.modjk_worker.stop(name, lbn, target, proﬁle='default', expr_form='glob') Stop the named worker from the lbn load balancers at the targeted minions e worker won't get any traﬃc from the lbn Example:</p><p> disable-before-deploy: modjk_worker.stop: - name: {{ grains['id'] }} - lbn: application - target: 'roles:balancer' - expr_form: grain</p><p>22.27.62 salt.states.module</p><p>Execution of Salt modules from within states</p><p>ese states allow individual execution module calls to be made via states. To call a single module function use a module.run state: mine.send: module.run: - name: network.interfaces</p><p>Note that this example is probably unnecessary to use in practice, since the mine_functions and mine_interval conﬁg parameters can be used to schedule updates for the mine (see here for more info). It is sometimes desirable to trigger a function call aer a state is executed, for this the module.wait state can be used: mine.send: module.wait: - name: network.interfaces - watch: - file: /etc/network/interfaces</p><p>22.27. Full list of builtin state modules 1173 Salt Documentation, Release 2014.7.6</p><p>All arguments that the module state does not consume are passed through to the execution module function being executed: fetch_out_of_band: module.run: - name: git.fetch - cwd: /path/to/my/repo - user: myuser - opts: '--all'</p><p>Due to how the state system works, if a module function accepts an argument called, name, then m_name must be used to specify that argument, to avoid a collision with the name argument. For example: disable_nfs: module.run: - name: service.disable - m_name: nfs salt.states.module.mod_watch(name, **kwargs) Run a single module function name e module function to execute returner Specify the returner to send the return of the module execution to **kwargs Pass any arguments needed to execute the function salt.states.module.run(name, **kwargs) Run a single module function name e module function to execute returner Specify the returner to send the return of the module execution to **kwargs Pass any arguments needed to execute the function salt.states.module.wait(name, **kwargs) Run a single module function only if the watch statement calls it name e module function to execute **kwargs Pass any arguments needed to execute the function</p><p>Note: Like the cmd.run state, this state will return True but not actually execute, unless one of the following two things happens: 1.e state has a watch requisite, and the state which it is watching changes. 2.Another state has a watch_in requisite which references this state, and the state wth the watch_in changes.</p><p>22.27.63 salt.states.mongodb_database</p><p>Management of Mongodb databases Only deletion is supported, creation doesn't make sense and can be done using mongodb_user.present salt.states.mongodb_database.absent(name, user=None, password=None, host=None, port=None) Ensure that the named database is absent</p><p>1174 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> name e name of the database to remove user e user to connect as (must be able to create the user) password e password of the user host e host to connect to port e port to connect to</p><p>22.27.64 salt.states.mongodb_user</p><p>Management of Mongodb users</p><p>Note: is module requires PyMongo to be installed. salt.states.mongodb_user.absent(name, user=None, password=None, host=None, port=None, database='admin') Ensure that the named user is absent name e name of the user to remove user e user to connect as (must be able to create the user) password e password of the user host e host to connect to port e port to connect to database e database to create the user in (if the db doesn't exist, it will be created) salt.states.mongodb_user.present(name, passwd, database='admin', user=None, password=None, host='localhost', port=27017) Ensure that the user is present with the speciﬁed properties name e name of the user to manage passwd e password of the user user e user to connect as (must be able to create the user) password e password of the user host e host to connect to port e port to connect to database e database to create the user in (if the db doesn't exist, it will be created)</p><p>22.27.65 salt.states.mount</p><p>Mounting of filesystems</p><p>Mount any type of mountable ﬁlesystem with the mounted function:</p><p>/mnt/sdb: mount.mounted: - device: /dev/sdb1 - fstype: ext4</p><p>22.27. Full list of builtin state modules 1175 Salt Documentation, Release 2014.7.6</p><p>- mkmnt: True - opts: - defaults</p><p>/srv/bigdata: mount.mounted: - device: UUID=066e0200-2867-4ebe-b9e6-f30026ca2314 - fstype: xfs - opts: nobootwait,noatime,nodiratime,nobarrier,logbufs=8 - dump: 0 - pass_num: 2 - persist: True - mkmnt: True salt.states.mount.mod_watch(name, **kwargs) e mounted watcher, called to invoke the watch command. name e name of the mount point salt.states.mount.mounted(name, device, fstype, mkmnt=False, opts=None, dump=0, pass_num=0, conﬁg='/etc/fstab', persist=True, mount=True) Verify that a device is mounted name e path to the location where the device is to be mounted device e device name, typically the device node, such as /dev/sdb1 or UUID=066e0200-2867- 4ebe-b9e6-f30026ca2314 or LABEL=DATA fstype e ﬁlesystem type, this will be xfs, ext2/3/4 in the case of classic ﬁlesystems, and fuse in the case of fuse mounts mkmnt If the mount point is not present then the state will fail, set mkmnt: True to create the mount point if it is otherwise not present opts A list object of options or a comma delimited list dump e dump value to be passed into the fstab, Default is 0 pass_num e pass value to be passed into the fstab, Default is 0 conﬁg Set an alternative location for the fstab, Default is /etc/fstab persist Set if the mount should be saved in the fstab, Default is True mount Set if the mount should be mounted immediately, Default is True salt.states.mount.swap(name, persist=True, conﬁg='/etc/fstab') Activates a swap device</p><p>/root/swapfile: mount.swap</p><p>Note: swap does not currently support LABEL salt.states.mount.unmounted(name, conﬁg='/etc/fstab', persist=False) New in version 0.17.0. Verify that a device is not mounted name e path to the location where the device is to be unmounted from conﬁg Set an alternative location for the fstab, Default is /etc/fstab</p><p>1176 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> persist Set if the mount should be purged from the fstab, Default is False</p><p>22.27.66 salt.states.mysql_database</p><p>Management of MySQL databases (schemas)</p><p> depends • MySQLdb Python module conﬁguration See salt.modules.mysql for setup instructions. e mysql_database module is used to create and manage MySQL databases. Databases can be set as either absent or present. frank: mysql_database.present salt.states.mysql_database.absent(name, **connection_args) Ensure that the named database is absent name e name of the database to remove salt.states.mysql_database.present(name, **connection_args) Ensure that the named database is present with the speciﬁed properties name e name of the database to manage</p><p>22.27.67 salt.states.mysql_grants</p><p>Management of MySQL grants (user permissions)</p><p> depends • MySQLdb Python module conﬁguration See salt.modules.mysql for setup instructions. e mysql_grants module is used to grant and revoke MySQL permissions. e name you pass in purely symbolic and does not have anything to do with the grant itself. e database parameter needs to specify a `priv_level' in the same speciﬁcation as deﬁned in the MySQL docu- mentation: • * • *.* • db_name.* • db_name.tbl_name • etc… frank_exampledb: mysql_grants.present: - grant: select,insert,update - database: exampledb.* - user: frank</p><p>22.27. Full list of builtin state modules 1177 Salt Documentation, Release 2014.7.6</p><p>- host: localhost frank_otherdb: mysql_grants.present: - grant: all privileges - database: otherdb.* - user: frank restricted_singletable: mysql_grants.present: - grant: select - database: somedb.sometable - user: joe salt.states.mysql_grants.absent(name, grant=None, database=None, user=None, host='localhost', grant_option=False, escape=True, **connection_args) Ensure that the grant is absent name e name (key) of the grant to add grant e grant priv_type (i.e. select,insert,update OR all privileges) database e database priv_level (i.e. db.tbl OR db.*) user e user to apply the grant to host e network/host that the grant should apply to salt.states.mysql_grants.present(name, grant=None, database=None, user=None, host='localhost', grant_option=False, escape=True, re- voke_ﬁrst=False, ssl_option=False, **connection_args) Ensure that the grant is present with the speciﬁed properties name e name (key) of the grant to add grant e grant priv_type (i.e. select,insert,update OR all privileges) database e database priv_level (ie. db.tbl OR db.*) user e user to apply the grant to host e network/host that the grant should apply to grant_option Adds the WITH GRANT OPTION to the deﬁned grant. Default is False escape Deﬁnes if the database value gets escaped or not. Default is True revoke_ﬁrst By default, MySQL will not do anything if you issue a command to grant privileges that are more restrictive than what's already in place. is eﬀectively means that you cannot downgrade permissions without ﬁrst revoking permissions applied to a db.table/user pair ﬁrst. To have Salt forcibly revoke perms before applying a new grant, enable the `revoke_ﬁrst options. WARNING: is will remove permissions for a database before aempting to apply new permissions. ere is no guarantee that new permissions will be applied correctly which can leave your database security in an unknown and potentially dangerous state. Use with caution! Default is False ssl_option Adds the speciﬁed ssl options for the connecting user as requirements for this grant. Value is a list of single-element dicts corresponding to the list of ssl options to use. Possible key/value pairings for the dicts in the value:</p><p>1178 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>- SSL: True - X509: True - SUBJECT: <subject> - ISSUER: <issuer> - CIPHER: <cipher></cipher></issuer></subject></p><p>e non-boolean ssl options take a string as their values, which should be an appropriate value as spec- iﬁed by the MySQL documentation for these options. Default is False (no ssl options will be used)</p><p>22.27.68 salt.states.mysql_query</p><p>Execution of MySQL queries</p><p>New in version 2014.7.0. depends • MySQLdb Python module conﬁguration See salt.modules.mysql for setup instructions. e mysql_query module is used to execute queries on MySQL databases. Its output may be stored in a ﬁle or in a grain. query_id: mysql_query.run - database: my_database - query: "SELECT * FROM table;" - output: "/tmp/query_id.txt" salt.states.mysql_query.run(name, database, query, output=None, grain=None, key=None, over- write=True, **connection_args) Execute an arbitrary query on the speciﬁed database name Used only as an ID database e name of the database to execute the query on query e query to execute output grain: output in a grain other: the ﬁle to store results None: output to the result comment (default) grain: grain to store the output (need output=grain) key: the speciﬁed grain will be treated as a dictionnary, the result of this state will be stored under the speciﬁed key. overwrite: e ﬁle or grain will be overwrien if it already exists (default)</p><p>22.27.69 salt.states.mysql_user</p><p>Management of MySQL users</p><p> depends • MySQLdb Python module</p><p>22.27. Full list of builtin state modules 1179 Salt Documentation, Release 2014.7.6</p><p> conﬁguration See salt.modules.mysql for setup instructions. frank: mysql_user.present: - host: localhost - password: bobcat</p><p>New in version 0.16.2: Authentication overrides have been added. e MySQL authentication information speciﬁed in the minion conﬁg ﬁle can be overidden in states using the follow- ing arguments: connection_host, connection_port, connection_user, connection_pass, con- nection_db, connection_unix_socket, connection_default_file and connection_charset. frank: mysql_user.present: - host: localhost - password: "bob@cat" - connection_user: someuser - connection_pass: somepass - connection_charset: utf8 - saltenv: - LC_ALL: "en_US.utf8" salt.states.mysql_user.absent(name, host='localhost', **connection_args) Ensure that the named user is absent name e name of the user to remove salt.states.mysql_user.present(name, host='localhost', password=None, password_hash=None, al- low_passwordless=False, unix_socket=False, **connection_args) Ensure that the named user is present with the speciﬁed properties. A passwordless user can be conﬁgured by omiing password and password_hash, and seing allow_passwordless to True. name e name of the user to manage host Host for which this user/password combo applies password e password to use for this user. Will take precedence over the password_hash option if both are speciﬁed. password_hash e password in hashed form. Be sure to quote the password because YAML doesn't like the *. A password hash can be obtained from the mysql command-line client like so:</p><p> mysql&gt; SELECT PASSWORD('mypass'); +------+ | PASSWORD('mypass') | +------+ | *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4 | +------+ 1 row in set (0.00 sec)</p><p> allow_passwordless If True, then password and password_hash can be omied to permit a password- less login. New in version 0.16.2. unix_soet If True and allow_passwordless is True, the unix_socket auth plugin will be used.</p><p>1180 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>22.27.70 salt.states.network</p><p>Configuration of network interfaces</p><p>e network module is used to create and manage network seings, interfaces can be set as either managed or ignored. By default all interfaces are ignored unless speciﬁed.</p><p>Note: Prior to version 2014.1.0, only RedHat-based systems (RHEL, CentOS, Scientiﬁc Linux, etc.) are supported. Support for Debian/Ubuntu is new in 2014.1.0 and should be considered experimental. Other platforms are not yet supported. system: network.system: - enabled: True - hostname: server1.example.com - gateway: 192.168.0.1 - gatewaydev: eth0 - nozeroconf: True - nisdomain: example.com - require_reboot: True eth0: network.managed: - enabled: True - type: eth - proto: none - ipaddr: 10.1.0.1 - netmask: 255.255.255.0 - dns: - 8.8.8.8 - 8.8.4.4 routes: network.routes: - name: eth0 - routes: - name: secure_network ipaddr: 10.2.0.0 netmask: 255.255.255.0 gateway: 10.1.0.3 - name: HQ_network ipaddr: 10.100.0.0 netmask: 255.255.0.0 gateway: 10.1.0.10 eth2: network.managed: - enabled: True - type: slave - master: bond0 eth3: network.managed: - enabled: True - type: slave - master: bond0</p><p>22.27. Full list of builtin state modules 1181 Salt Documentation, Release 2014.7.6</p><p> eth4: network.managed: - enabled: True - type: eth - proto: dhcp - bridge: br0 bond0: network.managed: - type: bond - ipaddr: 10.1.0.1 - netmask: 255.255.255.0 - mode: active-backup - proto: static - dns: - 8.8.8.8 - 8.8.4.4 - ipv6: - enabled: False - slaves: eth2 eth3 - require: - network: eth2 - network: eth3 - miimon: 100 - arp_interval: 250 - downdelay: 200 - lacp_rate: fast - max_bonds: 1 - updelay: 0 - use_carrier: on - xmit_hash_policy: layer2 - mtu: 9000 - autoneg: on - speed: 1000 - duplex: full - rx: on - tx: off - sg: on - tso: off - ufo: off - gso: off - gro: off - lro: off bond0.2: network.managed: - type: vlan - ipaddr: 10.1.0.2 - use: - network: bond0 - require: - network: bond0 bond0.3: network.managed: - type: vlan - ipaddr: 10.1.0.3 - use:</p><p>1182 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>- network: bond0 - require: - network: bond0 bond0.10: network.managed: - type: vlan - ipaddr: 10.1.0.4 - use: - network: bond0 - require: - network: bond0 bond0.12: network.managed: - type: vlan - ipaddr: 10.1.0.5 - use: - network: bond0 - require: - network: bond0 br0: network.managed: - enabled: True - type: bridge - proto: dhcp - bridge: br0 - delay: 0 - ports: eth4 - bypassfirewall: True - use: - network: eth4 - require: - network: eth4</p><p>Note: When managing bridged interfaces on a Debian or Ubuntu based system, the ports argument is required. Red Hat systems will ignore the argument. salt.states.network.managed(name, type, enabled=True, **kwargs) Ensure that the named interface is conﬁgured properly. name e name of the interface to manage type Type of interface and conﬁguration. enabled Designates the state of this interface. kwargs e IP parameters for this interface. salt.states.network.routes(name, **kwargs) Manage network interface static routes. name Interface name to apply the route to. kwargs Named routes salt.states.network.system(name, **kwargs) Ensure that global network seings are conﬁgured properly. name Custom name to represent this conﬁguration change.</p><p>22.27. Full list of builtin state modules 1183 Salt Documentation, Release 2014.7.6</p><p> kwargs e global parameters for the system.</p><p>22.27.71 salt.states.nables</p><p>Management of nables</p><p>is is an nables-speciﬁc module designed to manage Linux ﬁrewalls. It is expected that this state module, and other system-speciﬁc ﬁrewall states, may at some point be deprecated in favor of a more generic ﬁrewall state. httpd: nftables.append: - table: filter - chain: input - jump: accept - match: state - connstate: new - dport: 80 - proto: tcp - sport: 1025:65535 - save: True httpd: nftables.append: - table: filter - family: ipv6 - chain: INPUT - jump: ACCEPT - match: state - connstate: NEW - dport: 80 - proto: tcp - sport: 1025:65535 - save: True httpd: nftables.insert: - position: 1 - table: filter - chain: INPUT - jump: ACCEPT - match: state - connstate: NEW - dport: 80 - proto: tcp - sport: 1025:65535 - save: True httpd: nftables.insert: - position: 1 - table: filter - family: ipv6 - chain: INPUT - jump: ACCEPT - match: state - connstate: NEW</p><p>1184 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>- dport: 80 - proto: tcp - sport: 1025:65535 - save: True httpd: nftables.delete: - table: filter - chain: INPUT - jump: ACCEPT - match: state - connstate: NEW - dport: 80 - proto: tcp - sport: 1025:65535 - save: True httpd: nftables.delete: - position: 1 - table: filter - chain: INPUT - jump: ACCEPT - match: state - connstate: NEW - dport: 80 - proto: tcp - sport: 1025:65535 - save: True httpd: nftables.delete: - table: filter - family: ipv6 - chain: INPUT - jump: ACCEPT - match: state - connstate: NEW - dport: 80 - proto: tcp - sport: 1025:65535 - save: True salt.states.nftables.append(name, family='ipv4', **kwargs) New in version 0.17.0. Append a rule to a chain name A user-deﬁned name to call this rule by in another part of a state or formula. is should not be an actual rule. family Network family, ipv4 or ipv6. All other arguments are passed in with the same name as the long option that would normally be used for nables, with one exception: --state is speciﬁed as connstate instead of state (not to be confused with ctstate). salt.states.nftables.chain_absent(name, table='ﬁlter', family='ipv4') New in version 2014.7.0. Verify the chain is absent.</p><p>22.27. Full list of builtin state modules 1185 Salt Documentation, Release 2014.7.6</p><p> family Networking family, either ipv4 or ipv6 salt.states.nftables.chain_present(name, table='ﬁlter', table_type=None, hook=None, prior- ity=None, family='ipv4') New in version 2014.7.0. Verify the chain is exist. name A user-deﬁned chain name. table e table to own the chain. family Networking family, either ipv4 or ipv6 salt.states.nftables.delete(name, family='ipv4', **kwargs) New in version 2014.7.0. Delete a rule to a chain name A user-deﬁned name to call this rule by in another part of a state or formula. is should not be an actual rule. family Networking family, either ipv4 or ipv6 All other arguments are passed in with the same name as the long option that would normally be used for nables, with one exception: --state is speciﬁed as connstate instead of state (not to be confused with ctstate). salt.states.nftables.flush(name, family='ipv4', **kwargs) New in version 2014.7.0. Flush current nables state family Networking family, either ipv4 or ipv6 salt.states.nftables.insert(name, family='ipv4', **kwargs) New in version 2014.7.0. Insert a rule into a chain name A user-deﬁned name to call this rule by in another part of a state or formula. is should not be an actual rule. family Networking family, either ipv4 or ipv6 All other arguments are passed in with the same name as the long option that would normally be used for nables, with one exception: --state is speciﬁed as connstate instead of state (not to be confused with ctstate).</p><p>22.27.72 salt.states.npm</p><p>Installation of NPM Packages</p><p>ese states manage the installed packages for node.js using the Node Package Manager (npm). Note that npm must be installed for these states to be available, so npm states should include a requisite to a pkg.installed state for the package which provides npm (simply npm in most cases). Example: npm: pkg.installed yaml: npm.installed: - require: - pkg: npm</p><p>1186 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.states.npm.bootstrap(name, runas=None, user=None) Bootstraps a node.js application. will execute npm install --json on the speciﬁed directory runas e user to run NPM with Deprecated since version 0.17.0. user e user to run NPM with New in version 0.17.0. salt.states.npm.installed(name, pkgs=None, dir=None, runas=None, user=None, force_reinstall=False, registry=None, env=None) Verify that the given package is installed and is at the correct version (if speciﬁed).</p><p> coffee-script: npm.installed: - user: someuser</p><p> coffee-script@1.0.1: npm.installed: []</p><p> name e package to install Changed in version 2014.7.2: is parameter is no longer lowercased by salt so that case-sensitive NPM package names will work. pkgs A list of packages to install with a single npm invocation; specifying this argument will ignore the name argument New in version 2014.7.0. dir e target directory in which to install the package, or None for global installation runas e user to run NPM with Deprecated since version 0.17.0. user e user to run NPM with New in version 0.17.0. registry e NPM registry from which to install the package New in version 2014.7.0. env A list of environment variables to be set prior to execution. e format is the same as the cmd.run. state function. New in version 2014.7.0. force_reinstall Install the package even if it is already installed salt.states.npm.removed(name, dir=None, runas=None, user=None) Verify that the given package is not installed. dir e target directory in which to install the package, or None for global installation runas e user to run NPM with Deprecated since version 0.17.0.</p><p>22.27. Full list of builtin state modules 1187 Salt Documentation, Release 2014.7.6</p><p> user e user to run NPM with New in version 0.17.0.</p><p>22.27.73 salt.states.ntp</p><p>Management of NTP servers</p><p>New in version 2014.1.0. is state is used to manage NTP servers. Currently only Windows is supported. win_ntp: ntp.managed: - servers: - pool.ntp.org - us.pool.ntp.org salt.states.ntp.managed(name, servers=None) Manage NTP servers servers A list of NTP servers</p><p>22.27.74 salt.states.openstack_config</p><p>Manage OpenStack conﬁguration ﬁle seings. maintainer Jeﬀrey C. Ollie <je> maturity new depends platform linux salt.states.openstack_config.absent(name, ﬁlename, section, parameter=None) Ensure a value is not set in an OpenStack conﬁguration ﬁle. ﬁlename e full path to the conﬁguration ﬁle section e section in which the parameter will be set parameter (optional) e parameter to change. If the parameter is not supplied, the name will be used as the parameter. salt.states.openstack_config.present(name, ﬁlename, section, value, parameter=None) Ensure a value is set in an OpenStack conﬁguration ﬁle. ﬁlename e full path to the conﬁguration ﬁle section e section in which the parameter will be set parameter (optional) e parameter to change. If the parameter is not supplied, the name will be used as the parameter. value e value to set</je></p><p>1188 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>22.27.75 salt.states.pagerduty</p><p>Create an Event in PagerDuty</p><p>New in version 2014.1.0. is state is useful for creating events on the PagerDuty service during state runs. server-warning-message: pagerduty.create_event: - name: 'This is a server warning message' - details: 'This is a much more detailed message' - service_key: 9abcd123456789efabcde362783cdbaf - profile: my-pagerduty-account salt.states.pagerduty.create_event(name, details, service_key, proﬁle) Create an event on the PagerDuty service</p><p> server-warning-message: pagerduty.create_event: - name: 'This is a server warning message' - details: 'This is a much more detailed message' - service_key: 9abcd123456789efabcde362783cdbaf - profile: my-pagerduty-account</p><p>e following parameters are required: name is is a short description of the event. details is can be a more detailed description of the event. service_key is key can be found by using pagerduty.list_services. proﬁle is refers to the conﬁguration proﬁle to use to connect to the PagerDuty service.</p><p>22.27.76 salt.states.pecl</p><p>Installation of PHP Extensions Using pecl</p><p>ese states manage the installed pecl extensions. Note that php-<span>pear</span> must be installed for these states to be available, so pecl states should include a requisite to a pkg.installed state for the package which provides pecl (php-pear in most cases). Example: php-pear: pkg.installed mongo: pecl.installed: - require: - pkg: php-pear salt.states.pecl.installed(name, version=None, defaults=False, force=False, pre- ferred_state='stable') New in version 0.17.0. Make sure that a pecl extension is installed. name e pecl extension name to install</p><p>22.27. Full list of builtin state modules 1189 Salt Documentation, Release 2014.7.6</p><p> version e pecl extension version to install. is option may be ignored to install the latest stable version. defaults Use default answers for extensions such as pecl_hp which ask questions before installation. With- out this option, the pecl.installed state will hang indeﬁnitely when trying to install these extensions. force Whether to force the installed version or not preferred_state e pecl extension state to install salt.states.pecl.removed(name) Make sure that a pecl extension is not installed. name e pecl extension name to uninstall</p><p>22.27.77 salt.states.pip_state</p><p>Installation of Python Packages Using pip</p><p>ese states manage system installed python packages. Note that pip must be installed for these states to be available, so pip states should include a requisite to a pkg.installed state for the package which provides pip (python-pip in most cases). Example: python-pip: pkg.installed virtualenvwrapper: pip.installed: - require: - pkg: python-pip salt.states.pip_state.installed(name, pip_bin=None, requirements=None, env=None, bin_env=None, use_wheel=False, no_use_wheel=False, log=None, proxy=None, timeout=None, repo=None, ed- itable=None, ﬁnd_links=None, index_url=None, ex- tra_index_url=None, no_index=False, mirrors=None, build=None, target=None, download=None, down- load_cache=None, source=None, upgrade=False, force_reinstall=False, ignore_installed=False, ex- ists_action=None, no_deps=False, no_install=False, no_download=False, install_options=None, global_options=None, user=None, runas=None, no_chown=False, cwd=None, activate=False, pre_releases=False, cert=None, allow_all_external=False, allow_external=None, al- low_unveriﬁed=None, process_dependency_links=False) Make sure the package is installed name e name of the python package to install. You can also specify version numbers here using the standard operators ==, &gt;=, &lt;=. If requirements is given, this parameter will be ignored. Example:</p><p> django: pip.installed: - name: django &gt;= 1.6, &lt;= 1.7 - require: - pkg: python-pip</p><p>is will install the latest Django version greater than 1.6 but less than 1.7.</p><p>1190 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> requirements Path to a pip requirements ﬁle. If the path begins with salt:// the ﬁle will be transferred from the master ﬁle server. user e user under which to run pip use_wheel [False] Prefer wheel archives (requires pip&gt;=1.4) no_use_wheel [False] Force to not use wheel archives (requires pip&gt;=1.4) log Log ﬁle where a complete (maximum verbosity) record will be kept proxy Specify a proxy in the form user:passwd@proxy.server:port. Note that the user:password@ is optional and required only if you are behind an authenticated proxy. If you provide user@proxy.server:port then you will be prompted for a password. timeout Set the socket timeout (default 15 seconds) editable install something editable (i.e. git+hps://github.com/worldcompany/djangoembed.git#egg=djangoembed) ﬁnd_links URL to look for packages at index_url Base URL of Python Package Index extra_index_url Extra URLs of package indexes to use in addition to index_url no_index Ignore package index mirrors Speciﬁc mirror URL(s) to query (automatically adds --use-mirrors) build Unpack packages into build dir target Install packages into target dir download Download packages into download instead of installing them download_cae Cache downloaded packages in download_cache dir source Check out editable packages into source dir upgrade Upgrade all packages to the newest available version force_reinstall When upgrading, reinstall all packages even if they are already up-to-date. ignore_installed Ignore the installed packages (reinstalling instead) exists_action Default action when a path already exists: (s)witch, (i)gnore, (w)ipe, (b)ackup no_deps Ignore package dependencies no_install Download and unpack all packages, but don't actually install them no_own When user is given, do not aempt to copy and chown a requirements ﬁle cwd Current working directory to run pip from activate Activates the virtual environment, if given via bin_env, before running install. Deprecated since version 2014.7.2: If bin_env is given, pip will already be sourced from that virualenv, making activate eﬀectively a noop. pre_releases Include pre-releases in the available versions cert Provide a path to an alternate CA bundle allow_all_external Allow the installation of all externally hosted ﬁles allow_external Allow the installation of externally hosted ﬁles (comma separated list) allow_unveriﬁed Allow the installation of insecure and unveriﬁable ﬁles (comma separated list)</p><p>22.27. Full list of builtin state modules 1191 Salt Documentation, Release 2014.7.6</p><p> process_dependency_links Enable the processing of dependency links bin_env [None] Absolute path to a virtual environment directory or absolute path to a pip executable. e example below assumes a virtual environment has been created at /foo/.virtualenvs/bar. Example:</p><p> django: pip.installed: - name: django &gt;= 1.6, &lt;= 1.7 - bin_env: /foo/.virtualenvs/bar - require: - pkg: python-pip</p><p>Or Example:</p><p> django: pip.installed: - name: django &gt;= 1.6, &lt;= 1.7 - bin_env: /foo/.virtualenvs/bar/bin/pip - require: - pkg: python-pip</p><p>Attention e following arguments are deprecated, do not use.</p><p> pip_bin [None] Deprecated, use bin_env env [None] Deprecated, use bin_env</p><p>Changed in version 0.17.0: use_wheel option added. install_options Extra arguments to be supplied to the setup.py install command. If you are using an option with a directory path, be sure to use absolute path. Example:</p><p> django: pip.installed: - name: django - install_options: - --prefix=/blah - require: - pkg: python-pip</p><p> global_options Extra global options to be supplied to the setup.py call before the install command. New in version 2014.1.3.</p><p>Attention As of Salt 0.17.0 the pip state needs an importable pip module. is usually means having the system's pip package installed or running Salt from an active virtualenv.</p><p>1192 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>e reason for this requirement is because pip already does a prey good job parsing its own requirements. It makes no sense for Salt to do pip requirements parsing and validation before passing them to the pip library. It's functionality duplication and it's more error prone. salt.states.pip_state.removed(name, requirements=None, bin_env=None, log=None, proxy=None, timeout=None, user=None, runas=None, cwd=None) Make sure that a package is not installed. name e name of the package to uninstall user e user under which to run pip bin_env [None] the pip executable or virtualenenv to use</p><p>22.27.78 salt.states.pkg</p><p>Installation of packages using OS package managers such as yum or apt-get</p><p>Salt can manage soware packages via the pkg state module, packages can be set up to be installed, latest, removed and purged. Package management declarations are typically rather simple: vim: pkg.installed</p><p>A more involved example involves pulling from a custom repository. Note that the pkgrepo has a require_in clause. is is necessary and can not be replaced by a require clause in the pkg. base: pkgrepo.managed: - humanname: Logstash PPA - name: ppa:wolfnet/logstash - dist: precise - file: /etc/apt/sources.list.d/logstash.list - keyid: 28B04E4A - keyserver: keyserver.ubuntu.com - require_in: - pkg: logstash logstash: pkg.installed salt.states.pkg.installed(name, version=None, refresh=None, fromrepo=None, skip_verify=False, skip_suggestions=False, pkgs=None, sources=None, allow_updates=False, pkg_verify=False, normalize=True, **kwargs) Ensure that the package is installed, and that it is the correct version (if speciﬁed). name e name of the package to be installed. is parameter is ignored if either ``pkgs'' or ``sources'' is used. Additionally, please note that this option can only be used to install packages from a soware repository. To install a package ﬁle manually, use the ``sources'' option detailed below. fromrepo Specify a repository from which to install</p><p>Note: Distros which use APT (Debian, Ubuntu, etc.) do not have a concept of repositories, in the same way as YUM-based distros do. When a source is added, it is assigned to a given release. Consider the following source conﬁguration:</p><p>22.27. Full list of builtin state modules 1193 Salt Documentation, Release 2014.7.6</p><p> deb http://ppa.launchpad.net/saltstack/salt/ubuntu precise main</p><p>e packages provided by this source would be made available via the precise release, therefore fromrepo would need to be set to precise for Salt to install the package from this source. Having multiple sources in the same release may result in the default install candidate being newer than what is desired. If this is the case, the desired version must be speciﬁed using the version parameter. If the pkgs parameter is being used to install multiple packages in the same state, then instead of using version, use the method of version speciﬁcation described in the Multiple Paage Installation Options section below. Running the shell command apt-cache policy pkgname on a minion can help elucidate the APT conﬁguration and aid in properly conﬁguring states:</p><p> root@saltmaster:~# salt ubuntu01 cmd.run 'apt-cache policy ffmpeg' ubuntu01: ffmpeg: Installed: (none) Candidate: 7:0.10.11-1~precise1 Version table: 7:0.10.11-1~precise1 0 500 http://ppa.launchpad.net/jon-severinsson/ffmpeg/ubuntu/ precise/main amd64 Packages 4:0.8.10-0ubuntu0.12.04.1 0 500 http://us.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages 4:0.8.1-0ubuntu1 0 500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages</p><p>e release is located directly aer the source's URL. e actual release name is the part before the slash, so to install version 4:0.8.10-0ubuntu0.12.04.1 either precise-updates or precise-security could be used for the fromrepo value.</p><p> skip_verify Skip the GPG veriﬁcation check for the package to be installed skip_suggestions Force strict package naming. Disables lookup of package alternatives. New in version 2014.1.1. version Install a speciﬁc version of a package. is option is ignored if either ``pkgs'' or ``sources'' is used. Currently, this option is supported for the following pkg providers: apt, ebuild, pacman, yumpkg, and zypper. e version number includes the release designation where applicable, to allow Salt to target a speciﬁc release of a given version. When in doubt, using the pkg.latest_version function for an uninstalled package will tell you the version available.</p><p># salt myminion pkg.latest_version httpd myminion: 2.2.15-30.el6.centos</p><p>Also, while this function is not yet implemented for all pkg frontends, pkg.list_repo_pkgs will show all versions available in the various repositories for a given package, irrespective of whether or not it is installed.</p><p># salt myminion pkg.list_repo_pkgs httpd myminion: ------base: |_ ------</p><p>1194 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> httpd: 2.2.15-29.el6.centos updates: |_ ------httpd: 2.2.15-30.el6.centos</p><p>e version strings returned by either of these functions can be used as version speciﬁers in pkg states. refresh Update the repo database of available packages prior to installing the requested package. hold Force the package to be held at the current installed version. Currently works with YUM &amp; APT based systems. New in version 2014.7.0. allow_updates Allow the package to be updated outside Salt's control (e.g. auto updates on Windows). is means a package on the Minion can have a newer version than the latest available in the repository without enforcing a re-installation of the package. New in version 2014.7.0. Example:</p><p> httpd: pkg.installed: - fromrepo: mycustomrepo - skip_verify: True - skip_suggestions: True - version: 2.0.6~ubuntu3 - refresh: True - hold: False</p><p> pkg_verify New in version 2014.7.0. For requested packages that are already installed and would not be targeted for upgrade or downgrade, use pkg.verify to determine if any of the ﬁles installed by the package have been altered. If ﬁles have been altered, the reinstall option of pkg.install is used to force a reinstall. Types to ignore can be passed to pkg.verify (see example below). Currently, this option is supported for the following pkg providers: yumpkg.</p><p>Examples:</p><p> httpd: pkg.installed: - version: 2.2.15-30.el6.centos - pkg_verify: True</p><p> mypkgs: pkg.installed: - pkgs: - foo - bar: 1.2.3-4 - baz - pkg_verify: - ignore_types: [config,doc]</p><p>22.27. Full list of builtin state modules 1195 Salt Documentation, Release 2014.7.6</p><p> normalize Normalize the package name by removing the architecture. Default is True. is is useful for poorly created packages which might include the architecture as an actual part of the name such as kernel modules which match a speciﬁc kernel version. New in version 2014.7.0.</p><p>Example:</p><p> gpfs.gplbin-2.6.32-279.31.1.el6.x86_64: pkg.installed: - normalize: False</p><p>Multiple Paage Installation Options: (not supported in Windows or pkgng) pkgs A list of packages to install from a soware repository. All packages listed under pkgs will be installed via a single command. Example:</p><p> mypkgs: pkg.installed: - pkgs: - foo - bar - baz - hold: True</p><p>NOTE: For apt, ebuild, pacman, yumpkg, and zypper, version numbers can be speciﬁed in the pkgs argument. For example:</p><p> mypkgs: pkg.installed: - pkgs: - foo - bar: 1.2.3-4 - baz</p><p>Additionally, ebuild, pacman and zypper support the &lt;, &lt;=, &gt;=, and &gt; operators for more control over what versions will be installed. For example:</p><p> mypkgs: pkg.installed: - pkgs: - foo - bar: '&gt;=1.2.3-4' - baz</p><p>NOTE: When using comparison operators, the expression must be enclosed in quotes to avoid a YAML render error. With ebuild is also possible to specify a use ﬂag list and/or if the given packages should be in pack- age.accept_keywords ﬁle and/or the overlay from which you want the package to be installed. For example:</p><p> mypkgs: pkg.installed: - pkgs: - foo: '~' - bar: '~&gt;=1.2:slot::overlay[use,-otheruse]' - baz</p><p>1196 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> names A list of packages to install from a soware repository. Each package will be installed individually by the package manager.</p><p>Warning: Unlike pkgs, the names parameter cannot specify a version. In addition, it makes a separate call to the package management frontend to install each package, whereas pkgs makes just a single call. It is therefore recommended to use pkgs instead of names to install multiple packages, both for the additional features and the performance improvement that it brings.</p><p> sources A list of packages to install, along with the source URI or local path from which to install each package. In the example below, foo, bar, baz, etc. refer to the name of the package, as it would appear in the output of the pkg.version or pkg.list_pkgs salt CLI commands.</p><p> mypkgs: pkg.installed: - sources: - foo: salt://rpms/foo.rpm - bar: http://somesite.org/bar.rpm - baz: ftp://someothersite.org/baz.rpm - qux: /minion/path/to/qux.rpm salt.states.pkg.latest(name, refresh=None, fromrepo=None, skip_verify=False, pkgs=None, **kwargs) Ensure that the named package is installed and the latest available package. If the package can be updated, this state function will update the package. Generally it is beer for the installed function to be used, as latest will update the package whenever a new package is available. name e name of the package to maintain at the latest available version. is parameter is ignored if ``pkgs'' is used. fromrepo Specify a repository from which to install skip_verify Skip the GPG veriﬁcation check for the package to be installed Multiple Package Installation Options: (Not yet supported for: Windows, FreeBSD, OpenBSD, MacOS, and Solaris pkgutil) pkgs A list of packages to maintain at the latest available version.</p><p> mypkgs: pkg.latest: - pkgs: - foo - bar - baz salt.states.pkg.mod_aggregate(low, chunks, running) e mod_aggregate function which looks up all packages in the available low chunks and merges them into a single pkgs ref in the present low data salt.states.pkg.purged(name, pkgs=None, **kwargs) Verify that a package is not installed, calling pkg.purge if necessary to purge the package. All conﬁguration ﬁles are also removed. name e name of the package to be purged. Multiple Package Options: pkgs A list of packages to purge. Must be passed as a python list. e name parameter will be ignored if this option is passed.</p><p>22.27. Full list of builtin state modules 1197 Salt Documentation, Release 2014.7.6</p><p>New in version 0.16.0. salt.states.pkg.removed(name, pkgs=None, **kwargs) Verify that a package is not installed, calling pkg.remove if necessary to remove the package. name e name of the package to be removed. Multiple Package Options: pkgs A list of packages to remove. Must be passed as a python list. e name parameter will be ignored if this option is passed. New in version 0.16.0. salt.states.pkg.uptodate(name, refresh=False) New in version 2014.7.0. Verify that the system is completely up to date. name e name has no functional value and is only used as a tracking reference refresh refresh the package database before checking for new upgrades</p><p>22.27.79 salt.states.pkgng</p><p>Manage package remote repo using FreeBSD pkgng</p><p>Salt can manage the URL pkgng pulls packages from. ATM the state and module are small so use cases are typically rather simple: pkgng_clients: pkgng.update_packaging_site: - name: "http://192.168.0.2" salt.states.pkgng.update_packaging_site(name)</p><p>22.27.80 salt.states.pkgrepo</p><p>Management of APT/YUM package repos</p><p>Package repositories for APT-based and YUM-based distros can be managed with these states. Here is some example SLS: base: pkgrepo.managed: - humanname: CentOS-$releasever - Base - mirrorlist: http://mirrorlist.centos.org/?release=$releasever&amp;arch=$basearch&amp;repo=os - comments: - '#http://mirror.centos.org/centos/$releasever/os/$basearch/' - gpgcheck: 1 - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 base: pkgrepo.managed: - humanname: Logstash PPA - name: deb http://ppa.launchpad.net/wolfnet/logstash/ubuntu precise main</p><p>1198 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>- dist: precise - file: /etc/apt/sources.list.d/logstash.list - keyid: 28B04E4A - keyserver: keyserver.ubuntu.com - require_in: - pkg: logstash</p><p> pkg.latest: - name: logstash - refresh: True</p><p> base: pkgrepo.managed: - ppa: wolfnet/logstash pkg.latest: - name: logstash - refresh: True</p><p>Note: On Ubuntu systems, the python-software-properties package should be installed for beer support of PPA repositories. To check if this package is installed, run dpkg -l python-software-properties. Also, some Ubuntu releases have a bug in their python-software-properties package, a missing depen- dency on pycurl, so python-pycurl will need to be manually installed if it is not present once python- software-properties is installed. On Ubuntu &amp; Debian systems, the `python-apt package is required to be installed. To check if this package is installed, run dpkg -l python-software-properties. python-apt will need to be manually installed if it is not present.</p><p> salt.states.pkgrepo.absent(name, **kwargs) is function deletes the speciﬁed repo on the system, if it exists. It is essentially a wrapper around pkg.del_repo. name e name of the package repo, as it would be referred to when running the regular package manager commands. ppa On Ubuntu, you can take advantage of Personal Package Archives on Launchpad simply by specifying the user and archive name.</p><p> logstash-ppa: pkgrepo.absent: - ppa: wolfnet/logstash</p><p> ppa_auth For Ubuntu PPAs there can be private PPAs that require authentication to access. For these PPAs the username/password can be speciﬁed. is is required for matching if the name format uses the ``ppa:'' speciﬁer and is private (requires username/password to access, which is encoded in the URI).</p><p> logstash-ppa: pkgrepo.absent: - ppa: wolfnet/logstash - ppa_auth: username:password</p><p> salt.states.pkgrepo.managed(name, **kwargs) is function manages the conﬁguration on a system that points to the repositories for the system's package manager.</p><p>22.27. Full list of builtin state modules 1199 Salt Documentation, Release 2014.7.6</p><p> name e name of the package repo, as it would be referred to when running the regular package manager commands. For yum-based systems, take note of the following conﬁguration values: humanname On yum-based systems, this is stored as the ``name'' value in the .repo ﬁle in /etc/yum.repos.d/. On yum-based systems, this is required. baseurl On yum-based systems, baseurl refers to a direct URL to be used for this yum repo. One of baseurl or mirrorlist is required. mirrorlist a URL which contains a collection of baseurls to choose from. On yum-based systems. One of baseurl or mirrorlist is required. comments Sometimes you want to supply additional information, but not as enabled conﬁguration. Anything supplied for this list will be saved in the repo conﬁguration with a comment marker (#) in front. Additional conﬁguration values, such as gpgkey or gpgcheck, are used verbatim to update the options for the yum repo in question. For apt-based systems, take note of the following conﬁguration values: ppa On Ubuntu, you can take advantage of Personal Package Archives on Launchpad simply by specifying the user and archive name. e keyid will be queried from launchpad and everything else is set auto- matically. You can override any of the below seings by simply seing them as you would normally. For example:</p><p> logstash-ppa: pkgrepo.managed: - ppa: wolfnet/logstash</p><p> ppa_auth For Ubuntu PPAs there can be private PPAs that require authentication to access. For these PPAs the username/password can be passed as an HTTP Basic style username/password combination.</p><p> logstash-ppa: pkgrepo.managed: - ppa: wolfnet/logstash - ppa_auth: username:password</p><p> name On apt-based systems this must be the complete entry as it would be seen in the sources.list ﬁle. is can have a limited subset of components (i.e. `main') which can be added/modiﬁed with the ``comps'' option.</p><p> precise-repo: pkgrepo.managed: - name: deb http://us.archive.ubuntu.com/ubuntu precise main</p><p> disabled Toggles whether or not the repo is used for resolving dependencies and/or installing packages. enabled Enables the repository, even if the repository has been disabled, in order for the respective package requiring the repository can be found and installed. comps On apt-based systems, comps dictate the types of packages to be installed from the repository (e.g. main, nonfree, …). For purposes of this, comps should be a comma-separated list. ﬁle e ﬁlename for the .list that the repository is conﬁgured in. It is important to include the full-path AND make sure it is in a directory that APT will look in when handling packages dist is dictates the release of the distro the packages should be built for. (e.g. unstable) keyid e KeyID of the GPG key to install. is option also requires the `keyserver' option to be set.</p><p>1200 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> keyserver is is the name of the keyserver to retrieve gpg keys from. e keyid option must also be set for this option to work. key_url URL to retrieve a GPG key from. consolidate If set to true, this will consolidate all sources deﬁnitions to the sources.list ﬁle, cleanup the now unused ﬁles, consolidate components (e.g. main) for the same URI, type, and architecture to a single line, and ﬁnally remove comments from the sources.list ﬁle. e consolidate will run every time the state is processed. e option only needs to be set on one repo managed by salt to take eﬀect. refresh_db If set to false this will skip refreshing the apt package database on debian based systems. require_in Set this to a list of pkg.installed or pkg.latest to trigger the running of apt-get update prior to aempting to install these packages. Seing a require in the pkg will not work for this.</p><p>22.27.81 salt.states.portage_config</p><p>Management of Portage package configuration on Gentoo</p><p>A state module to manage Portage conﬁguration on Gentoo salt: portage_config.flags: - use: - openssl salt.states.portage_config.flags(name, use=None, accept_keywords=None, env=None, li- cense=None, properties=None, unmask=False, mask=False) Enforce the given ﬂags on the given package or DEPEND atom. Please be warned that, in most cases, you need to rebuild the aﬀected packages in order to apply the changes. name e name of the package or his DEPEND atom use A list of use ﬂags accept_keywords A list of keywords to accept. ``~ARCH'' means current host arch, and will be translated in a line without keywords env A list of environment ﬁles license A list of accepted licenses properties A list of additional properties unmask A boolean to unmask the package mask A boolean to mask the package</p><p>22.27.82 salt.states.ports</p><p>Manage soware from FreeBSD ports New in version 2014.1.0.</p><p>Note: It may be helpful to use a higher timeout when running a ports.installed state, since compiling the port may exceed Salt's timeout. salt -t 1200 '*' state.highstate</p><p>22.27. Full list of builtin state modules 1201 Salt Documentation, Release 2014.7.6</p><p> salt.states.ports.installed(name, options=None) Verify that the desired port is installed, and that it was compiled with the desired options. options Make sure that the desired non-default options are set</p><p>Warning: Any build options not passed here assume the default values for the port, and are not just diﬀerences from the existing cached options from a previous make config.</p><p>Example usage:</p><p> security/nmap: ports.installed: - options: - IPV6: off</p><p>22.27.83 salt.states.postgres_database</p><p>Management of PostgreSQL databases</p><p>e postgres_database module is used to create and manage Postgres databases. Databases can be set as either absent or present frank: postgres_database.present salt.states.postgres_database.absent(name, runas=None, user=None, maintenance_db=None, db_password=None, db_host=None, db_port=None, db_user=None) Ensure that the named database is absent name e name of the database to remove db_user database username if diﬀerent from conﬁg or defaul db_password user password if any password for a speciﬁed user db_host Database host if diﬀerent from conﬁg or default db_port Database port if diﬀerent from conﬁg or default runas System user all operations should be performed on behalf of Deprecated since version 0.17.0. user System user all operations should be performed on behalf of New in version 0.17.0. salt.states.postgres_database.present(name, tablespace=None, encoding=None, lc_collate=None, lc_ctype=None, owner=None, template=None, runas=None, user=None, mainte- nance_db=None, db_password=None, db_host=None, db_port=None, db_user=None) Ensure that the named database is present with the speciﬁed properties. For more information about all of these options see man createdb(1) name e name of the database to manage</p><p>1202 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> tablespace Default tablespace for the database encoding e character encoding scheme to be used in this database lc_collate e LC_COLLATE seing to be used in this database lc_ctype e LC_CTYPE seing to be used in this database owner e username of the database owner template e template database from which to build this database runas System user all operations should be performed on behalf of Deprecated since version 0.17.0. user System user all operations should be performed on behalf of db_user database username if diﬀerent from conﬁg or default db_password user password if any password for a speciﬁed user db_host Database host if diﬀerent from conﬁg or default db_port Database port if diﬀerent from conﬁg or default New in version 0.17.0.</p><p>22.27.84 salt.states.postgres_extension</p><p>Management of PostgreSQL extensions (e.g.: postgis)</p><p>e postgres_extensions module is used to create and manage Postgres extensions. adminpack: postgres_extension.present salt.states.postgres_extension.absent(name, if_exists=None, restrict=None, cas- cade=None, user=None, maintenance_db=None, db_password=None, db_host=None, db_port=None, db_user=None) Ensure that the named extension is absent name Extension name of the extension to remove cascade Drop on cascade if_exists Add if exist slug restrict Add restrict slug maintenance_db Database to act on user System user all operations should be performed on behalf of db_user database username if diﬀerent from conﬁg or default db_password user password if any password for a speciﬁed user db_host Database host if diﬀerent from conﬁg or default db_port Database port if diﬀerent from conﬁg or default</p><p>22.27. Full list of builtin state modules 1203 Salt Documentation, Release 2014.7.6 salt.states.postgres_extension.present(name, if_not_exists=None, schema=None, ext_version=None, from_version=None, user=None, maintenance_db=None, db_password=None, db_host=None, db_port=None, db_user=None) Ensure that the named extension is present with the speciﬁed privileges name e name of the extension to manage if_not_exists Add a if_not_exists switch to the ddl statement sema Schema to install the extension into from_version Old extension version if already installed ext_version version to install user System user all operations should be performed on behalf of maintenance_db Database to act on db_user database username if diﬀerent from conﬁg or default db_password user password if any password for a speciﬁed user db_host Database host if diﬀerent from conﬁg or default db_port Database port if diﬀerent from conﬁg or default</p><p>22.27.85 salt.states.postgres_group</p><p>Management of PostgreSQL groups (roles)</p><p>e postgres_group module is used to create and manage Postgres groups. frank: postgres_group.present salt.states.postgres_group.absent(name, runas=None, user=None, maintenance_db=None, db_password=None, db_host=None, db_port=None, db_user=None) Ensure that the named group is absent name e groupname of the group to remove runas System user all operations should be performed on behalf of Deprecated since version 0.17.0. user System user all operations should be performed on behalf of New in version 0.17.0. db_user database username if diﬀerent from conﬁg or defaul db_password user password if any password for a speciﬁed user db_host Database host if diﬀerent from conﬁg or default db_port Database port if diﬀerent from conﬁg or default</p><p>1204 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.states.postgres_group.present(name, createdb=None, createroles=None, createuser=None, encrypted=None, superuser=None, inherit=None, lo- gin=None, replication=None, password=None, re- fresh_password=None, groups=None, runas=None, user=None, maintenance_db=None, db_password=None, db_host=None, db_port=None, db_user=None) Ensure that the named group is present with the speciﬁed privileges Please note that the user/group notion in postgresql is just abstract, we have roles, where users can be seens as roles with the LOGIN privilege and groups the others. name e name of the group to manage createdb Is the group allowed to create databases? createroles Is the group allowed to create other roles/users createuser Alias to create roles, and history problem, in pgsql normally createuser == superuser encrypted Should the password be encrypted in the system catalog? login Should the group have login perm inherit Should the group inherit permissions superuser Should the new group be a ``superuser'' replication Should the new group be allowed to initiate streaming replication password e Group's password It can be either a plain string or a md5 postgresql hashed password:</p><p>'md5{MD5OF({password}{role}}'</p><p>If encrypted is None or True, the password will be automatically encrypted to the previous format if it is not already done. refresh_password Password refresh ﬂag Boolean aribute to specify whether to password comparison check should be performed. If refresh_password is None or False, the password will be automatically updated without extra password change check. is behaviour allows to execute in environments without superuser access available, e.g. Amazon RDS for PostgreSQL groups A string of comma separated groups the group should be in runas System user all operations should be performed on behalf of Deprecated since version 0.17.0. user System user all operations should be performed on behalf of New in version 0.17.0. db_user database username if diﬀerent from conﬁg or defaul db_password user password if any password for a speciﬁed user db_host Database host if diﬀerent from conﬁg or default db_port Database port if diﬀerent from conﬁg or default</p><p>22.27. Full list of builtin state modules 1205 Salt Documentation, Release 2014.7.6</p><p>22.27.86 salt.states.postgres_user</p><p>Management of PostgreSQL users (roles)</p><p>e postgres_users module is used to create and manage Postgres users. frank: postgres_user.present salt.states.postgres_user.absent(name, runas=None, user=None, maintenance_db=None, db_password=None, db_host=None, db_port=None, db_user=None) Ensure that the named user is absent name e username of the user to remove runas System user all operations should be performed on behalf of Deprecated since version 0.17.0. user System user all operations should be performed on behalf of New in version 0.17.0. db_user database username if diﬀerent from conﬁg or default db_password user password if any password for a speciﬁed user db_host Database host if diﬀerent from conﬁg or default db_port Database port if diﬀerent from conﬁg or default salt.states.postgres_user.present(name, createdb=None, createroles=None, createuser=None, encrypted=None, superuser=None, replication=None, inherit=None, login=None, password=None, re- fresh_password=None, groups=None, runas=None, user=None, maintenance_db=None, db_password=None, db_host=None, db_port=None, db_user=None) Ensure that the named user is present with the speciﬁed privileges Please note that the user/group notion in postgresql is just abstract, we have roles, where users can be seens as roles with the LOGIN privilege and groups the others. name e name of the user to manage createdb Is the user allowed to create databases? createroles Is the user allowed to create other users? createuser Alias to create roles encrypted Should the password be encrypted in the system catalog? login Should the group have login perm inherit Should the group inherit permissions superuser Should the new user be a ``superuser'' replication Should the new user be allowed to initiate streaming replication password e user's password It can be either a plain string or a md5 postgresql hashed password:</p><p>'md5{MD5OF({password}{role}}'</p><p>1206 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>If encrypted is None or True, the password will be automatically encrypted to the previous format if it is not already done. refresh_password Password refresh ﬂag Boolean aribute to specify whether to password comparison check should be performed. If refresh_password is None or False, the password will be automatically updated without extra password change check. is behaviour allows to execute in environments without superuser access available, e.g. Amazon RDS for PostgreSQL groups A string of comma separated groups the user should be in runas System user all operations should be performed on behalf of Deprecated since version 0.17.0. user System user all operations should be performed on behalf of New in version 0.17.0. db_user database username if diﬀerent from conﬁg or default db_password user password if any password for a speciﬁed user db_host Database host if diﬀerent from conﬁg or default db_port Database port if diﬀerent from conﬁg or default</p><p>22.27.87 salt.states.powerpath</p><p>Powerpath configuration support</p><p>Allows conﬁguration of EMC Powerpath. Currently only addition/deletion of licenses is supported. key: powerpath.license_present: [] salt.states.powerpath.license_absent(name) Ensures that the speciﬁed PowerPath license key is absent on the host. name e licnese key to ensure is absent salt.states.powerpath.license_present(name) Ensures that the speciﬁed PowerPath license key is present on the host. name e licnese key to ensure is present</p><p>22.27.88 salt.states.process</p><p>Process Management</p><p>Ensure a process matching a given paern is absent. httpd-absent: process.absent: - name: apache2</p><p>22.27. Full list of builtin state modules 1207 Salt Documentation, Release 2014.7.6 salt.states.process.absent(name, user=None, signal=None) Ensures that the named command is not running. name e paern to match. user e user process belongs signal Signal to send to the process(es).</p><p>22.27.89 salt.states.pyenv</p><p>Managing python installations with pyenv</p><p>is module is used to install and manage python installations with pyenv. Diﬀerent versions of python can be installed, and uninstalled. pyenv will be installed automatically the ﬁrst time it is needed and can be updated later. is module will not automatically install packages which pyenv will need to compile the versions of python. If pyenv is run as the root user then it will be installed to /usr/local/pyenv, otherwise it will be installed to the users ~/.pyenv directory. To make pyenv available in the shell you may need to add the pyenv/shims and pyenv/bin directories to the users PATH. If you are installing as root and want other users to be able to access pyenv then you will need to add pyenv_ROOT to their environment. is is how a state conﬁguration could look like: pyenv-deps: pkg.installed: - pkgs: - make - build-essential - libssl-dev - zlib1g-dev - libbz2-dev - libreadline-dev - libsqlite3-dev - wget - curl - llvm python-2.6: pyenv.absent: - require: - pkg: pyenv-deps python-2.7.6: pyenv.installed: - default: True - require: - pkg: pyenv-deps salt.states.pyenv.absent(name, runas=None, user=None) Verify that the speciﬁed python is not installed with pyenv. pyenv is installed if necessary. name e version of python to uninstall runas: None e user to run pyenv as. Deprecated since version 0.17.0. user: None e user to run pyenv as.</p><p>1208 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>New in version 0.17.0. New in version 0.16.0. salt.states.pyenv.install_pyenv(name, user=None) Install pyenv if not installed. Allows you to require pyenv be installed prior to installing the plugins. Useful if you want to install pyenv plugins via the git or ﬁle modules and need them installed before installing any rubies. Use the pyenv.root conﬁguration option to set the path for pyenv if you want a system wide install that is not in a user home dir. user: None e user to run pyenv as. salt.states.pyenv.installed(name, default=False, runas=None, user=None) Verify that the speciﬁed python is installed with pyenv. pyenv is installed if necessary. name e version of python to install default [False] Whether to make this python the default. runas: None e user to run pyenv as. Deprecated since version 0.17.0. user: None e user to run pyenv as. New in version 0.17.0. New in version 0.16.0.</p><p>22.27.90 salt.states.quota</p><p>Management of POSIX otas</p><p>e quota can be managed for the system:</p><p>/: quota.mode: mode: off quotatype: user salt.states.quota.mode(name, mode, quotatype) Set the quota for the system name e ﬁlesystem to set the quota mode on mode Whether the quota system is on or oﬀ quotatype Must be user or group</p><p>22.27.91 salt.states.rabbitmq_cluster</p><p>Manage RabbitMQ Clusters</p><p>Example:</p><p>22.27. Full list of builtin state modules 1209 Salt Documentation, Release 2014.7.6</p><p> rabbit@rabbit.example.com: rabbitmq_cluster.join: - user: rabbit - host: rabbit.example.com salt.states.rabbitmq_cluster.join(name, host, user='rabbit', runas=None) Ensure the RabbitMQ plugin is enabled. name Irrelevant, not used (recommended: user@host) user e user to join the cluster as (default: rabbit) host e cluster host to join to runas e user to run the rabbitmq-plugin command as</p><p>22.27.92 salt.states.rabbitmq_plugin</p><p>Manage RabbitMQ Plugins</p><p>New in version 2014.1.0. Example: some_plugin: rabbitmq_plugin.enabled: [] salt.states.rabbitmq_plugin.disabled(name, runas=None) Ensure the RabbitMQ plugin is enabled. name e name of the plugin runas e user to run the rabbitmq-plugin command as salt.states.rabbitmq_plugin.enabled(name, runas=None) Ensure the RabbitMQ plugin is enabled. name e name of the plugin runas e user to run the rabbitmq-plugin command as</p><p>22.27.93 salt.states.rabbitmq_policy</p><p>Manage RabbitMQ Policies</p><p> maintainer Benn Eichhorn <benn> maturity new platform all Example: rabbit_policy: rabbitmq_policy.present: - name: HA - pattern: '.*' - definition: '{"ha-mode": "all"}'</benn></p><p>1210 Chapter 22. Reference Salt Documentation, Release 2014.7.6 salt.states.rabbitmq_policy.absent(name, vhost='/', runas=None) Ensure the named policy is absent Reference: hp://www.rabbitmq.com/ha.html name e name of the policy to remove runas Name of the user to run the command as salt.states.rabbitmq_policy.present(name, paern, deﬁnition, priority=0, vhost='/', runas=None) Ensure the RabbitMQ policy exists. Reference: hp://www.rabbitmq.com/ha.html name Policy name pattern A regex of queues to apply the policy to deﬁnition A json dict describing the policy priority Priority (defaults to 0) vhost Virtual host to apply to (defaults to `/') runas Name of the user to run the command as</p><p>22.27.94 salt.states.rabbitmq_user</p><p>Manage RabbitMQ Users</p><p>Example: rabbit_user: rabbitmq_user.present: - password: password - force: True - tags: administrator - perms: - '/': - '.*' - '.*' - '.*' - runas: rabbitmq salt.states.rabbitmq_user.absent(name, runas=None) Ensure the named user is absent name e name of the user to remove runas User to run the command salt.states.rabbitmq_user.present(name, password=None, force=False, tags=None, perms=(), runas=None) Ensure the RabbitMQ user exists. name User name password User's password, if one needs to be set force If user exists, forcibly change the password tags Optionally set user tags for user</p><p>22.27. Full list of builtin state modules 1211 Salt Documentation, Release 2014.7.6</p><p> perms A list of dicts with vhost keys and 3-tuple values runas Name of the user to run the command</p><p>22.27.95 salt.states.rabbitmq_vhost</p><p>Manage RabbitMQ Virtual Hosts</p><p>Example: virtual_host: rabbitmq_vhost.present: - user: rabbit_user - conf: .* - write: .* - read: .* salt.states.rabbitmq_vhost.absent(name, runas=None) Ensure the RabbitMQ Virtual Host is absent name Name of the Virtual Host to remove runas User to run the command Deprecated since version Beryllium. salt.states.rabbitmq_vhost.present(name, user=None, owner=None, conf=None, write=None, read=None, runas=None) Ensure the RabbitMQ VHost exists. name VHost name user Initial user permission to set on the VHost, if present Deprecated since version Beryllium. owner Initial owner permission to set on the VHost, if present conf Initial conf string to apply to the VHost and user. Defaults to .* write Initial write permissions to apply to the VHost and user. Defaults to .* read Initial read permissions to apply to the VHost and user. Defaults to .* runas Name of the user to run the command Deprecated since version Beryllium.</p><p>22.27.96 salt.states.rbenv</p><p>Managing Ruby installations with rbenv</p><p>is module is used to install and manage ruby installations with rbenv. Diﬀerent versions of ruby can be installed, and uninstalled. Rbenv will be installed automatically the ﬁrst time it is needed and can be updated later. is module will not automatically install packages which rbenv will need to compile the versions of ruby. If rbenv is run as the root user then it will be installed to /usr/local/rbenv, otherwise it will be installed to the users ~/.rbenv directory. To make rbenv available in the shell you may need to add the rbenv/shims and rbenv/bin directories to the users PATH. If you are installing as root and want other users to be able to access rbenv then you will need to add RBENV_ROOT to their environment.</p><p>1212 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>is is how a state conﬁguration could look like: rbenv-deps: pkg.installed: - pkgs: - bash - git - openssl - gmake - curl ruby-1.9.3-p392: rbenv.absent: - require: - pkg: rbenv-deps ruby-1.9.3-p429: rbenv.installed: - default: True - require: - pkg: rbenv-deps salt.states.rbenv.absent(name, runas=None, user=None) Verify that the speciﬁed ruby is not installed with rbenv. Rbenv is installed if necessary. name e version of ruby to uninstall runas: None e user to run rbenv as. Deprecated since version 0.17.0. user: None e user to run rbenv as. New in version 0.17.0. New in version 0.16.0. salt.states.rbenv.install_rbenv(name, user=None) Install rbenv if not installed. Allows you to require rbenv be installed prior to installing the plugins. Useful if you want to install rbenv plugins via the git or ﬁle modules and need them installed before installing any rubies. Use the rbenv.root conﬁguration option to set the path for rbenv if you want a system wide install that is not in a user home dir. user: None e user to run rbenv as. salt.states.rbenv.installed(name, default=False, runas=None, user=None) Verify that the speciﬁed ruby is installed with rbenv. Rbenv is installed if necessary. name e version of ruby to install default [False] Whether to make this ruby the default. runas: None e user to run rbenv as. Deprecated since version 0.17.0. user: None e user to run rbenv as. New in version 0.17.0. New in version 0.16.0.</p><p>22.27. Full list of builtin state modules 1213 Salt Documentation, Release 2014.7.6</p><p>22.27.97 salt.states.rdp</p><p>Manage RDP Service on Windows servers salt.states.rdp.disabled(name) Disable the RDP service salt.states.rdp.enabled(name) Enable the RDP service and make sure access to the RDP port is allowed in the ﬁrewall conﬁguration</p><p>22.27.98 salt.states.redismod</p><p>Management of Redis server</p><p>New in version 2014.7.0. depends • redis Python module conﬁguration See salt.modules.redis for setup instructions. key_in_redis: redis.string: - value: string data</p><p>e redis server information speciﬁed in the minion conﬁg ﬁle can be overidden in states using the following argu- ments: host, post, db, password. key_in_redis: redis.string: - value: string data - host: localhost - port: 6379 - db: 0 - password: somuchkittycat salt.states.redismod.absent(name, keys=None, **connection_args) Ensure key absent from redis name Key to ensure absent from redis keys list of keys to ensure absent, name will be ignored if this is used salt.states.redismod.string(name, value, expire=None, expireat=None, **connection_args) Ensure that the key exists in redis with the value speciﬁed name Redis key to manage value Data to persist in key expire Sets time to live for key in seconds expireat Sets expiration time for key via UNIX timestamp, overrides expire</p><p>1214 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>22.27.99 salt.states.reg</p><p>Manage the registry on Windows salt.states.reg.absent(name) Remove a registry key Example:</p><p>'HKEY_CURRENT_USER\SOFTWARE\Salt\version': reg.absent salt.states.reg.present(name, value, vtype='REG_DWORD', reﬂection=True) Set a registry entry Optionally set reflection to False to disable reﬂection. reflection has no eﬀect on a 32-bit OS. In the example below, this will prevent Windows from silently creating the key in: HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Salt\version Example:</p><p>HKEY_CURRENT_USER\SOFTWARE\Salt\version: reg.present: - value: 0.15.3 - vtype: REG_SZ - reflection: False</p><p>22.27.100 salt.states.rvm</p><p>Managing Ruby installations and gemsets with Ruby Version Manager (RVM)</p><p>is module is used to install and manage ruby installations and gemsets with RVM, the Ruby Version Manager. Diﬀerent versions of ruby can be installed and gemsets created. RVM itself will be installed automatically if it's not present. is module will not automatically install packages that RVM depends on or ones that are needed to build ruby. If you want to run RVM as an unprivileged user (recommended) you will have to create this user yourself. is is how a state conﬁguration could look like: rvm: group.present: [] user.present: - gid: rvm - home: /home/rvm - require: - group: rvm rvm-deps: pkg.installed: - pkgs: - bash - coreutils - gzip - bzip2 - gawk - sed - curl - git-core - subversion</p><p>22.27. Full list of builtin state modules 1215 Salt Documentation, Release 2014.7.6</p><p> mri-deps: pkg.installed: - pkgs: - build-essential - openssl - libreadline6 - libreadline6-dev - curl - git-core - zlib1g - zlib1g-dev - libssl-dev - libyaml-dev - libsqlite3-0 - libsqlite3-dev - sqlite3 - libxml2-dev - libxslt1-dev - autoconf - libc6-dev - libncurses5-dev - automake - libtool - bison - subversion - ruby jruby-deps: pkg.installed: - pkgs: - curl - g++ - openjdk-6-jre-headless ruby-1.9.2: rvm.installed: - default: True - user: rvm - require: - pkg: rvm-deps - pkg: mri-deps - user: rvm jruby: rvm.installed: - user: rvm - require: - pkg: rvm-deps - pkg: jruby-deps - user: rvm jgemset: rvm.gemset_present: - ruby: jruby - user: rvm - require: - rvm: jruby</p><p>1216 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> mygemset: rvm.gemset_present: - ruby: ruby-1.9.2 - user: rvm - require: - rvm: ruby-1.9.2 salt.states.rvm.gemset_present(name, ruby='default', runas=None, user=None) Verify that the gemset is present. name e name of the gemset. ruby: default e ruby version this gemset belongs to. runas: None e user to run rvm as. Deprecated since version 0.17.0. user: None e user to run rvm as. New in version 0.17.0. salt.states.rvm.installed(name, default=False, runas=None, user=None) Verify that the speciﬁed ruby is installed with RVM. RVM is installed when necessary. name e version of ruby to install default [False] Whether to make this ruby the default. runas: None e user to run rvm as. Deprecated since version 0.17.0. user: None e user to run rvm as. New in version 0.17.0.</p><p>22.27.101 salt.states.saltmod</p><p>Control the Salt command interface</p><p>is state is intended for use from the Salt Master. It provides access to sending commands down to minions as well as access to executing master-side modules. ese state functions wrap Salt's Python API. See also: More Orchestrate documentation • Full Orchestrate Tutorial • The Orchestrate runner salt.states.saltmod.function(name, tgt, ssh=False, tgt_type=None, expr_form=None, ret='`, expect_minions=False, fail_minions=None, fail_function=None, arg=None, kwarg=None, timeout=None) Execute a single module function on a remote minion via salt or salt-ssh name e name of the function to run, aka cmd.run or pkg.install tgt e target speciﬁcation, aka `*' for all minions tgt_type | expr_form e target type, defaults to glob arg e list of arguments to pass into the function</p><p>22.27. Full list of builtin state modules 1217 Salt Documentation, Release 2014.7.6</p><p> kwarg e list of keyword arguments to pass into the function ret Optionally set a single or a list of returners to use expect_minions An optional boolean for failing if some minions do not respond fail_minions An optional list of targeted minions where failure is an option fail_function An optional string that points to a salt module that returns True or False based on the returned data dict for individual minions ssh Set to True to use the ssh client instaed of the standard salt client salt.states.saltmod.runner(name, **kwargs) Execute a runner module on the master New in version 2014.7. name e name of the function to run kwargs Any keyword arguments to pass to the runner function salt.states.saltmod.state(name, tgt, ssh=False, tgt_type=None, expr_form=None, ret='`, high- state=None, sls=None, top=None, env=None, test=False, pillar=None, ex- pect_minions=False, fail_minions=None, allow_fail=0, concurrent=False, timeout=None) Invoke a state run on a given target name An arbitrary name used to track the state execution tgt e target speciﬁcation for the state run. tgt_type | expr_form e target type to resolve, defaults to glob ret Optionally set a single or a list of returners to use highstate Defaults to None, if set to True the target systems will ignore any sls references speciﬁed in the sls option and call state.highstate on the targeted minions top Should be the name of a top ﬁle. If set state.top is called with this top ﬁle instead of state.sls. sls A group of sls ﬁles to execute. is can be deﬁned as a single string containing a single sls ﬁle, or a list of sls ﬁles test Pass test=true through to the state function pillar Pass the pillar kwarg through to the state function saltenv e default salt environment to pull sls ﬁles from ssh Set to True to use the ssh client instaed of the standard salt client roster In the event of using salt-ssh, a roster system can be set expect_minions An optional boolean for failing if some minions do not respond fail_minions An optional list of targeted minions where failure is an option allow_fail Pass in the number of minions to allow for failure before seing the result of the execution to False concurrent Allow multiple state runs to occur at once. WARNING: is ﬂag is potentially dangerous. It is designed for use when multiple state runs can safely be run at the same Do not use this ﬂag for performance optimization. Examples: Run a list of sls ﬁles via state.sls on target minions:</p><p>1218 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> webservers: salt.state: - tgt: 'web*' - sls: - apache - django - core - saltenv: prod</p><p>Run a full state.highstate on target mininons.</p><p> databases: salt.state: - tgt: role:database - tgt_type: grain - highstate: True salt.states.saltmod.wait_for_event(name, id_list, event_id='id', timeout=300) Watch Salt's event bus and block until a condition is met New in version 2014.7. name An event tag to watch for; supports Reactor-style globbing. id_list A list of event identiﬁers to watch for -- usually the minion ID. Each time an event tag is matched the event data is inspected for event_id, if found it is removed from id_list. When id_list is empty this function returns success. event_id [id] e name of a key in the event data. Default is id for the minion ID, another common value is name for use with orchestrating salt-cloud events. timeout [300] e maximum time in seconds to wait before failing. e following example blocks until all the listed minions complete a restart and reconnect to the Salt master:</p><p> reboot_all_minions: salt.function: - name: system.reboot - tgt: '*'</p><p> wait_for_reboots: salt.wait_for_event: - name: salt/minion/*/start - id_list: - jerry - stuart - dave - phil - kevin - mike - require: - salt: reboot_all_minions salt.states.saltmod.wheel(name, **kwargs) Execute a wheel module on the master New in version 2014.7. name e name of the function to run kwargs Any keyword arguments to pass to the wheel function</p><p>22.27. Full list of builtin state modules 1219 Salt Documentation, Release 2014.7.6</p><p> accept_minion_key: salt.wheel: - name: key.accept - match: frank</p><p>22.27.102 salt.states.schedule</p><p>Management of the Salt scheduler job3: schedule.present: - function: test.ping - seconds: 3600 - splay: 10</p><p>This will schedule the command: test.ping every 3600 seconds (every hour) splaying the time between 0 and 10 seconds job2: schedule.present: - function: test.ping - seconds: 15 - splay: - start: 10 - end: 20</p><p>This will schedule the command: test.ping every 3600 seconds (every hour) splaying the time between 10 and 20 seconds job1: schedule.present: - function: state.sls - job_args: - httpd - job_kwargs: test: True - when: - Monday 5:00pm - Tuesday 3:00pm - Wednesday 5:00pm - Thursday 3:00pm - Friday 5:00pm</p><p>This will schedule the command: state.sls httpd test=True at 5pm on Monday, Wednesday and Friday, and 3pm on Tuesday and Thursday. job1: schedule.present: - function: state.sls - job_args: - httpd - job_kwargs: test: True - cron: '*/5 * * * *'</p><p>Scheduled jobs can also be specified using the format used by cron. This will</p><p>1220 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> schedule the command: state.sls httpd test=True to run every 5 minutes. Requires that python-croniter is installed. salt.states.schedule.absent(name, **kwargs) Ensure a job is absent from the schedule name e unique name that is given to the scheduled job. salt.states.schedule.present(name, **kwargs) Ensure a job is present in the schedule name e unique name that is given to the scheduled job. seconds e scheduled job will be executed aer the speciﬁed number of seconds have passed. minutes e scheduled job will be executed aer the speciﬁed number of minutes have passed. hours e scheduled job will be executed aer the speciﬁed number of hours have passed. days e scheduled job will be executed aer the speciﬁed number of days have passed. when is will schedule the job at the speciﬁed time(s). e when parameter must be a single value or a dictionary with the date string(s) using the dateutil format. cron is will schedule the job at the speciﬁed time(s) using the crontab format. function e function that should be executed by the scheduled job. job_args e arguments that will be used by the scheduled job. job_kwargs e keyword arguments that will be used by the scheduled job. maxrunning Ensure that there are no more than N copies of a particular job running. jid_include Include the job into the job cache. splay e amount of time in seconds to splay a scheduled job. Can be speciﬁed as a single value in seconds or as a dictionary range with `start' and `end' values. range is will schedule the command within the range speciﬁed. e range parameter must be a dictionary with the date strings using the dateutil format.</p><p>22.27.103 salt.states.selinux</p><p>Management of SELinux rules</p><p>If SELinux is available for the running system, the mode can be managed and booleans can be set. enforcing: selinux.mode samba_create_home_dirs: selinux.boolean: - value: True - persist: True</p><p>Note: Use of these states require that the selinux execution module is available. salt.states.selinux.boolean(name, value, persist=False) Set up an SELinux boolean</p><p>22.27. Full list of builtin state modules 1221 Salt Documentation, Release 2014.7.6</p><p> name e name of the boolean to set value e value to set on the boolean persist Defaults to False, set persist to true to make the boolean apply on a reboot salt.states.selinux.mode(name) Veriﬁes the mode SELinux is running in, can be set to enforcing or permissive name e mode to run SELinux in, permissive or enforcing</p><p>22.27.104 salt.states.serverdensity_device</p><p>Monitor Server with Server Density</p><p>New in version 2014.7.0. Server Density Is a hosted monitoring service.</p><p>Warning: is state module is beta. It might be changed later to include more or less automation.</p><p>Note: is state module requires a pillar for authentication with Server Density: serverdensity: api_token: "b97da80a41c4f61bff05975ee51eb1aa" account_url: "https://your-account.serverdensity.io"</p><p>Note: Although Server Density allows duplicate device names in its database, this module will raise an exception if you try monitoring devices with the same name.</p><p>Example:</p><p>'server_name': serverdensity_device.monitored salt.states.serverdensity_device.monitored(name, group=None, salt_name=True, salt_params=True, **params) Device is monitored with Server Density. name Device name in Server Density. salt_name If True (default), takes the name from the id grain. If False, the provided name is used. group Group name under with device will appear in Server Density dashboard. Default - None. salt_params If True (default), needed conﬁg parameters will be sourced from grains and from sta- tus.all_status. params Add parameters that you want to appear in the Server Density dashboard. Will overwrite the salt_params parameters. For more info, see the API docs. Usage example:</p><p>'server_name': serverdensity_device.monitored</p><p>1222 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>'server_name': serverdensity_device.monitored: - group: web-servers</p><p>'my_special_server': serverdensity_device.monitored: - salt_name: False - group: web-servers - cpuCores: 2 - os: CentOS</p><p>22.27.105 salt.states.service</p><p>Starting or restarting of services and daemons</p><p>Services are deﬁned as system daemons typically started with system init or rc scripts, services can be deﬁned as running or dead. httpd: service.running: []</p><p>e service can also be set to be started at runtime via the enable option: openvpn: service.running: - enable: True</p><p>By default if a service is triggered to refresh due to a watch statement the service is by default restarted. If the desired behavior is to reload the service, then set the reload value to True: redis: service.running: - enable: True - reload: True - watch: - pkg: redis</p><p>Note: More details regarding watch can be found in the Requisites documentation. salt.states.service.dead(name, enable=None, sig=None, **kwargs) Ensure that the named service is dead by stopping the service if it is running name e name of the init or rc script used to manage the service enable Set the service to be enabled at boot time, True sets the service to be enabled, False sets the named service to be disabled. e default is None, which does not enable or disable anything. sig e string to search for when looking for the service process with ps salt.states.service.disabled(name, **kwargs) Verify that the service is disabled on boot, only use this state if you don't want to manage the running process, remember that if you want to disable a service to use the enable: False option for the running or dead function. name e name of the init or rc script used to manage the service</p><p>22.27. Full list of builtin state modules 1223 Salt Documentation, Release 2014.7.6 salt.states.service.enabled(name, **kwargs) Verify that the service is enabled on boot, only use this state if you don't want to manage the running process, remember that if you want to enable a running service to use the enable: True option for the running or dead function. name e name of the init or rc script used to manage the service salt.states.service.mod_watch(name, sfun=None, sig=None, reload=False, full_restart=False, force=False, **kwargs) e service watcher, called to invoke the watch command. name e name of the init or rc script used to manage the service sfun e original function which triggered the mod_watch call (service.running, for example). sig e string to search for when looking for the service process with ps salt.states.service.running(name, enable=None, sig=None, **kwargs) Verify that the service is running name e name of the init or rc script used to manage the service enable Set the service to be enabled at boot time, True sets the service to be enabled, False sets the named service to be disabled. e default is None, which does not enable or disable anything. sig e string to search for when looking for the service process with ps</p><p>22.27.106 salt.states.smtp</p><p>Sending Messages via SMTP</p><p>New in version 2014.7.0. is state is useful for ﬁring messages during state runs, using the XMPP protocol server-warning-message: smtp.send_msg: - name: 'This is a server warning message' - profile: my-smtp-account - recipient: admins@example.com salt.states.smtp.send_msg(name, recipient, subject, sender, proﬁle, use_ssl='True') Send a message via SMTP</p><p> server-warning-message: smtp.send_msg: - name: 'This is a server warning message' - profile: my-smtp-account - subject: 'Message from Salt' - recipient: admin@example.com - sender: admin@example.com - use_ssl: True</p><p> name e message to send via SMTP</p><p>1224 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>22.27.107 salt.states.ssh_auth</p><p>Control of entries in SSH authorized_key files</p><p>e information stored in a user's SSH authorized key ﬁle can be easily controlled via the ssh_auth state. Defaults can be set by the enc, options, and comment keys. ese defaults can be overridden by including them in the name. Since the YAML speciﬁcation limits the length of simple keys to 1024 characters, and since SSH keys are oen longer than that, you may have to use a YAML `explicit key', as demonstrated in the second example below.</p><p>AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyY==: ssh_auth.present: - user: root - enc: ssh-dss</p><p>? AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyY==... : ssh_auth.present: - user: root - enc: ssh-dss thatch: ssh_auth.present: - user: root - source: salt://ssh_keys/thatch.id_rsa.pub sshkeys: ssh_auth.present: - user: root - enc: ssh-rsa - options: - option1="value1" - option2="value2 flag2" - comment: myuser - names: - AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyY== - ssh-dss AAAAB3NzaCL0sQ9fJ5bYTEyY== user@domain - option3="value3" ssh-dss AAAAB3NzaC1kcQ9J5bYTEyY== other@testdomain - AAAAB3NzaC1kcQ9fJFF435bYTEyY== newcomment salt.states.ssh_auth.absent(name, user, enc='ssh-rsa', comment='`, options=None, con- ﬁg='.ssh/authorized_keys') Veriﬁes that the speciﬁed SSH key is absent name e SSH key to manage user e user who owns the SSH authorized keys ﬁle to modify enc Deﬁnes what type of key is being used; can be ed25519, ecdsa, ssh-rsa or ssh-dss comment e comment to be placed with the SSH public key options e options passed to the key, pass a list object conﬁg e location of the authorized keys ﬁle relative to the user's home directory, defaults to ''.ssh/authorized_keys'' salt.states.ssh_auth.present(name, user, enc='ssh-rsa', comment='`, source='`, options=None, con- ﬁg='.ssh/authorized_keys', **kwargs) Veriﬁes that the speciﬁed SSH key is present for the speciﬁed user</p><p>22.27. Full list of builtin state modules 1225 Salt Documentation, Release 2014.7.6</p><p> name e SSH key to manage user e user who owns the SSH authorized keys ﬁle to modify enc Deﬁnes what type of key is being used; can be ed25519, ecdsa, ssh-rsa or ssh-dss comment e comment to be placed with the SSH public key source e source ﬁle for the key(s). Can contain any number of public keys, in standard ``authorized_keys'' format. If this is set, comment, enc, and options will be ignored.</p><p>Note: e source ﬁle must contain keys in the format <enc> <key> <comment>. If you have generated a keypair using PuTTYgen, then you will need to do the following to retrieve an OpenSSH-compatible public key. 1.In PuTTYgen, click Load, and select the private key ﬁle (not the public key), and click Open. 2.Copy the public key from the box labeled Public key for pasting into OpenSSH autho- rized_keys file. 3.Paste it into a new ﬁle.</comment></key></enc></p><p> options e options passed to the key, pass a list object conﬁg e location of the authorized keys ﬁle relative to the user's home directory, defaults to ''.ssh/authorized_keys''</p><p>22.27.108 salt.states.ssh_known_hosts</p><p>Control of SSH known_hosts entries</p><p>Manage the information stored in the known_hosts ﬁles. github.com: ssh_known_hosts: - present - user: root - fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48 example.com: ssh_known_hosts: - absent - user: root salt.states.ssh_known_hosts.absent(name, user=None, conﬁg=None) Veriﬁes that the speciﬁed host is not known by the given user name e host name user e user who owns the ssh authorized keys ﬁle to modify conﬁg e location of the authorized keys ﬁle relative to the user's home directory, defaults to ''.ssh/known_hosts''. If no user is speciﬁed, defaults to ``/etc/ssh/ssh_known_hosts''. If present, must be an absolute path when a user is not speciﬁed. salt.states.ssh_known_hosts.present(name, user=None, ﬁngerprint=None, key=None, port=None, enc=None, conﬁg=None, hash_hostname=True) Veriﬁes that the speciﬁed host is known by the speciﬁed user</p><p>1226 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>On many systems, speciﬁcally those running with openssh 4 or older, the enc option must be set, only openssh 5 and above can detect the key type. name e name of the remote host (e.g. ``github.com'') user e user who owns the ssh authorized keys ﬁle to modify enc Deﬁnes what type of key is being used, can be ed25519, ecdsa ssh-rsa or ssh-dss ﬁngerprint e ﬁngerprint of the key which must be presented in the known_hosts ﬁle port optional parameter, denoting the port of the remote host, which will be used in case, if the public key will be requested from it. By default the port 22 is used. conﬁg e location of the authorized keys ﬁle relative to the user's home directory, defaults to ''.ssh/known_hosts''. If no user is speciﬁed, defaults to ``/etc/ssh/ssh_known_hosts''. If present, must be an absolute path when a user is not speciﬁed. hash_hostname [True] Hash all hostnames and addresses in the output.</p><p>22.27.109 salt.states.stateconf</p><p>Stateconf System</p><p>e stateconf system is intended for use only with the stateconf renderer. is State module presents the set function. is function does not execute any functionality, but is used to interact with the stateconf renderer. salt.states.stateconf.context(name, **kwargs) No-op state to support state conﬁg via the stateconf renderer. salt.states.stateconf.set(name, **kwargs) No-op state to support state conﬁg via the stateconf renderer.</p><p>22.27.110 salt.states.status</p><p>Minion status monitoring Maps to the status execution module. salt.states.status.loadavg(name, maximum=None, minimum=None) Return the current load average for the speciﬁed minion. Available values for name are 1-min, 5-min and 15-min. minimum and maximum values should be passed in as strings.</p><p>22.27.111 salt.states.supervisord</p><p>Interaction with the Supervisor daemon wsgi_server: supervisord.running: - require: - pkg: supervisor - watch: - file: /etc/nginx/sites-enabled/wsgi_server.conf salt.states.supervisord.dead(name, user=None, runas=None, conf_ﬁle=None, bin_env=None) Ensure the named service is dead (not running).</p><p>22.27. Full list of builtin state modules 1227 Salt Documentation, Release 2014.7.6</p><p> name Service name as deﬁned in the supervisor conﬁguration ﬁle runas Name of the user to run the supervisorctl command Deprecated since version 0.17.0. user Name of the user to run the supervisorctl command New in version 0.17.0. conf_ﬁle path to supervisorctl conﬁg ﬁle bin_env path to supervisorctl bin or path to virtualenv with supervisor installed salt.states.supervisord.mod_watch(name, restart=True, update=False, user=None, runas=None, conf_ﬁle=None, bin_env=None, **kwargs) salt.states.supervisord.running(name, restart=False, update=False, user=None, runas=None, conf_ﬁle=None, bin_env=None) Ensure the named service is running. name Service name as deﬁned in the supervisor conﬁguration ﬁle restart Whether to force a restart update Whether to update the supervisor conﬁguration. runas Name of the user to run the supervisorctl command Deprecated since version 0.17.0. user Name of the user to run the supervisorctl command New in version 0.17.0. conf_ﬁle path to supervisorctl conﬁg ﬁle bin_env path to supervisorctl bin or path to virtualenv with supervisor installed</p><p>22.27.112 salt.states.svn</p><p>Manage SVN repositories</p><p>Manage repository checkouts via the svn vcs system: http://unladen-swallow.googlecode.com/svn/trunk/: svn.latest: - target: /tmp/swallow salt.states.svn.dirty(name, target, user=None, username=None, password=None, ig- nore_unversioned=False) Determine if the working directory has been changed. salt.states.svn.export(name, target=None, rev=None, user=None, username=None, password=None, force=False, overwrite=False, externals=True, trust=False) Export a ﬁle or directory from an SVN repository name Address and path to the ﬁle or directory to be exported. target Name of the target directory where the checkout will put the working directory rev [None] e name revision number to checkout. Enable ``force'' if the directory already exists. user [None] Name of the user performing repository management operations</p><p>1228 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> username [None] e user to access the name repository with. e svn default is the current user password Connect to the Subversion server with this password New in version 0.17.0. force [False] Continue if conﬂicts are encountered overwrite [False] Overwrite existing target externals [True] Change to False to not checkout or update externals trust [False] Automatically trust the remote server. SVN's --trust-server-cert salt.states.svn.latest(name, target=None, rev=None, user=None, username=None, password=None, force=False, externals=True, trust=False) Checkout or update the working directory to the latest revision from the remote repository. name Address of the name repository as passed to ``svn checkout'' target Name of the target directory where the checkout will put the working directory rev [None] e name revision number to checkout. Enable ``force'' if the directory already exists. user [None] Name of the user performing repository management operations username [None] e user to access the name repository with. e svn default is the current user password Connect to the Subversion server with this password New in version 0.17.0. force [False] Continue if conﬂicts are encountered externals [True] Change to False to not checkout or update externals trust [False] Automatically trust the remote server. SVN's --trust-server-cert</p><p>22.27.113 salt.states.sysctl</p><p>Configuration of the Linux kernel using sysctl</p><p>Control the kernel sysctl system. vm.swappiness: sysctl.present: - value: 20 salt.states.sysctl.present(name, value, conﬁg=None) Ensure that the named sysctl value is set in memory and persisted to the named conﬁguration ﬁle. e default sysctl conﬁguration ﬁle is /etc/sysctl.conf name e name of the sysctl value to edit value e sysctl value to apply conﬁg e location of the sysctl conﬁguration ﬁle. If not speciﬁed, the proper location will be detected based on platform.</p><p>22.27. Full list of builtin state modules 1229 Salt Documentation, Release 2014.7.6</p><p>22.27.114 salt.states.test</p><p>Test States</p><p>Provide test case states that enable easy testing of things to do with state calls, e.g. running, calling, logging, output ﬁltering etc. always-passes: test.succeed_without_changes: - name: foo always-fails: test.fail_without_changes: - name: foo always-changes-and-succeeds: test.succeed_with_changes: - name: foo always-changes-and-fails: test.fail_with_changes: - name: foo my-custom-combo: test.configurable_test_state: - name: foo - changes: True - result: False - comment: bar.baz salt.states.test.configurable_test_state(name, changes=True, result=True, comment='`) A conﬁgurable test state which determines its output based on the inputs. New in version 2014.7.0. name: A unique string. anges: Do we return anything in the changes ﬁeld? Accepts True, False, and `Random' Default is True result: Do we return successfully or not? Accepts True, False, and `Random' Default is True comment: String to ﬁll the comment ﬁeld with. Default is `' salt.states.test.fail_with_changes(name) Returns failure and changes is not empty. New in version 2014.7.0. name: A unique string. salt.states.test.fail_without_changes(name) Returns failure. New in version 2014.7.0. name: A unique string. salt.states.test.mod_watch(name, sfun=None, **kwargs) ` Call this function via a watch statement New in version 2014.7.0.</p><p>1230 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Any parameters in the state return dictionary can be customized by adding the keywords result, comment, and changes.</p><p> this_state_will_return_changes: test.succeed_with_changes</p><p> this_state_will_NOT_return_changes: test.succeed_without_changes</p><p> this_state_is_watching_another_state: test.succeed_without_changes: - comment: 'This is a custom comment' - watch: - test: this_state_will_return_changes - test: this_state_will_NOT_return_changes</p><p> this_state_is_also_watching_another_state: test.succeed_without_changes: - watch: - test: this_state_will_NOT_return_changes salt.states.test.succeed_with_changes(name) Returns successful and changes is not empty New in version 2014.7.0. name: A unique string. salt.states.test.succeed_without_changes(name) Returns successful. New in version 2014.7.0. name A unique string.</p><p>22.27.115 salt.states.timezone</p><p>Management of timezones</p><p>e timezone can be managed for the system:</p><p>America/Denver: timezone.system</p><p>e system and the hardware clock are not necessarily set to the same time. By default, the hardware clock is set to localtime, meaning it is set to the same time as the system clock. If utc is set to True, then the hardware clock will be set to UTC, and the system clock will be an oﬀset of that.</p><p>America/Denver: timezone.system: - utc: True</p><p>e Ubuntu community documentation contains an explanation of this seing, as it applies to systems that dual-boot with Windows. is is explained in greater detail here. salt.states.timezone.system(name, utc=True) Set the timezone for the system.</p><p>22.27. Full list of builtin state modules 1231 Salt Documentation, Release 2014.7.6</p><p> name e name of the timezone to use (e.g.: America/Denver) utc Whether or not to set the hardware clock to UTC (default is True)</p><p>22.27.116 salt.states.tomcat</p><p>is state uses the manager webapp to manage Apache tomcat webapps is state requires the manager webapp to be enabled e following grains/pillar should be set: tomcat-manager:user: admin user name tomcat-manager:passwd: password and also conﬁgure a user in the conf/tomcat-users.xml ﬁle:</p><p>Notes: • Not supported multiple version on the same context path • More information about tomcat manager: hp://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html • if you use only this module for deployments you might want to restrict access to the manager so its only accessible via localhost for more info: hp://tomcat.apache.org/tomcat-7.0-doc/manager- howto.html#Conﬁguring_Manager_Application_Access • Tested on: JVM Vendor: Sun Microsystems Inc. JVM Version: 1.6.0_43-b01 OS Aritecture: amd64 OS Name: Linux OS Version: 2.6.32-358.el6.x86_64 Tomcat Version: Apache Tomcat/7.0.37 salt.states.tomcat.mod_watch(name, url='hp://localhost:8080/manager', timeout=180) e tomcat watcher function. When called it will reload the webapp in question salt.states.tomcat.undeployed(name, url='hp://localhost:8080/manager', timeout=180) Enforce that the WAR will be un-deployed from the server name the context path to deploy url [hp://localhost:8080/manager] the URL of the server manager webapp timeout [180] timeout for HTTP request to the tomcat manager Example:</p><p>1232 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> jenkins: tomcat.undeployed: - name: /ran - require: - service: application-service salt.states.tomcat.wait(name, url='hp://localhost:8080/manager', timeout=180) Wait for the tomcat manager to load Notice that if tomcat is not running we won't wait for it start and the state will fail. is state can be required in the tomcat.war_deployed state to make sure tomcat is running and that the manager is running as well and ready for deployment url [hp://localhost:8080/manager] the URL of the server manager webapp timeout [180] timeout for HTTP request to the tomcat manager Example:</p><p> tomcat-service: service.running: - name: tomcat - enable: True</p><p> wait-for-tomcatmanager: tomcat.wait: - timeout: 300 - require: - service: tomcat-service</p><p> jenkins: tomcat.war_deployed: - name: /ran - war: salt://jenkins-1.2.4.war - require: - tomcat: wait-for-tomcatmanager salt.states.tomcat.war_deployed(name, war, force=False, url='hp://localhost:8080/manager', timeout=180, temp_war_location=None) Enforce that the WAR will be deployed and started in the context path it will make use of WAR versions for more info: hp://tomcat.apache.org/tomcat-7.0-doc/conﬁg/context.html#Naming name the context path to deploy war absolute path to WAR ﬁle (should be accessible by the user running tomcat) or a path supported by the salt.modules.cp.get_url function force force deploy even if version strings are the same, False by default. url [hp://localhost:8080/manager] the URL of the server manager webapp timeout [180] timeout for HTTP request to the tomcat manager temp_war_location [None] use another location to temporarily copy to war ﬁle by default the system's temp directory is used Example:</p><p> jenkins: tomcat.war_deployed: - name: /ran</p><p>22.27. Full list of builtin state modules 1233 Salt Documentation, Release 2014.7.6</p><p>- war: salt://jenkins-1.2.4.war - require: - service: application-service</p><p>22.27.117 salt.states.user</p><p>Management of user accounts</p><p>e user module is used to create and manage user seings, users can be set as either absent or present fred: user.present: - fullname: Fred Jones - shell: /bin/zsh - home: /home/fred - uid: 4000 - gid: 4000 - groups: - wheel - storage - games testuser: user.absent salt.states.user.absent(name, purge=False, force=False) Ensure that the named user is absent name e name of the user to remove purge Set purge to delete all of the user's ﬁles as well as the user force If the user is logged in the absent state will fail, set the force option to True to remove the user even if they are logged in. Not supported in FreeBSD and Solaris. salt.states.user.present(name, uid=None, gid=None, gid_from_name=False, groups=None, op- tional_groups=None, remove_groups=True, home=None, createhome=True, password=None, enforce_password=True, empty_password=False, shell=None, unique=True, system=False, fullname=None, roomnum- ber=None, workphone=None, homephone=None, date=None, min- days=None, maxdays=None, inactdays=None, warndays=None, ex- pire=None) Ensure that the named user is present with the speciﬁed properties name e name of the user to manage uid e user id to assign, if le empty then the next available user id will be assigned gid e default group id gid_from_name If True, the default group id will be set to the id of the group with the same name as the user. groups A list of groups to assign the user to, pass a list object. If a group speciﬁed here does not exist on the minion, the state will fail. If set to the empty list, the user will be removed from all groups except the default group. optional_groups A list of groups to assign the user to, pass a list object. If a group speciﬁed here does not exist on the minion, the state will silently ignore it.</p><p>1234 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>NOTE: If the same group is speciﬁed in both ``groups'' and ``optional_groups'', then it will be assumed to be required and not optional. remove_groups Remove groups that the user is a member of that weren't speciﬁed in the state, True by default home e custom login directory of user. Uses default value of underlying system if not set. Notice that this directory does not have to exists. is also the location of the home directory to create if createhome is set to True. createhome If True, the home directory will be created if it doesn't exist. Please note that directories leading up to the home directory will NOT be created. password A password hash to set for the user. is ﬁeld is only supported on Linux, FreeBSD, NetBSD, OpenBSD, and Solaris. Changed in version 0.16.0: BSD support added. enforce_password Set to False to keep the password from being changed if it has already been set and the password hash diﬀers from what is speciﬁed in the ``password'' ﬁeld. is option will be ignored if ``password'' is not speciﬁed. empty_password Set to True to enable no password-less login for user shell e login shell, defaults to the system default shell unique Require a unique UID, True by default system Choose UID in the range of FIRST_SYSTEM_UID and LAST_SYSTEM_UID. User comment ﬁeld (GECOS) support (currently Linux, FreeBSD, and MacOS only): e below values should be speciﬁed as strings to avoid ambiguities when the values are loaded. (Especially the phone and room number ﬁelds which are likely to contain numeric data) fullname e user's full name roomnumber e user's room number (not supported in MacOS) workphone e user's work phone number (not supported in MacOS) homephone e user's home phone number (not supported in MacOS) Changed in version 2014.7.0: Shadow aribute support added. Shadow aributes support (currently Linux only): e below values should be speciﬁed as integers. date Date of last change of password, represented in days since epoch (January 1, 1970). mindays e minimum number of days between password changes. maxdays e maximum number of days between password changes. inactdays e number of days aer a password expires before an account is locked. warndays Number of days prior to maxdays to warn users. expire Date that account expires, represented in days since epoch (January 1, 1970).</p><p>22.27. Full list of builtin state modules 1235 Salt Documentation, Release 2014.7.6</p><p>22.27.118 salt.states.virtualenv</p><p>Setup of Python virtualenv sandboxes salt.states.virtualenv_mod.managed(name, venv_bin=None, requirements=None, system_site_packages=False, distribute=False, use_wheel=False, clear=False, python=None, ex- tra_search_dir=None, never_download=None, prompt=None, user=None, runas=None, no_chown=False, cwd=None, index_url=None, extra_index_url=None, pre_releases=False, no_deps=False, pip_exists_action=None, proxy=None) Create a virtualenv and optionally manage it with pip name Path to the virtualenv requirements Path to a pip requirements ﬁle. If the path begins with salt:// the ﬁle will be transferred from the master ﬁle server. cwd Path to the working directory where ``pip install'' is executed. use_wheel [False] Prefer wheel archives (requires pip&gt;=1.4) no_deps: False Pass --no-deps to pip. pip_exists_action: None Default action of pip when a path already exists: (s)witch, (i)gnore, (w)ipe, (b)ackup proxy: None Proxy address which is passed to ``pip install'' Also accepts any kwargs that the virtualenv module will.</p><p>/var/www/myvirtualenv.com: virtualenv.managed: - system_site_packages: False - requirements: salt://REQUIREMENTS.txt</p><p>22.27.119 salt.states.win_dns_client</p><p>Module for conﬁguring DNS Client on Windows systems salt.states.win_dns_client.dns_dhcp(name, interface='Local Area Connection') Conﬁgure the DNS server list from DHCP Server salt.states.win_dns_client.dns_exists(name, servers=None, interface='Local Area Connec- tion') Conﬁgure the DNS server list in the speciﬁed interface Example:</p><p> config_dns_servers: win_dns_client.dns_exists: - servers: - 8.8.8.8 - 8.8.8.9 salt.states.win_dns_client.primary_suffix(name, suﬃx=None, updates=False) New in version 2014.7.0. Conﬁgure the global primary DNS suﬃx of a DHCP client.</p><p>1236 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> suﬃx [None] e suﬃx which is advertised for this client when acquiring a DHCP lease When none is set, the explicitly conﬁgured DNS suﬃx will be removed. updates [False] Allow syncing the DNS suﬃx with the AD domain when the client's AD domain membership changes</p><p> primary_dns_suffix: win_dns_client.primary_suffix: - suffix: sub.domain.tld - updates: True</p><p>22.27.120 salt.states.win_firewall</p><p>State for conﬁguring Windows Firewall salt.states.win_firewall.add_rule(name, localport, protocol='tcp', action='allow', dir='in') Add a new ﬁrewall rule (Windows only) salt.states.win_firewall.disabled(name) Disable all the ﬁrewall proﬁles (Windows only)</p><p>22.27.121 salt.states.win_network</p><p>Configuration of network interfaces on Windows hosts</p><p>New in version 2014.1.0. is module provides the network state(s) on Windows hosts. DNS servers, IP addresses and default gateways can currently be managed. Below is an example of the conﬁguration for an interface that uses DHCP for both DNS servers and IP addresses:</p><p>Local Area Connection #2: network.managed: - dns_proto: dhcp - ip_proto: dhcp</p><p>Note: Both the dns_proto and ip_proto arguments are required.</p><p>Static DNS and IP addresses can be conﬁgured like so:</p><p>Local Area Connection #2: network.managed: - dns_proto: static - dns_servers: - 8.8.8.8 - 8.8.4.4 - ip_proto: static - ip_addrs: - 10.2.3.4/24</p><p>Note: IP addresses are speciﬁed using the format <ip-address>/<subnet-length>. Salt provides a conve- nience function called ip.get_subnet_length to calculate the subnet length from a netmask.</subnet-length></ip-address></p><p>22.27. Full list of builtin state modules 1237 Salt Documentation, Release 2014.7.6</p><p>Optionally, if you are seing a static IP address, you can also specify the default gateway using the gateway parameter:</p><p>Local Area Connection #2: network.managed: - dns_proto: static - dns_servers: - 8.8.8.8 - 8.8.4.4 - ip_proto: static - ip_addrs: - 10.2.3.4/24 - gateway: 10.2.3.1 salt.states.win_network.managed(name, dns_proto=None, dns_servers=None, ip_proto=None, ip_addrs=None, gateway=None, enabled=True, **kwargs) Ensure that the named interface is conﬁgured properly. name e name of the interface to manage dns_proto [None] Set to static and use the dns_servers parameter to provide a list of DNS name- servers. set to dhcp to use DHCP to get the DNS servers. dns_servers [None] A list of static DNS servers. ip_proto [None] Set to static and use the ip_addrs and (optionally) gateway parameters to provide a list of static IP addresses and the default gateway. Set to dhcp to use DHCP. ip_addrs [None] A list of static IP addresses. gateway [None] A list of static IP addresses. enabled [True] Set to False to ensure that this interface is disabled.</p><p>22.27.122 salt.states.win_path</p><p>Manage the Windows System PATH salt.states.win_path.absent(name) Remove the directory from the SYSTEM path index: where the directory should be placed in the PATH (default: 0) Example:</p><p>'C:\sysinternals': win_path.absent salt.states.win_path.exists(name, index=None) Add the directory to the system PATH at index location index: where the directory should be placed in the PATH (default: None) [Note: Providing no index will append directory to PATH and will not enforce its location within the PATH.] Example:</p><p>'C:\python27': win_path.exists</p><p>'C:\sysinternals':</p><p>1238 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p> win_path.exists: index: 0</p><p>22.27.123 salt.states.win_servermanager</p><p>Manage Windows features via the ServerManager powershell module salt.states.win_servermanager.installed(name, recurse=False, force=False) Install the windows feature name: short name of the feature (the right column in win_servermanager.list_available) recurse: install all sub-features as well force: if the feature is installed but on of its sub-features are not installed set this to True to force the instal- lation of the sub-features Note: Some features requires reboot aer un/installation, if so until the server is restarted Other features can not be installed !</p><p>22.27.124 salt.states.win_system</p><p>Management of Windows system information</p><p>New in version 2014.1.0. is state is used to manage system information such as the computer name and description.</p><p>ERIK-WORKSTATION: system.computer_name: []</p><p>This is Erik's computer, don't touch!: system.computer_desc: [] salt.states.win_system.computer_desc(name) Manage the computer's description ﬁeld name e desired computer description salt.states.win_system.computer_name(name) Manage the computer's name name e desired computer name</p><p>22.27.125 salt.states.win_update</p><p>Management of the windows update agent</p><p>New in version 2014.7.0. Set windows updates to run by category. Default behavior is to install all updates that do not require user interaction to complete. Optionally set category to a category of your choosing to only install certain updates. default is all available updates. In the example below, will install all Security and Critical Updates, and download but not install standard updates.</p><p>22.27. Full list of builtin state modules 1239 Salt Documentation, Release 2014.7.6</p><p>Example: updates: win_update.installed: - categories: - 'Critical Updates' - 'Security Updates' win_update.downloaded: - categories: - 'Updates'</p><p>You can also specify a number of features about the update to have a ﬁne grain approach to speciﬁc types of updates. ese are the following features/states of updates available for conﬁguring: • UI - User interaction required, skipped by default • downloaded - Already downloaded, skipped by default (downloading) • present - Present on computer, included by default (installing) • installed - Already installed, skipped by default • reboot - Reboot required, included by default • hidden - skip those updates that have been hidden. • soware - Soware updates, included by default • driver - driver updates, skipped by default is example installs all driver updates that don't require a reboot: Example: gryffindor: win_update.installed: - includes: - driver: True - software: False - reboot: False class salt.states.win_update.PyWinUpdater(categories=None, skipUI=True, skipDown- loaded=True, skipInstalled=True, skipReboot=False, skipPresent=True, sowareUpdates=True, driverUp- dates=False, skipHidden=True)</p><p>AutoSearch() Download() GetAvailableCategories() GetCategories() GetDownloadResults() GetInstallationResults() Install() Search(searchString) SetCategories(categories) SetInclude(include, state)</p><p>1240 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>SetIncludes(includes) salt.states.win_update.downloaded(name, categories=None, includes=None, retries=10) Cache updates for later install. name If categories is le empty, it will be assumed that you are passing the category option through the name. ese are separate because you can only have one name, but can have multiple categories. categories e list of categories to be downloaded. ese are simply strings in the update's information, so there is no enumeration of the categories available. Known categories include: • Updates • Windows 7 • Critical Updates • Security Updates • Update Rollups includes A list of features of the updates to cull by. Available features include: • UI - User interaction required, skipped by default • downloaded - Already downloaded, skipped by default (downloading) • present - Present on computer, included by default (installing) • installed - Already installed, skipped by default • reboot - Reboot required, included by default • hidden - Kkip those updates that have been hidden. • soware - Soware updates, included by default • driver - Driver updates, skipped by default retries Number of retries to make before giving up. is is total, not per step. salt.states.win_update.installed(name, categories=None, includes=None, retries=10) Install speciﬁed windows updates. name If categories is le empty, it will be assumed that you are passing the category option through the name. ese are separate because you can only have one name, but can have multiple categories. categories e list of categories to be downloaded. ese are simply strings in the update's information, so there is no enumeration of the categories available. Known categories include: • Updates • Windows 7 • Critical Updates • Security Updates • Update Rollups includes A list of features of the updates to cull by. Available features include: • UI - User interaction required, skipped by default • downloaded - Already downloaded, skipped by default (downloading) • present - Present on computer, included by default (installing) • installed - Already installed, skipped by default</p><p>22.27. Full list of builtin state modules 1241 Salt Documentation, Release 2014.7.6</p><p>• reboot - Reboot required, included by default • hidden - Kkip those updates that have been hidden. • soware - Soware updates, included by default • driver - Driver updates, skipped by default retries Number of retries to make before giving up. is is total, not per step.</p><p>22.27.126 salt.states.winrepo</p><p>Manage Windows Package Repository salt.states.winrepo.genrepo(name, force=False, allow_empty=False) Refresh the winrepo.p ﬁle of the repository (salt-run winrepo.genrepo) if force is True no checks will be made and the repository will be generated if allow_empty is True then the state will not return an error if there are 0 packages Example:</p><p> winrepo: winrepo.genrepo</p><p>22.27.127 salt.states.xmpp</p><p>Sending Messages over XMPP</p><p>New in version 2014.1.0. is state is useful for ﬁring messages during state runs, using the XMPP protocol server-warning-message: xmpp.send_msg: - name: 'This is a server warning message' - profile: my-xmpp-account - recipient: admins@xmpp.example.com/salt salt.states.xmpp.send_msg(name, recipient, proﬁle) Send a message to an XMPP user</p><p> server-warning-message: xmpp.send_msg: - name: 'This is a server warning message' - profile: my-xmpp-account - recipient: admins@xmpp.example.com/salt</p><p> name e message to send to the XMPP user</p><p>22.27.128 salt.states.zcbuildout</p><p>Management of zc.buildout</p><p>is module is inspired from minitage's buildout maker (hps://github.com/minitage/minitage/blob/master/src/minitage/core/makers/buildout.py)</p><p>1242 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>New in version Boron.</p><p>Note: is state module is beta; the API is subject to change and no promise as to performance or functionality is yet present</p><p>Available Functions</p><p>• built</p><p> installed1 buildout.installed: - name: /path/to/buildout</p><p> installed2 buildout.installed: - name: /path/to/buildout - parts: - a - b - python: /path/to/pythonpath/bin/python - unless: /bin/test_something_installed - onlyif: /bin/test_else_installed salt.states.zcbuildout.installed(name, conﬁg='buildout.cfg', quiet=False, parts=None, runas=None, user=None, env=(), buildout_ver=None, test_release=False, distribute=None, new_st=None, of- ﬂine=False, newest=False, python='/usr/bin/python2.7', debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel='debug') Install buildout in a speciﬁc directory It is a thin wrapper to modules.buildout.buildout name directory to execute in quiet do not output console &amp; logs</p><p> conﬁg buildout conﬁg to use (default: buildout.cfg) parts speciﬁc buildout parts to run runas user used to run buildout as Deprecated since version 2014.1.4. user user used to run buildout as New in version 2014.1.4. env environment variables to set when running buildout_ver force a speciﬁc buildout version (1 | 2) test_release buildout accept test release new_st Forcing use of setuptools &gt;= 0.7 distribute use distribute over setuptools if possible oﬄine does buildout run oﬄine</p><p>22.27. Full list of builtin state modules 1243 Salt Documentation, Release 2014.7.6</p><p> python python to use debug run buildout with -D debug ﬂag onlyif Only execute cmd if statement on the host return 0 unless Do not execute cmd if statement on the host return 0 newest run buildout in newest mode verbose run buildout in verbose mode (-vvvvv) use_vt Use the new salt VT to stream output [experimental] loglevel loglevel for buildout commands</p><p>22.27.129 salt.states.zk_concurrency</p><p>Control concurrency of steps within state execution using zookeeper</p><p>is module allows you to ``wrap'' a state's execution with concurrency control. is is useful to protect against all hosts executing highstate simultaneously if your services don't all HUP restart. e common way of protecting against this is to run in batch mode, but that doesn't protect from another person running the same batch command (and thereby having 2x the number of nodes deploying at once). is module will bock while acquiring a slot, meaning that however the command gets called it will coordinate with zookeeper to ensure that no more than max_concurrency steps are executing with a single path. acquire_lock: zk_concurrency.lock: - zk_hosts: 'zookeeper:2181' - path: /trafficserver - max_concurrency: 4 - prereq: - service: trafficserver trafficserver: service.running: - watch: - file: /etc/trafficserver/records.config</p><p>/etc/trafficserver/records.config: file.managed: - source: salt://records.config release_lock: zk_concurrency.unlock: - path: /trafficserver - require: - service: trafficserver</p><p>is example would allow the ﬁle state to change, but would limit the concurrency of the traﬃcserver service restart to 4. salt.states.zk_concurrency.lock(zk_hosts, path, max_concurrency, timeout=None, ephemeral_lease=False) Block state execution until you are able to get the lock (or hit the timeout) salt.states.zk_concurrency.unlock(path) Remove lease from semaphore</p><p>1244 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>22.28 Execution Modules</p><p>Salt execution modules are the functions called by the salt command.</p><p>Note: Salt execution modules are diﬀerent from state modules and cannot be called directly within state ﬁles. You must use the module state module to call execution modules within state runs.</p><p>See also: Full list of builtin modules Salt ships with many modules that cover a wide variety of tasks.</p><p>22.28.1 Modules Are Easy to Write!</p><p>Writing Salt execution modules is straightforward. A Salt execution modules is a Python or Cython module placed in a directory called _modules/ within the file_roots as speciﬁed by the master conﬁg ﬁle. By default this is /srv/salt/_modules on Linux systems. Modules placed in _modules/ will be synced to the minions when any of the following Salt functions are called: • state.highstate • saltutil.sync_modules • saltutil.sync_all Note that a module's default name is its ﬁlename (i.e. foo.py becomes module foo), but that its name can be overridden by using a __virtual__ function. If a Salt module has errors and cannot be imported, the Salt minion will continue to load without issue and the module with errors will simply be omied. If adding a Cython module the ﬁle must be named <modulename>.pyx so that the loader knows that the module needs to be imported as a Cython module. e compilation of the Cython module is automatic and happens when the minion starts, so only the *.pyx ﬁle is required.</modulename></p><p>22.28.2 Cross-Calling Modules</p><p>All of the Salt execution modules are available to each other and modules can call functions available in other execution modules. e variable __salt__ is packed into the modules aer they are loaded into the Salt minion. e __salt__ variable is a Python dictionary containing all of the Salt functions. Dictionary keys are strings representing the names of the modules and the values are the functions themselves. Salt modules can be cross-called by accessing the value in the __salt__ dict:</p><p> def foo(bar): return __salt__['cmd.run'](bar)</p><p>is code will call the run function in the cmd and pass the argument bar to it.</p><p>22.28. Execution Modules 1245 Salt Documentation, Release 2014.7.6</p><p>22.28.3 Preloaded Execution Module Data</p><p>When interacting with execution modules oen it is nice to be able to read information dynamically about the minion or to load in conﬁguration parameters for a module. Salt allows for diﬀerent types of data to be loaded into the modules by the minion.</p><p>Grains Data</p><p>e values detected by the Salt Grains on the minion are available in a dict named __grains__ and can be accessed from within callable objects in the Python modules. To see the contents of the grains dictionary for a given system in your deployment run the grains.items() function:</p><p> salt 'hostname' grains.items --output=pprint</p><p>Any value in a grains dictionary can be accessed as any other Python dictionary. For example, the grain rep- resenting the minion ID is stored in the id key and from an execution module, the value would be stored in __grains__['id'].</p><p>Module Configuration</p><p>Since parameters for conﬁguring a module may be desired, Salt allows for conﬁguration information from the minion conﬁguration ﬁle to be passed to execution modules. Since the minion conﬁguration ﬁle is a YAML document, arbitrary conﬁguration data can be passed in the minion conﬁg that is read by the modules. It is therefore strongly recommended that the values passed in the conﬁguration ﬁle match the module name. A value intended for the test execution module should be named test.<value>. e test execution module contains usage of the module conﬁguration and the default conﬁguration ﬁle for the min- ion contains the information and format used to pass data to the modules. salt.modules.test, conf/minion.</value></p><p>22.28.4 Printout Configuration</p><p>Since execution module functions can return diﬀerent data, and the way the data is printed can greatly change the presentation, Salt has a printout conﬁguration. When writing a module the __outputter__ dictionary can be declared in the module. e __outputter__ dictionary contains a mapping of function name to Salt Outpuer.</p><p>__outputter__ = { 'run': 'txt' }</p><p>is will ensure that the text outpuer is used.</p><p>22.28.5 Virtual Modules</p><p>Sometimes an execution module should be presented in a generic way. A good example of this can be found in the package manager modules. e package manager changes from one operating system to another, but the Salt execution module that interfaces with the package manager can be presented in a generic way.</p><p>1246 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>e Salt modules for package managers all contain a __virtual__ function which is called to deﬁne what systems the module should be loaded on. e __virtual__ function is used to return either a string or False. If False is returned then the module is not loaded, if a string is returned then the module is loaded with the name of the string. is means that the package manager modules can be presented as the pkg module regardless of what the actual module is named. e package manager modules are the best example of using the __virtual__ function. Some examples: • pacman.py • yumpkg.py • aptpkg.py</p><p>Note: Modules which return a string from __virtual__ that is already used by a module that ships with Salt will _override_ the stock module.</p><p>22.28.6 Documentation</p><p>Salt execution modules are documented. e sys.doc() function will return the documentation for all available modules: salt '*' sys.doc</p><p>e sys.doc function simply prints out the docstrings found in the modules; when writing Salt execution modules, please follow the formaing conventions for docstrings as they appear in the other modules.</p><p>Adding Documentation to Salt Modules</p><p>It is strongly suggested that all Salt modules have documentation added. To add documentation add a Python docstring to the function. def spam(eggs): ''' A function to make some spam with eggs!</p><p>CLI Example::</p><p> salt '*' test.spam eggs ''' return eggs</p><p>Now when the sys.doc call is executed the docstring will be cleanly returned to the calling terminal. Documentation added to execution modules in docstrings will automatically be added to the online web-based doc- umentation.</p><p>Add Execution Module Metadata</p><p>When writing a Python docstring for an execution module, add information about the module using the following ﬁeld lists:</p><p>22.28. Execution Modules 1247 Salt Documentation, Release 2014.7.6</p><p>:maintainer: Thomas Hatch <thatch house="" seth=""> :maturity: new :depends: python-mysqldb :platform: all</thatch></p><p>e maintainer ﬁeld is a comma-delimited list of developers who help maintain this module. e maturity ﬁeld indicates the level of quality and testing for this module. Standard labels will be determined. e depends ﬁeld is a comma-delimited list of modules that this module depends on. e platform ﬁeld is a comma-delimited list of platforms that this module is known to run on.</p><p>22.28.7 Private Functions</p><p>In Salt, Python callable objects contained within an execution module are made available to the Salt minion for use. e only exception to this rule is a callable object with a name starting with an underscore _.</p><p>Objects Loaded Into the Salt Minion def foo(bar): return bar class baz: def __init__(self, quo): pass</p><p>Objects NOT Loaded into the Salt Minion def _foobar(baz): # Preceded with an _ return baz cheese = {} # Not a callable Python object</p><p>Note: Some callable names also end with an underscore _, to avoid keyword clashes with Python keywords. When using execution modules, or state modules, with these in them the trailing underscore should be omied.</p><p>22.28.8 Useful Decorators for Modules</p><p>Depends Decorator</p><p>When writing execution modules there are many times where some of the module will work on all hosts but some functions have an external dependency, such as a service that needs to be installed or a binary that needs to be present on the system. Instead of trying to wrap much of the code in large try/except blocks, a decorator can be used. If the dependencies passed to the decorator don't exist, then the salt minion will remove those functions from the module on that host.</p><p>1248 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>If a ``fallback_function'' is deﬁned, it will replace the function instead of removing it import logging from salt.utils.decorators import depends log = logging.getLogger(__name__) try: import dependency_that_sometimes_exists except ImportError as e: log.trace('Failed to import dependency_that_sometimes_exists: {0}'.format(e))</p><p>@depends('dependency_that_sometimes_exists') def foo(): ''' Function with a dependency on the "dependency_that_sometimes_exists" module, if the "dependency_that_sometimes_exists" is missing this function will not exist ''' return True def _fallback(): ''' Fallback function for the depends decorator to replace a function with ''' return '"dependency_that_sometimes_exists" needs to be installed for this function to exist'</p><p>@depends('dependency_that_sometimes_exists', fallback_function=_fallback) def foo(): ''' Function with a dependency on the "dependency_that_sometimes_exists" module. If the "dependency_that_sometimes_exists" is missing this function will be replaced with "_fallback" ''' return True</p><p>22.29 Master Tops</p><p>Salt includes a number of built-in subsystems to generate top ﬁle data, they are listed listed at Full list of builtin master tops modules. e source for the built-in Salt master tops can be found here: hps://github.com/saltstack/salt/blob/develop/salt/tops</p><p>22.30 Full list of builtin master tops modules</p><p> cobbler Cobbler Tops ext_nodes External Nodes Classiﬁer mongo Read tops data from a mongodb collection reclass_adapter Read tops data from a reclass database</p><p>22.30. Full list of builtin master tops modules 1249 Salt Documentation, Release 2014.7.6</p><p>22.30.1 salt.tops.cobbler</p><p>Cobbler Tops</p><p>Cobbler Tops is a master tops subsystem used to look up mapping information from Cobbler via its API. e same cobbler.* parameters are used for both the Cobbler tops and Cobbler pillar modules. master_tops: cobbler: {} cobbler.url: https://example.com/cobbler_api #default is http://localhost/cobbler_api cobbler.user: username # default is no username cobbler.password: password # default is no password</p><p>Module Documentation salt.tops.cobbler.top(**kwargs) Look up top data in Cobbler for a minion.</p><p>22.30.2 salt.tops.ext_nodes</p><p>External Nodes Classifier</p><p>e External Nodes Classiﬁer is a master tops subsystem that retrieves mapping information from major conﬁgura- tion management systems. One of the most common external nodes classiﬁers system is provided by Cobbler and is called cobbler-ext-nodes. e cobbler-ext-nodes command can be used with this conﬁguration: master_tops: ext_nodes: cobbler-ext-nodes</p><p>It is noteworthy that the Salt system does not directly ingest the data sent from the cobbler-ext-nodes com- mand, but converts the data into information that is used by a Salt top ﬁle. Any command can replace the call to `cobbler-ext-nodes' above, but currently the data must be formaed in the same way that the standard `cobbler-ext-nodes' does. See (admiedly degenerate and probably not complete) example: classes: - basepackages - database</p><p>e above essentially is the same as a top.sls containing the following: base: '*': - basepackages - database salt.tops.ext_nodes.top(**kwargs) Run the command conﬁgured</p><p>1250 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>22.30.3 salt.tops.mongo</p><p>Read tops data from a mongodb collection is module will load tops data from a mongo collection. It uses the node's id for lookups.</p><p>Salt Master Mongo Configuration</p><p>e module shares the same base mongo connection variables as salt.returners.mongo_return. ese variables go in your master conﬁg ﬁle. • mongo.db - e mongo database to connect to. Defaults to 'salt'. • mongo.host - e mongo host to connect to. Supports replica sets by specifying all hosts in the set, comma- delimited. Defaults to 'salt'. • mongo.port - e port that the mongo database is running on. Defaults to 27017. • mongo.user - e username for connecting to mongo. Only required if you are using mongo authentication. Defaults to ''. • mongo.password - e password for connecting to mongo. Only required if you are using mongo authen- tication. Defaults to ''.</p><p>Configuring the Mongo Tops Subsystem master_tops: mongo: collection: tops id_field: _id re_replace: "" re_pattern: \.example\.com states_field: states environment_field: environment</p><p>Module Documentation salt.tops.mongo.top(**kwargs) Connect to a mongo database and read per-node tops data. Parameters: • collection: e mongodb collection to read data from. Defaults to 'tops'. • id_ﬁeld: e ﬁeld in the collection that represents an individual minion id. Defaults to '_id'. • re_paern: If your naming convention in the collection is shorter than the minion id, you can use this to trim the name. re_paern will be used to match the name, and re_replace will be used to replace it. Backrefs are supported as they are in the Python standard library. If None, no mangling of the name will be performed - the collection will be searched with the entire minion id. Defaults to None. • re_replace: Use as the replacement value in node ids matched with re_paern. Defaults to `'. Feel free to use backreferences here. • states_ﬁeld: e name of the ﬁeld providing a list of states. • environment_ﬁeld: e name of the ﬁeld providing the environment. Defaults to environment.</p><p>22.30. Full list of builtin master tops modules 1251 Salt Documentation, Release 2014.7.6</p><p>22.30.4 salt.tops.reclass_adapter</p><p>Read tops data from a reclass database is master_tops plugin provides access to the reclass database, such that state information (top data) are retrieved from reclass. You can ﬁnd more information about reclass at hp://reclass.pantsfullofunix.net. To use the plugin, add it to the master_tops list in the Salt master conﬁg and tell reclass by way of a few options how and where to ﬁnd the inventory:</p><p> master_tops: reclass: storage_type: yaml_fs inventory_base_uri: /srv/salt</p><p>is would cause reclass to read the inventory from YAML ﬁles in /srv/salt/nodes and /srv/salt/classes. If you are also using reclass as ext_pillar plugin, and you want to avoid having to specify the same information for both, use YAML anchors (take note of the diﬀering data types for ext_pillar and master_tops):</p><p> reclass: &amp;reclass storage_type: yaml_fs inventory_base_uri: /srv/salt reclass_source_path: ~/code/reclass</p><p> ext_pillar: - reclass: *reclass</p><p> master_tops: reclass: *reclass</p><p>If you want to run reclass from source, rather than installing it, you can either let the master know via the PYTHON- PATH environment variable, or by seing the conﬁguration option, like in the example above. salt.tops.reclass_adapter.top(**kwargs) ery reclass for the top data (states of the minions).</p><p>22.31 Full list of builtin wheel modules</p><p> config Manage the master conﬁguration ﬁle error Error generator to enable integration testing of salt wheel error handling file_roots Read in ﬁles from the ﬁle_root and save ﬁles to the ﬁle root key Wheel system wrapper for key system pillar_roots e pillar_roots wheel module is used to manage ﬁles under the pillar roots directories on the master server.</p><p>22.31.1 salt.wheel.config</p><p>Manage the master conﬁguration ﬁle salt.wheel.config.apply(key, value) Set a single key</p><p>1252 Chapter 22. Reference Salt Documentation, Release 2014.7.6</p><p>Note: is will strip comments from your conﬁg ﬁle salt.wheel.config.values() Return the raw values of the conﬁg ﬁle</p><p>22.31.2 salt.wheel.error</p><p>Error generator to enable integration testing of salt wheel error handling salt.wheel.error.error(name=None, message='`) If name is None en return empty dict Otherwise raise an exception with __name__ from name, message from message CLI Example:</p><p> salt-wheel error salt-wheel error.error name="Exception" message="This is an error."</p><p>22.31.3 salt.wheel.file_roots</p><p>Read in ﬁles from the ﬁle_root and save ﬁles to the ﬁle root salt.wheel.file_roots.find(path, saltenv='base', env=None) Return a dict of the ﬁles located with the given path and environment salt.wheel.file_roots.list_env(saltenv='base', env=None) Return all of the ﬁle paths found in an environment salt.wheel.file_roots.list_roots() Return all of the ﬁles names in all available environments salt.wheel.file_roots.read(path, saltenv='base', env=None) Read the contents of a text ﬁle, if the ﬁle is binary then salt.wheel.file_roots.write(data, path, saltenv='base', index=0, env=None) Write the named ﬁle, by default the ﬁrst ﬁle found is wrien, but the index of the ﬁle can be speciﬁed to write to a lower priority ﬁle root</p><p>22.31.4 salt.wheel.key</p><p>Wheel system wrapper for key system salt.wheel.key.accept(match) Accept keys based on a glob match salt.wheel.key.delete(match) Delete keys based on a glob match salt.wheel.key.finger(match) Return the matching key ﬁngerprints salt.wheel.key.gen(id_=None, keysize=2048) Generate a key pair. No keys are stored on the master, a keypair is returned as a dict containing pub and priv keys</p><p>22.31. Full list of builtin wheel modules 1253 Salt Documentation, Release 2014.7.6 salt.wheel.key.gen_accept(id_, keysize=2048, force=False) Generate a key pair then accept the public key. is function returns the key pair in a dict, only the public key is preserved on the master. salt.wheel.key.key_str(match) Return the key strings salt.wheel.key.list_(match) List all the keys under a named status salt.wheel.key.list_all() List all the keys salt.wheel.key.reject(match) Delete keys based on a glob match</p><p>22.31.5 salt.wheel.pillar_roots</p><p>e pillar_roots wheel module is used to manage ﬁles under the pillar roots directories on the master server. salt.wheel.pillar_roots.find(path, saltenv='base', env=None) Return a dict of the ﬁles located with the given path and environment salt.wheel.pillar_roots.list_env(saltenv='base', env=None) Return all of the ﬁle paths found in an environment salt.wheel.pillar_roots.list_roots() Return all of the ﬁles names in all available environments salt.wheel.pillar_roots.read(path, saltenv='base', env=None) Read the contents of a text ﬁle, if the ﬁle is binary then salt.wheel.pillar_roots.write(data, path, saltenv='base', index=0, env=None) Write the named ﬁle, by default the ﬁrst ﬁle found is wrien, but the index of the ﬁle can be speciﬁed to write to a lower priority ﬁle root</p><p>1254 Chapter 22. Reference CHAPTER 23</p><p>Salt Best Practices</p><p>Salt's extreme ﬂexibility leads to many questions concerning the structure of conﬁguration ﬁles. is document exists to clarify these points through examples and code.</p><p>23.1 General rules</p><p>1. Modularity and clarity should be emphasized whenever possible. 2. Create clear relations between pillars and states. 3. Use variables when it makes sense but don't overuse them. 4. Store sensitive data in pillar. 5. Don't use grains for matching in your pillar top ﬁle for any sensitive pillars.</p><p>23.2 Structuring States and Formulas</p><p>When structuring Salt States and Formulas it is important to begin with the directory structure. A proper directory structure clearly deﬁnes the functionality of each state to the user via visual inspection of the state's name. Reviewing the MySQL Salt Formula it is clear to see the beneﬁts to the end-user when reviewing a sample of the available states:</p><p>/srv/salt/mysql/files/ /srv/salt/mysql/client.sls /srv/salt/mysql/map.jinja /srv/salt/mysql/python.sls /srv/salt/mysql/server.sls</p><p>is directory structure would lead to these states being referenced in a top ﬁle in the following way: base: 'web*': - mysql.client - mysql.python 'db*': - mysql.server</p><p>1255 Salt Documentation, Release 2014.7.6</p><p>is clear deﬁnition ensures that the user is properly informed of what each state will do. Another example comes from the vim-formula:</p><p>/srv/salt/vim/files/ /srv/salt/vim/absent.sls /srv/salt/vim/init.sls /srv/salt/vim/map.jinja /srv/salt/vim/nerdtree.sls /srv/salt/vim/pyflakes.sls /srv/salt/vim/salt.sls</p><p>Once again viewing how this would look in a top ﬁle: /srv/salt/top.sls: base: 'web*': - vim - vim.nerdtree - vim.pyflakes - vim.salt 'db*': - vim.absent</p><p>e usage of a clear top-level directory as well as properly named states reduces the overall complexity and leads a user to both understand what will be included at a glance and where it is located. In addition Formulas should be used as oen as possible.</p><p>Note: Formulas repositories on the saltstack-formulas GitHub organization should not be pointed to directly from systems that automatically fetch new updates such as GitFS or similar tooling. Instead formulas repositories should be forked on GitHub or cloned locally, where unintended, automatic changes will not take place.</p><p>23.3 Structuring Pillar Files</p><p>Pillars are used to store secure and insecure data pertaining to minions. When designing the structure of the /srv/pillar directory, the pillars contained within should once again be focused on clear and concise data which users can easily review, modify and understand. e /srv/pillar/ directory is primarily controlled by top.sls. It should be noted that the pillar top.sls is not used as a location to declare variables and their values. e top.sls is used as a way to include other pillar ﬁles and organize the way they are matched based on environments or grains. An example top.sls may be as simple as the following: /srv/pillar/top.sls: base: '*': - packages</p><p>Or much more complicated, using a variety of matchers: /srv/pillar/top.sls:</p><p>1256 Chapter 23. Salt Best Practices Salt Documentation, Release 2014.7.6</p><p> base: '*': - apache dev: 'os:Debian': - match: grain - vim test: '* and not G@os: Debian': - match: compound - emacs</p><p>It is clear to see through these examples how the top ﬁle provides users with power but when used incorrectly it can lead to confusing conﬁgurations. is is why it is important to understand that the top ﬁle for pillar is not used for variable deﬁnitions. Each SLS ﬁle within the /srv/pillar/ directory should correspond to the states which it matches. is would mean that the apache pillar ﬁle should contain data relevant to Apache. Structuring ﬁles in this way once again ensures modularity, and creates a consistent understanding throughout our Salt environment. Users can expect that pillar variables found in an Apache state will live inside of an Apache pillar: /srv/salt/pillar/apache.sls: apache: lookup: name: httpd config: tmpl: /etc/httpd/httpd.conf</p><p>While this pillar ﬁle is simple, it shows how a pillar ﬁle explicitly relates to the state it is associated with.</p><p>23.4 Variable Flexibility</p><p>Salt allows users to deﬁne variables in SLS ﬁles. When creating a state variables should provide users with as much ﬂexibility as possible. is means that variables should be clearly deﬁned and easy to manipulate, and that sane defaults should exist in the event a variable is not properly deﬁned. Looking at several examples shows how these diﬀerent items can lead to extensive ﬂexibility. Although it is possible to set variables locally, this is generally not preferred: /srv/salt/apache/conf.sls:</p><p>{% set name = 'httpd' %} {% set tmpl = 'salt://apache/files/httpd.conf' %} include: - apache apache_conf: file.managed: - name: {{ name }} - source: {{ tmpl }} - template: jinja - user: root</p><p>23.4. Variable Flexibility 1257 Salt Documentation, Release 2014.7.6</p><p>- watch_in: - service: apache</p><p>When generating this information it can be easily transitioned to the pillar where data can be overwrien, modiﬁed, and applied to multiple states, or locations within a single state: /srv/pillar/apache.sls: apache: lookup: name: httpd config: tmpl: salt://apache/files/httpd.conf</p><p>/srv/salt/apache/conf.sls: include: - apache apache_conf: file.managed: - name: {{ salt['pillar.get']('apache:lookup:name') }} - source: {{ salt['pillar.get']('apache:lookup:config:tmpl') }} - template: jinja - user: root - watch_in: - service: apache</p><p>is ﬂexibility provides users with a centralized location to modify variables, which is extremely important as an environment grows.</p><p>23.5 Modularity Within States</p><p>Ensuring that states are modular is one of the key concepts to understand within Salt. When creating a state a user must consider how many times the state could be re-used, and what it relies on to operate. Below are several examples which will iteratively explain how a user can go from a state which is not very modular to one that is: /srv/salt/apache/init.sls: httpd: pkg.installed: [] service.running: - enable: True</p><p>/etc/httpd/httpd.conf: file.managed: - source: salt://apache/files/httpd.conf - template: jinja - watch_in: - service: httpd</p><p>e example above is probably the worst-case scenario when writing a state. ere is a clear lack of focus by naming both the pkg/service, and managed ﬁle directly as the state ID. is would lead to changing multiple requires within this state, as well as others that may depend upon the state.</p><p>1258 Chapter 23. Salt Best Practices Salt Documentation, Release 2014.7.6</p><p>Imagine if a require was used for the httpd package in another state, and then suddenly it's a custom package. Now changes need to be made in multiple locations which increases the complexity and leads to a more error prone conﬁguration. ere is also the issue of having the conﬁguration ﬁle located in the init, as a user would be unable to simply install the service and use the default conf ﬁle. Our second revision begins to address the referencing by using - name, as opposed to direct ID references: /srv/salt/apache/init.sls: apache: pkg.installed: - name: httpd service.running: - name: httpd - enable: True apache_conf: file.managed: - name: /etc/httpd/httpd.conf - source: salt://apache/files/httpd.conf - template: jinja - watch_in: - service: apache</p><p>e above init ﬁle is beer than our original, yet it has several issues which lead to a lack of modularity. e ﬁrst of these problems is the usage of static values for items such as the name of the service, the name of the managed ﬁle, and the source of the managed ﬁle. When these items are hard coded they become diﬃcult to modify and the opportunity to make mistakes arises. It also leads to multiple edits that need to occur when changing these items (imagine if there were dozens of these occurrences throughout the state!). ere is also still the concern of the conﬁguration ﬁle data living in the same state as the service and package. In the next example steps will be taken to begin addressing these issues. Starting with the addition of a map.jinja ﬁle (as noted in the Formula documentation), and modiﬁcation of static values: /srv/salt/apache/map.jinja:</p><p>{% set apache = salt['grains.filter_by']({ 'Debian': { 'server': 'apache2', 'service': 'apache2', 'conf': '/etc/apache2/apache.conf', }, 'RedHat': { 'server': 'httpd', 'service': 'httpd', 'conf': '/etc/httpd/httpd.conf', }, }, merge=salt['pillar.get']('apache:lookup')) %}</p><p>/srv/pillar/apache.sls: apache: lookup: config: tmpl: salt://apache/files/httpd.conf</p><p>23.5. Modularity Within States 1259 Salt Documentation, Release 2014.7.6</p><p>/srv/salt/apache/init.sls:</p><p>{% from "apache/map.jinja" import apache with context %} apache: pkg.installed: - name: {{ apache.server }} service.running: - name: {{ apache.service }} - enable: True apache_conf: file.managed: - name: {{ apache.conf }} - source: {{ salt['pillar.get']('apache:lookup:config:tmpl') }} - template: jinja - user: root - watch_in: - service: apache</p><p>e changes to this state now allow us to easily identify the location of the variables, as well as ensuring they are ﬂexible and easy to modify. While this takes another step in the right direction, it is not yet complete. Suppose the user did not want to use the provided conf ﬁle, or even their own conﬁguration ﬁle, but the default apache conf. With the current state setup this is not possible. To aain this level of modularity this state will need to be broken into two states. /srv/salt/apache/map.jinja:</p><p>{% set apache = salt['grains.filter_by']({ 'Debian': { 'server': 'apache2', 'service': 'apache2', 'conf': '/etc/apache2/apache.conf', }, 'RedHat': { 'server': 'httpd', 'service': 'httpd', 'conf': '/etc/httpd/httpd.conf', }, }, merge=salt['pillar.get']('apache:lookup')) %}</p><p>/srv/pillar/apache.sls: apache: lookup: config: tmpl: salt://apache/files/httpd.conf</p><p>/srv/salt/apache/init.sls:</p><p>{% from "apache/map.jinja" import apache with context %} apache: pkg.installed: - name: {{ apache.server }} service.running:</p><p>1260 Chapter 23. Salt Best Practices Salt Documentation, Release 2014.7.6</p><p>- name: {{ apache.service }} - enable: True</p><p>/srv/salt/apache/conf.sls:</p><p>{% from "apache/map.jinja" import apache with context %} include: - apache apache_conf: file.managed: - name: {{ apache.conf }} - source: {{ salt['pillar.get']('apache:lookup:config:tmpl') }} - template: jinja - user: root - watch_in: - service: apache</p><p>is new structure now allows users to choose whether they only wish to install the default Apache, or if they wish, overwrite the default package, service, conﬁguration ﬁle location, or the conﬁguration ﬁle itself. In addition to this the data has been broken between multiple ﬁles allowing for users to identify where they need to change the associated data.</p><p>23.6 Storing Secure Data</p><p>Secure data refers to any information that you would not wish to share with anyone accessing a server. is could include data such as passwords, keys, or other information. As all data within a state is accessible by EVERY server that is connected it is important to store secure data within pillar. is will ensure that only those servers which require this secure data have access to it. In this example a use can go from an insecure conﬁguration to one which is only accessible by the appropriate hosts: /srv/salt/mysql/testerdb.sls: testdb: mysql_database.present:: - name: testerdb</p><p>/srv/salt/mysql/user.sls: include: - mysql.testerdb testdb_user: mysql_user.present: - name: frank - password: "test3rdb" - host: localhost - require: - sls: mysql.testerdb</p><p>Many users would review this state and see that the password is there in plain text, which is quite problematic. It results in several issues which may not be immediately visible.</p><p>23.6. Storing Secure Data 1261 Salt Documentation, Release 2014.7.6</p><p>e ﬁrst of these issues is clear to most users -- the password being visible in this state. is means that any minion will have a copy of this, and therefore the password which is a major security concern as minions may not be locked down as tightly as the master server. e other issue that can be encountered is access by users on the master. If everyone has access to the states (or their repository), then they are able to review this password. Keeping your password data accessible by only a few users is critical for both security and peace of mind. ere is also the issue of portability. When a state is conﬁgured this way it results in multiple changes needing to be made. is was discussed in the sections above but it is a critical idea to drive home. If states are not portable it may result in more work later! Fixing this issue is relatively simple, the content just needs to be moved to the associated pillar: /srv/pillar/mysql.sls: mysql: lookup: name: testerdb password: test3rdb user: frank host: localhost</p><p>/srv/salt/mysql/testerdb.sls: testdb: mysql_database.present: - name: {{ salt['pillar.get']('mysql:lookup:name') }}</p><p>/srv/salt/mysql/user.sls: include: - mysql.testerdb testdb_user: mysql_user.present: - name: {{ salt['pillar.get']('mysql:lookup:user') }} - password: {{ salt['pillar.get']('mysql:lookup:password') }} - host: {{ salt['pillar.get']('mysql:lookup:host') }} - require: - sls: mysql.testerdb</p><p>Now that the database details have been moved to the associated pillar ﬁle, only machines which are targeted via pillar will have access to these details. Access to users who should not be able to review these details can also be prevented while ensuring that they are still able to write states which take advantage of this information.</p><p>1262 Chapter 23. Salt Best Practices CHAPTER 24</p><p>Troubleshooting</p><p>e intent of the troubleshooting section is to introduce solutions to a number of common issues encountered by users and the tools that are available to aid in developing States and Salt code.</p><p>24.1 Troubleshooting the Salt Master</p><p>If your Salt master is having issues such as minions not returning data, slow execution times, or a variety of other issues the Salt master troubleshooting page contains details on troubleshooting the most common issues encountered.</p><p>24.2 Troubleshooting the Salt Minion</p><p>In the event that your Salt minion is having issues a variety of solutions and suggestions are available at the Salt minion troubleshooting page.</p><p>24.3 Running in the Foreground</p><p>A great deal of information is available via the debug logging system, if you are having issues with minions connect- ing or not starting run the minion and/or master in the foreground:</p><p> salt-master -l debug salt-minion -l debug</p><p>Anyone wanting to run Salt daemons via a process supervisor such as monit, runit, or supervisord, should omit the -d argument to the daemons and run them in the foreground.</p><p>24.4 What Ports do the Master and Minion Need Open?</p><p>No ports need to be opened up on each minion. For the master, TCP ports 4505 and 4506 need to be open. If you've put both your Salt master and minion in debug mode and don't see an acknowledgment that your minion has connected, it could very well be a ﬁrewall. You can check port connectivity from the minion with the nc command:</p><p>1263 Salt Documentation, Release 2014.7.6</p><p> nc -v -z salt.master.ip 4505 nc -v -z salt.master.ip 4506</p><p>ere is also a ﬁrewall conﬁguration document that might help as well. If you've enabled the right TCP ports on your operating system or Linux distribution's ﬁrewall and still aren't seeing connections, check that no additional access control system such as SELinux or AppArmor is blocking Salt.</p><p>24.5 Using salt-call</p><p>e salt-call command was originally developed for aiding in the development of new Salt modules. Since then, many applications have been developed for running any Salt module locally on a minion. ese range from the original intent of salt-call, development assistance, to gathering more verbose output from calls like state.highstate. When creating your state tree, it is generally recommended to invoke state.highstate with salt-call. is displays far more information about the highstate execution than calling it remotely. For even more verbosity, increase the loglevel with the same argument as salt-minion:</p><p> salt-call -l debug state.highstate</p><p>e main diﬀerence between using salt and using salt-call is that salt-call is run from the minion, and it only runs the selected function on that minion. By contrast, salt is run from the master, and requires you to specify the minions on which to run the command using salt's targeting system.</p><p>24.6 Too many open files</p><p>e salt-master needs at least 2 sockets per host that connects to it, one for the Publisher and one for response port. us, large installations may, upon scaling up the number of minions accessing a given master, encounter:</p><p>12:45:29,289 [salt.master ][INFO ] Starting Salt worker process 38 Too many open files sock != -1 (tcp_listener.cpp:335)</p><p>e solution to this would be to check the number of ﬁles allowed to be opened by the user running salt-master (root by default):</p><p>[root@salt-master ~]# ulimit -n 1024</p><p>And modify that value to be at least equal to the number of minions x 2. is seing can be changed in limits.conf as the noﬁle value(s), and activated upon new a login of the speciﬁed user. So, an environment with 1800 minions, would need 1800 x 2 = 3600 as a minimum.</p><p>24.7 Salt Master Stops Responding</p><p>ere are known bugs with ZeroMQ versions less than 2.1.11 which can cause the Salt master to not respond properly. If you're running a ZeroMQ version greater than or equal to 2.1.9, you can work around the bug by</p><p>1264 Chapter 24. Troubleshooting Salt Documentation, Release 2014.7.6</p><p> seing the sysctls net.core.rmem_max and net.core.wmem_max to 16777216. Next, set the third ﬁeld in net.ipv4.tcp_rmem and net.ipv4.tcp_wmem to at least 16777216. You can do it manually with something like:</p><p># echo 16777216 &gt; /proc/sys/net/core/rmem_max # echo 16777216 &gt; /proc/sys/net/core/wmem_max # echo "4096 87380 16777216" &gt; /proc/sys/net/ipv4/tcp_rmem # echo "4096 87380 16777216" &gt; /proc/sys/net/ipv4/tcp_wmem</p><p>Or with the following Salt state:</p><p>1 net.core.rmem_max: 2 sysctl: 3 - present 4 - value: 16777216 5 6 net.core.wmem_max: 7 sysctl: 8 - present 9 - value: 16777216 10 11 net.ipv4.tcp_rmem: 12 sysctl: 13 - present 14 - value: 4096 87380 16777216 15 16 net.ipv4.tcp_wmem: 17 sysctl: 18 - present 19 - value: 4096 87380 16777216</p><p>24.8 Salt and SELinux</p><p>Currently there are no SELinux policies for Salt. For the most part Salt runs without issue when SELinux is running in Enforcing mode. is is because when the minion executes as a daemon the type context is changed to initrc_t. e problem with SELinux arises when using salt-call or running the minion in the foreground, since the type context stays unconfined_t. is problem is generally manifest in the rpm install scripts when using the pkg module. Until a full SELinux Policy is available for Salt the solution to this issue is to set the execution context of salt-call and salt-minion to rpm_exec_t:</p><p># CentOS 5 and RHEL 5: chcon -t system_u:system_r:rpm_exec_t:s0 /usr/bin/salt-minion chcon -t system_u:system_r:rpm_exec_t:s0 /usr/bin/salt-call</p><p># CentOS 6 and RHEL 6: chcon system_u:object_r:rpm_exec_t:s0 /usr/bin/salt-minion chcon system_u:object_r:rpm_exec_t:s0 /usr/bin/salt-call</p><p>is works well, because the rpm_exec_t context has very broad control over other types.</p><p>24.8. Salt and SELinux 1265 Salt Documentation, Release 2014.7.6</p><p>24.9 Red Hat Enterprise Linux 5</p><p>Salt requires Python 2.6 or 2.7. Red Hat Enterprise Linux 5 and its variants come with Python 2.4 installed by default. When installing on RHEL 5 from the EPEL repository this is handled for you. But, if you run Salt from git, be advised that its dependencies need to be installed from EPEL and that Salt needs to be run with the python26 executable.</p><p>24.10 Common YAML Gotchas</p><p>An extensive list of YAML idiosyncrasies has been compiled.</p><p>24.11 Live Python Debug Output</p><p>If the minion or master seems to be unresponsive, a SIGUSR1 can be passed to the processes to display where in the code they are running. If encountering a situation like this, this debug information can be invaluable. First make sure the master of minion are running in the foreground: salt-master -l debug salt-minion -l debug</p><p>en pass the signal to the master or minion when it seems to be unresponsive: killall -SIGUSR1 salt-master killall -SIGUSR1 salt-minion</p><p>Also under BSD and Mac OS X in addition to SIGUSR1 signal, debug subroutine set up for SIGINFO which has an advantage of being sent by Ctrl+T shortcut. When ﬁling an issue or sending questions to the mailing list for a problem with an unresponsive daemon this infor- mation can be invaluable.</p><p>24.12 Salt 0.16.x minions cannot communicate with a 0.17.x master</p><p>As of release 0.17.1 you can no longer run diﬀerent versions of Salt on your Master and Minion servers. is is due to a protocol change for security purposes. e Salt team will continue to aempt to ensure versions are as backwards compatible as possible.</p><p>24.13 Debugging the Master and Minion</p><p>A list of common master and minion troubleshooting steps provide a starting point for resolving issues you may encounter.</p><p>1266 Chapter 24. Troubleshooting CHAPTER 25</p><p>Developing Salt</p><p>25.1 Overview</p><p>In its most typical use, Salt is a soware application in which clients, called ``minions'' can be commanded and controlled from a central command server called a ``master''. Commands are normally issued to the minions (via the master) by calling a a client script simply called, `salt'. Salt features a pluggable transport system to issue commands from a master to minions. e default transport is ZeroMQ.</p><p>25.2 Salt Client</p><p>25.2.1 Overview</p><p>e salt client is run on the same machine as the Salt Master and communicates with the salt-master to issue com- mands and to receive the results and display them to the user. e primary abstraction for the salt client is called `LocalClient'. When LocalClient wants to publish a command to minions, it connects to the master by issuing a request to the master's ReqServer (TCP: 4506) e LocalClient system listens to responses for its requests by listening to the master event bus publisher (mas- ter_event_pub.ipc).</p><p>25.3 Salt Master</p><p>25.3.1 Overview</p><p>e salt-master deamon runs on the designated Salt master and performs functions such as authenticating minions, sending and receiving requests from connected minions and sending and receiving requests and replies to the `salt' CLI.</p><p>1267 Salt Documentation, Release 2014.7.6</p><p>25.3.2 Moving Pieces</p><p>When a Salt master starts up, a number of processes are started, all of which are called `salt-master' in a process-list but have various role categories. Among those categories are: • Publisher • EventPublisher • MWorker</p><p>25.3.3 Publisher</p><p>e Publisher process is responsible for sending commands over the designated transport to connected minions. e Publisher is bound to the following: • TCP: port 4505 • IPC: publish_pull.ipc Each salt minion establishes a connection to the master Publisher.</p><p>25.3.4 EventPublisher</p><p>e EventPublisher publishes events onto the event bus. It is bound to the following: • IPC: master_event_pull.ipc • IPC: master_event_pub.ipc</p><p>25.3.5 MWorker</p><p>Worker processes manage the back-end operations for the Salt Master. e number of workers is equivilient to the number of `worker_threads' speciﬁed in the master conﬁguration and is always at least one. Workers are bound to the following: • IPC: workers.ipc</p><p>25.3.6 ReqServer</p><p>e Salt request server takes requests and distributes them to available MWorker processes for processing. It also receives replies back from minions. e ReqServer is bound to the following: • TCP: 4506 • IPC: workers.ipc Each salt minion establishes a connection to the master ReqServer.</p><p>1268 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>25.3.7 Job Flow</p><p>e Salt master works by always publishing commands to all connected minions and the minions decide if the command is meant for them by checking themselves against the command target. e typical lifecycle of a salt job from the perspective of the master might be as follows: 1. A command is issued on the CLI. For example, `salt my_minion test.ping'. 2) e `salt' command uses LocalClient to generate a request to the salt master by connecting to the ReqServer on TCP:4506 and issuing the job. 3) e salt-master ReqServer sees the request and passes it to an available MWorker over workers.ipc. 4) A worker picks up the request and handles it. First, it checks to ensure that the requested user has permissions to issue the command. en, it sends the publish command to all connected minions. For the curious, this happens in ClearFuncs.publish(). 5) e worker announces on the master event bus that it is about to publish a job to conneceted minions. is happens by placing the event on the master event bus (master_event_pull.ipc) where the EventPublisher picks it up and distributes it to all connected event listeners on master_event_pub.ipc. 6) e message to the minions is encrypted and sent to the Publisher via IPC on publish_pull.ipc. 7) Connected minions have a TCP session established with the Publisher on TCP port 4505 where they await com- mands. When the Publisher receives the job over publish_pull, it sends the jobs across the wire to the minions for processing. 8) Aer the minions receive the request, they decrypt it and perform any requested work, if they determine that they are targeted to do so. 9) When the minion is ready to respond, it publishes the result of its job back to the master by sending the encrypted result back to the master on TCP 4506 where it is again picked up by the ReqServer and forwarded to an available MWorker for processing. (Again, this happens by passing this message across workers.ipc to an available worker.) 10) When the MWorker receives the job it decrypts it and ﬁres an event onto the master event bus (mas- ter_event_pull.ipc). (Again for the curious, this happens in AESFuncs._return(). 11) e EventPublisher sees this event and re-publishes it on the bus to all connected listeners of the master event bus (on master_event_pub.ipc). is is where the LocalClient has been waiting, listening to the event bus for minion replies. It gathers the job and stores the result. 12) When all targeted minions have replied or the timeout has been exceeded, the salt client displays the results of the job to the user on the CLI.</p><p>25.4 Salt Minion</p><p>25.4.1 Overview</p><p>e salt-minion is a single process that sits on machines to be managed by Salt. It can either operate as a stand-alone daemon which accepts commands locally via `salt-call' or it can connect back to a master and receive commands remotely. When starting up, salt minions connect _back_ to a master deﬁned in the minion conﬁg ﬁle. e connect to two ports on the master: • TCP: 4505 is is the connection to the master Publisher. It is on this port that the minion receives jobs from the master.</p><p>25.4. Salt Minion 1269 Salt Documentation, Release 2014.7.6</p><p>• TCP: 4506 is is the connection to the master ReqServer. It is on this port that the minion sends job results back to the master.</p><p>25.4.2 Event System</p><p>Similar to the master, a salt-minion has its own event system that operates over IPC by default. e min- ion event system operates on a push/pull system with IPC ﬁles at minion_event_<unique_id>_pub.ipc and min- ion_event_<unique_id>_pull.ipc. e astute reader might ask why have an event bus at all with a single-process daemon. e answer is that the salt- minion may fork other processes as required to do the work without blocking the main salt-minion process and this necessitates a mechanism by which those processes can communicate with each other. Secondarily, this provides a bus by which any user with suﬃcient permissions can read or write to the bus as a common interface with the salt minion.</unique_id></unique_id></p><p>25.4.3 Job Flow</p><p>When a salt minion starts up, it aempts to connect to the Publisher and the ReqServer on the salt master. It then aempts to authenticate and once the minion has successfully authenticated, it simply listens for jobs. Jobs normally come either come from the `salt-call' script run by a local user on the salt minion or they can come directly from a master.</p><p>25.4.4 Master Job Flow</p><p>1) A master publishes a job that is received by a minion as outlined by the master's job ﬂow above. 2) e minion is polling its receive socket that's connected to the master Publisher (TCP 4505 on master). When it detects an incoming message, it picks it up from the socket and decrypts it. 3) A new minion process or thread is created and provided with the contents of the decrypted message. e _thread_return() method is provided with the contents of the received message. 4) e new minion thread is created. e _thread_return() function starts up and actually calls out to the requested function contained in the job. 5. e requested function runs and returns a result. [Still in thread.] 6) e result of the function that's run is encrypted and returned to the master's ReqServer (TCP 4506 on master). [Still in thread.] 7) read exits. Because the main thread was only blocked for the time that it took to initialize the worker thread, many other requests could have been received and processed during this time.</p><p>25.5 A Note on ClearFuncs vs. AESFuncs</p><p>A common source of confusion is deteremining when messages are passed in the clear and when they are passed using encryption. ere are two rules governing this behaviour: 1) ClearFuncs is used for intra-master communication and during the initial authentication handshake between a minion and master during the key exhange. 2. AESFuncs is used everywhere else.</p><p>1270 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>25.6 Contributing</p><p>ere is a great need for contributions to Salt and patches are welcome! e goal here is to make contributions clear, make sure there is a trail for where the code has come from, and most importantly, to give credit where credit is due! ere are a number of ways to contribute to Salt development. For details on how to contribute documentation improvements please review Writing Salt Documentation.</p><p>25.6.1 Sending a GitHub pull request</p><p>Sending pull requests on GitHub is the preferred method for receiving contributions. e workﬂow advice below mirrors GitHub's own guide and is well worth reading. 1. Fork the saltstack/salt repository on GitHub. 2. Make a local clone of your fork. 3. Create a new branch in your clone. A branch should have one purpose. For example, ``Fix bug X,'' or ``Add feature Y.'' Multiple pull requests should be opened for unrelated changes. Choose a name for your branch that describes its purpose.</p><p> git checkout -b fixed-broken-thing</p><p>4. Make edits and changes locally. 5. Commit changes to this new branch. Edit the necessary ﬁles in your Salt clone and remember to add them to your commit. Write a descriptive commit message.</p><p> git add path/to/file1 git add path/to/file2 git commit -m "Fixed X in file1 and file2"</p><p>If you get stuck there are many introductory Git resources on help.github.com. 6. Push your locally-commied changes to your GitHub fork.</p><p> git push --set-upstream origin fixed-broken-thing</p><p>7. Go to your fork on the GitHub website &amp; ﬁnd your branch. GitHub automatically displays a buon with the text ``Compare &amp; pull request'' for recently pushed branches. Otherwise click on the ``Branches'' tab at the top of your fork. A buon with the text ``New pull request'' will be beside each branch. 8. Open a new pull request. (a) Click one of the pull request buons from the previous step. GitHub will present a form and show a comparison of the changes in your pull request. (b) Write a descriptive comment, include links to any project issues related to the pull request. (c) Click ``Create pull request''. 9. e Salt repo managers will be notiﬁed of your pull request. If a reviewer asks for changes:</p><p>25.6. Contributing 1271 Salt Documentation, Release 2014.7.6</p><p>(a) Make the changes in your local clone on the same local branch. (b) Push the branch to GitHub using the same command as before. (c) e new commits will be reﬂected in the pull request automatically. (d) Feel free to add a comment to the discussion.</p><p>Note: Jenkins Whenever you make a pull request against the main Salt repository your changes will be tested on a variety of operating systems and conﬁgurations. On average these tests take 30 minutes to run and once they are complete a PASS/FAIL message will be added to your pull request. is message contains a link to hp://jenkins.saltstack.com where you can review the test results. is message will also generate an email which will be sent to the email address associated with your GitHub account informing you of these results. It should be noted that a test failure does not necessarily mean there is an issue in the associated pull request as the entire development branch is tested.</p><p>25.6.2 Which Salt branch?</p><p>GitHub will open pull requests against Salt's main branch named develop by default. Most contributors can keep the default options. is section is for advanced contributors. Each pull request should address a single concern, as mentioned in the section above. For example, ``Fix bug X,'' or ``Add feature Y.'' And a pull request should be opened against the branch that corresponds to that concern.</p><p>The current release branch</p><p>e current release branch is the most recent stable release. Pull requests containing bug ﬁxes should be made against the release branch. e branch name will be a date-based name such as 2014.7. Bug ﬁxes are made on this branch so that minor releases can be cut from this branch without introducing surprises and new features. is approach maximizes stability. e Salt development team will ``merge-forward'' any ﬁxes made on the release branch to the develop branch once the pull request has been accepted. is keeps the ﬁx in isolation on the release branch and also keeps the develop branch up-to-date.</p><p>Note: Closing GitHub issues from commits is ``merge-forward'' strategy requires that the magic keywords to close a GitHub issue appear in the commit message text directly. Only including the text in a pull request will not close the issue. GitHub will close the referenced issue once the commit containing the magic text is merged into the default branch (develop). Any magic text input only into the pull request description will not be seen at the Git-level when those commits are merged-forward. In other words, only the commits are merged-forward and not the pull request.</p><p>The develop branch</p><p>e develop branch is unstable and bleeding-edge. Pull requests containing feature additions or non-bug-ﬁx changes should be made against the develop branch. e Salt development team will back-port bug ﬁxes made to develop to the current release branch if the contributor cannot create the pull request against that branch.</p><p>1272 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>25.6.3 Keeping Salt Forks in Sync</p><p>Salt is advancing quickly. It is therefore critical to pull upstream changes from upstream into your fork on a regular basis. Nothing is worse than puing hard work into a pull request only to see bunches of merge conﬂicts because it has diverged too far from upstream. See also: GitHub Fork a Repo Guide e following assumes origin is the name of your fork and upstream is the name of the main saltstack/salt repository. 1. View existing remotes.</p><p> git remote -v</p><p>2. Add the upstream remote.</p><p># For ssh github git remote add upstream git@github.com:saltstack/salt.git</p><p># For https github git remote add upstream https://github.com/saltstack/salt.git</p><p>3. Pull upstream changes into your clone.</p><p> git fetch upstream</p><p>4. Update your copy of the develop branch.</p><p> git checkout develop git merge --ff-only upstream/develop</p><p>If Git complains that a fast-forward merge is not possible, you have local commits. • Run git pull --rebase origin develop to rebase your changes on top of the upstream changes. • Or, run git branch <branch-name> to create a new branch with your commits. You will then need to reset your develop branch before updating it with the changes from upstream. If Git complains that local ﬁles will be overwrien, you have changes to ﬁles in your working directory. Run git status to see the ﬁles in question. 5. Update your fork.</branch-name></p><p> git push origin develop</p><p>6. Repeat the previous two steps for any other branches you work with, such as the current release branch.</p><p>25.6.4 Posting patches to the mailing list</p><p>Patches will also be accepted by email. Format patches using git format-patch and send them to the salt-users mailing list. e contributor will then get credit for the patch, and the Salt community will have an archive of the patch and a place for discussion.</p><p>25.6. Contributing 1273 Salt Documentation, Release 2014.7.6</p><p>25.6.5 Backporting Pull Requests</p><p>If a bug is ﬁxed on develop and the bug is also present on a currently-supported release branch it will need to be back-ported to all applicable branches.</p><p>Note: Most Salt contributors can skip these instructions ese instructions do not need to be read in order to contribute to the Salt project! e SaltStack team will back-port ﬁxes on behalf of contributors in order to keep the contribution process easy. ese instructions are intended for frequent Salt contributors, advanced Git users, SaltStack employees, or indepen- dent souls who wish to back-port changes themselves.</p><p>It is oen easiest to ﬁx a bug on the oldest supported release branch and then merge that branch forward into develop (as described earlier in this document). When that is not possible the ﬁx must be back-ported, or copied, into any other aﬀected branches. ese steps assume a pull request #1234 has been merged into develop. And upstream is the name of the remote pointing to the main Salt repo. 1. Identify the oldest supported release branch that is aﬀected by the bug. 2. Create a new branch for the back-port by reusing the same branch from the original pull request. Name the branch bp-<nnnn> and use the number of the original pull request.</nnnn></p><p> git fetch upstream refs/pull/1234/head:bp-1234 git checkout bp-1234</p><p>3. Find the parent commit of the original pull request. e parent commit of the original pull request must be known in order to rebase onto a release branch. e easiest way to ﬁnd this is on GitHub. Open the original pull request on GitHub and ﬁnd the ﬁrst commit in the list of commits. Select and copy the SHA for that commit. e parent of that commit can be speciﬁed by appending ~1 to the end. 4. Rebase the new branch on top of the release branch. • <release-branch> is the branch identiﬁed in step #1. • <orig-base> is the SHA identiﬁed in step #3 -- don't forget to add ~1 to the end!</orig-base></release-branch></p><p> git rebase --onto <release-branch> <orig-base> bp-1234</orig-base></release-branch></p><p>Note, release branches prior to 2014.7 will not be able to make use of rebase and must use cherry-picking instead. 5. Push the back-port branch to GitHub and open a new pull request. Opening a pull request for the back-port allows for the test suite and normal code-review process.</p><p> git push -u origin bp-1234</p><p>25.7 Deprecating Code</p><p>Salt should remain backwards compatible, though sometimes, this backwards compatibility needs to be broken be- cause a speciﬁc feature and/or solution is no longer necessary or required. At ﬁrst one might think, let me change this code, it seems that it's not used anywhere else so it should be safe to remove. en, once there's a new release,</p><p>1274 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p> users complain about functionality which was removed and they where using it, etc. is should, at all costs, be avoided, and, in these cases, that speciﬁc code should be deprecated. Depending on the complexity and usage of a speciﬁc piece of code, the deprecation time frame should be properly evaluated. As an example, a deprecation warning which is shown for 2 major releases, for example 0.17.0 and 2014.1.0, gives users enough time to stop using the deprecated code and adapt to the new one. For example, if you're deprecating the usage of a keyword argument to a function, that speciﬁc keyword argument should remain in place for the full deprecation time frame and if that keyword argument is used, a deprecation warning should be shown to the user. To help in this deprecation task, salt provides salt.utils.warn_until. e idea behind this helper function is to show the deprecation warning until salt reaches the provided version. Once that provided version is equaled salt.utils.warn_until will raise a RuntimeError making salt stop its execution. is stoppage is un- pleasant and will remind the developer that the deprecation limit has been reached and that the code can then be safely removed. Consider the following example:</p><p> def some_function(bar=False, foo=None): if foo is not None: salt.utils.warn_until( (0, 18), 'The \'foo\' argument has been deprecated and its ' 'functionality removed, as such, its usage is no longer ' 'required.' )</p><p>Consider that the current salt release is 0.16.0. Whenever foo is passed a value diﬀerent from None that warning will be shown to the user. is will happen in versions 0.16.2 to 2014.1.0, aer which a RuntimeError will be raised making us aware that the deprecated code should now be removed.</p><p>25.8 Dunder Dictionaries</p><p>Salt provides several special ``dunder'' dictionaries as a convenience for Salt development. ese include __opts__, __context__, __salt__, and others. is document will describe each dictionary and detail where they exist and what information and/or functionality they provide.</p><p>25.8.1 __opts__</p><p>Available in</p><p>• All loader modules e __opts__ dictionary contains all of the options passed in the conﬁguration ﬁle for the master or minion.</p><p>Note: In many places in salt, instead of pulling raw data from the __opts__ dict, conﬁguration data should be pulled from the salt get functions such as conﬁg.get, aka - __salt__['conﬁg.get'](`foo:bar') e get functions also allow for dict traversal via the : delimiter. Consider using get functions whenever using __opts__ or __pillar__ and __grains__ (when using grains for conﬁguration data)</p><p>e conﬁguration ﬁle data made available in the __opts__ dictionary is the conﬁguration data relative to the running daemon. If the modules are loaded and executed by the master, then the master conﬁguration data is</p><p>25.8. Dunder Dictionaries 1275 Salt Documentation, Release 2014.7.6 available, if the modules are executed by the minion, then the minion conﬁguration is available. Any additional information passed into the respective conﬁguration ﬁles is made available</p><p>25.8.2 __salt__</p><p>Available in</p><p>• Execution Modules • State Modules • Returners __salt__ contains the execution module functions. is allows for all functions to be called as they have been set up by the salt loader.</p><p>__salt__['cmd.run']('fdisk -l') __salt__['network.ip_addrs']()</p><p>25.8.3 __grains__</p><p>Available in</p><p>• Execution Modules • State Modules • Returners • External Pillar e __grains__ dictionary contains the grains data generated by the minion that is currently being worked with. In execution modules, state modules and returners this is the grains of the minion running the calls, when generating the external pillar the __grains__ is the grains data from the minion that the pillar is being generated for.</p><p>25.8.4 __pillar__</p><p>Available in</p><p>• Execution Modules • State Modules • Returners e __pillar__ dictionary contains the pillar for the respective minion.</p><p>25.8.5 __context__</p><p>__context__ exists in state modules and execution modules. During a state run the __context__ dictionary persists across all states that are run and then is destroyed when the state ends.</p><p>1276 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>When running an execution module __context__ persists across all module executions until the modules are refreshed; such as when saltutils.sync_all or state.highstate are executed. A great place to see how to use __context__ is in the cp.py module in salt/modules/cp.py. e ﬁleclient authen- ticates with the master when it is instantiated and then is used to copy ﬁles to the minion. Rather than create a new ﬁleclient for each ﬁle that is to be copied down, one instance of the ﬁleclient is instantiated in the __context__ dictionary and is reused for each ﬁle. Here is an example from salt/modules/cp.py: if not 'cp.fileclient' in __context__: __context__['cp.fileclient'] = salt.fileclient.get_file_client(__opts__)</p><p>Note: Because __context__ may or may not have been destroyed, always be sure to check for the existence of the key in __context__ and generate the key before using it.</p><p>25.9 External Pillars</p><p>Salt provides a mechanism for generating pillar data by calling external pillar interfaces. is document will describe an outline of an ext_pillar module.</p><p>25.9.1 Location</p><p>Salt expects to ﬁnd your ext_pillar module in the same location where it looks for other python modules. If the extension_modules option in your Salt master conﬁguration is set, Salt will look for a pillar directory under there and load all the modules it ﬁnds. Otherwise, it will look in your Python site-packages salt/pillar directory.</p><p>25.9.2 Configuration</p><p>e external pillars that are called when a minion refreshes its pillars is controlled by the ext_pillar option in the Salt master conﬁguration. You can pass a single argument, a list of arguments or a dictionary of arguments to your pillar: ext_pillar: - example_a: some argument - example_b: - argumentA - argumentB - example_c: keyA: valueA keyB: valueB</p><p>25.9.3 The Module</p><p>25.9.4 Imports and Logging</p><p>Import modules your external pillar module needs. You should ﬁrst include generic modules that come with stock Python:</p><p>25.9. External Pillars 1277 Salt Documentation, Release 2014.7.6</p><p> import logging</p><p>And then start logging. is is an idiomatic way of seing up logging in Salt:</p><p> log = logging.getLogger(__name__)</p><p>Finally, load modules that are speciﬁc to what you are doing. You should catch import errors and set a ﬂag that the __virtual__ function can use later.</p><p> try: import weird_thing EXAMPLE_A_LOADED = True except ImportError: EXAMPLE_A_LOADED = False</p><p>25.9.5 Options</p><p>If you deﬁne an __opts__ dictionary, it will be merged into the __opts__ dictionary handed to the ext_pillar function later. is is a good place to put default conﬁguration items. e convention is to name things module- name.option.</p><p>__opts__ = { 'example_a.someconfig': 137 }</p><p>25.9.6 Initialization</p><p>If you deﬁne an __init__ function, it will be called with the following signature:</p><p> def __init__( __opts__ ): # Do init work here</p><p>Note: e __init__ function is ran every time a particular minion causes the external pillar to be called, so don't put heavy initialization code here. e __init__ functionality is a side-eﬀect of the Salt loader, so it may not be as useful in pillars as it is in other Salt items.</p><p>25.9.7 __virtual__</p><p>If you deﬁne a __virtual__ function, you can control whether or not this module is visible. If it returns False then Salt ignores this module. If it returns a string, then that string will be how Salt identiﬁes this external pillar in its ext_pillar conﬁguration. If you're not renaming the module, simply return True in the __virtual__ function, which is the same as if this function did not exist, then, the name Salt's ext_pillar will use to identify this module is its conventional name in Python. is is useful to write modules that can be installed on all Salt masters, but will only be visible if a particular piece of soware your module requires is installed.</p><p># This external pillar will be known as `example_a` def __virtual__(): if EXAMPLE_A_LOADED:</p><p>1278 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p> return True return False</p><p># This external pillar will be known as `something_else` __virtualname__ = 'something_else' def __virtual__(): if EXAMPLE_A_LOADED: return __virtualname__ return False</p><p>25.9.8 ext_pillar</p><p>is is where the real work of an external pillar is done. If this module is active and has a function called ext_pillar, whenever a minion updates its pillar this function is called. How it is called depends on how it is conﬁgured in the Salt master conﬁguration. e ﬁrst argument is always the current pillar dictionary, this contains pillar items that have already been added, starting with the data from pillar_roots, and then from any already-ran external pillars. Using our example above: ext_pillar( id, pillar, 'some argument' ) # example_a ext_pillar( id, pillar, 'argumentA', 'argumentB' ) # example_b ext_pillar( id, pillar, keyA='valueA', keyB='valueB' }) # example_c</p><p>In the example_a case, pillar will contain the items from the pillar_roots, in example_b pillar will contain that plus the items added by example_a, and in example_c pillar will contain that plus the items added by example_b. In all three cases, id will contain the ID of the minion making the pillar request. is function should return a dictionary, the contents of which are merged in with all of the other pillars and returned to the minion. Note: this function is called once for each minion that fetches its pillar data. def ext_pillar( minion_id, pillar, *args, **kwargs ):</p><p> my_pillar = {}</p><p># Do stuff</p><p> return my_pillar</p><p>You shouldn't just add items to pillar and return that, since that will cause Salt to merge data that already exists. Rather, just return the items you are adding or changing. You could, however, use pillar in your module to make some decision based on pillar data that already exists. is function has access to some useful globals: __opts__ A dictionary of mostly Salt conﬁguration options. If you had an __opts__ dictionary de- ﬁned in your module, those values will be included. __salt__ A dictionary of Salt module functions, useful so you don't have to duplicate functions that already exist. E.g. __salt__['cmd.run']( 'ls -l' ) Note, runs on the master __grains__ A dictionary of the grains of the minion making this pillar call.</p><p>25.9. External Pillars 1279 Salt Documentation, Release 2014.7.6</p><p>25.9.9 Example configuration</p><p>As an example, if you wanted to add external pillar via the cmd_json external pillar, add something like this to your master conﬁg:</p><p> ext_pillar: - cmd_json: 'echo {\"arg\":\"value\"}'</p><p>25.9.10 Reminder</p><p>Just as with traditional pillars, external pillars must be refreshed in order for minions to see any fresh data:</p><p> salt '*' saltutil.refresh_pillar</p><p>25.10 Installing Salt for development</p><p>Clone the repository using:</p><p> git clone https://github.com/saltstack/salt</p><p>Note: tags Just cloning the repository is enough to work with Salt and make contributions. However, fetching additional tags from git is required to have Salt report the correct version for itself. To do this, ﬁrst add the git repository as an upstream source:</p><p> git remote add upstream https://github.com/saltstack/salt</p><p>Fetching tags is done with the git `fetch' utility:</p><p> git fetch --tags upstream</p><p>Create a new virtualenv:</p><p> virtualenv /path/to/your/virtualenv</p><p>On Arch Linux, where Python 3 is the default installation of Python, use the virtualenv2 command instead of virtualenv.</p><p>Note: Using system Python modules in the virtualenv To use already-installed python modules in virtualenv (instead of having pip download and compile new ones), run virtualenv --system-site-packages Using this method eliminates the requirement to install the salt dependencies again, although it does assume that the listed modules are all installed in the system PYTHONPATH at the time of virtualenv creation.</p><p>Activate the virtualenv:</p><p>1280 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p> source /path/to/your/virtualenv/bin/activate</p><p>Install Salt (and dependencies) into the virtualenv: pip install M2Crypto # Don't install on Debian/Ubuntu (see below) pip install pyzmq PyYAML pycrypto msgpack-python jinja2 psutil pip install -e ./salt # the path to the salt git clone from above</p><p>Note: Installing M2Crypto swig and libssl-dev are required to build M2Crypto. To ﬁx the error command 'swig' failed with exit status 1 while installing M2Crypto, try installing it with the following command: env SWIG_FEATURES="-cpperraswarn -includeall -D__`uname -m`__ -I/usr/include/openssl" pip install M2Crypto</p><p>Debian and Ubuntu systems have modiﬁed openssl libraries and mandate that a patched version of M2Crypto be installed. is means that M2Crypto needs to be installed via apt: apt-get install python-m2crypto</p><p>is also means that pulling in the M2Crypto installed using apt requires using --system-site-packages when creating the virtualenv. If you're using a platform other than Debian or Ubuntu, and you are installing M2Crypto via pip instead of a system package, then you will also need the gcc compiler.</p><p>Note: Installing psutil Python header ﬁles are required to build this module, otherwise the pip install will fail. If your distribution sep- arates binaries and headers into separate packages, make sure that you have the headers installed. In most Linux distributions which split the headers into their own package, this can be done by installing the python-dev or python-devel package. For other platforms, the package will likely be similarly named.</p><p>Note: Installing dependencies on OS X. You can install needed dependencies on OS X using homebrew or macports. See OS X Installation</p><p>Warning: Installing on RedHat-based Distros If installing from pip (or from source using setup.py install), be advised that the yum-utils package is needed for Salt to manage packages on RedHat-based systems.</p><p>25.10.1 Running a self-contained development version</p><p>During development it is easiest to be able to run the Salt master and minion that are installed in the virtualenv you created above, and also to have all the conﬁguration, log, and cache ﬁles contained in the virtualenv as well. Copy the master and minion conﬁg ﬁles into your virtualenv: mkdir -p /path/to/your/virtualenv/etc/salt cp ./salt/conf/master /path/to/your/virtualenv/etc/salt/master cp ./salt/conf/minion /path/to/your/virtualenv/etc/salt/minion</p><p>25.10. Installing Salt for development 1281 Salt Documentation, Release 2014.7.6</p><p>Edit the master conﬁg ﬁle: 1. Uncomment and change the user: root value to your own user. 2. Uncomment and change the root_dir: / value to point to /path/to/your/virtualenv. 3. If you are running version 0.11.1 or older, uncomment and change the pidfile: /var/run/salt- master.pid value to point to /path/to/your/virtualenv/salt-master.pid. 4. If you are also running a non-development version of Salt you will have to change the publish_port and ret_port values as well. Edit the minion conﬁg ﬁle: 1. Repeat the edits you made in the master conﬁg for the user and root_dir values as well as any port changes. 2. If you are running version 0.11.1 or older, uncomment and change the pidfile: /var/run/salt- minion.pid value to point to /path/to/your/virtualenv/salt-minion.pid. 3. Uncomment and change the master: salt value to point at localhost. 4. Uncomment and change the id: value to something descriptive like ``saltdev''. is isn't strictly necessary but it will serve as a reminder of which Salt installation you are working with. 5. If you changed the ret_port value in the master conﬁg because you are also running a non-development version of Salt, then you will have to change the master_port value in the minion conﬁg to match.</p><p>Note: Using salt-call with a Standalone Minion If you plan to run salt-call with this self-contained development environment in a masterless setup, you should invoke salt-call with -c /path/to/your/virtualenv/etc/salt so that salt can ﬁnd the minion conﬁg ﬁle. Without the -c option, Salt ﬁnds its conﬁg ﬁles in /etc/salt.</p><p>Start the master and minion, accept the minion's key, and verify your local Salt installation is working:</p><p> cd /path/to/your/virtualenv salt-master -c ./etc/salt -d salt-minion -c ./etc/salt -d salt-key -c ./etc/salt -L salt-key -c ./etc/salt -A salt -c ./etc/salt '*' test.ping</p><p>Running the master and minion in debug mode can be helpful when developing. To do this, add -l debug to the calls to salt-master and salt-minion. If you would like to log to the console instead of to the log ﬁle, remove the -d. Once the minion starts, you may see an error like the following:</p><p> zmq.core.error.ZMQError: ipc path "/path/to/your/virtualenv/var/run/salt/minion/minion_event_7824dcbcfd7a8f6755939af70b96249f_pub.ipc" is longer than 107 characters (sizeof(sockaddr_un.sun_path)).</p><p>is means the the path to the socket the minion is using is too long. is is a system limitation, so the only workaround is to reduce the length of this path. is can be done in a couple diﬀerent ways: 1. Create your virtualenv in a path that is short enough. 2. Edit the sock_dir minion conﬁg variable and reduce its length. Remember that this path is relative to the value you set in root_dir.</p><p>1282 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>NOTE: e socket path is limited to 107 characters on Solaris and Linux, and 103 characters on BSD-based systems.</p><p>Note: File descriptor limits Ensure that the system open ﬁle limit is raised to at least 2047:</p><p># check your current limit ulimit -n</p><p># raise the limit. persists only until reboot # use 'limit descriptors 2047' for c-shell ulimit -n 2047</p><p>To set ﬁle descriptors on OSX, refer to the OS X Installation instructions.</p><p>25.10.2 Installing Salt from the Python Package Index</p><p>If you are installing using easy_install, you will need to deﬁne a USE_SETUPTOOLS environment variable, otherwise dependencies will not be installed:</p><p>USE_SETUPTOOLS=1 easy_install salt</p><p>25.10.3 Editing and previewing the documentation</p><p>You need sphinx-build command to build the docs. In Debian/Ubuntu this is provided in the python-sphinx package. Sphinx can also be installed to a virtualenv using pip:</p><p> pip install Sphinx</p><p>Change to salt documentation directory, then:</p><p> cd doc; make html</p><p>• is will build the HTML docs. Run make without any arguments to see the available make targets, which include html, man, and text. • e docs then are built within the docs/_build/ folder. To update the docs aer making changes, run make again. • e docs use reStructuredText for markup. See a live demo at hp://rst.ninjs.org/. • e help information on each module or state is culled from the python code that runs for that piece. Find them in salt/modules/ or salt/states/. • To build the docs on Arch Linux, the python2-sphinx package is required. Additionally, it is necessary to tell make where to ﬁnd the proper sphinx-build binary, like so:</p><p> make SPHINXBUILD=sphinx-build2 html</p><p>• To build the docs on RHEL/CentOS 6, the python-sphinx10 package must be installed from EPEL, and the following make command must be used:</p><p>25.10. Installing Salt for development 1283 Salt Documentation, Release 2014.7.6</p><p> make SPHINXBUILD=sphinx-1.0-build html</p><p>Once you've updated the documentation, you can run the following command to launch a simple Python HTTP server to see your changes: cd _build/html; python -m SimpleHTTPServer</p><p>25.10.4 Running unit and integration tests</p><p>Run the test suite with following command:</p><p>./setup.py test</p><p>See here for more information regarding the test suite.</p><p>25.11 Logging Internals</p><p>TODO</p><p>25.12 Modular Systems</p><p>When ﬁrst working with Salt, it is not always clear where all of the modular components are and what they do. Salt comes loaded with more modular systems than many users are aware of, making Salt very easy to extend in many places. e most commonly used modular systems are execution modules and states. But the modular systems extend well beyond the more easily exposed components and are oen added to Salt to make the complete system more ﬂexible.</p><p>25.12.1 Execution Modules</p><p>Execution modules make up the core of the functionality used by Salt to interact with client systems. e execution modules create the core system management library used by all Salt systems, including states, which interact with minion systems. Execution modules are completely open ended in their execution. ey can be used to do anything required on a minion, from installing packages to detecting information about the system. e only restraint in execution modules is that the deﬁned functions always return a JSON serializable object. For a list of all built in execution modules, click here For information on writing execution modules, see this page.</p><p>25.12.2 State Modules</p><p>State modules are used to deﬁne the state interfaces used by Salt States. ese modules are restrictive in that they must follow a number of rules to function properly.</p><p>Note: State modules deﬁne the available routines in sls ﬁles. If calling an execution module directly is desired, take</p><p>1284 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6 a look at the module state.</p><p>25.12.3 Auth</p><p>e auth module system allows for external authentication routines to be easily added into Salt. e auth function needs to be implemented to satisfy the requirements of an auth module. Use the pam module as an example.</p><p>25.12.4 Fileserver</p><p>e ﬁleserver module system is used to create ﬁleserver backends used by the Salt Master. ese modules need to implement the functions used in the ﬁleserver subsystem. Use the gitfs module as an example.</p><p>25.12.5 Grains</p><p>Grain modules deﬁne extra routines to populate grains data. All deﬁned public functions will be executed and MUST return a Python dict object. e dict keys will be added to the grains made available to the minion.</p><p>25.12.6 Output</p><p>e output modules supply the outpuer system with routines to display data in the terminal. ese modules are very simple and only require the output function to execute. e default system outpuer is the nested module.</p><p>25.12.7 Pillar</p><p>Used to deﬁne optional external pillar systems. e pillar generated via the ﬁlesystem pillar is passed into external pillars. is is commonly used as a bridge to database data for pillar, but is also the backend to the libvirt state used to generate and sign libvirt certiﬁcates on the ﬂy.</p><p>25.12.8 Renderers</p><p>Renderers are the system used to render sls ﬁles into salt highdata for the state compiler. ey can be as simple as the py renderer and as complex as stateconf and pydsl.</p><p>25.12.9 Returners</p><p>Returners are used to send data from minions to external sources, commonly databases. A full returner will imple- ment all routines to be supported as an external job cache. Use the redis returner as an example.</p><p>25.12.10 Runners</p><p>Runners are purely master-side execution sequences. ese range from simple reporting to orchestration engines like the overstate.</p><p>25.12.11 Tops</p><p>Tops modules are used to convert external data sources into top ﬁle data for the state system.</p><p>25.12. Modular Systems 1285 Salt Documentation, Release 2014.7.6</p><p>25.12.12 Wheel</p><p>e wheel system is used to manage master side management routines. ese routines are primarily intended for the API to enable master conﬁguration.</p><p>25.13 Package Providers</p><p>is page contains guidelines for writing package providers.</p><p>25.13.1 Package Functions</p><p>One of the most important features of Salt is package management. ere is no shortage of package managers, so in the interest of providing a consistent experience in pkg states, there are certain functions that should be present in a package provider. Note that these are subject to change as new features are added or existing features are enhanced. list_pkgs</p><p>is function should declare an empty dict, and then add packages to it by calling pkg_resource.add_pkg, like so:</p><p>__salt__['pkg_resource.add_pkg'](ret, name, version)</p><p>e last thing that should be done before returning is to execute pkg_resource.sort_pkglist. is function does not presently do anything to the return dict, but will be used in future versions of Salt.</p><p>__salt__['pkg_resource.sort_pkglist'](ret) list_pkgs returns a dictionary of installed packages, with the keys being the package names and the values being the version installed. Example return data:</p><p>{'foo': '1.2.3-4', 'bar': '5.6.7-8'}</p><p> latest_version</p><p>Accepts an arbitrary number of arguments. Each argument is a package name. e return value for a package will be an empty string if the package is not found or if the package is up-to-date. e only case in which a non-empty string is returned is if the package is available for new installation (i.e. not already installed) or if there is an upgrade available. If only one argument was passed, this function return a string, otherwise a dict of name/version pairs is returned. is function must also accept **kwargs, in order to receive the fromrepo and repo keyword arguments from pkg states. Where supported, these arguments should be used to ﬁnd the install/upgrade candidate in the speciﬁed repository. e fromrepo kwarg takes precedence over repo, so if both of those kwargs are present, the repository speciﬁed in fromrepo should be used. However, if repo is used instead of fromrepo, it should still work, to preserve backwards compatibility with older versions of Salt.</p><p>1286 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6 version</p><p>Like latest_version, accepts an arbitrary number of arguments and returns a string if a single package name was passed, or a dict of name/value pairs if more than one was passed. e only diﬀerence is that the return values are the currently-installed versions of whatever packages are passed. If the package is not installed, an empty string is returned for that package. upgrade_available</p><p>Deprecated and destined to be removed. For now, should just do the following: return __salt__['pkg.latest_version'](name) != ''</p><p> install</p><p>e following arguments are required and should default to None: 1. name (for single-package pkg states) 2. pkgs (for multiple-package pkg states) 3. sources (for binary package ﬁle installation) e ﬁrst thing that this function should do is call pkg_resource.parse_targets (see below). is function will convert the SLS input into a more easily parsed data structure. pkg_resource.parse_targets may need to be modiﬁed to support your new package provider, as it does things like parsing package metadata which cannot be done for every package management system. pkg_params, pkg_type = __salt__['pkg_resource.parse_targets'](name, pkgs, sources)</p><p>Two values will be returned to the install function. e ﬁrst of them will be a dictionary. e keys of this dictionary will be package names, though the values will diﬀer depending on what kind of installation is being done: • If name was provided (and pkgs was not), then there will be a single key in the dictionary, and its value will be None. Once the data has been returned, if the version keyword argument was provided, then it should replace the None value in the dictionary. • If pkgs was provided, then name is ignored, and the dictionary will contain one entry for each package in the pkgs list. e values in the dictionary will be None if a version was not speciﬁed for the package, and the desired version if speciﬁed. See the Multiple Paage Installation Options section of the pkg.installed state for more info. • If sources was provided, then name is ignored, and the dictionary values will be the path/URI for the package. e second return value will be a string with two possible values: repository or file. e install function can use this value (if necessary) to build the proper command to install the targeted package(s). Both before and aer the installing the target(s), you should run list_pkgs to obtain a list of the installed packages. You should then return the output of salt.utils.compare_dicts() return salt.utils.compare_dicts(old, new)</p><p>25.13. Package Providers 1287 Salt Documentation, Release 2014.7.6</p><p> remove</p><p>Removes the passed package and return a list of the packages removed.</p><p>25.13.2 Package Repo Functions</p><p>ere are some functions provided by pkg which are speciﬁc to package repositories, and not to packages themselves. When writing modules for new package managers, these functions should be made available as stated below, in order to provide compatibility with the pkgrepo state. All repo functions should accept a basedir option, which deﬁnes which directory repository conﬁguration should be found in. e default for this is dictated by the repo manager that is being used, and rarely needs to be changed.</p><p> basedir = '/etc/yum.repos.d' __salt__['pkg.list_repos'](basedir)</p><p> list_repos</p><p>Lists the repositories that are currently conﬁgured on this system.</p><p>__salt__['pkg.list_repos']()</p><p>Returns a dictionary, in the following format:</p><p>{'reponame': 'config_key_1': 'config value 1', 'config_key_2': 'config value 2', 'config_key_3':['list item 1 (when appropriate)', 'list item 2 (when appropriate)]}</p><p> get_repo</p><p>Displays all local conﬁguration for a speciﬁc repository.</p><p>__salt__['pkg.get_repo'](repo='myrepo')</p><p>e information is formaed in much the same way as list_repos, but is speciﬁc to only one repo.</p><p>{'config_key_1': 'config value 1', 'config_key_2': 'config value 2', 'config_key_3':['list item 1 (when appropriate)', 'list item 2 (when appropriate)]}</p><p> del_repo</p><p>Removes the local conﬁguration for a speciﬁc repository. Requires a repo argument, which must match the locally conﬁgured name. is function returns a string, which informs the user as to whether or not the operation was a success.</p><p>1288 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>__salt__['pkg.del_repo'](repo='myrepo')</p><p> mod_repo</p><p>Modify the local conﬁguration for one or more option for a conﬁgured repo. is is also the way to create new repository conﬁguration on the local system; if a repo is speciﬁed which does not yet exist, it will be created. e options speciﬁed for this function are speciﬁc to the system; please refer to the documentation for your speciﬁc repo manager for speciﬁcs.</p><p>__salt__['pkg.mod_repo'](repo='myrepo', url='http://myurl.com/repo')</p><p>25.13.3 Low-Package Functions</p><p>In general, the standard package functions as describes above will meet your needs. ese functions use the system's native repo manager (for instance, yum or the apt tools). In most cases, the repo manager is actually separate from the package manager. For instance, yum is usually a front-end for rpm, and apt is usually a front-end for dpkg. When possible, the package functions that use those package managers directly should do so through the low package functions. It is normal and sane for pkg to make calls to lowpkgs, but lowpkg must never make calls to pkg. is is aﬀects functions which are required by both pkg and lowpkg, but the technique in pkg is more performant than what is available to lowpkg. When this is the case, the lowpkg function that requires that technique must still use the lowpkg version. list_pkgs</p><p>Returns a dict of packages installed, including the package name and version. Can accept a list of packages; if none are speciﬁed, then all installed packages will be listed. installed = __salt__['lowpkg.list_pkgs']('foo', 'bar')</p><p>Example output:</p><p>{'foo': '1.2.3-4', 'bar': '5.6.7-8'}</p><p> verify</p><p>Many (but not all) package management systems provide a way to verify that the ﬁles installed by the package manager have or have not changed. is function accepts a list of packages; if none are speciﬁed, all packages will be included. installed = __salt__['lowpkg.verify']('httpd')</p><p>Example output:</p><p>25.13. Package Providers 1289 Salt Documentation, Release 2014.7.6</p><p>{'/etc/httpd/conf/httpd.conf':{'mismatch':['size', 'md5sum', 'mtime'], 'type': 'config'}}</p><p> file_list</p><p>Lists all of the ﬁles installed by all packages speciﬁed. If not packages are speciﬁed, then all ﬁles for all known packages are returned. installed = __salt__['lowpkg.file_list']('httpd', 'apache')</p><p>is function does not return which ﬁles belong to which packages; all ﬁles are returned as one giant list (hence the ﬁle_list function name. However, is information is still returned inside of a dict, so that it can provide any errors to the user in a sane manner.</p><p>{'errors':['package apache is not installed'], 'files':['/etc/httpd', '/etc/httpd/conf', '/etc/httpd/conf.d', '...SNIP...']}</p><p> file_dict</p><p>Lists all of the ﬁles installed by all packages speciﬁed. If not packages are speciﬁed, then all ﬁles for all known packages are returned. installed = __salt__['lowpkg.file_dict']('httpd', 'apache', 'kernel')</p><p>Unlike ﬁle_list, this function will break down which ﬁles belong to which packages. It will also return errors in the same manner as ﬁle_list.</p><p>{'errors':['package apache is not installed'], 'packages':{'httpd':['/etc/httpd', '/etc/httpd/conf', '...SNIP...'], 'kernel':['/boot/.vmlinuz-2.6.32-279.el6.x86_64.hmac', '/boot/System.map-2.6.32-279.el6.x86_64', '...SNIP...']}}</p><p>25.14 Community Projects That Use Salt</p><p>Below is a list of repositories that show real world Salt applications that you can use to get started. Please note that these projects do not adhere to any standards and express a wide variety of <a class="als" href="https://tipsdex.com" title="ideas" target="_blank" rel="noopener">ideas</a> and opinions on how an action can be completed with Salt. hps://github.com/terminalmage/djangocon2013-sls hps://github.com/jesusaurus/hpcs-salt-state hps://github.com/gravyboat/hungryadmin-sls</p><p>1290 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p> hps://github.com/wunki/django-salted</p><p>25.15 Salt Topology</p><p>Salt is based on a powerful, asynchronous, network topology using ZeroMQ. Many ZeroMQ systems are in place to enable communication. e central idea is to have the fastest communication possible.</p><p>25.15.1 Servers</p><p>e Salt Master runs 2 network services. First is the ZeroMQ PUB system. is service by default runs on port 4505 and can be conﬁgured via the publish_port option in the master conﬁguration. Second is the ZeroMQ REP system. is is a separate interface used for all bi-directional communication with minions. By default this system binds to port 4506 and can be conﬁgured via the ret_port option in the master.</p><p>25.15.2 PUB/SUB</p><p>e commands sent out via the salt client are broadcast out to the minions via ZeroMQ PUB/SUB. is is done by allowing the minions to maintain a connection back to the Salt Master and then all connections are informed to download the command data at once. e command data is kept extremely small (usually less than 1K) so it is not a burden on the network.</p><p>25.15.3 Return</p><p>e PUB/SUB system is a one way communication, so once a publish is sent out the PUB interface on the master has no further communication with the minion. e minion, aer running the command, then sends the command's return data back to the master via the ret_port.</p><p>25.16 Translating Documentation</p><p>If you wish to help translate the Salt documentation to your language, please head over to the Transifex website and signup for an account. Once registered, head over to the Salt Translation Project, and either click on Request Language if you can't ﬁnd yours, or, select the language for which you wish to contribute and click Join Team. Transifex provides some useful reading resources on their support domain, namely, some useful articles directed to translators.</p><p>25.16.1 Building A Localized Version of the Documentation</p><p>While you're working on your translation on Transifex, you might want to have a look at how it's rendering.</p><p>Install The Transifex Client</p><p>To interact with the Transifex web service you will need to install the transifex-client:</p><p>25.15. Salt Topology 1291 Salt Documentation, Release 2014.7.6</p><p> pip install transifex-client</p><p>Configure The Transifex Client</p><p>Once installed, you will need to set it up on your computer. We created a script to help you with that:</p><p>.scripts/setup-transifex-config</p><p>Download Remote Translations</p><p>ere's a lile script which simpliﬁes the download process of the translations(which isn't that complicated in the ﬁrst place). So, let's assume you're translating pt_PT, Portuguese(Portugal). To download the translations, execute from the doc/ directory of your Salt checkout: make download-translations SPHINXLANG=pt_PT</p><p>To download pt_PT, Portuguese(Portugal) and nl, Dutch, you can use the helper script directly:</p><p>.scripts/download-translation-catalog pt_PT nl</p><p>Build Localized Documentation</p><p>Aer the download process ﬁnishes, which might take a while, the next step is to build a localized version of the documentation. Following the pt_PT example above: make html SPHINXLANG=pt_PT</p><p>View Localized Documentation</p><p>Open your browser, point it to the local documentation path and check the localized output you've just build.</p><p>25.17 Running The Tests</p><p>ere are requirements, in addition to Salt's requirements, which need to be installed in order to run the test suite. Install one of the lines below, depending on the relevant Python version: pip install -r dev_requirements_python26.txt pip install -r dev_requirements_python27.txt</p><p>Note: In Salt 0.17, testing libraries were migrated into their own repo. To install them: pip install git+https://github.com/saltstack/salt-testing.git#egg=SaltTesting</p><p>Failure to install SaltTesting will result in import errors similar to the following:</p><p>1292 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>ImportError: No module named salttesting</p><p>Once all require requirements are set, use tests/runtests.py to run all of the tests included in Salt's test suite. For more information, see --help. An alternative way of invoking the test suite is available in setup.py:</p><p>./setup.py test</p><p>Instead of running the entire test suite, there are several ways to run only speciﬁc groups of tests or individual tests: • Run unit tests only: ./tests/runtests.py --unit-tests • Run unit and integration tests for states: ./tests/runtests.py --state • Run integration tests for an individual module: ./tests/runtests.py -n integra- tion.modules.virt • Run unit tests for an individual module: ./tests/runtests.py -n unit.modules.virt_test • Run an individual test by using the class and test name (this example is for the test_default_kvm_profile test in the integration.module.virt): ./tests/runtests.py -n ingtegra- tion.module.virt.VirtTest.test_default_kvm_profile</p><p>25.17.1 Running Unit Tests Without Integration Test Daemons</p><p>Since the unit tests do not require a master or minion to execute, it is oen useful to be able to run unit tests individually, or as a whole group, without having to start up the integration testing daemons. Starting up the master, minion, and syndic daemons takes a lot of time before the tests can even start running and is unnecessary to run unit tests. To run unit tests without invoking the integration test daemons, simple remove the /tests portion of the runtests.py command:</p><p>./runtests.py --unit</p><p>All of the other options to run individual tests, entire classes of tests, or entire test modules still apply.</p><p>25.17.2 Running Destructive Integration Tests</p><p>Salt is used to change the seings and behavior of systems. In order to eﬀectively test Salt's functionality, some integration tests are wrien to make actual changes to the underlying system. ese tests are referred to as ``de- structive tests''. Some examples of destructive tests are changes may be testing the addition of a user or installing packages. By default, destructive tests are disabled and will be skipped. Generally, destructive tests should clean up aer themselves by aempting to restore the system to its original state. For instance, if a new user is created during a test, the user should be deleted aer the related test(s) have completed. However, no guarantees are made that test clean-up will complete successfully. erefore, running destructive tests should be done with caution.</p><p>Note: Running destructive tests will change the underlying system. Use caution when running destructive tests.</p><p>To run tests marked as destructive, set the --run-destructive ﬂag:</p><p>25.17. Running The Tests 1293 Salt Documentation, Release 2014.7.6</p><p>./tests/runtests.py --run-destructive</p><p>25.17.3 Running Cloud Provider Tests</p><p>Salt's testing suite also includes integration tests to assess the successful creation and deletion of cloud instances using Salt-Cloud for providers supported by Salt-Cloud. e cloud provider tests are oﬀ by default and run on sample conﬁguration ﬁles provided in tests/integration/files/conf/cloud.providers.d/. In order to run the cloud provider tests, valid credentials, which diﬀer per provider, must be supplied. Each credential item that must be supplied is indicated by an empty string value and should be edited by the user before running the tests. For example, DigitalOcean requires a client key and an api key to operate. erefore, the default cloud provider conﬁguration ﬁle for DigitalOcean looks like this: digitalocean-config: provider: digital_ocean client_key: '' api_key: '' location: New York 1</p><p>As indicated by the empty string values, the client_key and the api_key must be provided: digitalocean-config: provider: digital_ocean client_key: wFGEwgregeqw3435gDger api_key: GDE43t43REGTrkilg43934t34qT43t4dgegerGEgg location: New York 1</p><p>Note: When providing credential information in cloud provider conﬁguration ﬁles, do not include the single quotes.</p><p>Once all of the valid credentials for the cloud provider have been supplied, the cloud provider tests can be run by seing the --cloud-provider-tests ﬂag:</p><p>./tests/runtests.py --cloud-provider-tests</p><p>25.17.4 Running The Tests In A Docker Container</p><p>e test suite can be executed under a docker container using the --docked option ﬂag. e docker container must be properly conﬁgured on the system invoking the tests and the container must have access to the internet. Here's a simple usage example: tests/runtests.py --docked=ubuntu-12.04 -v</p><p>e full docker container repository can also be provided: tests/runtests.py --docked=salttest/ubuntu-12.04 -v</p><p>1294 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>e SaltStack team is creating some containers which will have the necessary dependencies pre-installed. Running the test suite on a container allows destructive tests to run without making changes to the main system. It also enables the test suite to run under a diﬀerent distribution than the one the main system is currently using. e current list of test suite images is on Salt's docker repository. Custom docker containers can be provided by submiing a pull request against Salt's docker Salt test containers repository.</p><p>25.18 Automated Test Runs</p><p>SaltStack maintains a Jenkins server to allow for the execution of tests across supported platforms. e tests executed from Salt's Jenkins server create fresh virtual machines for each test run, then execute destructive tests on the new, clean virtual machine. When a pull request is submied to Salt's repository on GitHub, Jenkins runs Salt's test suite on a couple of virtual machines to gauge the pull request's viability to merge into Salt's develop branch. If these initial tests pass, the pull request can then merged into Salt's develop branch by one of Salt's core developers, pending their discretion. If the initial tests fail, core developers may request changes to the pull request. If the failure is unrelated to the changes in question, core developers may merge the pull request despite the initial failure. Once the pull request is merged into Salt's develop branch, a new set of Jenkins virtual machines will begin executing the test suite. e develop branch tests have many more virtual machines to provide more comprehensive results. ere are a few other groups of virtual machines that Jenkins tests against, including past and current release branches. For a full list of currently running test environments, go to hp://jenkins.saltstack.com.</p><p>25.18.1 Using Salt-Cloud on Jenkins</p><p>For testing Salt on Jenkins, SaltStack uses Salt-Cloud to spin up virtual machines. e script using Salt-Cloud to accomplish this is open source and can be found here: hps://github.com/saltstack/salt/blob/develop/tests/jenkins.py</p><p>25.19 Writing Tests</p><p>Salt uses a test platform to verify functionality of components in a simple way. Two testing systems exist to enable testing salt functions in somewhat real environments. e two subsystems available are integration tests and unit tests. Salt uses the python standard library uniest2 system for testing.</p><p>25.19.1 Naming Conventions</p><p>Any function in either integration test ﬁles or unit test ﬁles that is doing the actual testing, such as functions con- taining assertions, must start with test_: def test_user_present(self):</p><p>When functions in test ﬁles are not prepended with test_, the function acts as a normal, helper function and is not run as a test by the test suite.</p><p>25.18. Automated Test Runs 1295 Salt Documentation, Release 2014.7.6</p><p>25.19.2 Integration Tests</p><p>e integration tests start up a number of salt daemons to test functionality in a live environment. ese daemons include 2 salt masters, 1 syndic, and 2 minions. is allows the syndic interface to be tested and master/minion communication to be veriﬁed. All of the integration tests are executed as live salt commands sent through the started daemons. Integration tests are particularly good at testing modules, states and shell commands. • Writing integration tests</p><p>25.19.3 Unit Tests</p><p>Direct unit tests are also available. ese tests are good for testing internal functions. • Writing unit tests</p><p>Integration Tests</p><p>e Salt integration tests come with a number of classes and methods which allow for components to be easily tested. ese classes are generally inherited from and provide speciﬁc methods for hooking into the running integration test environment created by the integration tests. It is noteworthy that since integration tests validate against a running environment that they are generally the preferred means to write tests. e integration system is all located under tests/integration in the Salt source tree. Each directory within tests/integration corresponds to a directory in Salt's tree structure. For example, the integration tests for the test.py Salt module that is located in salt/modules should also be named test.py and reside in tests/integration/modules.</p><p>Adding New Directories</p><p>If the corresponding Salt directory does not exist within tests/integration, the new directory must be created along with the appropriate test ﬁle to maintain Salt's testing directory structure. In order for Salt's test suite to recognize tests within the newly created directory, options to run the new integration tests must be added to tests/runtests.py. Examples of the necessary options that must be added can be found here: hps://github.com/saltstack/salt/blob/develop/tests/runtests.py. e functions that need to be edited are setup_additional_options, validate_options, and run_integration_tests.</p><p>Integration Classes</p><p>e integration classes are located in tests/integration/__init__.py and can be extended therein. ere are three classes available to extend:</p><p>ModuleCase Used to deﬁne executions run via the master to minions and to call single modules and states. e available methods are as follows: run_function: Run a single salt function and condition the return down to match the behavior of the raw function call. is will run the command and only return the results from a single minion to verify. state_result: Return the result data from a single state return</p><p>1296 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6 run_state: Run the state.single command and return the state return structure</p><p>SyndicCase Used to execute remote commands via a syndic, only used to verify the capabilities of the Syndic. e available methods are as follows: run_function: Run a single salt function and condition the return down to match the behavior of the raw function call. is will run the command and only return the results from a single minion to verify.</p><p>ShellCase Shell out to the scripts which ship with Salt. e available methods are as follows: run_script: Execute a salt script with the given argument string run_salt: Execute the salt command, pass in the argument string as it would be passed on the command line. run_run: Execute the salt-run command, pass in the argument string as it would be passed on the command line. run_run_plus: Execute Salt run and the salt run function and return the data from each in a dict run_key: Execute the salt-key command, pass in the argument string as it would be passed on the command line. run_cp: Execute salt-cp, pass in the argument string as it would be passed on the command line. run_call: Execute salt-call, pass in the argument string as it would be passed on the command line.</p><p>Examples</p><p>Module Example via ModuleCase Class Import the integration module, this module is already added to the python path by the test execution. Inherit from the integration.ModuleCase class. Now the workhorse method run_function can be used to test a module: import os import integration class TestModuleTest(integration.ModuleCase): ''' Validate the test module ''' def test_ping(self): ''' test.ping ''' self.assertTrue(self.run_function('test.ping'))</p><p> def test_echo(self): ''' test.echo ''' self.assertEqual(self.run_function('test.echo',['text']), 'text')</p><p>Shell Example via ShellCase Validating the shell commands can be done via shell tests:</p><p>25.19. Writing Tests 1297 Salt Documentation, Release 2014.7.6</p><p> import sys import shutil import tempfile import integration class KeyTest(integration.ShellCase): ''' Test salt-key script '''</p><p>_call_binary_ = 'salt-key'</p><p> def test_list(self): ''' test salt-key -L ''' data = self.run_key('-L') expect = [ 'Unaccepted Keys:', 'Accepted Keys:', 'minion', 'sub_minion', 'Rejected:', ''] self.assertEqual(data, expect)</p><p>is example veriﬁes that the salt-key command executes and returns as expected by making use of the run_key method.</p><p>Integration Test Files</p><p>Since using Salt largely involves conﬁguring states, editing ﬁles, and changing system data, the integration test suite contains a directory named files to aid in testing functions that require ﬁles. Various Salt integration tests use these example ﬁles to test against instead of altering system ﬁles and data. Each directory within tests/integration/files contain ﬁles that accomplish diﬀerent tasks, based on the needs of the integration tests using those ﬁles. For example, tests/integration/files/ssh is used to boot- strap the test runner for salt-ssh testing, while tests/integration/files/pillar contains ﬁles storing data needed to test various pillar functions. e tests/integration/files directory also includes an integration state tree. e integration state tree can be found at tests/integration/files/file/base. e following example demonstrates how integration ﬁles can be used with ModuleCase to test states: import os import shutil import integration</p><p>HFILE = os.path.join(integration.TMP, 'hosts') class HostTest(integration.ModuleCase): ''' Validate the host state '''</p><p>1298 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p> def setUp(self): shutil.copyfile(os.path.join(integration.FILES, 'hosts'), HFILE) super(HostTest, self).setUp()</p><p> def tearDown(self): if os.path.exists(HFILE): os.remove(HFILE) super(HostTest, self).tearDown()</p><p> def test_present(self): ''' host.present ''' name = 'spam.bacon' ip = '10.10.10.10' ret = self.run_state('host.present', name=name, ip=ip) result = self.state_result(ret) self.assertTrue(result) with open(HFILE) as fp_: output = fp_.read() self.assertIn('{0}\t\t{1}'.format(ip, name), output)</p><p>To access the integration ﬁles, a variable named integration.FILES points to the tests/integration/files directory. is is where the referenced host.present sls ﬁle resides. In addition to the static ﬁles in the integration state tree, the location integration.TMP can also be used to store temporary ﬁles that the test system will clean up when the execution ﬁnishes.</p><p>Destructive vs Non-Destructive Tests</p><p>Since Salt is used to change the seings and behavior of systems, one testing approach is to run tests that make actual changes to the underlying system. is is where the concept of destructive integration tests comes into play. Tests can be wrien to alter the system they are running on. is capability is what ﬁlls in the gap needed to properly test aspects of system management like package installation. Any test that changes the underlying system in any way, such as creating or deleting users, installing packages, or changing permissions should include the @destructive decorator to signal system changes and should be wrien with care. System changes executed within a destructive test should also be restored once the related tests have completed. For example, if a new user is created to test a module, the same user should be removed aer the test is completed to maintain system integrity. To write a destructive test, import and use the destructiveTest decorator for the test method: import integration from salttesting.helpers import destructiveTest class DestructiveExampleModuleTest(integration.ModuleCase): ''' Demonstrate a destructive test '''</p><p>@destructiveTest @skipIf(os.geteuid() != 0, 'you must be root to run this test') def test_user_not_present(self): ''' This is a DESTRUCTIVE TEST it creates a new user on the minion.</p><p>25.19. Writing Tests 1299 Salt Documentation, Release 2014.7.6</p><p>And then destroys that user. ''' ret = self.run_state('user.present', name='salt_test') self.assertSaltTrueReturn(ret) ret = self.run_state('user.absent', name='salt_test') self.assertSaltTrueReturn(ret)</p><p>Cloud Provider Tests</p><p>Cloud provider integration tests are used to assess Salt-Cloud`s ability to create and destroy cloud instances for various supported cloud providers. Cloud provider tests inherit from the ShellCase Integration Class. Any new cloud provider test ﬁles should be added to the tests/integration/cloud/providers/ direc- tory. Each cloud provider test ﬁle also requires a sample cloud proﬁle and cloud provider conﬁguration ﬁle in the integration test ﬁle directory located at tests/integration/files/conf/cloud.*.d/. e following is an example of the default proﬁle conﬁguration ﬁle for Digital Ocean, located at: tests/integration/files/conf/cloud.profiles.d/digital_ocean.conf: digitalocean-test: provider: digitalocean-config image: Ubuntu 14.04 x64 size: 512MB</p><p>Each cloud provider requires diﬀerent conﬁguration credentials. erefore, sensitive information such as API keys or passwords should be omied from the cloud provider conﬁguration ﬁle and replaced with an empty string. e necessary credentials can be provided by the user by editing the provider conﬁguration ﬁle before running the tests. e following is an example of the default provider conﬁguration ﬁle for Digital Ocean, located at: tests/integration/files/conf/cloud.providers.d/digital_ocean.conf: digitalocean-config: provider: digital_ocean client_key: '' api_key: '' location: New York 1</p><p>In addition to providing the necessary cloud proﬁle and provider ﬁles in the integration test suite ﬁle structure, appropriate checks for if the conﬁguration ﬁles exist and contain valid information are also required in the test class's setUp function: class LinodeTest(integration.ShellCase): ''' Integration tests for the Linode cloud provider in Salt-Cloud ''' def setUp(self): ''' Sets up the test requirements ''' super(LinodeTest, self).setUp()</p><p># check if appropriate cloud provider and profile files are present profile_str = 'linode-config:' provider = 'linode'</p><p>1300 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p> providers = self.run_cloud('--list-providers') if profile_str not in providers: self.skipTest( 'Configuration file for {0} was not found. Check {0}.conf files ' 'in tests/integration/files/conf/cloud.*.d/ to run these tests.' .format(provider) )</p><p># check if apikey and password are present path = os.path.join(integration.FILES, 'conf', 'cloud.providers.d', provider + '.conf') config = cloud_providers_config(path) api = config['linode-config']['linode']['apikey'] password = config['linode-config']['linode']['password'] if api == '' or password == '': self.skipTest( 'An api key and password must be provided to run these tests. Check ' 'tests/integration/files/conf/cloud.providers.d/{0}.conf'.format( provider ) )</p><p>Repeatedly creating and destroying instances on cloud providers can be costly. erefore, cloud provider tests are oﬀ by default and do not run automatically. To run the cloud provider tests, the --cloud-provider-tests ﬂag must be provided:</p><p>./tests/runtests.py --cloud-provider-tests</p><p>Since cloud provider tests do not run automatically, all provider tests must be preceded with the @expensiveTest decorator. e expensive test decorator is necessary because it signals to the test suite that the --cloud- provider-tests ﬂag is required to run the cloud provider tests. To write a cloud provider test, import and use the expensiveTest decorator for the test function: from salttesting.helpers import expensiveTest</p><p>@expensiveTest def test_instance(self): ''' Test creating an instance on Linode ''' name = 'linode-testing'</p><p># create the instance instance = self.run_cloud('-p linode-test {0}'.format(name)) str = ' {0}'.format(name)</p><p># check if instance with salt installed returned as expected try: self.assertIn(str, instance) except AssertionError: self.run_cloud('-d {0} --assume-yes'.format(name)) raise</p><p># delete the instance</p><p>25.19. Writing Tests 1301 Salt Documentation, Release 2014.7.6</p><p> delete = self.run_cloud('-d {0} --assume-yes'.format(name)) str = ' True' try: self.assertIn(str, delete) except AssertionError: raise</p><p>Writing Unit Tests</p><p>Introduction</p><p>Like many soware projects, Salt has two broad-based testing approaches -- integration testing and unit testing. While integration testing focuses on the interaction between components in a sandboxed environment, unit testing focuses on the singular implementation of individual functions.</p><p>Preparing to Write a Unit Test</p><p>is guide assumes you've followed the directions for seing up salt testing. Unit tests should be wrien to the following speciﬁcations: • All the tests for a speciﬁc module at salt/…/<module>.py need to be contained in a ﬁle called tests/unit/…/<module>_test.py, e.g. the tests for salt/modules/ﬁb.py need to be contained in a ﬁle called tests/unit/modules/ﬁb_test.py. • e tests within tests/unit/modules/ﬁb_test.py ﬁle must be member functions of a class which subclasses salesting.Testcase • Each external resource used in the code to be tested, such as function calls, external data either globally avail- able or passed in through the function arguments, ﬁle data, etc. needs to be mocked. • Each raise and return statement of the code to be tested needs to be separately and independently tested. • Test functions should contain only one test and contain all necessary mock data and mock code for that test. • Test functions should be named test_<fcn>_<test-name> where <fcn> is the name of the function being tested and <test-name> describes which raise or return within the function is being tested and whether that raise or return statement is considered a success or a failure condition. Most commonly, the following imports are necessary to create a unit test:</test-name></fcn></test-name></fcn></module></module></p><p># Import Salt Testing libs from salttesting import skipIf, TestCase from salttesting.helpers import ensure_in_syspath</p><p>If you need mock support to your tests, please also import: from salttesting.mock import NO_MOCK, NO_MOCK_REASON, MagicMock, patch, call</p><p>A Simple Example</p><p>Let's assume that we're testing a very basic function in an imaginary Salt execution module. Given a module called fib.py that has a function called `calculate(num_of_results)', which given a `num_of_results', produces a list of sequential Fibonacci numbers of that length.</p><p>1302 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>A unit test to test this function might be commonly placed in a ﬁle called tests/unit/modules/fib_test.py. e convention is to place unit tests for Salt execution modules in test/unit/modules/ and to name the tests module suﬃxed with _test.py. Tests are grouped around test cases, which are logically grouped sets of tests against a piece of functionality in the tested soware. Test cases are created as Python classes in the unit test module. To return to our example, here's how we might write the skeleton for testing fib.py:</p><p># Import Salt Testing libs from salttesting import TestCase</p><p># Import Salt execution module to test from salt.modules import fib</p><p># Create test case class and inherit from Salt's customized TestCase class FibTestCase(TestCase):</p><p>''' This class contains a set of functions that test salt.modules.fib. '''</p><p> def test_fib(self): ''' To create a unit test, we should prefix the name with `test_' so that it's recognized by the test runner. ''' fib_five = (0, 1, 1, 2, 3) self.assertEqual(fib.calculate(5), fib_five)</p><p>At this point, the test can now be run, either individually or as a part of a full run of the test runner. To ease development, a single test can be executed: tests/runtests.py -n unit.modules.fib_test</p><p>is will produce output indicating the success or failure of the tests in given test case. For more detailed results, one can also include a ﬂag to increase verbosity: tests/runtests.py -n unit.modules.fib_test -v</p><p>To review the results of a particular run, take a note of the log location given in the output for each test: Logging tests on /var/folders/nl/d809xbq577l3qrbj3ymtpbq80000gn/T/salt-runtests.log</p><p>Evaluating Truth</p><p>A longer discussion on the types of assertions one can make can be found by reading Python's documentation on unit testing.</p><p>Tests Using Mock Objects</p><p>In many cases, the very purpose of a Salt module is to interact with some external system, whether it be to control a database, manipulate ﬁles on a ﬁlesystem or many other examples. In these varied cases, it's necessary to design a unit test which can test the function whilst replacing functions which might actually call out to external systems.</p><p>25.19. Writing Tests 1303 Salt Documentation, Release 2014.7.6</p><p>One might think of this as ``blocking the exits'' for code under tests and redirecting the calls to external systems with our own code which produces known results during the duration of the test. To achieve this behavior, Salt makes heavy use of the MagicMock package. To understand how one might integrate Mock into writing a unit test for Salt, let's imagine a scenario in which we're testing an execution module that's designed to operate on a database. Furthermore, let's imagine two separate methods, here presented in pseduo-code in an imaginary execution module called `db.py. def create_user(username): qry = 'CREATE USER {0}'.format(username) execute_query(qry) def execute_query(qry): # Connect to a database and actually do the query...</p><p>Here, let's imagine that we want to create a unit test for the create_user function. In doing so, we want to avoid any calls out to an external system and so while we are running our unit tests, we want to replace the actual interaction with a database with a function that can capture the parameters sent to it and return pre-deﬁned values. erefore, our task is clear -- to write a unit test which tests the functionality of create_user while also replacing `execute_query' with a mocked function. To begin, we set up the skeleton of our class much like we did before, but with additional imports for MagicMock:</p><p># Import Salt Testing libs from salttesting import TestCase</p><p># Import Salt execution module to test from salt.modules import db</p><p># NEW! -- Import Mock libraries from salttesting.mock import NO_MOCK, NO_MOCK_REASON, MagicMock, patch, call</p><p># Create test case class and inherit from Salt's customized TestCase</p><p># Skip this test case if we don't have access to mock! @skipIf(NO_MOCK, NO_MOCK_REASON) class DbTestCase(TestCase): def test_create_user(self): # First, we replace 'execute_query' with our own mock function db.execute_query = MagicMock()</p><p># Now that the exits are blocked, we can run the function under test.</p><p> db.create_user('testuser')</p><p># We could now query our mock object to see which calls were made # to it. ## print db.execute_query.mock_calls</p><p>''' We want to test to ensure that the correct query was formed. This is a contrived example, just designed to illustrate the concepts at hand.</p><p>We're going to first construct a call() object that represents the way we expect our mocked execute_query() function to have been called. Then, we'll examine the list of calls that were actually</p><p>1304 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p> made to to execute_function().</p><p>By comparing our expected call to execute_query() with create_user()'s call to execute_query(), we can determine the success or failure of our unit test. '''</p><p> expected_call = call('CREATE USER testuser')</p><p># Do the comparison! Will assert False if execute_query() was not # called with the given call</p><p> db.execute_query.assert_has_calls(expected_call)</p><p>Modifying __salt__ In Place</p><p>At times, it becomes necessary to make modiﬁcations to a module's view of functions in its own __salt__ dictio- nary. Luckily, this process is quite easy. Below is an example that uses MagicMock's patch functionality to insert a function into __salt__ that's actually a MagicMock instance. def show_patch(self): with patch.dict(my_module.__salt__, {'function.to_replace': MagicMock()}: # From this scope, carry on with testing, with a modified __salt__!</p><p>A More Complete Example</p><p>Consider the following function from salt/modules/linux_sysctl.py. def get(name): ''' Return a single sysctl parameter for this minion</p><p>CLI Example:</p><p>.. code-block:: bash</p><p> salt '*' sysctl.get net.ipv4.ip_forward ''' cmd = 'sysctl -n {0}'.format(name) out = __salt__['cmd.run'](cmd) return out</p><p>is function is very simple, comprising only four source lines of code and having only one return statement, so we know only one test is needed. ere are also two inputs to the function, the name function argument and the call to __salt__['cmd.run'](), both of which need to be appropriately mocked. Mocking a function parameter is straightforward, whereas mocking a function call will require, in this case, the use of MagicMock. For added isolation, we will also redeﬁne the __salt__ dictionary such that it only contains 'cmd.run'.</p><p>25.19. Writing Tests 1305 Salt Documentation, Release 2014.7.6</p><p># Import Salt Libs from salt.modules import linux_sysctl</p><p># Import Salt Testing Libs from salttesting import skipIf, TestCase from salttesting.helpers import ensure_in_syspath from salttesting.mock import ( MagicMock, patch, NO_MOCK, NO_MOCK_REASON ) ensure_in_syspath('../../')</p><p># Globals linux_sysctl.__salt__ = {}</p><p>@skipIf(NO_MOCK, NO_MOCK_REASON) class LinuxSysctlTestCase(TestCase): ''' TestCase for salt.modules.linux_sysctl module '''</p><p> def test_get(self): ''' Tests the return of get function ''' mock_cmd = MagicMock(return_value=1) with patch.dict(linux_sysctl.__salt__, {'cmd.run': mock_cmd}): self.assertEqual(linux_sysctl.get('net.ipv4.ip_forward'), 1) if __name__ == '__main__': from integration import run_tests run_tests(LinuxSysctlTestCase, needs_daemon=False)</p><p>Since get() has only one raise or return statement and that statement is a success condition, the test func- tion is simply named test_get(). As described, the single function call parameter, name is mocked with net.ipv4.ip_forward and __salt__['cmd.run'] is replaced by a MagicMock function object. We are only interested in the return value of __salt__['cmd.run'], which MagicMock allows to be speciﬁed via return_value=1. Finally, the test itself tests for equality between the return value of get() and the ex- pected return of 1. is assertion is expected to succeed because get() will determine its return value from __salt__['cmd.run'], which we have mocked to return 1.</p><p>A Complex Example</p><p>Now consider the assign() function from the same salt/modules/linux_sysctl.py source ﬁle. def assign(name, value): ''' Assign a single sysctl parameter for this minion</p><p>CLI Example:</p><p>1306 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>.. code-block:: bash</p><p> salt '*' sysctl.assign net.ipv4.ip_forward 1 ''' value = str(value) sysctl_file = '/proc/sys/{0}'.format(name.replace('.', '/')) if not os.path.exists(sysctl_file): raise CommandExecutionError('sysctl {0} does not exist'.format(name))</p><p> ret = {} cmd = 'sysctl -w {0}="{1}"'.format(name, value) data = __salt__['cmd.run_all'](cmd) out = data['stdout'] err = data['stderr']</p><p># Example: # # sysctl -w net.ipv4.tcp_rmem="4096 87380 16777216" # net.ipv4.tcp_rmem = 4096 87380 16777216 regex = re.compile(r'^{0}\s+=\s+{1}$'.format(re.escape(name), re.escape(value)))</p><p> if not regex.match(out) or 'Invalid argument' in str(err): if data['retcode'] != 0 and err: error = err else: error = out raise CommandExecutionError('sysctl -w failed: {0}'.format(error)) new_name, new_value = out.split(' = ', 1) ret[new_name] = new_value return ret</p><p>is function contains two raise statements and one return statement, so we know that we will need (at least) three tests. It has two function arguments and many references to non-builtin functions. In the tests below you will see that MagicMock's patch() method may be used as a context manager or as a decorator. ere are three test functions, one for each raise and return statement in the source function. Each function is self- contained and contains all and only the mocks and data needed to test the raise or return statement it is concerned with.</p><p># Import Salt Libs from salt.modules import linux_sysctl from salt.exceptions import CommandExecutionError</p><p># Import Salt Testing Libs from salttesting import skipIf, TestCase from salttesting.helpers import ensure_in_syspath from salttesting.mock import ( MagicMock, patch, NO_MOCK, NO_MOCK_REASON ) ensure_in_syspath('../../')</p><p># Globals linux_sysctl.__salt__ = {}</p><p>25.19. Writing Tests 1307 Salt Documentation, Release 2014.7.6</p><p>@skipIf(NO_MOCK, NO_MOCK_REASON) class LinuxSysctlTestCase(TestCase): ''' TestCase for salt.modules.linux_sysctl module '''</p><p>@patch('os.path.exists', MagicMock(return_value=False)) def test_assign_proc_sys_failed(self): ''' Tests if /proc/sys/<kernel-subsystem> exists or not ''' cmd = {'pid': 1337, 'retcode': 0, 'stderr': '', 'stdout': 'net.ipv4.ip_forward = 1'} mock_cmd = MagicMock(return_value=cmd) with patch.dict(linux_sysctl.__salt__, {'cmd.run_all': mock_cmd}): self.assertRaises(CommandExecutionError, linux_sysctl.assign, 'net.ipv4.ip_forward', 1)</kernel-subsystem></p><p>@patch('os.path.exists', MagicMock(return_value=True)) def test_assign_cmd_failed(self): ''' Tests if the assignment was successful or not ''' cmd = {'pid': 1337, 'retcode': 0, 'stderr': 'sysctl: setting key "net.ipv4.ip_forward": Invalid argument', 'stdout': 'net.ipv4.ip_forward = backward'} mock_cmd = MagicMock(return_value=cmd) with patch.dict(linux_sysctl.__salt__, {'cmd.run_all': mock_cmd}): self.assertRaises(CommandExecutionError, linux_sysctl.assign, 'net.ipv4.ip_forward', 'backward')</p><p>@patch('os.path.exists', MagicMock(return_value=True)) def test_assign_success(self): ''' Tests the return of successful assign function ''' cmd = {'pid': 1337, 'retcode': 0, 'stderr': '', 'stdout': 'net.ipv4.ip_forward = 1'} ret = {'net.ipv4.ip_forward': '1'} mock_cmd = MagicMock(return_value=cmd) with patch.dict(linux_sysctl.__salt__, {'cmd.run_all': mock_cmd}): self.assertEqual(linux_sysctl.assign( 'net.ipv4.ip_forward', 1), ret) if __name__ == '__main__': from integration import run_tests run_tests(LinuxSysctlTestCase, needs_daemon=False)</p><p>25.20 raet</p><p># RAET # Reliable Asynchronous Event Transport Protocol</p><p>1308 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>25.20.1 Protocol</p><p>Layering: OSI Layers 7: Application: Format: Data (Stack to Application interface buﬀering etc) 6: Presentation: Format: Data (Encrypt- Decrypt convert to machine independent format) 5: Session: Format: Data (Interhost communications. Authenti- cation. Groups) 4: Transport: Format: Segments (Reliable delivery of Message, Transactions, Segmentation, Error checking) 3: Network: Format: Packets/Datagrams (Addressing Routing) 2: Link: Format: Frames ( Reliable per frame communications connection, Media access controller ) 1: Physical: Bits (Transceiver communication connec- tion not reliable) Link is hidden from Raet Network is IP host address and Udp Port Transport is Raet transactions, service kind, tail error checking, Could include header signing as part of transport reliable delivery serialization of header Session is session id key exchange for signing. Grouping is Road (like 852 channel) Presentation is Encrypt Decrypt body Serialize Deserialize Body Application is body data dictionary Header signing spans both the Transport and Session layers.</p><p>25.20.2 Header</p><p>JSON Header (Tradeoﬀ some processing speed for extensibility, ease of use, readability) Body initially JSON but support for ``packed'' binary body</p><p>25.20.3 Packet</p><p>Header ASCII Safe JSON Header termination: Empty line given by double pair of carriage return linefeed /r/n/r/n 10 13 10 13 ADAD 1010 1101 1010 1101 In json carriage return and newline characters cannot appear in a json encoded string unless they are escaped with backslash, so the 4 byte combination is illegal in valid json that does not have multi-byte unicode characters. ese means the header must be ascii safe so no multibyte utf-8 strings allowed in header. Following Header Terminator is variable length signature block. is is binary and the length is provided in the header. Following the signature block is the packet body or data. is may either be JSON or packed binary. e format is given in the json header Finally is an optional tail block for error checking or encryption details</p><p>25.20.4 Header Fields</p><p>In UDP header sh = source host sp = source port dh = destination host dp = destination port In RAET Header hk = header kind hl = header length vn = version number sd = Source Device ID dd = Destination Device ID cf = Corresponder Flag mf = Multicast Flag si = Session ID ti = Transaction ID</p><p>25.20. raet 1309 Salt Documentation, Release 2014.7.6</p><p> sk = Service Kind pk = Packet Kind bf = Burst Flag (Send all Segments or Ordered packets without interleaved acks) oi = Order Index dt = DateTime Stamp sn = Segment Number sc = Segment Count pf = Pending Segment Flag af = All Flag (Resent all Segments not just one) nk = Auth header kind nl = Auth header length bk = body kind bl = body length tk = tail kind tl = tail length fg = ﬂags paed (Flags) Default `00' hex string 2 byte Hex string with bits (0, 0, af, pf, 0, bf, mf, c) Zeros are TBD ﬂags</p><p>25.20.5 Session Bootstrap</p><p>Minion sends packet with SID of Zero with public key of minions Public Private Key pair Master acks packet with SID of Zero to let minion know it received the request Some time later Master sends packet with SID of zero that accepts the Minion Minion</p><p>25.20.6 Session</p><p>Session is important for security. Want one session opened and then multiple transactions within session. Session ID SID sid GUID hash to guarantee uniqueness since no guarantee of nonvolatile storage or require ﬁle storage to keep last session ID used.</p><p>25.20.7 Service Types or Modular Services</p><p>Four Service Types 1. One or more maybe (unacknowledged repeat) maybe means no guarantee 2. Exactly one at most (a with retries) (duplicate detection idempotent) at most means ﬁxed number of re- tries has ﬁnite probability of failing B1) ﬁnite retries B2) inﬁnite retries with exponential back-oﬀ up to a maximum delay 3. Exactly one of sequence at most (sequence numbered) Receiver requests retry of missing packet with same B1 or B2 retry type 4. End to End (Application layer Request Response) is is two B sub transactions Initially unicast messaging Eventually support for Multicast e use case for C) is to fragment large packets as once a UDP packet exceeds the frame size its reliability goes way down So its more reliable to fragment large packets. Beer approach might be to have more modularity. Services Levels 1. Maybe one or more (a) Fire and forget no transaction either side (b) Repeat, no a, no dupdet repeat counter send side, no transaction on receive side</p><p>1310 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>(c) Repeat, no A, dupdet repeat counter send side, dup detection transaction receive side 2. More or Less Once (a) retry ﬁnite, a no dupdet retry timer send side, ﬁnite number of retires ack receive side no dupdet 3. At most Once (a) retry ﬁnite, a, dupdet retry timer send side, ﬁnite number of retires ack receive side dupdet 4. Exactly once (a) a retry retry timer send side, ack and duplicate detection receive side Inﬁnite retries with expo- nential backoﬀ 5. Sequential sequence number (a) reorder escrow (b) Segmented packets 6. request response to application layer Service Features 1. repeats 2. ack retry transaction id 3. sequence number duplicate detection out of order detection sequencing 4. rep-req Always include transaction id since multiple transactions on same port So get duplicate detection for free if keep transaction alive but if use A) Maybe one or more B1) At Least One B2) Exactly One C) One of sequence D) End to End A) Sender creates transaction id for number of repeats but receiver does not keep transaction alive B1) Sender creates transaction id keeps it for retries. Receiver keeps it to send ack then kills so retry could be duplicate not detected B2) Sender creates transaction id keeps for retries Receiver keeps tid for acks on any retires so no duplicates. C) Sender creates TID and Sequence Number. Receiver checks for out of order sequence and can request retry. D) Application layer sends response. So question is do we keep transaction open or have response be new transaction. No because then we need a rep-req ID so might as well use the same transaction id. Just keep alive until get response. Lile advantage to B1 vs B2 not having duplicates. So 4 service types 1. Maybe one or more (unacknowledged repeat) 2. Exactly One (At most one) (ack with retry) (duplicate detection idempotent) 3. One of Sequence (sequence numbered) 4. End to End Also multicast or unicast Modular Transaction Table</p><p>25.20. raet 1311 Salt Documentation, Release 2014.7.6</p><p>Sender Side: Transaction ID plus transaction source sender or receiver generated transaction id Repeat Counter Retry Timer Retry Counter (ﬁnite retries) Redo Timer (inﬁnite redos with exponential backo) Sequence num- ber without acks (look for resend requests) Sequence with ack (wait for ack before sending next in sequence) Segmentation Receiver Side: Nothing just accept packet Acknowledge (can delete transaction aer acknowledge) No duplicate de- tection Transaction timeout (keep transaction until timeout) Duplicate detection save transaction id duplicate detection timeout Request resend of missing packet in sequence Sequence reordering with escrow timeout wait escrow before requesting resend Unsegmentation (request resends of missing segment)</p><p>25.21 SaltStack Git Policy</p><p>e SaltStack team follows a git policy to maintain stability and consistency with the repository. e git policy has been developed to encourage contributions and make contributing to Salt as easy as possible. Code contributors to SaltStack projects DO NOT NEED TO READ THIS DOCUMENT, because all contributions come into SaltStack via a single gateway to make it as easy as possible for contributors to give us code. e primary rule of git management in SaltStack is to make life easy on contributors and developers to send in code. Simplicity is always a goal!</p><p>25.21.1 New Code Entry</p><p>All new SaltStack code is posted to the develop branch, which is the single point of entry. e only exception is when a bugﬁx to develop cannot be cleanly merged into a release branch and the bugﬁx needs to be rewrien for the release branch.</p><p>25.21.2 Release Branching</p><p>SaltStack maintains two types of releases, Feature Releases and Point Releases. A feature release is managed by incrementing the ﬁrst or second release point number, so 0.10.5 -&gt; 0.11.0 signiﬁes a feature release and 0.11.0 -&gt; 0.11.1 signiﬁes a point release, also a hypothetical 0.42.7 -&gt; 1.0.0 would also signify a feature release.</p><p>Feature Release Branching</p><p>Each feature release is maintained in a dedicated git branch derived from the last applicable release commit on develop. All ﬁle changes relevant to the feature release will be completed in the develop branch prior to the creation of the feature release branch. e feature release branch will be named aer the relevant numbers to the feature release, which constitute the ﬁrst two numbers. is means that the release branch for the 0.11.0 series is named 0.11. A feature release branch is created with the following command:</p><p># git checkout -b 0.11 # From the develop branch # git push origin 0.11</p><p>Point Releases</p><p>Each point release is derived from its parent release branch. Constructing point releases is a critical aspect of Salt development and is managed by members of the core development team. Point releases comprise bug and security</p><p>1312 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>ﬁxes which are cherry picked from develop onto the aforementioned release branch. At the time when a core developer accepts a pull request a determination needs to be made if the commits in the pull request need to be backported to the release branch. Some simple criteria are used to make this determination: • Is this commit ﬁxing a bug? Backport • Does this commit change or add new features in any way? Don't backport • Is this a PEP8 or code cleanup commit? Don't backport • Does this commit ﬁx a security issue? Backport Determining when a point release is going to be made is up to the project leader (omas Hatch). Generally point releases are made every 1-2 weeks or if there is a security ﬁx they can be made sooner. e point release is only designated by tagging the commit on the release branch with release number using the existing convention (version 0.11.1 is tagged with v0.11.1). From the tag point a new source tarball is generated and published to PyPI, and a release announcement is made.</p><p>25.22 Salt Conventions</p><p>25.22.1 Writing Salt Documentation</p><p>Salt's documentation is built using the Sphinx documentation system. It can be build in a large variety of output formats including HTML, PDF, ePub, and manpage. All the documentation is contained in the main Salt repository. Speaking broadly, most of the narrative docu- mentation is contained within the hps://github.com/saltstack/salt/blob/develop/doc subdirectory and most of the reference and API documentation is wrien inline with Salt's Python code and extracted using a Sphinx extension.</p><p>Style</p><p>e Salt project recommends the IEEE style guide as a general reference for writing guidelines. ose guidelines are not strictly enforced but rather serve as an excellent resource for technical writing questions. e NCBI style guide is another very approachable resource.</p><p>Point-of-view</p><p>Use third-person perspective and avoid ``I'', ``we'', ``you'' forms of address. Identify the addressee speciﬁcally e.g., ``users should'', ``the compiler does'', etc.</p><p>Active voice</p><p>Use active voice and present-tense. Avoid ﬁller words.</p><p>Title capitalization</p><p>Document titles and section titles within a page should follow normal sentence capitalization rules. Words that are capitalized as part of a regular sentence should be capitalized in a title and otherwise le as lowercase. Punctuation can be omied unless it aids the intent of the title (e.g., exclamation points or question marks). For example:</p><p>25.22. Salt Conventions 1313 Salt Documentation, Release 2014.7.6</p><p>This is a main heading ======</p><p>Paragraph.</p><p>This is an exciting sub-heading! ------</p><p>Paragraph.</p><p>Documenting modules</p><p>Documentation for Salt's various module types is inline in the code. During the documentation build process it is extracted and formaed into the ﬁnal HTML, PDF, etc format.</p><p>Inline documentation</p><p>Python has special multi-line strings called docstrings as the ﬁrst element in a function or class. ese strings allow documentation to live alongside the code and can contain special formaing. For example: def myfunction(value): ''' Upper-case the given value</p><p>Usage:</p><p>.. code-block:: python</p><p> val = 'a string' new_val = myfunction(val) print(new_val) # 'A STRING'</p><p>:param value: a string :return: a copy of ``value`` that has been upper-cased ''' return value.upper()</p><p>Specify a release for additions or changes</p><p>New functions or changes to existing functions should include a marker that denotes what Salt release will be af- fected. For example: def myfunction(value): ''' Upper-case the given value</p><p>.. versionadded:: 2014.7.0</p><p>&lt;...snip...&gt; ''' return value.upper()</p><p>1314 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>For changes to a function: def myfunction(value, strip=False): ''' Upper-case the given value</p><p>.. versionchanged:: Boron Added a flag to also strip whitespace from the string.</p><p>&lt;...snip...&gt; ''' if strip: return value.upper().strip() return value.upper()</p><p>Adding module documentation to the index</p><p>Each module type has an index listing all modules of that type. For example: Full list of builtin execution modules, Full list of builtin state modules, Full list of builtin renderer modules. New modules must be added to the index manually. 1. Edit the ﬁle for the module type: execution modules, state modules, renderer modules, etc. 2. Add the new module to the alphebetized list. 3. Build the documentation which will generate an .rst ﬁle for the new module in the same directory as the index.rst. 4. Commit the changes to index.rst and the new .rst ﬁle and send a pull request.</p><p>Cross-references</p><p>e Sphinx documentation system contains a wide variety of cross-referencing capabilities.</p><p>Glossary entries</p><p>Link to glossary entries using the term role. A cross-reference should be added the ﬁrst time a Salt-speciﬁc term is used in a document.</p><p>A common way to encapsulate master-side functionality is by writing a custom :term:`Runner Function`. Custom Runner Functions are easy to write.</p><p>Index entries</p><p>Sphinx automatically generates many kind of index entries but it is occasionally useful to manually add items to the index. One method is to use the index directive above the document or section that should appear in the index.</p><p>.. index:: ! Event, event bus, event system see: Reactor; Event</p><p>25.22. Salt Conventions 1315 Salt Documentation, Release 2014.7.6</p><p>Another method is to use the index role inline with the text that should appear in the index. e index entry is created and the target text is le otherwise intact.</p><p>Information about the :index:`Salt Reactor` ------</p><p>Paragraph.</p><p>Documents and sections</p><p>Each document should contain a unique top-level label of the form:</p><p>.. _my-page:</p><p>My page ======</p><p>Paragraph.</p><p>Unique labels can be linked using the ref role. is allows cross-references to survive document renames or move- ment.</p><p>For more information see :ref:`my-page`.</p><p>Note, the :doc: role should not be used to link documents together.</p><p>Modules</p><p>Cross-references to Salt modules can be added using Sphinx's Python domain roles. For example, to create a link to the test.ping function:</p><p>A useful execution module to test active communication with a minion is the :py:func:`test.ping <salt.modules.test.ping>` function.</salt.modules.test.ping></p><p>Salt modules can be referenced as well:</p><p>The :py:mod:`test module <salt.modules.test>` contains many useful functions for inspecting an active Salt connection.</salt.modules.test></p><p>e same syntax works for all modules types:</p><p>One of the workhorse state module functions in Salt is the :py:func:`file.managed <salt.states.file.managed>` function.</salt.states.file.managed></p><p>1316 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>Seings</p><p>Individual seings in the Salt Master or Salt Minion conﬁguration ﬁles are cross-referenced using two custom roles, conf_master and conf_minion.</p><p>The :conf_minion:`minion ID <id>` setting is a unique identifier for a single minion.</id></p><p>Building the documentation</p><p>1. Install Sphinx using a system package manager or pip. e package name is oen of the form python- sphinx. ere are no other dependencies. 2. Build the documentation using the provided Makeﬁle or .bat ﬁle on Windows.</p><p> cd /path/to/salt/doc make html</p><p>3. e generated documentation will be wrien to the doc/_build/<format> directory. 4. A useful method of viewing the HTML documentation locally is the start Python's built-in HTTP server:</format></p><p> cd /path/to/salt/doc/_build/html python -m SimpleHTTPServer</p><p>en pull up the documentation in a web browser at hp://localhost:8000/.</p><p>25.22.2 Salt Formulas</p><p>Formulas are pre-wrien Salt States. ey are as open-ended as Salt States themselves and can be used for tasks such as installing a package, conﬁguring and starting a service, seing up users or permissions, and many other common tasks. All oﬃcial Salt Formulas are found as separate Git repositories in the ``saltstack-formulas'' organization on GitHub: hps://github.com/saltstack-formulas As a simple example, to install the popular Apache web server (using the normal defaults for the underlying distro) simply include the apache-formula from a top ﬁle: base: 'web*': - apache</p><p>Installation</p><p>Each Salt Formula is an individual Git repository designed as a drop-in addition to an existing Salt State tree. For- mulas can be installed in the following ways.</p><p>25.22. Salt Conventions 1317 Salt Documentation, Release 2014.7.6</p><p>Adding a Formula as a GitFS remote</p><p>One design goal of Salt's GitFS ﬁleserver backend was to facilitate reusable States. GitFS is a quick and natural way to use Formulas. 1. Install and conﬁgure GitFS. 2. Add one or more Formula repository URLs as remotes in the gitfs_remotes list in the Salt Master conﬁg- uration ﬁle:</p><p> gitfs_remotes: - https://github.com/saltstack-formulas/apache-formula - https://github.com/saltstack-formulas/memcached-formula</p><p>We strongly recommend forking a formula repository into your own GitHub account to avoid unexpected changes to your infrastructure. Many Salt Formulas are highly active repositories so pull new changes with care. Plus any additions you make to your fork can be easily sent back upstream with a quick pull request! 3. Restart the Salt master.</p><p>Adding a Formula directory manually</p><p>Formulas are simply directories that can be copied onto the local ﬁle system by using Git to clone the repository or by downloading and expanding a tarball or zip ﬁle of the repository. e directory structure is designed to work with file_roots in the Salt master conﬁguration. 1. Clone or download the repository into a directory:</p><p> mkdir -p /srv/formulas cd /srv/formulas git clone https://github.com/saltstack-formulas/apache-formula.git</p><p># or</p><p> mkdir -p /srv/formulas cd /srv/formulas wget https://github.com/saltstack-formulas/apache-formula/archive/master.tar.gz tar xf apache-formula-master.tar.gz</p><p>2. Add the new directory to file_roots:</p><p> file_roots: - /srv/salt - /srv/formulas/apache-formula</p><p>3. Restart the Salt Master.</p><p>Usage</p><p>Each Formula is intended to be immediately usable with sane defaults without any additional conﬁguration. Many formulas are also conﬁgurable by including data in Pillar; see the pillar.example ﬁle in each Formula repository for available options.</p><p>1318 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>Including a Formula in an existing State tree</p><p>Formula may be included in an existing sls ﬁle. is is oen useful when a state you are writing needs to require or extend a state deﬁned in the formula. Here is an example of a state that uses the epel-formula in a require declaration which directs Salt to not install the python26 package until aer the EPEL repository has also been installed:</p><p> include: - epel</p><p> python26: pkg.installed: - require: - pkg: epel</p><p>Including a Formula from a Top File</p><p>Some Formula perform completely standalone installations that are not referenced from other state ﬁles. It is usually cleanest to include these Formula directly from a Top File. For example the easiest way to set up an OpenStack deployment on a single machine is to include the openstack- standalone-formula directly from a top.sls ﬁle:</p><p> base: 'myopenstackmaster': - openstack</p><p>ickly deploying OpenStack across several dedicated machines could also be done directly from a Top File and may look something like this:</p><p> base: 'controller': - openstack.horizon - openstack.keystone 'hyper-*': - openstack.nova - openstack.glance 'storage-*': - openstack.swift</p><p>Configuring Formula using Pillar</p><p>Salt Formulas are designed to work out of the box with no additional conﬁguration. However, many Formula support additional conﬁguration and customization through Pillar. Examples of available options can be found in a ﬁle named pillar.example in the root directory of each Formula repository.</p><p>Using Formula with your own states</p><p>Remember that Formula are regular Salt States and can be used with all Salt's normal state mechanisms. Formula can be required from other States with require declarations, they can be modiﬁed using extend, they can made to watch other states with e _in versions of requisites.</p><p>25.22. Salt Conventions 1319 Salt Documentation, Release 2014.7.6</p><p>e following example uses the stock apache-formula alongside a custom state to create a vhost on a Debian/Ubuntu system and to reload the Apache service whenever the vhost is changed.</p><p># Include the stock, upstream apache formula. include: - apache</p><p># Use the watch_in requisite to cause the apache service state to reload # apache whenever the my-example-com-vhost state changes. my-example-com-vhost: file: - managed - name: /etc/apache2/sites-available/my-example-com - watch_in: - service: apache</p><p>Don't be shy to read through the source for each Formula!</p><p>Reporting problems &amp; making additions</p><p>Each Formula is a separate repository on GitHub. If you encounter a bug with a Formula please ﬁle an issue in the respective repository! Send ﬁxes and additions as a pull request. Add tips and <a class="als" href="https://tipsdex.com" title="tricks" target="_blank" rel="noopener">tricks</a> to the repository wiki.</p><p>Writing Formulas</p><p>Each Formula is a separate repository in the saltstack-formulas organization on GitHub.</p><p>Note: Get involved creating new Formulas e best way to create new Formula repositories for now is to create a repository in your own account on GitHub and notify a SaltStack employee when it is ready. We will add you to the contributors team on the saltstack-formulas organization and help you transfer the repository over. Ping a SaltStack employee on IRC (#salt on Freenode) or send an email to the salt-users mailing list. ere are a lot of repositories in that organization! Team members can manage which repositories they are subscribed to on GitHub's watching page: hps://github.com/watching.</p><p>Style</p><p>Maintainability, readability, and reusability are all marks of a good Salt sls ﬁle. is section contains several sugges- tions and examples.</p><p># Deploy the stable master branch unless version overridden by passing # Pillar at the CLI or via the Reactor. deploy_myapp: git.latest: - name: git@github.com/myco/myapp.git - version: {{ salt.pillar.get('myapp:version', 'master') }}</p><p>1320 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>Use a descriptive State ID e ID of a state is used as a unique identiﬁer that may be referenced via other states in requisites. It must be unique across the whole state tree (it is a key in a dictionary, aer all). In addition a state ID should be descriptive and serve as a high-level hint of what it will do, or manage, or change. For example, deploy_webapp, or apache, or reload_firewall.</p><p>Use module.function notation So-called ``short-declaration'' notation is preferred for referencing state mod- ules and state functions. It provides a consistent paern of module.function shared between Salt States, the Reactor, Overstate, Salt Mine, the Scheduler, as well as with the CLI.</p><p># Do apache: pkg.installed: - name: httpd</p><p># Don't apache: pkg: - installed - name: httpd</p><p>Salt's state compiler will transform ``short-decs'' into the longer format when compiling the human-friendly highstate structure into the machine-friendly lowstate structure.</p><p>Specify the name parameter Use a unique and permanent identiﬁer for the state ID and reserve name for data with variability. e name declaration is a required parameter for all state functions. e state ID will implicitly be used as name if it is not explicitly set in the state. In many state functions the name parameter is used for data that varies such as OS-speciﬁc package names, OS- speciﬁc ﬁle system paths, repository addresses, etc. Any time the ID of a state changes all references to that ID must also be changed. Use a permanent ID when writing a state the ﬁrst time to future-proof that state and allow for easier refactors down the road.</p><p>Comment state ﬁles YAML allows comments at varying indentation levels. It is a good practice to comment state ﬁles. Use vertical whitespace to visually separate diﬀerent concepts or actions.</p><p># Start with a high-level description of the current sls file. # Explain the scope of what it will do or manage.</p><p># Comment individual states as necessary. update_a_config_file: # Provide details on why an unusual choice was made. For example: # # This template is fetched from a third-party and does not fit our # company norm of using Jinja. This must be processed using Mako. file.managed: - name: /path/to/file.cfg - source: salt://path/to/file.cfg.template - template: mako</p><p># Provide a description or explanation that did not fit within the state # ID. For example: #</p><p>25.22. Salt Conventions 1321 Salt Documentation, Release 2014.7.6</p><p># Update the application's last-deployed timestamp. # This is a workaround until Bob configures Jenkins to automate RPM # builds of the app. cmd.run: # FIXME: Joe needs this to run on Windows by next quarter. Switch these # from shell commands to Salt's file.managed and file.replace state # modules. - name: | touch /path/to/file_last_updated sed -e 's/foo/bar/g' /path/to/file_environment - onchanges: - file: a_config_file</p><p>Be careful to use Jinja comments for commenting Jinja code and YAML comments for commenting YAML code.</p><p># BAD EXAMPLE # The Jinja in this YAML comment is still executed! # {% set apache_is_installed = 'apache' in salt.pkg.list_pkgs() %}</p><p># GOOD EXAMPLE # The Jinja in this Jinja comment will not be executed. {# {% set apache_is_installed = 'apache' in salt.pkg.list_pkgs() %} #}</p><p>Easy on the Jinja!</p><p>Jinja templating provides vast ﬂexibility and power when building Salt sls ﬁles. It can also create an unmaintainable tangle of logic and data. Speaking broadly, Jinja is best used when kept apart from the states (as much as is possible). Below are guidelines and examples of how Jinja can be used eﬀectively.</p><p>Know the evaluation and execution order High-level knowledge of how Salt states are compiled and run is useful when writing states. e default renderer seing in Salt is Jinja piped to YAML. Each is a separate step. Each step is not aware of the previous or following step. Jinja is not YAML aware, YAML is not Jinja aware; they cannot share variables or interact. • Whatever the Jinja step produces must be valid YAML. • Whatever the YAML step produces must be a valid highstate data structure. (is is also true of the ﬁnal step for any of the alternate renderers in Salt.) • Highstate can be thought of as a human-friendly data structure; easy to write and easy to read. • Salt's state compiler validates the highstate and compiles it to low state. • Low state can be thought of as a machine-friendly data structure. It is a list of dictionaries that each map directly to a function call. • Salt's state system ﬁnally starts and executes on each ``chunk'' in the low state. Remember that requisites are evaluated at runtime. • e return for each function call is added to the ``running'' dictionary which is the ﬁnal output at the end of the state run. e full evaluation and execution order:</p><p>1322 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>Jinja -&gt; YAML -&gt; Highstate -&gt; low state -&gt; execution</p><p>Avoid anging the underlying system with Jinja Avoid calling commands from Jinja that change the underlying system. Commands run via Jinja do not respect Salt's dry-run mode (test=True)! is is usually in conﬂict with the idempotent nature of Salt states unless the command being run is also idempotent.</p><p>Inspect the local system A common use for Jinja in Salt states is to gather information about the underlying system. e grains dictionary available in the Jinja context is a great example of common data points that Salt itself has already gathered. Less common values are oen found by running commands. For example:</p><p>{% set is_selinux_enabled = salt.cmd.run('sestatus') == '1' %}</p><p>is is usually best done with a variable assignment in order to separate the data from the state that will make use of the data.</p><p>Gather external data One of the most common uses for Jinja is to pull external data into the state ﬁle. External data can come from anywhere like API calls or database queries, but it most commonly comes from ﬂat ﬁles on the ﬁle system or Pillar data from the Salt Master. For example:</p><p>{% set some_data = salt.pillar.get('some_data', {'sane default': True}) %}</p><p>{# or #}</p><p>{% load_json 'path/to/file.json' as some_data %}</p><p>{# or #}</p><p>{% load_text 'path/to/ssh_key.pub' as ssh_pub_key %}</p><p>{# or #}</p><p>{% from 'path/to/other_file.jinja' import some_data with context %}</p><p>is is usually best done with a variable assignment in order to separate the data from the state that will make use of the data.</p><p>Light conditionals and looping Jinja is extremely powerful for programatically generating Salt states. It is also easy to overuse. As a rule of thumb, if it is hard to read it will be hard to maintain! Separate Jinja control-ﬂow statements from the states as much as is possible to create readable states. Limit Jinja within states to simple variable lookups. Below is a simple example of a readable loop:</p><p>{% for user in salt.pillar.get('list_of_users', []) %}</p><p>{# Ensure unique state IDs when looping. #} {{ user.name }}-{{ loop.index }}: user.present: - name: {{ user.name }} - shell: {{ user.shell }}</p><p>25.22. Salt Conventions 1323 Salt Documentation, Release 2014.7.6</p><p>{% endfor %}</p><p>Avoid puing a Jinja conditionals within Salt states where possible. Readability suﬀers and the correct YAML inden- tation is diﬃcult to see in the surrounding visual noise. Parameterization (discussed below) and variables are both useful techniques to avoid this. For example:</p><p>{# ---- Bad example ---- #} apache: pkg.installed: {% if grains.os_family == 'RedHat' %} - name: httpd {% elif grains.os_family == 'Debian' %} - name: apache2 {% endif %}</p><p>{# ---- Better example ---- #}</p><p>{% if grains.os_family == 'RedHat' %} {% set name = 'httpd' %} {% elif grains.os_family == 'Debian' %} {% set name = 'apache2' %} {% endif %}</p><p> apache: pkg.installed: - name: {{ name }}</p><p>{# ---- Good example ---- #}</p><p>{% set name = { 'RedHat': 'httpd', 'Debian': 'apache2', }.get(grains.os_family) %}</p><p> apache: pkg.installed: - name: {{ name }}</p><p>Dictionaries are useful to eﬀectively ``namespace'' a collection of variables. is is useful with parameterization (discussed below). Dictionaries are also easily combined and merged. And they can be directly serialized into YAML which is oen easier than trying to create valid YAML through templating. For example:</p><p>{# ---- Bad example ---- #} haproxy_conf: file.managed: - name: /etc/haproxy/haproxy.cfg - template: jinja {% if 'external_loadbalancer' in grains.roles %} - source: salt://haproxy/external_haproxy.cfg {% elif 'internal_loadbalancer' in grains.roles %} - source: salt://haproxy/internal_haproxy.cfg {% endif %} - context: {% if 'external_loadbalancer' in grains.roles %}</p><p>1324 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p> ssl_termination: True {% elif 'internal_loadbalancer' in grains.roles %} ssl_termination: False {% endif %}</p><p>{# ---- Better example ---- #}</p><p>{% load_yaml as haproxy_defaults %} common_settings: bind_port: 80 internal_loadbalancer: source: salt://haproxy/internal_haproxy.cfg settings: bind_port: 8080 ssl_termination: False external_loadbalancer: source: salt://haproxy/external_haproxy.cfg settings: ssl_termination: True {% endload %}</p><p>{% if 'external_loadbalancer' in grains.roles %} {% set haproxy = haproxy_defaults['external_loadbalancer'] %} {% elif 'internal_loadbalancer' in grains.roles %} {% set haproxy = haproxy_defaults['internal_loadbalancer'] %} {% endif %}</p><p>{% do haproxy.settings.update(haproxy_defaults.common_settings) %} haproxy_conf: file.managed: - name: /etc/haproxy/haproxy.cfg - template: jinja - source: {{ haproxy.source }} - context: {{ haproxy.settings | yaml() }}</p><p>ere is still room for improvement in the above example. For example, extracting into an external ﬁle or replacing the if-elif conditional with a function call to ﬁlter the correct data more succinctly. However, the state itself is simple and legible, the data is separate and also simple and legible. And those suggested improvements can be made at some future date without altering the state at all!</p><p>Avoid heavy logic and programming Jinja is not Python. It was made by Python programmers and shares many semantics and some syntax but it does not allow for abitrary Python function calls or Python imports. Jinja is a fast and eﬃcient templating language but the syntax can be verbose and visually noisy. Once Jinja use within an sls ﬁle becomes slightly complicated -- long chains of if-elif-elif-else statements, nested conditionals, complicated dictionary merges, wanting to use sets -- instead consider using a diﬀerent Salt renderer, such as the Python renderer. As a rule of thumb, if it is hard to read it will be hard to maintain -- switch to a format that is easier to read. Using alternate renderers is very simple to do using Salt's ``she-bang'' syntax at the top of the ﬁle. e Python renderer must simply return the correct highstate data structure. e following example is a state tree of two sls ﬁles, one simple and one complicated. /srv/salt/top.sls:</p><p>25.22. Salt Conventions 1325 Salt Documentation, Release 2014.7.6</p><p> base: '*': - common_configuration - roles_configuration</p><p>/srv/salt/common_configuration.sls: common_users: user.present: - names: [larry, curly, moe]</p><p>/srv/salt/roles_configuration:</p><p>#!py def run(): list_of_roles = set()</p><p># This example has the minion id in the form 'web-03-dev'. # Easily access the grains dictionary: try: app, instance_number, environment = __grains__['id'].split('-') instance_number = int(instance_number) except ValueError: app, instance_number, environment = ['Unknown', 0, 'dev']</p><p> list_of_roles.add(app)</p><p> if app == 'web' and environment == 'dev': list_of_roles.add('primary') list_of_roles.add('secondary') elif app == 'web' and environment == 'staging': if instance_number == 0: list_of_roles.add('primary') else: list_of_roles.add('secondary')</p><p># Easily cross-call Salt execution modules: if __salt__['myutils.query_valid_ec2_instance'](): list_of_roles.add('is_ec2_instance')</p><p> return { 'set_roles_grains':{ 'grains.present':[ {'name': 'roles'}, {'value': list(list_of_roles)}, ], }, }</p><p>Jinja Macros In Salt sls ﬁles Jinja macros are useful for one thing and one thing only: creating mini templates that can be reused and rendered on demand. Do not fall into the trap of thinking of macros as functions; Jinja is not Python (see above). Macros are useful for creating reusable, parameterized states. For example:</p><p>1326 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>{% macro user_state(state_id, user_name, shell='/bin/bash', groups=[]) %} {{ state_id }}: user.present: - name: {{ user_name }} - shell: {{ shell }} - groups: {{ groups | json() }} {% endmacro %}</p><p>{% for user_info in salt.pillar.get('my_users', []) %} {{ user_state('user_number_' ~ loop.index, **user_info) }} {% endfor %}</p><p>Macros are also useful for creating one-oﬀ ``serializers'' that can accept a data structure and write that out as a domain-speciﬁc conﬁguration ﬁle. For example, the following macro could be used to write a php.ini conﬁg ﬁle: /srv/salt/php.sls: php_ini: file.managed: - name: /etc/php.ini - source: salt://php.ini.tmpl - template: jinja - context: php_ini_settings: {{ salt.pillar.get('php_ini', {}) | json() }}</p><p>/srv/pillar/php.sls:</p><p>PHP: engine: 'On' short_open_tag: 'Off' error_reporting: 'E_ALL &amp; ~E_DEPRECATED &amp; ~E_STRICT'</p><p>/srv/salt/php.ini.tmpl:</p><p>{% macro php_ini_serializer(data) %} {% for section_name, name_val_pairs in data.items() %} [{{ section }}] {% for name, val in name_val_pairs.items() %} {{ name }} = "{{ val }}" {% endfor %} {% endfor %} {% endmacro %}</p><p>; File managed by Salt at &lt;{{ source }}&gt;. ; Your changes will be overwritten.</p><p>{{ php_ini_serializer(php_ini_settings) }}</p><p>Abstracting static defaults into a lookup table</p><p>Separate data that a state uses from the state itself to increases the ﬂexibility and reusability of a state. An obvious and common example of this is platform-speciﬁc package names and ﬁle system paths. Another example is sane defaults for an application, or common seings within a company or organization. Organizing such data as a</p><p>25.22. Salt Conventions 1327 Salt Documentation, Release 2014.7.6</p><p> dictionary (aka hash map, lookup table, associative array) oen provides a lightweight namespacing and allows for quick and easy lookups. In addition, using a dictionary allows for easily merging and overriding static values within a lookup table with dynamic values fetched from Pillar. A strong convention in Salt Formulas is to place platform-speciﬁc data, such as package names and ﬁle system paths, into a ﬁle named map.jinja that is placed alongside the state ﬁles. e following is an example from the MySQL Formula. e grains.filter_by function performs a lookup on that table using the os_family grain (by default). e result is that the mysql variable is assigned to a subset of the lookup table for the current platform. is allows states to reference, for example, the name of a package without worrying about the underlying OS. e syntax for referencing a value is a normal dictionary lookup in Jinja, such as {{ mysql['service'] }} or the shorthand {{ mysql.service }}. map.jinja:</p><p>{% set mysql = salt['grains.filter_by']({ 'Debian': { 'server': 'mysql-server', 'client': 'mysql-client', 'service': 'mysql', 'config': '/etc/mysql/my.cnf', 'python': 'python-mysqldb', }, 'RedHat': { 'server': 'mysql-server', 'client': 'mysql', 'service': 'mysqld', 'config': '/etc/my.cnf', 'python': 'MySQL-python', }, 'Gentoo': { 'server': 'dev-db/mysql', 'mysql-client': 'dev-db/mysql', 'service': 'mysql', 'config': '/etc/mysql/my.cnf', 'python': 'dev-python/mysql-python', }, }, merge=salt['pillar.get']('mysql:lookup')) %}</p><p>Values deﬁned in the map ﬁle can be fetched for the current platform in any state ﬁle using the following syntax:</p><p>{% from "mysql/map.jinja" import mysql with context %}</p><p> mysql-server: pkg.installed: - name: {{ mysql.server }} service.running: - name: {{ mysql.service }}</p><p>Overriding values in the lookup table Allow static values within lookup tables to be overridden. is is a simple paern which once again increases ﬂexibility and reusability for state ﬁles. e merge argument in filter_by speciﬁes the location of a dictionary in Pillar that can be used to override values returned from the lookup table. If the value exists in Pillar it will take precedence.</p><p>1328 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>is is useful when soware or conﬁguration ﬁles is installed to non-standard locations or on unsupported platforms. For example, the following Pillar would replace the config value from the call above. mysql: lookup: config: /usr/local/etc/mysql/my.cnf</p><p>e filter_by function performs a simple dictionary lookup but also allows for fetching data from Pillar and overriding data stored in the lookup table. at same workﬂow can be easily performed without using filter_by; other dictionaries besides data from Pillar can also be used.</p><p>{% set lookup_table = {...} %} {% do lookup_table.update(salt.pillar.get('my:custom:data')) %}</p><p>When to use lookup tables e map.jinja ﬁle is only a convention within Salt Formulas. is greater paern is useful for a wide variety of data in a wide variety of workﬂows. is paern is not limited to pulling data from a single ﬁle or data source. is paern is useful in States, Pillar, the Reactor, and Overstate as well. Working with a data structure instead of, say, a conﬁg ﬁle allows the data to be cobbled together from multiple sources (local ﬁles, remote Pillar, database queries, etc), combined, overridden, and searched. Below are a few examples of what lookup tables may be useful for and how they may be used and represented.</p><p>Platform-speciﬁc information An obvious paern and one used heavily in Salt Formulas is extracting platform- speciﬁc information such as package names and ﬁle system paths in a ﬁle named map.jinja. e paern is explained in detail above.</p><p>Sane defaults Application seings can be a good ﬁt for this paern. Store default seings along with the states themselves and keep overrides and sensitive seings in Pillar. Combine both into a single dictionary and then write the application conﬁg or seings ﬁle. e example below stores most of the Apache Tomcat server.xml ﬁle alongside the Tomcat states and then allows values to be updated or augmented via Pillar. (is example uses the BadgerFish format for transforming JSON to XML.) /srv/salt/tomcat/defaults.yaml:</p><p>Server: '@port': '8005' '@shutdown': SHUTDOWN GlobalNamingResources: Resource: '@auth': Container '@description': User database that can be updated and saved '@factory': org.apache.catalina.users.MemoryUserDatabaseFactory '@name': UserDatabase '@pathname': conf/tomcat-users.xml '@type': org.apache.catalina.UserDatabase # &lt;...snip...&gt;</p><p>/srv/pillar/tomcat.sls:</p><p>25.22. Salt Conventions 1329 Salt Documentation, Release 2014.7.6</p><p> appX: server_xml_overrides: Server: Service: '@name': Catalina Connector: '@port': '8009' '@protocol': AJP/1.3 '@redirectPort': '8443' # &lt;...snip...&gt;</p><p>/srv/salt/tomcat/server_xml.sls:</p><p>{% load_yaml 'tomcat/defaults.yaml' as server_xml_defaults %} {% set server_xml_final_values = salt.pillar.get( 'appX:server_xml_overrides', default=server_xml_defaults, merge=True) %} appX_server_xml: file.serialize: - name: /etc/tomcat/server.xml - dataset: {{ server_xml_final_values | json() }} - formatter: xml_badgerfish</p><p>e file.serialize state can provide a shorthand for creating some ﬁles from data structures. ere are also many examples within Salt Formulas of creating one-oﬀ ``serializers'' (oen as Jinja macros) that reformat a data structure to a speciﬁc conﬁg ﬁle format. For example, `Nginx vhosts`__ or the `php.ini`__ __: hps://github.com/saltstack-formulas/nginx-formula/blob/5cad4512/nginx/ng/vhosts_conﬁg.sls __: hps://github.com/saltstack-formulas/php-formula/blob/82e2cd3a/php/ng/ﬁles/php.ini</p><p>Environment speciﬁc information A single state can be reused when it is parameterized as described in the section below, by separating the data the state will use from the state that performs the work. is can be the diﬀerence between deploying Application X and Application Y, or the diﬀerence between production and development. For example: /srv/salt/app/deploy.sls:</p><p>{# Load the map file. #} {% load_yaml 'app/defaults.yaml' as app_defaults %}</p><p>{# Extract the relevant subset for the app configured on the current machine (configured via a grain in this example). #} {% app = app_defaults.get(salt.grains.get('role') %}</p><p>{# Allow values from Pillar to (optionally) update values from the lookup table. #} {% do app_defaults.update(salt.pillar.get('myapp', {}) %} deploy_application: git.latest: - name: {{ app.repo_url }} - version: {{ app.version }} - target: {{ app.deploy_dir }}</p><p>1330 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p> myco/myapp/deployed: event.send: - data: version: {{ app.version }} - onchanges: - git: deploy_application</p><p>/srv/salt/app/defaults.yaml: appX: repo_url: git@github.com/myco/appX.git target: /var/www/appX version: master appY: repo_url: git@github.com/myco/appY.git target: /var/www/appY version: v1.2.3.4</p><p>Single-purpose SLS files</p><p>Each sls ﬁle in a Formula should strive to do a single thing. is increases the reusability of this ﬁle by keeping unrelated tasks from geing coupled together. As an example, the base Apache formula should only install the Apache hpd server and start the hpd service. is is the basic, expected behavior when installing Apache. It should not perform additional changes such as set the Apache conﬁguration ﬁle or create vhosts. If a formula is single-purpose as in the example above, other formulas, and also other states can include and use that formula with Requisites and Other Global State Arguments without also including undesirable or unintended side-eﬀects. e following is a best-practice example for a reusable Apache formula. (is skips platform-speciﬁc options for brevity. See the full apache-formula for more.)</p><p># apache/init.sls apache: pkg.installed: [...] service.running: [...]</p><p># apache/mod_wsgi.sls include: - apache mod_wsgi: pkg.installed: [...] - require: - pkg: apache</p><p># apache/conf.sls include: - apache</p><p>25.22. Salt Conventions 1331 Salt Documentation, Release 2014.7.6</p><p> apache_conf: file.managed: [...] - watch_in: - service: apache</p><p>To illustrate a bad example, say the above Apache formula installed Apache and also created a default vhost. e mod_wsgi state would not be able to include the Apache formula to create that dependency tree without also in- stalling the unneeded default vhost. Formulas should be reusable. Avoid coupling unrelated actions together.</p><p>Parameterization</p><p>Parameterization is a key feature of Salt Formulas and also for Salt States. Parameterization allows a single Formula to be reused across many operating systems; to be reused across production, development, or staging environments; and to be reused by many people all with varying goals. Writing states, specifying ordering and dependencies is the part that takes the longest to write and to test. Filling those states out with data such as users or package names or ﬁle locations is the easy part. How many users, what those users are named, or where the ﬁles live are all implementation details that should be parameterized. is separation between a state and the data that populates a state creates a reusable formula. In the example below the data that populates the state can come from anywhere -- it can be hard-coded at the top of the state, it can come from an external ﬁle, it can come from Pillar, it can come from an execution function call, or it can come from a database query. e state itself doesn't change regardless of where the data comes from. Production data will vary from development data will vary from data from one company to another, however the state itself stays the same.</p><p>{% set user_list = [ {'name': 'larry', 'shell': 'bash'}, {'name': 'curly', 'shell': 'bash'}, {'name': 'moe', 'shell': 'zsh'}, ] %}</p><p>{# or #}</p><p>{% set user_list = salt['pillar.get']('user_list') %}</p><p>{# or #}</p><p>{% load_json "default_users.json" as user_list %}</p><p>{# or #}</p><p>{% set user_list = salt['acme_utils.get_user_list']() %}</p><p>{% for user in list_list %} {{ user.name }}: user.present: - name: {{ user.name }} - shell: {{ user.shell }} {% endfor %}</p><p>1332 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>Configuration</p><p>Formulas should strive to use the defaults of the underlying platform, followed by defaults from the upstream project, followed by sane defaults for the formula itself. As an example, a formula to install Apache should not change the default Apache conﬁguration ﬁle installed by the OS package. However, the Apache formula should include a state to change or override the default conﬁguration ﬁle.</p><p>Pillar overrides</p><p>Pillar lookups must use the safe get() and must provide a default value. Create local variables using the Jinja set construct to increase redability and to avoid potentially hundreds or thousands of function calls across a large state tree.</p><p>{% from "apache/map.jinja" import apache with context %} {% set settings = salt['pillar.get']('apache', {}) %}</p><p> mod_status: file.managed: - name: {{ apache.conf_dir }} - source: {{ settings.get('mod_status_conf', 'salt://apache/mod_status.conf') }} - template: {{ settings.get('template_engine', 'jinja') }}</p><p>Any default values used in the Formula must also be documented in the pillar.example ﬁle in the root of the repository. Comments should be used liberally to explain the intent of each conﬁguration value. In addition, users should be able copy-and-paste the contents of this ﬁle into their own Pillar to make any desired changes.</p><p>Scripting</p><p>Remember that both State ﬁles and Pillar ﬁles can easily call out to Salt execution modules and have access to all the system grains as well.</p><p>{% if '/storage' in salt['mount.active']() %} /usr/local/etc/myfile.conf: file: - symlink - target: /storage/myfile.conf {% endif %}</p><p>Jinja macros to encapsulate logic or conditionals are discouraged in favor of writing custom execution modules in Python.</p><p>Repository structure</p><p>A basic Formula repository should have the following layout:</p><p> foo-formula |-- foo/ | |-- map.jinja | |-- init.sls | `-- bar.sls</p><p>25.22. Salt Conventions 1333 Salt Documentation, Release 2014.7.6</p><p>|-- CHANGELOG.rst |-- LICENSE |-- pillar.example |-- README.rst `-- VERSION</p><p>See also: template-formula e template-formula repository has a pre-built layout that serves as the basic structure for a new formula repository. Just copy the ﬁles from there and edit them.</p><p>README.rst</p><p>e README should detail each available .sls ﬁle by explaining what it does, whether it has any dependencies on other formulas, whether it has a target platform, and any other installation or usage instructions or tips. A sample skeleton for the README.rst ﬁle:</p><p>=== foo ===</p><p>Install and configure the FOO service.</p><p>.. note::</p><p>See the full `Salt Formulas installation and usage instructions <http:>`_.</http:></p><p>Available states ======</p><p>.. contents:: :local:</p><p>``foo`` ------</p><p>Install the ``foo`` package and enable the service.</p><p>``foo.bar`` ------</p><p>Install the ``bar`` package.</p><p>CHANGELOG.rst</p><p>e CHANGELOG.rst ﬁle should detail the individual versions, their release date and a set of bullet points for each version highlighting the overall changes in a given version of the formula. A sample skeleton for the CHANGELOG.rst ﬁle: CHANGELOG.rst:</p><p>1334 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p> foo formula ======</p><p>0.0.2 (2013-01-01)</p><p>- Re-organized formula file layout - Fixed filename used for upstart logger template - Allow for pillar message to have default if none specified</p><p>Versioning</p><p>Formula are versioned according to Semantic Versioning, hp://semver.org/. Given a version number MAJOR.MINOR.PATCH, increment the: 1. MAJOR version when you make incompatible API changes, 2. MINOR version when you add functionality in a backwards-compatible manner, and 3. PATCH version when you make backwards-compatible bug ﬁxes. Additional labels for pre-release and build metadata are available as extensions to the MA- JOR.MINOR.PATCH format. Formula versions are tracked using Git tags as well as the VERSION ﬁle in the formula repository. e VERSION ﬁle should contain the currently released version of the particular formula.</p><p>Testing Formulas</p><p>A smoke-test for invalid Jinja, invalid YAML, or an invalid Salt state structure can be performed by with the state.show_sls function: salt '*' state.show_sls apache</p><p>Salt Formulas can then be tested by running each .sls ﬁle via state.sls and checking the output for the success or failure of each state in the Formula. is should be done for each supported platform.</p><p>25.22.3 SaltStack Packaging Guide</p><p>Since Salt provides a powerful toolkit for system management and automation, the package can be spit into a number of sub-tools. While packaging Salt as a single package containing all components is perfectly acceptable, the split packages should follow this convention.</p><p>Patching Salt For Distributions</p><p>e occasion may arise where Salt source and default conﬁgurations may need to be patched. It is preferable if Salt is only patched to include platform speciﬁc additions or to ﬁx release time bugs. It is preferable that conﬁguration seings and operations remain in the default state, as changes here lowers the user experience for users moving across distributions. In the event where a packager ﬁnds a need to change the default conﬁguration it is advised to add the ﬁles to the master.d or minion.d directories.</p><p>25.22. Salt Conventions 1335 Salt Documentation, Release 2014.7.6</p><p>Source Files</p><p>Release packages should always be built from the source tarball distributed via pypi. Release packages should NEVER use a git checkout as the source for distribution.</p><p>Single Package</p><p>Shipping Salt as a single package, where the minion, master and all tools are together is perfectly acceptable and practiced by distributions such as FreeBSD.</p><p>Split Package</p><p>Salt Should always be split in a standard way, with standard dependencies, this lowers cross distribution confusion about what components are going to be shipped with speciﬁc packages. ese packages can be deﬁned from the Salt Source as of Salt 2014.1.0:</p><p>Salt Common</p><p>e salt-common or salt package should contain the ﬁles provided by the salt python package, or all ﬁles distributed from the salt/ directory in the source distribution packages. e documentation contained under the doc/ di- rectory can be a part of this package but spliing out a doc package is preferred. Since salt-call is the entry point to utilize the libs and is useful for all salt packages it is included in the salt-common package.</p><p>Name • salt OR salt-common</p><p>Files • salt/* • man/salt.7 • scripts/salt-call • tests/* • man/salt-call.1</p><p>Depends • Python 2.6-2.7 • PyYAML • Jinja2</p><p>Salt Master</p><p>e salt-master package contains the applicable scripts, related man pages and init information for the given platform.</p><p>1336 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>Name • salt-master</p><p>Files • scripts/salt-master • scripts/salt • scripts/salt-run • scripts/salt-key • scripts/salt-cp • pkg/<master data="" init=""> • man/salt.1 • man/salt-master.1 • man/salt-run.1 • man/salt-key.1 • man/salt-cp.1 • conf/master</master></p><p>Depends • Salt Common • ZeroMQ &gt;= 3.2 • PyZMQ &gt;= 2.10 • PyCrypto • M2Crypto • Python MessagePack (Messagepack C lib, or msgpack-pure)</p><p>Salt Syndic</p><p>e Salt Syndic package can be rolled completely into the Salt Master package. Platforms which start services as part of the package deployment need to maintain a separate salt-syndic package (primarily Debian based platforms). e Syndic may optionally not depend on the anything more than the Salt Master since the master will bring in all needed dependencies, but fall back to the platform speciﬁc packaging guidelines.</p><p>Name • salt-syndic</p><p>25.22. Salt Conventions 1337 Salt Documentation, Release 2014.7.6</p><p>Files • scripts/salt-syndic • pkg/<syndic data="" init=""> • man/salt-syndic.1</syndic></p><p>Depends • Salt Common • Salt Master • ZeroMQ &gt;= 3.2 • PyZMQ &gt;= 2.10 • PyCrypto • M2Crypto • Python MessagePack (Messagepack C lib, or msgpack-pure)</p><p>Salt Minion</p><p>e Minion is a standalone package and should not be split beyond the salt-minion and salt-common packages.</p><p>Name • salt-minion</p><p>Files • scripts/salt-minion • pkg/<minion data="" init=""> • man/salt-minion.1 • conf/minion</minion></p><p>Depends • Salt Common • ZeroMQ &gt;= 3.2 • PyZMQ &gt;= 2.10 • PyCrypto • M2Crypto • Python MessagePack (Messagepack C lib, or msgpack-pure)</p><p>Salt SSH</p><p>Since Salt SSH does not require the same dependencies as the minion and master, it should be split out.</p><p>1338 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>Name • salt-ssh</p><p>Files • scripts/salt-ssh • man/salt-ssh.1 • conf/cloud*</p><p>Depends • Salt Common • Python MessagePack (Messagepack C lib, or msgpack-pure)</p><p>Salt Cloud</p><p>As of Salt 2014.1.0 Salt Cloud is included in the same repo as Salt. is can be split out into a separate package or it can be included in the salt-master package.</p><p>Name • salt-cloud</p><p>Files • scripts/salt-cloud • man/salt-cloud.1</p><p>Depends • Salt Common • apache libcloud &gt;= 0.14.0</p><p>Salt Doc</p><p>e documentation package is very distribution optional. A completely split package will split out the documenta- tion, but some platform conventions do not prefer this. If the documentation is not split out, it should be included with the Salt Common package.</p><p>Name</p><p>• salt-doc</p><p>Files • doc/*</p><p>25.22. Salt Conventions 1339 Salt Documentation, Release 2014.7.6</p><p>Optional Depends • Salt Common • Python Sphinx • Make</p><p>25.22.4 Salt Release Process</p><p>e goal for Salt projects is to cut a new feature release every four to six weeks. is document outlines the process for these releases, and the subsequent bug ﬁx releases which follow.</p><p>Feature Release Process</p><p>When a new release is ready to be cut, the person responsible for cuing the release will follow the following steps (wrien using the 0.16 release as an example): 1. All open issues on the release milestone should be moved to the next release milestone. (e.g. from the 0.16 milestone to the 0.17 milestone) 2. Release notes should be created documenting the major new features and bugﬁxes in the release. 3. Create an annotated tag with only the major and minor version numbers, preceded by the leer v. (e.g. v0.16) is tag will reside on the develop branch. 4. Create a branch for the new release, using only the major and minor version numbers. (e.g. 0.16) 5. On this new branch, create an annotated tag for the ﬁrst revision release, which is generally a release candidate. It should be preceded by the leer v. (e.g. v0.16.0RC) 6. e release should be packaged from this annotated tag and uploaded to PyPI as well as the GitHub releases page for this tag. 7. e packagers should be notiﬁed on the salt-packagers mailing list so they can create packages for all the major operating systems. (note that release candidates should go in the testing repositories) 8. Aer the packagers have been given a few days to compile the packages, the release is announced on the salt-users mailing list. 9. Log into RTD and add the new release there. (Have to do it manually)</p><p>Maintenance and Bugfix Releases</p><p>Once a release has been cut, regular cherry-picking sessions should begin to cherry-pick any bugﬁxes from the develop branch to the release branch (e.g. 0.16). Once major bugs have been ﬁxes and cherry-picked, a bugﬁx release can be cut: 1. On the release branch (i.e. 0.16), create an annotated tag for the revision release. It should be preceded by the leer v. (e.g. v0.16.2) Release candidates are unnecessary for bugﬁx releases. 2. e release should be packaged from this annotated tag and uploaded to PyPI. 3. e packagers should be notiﬁed on the salt-packagers mailing list so they can create packages for all the major operating systems. 4. Aer the packagers have been given a few days to compile the packages, the release is announced on the salt-users mailing list.</p><p>1340 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>Cherry-Picking Process for Bugfixes</p><p>Bugﬁxes should be made on the develop branch. If the bug also applies to the current release branch, then on the pull request against develop, the user should mention @basepi and ask for the pull request to be cherry-picked. If it is veriﬁed that the ﬁx is a bugﬁx, then the Bugfix -- Cherry-Pick label will be applied to the pull request. When those commits are cherry-picked, the label will be switched to the Bugfix -- [Done] Cherry-Pick label. is allows easy recognition of which pull requests have been cherry-picked, and which are still pending to be cherry-picked. All cherry-picked commits will be present in the next release. Features will not be cherry-picked, and will be present in the next feature release.</p><p>25.22.5 Salt Coding Style</p><p>Salt is developed with a certain coding style, while the style is dominantly PEP 8 it is not completely PEP 8. It is also noteworthy that a few development techniques are also employed which should be adhered to. In the end, the code is made to be ``Salty''. Most importantly though, we will accept code that violates the coding style and KINDLY ask the contributor to ﬁx it, or go ahead and ﬁx the code on behalf of the contributor. Coding style is NEVER grounds to reject code contributions, and is never grounds to talk down to another member of the community (ere are no grounds to treat others without respect, especially people working to improve Salt)‼</p><p>Linting</p><p>Most Salt style conventions are codiﬁed in Salt's .pylintrc ﬁle. is ﬁle is found in the root of the Salt project and can be passed as an argument to the pylint program as follows:</p><p> pylint --rcfile=/path/to/salt/.pylintrc salt/dir/to/lint</p><p>Strings</p><p>Salt follows a few rules when formaing strings:</p><p>Single otes</p><p>In Salt, all strings use single quotes unless there is a good reason not to. is means that docstrings use single quotes, standard strings use single quotes etc.:</p><p> def foo(): ''' A function that does things ''' name = 'A name' return name</p><p>Formaing Strings</p><p>All strings which require formaing should use the .format string method:</p><p>25.22. Salt Conventions 1341 Salt Documentation, Release 2014.7.6</p><p> data = 'some text' more = '{0} and then some'.format(data)</p><p>Make sure to use indices or identiﬁers in the format brackets, since empty brackets are not supported by python 2.6. Please do NOT use printf formaing.</p><p>Docstring Conventions</p><p>Docstrings should always add a newline, docutils takes care of the new line and it makes the code cleaner and more vertical: GOOD: def bar(): ''' Here lies a docstring with a newline after the quotes and is the salty way to handle it! Vertical code is the way to go! ''' return</p><p>BAD: def baz(): '''This is not ok!''' return</p><p>When adding a new function or state, where possible try to use a versionadded directive to denote when the function or state was added. def new_func(msg=''): ''' .. versionadded:: 0.16.0</p><p>Prints what was passed to the function.</p><p> msg : None The string to be printed. ''' print msg</p><p>If you are uncertain what version should be used, either consult a core developer in IRC or bring this up when opening your pull request and a core developer will add the proper version once your pull request has been merged. Bugﬁxes will be available in a bugﬁx release (i.e. 0.17.1, the ﬁrst bugﬁx release for 0.17.0), while new features are held for feature releases, and this will aﬀect what version number should be used in the versionadded directive. Similar to the above, when an existing function or state is modiﬁed (for example, when an argument is added), then under the explanation of that new argument a versionadded directive should be used to note the version in which the new argument was added. If an argument's function changes signiﬁcantly, the versionchanged directive can be used to clarify this: def new_func(msg='', signature=''): ''' .. versionadded:: 0.16.0</p><p>1342 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>Prints what was passed to the function.</p><p> msg : None The string to be printed. Will be prepended with 'Greetings! '.</p><p>.. versionchanged:: 0.17.1</p><p> signature : None An optional signature.</p><p>.. versionadded 0.17.0 ''' print 'Greetings! {0}\n\n{1}'.format(msg, signature)</p><p>Dictionaries</p><p>Dictionaries should be initialized using {} instead of dict(). See here for an in-depth discussion of this topic.</p><p>Imports</p><p>Salt code prefers importing modules and not explicit functions. is is both a style and functional preference. e functional preference originates around the fact that the module import system used by pluggable modules will include callable objects (functions) that exist in the direct module namespace. is is not only messy, but may unintentionally expose code python libs to the Salt interface and pose a security problem. To say this more directly with an example, this is GOOD: import os def minion_path(): path = os.path.join(self.opts['cachedir'], 'minions') return path</p><p>is on the other hand is DISCOURAGED: from os.path import join def minion_path(): path = join(self.opts['cachedir'], 'minions') return path</p><p>e time when this is changed is for importing exceptions, generally directly importing exceptions is preferred: is is a good way to import exceptions: from salt.exceptions import CommandExecutionError</p><p>25.22. Salt Conventions 1343 Salt Documentation, Release 2014.7.6</p><p>Absolute Imports</p><p>Although absolute imports seems like an awesome idea, please do not use it. Extra care would be necessary all over salt's code in order for absolute imports to work as supposed. Believe it, it has been tried before and, as a tried example, by renaming salt.modules.sysmod to salt.modules.sys, all other salt modules which needed to import sys would have to also import absolute_import, which should be avoided.</p><p>Vertical is Beer</p><p>When writing Salt code, vertical code is generally preferred. is is not a hard rule but more of a guideline. As PEP 8 speciﬁes, Salt code should not exceed 79 characters on a line, but it is preferred to separate code out into more newlines in some cases for beer readability: import os os.chmod( os.path.join(self.opts['sock_dir'], 'minion_event_pub.ipc'), 448 )</p><p>Where there are more line breaks, this is also apparent when constructing a function with many arguments, some- thing very common in state functions for instance: def managed(name, source=None, source_hash='', user=None, group=None, mode=None, template=None, makedirs=False, context=None, replace=True, defaults=None, env=None, backup='', **kwargs):</p><p>Note: Making function and class deﬁnitions vertical is only required if the arguments are longer then 80 characters. Otherwise, the formaing is optional and both are acceptable.</p><p>Line Length</p><p>For function deﬁnitions and function calls, Salt adheres to the PEP-8 speciﬁcation of at most 80 characters per line. Non function deﬁnitions or function calls, please adopt a so limit of 120 characters per line. If breaking the line reduces the code readability, don't break it. Still, try to avoid passing that 120 characters limit and remember, vertical is better… unless it isn't</p><p>1344 Chapter 25. Developing Salt Salt Documentation, Release 2014.7.6</p><p>Indenting</p><p>Some confusion exists in the python world about indenting things like function calls, the above examples use 8 spaces when indenting comma-delimited constructs. e confusion arises because the pep8 program INCORRECTLY ﬂags this as wrong, where PEP 8, the document, cites only using 4 spaces here as wrong, as it doesn't diﬀerentiate from a new indent level. Right: def managed(name, source=None, source_hash='', user=None)</p><p>WRONG: def managed(name, source=None, source_hash='', user=None)</p><p>Lining up the indent is also correct: def managed(name, source=None, source_hash='', user=None)</p><p>is also applies to function calls and other hanging indents. pep8 and Flake8 (and, by extension, the vim plugin Syntastic) will complain about the double indent for hanging indents. is is a known conﬂict between pep8 (the script) and the actual PEP 8 standard. It is recommended that this particular warning be ignored with the following lines in ~/.config/flake8:</p><p>[flake8] ignore = E226,E241,E242,E126</p><p>Make sure your Flake8/pep8 are up to date. e ﬁrst three errors are ignored by default and are present here to keep the behavior the same. is will also work for pep8 without the Flake8 wrapper -- just replace all instances of `ﬂake8' with `pep8', including the ﬁlename.</p><p>Code Churn</p><p>Many pull requests have been submied that only churn code in the name of PEP 8. Code churn is a leading source of bugs and is strongly discouraged. While style ﬁxes are encouraged they should be isolated to a single ﬁle per commit, and the changes should be legitimate, if there are any questions about whether a style change is legitimate please reference this document and the oﬃcial PEP 8 (hp://legacy.python.org/dev/peps/pep-0008/) document before changing code. Many claims that a change is PEP 8 have been invalid, please double check before commiing ﬁxes.</p><p>25.22. Salt Conventions 1345 Salt Documentation, Release 2014.7.6</p><p>1346 Chapter 25. Developing Salt CHAPTER 26</p><p>Release notes</p><p>See the version numbers page for more information about the version numbering scheme.</p><p>26.1 Latest Stable Release</p><p>26.1.1 Salt 2014.7.6 Release Notes</p><p> release 2015-05-18 Version 2014.7.6 is a bugﬁx release for 2014.7.0. Changes: • salt.runners.cloud.action() has changed the fun keyword argument to func. Please update any calls to this function in the cloud runner. is release is a security release. A minor issue was found, as cited below: • CVE-2015-4017 -- Certiﬁcates are not veriﬁed when connecting to server in the Aliyun and Proxmox modules Only users of the Aliyun or Proxmox cloud modules are at risk. e vulnerability does not exist in the latest 2015.5.0 release of Salt.</p><p>26.2 Previous Releases</p><p>26.2.1 Salt 2014.7.0 Release Notes - Codename Helium</p><p>is release is the largest Salt release ever, with more features and commits then any previous release of Salt. Ev- erything from the new RAET transport to major updates in Salt Cloud and the merging of Salt API into the main project.</p><p>Important: e Fedora/RHEL/CentOS salt-master package has been modiﬁed for this release. e following com- ponents of Salt have been broken out and placed into their own packages: • salt-syndic • salt-cloud • salt-ssh</p><p>1347 Salt Documentation, Release 2014.7.6</p><p>When the salt-master package is upgraded, these components will be removed, and they will need to be manually installed.</p><p>Important: Compound/pillar matching have been temporarily disabled for the mine and publish modules for this release due to the possibility of inferring pillar data using pillar glob matching. A proper ﬁx is now in the 2014.7 branch and scheduled for the 2014.7.1 release, and compound matching and non-globbing pillar matching will be re-enabled at that point. Compound and pillar matching for normal salt commands are unaﬀected.</p><p>New Transport!</p><p>RAET Transport Option</p><p>is has been a HUGE amount of work, but the beta release of Salt with RAET is ready to go. RAET is a reliable queuing transport system that has been developed in partnership with a number of large enterprises to give Salt an alternative to ZeroMQ and a way to get Salt to scale well beyond tens of thousands of servers. Unlike ZeroMQ, RAET is completely asynchronous in every aspect of its operation and has been developed using the ﬂow programming paradigm. is allows for many new capabilities to be added to Salt in the upcoming releases. Please keep in mind that this is a beta release of RAET and we hope for bugs to be worked out, performance to be beer realized and more in the Lithium release. Simply stated, users running Salt with RAET should expect some hiccups as we hammer out the update. is is a BETA release of Salt RAET. For information about how to use Salt with RAET please see the tutorial.</p><p>Salt SSH Enhancements</p><p>Salt SSH has just entered a new league, with substantial updates and improvements to make salt-ssh more reliable and easier then ever! From new features like the ansible roster and ﬁleserver backends to the new pypi salt-ssh installer to lowered deps and a swath of bugﬁxes, salt-ssh is basically reborn!</p><p>Install salt-ssh Using pip</p><p>Salt-ssh is now pip-installable! hps://pypi.python.org/pypi/salt-ssh/ Pip will bring in all of the required deps, and while some deps are compiled, they all include pure python implemen- tations, meaning that any compile errors which may be seen can be safely ignored. pip install salt-ssh</p><p>Fileserver Backends</p><p>Salt-ssh can now use the salt ﬁleserver backend system. is allows for the gitfs, hgfs, s3, and many more ways to centrally store states to be easily used with salt-ssh. is also allows for a distributed team to easily use a centralized source.</p><p>1348 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Saltfile Support</p><p>e new saltﬁle system makes it easy to have a user speciﬁc custom extended conﬁguration.</p><p>Ext Pillar</p><p>Salt-ssh can now use the external pillar system. Making it easier then ever to use salt-ssh with teams.</p><p>No More sshpass</p><p>anks to the enhancements in the salt vt system, salt-ssh no longer requires sshpass to send passwords to ssh. is also makes the manipulation of ssh calls substantially more ﬂexible, allowing for intercepting ssh calls in a much more ﬂuid way.</p><p>Pure Python Shim</p><p>e salt-ssh call originally used a shell script to discover what version of python to execute with and determine the state of the ssh code deployment. is shell script has been replaced with a pure python version making it easy to increase the capability of the code deployment without causing platform inconsistency issues with diﬀerent shell interpreters.</p><p>Custom Module Delivery</p><p>Custom modules are now seamlessly delivered. is makes the deployment of custom grains, states, execution modules and returners a seamless process.</p><p>CP Module Support</p><p>Salt-ssh now makes simple ﬁle transfers easier then ever! e cp module allows for ﬁles to be conveniently sent from the salt ﬁleserver system down to systems.</p><p>More Thin Directory Options</p><p>Salt ssh functions by copying a subset of the salt code, or salt thin down to the target system. In the past this was always transferred to /tmp/.salt and cached there for subsequent commands. Now, salt thin can be sent to a random directory and removed when the call is complete with the -W option. e new -W option still uses a static location but will clean up that location when ﬁnished. e default salt thin location is now user deﬁned, allowing multiple users to cleanly access the same systems.</p><p>State System Enhancements</p><p>New Imperative State Keyword ``Listen''</p><p>e new listen and listen_in keywords allow for completely imperative states by calling the mod_watch() routine aer all states have run instead of re-ordering the states.</p><p>26.2. Previous Releases 1349 Salt Documentation, Release 2014.7.6</p><p>Mod Aggregate Runtime Manipulator</p><p>e new mod_aggregate system allows for the state system to rewrite the state data during execution. is allows for state deﬁnitions to be aggregated dynamically at runtime. e best example is found in the pkg state. If mod_aggregate is turned on, then when the ﬁrst pkg state is reached, the state system will scan all of the other running states for pkg states and take all other packages set for install and install them all at once in the ﬁrst pkg state. ese runtime modiﬁcations make it easy to run groups of states together. In future versions, we hope to ﬁll out the mod_aggregate system to build in more and more optimizations. For more documentation on mod_aggregate, see the documentation.</p><p>New Requisites: onchanges and onfail</p><p>e new onchanges and onchanges_in requisites make a state apply only if there are changes in the required state. is is useful to execute post hooks aer changes occur on a system. e other new requisites, onfail and onfail_in, allow for a state to run in reaction to the failure of another state. For more information about these new requisites, see the requisites documentation.</p><p>Global onlyif and unless</p><p>e onlyif and unless options can now be used for any state declaration.</p><p>Use names to expand and override values</p><p>e names declaration in Salt's state system can now override or add values to the expanded data structure. For example:</p><p> my_users: user.present: - names: - larry - curly - moe: - shell: /bin/zsh - groups: - wheel - shell: /bin/bash</p><p>Major Features</p><p>Scheduler Additions</p><p>e Salt scheduler system has received MAJOR enhancements, allowing for cron-like scheduling and much more granular timing routines. See here for more info.</p><p>1350 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Red Hat 7 Family Support</p><p>All the needed additions have been made to run Salt on RHEL 7 and derived OSes like CentOS and Scientiﬁc.</p><p>Fileserver Backends in salt-call</p><p>Fileserver backends like gitfs can now be used without a salt master! Just add the ﬁleserver backend conﬁguration to the minion conﬁg and execute salt-call. is has been a much-requested feature and we are happy to ﬁnally bring it to our users.</p><p>Amazon Execution Modules</p><p>An entire family of execution modules further enhancing Salt's Amazon Cloud support. ey include the following: • Autoscale Groups (includes state support) -- related: Launch Control states • Cloud Watch (includes state support) • Elastic Cache (includes state support) • Elastic Load Balancer (includes state support) • IAM Identity and Access Management (includes state support) • Route53 DNS (includes state support) • Security Groups (includes state support) • Simple Queue Service (includes state support)</p><p>LXC Runner Enhancements</p><p>BETA e Salt LXC management system has received a number of enhancements which make running an LXC cloud entirely from Salt an easy proposition.</p><p>Next Gen Docker Management</p><p>e Docker support in Salt has been increased at least ten fold. e Docker API is now completely exposed and Salt ships with Docker data tracking systems which make automating Docker deployments very easy.</p><p>Peer System Performance Improvements</p><p>e peer system communication routines have been reﬁned to make the peer system substantially faster.</p><p>SDB</p><p>Encryption at rest for conﬁgs</p><p>GPG Renderer</p><p>Encrypted pillar at rest</p><p>26.2. Previous Releases 1351 Salt Documentation, Release 2014.7.6</p><p>OpenStack Expansion</p><p>Lots of new OpenStack stuﬀ</p><p>eues System</p><p>Ran change external queue systems into Salt events</p><p>Multi Master Failover Additions</p><p>Connecting to multiple masters is more dynamic then ever</p><p>Chef Execution Module</p><p>Managing Chef with Salt just got even easier!</p><p> salt-api Project Merge</p><p>e salt-api project has been merged into Salt core and is now available as part of the regular salt-master package install. No API changes were made, the salt-api script and init scripts remain intact. salt-api has always provided Yet Another Pluggable Interface to Salt (TM) in the form of ``netapi'' modules. ese are modules that bind to a port and start a service. Like many of Salt's other module types, netapi modules oen have library and conﬁguration dependencies. See the documentation for each module for instructions. See also: e full list of netapi modules.</p><p>Synronous and Asynronous Execution of Runner and Wheel Modules salt.runner.RunnerClient and salt.wheel.WheelClient have both gained complimentary cmd_sync and cmd_async methods al- lowing for synchronous and asynchronous execution of any Runner or Wheel module function, all protected using Salt's external authentication system. salt-api beneﬁts from this addition as well.</p><p> rest_cherrypy Additions e rest_cherrypy netapi module provides the main REST API for Salt.</p><p>Web Hooks is release of course includes the Web Hook additions from the most recent salt-api release, which allows external services to signal actions within a Salt infrastructure. External services such as Amazon SNS, Travis-CI, or GitHub, as well as internal services that cannot or should not run a Salt minion daemon can be used as ﬁrst-class components in Salt's rich orchestration capabilities. e raw HTTP request body is now available in the event data. is is sometimes required information for checking an HMAC signature in order to verify a HTTP request. As an example, Amazon or GitHub requests are signed this way.</p><p>1352 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Generating and Accepting Minion Keys e :py:method:`/key <salt.netapi.rest_>` con- venience URL generates a public and private key for a minion, automatically pre-accepts the public key on the Salt Master, and returns both keys as a tarball for download. is allows for easily bootstrapping the key on a new minion with a single HTTP call, such as with a Kickstart script, all using regular shell tools.</salt.netapi.rest_></p><p> curl -sS http://salt-api.example.com:8000/keys \ -d mid=jerry \ -d username=kickstart \ -d password=kickstart \ -d eauth=pam \ -o jerry-salt-keys.tar</p><p>Fileserver Backend Enhancements</p><p>All of the ﬁleserver backends have been overhauled to be faster, lighter and more reliable. e VCS backends (gitfs, hgfs, and svnfs) have also received a lot of new features. Additionally, most conﬁg parameters for the VCS backends can now be conﬁgured on a per-remote basis, allowing for global conﬁg parameters to be overridden for a speciﬁc gitfs/hgfs/svnfs remote.</p><p>New gitfs Features</p><p>Pygit2 and Dulwi In addition to supporting GitPython, support for pygit2 (0.20.3 and newer) and dulwich have been added. Provided a compatible version of pygit2 is installed, it will now be the default provider. e conﬁg parameter gitfs_provider has been added to allow one to choose a speciﬁc provider for gitfs.</p><p>Mountpoints Prior to this release, to serve a ﬁle from gitfs at a salt ﬁleserver URL of salt://foo/bar/baz.txt, it was necessary to ensure that the parent directories existed in the reposi- tory. A new conﬁg parameter gitfs_mountpoint allows gitfs remotes to be exposed starting at a user-deﬁned salt:// URL.</p><p>Environment Whitelisting/Blalisting By default, gitfs will expose all branches and tags as Salt ﬁleserver en- vironments. Two new conﬁg parameters, gitfs_env_whitelist and gitfs_env_blacklist, allow more control over which branches and tags are exposed. More detailed information on how these two options work can be found in the Gitfs Walkthrough.</p><p>Expanded Authentication Support As of pygit2 0.20.3, both hp(s) and SSH key authentication are supported, and Salt now also supports both authentication methods when using pygit2. Keep in mind that pygit2 0.20.3 is not yet available on many platforms, so those who had been using authenticated git repositories with a passphraseless key should stick to GitPython if a new enough pygit2 is not yet available for the platform on which the master is running. A full explanation of how to use authentication can be found in the Gitfs Walkthrough.</p><p>New hgfs Features</p><p>Mountpoints is feature works exactly like its gitfs counterpart. e new conﬁg parameter is called hgfs_mountpoint.</p><p>26.2. Previous Releases 1353 Salt Documentation, Release 2014.7.6</p><p>Environment Whitelisting/Blalisting is feature works exactly like its gitfs counterpart. e new conﬁg pa- rameters are called hgfs_env_whitelist and hgfs_env_blacklist.</p><p>New svnfs Features</p><p>Mountpoints is feature works exactly like its gitfs counterpart. e new conﬁg parameter is called svnfs_mountpoint.</p><p>Environment Whitelisting/Blalisting is feature works exactly like its gitfs counterpart. e new conﬁg pa- rameters are called svnfs_env_whitelist and svnfs_env_blacklist.</p><p>Conﬁgurable Trunk/Branes/Tags Paths Prior to this release, the paths where trunk, branches, and tags were located could only be in directores named ``trunk'', ``branches'', and ``tags'' directly under the root of the repository. ree new conﬁg parameters (svnfs_trunk, svnfs_branches, and svnfs_tags) allow SVN repositories which are laid out diﬀerently to be used with svnfs.</p><p>New minionfs Features</p><p>Mountpoint is feature works exactly like its gitfs counterpart. e new conﬁg parameter is called min- ionfs_mountpoint. e one major diﬀerence is that, as minionfs doesn't use multiple remotes (it just serves up ﬁles pushed to the master using cp.push) there is no such thing as a per-remote conﬁguration for min- ionfs_mountpoint.</p><p>Changing the Saltenv from Whi Files are Served A new conﬁg parameter (minionfs_env) allows minionfs ﬁles to be served from a Salt ﬁleserver environment other than base.</p><p>Minion Whitelisting/Blalisting By default, minionfs will expose the pushed ﬁles from all minions. Two new conﬁg parameters, minionfs_whitelist and minionfs_blacklist, allow minionfs to be restricted to serve ﬁles from only the desired minions.</p><p>Pyobjects Renderer</p><p>Salt now ships with with the Pyobjects Renderer that allows for construction of States using pure Python with an idiomatic object interface.</p><p>New Modules</p><p>In addition to the Amazon modules mentioned above, there are also several other new execution modules: • Oracle • Random • Redis • Amazon Simple Queue Service • Block Device Management • CoreOS etcd</p><p>1354 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>• Genesis • InfluxDB • Server Density • Twilio Notifications • Varnish • ZNC IRC Bouncer • SMTP</p><p>New Runners</p><p>• Map/Reduce Style • Queue</p><p>New External Pillars</p><p>• CoreOS etcd</p><p>New Salt-Cloud Providers</p><p>• Aliyun ECS Cloud • LXC Containers • Proxmox (OpenVZ containers &amp; KVM)</p><p>Salt Call Change</p><p>When used with a returner, salt-call now contacts a master if --local is not speciciﬁed.</p><p>Deprecations salt.modules.virtualenv_mod</p><p>• Removed deprecated memoize function from salt/utils/__init__.py (deprecated) • Removed deprecated no_site_packages argument from create function (deprecated) • Removed deprecated check_dns argument from minion_config and apply_minion_config func- tions (deprecated) • Removed deprecated OutputOptionsWithTextMixIn class from salt/utils/parsers.py (depre- cated) • Removed the following deprecated functions from salt/modules/ps.py:- phys- ical_memory_usage (deprecated) - virtual_memory_usage (deprecated) - cached_physical_memory (deprecated) - physical_memory_buffers (deprecated) • Removed deprecated cloud arguments from cloud_config function in salt/config.py:- vm_config (deprecated) - vm_config_path (deprecated)</p><p>26.2. Previous Releases 1355 Salt Documentation, Release 2014.7.6</p><p>• Removed deprecated libcloud_version function from salt/cloud/libcloudfuncs.py (depre- cated) • Removed deprecated CloudConfigMixIn class from salt/utils/parsers.py (deprecated)</p><p>26.2.2 Salt 2014.7.1 Release Notes</p><p> release 2015-01-12 Version 2014.7.1 is a bugﬁx release for 2014.7.0. e changes include: • Fixed gitfs serving symlinks in file.recurse states (issue 17700) • Fixed holding of multiple packages (YUM) when combined with version pinning (issue 18468) • Fixed use of Jinja templates in masterless mode with non-roots ﬁleserver backend (issue 17963) • Re-enabled pillar and compound matching for mine and publish calls. Note that pillar globbing is still disabled for those modes, for security reasons. (issue 17194) • Fix for tty: True in salt-ssh (issue 16847) • Fix for supervisord states when supervisor not installed to system python (issue 18044) • Fix for logging when log_level='quiet' for cmd.run (issue 19479)</p><p>26.2.3 Salt 2014.7.2 Release Notes</p><p> release TBA Version 2014.7.2 is a bugﬁx release for 2014.7.0. e changes include: • Fix erroneous warnings for systemd service enabled check (issue 19606) • Fix FreeBSD kernel module loading, listing, and persistence kmod (issue 197151, issue 19682) • Allow case-sensitive npm package names in the npm state. is may break behavior for people expecting the state to lowercase their npm package names for them. e npm module was never aﬀected by mandatory lowercasing. (issue 20329) • Deprecate the activate parameter for pip.install for both the module and the state. If bin_env is given and points to a virtualenv, there is no need to activate that virtualenv in a shell for pip to install to the virtualenv. • Fix a ﬁle-locking bug in gitfs (issue 18839)</p><p>26.2.4 Salt 2014.7.3 Release Notes</p><p> release TBA Version 2014.7.3 is a bugﬁx release for 2014.7.0. Changes: • Multi-master minions mode no longer route ﬁleclient operations asymetrically. is ﬁxes the source of many multi-master bugs where the minion would become unrepsonsive from one or more masters. • Fix bug wherein network.iface could produce stack traces. • net.arp will no longer be made available unless arp is installed on the system. • Major performance improvements to Saltnado</p><p>1356 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>• Allow KVM module to operate under KVM itself or VMWare Fusion • Various ﬁxes to the Windows installation scripts • Fix issue where the syndic would not correctly propogate loads to the master job cache. • Improve error handling on invalid /etc/network/interfaces ﬁle in salt networking modules • Fix bug where a reponse status was not checked for in ﬁleclient.get_url • Enable eauth when running salt in batch mode • Increase timeout in Boto Route53 module • Fix bugs with Salt's `tar' module option parsing • Fix parsing of NTP servers on Windows • Fix issue with blockdev tuning not reporting changes correctly • Update to the latest Salt bootstrap script • Update Linode salt-cloud driver to use either linode-python or apache-libcloud • Fix for s3.query function to return correct headers • Fix for s3.head returning None for ﬁles that exist • Fix the disable function in win_service module so that the service is disabled correctly • Fix race condition between master and minion when making a directory when both daemons are on the same host • Fix an issue where ﬁle.recurse would fail at the root of an svn repo when the repo has a mountpoint • Fix an issue where ﬁle.recurse would fail at the root of an hgfs repo when the repo has a mountpoint • Fix an issue where ﬁle.recurse would fail at the root of an gitfs repo when the repo has a mountpoint • Add status.master capability for Windows. • Various ﬁxes to ssh_known_hosts • Various ﬁxes to states.network bonding for Debian • e debian_ip.get_interfaces module no longer removes nameservers. • Beer integration between grains.virtual and systemd-detect-virt and virt-what • Fix traceback in sysctl.present state output • Fix for issue where mount.mounted would fail when superopts were not a part of mount.active (ex- tended=True). Also mount.mounted various ﬁxes for Solaris and FreeBSD. • Fix error where datetimes were not correctly safeguarded before being passed into msgpack. • Fix ﬁle.replace regressions. If the paern is not found, and if dry run is False, and if backup is False, and if a pre-existing ﬁle exists with extension .bak, then that backup ﬁle will be overwrien. is backup behavior is a result of how ﬁleinput works. Fixing it requires either passing through the ﬁle twice (the ﬁrst time only to search for content and set a ﬂag), or rewriting ﬁle.replace so it doesn't use ﬁleinput • VCS ﬁlreserver ﬁxes/optimizations • Catch ﬁleserver conﬁguration errors on master start • Raise errors on invalid gitfs conﬁgurations • set_locale when locale ﬁle does not exist (Redhat family) • Fix to correctly count active devices when created mdadm array with spares</p><p>26.2. Previous Releases 1357 Salt Documentation, Release 2014.7.6</p><p>• Fix to correctly target minions in batch mode • Support ssh:// urls using the gitfs dulwhich backend • New ﬁleserver runner • Fix various bugs with argument parsing to the publish module. • Fix disk.usage for Synology OS • Fix issue with tags occurring twice with docker.pulled • Fix incorrect key error in SMTP returner • Fix condition which would remount loopback ﬁlesystems on every state run • Remove requsites from listens aer they are called in the state system • Make system implementation of service.running aware of legacy service calls • Fix issue where publish.publish would not handle duplicate responses gracefully. • Accept Kali Linux for aptpkg salt execution module • Fix bug where cmd.which could not handle a dirname as an argument • Fix issue in ps.pgrep where exceptions were thrown on Windows. Known issues: • In multimaster mode, a minion may become temporarily unresponsive if modules or pillars are refreshed at the same time that one or more masters are down. is can be worked around by seing `auth_timeout' and `auth_tries' down to shorter periods.</p><p>26.2.5 Salt 2014.7.4 Release Notes</p><p> release TBA Version 2014.7.4 is a bugﬁx release for 2014.7.0. Changes: • Multi-master minions mode no longer route ﬁleclient operations asymetrically. is ﬁxes the source of many multi-master bugs where the minion would become unrepsonsive from one or more masters. • Fix bug wherein network.iface could produce stack traces. • net.arp will no longer be made available unless arp is installed on the system. • Major performance improvements to Saltnado • Allow KVM module to operate under KVM itself or VMWare Fusion • Various ﬁxes to the Windows installation scripts • Fix issue where the syndic would not correctly propogate loads to the master job cache. • Improve error handling on invalid /etc/network/interfaces ﬁle in salt networking modules • Fix bug where a reponse status was not checked for in ﬁleclient.get_url • Enable eauth when running salt in batch mode • Increase timeout in Boto Route53 module • Fix bugs with Salt's `tar' module option parsing • Fix parsing of NTP servers on Windows</p><p>1358 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>• Fix issue with blockdev tuning not reporting changes correctly • Update to the latest Salt bootstrap script • Update Linode salt-cloud driver to use either linode-python or apache-libcloud • Fix for s3.query function to return correct headers • Fix for s3.head returning None for ﬁles that exist • Fix the disable function in win_service module so that the service is disabled correctly • Fix race condition between master and minion when making a directory when both daemons are on the same host • Fix an issue where ﬁle.recurse would fail at the root of an svn repo when the repo has a mountpoint • Fix an issue where ﬁle.recurse would fail at the root of an hgfs repo when the repo has a mountpoint • Fix an issue where ﬁle.recurse would fail at the root of an gitfs repo when the repo has a mountpoint • Add status.master capability for Windows. • Various ﬁxes to ssh_known_hosts • Various ﬁxes to states.network bonding for Debian • e debian_ip.get_interfaces module no longer removes nameservers. • Beer integration between grains.virtual and systemd-detect-virt and virt-what • Fix traceback in sysctl.present state output • Fix for issue where mount.mounted would fail when superopts were not a part of mount.active (ex- tended=True). Also mount.mounted various ﬁxes for Solaris and FreeBSD. • Fix error where datetimes were not correctly safeguarded before being passed into msgpack. • Fix ﬁle.replace regressions. If the paern is not found, and if dry run is False, and if backup is False, and if a pre-existing ﬁle exists with extension .bak, then that backup ﬁle will be overwrien. is backup behavior is a result of how ﬁleinput works. Fixing it requires either passing through the ﬁle twice (the ﬁrst time only to search for content and set a ﬂag), or rewriting ﬁle.replace so it doesn't use ﬁleinput • VCS ﬁlreserver ﬁxes/optimizations • Catch ﬁleserver conﬁguration errors on master start • Raise errors on invalid gitfs conﬁgurations • set_locale when locale ﬁle does not exist (Redhat family) • Fix to correctly count active devices when created mdadm array with spares • Fix to correctly target minions in batch mode • Support ssh:// urls using the gitfs dulwhich backend • New ﬁleserver runner • Fix various bugs with argument parsing to the publish module. • Fix disk.usage for Synology OS • Fix issue with tags occurring twice with docker.pulled • Fix incorrect key error in SMTP returner • Fix condition which would remount loopback ﬁlesystems on every state run • Remove requsites from listens aer they are called in the state system</p><p>26.2. Previous Releases 1359 Salt Documentation, Release 2014.7.6</p><p>• Make system implementation of service.running aware of legacy service calls • Fix issue where publish.publish would not handle duplicate responses gracefully. • Accept Kali Linux for aptpkg salt execution module • Fix bug where cmd.which could not handle a dirname as an argument • Fix issue in ps.pgrep where exceptions were thrown on Windows. Known issues: • In multimaster mode, a minion may become temporarily unresponsive if modules or pillars are refreshed at the same time that one or more masters are down. is can be worked around by seing `auth_timeout' and `auth_tries' down to shorter periods. • ere are known issues with batch mode operating on the incorrect number of minions. is bug can be patched with the change in Pull Request #22464. • e fun, state, and unless keywords are missing from the state internals, which can cause problems running some states. is bug can be patched with the change in Pull Request #22365.</p><p>26.2.6 Salt 2014.7.5 Release Notes</p><p> release TBA Version 2014.7.5 is a bugﬁx release for 2014.7.0. Changes: • Fixed a key error bug in salt-cloud • Updated man pages to beer match documentation • Fixed bug concerning high CPU usage with salt-ssh • Fixed bugs with remounting cvfs and fuse ﬁlesystems • Fixed bug with alowing requisite tracking of entire sls ﬁles • Fixed bug with aptpkg.mod_repo returning OK even if apt-add-repository fails • Increased frequency of ssh terminal output checking • Fixed malformed locale string in localmod module • Fixed checking of available version of package when accept_keywords were changed • Fixed bug to make git.latest work with empty repositories • Added **kwargs to service.mod_watch which removes warnings about enable and __reqs__ not being sup- ported by the function • Improved state comments to not grow so quickly on failed requisites • Added force argument to service to trigger force_reload • Fixed bug to andle pkgrepo keyids that have been converted to int • Fixed module.portage_conﬁg bug with appending accept_keywords • Fixed bug to correctly report disk usage on windows minion • Added the ability to specify key preﬁx for S3 ext_pillar • Fixed issues with batch mode operating on the incorrect number of minions • Fixed a bug with the proxmox cloud provider stacktracing on disk deﬁnition</p><p>1360 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>• Fixed a bug with the changes dictionary in the ﬁle state • Fixed the TCP keep alive seings to work beer with SREQ caching • Fixed many bugs within the iptables state and module • Fixed bug with states by adding fun, state, and unless to the state runtime internal keywords listing • Added ability to eAuth against Active Directory • Fixed some salt-ssh issues when running on Fedora 21 • Fixed grains.get_or_set_hash to work with multiple entries under same key • Added beer explanations and more examples of how the Reactor calls functions to docs • Fixed bug to not pass ex_conﬁg_drive to libcloud unless it's explicitly enabled • Fixed bug with pip.install on windows • Fixed bug where puppet.run always returns a 0 retcode • Fixed race condition bug with minion scheduling via pillar • Made eﬃciency improvements and bug ﬁxes to the windows installer • Updated environment variables to ﬁx bug with pygit2 when running salt as non-root user • Fixed cas behavior on data module -- data.cas was not saving changes • Fixed GPG rendering error • Fixed strace error in virt.query • Fixed stacktrace when running chef-solo command • Fixed possible bug wherein uncaught exceptions seem to make zmq3 tip over when threading is involved • Fixed argument passing to the reactor • Fixed glibc caching to prevent bug where salt-minion getaddrinfo in dns_check() never got updated name- servers Known issues: • In multimaster mode, a minion may become temporarily unresponsive if modules or pillars are refreshed at the same time that one or more masters are down. is can be worked around by seing `auth_timeout' and `auth_tries' down to shorter periods.</p><p>26.2.7 Salt 2014.7.6 Release Notes</p><p> release 2015-05-18 Version 2014.7.6 is a bugﬁx release for 2014.7.0. Changes: • salt.runners.cloud.action() has changed the fun keyword argument to func. Please update any calls to this function in the cloud runner. is release is a security release. A minor issue was found, as cited below: • CVE-2015-4017 -- Certiﬁcates are not veriﬁed when connecting to server in the Aliyun and Proxmox modules Only users of the Aliyun or Proxmox cloud modules are at risk. e vulnerability does not exist in the latest 2015.5.0 release of Salt.</p><p>26.2. Previous Releases 1361 Salt Documentation, Release 2014.7.6</p><p>26.2.8 Salt 2014.1.0 Release Notes - Codename Hydrogen</p><p>Note: Due to a change in master to minion communication, 2014.1.0 minions are not compatible with older-version masters. Please upgrade masters ﬁrst. More info on backwards-compatibility policy here, under the ``Upgrading Salt'' subheading.</p><p>Note: A change in the grammar in the state compiler makes module.run in requisites illegal syntax. Its use is replaced simply with the word module. In other words you will need to change requisites like this:</p><p> require: module.run: some_module_name</p><p> to:</p><p> require: module: some_module_name</p><p>is is a breaking change. We apologize for the inconvenience, we needed to do this to remove some ambiguity in parsing requisites.</p><p> release 2014-02-24 e 2014.1.0 release of Salt is a major release which not only increases stability but also brings new capabilities in virtualization, cloud integration, and more. is release brings a great focus on the expansion of testing making roughly double the coverage in the Salt tests, and comes with many new features. 2014.1.0 is the ﬁrst release to follow the new date-based release naming system. See the version numbers page for more details.</p><p>Major Features</p><p>Salt Cloud Merged into Salt</p><p>Salt Cloud is a tool for provisioning salted minions across various cloud providers. Prior to this release, Salt Cloud was a separate project but this marks its full integration with the Salt distribution. A Geing Started guide and additional documentation for Salt Cloud can be found here:</p><p>Google Compute Engine</p><p>Alongside Salt Cloud comes new support for the Google Compute Engine. Salt Stack can now deploy and control GCE virtual machines and the application stacks that they run. For more information on Salt Stack and GCE, please see this blog post. Documentation for Salt and GCE can be found here.</p><p>Salt Virt</p><p>Salt Virt is a cloud controller that supports virtual machine deployment, inspection, migration and integration with many aspects of Salt.</p><p>1362 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Salt Virt has undergone a major overhaul with this release and now supports many more features and includes a number of critical improvements.</p><p>Docker Integration</p><p>Salt now ships with states and an execution module to manage Docker containers.</p><p>Substantial Testing Expansion</p><p>Salt continues to increase its unit/regression test coverage. is release includes over 300 new tests.</p><p>BSD Package Management</p><p>BSD package management has been entirely rewrien. FreeBSD 9 and older now default to using pkg_add, while FreeBSD 10 and newer will use pkgng. FreeBSD 9 can be forced to use pkgng, however, by specifying the following option in the minion conﬁg ﬁle: providers: pkg: pkgng</p><p>In addition, support for installing soware from the ports tree has been added. See the documentation for the ports state and execution module for more information.</p><p>Network Management for Debian/Ubuntu</p><p>Initial support for management of network interfaces on Debian-based distros has been added. See the documenta- tion for the network state and the debian_ip for more information.</p><p>IPv6 Support for iptables State/Module</p><p>e iptables state and module now have IPv6 support. A new parameter family has been added to the states and execution functions, to distinguish between IPv4 and IPv6. e default value for this parameter is ipv4, specifying ipv6 will use ip6tables to manage ﬁrewall rules.</p><p>GitFS Improvements</p><p>Several performance improvements have been made to the Git fileserver backend. Additionally, ﬁle states can now use any any SHA1 commit hash as a ﬁleserver environment:</p><p>/etc/httpd/httpd.conf: file.managed: - source: salt://webserver/files/httpd.conf - saltenv: 45af879</p><p>is applies to the functions in the cp module as well: salt '*' cp.get_file salt://readme.txt /tmp/readme.txt saltenv=45af879</p><p>26.2. Previous Releases 1363 Salt Documentation, Release 2014.7.6</p><p>MinionFS</p><p>is new ﬁleserver backend allows ﬁles which have been pushed from the minion to the master (using cp.push) to be served up from the salt ﬁleserver. e path for these ﬁles takes the following format:</p><p> salt://minion-id/path/to/file</p><p> minion-id is the id of the ``source'' minion, the one from which the ﬁles were pushed to the master. /path/to/file is the full path of the ﬁle. e MinionFS Walkthrough contains a more thorough example of how to use this backend.</p><p> saltenv</p><p>To distinguish between ﬁleserver environments and execution functions which deal with environment variables, ﬁle- server environments are now speciﬁed using the saltenv parameter. env will continue to work, but is deprecated and will be removed in a future release.</p><p>Grains Caching</p><p>A caching layer has been added to the Grains system, which can help speed up minion startup. Disabled by default, it can be enabled by seing the minion conﬁg option grains_cache:</p><p> grains_cache: True</p><p># Seconds before grains cache is considered to be stale. grains_cache_expiration: 300</p><p>If set to True, the grains loader will read from/write to a msgpack-serialized ﬁle containing the grains data. Additional command-line parameters have been added to salt-call, mainly for testing purposes: • --skip-grains will completely bypass the grains loader when salt-call is invoked. • --refresh-grains-cache will force the grains loader to bypass the grains cache and refresh the grains, writing a new grains cache ﬁle.</p><p>Improved Command Logging Control</p><p>When using the cmd module, either on the CLI or when developing Salt execution modules, a new keyword argument output_loglevel allows for greater control over how (or even i) the command and its output are logged. For example:</p><p> salt '*' cmd.run 'tail /var/log/messages' output_loglevel=debug</p><p>e package management modules (apt, yumpkg, etc.) have been updated to log the copious output generated from these commands at loglevel debug.</p><p>Note: To keep a command from being logged, output_loglevel=quiet can be used. Prior to this release, this could be done using quiet=True. is argument is still supported, but will be removed in a future Salt release.</p><p>1364 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>PagerDuty Support</p><p>Initial support for ﬁring events via PagerDuty has been added. See the documentation for the pagerduty module.</p><p>Virtual Terminal</p><p>Sometimes the subprocess module is not good enough, and, in fact, not even askpass is. is virtual terminal is still in it's infant childhood, needs quite some love, and was originally created to replace askpass, but, while developing it, it immediately proved that it could do so much more. It's currently used by salt-cloud when bootstrapping salt on clouds which require the use of a password.</p><p>Proxy Minions</p><p>Initial basic support for Proxy Minions is in this release. Documentation can be found here. Proxy minions are a developing feature in Salt that enables control of devices that cannot run a minion. Examples include network gear like switches and routers that run a proprietary OS but oﬀer an API, or ``dumb'' devices that just don't have the horsepower or ability to handle a Python VM. Proxy minions can be diﬃcult to write, so a simple REST-based example proxy is included. A Python bole-based webserver can be found at hps://github.com/cro/salt-proxy-rest as an endpoint for this proxy. is is an ALPHA-quality feature. ere are a number of issues with it currently, mostly centering around process control, logging, and inability to work in a masterless conﬁguration.</p><p>Additional Bugfixes (Release Candidate Period)</p><p>Below are many of the ﬁxes that were implemented in salt during the release candidate phase. • Fix mount.mounted leaving conﬂicting entries in fstab (issue 7079) • Fix mysql returner serialization to use json (issue 9590) • Fix ZMQError: Operation cannot be accomplished in current state errors (issue 6306) • Rbenv and ruby improvements • Fix quoting issues with mysql port (issue 9568) • Update mount module/state to support multiple swap partitions (issue 9520) • Fix archive state to work with bsdtar • Clarify logs for minion ID caching • Add numeric revision support to git state (issue 9718) • Update master_uri with master_ip (issue 9694) • Add comment to Debian mod_repo (issue 9923) • Fix potential undeﬁned loop variable in rabbitmq state (issue 8703) • Fix for salt-virt runner to delete key on VM deletion • Fix for salt-run -d to limit results to speciﬁc runner or function (issue 9975) • Add tracebacks to jinja renderer when applicable (issue 10010) • Fix parsing in monit module (issue 10041)</p><p>26.2. Previous Releases 1365 Salt Documentation, Release 2014.7.6</p><p>• Fix highstate output from syndic minions (issue 9732) • iet logging when dealing with passwords/hashes (issue 10000) • Fix for multiple remotes in git_pillar (issue 9932) • Fix npm installed command (issue 10109) • Add safeguards for utf8 errors in zcbuildout module • Fix compound commands (issue 9746) • Add systemd notiﬁcation when master is started • Many doc improvements</p><p>26.2.9 Salt 2014.1.1 Release Notes</p><p> release 2014-03-18 Version 2014.1.1 is a bugﬁx release for 2014.1.0. e changes include: • Various doc ﬁxes, including up-to-date Salt Cloud installation documentation. • Renamed state.sls runner to state.orchestrate, to reduce confusion with the state.sls execution function • Fix various bugs in the dig module (issue 10367) • Add retry for query on certain EC2 status codes (issue 10154) • Fix various bugs in mongodb_user state module (issue 10430) • Fix permissions on ~/.salt_token (issue 10422) • Add PyObjects support • Fix launchctl module crash with missing ﬁles • Fix saltutil.find_job for Windows (issue 10581) • Fix OS detection for OpenSolaris (issue 10601) • Fix broken salt-ssh key_deploy • Add support for multiline cron comments (issue 10721) • Fix timezone module for Arch (issue 10789) • Fix symlink support for file.recurse (issue 10809) • Fix multi-master bugs (issue 10732 and issue 10969) • Fix ﬁle.patch to error when source ﬁle is unavailable (issue 10380) • Fix pkg to handle packages set as purge in pkg.installed (issue 10719) • Add zmqversion grain • Fix highstate summary for masterless minions (issue 10945) • Fix saltutil.find_job for 2014.1 masters talking to 0.17 minions (issue 11020) • Fix file.recurse states with trailing slashes in source (issue 11002) • Fix pkg states to allow pkgname.x86_64 (issue 7306) • Make iptables states set a default table for ﬂush (issue 11037) • Added iptables --reject-with aer ﬁnal iptables call in iptables states (issue:10757)</p><p>1366 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>• Fix improper passing of “family” in iptables states (issue 10774) • Fix traceback in iptables.insert states (issue 10988) • Fix zombie processes (issue 10867 and others) • Fix batch mode to obey --return seings (issue 9146) • Fix localclient issue that was causing batch mode breakage (issue 11094, issue 10470, and others) • Multiple salt-ssh ﬁxes • FreeBSD: look in /usr/local/etc/salt for conﬁguration by default, if installed using pip --editable. • Add a skip_suggestions parameter to pkg.installed states which allows pre-ﬂight check to be skipped (issue 11106) • Fixed tag-based gitfs ﬁleserver environments regression (issue 10956) • Yum: ﬁx cache of available pkgs not cleared when repos are changed (issue 11001) • Yum: ﬁx for plugin-provided repositories (i.e. RHN/Spacewalk) (issue 11145) • Fix regression in chocolatey.bootstrap (issue 10541) • Fix fail on unknown target in jobs runner (issue 11151) • Don’t log errors for commands which are expected to sometimes exit with non-zero exit status (issue 11154, issue 11090) • Fix test=True CLI override of conﬁg option (issue 10877) • Log sysctl key listing at loglevel TRACE (issue 10931)</p><p>26.2.10 Salt 2014.1.10 Release Notes</p><p> release 2014-08-01</p><p>Note: Version 2014.1.9 contained a regression which caused inaccurate Salt version detection, and thus was never packaged for general release. is version contains the version detection ﬁx, but is otherwise identical to 2014.1.9.</p><p>Version 2014.1.10 is another bugﬁx release for 2014.1.0. Changes include: • Ensure salt-ssh will not continue if permissions on a temporary directory are not correct. • Use the bootstrap script distributed with Salt instead of relying on an external resource • Remove unused testing code • Ensure salt states are placed into the .salt directory in salt-ssh • Use a randomized path for temporary ﬁles in a salt-cloud deployment • Clean any stale directories to ensure a fresh copy of salt-ssh during a deployment Salt 2014.1.10 ﬁxes security issues documented by CVE-2014-3563: ``Insecure tmp-ﬁle creation in seed.py, salt-ssh, and salt-cloud.'' Upgrading is recommended.</p><p>26.2.11 Salt 2014.1.11 Release Notes</p><p> release 2014-08-29 Version 2014.1.11 is another bugﬁx release for 2014.1.0. Changes include:</p><p>26.2. Previous Releases 1367 Salt Documentation, Release 2014.7.6</p><p>• Fix for minion_id with byte-order mark (BOM) (issue 12296) • Fix runas deprecation in at module • Fix trailing slash beavior for file.makedirs_ (issue 14019) • Fix chocolatey path (issue 13870) • Fix git_pillar inﬁnite loop issues (issue 14671) • Fix json outpuer null case • Fix for minion error if one of multiple masters are down (issue 14099)</p><p>26.2.12 Salt 2014.1.12 Release Notes</p><p> release 2014-10-08 Version 2014.1.12 is another bugﬁx release for 2014.1.0. Changes include: • Fix scp_file always failing (which broke salt-cloud) (issue 16437) • Fix regression in pillar in masterless (issue 16210, issue 16416, issue 16428)</p><p>26.2.13 Salt 2014.1.13 Release Notes</p><p> release 2014-10-14 Version 2014.1.13 is another bugﬁx release for 2014.1.0. Changes include: • Fix sftp_file by checking the exit status code of scp (which broke salt-cloud) (issue 16599)</p><p>26.2.14 Salt 2014.1.2 Release Notes</p><p> release 2014-04-15 Version 2014.1.2 is another bugﬁx release for 2014.1.0. e changes include: • Fix username detection when su'ed to root on FreeBSD (issue 11628) • Fix minionfs backend for ﬁle.recurse states • Fix 32-bit packages of diﬀerent arches than the CPU arch, on 32-bit RHEL/CentOS (issue 11822) • Fix bug with specifying alternate home dir on user creation (FreeBSD) (issue 11790) • Don’t reload site module on module refresh for MacOS • Fix regression with running execution functions in Pillar SLS (issue 11453) • Fix some modules missing from Windows installer • Don’t log an error for yum commands that return nonzero exit status on non-failure (issue 11645) • Fix bug in rabbitmq state (issue 8703) • Fix missing ssh conﬁg options (issue 10604) • Fix top.sls ordering (issue 10810 and issue 11691) • Fix salt-key --list all (issue 10982) • Fix win_servermanager install/remove function (issue 11038)</p><p>1368 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>• Fix interaction with tokens when running commands as root (issue 11223) • Fix overstate bug with find_job and **kwargs (issue 10503) • Fix saltenv for aptpkg.mod_repo from pkgrepo state • Fix environment issue causing ﬁle caching problems (issue 11189) • Fix bug in __parse_key in registry state (issue 11408) • Add minion auth retry on rejection (issue 10763) • Fix publish_session updating the encryption key (issue 11493) • Fix for bad AssertionError raised by GitPython (issue 11473) • Fix debian_ip to allow disabling and enabling networking on Ubuntu (issue 11164) • Fix potential memory leak caused by saved (and unused) events (issue 11582) • Fix exception handling in the MySQL module (issue 11616) • Fix environment-related error (issue 11534) • Include psutil on Windows • Add file.replace and file.search to Windows (issue 11471) • Add additional file module helpers to Windows (issue 11235) • Add pid to netstat output on Windows (issue 10782) • Fix Windows not caching new versions of installers in winrepo (issue 10597) • Fix hardcoded md5 hashing • Fix kwargs in salt-ssh (issue 11609) • Fix ﬁle backup timestamps (issue 11745) • Fix stacktrace on sys.doc with invalid eauth (issue 11293) • Fix git.latest with test=True (issue 11595) • Fix file.check_perms hardcoded follow_symlinks (issue 11387) • Fix certain pkg states for RHEL5/Cent5 machines (issue 11719)</p><p>26.2.15 Salt 2014.1.3 Release Notes</p><p> release 2014-04-15 Version 2014.1.3 is another bugﬁx release for 2014.1.0. It was created as a hotﬁx for a regression found in 2014.1.2, which was not distributed. e only change made was as follows: • Fix regression that caused saltutil.find_job to fail, causing premature terminations of salt CLI com- mands. Changes in the not-distributed 2014.1.2, also included in 2014.1.3: • Fix username detection when su'ed to root on FreeBSD (issue 11628) • Fix minionfs backend for ﬁle.recurse states • Fix 32-bit packages of diﬀerent arches than the CPU arch, on 32-bit RHEL/CentOS (issue 11822) • Fix bug with specifying alternate home dir on user creation (FreeBSD) (issue 11790) • Don’t reload site module on module refresh for MacOS</p><p>26.2. Previous Releases 1369 Salt Documentation, Release 2014.7.6</p><p>• Fix regression with running execution functions in Pillar SLS (issue 11453) • Fix some modules missing from Windows installer • Don’t log an error for yum commands that return nonzero exit status on non-failure (issue 11645) • Fix bug in rabbitmq state (issue 8703) • Fix missing ssh conﬁg options (issue 10604) • Fix top.sls ordering (issue 10810 and issue 11691) • Fix salt-key --list all (issue 10982) • Fix win_servermanager install/remove function (issue 11038) • Fix interaction with tokens when running commands as root (issue 11223) • Fix overstate bug with find_job and **kwargs (issue 10503) • Fix saltenv for aptpkg.mod_repo from pkgrepo state • Fix environment issue causing ﬁle caching problems (issue 11189) • Fix bug in __parse_key in registry state (issue 11408) • Add minion auth retry on rejection (issue 10763) • Fix publish_session updating the encryption key (issue 11493) • Fix for bad AssertionError raised by GitPython (issue 11473) • Fix debian_ip to allow disabling and enabling networking on Ubuntu (issue 11164) • Fix potential memory leak caused by saved (and unused) events (issue 11582) • Fix exception handling in the MySQL module (issue 11616) • Fix environment-related error (issue 11534) • Include psutil on Windows • Add file.replace and file.search to Windows (issue 11471) • Add additional file module helpers to Windows (issue 11235) • Add pid to netstat output on Windows (issue 10782) • Fix Windows not caching new versions of installers in winrepo (issue 10597) • Fix hardcoded md5 hashing • Fix kwargs in salt-ssh (issue 11609) • Fix ﬁle backup timestamps (issue 11745) • Fix stacktrace on sys.doc with invalid eauth (issue 11293) • Fix git.latest with test=True (issue 11595) • Fix file.check_perms hardcoded follow_symlinks (issue 11387) • Fix certain pkg states for RHEL5/Cent5 machines (issue 11719)</p><p>1370 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>26.2.16 Salt 2014.1.4 Release Notes</p><p> release 2014-05-05 Version 2014.1.4 is another bugﬁx release for 2014.1.0. Changes include: • Fix setup.py dependency issue (issue 12031) • Fix handling for IOErrors under certain circ*mstances (issue 11783 and issue 11853) • Fix fatal exception when /proc/1/cgroup is not readable (issue 11619) • Fix os grains for OpenSolaris (issue 11907) • Fix lvs.zero module argument pass-through (issue 9001) • Fix bug in debian_ip interaction with network.system state (issue 11164) • Remove bad binary package veriﬁcation code (issue 12177) • Fix traceback in solaris package installation (issue 12237) • Fix file.directory state symlink handling (issue 12209) • Remove external_ip grain • Fix file.managed makedirs issues (issue 10446) • Fix hang on non-existent Windows drive leer for file module (issue 9880) • Fix salt minion caching all users on the server (issue 9743) • Add strime formaing for ps.boot_time (issue 12428)</p><p>26.2.17 Salt 2014.1.5 Release Notes</p><p> release 2014-06-11 Version 2014.1.5 is another bugﬁx release for 2014.1.0. Changes include: • Add function for ﬁnding cached job on the minion • Fix iptables save ﬁle location for Debian (issue 11730) • Fix for minion caching jobs when master is down • Bump default syndic_wait to 5 to ﬁx syndic-related problems (issue 12262) • Add OpenBSD, FreeBSD, and NetBSD support for network.netstat (issue 12121) • Fix false positive error in logs for makeconf state (issue 9762) • Fix for yum fromrepo package installs when repo is disabled by default (issue 12466) • Fix for extra blank lines in file.blockreplace (issue 12422) • Fix grain detection for OpenVZ guests (issue 11877) • Fix get_dns_servers function for Windows win_dns_client • Use system locale for ports package installations • Use correct stop/restart procedure for Debian networking in debian_ip (issue 12614) • Fix for cmd_iter/cmd_iter_no_block blocking issues (issue 12617) • Fix traceback when syncing custom types (issue 12883)</p><p>26.2. Previous Releases 1371 Salt Documentation, Release 2014.7.6</p><p>• Fix cleaning directory symlinks in file.directory • Add performance optimizations for saltutil.sync_all and state.highstate • Fix possible error in saltutil.running • Fix for kmod modules with dashes (issue 13239) • Fix possible race condition for Windows minions in state module reloading (issue 12370) • Fix bug with roster for passwd option that is loaded as a non-string object (issue 13249) • Keep duplicate version numbers from showing up in pkg.list_pkgs output • Fixes for Jinja renderer, timezone module/state (issue 12724) • Fix timedatectl parsing for systemd&gt;=210 (issue 12728) • Fix saltenv being wrien to YUM repo conﬁg ﬁles (issue 12887) • Removed the deprecated external nodes classiﬁer (originally accessible by seing a value for external_nodes in the master conﬁguration ﬁle). Note that this functionality has been marked deprecated for some time and was replaced by the more general master tops system. • More robust escaping of ldap ﬁlter strings. • Fix trailing slash in gitfs_root causing ﬁles not to be available (issue 13185)</p><p>26.2.18 Salt 2014.1.6 Release Notes</p><p> release 2014-07-08 Version 2014.1.6 is another bugﬁx release for 2014.1.0. Changes include: • Fix extra iptables --help output (Sorry!) (issue 13648, issue 13507, issue 13527, issue 13607) • Fix mount.active for Solaris • Fix support for allow-hotplug statement in debian_ip network module • Add sqlite3 to esky builds • Fix jobs.active output (issue 9526) • Fix the virtual grain for Xen (issue 13534) • Fix eauth for batch mode (issue 9605) • Fix force-related issues with tomcat support (issue 12889) • Fix KeyError when cloud mapping • Fix salt-minion restart loop in Windows (issue 12086) • Fix detection of service virtual module on Fedora minions • Fix traceback with missing ipv4 grain (issue 13838) • Fix issue in roots backend with invalid data in mtime_map (issue 13836) • Fix traceback in jobs.active (issue 11151) • Fix master_tops and _ext_nodes issue (issue 13535, issue 13673)</p><p>1372 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>26.2.19 Salt 2014.1.7 Release Notes</p><p> release 2014-07-09 Version 2014.1.7 is another bugﬁx release for 2014.1.0. Changes include: • Fix batch mode regression (issue 14046) is release was a hotﬁx release for the regression listed above which was present in the 2014.1.6 release. e changes included in 2014.1.6 are listed below: • Fix extra iptables --help output (Sorry!) (issue 13648, issue 13507, issue 13527, issue 13607) • Fix mount.active for Solaris • Fix support for allow-hotplug statement in debian_ip network module • Add sqlite3 to esky builds • Fix jobs.active output (issue 9526) • Fix the virtual grain for Xen (issue 13534) • Fix eauth for batch mode (issue 9605) • Fix force-related issues with tomcat support (issue 12889) • Fix KeyError when cloud mapping • Fix salt-minion restart loop in Windows (issue 12086) • Fix detection of service virtual module on Fedora minions • Fix traceback with missing ipv4 grain (issue 13838) • Fix issue in roots backend with invalid data in mtime_map (issue 13836) • Fix traceback in jobs.active (issue 11151) • Fix master_tops and _ext_nodes issue (issue 13535, issue 13673)</p><p>26.2.20 Salt 2014.1.8 Release Notes</p><p> release 2014-07-30</p><p>Note: is release contained a regression which caused inaccurate Salt version detection, and thus was never packaged for general release. Please use version 2014.1.10 instead.</p><p>Version 2014.1.8 is another bugﬁx release for 2014.1.0. Changes include: • Ensure salt-ssh will not continue if permissions on a temporary directory are not correct. • Use the bootstrap script distributed with Salt instead of relying on an external resource • Remove unused testing code • Ensure salt states are placed into the .salt directory in salt-ssh • Use a randomized path for temporary ﬁles in a salt-cloud deployment • Clean any stale directories to ensure a fresh copy of salt-ssh during a deployment</p><p>26.2. Previous Releases 1373 Salt Documentation, Release 2014.7.6</p><p>26.2.21 Salt 2014.1.9 Release Notes</p><p> release 2014-07-31</p><p>Note: is release contained a regression which caused inaccurate Salt version detection, and thus was never packaged for general release. Please use version 2014.1.10 instead.</p><p>Note: Version 2014.1.8 contained a regression which caused inaccurate Salt version detection, and thus was never packaged for general release. is version contains the version detection ﬁx, but is otherwise identical to 2014.1.8.</p><p>Version 2014.1.9 is another bugﬁx release for 2014.1.0. Changes include: • Ensure salt-ssh will not continue if permissions on a temporary directory are not correct. • Use the bootstrap script distributed with Salt instead of relying on an external resource • Remove unused testing code • Ensure salt states are placed into the .salt directory in salt-ssh • Use a randomized path for temporary ﬁles in a salt-cloud deployment • Clean any stale directories to ensure a fresh copy of salt-ssh during a deployment</p><p>26.2.22 Salt 0.10.0 Release Notes</p><p> release 2012-06-16 0.10.0 has arrived! is release comes with MANY bug ﬁxes, and new capabilities which greatly enhance performance and reliability. is release is primarily a bug ﬁx release with many new tests and many repaired bugs. is release also introduces a few new key features which were brought in primarily to repair bugs and some limitations found in some of the components of the original architecture.</p><p>Major Features</p><p>Event System</p><p>e Salt Master now comes equipped with a new event system. is event system has replaced some of the back end of the Salt client and oﬀers the beginning of a system which will make plugging external applications into Salt. e event system relies on a local ZeroMQ publish socket and other processes can connect to this socket and listen for events. e new events can be easily managed via Salt's event library.</p><p>Unprivileged User Updates</p><p>Some enhancements have been added to Salt for running as a user other than root. ese new additions should make switching the user that the Salt Master is running as very painless, simply change the user option in the master conﬁguration and restart the master, Salt will take care of all of the particulars for you.</p><p>Peer Runner Execution</p><p>Salt has long had the peer communication system used to allow minions to send commands via the salt master. 0.10.0 adds a new capability here, now the master can be conﬁgured to allow for minions to execute Salt runners via the peer_run option in the salt master conﬁguration.</p><p>1374 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>YAML Parsing Updates</p><p>In the past the YAML parser for sls ﬁles would return the incorrect numbers when the ﬁle mode was set with a preceding 0. e YAML parser used in Salt has been modiﬁed to no longer convert these number into octal but to keep them as the correct value so that sls ﬁles can be a lile cleaner to write.</p><p>State Call Data Files</p><p>It was requested that the minion keep a local cache of the most recent executed state run. is has been added and now with state runs the data is stored in a msgpack ﬁle in the minion's cachedir.</p><p>Turning Oﬀ the Job Cache</p><p>A new option has been added to the master conﬁguration ﬁle. In previous releases the Salt client would look over the Salt job cache to read in the minion return data. With the addition of the event system the Salt client can now watch for events directly from the master worker processes. is means that the job cache is no longer a hard requirement. Keep in mind though, that turning oﬀ the job cache means that historic job execution data cannot be retrieved.</p><p>Test Updates</p><p>Minion Swarms Are Faster</p><p>To continue our eﬀorts with testing Salt's ability to scale the minionswarm script has been updated. e minion- swarm can now start up minions much faster than it could before and comes with a new feature allowing modules to be disabled, thus lowering the minion's footprint when making a swarm. ese new updates have allows us to test</p><p># python minionswarm.py -m 20 --master salt-master</p><p>Many Fixes</p><p>To get a good idea for the number of bugﬁxes this release oﬀers take a look at the closed tickets for 0.10.0, this is a very substantial update: hps://github.com/saltstack/salt/issues?milestone=12&amp;state=closed</p><p>Master and Minion Stability Fixes</p><p>As Salt deployments grow new ways to break Salt are discovered. 0.10.0 comes with a number of ﬁxes for the minions and master greatly improving Salt stability.</p><p>26.2.23 Salt 0.10.1 Release Notes</p><p> release 2012-06-19</p><p>26.2. Previous Releases 1375 Salt Documentation, Release 2014.7.6</p><p>26.2.24 Salt 0.10.2 Release Notes</p><p> release 2012-07-30 0.10.2 is out! is release comes with enhancements to the pillar interface, cleaner ways to access the salt-call capabilities in the API, minion data caching and the event system has been added to salt minions. ere have also been updates to the ZeroMQ functions, many more tests (thanks to sponsors, the code sprint and many contributors) and a swath of bug ﬁxes.</p><p>Major Features</p><p>Ext Pillar Modules</p><p>e ranks of available Salt modules directories sees a new member in 0.10.2. With the popularity of pillar a higher demand has arisen for ext_pillar interfaces to be more like regular Salt module additions. Now ext_pillar inter- faces can be added in the same way as other modules, just drop it into the pillar directory in the salt source.</p><p>Minion Events</p><p>In 0.10.0 an event system was added to the Salt master. 0.10.2 adds the event system to the minions as well. Now event can be published on a local minion as well. e minions can also send events back up to the master. is means that Salt is able to communicate individual events from the minions back up to the Master which are not associated with command.</p><p>Minion Data Caching</p><p>When pillar was introduced the landscape for available data was greatly enhanced. e minion's began sending grain data back to the master on a regular basis. e new conﬁg option on the master called minion_data_cache instructs the Salt master to maintain a cache of the minion's grains and pillar data in the cachedir. is option is turned oﬀ by default to avoid hiing the disk more, but when enabled the cache is used to make grain matching from the salt command more powerful, since the minions that will match can be predetermined.</p><p>Backup Files</p><p>By default all ﬁles replaced by the ﬁle.managed and ﬁle.recurse states we simply deleted. 0.10.2 adds a new option. By seing the backup option to minion the ﬁles are backed up before they are replaced. e backed up ﬁles are located in the cachedir under the ﬁle_backup directory. On a default system this will be at: /var/cache/salt/file_backup</p><p>Configuration files</p><p> salt-master and salt-minion automatically load additional conﬁguration ﬁles from master.d/*.conf respective minion.d/*.conf where master.d/minion.d is a directory in the same directory as the main conﬁguration ﬁle.</p><p>1376 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Salt Key Verification</p><p>A number of users complained that they had inadvertently deleted the wrong salt authentication keys. 0.10.2 now displays what keys are going to be deleted and veriﬁes that they are the keys that are intended for deletion.</p><p>Key auto-signing</p><p>If autosign_file is speciﬁed in the conﬁguration ﬁle incoming keys will be compared to the list of keynames in autosign_file. Regular expressions as well as globbing is supported. e ﬁle must only be writable by the user otherwise the ﬁle will be ignored. To relax the permission and allow group write access set the permissive_pki_access option.</p><p>Module changes</p><p>Improved OpenBSD support New modules for managing services and packages were provided by Joshua Elsasser to further improve the support for OpenBSD. Existing modules like the disk module were also improved to support OpenBSD.</p><p>SQL Modules e MySQL and PostgreSQL modules have both received a number of additions thanks to the work of Avi Marcus and Roman Imankulov.</p><p>ZFS Support on FreeBSD A new ZFS module has been added by Kurtis Velarde for FreeBSD supporting various ZFS operations like creating, extending or removing zpools.</p><p>Augeas A new Augeas module by Ulrich Dangel for editing and verifying conﬁg ﬁles.</p><p>Native Debian Service module e support for the Debian was further improved with an new service module for Debian by Ahmad Khayyat supporting disable and enable.</p><p>Cassandra Cassandra support has been added by Adam Garside. Currently only status and diagnostic information are supported.</p><p>Networking e networking support for RHEL has been improved and supports bonding support as well as zero- conf conﬁguration.</p><p>Monit Basic monit support by Kurtis Velarde to control services via monit. nzbget Basic support for controlling nzbget by Joseph Hall</p><p>Bluetooth Baisc bluez support for managing and controlling Bluetooth devices. Supports scanning as well as pairing/unpairing by Joseph Hall.</p><p>26.2. Previous Releases 1377 Salt Documentation, Release 2014.7.6</p><p>Test Updates</p><p>Consistency Testing</p><p>Another testing script has been added. A bug was found in pillar when many minions generated pillar data at the same time. e new consist.py script is the tests directory was created to reproduce bugs where data should always be consistent.</p><p>Many Fixes</p><p>To get a good idea for the number of bugﬁxes this release oﬀers take a look at the closed tickets for 0.10.2, this is a very substantial update: hps://github.com/saltstack/salt/issues?milestone=24&amp;page=1&amp;state=closed</p><p>Master and Minion Stability Fixes</p><p>As Salt deployments grow new ways to break Salt are discovered. 0.10.2 comes with a number of ﬁxes for the minions and master greatly improving Salt stability.</p><p>26.2.25 Salt 0.10.3 Release Notes</p><p> release 2012-09-30 e latest taste of Salt has come, this release has many ﬁxes and feature additions. Modiﬁcations have been made to make ZeroMQ connections more reliable, the beginning of the ACL system is in place, a new command line parsing system has been added, dynamic module distribution has become more environment aware, the new master_ﬁnger option and many more!</p><p>Major Features</p><p>ACL System</p><p>e new ACL system has been introduced. e ACL system allows for system users other than root to execute salt commands. Users can be allowed to execute speciﬁc commands in the same way that minions are opened up to the peer system. e conﬁguration value to open up the ACL system is called client_acl and is conﬁgured like so: client_acl: fred: - test..* - pkg.list_pkgs</p><p>Where fred is allowed access to functions in the test module and to the pkg.list_pkgs function.</p><p>1378 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Master Finger Option</p><p>e master_ﬁnger option has been added to improve the security of minion provisioning. e master_ﬁnger option allows for the ﬁngerprint of the master public key to be set in the conﬁguration ﬁle to double verify that the master is valid. is option was added in response to a motivation to pre-authenticate the master when provisioning new minions to help prevent man in the middle aacks in some situations.</p><p>Salt Key Fingerprint Generation</p><p>e ability to generate ﬁngerprints of keys used by Salt has been added to salt-key. e new option ﬁnger accepts the name of the key to generate and display a ﬁngerprint for.</p><p> salt-key -F master</p><p>Will display the ﬁngerprints for the master public and private keys.</p><p>Parsing System</p><p>Pedro Algavio, aka s0undt3ch, has added a substantial update to the command line parsing system that makes the help message output much cleaner and easier to search through. Salt parsers now have --versions-report besides usual --version info which you can provide when reporting any issues found.</p><p>Key Generation</p><p>We have reduced the requirements needed for salt-key to generate minion keys. You're no longer required to have salt conﬁgured and it's common directories created just to generate keys. is might prove useful if you're batch creating keys to pre-load on minions.</p><p>Startup States</p><p>A few conﬁguration options have been added which allow for states to be run when the minion daemon starts. is can be a great advantage when deploying with Salt because the minion can apply states right when it ﬁrst runs. To use startup states set the startup_states conﬁguration option on the minion to highstate.</p><p>New Exclude Declaration</p><p>Some users have asked about adding the ability to ensure that other sls ﬁles or ids are excluded from a state run. e exclude statement will delete all of the data loaded from the speciﬁed sls ﬁle or will delete the speciﬁed id:</p><p> exclude: - sls: http - id: /etc/vimrc</p><p>Max Open Files</p><p>While we're currently unable to properly handle ZeroMQ's abort signals when the max open ﬁles is reached, due to the way that's handled on ZeroMQ's, we have minimized the chances of this happening without at least warning the user.</p><p>26.2. Previous Releases 1379 Salt Documentation, Release 2014.7.6</p><p>More State Output Options</p><p>Some major changes have been made to the state output system. In the past state return data was printed in a very verbose fashion and only states that failed or made changes were printed by default. Now two options can be passed to the master and minion conﬁguration ﬁles to change the behavior of the state output. State output can be set to verbose (default) or non-verbose with the state_verbose option: state_verbose: False</p><p>It is noteworthy that the state_verbose option used to be set to False by default but has been changed to True by default in 0.10.3 due to many requests for the change. Te next option to be aware of new and called state_output. is option allows for the state output to be set to full (default) or terse. e full output is the standard state output, but the new terse output will print only one line per state making the output much easier to follow when executing a large state system. state_output: terse</p><p> state.file.append Improvements</p><p>e salt state ﬁle.append() tries not to append existing text. Previously the matching check was being made line by line. While this kind of check might be enough for most cases, if the text being appended was multi-line, the check would not work properly. is issue is now properly handled, the match is done as a whole ignoring any white space addition or removal except inside commas. For those thinking that, in order to properly match over multiple lines, salt will load the whole ﬁle into memory, that's not true. For most cases this is not important but an erroneous order to read a 4GB ﬁle, if not properly handled, like salt does, could make salt chew that amount of memory. Salt has a buﬀered ﬁle reader which will keep in memory a maximum of 256KB and iterates over the ﬁle in chunks of 32KB to test for the match, more than enough, if not, explain your usage on a ticket. With this change, also salt.modules.ﬁle.contains(), salt.modules.ﬁle.contains_regex(), salt.modules.ﬁle.contains_glob() and salt.utils.ﬁnd now do the searching and/or matching using the buﬀered chunks approach explained above. Two new keyword arguments were also added, makedirs and source. e ﬁrst, makedirs will create the necessary directories in order to append to the speciﬁed ﬁle, of course, it only applies if we're trying to append to a non-existing ﬁle on a non-existing directory:</p><p>/tmp/salttest/file-append-makedirs: file.append: text: foo makedirs: True</p><p>e second, source, allows one to append the contents of a ﬁle instead of specifying the text.</p><p>/tmp/salttest/file-append-source: file.append: - source: salt://testfile</p><p>1380 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Security Fix</p><p>A timing vulnerability was uncovered in the code which decrypts the AES messages sent over the network. is has been ﬁxed and upgrading is strongly recommended.</p><p>26.2.26 Salt 0.10.4 Release Notes</p><p> release 2012-10-23 Salt 0.10.4 is a monumental release for the Salt team, with two new module systems, many additions to allow granular access to Salt, improved platform support and much more. is release is also exciting because we have been able to shorten the release cycle back to under a month. We are working hard to keep up the aggressive pace and look forward to having releases happen more frequently! is release also includes a serious security ﬁx and all users are very strongly recommended to upgrade. As usual, upgrade the master ﬁrst, and then the minion to ensure that the process is smooth.</p><p>Major Features</p><p>External Authentication System</p><p>e new external authentication system allows for Salt to pass through authentication to any authentication system to determine if a user has permission to execute a Salt command. e Unix PAM system is the ﬁrst supported system with more to come! e external authentication system allows for speciﬁc users to be granted access to execute speciﬁc functions on speciﬁc minions. Access is conﬁgured in the master conﬁguration ﬁle, and uses the new access control system:</p><p> external_auth: pam: thatch: - 'web*': - test.* - network.*</p><p>e conﬁguration above allows the user thatch to execute functions in the test and network modules on minions that match the web* target.</p><p>Access Control System</p><p>All Salt systems can now be conﬁgured to grant access to non-administrative users in a granular way. e old conﬁguration continues to work. Speciﬁc functions can be opened up to speciﬁc minions from speciﬁc users in the case of external auth and client ACLs, and for speciﬁc minions in the case of the peer system. Access controls are conﬁgured like this:</p><p> client_acl: fred: - web\*: - pkg.list_pkgs - test.* - apache.*</p><p>26.2. Previous Releases 1381 Salt Documentation, Release 2014.7.6</p><p>Target by Network</p><p>A new matcher has been added to the system which allows for minions to be targeted by network. is new matcher can be called with the -S ﬂag on the command line and is available in all places that the matcher system is available. Using it is simple:</p><p>$ salt -S '192.168.1.0/24' test.ping $ salt -S '192.168.1.100' test.ping</p><p>Nodegroup Nesting</p><p>Previously a nodegroup was limited by not being able to include another nodegroup, this restraint has been lied and now nodegroups will be expanded within other nodegroups with the N@ classiﬁer.</p><p>Salt Key Delete by Glob</p><p>e ability to delete minion keys by glob has been added to salt-key. To delete all minion keys whose minion name starts with `web':</p><p>$ salt-key -d 'web*'</p><p>Master Tops System</p><p>e external_nodes system has been upgraded to allow for modular subsystems to be used to generate the top ﬁle data for a highstate run. e external_nodes option still works but will be deprecated in the future in favor of the new master_tops option. Example of using master_tops: master_tops: ext_nodes: cobbler-external-nodes</p><p>Next Level Solaris Support</p><p>A lot of work has been put into improved Solaris support by Romeo eriault. Packaging modules (pkgadd/pkgrm and pkgutil) and states, cron support and user and group management have all been added and improved upon. ese additions along with SMF (Service Management Facility) service support and improved Solaris grain detection in 0.10.3 add up to Salt becoming a great tool to manage Solaris servers with.</p><p>Security</p><p>A vulnerability in the security handshake was found and has been repaired, old minions should be able to connect to a new master, so as usual, the master should be updated ﬁrst and then the minions.</p><p>1382 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Pillar Updates</p><p>e pillar communication has been updated to add some extra levels of veriﬁcation so that the intended minion is the only one allowed to gather the data. Once all minions and the master are updated to salt 0.10.4 please activate pillar 2 by changing the pillar_version in the master conﬁg to 2. is will be set to 2 by default in a future release.</p><p>26.2.27 Salt 0.10.5 Release Notes</p><p> release 2012-11-15 Salt 0.10.5 is ready, and comes with some great new features. A few more interfaces have been modularized, like the outpuer system. e job cache system has been made more powerful and can now store and retrieve jobs archived in external databases. e returner system has been extended to allow minions to easily retrieve data from a returner interface. As usual, this is an exciting release, with many noteworthy additions!</p><p>Major Features</p><p>External Job Cache</p><p>e external job cache is a system which allows for a returner interface to also act as a job cache. is system is intended to allow users to store job information in a central location for longer periods of time and to make the act of looking up information from jobs executed on other minions easier. Currently the external job cache is supported via the mongo and redis returners:</p><p> ext_job_cache: redis redis.host: salt</p><p>Once the external job cache is turned on the new ret module can be used on the minions to retrieve return information from the job cache. is can be a great way for minions to respond and react to other minions.</p><p>OpenStack Additions</p><p>OpenStack integration with Salt has been moving forward at a blistering pace. e new nova, glance and keystone modules represent the beginning of ongoing OpenStack integration. e Salt team has had many conversations with core OpenStack developers and is working on linking to OpenStack in powerful new ways.</p><p>Wheel System</p><p>A new API was added to the Salt Master which allows the master to be managed via an external API. is new system allows Salt API to easily hook into the Salt Master and manage conﬁgs, modify the state tree, manage the pillar and more. e main motivation for the wheel system is to enable features needed in the upcoming web UI so users can manage the master just as easily as they manage minions. e wheel system has also been hooked into the external auth system. is allows speciﬁc users to have granular access to manage components of the Salt Master.</p><p>26.2. Previous Releases 1383 Salt Documentation, Release 2014.7.6</p><p>Render Pipes</p><p>Jack Kuan has added a substantial new feature. e render pipes system allows Salt to treat the render system like unix pipes. is new system enables sls ﬁles to be passed through speciﬁc render engines. While the default renderer is still recommended, diﬀerent engines can now be more easily merged. So to pipe the output of Mako used in YAML use this shebang line: #!mako|yaml</p><p>Salt Key Overhaul</p><p>e Salt Key system was originally developed as only a CLI interface, but as time went on it was pressed into becoming a clumsy API. is release marks a complete overhaul of Salt Key. Salt Key has been rewrien to function purely from an API and to use the outpuer system. e beneﬁt here is that the outpuer system works much more cleanly with Salt Key now, and the internals of Salt Key can be used much more cleanly.</p><p>Modular Outpuers</p><p>e outpuer system is now loaded in a modular way. is means that output systems can be more easily added by dropping a python ﬁle down on the master that contains the function output.</p><p>Gzip from Fileserver</p><p>Gzip compression has been added as an option to the cp.get_ﬁle and cp.get_dir commands. is will make ﬁle transfers more eﬃcient and faster, especially over slower network links.</p><p>Unified Module Configuration</p><p>In past releases of Salt, the minions needed to be conﬁgured for certain modules to function. is was diﬃcult because it required pre-conﬁguring the minions. 0.10.5 changes this by making all module conﬁgs on minions search the master conﬁg ﬁle for values. Now if a single database server is needed, then it can be deﬁned in the master conﬁg and all minions will become aware of the conﬁguration value.</p><p>Salt Call Enhancements</p><p>e salt-call command has been updated in a few ways. Now, salt-call can take the --return option to send the data to a returner. Also, salt-call now reports executions in the minion proc system, this allows the master to be aware of the operation salt-call is running.</p><p>Death to pub_refresh and sub_timeout</p><p>e old conﬁguration values pub_refresh and sub_timeout have been removed. ese options were in place to allevi- ate problems found in earlier versions of ZeroMQ which have since been ﬁxed. e continued use of these options has proven to cause problems with message passing and have been completely removed.</p><p>1384 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Git Revision Versions</p><p>When running Salt directly from git (for testing or development, of course) it has been diﬃcult to know exactly what code is being executed. e new versioning system will detect the git revision when building and how many commits have been made since the last release. A release from git will look like this: 0.10.4-736-gec74d69</p><p>Svn Module Addition</p><p>Anthony Cornehl (twinshadow) contributed a module that adds Subversion support to Salt. is great addition helps round out Salt's VCS support.</p><p>Noteworthy Changes</p><p>Arch Linux Defaults to Systemd</p><p>Arch Linux recently changed to use systemd by default and discontinued support for init scripts. Salt has followed suit and defaults to systemd now for managing services in Arch.</p><p>Salt, Salt Cloud and Openstack</p><p>With the releases of Salt 0.10.5 and Salt Cloud 0.8.2, OpenStack becomes the ﬁrst (non-OS) piece of soware to include support both on the user level (with Salt Cloud) and the admin level (with Salt). We are excited to continue to extend support of other platforms at this level.</p><p>26.2.28 Salt 0.11.0 Release Notes</p><p> release 2012-12-14 Salt 0.11.0 is here, with some highly sought aer and exciting features. ese features include the new overstate system, the reactor system, a new state run scope component called __context__, the beginning of the search system (still needs a great deal of work), multiple package states, the MySQL returner and a beer system to arbitrarily reference outpuers. It is also noteworthy that we are changing how we mark release numbers. For the life of the project we have been pushing every release with features and ﬁxes as point releases. We will now be releasing point releases for only bug ﬁxes on a more regular basis and major feature releases on a slightly less regular basis. is means that the next release will be a bugﬁx only release with a version number of 0.11.1. e next feature release will be named 0.12.0 and will mark the end of life for the 0.11 series.</p><p>Major Features</p><p>OverState</p><p>e overstate system is a simple way to manage rolling state executions across many minions. e overstate allows for a state to depend on the successful completion of another state.</p><p>26.2. Previous Releases 1385 Salt Documentation, Release 2014.7.6</p><p>Reactor System</p><p>e new reactor system allows for a reactive logic engine to be created which can respond to events within a salted environment. e reactor system uses sls ﬁles to match events ﬁred on the master with actions, enabling Salt to react to problems in an infrastructure. Your load-balanced group of webservers is under extra load? Spin up a new VM and add it to the group. Your ﬁleserver is ﬁlling up? Send a notiﬁcation to your sysadmin on call. e possibilities are endless!</p><p>Module Context</p><p>A new component has been added to the module loader system. e module context is a data structure that can hold objects for a given scope within the module. is allows for components that are initialized to be stored in a persistent context which can greatly speed up ongoing connections. Right now the best example can be found in the cp execution module.</p><p>Multiple Package Management</p><p>A long desired feature has been added to package management. By deﬁnition Salt States have always installed packages one at a time. On most platforms this is not the fastest way to install packages. Erik Johnson, aka ter- minalmage, has modiﬁed the package modules for many providers and added new capabilities to install groups of packages. ese package groups can be deﬁned as a list of packages available in repository servers: python_pkgs: pkg.installed: - pkgs: - python-mako - whoosh - python-git or specify based on the location of speciﬁc packages: python_pkgs: pkg.installed: - sources: - python-mako: http://some-rpms.org/python-mako.rpm - whoosh: salt://whoosh/whoosh.rpm - python-git: ftp://companyserver.net/python-git.rpm</p><p>Search System</p><p>e bones to the search system have been added. is is a very basic interface that allows for search backends to be added as search modules. e ﬁrst supported search module is the whoosh search backend. Right now only the basic paths for the search system are in place, making this very experimental. Further development will involve improving the search routines and index routines for whoosh and other search backends. e search system has been made to allow for searching through all of the state and pillar ﬁles, conﬁguration ﬁles and all return data from minion executions.</p><p>1386 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Notable Changes</p><p>All previous versions of Salt have shared many directories between the master and minion. e default locations for keys, cached data and sockets has been shared by master and minion. is has created serious problems with running a master and a minion on the same systems. 0.11.0 changes the defaults to be separate directories. Salt will also aempt to migrate all of the old key data into the correct new directories, but if it is not successful it may need to be done manually. If your keys exhibit issues aer updating make sure that they have been moved from /etc/salt/pki to /etc/salt/pki/{master,minion}. e old setup will look like this:</p><p>/etc/salt/pki |-- master.pem |-- master.pub |-- minions | `-- ragnarok.saltstack.net |-- minions_pre |-- minion.pem |-- minion.pub |-- minion_master.pub |-- minions_pre `-- minions_rejected</p><p>With the accepted minion keys in /etc/salt/pki/minions, the new setup places the accepted minion keys in /etc/salt/pki/master/minions.</p><p>/etc/salt/pki |-- master | |-- master.pem | |-- master.pub | |-- minions | | `-- ragnarok.saltstack.net | |-- minions_pre | `-- minions_rejected |-- minion | |-- minion.pem | |-- minion.pub | `-- minion_master.pub</p><p>26.2.29 Salt 0.11.1 Release Notes</p><p> release 2012-12-19</p><p>26.2.30 Salt 0.12.0 Release Notes</p><p> release 2013-01-15 Another feature release of Salt is here! Some exciting additions are included with more ways to make salt modular and even easier management of the salt ﬁle server.</p><p>26.2. Previous Releases 1387 Salt Documentation, Release 2014.7.6</p><p>Major Features</p><p>Modular Fileserver Backend</p><p>e new modular ﬁleserver backend allows for any external system to be used as a salt ﬁle server. e main beneﬁt here is that it is now possible to tell the master to directly use a git remote location, or many git remote locations, automatically mapping git branches and tags to salt environments.</p><p>Windows is First Class!</p><p>A new Salt Windows installer is now available! Much work has been put in to improve Windows support. With this much easier method of geing Salt on your Windows machines, we hope even more development and progress will occur. Please ﬁle bug reports on the Salt GitHub repo issue tracker so we can continue improving. One thing that is missing on Windows that Salt uses extensively is a soware package manager and a soware package repository. e Salt pkg state allows sys admins to install soware across their infrastructure and across operating systems. Soware on Windows can now be managed in the same way. e SaltStack team built a package manager that interfaces with the standard Salt pkg module to allow for installing and removing soware on Windows. In addition, a soware package repository has been built on top of the Salt ﬁleserver. A small YAML ﬁle provides the information necessary for the package manager to install and remove soware. An interesting feature of the new Salt Windows soware package repository is that one or more remote git reposi- tories can supplement the master's local repository. e repository can point to soware on the master's ﬁleserver or on an HTTP, HTTPS, or p server.</p><p>New Default Outpuer</p><p>Salt displays data to the terminal via the outpuer system. For a long time the default outpuer for Salt has been the python prey print library. While this has been a generally reasonable outpuer, it did have many failings. e new default outpuer is called ``nested'', it recursively scans return data structures and prints them out cleanly. If the result of the new nested outpuer is not desired any other outpuer can be used via the --out option, or the output option can be set in the master and minion conﬁgs to change the default outpuer.</p><p>Internal Scheduler</p><p>e internal Salt scheduler is a new capability which allows for functions to be executed at given intervals on the minion, and for runners to be executed at given intervals on the master. e scheduler allows for sequences such as executing state runs (locally on the minion or remotely via an overstate) or continually gathering system data to be run at given intervals. e conﬁguration is simple, add the schedule option to the master or minion conﬁg and specify jobs to run, this in the master conﬁg will execute the state.over runner every 60 minutes: schedule: overstate: function: state.over minutes: 60</p><p>is example for the minion conﬁguration will execute a highstate every 30 minutes:</p><p>1388 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p> schedule: highstate: function: state.highstate minutes: 30</p><p>Optional DSL for SLS Formulas</p><p>Jack Kuan, our renderer expert, has created something that is astonishing. Salt, now comes with an optional Python based DSL, this is a very powerful interface that makes writing SLS ﬁles in pure python easier than it was with the raw py renderer. As usual this can be used with the renderer shebang line, so a single sls can be wrien with the DSL if pure python power is needed while keeping other sls ﬁles simple with YAML.</p><p>Set Grains Remotely</p><p>A new execution function and state module have been added that allows for grains to be set on the minion. Now grains can be set via a remote execution or via states. Use the grains.present state or the grains.setval execution functions.</p><p>Gentoo Additions</p><p>Major additions to Gentoo speciﬁc components have been made. e encompasses executions modules and states ranging from supporting the make.conf ﬁle to tools like layman.</p><p>26.2.31 Salt 0.12.1 Release Notes</p><p> release 2013-01-21</p><p>26.2.32 Salt 0.13.0 Release Notes</p><p> release 2013-02-12 e lucky number 13 has turned the corner! From CLI notiﬁcations when quiing a salt command, to substantial improvements on Windows, Salt 0.13.0 has arrived!</p><p>Major Features</p><p>Improved file.recurse Performance</p><p>e ﬁle.recurse system has been deployed and used in a vast array of situations. Fixes to the ﬁle state and module have led towards opening up new ways of running ﬁle.recurse to make it faster. Now the ﬁle.recurse state will download fewer ﬁles and will run substantially faster.</p><p>Windows Improvements</p><p>Minion stability on Windows has improved. Many ﬁle operations, including ﬁle.recurse, have been ﬁxed and im- proved. e network module works beer, to include network.interfaces. Both 32bit and 64bit installers are now available.</p><p>26.2. Previous Releases 1389 Salt Documentation, Release 2014.7.6</p><p>Nodegroup Targeting in Peer System</p><p>In the past, nodegroups were not available for targeting via the peer system. is has been ﬁxed, allowing the new nodegroup expr_form argument for the publish.publish function: salt-call publish.publish group1 test.ping expr_form=nodegroup</p><p>Blacklist Additions</p><p>Additions allowing more granular blacklisting are available in 0.13.0. e ability to blacklist users and functions in client_acl have been added, as well as the ability to exclude state formulas from the command line.</p><p>Command Line Pillar Embedding</p><p>Pillar data can now be embedded on the command line when calling state.sls and state.highstate. is allows for on the ﬂy changes or seings to pillar and makes parameterizing state formulas even easier. is is done via the keyword argument: salt '*' state.highstate pillar='{"cheese": "spam"}'</p><p>e above example will extend the existing pillar to hold the cheese key with a value of spam. If the cheese key is already speciﬁed in the minion's pillar then it will be overwrien.</p><p>CLI Notifications</p><p>In the past hiing ctrl-C and quiing from the salt command would just drop to a shell prompt, this caused confusion with users who expected the remote executions to also quit. Now a message is displayed showing what command can be used to track the execution and what the job id is for the execution.</p><p>Version Specification in Multiple-Package States</p><p>Versions can now be speciﬁed within multiple-package pkg.installed states. An example can be found below: mypkgs: pkg.installed: - pkgs: - foo - bar: 1.2.3-4 - baz</p><p>Noteworthy Changes</p><p>e conﬁguration subsystem in Salt has been overhauled to make the opts dict used by Salt applications more portable, the problem is that this is an incompatible change with salt-cloud, and salt-cloud will need to be updated to the latest git to work with Salt 0.13.0. Salt Cloud 0.8.5 will also require Salt 0.13.0 or later to function. e SaltStack team is sorry for the inconvenience here, we work hard to make sure these sorts of things do not happen, but sometimes hard changes get in.</p><p>1390 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>26.2.33 Salt 0.13.1 Release Notes</p><p> release 2013-02-15</p><p>26.2.34 Salt 0.13.2 Release Notes</p><p> release 2013-03-13</p><p>26.2.35 Salt 0.13.3 Release Notes</p><p> release 2013-03-18</p><p>26.2.36 Salt 0.14.0 Release Notes</p><p> release 2013-03-23 Salt 0.14.0 is here! is release was held up primarily by PyCon, Scale and illness, but has arrived! 0.14.0 comes with many new features and is breaking ground for Salt in the area of cloud management with the introduction of Salt providing basic cloud controller functionality.</p><p>Major Features</p><p>Salt - As a Cloud Controller</p><p>is is the ﬁrst primitive inroad to using Salt as a cloud controller is available in 0.14.0. Be advised that this is alpha, only tested in a few very small environments. e cloud controller is built using kvm and libvirt for the hypervisors. Hypervisors are autodetected as minions and only need to have libvirt running and kvm installed to function. e features of the Salt cloud controller are as follows: • Basic vm discovery and reporting • Creation of new virtual machines • Seeding virtual machines with Salt via qemu-nbd or libguestfs • Live migration (shared and non shared storage) • Delete existing VMs It is noteworthy that this feature is still Alpha, meaning that all rights are reserved to change the interface if needs be in future releases!</p><p>Libvirt State</p><p>One of the problems with libvirt is management of certiﬁcates needed for live migration and cross communica- tion between hypervisors. e new libvirt state makes the Salt Master hold a CA and manage the signing and distribution of keys onto hypervisors, just add a call to the libvirt state in the sls formulas used to set up a hypervisor: libvirt_keys: libvirt.keys</p><p>26.2. Previous Releases 1391 Salt Documentation, Release 2014.7.6</p><p>New get Functions</p><p>An easier way to manage data has been introduced. e pillar, grains and conﬁg execution modules have been extended with the new get function. is function works much in the same way as the get method in a python dict, but with an enhancement, nested dict components can be extracted using a : delimiter. If a structure like this is in pillar: foo: bar: baz: quo</p><p>Extracting it from the raw pillar in an sls formula or ﬁle template is done this way:</p><p>{{ pillar['foo']['bar']['baz'] }}</p><p>Now with the new get function the data can be safely gathered and a default can be set allowing the template to fall back if the value is not available:</p><p>{{ salt['pillar.get']('foo:bar:baz', 'qux') }}</p><p>is makes handling nested structures much easier, and defaults can be cleanly set. is new function is being used extensively in the new formulae repository of salt sls formulas.</p><p>26.2.37 Salt 0.14.1 Release Notes</p><p> release 2013-04-13</p><p>26.2.38 Salt 0.15.0 Release Notes</p><p> release 2013-05-03 e many new features of Salt 0.15.0 have arrived! Salt 0.15.0 comes with many smaller features and a few larger ones. ese features range from beer debugging tools to the new Salt Mine system.</p><p>Major Features</p><p>The Salt Mine</p><p>First there was the peer system, allowing for commands to be executed from a minion to other minions to gather data live. en there was the external job cache for storing and accessing long term data. Now the middle ground is being ﬁlled in with the Salt Mine. e Salt Mine is a system used to execute functions on a regular basis on minions and then store only the most recent data from the functions on the master, then the data is looked up via targets. e mine caches data that is public to all minions, so when a minion posts data to the mine all other minions can see it.</p><p>1392 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>IPV6 Support</p><p>0.13.0 saw the addition of initial IPV6 support but errors were encountered and it needed to be stripped out. is time the code covers more cases and must be explicitly enabled. But the support is much more extensive than before.</p><p>Copy Files From Minions to the Master</p><p>Minions have long been able to copy ﬁles down from the master ﬁle server, but until now ﬁles could not be easily copied from the minion up to the master. A new function called cp.push can push ﬁles from the minions up to the master server. e uploaded ﬁles are then cached on the master in the master cachedir for each minion.</p><p>Beer Template Debugging</p><p>Template errors have long been a burden when writing states and pillar. 0.15.0 will now send the compiled template data to the debug log, this makes tracking down the intermient stage templates much easier. So running state.sls or state.highstate with -l debug will now print out the rendered templates in the debug information.</p><p>State Event Firing</p><p>e state system is now more closely tied to the master's event bus. Now when a state fails the failure will be ﬁred on the master event bus so that the reactor can respond to it.</p><p>Major Syndic Updates</p><p>e Syndic system has been basically re-wrien. Now it runs in a completely asynchronous way and functions primarily as an event broker. is means that the events ﬁred on the syndic are now pushed up to the higher level master instead of the old method used which waited for the client libraries to return. is makes the syndic much more accurate and powerful, it also means that all events ﬁred on the syndic master make it up the pipe as well making a reactor on the higher level master able to react to minions further downstream.</p><p>Peer System Updates</p><p>e Peer System has been updated to run using the client libraries instead of ﬁring directly over the publish bus. is makes the peer system much more consistent and reliable.</p><p>Minion Key Revocation</p><p>In the past when a minion was decommissioned the key needed to be manually deleted on the master, but now a function on the minion can be used to revoke the calling minion's key:</p><p>$ salt-call saltutil.revoke_auth</p><p>26.2. Previous Releases 1393 Salt Documentation, Release 2014.7.6</p><p>Function Return Codes</p><p>Functions can now be assigned numeric return codes to determine if the function executed successfully. While not all functions have been given return codes, many have and it is an ongoing eﬀort to ﬁll out all functions that might return a non-zero return code.</p><p>Functions in Overstate</p><p>e overstate system was originally created to just manage the execution of states, but with the addition of return codes to functions, requisite logic can now be used with respect to the overstate. is means that an overstate stage can now run single functions instead of just state executions.</p><p>Pillar Error Reporting</p><p>Previously if errors surfaced in pillar, then the pillar would consist of only an empty dict. Now all data that was successfully rendered stays in pillar and the render error is also made available. If errors are found in the pillar, states will refuse to run.</p><p>Using Cached State Data</p><p>Sometimes states are executed purely to maintain a speciﬁc state rather than to update states with new conﬁgs. is is grounds for the new cached state system. By adding cache=True to a state call the state will not be generated fresh from the master but the last state data to be generated will be used. If no previous state data is available then fresh data will be generated.</p><p>Monitoring States</p><p>e new monitoring states system has been started. is is very young but allows for states to be used to conﬁgure monitoring routines. So far only one monitoring state is available, the disk.status state. As more capabilities are added to Salt UI the monitoring capabilities of Salt will continue to be expanded.</p><p>26.2.39 Salt 0.15.1 Release Notes</p><p> release 2013-05-08 e 0.15.1 release has been posted, this release includes ﬁxes to a number of bugs in 0.15.1 and a three security patches.</p><p>Security Updates</p><p>A number of security issues have been resolved via the 0.15.1 release.</p><p>Path Injection in Minion IDs</p><p>Salt masters did not properly validate the id of a connecting minion. is can lead to an aacker uploading ﬁles to the master in arbitrary locations. In particular this can be used to bypass the manual validation of new unknown minions. Exploiting this vulnerability does not require authentication. is issue aﬀects all known versions of Salt.</p><p>1394 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>is issue was reported by Ronald Volgers.</p><p>Pat e issue is ﬁxed in Salt 0.15.1. Updated packages are available in the usual locations. Speciﬁc commits: hps://github.com/saltstack/salt/commit/5427b9438e452a5a8910d9128c6aa45d8fd5d3 hps://github.com/saltstack/salt/commit/7560908ee62351769c3cd43b03d74c1ca772cc52 hps://github.com/saltstack/salt/commit/e200b8a7ﬀ53780124e08d2bdefde7587e52bfca</p><p>RSA Key Generation Fault</p><p>RSA key generation was done incorrectly, leading to very insecure keys. It is recommended to regenerate all RSA keys. is issue can be used to impersonate Salt masters or minions, or decrypt any transferred data. is issue can only be exploited by aackers who are able to observe or modify traﬃc between Salt minions and the legitimate Salt master. A tool was included in 0.15.1 to assist in mass key regeneration, the manage.regen_keys runner. is issue aﬀects all known versions of Salt. is issue was reported by Ronald Volgers.</p><p>Pat e issue is ﬁxed in Salt 0.15.1. Updated packages are available in the usual locations. Speciﬁc commits: hps://github.com/saltstack/salt/commit/5dd304276ba5745ec21fc1e6686a0b28da29e6fc</p><p>Command Injection Via ext_pillar</p><p>Arbitrary shell commands could be executed on the master by an authenticated minion through options passed when requesting a pillar. Ext pillar options have been restricted to only allow safe external pillars to be called when prompted by the minion. is issue aﬀects Salt versions from 0.14.0 to 0.15.0. is issue was reported by Ronald Volgers.</p><p>Pat e issue is ﬁxed in Salt 0.15.1. Updated packages are available in the usual locations. Speciﬁc commits: hps://github.com/saltstack/salt/commit/43d8c16bd26159d827d1a945c83ac28159ec5865</p><p>26.2.40 Salt 0.15.2 Release Notes</p><p> release 2013-05-29</p><p>26.2. Previous Releases 1395 Salt Documentation, Release 2014.7.6</p><p>26.2.41 Salt 0.15.3 Release Notes</p><p> release 2013-06-01</p><p>26.2.42 Salt 0.16.0 Release Notes</p><p> release 2013-07-01 e 0.16.0 release is an exciting one, with new features in master redundancy, and a new, powerful requisite.</p><p>Major Features</p><p>Multi-Master</p><p>is new capability allows for a minion to be actively connected to multiple salt masters at the same time. is allows for multiple masters to send out commands to minions and for minions to automatically reconnect to masters that have gone down. A tutorial is available to help get started here: Multi Master Tutorial</p><p>Prereq, the New Requisite</p><p>e new prereq requisite is very powerful! It allows for states to execute based on a state that is expected to make changes in the future. is allows for a change on the system to be preempted by another execution. A good example is needing to shut down a service before modifying ﬁles associated with it, allowing, for instance, a webserver to be shut down allowing a load balancer to stop sending requests while server side code is updated. In this case, the prereq will only run if changes are expected to happen in the prerequired state, and the prerequired state will always run aer the prereq state and only if the prereq state succeeds.</p><p>Peer System Improvements</p><p>e peer system has been revamped to make it more reliable, faster, and like the rest of Salt, async. e peer calls when an updated minion and master are used together will be much faster!</p><p>Relative Includes</p><p>e ability to include an sls relative to the deﬁned sls has been added, the new syntax id documented here: Includes</p><p>More State Output Options</p><p>e state_output option in the past only supported full and terse, 0.16.0 add the mixed and changes modes further reﬁning how states are sent to users' eyes.</p><p>1396 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Improved Windows Support</p><p>Support for Salt on Windows continues to improve. Soware management on Windows has become more seamless with Linux/UNIX/BSD soware management. Installed soware is now recognized by the short names deﬁned in the repository SLS. is makes it possible to run salt '*' pkg.version firefox and get back results from Windows and non-Windows minions alike. When templating ﬁles on Windows, Salt will now correctly use Windows appropriate line endings. is makes it much easier to edit and consume ﬁles on Windows. When using the cmd state the shell option now allows for specifying Windows Powershell as an alternate shell to execute cmd.run and cmd.script. is opens up Salt to all the power of Windows Powershell and its advanced Windows management capabilities. Several ﬁxes and optimizations were added for the Windows networking modules, especially when working with IPv6. A system module was added that makes it easy to restart and shutdown Windows minions. e Salt Minion will now look for its conﬁg ﬁle in c:\salt\conf by default. is means that it's no longer necessary to specify the -c option to specify the location of the conﬁg ﬁle when starting the Salt Minion on Windows in a terminal.</p><p>Muliple Targets for pkg.removed, pkg.purged States</p><p>Both pkg.removed and pkg.purged now support the pkgs argument, which allow for multiple packages to be targeted in a single state. is, as in pkg.installed, helps speed up these states by reducing the number of times that the package management tools (apt, yum, etc.) need to be run.</p><p>Random Times in Cron States</p><p>e temporal parameters in cron.present states (minute, hour, etc.) can now be randomized by using random instead of a speciﬁc value. For example, by using the random keyword in the minute parameter of a cron state, the same cron job can be pushed to hundreds or thousands of hosts, and they would each use a randomly-generated minute. is can be helpful when the cron job accesses a network resource, and it is not desirable for all hosts to run the job concurrently.</p><p>/path/to/cron/script: cron.present: - user: root - minute: random - hour: 2</p><p>Since Salt assumes a value of * for unspeciﬁed temporal parameters, adding a parameter to the state and seing it to random will change that value from * to a randomized numeric value. However, if that ﬁeld in the cron entry on the minion already contains a numeric value, then using the random keyword will not modify it.</p><p>Confirmation Prompt on Key Acceptance</p><p>When accepting new keys with salt-key -a minion-id or salt-key -A, there is now a prompt that will show the aﬀected keys and ask for conﬁrmation before proceeding. is prompt can be bypassed using the -y or --yes command line argument, as with other salt-key commands.</p><p>26.2. Previous Releases 1397 Salt Documentation, Release 2014.7.6</p><p>Support for Seing Password Hashes on BSD Minions</p><p>FreeBSD, NetBSD, and OpenBSD all now support seing passwords in user.present states.</p><p>26.2.43 Salt 0.16.1 Release Notes</p><p> release 2013-07-29</p><p>26.2.44 Salt 0.16.2 Release Notes</p><p> release 2013-08-01 Version 0.16.2 is a bugﬁx release for 0.16.0, and contains a number of ﬁxes.</p><p>Windows</p><p>• Only allow Administrator's group and SYSTEM user access to C:\salt. is eliminates a race condition where a non-admin user could modify a template or managed ﬁle before it is executed by the minion (which is running as an elevated user), thus avoiding a potential escalation of privileges. (issue 6361)</p><p>Grains</p><p>• Fixed detection of virtual grain on OpenVZ hardware nodes • Gracefully handle lsb_release data when it is enclosed in quotes • LSB grains are now preﬁxed with lsb_distrib_ instead of simply lsb_. e old naming is not preserved, so SLS may be aﬀected. • Improved grains detection on MacOS</p><p>Pillar</p><p>• Don't try to load git_pillar if not enabled in master conﬁg (issue 6052) • Functions pillar.item and pillar.items added for parity with grains.item/grains.items. e old function pillar.data is preserved for backwards compatibility. • Fixed minion traceback when Pillar SLS is malformed (issue 5910)</p><p>Peer Publishing</p><p>• More gracefully handle improperly quoted publish commands (issue 5958) • Fixed traceback when timeout speciﬁed via the CLI fo publish.publish, publish.full_data (issue 5959) • Fixed unintended change in output of publish.publish (issue 5928)</p><p>1398 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Minion</p><p>• Fixed salt-key usage in minionswarm script • ieted warning about SALT_MINION_CONFIG environment variable on minion startup and for CLI com- mands run via salt-call (issue 5956) • Added minion conﬁg parameter random_reauth_delay to stagger re-auth aempts when the minion is waiting for the master to approve its public key. is helps prevent SYN ﬂooding in larger environments.</p><p>User/Group Management</p><p>• Implement previously-ignored unique option for user.present states in FreeBSD • Report in state output when a group.present state aempts to use a gid in use by another group • Fixed regression that prevents a user.present state to set the password hash to the system default (i.e. an unset password) • Fixed multiple group.present states with the same group (issue 6439)</p><p>File Management</p><p>• Fixed ﬁle.mkdir seing incorrect permissions (issue 6033) • Fixed cleanup of source ﬁles for templates when /tmp is in ﬁle_roots (issue 6118) • Fixed caching of zero-byte ﬁles when a non-empty ﬁle was previously cached at the same path • Added HTTP authentication support to the cp module (issue 5641) • Diﬀs are now suppressed when binary ﬁles are changed</p><p>Package/Repository Management</p><p>• Fixed traceback when there is only one target for pkg.latest states • Fixed regression in detection of virtual packages (apt) • Limit number of pkg database refreshes to once per state.sls/state.highstate • YUM: Allow 32-bit packages with arches other than i686 to be managed on 64-bit systems (issue 6299) • Fixed incorrect reporting in pkgrepo.managed states (issue 5517) • Fixed 32-bit binary package installs on 64-bit RHEL-based distros, and added proper support for 32-bit packages on 64-bit Debian-based distros (issue 6303) • Fixed issue where requisites were inadvertently being put into YUM repo ﬁles (issue 6471)</p><p>Service Management</p><p>• Fixed inaccurate reporting of results in service.running states when the service fails to start (issue 5894) • Fixed handling of custom initscripts in RHEL-based distros so that they are immediately available, negating the need for a second state run to manage the service that the initscript controls</p><p>26.2. Previous Releases 1399 Salt Documentation, Release 2014.7.6</p><p>Networking</p><p>• Function network.hwaddr renamed to network.hw_addr to match network.ip_addrs and net- work.ip_addrs6. All three functions also now work without the underscore in the name, as well. • Fixed traceback in bridge.show when interface is not present (issue 6326)</p><p>SSH</p><p>• Fixed incorrect result reporting for some ssh_known_hosts.present states • Fixed inaccurate reporting when ssh_auth.present states are run with test=True, when rsa/dss is used for the enc param instead of ssh-rsa/ssh-dss (issue 5374) pip</p><p>• Properly handle -f lines in pip freeze output • Fixed regression in pip.installed states with specifying a requirements ﬁle (issue 6003) • Fixed use of editable argument in pip.installed states (issue 6025) • Deprecated runas parameter in execution function calls, in favor of user</p><p>MySQL</p><p>• Allow speciﬁcation of MySQL connection arguments via the CLI, overriding/bypassing minion conﬁg params • Allow mysql_user.present states to set a passwordless login (issue 5550) • Fixed endless loop when mysql.processlist is run (issue 6297)</p><p>PostgreSQL</p><p>• Fixed traceback in postgres.user_list (issue 6352)</p><p>Miscellaneous</p><p>• Don't allow npm states to be used if npm module is not available • Fixed alternatives.install states for which the target is a symlink (issue 6162) • Fixed traceback in sysbench module (issue 6175) • Fixed traceback in job cache • Fixed tempﬁle cleanup for windows • Fixed issue where SLS ﬁles using the pydsl renderer were not being run • Fixed issue where returners were being passed incorrect information (issue 5518) • Fixed traceback when numeric args are passed to cmd.script states • Fixed bug causing cp.get_dir to return more directories than expected (issue 6048) • Fixed traceback when supervisord.running states are run with test=True (issue 6053) • Fixed tracebacks when Salt encounters problems running rbenv (issue 5888)</p><p>1400 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>• Only make the monit module available if monit binary is present (issue 5871) • Fixed incorrect behavior of img.mount_image • Fixed traceback in tomcat.deploy_war in Windows • Don't re-write /etc/fstab if mount fails • Fixed tracebacks when Salt encounters problems running gem (issue 5886) • Fixed incorrect behavior of selinux.boolean states (issue 5912) • RabbitMQ: ote passwords to avoid symbols being interpolated by the shell (issue 6338) • Fixed tracebacks in extfs.mkfs and extfs.tune (issue 6462) • Fixed a regression with the module.run state where the m_name and m_fun arguments were being ignored (issue 6464)</p><p>26.2.45 Salt 0.16.3 Release Notes</p><p> release 2013-08-09 Version 0.16.3 is another bugﬁx release for 0.16.0. e changes include: • Various documentation ﬁxes • Fix proc directory regression (issue 6502) • Properly detect Linaro Linux (issue 6496) • Fix regressions in mount.mounted (issue 6522, issue 6545) • Skip malformed state requisites (issue 6521) • Fix regression in gitfs from bad import • Fix for watching prereq states (including recursive requisite error) (issue 6057) • Fix mod_watch not overriding prereq (issue 6520) • Don't allow functions which compile states to be called within states (issue 5623) • Return error for malformed top.sls (issue 6544) • Fix traceback in mysql.query • Fix regression in binary package installation for 64-bit packages on Debian-based Linux distros (issue 6563) • Fix traceback caused by running cp.push without having set file_recv in the master conﬁg ﬁle • Fix scheduler conﬁguration in pillar (issue 6201)</p><p>26.2.46 Salt 0.16.4 Release Notes</p><p> release 2013-09-07 Version 0.16.4 is another bugﬁx release for 0.16.0, likely to be the last before 0.17.0 is released. e changes include: • Multiple documentation improvements/additions • Added the osfinger and osarch grains • Properly handle 32-bit packages for debian32 on x86_64 (issue 6607) • Fix regression in yum package installation in CentOS 5 (issue 6677)</p><p>26.2. Previous Releases 1401 Salt Documentation, Release 2014.7.6</p><p>• Fix bug in hg.latest state that would erroneously delete directories (issue 6661) • Fix bug related to pid not existing for ps.top (issue 6679) • Fix regression in MySQL returner (issue 6695) • Fix IP addresses grains (ipv4 and ipv6) to include all addresses (issue 6656) • Fix regression preventing authenticated FTP (issue 6733) • Fix seing password for windows users (issue 6824) • Fix file.contains on values YAML parses as non-string (issue 6817) • Fix file.get_gid, file.get_uid, and file.chown for broken symlinks (issue 6826) • Fix comment for service reloads in service state (issue 6851)</p><p>26.2.47 Salt 0.17.0 Release Notes</p><p> release 2013-09-26 e 0.17.0 release is a very exciting release of Salt, this brings to Salt some very powerful new features and advances. e advances range from the state system to the test suite, covering new transport capabilities and making states easier and more powerful, to extending Salt Virt and much more! e 0.17.0 release will also be the last release of Salt to follow the old 0.XX.X numbering system, the next release of Salt will change the numbering to be date based following this format: <year>.<month>.<minor> So if the release happens in November of 2013 the number will be 13.11.0, the ﬁrst bugﬁx release will be 13.11.1 and so forth.</minor></month></year></p><p>Major Features</p><p>Halite</p><p>e new Halite web GUI is now available on PyPI. A great deal of work has been put into Halite to make it fully event driven and amazingly fast. e Halite UI can be started from within the Salt Master (aer being installed from PyPI), or standalone, and does not require an external database to run. It is very lightweight! is initial release of Halite is primarily the framework for the UI and the communication systems, making it easy to extend and build the UI up. It presently supports watching the event bus and ﬁring commands over Salt. At this time, Halite is not available as a package, but installation documentation is available at: hp://docs.saltstack.com/topics/tutorials/halite.html Halite is, like the rest of Salt, Open Source! Much more will be coming in the future of Halite!</p><p>Salt SSH</p><p>e new salt-ssh command has been added to Salt. is system allows for remote execution and states to be run over ssh. e beneﬁt here being, that salt can run relying only on the ssh agent, rather than requiring a minion to be deployed. e salt-ssh system runs states in a compatible way as Salt and states created and run with salt-ssh can be moved over to a standard salt deployment without modiﬁcation.</p><p>1402 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Since this is the initial release of salt-ssh, there is plenty of room for improvement, but it is fully operational, not just a bootstrap tool.</p><p>Rosters</p><p>Salt is designed to have the minions be aware of the master and the master does not need to be aware of the location of the minions. e new salt roster system was created and designed to facilitate listing the targets for salt-ssh. e roster system, like most of Salt, is a plugin system, allowing for the list of systems to target to be derived from any pluggable backend. e rosters shipping with 0.17.0 are ﬂat and scan. Flat is a ﬁle which is read in via the salt render system and the scan roster does simple network scanning to discover ssh servers.</p><p>State Auto Order</p><p>is is a major change in how states are evaluated in Salt. State Auto Order is a new feature that makes states get evaluated and executed in the order in which they are deﬁned in the sls ﬁle. is feature makes it very easy to see the ﬁnite order in which things will be executed, making Salt now, fully imperative AND fully declarative. e requisite system still takes precedence over the order in which states are deﬁned, so no existing states should break with this change. But this new feature can be turned oﬀ by seing state_auto_order: False in the master conﬁg, thus reverting to the old lexicographical order. state.sls Runner</p><p>e state.sls runner has been created to allow for a more powerful system for orchestrating state runs and function calls across the salt minions. is new system uses the state system for organizing executions. is allows for states to be deﬁned that are executed on the master to call states on minions via salt-run state.sls.</p><p>Salt Thin</p><p>Salt in is an exciting new component of Salt, this is the ability to execute Salt routines without any transport mechanisms installed, it is a pure python subset of Salt. Salt in does not have any networking capability, but can be dropped into any system with Python installed and then salt-call can be called directly. e Salt in system, is used by the salt-ssh command, but can still be used to just drop salt somewhere for easy use.</p><p>Event Namespacing</p><p>Events have been updated to be much more ﬂexible. e tags in events have all been namespaced allowing easier tracking of event names.</p><p>Mercurial Fileserver Backend</p><p>e popular git ﬁleserver backend has been joined by the mercurial ﬁleserver backend, allowing the state tree to be managed entirely via mercurial.</p><p>26.2. Previous Releases 1403 Salt Documentation, Release 2014.7.6</p><p>External Logging Handlers</p><p>e external logging handler system allows for Salt to directly hook into any external logging system. Currently supported are sentry and logstash.</p><p>Jenkins Testing</p><p>e testing systems in Salt have been greatly enhanced, tests for salt are now executed, via jenkins.saltstack.com, across many supported platforms. Jenkins calls out to salt-cloud to create virtual machines on Rackspace, then the minion on the virtual machine checks into the master running on Jenkins where a state run is executed that sets up the minion to run tests and executes the test suite. is now automates the sequence of running platform tests and allows for continuous destructive tests to be run.</p><p>Salt Testing Project</p><p>e testing libraries for salt have been moved out of the main salt code base and into a standalone codebase. is has been done to ease the use of the testing systems being used in salt based projects other than Salt itself.</p><p>StormPath External Authentication</p><p>e external auth system now supports the fantastic Stormpath cloud based authentication system.</p><p>LXC Support</p><p>Extensive additions have been added to Salt for LXC support. is included the backend libs for managing LXC containers. Addition into the salt-virt system is still in the works.</p><p>Mac OS X User/Group Support</p><p>Salt is now able to manage users and groups on Minions running Mac OS X. However, at this time user passwords cannot be managed.</p><p>Django ORM External Pillar</p><p>Pillar data can now be derived from Django managed databases.</p><p>Fixes from RC to release</p><p>• Multiple documentation ﬁxes • Add multiple source ﬁles + templating for file.append (issue 6905) • Support sysctl conﬁguration ﬁles in systemd&gt;=207 (issue 7351) • Add file.search and file.replace • Fix cross-calling execution functions in provider overrides • Fix locale override for postgres (issue 4543)</p><p>1404 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>• Fix Raspbian identiﬁcation for service/pkg support (issue 7371) • Fix cp.push ﬁle corruption (issue 6495) • Fix ALT Linux password hash speciﬁcation (issue 3474) • Multiple salt-ssh-related ﬁxes and improvements</p><p>26.2.48 Salt 0.17.1 Release Notes</p><p> release 2013-10-17</p><p>Note: THIS RELEASE IS NOT COMPATIBLE WITH PREVIOUS VERSIONS. If you update your master to 0.17.1, you must update your minions as well. Sorry for the inconvenience -- this is a result of one of the security ﬁxes listed below.</p><p>e 0.17.1 release comes with a number of improvements to salt-ssh, many bugﬁxes, and a number of security updates. Salt SSH has been improved to be faster, more featureful and more secure. Since the original release of Salt SSH was primarily a proof of concept, it has been very exciting to see its rapid adoption. We appreciate the willingness of security experts to review Salt SSH and help discover oversights and ensure that security issues only exist for such a tiny window of time.</p><p>SSH Enhancements</p><p>Shell Improvements</p><p>Improvements to Salt SSH's communication have been added that improve routine execution regardless of the target system's login shell.</p><p>Performance</p><p>Deployment of routines is now faster and takes fewer commands to execute.</p><p>Security Updates</p><p>Be advised that these security issues all apply to a small subset of Salt users and mostly apply to Salt SSH.</p><p>Insuﬀicient Argument Validation</p><p>is issue allowed for a user with limited privileges to embed executions inside of routines to execute routines that should be restricted. is applies to users using external auth or client ACL and opening up speciﬁc routines. Be advised that these patches address the direct issue. Additional commits have been applied to help mitigate this issue from resurfacing.</p><p>CVE CVE-2013-4435</p><p>26.2. Previous Releases 1405 Salt Documentation, Release 2014.7.6</p><p>Aﬀected Versions</p><p>0.15.0 - 0.17.0</p><p>Pates hps://github.com/saltstack/salt/commit/6d8ef68b605fd63c36bb8ed96122a75ad2e80269 hps://github.com/saltstack/salt/commit/ebdef37b7e5d2b95a01d34b211c61c61da67e46a hps://github.com/saltstack/salt/commit/7f190ﬀ890e47cdd591d9d7cefa5126574660824 hps://github.com/saltstack/salt/commit/8e5afe59cef6743fe5dbd510dcf463dbdfca1ced hps://github.com/saltstack/salt/commit/aca78f314481082862e96d4f0c1b75fa382bb885 hps://github.com/saltstack/salt/commit/6a9752cdb1e8df2c9505ea910434c79d132eb1e2 hps://github.com/saltstack/salt/commit/b73677435ba54ecfc93c1c2d840a7f9ba6f53410 hps://github.com/saltstack/salt/commit/07972eb0a6f985749a55d8d4a2e471596591c80d hps://github.com/saltstack/salt/commit/1e3f197726aa13ac5c3f2416000089f477f489b5</p><p>Found By Feth Arezki, of Majerti</p><p>MITM SSH aack in salt-ssh</p><p>SSH host keys were being accepted by default and not enforced on future SSH connections. ese patches set SSH host key checking by default and can be overridden by passing the -i ﬂag to salt-ssh.</p><p>CVE CVE-2013-4436</p><p>Aﬀected Versions 0.17.0</p><p>Found By Michael Scherer, Red Hat</p><p>Insecure Usage of /tmp in salt-ssh</p><p>e initial release of salt-ssh used the /tmp directory in an insecure way. ese patches not only secure usage of ﬁles under /tmp in salt-ssh, but also add checksum validation for all packages sent into the now secure locations on target systems.</p><p>CVE CVE-2013-4438</p><p>Aﬀected Versions 0.17.0</p><p>Pates hps://github.com/saltstack/salt/commit/aa4bb77ef230758cad84381dde0ec660d2dc340a hps://github.com/saltstack/salt/commit/8f92b6b2cb2e4ec3af8783eb6bf4ﬀ06f5a352cf hps://github.com/saltstack/salt/commit/c58e56811d5a50c908df0597a0ba0b643b45ebfd hps://github.com/saltstack/salt/commit/0359db9b46e47614cﬀ35a66ea6a6a76846885d2 hps://github.com/saltstack/salt/commit/4348392860e0fd43701c331ac3e681cf1a8c17b0 hps://github.com/saltstack/salt/commit/664d1a1cac05602fad2693f6f97092d98a72bf61 hps://github.com/saltstack/salt/commit/bab92775a576e28ﬀ9db262f32db9cf2375bba87 hps://github.com/saltstack/salt/commit/c6d34f1acf64900a3c87a2d37618ﬀ414e5a704e</p><p>1406 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Found By Michael Scherer, Red Hat</p><p>YAML Calling Unsafe Loading Routine</p><p>It has been argued that this is not a valid security issue, as the YAML loading that was happening was only being called aer an initial gateway ﬁlter in Salt has already safely loaded the YAML and would fail if non-safe routines were embedded. Nonetheless, the CVE was ﬁled and patches applied.</p><p>CVE CVE-2013-4438</p><p>Patches hps://github.com/saltstack/salt/commit/339b0a51befae6b6b218ebcb55daa9cd3329a1c5</p><p>Found By Michael Scherer, Red Hat</p><p>Failure to Drop Supplementary Group on Salt Master</p><p>If a salt master was started as a non-root user by the root user, root's groups would still be applied to the running process. is ﬁx changes the process to have only the groups of the running user.</p><p>CVE CVE not considered necessary by submier.</p><p>Aﬀected Versions 0.11.0 - 0.17.0</p><p>Pates hps://github.com/saltstack/salt/commit/b89fa9135822d029795ab1eecd68cce2d1ced715</p><p>Found By Michael Scherer, Red Hat</p><p>Failure to Validate Minions Posting Data</p><p>is issue allowed a minion to pose as another authorized minion when posting data such as the mine data. All minions now pass through the id challenge before posting such data.</p><p>CVE CVE-2013-4439</p><p>Aﬀected Versions 0.15.0 - 0.17.0</p><p>Patches hps://github.com/saltstack/salt/commit/7b850ﬀ3d07ef6782888914ac4556c01e8a1c482 hps://github.com/saltstack/salt/commit/151759b2a1e1c6ce29277aa81b054219147f80fd</p><p>Found By David Anderson</p><p>26.2. Previous Releases 1407 Salt Documentation, Release 2014.7.6</p><p>Fix Reference</p><p>Version 0.17.1 is the ﬁrst bugﬁx release for 0.17.0. e changes include: • Fix symbolic links in thin.tgz (issue 7482) • Pass env through to ﬁle.patch state (issue 7452) • Service provider ﬁxes and reporting improvements (issue 7361) • Add --priv option for specifying salt-ssh private key • Fix salt-thin's salt-call on setuptools installations (issue 7516) • Fix salt-ssh to support passwords with spaces (issue 7480) • Fix regression in wildcard includes (issue 7455) • Fix salt-call outpuer regression (issue 7456) • Fix custom returner support for startup states (issue 7540) • Fix value handling in augeas (issue 7605) • Fix regression in apt (issue 7624) • Fix minion ID guessing to use socket.getfqdn() ﬁrst (issue 7558) • Add minion ID caching (issue 7558) • Fix salt-key race condition (issue 7304) • Add --include-all ﬂag to salt-key (issue 7399) • Fix custom grains in pillar (part of issue 5716, issue 6083) • Fix race condition in salt-key (issue 7304) • Fix regression in minion ID guessing, prioritize socket.getfqdn() (issue 7558) • Cache minion ID on ﬁrst guess (issue 7558) • Allow trailing slash in file.directory state • Fix reporting of ﬁle_roots in pillar return (issue 5449 and issue 5951) • Remove pillar matching for mine.get (issue 7197) • Sanitize args for multiple execution modules • Fix yumpkg mod_repo functions to ﬁlter hidden args (issue 7656) • Fix conﬂicting IDs in state includes (issue 7526) • Fix mysql_grants.absent string formaing issue (issue 7827) • Fix postgres.version so it won't return None (issue 7695) • Fix for trailing slashes in mount.mounted state • Fix rogue AributErrors in the outpuer system (issue 7845) • Fix for incorrect ssh key encodings resulting in incorrect key added (issue 7718) • Fix for pillar/grains naming regression in python renderer (issue 7693) • Fix args/kwargs handling in the scheduler (issue 7422) • Fix logﬁle handling for ﬁle://, tcp:// and udp:// (issue 7754) • Fix error handling in conﬁg ﬁle parsing (issue 6714)</p><p>1408 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>• Fix RVM using sudo when running as non-root user (issue 2193) • Fix client ACL and underlying logging bugs (issue 7706) • Fix scheduler bug with returner (issue 7367) • Fix user management bug related to default groups (issue 7690) • Fix various salt-ssh bugs (issue 7528) • Many various documentation ﬁxes</p><p>26.2.49 Salt 0.17.2 Release Notes</p><p> release 2013-11-14 Version 0.17.2 is another bugﬁx release for 0.17.0. e changes include: • Add ability to delete key with grains.delval (issue 7872) • Fix possible state compiler stack trace (issue 5767) • Fix architecture regression in yumpkg (issue 7813) • Use correct ps on Debian to prevent truncating (issue 5646) • Fix grains targeting for new grains (issue 5737) • Fix bug with merging in git_pillar (issue 6992) • Fix print_jobs duplicate results • Fix apt version speciﬁcation for pkg.install • Fix possible KeyError from ext_job_cache missing option • Fix auto_order for - names states (issue 7649) • Fix regression in new gitfs installs (directory not found error) • Fix escape pipe issue on Windows for ﬁle.recurse (issue 7967) • Fix ﬁleclient in case of master restart (issue 7987) • Try to output warning if CLI command malformed (issue 6538) • Fix --out=quiet to actually be quiet (issue 8000) • Fix for state.sls in salt-ssh (issue 7991) • Fix for MySQL grants ordering issue (issue 5817) • Fix traceback for certain missing CLI args (issue 8016) • Add ability to disable lspci queries on master (issue 4906) • Fail if sls deﬁned in topﬁle does not exist (issue 5998) • Add ability to downgrade MySQL grants (issue 6606) • Fix ssh_auth.absent traceback (issue 8043) • Add upstart detection for Debian/Raspbian (issue 8039) • Fix ID-related issues (issue 8052, issue 8050, and others) • Fix for jinja rendering issues (issue 8066 and issue 8079) • Fix argument parsing in salt-ssh (issue 7928)</p><p>26.2. Previous Releases 1409 Salt Documentation, Release 2014.7.6</p><p>• Fix some GPU detection instances (issue 6945) • Fix bug preventing includes from other environments in SLS ﬁles • Fix for kwargs with dashes (issue 8102) • Fix salt.utils.which for windows `.exe' (issue 7904) • Fix apache.adduser without apachectl (issue 8123) • Fix issue with evaluating test kwarg in states (issue 7788) • Fix regression in salt.client.Caller() (issue 8078) • Fix apt-key silent failure • Fix bug where cmd.script would try to run even if caching failed (issue 7601) • Fix apt pkg.latest regression (issue 8067) • Fix for mine data not being updated (issue 8144) • Fix for noarch packages in yum • Fix a Xen detection edge case (issue 7839) • Fix windows __opts__ dictionary persistence (issue 7714) • Fix version generation for when it's part of another git repo (issue 8090) • Fix _handle_iorder stacktrace so that the real syntax error is shown (issue 8114 and issue 7905) • Fix git.latest state when a commit SHA is used (issue 8163) • Fix various small bugs in yumpkg.py (issue 8201) • Fix for specifying identify ﬁle in git.latest (issue 8094) • Fix for --output-file CLI arg (issue 8205) • Add ability to specify shutdown time for system.shutdown (issue 7833) • Fix for salt version using non-salt git repo info (issue 8266) • Add additional hints at impact of pkgrepo states when test=True (issue 8247) • Fix for salt-ssh ﬁles not being owned by root (issue 8216) • Fix retry logic and error handling in ﬁleserver (related to issue 7755) • Fix ﬁle.replace with test=True (issue 8279) • Add ﬂag for limiting ﬁle traversal in ﬁleserver (issue 6928) • Fix for extra mine processes (issue 5729) • Fix for unloading custom modules (issue 7691) • Fix for salt-ssh opts (issue 8005 and issue 8271) • Fix compound matcher for grains (issue 7944) • Improve error reporting in ebuild module (related to issue 5393) • Add dir_mode to file.managed (issue 7860) • Improve traceroute support for FreeBSD and OS X (issue 4927) • Fix for matching minions under syndics (issue 7671) • Improve exception handling for missing ID (issue 8259)</p><p>1410 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>• Fix grain mismatch for ScientiﬁcLinux (issue 8338) • Add conﬁguration option for minion_id_caching • Fix open mode auth errors (issue 8402)</p><p>26.2.50 Salt 0.17.3 Release Notes</p><p> release 2013-12-08</p><p>Note: 0.17.3 had some regressions which were promptly ﬁxed in the 0.17.4 release. Please use 0.17.4 instead.</p><p>Version 0.17.3 is another bugﬁx release for 0.17.0. e changes include: • Fix some jinja render errors (issue 8418) • Fix file.replace state changing ﬁle ownership (issue 8399) • Fix state ordering with the PyDSL renderer (issue 8446) • Fix for new npm version (issue 8517) • Fix for pip state requiring name even with requirements ﬁle (issue 8519) • Fix yum logging to open terminals (issue 3855) • Add sane maxrunning defaults for scheduler (issue 8563) • Fix states duplicate key detection (issue 8053) • Fix SUSE patch level reporting (issue 8428) • Fix managed ﬁle creation umask (issue 8590) • Fix logstash exception (issue 8635) • Improve argument exception handling for salt command (issue 8016) • Fix pecl success reporting (issue 8750) • Fix launchctl module exceptions (issue 8759) • Fix argument order in pw_user module • Add warnings for failing grains (issue 8690) • Fix hgfs problems caused by connections le open (issue 8811 and issue 8810) • Add Debian iptables default for iptables-persistent package (issue 8889) • Fix installation of packages with dots in pkg name (issue 8614) • Fix noarch package installation on CentOS 6 (issue 8945) • Fix portage_conﬁg.enforce_nice_conﬁg (issue 8252) • Fix salt.util.copyﬁle umask usage (issue 8590) • Fix rescheduling of failed jobs (issue 8941) • Fix pkg on Amazon Linux (uses yumpkg5 now) (issue 8226) • Fix conﬂicting options in postgres module (issue 8717) • Fix ps modules for psutil &gt;= 0.3.0 (issue 7432) • Fix postgres module to return False on failure (issue 8778)</p><p>26.2. Previous Releases 1411 Salt Documentation, Release 2014.7.6</p><p>• Fix argument passing for args with pound signs (issue 8585) • Fix pid of salt CLi command showing in status.pid output (issue 8720) • Fix rvm to run gem as the correct user (issue 8951) • Fix namespace issue in win_ﬁle module (issue 9060) • Fix masterless state paths on windows (issue 9021) • Fix timeout option in master conﬁg (issue 9040)</p><p>26.2.51 Salt 0.17.4 Release Notes</p><p> release 2013-12-10 Version 0.17.4 is another bugﬁx release for 0.17.0. e changes include: • Fix ﬁle.replace bug when replacement str is numeric (issue 9101) • Fix regression in ﬁle.managed (issue 9131) • Prevent traceback when job is None. (issue 9145)</p><p>26.2.52 Salt 0.17.5 Release Notes</p><p> release 2014-01-27 Version 0.17.5 is another bugﬁx release for 0.17.0. e changes include: • Fix user.present states with non-string fullname (issue 9085) • Fix virt.init return value on failure (issue 6870) • Fix reporting of file.blockreplace state when test=True • Fix network.interfaces when used in cron (issue 7990) • Fix bug in pkgrepo when switching to/from mirrorlist-based repo def (issue 9121) • Fix inﬁnite recursion when cache ﬁle is corrupted • Add checking for rev and mirror/bare args in git.latest (issue 9107) • Add cmd.watch alias (points to cmd.wait)(issue 8612) • Fix stacktrace when prereq is not formed as a list (issue 8235) • Fix stdin issue with lvdisplay command (issue 9128) • Add pre-check function for range matcher (issue 9236) • Add exception handling for psutil for processes that go missing (issue 9274) • Allow _in requisites to match both on ID and name (issue 9061) • Fix multiple client timeout issues (issue 7157 and issue 9302, probably others) • Fix ZMQError: Operation cannot be accomplished in current state errors (issue 6306) • Multiple optimization in minion auth routines • Clarify logs for minion ID caching</p><p>1412 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>26.2.53 Salt 0.6.0 release notes</p><p>e Salt remote execution manager has reached initial functionality! Salt is a management application which can be used to execute commands on remote sets of servers. e whole idea behind Salt is to create a system where a group of servers can be remotely controlled from a single master, not only can commands be executed on remote systems, but salt can also be used to gather information about your server environment. Unlike similar systems, like Func and MCollective, Salt is extremely simple to setup and use, the entire application is contained in a single package, and the master and minion daemons require no running dependencies in the way that Func requires Certmaster and MCollective requires activeMQ. Salt also manages authentication and encryption. Rather than using SSL for encryption, salt manages encryption on a payload level, so the data sent across the network is encrypted with fast AES encryption, and authentication uses RSA keys. is means that Salt is fast, secure, and very eﬃcient. Messaging in Salt is executed with ZeroMQ, so the message passing interface is built into salt and does not require an external ZeroMQ server. is also adds speed to Salt since there is no additional bloat on the networking layer, and ZeroMQ has already proven itself as a very fast networking system. e remote execution in Salt is ``Lazy Execution'', in that once the command is sent the requesting network connec- tion is closed. is makes it easier to detach the execution from the calling process on the master, it also means that replies are cached, so that information gathered from historic commands can be queried in the future. Salt also allows users to make execution modules in Python. Writers of these modules should also be pleased to know that they have access to the impressive information gathered from PuppetLabs' Facter application, making Salt module more ﬂexible. In the future I hope to also allow Salt to group servers based on Facter information as well. All in all Salt is fast, eﬃcient and clean, can be used from a simple command line client or through an API, uses message queue technology to make network execution extremely fast, and encryption is handled in a very fast and eﬃcient manner. Salt is also VERY easy to use and VERY easy to extend. You can ﬁnd the source code for Salt on my GitHub page, I have also set up a few wiki pages explaining how to use and set up Salt. If you are using Arch Linux there is a package available in the Arch Linux AUR. Salt 0.6.0 Source: hps://cloud.github.com/downloads/saltstack/salt/salt-0.6.0.tar.gz GitHub page: hps://github.com/saltstack/salt Wiki: hps://github.com/saltstack/salt/wiki Arch Linux Package: hps://aur.archlinux.org/packages/salt-git/ I am very open to contributions, for instance I need packages for more Linux distributions as well as BSD packages and testers. Give Salt a try, this is the initial release and is not a 1.0 quality release, but it has been working well for me! I am eager to get your feedback!</p><p>26.2.54 Salt 0.7.0 release notes</p><p>I am pleased to announce the release of Salt 0.7.0! is release marks what is the ﬁrst stable release of salt, 0.7.0 should be suitable for general use. 0.7.0 Brings the following new features to Salt: • Integration with Facter data from puppet labs • Allow for matching minions from the salt client via Facter information</p><p>26.2. Previous Releases 1413 Salt Documentation, Release 2014.7.6</p><p>• Minion job threading, many jobs can be executed from the master at once • Preview of master clustering support - Still experimental • Introduce new minion modules for stats, virtualization, service management and more • Add extensive logging to the master and minion daemons • Add sys.reload_functions for dynamic function reloading • Greatly improve authentication • Introduce the saltkey command for managing public keys • Begin backend development preparatory to introducing buer • Addition of man pages for the core commands • Extended and cleaned conﬁguration 0.7.0 Fixes the following major bugs: • Fix crash in minions when matching failed • Fix conﬁguration ﬁle lookups for the local client • Repair communication bugs in encryption • Numerous ﬁxes in the minion modules e next release of Salt should see the following features: • Stabilize the cluster support • Introduce a remote client for salt command tiers • salt-p system for distributed ﬁle copies • Initial support for ``buer'' Coming up next is a higher level management framework for salt called Buer. I want salt to stay as a simple and eﬀective communication framework, and allow for more complicated executions to be managed via Buer. Right now Buer is being developed to act as a cloud controller using salt as the communication layer, but features like system monitoring and advanced conﬁguration control (a puppet manager) are also in the pipe. Special thanks to Joseph Hall for the status and network modules, and thanks to Mahias Teege for tracking down some conﬁguration bugs! Salt can be downloaded from the following locations; Source Tarball: hps://cloud.github.com/downloads/saltstack/salt/salt-0.7.0.tar.gz Arch Linux Package: hps://aur.archlinux.org/packages/salt-git/ Please enjoy the latest Salt release!</p><p>26.2.55 Salt 0.8.0 release notes</p><p>Salt 0.8.0 is ready for general consumption! e source tarball is available on GitHub for download: hps://cloud.github.com/downloads/saltstack/salt/salt-0.8.0.tar.gz</p><p>1414 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>A lot of work has gone into salt since the last release just 2 weeks ago, and salt has improved a great deal. A swath of new features are here along with performance and threading improvements! e main new features of salt 0.8.0 are: Salt-cp Cython minion modules Dynamic returners Faster return handling Lowered required Python version to 2.6 Advanced minion threading Conﬁgurable minion modules</p><p>Salt-cp</p><p>e salt-cp command introduces the ability to copy simple ﬁles via salt to targeted servers. Using salt-cp is very simple, just call salt-cp with a target speciﬁcation, the source ﬁle(s) and where to copy the ﬁles on the minions. For instance: # salt-cp ‘*’ /etc/hosts /etc/hosts Will copy the local /etc/hosts ﬁle to all of the minions. Salt-cp is very young, in the future more advanced features will be added, and the functionality will much more closely resemble the cp command.</p><p>Cython minion modules</p><p>Cython is an amazing tool used to compile Python modules down to c. is is arguably the fastest way to run Python code, and since pyzmq requires cython, adding support to salt for cython adds no new dependencies. Cython minion modules allow minion modules to be wrien in cython and therefore executed in compiled c. Simply write the salt module in cython and use the ﬁle extension “.pyx” and the minion module will be compiled when the minion is started. An example cython module is included in the main distribution called cytest.pyx: hps://github.com/saltstack/salt/blob/develop/salt/modules/cytest.pyx</p><p>Dynamic Returners</p><p>By default salt returns command data back to the salt master, but now salt can return command data to any system. is is enabled via the new returners modules feature for salt. e returners modules take the return data and sends it to a speciﬁc module. e returner modules work like minion modules, so any returner can be added to the minions. is means that a custom data returner can be added to communicate the return data so anything from MySQL, Redis, MongoDB and more! ere are 2 simple stock returners in the returners directory: hps://github.com/saltstack/salt/blob/develop/salt/returners e documentation on writing returners will be added to the wiki shortly, and returners can be wrien in pure Python, or in cython.</p><p>26.2. Previous Releases 1415 Salt Documentation, Release 2014.7.6</p><p>Configurable Minion Modules</p><p>Minion modules may need to be conﬁgured, now the options passed to the minion conﬁguration ﬁle can be accessed inside of the minion modules via the __opt__ dict. Information on how to use this simple addition has been added to the wiki: Writing modules e test module has an example of using the __opts__ dict, and how to set default options: hps://github.com/saltstack/salt/blob/develop/salt/modules/test.py</p><p>Advanced Minion Threading</p><p>In 0.7.0 the minion would block aer receiving a command from the master, now the minion will spawn a thread or multiprocess. By default Python threads are used because for general use they have proved to be faster, but the minion can now be conﬁgured to use the Python multiprocessing module instead. Using multiprocessing will cause executions that are CPU bound or would otherwise exploit the negative aspects of the Python GIL to run faster and more reliably, but simple calls will still be faster with Python threading. e conﬁguration option can be found in the minion conﬁguration ﬁle: hps://github.com/saltstack/salt/blob/develop/conf/minion</p><p>Lowered Supported Python to 2.6</p><p>e requirement for Python 2.7 has been removed to support Python 2.6. I have received requests to take the minimum Python version back to 2.4, but unfortunately this will not be possible, since the ZeroMQ Python bindings do not support Python 2.4. Salt 0.8.0 is a very major update, it also changes the network protocol slightly which makes communication with older salt daemons impossible, your master and minions need to be upgraded together! I could use some help bringing salt to the people! Right now I only have packages for Arch Linux, Fedora 14 and Gentoo. We need packages for Debian and people willing to help test on more platforms. We also need help writing more minion modules and returner modules. If you want to contribute to salt please hop on the mailing list and send in patches, make a fork on GitHub and send in pull requests! If you want to help but are not sure where you can, please email me directly or post tot he mailing list! I hope you enjoy salt, while it is not yet 1.0 salt is completely viable and usable! -omas S. Hatch</p><p>26.2.56 Salt 0.8.7 release notes</p><p>It has been a month since salt 0.8.0, and it has been a long month! But Salt is still coming along strong. 0.8.7 has a lot of changes and a lot of updates. is update makes Salt’s ZeroMQ back end beer, strips Facter from the dependencies, and introduces interfaces to handle more capabilities. Many of the major updates are in the background, but the changes should shine through to the surface. A number of the new features are still a lile thin, but the back end to support expansion is in place. I also recently gave a presentation to the Utah Python users group in Salt Lake City, the slides from this presentation are available here: hps://cloud.github.com/downloads/saltstack/salt/Salt.pdf e video from this presentation will be available shortly. e major new features and changes in Salt 0.8.7 are: • Revamp ZeroMQ topology on the master for beer scalability</p><p>1416 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>• State enforcement • Dynamic state enforcement managers • Extract the module loader into salt.loader • Make Job ids more granular • Replace Facter functionality with the new salt grains interface • Support for “virtual” salt modules • Introduce the salt-call command • Beer debugging for minion modules e new ZeroMQ topology allows for beer scalability, this will be required by the need to execute massive ﬁle transfers to multiple machines in parallel and state management. e new ZeroMQ topology is available in the aforementioned presentation. 0.8.7 introduces the capability to declare states, this is similar to the capabilities of Puppet. States in salt are declared via state data structures. is system is very young, but the core feature set is available. Salt states work around rendering ﬁles which represent Salt high data. More on the Salt state system will be documented in the near future. e system for loading salt modules has been pulled out of the minion class to be a standalone module, this has enabled more dynamic loading of Salt modules and enables many of the updates in 0.8.7 – hps://github.com/saltstack/salt/blob/develop/salt/loader.py Salt Job ids are now microsecond precise, this was needed to repair a race condition unveiled by the speed improve- ments in the new ZeroMQ topology. e new grains interface replaces the functionality of Facter, the idea behind grains diﬀers from Facter in that the grains are only used for static system data, dynamic data needs to be derived from a call to a salt module. is makes grains much faster to use, since the grains data is generated when the minion starts. Virtual salt modules allows for a salt module to be presented as something other than its module name. e idea here is that based on information from the minion decisions about which module should be presented can be made. e best example is the pacman module. e pacman module will only load on Arch Linux minions, and will be called pkg. Similarly the yum module will be presented as pkg when the minion starts on a Fedora/RedHat system. e new salt-call command allows for minion modules to be executed from the minion. is means that on the minion a salt module can be executed, this is a great tool for testing Salt modules. e salt-call command can also be used to view the grains data. In previous releases when a minion module threw an exception very lile data was returned to the master. Now the stack trace from the failure is returned making debugging of minion modules MUCH easier. Salt is nearing the goal of 1.0, where the core feature set and capability is complete! Salt 0.8.7 can be downloaded from GitHub here: hps://cloud.github.com/downloads/saltstack/salt/salt-0.8.7.tar.gz -omas S Hatch</p><p>26.2.57 Salt 0.8.8 release notes</p><p>Salt 0.8.8 is here! is release adds a great deal of code and some serious new features. e latest release can be downloaded here: hps://cloud.github.com/downloads/saltstack/salt/salt-0.8.8.tar.gz Improved Documentation has been set up for salt using sphinx thanks to the eﬀorts of Seth House. is new doc- umentation system will act as the back end to the salt website which is still under heavy development. e new sphinx documentation system has also been used to greatly clean up the salt manpages. e salt 7 manpage in par- ticular now contains extensive information which was previously only in the wiki. e new documentation can be</p><p>26.2. Previous Releases 1417 Salt Documentation, Release 2014.7.6 found at: hp://docs.saltstack.com/ We still have a lot to add, and when the domain is set up I will post another announcement. More additions have been made to the ZeroMQ setup, particularly in the realm of ﬁle transfers. Salt 0.8.8 introduces a built in, stateless, encrypted ﬁle server which allows salt minions to download ﬁles from the salt master using the same encryption system used for all other salt communications. e main motivation for the salt ﬁle server has been to facilitate the new salt state system. Much of the salt code has been cleaned up and a new cleaner logging system has been introduced thanks to the eﬀorts of Pedro Algarvio. ese additions will allow for much more ﬂexible logging to be executed by salt, and ﬁxed a great deal of my poor spelling in the salt docstrings! Pedro Algarvio has also cleaned up the API, making it easier to embed salt into another application. e biggest addition to salt found in 0.8.8 is the new state system. e salt module system has received a new front end which allows salt to be used as a conﬁguration management system. e conﬁguration management system allows for system conﬁguration to be deﬁned in data structures. e conﬁguration management system, or as it is called in salt, the “salt state system” supports many of the features found in other conﬁguration managers, but allows for system states to be wrien in a far simpler format, executes at blazing speeds, and operates via the salt minion matching system. e state system also operates within the normal scope of salt, and requires no additional conﬁguration to use. e salt state system can enforce the following states with many more to come: Packages Files Services Executing commands Hosts e system used to deﬁne the salt states is based on a data structure, the data structure used to deﬁne the salt states has been made to be as easy to use as possible. e data structure is deﬁned by default using a YAML ﬁle rendered via a Jinja template. is means that the state deﬁnition language supports all of the data structures that YAML supports, and all of the programming constructs and logic that Jinja supports. If the user does not like YAML or Jinja the states can be deﬁned in yaml-mako, json-jinja, or json-mako. e system used to render the states is completely dynamic, and any rendering system can be added to the capabilities of Salt, this means that a rendering system that renders XML data in a cheetah template, or whatever you can imagine, can be easily added to the capabilities of salt. e salt state system also supports isolated environments, as well as matching code from several environments to a single salt minion. e feature base for Salt has grown quite a bit since my last serious documentation push. As we approach 0.9.0 the goals are becoming very clear, and the documentation needs a lot of work. e main goals for 0.9.0 are to further reﬁne the state system, ﬁx any bugs we ﬁnd, get Salt running on as many platforms as we can, and get the documentation ﬁlled out. ere is a lot more to come as Salt moves forward to encapsulate a much larger scope, while maintaining supreme usability and simplicity. If you would like a more complete overview of Salt please watch the Salt presentation: Slides: hps://cloud.github.com/downloads/saltstack/salt/Salt.pdf -omas S Hatch</p><p>26.2.58 Salt 0.8.9 Release Notes</p><p>Salt 0.8.9 has ﬁnally arrived! Unfortunately this is much later than I had hoped to release 0.8.9, life has been very crazy over the last month. But despite challenges, Salt has moved forward! is release, as expected, adds few new features and many reﬁnements. One of the most exciting aspect of this release is that the development community for salt has grown a great deal and much of the code is from contributors. Also, I have ﬁlled out the documentation a great deal. So information on States is properly documented, and much of the documentation that was out of date has been ﬁlled in.</p><p>1418 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Download!</p><p>e Salt source can be downloaded from the salt GitHub site: hps://cloud.github.com/downloads/saltstack/salt/salt-0.8.9.tar.gz Or from PyPI: hps://pypi.python.org/packages/source/s/salt/salt-0.8.9.tar.gz Here s the md5sum: 7d5aca4633bc22f59045f59e82f43b56 For instructions on how to set up Salt please see the Installation instructions.</p><p>New Features</p><p>Salt Run</p><p>A big feature is the addition of Salt run, the salt-run command allows for master side execution modules to be made that gather speciﬁc information or execute custom routines from the master. Documentation for salt-run can be found here</p><p>Refined Outpuers</p><p>One problem oen complained about in salt was the fact that the output was so messy. anks to help from Jeﬀ Schroeder a cleaner interface for the command output for the Salt CLI has been made. is new interface makes adding new printout formats easy and additions to the capabilities of minion modules makes it possible to set the printout mode or outputter for functions in minion modules.</p><p>Cross Calling Salt Modules</p><p>Salt modules can now call each other, the __salt__ dict has been added to the predeﬁned references in minion modules. is new feature is documented in the modules documentation.</p><p>Watch Option Added to Salt State System</p><p>Now in Salt states you can set the watch option, this will allow watch enabled states to change based on a change in the other deﬁned states. is is similar to subscribe and notify statements in puppet.</p><p>Root Dir Option</p><p>Travis Cline has added the ability to deﬁne the option root_dir which allows the salt minion to operate in a subdir. is is a strong move in supporting the minion running as an unprivileged user</p><p>Config Files Defined in Variables</p><p>anks again to Travis Cline, the master and minion conﬁguration ﬁle locations can be deﬁned in environment variables now.</p><p>26.2. Previous Releases 1419 Salt Documentation, Release 2014.7.6</p><p>New Modules</p><p>ite a few new modules, states, returners and runners have been made.</p><p>New Minion Modules apt Support for apt-get has been added, this adds greatly improved Debian and Ubuntu support to Salt! useradd and groupadd Support for manipulating users and groups on Unix-like systems. moosefs Initial support for reporting on aspects of the distributed ﬁle system, MooseFS. For more information on MooseFS please see: hp://www.moosefs.org anks to Joseph Hall for his work on MooseFS support. mount Manage mounts and the fstab. puppet Execute puppet on remote systems. shadow Manipulate and manage the user password ﬁle. ssh Interact with ssh keys.</p><p>New States user and group Support for managing users and groups in Salt States. mount Enforce mounts and the fstab.</p><p>New Returners mongo_return Send the return information to a MongoDB server.</p><p>New Runners manage Display minions that are up or down.</p><p>26.2.59 Salt 0.9.0 Release Notes</p><p> release 2011-08-27 Salt 0.9.0 is here. is is an exciting release, 0.9.0 includes the new network topology features allowing peer salt commands and masters of masters via the syndic interface. 0.9.0 also introduces many more modules, improvements to the API and improvements to the ZeroMQ systems.</p><p>1420 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Download!</p><p>e Salt source can be downloaded from the salt GitHub site: hps://cloud.github.com/downloads/saltstack/salt/salt-0.9.0.tar.gz Or from PyPI: hps://pypi.python.org/packages/source/s/salt/salt-0.9.0.tar.gz Here is the md5sum: 9a925da04981e65a0f237f2e77ddab37 For instructions on how to set up Salt please see the Installation instructions.</p><p>New Features</p><p>Salt Syndic</p><p>e new Syndic interface allows a master to be commanded via another higher level salt master. is is a powerful solution allowing a master control structure to exist, allowing salt to scale to much larger levels then before.</p><p>Peer Communication</p><p>0.9.0 introduces the capability for a minion to call a publication on the master and receive the return from another set of minions. is allows salt to act as a communication channel between minions and as a general infrastructure message bus. Peer communication is turned oﬀ by default but can be enabled via the peer option in the master conﬁguration ﬁle. Documentation on the new Peer interface.</p><p>Easily Extensible API</p><p>e minion and master classes have been redesigned to allow for specialized minion and master servers to be easily created. An example on how this is done for the master can be found in the master.py salt module: hps://github.com/saltstack/salt/blob/develop/salt/master.py e Master class extends the SMaster class and set up the main master server. e minion functions can now also be easily added to another application via the SMinion class, this class can be found in the minion.py module: hps://github.com/saltstack/salt/blob/develop/salt/minion.py</p><p>Cleaner Key Management</p><p>is release changes some of the key naming to allow for multiple master keys to be held based on the type of minion gathering the master key. e -d option has also been added to the salt-key command allowing for easy removal of accepted public keys. e --gen-keys option is now available as well for salt-key, this allows for a salt speciﬁc RSA key pair to be easily generated from the command line.</p><p>26.2. Previous Releases 1421 Salt Documentation, Release 2014.7.6</p><p>Improved 0MQ Master Workers</p><p>e 0MQ worker system has been further reﬁned to be faster and more robust. is new system has been able to handle a much larger load than the previous setup. e new system uses the IPC protocol in 0MQ instead of TCP.</p><p>New Modules</p><p>ite a few new modules have been made.</p><p>New Minion Modules apae Work directly with apache servers, great for managing balanced web servers cron Read out the contents of a systems crontabs mdadm Module to manage raid devices in Linux, appears as the raid module mysql Gather simple data from MySQL databases ps Extensive utilities for managing processes publish Used by the peer interface to allow minions to make publications</p><p>26.2.60 Salt 0.9.1 Release Notes</p><p> release 2011-08-29</p><p>26.2.61 Salt 0.9.2 Release Notes</p><p> release 2011-09-17 Salt 0.9.2 has arrived! 0.9.2 is primarily a bugﬁx release, the exciting component in 0.9.2 is greatly improved support for salt states. All of the salt states interfaces have been more thoroughly tested and the new salt-states git repo is growing with example of how to use states. is release introduces salt states for early developers and testers to start helping us clean up the states interface and make it ready for the world! 0.9.2 also ﬁxes a number of bugs found on Python 2.6.</p><p>Download!</p><p>e Salt source can be downloaded from the salt GitHub site: hps://cloud.github.com/downloads/saltstack/salt/salt-0.9.2.tar.gz Or from PyPI: hps://pypi.python.org/packages/source/s/salt/salt-0.9.2.tar.gz</p><p>1422 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>For instructions on how to set up Salt please see the Installation instructions.</p><p>New Features</p><p>Salt-Call Additions</p><p>e salt-call command has received an overhaul, it now hooks into the outpuer system so command output looks clean, and the logging system has been hooked into salt-call, so the -l option allows the logging output from salt minion functions to be displayed. e end result is that the salt-call command can execute the state system and return clean output:</p><p># salt-call state.highstate</p><p>State System Fixes</p><p>e state system has been tested and beer reﬁned. As of this release the state system is ready for early testers to start playing with. If you are interested in working with the state system please check out the (still very small) salt-states GitHub repo: hps://github.com/saltstack/salt-states is git repo is the active development branch for determining how a clean salt-state database should look and act. Since the salt state system is still very young a lot of help is still needed here. Please fork the salt-states repo and help us develop a truly large and scalable system for conﬁguration management!</p><p>Notable Bug Fixes</p><p>Python 2.6 String Formaing</p><p>Python 2.6 does not support format strings without an index identiﬁer, all of them have been repaired.</p><p>Cython Loading Disabled by Default</p><p>Cython loading requires a development tool chain to be installed on the minion, requiring this by default can cause problems for most Salt deployments. If Cython auto loading is desired it will need to be turned on in the minion conﬁg.</p><p>26.2.62 Salt 0.9.3 Release Notes</p><p> release 2011-11-05 Salt 0.9.3 is ﬁnally arrived. is is another big step forward for Salt, new features range from proper FreeBSD support to ﬁxing issues seen when aaching a minion to a master over the Internet. e biggest improvements in 0.9.3 though can be found in the state system, it has progressed from something ready for early testers to a system ready to compete with platforms such as Puppet and Chef. e backbone of the state system has been greatly reﬁned and many new features are available.</p><p>26.2. Previous Releases 1423 Salt Documentation, Release 2014.7.6</p><p>Download!</p><p>e Salt source can be downloaded from the salt GitHub site: hps://cloud.github.com/downloads/saltstack/salt/salt-0.9.3.tar.gz Or from PyPI: hps://pypi.python.org/packages/source/s/salt/salt-0.9.3.tar.gz For instructions on how to set up Salt please see the Installation instructions.</p><p>New Features</p><p>WAN Support</p><p>Recently more people have been testing Salt minions connecting to Salt Masters over the Internet. It was found that Minions would commonly loose their connection to the master when working over the internet. e minions can now detect if the connection has been lost and reconnect to the master, making WAN connections much more reliable.</p><p>State System Fixes</p><p>Substantial testing has gone into the state system and it is ready for real world usage. A great deal has been added to the documentation for states and the modules and functions available to states have been cleanly documented. A number of State System bugs have also been founds and repaired, the output from the state system has also been reﬁned to be extremely clear and concise. Error reporting has also been introduced, issues found in sls ﬁles will now be clearly reported when executing Salt States.</p><p>Extend Declaration</p><p>e Salt States have also gained the extend declaration. is declaration allows for states to be cleanly modiﬁed in a post environment. Simply said, if there is an apache.sls ﬁle that declares the apache service, then another sls can include apache and then extend it: include: - apache extend: apache: service: - require: - pkg: mod_python mod_python: pkg: - installed</p><p>e notable behavior with the extend functionality is that it literally extends or overwrites a declaration set up in another sls module. is means that Salt will behave as though the modiﬁcations were made directly to the apache sls. is ensures that the apache service in this example is directly tied to all requirements.</p><p>1424 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Highstate Structure Specification</p><p>is release comes with a clear speciﬁcation of the Highstate data structure that is used to declare Salt States. is speciﬁcation explains everything that can be declared in the Salt SLS modules. e speciﬁcation is extremely simple, and illustrates how Salt has been able to fulﬁll the requirements of a central conﬁguration manager within a simple and easy to understand format and speciﬁcation.</p><p>SheBang Renderer Switch</p><p>It came to our aention that having many renderers means that there may be a situation where more than one State Renderer should be available within a single State Tree. e method chosen to accomplish this was something already familiar to developers and systems administrators, a SheBang. e Python State Renderer displays this new capability.</p><p>Python State Renderer</p><p>Until now Salt States could only be declared in yaml or json using Jinja or Mako. A new, very powerful, renderer has been added, making it possible to write Salt States in pure Python:</p><p>#!py def run(): ''' Install the python-mako package ''' return {'include':['python'], 'python-mako':{'pkg':['installed']}}</p><p>is renderer is used by making a run function that returns the Highstate data structure. Any capabilities of Python can be used in pure Python sls modules. is example of a pure Python sls module is the same as this example in yaml: include: - python python-mako: pkg: - installed</p><p>FreeBSD Support</p><p>Additional support has been added for FreeBSD, this is Salt's ﬁrst branch out of the Linux world and proves the viability of Salt on non-Linux platforms. Salt remote execution already worked on FreeBSD, and should work without issue on any Unix-like platform. But this support comes in the form of package management and user support, so Salt States also work on FreeBSD now. e new freebsdpkg module provides package management support for FreeBSD and the new pw_user and pw_group provide user and group management.</p><p>26.2. Previous Releases 1425 Salt Documentation, Release 2014.7.6</p><p>Module and State Additions</p><p>Cron Support</p><p>Support for managing the system crontab has been added, declaring a cron state can be done easily: date &gt; /tmp/datestamp: cron: - present - user: fred - minute: 5 - hour: 3</p><p>File State Additions</p><p>e ﬁle state has been given a number of new features, primarily the directory, recurse, symlink and absent functions. ﬁle.directory Make sure that a directory exists and has the right permissions.</p><p>/srv/foo: file: - directory - user: root - group: root - mode: 1755</p><p>ﬁle.symlink Make a symlink.</p><p>/var/lib/www: file: - symlink - target: /srv/www - force: True</p><p>ﬁle.recurse e recurse state function will recursively download a directory on the master ﬁle server and place it on the minion. Any change in the ﬁles on the master will be pushed to the minion. e recurse function is very powerful and has been tested by pushing out the full Linux kernel source.</p><p>/opt/code: file: - recurse - source: salt://linux</p><p>ﬁle.absent Make sure that the ﬁle is not on the system, recursively deletes directories, ﬁles and symlinks.</p><p>/etc/httpd/conf.d/somebogusfile.conf: file: - absent</p><p>Sysctl Module and State</p><p>e sysctl module and state allows for sysctl components in the kernel to be managed easily. the sysctl module contains the following functions: sysctl.show Return a list of sysctl parameters for this minion</p><p>1426 Chapter 26. Release notes Salt Documentation, Release 2014.7.6 sysctl.get Return a single sysctl parameter for this minion sysctl.assign Assign a single sysctl parameter for this minion sysctl.persist Assign and persist a simple sysctl parameter for this minion e sysctl state allows for sysctl parameters to be assigned: vm.swappiness: sysctl: - present - value: 20</p><p>Kernel Module Management</p><p>A module for managing Linux kernel modules has been added. e new functions are as follows: kmod.available Return a list of all available kernel modules kmod.e_available Check to see if the speciﬁed kernel module is available kmod.lsmod Return a dict containing information about currently loaded modules kmod.load Load the speciﬁed kernel module kmod.remove Unload the speciﬁed kernel module e kmod state can enforce modules be either present or absent: kvm_intel: kmod: - present</p><p>Ssh Authorized Keys</p><p>e ssh_auth state can distribute ssh authorized keys out to minions. Ssh authorized keys can be present or absent.</p><p>AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyYvlRBsJdDOo49CNfhlWHWXQRqul6rwL4KIuPrhY7hBw0tV7UNC7J9IZRNO4iGod9C+OYutuWGJ2x5YNf7P4uGhH9AhBQGQ4LKOLxhDyT1OrDKXVFw3wgY3rHiJYAbd1PXNuclJHOKL27QZCRFjWSEaSrUOoczvAAAAFQD9d4jp2dCJSIseSkk4Lez3LqFcqQAAAIAmovHIVSrbLbXAXQE8eyPoL9x5C+x2GRpEcA7AeMH6bGx/xw6NtnQZVMcmZIre5Elrw3OKgxcDNomjYFNHuOYaQLBBMosyO++tJe1KTAr3A2zGj2xbWO9JhEzu8xvSdF8jRu0N5SRXPpzSyU4o1WGIPLVZSeSq1VFTHRT4lXB7PQAAAIBXUz6ZO0bregF5xtJRuxUN583HlfQkXvxLqHAGY8WSEVlTnuG/x75wolBDbVzeTlxWxgxhafj7P6Ncdv25Wz9wvc6ko/puww0b3rcLNqK+XCNJlsM/7lB8Q26iK5mRZzNsGeGwGTyzNIMBekGYQ5MRdIcPv5dBIP/1M6fQDEsAXQ==: ssh_auth: - present - user: frank - enc: dsa - comment: 'Frank's key'</p><p>26.2.63 Salt 0.9.4 Release Notes</p><p> release 2011-11-27 Salt 0.9.4 has arrived. is is a critical update that repairs a number of key bugs found in 0.9.3. But this update is not without feature additions as well! 0.9.4 adds support for Gentoo portage to the pkg module and state system. Also there are 2 major new state additions, the failhard option and the ability to set up ﬁnite state ordering with the order option. is release also sees our largest increase in community contributions. ese contributors have and continue to be the life blood of the Salt project, and the team continues to grow. I want to put out a big thanks to our new and existing contributors.</p><p>26.2. Previous Releases 1427 Salt Documentation, Release 2014.7.6</p><p>Download!</p><p>e Salt source can be downloaded from the salt GitHub site: hps://cloud.github.com/downloads/saltstack/salt/salt-0.9.4.tar.gz Or from PyPI: hps://pypi.python.org/packages/source/s/salt/salt-0.9.4.tar.gz For instructions on how to set up Salt please see the Installation instructions.</p><p>New Features</p><p>Failhard State Option</p><p>Normally, when a state fails Salt continues to execute the remainder of the deﬁned states and will only refuse to execute states that require the failed state. But the situation may exist, where you would want all state execution to stop if a single state execution fails. e capability to do this is called failing hard.</p><p>State Level Failhard A single state can have a failhard set, this means that if this individual state fails that all state execution will immediately stop. is is a great thing to do if there is a state that sets up a critical conﬁg ﬁle and seing a require for each state that reads the conﬁg would be cumbersome. A good example of this would be seing up a package manager early on:</p><p>/etc/yum.repos.d/company.repo: file: - managed - source: salt://company/yumrepo.conf - user: root - group: root - mode: 644 - order: 1 - failhard: True</p><p>In this situation, the yum repo is going to be conﬁgured before other states, and if it fails to lay down the conﬁg ﬁle, than no other states will be executed.</p><p>Global Failhard It may be desired to have failhard be applied to every state that is executed, if this is the case, then failhard can be set in the master conﬁguration ﬁle. Seing failhard in the master conﬁguration ﬁle will result in failing hard when any minion gathering states from the master have a state fail. is is NOT the default behavior, normally Salt will only fail states that require a failed state. Using the global failhard is generally not recommended, since it can result in states not being executed or even checked. It can also be confusing to see states failhard if an admin is not actively aware that the failhard has been set. To use the global failhard set failhard: True in the master conﬁguration</p><p>1428 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Finite Ordering of State Execution</p><p>When creating salt sls ﬁles, it is oen important to ensure that they run in a speciﬁc order. While states will always execute in the same order, that order is not necessarily deﬁned the way you want it. A few tools exist in Salt to set up the correct state ordering, these tools consist of requisite declarations and order options.</p><p>e Order Option Before using the order option, remember that the majority of state ordering should be done with requisite statements, and that a requisite statement will override an order option. e order option is used by adding an order number to a state declaration with the option order:</p><p> vim: pkg: - installed - order: 1</p><p>By adding the order option to 1 this ensures that the vim package will be installed in tandem with any other state declaration set to the order 1. Any state declared without an order option will be executed aer all states with order options are executed. But this construct can only handle ordering states from the beginning. Sometimes you may want to send a state to the end of the line, to do this set the order to last:</p><p> vim: pkg: - installed - order: last</p><p>Substantial testing has gone into the state system and it is ready for real world usage. A great deal has been added to the documentation for states and the modules and functions available to states have been cleanly documented. A number of State System bugs have also been founds and repaired, the output from the state system has also been reﬁned to be extremely clear and concise. Error reporting has also been introduced, issues found in sls ﬁles will now be clearly reported when executing Salt States.</p><p>Gentoo Support</p><p>Additional experimental support has been added for Gentoo. is is found in the contribution from Doug Renn, aka nestegg.</p><p>26.2.64 Salt 0.9.5 Release Notes</p><p> release 2012-01-15 Salt 0.9.5 is one of the largest steps forward in the development of Salt. 0.9.5 comes with many milestones, this release has seen the community of developers grow out to an international team of 46 code contributors and has many feature additions, feature enhancements, bug ﬁxes and speed improve- ments.</p><p>26.2. Previous Releases 1429 Salt Documentation, Release 2014.7.6</p><p>Warning: Be sure to read the upgrade instructions about the switch to msgpack before upgrading!</p><p>Community</p><p>Nothing has proven to have more value to the development of Salt that the outstanding community that has been growing at such a great pace around Salt. is has proven not only that Salt has great value, but also the expandability of Salt is as exponential as I originally intended. 0.9.5 has received over 600 additional commits since 0.9.4 with a swath of new commiers. e following individuals have contributed to the development of 0.9.5: • Aaron Bull Schaefer • Ani Kaihola • Bas Tichelaar • Brad Barden • Brian Wagner • Byron Clark • Chris Scheller • Christer Edwards • Clint Savage • Corey inn • David Boucha • Eivind Uggedal • Eric Poelke • Evan Borgstrom • Jed Glazner • Jeﬀ Schroeder • Jeﬀrey C. Ollie • Jonas Buckner • Kent Tenney • Martin Schnabel • Maxim Burgerhout • Mitch Anderson • Nathaniel Whiteinge • Seth House • omas S Hatch • omas Schreiber • Tor Hveem • lzyeval</p><p>1430 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>• syphernl is makes 21 new developers since 0.9.4 was released! To keep up with the growing community follow Salt on Ohloh (hp://www.ohloh.net/p/salt), to join the Salt devel- opment community, fork Salt on Github, and get coding (hps://github.com/saltstack/salt)!</p><p>Major Features</p><p>SPEED! Pickle to msgpack</p><p>For a few months now we have been talking about moving away from Python pickles for network serialization, but a preferred serialization format had not yet been found. Aer an extensive performance testing period involving everything from JSON to protocol buﬀers, a clear winner emerged. Message Pack (hp://msgpack.org/) proved to not only be the fastest and most compact, but also the most ``salt like''. Message Pack is simple, and the code involved is very small. e msgpack library for Python has been added directly to Salt. is move introduces a few changes to Salt. First oﬀ, Salt is no longer a ``noarch'' package, since the msgpack lib is wrien in C. Salt 0.9.5 will also have compatibility issues with 0.9.4 with the default conﬁguration. We have gone through great lengths to avoid backwards compatibility issues with Salt, but changing the serialization medium was going to create issues regardless. Salt 0.9.5 is somewhat backwards compatible with earlier minions. A 0.9.5 master can command older minions, but only if the serial conﬁg value in the master is set to pickle. is will tell the master to publish messages in pickle format and will allow the master to receive messages in both msgpack and pickle formats. erefore the suggested methods for upgrading are either to just upgrade everything at once, or: 1. Upgrade the master to 0.9.5 2. Set serial to pickle in the master conﬁg 3. Upgrade the minions 4. Remove the serial option from the master conﬁg Since pickles can be used as a security exploit the ability for a master to accept pickles from minions at all will be removed in a future release.</p><p>C Bindings for YAML</p><p>All of the YAML rendering is now done with the YAML C bindings. is speeds up all of the sls ﬁles when running states.</p><p>Experimental Windows Support</p><p>David Boucha has worked tirelessly to bring initial support to Salt for Microso Windows operating systems. Right now the Salt Minion can run as a native Windows service and accept commands. In the weeks and months to come Windows will receive the full treatment and will have support for Salt States and more robust support for managing Windows systems. is is a big step forward for Salt to move entirely outside of the Unix world, and proves Salt is a viable cross platform solution. Big anks to Dave for his contribution here!</p><p>26.2. Previous Releases 1431 Salt Documentation, Release 2014.7.6</p><p>Dynamic Module Distribution</p><p>Many Salt users have expressed the desire to have Salt distribute in-house modules, states, renderers, returners, and grains. is support has been added in a number of ways:</p><p>Modules via States Now when salt modules are deployed to a minion via the state system as a ﬁle, then the modules will be automatically loaded into the active running minion - no restart required - and into the active running state. So custom state modules can be deployed and used in the same state run.</p><p>Modules via Module Environment Directories Under the ﬁle_roots each environment can now have directories that are used to deploy large groups of modules. ese directories sync modules at the beginning of a state run on the minion, or can be manually synced via the Salt module salt.modules.saltutil.sync_all. e directories are named: • _modules • _states • _grains • _renderers • _returners e modules are pushed to their respective scopes on the minions.</p><p>Module Reloading</p><p>Modules can now be reloaded without restarting the minion, this is done by calling the salt.modules.sys.reload_modules function. But wait, there's more! Now when a salt module of any type is added via states the modules will be automatically reloaded, allowing for modules to be laid down with states and then immediately used. Finally, all modules are reloaded when modules are dynamically distributed from the salt master.</p><p>Enable / Disable Added to Service</p><p>A great deal of demand has existed for adding the capability to set services to be started at boot in the service module. is feature also comes with an overhaul of the service modules and initial systemd support. is means that the service state can now accept - enable: True to make sure a service is enabled at boot, and - enable: False to make sure it is disabled.</p><p>Compound Target</p><p>A new target type has been added to the lineup, the compound target. In previous versions the desired minions could only be targeted via a single speciﬁc target type, but now many target speciﬁcations can be declared. ese targets can also be separated by and/or operators, so certain properties can be used to omit a node: salt -C 'webserv* and G@os:Debian or E@db.*' test.ping</p><p>1432 Chapter 26. Release notes Salt Documentation, Release 2014.7.6 will match all minions with ids starting with webserv via a glob and minions matching the os:Debian grain. Or minions that match the db.* regular expression.</p><p>Node Groups</p><p>Oen the convenience of having a predeﬁned group of minions to execute targets on is desired. is can be accom- plished with the new nodegroups feature. Nodegroups allow for predeﬁned compound targets to be declared in the master conﬁguration ﬁle: nodegroups: group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com' group2: 'G@os:Debian and foo.domain.com'</p><p>And then used via the -N option: salt -N group1 test.ping</p><p>Minion Side Data Store</p><p>e data module introduces the initial approach into storing persistent data on the minions, speciﬁc to the minions. is allows for data to be stored on minions that can be accessed from the master or from the minion. e Minion datastore is young, and will eventually provide an interface similar to a more mature key/value pair server.</p><p>Major Grains Improvement</p><p>e Salt grains have been overhauled to include a massive amount of extra data. this includes hardware data, os data and salt speciﬁc data.</p><p>Salt -Q is Useful Now</p><p>In the past the salt query system, which would display the data from recent executions would be displayed in pure Python, and it was unreadable. 0.9.5 has added the outpuer system to the -Q option, thus enabling the salt query system to return readable output.</p><p>Packaging Updates</p><p>Huge strides have been made in packaging Salt for distributions. ese additions are thanks to our wonderful community where the work to set up packages has proceeded tirelessly.</p><p>FreeBSD</p><p>Salt on FreeBSD? ere a port for that: hp://svnweb.freebsd.org/ports/head/sysutils/py-salt/ is port was developed and added by Christer Edwards. is also marks the ﬁrst time Salt has been included in an upstream packaging system!</p><p>26.2. Previous Releases 1433 Salt Documentation, Release 2014.7.6</p><p>Fedora and Red Hat Enterprise</p><p>Salt packages have been prepared for inclusion in the Fedora Project and in EPEL for Red Hat Enterprise 5 and 6. ese packages are the result of the eﬀorts made by Clint Savage (herlo).</p><p>Debian/Ubuntu</p><p>A team of many contributors have assisted in developing packages for Debian and Ubuntu. Salt is still actively seeking inclusion in upstream Debian and Ubuntu and the package data that has been prepared is being pushed through the needed channels for inclusion. ese packages have been prepared with the help of: • Corey • Aaron Toponce • and`</p><p>More to Come</p><p>We are actively seeking inclusion in more distributions. Primarily geing Salt into Gentoo, SUSE, OpenBSD and preparing Solaris support are all turning into higher priorities.</p><p>Refinement</p><p>Salt continues to be reﬁned into a faster, more stable and more usable application. 0.9.5 comes with more debug logging, more bug ﬁxes and more complete support.</p><p>More Testing, More BugFixes</p><p>0.9.5 comes with more bugﬁxes due to more testing than any previous release. e growing community and the introduction a a dedicated QA environment have unearthed many issues that were hiding under the covers. is has further reﬁned and cleaned the state interface, taking care of things from minor visual issues to repairing misleading data.</p><p>Custom Exceptions</p><p>A custom exception module has been added to throw salt speciﬁc exceptions. is allows Salt to give much more granular error information.</p><p>New Modules data e new data module manages a persistent datastore on the minion. Big thanks to bastichelaar for his help reﬁning this module freebsdkmod FreeBSD kernel modules can now be managed in the same way Salt handles Linux kernel modules. is module was contributed thanks to the eﬀorts of Christer Edwards</p><p>1434 Chapter 26. Release notes Salt Documentation, Release 2014.7.6 gentoo_service Support has been added for managing services in Gentoo. Now Gentoo services can be started, stopped, restarted, enabled, disabled and viewed. pip e pip module introduces management for pip installed applications. anks goes to whitinge for the addi- tion of the pip module rh_service e rh_service module enables Red Hat and Fedora speciﬁc service management. Now Red Hat like systems come with extensive management of the classic init system used by Red Hat saltutil e saltutil module has been added as a place to hold functions used in the maintenance and manage- ment of salt itself. Saltutil is used to salt the salt minion. e saltutil module is presently used only to sync extension modules from the master server. systemd Systemd support has been added to Salt, now systems using this next generation init system are sup- ported on systems running systemd. virtualenv e virtualenv module has been added to allow salt to create virtual Python environments. anks goes to whitinge for the addition of the virtualenv module win_disk Support for gathering disk information on Microso Windows minions e windows modules come courtesy of Utah_Dave win_service e win_service module adds service support to Salt for Microso Windows services win_useradd Salt can now manage local users on Microso Windows Systems yumpkg5 e yumpkg module introduces in 0.9.4 uses the yum API to interact with the yum package manager. Unfortunately, on Red Hat 5 systems salt does not have access to the yum API because the yum API is running under Python 2.4 and Salt needs to run under Python 2.6. e yumpkg5 module bypasses this issue by shelling out to yum on systems where the yum API is not available.</p><p>New States mysql_database e new mysql_database state adds the ability to systems running a mysql server to manage the existence of mysql databases. e mysql states are thanks to syphernl mysql_user e mysql_user state enables mysql user management. virtualenv e virtualenv state can manage the state of Python virtual environments. anks to Whitinge for the virtualenv state</p><p>26.2. Previous Releases 1435 Salt Documentation, Release 2014.7.6</p><p>New Returners cassandra_returner A returner allowing Salt to send data to a cassandra server. anks to Byron Clark for contributing this returner</p><p>26.2.65 Salt 0.9.6 Release Notes</p><p> release 2012-01-21 Salt 0.9.6 is a release targeting a few bugs and changes. is is primarily targeting an issue found in the names declaration in the state system. But a few other bugs were also repaired, like missing support for grains in extmods. Due to a conﬂict in distribution packaging msgpack will no longer be bundled with Salt, and is required as a depen- dency.</p><p>New Features</p><p>HTTP and p support in files.managed</p><p>Now under the source option in the ﬁle.managed state a HTTP or p address can be used instead of a ﬁle located on the salt master.</p><p>Allow Multiple Returners</p><p>Now the returner interface can deﬁne multiple returners, and will also return data back to the master, making the process less ambiguous.</p><p>Minion Memory Improvements</p><p>A number of modules have been taken out of the minion if the underlying systems required by said modules are not present on the minion system. A number of other modules need to be stripped out in this same way which should continue to make the minion more eﬃcient.</p><p>Minions Can Locally Cache Return Data</p><p>A new option, cache_jobs, has been added to the minion to allow for all of the historically run jobs to cache on the minion, allowing for looking up historic returns. By default cache_jobs is set to False.</p><p>Pure Python Template Support For file.managed</p><p>Templates in the ﬁle.managed state can now be deﬁned in a Python script. is script needs to have a run function that returns the string that needs to be in the named ﬁle.</p><p>26.2.66 Salt 0.9.7 Release Notes</p><p> release 2012-02-15</p><p>1436 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Salt 0.9.7 is here! e latest iteration of Salt brings more features and many ﬁxes. is release is a great reﬁnement over 0.9.6, adding many conveniences under the hood, as well as some features that make working with Salt much beer. A few highlights include the new Job system, reﬁnements to the requisite system in states, the mod_init interface for states, external node classiﬁcation, search path to managed ﬁles in the ﬁle state, and reﬁnements and additions to dynamic module loading. 0.9.7 also introduces the long developed (and o changed) unit test framework and the initial unit tests.</p><p>Major Features</p><p>Salt Jobs Interface</p><p>e new jobs interface makes the management of running executions much cleaner and more transparent. Building on the existing execution framework the jobs system allows clear introspection into the active running state of the running Salt interface. e Jobs interface is centered in the new minion side proc system. e minions now store msgpack serialized ﬁles under /var/cache/salt/proc. ese ﬁles keep track of the active state of processes on the minion.</p><p>Functions in the saltutil Module A number of functions have been added to the saltutil module to manage and view the jobs: running - Returns the data of all running jobs that are found in the proc directory. find_job - Returns speciﬁc data about a certain job based on job id. signal_job - Allows for a given jid to be sent a signal. term_job - Sends a termination signal (SIGTERM, 15) to the process controlling the speciﬁed job. kill_job Sends a kill signal (SIGKILL, 9) to the process controlling the speciﬁed job.</p><p>The jobs Runner</p><p>A convenience runner front end and reporting system has been added as well. e jobs runner contains functions to make viewing data easier and cleaner. e jobs runner contains a number of functions…</p><p> active e active function runs saltutil.running on all minions and formats the return data about all run- ning jobs in a much more usable and compact format. e active function will also compare jobs that have returned and jobs that are still running, making it easier to see what systems have completed a job and what systems are still being waited on.</p><p> lookup_jid When jobs are executed the return data is sent back to the master and cached. By default is is cached for 24 hours, but this can be conﬁgured via the keep_jobs option in the master conﬁguration. Using the lookup_jid runner will display the same return data that the initial job invocation with the salt com- mand would display.</p><p> list_jobs Before ﬁnding a historic job, it may be required to ﬁnd the job id. list_jobs will parse the cached execution data and display all of the job data for jobs that have already, or partially returned.</p><p>26.2. Previous Releases 1437 Salt Documentation, Release 2014.7.6</p><p>External Node Classification</p><p>Salt can now use external node classiﬁers like Cobbler's cobbler-ext-nodes. Salt uses speciﬁc data from the external node classiﬁer. In particular the classes value denotes which sls modules to run, and the environment value sets to another environment. An external node classiﬁcation can be set in the master conﬁguration ﬁle via the external_nodes option: hp://salt.readthedocs.org/en/latest/ref/conﬁguration/master.html#external-nodes External nodes are loaded in addition to the top ﬁles. If it is intended to only use external nodes, do not deploy any top ﬁles.</p><p>State Mod Init System</p><p>An issue arose with the pkg state. Every time a package was run Salt would need to refresh the package database. is made systems with slower package metadata refresh speeds much slower to work with. To alleviate this issue the mod_init interface has been added to salt states. e mod_init interface is a function that can be added to a state ﬁle. is function is called with the ﬁrst state called. In the case of the pkg state, the mod_init function sets up a tag which makes the package database only refresh on the ﬁrst aempt to install a package. In a nutshell, the mod_init interface allows a state to run any command that only needs to be run once, or can be used to set up an environment for working with the state.</p><p>Source File Search Path</p><p>e ﬁle state continues to be reﬁned, adding speed and capabilities. is release adds the ability to pass a list to the source option. is list is then iterated over until the source ﬁle is found, and the ﬁrst found ﬁle is used. e new syntax looks like this:</p><p>/etc/httpd/conf/httpd.conf: file: - managed - source: - salt://httpd/httpd.conf - http://myserver/httpd.conf: md5=8c1fe119e6f1fd96bc06614473509bf1</p><p>e source option can take sources in the list from the salt ﬁle server as well as an arbitrary web source. If using an arbitrary web source the checksum needs to be passed as well for ﬁle veriﬁcation.</p><p>Refinements to the Requisite System</p><p>A few discrepancies were still lingering in the requisite system, in particular, it was not possible to have a require and a watch requisite declared in the same state declaration. is issue has been alleviated, as well as making the requisite system run more quickly.</p><p>1438 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Initial Unit Testing Framework</p><p>Because of the module system, and the need to test real scenarios, the development of a viable unit testing system has been diﬃcult, but unit testing has ﬁnally arrived. Only a small amount of unit testing coverage has been developed, much more coverage will be in place soon. A huge thanks goes out to those who have helped with unit testing, and the contributions that have been made to get us where we are. Without these contributions unit tests would still be in the dark.</p><p>Compound Targets Expanded</p><p>Originally only support for and and or were available in the compound target. 0.9.7 adds the capability to negate compound targets with not.</p><p>Nodegroups in the Top File</p><p>Previously the nodegroups deﬁned in the master conﬁguration ﬁle could not be used to match nodes for states. e nodegroups support has been expanded and the nodegroups deﬁned in the master conﬁguration can now be used to match minions in the top ﬁle.</p><p>26.2.67 Salt 0.9.8 Release Notes</p><p> release 2012-03-21 Salt 0.9.8 is a big step forward, with many additions and enhancements, as well as a number of precursors to advanced future developments. is version of Salt adds much more power to the command line, making the old hard timeout issues a thing of the past and adds keyword argument support. ese additions are also available in the salt client API, making the available API tools much more powerful. e new pillar system allows for data to be stored on the master and assigned to minions in a granular way similar to the state system. It also allows ﬂexibility for users who want to keep data out of their state tree similar to `external lookup' functionality in other tools. A new way to extend requisites was added, the ``requisite in'' statement. is makes adding requires or watch statements to external state decs much easier. Additions to requisites making them much more powerful have been added as well as improved error checking for sls ﬁles in the state system. A new provider system has been added to allow for redirecting what modules run in the background for individual states. Support for OpenSUSE has been added and support for Solaris has begun serious development. Windows support has been signiﬁcantly enhanced as well. e matcher and target systems have received a great deal of aention. e default behavior of grain matching has changed slightly to reﬂect the rest of salt and the compound matcher system has been reﬁned. A number of impressive features with keyword arguments have been added to both the CLI and to the state system. is makes states much more powerful and ﬂexible while maintaining the simple conﬁguration everyone loves. e new batch size capability allows for executions to be rolled through a group of targeted minions a percentage or speciﬁc number at a time. is was added to prevent the ``thundering herd'' problem when targeting large numbers of minions for things like service restarts or ﬁle downloads.</p><p>26.2. Previous Releases 1439 Salt Documentation, Release 2014.7.6</p><p>Upgrade Considerations</p><p>Upgrade Issues</p><p>ere was a previously missed oversight which could cause a newer minion to crash an older master. at oversight has been resolved so the version incompatibility issue will no longer occur. When upgrading to 0.9.8 make sure to upgrade the master ﬁrst, followed by the minions.</p><p>Debian/Ubuntu Packages</p><p>e original Debian/Ubuntu packages were called salt and included all salt applications. New packages in the ppa are split by function. If an old salt package is installed then it should be manually removed and the new split packages need to be freshly installed. On the master:</p><p># apt-get purge salt # apt-get install salt-{master,minion}</p><p>On the minions:</p><p># apt-get purge salt # apt-get install salt-minion</p><p>And on any Syndics:</p><p># apt-get install salt-syndic</p><p>e oﬃcial Salt PPA for Ubuntu is located at: hps://launchpad.net/~saltstack/+archive/salt</p><p>Major Features</p><p>Pillar</p><p>Pillar oﬀers an interface to declare variable data on the master that is then assigned to the minions. e pillar data is made available to all modules, states, sls ﬁles etc. It is compiled on the master and is declared using the existing renderer system. is means that learning pillar should be fairly trivial to those already familiar with salt states.</p><p>CLI Additions</p><p>e salt command has received a serious overhaul and is more powerful than ever. Data is returned to the ter- minal as it is received, and the salt command will now wait for all running minions to return data before stopping. is makes adding very large --timeout arguments completely unnecessary and gets rid of long running operations returning empty {} when the timeout is exceeded. When calling salt via sudo, the user originally running salt is saved to the log for auditing purposes. is makes it easy to see who ran what by just looking through the minion logs. e salt-key command gained the -D and --delete-all arguments for removing all keys. Be careful with this one!</p><p>1440 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Running States Without a Master</p><p>e addition of running states without a salt-master has been added to 0.9.8. is feature allows for the unmodiﬁed salt state tree to be read locally from a minion. e result is that the UNMODIFIED state tree has just become portable, allowing minions to have a local copy of states or to manage states without a master entirely. is is accomplished via the new ﬁle client interface in Salt that allows for the salt:// URI to be redirected to custom interfaces. is means that there are now two interfaces for the salt ﬁle server, calling the master or looking in a local, minion deﬁned file_roots. is new feature can be used by modifying the minion conﬁg to point to a local file_roots and seing the file_client option to local.</p><p>Keyword Arguments and States</p><p>State modules now accept the **kwargs argument. is results in all data in a sls ﬁle assigned to a state being made available to the state function. is passes data in a transparent way back to the modules executing the logic. In particular, this allows adding arguments to the pkg.install module that enable more advanced and granular controls with respect to what the state is capable of. An example of this along with the new debconf module for installing ldap client packages on Debian:</p><p> ldap-client-packages: pkg: - debconf: salt://debconf/ldap-client.ans - installed - names: - nslcd - libpam-ldapd - libnss-ldapd</p><p>Keyword Arguments and the CLI</p><p>In the past it was required that all arguments be passed in the proper order to the salt and salt-call commands. As of 0.9.8, keyword arguments can be passed in the form of kwarg=argument.</p><p># salt -G 'type:dev' git.clone \ repository=https://github.com/saltstack/salt.git cwd=/tmp/salt user=jeff</p><p>Matcher Refinements and Changes</p><p>A number of ﬁxes and changes have been applied to the Matcher system. e most noteworthy is the change in the grain matcher. e grain matcher used to use a regular expression to match the passed data to a grain, but now defaults to a shell glob like the majority of match interfaces in Salt. A new option is available that still uses the old style regex matching to grain data called grain-pcre. To use regex matching in compound matches use the leer P. For example, this would match any ArchLinux or Fedora minions:</p><p># salt --grain-pcre 'os:(Arch:Fed).*' test.ping</p><p>26.2. Previous Releases 1441 Salt Documentation, Release 2014.7.6</p><p>And the associated compound matcher suitable for top.sls is P:</p><p>P@os:(Arch|Fed).*</p><p>NOTE: Changing the grains matcher from pcre to glob is backwards incompatible. Support has been added for matching minions with Yahoo's range library. is is handled by passing range syntax with -R or --range arguments to salt. More information at: hps://github.com/ytoolshed/range/wiki/%22yamlﬁle%22-module-ﬁle-spec</p><p>Requisite ``in''</p><p>A new means to updating requisite statements has been added to make adding watchers and requires to external states easier. Before 0.9.8 the only way to extend the states that were watched by a state outside of the sls was to use an extend statement: include: - http extend: apache: service: - watch: - pkg: tomcat tomcat: pkg: - installed</p><p>But the new Requisite in statement allows for easier extends for requisites: include: - http tomcat: pkg: - installed - watch_in: - service: apache</p><p>Requisite in is part of the extend system, so still remember to always include the sls that is being extended!</p><p>Providers</p><p>Salt predetermines what modules should be mapped to what uses based on the properties of a system. ese de- terminations are generally made for modules that provide things like package and service management. e apt module maps to pkg on Debian and the yum module maps to pkg on Fedora for instance. Sometimes in states, it may be necessary for a non-default module to be used for the desired functionality. For instance, an Arch Linux system may have been set up with systemd support. Instead of using the default service module detected for Arch Linux, the systemd module can be used:</p><p>1442 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p> http: service: - running - enable: True - provider: systemd</p><p>Default providers can also be deﬁned in the minion conﬁg ﬁle: providers: service: systemd</p><p>When default providers are passed in the minion conﬁg, then those providers will be applied to all functionality in Salt, this means that the functions called by the minion will use these modules, as well as states.</p><p>Requisite Glob Matching</p><p>Requisites can now be deﬁned with glob expansion. is means that if there are many requisites, they can be deﬁned on a single line. To watch all ﬁles in a directory: http: service: - running - enable: True - watch: - file: /etc/http/conf.d/*</p><p>is example will watch all deﬁned ﬁles that match the glob /etc/http/conf.d/*</p><p>Batch Size</p><p>e new batch size option allows commands to be executed while maintaining that only so many hosts are executing the command at one time. is option can take a percentage or a ﬁnite number: salt '*' -b 10 test.ping salt -G 'os:RedHat' --batch-size 25% apache.signal restart</p><p>is will only run test.ping on 10 of the targeted minions at a time and then restart apache on 25% of the minions matching os:RedHat at a time and work through them all until the task is complete. is makes jobs like rolling web server restarts behind a load balancer or doing maintenance on BSD ﬁrewalls using carp much easier with salt.</p><p>Module Updates</p><p>is is a list of notable, but non-exhaustive updates with new and existing modules. Windows support has seen a ﬂurry of support this release cycle. We've gained all new ﬁle, network, and shadow modules. Please note that these are still a work in progress. For our ruby users, new rvm and gem modules have been added along with the associated states e virt module gained basic Xen support.</p><p>26.2. Previous Releases 1443 Salt Documentation, Release 2014.7.6</p><p>e yum module gained Scientiﬁc Linux support. e pkg module on Debian, Ubuntu, and derivatives force apt to run in a non-interactive mode. is prevents issues when package installation waits for conﬁrmation. A pkg module for OpenSUSE's zypper was added. e service module on Ubuntu natively supports upstart. A new debconf module was contributed by our community for more advanced control over deb package deployments on Debian based distributions. e mysql.user state and mysql module gained a password_hash argument. e cmd module and state gained a shell keyword argument for specifying a shell other than /bin/sh on Linux / Unix systems. New git and mercurial modules have been added for fans of distributed version control.</p><p>In Progress Development</p><p>Master Side State Compiling</p><p>While we feel strongly that the advantages gained with minion side state compiling are very critical, it does pre- vent certain features that may be desired. 0.9.8 has support for initial master side state compiling, but many more components still need to be developed, it is hoped that these can be ﬁnished for 0.9.9. e goal is that states can be compiled on both the master and the minion allowing for compilation to be split between master and minion. Why will this be great? It will allow storing sensitive data on the master and sending it to some minions without all minions having access to it. is will be good for handling ssl certiﬁcates on front-end web servers for instance.</p><p>Solaris Support</p><p>Salt 0.9.8 sees the introduction of basic Solaris support. e daemon runs well, but grains and more of the modules need updating and testing.</p><p>Windows Support</p><p>Salt states on windows are now much more viable thanks to contributions from our community! States for ﬁle, service, local user, and local group management are more fully ﬂeshed out along with network and disk modules. Windows users can also now manage registry entries using the new ``reg'' module.</p><p>26.2.68 Salt 0.9.9 Release Notes</p><p> release 2012-04-27 0.9.9 is out and comes with some serious bug ﬁxes and even more serious features. is release is the last major feature release before 1.0.0 and could be considered the 1.0.0 release candidate. A few updates include more advanced kwargs support, the ability for salt states to more safely conﬁgure a running salt minion, beer job directory management and the new state test interface. Many new tests have been added as well, including the new minion swarm test that allows for easier testing of Salt working with large groups of minions. is means that if you have experienced stability issues with Salt before, particularly in larger deployments, that these bugs have been tested for, found, and killed.</p><p>1444 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>Major Features</p><p>State Test Interface</p><p>Until 0.9.9 the only option when running states to see what was going to be changed was to print out the highstate with state.show_highstate and manually look it over. But now states can be run to discover what is going to be changed. Passing the option test=True to many of the state functions will now cause the salt state system to only check for what is going to be changed and report on those changes. salt '*' state.highstate test=True</p><p>Now states that would have made changes report them back in yellow.</p><p>State Syntax Update</p><p>A shorthand syntax has been added to sls ﬁles, and it will be the default syntax in documentation going forward. e old syntax is still fully supported and will not be deprecated, but it is recommended to move to the new syntax in the future. is change moves the state function up into the state name using a dot notation. is is in-line with how state functions are generally referred to as well: e new way:</p><p>/etc/sudoers: file.present: - source: salt://sudo/sudoers - user: root - mode: 400</p><p>Use and Use_in Requisites</p><p>Two new requisite statements are available in 0.9.9. e use and use_in requisite and requisite-in allow for the trans- parent duplication of data between states. When a state ``uses'' another state it copies the other state's arguments as defaults. is was created in direct response to the new network state, and allows for many network interfaces to be conﬁgured in the same way easily. A simple example: root_file: file.absent: - name: /tmp/nothing - user: root - mode: 644 - group: root - use_in: - file: /etc/vimrc fred_file: file.absent: - name: /tmp/nothing - user: fred - group: marketing - mode: 660</p><p>26.2. Previous Releases 1445 Salt Documentation, Release 2014.7.6</p><p>/files/marketing/district7.rst: file.present: - source: salt://marketing/district7.rst - template: jinja - use: - file: fred_file</p><p>/etc/vimrc: file.present: - source: salt://edit/vimrc</p><p>is makes the 2 lower state decs inherit the options from their respectively ``used'' state decs.</p><p>Network State</p><p>e new network state allows for the conﬁguration of network devices via salt states and the ip salt module. is addition has been given to the project by Jeﬀ Hutchins and Bret Palsson from Jive Communications. Currently the only network conﬁguration backend available is for Red Hat based systems, like Red Hat Enterprise, CentOS, and Fedora.</p><p>Exponential Jobs</p><p>Originally the jobs executed were stored on the master in the format: <cachedir>/jobs/jid/{minion ids} But this format restricted the number of jobs in the cache to the number of subdirectories allowed on the ﬁlesystem. Ext3 for instance limits subdirectories to 32000. To combat this the new format for 0.9.9 is: <cachedir>/jobs/jid_hash[:2]/jid_hash[2:]/{minion ids} So that now the number of maxi- mum jobs that can be run before the cleanup cycle hits the job directory is substantially higher. ssh_auth Additions</cachedir></cachedir></p><p>e original ssh_auth state was limited to accepting only arguments to apply to a public key, and the key itself. is was restrictive due to the way the we learned that many people were using the state, so the key section has been expanded to accept options and arguments to the key that over ride arguments passed in the state. is gives substantial power to using ssh_auth with names: sshkeys: ssh_auth: - present - user: backup - enc: ssh-dss - options: - option1="value1" - option2="value2 flag2" - comment: backup - names: - AAAAB3NzaC1yc2EAAAABIwAAAQEAlyE26SMFFVY5YJvnL7AF5CRTPtAigSW1U887ASfBt6FDa7Qr1YdO5ochiLoz8aSiMKd5h4dhB6ymHbmntMPjQena29jQjXAK4AK0500rMShG1Y1HYEjTXjQxIy/SMjq2aycHI+abiVDn3sciQjsLsNW59t48Udivl2RjWG7Eo+LYiB17MKD5M40r5CP2K4B8nuL+r4oAZEHKOJUF3rzA20MZXHRQuki7vVeWcW7ie8JHNBcq8iObVSoruylXav4aKG02d/I4bz/l0UdGh18SpMB8zVnT3YF5nukQQ/ATspmhpU66s4ntMehULC+ljLvZL40ByNmF0TZc2sdSkA0111== - AAAAB3NzaC1yc2EAAAABIwAAAQEAlyE26SMFFVY5YJvnL7AF5CRTPtAigSW1U887ASfBt6FDa7Qr1YdO5ochiLoz8aSiMKd5h4dhB6ymHbmntMPjQena29jQjXAK4AK0500rMShG1Y1HYEjTXjQxIy/SMjq2aycHI+abiVDn3sciQjsLsNW59t48Udivl2RjWG7Eo+LYiB17MKD5M40r5CP2K4B8nuL+r4oAZEHKOJUF3rzA20MZXHRQuki7vVeWcW7ie8JHNBcq8iObVSoruylXav4aKG02d/I4bz/l0UdGh18SpMB8zVnT3YF5nukQQ/ATspmhpU66s4ntMehULC+ljLvZL40ByNmF0TZc2sdSkA0222== override - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAlyE26SMFFVY5YJvnL7AF5CRTPtAigSW1U887ASfBt6FDa7Qr1YdO5ochiLoz8aSiMKd5h4dhB6ymHbmntMPjQena29jQjXAK4AK0500rMShG1Y1HYEjTXjQxIy/SMjq2aycHI+abiVDn3sciQjsLsNW59t48Udivl2RjWG7Eo+LYiB17MKD5M40r5CP2K4B8nuL+r4oAZEHKOJUF3rzA20MZXHRQuki7vVeWcW7ie8JHNBcq8iObVSoruylXav4aKG02d/I4bz/l0UdGh18SpMB8zVnT3YF5nukQQ/ATspmhpU66s4ntMehULC+ljLvZL40ByNmF0TZc2sdSkA0333== override - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAlyE26SMFFVY5YJvnL7AF5CRTPtAigSW1U887ASfBt6FDa7Qr1YdO5ochiLoz8aSiMKd5h4dhB6ymHbmntMPjQena29jQjXAK4AK0500rMShG1Y1HYEjTXjQxIy/SMjq2aycHI+abiVDn3sciQjsLsNW59t48Udivl2RjWG7Eo+LYiB17MKD5M40r5CP2K4B8nuL+r4oAZEHKOJUF3rzA20MZXHRQuki7vVeWcW7ie8JHNBcq8iObVSoruylXav4aKG02d/I4bz/l0UdGh18SpMB8zVnT3YF5nukQQ/ATspmhpU66s4ntMehULC+ljLvZL40ByNmF0TZc2sdSkA0444== - option3="value3",option4="value4 flag4" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAlyE26SMFFVY5YJvnL7AF5CRTPtAigSW1U887ASfBt6FDa7Qr1YdO5ochiLoz8aSiMKd5h4dhB6ymHbmntMPjQena29jQjXAK4AK0500rMShG1Y1HYEjTXjQxIy/SMjq2aycHI+abiVDn3sciQjsLsNW59t48Udivl2RjWG7Eo+LYiB17MKD5M40r5CP2K4B8nuL+r4oAZEHKOJUF3rzA20MZXHRQuki7vVeWcW7ie8JHNBcq8iObVSoruylXav4aKG02d/I4bz/l0UdGh18SpMB8zVnT3YF5nukQQ/ATspmhpU66s4ntMehULC+ljLvZL40ByNmF0TZc2sdSkA0555== override - option3="value3" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAlyE26SMFFVY5YJvnL7AF5CRTPtAigSW1U887ASfBt6FDa7Qr1YdO5ochiLoz8aSiMKd5h4dhB6ymHbmntMPjQena29jQjXAK4AK0500rMShG1Y1HYEjTXjQxIy/SMjq2aycHI+abiVDn3sciQjsLsNW59t48Udivl2RjWG7Eo+LYiB17MKD5M40r5CP2K4B8nuL+r4oAZEHKOJUF3rzA20MZXHRQuki7vVeWcW7ie8JHNBcq8iObVSoruylXav4aKG02d/I4bz/l0UdGh18SpMB8zVnT3YF5nukQQ/ATspmhpU66s4ntMehULC+ljLvZL40ByNmF0TZc2sdSkA0666==</p><p>1446 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>LocalClient Additions</p><p>To follow up the recent additions in 0.9.8 of additional kwargs support, 0.9.9 also adds the capability to send kwargs into commands via a dict. is addition to the LocalClient api can be used like so:</p><p> import salt.client</p><p> client = salt.client.LocalClient('/etc/salt/master') ret = client.cmd('*', 'cmd.run',['ls -l'], kwarg={'cwd': '/etc'})</p><p>is update has been added to all cmd methods in the LocalClient class.</p><p>Beer Self Salting</p><p>One problem faced with running Salt states, is that it has been diﬃcult to manage the Salt minion via states, this is due to the fact that if the minion is called to restart while a state run is happening then the state run would be killed. 0.9.9 slightly changes the process scope of the state runs, so now when salt is executing states it can safely restart the salt-minion daemon. In addition to daemonizing the state run, the apt module also daemonizes. is update makes it possible to cleanly update the salt-minion package on Debian/Ubuntu systems without leaving apt in an inconsistent state or killing the active minion process mid-execution.</p><p>Wildcards for SLS Modules</p><p>Now, when including sls modules in include statements or in the top ﬁle, shell globs can be used. is can greatly simplify listing matched sls modules in the top ﬁle and include statements:</p><p> base: '*': - files* - core*</p><p> include: - users.dev.* - apache.ser*</p><p>External Pillar</p><p>Since the pillar data is just, data, it does not need to come expressly from the pillar interface. e external pillar system allows for hooks to be added making it possible to extract pillar data from any arbitrary external interface. e external pillar interface is conﬁgured via the ext_pillar option. Currently interfaces exist to gather external pillar data via hiera or via a shell command that sends yaml data to the terminal:</p><p> ext_pillar: - cmd_yaml: cat /etc/salt/ext.yaml - hiera: /etc/hirea.yaml</p><p>26.2. Previous Releases 1447 Salt Documentation, Release 2014.7.6</p><p>e initial external pillar interfaces and extra interfaces can be added to the ﬁle salt/pillar.py, it is planned to add more external pillar interfaces. If the need arises a new module loader interface will be created in the future to manage external pillar interfaces.</p><p>Single State Executions</p><p>e new state.single function allows for single states to be cleanly executed. is is a great tool for seing up a small group of states on a system or for testing out the behavior of single states: salt '*' state.single user.present name=wade uid=2000</p><p>e test interface functions here as well, so changes can also be tested against as: salt '*' state.single user.present name=wade uid=2000 test=True</p><p>New Tests</p><p>A few exciting new test interfaces have been added, the minion swarm allows not only testing of larger loads, but also allows users to see how Salt behaves with large groups of minions without having to create a large deployment.</p><p>Minion Swarm</p><p>e minion swarm test system allows for large groups of minions to be tested against easily without requiring large numbers of servers or virtual machines. e minion swarm creates as many minions as a system can handle and roots them in the /tmp directory and connects them to a master. e beneﬁt here is that we were able to replicate issues that happen only when there are large numbers of minions. A number of elusive bugs which were causing stability issues in masters and minions have since been hunted down. Bugs that used to take careful watch by users over several days can now be reliably replicated in minutes, and ﬁxed in minutes. Using the swarm is easy, make sure a master is up for the swarm to connect to, and then use the minionswarm.py script in the tests directory to spin up as many minions as you want. Remember, this is a fork bomb, don't spin up more than your hardware can handle! python minionswarm.py -m 20 --master salt-master</p><p>Shell Tests</p><p>e new Shell testing system allows us to test the behavior of commands executed from a high level. is allows for the high level testing of salt runners and commands like salt-key.</p><p>Client Tests</p><p>Tests have been added to test the aspects of the client APIs and ensure that the client calls work, and that they manage passed data, in a desirable way. See also: Legacy salt-cloud release docs</p><p>1448 Chapter 26. Release notes Salt Documentation, Release 2014.7.6</p><p>See also: Legacy salt-api release docs</p><p>26.2. Previous Releases 1449 Salt Documentation, Release 2014.7.6</p><p>1450 Chapter 26. Release notes CHAPTER 27</p><p>Salt Based Projects</p><p>A number of unoﬃcial open source projects, based on Salt, or wrien to enhance Salt have been created.</p><p>27.1 Salt Sandbox</p><p>Created by Aaron Bull Schaefer, aka ``elasticdog''. hps://github.com/elasticdog/salt-sandbox Salt Sandbox is a multi-VM Vagrant-based Salt development environment used for creating and testing new Salt state modules outside of your production environment. It's also a great way to learn ﬁrsthand about Salt and its remote execution capabilities. Salt Sandbox will set up three separate virtual machines: • salt.example.com - the Salt master server • minion1.example.com - the ﬁrst Salt minion machine • minion2.example.com - the second Salt minion machine ese VMs can be used in conjunction to segregate and test your modules based on node groups, top ﬁle environ- ments, grain values, etc. You can even test modules on diﬀerent Linux distributions or release versions to beer match your production infrastructure.</p><p>1451 Salt Documentation, Release 2014.7.6</p><p>1452 Chapter 27. Salt Based Projects CHAPTER 28</p><p>Security disclosure policy</p><p> email security@saltstack.com gpg key ID 4EA0793D gpg key ﬁngerprint 8ABE 4EFC F0F4 B24B FF2A AF90 D570 F2D3 4EA0 793D gpg public key:</p><p>-----BEGIN PGP PUBLIC KEY BLOCK---- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) mQINBFO15mMBEADa3CfQwk5ED9wAQ8fFDku277CegG3U1hVGdcxqKNvucblwoKCb hRK6u9ihgaO9V9duV2glwgjytiBI/z6lyWqdaD37YXG/gTL+9Md+qdSDeaOa/9eg 7y+g4P+FvU9HWUlujRVlofUn5Dj/IZgUywbxwEybutuzvvFVTzsn+DFVwTH34Qoh QIuNzQCSEz3Lhh8zq9LqkNy91ZZQO1ZIUrypafspH6GBHHcE8msBFgYiNBnVcUFH u0r4j1Rav+621EtD5GZsOt05+NJI8pkaC/dDKjURcuiV6bhmeSpNzLaXUhwx6f29 Vhag5JhVGGNQxlRTxNEM86HEFp+4zJQ8m/wRDrGX5IAHsdESdhP+ljDVlAAX/ttP /Ucl2fgpTnDKVHOA00E515Q87ZHv6awJ3GL1veqi8zfsLaag7rw1TuuHyGLOPkDt t5PAjsS9R3KI7pGnhqI6bTOi591odUdgzUhZChWUUX1VStiIDi2jCvyoOOLMOGS5 AEYXuWYP7KgujZCDRaTNqRDdgPd93Mh9JI8UmkzXDUgijdzVpzPjYgFaWtyK8lsc Fizqe3/Yzf9RCVX/lmRbiEH+ql/zSxcWlBQd17PKaL+TisQFXcmQzccYgAxFbj2r QHp5ABEu9YjFme2Jzun7Mv9V4qo3JF5dmnUk31yupZeAOGZkirIsaWC3hwARAQAB tDBTYWx0U3RhY2sgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAc2FsdHN0YWNrLmNv bT6JAj4EEwECACgFAlO15mMCGwMFCQeGH4AGCwkIBwMCBhUIAgkKCwQWAgMBAh4B AheAAAoJENVw8tNOoHk9z/MP/2vzY27fmVxU5X8joiiturjlgEqQw41IYEmWv1Bw 4WVXYCHP1yu/1MC1uuvOmOd5BlI8YO2C2oyW7d1B0NorguPtz55b7jabCElekVCh h/H4ZVThiwqgPpthRv/2npXjIm7SLSs/kuaXo6Qy2JpszwDVFw+xCRVL0tH9KJxz HuNBeVq7abWD5fzIWkmGM9hicG/R2D0RIlco1Q0VNKy8klG+pOFOW886KnwkSPc7 JUYp1oUlHsSlhTmkLEG54cyVzrTP/XuZuyMTdtyTc3mfgW0adneAL6MARtC5UB/h q+v9dqMf4iD3wY6ctu8KWE8Vo5MUEsNNO9EA2dUR88LwFZ3ZnnXdQkizgR/Aa515 dm17vlNkSoomYCo84eN7GOTfxWcq+iXYSWcKWT4X+h/ra+LmNndQWQBRebVUtbKE ZDwKmiQz/5LY5EhlWcuU4lVmMSFpWXt5FR/PtzgTdZAo9QKkBjcv97LYbXvsPI69 El1BLAg+m+1UpE1L7zJT1il6PqVyEFAWBxW46wXCCkGssFsvz2yRp0PDX8A6u4yq rTkt09uYht1is61joLDJ/kq3+6k8gJWkDOW+2NMrmf+/qcdYCMYXmrtOpg/wF27W GMNAkbdyzgeX/MbUBCGCMdzhevRuivOI5bu4vT5s3KdshG+yhzV45bapKRd5VN+1 mZRquQINBFO15mMBEAC5UuLii9ZLz6qHfIJp35IOW9U8SOf7QFhzXR7NZ3DmJsd3 f6Nb/habQFIHjm3K9wbpj+FvaW2oWRlFVvYdzjUq6c82GUUjW1dnqgUvFwdmM835 1n0YQ2TonmyaF882RvsRZrbJ65uvy7SQxlouXaAYOdqwLsPxBEOyOnMPSktW5V2U IWyxsNP3sADchWIGq9p5D3Y/loyIMsS1dj+TjoQZOKSj7CuRT98+8yhGAY8YBEXu 9r3I9o6mDkuPpAljuMc8r09Im6az2egtK/szKt4Hy1bpSSBZU4W/XR7XwQNywmb3 wxjmYT6Od3Mwj0jtzc3gQiH8hcEy3+BO+NNmyzFVyIwOLziwjmEcw62S57wYKUVn HD2nglMsQa8Ve0e6ABBMEY7zGEGStva59rfgeh0jUMJiccGiUDTMs0tdkC6knYKb u/fdRqNYFoNuDcSeLEw4DdCuP01l2W4yY+fiK6hAcL25amjzc+yYo9eaaqTn6RAT</p><p>1453 Salt Documentation, Release 2014.7.6</p><p> bzdhHQZdpAMxY+vNT0+NhP1Zo5gYBMR65Zp/VhFsf67ijb03FUtdw9N8dHwiR2m8 vVA8kO/gCD6wS2p9RdXqrJ9JhnHYWjiVuXR+f755ZAndyQfRtowMdQIoiXuJEXYw 6XN+/BX81gJaynJYc0uw0MnxWQX+A5m8HqEsbIf*ckBYXPgbwXTm7c4IHGgXXdwAR AQABiQIlBBgBAgAPBQJTteZjAhsMBQkHhh+AAAoJENVw8tNOoHk91rcQAIhxLv4g duF/J1Cyf6Wixz4rqslBQ7DgNztdIUMjCThg3eB6pvIzY5d3DNROmwU5JvGP1rEw hNiJhgBDFaB0J/y28uSci+orhKDTHb/cn30IxfuAuqrv9dujvmlgM7JUswOtLZhs 5FYGa6v1RORRWhUx2PQsF6ORg22QAaagc7OlaO3BXBoiE/FWsnEQCUsc7GnnPqi7 um45OJl/pJntsBUKvivEU20fj7j1UpjmeWz56NcjXoKtEvGh99gM5W2nSMLE3aPw vcKhS4yRyLjOe19NfYbtID8m8oshUDji0XjQ1z5NdGcf2V1YNGHU5xyK6zwyGxgV xZqaWnbhDTu1UnYBna8BiUobkuqclb4T9k2WjbrUSmTwKixokCOirFDZvqISkgmN r6/g3w2TRi11/LtbUciF0FN2pd7rj5mWrOBPEFYJmrB6SQeswWNhr5RIsXrQd/Ho zvNm0HnUNEe6w5YBfA6sXQy8B0Zs6pcgLogkFB15TuHIIIpxIsVRv5z8SlEnB7HQ Io9hZT58yjhekJuzVQB9loU0C/W0lzci/pXTt6fd9puYQe1DG37pSifRG6kfHxrR if6nRyrfdTlawqbqdkoqFDmEybAM9/hv3BqriGahGGH/hgplNQbYoXfNwYMYaHuB aSkJvrOQW8bpuAzgVyd7TyNFv+t1kLlfaRYJ =wBTJ -----END PGP PUBLIC KEY BLOCK-----</p><p>e SaltStack Security Team is available at security@saltstack.com for security-related bug reports or questions. We request the disclosure of any security-related bugs or issues be reported non-publicly until such time as the issue can be resolved and a security-ﬁx release can be prepared. At that time we will release the ﬁx and make a public announcement with upgrade instructions and download locations.</p><p>28.1 Security response procedure</p><p>SaltStack takes security and the trust of our customers and users very seriously. Our disclosure policy is intended to resolve security issues as quickly and safely as is possible. 1. A security report sent to security@saltstack.com is assigned to a team member. is person is the primary contact for questions and will coordinate the ﬁx, release, and announcement. 2. e reported issue is reproduced and conﬁrmed. A list of aﬀected projects and releases is made. 3. Fixes are implemented for all aﬀected projects and releases that are actively supported. Back-ports of the ﬁx are made to any old releases that are actively supported. 4. Packagers are notiﬁed via the salt-packagers mailing list that an issue was reported and resolved, and that an announcement is incoming. 5. A new release is created and pushed to all aﬀected repositories. e release documentation provides a full description of the issue, plus any upgrade instructions or other relevant details. 6. An announcement is made to the salt-users and salt-announce mailing lists. e announcement contains a description of the issue and a link to the full release documentation and download locations.</p><p>28.2 Receiving security announcemnts</p><p>e fastest place to receive security announcements is via the salt-announce mailing list. is list is low-traﬃc.</p><p>1454 Chapter 28. Security disclosure policy CHAPTER 29</p><p>Frequently Asked estions</p><p>FAQ • Frequently Asked estions – Is Salt open-core? – What ports should I open on my ﬁrewall? – I'm seeing weird behavior (including but not limited to packages not installing their users properly) – My script runs every time I run a state.highstate. Why? – When I run test.ping, why don't the Minions that aren't responding return anything? Returning False would be helpful. – How does Salt determine the Minion's id? – I'm trying to manage packages/services but I get an error saying that the state is not available. Why? – I'm using gitfs and my custom modules/states/etc are not syncing. Why? – Why aren't my custom modules/states/etc. available on my Minions? – Module X isn't available, even though the shell command it uses is installed. Why? – Can I run diﬀerent versions of Salt on my Master and Minion? – Does Salt support backing up managed ﬁles? – What is the best way to restart a Salt daemon using Salt? * Linux/Unix * Windows – Salting the Salt Master</p><p>29.1 Is Salt open-core?</p><p>No. Salt is 100% commied to being open-source, including all of our APIs and the `Halite' web interface which was introduced in version 0.17.0. It is developed under the Apache 2.0 license, allowing it to be used in both open and proprietary projects.</p><p>29.2 What ports should I open on my firewall?</p><p>Minions need to be able to connect to the Master on TCP ports 4505 and 4506. Minions do not need any inbound ports open. More detailed information on ﬁrewall seings can be found here.</p><p>1455 Salt Documentation, Release 2014.7.6</p><p>29.3 I'm seeing weird behavior (including but not limited to packages not installing their users properly)</p><p>is is oen caused by SELinux. Try disabling SELinux or puing it in permissive mode and see if the weird behavior goes away.</p><p>29.4 My script runs every time I run a state.highstate. Why?</p><p>You are probably using cmd.run rather than cmd.wait.A cmd.wait state will only run when there has been a change in a state that it is watching. A cmd.run state will run the corresponding command every time (unless it is prevented from running by the unless or onlyif arguments). More details can be found in the documentation for the cmd states.</p><p>29.5 When I run test.ping, why don't the Minions that aren't responding return anything? Returning False would be helpful.</p><p>When you run test.ping the Master tells Minions to run commands/functions, and listens for the return data, printing it to the screen when it is received. If it doesn't receive anything back, it doesn't have anything to display for that Minion. ere are a couple options for geing information on Minions that are not responding. One is to use the verbose (-v) option when you run salt commands, as it will display ``Minion did not return'' for any Minions which time out. salt -v '*' pkg.install zsh</p><p>Another option is to use the manage.down runner: salt-run manage.down</p><p>Also, if the Master is under heavy load, it is possible that the CLI will exit without displaying return data for all targeted Minions. However, this doesn't mean that the Minions did not return; this only means that the Salt CLI timed out waiting for a response. Minions will still send their return data back to the Master once the job completes. If any expected Minions are missing from the CLI output, the jobs.list_jobs runner can be used to show the job IDs of the jobs that have been run, and the jobs.lookup_jid runner can be used to get the return data for that job. salt-run jobs.list_jobs salt-run jobs.lookup_jid 20130916125524463507</p><p>If you ﬁnd that you are oen missing Minion return data on the CLI, only to ﬁnd it with the jobs runners, then this may be a sign that the worker_threads value may need to be increased in the master conﬁg ﬁle. Additionally, running your Salt CLI commands with the -t option will make Salt wait longer for the return data before the CLI command exits. For instance, the below command will wait up to 60 seconds for the Minions to return: salt -t 60 '*' test.ping</p><p>1456 Chapter 29. Frequently Asked estions Salt Documentation, Release 2014.7.6</p><p>29.6 How does Salt determine the Minion's id?</p><p>If the Minion id is not conﬁgured explicitly (using the id parameter), Salt will determine the id based on the host- name. Exactly how this is determined varies a lile between operating systems and is described in detail here.</p><p>29.7 I'm trying to manage packages/services but I get an error saying that the state is not available. Why?</p><p>Salt detects the Minion's operating system and assigns the correct package or service management module based on what is detected. However, for certain custom spins and OS derivatives this detection fails. In cases like this, an issue should be opened on our tracker, with the following information: 1. e output of the following command:</p><p> salt <minion_id> grains.items | grep os</minion_id></p><p>2. e contents of /etc/lsb-release, if present on the Minion.</p><p>29.8 I'm using gitfs and my custom modules/states/etc are not syncing. Why?</p><p>In versions of Salt 0.16.3 or older, there is a bug in gitfs which can aﬀect the syncing of custom types. Upgrading to 0.16.4 or newer will ﬁx this.</p><p>29.9 Why aren't my custom modules/states/etc. available on my Min- ions?</p><p>Custom modules are only synced to Minions when state.highstate, saltutil.sync_modules, or saltutil.sync_all is run. Similarly, custom states are only synced to Minions when state.highstate, saltutil.sync_states, or saltutil.sync_all is run. Other custom types (renderers, outpuers, etc.) have similar behavior, see the documentation for the saltutil module for more information.</p><p>29.10 Module X isn't available, even though the shell command it uses is installed. Why?</p><p>is is most likely a PATH issue. Did you custom-compile the soware which the module requires? RHEL/CentOS/etc. in particular override the root user's path in /etc/init.d/functions, seing it to /sbin:/usr/sbin:/bin:/usr/bin, making soware installed into /usr/local/bin unavailable to Salt when the Minion is started using the initscript. In version 2014.1.0, Salt will have a beer solution for these sort of PATH-related issues, but recompiling the soware to install it into a location within the PATH should resolve the issue in the meantime. Alternatively, you can create a symbolic link within the PATH using a file.symlink state.</p><p>29.6. How does Salt determine the Minion's id? 1457 Salt Documentation, Release 2014.7.6</p><p>/usr/bin/foo: file.symlink: - target: /usr/local/bin/foo</p><p>29.11 Can I run diﬀerent versions of Salt on my Master and Minion?</p><p>is depends on the versions. In general, it is recommended that Master and Minion versions match. When upgrading Salt, the master(s) should always be upgraded ﬁrst. Backwards compatibility for minions running newer versions of salt than their masters is not guaranteed. Whenever possible, backwards compatibility between new masters and old minions will be preserved. Generally, the only exception to this policy is in case of a security vulnerability. Recent examples of backwards compatibility breakage include the 0.17.1 release (where all backwards compatibility was broken due to a security ﬁx), and the 2014.1.0 release (which retained compatibility between 2014.1.0 masters and 0.17 minions, but broke compatibility for 2014.1.0 minions and older masters).</p><p>29.12 Does Salt support backing up managed files?</p><p>Yes. Salt provides an easy to use addition to your ﬁle.managed states that allow you to back up ﬁles via backup_mode, backup_mode can be conﬁgured on a per state basis, or in the minion conﬁg (note that if set in the minion conﬁg this would simply be the default method to use, you still need to specify that the ﬁle should be backed up!).</p><p>29.13 What is the best way to restart a Salt daemon using Salt?</p><p>Restarting Salt using Salt without having the restart interrupt the whole process is a tricky problem to solve. We're still working on it but in the meantime a good way is to use the system scheduler with a short interval. e following example is a state that will always execute at the very end of a state run.</p><p>29.13.1 Linux/Unix</p><p> salt-minion-reload: cmd.run: - name: echo service salt-minion restart | at now + 1 minute - order: last</p><p>To ensure that at is installed and atd is running, the following states can be used (be sure to double-check the package name and service name for the distro the minion is running, in case they diﬀer from the example below.</p><p> at: pkg.installed: - name: at service.running: - name: atd - enable: True</p><p>An alternatvie to using the atd daemon is to fork and disown the process.</p><p>1458 Chapter 29. Frequently Asked estions Salt Documentation, Release 2014.7.6</p><p> restart_minion: cmd.run: - name: | nohup /bin/sh -c 'sleep 10 &amp;&amp; salt-call --local service.restart salt-minion' - python_shell: True - order: last</p><p>29.13.2 Windows schedule-start: cmd.run: - name: at (Get-Date).AddMinutes(1).ToString("HH:mm") cmd /c "net start salt-minion" - shell: powershell - order: last service.dead: - name: salt-minion - require: - cmd: schedule-start</p><p>29.14 Salting the Salt Master</p><p>In order to conﬁgure a master server via states, the Salt master can also be ``salted'' in order to enforce state on the Salt master as well as the Salt minions. Salting the Salt master requires a Salt minion to be installed on the same machine as the Salt master. Once the Salt minion is installed, the minion conﬁguration ﬁle must be pointed to the local Salt master: master: 127.0.0.1</p><p>Once the Salt master has been ``salted'' with a Salt minion, it can be targeted just like any other minion. If the minion on the salted master is running, the minion can be targeted via any usual salt command. Additionally, the salt-call command can execute operations to enforce state on the salted master without requiring the minion to be running. More information about salting the Salt master can be found in the salt-formula for salt itself: hps://github.com/saltstack-formulas/salt-formula</p><p>29.14. Salting the Salt Master 1459 Salt Documentation, Release 2014.7.6</p><p>1460 Chapter 29. Frequently Asked estions CHAPTER 30</p><p>Glossary</p><p>Auto-Order e evaluation of states in the order that they are deﬁned in a SLS ﬁle. See also: ordering. Bootstrap A stand-alone Salt project which can download and install a Salt master and/or a Salt minion onto a host. See also: salt-bootstrap <h>. Compound Mater A combination of many target deﬁnitions that can be combined with boolean operators. See also: targeting. EAuth Shorthand for `external authentication'. A system for calling to a system outside of Salt in order to au- thenticate users and determine if they are allowed to issue particular commands to Salt. See also: external auth. Environment A directory tree containing state ﬁles which can be applied to minions. See also: top ﬁle. Execution Module A Python module that contains execution functions which directly perform various system- management tasks on a server. Salt ships with a number of execution modules but users can also write their own execution modules to perform specialized tasks. See also: the list of execution modules. Execution Function A Python function inside an Execution Module that may take arguments and performs speciﬁc system-management tasks. See also: the list of execution modules. External Job Cae An external data-store that can archive information about jobs that have been run. A default returner. See also: ext_job_cache, the list of returners. External Pillar A module that accepts arbitrary arguments and returns a dictionary. e dictionary is automatically added to a pillar for a minion. Event A notice emied onto an event bus. Events are oen driven by requests for actions to occur on a minion or master and the results of those actions. See also: Salt Reactor. File Server A local or remote location for storing both Salt-speciﬁc ﬁles such as top ﬁles or SLS ﬁles as well as ﬁles that can be distributed to minions, such as system conﬁguration ﬁles. See also: Salt's ﬁle server. Grain A key-value pair which contains a fact about a system, such as its hostname, network addresses. See also: targeting with grains. Halite e Salt GUI. See also: Halite. Jinja A templating language which allows variables and simple logic to be dynamically inserted into static text ﬁles when they are rendered. See also: Salt's Jinja documentation. Job e complete set of tasks to be performed by the execution of a Salt command are a single job. See also: jobs runner. Job ID A unique identiﬁer to represent a given job. Highdata e data structure in a SLS ﬁle the represents a set of state declarations. See also: state layers.</h></p><p>1461 Salt Documentation, Release 2014.7.6</p><p>Highstate e collection of states to be applied to a system. See also: state layers. Low State e collection of processed states aer requisites and order are evaluated. See also: state layers. Master A central Salt daemon which from which commands can be issued to listening minions. Masterless A minion which does not require a Salt master to operate. All conﬁguration is local. See also: file_client. Master Tops A system for the master that allows hooks into external systems to generate top ﬁle data. Mine A facility to collect arbitrary data from minions and store that data on the master. is data is then available to all other minions. [Sometimes referred to as Salt Mine.] See also: Salt Mine. Minion A server running a Salt minion daemon which can listen to commands from a master and perform the requested tasks. Generally, minions are servers which are to be controlled using Salt. Minion ID A globally unique identiﬁer for a minion. See also: id. Multi-Master e ability for a minion to be actively connected to multiple Salt masters at the same time in high- availability environments. Node Group A pre-deﬁned group of minions declared in the master conﬁguration ﬁle. See also: targeting. Outputter A formaer for deﬁning the characteristics of output data from a Salt command. See also: list of output- ters. Overstate A system by which a Master can issue function calls to minions in a deterministic order. See also: over- state. Peer Communication e ability for minions to communicate directly with other minions instead of brokering commands through the Salt master. See also: peer communication. Pillar A simple key-value store for user-deﬁned data to be made available to a minion. Oen used to store and distribute sensitive data to minions. See also: Pillar, list of Pillar modules. Proxy Minion A minion which can control devices that are unable to run a Salt minion locally, such as routers and switches. PyDSL A Pythonic domain-speciﬁc-language used as a Salt renderer. PyDSL can be used in cases where adding pure Python into SLS ﬁles is beneﬁcial. See also: PyDSL. Reactor An interface for listening to events and deﬁning actions that Salt should taken upon receipt of given events. See also: Reactor. Render Pipe Allows SLS ﬁles to be rendered by multiple renderers, with each renderer receiving the output of the previous. See also: composing renderers. Renderer Responsible for translating a given data serialization format such as YAML or JSON into a Python data structure that can be consumed by Salt. See also: list of renderers. Returner Allows for the results of a Salt command to be sent to a given data-store such as a database or log ﬁle for archival. See also: list of returners. Roster A ﬂat-ﬁle list of target hosts. (Currently only used by salt-ssh.) Runner Module A module containing a set of runner functions. See also: list of runner modules. Runner Function A function which is is called by the salt-run command and executes on the master instead of on a minion. See also: Runner Module. Salt Cloud A suite of tools used to create and deploy systems on many hosted cloud providers. See also: salt-cloud. Salt SSH A conﬁguration management and remote orchestration system that does not require that any soware besides SSH be installed on systems to be controlled.</p><p>1462 Chapter 30. Glossary Salt Documentation, Release 2014.7.6</p><p>Salt in A subset of the normal Salt distribution that does not include any transport routines. A Salt in bundle can be dropped onto a host and used directly without any requirement that the host be connected to a network. Used by Salt SSH. See also: thin runner. Salt Virt Used to manage the creation and deployment of virtual machines onto a set of host machines. Oen used to create and deploy private clouds. See also: virt runner. SLS Module Contains a set of state declarations. State Declaration A data structure which contains a unique ID and describes one or more states of a system such as ensuring that a package is installed or a user is deﬁned. See also: highstate structure. State Module A module which contains a set of state functions. See also: list of state modules. State Function A function contained inside a state module which can manages the application of a particular state to a system. State functions frequently call out to one or more execution modules to perform a given task. State Run e application of a set of states on a set of systems. State Compiler Translates highdata into lowdata. Syndic A forwarder which can relay messages between tiered masters. See also: Syndic. Target Minion(s) to which a given salt command will apply. See also: targeting. Top File Determines which SLS ﬁles should be applied to various systems and organizes those groups of systems into environments. See also: top ﬁle, list of master top modules. Worker A master process which can send notices and receive replies from minions. See also: worker_threads. __virtual__ A function in a module that is called on module load to determine whether or not the module should be available to a minion. is function commonly contains logic to determine if all requirements for a module are available, such as external libraries.</p><p>1463 Salt Documentation, Release 2014.7.6</p><p>1464 Chapter 30. Glossary Salt Module Index</p><p> a salt.fileserver.s3fs, 457 salt.auth.auto, 297 salt.fileserver.svnfs, 458 salt.auth.keystone, 297 salt.auth.ldap, 297 l salt.auth.pam, 298 salt.log.handlers.logstash_mod, 445 salt.auth.pki, 299 salt.log.handlers.sentry_mod, 446 salt.auth.stormpath_mod, 299 m c salt.modules.aliases, 471 salt.cloud.clouds.aliyun, 334 salt.modules.alternatives, 472 salt.cloud.clouds.botocore_aws, 336 salt.modules.apache, 473 salt.cloud.clouds.cloudstack, 337 salt.modules.aptpkg, 474 salt.cloud.clouds.digital_ocean, 338 salt.modules.archive, 481 salt.cloud.clouds.ec2, 340 salt.modules.at, 483 salt.cloud.clouds.gce, 346 salt.modules.augeas_cfg, 484 salt.cloud.clouds.gogrid, 350 salt.modules.aws_sqs, 485 salt.cloud.clouds.joyent, 351 salt.modules.blockdev, 487 salt.cloud.clouds.libcloud_aws, 355 salt.modules.bluez, 487 salt.cloud.clouds.linode, 356 salt.modules.boto_asg, 489 salt.cloud.clouds.lxc, 358 salt.modules.boto_cloudwatch, 491 salt.cloud.clouds.msazure, 359 salt.modules.boto_elasticache, 493 salt.cloud.clouds.nova, 360 salt.modules.boto_elb, 495 salt.cloud.clouds.opennebula, 363 salt.modules.boto_iam, 498 salt.cloud.clouds.openstack, 364 salt.modules.boto_route53, 500 salt.cloud.clouds.parallels, 367 salt.modules.boto_secgroup, 501 salt.cloud.clouds.proxmox, 368 salt.modules.boto_sqs, 503 salt.cloud.clouds.rackspace, 370 salt.modules.brew, 504 salt.cloud.clouds.saltify, 372 salt.modules.bridge, 506 salt.cloud.clouds.softlayer, 372 salt.modules.bsd_shadow, 508 salt.cloud.clouds.softlayer_hw, 373 salt.modules.cassandra, 508 salt.cloud.clouds.vsphere, 375 salt.modules.chef, 510 salt.modules.chocolatey, 511 e salt.modules.cloud, 514 salt.exceptions, 462 salt.modules.cmdmod, 516 salt.modules.composer, 520 f salt.modules.config, 522 salt.modules.cp, 523 salt.fileserver.gitfs, 453 salt.modules.cron, 526 salt.fileserver.hgfs, 454 salt.modules.daemontools, 528 salt.fileserver.minionfs, 455 salt.modules.darwin_sysctl, 529 salt.fileserver.roots, 456 salt.modules.data, 530</p><p>1465 Salt Documentation, Release 2014.7.6 salt.modules.ddns, 531 salt.modules.keyboard, 635 salt.modules.deb_apache, 532 salt.modules.keystone, 635 salt.modules.debconfmod, 533 salt.modules.kmod, 641 salt.modules.debian_ip, 533 salt.modules.launchctl, 642 salt.modules.debian_service, 535 salt.modules.layman, 643 salt.modules.defaults, 537 salt.modules.ldapmod, 643 salt.modules.dig, 537 salt.modules.linux_acl, 644 salt.modules.disk, 538 salt.modules.linux_lvm, 645 salt.modules.djangomod, 539 salt.modules.linux_sysctl, 646 salt.modules.dnsmasq, 540 salt.modules.localemod, 647 salt.modules.dnsutil, 540 salt.modules.locate, 648 salt.modules.dockerio, 542 salt.modules.logadm, 649 salt.modules.dpkg, 553 salt.modules.logrotate, 649 salt.modules.ebuild, 553 salt.modules.lvs, 650 salt.modules.eix, 558 salt.modules.lxc, 652 salt.modules.environ, 558 salt.modules.mac_group, 660 salt.modules.eselect, 559 salt.modules.mac_user, 661 salt.modules.etcd_mod, 561 salt.modules.macports, 662 salt.modules.event, 562 salt.modules.makeconf, 665 salt.modules.extfs, 563 salt.modules.match, 672 salt.modules.file, 565 salt.modules.mdadm, 674 salt.modules.freebsd_sysctl, 584 salt.modules.memcached, 676 salt.modules.freebsdjail, 585 salt.modules.mine, 677 salt.modules.freebsdkmod, 586 salt.modules.mod_random, 678 salt.modules.freebsdpkg, 587 salt.modules.modjk, 679 salt.modules.freebsdports, 590 salt.modules.mongodb, 682 salt.modules.freebsdservice, 592 salt.modules.monit, 683 salt.modules.gem, 593 salt.modules.moosefs, 684 salt.modules.genesis, 595 salt.modules.mount, 685 salt.modules.gentoo_service, 596 salt.modules.munin, 686 salt.modules.gentoolkitmod, 598 salt.modules.mysql, 687 salt.modules.git, 599 salt.modules.nagios, 693 salt.modules.glance, 605 salt.modules.netbsd_sysctl, 695 salt.modules.glusterfs, 606 salt.modules.netbsdservice, 695 salt.modules.gnomedesktop, 608 salt.modules.network, 697 salt.modules.grains, 609 salt.modules.nfs3, 700 salt.modules.groupadd, 613 salt.modules.nftables, 700 salt.modules.grub_legacy, 614 salt.modules.nginx, 705 salt.modules.guestfs, 614 salt.modules.nova, 705 salt.modules.hadoop, 615 salt.modules.npm, 710 salt.modules.haproxyconn, 615 salt.modules.omapi, 711 salt.modules.hashutil, 617 salt.modules.openbsdpkg, 712 salt.modules.hg, 618 salt.modules.openbsdservice, 713 salt.modules.hosts, 619 salt.modules.openstack_config, 715 salt.modules.htpasswd, 620 salt.modules.oracle, 716 salt.modules.img, 621 salt.modules.osxdesktop, 717 salt.modules.incron, 621 salt.modules.pacman, 718 salt.modules.influx, 622 salt.modules.pagerduty, 721 salt.modules.ini_manage, 626 salt.modules.pam, 721 salt.modules.introspect, 628 salt.modules.parted, 722 salt.modules.ipset, 628 salt.modules.pecl, 725 salt.modules.iptables, 630 salt.modules.pillar, 726 salt.modules.junos, 634 salt.modules.pip, 727 salt.modules.key, 634 salt.modules.pkg, 466</p><p>1466 Salt Module Index Salt Documentation, Release 2014.7.6 salt.modules.pkg_resource, 731 salt.modules.sqlite3, 821 salt.modules.pkgin, 732 salt.modules.ssh, 822 salt.modules.pkgng, 735 salt.modules.state, 824 salt.modules.pkgutil, 746 salt.modules.status, 827 salt.modules.portage_config, 748 salt.modules.supervisord, 830 salt.modules.postfix, 749 salt.modules.svn, 832 salt.modules.postgres, 750 salt.modules.swift, 835 salt.modules.poudriere, 754 salt.modules.sysbench, 836 salt.modules.powerpath, 756 salt.modules.sysmod, 837 salt.modules.ps, 756 salt.modules.system, 840 salt.modules.publish, 759 salt.modules.systemd, 840 salt.modules.puppet, 761 salt.modules.test, 843 salt.modules.pw_group, 762 salt.modules.timezone, 846 salt.modules.pw_user, 763 salt.modules.tls, 847 salt.modules.pyenv, 764 salt.modules.tomcat, 851 salt.modules.qemu_img, 766 salt.modules.twilio_notify, 855 salt.modules.qemu_nbd, 766 salt.modules.upstart, 855 salt.modules.quota, 767 salt.modules.useradd, 858 salt.modules.rabbitmq, 768 salt.modules.uwsgi, 859 salt.modules.raet_publish, 771 salt.modules.varnish, 860 salt.modules.rbenv, 772 salt.modules.virt, 861 salt.modules.rdp, 774 salt.modules.virtualenv_mod, 867 salt.modules.redismod, 774 salt.modules.win_autoruns, 868 salt.modules.reg, 778 salt.modules.win_disk, 868 salt.modules.rest_package, 779 salt.modules.win_dns_client, 869 salt.modules.rest_sample, 779 salt.modules.win_file, 869 salt.modules.rest_service, 779 salt.modules.win_firewall, 874 salt.modules.ret, 780 salt.modules.win_groupadd, 875 salt.modules.rh_ip, 780 salt.modules.win_ip, 875 salt.modules.rh_service, 782 salt.modules.win_network, 877 salt.modules.riak, 784 salt.modules.win_ntp, 879 salt.modules.rpm, 784 salt.modules.win_path, 879 salt.modules.rsync, 785 salt.modules.win_pkg, 880 salt.modules.rvm, 786 salt.modules.win_repo, 882 salt.modules.s3, 789 salt.modules.win_servermanager, 883 salt.modules.saltcloudmod, 790 salt.modules.win_service, 884 salt.modules.saltutil, 791 salt.modules.win_shadow, 886 salt.modules.schedule, 794 salt.modules.win_status, 886 salt.modules.seed, 796 salt.modules.win_system, 887 salt.modules.selinux, 797 salt.modules.win_timezone, 889 salt.modules.sensors, 798 salt.modules.win_update, 890 salt.modules.serverdensity_device, 798 salt.modules.win_useradd, 892 salt.modules.service, 799 salt.modules.xapi, 894 salt.modules.shadow, 800 salt.modules.xmpp, 898 salt.modules.smartos_imgadm, 802 salt.modules.yumpkg, 899 salt.modules.smartos_vmadm, 803 salt.modules.zcbuildout, 907 salt.modules.smf, 804 salt.modules.zfs, 909 salt.modules.smtp, 806 salt.modules.znc, 910 salt.modules.softwareupdate, 807 salt.modules.zpool, 910 salt.modules.solaris_group, 809 salt.modules.zypper, 911 salt.modules.solaris_shadow, 809 salt.modules.solaris_user, 810 n salt.modules.solarispkg, 812 salt.netapi.rest_cherrypy.app, 915 salt.modules.solr, 815 salt.netapi.rest_cherrypy.wsgi, 917</p><p>Salt Module Index 1467 Salt Documentation, Release 2014.7.6 salt.netapi.rest_tornado.saltnado, 932 salt.renderers.yamlex, 987 salt.netapi.rest_tornado.saltnado_websocketssalt.returners.carbon_return, , 989 933 salt.returners.cassandra_return, 990 salt.netapi.rest_wsgi, 939 salt.returners.couchbase_return, 991 salt.returners.couchdb_return, 991 o salt.returners.elasticsearch_return, 992 salt.output.grains, 941 salt.returners.etcd_return, 992 salt.output.highstate, 942 salt.returners.local, 993 salt.output.json_out, 943 salt.returners.local_cache, 994 salt.output.key, 943 salt.returners.memcache_return, 994 salt.output.nested, 943 salt.returners.mongo_future_return, 995 salt.output.newline_values_only, 944 salt.returners.mongo_return, 995 salt.output.no_out, 945 salt.returners.multi_returner, 996 salt.output.no_return, 945 salt.returners.mysql, 996 salt.output.overstatestage, 946 salt.returners.odbc, 998 salt.output.pprint_out, 946 salt.returners.postgres, 1000 salt.output.raw, 946 salt.returners.redis_return, 1001 salt.output.txt, 946 salt.returners.sentry_return, 1002 salt.output.virt_query, 947 salt.returners.smtp_return, 1002 salt.output.yaml_out, 947 salt.returners.sqlite3_return, 1003 salt.returners.syslog_return, 1004 p salt.roster.flat, 1005 salt.pillar.cmd_json, 949 salt.roster.scan, 1005 salt.pillar.cmd_yaml, 950 salt.runners.cache, 1006 salt.pillar.cmd_yamlex, 950 salt.runners.cloud, 1007 salt.pillar.cobbler, 950 salt.runners.doc, 1008 salt.pillar.django_orm, 950 salt.runners.error, 1008 salt.pillar.etcd_pillar, 952 salt.runners.fileserver, 1009 salt.pillar.foreman, 953 salt.runners.git_pillar, 1012 salt.pillar.git_pillar, 954 salt.runners.jobs, 1012 salt.pillar.hiera, 955 salt.runners.launchd, 1012 salt.pillar.libvirt, 955 salt.runners.lxc, 1013 salt.pillar.mongo, 955 salt.runners.manage, 1014 salt.pillar.mysql, 957 salt.runners.mine, 1016 salt.pillar.pillar_ldap, 960 salt.runners.network, 1016 salt.pillar.puppet, 960 salt.runners.pillar, 1017 salt.pillar.reclass_adapter, 960 salt.runners.queue, 1017 salt.pillar.redismod, 961 salt.runners.search, 1019 salt.pillar.s3, 961 salt.runners.state, 1019 salt.pillar.svn_pillar, 962 salt.runners.survey, 1022 salt.pillar.virtkey, 963 salt.runners.thin, 1023 salt.runners.virt, 1023 r salt.runners.winrepo, 1024 salt.renderers.gpg, 966 salt.renderers.jinja, 967 s salt.renderers.json, 971 salt.states.alias, 1076 salt.renderers.mako, 972 salt.states.alternatives, 1077 salt.renderers.msgpack, 972 salt.states.apache, 1078 salt.renderers.py, 972 salt.states.apache_module, 1079 salt.renderers.pydsl, 973 salt.states.apt, 1079 salt.renderers.pyobjects, 978 salt.states.archive, 1079 salt.renderers.stateconf, 981 salt.states.at, 1080 salt.renderers.wempy, 985 salt.states.augeas, 1081 salt.renderers.yaml, 986 salt.states.aws_sqs, 1083</p><p>1468 Salt Module Index Salt Documentation, Release 2014.7.6 salt.states.blockdev, 1084 salt.states.mongodb_user, 1175 salt.states.boto_asg, 1084 salt.states.mount, 1175 salt.states.boto_cloudwatch_alarm, 1087 salt.states.mysql_database, 1177 salt.states.boto_elasticache, 1089 salt.states.mysql_grants, 1177 salt.states.boto_elb, 1091 salt.states.mysql_query, 1179 salt.states.boto_iam_role, 1093 salt.states.mysql_user, 1179 salt.states.boto_lc, 1095 salt.states.network, 1181 salt.states.boto_route53, 1097 salt.states.nftables, 1184 salt.states.boto_secgroup, 1099 salt.states.npm, 1186 salt.states.boto_sqs, 1101 salt.states.ntp, 1188 salt.states.cloud, 1102 salt.states.openstack_config, 1188 salt.states.cmd, 1103 salt.states.pagerduty, 1189 salt.states.composer, 1110 salt.states.pecl, 1189 salt.states.cron, 1111 salt.states.pip_state, 1190 salt.states.ddns, 1114 salt.states.pkg, 1193 salt.states.debconfmod, 1115 salt.states.pkgng, 1198 salt.states.disk, 1116 salt.states.pkgrepo, 1198 salt.states.dockerio, 1117 salt.states.portage_config, 1201 salt.states.environ, 1121 salt.states.ports, 1201 salt.states.eselect, 1122 salt.states.postgres_database, 1202 salt.states.event, 1122 salt.states.postgres_extension, 1203 salt.states.file, 1123 salt.states.postgres_group, 1204 salt.states.gem, 1142 salt.states.postgres_user, 1206 salt.states.git, 1142 salt.states.powerpath, 1207 salt.states.glusterfs, 1145 salt.states.process, 1207 salt.states.gnomedesktop, 1146 salt.states.pyenv, 1208 salt.states.grains, 1147 salt.states.quota, 1209 salt.states.group, 1149 salt.states.rabbitmq_cluster, 1209 salt.states.hg, 1150 salt.states.rabbitmq_plugin, 1210 salt.states.host, 1150 salt.states.rabbitmq_policy, 1210 salt.states.htpasswd, 1151 salt.states.rabbitmq_user, 1211 salt.states.incron, 1151 salt.states.rabbitmq_vhost, 1212 salt.states.influxdb_database, 1153 salt.states.rbenv, 1212 salt.states.influxdb_user, 1153 salt.states.rdp, 1214 salt.states.ini_manage, 1154 salt.states.redismod, 1214 salt.states.ipset, 1155 salt.states.reg, 1215 salt.states.iptables, 1157 salt.states.rvm, 1215 salt.states.keyboard, 1161 salt.states.saltmod, 1217 salt.states.keystone, 1161 salt.states.schedule, 1220 salt.states.kmod, 1164 salt.states.selinux, 1221 salt.states.layman, 1164 salt.states.serverdensity_device, 1222 salt.states.libvirt, 1165 salt.states.service, 1223 salt.states.locale, 1165 salt.states.smtp, 1224 salt.states.lvm, 1165 salt.states.ssh_auth, 1225 salt.states.lvs_server, 1166 salt.states.ssh_known_hosts, 1226 salt.states.lvs_service, 1167 salt.states.stateconf, 1227 salt.states.lxc, 1168 salt.states.status, 1227 salt.states.makeconf, 1170 salt.states.supervisord, 1227 salt.states.mdadm, 1170 salt.states.svn, 1228 salt.states.memcached, 1171 salt.states.sysctl, 1229 salt.states.modjk, 1171 salt.states.test, 1230 salt.states.modjk_worker, 1172 salt.states.timezone, 1231 salt.states.module, 1173 salt.states.tomcat, 1232 salt.states.mongodb_database, 1174 salt.states.user, 1234</p><p>Salt Module Index 1469 Salt Documentation, Release 2014.7.6 salt.states.virtualenv_mod, 1236 salt.states.win_dns_client, 1236 salt.states.win_firewall, 1237 salt.states.win_network, 1237 salt.states.win_path, 1238 salt.states.win_servermanager, 1239 salt.states.win_system, 1239 salt.states.win_update, 1239 salt.states.winrepo, 1242 salt.states.xmpp, 1242 salt.states.zcbuildout, 1242 salt.states.zk_concurrency, 1244 t salt.tops.cobbler, 1250 salt.tops.ext_nodes, 1250 salt.tops.mongo, 1251 salt.tops.reclass_adapter, 1252 u salt.utils.aggregation, 459 salt.utils.serializers, 464 salt.utils.serializers.json, 464 salt.utils.serializers.msgpack, 465 salt.utils.serializers.yaml, 465 w salt.wheel.config, 1252 salt.wheel.error, 1253 salt.wheel.file_roots, 1253 salt.wheel.key, 1253 salt.wheel.pillar_roots, 1254</p><p>1470 Salt Module Index Index</p><p>Symbols salt-cloud command line option, 310 --args-separator=ARGS_SEPARATOR --list-sizes=LIST_SIZES salt command line option, 306 salt-cloud command line option, 310 --async --local salt command line option, 306 salt-call command line option, 303 --auto-create --log-ﬁle-level=LOG_LEVEL_LOGFILE salt-key command line option, 316 salt command line option, 306, 321 --ﬁle-root=FILE_ROOT salt-api command line option, 323 salt-call command line option, 304 salt-call command line option, 304 --force-color salt-cp command line option, 312 salt command line option, 308, 321 salt-key command line option, 314 salt-call command line option, 305 salt-master command line option, 317 salt-cloud command line option, 311 salt-minion command line option, 318 salt-key command line option, 314 salt-run command line option, 319 --gen-keys-dir=GEN_KEYS_DIR salt-syndic command line option, 322 salt-key command line option, 315 --log-ﬁle=LOG_FILE --gen-keys=GEN_KEYS salt command line option, 306, 321 salt-key command line option, 315 salt-api command line option, 323 --gen-signature salt-call command line option, 304 salt-key command line option, 315 salt-cp command line option, 312 --grain-pcre salt-key command line option, 314 salt command line option, 307, 320 salt-master command line option, 317 salt-cp command line option, 312 salt-minion command line option, 318 --hard-crash salt-run command line option, 319 salt-call command line option, 303 salt-syndic command line option, 322 salt-key command line option, 313 --master=MASTER salt-run command line option, 319 salt-call command line option, 303 --id=ID --max-procs salt-call command line option, 304 command line option, 320 --include-all --metadata salt-key command line option, 315 salt-call command line option, 304 --key-deploy --no-color command line option, 320 salt command line option, 308, 321 --keysize=KEYSIZE salt-call command line option, 305 salt-key command line option, 315 salt-cloud command line option, 311 --list-images=LIST_IMAGES salt-key command line option, 314 salt-cloud command line option, 310 --out --list-locations=LIST_LOCATIONS salt command line option, 307, 321 salt-cloud command line option, 310 salt-call command line option, 304 --list-providers salt-cloud command line option, 310 salt-key command line option, 314</p><p>1471 Salt Documentation, Release 2014.7.6</p><p>--out-ﬁle=OUTPUT_FILE, --output-ﬁle=OUTPUT_FILE salt-call command line option, 304 salt command line option, 308, 321 --state-output=STATE_OUTPUT salt-call command line option, 304 salt command line option, 306 salt-cloud command line option, 311 --subset=SUBSET salt-key command line option, 314 salt command line option, 306 --out-indent OUTPUT_INDENT, --output-indent OUT- --version PUT_INDENT salt command line option, 305, 320 salt command line option, 308, 321 salt-api command line option, 323 salt-call command line option, 304 salt-call command line option, 303 salt-cloud command line option, 310 salt-cloud command line option, 308 salt-key command line option, 314 salt-cp command line option, 312 --passwd salt-key command line option, 313 command line option, 320 salt-master command line option, 316 --pid-ﬁle PIDFILE salt-minion command line option, 317 salt-master command line option, 316 salt-run command line option, 318 salt-minion command line option, 317 salt-syndic command line option, 322 salt-syndic command line option, 322 --versions-report --pid-ﬁle=PIDFILE salt command line option, 305, 320 salt-api command line option, 323 salt-api command line option, 323 --pillar-root=PILLAR_ROOT salt-call command line option, 303 salt-call command line option, 304 salt-cloud command line option, 308 --priv salt-cp command line option, 312 command line option, 319 salt-key command line option, 313 --priv=PRIV salt-master command line option, 316 salt-key command line option, 315 salt-minion command line option, 317 --pub=PUB salt-run command line option, 318 salt-key command line option, 315 salt-syndic command line option, 322 --refresh, --refresh-cache -A, --accept-all command line option, 320 salt-key command line option, 315 --refresh-grains-cache -C, --compound salt-call command line option, 304 salt command line option, 307 --retcode-passthrough -D, --delete-all salt-call command line option, 304 salt-key command line option, 315 --return RETURNER -E, --pcre salt-call command line option, 303 salt command line option, 307, 320 --return=RETURNER salt-cp command line option, 312 salt command line option, 306 -F, --ﬁnger-all --roster salt-key command line option, 315 command line option, 319 -F, --full-query --roster-ﬁle salt-cloud command line option, 310 command line option, 320 -G, --grain --rotate-aes-key=ROTATE_AES_KEY salt command line option, 307, 320 salt-key command line option, 314 salt-cp command line option, 312 --script-args=SCRIPT_ARGS -H, --hard salt-cloud command line option, 309 salt-cloud command line option, 309 --set-password=<username> <provider> -I, --pillar salt-cloud command line option, 310 salt command line option, 307 --show-deploy-args -L LOCATION, --location=LOCATION salt-cloud command line option, 309 salt-cloud command line option, 309 --show-timeout -L, --list salt command line option, 306 salt command line option, 307, 320 --signature-path=SIGNATURE_PATH salt-cp command line option, 312 salt-key command line option, 315 -L, --list-all --skip-grains salt-key command line option, 315</provider></username></p><p>1472 Index Salt Documentation, Release 2014.7.6</p><p>-N, --nodegroup -f <func-name> <provider>, --function=<func- command="" line="" name="" option="" salt=""> <provider> salt-cp command line option, 313 salt-cloud command line option, 309 -P, --parallel -g, --grains salt-cloud command line option, 309 salt-call command line option, 303 -P, --print-all -h, --help salt-key command line option, 315 salt command line option, 305, 320 -Q, --query salt-api command line option, 323 salt-cloud command line option, 309, 310 salt-call command line option, 303 -R, --range salt-cloud command line option, 308 salt command line option, 307, 320 salt-cp command line option, 312 salt-cp command line option, 313 salt-key command line option, 313 -R, --reject-all salt-master command line option, 316 salt-key command line option, 315 salt-minion command line option, 317 -S, --ipcidr salt-run command line option, 318 salt command line option, 307 salt-syndic command line option, 322 -S, --select-query -i, --ignore-host-keys salt-cloud command line option, 310 command line option, 320 -T, --make-token -k, --keep-tmp salt command line option, 306 salt-cloud command line option, 309 -a ACCEPT, --accept=ACCEPT -l ARG, --list=ARG salt-key command line option, 315 salt-key command line option, 314 -a ACTION, --action=ACTION -l LOG_LEVEL, --log-level=LOG_LEVEL salt-cloud command line option, 309 salt command line option, 306, 321 -a EAUTH, --auth=EAUTH salt-api command line option, 323 salt command line option, 306 salt-call command line option, 304 -b BATCH, --batch-size=BATCH salt-cp command line option, 312 salt command line option, 306 salt-master command line option, 317 -c CONFIG_DIR, --conﬁg-dir=CONFIG_dir salt-minion command line option, 318 salt command line option, 305, 320 salt-run command line option, 319 salt-api command line option, 323 salt-syndic command line option, 322 salt-call command line option, 303 -m MAP, --map=MAP salt-cloud command line option, 309 salt-cloud command line option, 309 salt-cp command line option, 312 -m MODULE_DIRS, --module-dirs=MODULE_DIRS salt-key command line option, 313 salt-call command line option, 303 salt-master command line option, 316 -p PRINT, --print=PRINT salt-minion command line option, 317 salt-key command line option, 315 salt-run command line option, 318 -p PROFILE, --proﬁle=PROFILE salt-syndic command line option, 322 salt-cloud command line option, 309 -d DELETE, --delete=DELETE -q, --quiet salt-key command line option, 315 salt-key command line option, 313 -d, --daemon -r REJECT, --reject=REJECT salt-api command line option, 323 salt-key command line option, 315 salt-master command line option, 316 -r, --raw, --raw-shell salt-minion command line option, 317 command line option, 319 salt-syndic command line option, 322 -s, --static -d, --destroy salt command line option, 306 salt-cloud command line option, 309 -t TIMEOUT, --timeout=TIMEOUT -d, --doc, --documentation salt command line option, 305 salt command line option, 306 salt-cp command line option, 312 salt-call command line option, 303 salt-run command line option, 318 salt-run command line option, 319 -u USER, --user=USER -f FINGER, --ﬁnger=FINGER salt-key command line option, 313 salt-key command line option, 315 salt-master command line option, 316</provider></func-></provider></func-name></p><p>Index 1473 Salt Documentation, Release 2014.7.6</p><p> salt-minion command line option, 317 absent() (in module salt.states.memcached), 1171 salt-syndic command line option, 322 absent() (in module salt.states.mongodb_database), 1174 -u, --update-bootstrap absent() (in module salt.states.mongodb_user), 1175 salt-cloud command line option, 309 absent() (in module salt.states.mysql_database), 1177 -v VERBOSE, --verbose absent() (in module salt.states.mysql_grants), 1178 salt command line option, 306 absent() (in module salt.states.mysql_user), 1180 -y, --assume-yes absent() (in module salt.states.openstack_conﬁg), 1188 salt-cloud command line option, 309 absent() (in module salt.states.pkgrepo), 1199 -y, --yes absent() (in module salt.states.postgres_database), 1202 salt-key command line option, 313 absent() (in module salt.states.postgres_extension), 1203 __virtual__, 1463 absent() (in module salt.states.postgres_group), 1204 absent() (in module salt.states.postgres_user), 1206 A absent() (in module salt.states.process), 1207 A() (in module salt.modules.dig), 537 absent() (in module salt.states.pyenv), 1208 A() (in module salt.modules.dnsutil), 540 absent() (in module salt.states.rabbitmq_policy), 1210 a2dismod() (in module salt.modules.deb_apache), 532 absent() (in module salt.states.rabbitmq_user), 1211 a2dissite() (in module salt.modules.deb_apache), 532 absent() (in module salt.states.rabbitmq_vhost), 1212 a2enmod() (in module salt.modules.deb_apache), 532 absent() (in module salt.states.rbenv), 1213 a2ensite() (in module salt.modules.deb_apache), 532 absent() (in module salt.states.redismod), 1214 AAAA() (in module salt.modules.dig), 537 absent() (in module salt.states.reg), 1215 AAAA() (in module salt.modules.dnsutil), 540 absent() (in module salt.states.schedule), 1221 abort_import() (in module salt.modules.solr), 816 absent() (in module salt.states.ssh_auth), 1225 absent() (in module salt.states.alias), 1077 absent() (in module salt.states.ssh_known_hosts), 1226 absent() (in module salt.states.at), 1080 absent() (in module salt.states.user), 1234 absent() (in module salt.states.aws_sqs), 1083 absent() (in module salt.states.win_path), 1238 absent() (in module salt.states.boto_asg), 1086 accept() (in module salt.wheel.key), 1253 absent() (in module salt.states.boto_cloudwatch_alarm), acceptance_wait_time 1088 conf/minion, 433 absent() (in module salt.states.boto_elasticache), 1090 acceptance_wait_time_max absent() (in module salt.states.boto_elb), 1092 conf/minion, 433 absent() (in module salt.states.boto_iam_role), 1094 access() (in module salt.modules.ﬁle), 565 absent() (in module salt.states.boto_lc), 1096 accumulated() (in module salt.states.ﬁle), 1126 absent() (in module salt.states.boto_route53), 1098 action() (in module salt.modules.cloud), 514 absent() (in module salt.states.boto_secgroup), 1100 action() (in module salt.runners.cloud), 1007 absent() (in module salt.states.boto_sqs), 1101 action() (salt.cloud.CloudClient method), 332 absent() (in module salt.states.cloud), 1102 activate() (in module salt.states.modjk_worker), 1172 absent() (in module salt.states.cron), 1113 active() (in module salt.modules.mount), 685 absent() (in module salt.states.ddns), 1115 active() (in module salt.runners.jobs), 1012 absent() (in module salt.states.dockerio), 1118 active_tcp() (in module salt.modules.network), 697 absent() (in module salt.states.ﬁle), 1126 add() (in module salt.modules.bridge), 506 absent() (in module salt.states.grains), 1147 add() (in module salt.modules.git), 599 absent() (in module salt.states.group), 1149 add() (in module salt.modules.groupadd), 613 absent() (in module salt.states.host), 1151 add() (in module salt.modules.ipset), 628 absent() (in module salt.states.incron), 1152 add() (in module salt.modules.layman), 643 absent() (in module salt.states.inﬂuxdb_database), 1153 add() (in module salt.modules.mac_group), 660 absent() (in module salt.states.inﬂuxdb_user), 1153 add() (in module salt.modules.mac_user), 661 absent() (in module salt.states.ipset), 1156 add() (in module salt.modules.memcached), 676 absent() (in module salt.states.kmod), 1164 add() (in module salt.modules.pw_group), 762 absent() (in module salt.states.layman), 1164 add() (in module salt.modules.pw_user), 763 absent() (in module salt.states.lvs_server), 1166 add() (in module salt.modules.schedule), 794 absent() (in module salt.states.lvs_service), 1167 add() (in module salt.modules.solaris_group), 809 absent() (in module salt.states.lxc), 1168 add() (in module salt.modules.solaris_user), 810 absent() (in module salt.states.makecon), 1170 add() (in module salt.modules.supervisord), 830 absent() (in module salt.states.mdadm), 1170 add() (in module salt.modules.svn), 832</p><p>1474 Index Salt Documentation, Release 2014.7.6 add() (in module salt.modules.useradd), 858 append_var() (in module salt.modules.makecon), 666 add() (in module salt.modules.win_groupadd), 875 apply() (in module salt.wheel.conﬁg), 1252 add() (in module salt.modules.win_path), 880 apply_() (in module salt.modules.seed), 796 add() (in module salt.modules.win_useradd), 892 apply_network_seings() (in module add() (in module salt.modules.zpool), 910 salt.modules.debian_ip), 533 add_dns() (in module salt.modules.win_dns_client), 869 apply_network_seings() (in module add_host() (in module salt.modules.ddns), 531 salt.modules.rh_ip), 780 add_host() (in module salt.modules.hosts), 619 archive() (in module salt.modules.git), 599 add_host() (in module salt.modules.omapi), 711 archive() (in module salt.modules.hg), 618 add_license() (in module salt.modules.powerpath), 756 arg() (in module salt.modules.test), 843 add_pkg() (in module salt.modules.pkg_resource), 731 arg_repr() (in module salt.modules.test), 843 add_record() (in module salt.modules.boto_route53), 501 arg_type() (in module salt.modules.test), 843 add_rule() (in module salt.modules.win_ﬁrewall), 874 argspec() (in module salt.modules.sysmod), 837 add_rule() (in module salt.states.win_ﬁrewall), 1237 arp() (in module salt.modules.network), 697 add_server() (in module salt.modules.lvs), 650 as_list (salt.pillar.mysql.merger aribute), 959 add_service() (in module salt.modules.lvs), 650 assemble() (in module salt.modules.mdadm), 674 add_user() (in module salt.modules.rabbitmq), 768 assign() (in module salt.modules.darwin_sysctl), 529 add_vhost() (in module salt.modules.rabbitmq), 768 assign() (in module salt.modules.freebsd_sysctl), 584 addgroup() (in module salt.modules.win_useradd), 892 assign() (in module salt.modules.linux_sysctl), 646 addif() (in module salt.modules.bridge), 506 assign() (in module salt.modules.netbsd_sysctl), 695 address_() (in module salt.modules.bluez), 487 associate_proﬁle_to_role() (in module adduser() (in module salt.modules.groupadd), 613 salt.modules.boto_iam), 499 Aggregate (class in salt.utils.aggregation), 460 async() (salt.runner.RunnerClient method), 330 aggregate() (in module salt.utils.aggregation), 460 async() (salt.wheel.WheelClient method), 331 align_check() (in module salt.modules.parted), 722 at() (in module salt.modules.at), 483 all_status() (in module salt.modules.status), 827 atc() (in module salt.modules.at), 483 always_verify_signature atq() (in module salt.modules.at), 483 conf/minion, 439 atrm() (in module salt.modules.at), 484 appdata_ptr (salt.auth.pam.PamConv aribute), 298 aach_disk() (in module salt.cloud.clouds.gce), 347 append() (in module salt.modules.ﬁle), 565 aach_lb() (in module salt.cloud.clouds.gce), 347 append() (in module salt.modules.grains), 609 aach_subnets() (in module salt.modules.boto_elb), 496 append() (in module salt.modules.iptables), 630 aach_volume() (in module salt.cloud.clouds.ec2), 341 append() (in module salt.modules.nables), 700 aach_volume() (in module salt.cloud.clouds.nova), 361 append() (in module salt.states.ﬁle), 1127 aachable() (in module salt.modules.lxc), 652 append() (in module salt.states.grains), 1147 aributes() (in module salt.modules.extfs), 563 append() (in module salt.states.iptables), 1160 audit() (in module salt.modules.pkgng), 735 append() (in module salt.states.nables), 1185 auth() (in module salt.auth.auto), 297 append_cﬂags() (in module salt.modules.makecon), 665 auth() (in module salt.auth.keystone), 297 append_cxxﬂags() (in module salt.modules.makecon), auth() (in module salt.auth.ldap), 297 665 auth() (in module salt.auth.pam), 298 append_domain auth() (in module salt.auth.pki), 299 conf/minion, 431 auth() (in module salt.auth.stormpath_mod), 299 append_emerge_default_opts() (in module auth() (in module salt.modules.keystone), 636 salt.modules.makecon), 665 auth_keys() (in module salt.modules.ssh), 822 append_features() (in module salt.modules.makecon), authenticate() (in module salt.auth.pam), 298 665 AuthenticationError, 461, 462 append_gentoo_mirrors() (in module AuthorizationError, 461, 462 salt.modules.makecon), 666 authorize() (in module salt.modules.boto_secgroup), 502 append_makeopts() (in module salt.modules.makecon), authorize_cache_security_group_ingress() (in module 666 salt.modules.boto_elasticache), 493 append_to_package_conf() (in module auto() (in module salt.modules.alternatives), 472 salt.modules.portage_conﬁg), 748 auto() (in module salt.states.alternatives), 1077 append_use_ﬂags() (in module Auto-Order, 1461 salt.modules.portage_conﬁg), 748 auto_accept</p><p>Index 1475 Salt Documentation, Release 2014.7.6</p><p> conf/master, 407 avail_locations() (in module salt.cloud.clouds.linode), 357 autoload_dynamic_modules avail_locations() (in module salt.cloud.clouds.msazure), conf/minion, 437 359 autoreject_ﬁle avail_locations() (in module salt.cloud.clouds.nova), 361 conf/master, 407 avail_locations() (in module autoremove() (in module salt.modules.pkgng), 735 salt.cloud.clouds.opennebula), 363 AutoSearch() (salt.modules.win_update.PyWinUpdater avail_locations() (in module salt.cloud.clouds.openstack), method), 890 366 AutoSearch() (salt.states.win_update.PyWinUpdater avail_locations() (in module salt.cloud.clouds.proxmox), method), 1240 369 autosign_ﬁle avail_locations() (in module salt.cloud.clouds.rackspace), conf/master, 407 371 autosign_timeout avail_locations() (in module salt.cloud.clouds.solayer), conf/master, 407 372 avail() (in module salt.modules.localemod), 647 avail_locations() (in module avail() (in module salt.modules.smartos_imgadm), 802 salt.cloud.clouds.solayer_hw), 374 avail_images() (in module salt.cloud.clouds.aliyun), 334 avail_locations() (in module salt.cloud.clouds.vsphere), avail_images() (in module salt.cloud.clouds.cloudstack), 375 337 avail_platforms() (in module salt.modules.genesis), 595 avail_images() (in module avail_sizes() (in module salt.cloud.clouds.aliyun), 335 salt.cloud.clouds.digital_ocean), 339 avail_sizes() (in module salt.cloud.clouds.cloudstack), 337 avail_images() (in module salt.cloud.clouds.ec2), 341 avail_sizes() (in module salt.cloud.clouds.digital_ocean), avail_images() (in module salt.cloud.clouds.gce), 347 339 avail_images() (in module salt.cloud.clouds.gogrid), 351 avail_sizes() (in module salt.cloud.clouds.ec2), 341 avail_images() (in module salt.cloud.clouds.joyent), 352 avail_sizes() (in module salt.cloud.clouds.gce), 347 avail_images() (in module salt.cloud.clouds.linode), 357 avail_sizes() (in module salt.cloud.clouds.gogrid), 351 avail_images() (in module salt.cloud.clouds.lxc), 358 avail_sizes() (in module salt.cloud.clouds.joyent), 352 avail_images() (in module salt.cloud.clouds.msazure), 359 avail_sizes() (in module salt.cloud.clouds.linode), 357 avail_images() (in module salt.cloud.clouds.nova), 361 avail_sizes() (in module salt.cloud.clouds.msazure), 359 avail_images() (in module salt.cloud.clouds.opennebula), avail_sizes() (in module salt.cloud.clouds.nova), 362 363 avail_sizes() (in module salt.cloud.clouds.opennebula), avail_images() (in module salt.cloud.clouds.openstack), 363 366 avail_sizes() (in module salt.cloud.clouds.openstack), 366 avail_images() (in module salt.cloud.clouds.parallels), avail_sizes() (in module salt.cloud.clouds.rackspace), 371 367 avail_sizes() (in module salt.cloud.clouds.solayer), 372 avail_images() (in module salt.cloud.clouds.proxmox), avail_sizes() (in module salt.cloud.clouds.solayer_hw), 369 374 avail_images() (in module salt.cloud.clouds.rackspace), available() (in module salt.modules.daemontools), 528 371 available() (in module salt.modules.debian_service), 535 avail_images() (in module salt.cloud.clouds.solayer), available() (in module salt.modules.freebsdkmod), 586 372 available() (in module salt.modules.freebsdservice), 592 avail_images() (in module available() (in module salt.modules.gentoo_service), 596 salt.cloud.clouds.solayer_hw), 374 available() (in module salt.modules.kmod), 641 avail_images() (in module salt.cloud.clouds.vsphere), 375 available() (in module salt.modules.launchctl), 642 avail_locations() (in module salt.cloud.clouds.aliyun), available() (in module salt.modules.netbsdservice), 695 334 available() (in module salt.modules.openbsdservice), 713 avail_locations() (in module available() (in module salt.modules.rh_service), 782 salt.cloud.clouds.cloudstack), 337 available() (in module salt.modules.service), 799 avail_locations() (in module available() (in module salt.modules.sm), 804 salt.cloud.clouds.digital_ocean), 339 available() (in module salt.modules.systemd), 840 avail_locations() (in module salt.cloud.clouds.ec2), 341 available() (in module salt.modules.upstart), 856 avail_locations() (in module salt.cloud.clouds.gce), 347 available() (in module salt.modules.win_service), 884 avail_locations() (in module salt.cloud.clouds.joyent), available_extensions() (in module salt.modules.postgres), 352 750</p><p>1476 Index Salt Documentation, Release 2014.7.6 available_version() (in module salt.modules.macports), build_rule() (in module salt.modules.iptables), 630 662 build_rule() (in module salt.modules.nables), 701 available_version() (in module salt.modules.pkgin), 732 build_schedule_item() (in module salt.modules.schedule), 795 B buildmod() (in module salt.modules.znc), 910 backup() (in module salt.modules.pkgng), 736 buildout() (in module salt.modules.zcbuildout), 908 backup() (in module salt.modules.solr), 816 built() (in module salt.states.dockerio), 1118 backup_mode bulk_activate() (in module salt.modules.modjk), 679 conf/minion, 432 bulk_build() (in module salt.modules.poudriere), 754 backup_mode() (in module salt.modules.conﬁg), 522 bulk_disable() (in module salt.modules.modjk), 680 ban() (in module salt.modules.varnish), 860 bulk_recover() (in module salt.modules.modjk), 680 ban_list() (in module salt.modules.varnish), 860 bulk_stop() (in module salt.modules.modjk), 680 base64_decodestring() (in module salt.modules.hashutil), 617 C base64_encodestring() (in module salt.modules.hashutil), ca_exists() (in module salt.modules.tls), 847 617 cache_dir() (in module salt.modules.cp), 523 Best Practices, 1255 cache_ﬁle() (in module salt.modules.cp), 524 bgrewriteaof() (in module salt.modules.redismod), 775 cache_ﬁles() (in module salt.modules.cp), 524 bgsave() (in module salt.modules.redismod), 775 cache_jobs blkid() (in module salt.modules.disk), 538 conf/minion, 432 block() (in module salt.modules.bluez), 487 cache_local_ﬁle() (in module salt.modules.cp), 524 block_device_mappings() (in module cache_master() (in module salt.modules.cp), 524 salt.cloud.clouds.ec2), 341 cachedir block_device_mappings() (in module conf/master, 403 salt.cloud.clouds.libcloud_aws), 355 conf/minion, 432 blockreplace() (in module salt.modules.ﬁle), 566 call() (in module salt.states.cmd), 1105 blockreplace() (in module salt.states.ﬁle), 1129 Caller (class in salt.client), 329 blocks() (in module salt.modules.extfs), 563 cas() (in module salt.modules.data), 530 boolean() (in module salt.states.selinux), 1221 cert_base_path() (in module salt.modules.tls), 847 boot() (in module salt.cloud.clouds.linode), 357 cﬂags_contains() (in module salt.modules.makecon), 666 boot() (in module salt.modules.nova), 706 chain_absent() (in module salt.states.iptables), 1160 boot_time() (in module salt.modules.ps), 756 chain_absent() (in module salt.states.nables), 1185 Bootstrap, 1461 chain_present() (in module salt.states.iptables), 1160 bootstrap() (in module salt.modules.chocolatey), 511 chain_present() (in module salt.states.nables), 1186 bootstrap() (in module salt.modules.genesis), 595 change() (in module salt.states.augeas), 1081 bootstrap() (in module salt.modules.img), 621 change_password() (in module salt.modules.rabbitmq), bootstrap() (in module salt.modules.lxc), 652 768 bootstrap() (in module salt.modules.zcbuildout), 908 check() (in module salt.modules.ipset), 628 bootstrap() (in module salt.runners.manage), 1014 check() (in module salt.modules.iptables), 631 bootstrap() (in module salt.states.npm), 1186 check() (in module salt.modules.nables), 701 bootstrap_psexec() (in module salt.runners.manage), check() (in module salt.modules.parted), 722 1015 check() (in module salt.modules.pkgng), 736 branch() (in module salt.modules.git), 600 check_available() (in module salt.modules.freebsdkmod), build() (in module salt.modules.dockerio), 544 586 build_bond() (in module salt.modules.debian_ip), 534 check_available() (in module salt.modules.kmod), 641 build_bond() (in module salt.modules.rh_ip), 781 check_chain() (in module salt.modules.iptables), 631 build_interface() (in module salt.modules.debian_ip), 534 check_chain() (in module salt.modules.nables), 701 build_interface() (in module salt.modules.rh_ip), 781 check_db() (in module salt.modules.ebuild), 553 build_network_seings() (in module check_db() (in module salt.modules.yumpkg), 899 salt.modules.debian_ip), 534 check_extra_requirements() (in module build_network_seings() (in module salt.modules.rh_ip), salt.modules.ebuild), 554 781 check_extra_requirements() (in module build_routes() (in module salt.modules.debian_ip), 534 salt.modules.pkg_resource), 731 build_routes() (in module salt.modules.rh_ip), 781 check_ﬁle_meta() (in module salt.modules.ﬁle), 566</p><p>Index 1477 Salt Documentation, Release 2014.7.6 check_hash() (in module salt.modules.ﬁle), 566 chown() (in module salt.modules.ﬁle), 567 check_installed() (in module salt.modules.alternatives), chown() (in module salt.modules.win_ﬁle), 870 472 chpgrp() (in module salt.modules.win_ﬁle), 870 check_ip() (in module salt.modules.dig), 538 chproﬁle() (in module salt.modules.win_useradd), 893 check_ip() (in module salt.modules.dnsutil), 541 chroomnumber() (in module salt.modules.pw_user), 763 check_key() (in module salt.modules.ssh), 822 chroomnumber() (in module salt.modules.solaris_user), check_key_ﬁle() (in module salt.modules.ssh), 822 811 check_known_host() (in module salt.modules.ssh), 822 chroomnumber() (in module salt.modules.useradd), 858 check_managed() (in module salt.modules.ﬁle), 567 chshell() (in module salt.modules.mac_user), 661 check_managed_changes() (in module salt.modules.ﬁle), chshell() (in module salt.modules.pw_user), 763 567 chshell() (in module salt.modules.solaris_user), 811 check_mod_enabled() (in module chshell() (in module salt.modules.useradd), 858 salt.modules.deb_apache), 532 chuid() (in module salt.modules.mac_user), 661 check_perms() (in module salt.modules.ﬁle), 567 chuid() (in module salt.modules.pw_user), 764 check_server() (in module salt.modules.lvs), 650 chuid() (in module salt.modules.solaris_user), 811 check_service() (in module salt.modules.lvs), 650 chuid() (in module salt.modules.useradd), 859 check_set() (in module salt.modules.ipset), 628 chworkphone() (in module salt.modules.pw_user), 764 check_site_enabled() (in module chworkphone() (in module salt.modules.solaris_user), salt.modules.deb_apache), 532 811 check_table() (in module salt.modules.nables), 702 chworkphone() (in module salt.modules.useradd), 859 checkout() (in module salt.modules.git), 600 clean() (in module salt.modules.pkgng), 737 checkout() (in module salt.modules.svn), 832 clean_dynamic_modules chfullname() (in module salt.modules.mac_user), 661 conf/minion, 437 chfullname() (in module salt.modules.pw_user), 763 clean_metadata() (in module salt.modules.yumpkg), 899 chfullname() (in module salt.modules.solaris_user), 810 clean_old_jobs() (in module salt.returners.local_cache), chfullname() (in module salt.modules.useradd), 858 994 chfullname() (in module salt.modules.win_useradd), 893 clean_old_jobs() (in module chgid() (in module salt.modules.groupadd), 613 salt.returners.multi_returner), 996 chgid() (in module salt.modules.mac_group), 660 clear() (in module salt.modules.data), 530 chgid() (in module salt.modules.mac_user), 661 clear() (in module salt.modules.lvs), 651 chgid() (in module salt.modules.pw_group), 762 clear() (in module salt.modules.qemu_nbd), 766 chgid() (in module salt.modules.pw_user), 763 clear_all() (in module salt.runners.cache), 1006 chgid() (in module salt.modules.solaris_group), 809 clear_cache() (in module salt.ﬁleserver.gitfs), 453 chgid() (in module salt.modules.solaris_user), 810 clear_cache() (in module salt.ﬁleserver.hgfs), 454 chgid() (in module salt.modules.useradd), 858 clear_cache() (in module salt.ﬁleserver.svnfs), 458 chgroups() (in module salt.modules.mac_user), 661 clear_cache() (in module salt.modules.saltutil), 791 chgroups() (in module salt.modules.pw_user), 763 clear_cache() (in module salt.modules.state), 824 chgroups() (in module salt.modules.solaris_user), 811 clear_cache() (in module salt.runners.ﬁleserver), 1009 chgroups() (in module salt.modules.useradd), 858 clear_grains() (in module salt.runners.cache), 1006 chgroups() (in module salt.modules.win_useradd), 893 clear_lock() (in module salt.ﬁleserver.gitfs), 453 chgrp() (in module salt.modules.ﬁle), 567 clear_lock() (in module salt.ﬁleserver.hgfs), 454 chgrp() (in module salt.modules.win_ﬁle), 869 clear_lock() (in module salt.ﬁleserver.svnfs), 458 chhome() (in module salt.modules.mac_user), 661 clear_lock() (in module salt.runners.ﬁleserver), 1009 chhome() (in module salt.modules.pw_user), 763 clear_mine() (in module salt.runners.cache), 1006 chhome() (in module salt.modules.solaris_user), 811 clear_mine_func() (in module salt.runners.cache), 1007 chhome() (in module salt.modules.useradd), 858 clear_password() (in module salt.modules.rabbitmq), 768 chhome() (in module salt.modules.win_useradd), 893 clear_pillar() (in module salt.runners.cache), 1007 chhomephone() (in module salt.modules.pw_user), 763 client() (in module salt.modules.che), 510 chhomephone() (in module salt.modules.solaris_user), client_acl 811 conf/master, 407 chhomephone() (in module salt.modules.useradd), 858 client_acl_blacklist chocolatey_version() (in module conf/master, 407 salt.modules.chocolatey), 511 client_conﬁg() (in module salt.conﬁg), 325 chost_contains() (in module salt.modules.makecon), 666 client_version() (in module salt.modules.oracle), 716</p><p>1478 Index Salt Documentation, Release 2014.7.6 clone() (in module salt.modules.git), 600 compactionstats() (in module salt.modules.cassandra), clone() (in module salt.modules.hg), 618 509 clone() (in module salt.modules.lxc), 653 Compound Matcher, 1461 cloned() (in module salt.states.lxc), 1168 compound() (in module salt.modules.match), 672 cloud_init() (in module salt.modules.lxc), 653 computer_desc() (in module salt.states.win_system), cloud_init() (in module salt.runners.lxc), 1013 1239 cloud_init_interface() (in module salt.modules.lxc), 653 computer_name() (in module salt.states.win_system), CloudClient (class in salt.cloud), 332 1239 cluster_commit() (in module salt.modules.riak), 784 conf() (in module salt.modules.grub_legacy), 614 cluster_join() (in module salt.modules.riak), 784 conf/logging cluster_plan() (in module salt.modules.riak), 784 external-logging-handlers, 444 cluster_status() (in module salt.modules.rabbitmq), 768 log_datefmt, 443 cmd() (in module salt.modules.saltutil), 791 log_datefmt_logﬁle, 444 cmd() (salt.client.LocalClient method), 326 log_ﬁle, 443 cmd() (salt.runner.RunnerClient method), 330 log_fmt_console, 444 cmd() (salt.wheel.WheelClient method), 331 log_fmt_logﬁle, 444 cmd_async() (salt.client.LocalClient method), 328 log_granular_levels, 444 cmd_async() (salt.runner.RunnerClient method), 331 log_level, 443 cmd_async() (salt.wheel.WheelClient method), 331 log_level_logﬁle, 443 cmd_batch() (salt.client.LocalClient method), 328 conf/master cmd_iter() (in module salt.modules.saltutil), 791 auto_accept, 407 cmd_iter() (salt.client.LocalClient method), 328 autoreject_ﬁle, 407 cmd_iter_no_block() (salt.client.LocalClient method), autosign_ﬁle, 407 328 autosign_timeout, 407 cmd_subset() (salt.client.LocalClient method), 329 cachedir, 403 cmd_sync() (salt.runner.RunnerClient method), 331 client_acl, 407 cmd_sync() (salt.wheel.WheelClient method), 332 client_acl_blacklist, 407 collatz() (in module salt.modules.test), 843 color, 404 collectstatic() (in module salt.modules.djangomod), 539 cython_enable, 409 color default_include, 428 conf/master, 404 enable_gpu_grains, 404 column_families() (in module salt.modules.cassandra), enforce_mine_cache, 405 508 ext_job_cache, 405 column_family_deﬁnition() (in module ext_pillar, 422 salt.modules.cassandra), 509 extension_modules, 403 command line option external_auth, 408 --key-deploy, 320 external_nodes, 410 --max-procs, 320 failhard, 410 --passwd, 320 ﬁle_buﬀer_size, 412 --priv, 319 ﬁle_ignore_glob, 412 --refresh, --refresh-cache, 320 ﬁle_ignore_regex, 412 --roster, 319 ﬁle_recv, 408 --roster-ﬁle, 320 ﬁle_roots, 412 -i, --ignore-host-keys, 320 ﬁleserver_backend, 411 -r, --raw, --raw-shell, 319 gitfs_base, 414 command() (in module salt.modules.djangomod), 539 gitfs_env_blacklist, 414 CommandExecutionError, 461, 463 gitfs_env_whitelist, 414 CommandNotFoundError, 461, 463 gitfs_insecure_auth, 415 comment() (in module salt.modules.ﬁle), 567 gitfs_mountpoint, 414 comment() (in module salt.states.ﬁle), 1130 gitfs_passphrase, 416 commit() (in module salt.modules.dockerio), 545 gitfs_password, 415 commit() (in module salt.modules.git), 600 gitfs_privkey, 415 commit() (in module salt.modules.junos), 634 gitfs_provider, 413 commit() (in module salt.modules.svn), 832 gitfs_pubkey, 415</p><p>Index 1479 Salt Documentation, Release 2014.7.6</p><p> gitfs_remotes, 413 ret_port, 402 gitfs_root, 414 root_dir, 403 gitfs_ssl_verify, 413 roster_ﬁle, 406 gitfs_user, 415 rotate_aes_key, 409 hash_type, 411 runner_dirs, 409 hgfs_base, 417 sock_dir, 404 hgfs_branch_method, 416 ssh_minion_opts, 406 hgfs_env_blacklist, 418 state_output, 411 hgfs_env_whitelist, 417 state_top, 410 hgfs_mountpoint, 417 state_verbose, 410 hgfs_remotes, 416 svnfs_branches, 420 hgfs_root, 417 svnfs_env_blacklist, 420 include, 428 svnfs_env_whitelist, 420 interface, 401 svnfs_mountpoint, 419 ipv6, 401 svnfs_remotes, 418 job_cache, 404 svnfs_root, 419 keep_jobs, 403 svnfs_tags, 420 log_datefmt, 427 svnfs_trunk, 419 log_datefmt_logﬁle, 427 syndic_log_ﬁle, 425 log_ﬁle, 426 syndic_master, 424 log_fmt_console, 427 syndic_master_log_ﬁle, 425 log_fmt_logﬁle, 427 syndic_master_port, 425 log_granular_levels, 427 test, 411 log_level, 426 timeout, 404 log_level_logﬁle, 426 token_expire, 408 loop_interval, 404 user, 402 master_id, 401 verify_env, 403 master_job_cache, 405 win_gitrepos, 429 master_pubkey_signature, 409 win_repo, 428 master_sign_key_name, 408 win_repo_mastercacheﬁle, 428 master_sign_pubkey, 408 worker_threads, 402 master_tops, 410 yaml_utf8, 411 master_use_pubkey_signature, 409 conf/minion max_minions, 405 acceptance_wait_time, 433 max_open_ﬁles, 402 acceptance_wait_time_max, 433 minion_data_cache, 405 always_verify_signature, 439 minionfs_blacklist, 422 append_domain, 431 minionfs_env, 421 autoload_dynamic_modules, 437 minionfs_mountpoint, 421 backup_mode, 432 minionfs_whitelist, 421 cache_jobs, 432 nodegroups, 427 cachedir, 432 open_mode, 406 clean_dynamic_modules, 437 order_masters, 424 cython_enable, 436 output, 404 disable_modules, 435 peer, 425 disable_returners, 435 peer_run, 426 dns_check, 434 pidﬁle, 402 environment, 437 pillar_roots, 422 failhard, 441 pillar_source_merging_strategy, 423 ﬁle_client, 437 pki_dir, 403 ﬁle_roots, 437 presence_events, 406 grains_dirs, 435 publish_port, 401 hash_type, 438 range_server, 428 id, 431 renderer, 410 include, 441</p><p>1480 Index Salt Documentation, Release 2014.7.6</p><p> ipc_mode, 434 contains() (in module salt.modules.ﬁle), 568 log_datefmt, 440 contains_glob() (in module salt.modules.ﬁle), 568 log_datefmt_logﬁle, 440 contains_regex() (in module salt.modules.ﬁle), 568 log_ﬁle, 439 contains_regex_multiline() (in module salt.modules.ﬁle), log_fmt_console, 440 568 log_fmt_logﬁle, 440 context() (in module salt.states.statecon), 1227 log_granular_levels, 441 conv (salt.auth.pam.PamConv aribute), 298 log_level, 440 convert_to_arn() (in module log_level_logﬁle, 440 salt.modules.boto_cloudwatch), 492 master, 429 convert_to_group_ids() (in module master_port, 430 salt.modules.boto_secgroup), 502 master_sign_key_name, 439 copy() (in module salt.modules.ﬁle), 568 master_type, 430 copy() (in module salt.states.ﬁle), 1130 module_dirs, 435 copy_snapshot() (in module salt.cloud.clouds.ec2), 341 multiprocessing, 439 core_status() (in module salt.modules.solr), 816 open_mode, 438 cp() (in module salt.modules.lxc), 654 pidﬁle, 431 cp() (in module salt.modules.parted), 722 pillar_roots, 438 cpu() (in module salt.modules.sysbench), 836 pki_dir, 431 cpu_percent() (in module salt.modules.ps), 756 providers, 436 cpu_times() (in module salt.modules.ps), 757 random_reauth_delay, 433 cpuinfo() (in module salt.modules.status), 827 recon_default, 433 cpustats() (in module salt.modules.status), 827 recon_max, 433 create() (in module salt.cloud.clouds.aliyun), 335 recon_randomize, 434 create() (in module salt.cloud.clouds.cloudstack), 337 render_dirs, 436 create() (in module salt.cloud.clouds.digital_ocean), 339 renderer, 436 create() (in module salt.cloud.clouds.ec2), 341 retry_dns, 430 create() (in module salt.cloud.clouds.gce), 347 returner_dirs, 435 create() (in module salt.cloud.clouds.gogrid), 351 root_dir, 431 create() (in module salt.cloud.clouds.joyent), 352 sock_dir, 432 create() (in module salt.cloud.clouds.libcloud_aws), 355 state_output, 437 create() (in module salt.cloud.clouds.linode), 357 state_verbose, 436 create() (in module salt.cloud.clouds.lxc), 358 states_dirs, 435 create() (in module salt.cloud.clouds.msazure), 359 tcp_pub_port, 434 create() (in module salt.cloud.clouds.nova), 362 tcp_pull_port, 434 create() (in module salt.cloud.clouds.opennebula), 364 update_restart_services, 442 create() (in module salt.cloud.clouds.openstack), 366 update_url, 442 create() (in module salt.cloud.clouds.parallels), 367 user, 431 create() (in module salt.cloud.clouds.proxmox), 369 verify_env, 432 create() (in module salt.cloud.clouds.rackspace), 371 verify_master_pubkey_sign, 439 create() (in module salt.cloud.clouds.saltify), 372 conf_test() (in module salt.modules.test), 843 create() (in module salt.cloud.clouds.solayer), 372 conﬁg() (in module salt.modules.apache), 473 create() (in module salt.cloud.clouds.solayer_hw), 374 conﬁg() (in module salt.modules.freebsdports), 590 create() (in module salt.cloud.clouds.vsphere), 375 conﬁg() (in module salt.modules.rsync), 785 create() (in module salt.modules.boto_asg), 489 conﬁg() (in module salt.states.git), 1143 create() (in module salt.modules.boto_elasticache), 494 conﬁg_get() (in module salt.modules.git), 601 create() (in module salt.modules.boto_elb), 496 conﬁg_get() (in module salt.modules.redismod), 775 create() (in module salt.modules.boto_secgroup), 502 conﬁg_set() (in module salt.modules.git), 601 create() (in module salt.modules.boto_sqs), 504 conﬁg_set() (in module salt.modules.redismod), 775 create() (in module salt.modules.cloud), 514 conﬁgﬁle() (in module salt.states.apache), 1078 create() (in module salt.modules.glusterfs), 606 conﬁgtest() (in module salt.modules.nginx), 705 create() (in module salt.modules.lxc), 655 conﬁgurable_test_state() (in module salt.states.test), 1230 create() (in module salt.modules.mdadm), 674 connect() (in module salt.modules.network), 697 create() (in module salt.modules.saltcloudmod), 790 connect() (in module salt.modules.qemu_nbd), 766</p><p>Index 1481 Salt Documentation, Release 2014.7.6 create() (in module salt.modules.serverdensity_device), create_role() (in module salt.modules.boto_iam), 499 798 create_role_policy() (in module salt.modules.boto_iam), create() (in module salt.modules.virt), 861 499 create() (in module salt.modules.virtualenv_mod), 867 create_self_signed_cert() (in module salt.modules.tls), create() (in module salt.modules.xapi), 894 850 create() (in module salt.modules.zpool), 910 create_snapshot() (in module salt.cloud.clouds.ec2), 341 create() (in module salt.runners.cloud), 1007 create_snapshot() (in module salt.cloud.clouds.gce), 348 create() (salt.cloud.CloudClient method), 332 create_swap_disk() (in module salt.cloud.clouds.linode), create_aach_volumes() (in module 357 salt.cloud.clouds.ec2), 341 create_volume() (in module salt.cloud.clouds.ec2), 341 create_aach_volumes() (in module create_volume() (in module salt.cloud.clouds.nova), 362 salt.cloud.clouds.libcloud_aws), 355 create_win_salt_restart_task() (in module create_aach_volumes() (in module salt.modules.win_service), 884 salt.cloud.clouds.nova), 362 create_xml_path() (in module salt.modules.virt), 861 create_ca() (in module salt.modules.tls), 847 create_xml_str() (in module salt.modules.virt), 861 create_ca_signed_cert() (in module salt.modules.tls), 848 created() (in module salt.states.glusterfs), 1145 create_cache_security_group() (in module created() (in module salt.states.lxc), 1168 salt.modules.boto_elasticache), 494 createsuperuser() (in module salt.modules.djangomod), create_conﬁg() (in module salt.cloud.clouds.linode), 357 539 create_container() (in module salt.modules.dockerio), cross_test() (in module salt.modules.test), 843 545 ctrl_alt_del() (in module salt.modules.virt), 861 create_csr() (in module salt.modules.tls), 849 current_branch() (in module salt.modules.git), 601 create_disk() (in module salt.cloud.clouds.gce), 347 custom() (in module salt.modules.status), 827 create_disk_from_distro() (in module custom() (in module salt.modules.supervisord), 830 salt.cloud.clouds.linode), 357 cxxﬂags_contains() (in module salt.modules.makecon), create_event() (in module salt.modules.pagerduty), 721 666 create_event() (in module salt.states.pagerduty), 1189 cython_enable create_extension() (in module salt.modules.postgres), 750 conf/master, 409 create_ﬁle_vdev() (in module salt.modules.zpool), 910 conf/minion, 436 create_fwrule() (in module salt.cloud.clouds.gce), 348 create_hc() (in module salt.cloud.clouds.gce), 348 D create_instance_proﬁle() (in module data() (in module salt.modules.match), 672 salt.modules.boto_iam), 499 db_alter() (in module salt.modules.postgres), 751 create_jail() (in module salt.modules.poudriere), 754 db_check() (in module salt.modules.mysql), 687 create_key() (in module salt.modules.reg), 778 db_create() (in module salt.modules.inﬂux), 623 create_keypair() (in module salt.cloud.clouds.ec2), 341 db_create() (in module salt.modules.mysql), 687 create_launch_conﬁguration() (in module db_create() (in module salt.modules.postgres), 751 salt.modules.boto_asg), 490 db_exists() (in module salt.modules.inﬂux), 623 create_lb() (in module salt.cloud.clouds.gce), 348 db_exists() (in module salt.modules.mongodb), 682 create_listeners() (in module salt.modules.boto_elb), 496 db_exists() (in module salt.modules.mysql), 687 create_metadata() (in module salt.modules.postgres), 751 db_exists() (in module salt.modules.postgres), 751 create_network() (in module salt.cloud.clouds.gce), 348 db_list() (in module salt.modules.inﬂux), 623 create_node() (in module salt.cloud.clouds.aliyun), 335 db_list() (in module salt.modules.mongodb), 682 create_node() (in module db_list() (in module salt.modules.mysql), 687 salt.cloud.clouds.digital_ocean), 339 db_list() (in module salt.modules.postgres), 751 create_node() (in module salt.cloud.clouds.joyent), 352 db_optimize() (in module salt.modules.mysql), 688 create_node() (in module salt.cloud.clouds.parallels), 367 db_remove() (in module salt.modules.inﬂux), 623 create_node() (in module salt.cloud.clouds.proxmox), 369 db_remove() (in module salt.modules.mongodb), 683 create_or_update_alarm() (in module db_remove() (in module salt.modules.mysql), 688 salt.modules.boto_cloudwatch), 492 db_remove() (in module salt.modules.postgres), 751 create_pkcs12() (in module salt.modules.tls), 849 db_repair() (in module salt.modules.mysql), 688 create_ports_tree() (in module salt.modules.poudriere), db_tables() (in module salt.modules.mysql), 688 755 dbsize() (in module salt.modules.redismod), 775 create_queue() (in module salt.modules.aws_sqs), 485 dead() (in module salt.states.service), 1223</p><p>1482 Index Salt Documentation, Release 2014.7.6 dead() (in module salt.states.supervisord), 1227 delete() (in module salt.modules.solaris_group), 809 decrement() (in module salt.modules.memcached), 676 delete() (in module salt.modules.solaris_user), 811 decrypt_ciphertext() (in module salt.renderers.gpg), 967 delete() (in module salt.modules.swi), 836 decrypt_object() (in module salt.renderers.gpg), 967 delete() (in module salt.modules.useradd), 859 default() (in module salt.modules.pyenv), 764 delete() (in module salt.modules.win_groupadd), 875 default() (in module salt.modules.rbenv), 772 delete() (in module salt.modules.win_useradd), 893 default_conﬁg() (in module salt.modules.linux_sysctl), delete() (in module salt.runners.queue), 1018 647 delete() (in module salt.states.iptables), 1160 default_hash() (in module salt.modules.bsd_shadow), 508 delete() (in module salt.states.nables), 1186 default_hash() (in module salt.modules.shadow), 800 delete() (in module salt.wheel.key), 1253 default_hash() (in module salt.modules.solaris_shadow), delete_alarm() (in module 809 salt.modules.boto_cloudwatch), 492 default_include delete_backup() (in module salt.modules.ﬁle), 569 conf/master, 428 delete_cache_security_group() (in module deﬁne_vol_xml_path() (in module salt.modules.virt), 861 salt.modules.boto_elasticache), 494 deﬁne_vol_xml_str() (in module salt.modules.virt), 861 delete_chain() (in module salt.modules.iptables), 632 deﬁne_xml_path() (in module salt.modules.virt), 861 delete_chain() (in module salt.modules.nables), 702 deﬁne_xml_str() (in module salt.modules.virt), 861 delete_disk() (in module salt.cloud.clouds.gce), 348 deinstall() (in module salt.modules.freebsdports), 590 delete_fwrule() (in module salt.cloud.clouds.gce), 348 del_export() (in module salt.modules.nfs3), 700 delete_hc() (in module salt.cloud.clouds.gce), 348 del_password() (in module salt.modules.shadow), 800 delete_host() (in module salt.modules.ddns), 531 del_repo() (in module salt.modules.aptpkg), 474 delete_host() (in module salt.modules.omapi), 712 del_repo() (in module salt.modules.yumpkg), 899 delete_instance_proﬁle() (in module del_repo() (in module salt.modules.zypper), 911 salt.modules.boto_iam), 499 del_tags() (in module salt.cloud.clouds.ec2), 341 delete_jail() (in module salt.modules.poudriere), 755 del_tags() (in module salt.cloud.clouds.libcloud_aws), delete_key() (in module salt.cloud.clouds.joyent), 352 355 delete_key() (in module salt.modules.reg), 778 delete() (in module salt.modules.boto_asg), 490 delete_keypair() (in module salt.cloud.clouds.ec2), 341 delete() (in module salt.modules.boto_elasticache), 494 delete_launch_conﬁguration() (in module delete() (in module salt.modules.boto_elb), 496 salt.modules.boto_asg), 490 delete() (in module salt.modules.boto_secgroup), 502 delete_lb() (in module salt.cloud.clouds.gce), 348 delete() (in module salt.modules.boto_sqs), 504 delete_listeners() (in module salt.modules.boto_elb), 496 delete() (in module salt.modules.bridge), 507 delete_message() (in module salt.modules.aws_sqs), 486 delete() (in module salt.modules.ddns), 531 delete_network() (in module salt.cloud.clouds.gce), 349 delete() (in module salt.modules.glusterfs), 607 delete_policy() (in module salt.modules.rabbitmq), 768 delete() (in module salt.modules.groupadd), 613 delete_queue() (in module salt.modules.aws_sqs), 486 delete() (in module salt.modules.ipset), 628 delete_record() (in module salt.modules.boto_route53), delete() (in module salt.modules.iptables), 631 501 delete() (in module salt.modules.layman), 643 delete_role() (in module salt.modules.boto_iam), 499 delete() (in module salt.modules.mac_group), 660 delete_role_policy() (in module salt.modules.boto_iam), delete() (in module salt.modules.mac_user), 662 499 delete() (in module salt.modules.memcached), 676 delete_server() (in module salt.modules.lvs), 651 delete() (in module salt.modules.mine), 677 delete_service() (in module salt.modules.lvs), 651 delete() (in module salt.modules.nables), 702 delete_set() (in module salt.modules.ipset), 629 delete() (in module salt.modules.nova), 706 delete_snapshot() (in module salt.cloud.clouds.ec2), 341 delete() (in module salt.modules.openstack_conﬁg), 715 delete_snapshot() (in module salt.cloud.clouds.gce), 349 delete() (in module salt.modules.pw_group), 762 delete_table() (in module salt.modules.nables), 702 delete() (in module salt.modules.pw_user), 764 delete_user() (in module salt.modules.rabbitmq), 768 delete() (in module salt.modules.redismod), 775 delete_vhost() (in module salt.modules.rabbitmq), 769 delete() (in module salt.modules.s3), 789 delete_volume() (in module salt.cloud.clouds.ec2), 342 delete() (in module salt.modules.schedule), 795 delfacl() (in module salt.modules.linux_acl), 644 delete() (in module salt.modules.serverdensity_device), delif() (in module salt.modules.bridge), 507 798 delta_import() (in module salt.modules.solr), 817 delete() (in module salt.modules.smartos_imgadm), 802 deluser() (in module salt.modules.groupadd), 613</p><p>Index 1483 Salt Documentation, Release 2014.7.6 delval() (in module salt.modules.grains), 610 detail() (in module salt.modules.mdadm), 675 delvol_on_destroy() (in module salt.cloud.clouds.ec2), dfs() (in module salt.modules.hadoop), 615 342 dfs_absent() (in module salt.modules.hadoop), 615 depclean() (in module salt.modules.ebuild), 554 dfs_present() (in module salt.modules.hadoop), 615 deploy_war() (in module salt.modules.tomcat), 852 did_composer_install() (in module depth (salt.pillar.mysql.merger aribute), 959 salt.modules.composer), 520 deregister_instances() (in module salt.modules.boto_elb), diﬀ() (in module salt.modules.dockerio), 546 496 diﬀ() (in module salt.modules.junos), 634 describe() (in module salt.modules.git), 601 diﬀ() (in module salt.modules.svn), 833 describe() (in module salt.modules.hg), 618 diﬀ() (in module salt.runners.survey), 1022 describe_snapshots() (in module salt.cloud.clouds.ec2), dig() (in module salt.modules.network), 698 342 dig() (in module salt.modules.win_network), 877 describe_volumes() (in module salt.cloud.clouds.ec2), 342 dir_list() (in module salt.ﬁleserver.gitfs), 453 deserialize() (in module salt.utils.serializers.json), 464 dir_list() (in module salt.ﬁleserver.hgfs), 454 deserialize() (in module salt.utils.serializers.msgpack), dir_list() (in module salt.ﬁleserver.minionfs), 455 465 dir_list() (in module salt.ﬁleserver.roots), 456 deserialize() (in module salt.utils.serializers.yaml), 465 dir_list() (in module salt.ﬁleserver.s3fs), 457 desktop_interface() (in module dir_list() (in module salt.ﬁleserver.svnfs), 458 salt.states.gnomedesktop), 1146 dir_list() (in module salt.runners.ﬁleserver), 1009 desktop_lockdown() (in module directives() (in module salt.modules.apache), 473 salt.states.gnomedesktop), 1146 directory() (in module salt.states.ﬁle), 1131 destroy() (in module salt.cloud.clouds.aliyun), 335 directory_exists() (in module salt.modules.ﬁle), 569 destroy() (in module salt.cloud.clouds.cloudstack), 337 dirinfo() (in module salt.modules.moosefs), 684 destroy() (in module salt.cloud.clouds.digital_ocean), 339 dirty() (in module salt.states.svn), 1228 destroy() (in module salt.cloud.clouds.ec2), 342 disable() (in module salt.modules.debian_service), 535 destroy() (in module salt.cloud.clouds.gce), 349 disable() (in module salt.modules.freebsdservice), 592 destroy() (in module salt.cloud.clouds.gogrid), 351 disable() (in module salt.modules.gentoo_service), 596 destroy() (in module salt.cloud.clouds.joyent), 352 disable() (in module salt.modules.netbsdservice), 696 destroy() (in module salt.cloud.clouds.libcloud_aws), 355 disable() (in module salt.modules.puppet), 761 destroy() (in module salt.cloud.clouds.linode), 357 disable() (in module salt.modules.rdp), 774 destroy() (in module salt.cloud.clouds.lxc), 359 disable() (in module salt.modules.rh_service), 782 destroy() (in module salt.cloud.clouds.msazure), 360 disable() (in module salt.modules.schedule), 795 destroy() (in module salt.cloud.clouds.nova), 362 disable() (in module salt.modules.sm), 804 destroy() (in module salt.cloud.clouds.opennebula), 364 disable() (in module salt.modules.systemd), 841 destroy() (in module salt.cloud.clouds.openstack), 366 disable() (in module salt.modules.upstart), 856 destroy() (in module salt.cloud.clouds.parallels), 367 disable() (in module salt.modules.win_ﬁrewall), 874 destroy() (in module salt.cloud.clouds.proxmox), 369 disable() (in module salt.modules.win_ip), 875 destroy() (in module salt.cloud.clouds.rackspace), 371 disable() (in module salt.modules.win_service), 884 destroy() (in module salt.cloud.clouds.solayer), 373 disable() (in module salt.states.apache_module), 1079 destroy() (in module salt.cloud.clouds.solayer_hw), 374 disable() (in module salt.states.modjk_worker), 1173 destroy() (in module salt.cloud.clouds.vsphere), 375 disable_availability_zones() (in module destroy() (in module salt.modules.cloud), 514 salt.modules.boto_elb), 497 destroy() (in module salt.modules.lxc), 655 disable_job() (in module salt.modules.schedule), 795 destroy() (in module salt.modules.mdadm), 675 disable_modules destroy() (in module salt.modules.smartos_vmadm), 803 conf/minion, 435 destroy() (in module salt.modules.virt), 862 disable_plugin() (in module salt.modules.rabbitmq), 769 destroy() (in module salt.modules.xapi), 894 disable_returners destroy() (in module salt.modules.zpool), 911 conf/minion, 435 destroy() (in module salt.runners.cloud), 1007 disable_server() (in module salt.modules.haproxyconn), destroy() (salt.cloud.CloudClient method), 332 615 detach_disk() (in module salt.cloud.clouds.gce), 349 disable_term_protect() (in module detach_lb() (in module salt.cloud.clouds.gce), 349 salt.cloud.clouds.botocore_aws), 337 detach_subnets() (in module salt.modules.boto_elb), 497 disable_term_protect() (in module salt.cloud.clouds.ec2), detach_volume() (in module salt.cloud.clouds.ec2), 342 342</p><p>1484 Index Salt Documentation, Release 2014.7.6 disabled() (in module salt.modules.debian_service), 535 dump() (in module salt.modules.data), 530 disabled() (in module salt.modules.freebsdservice), 592 dump() (in module salt.modules.extfs), 563 disabled() (in module salt.modules.gentoo_service), 596 dump_conﬁg() (in module salt.modules.modjk), 680 disabled() (in module salt.modules.netbsdservice), 696 dumpconf() (in module salt.modules.znc), 910 disabled() (in module salt.modules.openbsdservice), 713 disabled() (in module salt.modules.rh_service), 782 E disabled() (in module salt.modules.sm), 804 EAuth, 1461 disabled() (in module salt.modules.systemd), 841 EauthAuthenticationError, 461, 463 disabled() (in module salt.modules.upstart), 856 ec2_credentials_create() (in module disabled() (in module salt.modules.win_service), 884 salt.modules.keystone), 636 disabled() (in module salt.states.rabbitmq_plugin), 1210 ec2_credentials_delete() (in module disabled() (in module salt.states.rdp), 1214 salt.modules.keystone), 636 disabled() (in module salt.states.service), 1223 ec2_credentials_get() (in module salt.modules.keystone), disabled() (in module salt.states.win_ﬁrewall), 1237 636 disassociate_proﬁle_from_role() (in module ec2_credentials_list() (in module salt.modules.keystone), salt.modules.boto_iam), 499 636 discoverable() (in module salt.modules.bluez), 487 echo() (in module salt.modules.test), 843 disk_io_counters() (in module salt.modules.ps), 757 eclean_dist() (in module salt.modules.gentoolkitmod), disk_partition_usage() (in module salt.modules.ps), 757 598 disk_partitions() (in module salt.modules.ps), 757 eclean_pkg() (in module salt.modules.gentoolkitmod), disk_usage() (in module salt.modules.ps), 757 598 diskstats() (in module salt.modules.status), 828 edit_conf() (in module salt.modules.lxc), 655 diskusage() (in module salt.modules.status), 828 edit_server() (in module salt.modules.lvs), 651 display() (in module salt.modules.alternatives), 472 edit_service() (in module salt.modules.lvs), 651 display() (salt.output.nested.NestDisplay method), 944 edited_conf() (in module salt.states.lxc), 1169 display() (salt.output.no_return.NestDisplay method), emerge_default_opts_contains() (in module 945 salt.modules.makecon), 667 dns_check empty_dir_list() (in module salt.runners.ﬁleserver), 1010 conf/minion, 434 enable() (in module salt.modules.debian_service), 535 dns_dhcp() (in module salt.modules.win_dns_client), 869 enable() (in module salt.modules.freebsdservice), 592 dns_dhcp() (in module salt.states.win_dns_client), 1236 enable() (in module salt.modules.gentoo_service), 596 dns_exists() (in module salt.states.win_dns_client), 1236 enable() (in module salt.modules.netbsdservice), 696 do() (in module salt.modules.pyenv), 765 enable() (in module salt.modules.puppet), 761 do() (in module salt.modules.rbenv), 773 enable() (in module salt.modules.rdp), 774 do() (in module salt.modules.rvm), 786 enable() (in module salt.modules.rh_service), 782 do_with_python() (in module salt.modules.pyenv), 765 enable() (in module salt.modules.schedule), 795 do_with_ruby() (in module salt.modules.rbenv), 773 enable() (in module salt.modules.sm), 805 doc() (in module salt.modules.sysmod), 837 enable() (in module salt.modules.systemd), 841 dot_vals() (in module salt.modules.conﬁg), 522 enable() (in module salt.modules.upstart), 856 down() (in module salt.modules.debian_ip), 534 enable() (in module salt.modules.win_ip), 875 down() (in module salt.modules.rh_ip), 781 enable() (in module salt.modules.win_service), 884 down() (in module salt.runners.manage), 1015 enable() (in module salt.states.apache_module), 1079 download() (in module salt.modules.sowareupdate), 807 enable_availability_zones() (in module Download() (salt.modules.win_update.PyWinUpdater salt.modules.boto_elb), 497 method), 890 enable_gpu_grains Download() (salt.states.win_update.PyWinUpdater conf/master, 404 method), 1240 enable_job() (in module salt.modules.schedule), 795 download_all() (in module salt.modules.sowareupdate), enable_plugin() (in module salt.modules.rabbitmq), 769 807 enable_server() (in module salt.modules.haproxyconn), download_updates() (in module 616 salt.modules.win_update), 891 enable_term_protect() (in module downloaded() (in module salt.states.win_update), 1241 salt.cloud.clouds.botocore_aws), 337 drop_extension() (in module salt.modules.postgres), 751 enable_term_protect() (in module salt.cloud.clouds.ec2), dump() (in module salt.modules.blockdev), 487 342</p><p>Index 1485 Salt Documentation, Release 2014.7.6 enabled() (in module salt.modules.debian_service), 535 exec_code() (in module salt.modules.cmdmod), 516 enabled() (in module salt.modules.freebsdservice), 592 execs() (in module salt.modules.systemd), 841 enabled() (in module salt.modules.gentoo_service), 597 execute() (in module salt.modules.augeas_cfg), 484 enabled() (in module salt.modules.netbsdservice), 696 execute_salt_restart_task() (in module enabled() (in module salt.modules.openbsdservice), 714 salt.modules.win_service), 884 enabled() (in module salt.modules.rh_service), 782 Execution Function, 1461 enabled() (in module salt.modules.sm), 805 Execution Module, 1461 enabled() (in module salt.modules.systemd), 841 execution() (in module salt.runners.doc), 1008 enabled() (in module salt.modules.upstart), 856 exists() (in module salt.modules.boto_asg), 490 enabled() (in module salt.modules.win_service), 884 exists() (in module salt.modules.boto_elasticache), 494 enabled() (in module salt.states.rabbitmq_plugin), 1210 exists() (in module salt.modules.boto_elb), 497 enabled() (in module salt.states.rdp), 1214 exists() (in module salt.modules.boto_secgroup), 502 enabled() (in module salt.states.service), 1223 exists() (in module salt.modules.boto_sqs), 504 enabled_service_owners() (in module exists() (in module salt.modules.dockerio), 546 salt.modules.introspect), 628 exists() (in module salt.modules.lxc), 655 endpoint_absent() (in module salt.states.keystone), 1162 exists() (in module salt.modules.parted), 722 endpoint_create() (in module salt.modules.keystone), 637 exists() (in module salt.modules.redismod), 775 endpoint_delete() (in module salt.modules.keystone), 637 exists() (in module salt.modules.win_path), 880 endpoint_get() (in module salt.modules.keystone), 637 exists() (in module salt.modules.zpool), 911 endpoint_list() (in module salt.modules.keystone), 637 exists() (in module salt.states.aws_sqs), 1083 endpoint_present() (in module salt.states.keystone), 1162 exists() (in module salt.states.ﬁle), 1132 enforce_mine_cache exists() (in module salt.states.win_path), 1238 conf/master, 405 expand_repo_def() (in module salt.modules.aptpkg), 475 enforce_nice_conﬁg() (in module expand_repo_def() (in module salt.modules.yumpkg), salt.modules.portage_conﬁg), 748 899 ensure_views() (in module expire() (in module salt.modules.redismod), 775 salt.returners.couchdb_return), 991 expireat() (in module salt.modules.redismod), 776 enter_root() (salt.pillar.mysql.merger method), 959 export() (in module salt.modules.dockerio), 546 env_absent() (in module salt.states.cron), 1113 export() (in module salt.modules.svn), 833 env_present() (in module salt.states.cron), 1113 export() (in module salt.states.svn), 1228 Environment, 1461 ext() (in module salt.modules.pillar), 726 environment ext_job_cache conf/minion, 437 conf/master, 405 envs() (in module salt.ﬁleserver.gitfs), 453 ext_pillar envs() (in module salt.ﬁleserver.hgfs), 454 conf/master, 422 envs() (in module salt.ﬁleserver.minionfs), 455 ext_pillar() (in module salt.pillar.cmd_json), 949 envs() (in module salt.ﬁleserver.roots), 456 ext_pillar() (in module salt.pillar.cmd_yaml), 950 envs() (in module salt.ﬁleserver.s3fs), 457 ext_pillar() (in module salt.pillar.cmd_yamlex), 950 envs() (in module salt.ﬁleserver.svnfs), 458 ext_pillar() (in module salt.pillar.cobbler), 950 envs() (in module salt.pillar.git_pillar), 955 ext_pillar() (in module salt.pillar.django_orm), 952 envs() (in module salt.runners.ﬁleserver), 1010 ext_pillar() (in module salt.pillar.etcd_pillar), 953 envs() (salt.pillar.git_pillar.GitPillar method), 955 ext_pillar() (in module salt.pillar.foreman), 954 error() (in module salt.runners.error), 1008 ext_pillar() (in module salt.pillar.git_pillar), 955 error() (in module salt.wheel.error), 1253 ext_pillar() (in module salt.pillar.hiera), 955 Event, see Reactor, 158, 1461 ext_pillar() (in module salt.pillar.libvirt), 955 event bus, 158 ext_pillar() (in module salt.pillar.mongo), 956 event system, 158 ext_pillar() (in module salt.pillar.mysql), 959 event() (in module salt.runners.state), 1019 ext_pillar() (in module salt.pillar.pillar_ldap), 960 Events (class in salt.netapi.rest_cherrypy.app), 924 ext_pillar() (in module salt.pillar.puppet), 960 EventsSaltAPIHandler (in module ext_pillar() (in module salt.pillar.reclass_adapter), 960 salt.netapi.rest_tornado.saltnado), 939 ext_pillar() (in module salt.pillar.redismod), 961 ex_mod_init() (in module salt.modules.ebuild), 554 ext_pillar() (in module salt.pillar.s3), 962 exception() (in module salt.modules.test), 843 ext_pillar() (in module salt.pillar.svn_pillar), 963 exec_action() (in module salt.modules.eselect), 559 ext_pillar() (in module salt.pillar.virtkey), 963</p><p>1486 Index Salt Documentation, Release 2014.7.6 extension_modules conf/master, 412 conf/master, 403 ﬁle_list() (in module salt.ﬁleserver.gitfs), 453 External Job Cache, 1461 ﬁle_list() (in module salt.ﬁleserver.hgfs), 455 External Pillar, 1461 ﬁle_list() (in module salt.ﬁleserver.minionfs), 456 external-logging-handlers ﬁle_list() (in module salt.ﬁleserver.roots), 456 conf/logging, 444 ﬁle_list() (in module salt.ﬁleserver.s3fs), 457 external_auth ﬁle_list() (in module salt.ﬁleserver.svnfs), 458 conf/master, 408 ﬁle_list() (in module salt.modules.aptpkg), 475 external_nodes ﬁle_list() (in module salt.modules.dpkg), 553 conf/master, 410 ﬁle_list() (in module salt.modules.freebsdpkg), 588 extra_action() (salt.cloud.CloudClient method), 332 ﬁle_list() (in module salt.modules.pacman), 718 extract_hash() (in module salt.modules.ﬁle), 569 ﬁle_list() (in module salt.modules.pkgin), 733 extract_queries() (salt.pillar.mysql.merger method), 959 ﬁle_list() (in module salt.modules.rpm), 785 extracted() (in module salt.states.archive), 1079 ﬁle_list() (in module salt.modules.yumpkg), 900 ﬁle_list() (in module salt.runners.ﬁleserver), 1010 F ﬁle_list_emptydirs() (in module salt.ﬁleserver.gitfs), 453 fact() (in module salt.modules.puppet), 761 ﬁle_list_emptydirs() (in module salt.ﬁleserver.hgfs), 455 facts() (in module salt.modules.puppet), 761 ﬁle_list_emptydirs() (in module salt.ﬁleserver.roots), 456 facts_refresh() (in module salt.modules.junos), 634 ﬁle_list_emptydirs() (in module salt.ﬁleserver.s3fs), 457 fail_with_changes() (in module salt.states.test), 1230 ﬁle_list_emptydirs() (in module salt.ﬁleserver.svnfs), 458 fail_without_changes() (in module salt.states.test), 1230 ﬁle_recv failhard conf/master, 408 conf/master, 410 ﬁle_roots conf/minion, 441 conf/master, 412 features_contains() (in module salt.modules.makecon), conf/minion, 437 667 ﬁleinfo() (in module salt.modules.moosefs), 684 fetch() (in module salt.modules.git), 602 ﬁleio() (in module salt.modules.sysbench), 837 fetch() (in module salt.modules.pkgng), 737 ﬁleserver_backend fetch() (in module salt.modules.sqlite3), 821 conf/master, 411 ﬁb() (in module salt.modules.test), 844 FileserverConﬁgError, 461, 463 ﬁeld_names (salt.pillar.mysql.merger aribute), 959 ﬁlter_by() (in module salt.modules.grains), 610 File Server, 1461 ﬁlter_by() (in module salt.modules.match), 672 ﬁle() (in module salt.states.cron), 1113 ﬁnd() (in module salt.modules.ﬁle), 569 ﬁle_buﬀer_size ﬁnd() (in module salt.wheel.ﬁle_roots), 1253 conf/master, 412 ﬁnd() (in module salt.wheel.pillar_roots), 1254 ﬁle_client ﬁnd_cached_job() (in module salt.modules.saltutil), 791 conf/minion, 437 ﬁnd_ﬁle() (in module salt.ﬁleserver.gitfs), 453 ﬁle_dict() (in module salt.modules.aptpkg), 475 ﬁnd_ﬁle() (in module salt.ﬁleserver.hgfs), 455 ﬁle_dict() (in module salt.modules.dpkg), 553 ﬁnd_ﬁle() (in module salt.ﬁleserver.minionfs), 456 ﬁle_dict() (in module salt.modules.freebsdpkg), 588 ﬁnd_ﬁle() (in module salt.ﬁleserver.roots), 456 ﬁle_dict() (in module salt.modules.pacman), 718 ﬁnd_ﬁle() (in module salt.ﬁleserver.s3fs), 457 ﬁle_dict() (in module salt.modules.pkgin), 733 ﬁnd_ﬁle() (in module salt.ﬁleserver.svnfs), 458 ﬁle_dict() (in module salt.modules.rpm), 784 ﬁnd_guest() (in module salt.runners.lxc), 1013 ﬁle_dict() (in module salt.modules.yumpkg), 900 ﬁnd_guests() (in module salt.runners.lxc), 1013 ﬁle_exists() (in module salt.modules.ﬁle), 569 ﬁnd_interfaces() (in module salt.modules.bridge), 507 ﬁle_hash() (in module salt.ﬁleserver.gitfs), 453 ﬁnd_job() (in module salt.modules.saltutil), 791 ﬁle_hash() (in module salt.ﬁleserver.hgfs), 454 ﬁnger() (in module salt.modules.key), 634 ﬁle_hash() (in module salt.ﬁleserver.minionfs), 455 ﬁnger() (in module salt.wheel.key), 1253 ﬁle_hash() (in module salt.ﬁleserver.roots), 456 ﬁnger_master() (in module salt.modules.key), 634 ﬁle_hash() (in module salt.ﬁleserver.s3fs), 457 ﬁre() (in module salt.modules.event), 562 ﬁle_hash() (in module salt.ﬁleserver.svnfs), 458 ﬁre_master() (in module salt.modules.event), 562 ﬁle_ignore_glob ﬂags() (in module salt.states.portage_conﬁg), 1201 conf/master, 412 ﬂavor_create() (in module salt.modules.nova), 706 ﬁle_ignore_regex ﬂavor_delete() (in module salt.modules.nova), 707</p><p>Index 1487 Salt Documentation, Release 2014.7.6</p><p>ﬂavor_list() (in module salt.modules.nova), 707 gemset_list() (in module salt.modules.rvm), 787 ﬂush() (in module salt.modules.ipset), 629 gemset_list_all() (in module salt.modules.rvm), 787 ﬂush() (in module salt.modules.iptables), 632 gemset_present() (in module salt.states.rvm), 1217 ﬂush() (in module salt.modules.mine), 677 gen() (in module salt.wheel.key), 1253 ﬂush() (in module salt.modules.nables), 703 gen_accept() (in module salt.wheel.key), 1253 ﬂush() (in module salt.states.ipset), 1156 gen_hyper_keys() (in module salt.pillar.libvirt), 955 ﬂush() (in module salt.states.iptables), 1160 gen_locale() (in module salt.modules.localemod), 647 ﬂush() (in module salt.states.nables), 1186 gen_password() (in module salt.modules.shadow), 800 ﬂushall() (in module salt.modules.redismod), 776 generate() (in module salt.runners.thin), 1023 ﬂushdb() (in module salt.modules.redismod), 776 genrepo() (in module salt.modules.win_repo), 883 focus (salt.pillar.mysql.merger aribute), 959 genrepo() (in module salt.runners.winrepo), 1024 force_oﬀ() (in module salt.runners.virt), 1023 genrepo() (in module salt.states.winrepo), 1242 force_reload() (in module salt.modules.debian_service), gentoo_mirrors_contains() (in module 535 salt.modules.makecon), 667 force_reload() (in module salt.modules.netbsdservice), get() (in module salt.modules.augeas_cfg), 484 696 get() (in module salt.modules.conﬁg), 522 force_reload() (in module salt.modules.systemd), 841 get() (in module salt.modules.darwin_sysctl), 529 force_reload() (in module salt.modules.upstart), 856 get() (in module salt.modules.defaults), 537 force_reset() (in module salt.modules.rabbitmq), 769 get() (in module salt.modules.environ), 558 formaed() (in module salt.states.blockdev), 1084 get() (in module salt.modules.freebsd_sysctl), 584 free_slave() (in module salt.modules.mysql), 688 get() (in module salt.modules.gnomedesktop), 608 freecpu() (in module salt.modules.virt), 862 get() (in module salt.modules.grains), 611 freecpu() (in module salt.modules.xapi), 894 get() (in module salt.modules.linux_sysctl), 647 freemem() (in module salt.modules.virt), 862 get() (in module salt.modules.memcached), 676 freemem() (in module salt.modules.xapi), 894 get() (in module salt.modules.mine), 677 freeze() (in module salt.modules.lxc), 655 get() (in module salt.modules.netbsd_sysctl), 695 freeze() (in module salt.modules.pip), 728 get() (in module salt.modules.openstack_conﬁg), 715 freeze() (in module salt.runners.lxc), 1013 get() (in module salt.modules.pillar), 726 fstab() (in module salt.modules.freebsdjail), 585 get() (in module salt.modules.rvm), 787 fstab() (in module salt.modules.mount), 685 get() (in module salt.modules.s3), 789 full_data() (in module salt.modules.publish), 759 get() (in module salt.modules.smartos_imgadm), 802 full_data() (in module salt.modules.raet_publish), 771 get() (in module salt.modules.swi), 836 full_import() (in module salt.modules.solr), 817 get() (in module salt.runners.mine), 1016 full_info() (in module salt.modules.virt), 862 GET() (salt.netapi.rest_cherrypy.app.Events method), full_info() (in module salt.modules.xapi), 894 924 full_query() (in module salt.modules.cloud), 514 GET() (salt.netapi.rest_cherrypy.app.Jobs method), 922 full_query() (in module salt.runners.cloud), 1008 GET() (salt.netapi.rest_cherrypy.app.Keys method), 928 full_query() (salt.cloud.CloudClient method), 333 GET() (salt.netapi.rest_cherrypy.app.Login method), 919 full_restart() (in module salt.modules.daemontools), 528 GET() (salt.netapi.rest_cherrypy.app.LowDataAdapter full_restart() (in module salt.modules.upstart), 856 method), 918 fullversion() (in module salt.modules.apache), 473 GET() (salt.netapi.rest_cherrypy.app.Minions method), fullversion() (in module salt.modules.dnsmasq), 540 921 fullversion() (in module salt.modules.linux_lvm), 645 GET() (salt.netapi.rest_cherrypy.app.Stats method), 931 fullversion() (in module salt.modules.tomcat), 852 GET() (salt.netapi.rest_cherrypy.app.WebsocketEndpoint function() (in module salt.states.saltmod), 1217 method), 930 function() (salt.client.Caller method), 330 get_() (in module salt.modules.etcd_mod), 561 get_alarm() (in module salt.modules.boto_cloudwatch), G 492 gather_bootstrap_script() (in module get_alias() (in module salt.modules.hosts), 619 salt.modules.conﬁg), 522 get_all() (in module salt.modules.daemontools), 528 gemset_copy() (in module salt.modules.rvm), 786 get_all() (in module salt.modules.debian_service), 535 gemset_create() (in module salt.modules.rvm), 786 get_all() (in module salt.modules.freebsdservice), 592 gemset_delete() (in module salt.modules.rvm), 786 get_all() (in module salt.modules.gentoo_service), 597 gemset_empty() (in module salt.modules.rvm), 787 get_all() (in module salt.modules.launchctl), 642</p><p>1488 Index Salt Documentation, Release 2014.7.6 get_all() (in module salt.modules.netbsdservice), 696 get_conﬁgured_provider() (in module get_all() (in module salt.modules.openbsdservice), 714 salt.cloud.clouds.gce), 349 get_all() (in module salt.modules.rh_service), 782 get_conﬁgured_provider() (in module get_all() (in module salt.modules.service), 799 salt.cloud.clouds.gogrid), 351 get_all() (in module salt.modules.sm), 805 get_conﬁgured_provider() (in module get_all() (in module salt.modules.systemd), 841 salt.cloud.clouds.joyent), 353 get_all() (in module salt.modules.upstart), 857 get_conﬁgured_provider() (in module get_all() (in module salt.modules.win_service), 884 salt.cloud.clouds.libcloud_aws), 355 get_all_alarms() (in module get_conﬁgured_provider() (in module salt.modules.boto_cloudwatch), 493 salt.cloud.clouds.linode), 357 get_all_interfaces() (in module salt.modules.win_ip), 876 get_conﬁgured_provider() (in module get_aributes() (in module salt.modules.boto_elb), 497 salt.cloud.clouds.lxc), 359 get_aributes() (in module salt.modules.boto_sqs), 504 get_conﬁgured_provider() (in module get_aributes() (in module salt.modules.win_ﬁle), 870 salt.cloud.clouds.msazure), 360 get_auth() (in module salt.cloud.clouds.linode), 357 get_conﬁgured_provider() (in module get_auth_url() (in module salt.auth.keystone), 297 salt.cloud.clouds.nova), 362 get_availability_zone() (in module salt.cloud.clouds.ec2), get_conﬁgured_provider() (in module 342 salt.cloud.clouds.opennebula), 364 get_availability_zone() (in module get_conﬁgured_provider() (in module salt.cloud.clouds.libcloud_aws), 355 salt.cloud.clouds.openstack), 366 get_available_extension() (in module get_conﬁgured_provider() (in module salt.modules.postgres), 752 salt.cloud.clouds.parallels), 367 get_base() (in module salt.modules.lxc), 656 get_conﬁgured_provider() (in module get_block_device() (in module salt.modules.parted), 722 salt.cloud.clouds.proxmox), 369 get_bond() (in module salt.modules.debian_ip), 534 get_conﬁgured_provider() (in module get_bond() (in module salt.modules.rh_ip), 781 salt.cloud.clouds.rackspace), 371 get_ca() (in module salt.modules.tls), 850 get_conﬁgured_provider() (in module get_cache_subnet_group() (in module salt.cloud.clouds.saltify), 372 salt.modules.boto_elasticache), 495 get_conﬁgured_provider() (in module get_cﬂags() (in module salt.modules.makecon), 667 salt.cloud.clouds.solayer), 373 get_chost() (in module salt.modules.makecon), 667 get_conﬁgured_provider() (in module get_cli_returns() (salt.client.LocalClient method), 329 salt.cloud.clouds.solayer_hw), 374 get_cloud_init_mime() (in module get_conﬁgured_provider() (in module salt.modules.boto_asg), 490 salt.cloud.clouds.vsphere), 375 get_computer_desc() (in module get_conn() (in module salt.cloud.clouds.cloudstack), 338 salt.modules.win_system), 887 get_conn() (in module salt.cloud.clouds.gce), 349 get_computer_name() (in module get_conn() (in module salt.cloud.clouds.gogrid), 351 salt.modules.win_system), 887 get_conn() (in module salt.cloud.clouds.libcloud_aws), get_conﬁg() (in module salt.modules.boto_asg), 490 355 get_conﬁg() (in module salt.modules.boto_elasticache), get_conn() (in module salt.cloud.clouds.linode), 357 495 get_conn() (in module salt.cloud.clouds.msazure), 360 get_conﬁg() (in module salt.modules.boto_secgroup), 503 get_conn() (in module salt.cloud.clouds.nova), 362 get_conﬁg() (in module salt.modules.dnsmasq), 540 get_conn() (in module salt.cloud.clouds.openstack), 366 get_conﬁg() (in module salt.modules.win_ﬁrewall), 875 get_conn() (in module salt.cloud.clouds.rackspace), 371 get_conﬁgured_provider() (in module get_conn() (in module salt.cloud.clouds.solayer), 373 salt.cloud.clouds.aliyun), 335 get_conn() (in module salt.cloud.clouds.solayer_hw), get_conﬁgured_provider() (in module 374 salt.cloud.clouds.botocore_aws), 337 get_conn() (in module salt.cloud.clouds.vsphere), 376 get_conﬁgured_provider() (in module get_console_output() (in module salt.cloud.clouds.ec2), salt.cloud.clouds.cloudstack), 338 342 get_conﬁgured_provider() (in module get_container_root() (in module salt.modules.dockerio), salt.cloud.clouds.digital_ocean), 339 546 get_conﬁgured_provider() (in module get_containers() (in module salt.modules.dockerio), 546 salt.cloud.clouds.ec2), 342 get_current_target() (in module salt.modules.eselect),</p><p>Index 1489 Salt Documentation, Release 2014.7.6</p><p>560 get_ﬁle_str() (in module salt.modules.cp), 525 get_cxxﬂags() (in module salt.modules.makecon), 667 get_ﬂags_from_package_conf() (in module get_data() (salt.roster.ﬂat.RosterMatcher method), 1005 salt.modules.portage_conﬁg), 748 get_default_gateway() (in module salt.modules.win_ip), get_fun() (in module salt.modules.ret), 780 876 get_fun() (in module salt.returners.couchdb_return), 991 get_devmm() (in module salt.modules.ﬁle), 571 get_fun() (in module salt.returners.etcd_return), 993 get_diﬀ() (in module salt.modules.ﬁle), 571 get_fun() (in module salt.returners.memcache_return), get_dir() (in module salt.modules.cp), 524 994 get_disabled() (in module salt.modules.debian_service), get_fun() (in module salt.returners.mongo_future_return), 536 995 get_disabled() (in module salt.modules.freebsdservice), get_fun() (in module salt.returners.mongo_return), 996 592 get_fun() (in module salt.returners.mysql), 997 get_disabled() (in module salt.modules.gentoo_service), get_fun() (in module salt.returners.odbc), 999 597 get_fun() (in module salt.returners.postgres), 1001 get_disabled() (in module salt.modules.netbsdservice), get_fun() (in module salt.returners.redis_return), 1001 696 get_fun() (in module salt.returners.sqlite3_return), 1004 get_disabled() (in module salt.modules.openbsdservice), get_gentoo_mirrors() (in module 714 salt.modules.makecon), 668 get_disabled() (in module salt.modules.rh_service), 783 get_gid() (in module salt.modules.ﬁle), 571 get_disabled() (in module salt.modules.sm), 805 get_gid() (in module salt.modules.win_ﬁle), 871 get_disabled() (in module salt.modules.systemd), 841 get_graphics() (in module salt.modules.virt), 862 get_disabled() (in module salt.modules.upstart), 857 get_group() (in module salt.modules.ﬁle), 571 get_disabled() (in module salt.modules.win_service), 885 get_group() (in module salt.modules.win_ﬁle), 871 get_disk_size() (in module salt.cloud.clouds.linode), 357 get_group_id() (in module salt.modules.boto_secgroup), get_disks() (in module salt.modules.virt), 862 503 get_disks() (in module salt.modules.xapi), 895 get_hash() (in module salt.modules.ﬁle), 571 get_dns_conﬁg() (in module get_health_check() (in module salt.modules.boto_elb), salt.modules.win_dns_client), 869 497 get_dns_servers() (in module get_hostname() (in module salt.modules.network), 698 salt.modules.win_dns_client), 869 get_hwclock() (in module salt.modules.timezone), 846 get_docker() (in module salt.modules.mine), 677 get_hwclock() (in module salt.modules.win_timezone), get_elb_conﬁg() (in module salt.modules.boto_elb), 497 889 get_emerge_default_opts() (in module get_id() (in module salt.modules.parted), 722 salt.modules.makecon), 667 get_image() (in module salt.cloud.clouds.aliyun), 335 get_enabled() (in module salt.modules.debian_service), get_image() (in module salt.cloud.clouds.cloudstack), 338 536 get_image() (in module salt.cloud.clouds.digital_ocean), get_enabled() (in module salt.modules.freebsdjail), 585 339 get_enabled() (in module salt.modules.freebsdservice), get_image() (in module salt.cloud.clouds.gogrid), 351 592 get_image() (in module salt.cloud.clouds.joyent), 353 get_enabled() (in module salt.modules.gentoo_service), get_image() (in module salt.cloud.clouds.linode), 357 597 get_image() (in module salt.cloud.clouds.nova), 362 get_enabled() (in module salt.modules.netbsdservice), get_image() (in module salt.cloud.clouds.opennebula), 696 364 get_enabled() (in module salt.modules.openbsdservice), get_image() (in module salt.cloud.clouds.openstack), 366 714 get_image() (in module salt.cloud.clouds.parallels), 367 get_enabled() (in module salt.modules.rh_service), 783 get_image() (in module salt.cloud.clouds.rackspace), 371 get_enabled() (in module salt.modules.sm), 805 get_images() (in module salt.modules.dockerio), 546 get_enabled() (in module salt.modules.systemd), 841 get_installed_extension() (in module get_enabled() (in module salt.modules.upstart), 857 salt.modules.postgres), 752 get_enabled() (in module salt.modules.win_service), 885 get_instance_health() (in module salt.modules.boto_elb), get_event_iter_returns() (salt.client.LocalClient method), 497 329 get_interface() (in module salt.modules.debian_ip), 534 get_features() (in module salt.modules.makecon), 668 get_interface() (in module salt.modules.rh_ip), 781 get_ﬁle() (in module salt.modules.cp), 524 get_interface() (in module salt.modules.win_ip), 876</p><p>1490 Index Salt Documentation, Release 2014.7.6 get_ip() (in module salt.cloud.clouds.cloudstack), 338 get_load() (in module salt.returners.odbc), 999 get_ip() (in module salt.modules.hosts), 619 get_load() (in module salt.returners.postgres), 1001 get_jid() (in module salt.modules.ret), 780 get_load() (in module salt.returners.redis_return), 1002 get_jid() (in module salt.returners.couchbase_return), get_load() (in module salt.returners.sqlite3_return), 1004 991 get_locale() (in module salt.modules.localemod), 648 get_jid() (in module salt.returners.couchdb_return), 991 get_location() (in module salt.cloud.clouds.aliyun), 335 get_jid() (in module salt.returners.etcd_return), 993 get_location() (in module salt.cloud.clouds.cloudstack), get_jid() (in module salt.returners.local_cache), 994 338 get_jid() (in module salt.returners.memcache_return), get_location() (in module 994 salt.cloud.clouds.digital_ocean), 339 get_jid() (in module salt.returners.mongo_future_return), get_location() (in module salt.cloud.clouds.ec2), 343 995 get_location() (in module salt.cloud.clouds.joyent), 353 get_jid() (in module salt.returners.mongo_return), 996 get_location() (in module get_jid() (in module salt.returners.multi_returner), 996 salt.cloud.clouds.libcloud_aws), 355 get_jid() (in module salt.returners.mysql), 997 get_location() (in module salt.cloud.clouds.linode), 357 get_jid() (in module salt.returners.odbc), 999 get_location() (in module salt.cloud.clouds.opennebula), get_jid() (in module salt.returners.postgres), 1001 364 get_jid() (in module salt.returners.redis_return), 1001 get_location() (in module salt.cloud.clouds.solayer), 373 get_jid() (in module salt.returners.sqlite3_return), 1004 get_location() (in module get_jids() (in module salt.modules.ret), 780 salt.cloud.clouds.solayer_hw), 374 get_jids() (in module salt.returners.couchbase_return), get_location_path() (in module salt.cloud.clouds.joyent), 991 353 get_jids() (in module salt.returners.couchdb_return), 991 get_locked_packages() (in module get_jids() (in module salt.returners.etcd_return), 993 salt.modules.yumpkg), 900 get_jids() (in module salt.returners.local_cache), 994 get_macs() (in module salt.modules.smartos_vmadm), get_jids() (in module salt.returners.memcache_return), 803 994 get_macs() (in module salt.modules.virt), 862 get_jids() (in module salt.returners.mongo_future_return), get_macs() (in module salt.modules.xapi), 895 995 get_makeopts() (in module salt.modules.makecon), 668 get_jids() (in module salt.returners.multi_returner), 996 get_managed() (in module salt.modules.ﬁle), 572 get_jids() (in module salt.returners.mysql), 997 get_master_status() (in module salt.modules.mysql), 688 get_jids() (in module salt.returners.odbc), 999 get_minions() (in module salt.modules.ret), 780 get_jids() (in module salt.returners.postgres), 1001 get_minions() (in module salt.returners.couchdb_return), get_jids() (in module salt.returners.redis_return), 1002 991 get_jids() (in module salt.returners.sqlite3_return), 1004 get_minions() (in module salt.returners.etcd_return), 993 get_kernels() (in module salt.cloud.clouds.linode), 357 get_minions() (in module get_key() (in module salt.cloud.clouds.cloudstack), 338 salt.returners.memcache_return), 994 get_key() (in module salt.modules.redismod), 776 get_minions() (in module get_keyid() (in module salt.cloud.clouds.digital_ocean), salt.returners.mongo_future_return), 995 339 get_minions() (in module salt.returners.mysql), 998 get_keypair() (in module salt.cloud.clouds.cloudstack), get_minions() (in module salt.returners.odbc), 1000 338 get_minions() (in module salt.returners.postgres), 1001 get_known_host() (in module salt.modules.ssh), 823 get_minions() (in module salt.returners.redis_return), get_lb_conn() (in module salt.cloud.clouds.gce), 349 1002 get_load() (in module salt.returners.couchbase_return), get_minions() (in module salt.returners.sqlite3_return), 991 1004 get_load() (in module salt.returners.etcd_return), 993 get_missing_ﬂags() (in module get_load() (in module salt.returners.local_cache), 994 salt.modules.portage_conﬁg), 748 get_load() (in module salt.returners.memcache_return), get_mode() (in module salt.modules.ﬁle), 572 994 get_mode() (in module salt.modules.quota), 767 get_load() (in module salt.returners.mongo_future_return), get_mode() (in module salt.modules.win_ﬁle), 871 995 get_modules() (in module salt.modules.eselect), 560 get_load() (in module salt.returners.multi_returner), 996 get_network_seings() (in module get_load() (in module salt.returners.mysql), 997 salt.modules.debian_ip), 534</p><p>Index 1491 Salt Documentation, Release 2014.7.6 get_network_seings() (in module salt.modules.rh_ip), get_running() (in module salt.modules.sm), 805 781 get_saved_policy() (in module salt.modules.iptables), 632 get_networkid() (in module get_saved_rules() (in module salt.modules.iptables), 633 salt.cloud.clouds.cloudstack), 338 get_saved_rules() (in module salt.modules.nables), 703 get_nics() (in module salt.modules.virt), 862 get_scaling_policy_arn() (in module get_nics() (in module salt.modules.xapi), 895 salt.modules.boto_asg), 491 get_node() (in module salt.cloud.clouds.cloudstack), 338 get_sd_auth() (in module get_node() (in module salt.cloud.clouds.joyent), 353 salt.modules.serverdensity_device), 798 get_node() (in module salt.cloud.clouds.linode), 357 get_section() (in module salt.modules.ini_manage), 626 get_node() (in module salt.cloud.clouds.openstack), 366 get_securitygroup() (in module salt.cloud.clouds.aliyun), get_oﬀset() (in module salt.modules.timezone), 846 335 get_oﬀset() (in module salt.modules.win_timezone), 889 get_selections() (in module salt.modules.aptpkg), 475 get_one_kernel() (in module salt.cloud.clouds.linode), get_selections() (in module salt.modules.debconfmod), 358 533 get_option() (in module salt.modules.ini_manage), 626 get_selinux_context() (in module salt.modules.ﬁle), 572 get_opts() (in module salt.modules.test), 844 get_servers() (in module salt.modules.win_ntp), 879 get_or_set_hash() (in module salt.modules.grains), 611 get_service_name() (in module get_output_volume() (in module salt.modules.win_service), 885 salt.modules.osxdesktop), 717 get_site_packages() (in module get_parameter() (in module salt.modules.lxc), 656 salt.modules.virtualenv_mod), 868 get_password() (in module salt.cloud.clouds.cloudstack), get_size() (in module salt.cloud.clouds.aliyun), 335 338 get_size() (in module salt.cloud.clouds.cloudstack), 338 get_password() (in module salt.cloud.clouds.linode), 358 get_size() (in module salt.cloud.clouds.digital_ocean), get_path() (in module salt.modules.win_path), 880 339 get_pending_computer_name() (in module get_size() (in module salt.cloud.clouds.gogrid), 351 salt.modules.win_system), 887 get_size() (in module salt.cloud.clouds.joyent), 353 get_pgid() (in module salt.modules.win_ﬁle), 871 get_size() (in module salt.cloud.clouds.linode), 358 get_pgroup() (in module salt.modules.win_ﬁle), 871 get_size() (in module salt.cloud.clouds.nova), 362 get_pid_list() (in module salt.modules.ps), 757 get_size() (in module salt.cloud.clouds.openstack), 366 get_placementgroup() (in module salt.cloud.clouds.ec2), get_size() (in module salt.cloud.clouds.rackspace), 371 343 get_slave_status() (in module salt.modules.mysql), 688 get_policy() (in module salt.modules.iptables), 632 get_spot_conﬁg() (in module salt.cloud.clouds.ec2), 343 get_private_ip() (in module salt.cloud.clouds.linode), 358 get_ssh_gateway_conﬁg() (in module get_proﬁles() (in module salt.modules.virt), 862 salt.cloud.clouds.ec2), 343 get_provider() (in module salt.cloud.clouds.lxc), 359 get_ssh_key_ﬁlename() (in module get_pubkey() (in module salt.cloud.clouds.linode), 358 salt.cloud.clouds.linode), 358 get_record() (in module salt.modules.boto_route53), 501 get_stopped() (in module salt.modules.sm), 805 get_repo() (in module salt.modules.aptpkg), 475 get_str() (in module salt.modules.mod_random), 678 get_repo() (in module salt.modules.yumpkg), 900 get_subnet_length() (in module salt.modules.win_ip), get_repo() (in module salt.modules.zypper), 912 876 get_repo_data() (in module salt.modules.win_pkg), 880 get_subnetid() (in module salt.cloud.clouds.ec2), 343 get_resources_nodes() (in module get_sum() (in module salt.modules.ﬁle), 572 salt.cloud.clouds.proxmox), 369 get_swap() (in module salt.cloud.clouds.linode), 358 get_resources_vms() (in module get_sync() (in module salt.modules.makecon), 668 salt.cloud.clouds.proxmox), 369 get_sys() (in module salt.modules.keyboard), 635 get_role_policy() (in module salt.modules.boto_iam), 500 get_system_date() (in module salt.modules.win_system), get_routes() (in module salt.modules.debian_ip), 534 887 get_routes() (in module salt.modules.rh_ip), 782 get_system_time() (in module salt.modules.win_system), get_rule() (in module salt.modules.win_ﬁrewall), 875 887 get_rule_handle() (in module salt.modules.nables), 703 get_tags() (in module salt.cloud.clouds.ec2), 343 get_rules() (in module salt.modules.iptables), 632 get_tags() (in module salt.cloud.clouds.libcloud_aws), get_rules() (in module salt.modules.lvs), 651 356 get_rules() (in module salt.modules.nables), 703 get_target() (in module salt.modules.aliases), 471 get_running() (in module salt.modules.modjk), 680 get_target_list() (in module salt.modules.eselect), 560</p><p>1492 Index Salt Documentation, Release 2014.7.6 get_template() (in module salt.modules.cp), 525 getgoal() (in module salt.modules.moosefs), 684 get_tenancy() (in module salt.cloud.clouds.ec2), 343 getIdleActivation() (in module get_uid() (in module salt.modules.ﬁle), 573 salt.modules.gnomedesktop), 608 get_uid() (in module salt.modules.win_ﬁle), 872 getIdleDelay() (in module salt.modules.gnomedesktop), get_url() (in module salt.modules.cp), 525 608 get_user() (in module salt.modules.ﬁle), 573 GetInstallationResults() (salt.modules.win_update.PyWinUpdater get_user() (in module salt.modules.win_ﬁle), 872 method), 890 get_users() (in module salt.modules.ps), 757 GetInstallationResults() (salt.states.win_update.PyWinUpdater get_valid_salt_views() (in module method), 1240 salt.returners.couchdb_return), 991 GetInstallationResultsPrey() get_var() (in module salt.modules.makecon), 668 (salt.modules.win_update.PyWinUpdater get_vm_status() (in module salt.cloud.clouds.proxmox), method), 891 369 GetSearchResults() (salt.modules.win_update.PyWinUpdater get_vmconﬁg() (in module salt.cloud.clouds.proxmox), method), 891 369 GetSearchResultsPrey() get_weight() (in module salt.modules.haproxyconn), 616 (salt.modules.win_update.PyWinUpdater get_x() (in module salt.modules.keyboard), 635 method), 891 get_xml() (in module salt.modules.virt), 863 getsebool() (in module salt.modules.selinux), 797 get_yaml_loader() (in module salt.renderers.yaml), 986 getsid() (in module salt.modules.win_service), 885 get_zone() (in module salt.modules.timezone), 846 getval() (in module salt.modules.data), 530 get_zone() (in module salt.modules.win_timezone), 889 getvals() (in module salt.modules.data), 530 get_zonecode() (in module salt.modules.timezone), 846 gid_to_group() (in module salt.modules.ﬁle), 573 get_zonecode() (in module salt.modules.win_timezone), gid_to_group() (in module salt.modules.win_ﬁle), 872 889 gitfs_base GetAvailableCategories() conf/master, 414 (salt.modules.win_update.PyWinUpdater gitfs_env_blacklist method), 890 conf/master, 414 GetAvailableCategories() gitfs_env_whitelist (salt.states.win_update.PyWinUpdater conf/master, 414 method), 1240 gitfs_insecure_auth GetCategories() (salt.modules.win_update.PyWinUpdater conf/master, 415 method), 890 gitfs_mountpoint GetCategories() (salt.states.win_update.PyWinUpdater conf/master, 414 method), 1240 gitfs_passphrase getClockFormat() (in module conf/master, 416 salt.modules.gnomedesktop), 608 gitfs_password getClockShowDate() (in module conf/master, 415 salt.modules.gnomedesktop), 608 gitfs_privkey GetDownloadResults() (salt.modules.win_update.PyWinUpdaterconf/master, 415 method), 890 gitfs_provider GetDownloadResults() (salt.states.win_update.PyWinUpdater conf/master, 413 method), 1240 gitfs_pubkey getenforce() (in module salt.modules.selinux), 797 conf/master, 415 getent() (in module salt.modules.groupadd), 613 gitfs_remotes getent() (in module salt.modules.mac_group), 660 conf/master, 413 getent() (in module salt.modules.mac_user), 662 gitfs_root getent() (in module salt.modules.pw_group), 762 conf/master, 414 getent() (in module salt.modules.pw_user), 764 gitfs_ssl_verify getent() (in module salt.modules.solaris_group), 809 conf/master, 413 getent() (in module salt.modules.solaris_user), 811 gitfs_user getent() (in module salt.modules.useradd), 859 conf/master, 415 getent() (in module salt.modules.win_groupadd), 875 GitPillar (class in salt.pillar.git_pillar), 955 getent() (in module salt.modules.win_useradd), 893 glob() (in module salt.modules.match), 672 getfacl() (in module salt.modules.linux_acl), 644</p><p>Index 1493 Salt Documentation, Release 2014.7.6 glsa_check_list() (in module head() (in module salt.modules.swi), 836 salt.modules.gentoolkitmod), 599 held() (in module salt.states.apt), 1079 Grain, 1461 hget() (in module salt.modules.redismod), 776 grain() (in module salt.modules.match), 673 hgetall() (in module salt.modules.redismod), 776 grain_pcre() (in module salt.modules.match), 673 hgfs_base grains() (in module salt.loader), 326 conf/master, 417 grains() (in module salt.runners.cache), 1007 hgfs_branch_method grains_dirs conf/master, 416 conf/minion, 435 hgfs_env_blacklist grains_refresh() (in module salt.modules.rest_sample), conf/master, 418 779 hgfs_env_whitelist grant_add() (in module salt.modules.mysql), 689 conf/master, 417 grant_exists() (in module salt.modules.mysql), 689 hgfs_mountpoint grant_revoke() (in module salt.modules.mysql), 689 conf/master, 417 grep() (in module salt.modules.ﬁle), 573 hgfs_remotes group_create() (in module salt.modules.postgres), 752 conf/master, 416 group_diﬀ() (in module salt.modules.yumpkg), 900 hgfs_root group_info() (in module salt.modules.yumpkg), 900 conf/master, 417 group_install() (in module salt.modules.yumpkg), 901 high() (in module salt.modules.state), 824 group_list() (in module salt.modules.yumpkg), 901 Highdata, 1461 group_remove() (in module salt.modules.postgres), 752 Highstate, 1462 group_to_gid() (in module salt.modules.ﬁle), 573 highstate() (in module salt.modules.state), 824 group_to_gid() (in module salt.modules.win_ﬁle), 872 hmac_signature() (in module salt.modules.hashutil), 617 group_update() (in module salt.modules.postgres), 752 hold() (in module salt.modules.aptpkg), 476 groups() (in module salt.auth.ldap), 298 hold() (in module salt.modules.yumpkg), 901 groups() (in module salt.auth.pam), 299 host_keys() (in module salt.modules.ssh), 823 gunzip() (in module salt.modules.archive), 481 hosts_append() (in module salt.modules.dnsutil), 541 gzip() (in module salt.modules.archive), 481 hosts_remove() (in module salt.modules.dnsutil), 541 hw_addr() (in module salt.modules.network), 698 H hw_addr() (in module salt.modules.win_network), 877 Halite, 1461 hwaddr() (in module salt.modules.network), 698 halt() (in module salt.modules.system), 840 hwaddr() (in module salt.modules.win_network), 878 halt() (in module salt.modules.win_system), 887 hyper_info() (in module salt.runners.virt), 1023 handle (salt.auth.pam.PamHandle aribute), 298 has_exec() (in module salt.modules.cmdmod), 516 I has_ﬂag() (in module salt.modules.portage_conﬁg), 749 iam_proﬁle() (in module salt.cloud.clouds.ec2), 343 has_method() (in module salt.cloud.clouds.joyent), 353 iam_proﬁle() (in module salt.cloud.clouds.libcloud_aws), has_pair() (in module salt.modules.hosts), 619 356 has_powerpath() (in module salt.modules.powerpath), id 756 conf/minion, 431 has_powershell() (in module salt.modules.win_service), ignore() (in module salt.modules.sowareupdate), 807 885 ignore_cidr() (in module salt.cloud.clouds.nova), 362 has_target() (in module salt.modules.aliases), 471 ignore_cidr() (in module salt.cloud.clouds.openstack), has_use() (in module salt.modules.portage_conﬁg), 749 366 has_value() (in module salt.modules.environ), 558 image_create() (in module salt.modules.glance), 606 has_value() (in module salt.modules.grains), 612 image_delete() (in module salt.modules.glance), 606 hash() (in module salt.modules.mod_random), 678 image_list() (in module salt.modules.glance), 606 hash() (in module salt.runners.survey), 1022 image_list() (in module salt.modules.nova), 707 hash_ﬁle() (in module salt.modules.cp), 525 image_meta_delete() (in module salt.modules.nova), 707 hash_known_hosts() (in module salt.modules.ssh), 823 image_meta_set() (in module salt.modules.nova), 707 hash_type image_show() (in module salt.modules.glance), 606 conf/master, 411 import_image() (in module salt.modules.dockerio), 547 conf/minion, 438 import_image() (in module head() (in module salt.modules.s3), 790 salt.modules.smartos_imgadm), 802</p><p>1494 Index Salt Documentation, Release 2014.7.6 import_key() (in module salt.cloud.clouds.joyent), 353 install() (in module salt.modules.chocolatey), 511 import_status() (in module salt.modules.solr), 817 install() (in module salt.modules.composer), 520 in_subnet() (in module salt.modules.network), 698 install() (in module salt.modules.ebuild), 554 in_subnet() (in module salt.modules.win_network), 878 install() (in module salt.modules.freebsdpkg), 588 include install() (in module salt.modules.freebsdports), 590 conf/master, 428 install() (in module salt.modules.gem), 593 conf/minion, 441 install() (in module salt.modules.macports), 663 increment() (in module salt.modules.memcached), 676 install() (in module salt.modules.npm), 710 indexes() (in module salt.modules.sqlite3), 821 install() (in module salt.modules.openbsdpkg), 712 indices() (in module salt.modules.sqlite3), 821 install() (in module salt.modules.pacman), 718 info() (in module salt.modules.bsd_shadow), 508 install() (in module salt.modules.pecl), 725 info() (in module salt.modules.cassandra), 509 install() (in module salt.modules.pip), 728 info() (in module salt.modules.dockerio), 547 install() (in module salt.modules.pkgin), 733 info() (in module salt.modules.groupadd), 614 install() (in module salt.modules.pkgng), 738 info() (in module salt.modules.lxc), 656 install() (in module salt.modules.pkgutil), 746 info() (in module salt.modules.mac_group), 660 install() (in module salt.modules.pyenv), 765 info() (in module salt.modules.mac_user), 662 install() (in module salt.modules.rbenv), 773 info() (in module salt.modules.pw_group), 762 install() (in module salt.modules.rest_package), 779 info() (in module salt.modules.pw_user), 764 install() (in module salt.modules.rvm), 787 info() (in module salt.modules.redismod), 776 install() (in module salt.modules.sowareupdate), 807 info() (in module salt.modules.shadow), 801 install() (in module salt.modules.solarispkg), 812 info() (in module salt.modules.solaris_group), 809 install() (in module salt.modules.win_pkg), 880 info() (in module salt.modules.solaris_shadow), 810 install() (in module salt.modules.win_servermanager), info() (in module salt.modules.solaris_user), 812 883 info() (in module salt.modules.svn), 833 install() (in module salt.modules.yumpkg), 902 info() (in module salt.modules.useradd), 859 install() (in module salt.modules.zypper), 912 info() (in module salt.modules.win_groupadd), 875 install() (in module salt.states.alternatives), 1077 info() (in module salt.modules.win_shadow), 886 Install() (salt.modules.win_update.PyWinUpdater info() (in module salt.modules.win_useradd), 893 method), 891 info() (in module salt.runners.lxc), 1013 Install() (salt.states.win_update.PyWinUpdater method), init() (in module salt.ﬁleserver.gitfs), 454 1240 init() (in module salt.ﬁleserver.hgfs), 455 install_agent() (in module init() (in module salt.ﬁleserver.svnfs), 458 salt.modules.serverdensity_device), 798 init() (in module salt.modules.git), 602 install_cygwin() (in module salt.modules.chocolatey), init() (in module salt.modules.lxc), 656 511 init() (in module salt.modules.qemu_nbd), 767 install_gem() (in module salt.modules.chocolatey), 512 init() (in module salt.modules.smartos_vmadm), 803 install_missing() (in module salt.modules.chocolatey), init() (in module salt.modules.system), 840 512 init() (in module salt.modules.virt), 863 install_pyenv() (in module salt.states.pyenv), 1209 init() (in module salt.modules.win_system), 887 install_python() (in module salt.modules.chocolatey), 512 init() (in module salt.runners.lxc), 1013 install_python() (in module salt.modules.pyenv), 765 init() (in module salt.runners.virt), 1023 install_rbenv() (in module salt.states.rbenv), 1213 inodeusage() (in module salt.modules.disk), 538 install_ruby() (in module salt.modules.rbenv), 773 insert() (in module salt.modules.iptables), 633 install_ruby() (in module salt.modules.rvm), 787 insert() (in module salt.modules.nables), 703 install_updates() (in module salt.modules.win_update), insert() (in module salt.runners.queue), 1018 891 insert() (in module salt.states.iptables), 1160 install_webpi() (in module salt.modules.chocolatey), 512 insert() (in module salt.states.nables), 1186 install_windowsfeatures() (in module inspect_container() (in module salt.modules.dockerio), salt.modules.chocolatey), 512 547 installed() (in module salt.modules.rest_package), 779 inspect_image() (in module salt.modules.dockerio), 547 installed() (in module salt.states.composer), 1110 install() (in module salt.modules.alternatives), 472 installed() (in module salt.states.dockerio), 1118 install() (in module salt.modules.aptpkg), 476 installed() (in module salt.states.gem), 1142 install() (in module salt.modules.brew), 504 installed() (in module salt.states.npm), 1187</p><p>Index 1495 Salt Documentation, Release 2014.7.6 installed() (in module salt.states.pecl), 1189 is_installed_extension() (in module installed() (in module salt.states.pip_state), 1190 salt.modules.postgres), 753 installed() (in module salt.states.pkg), 1193 is_jail() (in module salt.modules.poudriere), 755 installed() (in module salt.states.ports), 1202 is_kvm_hyper() (in module salt.modules.virt), 863 installed() (in module salt.states.pyenv), 1209 is_link() (in module salt.modules.ﬁle), 574 installed() (in module salt.states.rbenv), 1213 is_link() (in module salt.modules.win_ﬁle), 873 installed() (in module salt.states.rvm), 1217 is_loaded() (in module salt.modules.freebsdkmod), 586 installed() (in module salt.states.win_servermanager), is_loaded() (in module salt.modules.kmod), 641 1239 is_loopback() (in module salt.modules.network), 699 installed() (in module salt.states.win_update), 1241 is_mounted() (in module salt.modules.mount), 685 installed() (in module salt.states.zcbuildout), 1243 is_present() (in module salt.modules.portage_conﬁg), 749 installed_extensions() (in module salt.modules.postgres), is_private() (in module salt.modules.network), 699 752 is_replication_enabled() (in module salt.modules.solr), instance_proﬁle_exists() (in module 818 salt.modules.boto_iam), 500 is_running() (in module salt.modules.dockerio), 547 interface is_running() (in module salt.modules.saltutil), 791 conf/master, 401 is_xen_hyper() (in module salt.modules.virt), 863 interface() (in module salt.modules.network), 698 item() (in module salt.modules.environ), 558 interface_ip() (in module salt.modules.network), 698 item() (in module salt.modules.grains), 612 interfaces() (in module salt.modules.bridge), 507 item() (in module salt.modules.pillar), 726 interfaces() (in module salt.modules.network), 698 items() (in module salt.modules.environ), 559 interfaces() (in module salt.modules.win_network), 878 items() (in module salt.modules.grains), 612 interfaces_names() (in module items() (in module salt.modules.pillar), 727 salt.modules.win_network), 878 iostat() (in module salt.modules.zpool), 911 J ip_addrs() (in module salt.modules.network), 699 Jinja, 1461 ip_addrs() (in module salt.modules.win_network), 878 Job, 1461 ip_addrs6() (in module salt.modules.network), 699 Job ID, 1461 ip_addrs6() (in module salt.modules.win_network), 878 Job Management, 151 ipaddrs() (in module salt.modules.network), 699 job_cache ipaddrs() (in module salt.modules.win_network), 878 conf/master, 404 ipaddrs6() (in module salt.modules.network), 699 jobcheck() (in module salt.modules.at), 484 ipaddrs6() (in module salt.modules.win_network), 878 Jobs (class in salt.netapi.rest_cherrypy.app), 922 ipc_mode JobsSaltAPIHandler (in module conf/minion, 434 salt.netapi.rest_tornado.saltnado), 938 ipcidr() (in module salt.modules.match), 673 join() (in module salt.modules.ﬁle), 574 ipv6 join() (in module salt.states.rabbitmq_cluster), 1210 conf/master, 401 join_cluster() (in module salt.modules.rabbitmq), 769 is_available_extension() (in module join_domain() (in module salt.modules.win_system), 888 salt.modules.postgres), 753 joyent_node_state() (in module salt.cloud.clouds.joyent), is_blkdev() (in module salt.modules.ﬁle), 574 353 is_cached() (in module salt.modules.cp), 525 is_chrdev() (in module salt.modules.ﬁle), 574 K is_disabled() (in module salt.modules.win_ip), 876 keep_jobs is_enabled() (in module salt.modules.freebsdjail), 585 conf/master, 403 is_enabled() (in module salt.modules.win_ip), 876 keepvol_on_destroy() (in module salt.cloud.clouds.ec2), is_ﬁfo() (in module salt.modules.ﬁle), 574 343 is_fuse_exec() (in module salt.modules.mount), 685 key_json() (in module salt.pillar.redismod), 961 is_hyper() (in module salt.modules.virt), 863 key_list() (in module salt.cloud.clouds.joyent), 353 is_hyper() (in module salt.modules.xapi), 895 key_regen() (in module salt.runners.manage), 1015 is_installed() (in module salt.modules.pyenv), 765 key_str() (in module salt.wheel.key), 1254 is_installed() (in module salt.modules.rbenv), 773 key_type() (in module salt.modules.redismod), 776 is_installed() (in module salt.modules.rvm), 788 key_value() (in module salt.pillar.redismod), 961 keyname() (in module salt.cloud.clouds.ec2), 343</p><p>1496 Index Salt Documentation, Release 2014.7.6 keyname() (in module salt.cloud.clouds.libcloud_aws), list_() (in module salt.modules.parted), 723 356 list_() (in module salt.modules.pecl), 725 keypair_add() (in module salt.modules.nova), 707 list_() (in module salt.modules.pip), 730 keypair_delete() (in module salt.modules.nova), 707 list_() (in module salt.modules.pyenv), 765 keypair_list() (in module salt.modules.nova), 707 list_() (in module salt.modules.rbenv), 773 Keys (class in salt.netapi.rest_cherrypy.app), 928 list_() (in module salt.modules.rest_service), 779 keys() (in module salt.modules.redismod), 776 list_() (in module salt.modules.rvm), 788 keys() (in module salt.states.libvirt), 1165 list_() (in module salt.modules.schedule), 795 keyspaces() (in module salt.modules.cassandra), 509 list_() (in module salt.modules.win_autoruns), 868 kill() (in module salt.modules.dockerio), 547 list_() (in module salt.runners.lxc), 1014 kill_job() (in module salt.modules.saltutil), 791 list_() (in module salt.wheel.key), 1254 kill_pid() (in module salt.modules.ps), 757 list_absent() (in module salt.states.grains), 1148 kwarg() (in module salt.modules.test), 844 list_active_vms() (in module salt.modules.smartos_vmadm), 803 L list_active_vms() (in module salt.modules.virt), 863 lastsave() (in module salt.modules.redismod), 777 list_aliases() (in module salt.modules.aliases), 471 latest() (in module salt.states.git), 1143 list_all() (in module salt.modules.freebsdports), 591 latest() (in module salt.states.hg), 1150 list_all() (in module salt.wheel.key), 1254 latest() (in module salt.states.pkg), 1197 list_avail() (in module salt.modules.localemod), 648 latest() (in module salt.states.svn), 1229 list_availability_zones() (in module latest_version() (in module salt.modules.aptpkg), 477 salt.cloud.clouds.aliyun), 335 latest_version() (in module salt.modules.brew), 505 list_availability_zones() (in module latest_version() (in module salt.modules.ebuild), 555 salt.cloud.clouds.ec2), 344 latest_version() (in module salt.modules.freebsdpkg), 589 list_available() (in module salt.modules.win_pkg), 881 latest_version() (in module salt.modules.macports), 663 list_available() (in module latest_version() (in module salt.modules.openbsdpkg), salt.modules.win_servermanager), 883 712 list_backups() (in module salt.modules.ﬁle), 575 latest_version() (in module salt.modules.pacman), 719 list_clusters() (in module salt.cloud.clouds.vsphere), 376 latest_version() (in module salt.modules.pkgin), 733 list_conﬁgured_members() (in module latest_version() (in module salt.modules.pkgng), 739 salt.modules.modjk), 681 latest_version() (in module salt.modules.pkgutil), 746 list_custom_images() (in module latest_version() (in module salt.modules.solarispkg), 813 salt.cloud.clouds.solayer), 373 latest_version() (in module salt.modules.win_pkg), 881 list_datacenters() (in module salt.cloud.clouds.vsphere), latest_version() (in module salt.modules.yumpkg), 903 376 latest_version() (in module salt.modules.zypper), 912 list_datastores() (in module salt.cloud.clouds.vsphere), launch_conﬁguration_exists() (in module 376 salt.modules.boto_asg), 491 list_disks() (in module salt.cloud.clouds.msazure), 360 lb_edit() (in module salt.modules.modjk), 680 list_downloads() (in module lchown() (in module salt.modules.ﬁle), 574 salt.modules.sowareupdate), 808 lchown() (in module salt.modules.win_ﬁle), 873 list_env() (in module salt.wheel.ﬁle_roots), 1253 leaks() (in module salt.modules.tomcat), 852 list_env() (in module salt.wheel.pillar_roots), 1254 license_absent() (in module salt.states.powerpath), 1207 list_exports() (in module salt.modules.nfs3), 700 license_present() (in module salt.states.powerpath), 1207 list_folders() (in module salt.cloud.clouds.vsphere), 376 link() (in module salt.modules.ﬁle), 575 list_functions() (in module salt.modules.sysmod), 838 list() (in module salt.runners.virt), 1024 list_groups() (in module salt.modules.mac_user), 662 list_() (in module salt.modules.bridge), 507 list_groups() (in module salt.modules.pw_user), 764 list_() (in module salt.modules.chocolatey), 513 list_groups() (in module salt.modules.solaris_user), 812 list_() (in module salt.modules.gem), 594 list_groups() (in module salt.modules.useradd), 859 list_() (in module salt.modules.lvs), 652 list_groups() (in module salt.modules.win_useradd), 893 list_() (in module salt.modules.lxc), 657 list_hosted_services() (in module list_() (in module salt.modules.match), 673 salt.cloud.clouds.msazure), 360 list_() (in module salt.modules.mdadm), 675 list_hosts() (in module salt.cloud.clouds.vsphere), 376 list_() (in module salt.modules.nova), 708 list_hosts() (in module salt.modules.hosts), 619 list_() (in module salt.modules.npm), 711</p><p>Index 1497 Salt Documentation, Release 2014.7.6 list_ignored() (in module salt.modules.sowareupdate), list_nodes() (in module salt.cloud.clouds.solayer_hw), 808 374 list_images() (in module salt.modules.cloud), 514 list_nodes() (in module salt.cloud.clouds.vsphere), 376 list_images() (in module salt.runners.cloud), 1008 list_nodes_full() (in module salt.cloud.clouds.aliyun), 335 list_images() (salt.cloud.CloudClient method), 333 list_nodes_full() (in module list_inactive_vms() (in module salt.cloud.clouds.cloudstack), 338 salt.modules.smartos_vmadm), 803 list_nodes_full() (in module list_inactive_vms() (in module salt.modules.virt), 863 salt.cloud.clouds.digital_ocean), 339 list_incidents() (in module salt.modules.pagerduty), 721 list_nodes_full() (in module salt.cloud.clouds.ec2), 344 list_installed() (in module list_nodes_full() (in module salt.cloud.clouds.gce), 349 salt.modules.smartos_imgadm), 802 list_nodes_full() (in module salt.cloud.clouds.gogrid), 351 list_installed() (in module list_nodes_full() (in module salt.cloud.clouds.joyent), 353 salt.modules.win_servermanager), 883 list_nodes_full() (in module salt.cloud.clouds.linode), 358 list_items() (in module salt.runners.queue), 1018 list_nodes_full() (in module salt.cloud.clouds.lxc), 359 list_jails() (in module salt.modules.poudriere), 755 list_nodes_full() (in module salt.cloud.clouds.msazure), list_job() (in module salt.runners.jobs), 1012 360 list_jobs() (in module salt.runners.jobs), 1012 list_nodes_full() (in module salt.cloud.clouds.nova), 362 list_keypairs() (in module list_nodes_full() (in module salt.cloud.clouds.digital_ocean), 339 salt.cloud.clouds.opennebula), 364 list_keys() (in module salt.cloud.clouds.joyent), 353 list_nodes_full() (in module salt.cloud.clouds.openstack), list_length() (in module salt.runners.queue), 1018 366 list_licenses() (in module salt.modules.powerpath), 756 list_nodes_full() (in module salt.cloud.clouds.parallels), list_local() (in module salt.modules.layman), 643 368 list_locations() (in module salt.modules.cloud), 514 list_nodes_full() (in module salt.cloud.clouds.proxmox), list_locations() (in module salt.runners.cloud), 1008 369 list_locations() (salt.cloud.CloudClient method), 333 list_nodes_full() (in module salt.cloud.clouds.rackspace), list_master() (in module salt.modules.cp), 525 371 list_master_dirs() (in module salt.modules.cp), 525 list_nodes_full() (in module salt.cloud.clouds.saltify), 372 list_master_symlinks() (in module salt.modules.cp), 525 list_nodes_full() (in module salt.cloud.clouds.solayer), list_minion() (in module salt.modules.cp), 526 373 list_modules() (in module salt.modules.sysmod), 838 list_nodes_full() (in module list_monitor_data() (in module salt.cloud.clouds.aliyun), salt.cloud.clouds.solayer_hw), 374 335 list_nodes_full() (in module salt.cloud.clouds.vsphere), list_nodes() (in module salt.cloud.clouds.aliyun), 335 376 list_nodes() (in module salt.cloud.clouds.cloudstack), 338 list_nodes_min() (in module salt.cloud.clouds.aliyun), list_nodes() (in module salt.cloud.clouds.digital_ocean), 335 339 list_nodes_min() (in module salt.cloud.clouds.ec2), 344 list_nodes() (in module salt.cloud.clouds.ec2), 344 list_nodes_min() (in module salt.cloud.clouds.vsphere), list_nodes() (in module salt.cloud.clouds.gce), 349 376 list_nodes() (in module salt.cloud.clouds.gogrid), 351 list_nodes_select() (in module salt.cloud.clouds.aliyun), list_nodes() (in module salt.cloud.clouds.joyent), 353 335 list_nodes() (in module salt.cloud.clouds.linode), 358 list_nodes_select() (in module list_nodes() (in module salt.cloud.clouds.lxc), 359 salt.cloud.clouds.cloudstack), 338 list_nodes() (in module salt.cloud.clouds.msazure), 360 list_nodes_select() (in module list_nodes() (in module salt.cloud.clouds.nova), 362 salt.cloud.clouds.digital_ocean), 339 list_nodes() (in module salt.cloud.clouds.opennebula), list_nodes_select() (in module salt.cloud.clouds.ec2), 344 364 list_nodes_select() (in module salt.cloud.clouds.gce), 349 list_nodes() (in module salt.cloud.clouds.openstack), 366 list_nodes_select() (in module salt.cloud.clouds.gogrid), list_nodes() (in module salt.cloud.clouds.parallels), 367 351 list_nodes() (in module salt.cloud.clouds.proxmox), 369 list_nodes_select() (in module salt.cloud.clouds.joyent), list_nodes() (in module salt.cloud.clouds.rackspace), 371 354 list_nodes() (in module salt.cloud.clouds.saltify), 372 list_nodes_select() (in module salt.cloud.clouds.linode), list_nodes() (in module salt.cloud.clouds.solayer), 373 358 list_nodes_select() (in module salt.cloud.clouds.lxc), 359</p><p>1498 Index Salt Documentation, Release 2014.7.6 list_nodes_select() (in module list_repos() (in module salt.modules.zypper), 913 salt.cloud.clouds.msazure), 360 list_resourcepools() (in module list_nodes_select() (in module salt.cloud.clouds.nova), salt.cloud.clouds.vsphere), 376 362 list_returner_functions() (in module list_nodes_select() (in module salt.modules.sysmod), 838 salt.cloud.clouds.opennebula), 364 list_returners() (in module salt.modules.sysmod), 838 list_nodes_select() (in module list_role_policies() (in module salt.modules.boto_iam), salt.cloud.clouds.openstack), 366 500 list_nodes_select() (in module list_roots() (in module salt.wheel.ﬁle_roots), 1253 salt.cloud.clouds.parallels), 368 list_roots() (in module salt.wheel.pillar_roots), 1254 list_nodes_select() (in module list_runner_functions() (in module salt.cloud.clouds.proxmox), 370 salt.modules.sysmod), 838 list_nodes_select() (in module list_runners() (in module salt.modules.sysmod), 838 salt.cloud.clouds.rackspace), 371 list_sebool() (in module salt.modules.selinux), 797 list_nodes_select() (in module salt.cloud.clouds.saltify), list_securitygroup() (in module salt.cloud.clouds.aliyun), 372 336 list_nodes_select() (in module list_servers() (in module salt.modules.haproxyconn), 616 salt.cloud.clouds.solayer), 373 list_services() (in module salt.modules.pagerduty), 721 list_nodes_select() (in module list_sets() (in module salt.modules.ipset), 629 salt.cloud.clouds.solayer_hw), 374 list_sizes() (in module salt.modules.cloud), 515 list_nodes_select() (in module salt.cloud.clouds.vsphere), list_sizes() (in module salt.runners.cloud), 1008 376 list_sizes() (salt.cloud.CloudClient method), 333 list_peers() (in module salt.modules.glusterfs), 607 list_state_functions() (in module salt.modules.sysmod), list_permissions() (in module salt.modules.rabbitmq), 769 839 list_pkgs() (in module salt.modules.aptpkg), 477 list_state_modules() (in module salt.modules.sysmod), list_pkgs() (in module salt.modules.brew), 505 839 list_pkgs() (in module salt.modules.dpkg), 553 list_states() (in module salt.modules.cp), 526 list_pkgs() (in module salt.modules.ebuild), 555 list_storage_services() (in module list_pkgs() (in module salt.modules.freebsdpkg), 589 salt.cloud.clouds.msazure), 360 list_pkgs() (in module salt.modules.macports), 664 list_tab() (in module salt.modules.cron), 526 list_pkgs() (in module salt.modules.openbsdpkg), 712 list_tab() (in module salt.modules.incron), 621 list_pkgs() (in module salt.modules.pacman), 719 list_updates() (in module salt.modules.win_update), 892 list_pkgs() (in module salt.modules.pkgin), 733 list_upgrades() (in module salt.modules.aptpkg), 478 list_pkgs() (in module salt.modules.pkgng), 739 list_upgrades() (in module salt.modules.brew), 505 list_pkgs() (in module salt.modules.pkgutil), 746 list_upgrades() (in module salt.modules.ebuild), 556 list_pkgs() (in module salt.modules.rest_package), 779 list_upgrades() (in module salt.modules.macports), 664 list_pkgs() (in module salt.modules.rpm), 785 list_upgrades() (in module salt.modules.pacman), 719 list_pkgs() (in module salt.modules.solarispkg), 813 list_upgrades() (in module salt.modules.pkgutil), 747 list_pkgs() (in module salt.modules.win_pkg), 881 list_upgrades() (in module salt.modules.sowareupdate), list_pkgs() (in module salt.modules.yumpkg), 903 808 list_pkgs() (in module salt.modules.zypper), 913 list_upgrades() (in module salt.modules.win_pkg), 881 list_plugins() (in module salt.modules.munin), 686 list_upgrades() (in module salt.modules.yumpkg), 904 list_plugins() (in module salt.modules.nagios), 693 list_upgrades() (in module salt.modules.zypper), 913 list_policies() (in module salt.modules.rabbitmq), 769 list_user_permissions() (in module list_ports() (in module salt.modules.poudriere), 755 salt.modules.rabbitmq), 770 list_present() (in module salt.states.grains), 1148 list_users() (in module salt.modules.mac_user), 662 list_queues() (in module salt.modules.aws_sqs), 486 list_users() (in module salt.modules.pw_user), 764 list_queues() (in module salt.modules.rabbitmq), 769 list_users() (in module salt.modules.rabbitmq), 770 list_queues() (in module salt.runners.queue), 1018 list_users() (in module salt.modules.useradd), 859 list_queues_vhost() (in module salt.modules.rabbitmq), list_users() (in module salt.modules.win_useradd), 893 769 list_vhosts() (in module salt.modules.rabbitmq), 770 list_repo_pkgs() (in module salt.modules.yumpkg), 903 list_vlans() (in module salt.cloud.clouds.solayer), 373 list_repos() (in module salt.modules.aptpkg), 477 list_vlans() (in module salt.cloud.clouds.solayer_hw), list_repos() (in module salt.modules.yumpkg), 904 374</p><p>Index 1499 Salt Documentation, Release 2014.7.6 list_vms() (in module salt.modules.smartos_vmadm), 803 conf/master, 426 list_vms() (in module salt.modules.virt), 863 conf/minion, 440 list_vms() (in module salt.modules.xapi), 895 log_level_logﬁle list_volumes() (in module salt.modules.glusterfs), 607 conf/logging, 443 list_webpi() (in module salt.modules.chocolatey), 513 conf/master, 426 list_windowsfeatures() (in module conf/minion, 440 salt.modules.chocolatey), 513 Login (class in salt.netapi.rest_cherrypy.app), 919 llen() (in module salt.modules.redismod), 777 login() (in module salt.modules.dockerio), 548 load() (in module salt.modules.data), 531 Logout (class in salt.netapi.rest_cherrypy.app), 921 load() (in module salt.modules.freebsdkmod), 586 logs() (in module salt.modules.dockerio), 548 load() (in module salt.modules.kmod), 641 lookup_jid() (in module salt.runners.jobs), 1012 load_states() (in module salt.renderers.pyobjects), 981 loop_interval loadavg() (in module salt.modules.status), 828 conf/master, 404 loadavg() (in module salt.states.status), 1227 Low State, 1462 loaddata() (in module salt.modules.djangomod), 539 low() (in module salt.modules.state), 825 LoaderError, 461, 463 low() (salt.cloud.CloudClient method), 333 local() (salt.netapi.NetapiClient method), 280 LowDataAdapter (class in salt.netapi.rest_cherrypy.app), local_async() (salt.netapi.NetapiClient method), 280 918 local_batch() (salt.netapi.NetapiClient method), 281 lowstate, 933 LocalClient (class in salt.client), 326 lrange() (in module salt.modules.redismod), 777 locate() (in module salt.modules.locate), 648 ls() (in module salt.modules.augeas_cfg), 484 lock() (in module salt.ﬁleserver.gitfs), 454 ls() (in module salt.modules.cron), 526 lock() (in module salt.ﬁleserver.hgfs), 455 ls() (in module salt.modules.grains), 612 lock() (in module salt.ﬁleserver.svnfs), 459 ls() (in module salt.modules.incron), 621 lock() (in module salt.modules.nova), 708 ls() (in module salt.modules.lxc), 658 lock() (in module salt.modules.osxdesktop), 717 ls() (in module salt.modules.serverdensity_device), 799 lock() (in module salt.runners.ﬁleserver), 1011 ls() (in module salt.modules.tomcat), 853 lock() (in module salt.states.zk_concurrency), 1244 ls_() (in module salt.modules.etcd_mod), 561 log_datefmt ls_remote() (in module salt.modules.git), 602 conf/logging, 443 lsmod() (in module salt.modules.freebsdkmod), 586 conf/master, 427 lsmod() (in module salt.modules.kmod), 641 conf/minion, 440 lstat() (in module salt.modules.ﬁle), 575 log_datefmt_logﬁle lucene_version() (in module salt.modules.solr), 818 conf/logging, 444 lv_absent() (in module salt.states.lvm), 1166 conf/master, 427 lv_present() (in module salt.states.lvm), 1166 conf/minion, 440 lvcreate() (in module salt.modules.linux_lvm), 645 log_ﬁle lvdisplay() (in module salt.modules.linux_lvm), 645 conf/logging, 443 lvremove() (in module salt.modules.linux_lvm), 645 conf/master, 426 conf/minion, 439 M log_fmt_console make_image() (in module salt.modules.qemu_img), 766 conf/logging, 444 make_pkgng_aware() (in module conf/master, 427 salt.modules.poudriere), 755 conf/minion, 440 makedirs_() (in module salt.modules.ﬁle), 575 log_fmt_logﬁle makedirs_perms() (in module salt.modules.ﬁle), 575 conf/logging, 444 makeopts_contains() (in module salt.modules.makecon), conf/master, 427 668 conf/minion, 440 manage_ﬁle() (in module salt.modules.ﬁle), 575 log_granular_levels manage_mode() (in module salt.modules.conﬁg), 523 conf/logging, 444 managed() (in module salt.states.ﬁle), 1132 conf/master, 427 managed() (in module salt.states.memcached), 1171 conf/minion, 441 managed() (in module salt.states.network), 1183 log_level managed() (in module salt.states.ntp), 1188 conf/logging, 443 managed() (in module salt.states.pkgrepo), 1199</p><p>1500 Index Salt Documentation, Release 2014.7.6 managed() (in module salt.states.virtualenv_mod), 1236 migrate_non_shared() (in module salt.modules.virt), 864 managed() (in module salt.states.win_network), 1238 migrate_non_shared_inc() (in module salt.modules.virt), managedcloud() (in module salt.cloud.clouds.nova), 362 864 managedcloud() (in module salt.cloud.clouds.openstack), min_query() (salt.cloud.CloudClient method), 333 366 Mine, 143, 1462 Map (class in salt.utils.aggregation), 460 mine() (in module salt.runners.cache), 1007 map_run() (in module salt.runners.cloud), 1008 Minion, 1462 map_run() (salt.cloud.CloudClient method), 333 Minion ID, 1462 Master, 1462 Minion proc System, 151 master minion_conﬁg() (in module salt.conﬁg), 325 conf/minion, 429 minion_data_cache Master Tops, 1462 conf/master, 405 master() (in module salt.modules.status), 828 minion_mods() (in module salt.loader), 325 master() (in module salt.modules.win_status), 886 MinionError, 461, 463 master_id minionfs_blacklist conf/master, 401 conf/master, 422 master_job_cache minionfs_env conf/master, 405 conf/master, 421 master_port minionfs_mountpoint conf/minion, 430 conf/master, 421 master_pubkey_signature minionfs_whitelist conf/master, 409 conf/master, 421 master_sign_key_name Minions (class in salt.netapi.rest_cherrypy.app), 921 conf/master, 408 MinionSaltAPIHandler (in module conf/minion, 439 salt.netapi.rest_tornado.saltnado), 938 master_sign_pubkey missing() (in module salt.modules.daemontools), 528 conf/master, 408 missing() (in module salt.modules.debian_service), 536 master_tops missing() (in module salt.modules.freebsdservice), 593 conf/master, 410 missing() (in module salt.modules.gentoo_service), 597 master_type missing() (in module salt.modules.launchctl), 642 conf/minion, 430 missing() (in module salt.modules.netbsdservice), 696 master_use_pubkey_signature missing() (in module salt.modules.openbsdservice), 714 conf/master, 409 missing() (in module salt.modules.rh_service), 783 MasterExit, 461, 463 missing() (in module salt.modules.service), 799 Masterless, 1462 missing() (in module salt.modules.sm), 805 match() (in module salt.modules.augeas_cfg), 485 missing() (in module salt.modules.systemd), 842 match_index_versions() (in module salt.modules.solr), missing() (in module salt.modules.upstart), 857 818 missing() (in module salt.modules.win_service), 885 max_minions missing() (in module salt.states.ﬁle), 1134 conf/master, 405 mkconﬁg() (in module salt.modules.seed), 796 max_open_ﬁles mkdir() (in module salt.modules.ﬁle), 576 conf/master, 402 mkfs() (in module salt.modules.extfs), 563 maybe_ﬁx_ssl_version() (in module salt.modules.tls), 851 mkfs() (in module salt.modules.parted), 723 md5_digest() (in module salt.modules.hashutil), 617 mklabel() (in module salt.modules.parted), 723 member_status() (in module salt.modules.riak), 784 mknod() (in module salt.modules.ﬁle), 576 members() (in module salt.modules.groupadd), 614 mknod() (in module salt.states.ﬁle), 1134 meminfo() (in module salt.modules.status), 828 mknod_blkdev() (in module salt.modules.ﬁle), 576 memory() (in module salt.modules.sysbench), 837 mknod_chrdev() (in module salt.modules.ﬁle), 576 merge() (in module salt.modules.conﬁg), 523 mknod_ﬁfo() (in module salt.modules.ﬁle), 577 merge() (in module salt.modules.git), 602 mkpart() (in module salt.modules.parted), 723 merger (class in salt.pillar.mysql), 959 mkpartfs() (in module salt.modules.parted), 723 migrate() (in module salt.modules.virt), 864 mmodule() (in module salt.modules.saltutil), 792 migrate() (in module salt.modules.xapi), 895 mod_aggregate() (in module salt.states.pkg), 1197 migrate() (in module salt.runners.virt), 1024 mod_hostname() (in module salt.modules.network), 699</p><p>Index 1501 Salt Documentation, Release 2014.7.6 mod_list() (in module salt.modules.freebsdkmod), 587 network_create() (in module salt.cloud.clouds.nova), 362 mod_list() (in module salt.modules.kmod), 641 network_create() (in module salt.modules.cloud), 515 mod_repo() (in module salt.modules.aptpkg), 478 network_io_counters() (in module salt.modules.ps), 758 mod_repo() (in module salt.modules.yumpkg), 904 network_list() (in module salt.cloud.clouds.nova), 362 mod_repo() (in module salt.modules.zypper), 913 network_list() (in module salt.modules.cloud), 515 mod_run_check() (in module salt.states.cmd), 1106 networks() (in module salt.cloud.clouds.openstack), 366 mod_run_check() (in module salt.states.git), 1144 new_chain() (in module salt.modules.iptables), 633 mod_run_check_cmd() (in module salt.states.ﬁle), 1135 new_chain() (in module salt.modules.nables), 704 mod_watch() (in module salt.states.cmd), 1106 new_set() (in module salt.modules.ipset), 629 mod_watch() (in module salt.states.dockerio), 1119 new_table() (in module salt.modules.nables), 704 mod_watch() (in module salt.states.module), 1174 next_hyper() (in module salt.runners.virt), 1024 mod_watch() (in module salt.states.mount), 1176 Node Group, 1462 mod_watch() (in module salt.states.service), 1224 node_info() (in module salt.modules.virt), 864 mod_watch() (in module salt.states.supervisord), 1228 node_info() (in module salt.modules.xapi), 895 mod_watch() (in module salt.states.test), 1230 nodegroups mod_watch() (in module salt.states.tomcat), 1232 conf/master, 427 mode() (in module salt.states.quota), 1209 noop() (in module salt.modules.puppet), 761 mode() (in module salt.states.selinux), 1222 normalize_name() (in module salt.modules.yumpkg), 905 modfacl() (in module salt.modules.linux_acl), 644 noscan() (in module salt.modules.bluez), 488 modify() (in module salt.modules.schedule), 795 not_loaded() (in module salt.modules.test), 844 modify() (in module salt.modules.sqlite3), 821 nproc() (in module salt.modules.status), 829 module_dirs NS() (in module salt.modules.dig), 538 conf/minion, 435 NS() (in module salt.modules.dnsutil), 541 modules() (in module salt.modules.apache), 473 nslookup() (in module salt.modules.win_network), 879 monitor() (in module salt.modules.monit), 683 num_cpus() (in module salt.modules.ps), 758 monitored() (in module salt.states.serverdensity_device), num_ﬁelds (salt.pillar.mysql.merger aribute), 959 1222 mount() (in module salt.modules.guestfs), 614 O mount() (in module salt.modules.mount), 685 oﬀ() (in module salt.modules.quota), 767 mount() (in module salt.modules.qemu_nbd), 767 on() (in module salt.modules.quota), 767 mount_image() (in module salt.modules.img), 621 open_ﬁles() (in module salt.modules.ﬁle), 577 mounted() (in module salt.states.mount), 1176 open_mode mounts() (in module salt.modules.moosefs), 684 conf/master, 406 msg (salt.auth.pam.PamMessage aribute), 298 conf/minion, 438 msg_style (salt.auth.pam.PamMessage aribute), 298 optimize() (in module salt.modules.solr), 818 Multi-Master, 1462 optimize_providers() (in module salt.cloud.clouds.ec2), multiprocessing 344 conf/minion, 439 option() (in module salt.modules.conﬁg), 523 mutex() (in module salt.modules.sysbench), 837 options() (in module salt.modules.supervisord), 830 MX() (in module salt.modules.dig), 537 options_absent() (in module salt.states.ini_manage), 1154 MX() (in module salt.modules.dnsutil), 541 options_present() (in module salt.states.ini_manage), 1154 N opts_pkg() (in module salt.modules.test), 844 name() (in module salt.modules.parted), 724 orchestrate() (in module salt.runners.state), 1021 namenode_format() (in module salt.modules.hadoop), order_masters 615 conf/master, 424 NestDisplay (class in salt.output.nested), 944 output NestDisplay (class in salt.output.no_return), 945 conf/master, 404 NetapiClient (class in salt.netapi), 280 output() (in module salt.output.grains), 941 netdev() (in module salt.modules.status), 828 output() (in module salt.output.highstate), 942 netstat() (in module salt.modules.network), 700 output() (in module salt.output.json_out), 943 netstat() (in module salt.modules.win_network), 878 output() (in module salt.output.key), 943 netstats() (in module salt.modules.cassandra), 509 output() (in module salt.output.nested), 944 netstats() (in module salt.modules.status), 829</p><p>1502 Index Salt Documentation, Release 2014.7.6 output() (in module salt.output.newline_values_only), persist() (in module salt.modules.darwin_sysctl), 529 945 persist() (in module salt.modules.freebsd_sysctl), 585 output() (in module salt.output.no_out), 945 persist() (in module salt.modules.linux_sysctl), 647 output() (in module salt.output.no_return), 945 persist() (in module salt.modules.netbsd_sysctl), 695 output() (in module salt.output.overstatestage), 946 pgrep() (in module salt.modules.ps), 758 output() (in module salt.output.pprint_out), 946 pid() (in module salt.modules.status), 829 output() (in module salt.output.raw), 946 pidﬁle output() (in module salt.output.txt), 946 conf/master, 402 output() (in module salt.output.virt_query), 947 conf/minion, 431 output() (in module salt.output.yaml_out), 947 Pillar, 1462 Outpuer, 1462 pillar() (in module salt.modules.match), 674 outpuer() (in module salt.modules.test), 844 pillar() (in module salt.runners.cache), 1007 over() (in module salt.runners.state), 1021 pillar_dir() (salt.pillar.svn_pillar.SvnPillar method), 963 Overstate, 1462 pillar_roots owner() (in module salt.modules.aptpkg), 478 conf/master, 422 owner() (in module salt.modules.pacman), 719 conf/minion, 438 owner() (in module salt.modules.yumpkg), 905 pillar_source_merging_strategy owner_to() (in module salt.modules.postgres), 753 conf/master, 423 ping() (in module salt.modules.gnomedesktop), 608 P ping() (in module salt.modules.junos), 634 pack() (in module salt.modules.genesis), 596 ping() (in module salt.modules.network), 700 pack_sources() (in module salt.modules.pkg_resource), ping() (in module salt.modules.redismod), 777 732 ping() (in module salt.modules.rest_sample), 779 pair() (in module salt.modules.bluez), 488 ping() (in module salt.modules.solr), 819 PamConv (class in salt.auth.pam), 298 ping() (in module salt.modules.sysbench), 837 PamHandle (class in salt.auth.pam), 298 ping() (in module salt.modules.test), 844 PamMessage (class in salt.auth.pam), 298 ping() (in module salt.modules.win_network), 879 PamResponse (class in salt.auth.pam), 298 pkg() (in module salt.modules.state), 825 param_set() (in module salt.modules.varnish), 860 PkgParseError, 461, 463 param_show() (in module salt.modules.varnish), 860 pki_dir pardir() (in module salt.modules.ﬁle), 577 conf/master, 403 parse_conﬁg() (in module salt.modules.pkgng), 740 conf/minion, 431 parse_conﬁg() (in module salt.modules.poudriere), 755 pkill() (in module salt.modules.ps), 758 parse_hosts() (in module salt.modules.dnsutil), 542 plugin_is_enabled() (in module salt.modules.rabbitmq), parse_targets() (in module salt.modules.pkg_resource), 770 732 policy_exists() (in module salt.modules.rabbitmq), 770 parse_zone() (in module salt.modules.dnsutil), 542 pop() (in module salt.runners.queue), 1018 part_list() (in module salt.modules.parted), 724 port() (in module salt.modules.dockerio), 548 passwd() (in module salt.modules.tomcat), 853 porree_matches() (in module salt.modules.ebuild), 556 patch() (in module salt.modules.ﬁle), 577 POST (salt.netapi.rest_cherrypy.app.LowDataAdapter patch() (in module salt.states.ﬁle), 1135 aribute), 919 path_exists_glob() (in module salt.modules.ﬁle), 577 POST() (salt.netapi.rest_cherrypy.app.Keys method), 929 pause() (in module salt.modules.virt), 864 POST() (salt.netapi.rest_cherrypy.app.Login method), pause() (in module salt.modules.xapi), 896 919 pause() (in module salt.runners.virt), 1024 POST() (salt.netapi.rest_cherrypy.app.Logout method), pcre() (in module salt.modules.match), 674 921 peer POST() (salt.netapi.rest_cherrypy.app.Minions method), conf/master, 425 921 Peer Communication, 1462 POST() (salt.netapi.rest_cherrypy.app.Run method), 923 peer() (in module salt.modules.glusterfs), 607 POST() (salt.netapi.rest_cherrypy.app.Webhook method), peer_run 926 conf/master, 426 power() (in module salt.modules.bluez), 488 peered() (in module salt.states.glusterfs), 1145 poweroﬀ() (in module salt.modules.system), 840 percent() (in module salt.modules.disk), 538 poweroﬀ() (in module salt.modules.win_system), 888</p><p>Index 1503 Salt Documentation, Release 2014.7.6 preferred_ip() (in module salt.cloud.clouds.nova), 362 present() (in module salt.states.incron), 1152 preferred_ip() (in module salt.cloud.clouds.openstack), present() (in module salt.states.inﬂuxdb_database), 1153 366 present() (in module salt.states.inﬂuxdb_user), 1153 preferred_ip() (in module salt.cloud.clouds.rackspace), present() (in module salt.states.ipset), 1156 371 present() (in module salt.states.kmod), 1164 prep_jid() (in module salt.returners.carbon_return), 990 present() (in module salt.states.layman), 1164 prep_jid() (in module salt.returners.cassandra_return), present() (in module salt.states.locale), 1165 990 present() (in module salt.states.lvs_server), 1167 prep_jid() (in module salt.returners.couchbase_return), present() (in module salt.states.lvs_service), 1167 991 present() (in module salt.states.makecon), 1170 prep_jid() (in module salt.returners.couchdb_return), 992 present() (in module salt.states.mdadm), 1170 prep_jid() (in module salt.returners.elasticsearch_return), present() (in module salt.states.mongodb_user), 1175 992 present() (in module salt.states.mysql_database), 1177 prep_jid() (in module salt.returners.etcd_return), 993 present() (in module salt.states.mysql_grants), 1178 prep_jid() (in module salt.returners.local_cache), 994 present() (in module salt.states.mysql_user), 1180 prep_jid() (in module salt.returners.memcache_return), present() (in module salt.states.openstack_conﬁg), 1188 994 present() (in module salt.states.postgres_database), 1202 prep_jid() (in module salt.returners.mongo_future_return), present() (in module salt.states.postgres_extension), 1203 995 present() (in module salt.states.postgres_group), 1204 prep_jid() (in module salt.returners.mongo_return), 996 present() (in module salt.states.postgres_user), 1206 prep_jid() (in module salt.returners.multi_returner), 996 present() (in module salt.states.rabbitmq_policy), 1211 prep_jid() (in module salt.returners.mysql), 998 present() (in module salt.states.rabbitmq_user), 1211 prep_jid() (in module salt.returners.odbc), 1000 present() (in module salt.states.rabbitmq_vhost), 1212 prep_jid() (in module salt.returners.postgres), 1001 present() (in module salt.states.reg), 1215 prep_jid() (in module salt.returners.redis_return), 1002 present() (in module salt.states.schedule), 1221 prep_jid() (in module salt.returners.sentry_return), 1002 present() (in module salt.states.ssh_auth), 1225 prep_jid() (in module salt.returners.smtp_return), 1003 present() (in module salt.states.ssh_known_hosts), 1226 prep_jid() (in module salt.returners.sqlite3_return), 1004 present() (in module salt.states.sysctl), 1229 prep_jid() (in module salt.returners.syslog_return), 1005 present() (in module salt.states.user), 1234 prepend() (in module salt.modules.ﬁle), 577 primary_suﬃx() (in module salt.states.win_dns_client), prepend() (in module salt.states.ﬁle), 1136 1236 presence_events print_job() (in module salt.runners.jobs), 1012 conf/master, 406 probe() (in module salt.modules.parted), 724 present() (in module salt.runners.manage), 1015 process_ﬁelds() (salt.pillar.mysql.merger method), 959 present() (in module salt.states.alias), 1077 process_queue() (in module salt.runners.queue), 1019 present() (in module salt.states.at), 1081 process_results() (salt.pillar.mysql.merger method), 959 present() (in module salt.states.boto_asg), 1086 processlist() (in module salt.modules.mysql), 690 present() (in module salt.states.boto_cloudwatch_alarm), procs() (in module salt.modules.status), 829 1088 procs() (in module salt.modules.win_status), 886 present() (in module salt.states.boto_elasticache), 1090 proﬁle() (in module salt.runners.cloud), 1008 present() (in module salt.states.boto_elb), 1092 proﬁle() (in module salt.states.cloud), 1103 present() (in module salt.states.boto_iam_role), 1094 proﬁle() (salt.cloud.CloudClient method), 333 present() (in module salt.states.boto_lc), 1096 proﬁle_() (in module salt.modules.cloud), 515 present() (in module salt.states.boto_route53), 1099 proﬁle_associated() (in module salt.modules.boto_iam), present() (in module salt.states.boto_secgroup), 1100 500 present() (in module salt.states.boto_sqs), 1102 provider() (in module salt.modules.test), 844 present() (in module salt.states.cloud), 1102 providers present() (in module salt.states.cron), 1114 conf/minion, 436 present() (in module salt.states.ddns), 1115 providers() (in module salt.modules.test), 845 present() (in module salt.states.dockerio), 1119 Proxy Minion, 1462 present() (in module salt.states.git), 1144 psed() (in module salt.modules.ﬁle), 578 present() (in module salt.states.grains), 1148 psql_query() (in module salt.modules.postgres), 753 present() (in module salt.states.group), 1149 publish() (in module salt.modules.publish), 760 present() (in module salt.states.host), 1151 publish() (in module salt.modules.raet_publish), 772</p><p>1504 Index Salt Documentation, Release 2014.7.6 publish_port queue_instances() (in module salt.cloud.clouds.ec2), 344 conf/master, 401 quote_identiﬁer() (in module salt.modules.mysql), 690 pull() (in module salt.modules.dockerio), 548 pull() (in module salt.modules.git), 603 R pull() (in module salt.modules.hg), 618 rackconnect() (in module salt.cloud.clouds.nova), 362 pulled() (in module salt.states.dockerio), 1119 rackconnect() (in module salt.cloud.clouds.openstack), purge() (in module salt.modules.aptpkg), 478 367 purge() (in module salt.modules.ebuild), 556 rand_sleep() (in module salt.modules.test), 845 purge() (in module salt.modules.openbsdpkg), 712 rand_str() (in module salt.modules.test), 845 purge() (in module salt.modules.pacman), 719 random_reauth_delay purge() (in module salt.modules.pkgin), 734 conf/minion, 433 purge() (in module salt.modules.pkgutil), 747 range_server purge() (in module salt.modules.schedule), 796 conf/master, 428 purge() (in module salt.modules.solarispkg), 814 rar() (in module salt.modules.archive), 481 purge() (in module salt.modules.varnish), 860 raw() (in module salt.modules.pillar), 727 purge() (in module salt.modules.virt), 864 raw_cron() (in module salt.modules.cron), 527 purge() (in module salt.modules.win_pkg), 881 raw_incron() (in module salt.modules.incron), 621 purge() (in module salt.modules.yumpkg), 905 raw_interface_conﬁgs() (in module salt.modules.win_ip), purge() (in module salt.modules.zypper), 913 876 purge() (in module salt.runners.lxc), 1014 raw_mod() (in module salt.loader), 326 purge() (in module salt.runners.virt), 1024 raw_system_incron() (in module salt.modules.incron), purged() (in module salt.states.pkg), 1197 621 push() (in module salt.modules.cp), 526 Reactor, 136, see Event, 1462 push() (in module salt.modules.dockerio), 548 read() (in module salt.wheel.ﬁle_roots), 1253 push() (in module salt.modules.git), 603 read() (in module salt.wheel.pillar_roots), 1254 push_dir() (in module salt.modules.cp), 526 read_conf() (in module salt.modules.lxc), 658 pushed() (in module salt.states.dockerio), 1119 read_ﬁle() (in module salt.modules.pam), 721 put() (in module salt.modules.s3), 790 read_key() (in module salt.modules.reg), 778 put() (in module salt.modules.swi), 836 readdir() (in module salt.modules.ﬁle), 579 pv_absent() (in module salt.states.lvm), 1166 readlink() (in module salt.modules.ﬁle), 579 pv_present() (in module salt.states.lvm), 1166 readlink() (in module salt.modules.win_ﬁle), 873 pvcreate() (in module salt.modules.linux_lvm), 645 rebase() (in module salt.modules.git), 603 pvdisplay() (in module salt.modules.linux_lvm), 646 reboot() (in module salt.cloud.clouds.aliyun), 336 pvremove() (in module salt.modules.linux_lvm), 646 reboot() (in module salt.cloud.clouds.ec2), 344 PyDSL, 1462 reboot() (in module salt.cloud.clouds.gce), 349 PyWinUpdater (class in salt.modules.win_update), 890 reboot() (in module salt.cloud.clouds.joyent), 354 PyWinUpdater (class in salt.states.win_update), 1240 reboot() (in module salt.cloud.clouds.nova), 362 reboot() (in module salt.cloud.clouds.openstack), 367 Q reboot() (in module salt.modules.smartos_vmadm), 803 query() (in module salt.cloud.clouds.aliyun), 336 reboot() (in module salt.modules.system), 840 query() (in module salt.cloud.clouds.digital_ocean), 339 reboot() (in module salt.modules.virt), 864 query() (in module salt.cloud.clouds.ec2), 344 reboot() (in module salt.modules.win_system), 888 query() (in module salt.cloud.clouds.joyent), 354 reboot() (in module salt.modules.xapi), 896 query() (in module salt.cloud.clouds.parallels), 368 receive_message() (in module salt.modules.aws_sqs), 486 query() (in module salt.cloud.clouds.proxmox), 370 recon_default query() (in module salt.modules.cloud), 515 conf/minion, 433 query() (in module salt.modules.inﬂux), 624 recon_max query() (in module salt.modules.mysql), 690 conf/minion, 433 query() (in module salt.runners.cloud), 1008 recon_randomize query() (in module salt.runners.search), 1019 conf/minion, 434 query() (in module salt.runners.virt), 1024 recover_all() (in module salt.modules.modjk), 681 query() (salt.cloud.CloudClient method), 333 recurse() (in module salt.states.ﬁle), 1136 query_instance() (in module salt.cloud.clouds.ec2), 344 recv() (in module salt.modules.cp), 526 queue_exists() (in module salt.modules.aws_sqs), 486 recv_known_host() (in module salt.modules.ssh), 823</p><p>Index 1505 Salt Documentation, Release 2014.7.6 reformat_node() (in module salt.cloud.clouds.joyent), 354 remove() (in module salt.modules.kmod), 641 refresh_db() (in module salt.modules.aptpkg), 479 remove() (in module salt.modules.logadm), 649 refresh_db() (in module salt.modules.brew), 505 remove() (in module salt.modules.macports), 664 refresh_db() (in module salt.modules.ebuild), 556 remove() (in module salt.modules.openbsdpkg), 713 refresh_db() (in module salt.modules.freebsdpkg), 589 remove() (in module salt.modules.pacman), 720 refresh_db() (in module salt.modules.macports), 664 remove() (in module salt.modules.pkgin), 734 refresh_db() (in module salt.modules.pacman), 719 remove() (in module salt.modules.pkgng), 740 refresh_db() (in module salt.modules.pkgin), 734 remove() (in module salt.modules.pkgutil), 747 refresh_db() (in module salt.modules.pkgng), 740 remove() (in module salt.modules.rest_package), 779 refresh_db() (in module salt.modules.pkgutil), 747 remove() (in module salt.modules.solarispkg), 814 refresh_db() (in module salt.modules.win_pkg), 881 remove() (in module salt.modules.supervisord), 830 refresh_db() (in module salt.modules.yumpkg), 905 remove() (in module salt.modules.svn), 834 refresh_db() (in module salt.modules.zypper), 914 remove() (in module salt.modules.win_path), 880 refresh_modules() (in module salt.modules.saltutil), 792 remove() (in module salt.modules.win_pkg), 882 refresh_pillar() (in module salt.modules.saltutil), 792 remove() (in module salt.modules.win_servermanager), regen_keys() (in module salt.modules.saltutil), 792 883 register_instances() (in module salt.modules.boto_elb), remove() (in module salt.modules.yumpkg), 906 498 remove() (in module salt.modules.zypper), 914 Registry (class in salt.modules.reg), 778 remove() (in module salt.states.alternatives), 1078 rehash() (in module salt.modules.pyenv), 765 remove_complex_types() (in module rehash() (in module salt.modules.rbenv), 773 salt.cloud.clouds.linode), 358 rehash() (in module salt.modules.win_path), 880 remove_container() (in module salt.modules.dockerio), rehashconf() (in module salt.modules.znc), 910 548 reinstall_ruby() (in module salt.modules.rvm), 788 remove_image() (in module salt.modules.dockerio), 549 reject() (in module salt.wheel.key), 1254 remove_license() (in module salt.modules.powerpath), reload_() (in module salt.modules.daemontools), 528 756 reload_() (in module salt.modules.debian_service), 536 remove_option() (in module salt.modules.ini_manage), reload_() (in module salt.modules.freebsdservice), 593 627 reload_() (in module salt.modules.netbsdservice), 697 remove_section() (in module salt.modules.ini_manage), reload_() (in module salt.modules.openbsdservice), 714 627 reload_() (in module salt.modules.rh_service), 783 remove_var() (in module salt.modules.makecon), 668 reload_() (in module salt.modules.schedule), 796 removed() (in module salt.states.gem), 1142 reload_() (in module salt.modules.service), 799 removed() (in module salt.states.npm), 1187 reload_() (in module salt.modules.sm), 805 removed() (in module salt.states.pecl), 1190 reload_() (in module salt.modules.systemd), 842 removed() (in module salt.states.pip_state), 1193 reload_() (in module salt.modules.tomcat), 853 removed() (in module salt.states.pkg), 1198 reload_() (in module salt.modules.upstart), 857 removegroup() (in module salt.modules.win_useradd), reload_core() (in module salt.modules.solr), 819 894 reload_import_conﬁg() (in module salt.modules.solr), rename() (in module salt.cloud.clouds.ec2), 344 819 rename() (in module salt.cloud.clouds.libcloud_aws), 356 reload_modules() (in module salt.modules.sysmod), 839 rename() (in module salt.modules.ﬁle), 579 remote_get() (in module salt.modules.git), 603 rename() (in module salt.states.ﬁle), 1138 remote_set() (in module salt.modules.git), 604 rename_set() (in module salt.modules.ipset), 629 remotes() (in module salt.modules.git), 604 Render Pipe, 1462 remount() (in module salt.modules.mount), 685 render() (in module salt.renderers.gpg), 967 remove() (in module salt.modules.alternatives), 472 render() (in module salt.renderers.jinja), 970 remove() (in module salt.modules.aptpkg), 479 render() (in module salt.renderers.json), 971 remove() (in module salt.modules.augeas_cfg), 485 render() (in module salt.renderers.mako), 972 remove() (in module salt.modules.brew), 505 render() (in module salt.renderers.msgpack), 972 remove() (in module salt.modules.ebuild), 556 render() (in module salt.renderers.py), 973 remove() (in module salt.modules.ﬁle), 579 render() (in module salt.renderers.pydsl), 978 remove() (in module salt.modules.freebsdkmod), 587 render() (in module salt.renderers.pyobjects), 981 remove() (in module salt.modules.freebsdpkg), 589 render() (in module salt.renderers.wempy), 985 remove() (in module salt.modules.grains), 612 render() (in module salt.renderers.yaml), 986</p><p>1506 Index Salt Documentation, Release 2014.7.6 render() (in module salt.renderers.yamlex), 987 resume() (in module salt.modules.virt), 864 render_dirs resume() (in module salt.modules.xapi), 896 conf/minion, 436 resume() (in module salt.runners.virt), 1024 Renderer, 1462 ret_glob_minions() (salt.roster.ﬂat.RosterMatcher renderer method), 1005 conf/master, 410 ret_list_minions() (salt.roster.ﬂat.RosterMatcher conf/minion, 436 method), 1005 replace() (in module salt.modules.ﬁle), 579 ret_pcre_minions() (salt.roster.ﬂat.RosterMatcher replace() (in module salt.modules.memcached), 676 method), 1005 replace() (in module salt.modules.zpool), 911 ret_port replace() (in module salt.states.ﬁle), 1138 conf/master, 402 replication_details() (in module salt.modules.solr), 820 retcode() (in module salt.modules.cmdmod), 516 report() (in module salt.modules.quota), 767 retcode() (in module salt.modules.dockerio), 549 request_instance() (in module salt.cloud.clouds.ec2), 344 retcode() (in module salt.modules.nagios), 693 request_instance() (in module salt.cloud.clouds.nova), retcode() (in module salt.modules.test), 845 362 retcode_pillar() (in module salt.modules.nagios), 694 request_instance() (in module retry_dns salt.cloud.clouds.openstack), 367 conf/minion, 430 reread() (in module salt.modules.supervisord), 830 Returner, 1462 rescue() (in module salt.modules.parted), 724 returner() (in module salt.returners.carbon_return), 990 reset() (in module salt.modules.git), 604 returner() (in module salt.returners.cassandra_return), reset() (in module salt.modules.rabbitmq), 770 990 reset() (in module salt.modules.virt), 864 returner() (in module salt.returners.couchbase_return), reset() (in module salt.modules.xapi), 896 991 reset() (in module salt.runners.virt), 1024 returner() (in module salt.returners.couchdb_return), 992 reset_ignored() (in module salt.modules.sowareupdate), returner() (in module salt.returners.elasticsearch_return), 808 992 reset_stats() (in module salt.modules.modjk), 681 returner() (in module salt.returners.etcd_return), 993 resize() (in module salt.modules.parted), 724 returner() (in module salt.returners.local), 993 resp (salt.auth.pam.PamResponse aribute), 298 returner() (in module salt.returners.local_cache), 994 resp_retcode (salt.auth.pam.PamResponse aribute), 298 returner() (in module salt.returners.memcache_return), restart() (in module salt.modules.daemontools), 529 994 restart() (in module salt.modules.debian_service), 536 returner() (in module salt.returners.mongo_future_return), restart() (in module salt.modules.dockerio), 549 995 restart() (in module salt.modules.freebsdjail), 585 returner() (in module salt.returners.mongo_return), 996 restart() (in module salt.modules.freebsdservice), 593 returner() (in module salt.returners.multi_returner), 996 restart() (in module salt.modules.gentoo_service), 597 returner() (in module salt.returners.mysql), 998 restart() (in module salt.modules.launchctl), 642 returner() (in module salt.returners.odbc), 1000 restart() (in module salt.modules.monit), 683 returner() (in module salt.returners.postgres), 1001 restart() (in module salt.modules.netbsdservice), 697 returner() (in module salt.returners.redis_return), 1002 restart() (in module salt.modules.openbsdservice), 714 returner() (in module salt.returners.sentry_return), 1002 restart() (in module salt.modules.rest_service), 779 returner() (in module salt.returners.smtp_return), 1003 restart() (in module salt.modules.rh_service), 783 returner() (in module salt.returners.sqlite3_return), 1004 restart() (in module salt.modules.service), 799 returner() (in module salt.returners.syslog_return), 1005 restart() (in module salt.modules.sm), 806 returner_dirs restart() (in module salt.modules.supervisord), 831 conf/minion, 435 restart() (in module salt.modules.systemd), 842 returner_doc() (in module salt.modules.sysmod), 839 restart() (in module salt.modules.upstart), 857 revdep_rebuild() (in module restart() (in module salt.modules.win_service), 885 salt.modules.gentoolkitmod), 599 restore() (in module salt.modules.pkgng), 741 revision() (in module salt.modules.git), 604 restore_backup() (in module salt.modules.ﬁle), 580 revision() (in module salt.modules.hg), 618 restorecon() (in module salt.modules.ﬁle), 580 revoke() (in module salt.modules.boto_secgroup), 503 result (salt.pillar.mysql.merger aribute), 959 revoke_auth() (in module salt.modules.saltutil), 792 resume() (in module salt.modules.nova), 708</p><p>Index 1507 Salt Documentation, Release 2014.7.6 revoke_cache_security_group_ingress() (in module run_all() (in module salt.modules.munin), 686 salt.modules.boto_elasticache), 495 run_all() (in module salt.modules.nagios), 694 ring() (in module salt.modules.cassandra), 509 run_all_pillar() (in module salt.modules.nagios), 694 rm() (in module salt.modules.cron), 527 run_buildout() (in module salt.modules.zcbuildout), 909 rm() (in module salt.modules.git), 604 run_chroot() (in module salt.modules.cmdmod), 518 rm() (in module salt.modules.incron), 622 run_cmd() (in module salt.modules.lxc), 658 rm() (in module salt.modules.parted), 724 run_job() (in module salt.modules.schedule), 796 rm_() (in module salt.modules.etcd_mod), 561 run_job() (salt.client.LocalClient method), 329 rm_alias() (in module salt.modules.aliases), 471 run_pillar() (in module salt.modules.nagios), 694 rm_auth_key() (in module salt.modules.ssh), 823 run_query() (in module salt.modules.oracle), 716 rm_dns() (in module salt.modules.win_dns_client), 869 run_stderr() (in module salt.modules.cmdmod), 518 rm_env() (in module salt.modules.cron), 527 run_stderr() (in module salt.modules.dockerio), 550 rm_fstab() (in module salt.modules.mount), 685 run_stdout() (in module salt.modules.cmdmod), 519 rm_host() (in module salt.modules.hosts), 620 run_stdout() (in module salt.modules.dockerio), 550 rm_job() (in module salt.modules.cron), 527 Runner Function, 1462 rm_job() (in module salt.modules.incron), 622 Runner Module, 1462 rm_known_host() (in module salt.modules.ssh), 823 runner() (in module salt.modules.publish), 760 rmconﬁg() (in module salt.modules.freebsdports), 591 runner() (in module salt.modules.raet_publish), 772 rmdir() (in module salt.modules.ﬁle), 581 runner() (in module salt.modules.saltutil), 792 role_absent() (in module salt.states.keystone), 1163 runner() (in module salt.runners.doc), 1008 role_create() (in module salt.modules.keystone), 637 runner() (in module salt.states.saltmod), 1218 role_delete() (in module salt.modules.keystone), 637 runner() (salt.netapi.NetapiClient method), 281 role_exists() (in module salt.modules.boto_iam), 500 runner_dirs role_get() (in module salt.modules.keystone), 637 conf/master, 409 role_get() (in module salt.modules.postgres), 753 runner_doc() (in module salt.modules.sysmod), 839 role_list() (in module salt.modules.keystone), 637 RunnerClient (class in salt.runner), 330 role_present() (in module salt.states.keystone), 1163 running() (in module salt.modules.saltutil), 792 rollback() (in module salt.modules.junos), 634 running() (in module salt.modules.state), 825 root_dir running() (in module salt.states.dockerio), 1119 conf/master, 403 running() (in module salt.states.service), 1224 conf/minion, 431 running() (in module salt.states.supervisord), 1228 Roster, 1462 running_service_owners() (in module roster_ﬁle salt.modules.introspect), 628 conf/master, 406 RunSaltAPIHandler (in module RosterMatcher (class in salt.roster.ﬂat), 1005 salt.netapi.rest_tornado.saltnado), 939 RosterMatcher (class in salt.roster.scan), 1005 rotate() (in module salt.modules.logadm), 649 S rotate_aes_key S3Credentials (class in salt.pillar.s3), 962 conf/master, 409 safe_accept() (in module salt.runners.manage), 1016 routes() (in module salt.states.network), 1183 Salt Cloud, 1462 rsync() (in module salt.modules.rsync), 785 salt command line option rubygems() (in module salt.modules.rvm), 788 --args-separator=ARGS_SEPARATOR, 306 Run (class in salt.netapi.rest_cherrypy.app), 923 --async, 306 run() (in module salt.modules.cmdmod), 517 --force-color, 308, 321 run() (in module salt.modules.dockerio), 549 --grain-pcre, 307, 320 run() (in module salt.modules.munin), 686 --log-ﬁle-level=LOG_LEVEL_LOGFILE, 306, 321 run() (in module salt.modules.nagios), 694 --log-ﬁle=LOG_FILE, 306, 321 run() (in module salt.modules.puppet), 761 --no-color, 308, 321 run() (in module salt.states.cmd), 1106 --out, 307, 321 run() (in module salt.states.dockerio), 1119 --out-ﬁle=OUTPUT_FILE, --output- run() (in module salt.states.module), 1174 ﬁle=OUTPUT_FILE, 308, 321 run() (in module salt.states.mysql_query), 1179 --out-indent OUTPUT_INDENT, --output-indent run_all() (in module salt.modules.cmdmod), 518 OUTPUT_INDENT, 308, 321 run_all() (in module salt.modules.dockerio), 550 --return=RETURNER, 306</p><p>1508 Index Salt Documentation, Release 2014.7.6</p><p>--show-timeout, 306 --pillar-root=PILLAR_ROOT, 304 --state-output=STATE_OUTPUT, 306 --refresh-grains-cache, 304 --subset=SUBSET, 306 --retcode-passthrough, 304 --version, 305, 320 --return RETURNER, 303 --versions-report, 305, 320 --skip-grains, 304 -C, --compound, 307 --version, 303 -E, --pcre, 307, 320 --versions-report, 303 -G, --grain, 307, 320 -c CONFIG_DIR, --conﬁg-dir=CONFIG_dir, 303 -I, --pillar, 307 -d, --doc, --documentation, 303 -L, --list, 307, 320 -g, --grains, 303 -N, --nodegroup, 307, 320 -h, --help, 303 -R, --range, 307, 320 -l LOG_LEVEL, --log-level=LOG_LEVEL, 304 -S, --ipcidr, 307 -m MODULE_DIRS, --module- -T, --make-token, 306 dirs=MODULE_DIRS, 303 -a EAUTH, --auth=EAUTH, 306 salt-cloud command line option -b BATCH, --batch-size=BATCH, 306 --force-color, 311 -c CONFIG_DIR, --conﬁg-dir=CONFIG_dir, 305, 320 --list-images=LIST_IMAGES, 310 -d, --doc, --documentation, 306 --list-locations=LIST_LOCATIONS, 310 -h, --help, 305, 320 --list-providers, 310 -l LOG_LEVEL, --log-level=LOG_LEVEL, 306, 321 --list-sizes=LIST_SIZES, 310 -s, --static, 306 --no-color, 311 -t TIMEOUT, --timeout=TIMEOUT, 305 --out, 310 -v VERBOSE, --verbose, 306 --out-ﬁle=OUTPUT_FILE, --output- Salt Mine, 143 ﬁle=OUTPUT_FILE, 311 Salt Reactor, 136 --out-indent OUTPUT_INDENT, --output-indent Salt SSH, 1462 OUTPUT_INDENT, 310 Salt in, 1463 --script-args=SCRIPT_ARGS, 309 Salt Virt, 1463 --set-password=<username> <provider>, 310 salt-api command line option --show-deploy-args, 309 --log-ﬁle-level=LOG_LEVEL_LOGFILE, 323 --version, 308 --log-ﬁle=LOG_FILE, 323 --versions-report, 308 --pid-ﬁle=PIDFILE, 323 -F, --full-query, 310 --version, 323 -H, --hard, 309 --versions-report, 323 -L LOCATION, --location=LOCATION, 309 -c CONFIG_DIR, --conﬁg-dir=CONFIG_dir, 323 -P, --parallel, 309 -d, --daemon, 323 -Q, --query, 309, 310 -h, --help, 323 -S, --select-query, 310 -l LOG_LEVEL, --log-level=LOG_LEVEL, 323 -a ACTION, --action=ACTION, 309 salt-call command line option -c CONFIG_DIR, --conﬁg-dir=CONFIG_dir, 309 --ﬁle-root=FILE_ROOT, 304 -d, --destroy, 309 --force-color, 305 -f <func-name> <provider>, -- --hard-crash, 303 function=<func-name> <provider>, --id=ID, 304 309 --local, 303 -h, --help, 308 --log-ﬁle-level=LOG_LEVEL_LOGFILE, 304 -k, --keep-tmp, 309 --log-ﬁle=LOG_FILE, 304 -m MAP, --map=MAP, 309 --master=MASTER, 303 -p PROFILE, --proﬁle=PROFILE, 309 --metadata, 304 -u, --update-bootstrap, 309 --no-color, 305 -y, --assume-yes, 309 --out, 304 salt-cp command line option --out-ﬁle=OUTPUT_FILE, --output- --grain-pcre, 312 ﬁle=OUTPUT_FILE, 304 --log-ﬁle-level=LOG_LEVEL_LOGFILE, 312 --out-indent OUTPUT_INDENT, --output-indent --log-ﬁle=LOG_FILE, 312 OUTPUT_INDENT, 304 --version, 312</provider></func-name></provider></func-name></provider></username></p><p>Index 1509 Salt Documentation, Release 2014.7.6</p><p>--versions-report, 312 --version, 316 -E, --pcre, 312 --versions-report, 316 -G, --grain, 312 -c CONFIG_DIR, --conﬁg-dir=CONFIG_dir, 316 -L, --list, 312 -d, --daemon, 316 -N, --nodegroup, 313 -h, --help, 316 -R, --range, 313 -l LOG_LEVEL, --log-level=LOG_LEVEL, 317 -c CONFIG_DIR, --conﬁg-dir=CONFIG_dir, 312 -u USER, --user=USER, 316 -h, --help, 312 salt-minion command line option -l LOG_LEVEL, --log-level=LOG_LEVEL, 312 --log-ﬁle-level=LOG_LEVEL_LOGFILE, 318 -t TIMEOUT, --timeout=TIMEOUT, 312 --log-ﬁle=LOG_FILE, 318 salt-key command line option --pid-ﬁle PIDFILE, 317 --auto-create, 316 --version, 317 --force-color, 314 --versions-report, 317 --gen-keys-dir=GEN_KEYS_DIR, 315 -c CONFIG_DIR, --conﬁg-dir=CONFIG_dir, 317 --gen-keys=GEN_KEYS, 315 -d, --daemon, 317 --gen-signature, 315 -h, --help, 317 --hard-crash, 313 -l LOG_LEVEL, --log-level=LOG_LEVEL, 318 --include-all, 315 -u USER, --user=USER, 317 --keysize=KEYSIZE, 315 salt-run command line option --log-ﬁle-level=LOG_LEVEL_LOGFILE, 314 --hard-crash, 319 --log-ﬁle=LOG_FILE, 314 --log-ﬁle-level=LOG_LEVEL_LOGFILE, 319 --no-color, 314 --log-ﬁle=LOG_FILE, 319 --out, 314 --version, 318 --out-ﬁle=OUTPUT_FILE, --output- --versions-report, 318 ﬁle=OUTPUT_FILE, 314 -c CONFIG_DIR, --conﬁg-dir=CONFIG_dir, 318 --out-indent OUTPUT_INDENT, --output-indent -d, --doc, --documentation, 319 OUTPUT_INDENT, 314 -h, --help, 318 --priv=PRIV, 315 -l LOG_LEVEL, --log-level=LOG_LEVEL, 319 --pub=PUB, 315 -t TIMEOUT, --timeout=TIMEOUT, 318 --rotate-aes-key=ROTATE_AES_KEY, 314 salt-syndic command line option --signature-path=SIGNATURE_PATH, 315 --log-ﬁle-level=LOG_LEVEL_LOGFILE, 322 --version, 313 --log-ﬁle=LOG_FILE, 322 --versions-report, 313 --pid-ﬁle PIDFILE, 322 -A, --accept-all, 315 --version, 322 -D, --delete-all, 315 --versions-report, 322 -F, --ﬁnger-all, 315 -c CONFIG_DIR, --conﬁg-dir=CONFIG_dir, 322 -L, --list-all, 315 -d, --daemon, 322 -P, --print-all, 315 -h, --help, 322 -R, --reject-all, 315 -l LOG_LEVEL, --log-level=LOG_LEVEL, 322 -a ACCEPT, --accept=ACCEPT, 315 -u USER, --user=USER, 322 -c CONFIG_DIR, --conﬁg-dir=CONFIG_dir, 313 salt.auth.auto (module), 297 -d DELETE, --delete=DELETE, 315 salt.auth.keystone (module), 297 -f FINGER, --ﬁnger=FINGER, 315 salt.auth.ldap (module), 297 -h, --help, 313 salt.auth.pam (module), 298 -l ARG, --list=ARG, 314 salt.auth.pki (module), 299 -p PRINT, --print=PRINT, 315 salt.auth.stormpath_mod (module), 299 -q, --quiet, 313 salt.cloud.clouds.aliyun (module), 334 -r REJECT, --reject=REJECT, 315 salt.cloud.clouds.botocore_aws (module), 336 -u USER, --user=USER, 313 salt.cloud.clouds.cloudstack (module), 337 -y, --yes, 313 salt.cloud.clouds.digital_ocean (module), 338 salt-master command line option salt.cloud.clouds.ec2 (module), 340 --log-ﬁle-level=LOG_LEVEL_LOGFILE, 317 salt.cloud.clouds.gce (module), 346 --log-ﬁle=LOG_FILE, 317 salt.cloud.clouds.gogrid (module), 350 --pid-ﬁle PIDFILE, 316 salt.cloud.clouds.joyent (module), 351</p><p>1510 Index Salt Documentation, Release 2014.7.6 salt.cloud.clouds.libcloud_aws (module), 355 salt.modules.darwin_sysctl (module), 529 salt.cloud.clouds.linode (module), 356 salt.modules.data (module), 530 salt.cloud.clouds.lxc (module), 358 salt.modules.ddns (module), 531 salt.cloud.clouds.msazure (module), 359 salt.modules.deb_apache (module), 532 salt.cloud.clouds.nova (module), 360 salt.modules.debconfmod (module), 533 salt.cloud.clouds.opennebula (module), 363 salt.modules.debian_ip (module), 533 salt.cloud.clouds.openstack (module), 364 salt.modules.debian_service (module), 535 salt.cloud.clouds.parallels (module), 367 salt.modules.defaults (module), 537 salt.cloud.clouds.proxmox (module), 368 salt.modules.dig (module), 537 salt.cloud.clouds.rackspace (module), 370 salt.modules.disk (module), 538 salt.cloud.clouds.saltify (module), 372 salt.modules.djangomod (module), 539 salt.cloud.clouds.solayer (module), 372 salt.modules.dnsmasq (module), 540 salt.cloud.clouds.solayer_hw (module), 373 salt.modules.dnsutil (module), 540 salt.cloud.clouds.vsphere (module), 375 salt.modules.dockerio (module), 542 salt.exceptions (module), 461, 462 salt.modules.dpkg (module), 553 salt.ﬁleserver.gitfs (module), 453 salt.modules.ebuild (module), 553 salt.ﬁleserver.hgfs (module), 454 salt.modules.eix (module), 558 salt.ﬁleserver.minionfs (module), 455 salt.modules.environ (module), 558 salt.ﬁleserver.roots (module), 456 salt.modules.eselect (module), 559 salt.ﬁleserver.s3fs (module), 457 salt.modules.etcd_mod (module), 561 salt.ﬁleserver.svnfs (module), 458 salt.modules.event (module), 562 salt.log.handlers.logstash_mod (module), 445 salt.modules.extfs (module), 563 salt.log.handlers.sentry_mod (module), 446 salt.modules.ﬁle (module), 565 salt.modules.aliases (module), 471 salt.modules.freebsd_sysctl (module), 584 salt.modules.alternatives (module), 472 salt.modules.freebsdjail (module), 585 salt.modules.apache (module), 473 salt.modules.freebsdkmod (module), 586 salt.modules.aptpkg (module), 474 salt.modules.freebsdpkg (module), 587 salt.modules.archive (module), 481 salt.modules.freebsdports (module), 590 salt.modules.at (module), 483 salt.modules.freebsdservice (module), 592 salt.modules.augeas_cfg (module), 484 salt.modules.gem (module), 593 salt.modules.aws_sqs (module), 485 salt.modules.genesis (module), 595 salt.modules.blockdev (module), 487 salt.modules.gentoo_service (module), 596 salt.modules.bluez (module), 487 salt.modules.gentoolkitmod (module), 598 salt.modules.boto_asg (module), 489 salt.modules.git (module), 599 salt.modules.boto_cloudwatch (module), 491 salt.modules.glance (module), 605 salt.modules.boto_elasticache (module), 493 salt.modules.glusterfs (module), 606 salt.modules.boto_elb (module), 495 salt.modules.gnomedesktop (module), 608 salt.modules.boto_iam (module), 498 salt.modules.grains (module), 609 salt.modules.boto_route53 (module), 500 salt.modules.groupadd (module), 613 salt.modules.boto_secgroup (module), 501 salt.modules.grub_legacy (module), 614 salt.modules.boto_sqs (module), 503 salt.modules.guestfs (module), 614 salt.modules.brew (module), 504 salt.modules.hadoop (module), 615 salt.modules.bridge (module), 506 salt.modules.haproxyconn (module), 615 salt.modules.bsd_shadow (module), 508 salt.modules.hashutil (module), 617 salt.modules.cassandra (module), 508 salt.modules.hg (module), 618 salt.modules.chef (module), 510 salt.modules.hosts (module), 619 salt.modules.chocolatey (module), 511 salt.modules.htpasswd (module), 620 salt.modules.cloud (module), 514 salt.modules.img (module), 621 salt.modules.cmdmod (module), 516 salt.modules.incron (module), 621 salt.modules.composer (module), 520 salt.modules.inﬂux (module), 622 salt.modules.conﬁg (module), 522 salt.modules.ini_manage (module), 626 salt.modules.cp (module), 523 salt.modules.introspect (module), 628 salt.modules.cron (module), 526 salt.modules.ipset (module), 628 salt.modules.daemontools (module), 528 salt.modules.iptables (module), 630</p><p>Index 1511 Salt Documentation, Release 2014.7.6 salt.modules.junos (module), 634 salt.modules.pip (module), 727 salt.modules.key (module), 634 salt.modules.pkg (module), 466 salt.modules.keyboard (module), 635 salt.modules.pkg_resource (module), 731 salt.modules.keystone (module), 635 salt.modules.pkgin (module), 732 salt.modules.kmod (module), 641 salt.modules.pkgng (module), 735 salt.modules.launchctl (module), 642 salt.modules.pkgutil (module), 746 salt.modules.layman (module), 643 salt.modules.portage_conﬁg (module), 748 salt.modules.ldapmod (module), 643 salt.modules.postﬁx (module), 749 salt.modules.linux_acl (module), 644 salt.modules.postgres (module), 750 salt.modules.linux_lvm (module), 645 salt.modules.poudriere (module), 754 salt.modules.linux_sysctl (module), 646 salt.modules.powerpath (module), 756 salt.modules.localemod (module), 647 salt.modules.ps (module), 756 salt.modules.locate (module), 648 salt.modules.publish (module), 759 salt.modules.logadm (module), 649 salt.modules.puppet (module), 761 salt.modules.logrotate (module), 649 salt.modules.pw_group (module), 762 salt.modules.lvs (module), 650 salt.modules.pw_user (module), 763 salt.modules.lxc (module), 652 salt.modules.pyenv (module), 764 salt.modules.mac_group (module), 660 salt.modules.qemu_img (module), 766 salt.modules.mac_user (module), 661 salt.modules.qemu_nbd (module), 766 salt.modules.macports (module), 662 salt.modules.quota (module), 767 salt.modules.makeconf (module), 665 salt.modules.rabbitmq (module), 768 salt.modules.match (module), 672 salt.modules.raet_publish (module), 771 salt.modules.mdadm (module), 674 salt.modules.rbenv (module), 772 salt.modules.memcached (module), 676 salt.modules.rdp (module), 774 salt.modules.mine (module), 677 salt.modules.redismod (module), 774 salt.modules.mod_random (module), 678 salt.modules.reg (module), 778 salt.modules.modjk (module), 679 salt.modules.rest_package (module), 779 salt.modules.mongodb (module), 682 salt.modules.rest_sample (module), 779 salt.modules.monit (module), 683 salt.modules.rest_service (module), 779 salt.modules.moosefs (module), 684 salt.modules.ret (module), 780 salt.modules.mount (module), 685 salt.modules.rh_ip (module), 780 salt.modules.munin (module), 686 salt.modules.rh_service (module), 782 salt.modules.mysql (module), 687 salt.modules.riak (module), 784 salt.modules.nagios (module), 693 salt.modules.rpm (module), 784 salt.modules.netbsd_sysctl (module), 695 salt.modules.rsync (module), 785 salt.modules.netbsdservice (module), 695 salt.modules.rvm (module), 786 salt.modules.network (module), 697 salt.modules.s3 (module), 789 salt.modules.nfs3 (module), 700 salt.modules.saltcloudmod (module), 790 salt.modules.nables (module), 700 salt.modules.saltutil (module), 791 salt.modules.nginx (module), 705 salt.modules.schedule (module), 794 salt.modules.nova (module), 705 salt.modules.seed (module), 796 salt.modules.npm (module), 710 salt.modules.selinux (module), 797 salt.modules.omapi (module), 711 salt.modules.sensors (module), 798 salt.modules.openbsdpkg (module), 712 salt.modules.serverdensity_device (module), 798 salt.modules.openbsdservice (module), 713 salt.modules.service (module), 799 salt.modules.openstack_conﬁg (module), 715 salt.modules.shadow (module), 800 salt.modules.oracle (module), 716 salt.modules.smartos_imgadm (module), 802 salt.modules.osxdesktop (module), 717 salt.modules.smartos_vmadm (module), 803 salt.modules.pacman (module), 718 salt.modules.smf (module), 804 salt.modules.pagerduty (module), 721 salt.modules.smtp (module), 806 salt.modules.pam (module), 721 salt.modules.sowareupdate (module), 807 salt.modules.parted (module), 722 salt.modules.solaris_group (module), 809 salt.modules.pecl (module), 725 salt.modules.solaris_shadow (module), 809 salt.modules.pillar (module), 726 salt.modules.solaris_user (module), 810</p><p>1512 Index Salt Documentation, Release 2014.7.6 salt.modules.solarispkg (module), 812 salt.netapi.rest_tornado.saltnado (module), 932 salt.modules.solr (module), 815 salt.netapi.rest_tornado.saltnado_websockets (module), salt.modules.sqlite3 (module), 821 933 salt.modules.ssh (module), 822 salt.netapi.rest_wsgi (module), 939 salt.modules.state (module), 824 salt.output.grains (module), 941 salt.modules.status (module), 827 salt.output.highstate (module), 942 salt.modules.supervisord (module), 830 salt.output.json_out (module), 943 salt.modules.svn (module), 832 salt.output.key (module), 943 salt.modules.swi (module), 835 salt.output.nested (module), 943 salt.modules.sysbench (module), 836 salt.output.newline_values_only (module), 944 salt.modules.sysmod (module), 837 salt.output.no_out (module), 945 salt.modules.system (module), 840 salt.output.no_return (module), 945 salt.modules.systemd (module), 840 salt.output.overstatestage (module), 946 salt.modules.test (module), 843 salt.output.pprint_out (module), 946 salt.modules.timezone (module), 846 salt.output.raw (module), 946 salt.modules.tls (module), 847 salt.output.txt (module), 946 salt.modules.tomcat (module), 851 salt.output.virt_query (module), 947 salt.modules.twilio_notify (module), 855 salt.output.yaml_out (module), 947 salt.modules.upstart (module), 855 salt.pillar.cmd_json (module), 949 salt.modules.useradd (module), 858 salt.pillar.cmd_yaml (module), 950 salt.modules.uwsgi (module), 859 salt.pillar.cmd_yamlex (module), 950 salt.modules.varnish (module), 860 salt.pillar.cobbler (module), 950 salt.modules.virt (module), 861 salt.pillar.django_orm (module), 950 salt.modules.virtualenv_mod (module), 867 salt.pillar.etcd_pillar (module), 952 salt.modules.win_autoruns (module), 868 salt.pillar.foreman (module), 953 salt.modules.win_disk (module), 868 salt.pillar.git_pillar (module), 954 salt.modules.win_dns_client (module), 869 salt.pillar.hiera (module), 955 salt.modules.win_ﬁle (module), 869 salt.pillar.libvirt (module), 955 salt.modules.win_ﬁrewall (module), 874 salt.pillar.mongo (module), 955 salt.modules.win_groupadd (module), 875 salt.pillar.mysql (module), 957 salt.modules.win_ip (module), 875 salt.pillar.pillar_ldap (module), 960 salt.modules.win_network (module), 877 salt.pillar.puppet (module), 960 salt.modules.win_ntp (module), 879 salt.pillar.reclass_adapter (module), 960 salt.modules.win_path (module), 879 salt.pillar.redismod (module), 961 salt.modules.win_pkg (module), 880 salt.pillar.s3 (module), 961 salt.modules.win_repo (module), 882 salt.pillar.svn_pillar (module), 962 salt.modules.win_servermanager (module), 883 salt.pillar.virtkey (module), 963 salt.modules.win_service (module), 884 salt.renderers.gpg (module), 966 salt.modules.win_shadow (module), 886 salt.renderers.jinja (module), 967 salt.modules.win_status (module), 886 salt.renderers.json (module), 971 salt.modules.win_system (module), 887 salt.renderers.mako (module), 972 salt.modules.win_timezone (module), 889 salt.renderers.msgpack (module), 972 salt.modules.win_update (module), 890 salt.renderers.py (module), 972 salt.modules.win_useradd (module), 892 salt.renderers.pydsl (module), 973 salt.modules.xapi (module), 894 salt.renderers.pyobjects (module), 978 salt.modules.xmpp (module), 898 salt.renderers.stateconf (module), 981 salt.modules.yumpkg (module), 899 salt.renderers.wempy (module), 985 salt.modules.zcbuildout (module), 907 salt.renderers.yaml (module), 986 salt.modules.zfs (module), 909 salt.renderers.yamlex (module), 987 salt.modules.znc (module), 910 salt.returners.carbon_return (module), 989 salt.modules.zpool (module), 910 salt.returners.cassandra_return (module), 990 salt.modules.zypper (module), 911 salt.returners.couchbase_return (module), 991 salt.netapi.rest_cherrypy.app (module), 915 salt.returners.couchdb_return (module), 991 salt.netapi.rest_cherrypy.wsgi (module), 917 salt.returners.elasticsearch_return (module), 992</p><p>Index 1513 Salt Documentation, Release 2014.7.6 salt.returners.etcd_return (module), 992 salt.states.boto_secgroup (module), 1099 salt.returners.local (module), 993 salt.states.boto_sqs (module), 1101 salt.returners.local_cache (module), 994 salt.states.cloud (module), 1102 salt.returners.memcache_return (module), 994 salt.states.cmd (module), 1103 salt.returners.mongo_future_return (module), 995 salt.states.composer (module), 1110 salt.returners.mongo_return (module), 995 salt.states.cron (module), 1111 salt.returners.multi_returner (module), 996 salt.states.ddns (module), 1114 salt.returners.mysql (module), 996 salt.states.debconfmod (module), 1115 salt.returners.odbc (module), 998 salt.states.disk (module), 1116 salt.returners.postgres (module), 1000 salt.states.dockerio (module), 1117 salt.returners.redis_return (module), 1001 salt.states.environ (module), 1121 salt.returners.sentry_return (module), 1002 salt.states.eselect (module), 1122 salt.returners.smtp_return (module), 1002 salt.states.event (module), 1122 salt.returners.sqlite3_return (module), 1003 salt.states.ﬁle (module), 1123 salt.returners.syslog_return (module), 1004 salt.states.gem (module), 1142 salt.roster.ﬂat (module), 1005 salt.states.git (module), 1142 salt.roster.scan (module), 1005 salt.states.glusterfs (module), 1145 salt.runners.cache (module), 1006 salt.states.gnomedesktop (module), 1146 salt.runners.cloud (module), 1007 salt.states.grains (module), 1147 salt.runners.doc (module), 1008 salt.states.group (module), 1149 salt.runners.error (module), 1008 salt.states.hg (module), 1150 salt.runners.ﬁleserver (module), 1009 salt.states.host (module), 1150 salt.runners.git_pillar (module), 1012 salt.states.htpasswd (module), 1151 salt.runners.jobs (module), 1012 salt.states.incron (module), 1151 salt.runners.launchd (module), 1012 salt.states.inﬂuxdb_database (module), 1153 salt.runners.lxc (module), 1013 salt.states.inﬂuxdb_user (module), 1153 salt.runners.manage (module), 1014 salt.states.ini_manage (module), 1154 salt.runners.mine (module), 1016 salt.states.ipset (module), 1155 salt.runners.network (module), 1016 salt.states.iptables (module), 1157 salt.runners.pillar (module), 1017 salt.states.keyboard (module), 1161 salt.runners.queue (module), 1017 salt.states.keystone (module), 1161 salt.runners.search (module), 1019 salt.states.kmod (module), 1164 salt.runners.state (module), 1019 salt.states.layman (module), 1164 salt.runners.survey (module), 1022 salt.states.libvirt (module), 1165 salt.runners.thin (module), 1023 salt.states.locale (module), 1165 salt.runners.virt (module), 1023 salt.states.lvm (module), 1165 salt.runners.winrepo (module), 1024 salt.states.lvs_server (module), 1166 salt.states.alias (module), 1076 salt.states.lvs_service (module), 1167 salt.states.alternatives (module), 1077 salt.states.lxc (module), 1168 salt.states.apache (module), 1078 salt.states.makeconf (module), 1170 salt.states.apache_module (module), 1079 salt.states.mdadm (module), 1170 salt.states.apt (module), 1079 salt.states.memcached (module), 1171 salt.states.archive (module), 1079 salt.states.modjk (module), 1171 salt.states.at (module), 1080 salt.states.modjk_worker (module), 1172 salt.states.augeas (module), 1081 salt.states.module (module), 1173 salt.states.aws_sqs (module), 1083 salt.states.mongodb_database (module), 1174 salt.states.blockdev (module), 1084 salt.states.mongodb_user (module), 1175 salt.states.boto_asg (module), 1084 salt.states.mount (module), 1175 salt.states.boto_cloudwatch_alarm (module), 1087 salt.states.mysql_database (module), 1177 salt.states.boto_elasticache (module), 1089 salt.states.mysql_grants (module), 1177 salt.states.boto_elb (module), 1091 salt.states.mysql_query (module), 1179 salt.states.boto_iam_role (module), 1093 salt.states.mysql_user (module), 1179 salt.states.boto_lc (module), 1095 salt.states.network (module), 1181 salt.states.boto_route53 (module), 1097 salt.states.nables (module), 1184</p><p>1514 Index Salt Documentation, Release 2014.7.6 salt.states.npm (module), 1186 salt.states.winrepo (module), 1242 salt.states.ntp (module), 1188 salt.states.xmpp (module), 1242 salt.states.openstack_conﬁg (module), 1188 salt.states.zcbuildout (module), 1242 salt.states.pagerduty (module), 1189 salt.states.zk_concurrency (module), 1244 salt.states.pecl (module), 1189 salt.tops.cobbler (module), 1250 salt.states.pip_state (module), 1190 salt.tops.ext_nodes (module), 1250 salt.states.pkg (module), 1193 salt.tops.mongo (module), 1251 salt.states.pkgng (module), 1198 salt.tops.reclass_adapter (module), 1252 salt.states.pkgrepo (module), 1198 salt.utils.aggregation (module), 459 salt.states.portage_conﬁg (module), 1201 salt.utils.serializers (module), 464 salt.states.ports (module), 1201 salt.utils.serializers.json (module), 464 salt.states.postgres_database (module), 1202 salt.utils.serializers.msgpack (module), 465 salt.states.postgres_extension (module), 1203 salt.utils.serializers.yaml (module), 465 salt.states.postgres_group (module), 1204 salt.wheel.conﬁg (module), 1252 salt.states.postgres_user (module), 1206 salt.wheel.error (module), 1253 salt.states.powerpath (module), 1207 salt.wheel.ﬁle_roots (module), 1253 salt.states.process (module), 1207 salt.wheel.key (module), 1253 salt.states.pyenv (module), 1208 salt.wheel.pillar_roots (module), 1254 salt.states.quota (module), 1209 SaltAPIHandler (in module salt.states.rabbitmq_cluster (module), 1209 salt.netapi.rest_tornado.saltnado), 938 salt.states.rabbitmq_plugin (module), 1210 SaltAuthHandler (in module salt.states.rabbitmq_policy (module), 1210 salt.netapi.rest_tornado.saltnado), 938 salt.states.rabbitmq_user (module), 1211 SaltClientError, 461, 463 salt.states.rabbitmq_vhost (module), 1212 SaltClientTimeout, 461, 463 salt.states.rbenv (module), 1212 SaltCloudConﬁgError, 461, 463 salt.states.rdp (module), 1214 SaltCloudException, 461, 463 salt.states.redismod (module), 1214 SaltCloudExecutionFailure, 462, 463 salt.states.reg (module), 1215 SaltCloudExecutionTimeout, 462, 463 salt.states.rvm (module), 1215 SaltCloudNotFound, 462, 463 salt.states.saltmod (module), 1217 SaltCloudPasswordError, 462, 463 salt.states.schedule (module), 1220 SaltCloudSystemExit, 462, 463 salt.states.selinux (module), 1221 SaltException, 462, 463 salt.states.serverdensity_device (module), 1222 SaltInvocationError, 462, 463 salt.states.service (module), 1223 SaltMasterError, 462, 463 salt.states.smtp (module), 1224 SaltRenderError, 462, 464 salt.states.ssh_auth (module), 1225 SaltReqTimeoutError, 462, 464 salt.states.ssh_known_hosts (module), 1226 SaltRunnerError, 462, 464 salt.states.stateconf (module), 1227 SaltSyndicMasterError, 462, 464 salt.states.status (module), 1227 SaltSystemExit, 462, 464 salt.states.supervisord (module), 1227 SaltWheelError, 462, 464 salt.states.svn (module), 1228 save() (in module salt.modules.iptables), 633 salt.states.sysctl (module), 1229 save() (in module salt.modules.nables), 704 salt.states.test (module), 1230 save() (in module salt.modules.redismod), 777 salt.states.timezone (module), 1231 save() (in module salt.modules.schedule), 796 salt.states.tomcat (module), 1232 save_conﬁg() (in module salt.modules.mdadm), 675 salt.states.user (module), 1234 save_load() (in module salt.returners.couchbase_return), salt.states.virtualenv_mod (module), 1236 991 salt.states.win_dns_client (module), 1236 save_load() (in module salt.returners.etcd_return), 993 salt.states.win_ﬁrewall (module), 1237 save_load() (in module salt.returners.local_cache), 994 salt.states.win_network (module), 1237 save_load() (in module salt.returners.memcache_return), salt.states.win_path (module), 1238 994 salt.states.win_servermanager (module), 1239 save_load() (in module salt.states.win_system (module), 1239 salt.returners.mongo_future_return), 995 salt.states.win_update (module), 1239</p><p>Index 1515 Salt Documentation, Release 2014.7.6 save_load() (in module salt.returners.multi_returner), sections_present() (in module salt.states.ini_manage), 996 1155 save_load() (in module salt.returners.mysql), 998 securitygroup() (in module salt.cloud.clouds.ec2), 345 save_load() (in module salt.returners.odbc), 1000 securitygroup() (in module save_load() (in module salt.returners.postgres), 1001 salt.cloud.clouds.libcloud_aws), 356 save_load() (in module salt.returners.redis_return), 1002 securitygroupid() (in module salt.cloud.clouds.ec2), 345 save_load() (in module salt.returners.sqlite3_return), sed() (in module salt.modules.ﬁle), 581 1004 sed() (in module salt.states.ﬁle), 1139 say() (in module salt.modules.osxdesktop), 717 sed_contains() (in module salt.modules.ﬁle), 581 Scalar() (in module salt.utils.aggregation), 460 seed_non_shared_migrate() (in module scan() (in module salt.modules.bluez), 488 salt.modules.virt), 865 schedule() (in module salt.modules.sowareupdate), 808 seek_read() (in module salt.modules.ﬁle), 582 Scheduling Jobs, 152 seek_write() (in module salt.modules.ﬁle), 582 screensaver() (in module salt.modules.osxdesktop), 717 select_query() (in module salt.modules.cloud), 515 script() (in module salt.cloud.clouds.aliyun), 336 select_query() (in module salt.runners.cloud), 1008 script() (in module salt.cloud.clouds.cloudstack), 338 select_query() (salt.cloud.CloudClient method), 333 script() (in module salt.cloud.clouds.digital_ocean), 339 selfupdate() (in module salt.modules.composer), 521 script() (in module salt.cloud.clouds.ec2), 344 selinux_fs_path() (in module salt.modules.selinux), 797 script() (in module salt.cloud.clouds.gce), 350 send() (in module salt.modules.event), 562 script() (in module salt.cloud.clouds.gogrid), 351 send() (in module salt.modules.mine), 678 script() (in module salt.cloud.clouds.linode), 358 send() (in module salt.states.event), 1122 script() (in module salt.cloud.clouds.msazure), 360 send_msg() (in module salt.modules.smtp), 807 script() (in module salt.cloud.clouds.nova), 363 send_msg() (in module salt.modules.xmpp), 898 script() (in module salt.cloud.clouds.opennebula), 364 send_msg() (in module salt.states.smtp), 1224 script() (in module salt.cloud.clouds.openstack), 367 send_msg() (in module salt.states.xmpp), 1242 script() (in module salt.cloud.clouds.parallels), 368 send_sms() (in module salt.modules.twilio_notify), 855 script() (in module salt.cloud.clouds.proxmox), 370 SendMsgBot (class in salt.modules.xmpp), 898 script() (in module salt.cloud.clouds.rackspace), 371 sense() (in module salt.modules.sensors), 798 script() (in module salt.cloud.clouds.saltify), 372 Sequence (class in salt.utils.aggregation), 461 script() (in module salt.cloud.clouds.solayer), 373 serialize() (in module salt.states.ﬁle), 1139 script() (in module salt.cloud.clouds.solayer_hw), 374 serialize() (in module salt.utils.serializers.json), 464 script() (in module salt.cloud.clouds.vsphere), 376 serialize() (in module salt.utils.serializers.msgpack), 465 script() (in module salt.modules.cmdmod), 519 serialize() (in module salt.utils.serializers.yaml), 465 script() (in module salt.modules.dockerio), 550 SerializerExtension (class in salt.utils.jinja), 970 script() (in module salt.states.cmd), 1107 serve_ﬁle() (in module salt.ﬁleserver.gitfs), 454 script() (in module salt.states.dockerio), 1121 serve_ﬁle() (in module salt.ﬁleserver.hgfs), 455 script_retcode() (in module salt.modules.cmdmod), 519 serve_ﬁle() (in module salt.ﬁleserver.minionfs), 456 script_retcode() (in module salt.modules.dockerio), 551 serve_ﬁle() (in module salt.ﬁleserver.roots), 456 scrub() (in module salt.modules.zpool), 911 serve_ﬁle() (in module salt.ﬁleserver.s3fs), 458 search() (in module salt.modules.dockerio), 551 serve_ﬁle() (in module salt.ﬁleserver.svnfs), 459 search() (in module salt.modules.ﬁle), 581 server_by_name() (in module salt.modules.nova), 708 search() (in module salt.modules.freebsdports), 591 server_list() (in module salt.modules.nova), 708 search() (in module salt.modules.ldapmod), 644 server_list_detailed() (in module salt.modules.nova), 708 search() (in module salt.modules.pkgin), 734 server_show() (in module salt.modules.nova), 709 search() (in module salt.modules.pkgng), 742 server_status() (in module salt.modules.apache), 473 Search() (salt.modules.win_update.PyWinUpdater serverinfo() (in module salt.modules.tomcat), 853 method), 891 servermods() (in module salt.modules.apache), 473 Search() (salt.states.win_update.PyWinUpdater method), service_absent() (in module salt.states.keystone), 1163 1240 service_create() (in module salt.modules.keystone), 638 secgroup_create() (in module salt.modules.nova), 708 service_delete() (in module salt.modules.keystone), 638 secgroup_delete() (in module salt.modules.nova), 708 service_get() (in module salt.modules.keystone), 638 secgroup_list() (in module salt.modules.nova), 708 service_highstate() (in module salt.modules.introspect), sections_absent() (in module salt.states.ini_manage), 628 1154 service_list() (in module salt.modules.keystone), 638</p><p>1516 Index Salt Documentation, Release 2014.7.6 service_present() (in module salt.states.keystone), 1163 set_id() (in module salt.modules.parted), 725 sessions() (in module salt.modules.tomcat), 853 set_inactdays() (in module salt.modules.shadow), 801 set() (in module salt.states.debconfmod), 1116 set_is_polling() (in module salt.modules.solr), 820 set() (in module salt.states.statecon), 1227 set_job() (in module salt.modules.cron), 527 set_() (in module salt.modules.alternatives), 472 set_job() (in module salt.modules.incron), 622 set_() (in module salt.modules.debconfmod), 533 set_key() (in module salt.modules.redismod), 777 set_() (in module salt.modules.etcd_mod), 561 set_key() (in module salt.modules.reg), 778 set_() (in module salt.modules.gnomedesktop), 609 set_known_host() (in module salt.modules.ssh), 824 set_() (in module salt.modules.logrotate), 649 set_locale() (in module salt.modules.localemod), 648 set_() (in module salt.modules.memcached), 677 set_main() (in module salt.modules.postﬁx), 749 set_() (in module salt.modules.openstack_conﬁg), 715 set_makeopts() (in module salt.modules.makecon), 670 set_() (in module salt.modules.parted), 724 set_master() (in module salt.modules.postﬁx), 749 set_() (in module salt.modules.quota), 767 set_maxdays() (in module salt.modules.shadow), 801 set_() (in module salt.states.alternatives), 1078 set_maxdays() (in module salt.modules.solaris_shadow), set_() (in module salt.states.eselect), 1122 810 set_absent() (in module salt.states.ipset), 1156 set_mindays() (in module salt.modules.shadow), 801 set_aributes() (in module salt.modules.boto_elb), 498 set_mindays() (in module salt.modules.solaris_shadow), set_aributes() (in module salt.modules.boto_sqs), 504 810 set_aributes() (in module salt.modules.win_ﬁle), 873 set_mode() (in module salt.modules.ﬁle), 582 set_auth_key() (in module salt.modules.ssh), 823 set_mode() (in module salt.modules.win_ﬁle), 873 set_auth_key_from_ﬁle() (in module salt.modules.ssh), set_option() (in module salt.modules.ini_manage), 627 823 set_output_volume() (in module set_autostart() (in module salt.modules.virt), 865 salt.modules.osxdesktop), 717 set_ca_path() (in module salt.modules.tls), 851 set_parameter() (in module salt.modules.lxc), 659 set_cﬂags() (in module salt.modules.makecon), 669 set_pass() (in module salt.modules.lxc), 659 set_chost() (in module salt.modules.makecon), 669 set_pass() (in module salt.states.lxc), 1169 set_computer_desc() (in module set_password() (in module salt.modules.bsd_shadow), salt.modules.win_system), 888 508 set_computer_name() (in module set_password() (in module salt.modules.shadow), 801 salt.modules.win_system), 888 set_password() (in module salt.modules.solaris_shadow), set_conﬁg() (in module salt.modules.dnsmasq), 540 810 set_cxxﬂags() (in module salt.modules.makecon), 669 set_password() (in module salt.modules.win_shadow), set_date() (in module salt.modules.shadow), 801 886 set_default() (in module salt.modules.rvm), 788 set_permissions() (in module salt.modules.rabbitmq), 770 set_dhcp_all() (in module salt.modules.win_ip), 876 set_policy() (in module salt.modules.iptables), 634 set_dhcp_dns() (in module salt.modules.win_ip), 877 set_policy() (in module salt.modules.rabbitmq), 770 set_dhcp_ip() (in module salt.modules.win_ip), 877 set_policy() (in module salt.states.iptables), 1161 set_dns() (in module salt.modules.lxc), 658 set_present() (in module salt.states.ipset), 1156 set_emerge_default_opts() (in module set_replication_enabled() (in module salt.modules.solr), salt.modules.makecon), 669 820 set_env() (in module salt.modules.cron), 527 set_salt_view() (in module set_expire() (in module salt.modules.shadow), 801 salt.returners.couchdb_return), 992 set_ﬁle() (in module salt.modules.debconfmod), 533 set_selections() (in module salt.modules.aptpkg), 479 set_ﬁle() (in module salt.states.debconfmod), 1116 set_selinux_context() (in module salt.modules.ﬁle), 582 set_fstab() (in module salt.modules.mount), 685 set_servers() (in module salt.modules.win_ntp), 879 set_gentoo_mirrors() (in module set_special() (in module salt.modules.cron), 527 salt.modules.makecon), 669 set_static_dns() (in module salt.modules.win_ip), 877 set_health_check() (in module salt.modules.boto_elb), set_static_ip() (in module salt.modules.win_ip), 877 498 set_sync() (in module salt.modules.makecon), 670 set_host() (in module salt.modules.hosts), 620 set_sys() (in module salt.modules.keyboard), 635 set_hostname() (in module salt.modules.junos), 634 set_system_date() (in module salt.modules.win_system), set_hwclock() (in module salt.modules.timezone), 846 888 set_hwclock() (in module salt.modules.win_timezone), set_system_time() (in module salt.modules.win_system), 890 888</p><p>Index 1517 Salt Documentation, Release 2014.7.6 set_tags() (in module salt.cloud.clouds.ec2), 345 shadow_hash() (in module salt.modules.mod_random), set_tags() (in module salt.cloud.clouds.libcloud_aws), 356 678 set_target() (in module salt.modules.aliases), 471 show() (in module salt.modules.bridge), 507 set_target() (in module salt.modules.eselect), 560 show() (in module salt.modules.darwin_sysctl), 530 set_user_tags() (in module salt.modules.rabbitmq), 771 show() (in module salt.modules.debconfmod), 533 set_var() (in module salt.modules.makecon), 670 show() (in module salt.modules.freebsd_sysctl), 585 set_vm_status() (in module salt.cloud.clouds.proxmox), show() (in module salt.modules.linux_sysctl), 647 370 show() (in module salt.modules.netbsd_sysctl), 695 set_warndays() (in module salt.modules.shadow), 802 show() (in module salt.modules.nova), 709 set_warndays() (in module salt.modules.solaris_shadow), show() (in module salt.modules.smartos_imgadm), 802 810 show() (in module salt.modules.systemd), 842 set_weight() (in module salt.modules.haproxyconn), 616 show_backends() (in module salt.modules.haproxyconn), set_x() (in module salt.modules.keyboard), 635 616 set_zone() (in module salt.modules.timezone), 846 show_conf() (in module salt.modules.logadm), 649 set_zone() (in module salt.modules.win_timezone), 890 show_conf() (in module salt.modules.logrotate), 650 SetCategories() (salt.modules.win_update.PyWinUpdater show_conﬁg() (in module salt.modules.freebsdjail), 585 method), 891 show_current() (in module salt.modules.alternatives), SetCategories() (salt.states.win_update.PyWinUpdater 472 method), 1240 show_dbs() (in module salt.modules.oracle), 716 setClockFormat() (in module show_delvol_on_destroy() (in module salt.modules.gnomedesktop), 609 salt.cloud.clouds.ec2), 345 setClockShowDate() (in module show_disk() (in module salt.cloud.clouds.aliyun), 336 salt.modules.gnomedesktop), 609 show_disk() (in module salt.cloud.clouds.gce), 350 setenforce() (in module salt.modules.selinux), 797 show_env() (in module salt.modules.oracle), 716 setenv() (in module salt.modules.environ), 559 show_frontends() (in module setenv() (in module salt.states.environ), 1121 salt.modules.haproxyconn), 616 setIdleActivation() (in module show_fwrule() (in module salt.cloud.clouds.gce), 350 salt.modules.gnomedesktop), 609 show_hc() (in module salt.cloud.clouds.gce), 350 setIdleDelay() (in module salt.modules.gnomedesktop), show_highstate() (in module salt.modules.state), 825 609 show_image() (in module salt.cloud.clouds.aliyun), 336 SetInclude() (salt.modules.win_update.PyWinUpdater show_image() (in module salt.cloud.clouds.ec2), 345 method), 891 show_image() (in module salt.cloud.clouds.parallels), 368 SetInclude() (salt.states.win_update.PyWinUpdater show_instance() (in module salt.cloud.clouds.aliyun), 336 method), 1240 show_instance() (in module SetIncludes() (salt.modules.win_update.PyWinUpdater salt.cloud.clouds.cloudstack), 338 method), 891 show_instance() (in module SetIncludes() (salt.states.win_update.PyWinUpdater salt.cloud.clouds.digital_ocean), 339 method), 1240 show_instance() (in module salt.cloud.clouds.ec2), 345 setmem() (in module salt.modules.smartos_vmadm), 804 show_instance() (in module salt.cloud.clouds.gce), 350 setmem() (in module salt.modules.virt), 865 show_instance() (in module salt.cloud.clouds.gogrid), setmem() (in module salt.modules.xapi), 896 351 setpassword() (in module salt.modules.win_useradd), 894 show_instance() (in module salt.cloud.clouds.linode), 358 setsebool() (in module salt.modules.selinux), 797 show_instance() (in module salt.cloud.clouds.lxc), 359 setsebools() (in module salt.modules.selinux), 798 show_instance() (in module salt.cloud.clouds.msazure), setval() (in module salt.modules.environ), 559 360 setval() (in module salt.modules.grains), 612 show_instance() (in module salt.cloud.clouds.nova), 363 setvals() (in module salt.modules.grains), 613 show_instance() (in module setvalue() (in module salt.modules.augeas_cfg), 485 salt.cloud.clouds.opennebula), 364 setvalue() (in module salt.states.augeas), 1083 show_instance() (in module salt.cloud.clouds.openstack), setvcpus() (in module salt.modules.virt), 865 367 setvcpus() (in module salt.modules.xapi), 896 show_instance() (in module salt.cloud.clouds.parallels), sha256_digest() (in module salt.modules.hashutil), 617 368 sha512_digest() (in module salt.modules.hashutil), 617 show_instance() (in module salt.cloud.clouds.proxmox), 370</p><p>1518 Index Salt Documentation, Release 2014.7.6 show_instance() (in module salt.cloud.clouds.rackspace), smembers() (in module salt.modules.redismod), 777 371 sock_dir show_instance() (in module salt.cloud.clouds.solayer), conf/master, 404 373 conf/minion, 432 show_instance() (in module solo() (in module salt.modules.che), 510 salt.cloud.clouds.solayer_hw), 374 sort_pkglist() (in module salt.modules.pkg_resource), show_instance() (in module salt.cloud.clouds.vsphere), 732 376 source_list() (in module salt.modules.ﬁle), 582 show_key() (in module salt.cloud.clouds.joyent), 354 sources_add() (in module salt.modules.gem), 594 show_keypair() (in module sources_list() (in module salt.modules.gem), 594 salt.cloud.clouds.digital_ocean), 340 sources_remove() (in module salt.modules.gem), 594 show_keypair() (in module salt.cloud.clouds.ec2), 345 SPF() (in module salt.modules.dig), 538 show_lb() (in module salt.cloud.clouds.gce), 350 SPF() (in module salt.modules.dnsutil), 541 show_low_sls() (in module salt.modules.state), 825 sqlite_version() (in module salt.modules.sqlite3), 821 show_lowstate() (in module salt.modules.state), 825 ssh_interface() (in module salt.cloud.clouds.ec2), 345 show_main() (in module salt.modules.postﬁx), 750 ssh_interface() (in module salt.cloud.clouds.joyent), 354 show_master() (in module salt.modules.postﬁx), 750 ssh_interface() (in module show_network() (in module salt.cloud.clouds.gce), 350 salt.cloud.clouds.libcloud_aws), 356 show_pillar() (in module salt.modules.oracle), 717 ssh_interface() (in module salt.cloud.clouds.nova), 363 show_pillar() (in module salt.runners.pillar), 1017 ssh_interface() (in module salt.cloud.clouds.openstack), show_sls() (in module salt.modules.state), 825 367 show_snapshot() (in module salt.cloud.clouds.gce), 350 ssh_interface() (in module salt.cloud.clouds.rackspace), show_stages() (in module salt.runners.state), 1022 371 show_term_protect() (in module salt.cloud.clouds.ec2), ssh_minion_opts 345 conf/master, 406 show_top() (in module salt.modules.state), 826 ssh_username() (in module show_top() (in module salt.runners.pillar), 1017 salt.cloud.clouds.libcloud_aws), 356 show_volume() (in module salt.cloud.clouds.ec2), 345 stack() (in module salt.modules.test), 845 showconﬁg() (in module salt.modules.freebsdports), 591 start() (in module salt.cloud.clouds.aliyun), 336 showglobal() (in module salt.modules.mysql), 691 start() (in module salt.cloud.clouds.ec2), 345 showvariables() (in module salt.modules.mysql), 691 start() (in module salt.cloud.clouds.joyent), 354 shutdown() (in module salt.cloud.clouds.proxmox), 370 start() (in module salt.cloud.clouds.libcloud_aws), 356 shutdown() (in module salt.modules.redismod), 777 start() (in module salt.cloud.clouds.parallels), 368 shutdown() (in module salt.modules.smartos_vmadm), start() (in module salt.cloud.clouds.proxmox), 370 804 start() (in module salt.modules.bluez), 488 shutdown() (in module salt.modules.system), 840 start() (in module salt.modules.daemontools), 529 shutdown() (in module salt.modules.virt), 865 start() (in module salt.modules.debian_service), 536 shutdown() (in module salt.modules.win_system), 889 start() (in module salt.modules.dockerio), 551 shutdown() (in module salt.modules.xapi), 896 start() (in module salt.modules.freebsdjail), 585 shutdown_hard() (in module salt.modules.win_system), start() (in module salt.modules.freebsdservice), 593 889 start() (in module salt.modules.gentoo_service), 597 sign() (in module salt.cloud.clouds.ec2), 345 start() (in module salt.modules.launchctl), 642 signal() (in module salt.modules.apache), 474 start() (in module salt.modules.lxc), 659 signal() (in module salt.modules.nginx), 705 start() (in module salt.modules.monit), 683 signal() (in module salt.modules.solr), 820 start() (in module salt.modules.netbsdservice), 697 signal() (in module salt.modules.tomcat), 854 start() (in module salt.modules.openbsdservice), 714 signal_job() (in module salt.modules.saltutil), 792 start() (in module salt.modules.rest_service), 779 single() (in module salt.modules.state), 826 start() (in module salt.modules.rh_service), 783 slave_lag() (in module salt.modules.mysql), 691 start() (in module salt.modules.riak), 784 slaveof() (in module salt.modules.redismod), 777 start() (in module salt.modules.service), 800 sleep() (in module salt.modules.test), 845 start() (in module salt.modules.smartos_vmadm), 804 SLS Module, 1463 start() (in module salt.modules.sm), 806 sls() (in module salt.modules.state), 826 start() (in module salt.modules.supervisord), 831 sls_id() (in module salt.modules.state), 826 start() (in module salt.modules.systemd), 842</p><p>Index 1519 Salt Documentation, Release 2014.7.6 start() (in module salt.modules.tomcat), 854 status() (in module salt.modules.puppet), 762 start() (in module salt.modules.upstart), 857 status() (in module salt.modules.rabbitmq), 771 start() (in module salt.modules.virt), 865 status() (in module salt.modules.rdp), 774 start() (in module salt.modules.win_service), 885 status() (in module salt.modules.rest_service), 780 start() (in module salt.modules.xapi), 896 status() (in module salt.modules.rh_service), 783 start() (in module salt.runners.lxc), 1014 status() (in module salt.modules.service), 800 start() (in module salt.runners.virt), 1024 status() (in module salt.modules.sm), 806 start() (salt.modules.xmpp.SendMsgBot method), 898 status() (in module salt.modules.supervisord), 831 start_app() (in module salt.modules.rabbitmq), 771 status() (in module salt.modules.svn), 834 start_time_service() (in module status() (in module salt.modules.systemd), 842 salt.modules.win_system), 889 status() (in module salt.modules.tomcat), 854 start_volume() (in module salt.modules.glusterfs), 607 status() (in module salt.modules.upstart), 857 started() (in module salt.states.glusterfs), 1145 status() (in module salt.modules.win_service), 886 started() (in module salt.states.lxc), 1169 status() (in module salt.modules.zpool), 911 stash() (in module salt.modules.git), 605 status() (in module salt.runners.manage), 1016 State Compiler, 1463 status() (in module salt.states.disk), 1116 State Declaration, 1463 status_raw() (in module salt.modules.supervisord), 831 State Function, 1463 status_webapp() (in module salt.modules.tomcat), 854 State Module, 1463 statvfs() (in module salt.modules.ﬁle), 583 State Run, 1463 stop() (in module salt.cloud.clouds.aliyun), 336 state() (in module salt.modules.lxc), 659 stop() (in module salt.cloud.clouds.ec2), 345 state() (in module salt.states.saltmod), 1218 stop() (in module salt.cloud.clouds.joyent), 354 state_doc() (in module salt.modules.sysmod), 839 stop() (in module salt.cloud.clouds.libcloud_aws), 356 state_output stop() (in module salt.cloud.clouds.parallels), 368 conf/master, 411 stop() (in module salt.cloud.clouds.proxmox), 370 conf/minion, 437 stop() (in module salt.modules.bluez), 488 state_top stop() (in module salt.modules.daemontools), 529 conf/master, 410 stop() (in module salt.modules.debian_service), 536 state_verbose stop() (in module salt.modules.dockerio), 552 conf/master, 410 stop() (in module salt.modules.freebsdjail), 586 conf/minion, 436 stop() (in module salt.modules.freebsdservice), 593 states() (in module salt.loader), 326 stop() (in module salt.modules.gentoo_service), 598 states_dirs stop() (in module salt.modules.launchctl), 642 conf/minion, 435 stop() (in module salt.modules.lxc), 659 Stats (class in salt.netapi.rest_cherrypy.app), 931 stop() (in module salt.modules.monit), 684 stats() (in module salt.modules.ﬁle), 582 stop() (in module salt.modules.netbsdservice), 697 stats() (in module salt.modules.locate), 648 stop() (in module salt.modules.openbsdservice), 715 stats() (in module salt.modules.pkgng), 743 stop() (in module salt.modules.rest_service), 780 stats() (in module salt.modules.quota), 767 stop() (in module salt.modules.rh_service), 783 stats() (in module salt.modules.uwsgi), 859 stop() (in module salt.modules.riak), 784 stats() (in module salt.modules.win_ﬁle), 874 stop() (in module salt.modules.service), 800 status() (in module salt.modules.daemontools), 529 stop() (in module salt.modules.sm), 806 status() (in module salt.modules.debian_service), 536 stop() (in module salt.modules.supervisord), 831 status() (in module salt.modules.freebsdjail), 586 stop() (in module salt.modules.systemd), 842 status() (in module salt.modules.freebsdservice), 593 stop() (in module salt.modules.tomcat), 854 status() (in module salt.modules.gentoo_service), 597 stop() (in module salt.modules.upstart), 857 status() (in module salt.modules.git), 605 stop() (in module salt.modules.virt), 865 status() (in module salt.modules.glusterfs), 608 stop() (in module salt.modules.win_service), 886 status() (in module salt.modules.launchctl), 642 stop() (in module salt.runners.lxc), 1014 status() (in module salt.modules.memcached), 677 stop() (in module salt.states.modjk_worker), 1173 status() (in module salt.modules.mysql), 691 stop_app() (in module salt.modules.rabbitmq), 771 status() (in module salt.modules.netbsdservice), 697 stop_time_service() (in module status() (in module salt.modules.nginx), 705 salt.modules.win_system), 889 status() (in module salt.modules.openbsdservice), 715 stop_volume() (in module salt.modules.glusterfs), 608</p><p>1520 Index Salt Documentation, Release 2014.7.6 stopped() (in module salt.states.lxc), 1169 syncdb() (in module salt.modules.djangomod), 539 stp() (in module salt.modules.bridge), 507 Syndic, 1463 str_encode() (in module salt.modules.mod_random), 679 syndic_log_ﬁle string() (in module salt.states.redismod), 1214 conf/master, 425 stringify() (in module salt.modules.pkg_resource), 732 syndic_master submodule() (in module salt.modules.git), 605 conf/master, 424 subnets() (in module salt.modules.network), 700 syndic_master_log_ﬁle subnets() (in module salt.modules.win_network), 879 conf/master, 425 succeed_with_changes() (in module salt.states.test), 1231 syndic_master_port succeed_without_changes() (in module salt.states.test), conf/master, 425 1231 sysctl() (in module salt.modules.freebsdjail), 586 summary() (in module salt.modules.monit), 684 system() (in module salt.states.keyboard), 1161 summary() (in module salt.modules.puppet), 762 system() (in module salt.states.locale), 1165 suspend() (in module salt.modules.nova), 709 system() (in module salt.states.network), 1183 svnfs_branches system() (in module salt.states.timezone), 1231 conf/master, 420 system_types() (in module salt.modules.parted), 725 svnfs_env_blacklist systemctl_reload() (in module salt.modules.systemd), 842 conf/master, 420 svnfs_env_whitelist T conf/master, 420 tables() (in module salt.modules.sqlite3), 822 svnfs_mountpoint tag() (in module salt.modules.dockerio), 552 conf/master, 419 take_action() (in module salt.cloud.clouds.joyent), 354 svnfs_remotes tar() (in module salt.modules.archive), 481 conf/master, 418 Target, 1463 svnfs_root targets() (in module salt.roster.ﬂat), 1005 conf/master, 419 targets() (in module salt.roster.scan), 1005 svnfs_tags targets() (salt.roster.ﬂat.RosterMatcher method), 1005 conf/master, 420 targets() (salt.roster.scan.RosterMatcher method), 1005 svnfs_trunk tcp_pub_port conf/master, 419 conf/minion, 434 SvnPillar (class in salt.pillar.svn_pillar), 963 tcp_pull_port swap() (in module salt.states.mount), 1176 conf/minion, 434 swap_memory() (in module salt.modules.ps), 759 template() (in module salt.modules.state), 827 swapoﬀ() (in module salt.modules.mount), 686 template_str() (in module salt.modules.state), 827 swapon() (in module salt.modules.mount), 686 templates() (in module salt.modules.lxc), 659 swaps() (in module salt.modules.mount), 686 tenant_absent() (in module salt.states.keystone), 1163 switch() (in module salt.modules.svn), 834 tenant_create() (in module salt.modules.keystone), 638 symlink() (in module salt.modules.ﬁle), 583 tenant_delete() (in module salt.modules.keystone), 638 symlink() (in module salt.modules.win_ﬁle), 874 tenant_get() (in module salt.modules.keystone), 638 symlink() (in module salt.states.ﬁle), 1140 tenant_list() (in module salt.modules.keystone), 639 symlink_list() (in module salt.ﬁleserver.gitfs), 454 tenant_present() (in module salt.states.keystone), 1163 symlink_list() (in module salt.ﬁleserver.roots), 456 tenant_update() (in module salt.modules.keystone), 639 symlink_list() (in module salt.runners.ﬁleserver), 1011 term() (in module salt.modules.daemontools), 529 sync() (in module salt.modules.eix), 558 term_job() (in module salt.modules.saltutil), 794 sync() (in module salt.modules.layman), 643 test sync_all() (in module salt.modules.saltutil), 793 conf/master, 411 sync_contains() (in module salt.modules.makecon), 670 test() (in module salt.modules.ipset), 630 sync_grains() (in module salt.modules.saltutil), 793 threads() (in module salt.modules.sysbench), 837 sync_modules() (in module salt.modules.saltutil), 793 time() (in module salt.modules.redismod), 778 sync_outpuers() (in module salt.modules.saltutil), 793 TimedProcTimeoutError, 462, 464 sync_renderers() (in module salt.modules.saltutil), 793 timeout sync_returners() (in module salt.modules.saltutil), 793 conf/master, 404 sync_states() (in module salt.modules.saltutil), 793 toggle() (in module salt.modules.parted), 725 sync_utils() (in module salt.modules.saltutil), 794 token_expire</p><p>Index 1521 Salt Documentation, Release 2014.7.6</p><p> conf/master, 408 uninstall() (in module salt.modules.gem), 594 token_get() (in module salt.modules.keystone), 639 uninstall() (in module salt.modules.npm), 711 TokenAuthenticationError, 462, 464 uninstall() (in module salt.modules.pecl), 726 tokenize_grant() (in module salt.modules.mysql), 691 uninstall() (in module salt.modules.pip), 730 Top File, 1463 uninstall_python() (in module salt.modules.pyenv), 765 top() (in module salt.modules.dockerio), 552 uninstall_ruby() (in module salt.modules.rbenv), 774 top() (in module salt.modules.ps), 759 unlock() (in module salt.states.zk_concurrency), 1244 top() (in module salt.modules.state), 827 unmonitor() (in module salt.modules.monit), 684 top() (in module salt.tops.cobbler), 1250 unmounted() (in module salt.states.mount), 1176 top() (in module salt.tops.ext_nodes), 1250 unpack() (in module salt.modules.genesis), 596 top() (in module salt.tops.mongo), 1251 unpair() (in module salt.modules.bluez), 488 top() (in module salt.tops.reclass_adapter), 1252 unpurge() (in module salt.modules.dpkg), 553 total_physical_memory() (in module salt.modules.ps), unrar() (in module salt.modules.archive), 482 759 unzip() (in module salt.modules.archive), 482 touch() (in module salt.modules.ﬁle), 583 up() (in module salt.modules.debian_ip), 535 touch() (in module salt.states.ﬁle), 1141 up() (in module salt.modules.rh_ip), 782 tpstats() (in module salt.modules.cassandra), 509 up() (in module salt.runners.manage), 1016 traceroute() (in module salt.modules.network), 700 update() (in module salt.ﬁleserver.gitfs), 454 traceroute() (in module salt.modules.win_network), 879 update() (in module salt.ﬁleserver.hgfs), 455 tree() (in module salt.modules.augeas_cfg), 485 update() (in module salt.ﬁleserver.minionfs), 456 tree() (in module salt.modules.etcd_mod), 562 update() (in module salt.ﬁleserver.roots), 456 trim_cﬂags() (in module salt.modules.makecon), 670 update() (in module salt.ﬁleserver.s3fs), 458 trim_cxxﬂags() (in module salt.modules.makecon), 671 update() (in module salt.ﬁleserver.svnfs), 459 trim_emerge_default_opts() (in module update() (in module salt.modules.boto_asg), 491 salt.modules.makecon), 671 update() (in module salt.modules.chocolatey), 513 trim_features() (in module salt.modules.makecon), 671 update() (in module salt.modules.composer), 521 trim_gentoo_mirrors() (in module update() (in module salt.modules.data), 531 salt.modules.makecon), 671 update() (in module salt.modules.ddns), 531 trim_makeopts() (in module salt.modules.makecon), 671 update() (in module salt.modules.ebuild), 557 trim_var() (in module salt.modules.makecon), 672 update() (in module salt.modules.eix), 558 truncate() (in module salt.modules.ﬁle), 583 update() (in module salt.modules.freebsdports), 591 y() (in module salt.modules.cmdmod), 520 update() (in module salt.modules.gem), 595 y() (in module salt.modules.test), 845 update() (in module salt.modules.hg), 619 tune() (in module salt.modules.blockdev), 487 update() (in module salt.modules.mine), 678 tune() (in module salt.modules.extfs), 564 update() (in module salt.modules.pecl), 726 tuned() (in module salt.states.blockdev), 1084 update() (in module salt.modules.pyenv), 766 TXT() (in module salt.modules.dig), 538 update() (in module salt.modules.rbenv), 774 update() (in module salt.modules.saltutil), 794 U update() (in module salt.modules.serverdensity_device), uid_to_user() (in module salt.modules.ﬁle), 583 799 uid_to_user() (in module salt.modules.win_ﬁle), 874 update() (in module salt.modules.supervisord), 832 umount() (in module salt.modules.mount), 686 update() (in module salt.modules.svn), 835 umount_image() (in module salt.modules.img), 621 update() (in module salt.pillar.git_pillar), 955 unblock() (in module salt.modules.bluez), 488 update() (in module salt.runners.ﬁleserver), 1011 uncomment() (in module salt.modules.ﬁle), 583 update() (in module salt.runners.git_pillar), 1012 uncomment() (in module salt.states.ﬁle), 1141 update() (in module salt.states.composer), 1111 undeﬁne() (in module salt.modules.virt), 865 update() (salt.pillar.git_pillar.GitPillar method), 955 undeploy() (in module salt.modules.tomcat), 854 update() (salt.pillar.svn_pillar.SvnPillar method), 963 undeployed() (in module salt.states.tomcat), 1232 update_git_repos() (in module salt.modules.win_repo), unfreeze() (in module salt.modules.lxc), 659 883 unfreeze() (in module salt.runners.lxc), 1014 update_git_repos() (in module salt.runners.winrepo), unhold() (in module salt.modules.aptpkg), 480 1024 unhold() (in module salt.modules.yumpkg), 906 update_installed() (in module uninstall() (in module salt.modules.chocolatey), 513 salt.modules.smartos_imgadm), 802</p><p>1522 Index Salt Documentation, Release 2014.7.6 update_jail() (in module salt.modules.poudriere), 755 user update_lxc_conf() (in module salt.modules.lxc), 659 conf/master, 402 update_package_site() (in module salt.modules.pkgng), conf/minion, 431 744 user_absent() (in module salt.states.keystone), 1163 update_packaging_site() (in module salt.states.pkgng), user_chpass() (in module salt.modules.inﬂux), 624 1198 user_chpass() (in module salt.modules.mysql), 691 update_ports_tree() (in module salt.modules.poudriere), user_create() (in module salt.modules.inﬂux), 624 755 user_create() (in module salt.modules.keystone), 639 update_record() (in module salt.modules.boto_route53), user_create() (in module salt.modules.mongodb), 683 501 user_create() (in module salt.modules.mysql), 692 update_restart_services user_create() (in module salt.modules.postgres), 753 conf/minion, 442 user_delete() (in module salt.modules.keystone), 639 update_system() (in module salt.modules.gem), 595 user_exists() (in module salt.modules.inﬂux), 625 update_url user_exists() (in module salt.modules.mongodb), 683 conf/minion, 442 user_exists() (in module salt.modules.mysql), 692 updatedb() (in module salt.modules.locate), 648 user_exists() (in module salt.modules.postgres), 753 updating() (in module salt.modules.pkgng), 744 user_exists() (in module salt.modules.rabbitmq), 771 upgrade() (in module salt.modules.aptpkg), 480 user_exists() (in module salt.states.htpasswd), 1151 upgrade() (in module salt.modules.brew), 506 user_get() (in module salt.modules.keystone), 639 upgrade() (in module salt.modules.ebuild), 557 user_grants() (in module salt.modules.mysql), 693 upgrade() (in module salt.modules.freebsdpkg), 589 user_info() (in module salt.modules.mysql), 693 upgrade() (in module salt.modules.macports), 664 user_keys() (in module salt.modules.ssh), 824 upgrade() (in module salt.modules.pacman), 720 user_list() (in module salt.modules.inﬂux), 625 upgrade() (in module salt.modules.pkgin), 734 user_list() (in module salt.modules.keystone), 639 upgrade() (in module salt.modules.pkgng), 744 user_list() (in module salt.modules.mongodb), 683 upgrade() (in module salt.modules.pkgutil), 747 user_list() (in module salt.modules.mysql), 693 upgrade() (in module salt.modules.sowareupdate), 808 user_list() (in module salt.modules.postgres), 754 upgrade() (in module salt.modules.win_pkg), 882 user_password_update() (in module upgrade() (in module salt.modules.yumpkg), 906 salt.modules.keystone), 640 upgrade() (in module salt.modules.zypper), 914 user_present() (in module salt.states.keystone), 1163 upgrade_available() (in module salt.modules.aptpkg), 480 user_remove() (in module salt.modules.inﬂux), 626 upgrade_available() (in module salt.modules.brew), 506 user_remove() (in module salt.modules.mongodb), 683 upgrade_available() (in module salt.modules.ebuild), 557 user_remove() (in module salt.modules.mysql), 693 upgrade_available() (in module salt.modules.macports), user_remove() (in module salt.modules.postgres), 754 664 user_role_add() (in module salt.modules.keystone), 640 upgrade_available() (in module salt.modules.pacman), user_role_list() (in module salt.modules.keystone), 640 720 user_role_remove() (in module salt.modules.keystone), upgrade_available() (in module salt.modules.pkgutil), 640 748 user_to_uid() (in module salt.modules.ﬁle), 584 upgrade_available() (in module user_to_uid() (in module salt.modules.win_ﬁle), 874 salt.modules.sowareupdate), 809 user_update() (in module salt.modules.keystone), 640 upgrade_available() (in module salt.modules.solarispkg), user_update() (in module salt.modules.postgres), 754 815 user_verify_password() (in module upgrade_available() (in module salt.modules.win_pkg), salt.modules.keystone), 640 882 useradd() (in module salt.modules.apache), 474 upgrade_available() (in module salt.modules.yumpkg), useradd() (in module salt.modules.htpasswd), 620 907 useradd_all() (in module salt.modules.htpasswd), 620 upgrade_available() (in module salt.modules.zypper), 914 userdel() (in module salt.modules.apache), 474 upgrade_bootstrap() (in module userdel() (in module salt.modules.htpasswd), 620 salt.modules.zcbuildout), 909 ustring() (salt.output.nested.NestDisplay method), 944 uptime() (in module salt.modules.status), 829 uptodate() (in module salt.states.pkg), 1198 V usage() (in module salt.modules.disk), 539 valid_ﬁleproto() (in module salt.modules.conﬁg), 523 usage() (in module salt.modules.win_disk), 868 values() (in module salt.wheel.conﬁg), 1253</p><p>Index 1523 Salt Documentation, Release 2014.7.6 var_contains() (in module salt.modules.makecon), 672 version() (in module salt.modules.zypper), 914 vcpu_pin() (in module salt.modules.xapi), 896 version_clean() (in module salt.modules.ebuild), 557 verify() (in module salt.modules.rpm), 785 version_clean() (in module salt.modules.pkg_resource), verify() (in module salt.modules.yumpkg), 907 732 verify_env version_cmp() (in module salt.modules.aptpkg), 480 conf/master, 403 version_cmp() (in module salt.modules.ebuild), 557 conf/minion, 432 versions() (in module salt.modules.pyenv), 766 verify_master_pubkey_sign versions() (in module salt.modules.rbenv), 774 conf/minion, 439 versions() (in module salt.runners.manage), 1016 version() (in module salt.modules.apache), 474 versions_information() (in module salt.modules.test), 846 version() (in module salt.modules.aptpkg), 480 versions_report() (in module salt.modules.test), 846 version() (in module salt.modules.bluez), 489 vg_absent() (in module salt.states.lvm), 1166 version() (in module salt.modules.brew), 506 vg_present() (in module salt.states.lvm), 1166 version() (in module salt.modules.cassandra), 509 vgcreate() (in module salt.modules.linux_lvm), 646 version() (in module salt.modules.chocolatey), 513 vgdisplay() (in module salt.modules.linux_lvm), 646 version() (in module salt.modules.dnsmasq), 540 vgremove() (in module salt.modules.linux_lvm), 646 version() (in module salt.modules.dockerio), 552 vhost_exists() (in module salt.modules.rabbitmq), 771 version() (in module salt.modules.ebuild), 557 vhosts() (in module salt.modules.apache), 474 version() (in module salt.modules.freebsdpkg), 590 virt_type() (in module salt.modules.virt), 866 version() (in module salt.modules.grub_legacy), 614 virtual_interface_create() (in module version() (in module salt.modules.hadoop), 615 salt.cloud.clouds.nova), 363 version() (in module salt.modules.ipset), 630 virtual_interface_create() (in module version() (in module salt.modules.iptables), 634 salt.modules.cloud), 515 version() (in module salt.modules.linux_acl), 645 virtual_interface_list() (in module version() (in module salt.modules.linux_lvm), 646 salt.cloud.clouds.nova), 363 version() (in module salt.modules.locate), 649 virtual_interface_list() (in module salt.modules.cloud), version() (in module salt.modules.macports), 665 515 version() (in module salt.modules.modjk), 681 virtual_memory() (in module salt.modules.ps), 759 version() (in module salt.modules.mysql), 693 vm_cputime() (in module salt.modules.virt), 866 version() (in module salt.modules.nables), 704 vm_cputime() (in module salt.modules.xapi), 897 version() (in module salt.modules.nginx), 705 vm_diskstats() (in module salt.modules.virt), 866 version() (in module salt.modules.openbsdpkg), 713 vm_diskstats() (in module salt.modules.xapi), 897 version() (in module salt.modules.oracle), 717 vm_info() (in module salt.modules.smartos_vmadm), 804 version() (in module salt.modules.pacman), 720 vm_info() (in module salt.modules.virt), 866 version() (in module salt.modules.pip), 731 vm_info() (in module salt.modules.xapi), 897 version() (in module salt.modules.pkg_resource), 732 vm_info() (in module salt.runners.virt), 1024 version() (in module salt.modules.pkgin), 735 vm_netstats() (in module salt.modules.virt), 867 version() (in module salt.modules.pkgng), 745 vm_netstats() (in module salt.modules.xapi), 897 version() (in module salt.modules.pkgutil), 748 vm_state() (in module salt.modules.virt), 867 version() (in module salt.modules.postgres), 754 vm_state() (in module salt.modules.xapi), 898 version() (in module salt.modules.poudriere), 756 vm_virt_type() (in module version() (in module salt.modules.rest_package), 779 salt.modules.smartos_vmadm), 804 version() (in module salt.modules.rsync), 786 vmstats() (in module salt.modules.status), 829 version() (in module salt.modules.smartos_imgadm), 803 volume_absent() (in module salt.states.cloud), 1103 version() (in module salt.modules.solarispkg), 815 volume_aach() (in module salt.cloud.clouds.nova), 363 version() (in module salt.modules.solr), 821 volume_aach() (in module salt.modules.cloud), 515 version() (in module salt.modules.sqlite3), 822 volume_aach() (in module salt.modules.nova), 709 version() (in module salt.modules.status), 829 volume_aached() (in module salt.states.cloud), 1103 version() (in module salt.modules.test), 845 volume_create() (in module salt.cloud.clouds.nova), 363 version() (in module salt.modules.tomcat), 855 volume_create() (in module salt.modules.cloud), 516 version() (in module salt.modules.varnish), 860 volume_create() (in module salt.modules.nova), 709 version() (in module salt.modules.win_pkg), 882 volume_create_aach() (in module version() (in module salt.modules.yumpkg), 907 salt.cloud.clouds.nova), 363 version() (in module salt.modules.znc), 910 volume_delete() (in module salt.cloud.clouds.nova), 363</p><p>1524 Index Salt Documentation, Release 2014.7.6 volume_delete() (in module salt.modules.cloud), 516 wm_preferences() (in module salt.states.gnomedesktop), volume_delete() (in module salt.modules.nova), 709 1147 volume_detach() (in module salt.cloud.clouds.nova), 363 wol() (in module salt.runners.network), 1016 volume_detach() (in module salt.modules.cloud), 516 wollist() (in module salt.runners.network), 1016 volume_detach() (in module salt.modules.nova), 710 Worker, 1463 volume_detached() (in module salt.states.cloud), 1103 worker_activate() (in module salt.modules.modjk), 681 volume_list() (in module salt.cloud.clouds.nova), 363 worker_activated() (in module salt.states.modjk), 1171 volume_list() (in module salt.modules.cloud), 516 worker_disable() (in module salt.modules.modjk), 681 volume_list() (in module salt.modules.nova), 710 worker_disabled() (in module salt.states.modjk), 1172 volume_present() (in module salt.states.cloud), 1103 worker_edit() (in module salt.modules.modjk), 681 volume_show() (in module salt.modules.nova), 710 worker_recover() (in module salt.modules.modjk), 681 worker_recover() (in module salt.states.modjk), 1172 W worker_status() (in module salt.modules.modjk), 682 w() (in module salt.modules.status), 829 worker_stop() (in module salt.modules.modjk), 682 wait() (in module salt.modules.dockerio), 552 worker_stopped() (in module salt.states.modjk), 1172 wait() (in module salt.states.cmd), 1108 worker_threads wait() (in module salt.states.event), 1122 conf/master, 402 wait() (in module salt.states.module), 1174 workers() (in module salt.modules.modjk), 682 wait() (in module salt.states.tomcat), 1233 wrapper() (in module salt.modules.rvm), 788 wait_call() (in module salt.states.cmd), 1109 write() (in module salt.modules.ﬁle), 584 wait_for_created() (in module write() (in module salt.wheel.ﬁle_roots), 1253 salt.cloud.clouds.proxmox), 370 write() (in module salt.wheel.pillar_roots), 1254 wait_for_event() (in module salt.states.saltmod), 1219 write_conf() (in module salt.modules.lxc), 659 wait_for_instance() (in module salt.cloud.clouds.ec2), 345 write_cron_ﬁle() (in module salt.modules.cron), 528 wait_for_state() (in module salt.cloud.clouds.proxmox), write_cron_ﬁle_verbose() (in module salt.modules.cron), 370 528 wait_script() (in module salt.states.cmd), 1109 write_cron_ﬁle_verbose() (in module wait_until() (in module salt.cloud.clouds.parallels), 368 salt.modules.incron), 622 waitfor_job() (in module salt.cloud.clouds.linode), 358 write_incron_ﬁle() (in module salt.modules.incron), 622 waitfor_status() (in module salt.cloud.clouds.linode), 358 write_launchd_plist() (in module salt.runners.launchd), war_deployed() (in module salt.states.tomcat), 1233 1012 warn() (in module salt.modules.quota), 768 Webhook (class in salt.netapi.rest_cherrypy.app), 926 X WebhookSaltAPIHandler (in module xorg() (in module salt.states.keyboard), 1161 salt.netapi.rest_tornado.saltnado), 939 WebsocketEndpoint (class in Y salt.netapi.rest_cherrypy.app), 930 yaml_utf8 wheel() (in module salt.modules.saltutil), 794 conf/master, 411 wheel() (in module salt.runners.doc), 1008 wheel() (in module salt.states.saltmod), 1219 Z wheel() (salt.netapi.NetapiClient method), 281 zcard() (in module salt.modules.redismod), 778 WheelClient (class in salt.wheel), 331 zero() (in module salt.modules.lvs), 652 which() (in module salt.modules.cmdmod), 520 zip_() (in module salt.modules.archive), 483 which() (in module salt.modules.pkgng), 745 zone_compare() (in module salt.modules.timezone), 847 which_bin() (in module salt.modules.cmdmod), 520 zone_compare() (in module salt.modules.win_timezone), win_gitrepos 890 conf/master, 429 zpool_list() (in module salt.modules.zpool), 911 win_repo zrange() (in module salt.modules.redismod), 778 conf/master, 428 win_repo_mastercacheﬁle conf/master, 428 wipe() (in module salt.modules.blockdev), 487 wipefacls() (in module salt.modules.linux_acl), 645 with_lists (salt.pillar.mysql.merger aribute), 959</p><p>Index 1525</p> </salt.modules.yumpkg.version></p></salt.modules.yumpkg.version></p></pre></div></section>
                                                        <img class="lazyload" data-src="https://ts2.mm.bing.net/th?q=Salt Documentation Release 2014.7.6 (2024)" alt="Salt Documentation Release 2014.7.6 (2024)" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/h8AAvMB+NzmkbcAAAAASUVORK5CYII="/>
                        <section>
                            
                        </section>
                    </article>
                                                                                                            <div class="text-2xl font-semibold mt-5 mb-5">Top Articles</div>
                            <div class="container-doc">
                                                                    <a  href="https://57021870.com/article/cranberry-orange-sauce-recipe/3473"  target="_blank"  rel="noopener"  class="group mb-20 flex flex-col items-center">



    <img class="lazyload h-56 object-cover" data-src="https://ts2.mm.bing.net/th?q=Cranberry Orange Sauce Recipe" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/h8AAvMB+NzmkbcAAAAASUVORK5CYII="/>
    <div class="group-hover:text-primary-500 block font-medium mt-5 text-2xl">
        Cranberry Orange Sauce Recipe
    </div>
</a>
                                                                    <a  href="https://57021870.com/article/instant-pot-tuscan-chicken-pasta-freezer-meal-recipe/3473"  target="_blank"  rel="noopener"  class="group mb-20 flex flex-col items-center">



    <img class="lazyload h-56 object-cover" data-src="https://ts2.mm.bing.net/th?q=Instant Pot Tuscan Chicken Pasta (Freezer Meal) Recipe" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/h8AAvMB+NzmkbcAAAAASUVORK5CYII="/>
    <div class="group-hover:text-primary-500 block font-medium mt-5 text-2xl">
        Instant Pot Tuscan Chicken Pasta (Freezer Meal) Recipe
    </div>
</a>
                                                                                                    <a  href="https://kirinawa.com/article/north-jersey-housing-wanted-craigslist"  target="_blank"  rel="noopener"  class="group mb-20 flex flex-col items-center">



    <img class="lazyload h-56 object-cover" data-src="https://ts2.mm.bing.net/th?q=north jersey housing &quot;wanted&quot; - craigslist" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/h8AAvMB+NzmkbcAAAAASUVORK5CYII="/>
    <div class="group-hover:text-primary-500 block font-medium mt-5 text-2xl">
        north jersey housing &quot;wanted&quot; - craigslist
    </div>
</a>
                <a  href="https://kirinawa.com/article/hawkview-retreat-pa-cost"  target="_blank"  rel="noopener nofollow"  class="group mb-20 flex flex-col items-center">



    <img class="lazyload h-56 object-cover" data-src="https://ts2.mm.bing.net/th?q=Hawkview Retreat Pa Cost" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/h8AAvMB+NzmkbcAAAAASUVORK5CYII="/>
    <div class="group-hover:text-primary-500 block font-medium mt-5 text-2xl">
        Hawkview Retreat Pa Cost
    </div>
</a>
                <a  href="https://listos.pics/article/racine-county-news-scanner-group"  target="_blank"  rel="noopener"  class="group mb-20 flex flex-col items-center">



    <img class="lazyload h-56 object-cover" data-src="https://ts2.mm.bing.net/th?q=Racine County News Scanner Group" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/h8AAvMB+NzmkbcAAAAASUVORK5CYII="/>
    <div class="group-hover:text-primary-500 block font-medium mt-5 text-2xl">
        Racine County News Scanner Group
    </div>
</a>
                <a  href="https://listos.pics/article/steel-beams-multiple-types-building-materials-materials-by-dealer-sale-craigslist"  target="_blank"  rel="noopener nofollow"  class="group mb-20 flex flex-col items-center">



    <img class="lazyload h-56 object-cover" data-src="https://ts2.mm.bing.net/th?q=STEEL BEAMS | Multiple Types | Building Materials - materials - by dealer - sale - craigslist" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/h8AAvMB+NzmkbcAAAAASUVORK5CYII="/>
    <div class="group-hover:text-primary-500 block font-medium mt-5 text-2xl">
        STEEL BEAMS | Multiple Types | Building Materials - materials - by dealer - sale - craigslist
    </div>
</a>
                <a  href="https://travelperuhotels.com/article/fantasy-baseball-weekend-preview-june-20-23"  target="_blank"  rel="noopener"  class="group mb-20 flex flex-col items-center">



    <img class="lazyload h-56 object-cover" data-src="https://ts2.mm.bing.net/th?q=Fantasy baseball: Weekend preview June 20-23" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/h8AAvMB+NzmkbcAAAAASUVORK5CYII="/>
    <div class="group-hover:text-primary-500 block font-medium mt-5 text-2xl">
        Fantasy baseball: Weekend preview June 20-23
    </div>
</a>
                <a  href="https://travelperuhotels.com/article/fantasy-baseball-pitcher-rankings-lineup-advice-for-friday-s-mlb-games"  target="_blank"  rel="noopener nofollow"  class="group mb-20 flex flex-col items-center">



    <img class="lazyload h-56 object-cover" data-src="https://ts2.mm.bing.net/th?q=Fantasy baseball pitcher rankings, lineup advice for Friday&#039;s MLB games" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/h8AAvMB+NzmkbcAAAAASUVORK5CYII="/>
    <div class="group-hover:text-primary-500 block font-medium mt-5 text-2xl">
        Fantasy baseball pitcher rankings, lineup advice for Friday&#039;s MLB games
    </div>
</a>
                <a  href="https://dyashl.cfd/article/age-of-war-kapitel-4-ist-da-jhebbal-sag-ruft-conan-exiles"  target="_blank"  rel="noopener nofollow"  class="group mb-20 flex flex-col items-center">



    <img class="lazyload h-56 object-cover" data-src="https://ts2.mm.bing.net/th?q=Age of War – Kapitel 4 ist da! Jhebbal Sag ruft! - Conan Exiles" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/h8AAvMB+NzmkbcAAAAASUVORK5CYII="/>
    <div class="group-hover:text-primary-500 block font-medium mt-5 text-2xl">
        Age of War – Kapitel 4 ist da! Jhebbal Sag ruft! - Conan Exiles
    </div>
</a>
                <a  href="https://dyashl.cfd/article/server-settings-explained-for-conan-exiles"  target="_blank"  rel="noopener"  class="group mb-20 flex flex-col items-center">



    <img class="lazyload h-56 object-cover" data-src="https://ts2.mm.bing.net/th?q=Server Settings Explained For Conan Exiles" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/h8AAvMB+NzmkbcAAAAASUVORK5CYII="/>
    <div class="group-hover:text-primary-500 block font-medium mt-5 text-2xl">
        Server Settings Explained For Conan Exiles
    </div>
</a>
                <a  href="https://travelperuhotels.com/article/fantasy-baseball-weekend-preview-june-20-23"  target="_blank"  rel="noopener"  class="group mb-20 flex flex-col items-center">



    <img class="lazyload h-56 object-cover" data-src="https://ts2.mm.bing.net/th?q=Fantasy baseball: Weekend preview June 20-23" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/h8AAvMB+NzmkbcAAAAASUVORK5CYII="/>
    <div class="group-hover:text-primary-500 block font-medium mt-5 text-2xl">
        Fantasy baseball: Weekend preview June 20-23
    </div>
</a>
                <a  href="https://travelperuhotels.com/article/fantasy-baseball-pitcher-rankings-lineup-advice-for-friday-s-mlb-games"  target="_blank"  rel="noopener"  class="group mb-20 flex flex-col items-center">



    <img class="lazyload h-56 object-cover" data-src="https://ts2.mm.bing.net/th?q=Fantasy baseball pitcher rankings, lineup advice for Friday&#039;s MLB games" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/h8AAvMB+NzmkbcAAAAASUVORK5CYII="/>
    <div class="group-hover:text-primary-500 block font-medium mt-5 text-2xl">
        Fantasy baseball pitcher rankings, lineup advice for Friday&#039;s MLB games
    </div>
</a>
                                                                </div>
                                                                <div class="text-2xl font-semibold mt-5 mb-5">Latest Posts</div>
                        <div class="container-doc">
                                                            <a  href="https://57021870.com/article/the-best-pancake-recipe-the-wholesome-dish/3473"  target="_blank"  rel="noopener"  class="group mb-20 flex flex-col items-center">



    <img class="lazyload h-56 object-cover" data-src="https://ts2.mm.bing.net/th?q=The Best Pancake Recipe - The Wholesome Dish" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/h8AAvMB+NzmkbcAAAAASUVORK5CYII="/>
    <div class="group-hover:text-primary-500 block font-medium mt-5 text-2xl">
        The Best Pancake Recipe - The Wholesome Dish
    </div>
</a>
                                                            <a  href="https://57021870.com/article/old-fashioned-homemade-fudge-recipe/3473"  target="_blank"  rel="noopener"  class="group mb-20 flex flex-col items-center">



    <img class="lazyload h-56 object-cover" data-src="https://ts2.mm.bing.net/th?q=Old-Fashioned Homemade Fudge Recipe" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/h8AAvMB+NzmkbcAAAAASUVORK5CYII="/>
    <div class="group-hover:text-primary-500 block font-medium mt-5 text-2xl">
        Old-Fashioned Homemade Fudge Recipe
    </div>
</a>
                                                    </div>
                    
                    <div class="pt-3 bg-white rounded-lg my-0">
        <form class="flex justify-center w-full px-5 pt-0 pb-5" target="_top" action="https://57021870.com/search-article">
    <input
        aria-label="keyword"
        type="text"
        name="keyword"
        class="search-input w-full"
        placeholder="Search for articles"
    />
    <button class="search-button" type="submit" value="Submit">
        <img width="18" height="18" src="/static-res/img/search.svg?id=b28071f3b9c4778b36f1" alt="Search" />
    </button>
    </form>
</div>
                    <div class="text-gray-700 bg-gray-200 rounded px-5 py-4 space-y-2 my-3">
    <div class="font-semibold text-center">Article information</div>
    <p><span class="font-semibold">Author</span>:  <span class="vcard"><a class="url fn" href="/">Trent Wehner</a></span> </p>
    <p><span class="font-semibold">Last Updated</span>:  <span class="posted-on"><time class="entry-date published" datetime="2024-07-05T11:15:53+07:00" itemprop="datePublished">2024-07-05T11:15:53+07:00</time></span> </p>
    <p><span class="font-semibold">Views</span>: 5891</p>
    <p><span class="font-semibold">Rating</span>: 4.6 / 5 (76 voted)</p>
    <p><span class="font-semibold">Reviews</span>: 91% of readers found this page helpful</p>
</div>
<div class="text-gray-700 bg-gray-200 rounded px-5 py-4 space-y-2 my-3">
    <div class="font-semibold text-center">Author information</div>
    <p><span class="font-semibold">Name</span>: Trent Wehner</p>
    <p><span class="font-semibold">Birthday</span>: 1993-03-14</p>
    <p><span class="font-semibold">Address</span>: 872 Kevin Squares, New Codyville, AK 01785-0416</p>
    <p><span class="font-semibold">Phone</span>: +18698800304764</p>
    <p><span class="font-semibold">Job</span>: Senior Farming Developer</p>
    <p><span class="font-semibold">Hobby</span>: Paintball, Calligraphy, Hunting, Flying disc, Lapidary, Rafting, Inline skating</p>
    <p><span class="font-semibold">Introduction</span>: My name is Trent Wehner, I am a talented, brainy, zealous, light, funny, gleaming, attractive person who loves writing and wants to share my knowledge and understanding with you.
            </p>
</div>
                </div>
            </section>
        </main>
        <aside class="right-container">
            <div class="hidden xl:block">
                    <div class="sticky" style="top: 0.5rem">
                                            </div>
    </div>

















        </aside>
    </div>
            </main>
    <footer class=" bg-white ">
    <div class="container mx-auto px-5 flex flex-col pt-8 pb-5 text-center sm:text-left xl:px-10">
                <div class="flex-wrap sm:flex">
            <div class="sm:w-1/2 lg:w-1/5">
                <div class="text-sm font-bold text-gray-600 uppercase">NAVIGATION</div>
                <ul class="mt-4">
                    <li class="mt-2">
                        <a href="https://57021870.com" title="Home">Home</a>
                    </li>
                                            <li class="mt-2">
                            <a target="_blank" href="https://57021870.com/page/dmca" title="DMCA">DMCA</a>
                        </li>
                                            <li class="mt-2">
                            <a target="_blank" href="https://57021870.com/page/privacy-policy" title="Privacy Policy">Privacy Policy</a>
                        </li>
                                    </ul>
            </div>

            <div class="mt-8 sm:w-1/2 sm:mt-0 lg:w-1/5 lg:mt-0">
                <div class="text-sm font-bold text-gray-600 uppercase">DISCOVER</div>
                <ul class="mt-4">
                                            <li class="mt-2">
                            <a target="_blank" href="https://57021870.com/page/terms-and-conditions" title="Terms And Conditions">Terms And Conditions</a>
                        </li>
                                            <li class="mt-2">
                            <a target="_blank" href="https://57021870.com/page/cookie-agreement" title="Cookie Agreement">Cookie Agreement</a>
                        </li>
                                            <li class="mt-2">
                            <a target="_blank" href="https://57021870.com/page/contacts" title="Contacts">Contacts</a>
                        </li>
                                    </ul>
            </div>

            <div class="mt-8 sm:w-1/2 sm:mt-12 lg:w-1/5 lg:mt-0">
                <div class="text-sm font-bold text-gray-600 uppercase">CONTACT US</div>
                <ul class="mt-4">
                    <li>
                        <a title="Email Contact Us" href="mailto:dinhthienvan1@gmail.com">
                            dinhthienvan1@gmail.com
                        </a>
                    </li>
                                                                        <li class="mt-2">
                                <a target="_blank" href="https://57021870.com/page/about-us" title="About Us">About Us</a>
                            </li>
                                                    <li class="mt-2">
                                <a target="_blank" href="https://57021870.com/page/disclaimer" title="Disclaimer">Disclaimer</a>
                            </li>
                                            


                </ul>
            </div>

            <div class="mt-8 sm:w-1/2 lg:w-2/5 lg:mt-0 lg:pl-12">

                <a href="https://57021870.com" class="text-xl font-bold tracking-wider text-primary-500">
                    57021870
                </a>

                <p class="mt-2 text-base text-gray-600 sm:text-justify text-center leading-7">
                    57021870 is a website that writes about many topics of interest to you, it&#039;s a blog that shares useful knowledge and insights for everyone about Everything.
                    <br />
                </p>

            </div>
        </div>

        <div
            class="mt-3 flex items-center flex-col sm:flex-row sm:justify-between"
        >
            <p class="text-sm text-gray-600 flex-bas">
                © 2024 57021870. All Rights Reserved.
            </p>
        </div>
    </div>
    </footer>

</div>
<div x-data="{ open: false }">
    <button class="hidden px-4 py-2 text-white bg-blue-500 rounded select-none no-outline focus:shadow-outline" @click="open = true" id="adblock">adblock</button>
    <div class="fixed z-10 inset-0 overflow-y-auto" aria-labelledby="modal-title" role="dialog" aria-modal="true" x-show="open" style="display: none" id="aaaaa-modal">
        <div class="flex items-end justify-center min-h-screen pt-4 px-4 pb-20 text-center sm:block sm:p-0">
            <div class="fixed inset-0 bg-gray-500 bg-opacity-95 transition-opacity" aria-hidden="true"></div>
            <span class="hidden sm:inline-block sm:align-middle sm:h-screen" aria-hidden="true">&#8203;</span>
            <div class="inline-block align-bottom bg-white rounded-lg text-left overflow-hidden shadow-xl transform transition-all sm:my-8 sm:align-middle sm:max-w-lg sm:w-full">
                <div class="bg-white px-4 pt-5 pb-4 sm:p-6 sm:pb-4">
                    <div class="sm:flex sm:items-start">
                        <div id="ic-warning" class="mx-auto flex-shrink-0 flex items-center justify-center h-12 w-12 rounded-full bg-red-100 sm:mx-0 sm:h-10 sm:w-10">
                            <svg class="h-6 w-6 text-red-600" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" aria-hidden="true">
                                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
                            </svg>
                        </div>
                        <div class="mt-3 text-center sm:mt-0 sm:ml-4 sm:text-left">
                            <div class="text-lg leading-6 font-medium text-gray-900" id="modal-title">
                                We notice you&#039;re using an ad blocker
                            </div>
                            <div class="mt-2">
                                <p class="text-sm text-gray-500">
                                    Without advertising income, we can&#039;t keep making this site awesome for you.
                                </p>
                            </div>
                        </div>
                    </div>
                </div>
                <div class="bg-gray-50 px-4 py-3 sm:px-6 flex-center">
                    <button onclick="location.reload();" type="button" class="w-full inline-flex justify-center rounded-md border border-transparent shadow-sm px-4 py-2 bg-red-600 text-base font-medium text-white hover:bg-red-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-red-500 sm:ml-3 sm:w-auto sm:text-sm">
                        I understand and have disabled ad blocking for this site
                    </button>
                </div>
            </div>
        </div>
    </div>
</div>
</body>
</html>