index.rst 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383
  1. .. _beacons:
  2. =======
  3. Beacons
  4. =======
  5. Beacons let you use the Salt event system to monitor non-Salt processes. The
  6. beacon system allows the minion to hook into a variety of system processes and
  7. continually monitor these processes. When monitored activity occurs in a system
  8. process, an event is sent on the Salt event bus that can be used to trigger a
  9. :ref:`reactor <reactor>`.
  10. Salt beacons can currently monitor and send Salt events for many system
  11. activities, including:
  12. - file system changes
  13. - system load
  14. - service status
  15. - shell activity, such as user login
  16. - network and disk usage
  17. See :ref:`beacon modules <all-salt.beacons>` for a current list.
  18. .. note::
  19. Salt beacons are an event generation mechanism. Beacons leverage the Salt
  20. :ref:`reactor <reactor>` system to make changes when beacon events occur.
  21. Configuring Beacons
  22. ===================
  23. Salt beacons do not require any changes to the system components that are being
  24. monitored, everything is configured using Salt.
  25. Beacons are typically enabled by placing a ``beacons:`` top level block in
  26. ``/etc/salt/minion`` or any file in ``/etc/salt/minion.d/`` such as
  27. ``/etc/salt/minion.d/beacons.conf`` or add it to pillars for that minion:
  28. .. code-block:: yaml
  29. beacons:
  30. inotify:
  31. - files:
  32. /etc/important_file: {}
  33. /opt: {}
  34. The beacon system, like many others in Salt, can also be configured via the
  35. minion pillar, grains, or local config file.
  36. .. note::
  37. The `inotify` beacon only works on OSes that have `inotify` kernel support.
  38. Currently this excludes FreeBSD, macOS, and Windows.
  39. All beacon configuration is done using list based configuration.
  40. .. versionadded:: Neon
  41. Multiple copies of a particular Salt beacon can be configured by including the ``beacon_module`` parameter in the beacon configuration.
  42. .. code-block:: yaml
  43. beacons:
  44. watch_importand_file:
  45. - files:
  46. /etc/important_file: {}
  47. - beacon_module: inotify
  48. watch_another_file:
  49. - files:
  50. /etc/another_file: {}
  51. - beacon_module: inotify
  52. Beacon Monitoring Interval
  53. --------------------------
  54. Beacons monitor on a 1-second interval by default. To set a different interval,
  55. provide an ``interval`` argument to a beacon. The following beacons run on 5-
  56. and 10-second intervals:
  57. .. code-block:: yaml
  58. beacons:
  59. inotify:
  60. - files:
  61. /etc/important_file: {}
  62. /opt: {}
  63. - interval: 5
  64. - disable_during_state_run: True
  65. load:
  66. - averages:
  67. 1m:
  68. - 0.0
  69. - 2.0
  70. 5m:
  71. - 0.0
  72. - 1.5
  73. 15m:
  74. - 0.1
  75. - 1.0
  76. - interval: 10
  77. .. _avoid-beacon-event-loops:
  78. Avoiding Event Loops
  79. --------------------
  80. It is important to carefully consider the possibility of creating a loop
  81. between a reactor and a beacon. For example, one might set up a beacon which
  82. monitors whether a file is read which in turn fires a reactor to run a state
  83. which in turn reads the file and re-fires the beacon.
  84. To avoid these types of scenarios, the ``disable_during_state_run`` argument
  85. may be set. If a state run is in progress, the beacon will not be run on its
  86. regular interval until the minion detects that the state run has completed, at
  87. which point the normal beacon interval will resume.
  88. .. code-block:: yaml
  89. beacons:
  90. inotify:
  91. - files:
  92. /etc/important_file: {}
  93. - disable_during_state_run: True
  94. .. _beacon-example:
  95. .. note::
  96. For beacon writers: If you need extra stuff to happen, like closing file
  97. handles for the ``disable_during_state_run`` to actually work, you can add
  98. a `close()` function to the beacon to run those extra things. See the
  99. `inotify` beacon.
  100. Beacon Example
  101. ==============
  102. This example demonstrates configuring the :py:mod:`~salt.beacons.inotify`
  103. beacon to monitor a file for changes, and then restores the file to its
  104. original contents if a change was made.
  105. .. note::
  106. The inotify beacon requires Pyinotify on the minion, install it using
  107. ``salt myminion pkg.install python-inotify``.
  108. Create Watched File
  109. -------------------
  110. Create the file named ``/etc/important_file`` and add some simple content:
  111. .. code-block:: yaml
  112. important_config: True
  113. Add Beacon Configs to Minion
  114. ----------------------------
  115. On the Salt minion, add the following configuration to
  116. ``/etc/salt/minion.d/beacons.conf``:
  117. .. code-block:: yaml
  118. beacons:
  119. inotify:
  120. - files:
  121. /etc/important_file:
  122. mask:
  123. - modify
  124. - disable_during_state_run: True
  125. Save the configuration file and restart the minion service. The beacon is now
  126. set up to notify salt upon modifications made to the file.
  127. .. note::
  128. The ``disable_during_state_run: True`` parameter :ref:`prevents
  129. <avoid-beacon-event-loops>` the inotify beacon from generating reactor
  130. events due to salt itself modifying the file.
  131. .. _beacon-event-bus:
  132. View Events on the Master
  133. -------------------------
  134. On your Salt master, start the event runner using the following command:
  135. .. code-block:: bash
  136. salt-run state.event pretty=true
  137. This runner displays events as they are received by the master on the Salt
  138. event bus. To test the beacon you set up in the previous section, make and save
  139. a modification to ``/etc/important_file``. You'll see an event similar to the
  140. following on the event bus:
  141. .. code-block:: json
  142. {
  143. "_stamp": "2015-09-09T15:59:37.972753",
  144. "data": {
  145. "change": "IN_IGNORED",
  146. "id": "larry",
  147. "path": "/etc/important_file"
  148. },
  149. "tag": "salt/beacon/larry/inotify//etc/important_file"
  150. }
  151. This indicates that the event is being captured and sent correctly. Now you can
  152. create a reactor to take action when this event occurs.
  153. Create a Reactor
  154. ----------------
  155. This reactor reverts the file named ``/etc/important_file`` to the contents
  156. provided by salt each time it is modified.
  157. Reactor SLS
  158. ```````````
  159. On your Salt master, create a file named ``/srv/reactor/revert.sls``.
  160. .. note::
  161. If the ``/srv/reactor`` directory doesn't exist, create it.
  162. .. code-block:: bash
  163. mkdir -p /srv/reactor
  164. Add the following to ``/srv/reactor/revert.sls``:
  165. .. code-block:: yaml
  166. revert-file:
  167. local.state.apply:
  168. - tgt: {{ data['data']['id'] }}
  169. - arg:
  170. - maintain_important_file
  171. .. note::
  172. In addition to :ref:`setting <avoid-beacon-event-loops>`
  173. ``disable_during_state_run: True`` for an inotify beacon whose reaction is
  174. to modify the watched file, it is important to ensure the state applied is
  175. also :term:`idempotent <Idempotent>`.
  176. .. note::
  177. The expression ``{{ data['data']['id'] }}`` :ref:`is correct
  178. <beacons-and-reactors>` as it matches the event structure :ref:`shown above
  179. <beacon-event-bus>`.
  180. State SLS
  181. `````````
  182. Create the state sls file referenced by the reactor sls file. This state file
  183. will be located at ``/srv/salt/maintain_important_file.sls``.
  184. .. code-block:: yaml
  185. important_file:
  186. file.managed:
  187. - name: /etc/important_file
  188. - contents: |
  189. important_config: True
  190. Master Config
  191. `````````````
  192. Configure the master to map the inotify beacon event to the ``revert`` reaction
  193. in ``/etc/salt/master.d/reactor.conf``:
  194. .. code-block:: yaml
  195. reactor:
  196. - salt/beacon/*/inotify//etc/important_file:
  197. - /srv/reactor/revert.sls
  198. .. note::
  199. You can have only one top level ``reactor`` section, so if one already
  200. exists, add this code to the existing section. See :ref:`here
  201. <reactor-sls>` to learn more about reactor SLS syntax.
  202. Start the Salt Master in Debug Mode
  203. -----------------------------------
  204. To help with troubleshooting, start the Salt master in debug mode:
  205. .. code-block:: bash
  206. service salt-master stop
  207. salt-master -l debug
  208. When debug logging is enabled, event and reactor data are displayed so you can
  209. discover syntax and other issues.
  210. Trigger the Reactor
  211. -------------------
  212. On your minion, make and save another change to ``/etc/important_file``. On the
  213. Salt master, you'll see debug messages that indicate the event was received and
  214. the ``state.apply`` job was sent. When you inspect the file on the minion,
  215. you'll see that the file contents have been restored to ``important_config:
  216. True``.
  217. All beacons are configured using a similar process of enabling the beacon,
  218. writing a reactor SLS (and state SLS if needed), and mapping a beacon event to
  219. the reactor SLS.
  220. .. _writing-beacons:
  221. Writing Beacon Plugins
  222. ======================
  223. Beacon plugins use the standard Salt loader system, meaning that many of the
  224. constructs from other plugin systems holds true, such as the ``__virtual__``
  225. function.
  226. The important function in the Beacon Plugin is the ``beacon`` function. When
  227. the beacon is configured to run, this function will be executed repeatedly by
  228. the minion. The ``beacon`` function therefore cannot block and should be as
  229. lightweight as possible. The ``beacon`` also must return a list of dicts, each
  230. dict in the list will be translated into an event on the master.
  231. Beacons may also choose to implement a ``validate`` function which
  232. takes the beacon configuration as an argument and ensures that it
  233. is valid prior to continuing. This function is called automatically
  234. by the Salt loader when a beacon is loaded.
  235. Please see the :py:mod:`~salt.beacons.inotify` beacon as an example.
  236. The `beacon` Function
  237. ---------------------
  238. The beacons system will look for a function named `beacon` in the module. If
  239. this function is not present then the beacon will not be fired. This function
  240. is called on a regular basis and defaults to being called on every iteration of
  241. the minion, which can be tens to hundreds of times a second. This means that
  242. the `beacon` function cannot block and should not be CPU or IO intensive.
  243. The beacon function will be passed in the configuration for the executed
  244. beacon. This makes it easy to establish a flexible configuration for each
  245. called beacon. This is also the preferred way to ingest the beacon's
  246. configuration as it allows for the configuration to be dynamically updated
  247. while the minion is running by configuring the beacon in the minion's pillar.
  248. The Beacon Return
  249. -----------------
  250. The information returned from the beacon is expected to follow a predefined
  251. structure. The returned value needs to be a list of dictionaries (standard
  252. python dictionaries are preferred, no ordered dicts are needed).
  253. The dictionaries represent individual events to be fired on the minion and
  254. master event buses. Each dict is a single event. The dict can contain any
  255. arbitrary keys but the 'tag' key will be extracted and added to the tag of the
  256. fired event.
  257. The return data structure would look something like this:
  258. .. code-block:: python
  259. [{'changes': ['/foo/bar'], 'tag': 'foo'},
  260. {'changes': ['/foo/baz'], 'tag': 'bar'}]
  261. Calling Execution Modules
  262. -------------------------
  263. Execution modules are still the preferred location for all work and system
  264. interaction to happen in Salt. For this reason the `__salt__` variable is
  265. available inside the beacon.
  266. Please be careful when calling functions in `__salt__`, while this is the
  267. preferred means of executing complicated routines in Salt not all of the
  268. execution modules have been written with beacons in mind. Watch out for
  269. execution modules that may be CPU intense or IO bound. Please feel free to add
  270. new execution modules and functions to back specific beacons.
  271. Distributing Custom Beacons
  272. ---------------------------
  273. Custom beacons can be distributed to minions via the standard methods, see
  274. :ref:`Modular Systems <modular-systems>`.