2014-01-30 18:48:20 +00:00
|
|
|
.. _reactor:
|
|
|
|
|
2014-04-30 01:56:38 +00:00
|
|
|
.. index:: ! Reactor, Salt Reactor
|
|
|
|
seealso: Event; Reactor
|
2014-03-02 06:21:12 +00:00
|
|
|
|
2012-12-18 23:33:59 +00:00
|
|
|
==============
|
|
|
|
Reactor System
|
|
|
|
==============
|
|
|
|
|
2015-12-22 20:38:33 +00:00
|
|
|
Salt's Reactor system gives Salt the ability to trigger actions in response to
|
|
|
|
an event. It is a simple interface to watching Salt's event bus for event tags
|
|
|
|
that match a given pattern and then running one or more commands in response.
|
2012-12-20 15:22:31 +00:00
|
|
|
|
|
|
|
This system binds sls files to event tags on the master. These sls files then
|
|
|
|
define reactions. This means that the reactor system has two parts. First, the
|
|
|
|
reactor option needs to be set in the master configuration file. The reactor
|
|
|
|
option allows for event tags to be associated with sls reaction files. Second,
|
2013-02-07 21:55:15 +00:00
|
|
|
these reaction files use highdata (like the state system) to define reactions
|
|
|
|
to be executed.
|
2012-12-20 05:09:44 +00:00
|
|
|
|
|
|
|
Event System
|
|
|
|
============
|
|
|
|
|
|
|
|
A basic understanding of the event system is required to understand reactors.
|
|
|
|
The event system is a local ZeroMQ PUB interface which fires salt events. This
|
|
|
|
event bus is an open system used for sending information notifying Salt and
|
|
|
|
other systems about operations.
|
|
|
|
|
2012-12-20 15:22:31 +00:00
|
|
|
The event system fires events with a very specific criteria. Every event has a
|
2013-11-26 17:21:57 +00:00
|
|
|
:strong:`tag`. Event tags allow for fast top level filtering of events. In
|
|
|
|
addition to the tag, each event has a data structure. This data structure is a
|
|
|
|
dict, which contains information about the event.
|
2012-12-20 05:09:44 +00:00
|
|
|
|
2015-09-09 17:16:55 +00:00
|
|
|
.. _reactor-mapping-events:
|
|
|
|
|
2012-12-20 05:09:44 +00:00
|
|
|
Mapping Events to Reactor SLS Files
|
|
|
|
===================================
|
|
|
|
|
2013-10-28 15:43:59 +00:00
|
|
|
Reactor SLS files and event tags are associated in the master config file.
|
|
|
|
By default this is /etc/salt/master, or /etc/salt/master.d/reactor.conf.
|
|
|
|
|
2014-10-22 21:03:06 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
|
|
|
Added Reactor support for ``salt://`` file paths.
|
|
|
|
|
2013-10-28 15:43:59 +00:00
|
|
|
In the master config section 'reactor:' is a list of event tags to be matched
|
|
|
|
and each event tag has a list of reactor SLS files to be run.
|
2012-12-20 05:09:44 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2014-08-21 03:00:05 +00:00
|
|
|
reactor: # Master config section "reactor"
|
2013-11-26 17:21:57 +00:00
|
|
|
|
2014-08-21 03:00:05 +00:00
|
|
|
- 'salt/minion/*/start': # Match tag "salt/minion/*/start"
|
|
|
|
- /srv/reactor/start.sls # Things to do when a minion starts
|
|
|
|
- /srv/reactor/monitor.sls # Other things to do
|
2013-10-28 15:43:59 +00:00
|
|
|
|
2015-07-27 07:02:31 +00:00
|
|
|
- 'salt/cloud/*/destroyed': # Globs can be used to match tags
|
2014-08-21 02:59:48 +00:00
|
|
|
- /srv/reactor/destroy/*.sls # Globs can be used to match file names
|
2013-10-28 15:43:59 +00:00
|
|
|
|
2014-08-21 03:13:40 +00:00
|
|
|
- 'myco/custom/event/tag': # React to custom event tags
|
2016-07-08 21:15:27 +00:00
|
|
|
- salt://reactor/mycustom.sls # Reactor files can come from the salt fileserver
|
2013-10-28 15:43:59 +00:00
|
|
|
|
2016-07-08 21:15:27 +00:00
|
|
|
.. note::
|
|
|
|
In the above example, ``salt://reactor/mycustom.sls`` refers to the
|
|
|
|
``base`` environment. To pull this file from a different environment, use
|
|
|
|
the :ref:`querystring syntax <querystring-syntax>` (e.g.
|
|
|
|
``salt://reactor/mycustom.sls?saltenv=reactor``).
|
2013-10-28 15:43:59 +00:00
|
|
|
|
|
|
|
Reactor sls files are similar to state and pillar sls files. They are
|
2014-08-11 17:46:43 +00:00
|
|
|
by default yaml + Jinja templates and are passed familiar context variables.
|
2013-10-28 15:43:59 +00:00
|
|
|
|
2014-01-27 02:38:03 +00:00
|
|
|
They differ because of the addition of the ``tag`` and ``data`` variables.
|
2013-10-28 15:43:59 +00:00
|
|
|
|
|
|
|
- The ``tag`` variable is just the tag in the fired event.
|
|
|
|
- The ``data`` variable is the event's data dict.
|
|
|
|
|
|
|
|
Here is a simple reactor sls:
|
2012-12-20 05:09:44 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
{% if data['id'] == 'mysql1' %}
|
|
|
|
highstate_run:
|
2016-03-22 03:56:17 +00:00
|
|
|
local.state.apply:
|
2012-12-20 05:09:44 +00:00
|
|
|
- tgt: mysql1
|
|
|
|
{% endif %}
|
|
|
|
|
2013-03-18 19:59:27 +00:00
|
|
|
This simple reactor file uses Jinja to further refine the reaction to be made.
|
2013-08-12 03:17:47 +00:00
|
|
|
If the ``id`` in the event data is ``mysql1`` (in other words, if the name of
|
|
|
|
the minion is ``mysql1``) then the following reaction is defined. The same
|
|
|
|
data structure and compiler used for the state system is used for the reactor
|
|
|
|
system. The only difference is that the data is matched up to the salt command
|
2013-08-29 06:51:41 +00:00
|
|
|
API and the runner system. In this example, a command is published to the
|
2016-03-22 03:56:17 +00:00
|
|
|
``mysql1`` minion with a function of :py:func:`state.apply
|
|
|
|
<salt.modules.state.apply_>`. Similarly, a runner can be called:
|
2012-12-20 05:09:44 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2016-09-26 23:38:56 +00:00
|
|
|
{% if data['data']['custom_var'] == 'runit' %}
|
|
|
|
call_runit_orch:
|
|
|
|
runner.state.orchestrate:
|
2016-09-27 00:00:38 +00:00
|
|
|
- mods: _orch.runit
|
2012-12-20 05:09:44 +00:00
|
|
|
{% endif %}
|
|
|
|
|
2016-09-26 23:38:56 +00:00
|
|
|
This example will execute the state.orchestrate runner and intiate an execution
|
|
|
|
of the runit orchestrator located at ``/srv/salt/_orch/runit.sls``. Using
|
|
|
|
``_orch/`` is any arbitrary path but it is recommended to avoid using "orchestrate"
|
|
|
|
as this is most likely to cause confusion.
|
2013-02-07 21:55:15 +00:00
|
|
|
|
2016-09-28 19:11:52 +00:00
|
|
|
Writing SLS Files
|
|
|
|
-----------------
|
2016-09-27 05:39:19 +00:00
|
|
|
|
|
|
|
Reactor SLS files are stored in the same location as State SLS files. This means
|
2016-09-27 05:57:54 +00:00
|
|
|
that both ``file_roots`` and ``gitfs_remotes`` impact what SLS files are
|
|
|
|
available to the reactor and orchestrator.
|
2016-09-27 05:39:19 +00:00
|
|
|
|
2016-09-27 05:56:00 +00:00
|
|
|
It is recommended to keep reactor and orchestrator SLS files in their own uniquely
|
|
|
|
named subdirectories such as ``_orch/``, ``orch/``, ``_orchestrate/``, ``react/``,
|
|
|
|
``_reactor/``, etc. Keeping a unique name helps prevent confusion when trying to
|
|
|
|
read through this a few years down the road.
|
2016-09-27 05:39:19 +00:00
|
|
|
|
2015-12-22 22:17:44 +00:00
|
|
|
The Goal of Writing Reactor SLS Files
|
|
|
|
=====================================
|
|
|
|
|
|
|
|
Reactor SLS files share the familiar syntax from Salt States but there are
|
|
|
|
important differences. The goal of a Reactor file is to process a Salt event as
|
|
|
|
quickly as possible and then to optionally start a **new** process in response.
|
|
|
|
|
2015-12-23 20:48:55 +00:00
|
|
|
1. The Salt Reactor watches Salt's event bus for new events.
|
|
|
|
2. The event tag is matched against the list of event tags under the
|
|
|
|
``reactor`` section in the Salt Master config.
|
|
|
|
3. The SLS files for any matches are Rendered into a data structure that
|
|
|
|
represents one or more function calls.
|
|
|
|
4. That data structure is given to a pool of worker threads for execution.
|
|
|
|
|
|
|
|
Matching and rendering Reactor SLS files is done sequentially in a single
|
|
|
|
process. Complex Jinja that calls out to slow Execution or Runner modules slows
|
|
|
|
down the rendering and causes other reactions to pile up behind the current
|
|
|
|
one. The worker pool is designed to handle complex and long-running processes
|
|
|
|
such as Salt Orchestrate.
|
|
|
|
|
|
|
|
tl;dr: Rendering Reactor SLS files MUST be simple and quick. The new process
|
2016-09-26 23:48:43 +00:00
|
|
|
started by the worker threads can be long-running. Using the reactor to fire
|
|
|
|
an orchestrate runner would be ideal.
|
2015-12-22 22:17:44 +00:00
|
|
|
|
|
|
|
Jinja Context
|
|
|
|
-------------
|
|
|
|
|
|
|
|
Reactor files only have access to a minimal Jinja context. ``grains`` and
|
|
|
|
``pillar`` are not available. The ``salt`` object is available for calling
|
|
|
|
Runner and Execution modules but it should be used sparingly and only for quick
|
|
|
|
tasks for the reasons mentioned above.
|
|
|
|
|
|
|
|
Advanced State System Capabilities
|
|
|
|
----------------------------------
|
|
|
|
|
|
|
|
Reactor SLS files, by design, do not support Requisites, ordering,
|
|
|
|
``onlyif``/``unless`` conditionals and most other powerful constructs from
|
|
|
|
Salt's State system.
|
|
|
|
|
|
|
|
Complex Master-side operations are best performed by Salt's Orchestrate system
|
|
|
|
so using the Reactor to kick off an Orchestrate run is a very common pairing.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
# /etc/salt/master.d/reactor.conf
|
|
|
|
# A custom event containing: {"foo": "Foo!", "bar: "bar*", "baz": "Baz!"}
|
|
|
|
reactor:
|
|
|
|
- myco/custom/event:
|
|
|
|
- /srv/reactor/some_event.sls
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
# /srv/reactor/some_event.sls
|
|
|
|
invoke_orchestrate_file:
|
|
|
|
runner.state.orchestrate:
|
2016-09-27 00:00:38 +00:00
|
|
|
- mods: _orch.do_complex_thing # /srv/salt/_orch/do_complex_thing.sls
|
2016-09-26 23:50:00 +00:00
|
|
|
- kwarg:
|
|
|
|
pillar:
|
|
|
|
event_tag: {{ tag }}
|
|
|
|
event_data: {{ data|json() }}
|
2015-12-22 22:17:44 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2016-09-27 00:00:38 +00:00
|
|
|
# /srv/salt/_orch/do_complex_thing.sls
|
2015-12-22 22:17:44 +00:00
|
|
|
{% set tag = salt.pillar.get('event_tag') %}
|
|
|
|
{% set data = salt.pillar.get('event_data') %}
|
|
|
|
|
|
|
|
# Pass data from the event to a custom runner function.
|
|
|
|
# The function expects a 'foo' argument.
|
|
|
|
do_first_thing:
|
|
|
|
salt.runner:
|
|
|
|
- name: custom_runner.custom_function
|
|
|
|
- foo: {{ data.foo }}
|
|
|
|
|
|
|
|
# Wait for the runner to finish then send an execution to minions.
|
|
|
|
# Forward some data from the event down to the minion's state run.
|
|
|
|
do_second_thing:
|
|
|
|
salt.state:
|
|
|
|
- tgt: {{ data.bar }}
|
|
|
|
- sls:
|
|
|
|
- do_thing_on_minion
|
2016-09-27 00:00:38 +00:00
|
|
|
- kwarg:
|
|
|
|
pillar:
|
|
|
|
baz: {{ data.baz }}
|
2015-12-22 22:17:44 +00:00
|
|
|
- require:
|
|
|
|
- salt: do_first_thing
|
|
|
|
|
2016-10-06 22:01:38 +00:00
|
|
|
.. _beacons-and-reactors:
|
|
|
|
|
|
|
|
Beacons and Reactors
|
|
|
|
--------------------
|
|
|
|
|
|
|
|
An event initiated by a beacon, when it arrives at the master will be wrapped
|
|
|
|
inside a second event, such that the data object containing the beacon
|
|
|
|
information will be ``data['data']``, rather than ``data``.
|
|
|
|
|
|
|
|
For example, to access the ``id`` field of the beacon event in a reactor file,
|
|
|
|
you will need to reference ``{{ data['data']['id'] }}`` rather than ``{{
|
|
|
|
data['id'] }}`` as for events initiated directly on the event bus.
|
|
|
|
|
|
|
|
See the :ref:`beacon documentation <beacon-example>` for examples.
|
|
|
|
|
2013-08-29 06:51:41 +00:00
|
|
|
Fire an event
|
|
|
|
=============
|
|
|
|
|
2015-02-13 00:28:21 +00:00
|
|
|
To fire an event from a minion call ``event.send``
|
2013-08-29 06:51:41 +00:00
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
2015-05-05 17:15:12 +00:00
|
|
|
salt-call event.send 'foo' '{orchestrate: refresh}'
|
2013-08-29 06:51:41 +00:00
|
|
|
|
2014-12-11 15:51:43 +00:00
|
|
|
After this is called, any reactor sls files matching event tag ``foo`` will
|
2015-05-05 17:15:12 +00:00
|
|
|
execute with ``{{ data['data']['orchestrate'] }}`` equal to ``'refresh'``.
|
2013-10-28 15:43:59 +00:00
|
|
|
|
|
|
|
See :py:mod:`salt.modules.event` for more information.
|
2013-08-29 06:51:41 +00:00
|
|
|
|
2013-12-20 18:25:29 +00:00
|
|
|
Knowing what event is being fired
|
|
|
|
=================================
|
|
|
|
|
2015-02-13 00:24:11 +00:00
|
|
|
The best way to see exactly what events are fired and what data is available in
|
|
|
|
each event is to use the :py:func:`state.event runner
|
|
|
|
<salt.runners.state.event>`.
|
2013-12-20 18:25:29 +00:00
|
|
|
|
2015-02-13 00:24:11 +00:00
|
|
|
.. seealso:: :ref:`Common Salt Events <event-master_events>`
|
2013-12-20 18:25:29 +00:00
|
|
|
|
|
|
|
Example usage:
|
|
|
|
|
2013-12-20 18:40:13 +00:00
|
|
|
.. code-block:: bash
|
|
|
|
|
2015-02-13 00:24:11 +00:00
|
|
|
salt-run state.event pretty=True
|
2013-12-20 18:25:29 +00:00
|
|
|
|
|
|
|
Example output:
|
|
|
|
|
2013-12-20 18:40:13 +00:00
|
|
|
.. code-block:: text
|
|
|
|
|
2015-02-13 00:24:11 +00:00
|
|
|
salt/job/20150213001905721678/new {
|
|
|
|
"_stamp": "2015-02-13T00:19:05.724583",
|
|
|
|
"arg": [],
|
|
|
|
"fun": "test.ping",
|
|
|
|
"jid": "20150213001905721678",
|
|
|
|
"minions": [
|
|
|
|
"jerry"
|
|
|
|
],
|
|
|
|
"tgt": "*",
|
|
|
|
"tgt_type": "glob",
|
|
|
|
"user": "root"
|
|
|
|
}
|
|
|
|
salt/job/20150213001910749506/ret/jerry {
|
|
|
|
"_stamp": "2015-02-13T00:19:11.136730",
|
|
|
|
"cmd": "_return",
|
|
|
|
"fun": "saltutil.find_job",
|
|
|
|
"fun_args": [
|
|
|
|
"20150213001905721678"
|
|
|
|
],
|
|
|
|
"id": "jerry",
|
|
|
|
"jid": "20150213001910749506",
|
|
|
|
"retcode": 0,
|
|
|
|
"return": {},
|
|
|
|
"success": true
|
|
|
|
}
|
2013-12-20 18:25:29 +00:00
|
|
|
|
2014-01-23 17:33:38 +00:00
|
|
|
Debugging the Reactor
|
|
|
|
=====================
|
|
|
|
|
|
|
|
The best window into the Reactor is to run the master in the foreground with
|
|
|
|
debug logging enabled. The output will include when the master sees the event,
|
|
|
|
what the master does in response to that event, and it will also include the
|
|
|
|
rendered SLS file (or any errors generated while rendering the SLS file).
|
|
|
|
|
|
|
|
1. Stop the master.
|
2014-07-06 21:43:51 +00:00
|
|
|
2. Start the master manually:
|
|
|
|
|
|
|
|
.. code-block:: bash
|
2014-01-23 17:33:38 +00:00
|
|
|
|
|
|
|
salt-master -l debug
|
|
|
|
|
2015-04-28 20:45:59 +00:00
|
|
|
3. Look for log entries in the form:
|
|
|
|
|
|
|
|
.. code-block:: text
|
|
|
|
|
|
|
|
[DEBUG ] Gathering reactors for tag foo/bar
|
|
|
|
[DEBUG ] Compiling reactions for tag foo/bar
|
|
|
|
[DEBUG ] Rendered data from file: /path/to/the/reactor_file.sls:
|
|
|
|
<... Rendered output appears here. ...>
|
|
|
|
|
|
|
|
The rendered output is the result of the Jinja parsing and is a good way to
|
|
|
|
view the result of referencing Jinja variables. If the result is empty then
|
|
|
|
Jinja produced an empty result and the Reactor will ignore it.
|
|
|
|
|
2015-09-09 17:16:55 +00:00
|
|
|
.. _reactor-structure:
|
|
|
|
|
2013-02-07 21:55:15 +00:00
|
|
|
Understanding the Structure of Reactor Formulas
|
|
|
|
===============================================
|
|
|
|
|
2015-04-02 23:07:22 +00:00
|
|
|
**I.e., when to use `arg` and `kwarg` and when to specify the function
|
|
|
|
arguments directly.**
|
|
|
|
|
|
|
|
While the reactor system uses the same basic data structure as the state
|
|
|
|
system, the functions that will be called using that data structure are
|
|
|
|
different functions than are called via Salt's state system. The Reactor can
|
|
|
|
call Runner modules using the `runner` prefix, Wheel modules using the `wheel`
|
|
|
|
prefix, and can also cause minions to run Execution modules using the `local`
|
|
|
|
prefix.
|
2014-10-22 21:03:06 +00:00
|
|
|
|
|
|
|
.. versionchanged:: 2014.7.0
|
|
|
|
The ``cmd`` prefix was renamed to ``local`` for consistency with other
|
|
|
|
parts of Salt. A backward-compatible alias was added for ``cmd``.
|
|
|
|
|
2015-04-02 23:07:22 +00:00
|
|
|
The Reactor runs on the master and calls functions that exist on the master. In
|
|
|
|
the case of Runner and Wheel functions the Reactor can just call those
|
|
|
|
functions directly since they exist on the master and are run on the master.
|
2013-02-07 21:55:15 +00:00
|
|
|
|
2015-04-02 23:07:22 +00:00
|
|
|
In the case of functions that exist on minions and are run on minions, the
|
|
|
|
Reactor still needs to call a function on the master in order to send the
|
|
|
|
necessary data to the minion so the minion can execute that function.
|
2013-02-07 21:55:15 +00:00
|
|
|
|
2015-04-02 23:07:22 +00:00
|
|
|
The Reactor calls functions exposed in :ref:`Salt's Python API documentation
|
|
|
|
<client-apis>`. and thus the structure of Reactor files very transparently
|
|
|
|
reflects the function signatures of those functions.
|
2013-02-07 21:55:15 +00:00
|
|
|
|
2015-04-02 23:07:22 +00:00
|
|
|
Calling Execution modules on Minions
|
|
|
|
------------------------------------
|
2013-02-07 21:55:15 +00:00
|
|
|
|
2015-04-02 23:07:22 +00:00
|
|
|
The Reactor sends commands down to minions in the exact same way Salt's CLI
|
|
|
|
interface does. It calls a function locally on the master that sends the name
|
|
|
|
of the function as well as a list of any arguments and a dictionary of any
|
|
|
|
keyword arguments that the minion should use to execute that function.
|
2013-02-07 21:55:15 +00:00
|
|
|
|
2015-04-02 23:07:22 +00:00
|
|
|
Specifically, the Reactor calls the async version of :py:meth:`this function
|
|
|
|
<salt.client.LocalClient.cmd>`. You can see that function has 'arg' and 'kwarg'
|
|
|
|
parameters which are both values that are sent down to the minion.
|
2013-02-07 21:55:15 +00:00
|
|
|
|
2013-08-12 03:17:47 +00:00
|
|
|
Executing remote commands maps to the :strong:`LocalClient` interface which is
|
|
|
|
used by the :strong:`salt` command. This interface more specifically maps to
|
|
|
|
the :strong:`cmd_async` method inside of the :strong:`LocalClient` class. This
|
|
|
|
means that the arguments passed are being passed to the :strong:`cmd_async`
|
2014-10-17 14:17:34 +00:00
|
|
|
method, not the remote method. A field starts with :strong:`local` to use the
|
2014-12-11 15:51:43 +00:00
|
|
|
:strong:`LocalClient` subsystem. The result is, to execute a remote command,
|
2014-04-30 20:55:30 +00:00
|
|
|
a reactor formula would look like this:
|
2013-02-07 21:55:15 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
clean_tmp:
|
2014-10-17 14:17:34 +00:00
|
|
|
local.cmd.run:
|
2013-10-28 15:55:31 +00:00
|
|
|
- tgt: '*'
|
2013-02-07 21:55:15 +00:00
|
|
|
- arg:
|
2013-10-28 15:55:31 +00:00
|
|
|
- rm -rf /tmp/*
|
2013-02-07 21:55:15 +00:00
|
|
|
|
2013-08-12 03:17:47 +00:00
|
|
|
The ``arg`` option takes a list of arguments as they would be presented on the
|
2013-02-07 21:55:15 +00:00
|
|
|
command line, so the above declaration is the same as running this salt
|
2013-08-12 03:17:47 +00:00
|
|
|
command:
|
2013-02-07 21:55:15 +00:00
|
|
|
|
2013-08-12 03:17:47 +00:00
|
|
|
.. code-block:: bash
|
2013-02-07 21:55:15 +00:00
|
|
|
|
2013-10-28 15:55:31 +00:00
|
|
|
salt '*' cmd.run 'rm -rf /tmp/*'
|
2013-08-12 03:17:47 +00:00
|
|
|
|
2016-11-29 18:40:56 +00:00
|
|
|
Use the ``tgt_type`` argument to specify a matcher:
|
2013-02-07 21:55:15 +00:00
|
|
|
|
2013-08-01 20:29:49 +00:00
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
clean_tmp:
|
2014-10-17 14:17:34 +00:00
|
|
|
local.cmd.run:
|
2013-08-01 20:29:49 +00:00
|
|
|
- tgt: 'os:Ubuntu'
|
2016-11-29 18:40:56 +00:00
|
|
|
- tgt_type: grain
|
2013-08-01 20:29:49 +00:00
|
|
|
- arg:
|
2013-10-28 15:55:31 +00:00
|
|
|
- rm -rf /tmp/*
|
2013-08-01 20:29:49 +00:00
|
|
|
|
|
|
|
|
|
|
|
clean_tmp:
|
2014-10-17 14:17:34 +00:00
|
|
|
local.cmd.run:
|
2013-08-01 20:29:49 +00:00
|
|
|
- tgt: 'G@roles:hbase_master'
|
2016-11-29 18:40:56 +00:00
|
|
|
- tgt_type: compound
|
2013-08-01 20:29:49 +00:00
|
|
|
- arg:
|
2013-10-28 15:55:31 +00:00
|
|
|
- rm -rf /tmp/*
|
2013-11-21 04:20:34 +00:00
|
|
|
|
2016-11-29 18:40:56 +00:00
|
|
|
.. note::
|
|
|
|
The ``tgt_type`` argument was named ``expr_form`` in releases prior to
|
|
|
|
Nitrogen (2016.11.x and earlier).
|
|
|
|
|
2015-04-02 23:07:22 +00:00
|
|
|
Any other parameters in the :py:meth:`LocalClient().cmd()
|
|
|
|
<salt.client.LocalClient.cmd>` method can be specified as well.
|
|
|
|
|
2016-03-10 21:45:47 +00:00
|
|
|
Executing Reactors from the Minion
|
|
|
|
----------------------------------
|
|
|
|
|
|
|
|
The minion can be setup to use the Reactor via a reactor engine. This just
|
|
|
|
sets up and listens to the minions event bus, instead of to the masters.
|
|
|
|
|
|
|
|
The biggest difference is that you have to use the caller method on the
|
|
|
|
Reactor, which is the equivalent of salt-call, to run your commands.
|
|
|
|
|
|
|
|
:ref:`Reactor Engine setup<salt.engines.reactor>`
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
clean_tmp:
|
|
|
|
caller.cmd.run:
|
|
|
|
- arg:
|
|
|
|
- rm -rf /tmp/*
|
|
|
|
|
|
|
|
.. note:: Masterless Minions use this Reactor
|
|
|
|
|
|
|
|
This is the only way to run the Reactor if you use masterless minions.
|
|
|
|
|
2015-04-02 23:07:22 +00:00
|
|
|
Calling Runner modules and Wheel modules
|
|
|
|
----------------------------------------
|
|
|
|
|
2015-09-08 20:52:38 +00:00
|
|
|
Calling Runner modules and Wheel modules from the Reactor uses a more direct
|
2015-04-02 23:07:22 +00:00
|
|
|
syntax since the function is being executed locally instead of sending a
|
|
|
|
command to a remote system to be executed there. There are no 'arg' or 'kwarg'
|
2015-09-08 20:52:38 +00:00
|
|
|
parameters (unless the Runner function or Wheel function accepts a parameter
|
2015-04-02 23:07:22 +00:00
|
|
|
with either of those names.)
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
clear_the_grains_cache_for_all_minions:
|
|
|
|
runner.cache.clear_grains
|
|
|
|
|
2015-10-10 04:10:55 +00:00
|
|
|
If the :py:func:`the runner takes arguments <salt.runners.cloud.profile>` then
|
|
|
|
they must be specified as keyword arguments.
|
2015-04-02 23:07:22 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
spin_up_more_web_machines:
|
|
|
|
runner.cloud.profile:
|
|
|
|
- prof: centos_6
|
|
|
|
- instances:
|
|
|
|
- web11 # These VM names would be generated via Jinja in a
|
|
|
|
- web12 # real-world example.
|
|
|
|
|
2015-10-10 04:10:55 +00:00
|
|
|
To determine the proper names for the arguments, check the documentation
|
|
|
|
or source code for the runner function you wish to call.
|
|
|
|
|
2015-04-02 23:07:22 +00:00
|
|
|
Passing event data to Minions or Orchestrate as Pillar
|
|
|
|
------------------------------------------------------
|
|
|
|
|
2013-11-21 04:20:34 +00:00
|
|
|
An interesting trick to pass data from the Reactor script to
|
2016-03-22 03:56:17 +00:00
|
|
|
:py:func:`state.apply <salt.modules.state.apply_>` is to pass it as inline
|
|
|
|
Pillar data since both functions take a keyword argument named ``pillar``.
|
2013-11-21 04:20:34 +00:00
|
|
|
|
|
|
|
The following example uses Salt's Reactor to listen for the event that is fired
|
|
|
|
when the key for a new minion is accepted on the master using ``salt-key``.
|
|
|
|
|
|
|
|
:file:`/etc/salt/master.d/reactor.conf`:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
reactor:
|
|
|
|
- 'salt/key':
|
|
|
|
- /srv/salt/haproxy/react_new_minion.sls
|
|
|
|
|
2016-03-22 03:56:17 +00:00
|
|
|
The Reactor then fires a ::py:func:`state.apply <salt.modules.state.apply_>`
|
|
|
|
command targeted to the HAProxy servers and passes the ID of the new minion
|
|
|
|
from the event to the state file via inline Pillar.
|
2013-11-21 04:20:34 +00:00
|
|
|
|
|
|
|
:file:`/srv/salt/haproxy/react_new_minion.sls`:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
{% if data['act'] == 'accept' and data['id'].startswith('web') %}
|
|
|
|
add_new_minion_to_pool:
|
2016-03-22 03:56:17 +00:00
|
|
|
local.state.apply:
|
2013-11-21 04:20:34 +00:00
|
|
|
- tgt: 'haproxy*'
|
|
|
|
- arg:
|
|
|
|
- haproxy.refresh_pool
|
2014-03-25 21:35:02 +00:00
|
|
|
- kwarg:
|
|
|
|
pillar:
|
|
|
|
new_minion: {{ data['id'] }}
|
2013-11-21 04:20:34 +00:00
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
The above command is equivalent to the following command at the CLI:
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
2016-03-22 03:56:17 +00:00
|
|
|
salt 'haproxy*' state.apply haproxy.refresh_pool 'pillar={new_minion: minionid}'
|
2013-11-21 04:20:34 +00:00
|
|
|
|
2015-04-02 23:07:22 +00:00
|
|
|
This works with Orchestrate files as well:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
call_some_orchestrate_file:
|
|
|
|
runner.state.orchestrate:
|
2016-09-27 00:00:38 +00:00
|
|
|
- mods: _orch.some_orchestrate_file
|
2015-04-02 23:07:22 +00:00
|
|
|
- pillar:
|
|
|
|
stuff: things
|
|
|
|
|
|
|
|
Which is equivalent to the following command at the CLI:
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
2016-09-27 00:00:38 +00:00
|
|
|
salt-run state.orchestrate _orch.some_orchestrate_file pillar='{stuff: things}'
|
|
|
|
|
|
|
|
This expects to find a file at /srv/salt/_orch/some_orchestrate_file.sls.
|
2015-04-02 23:07:22 +00:00
|
|
|
|
2013-11-26 16:06:48 +00:00
|
|
|
Finally, that data is available in the state file using the normal Pillar
|
|
|
|
lookup syntax. The following example is grabbing web server names and IP
|
|
|
|
addresses from :ref:`Salt Mine <salt-mine>`. If this state is invoked from the
|
|
|
|
Reactor then the custom Pillar value from above will be available and the new
|
|
|
|
minion will be added to the pool but with the ``disabled`` flag so that HAProxy
|
|
|
|
won't yet direct traffic to it.
|
2013-11-21 04:20:34 +00:00
|
|
|
|
|
|
|
:file:`/srv/salt/haproxy/refresh_pool.sls`:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
{% set new_minion = salt['pillar.get']('new_minion') %}
|
|
|
|
|
|
|
|
listen web *:80
|
|
|
|
balance source
|
|
|
|
{% for server,ip in salt['mine.get']('web*', 'network.interfaces', ['eth0']).items() %}
|
|
|
|
{% if server == new_minion %}
|
|
|
|
server {{ server }} {{ ip }}:80 disabled
|
|
|
|
{% else %}
|
|
|
|
server {{ server }} {{ ip }}:80 check
|
|
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
2013-12-20 18:26:25 +00:00
|
|
|
|
2014-06-07 19:27:26 +00:00
|
|
|
A Complete Example
|
2013-12-20 18:26:25 +00:00
|
|
|
==================
|
|
|
|
|
|
|
|
In this example, we're going to assume that we have a group of servers that
|
|
|
|
will come online at random and need to have keys automatically accepted. We'll
|
|
|
|
also add that we don't want all servers being automatically accepted. For this
|
|
|
|
example, we'll assume that all hosts that have an id that starts with 'ink'
|
2016-03-22 03:56:17 +00:00
|
|
|
will be automatically accepted and have :py:func:`state.apply
|
|
|
|
<salt.modules.state.apply_>` executed. On top of this, we're going to add that
|
|
|
|
a host coming up that was replaced (meaning a new key) will also be accepted.
|
2013-12-20 18:26:25 +00:00
|
|
|
|
|
|
|
Our master configuration will be rather simple. All minions that attempte to
|
|
|
|
authenticate will match the :strong:`tag` of :strong:`salt/auth`. When it comes
|
|
|
|
to the minion key being accepted, we get a more refined :strong:`tag` that
|
|
|
|
includes the minion id, which we can use for matching.
|
|
|
|
|
|
|
|
:file:`/etc/salt/master.d/reactor.conf`:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
reactor:
|
|
|
|
- 'salt/auth':
|
|
|
|
- /srv/reactor/auth-pending.sls
|
|
|
|
- 'salt/minion/ink*/start':
|
|
|
|
- /srv/reactor/auth-complete.sls
|
|
|
|
|
|
|
|
In this sls file, we say that if the key was rejected we will delete the key on
|
|
|
|
the master and then also tell the master to ssh in to the minion and tell it to
|
|
|
|
restart the minion, since a minion process will die if the key is rejected.
|
|
|
|
|
2014-06-07 19:27:26 +00:00
|
|
|
We also say that if the key is pending and the id starts with ink we will
|
|
|
|
accept the key. A minion that is waiting on a pending key will retry
|
2014-06-09 06:49:09 +00:00
|
|
|
authentication every ten seconds by default.
|
2013-12-20 18:26:25 +00:00
|
|
|
|
|
|
|
:file:`/srv/reactor/auth-pending.sls`:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2016-07-16 19:17:09 +00:00
|
|
|
{# Ink server failed to authenticate -- remove accepted key #}
|
2013-12-20 18:26:25 +00:00
|
|
|
{% if not data['result'] and data['id'].startswith('ink') %}
|
|
|
|
minion_remove:
|
|
|
|
wheel.key.delete:
|
|
|
|
- match: {{ data['id'] }}
|
|
|
|
minion_rejoin:
|
2014-10-17 14:17:34 +00:00
|
|
|
local.cmd.run:
|
2013-12-20 18:26:25 +00:00
|
|
|
- tgt: salt-master.domain.tld
|
|
|
|
- arg:
|
|
|
|
- ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "{{ data['id'] }}" 'sleep 10 && /etc/init.d/salt-minion restart'
|
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
{# Ink server is sending new key -- accept this key #}
|
|
|
|
{% if 'act' in data and data['act'] == 'pend' and data['id'].startswith('ink') %}
|
|
|
|
minion_add:
|
|
|
|
wheel.key.accept:
|
|
|
|
- match: {{ data['id'] }}
|
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
No if statements are needed here because we already limited this action to just
|
|
|
|
Ink servers in the master configuration.
|
|
|
|
|
|
|
|
:file:`/srv/reactor/auth-complete.sls`:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2016-03-22 03:56:17 +00:00
|
|
|
{# When an Ink server connects, run state.apply. #}
|
2013-12-20 18:26:25 +00:00
|
|
|
highstate_run:
|
2016-03-22 03:56:17 +00:00
|
|
|
local.state.apply:
|
2013-12-20 18:26:25 +00:00
|
|
|
- tgt: {{ data['id'] }}
|
2015-08-21 09:45:39 +00:00
|
|
|
- ret: smtp
|
2014-09-10 07:00:06 +00:00
|
|
|
|
2016-03-22 03:56:17 +00:00
|
|
|
The above will also return the :ref:`highstate <running-highstate>` result data
|
|
|
|
using the `smtp_return` returner (use virtualname like when using from the
|
|
|
|
command line with `--return`). The returner needs to be configured on the
|
|
|
|
minion for this to work. See :mod:`salt.returners.smtp_return
|
|
|
|
<salt.returners.smtp_return>` documentation for that.
|
2014-06-07 19:27:26 +00:00
|
|
|
|
|
|
|
.. _minion-start-reactor:
|
|
|
|
|
|
|
|
Syncing Custom Types on Minion Start
|
|
|
|
====================================
|
|
|
|
|
|
|
|
Salt will sync all custom types (by running a :mod:`saltutil.sync_all
|
2016-03-22 03:56:17 +00:00
|
|
|
<salt.modules.saltutil.sync_all>`) on every :ref:`highstate
|
|
|
|
<running-highstate>`. However, there is a chicken-and-egg issue where, on the
|
|
|
|
initial :ref:`highstate <running-highstate>`, a minion will not yet have these
|
|
|
|
custom types synced when the top file is first compiled. This can be worked
|
|
|
|
around with a simple reactor which watches for ``minion_start`` events, which
|
|
|
|
each minion fires when it first starts up and connects to the master.
|
2014-06-07 19:27:26 +00:00
|
|
|
|
|
|
|
On the master, create **/srv/reactor/sync_grains.sls** with the following
|
|
|
|
contents:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
sync_grains:
|
2014-10-17 14:17:34 +00:00
|
|
|
local.saltutil.sync_grains:
|
2014-06-07 19:27:26 +00:00
|
|
|
- tgt: {{ data['id'] }}
|
|
|
|
|
|
|
|
And in the master config file, add the following reactor configuration:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
reactor:
|
|
|
|
- 'minion_start':
|
|
|
|
- /srv/reactor/sync_grains.sls
|
|
|
|
|
|
|
|
This will cause the master to instruct each minion to sync its custom grains
|
2016-03-22 03:56:17 +00:00
|
|
|
when it starts, making these grains available when the initial :ref:`highstate
|
|
|
|
<running-highstate>` is executed.
|
2014-06-07 19:27:26 +00:00
|
|
|
|
2014-10-17 14:17:34 +00:00
|
|
|
Other types can be synced by replacing ``local.saltutil.sync_grains`` with
|
|
|
|
``local.saltutil.sync_modules``, ``local.saltutil.sync_all``, or whatever else
|
2014-07-02 04:42:03 +00:00
|
|
|
suits the intended use case.
|