Rename push-detection beacons to clearer names

Rename the two custom push-detection beacons for clarity:
- pillar_db -> postgres_pillar_beacon
- rules_db  -> rules_beacon

Salt resolves a beacon by its config-key name to a _beacons/ module of the
same filename and tags its events salt/beacon/<minion>/<name>/<tag>, so each
rename touches the module file, the beacon config key in
beacons_pushstate.conf.jinja, and the reactor tag patterns in
reactor_pushstate.conf together. Watermark filenames and log prefixes are
updated to match; reactor run() logic is unchanged.
This commit is contained in:
Josh Patterson
2026-06-29 14:29:07 -04:00
parent 33c24cd136
commit a330bea25e
7 changed files with 23 additions and 23 deletions
@@ -22,7 +22,7 @@ import subprocess
log = logging.getLogger(__name__)
WATERMARK_FILE = '/opt/so/state/pillar_db_watch.id'
WATERMARK_FILE = '/opt/so/state/postgres_pillar_beacon_watch.id'
CONTAINER = 'so-postgres'
DATABASE = 'securityonion'
@@ -56,7 +56,7 @@ def _write_watermark(value):
f.write(str(int(value)))
os.rename(tmp, WATERMARK_FILE)
except OSError:
log.exception('pillar_db beacon: failed to persist watermark to %s', WATERMARK_FILE)
log.exception('postgres_pillar_beacon: failed to persist watermark to %s', WATERMARK_FILE)
def _query(sql):
@@ -71,13 +71,13 @@ def _query(sql):
try:
result = subprocess.run(cmd, capture_output=True, text=True, timeout=30)
except subprocess.TimeoutExpired:
log.warning('pillar_db beacon: psql timed out')
log.warning('postgres_pillar_beacon: psql timed out')
return None
except Exception:
log.exception('pillar_db beacon: failed to exec psql')
log.exception('postgres_pillar_beacon: failed to exec psql')
return None
if result.returncode != 0:
log.warning('pillar_db beacon: psql failed (rc=%s): %s',
log.warning('postgres_pillar_beacon: psql failed (rc=%s): %s',
result.returncode, (result.stderr or '').strip())
return None
return result.stdout
@@ -97,7 +97,7 @@ def beacon(config):
try:
_write_watermark(int((seed or '0').strip() or 0))
except ValueError:
log.warning('pillar_db beacon: could not parse MAX(id) seed: %r', seed)
log.warning('postgres_pillar_beacon: could not parse MAX(id) seed: %r', seed)
return retval
rows = _query(
@@ -116,12 +116,12 @@ def beacon(config):
continue
parts = line.split(FIELD_SEP)
if len(parts) < 3:
log.warning('pillar_db beacon: skipping malformed row: %r', line)
log.warning('postgres_pillar_beacon: skipping malformed row: %r', line)
continue
try:
row_id = int(parts[0])
except ValueError:
log.warning('pillar_db beacon: skipping row with non-int id: %r', line)
log.warning('postgres_pillar_beacon: skipping row with non-int id: %r', line)
continue
setting_id = parts[1]
node_id = parts[2]
@@ -136,7 +136,7 @@ def beacon(config):
if max_id > watermark:
_write_watermark(max_id)
log.info('pillar_db beacon: emitted %d change(s), watermark %d -> %d',
log.info('postgres_pillar_beacon: emitted %d change(s), watermark %d -> %d',
len(retval), watermark, max_id)
return retval
@@ -19,7 +19,7 @@
# up on the next one).
#
# Each emitted event carries the watched directory path under the configured tag
# (e.g. salt/beacon/<minion>/rules_db/suricata); the push_suricata / push_strelka
# (e.g. salt/beacon/<minion>/rules_beacon/suricata); the push_suricata / push_strelka
# reactors write a push intent, after which the existing so-push-drainer /
# orch.push_batch pipeline takes over unchanged.
@@ -95,7 +95,7 @@ def _fingerprint(directory):
def _watermark_file(tag):
return os.path.join(WATERMARK_DIR, 'rules_db_%s.hash' % tag)
return os.path.join(WATERMARK_DIR, 'rules_beacon_%s.hash' % tag)
def _read_watermark(tag):
@@ -115,7 +115,7 @@ def _write_watermark(tag, digest):
f.write(digest)
os.rename(tmp, path)
except OSError:
log.exception('rules_db beacon: failed to persist watermark to %s', path)
log.exception('rules_beacon: failed to persist watermark to %s', path)
def beacon(config):
@@ -134,6 +134,6 @@ def beacon(config):
if digest != previous:
_write_watermark(tag, digest)
retval.append({'tag': tag, 'path': directory})
log.info('rules_db beacon: change detected in %s, emitting %s', directory, tag)
log.info('rules_beacon: change detected in %s, emitting %s', directory, tag)
return retval
@@ -1,9 +1,9 @@
{% from 'salt/auto_apply.map.jinja' import AUTOAPPLY %}
beacons:
pillar_db:
postgres_pillar_beacon:
- interval: {{ AUTOAPPLY.drain_interval }}
- disable_during_state_run: False
rules_db:
rules_beacon:
- interval: {{ AUTOAPPLY.drain_interval }}
- disable_during_state_run: False
- paths:
+3 -3
View File
@@ -1,7 +1,7 @@
#!py
# Reactor invoked by the pillar_db beacon when SOC records settings changes in
# the securityonion.audit_settings table (see salt/_beacons/pillar_db.py). The beacon
# Reactor invoked by the postgres_pillar_beacon when SOC records settings changes in
# the securityonion.audit_settings table (see salt/_beacons/postgres_pillar_beacon.py). The beacon
# emits one event per new row carrying setting_id and node_id.
#
# Two branches, keyed on node_id:
@@ -134,7 +134,7 @@ def run():
LOG.info('push_pillar: push disabled, skipping')
return {}
# The pillar_db beacon nests its payload under data['data']; fall back to the
# The postgres_pillar_beacon nests its payload under data['data']; fall back to the
# top level so the reactor is robust to either shape.
event = data.get('data', data) # noqa: F821 -- data provided by reactor
setting_id = event.get('setting_id', '')
+1 -1
View File
@@ -1,6 +1,6 @@
#!py
# Reactor invoked by the rules_db poll beacon (salt/_beacons/rules_db.py) on rule
# Reactor invoked by the rules_beacon poll beacon (salt/_beacons/rules_beacon.py) on rule
# file changes under /opt/so/saltstack/local/salt/strelka/rules/compiled/.
#
# Writes (or updates) a push intent at /opt/so/state/push_pending/rules_strelka.json
+1 -1
View File
@@ -1,6 +1,6 @@
#!py
# Reactor invoked by the rules_db poll beacon (salt/_beacons/rules_db.py) on rule
# Reactor invoked by the rules_beacon poll beacon (salt/_beacons/rules_beacon.py) on rule
# file changes under /opt/so/saltstack/local/salt/suricata/rules/.
#
# Writes (or updates) a push intent at /opt/so/state/push_pending/rules_suricata.json
+3 -3
View File
@@ -1,7 +1,7 @@
reactor:
- 'salt/beacon/*/rules_db/suricata':
- 'salt/beacon/*/rules_beacon/suricata':
- salt://reactor/push_suricata.sls
- 'salt/beacon/*/rules_db/strelka':
- 'salt/beacon/*/rules_beacon/strelka':
- salt://reactor/push_strelka.sls
- 'salt/beacon/*/pillar_db/audit_settings':
- 'salt/beacon/*/postgres_pillar_beacon/audit_settings':
- salt://reactor/push_pillar.sls