diff --git a/salt/_beacons/pillar_db.py b/salt/_beacons/postgres_pillar_beacon.py similarity index 86% rename from salt/_beacons/pillar_db.py rename to salt/_beacons/postgres_pillar_beacon.py index 8712cce7f..d22eef0ea 100644 --- a/salt/_beacons/pillar_db.py +++ b/salt/_beacons/postgres_pillar_beacon.py @@ -22,7 +22,7 @@ import subprocess log = logging.getLogger(__name__) -WATERMARK_FILE = '/opt/so/state/pillar_db_watch.id' +WATERMARK_FILE = '/opt/so/state/postgres_pillar_beacon_watch.id' CONTAINER = 'so-postgres' DATABASE = 'securityonion' @@ -56,7 +56,7 @@ def _write_watermark(value): f.write(str(int(value))) os.rename(tmp, WATERMARK_FILE) except OSError: - log.exception('pillar_db beacon: failed to persist watermark to %s', WATERMARK_FILE) + log.exception('postgres_pillar_beacon: failed to persist watermark to %s', WATERMARK_FILE) def _query(sql): @@ -71,13 +71,13 @@ def _query(sql): try: result = subprocess.run(cmd, capture_output=True, text=True, timeout=30) except subprocess.TimeoutExpired: - log.warning('pillar_db beacon: psql timed out') + log.warning('postgres_pillar_beacon: psql timed out') return None except Exception: - log.exception('pillar_db beacon: failed to exec psql') + log.exception('postgres_pillar_beacon: failed to exec psql') return None if result.returncode != 0: - log.warning('pillar_db beacon: psql failed (rc=%s): %s', + log.warning('postgres_pillar_beacon: psql failed (rc=%s): %s', result.returncode, (result.stderr or '').strip()) return None return result.stdout @@ -97,7 +97,7 @@ def beacon(config): try: _write_watermark(int((seed or '0').strip() or 0)) except ValueError: - log.warning('pillar_db beacon: could not parse MAX(id) seed: %r', seed) + log.warning('postgres_pillar_beacon: could not parse MAX(id) seed: %r', seed) return retval rows = _query( @@ -116,12 +116,12 @@ def beacon(config): continue parts = line.split(FIELD_SEP) if len(parts) < 3: - log.warning('pillar_db beacon: skipping malformed row: %r', line) + log.warning('postgres_pillar_beacon: skipping malformed row: %r', line) continue try: row_id = int(parts[0]) except ValueError: - log.warning('pillar_db beacon: skipping row with non-int id: %r', line) + log.warning('postgres_pillar_beacon: skipping row with non-int id: %r', line) continue setting_id = parts[1] node_id = parts[2] @@ -136,7 +136,7 @@ def beacon(config): if max_id > watermark: _write_watermark(max_id) - log.info('pillar_db beacon: emitted %d change(s), watermark %d -> %d', + log.info('postgres_pillar_beacon: emitted %d change(s), watermark %d -> %d', len(retval), watermark, max_id) return retval diff --git a/salt/_beacons/rules_db.py b/salt/_beacons/rules_beacon.py similarity index 93% rename from salt/_beacons/rules_db.py rename to salt/_beacons/rules_beacon.py index ab63da431..3bde11c30 100644 --- a/salt/_beacons/rules_db.py +++ b/salt/_beacons/rules_beacon.py @@ -19,7 +19,7 @@ # up on the next one). # # Each emitted event carries the watched directory path under the configured tag -# (e.g. salt/beacon//rules_db/suricata); the push_suricata / push_strelka +# (e.g. salt/beacon//rules_beacon/suricata); the push_suricata / push_strelka # reactors write a push intent, after which the existing so-push-drainer / # orch.push_batch pipeline takes over unchanged. @@ -95,7 +95,7 @@ def _fingerprint(directory): def _watermark_file(tag): - return os.path.join(WATERMARK_DIR, 'rules_db_%s.hash' % tag) + return os.path.join(WATERMARK_DIR, 'rules_beacon_%s.hash' % tag) def _read_watermark(tag): @@ -115,7 +115,7 @@ def _write_watermark(tag, digest): f.write(digest) os.rename(tmp, path) except OSError: - log.exception('rules_db beacon: failed to persist watermark to %s', path) + log.exception('rules_beacon: failed to persist watermark to %s', path) def beacon(config): @@ -134,6 +134,6 @@ def beacon(config): if digest != previous: _write_watermark(tag, digest) retval.append({'tag': tag, 'path': directory}) - log.info('rules_db beacon: change detected in %s, emitting %s', directory, tag) + log.info('rules_beacon: change detected in %s, emitting %s', directory, tag) return retval diff --git a/salt/manager/files/beacons_pushstate.conf.jinja b/salt/manager/files/beacons_pushstate.conf.jinja index 2c00163e3..fba53b759 100644 --- a/salt/manager/files/beacons_pushstate.conf.jinja +++ b/salt/manager/files/beacons_pushstate.conf.jinja @@ -1,9 +1,9 @@ {% from 'salt/auto_apply.map.jinja' import AUTOAPPLY %} beacons: - pillar_db: + postgres_pillar_beacon: - interval: {{ AUTOAPPLY.drain_interval }} - disable_during_state_run: False - rules_db: + rules_beacon: - interval: {{ AUTOAPPLY.drain_interval }} - disable_during_state_run: False - paths: diff --git a/salt/reactor/push_pillar.sls b/salt/reactor/push_pillar.sls index c4b82959b..8d28ef5cf 100644 --- a/salt/reactor/push_pillar.sls +++ b/salt/reactor/push_pillar.sls @@ -1,7 +1,7 @@ #!py -# Reactor invoked by the pillar_db beacon when SOC records settings changes in -# the securityonion.audit_settings table (see salt/_beacons/pillar_db.py). The beacon +# Reactor invoked by the postgres_pillar_beacon when SOC records settings changes in +# the securityonion.audit_settings table (see salt/_beacons/postgres_pillar_beacon.py). The beacon # emits one event per new row carrying setting_id and node_id. # # Two branches, keyed on node_id: @@ -134,7 +134,7 @@ def run(): LOG.info('push_pillar: push disabled, skipping') return {} - # The pillar_db beacon nests its payload under data['data']; fall back to the + # The postgres_pillar_beacon nests its payload under data['data']; fall back to the # top level so the reactor is robust to either shape. event = data.get('data', data) # noqa: F821 -- data provided by reactor setting_id = event.get('setting_id', '') diff --git a/salt/reactor/push_strelka.sls b/salt/reactor/push_strelka.sls index d1d0207eb..52e3fd3ef 100644 --- a/salt/reactor/push_strelka.sls +++ b/salt/reactor/push_strelka.sls @@ -1,6 +1,6 @@ #!py -# Reactor invoked by the rules_db poll beacon (salt/_beacons/rules_db.py) on rule +# Reactor invoked by the rules_beacon poll beacon (salt/_beacons/rules_beacon.py) on rule # file changes under /opt/so/saltstack/local/salt/strelka/rules/compiled/. # # Writes (or updates) a push intent at /opt/so/state/push_pending/rules_strelka.json diff --git a/salt/reactor/push_suricata.sls b/salt/reactor/push_suricata.sls index f50a92527..cce95fdb7 100644 --- a/salt/reactor/push_suricata.sls +++ b/salt/reactor/push_suricata.sls @@ -1,6 +1,6 @@ #!py -# Reactor invoked by the rules_db poll beacon (salt/_beacons/rules_db.py) on rule +# Reactor invoked by the rules_beacon poll beacon (salt/_beacons/rules_beacon.py) on rule # file changes under /opt/so/saltstack/local/salt/suricata/rules/. # # Writes (or updates) a push intent at /opt/so/state/push_pending/rules_suricata.json diff --git a/salt/salt/files/reactor_pushstate.conf b/salt/salt/files/reactor_pushstate.conf index b4543b1a7..dc23e68e4 100644 --- a/salt/salt/files/reactor_pushstate.conf +++ b/salt/salt/files/reactor_pushstate.conf @@ -1,7 +1,7 @@ reactor: - - 'salt/beacon/*/rules_db/suricata': + - 'salt/beacon/*/rules_beacon/suricata': - salt://reactor/push_suricata.sls - - 'salt/beacon/*/rules_db/strelka': + - 'salt/beacon/*/rules_beacon/strelka': - salt://reactor/push_strelka.sls - - 'salt/beacon/*/pillar_db/audit_settings': + - 'salt/beacon/*/postgres_pillar_beacon/audit_settings': - salt://reactor/push_pillar.sls