I'm attempting to implement automatic authentication using SaltStack's Reactor system. I've configured my /etc/salt/master.d/reactor.conf as follows:
reactor:
- 'salt/auth':
- /srv/salt/reactor/autosign.sls
I've also created an autosign.sls script located in /srv/salt/reactor. The script's purpose is to automatically query a database to decide whether to accept a new minion's key based on the authentication request from the minion.
Here's the script content:
#!py
import cx_Oracle
import logging
logger = logging.getLogger(__name__)
def check_autosign(minion_id):
try:
dsn = cx_Oracle.makedsn("xx", xx, service_name="xx")
conn = cx_Oracle.connect("xx", "xx", dsn)
cur = conn.cursor()
sql = f"SELECT 1 FROM TABLE WHERE HOST_NAME='{minion_id}'"
cur.execute(sql)
return cur.rowcount > 0
except Exception as e:
logger.error(f"Exception: {e}")
return False
def run():
minion_id = data["id"]
if data.get("act") == "pend" and check_autosign(minion_id):
logger.info(f"Add minion: {minion_id}")
return {
"minion_add": {
"wheel.key.accept": [{
"match": minion_id}]
}
}
logger.info(f"Unlicensed minion: {minion_id}")
return {}
When there are syntax errors in the autosign.sls file, I can see related errors in the Salt Master logs. However, in actual use, the script seems not to function at all. I've tried using logger.info and print to output messages, but I see no output.
Questions:
- How can I ensure my autosign.sls script executes correctly?
- Where should I look for the output of print or logger.info when the script is executed?
- Are there recommended ways to debug such SaltStack Reactor scripts?
I'm not very familiar with the Reactor mechanism in SaltStack, so any guidance or suggestions would be greatly appreciated. Thank you!