Is it possible to trigger reboot message from insi...

ramabu · ‎03-07-2016

Hi

To work around an issue with not being able to set a parameterized URL in the webhook event,

I used "default/savedsearches.conf.template", that becomes a new default/savedsearches.conf, with string replacements done by the setup scripts, upon setting of required parameter values.

However, they don't show in the WebUI until restarting Splunk. I am looking for :
(1) a way to make the Web GUI to reload the new savedsearches.conf, or
(2) a way to push a restart message in the Splunk UI (like the one appearing upon install of a new app).

How can I do either?

rama

jkat54 · ‎07-15-2016

Instead of forcing the restart it is best to ask the user to do the restart themselves. Here's the python code to do so via REST:

In your restmap.conf (in app/default):

[admin_external:yourEndpoint]
handlertype = python
handlerfile = yourRestHandler.py
handleractions = list, edit, _reload

In yourRestHandler.py (inside your apps bin folder):

 class yourRestHandlerClass(admin.MConfigHandler):

  def setup(self):
   if self.requestedAction in (admin.ACTION_CREATE,admin.ACTION_EDIT):
     self.supportedArgs.addReqArg("aVariable ") #<-if you're passing vars to your rest add them like this

  def handleEdit(self, confInfo):
    if not 'aVariable ' in self.callerArgs.data.keys() and self.callerArgs['aVariable ']:
     raise admin.ArgValidationException, "A aVariable must be provided" #pitch a fit if the var isnt supplied to REST
    #prompt user to restart splunk web
    sessionKey=self.getSessionKey()  #<- heres the key to making additional rest calls work
    headers = {'Authorization':''} #<- heres the key to making additional rest calls work
    headers['Authorization'] = 'Splunk ' + sessionKey  #<- heres the key to making additional rest calls work
    data = {'name':'restart_link','value':'Splunk must be restarted for changes to take effect.  [[/manager/search/control| Click here to restart from the Manager.]]','severity':'warn'}
    r = requests.post("https://localhost:8089/services/messages/new", headers=headers, data=data, verify=False)
    data = {'name':'restart_reason','value':'A user triggered the create action on app ssl_installer, and the following objects required a restart: ssl configuration','severity':'warn'}
    r = requests.post("https://localhost:8089/services/messages/new", headers=headers, data=data, verify=False) #<- headers = headers adds the auth header from above
    pass

  def handleList(self, confInfo):
   CONF_FILE = 'yourRestHandlerConfFile'
   confDict = self.readConf(self.CONF_FILE)
   if None != confDict:
    for stanza, settings in confDict.items():
     for key, val in settings.items():
      if val is None:
       confInfo[stanza].append(key, "")
      else:
       confInfo[stanza].append(key, val)

  def handleReload(self, confInfo):
    pass

  admin.init(yourRestHandlerClass, admin.CONTEXT_NONE)

In yourRestHandlerConfFile.conf (in app/default):

[default]
aVariable = ifYouUseVarsYouPutThemInThisFile

In your setup.xml (in app/default):

<setup>
  <block title="a Title" endpoint="admin/yourEndpoint" entity="default">
   <text>Enter a variable and press save</text>
   <input field="aVariable">
    <label>Please Enter Your Var Here</label>
    <type>string</type>
 </block> 
</setup>

If you must force the restart without asking the user to do so (maybe you just dont care to give them the option), change the url in the requests.post to https://localhost:8089/services/admin/server-control/restart in yourRestHandler.py

jkat54 · ‎03-08-2016

You can hit this endpoint on all your servers:

https://localhost:8089/services/apps/local/_reload

To force the restart message on install/changes to app:

http://docs.splunk.com/Documentation/Splunk/6.1/admin/Appconf

[install]
...
state_change_requires_restart = true | false
* Set whether changing an app's state ALWAYS requires a restart of Splunk.
* State changes include enabling or disabling an app.
* When set to true, changing an app's state always requires a restart.
* When set to false, modifying an app's state may or may not require a restart
  depending on what the app contains. This setting cannot be used to avoid all
  restart requirements!
* Defaults to false.

Also, [triggers] in app.conf:

[triggers]

reload.<conf_file_name> = [ simple | rest_endpoints | access_endpoints <handler_url> ]
* Splunk will reload app configuration after every 
  app-state change: install, update, enable, and disable.
* If your app does not use a custom config file (e.g. myconffile.conf) 
  then it won't need a [triggers] stanza, because 
  $SPLUNK_HOME/etc/system/default/app.conf already includes a [triggers]
  stanza which automatically reloads config files normally used by Splunk.
* If your app uses a custom config file (e.g. myconffile.conf) and you want to 
  avoid unnecessary Splunk restarts, you'll need to add a reload value in
  the [triggers] stanza.
* If you don't include [triggers] settings and your app uses a custom 
  config file, a Splunk restart will be required after every state change.
* Specifying "simple" implies that Splunk will take no special action to reload 
  your custom conf file.
* Specify "access_endpoints" and a URL to a REST endpoint, and Splunk will call
  its _reload() method at every app state change.
* "rest_endpoints" is reserved for Splunk's internal use for reloading 
  restmap.conf.

Is it possible to trigger reboot message from inside an app setup script, or to reload "default/savedsearches.conf" changes?

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!