`nebula`¶

Nebula certificate expiration beacon.

Monitors Nebula certificate expiration and fires events when certificates are approaching their expiration threshold, enabling automatic renewal via reactor and orchestration.

depends:: nebula execution module

saltext.nebula.beacons.nebula.__virtual__()[source]¶: Only load if the nebula execution module is available.

saltext.nebula.beacons.nebula.validate(config)[source]¶

Validate the beacon configuration.

config: List containing beacon configuration dictionary.

Valid configuration example:

beacons:
  nebula:
    - interval: 86400
    - renewal_threshold_days: 30
    - cert_path: /etc/nebula/myhost.crt

saltext.nebula.beacons.nebula.beacon(config)[source]¶

Monitor Nebula certificate expiration.

Fires an event when the certificate is within the renewal threshold. The event can be caught by a reactor to trigger automatic renewal.

beacons:
  nebula:
    - interval: 86400           # Check every 24 hours
    - renewal_threshold_days: 30  # Alert when < 30 days remaining
    - cert_path: /etc/nebula/host.crt  # Optional, auto-detected

Event fired:

Tag: nebula/cert/expiring
Data:
  minion_id: <minion_id>
  cert_path: <path to certificate>
  days_until_expiry: <days remaining>
  expires_at: <ISO timestamp>
  renewal_threshold_days: <configured threshold>

CLI Example (to test beacon):

salt-call beacons.list
salt-call beacons.enable nebula

nebula¶

`nebula`¶