cloud-mu 1.9.0.pre.beta → 2.0.0.pre.alpha
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Berksfile +16 -54
- data/Berksfile.lock +14 -62
- data/bin/mu-aws-setup +131 -108
- data/bin/mu-configure +311 -74
- data/bin/mu-gcp-setup +84 -62
- data/bin/mu-load-config.rb +46 -2
- data/bin/mu-self-update +11 -9
- data/bin/mu-upload-chef-artifacts +4 -4
- data/{mu.gemspec → cloud-mu.gemspec} +2 -2
- data/cookbooks/awscli/Berksfile +8 -0
- data/cookbooks/mu-activedirectory/Berksfile +11 -0
- data/cookbooks/mu-firewall/Berksfile +9 -0
- data/cookbooks/mu-firewall/metadata.rb +1 -1
- data/cookbooks/mu-glusterfs/Berksfile +10 -0
- data/cookbooks/mu-jenkins/Berksfile +14 -0
- data/cookbooks/mu-master/Berksfile +23 -0
- data/cookbooks/mu-master/attributes/default.rb +1 -1
- data/cookbooks/mu-master/metadata.rb +2 -2
- data/cookbooks/mu-master/recipes/default.rb +1 -1
- data/cookbooks/mu-master/recipes/init.rb +7 -3
- data/cookbooks/mu-master/recipes/ssl-certs.rb +1 -0
- data/cookbooks/mu-mongo/Berksfile +10 -0
- data/cookbooks/mu-openvpn/Berksfile +11 -0
- data/cookbooks/mu-php54/Berksfile +13 -0
- data/cookbooks/mu-splunk/Berksfile +10 -0
- data/cookbooks/mu-tools/Berksfile +21 -0
- data/cookbooks/mu-tools/files/default/Mu_CA.pem +15 -15
- data/cookbooks/mu-utility/Berksfile +9 -0
- data/cookbooks/mu-utility/metadata.rb +2 -1
- data/cookbooks/nagios/Berksfile +7 -4
- data/cookbooks/s3fs/Berksfile +9 -0
- data/environments/dev.json +6 -6
- data/environments/prod.json +6 -6
- data/modules/mu.rb +20 -42
- data/modules/mu/cleanup.rb +102 -100
- data/modules/mu/cloud.rb +90 -28
- data/modules/mu/clouds/aws.rb +449 -218
- data/modules/mu/clouds/aws/alarm.rb +29 -17
- data/modules/mu/clouds/aws/cache_cluster.rb +78 -64
- data/modules/mu/clouds/aws/collection.rb +25 -18
- data/modules/mu/clouds/aws/container_cluster.rb +73 -66
- data/modules/mu/clouds/aws/database.rb +124 -116
- data/modules/mu/clouds/aws/dnszone.rb +27 -20
- data/modules/mu/clouds/aws/firewall_rule.rb +30 -22
- data/modules/mu/clouds/aws/folder.rb +18 -3
- data/modules/mu/clouds/aws/function.rb +77 -23
- data/modules/mu/clouds/aws/group.rb +19 -12
- data/modules/mu/clouds/aws/habitat.rb +153 -0
- data/modules/mu/clouds/aws/loadbalancer.rb +59 -52
- data/modules/mu/clouds/aws/log.rb +30 -23
- data/modules/mu/clouds/aws/msg_queue.rb +29 -20
- data/modules/mu/clouds/aws/notifier.rb +222 -0
- data/modules/mu/clouds/aws/role.rb +178 -90
- data/modules/mu/clouds/aws/search_domain.rb +40 -24
- data/modules/mu/clouds/aws/server.rb +169 -137
- data/modules/mu/clouds/aws/server_pool.rb +60 -83
- data/modules/mu/clouds/aws/storage_pool.rb +59 -31
- data/modules/mu/clouds/aws/user.rb +36 -27
- data/modules/mu/clouds/aws/userdata/linux.erb +101 -93
- data/modules/mu/clouds/aws/vpc.rb +250 -189
- data/modules/mu/clouds/azure.rb +132 -0
- data/modules/mu/clouds/cloudformation.rb +65 -1
- data/modules/mu/clouds/cloudformation/alarm.rb +8 -0
- data/modules/mu/clouds/cloudformation/cache_cluster.rb +7 -0
- data/modules/mu/clouds/cloudformation/collection.rb +7 -0
- data/modules/mu/clouds/cloudformation/database.rb +7 -0
- data/modules/mu/clouds/cloudformation/dnszone.rb +7 -0
- data/modules/mu/clouds/cloudformation/firewall_rule.rb +9 -2
- data/modules/mu/clouds/cloudformation/loadbalancer.rb +7 -0
- data/modules/mu/clouds/cloudformation/log.rb +7 -0
- data/modules/mu/clouds/cloudformation/server.rb +7 -0
- data/modules/mu/clouds/cloudformation/server_pool.rb +7 -0
- data/modules/mu/clouds/cloudformation/vpc.rb +7 -0
- data/modules/mu/clouds/google.rb +214 -110
- data/modules/mu/clouds/google/container_cluster.rb +42 -24
- data/modules/mu/clouds/google/database.rb +15 -6
- data/modules/mu/clouds/google/firewall_rule.rb +17 -25
- data/modules/mu/clouds/google/group.rb +13 -5
- data/modules/mu/clouds/google/habitat.rb +105 -0
- data/modules/mu/clouds/google/loadbalancer.rb +28 -20
- data/modules/mu/clouds/google/server.rb +93 -354
- data/modules/mu/clouds/google/server_pool.rb +18 -10
- data/modules/mu/clouds/google/user.rb +22 -14
- data/modules/mu/clouds/google/vpc.rb +97 -69
- data/modules/mu/config.rb +133 -38
- data/modules/mu/config/alarm.rb +25 -0
- data/modules/mu/config/cache_cluster.rb +5 -3
- data/modules/mu/config/cache_cluster.yml +23 -0
- data/modules/mu/config/database.rb +25 -16
- data/modules/mu/config/database.yml +3 -3
- data/modules/mu/config/function.rb +1 -2
- data/modules/mu/config/{project.rb → habitat.rb} +10 -10
- data/modules/mu/config/notifier.rb +85 -0
- data/modules/mu/config/notifier.yml +9 -0
- data/modules/mu/config/role.rb +1 -1
- data/modules/mu/config/search_domain.yml +2 -2
- data/modules/mu/config/server.rb +13 -1
- data/modules/mu/config/server.yml +3 -3
- data/modules/mu/config/server_pool.rb +3 -1
- data/modules/mu/config/storage_pool.rb +3 -1
- data/modules/mu/config/storage_pool.yml +19 -0
- data/modules/mu/config/vpc.rb +70 -8
- data/modules/mu/groomers/chef.rb +2 -3
- data/modules/mu/kittens.rb +500 -122
- data/modules/mu/master.rb +5 -5
- data/modules/mu/mommacat.rb +151 -91
- data/modules/tests/super_complex_bok.yml +12 -0
- data/modules/tests/super_simple_bok.yml +12 -0
- data/spec/mu/clouds/azure_spec.rb +82 -0
- data/spec/spec_helper.rb +105 -0
- metadata +26 -5
- data/modules/mu/clouds/aws/notification.rb +0 -139
- data/modules/mu/config/notification.rb +0 -44
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f1059c013e5f5e7c2ece20c2aa9ffcb60facab001cc864c0c26f60baf384d7c4
|
4
|
+
data.tar.gz: ebca2309c37e8a8038df432be18bb2b4f54e44b52da42029a79461515603f899
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d73ffd1304213dc06b04f0f350ef9d70cf99e48a3dd1c0ea7db0424606437b83e710bd87c0b9df471ca0ed0998991cf4e0e7a7e482d859ce647d0e0e09f84f6e
|
7
|
+
data.tar.gz: ad2503195884645217ee178aa1a9d94fb12520c83132f355cc1042535059d3b8d89cd8ce0066f1eae3d4e665aa6b678599ba2d174acbd7f9701430a1c242b464
|
data/Berksfile
CHANGED
@@ -1,56 +1,18 @@
|
|
1
1
|
source "https://supermarket.chef.io"
|
2
|
-
|
2
|
+
source chef_repo: "cookbooks/"
|
3
3
|
|
4
|
-
# Platform Cookbooks
|
5
|
-
cookbook '
|
6
|
-
cookbook 'mu-
|
7
|
-
cookbook 'mu-
|
8
|
-
cookbook 'mu-
|
9
|
-
cookbook 'mu-
|
10
|
-
cookbook 'mu-
|
11
|
-
cookbook 'mu-
|
12
|
-
cookbook 'mu-
|
13
|
-
cookbook 'mu-
|
14
|
-
cookbook 'mu-
|
15
|
-
cookbook 'mu-
|
16
|
-
|
17
|
-
|
18
|
-
#
|
19
|
-
cookbook 'cloudcli', '~> 1.2.0'
|
20
|
-
# cookbook 's3fs', path: "#{cookbook_path}/s3fs"
|
21
|
-
cookbook 's3fs', '~> 3.0.1'
|
22
|
-
|
23
|
-
# Nagios cookbook is borked, and dragging these cookbooks down with it...
|
24
|
-
cookbook 'nagios', path: "#{cookbook_path}/nagios"
|
25
|
-
cookbook 'apache2', '< 4.0'
|
26
|
-
|
27
|
-
# Supermarket Cookbooks that are using latest as of 09/07/18
|
28
|
-
cookbook 'chef-vault', '~> 3.1.1'
|
29
|
-
cookbook 'windows', '~> 5.1.1'
|
30
|
-
cookbook 'aws', '~> 2.9.3'
|
31
|
-
cookbook 'build-essential', '~> 8.2.1'
|
32
|
-
cookbook 'chef_nginx', '~> 6.2.0'
|
33
|
-
cookbook 'freebsd', '~> 1.0.2'
|
34
|
-
cookbook 'jenkins', '~> 6.2.0'
|
35
|
-
cookbook 'logrotate', '~> 2.2.0'
|
36
|
-
cookbook 'memcached', '~> 5.1.1'
|
37
|
-
cookbook 'mongodb', '~> 0.16.2'
|
38
|
-
cookbook 'runit', '~> 4.3.0'
|
39
|
-
cookbook 'zipfile', '~> 0.2.0'
|
40
|
-
cookbook 'yum', '~> 5.1.0'
|
41
|
-
cookbook 'bind', '~> 2.2.0'
|
42
|
-
cookbook 'bind9-ng', '~> 0.1.0'
|
43
|
-
cookbook 'consul-cluster', '~> 2.0.0'
|
44
|
-
cookbook 'database', '~> 6.1.1'
|
45
|
-
cookbook 'firewall', '~> 2.6.5'
|
46
|
-
cookbook 'hostsfile', '~> 3.0.1'
|
47
|
-
cookbook 'java', '~> 2.2.0'
|
48
|
-
cookbook 'mysql', '~> 8.5.1'
|
49
|
-
cookbook 'nrpe', '~> 2.0.3'
|
50
|
-
cookbook 'oracle-instantclient', '~> 1.1.0'
|
51
|
-
cookbook 'poise-python', '~> 1.7.0'
|
52
|
-
cookbook 'postfix', '~> 5.3.1'
|
53
|
-
cookbook 'postgresql', '~> 7.1.0'
|
54
|
-
cookbook 'simple_iptables', '~> 0.8.0'
|
55
|
-
cookbook 'vault-cluster', '~> 2.1.0'
|
56
|
-
cookbook 'yum-epel', '~> 3.2.0'
|
4
|
+
# Mu Platform Cookbooks
|
5
|
+
cookbook 'awscli', path: 'cookbooks/awscli'
|
6
|
+
cookbook 'mu-activedirectory'
|
7
|
+
cookbook 'mu-splunk'
|
8
|
+
cookbook 'mu-firewall'
|
9
|
+
cookbook 'mu-glusterfs'
|
10
|
+
cookbook 'mu-jenkins'
|
11
|
+
cookbook 'mu-master'
|
12
|
+
cookbook 'mu-mongo'
|
13
|
+
cookbook 'mu-openvpn'
|
14
|
+
cookbook 'mu-php54'
|
15
|
+
cookbook 'mu-tools'
|
16
|
+
cookbook 'mu-utility'
|
17
|
+
cookbook 'nagios', path: 'cookbooks/nagios'
|
18
|
+
#cookbook 's3fs', path: 'cookbooks/s3fs'
|
data/Berksfile.lock
CHANGED
@@ -1,72 +1,30 @@
|
|
1
1
|
DEPENDENCIES
|
2
|
-
|
3
|
-
|
4
|
-
bind (~> 2.2.0)
|
5
|
-
bind9-ng (~> 0.1.0)
|
6
|
-
build-essential (~> 8.2.1)
|
7
|
-
chef-vault (~> 3.1.1)
|
8
|
-
chef_nginx (~> 6.2.0)
|
9
|
-
cloudcli (~> 1.2.0)
|
10
|
-
consul-cluster (~> 2.0.0)
|
11
|
-
database (~> 6.1.1)
|
12
|
-
firewall (~> 2.6.5)
|
13
|
-
freebsd (~> 1.0.2)
|
14
|
-
hostsfile (~> 3.0.1)
|
15
|
-
java (~> 2.2.0)
|
16
|
-
jenkins (~> 6.2.0)
|
17
|
-
logrotate (~> 2.2.0)
|
18
|
-
memcached (~> 5.1.1)
|
19
|
-
mongodb (~> 0.16.2)
|
2
|
+
awscli
|
3
|
+
path: cookbooks/awscli
|
20
4
|
mu-activedirectory
|
21
|
-
path: cookbooks/mu-activedirectory
|
22
5
|
mu-firewall
|
23
|
-
path: cookbooks/mu-firewall
|
24
6
|
mu-glusterfs
|
25
|
-
path: cookbooks/mu-glusterfs
|
26
7
|
mu-jenkins
|
27
|
-
path: cookbooks/mu-jenkins
|
28
8
|
mu-master
|
29
|
-
path: cookbooks/mu-master
|
30
9
|
mu-mongo
|
31
|
-
path: cookbooks/mu-mongo
|
32
10
|
mu-openvpn
|
33
|
-
path: cookbooks/mu-openvpn
|
34
11
|
mu-php54
|
35
|
-
path: cookbooks/mu-php54
|
36
12
|
mu-splunk
|
37
|
-
path: cookbooks/mu-splunk
|
38
13
|
mu-tools
|
39
|
-
path: cookbooks/mu-tools
|
40
14
|
mu-utility
|
41
|
-
path: cookbooks/mu-utility
|
42
|
-
mysql (~> 8.5.1)
|
43
15
|
nagios
|
44
16
|
path: cookbooks/nagios
|
45
|
-
nrpe (~> 2.0.3)
|
46
|
-
oracle-instantclient (~> 1.1.0)
|
47
|
-
poise-python (~> 1.7.0)
|
48
|
-
postfix (~> 5.3.1)
|
49
|
-
postgresql (~> 7.1.0)
|
50
|
-
runit (~> 4.3.0)
|
51
|
-
s3fs (~> 3.0.1)
|
52
|
-
simple_iptables (~> 0.8.0)
|
53
|
-
vault-cluster (~> 2.1.0)
|
54
|
-
windows (~> 5.1.1)
|
55
|
-
yum (~> 5.1.0)
|
56
|
-
yum-epel (~> 3.2.0)
|
57
|
-
zipfile (~> 0.2.0)
|
58
17
|
|
59
18
|
GRAPH
|
60
19
|
apache2 (3.3.1)
|
61
20
|
apt (7.1.1)
|
62
|
-
|
63
|
-
ohai (>= 2.1.0)
|
21
|
+
awscli (0.2.1)
|
64
22
|
bind (2.2.1)
|
65
23
|
bind9-ng (0.1.0)
|
66
24
|
build-essential (8.2.1)
|
67
25
|
mingw (>= 1.1)
|
68
26
|
seven_zip (>= 0.0.0)
|
69
|
-
chef-sugar (
|
27
|
+
chef-sugar (5.0.0)
|
70
28
|
chef-vault (3.1.1)
|
71
29
|
chef_nginx (6.2.0)
|
72
30
|
build-essential (>= 0.0.0)
|
@@ -74,8 +32,6 @@ GRAPH
|
|
74
32
|
ohai (>= 4.1.0)
|
75
33
|
yum-epel (>= 0.0.0)
|
76
34
|
zypper (>= 0.0.0)
|
77
|
-
cloudcli (1.2.0)
|
78
|
-
poise-python (~> 1.6)
|
79
35
|
compat_resource (12.19.1)
|
80
36
|
consul (2.3.0)
|
81
37
|
build-essential (>= 0.0.0)
|
@@ -92,9 +48,8 @@ GRAPH
|
|
92
48
|
database (6.1.1)
|
93
49
|
postgresql (>= 1.0.0)
|
94
50
|
dpkg_autostart (0.2.0)
|
95
|
-
firewall (2.
|
51
|
+
firewall (2.7.0)
|
96
52
|
chef-sugar (>= 0.0.0)
|
97
|
-
freebsd (1.0.2)
|
98
53
|
golang (1.7.0)
|
99
54
|
hashicorp-vault (2.5.0)
|
100
55
|
build-essential (>= 0.0.0)
|
@@ -107,12 +62,9 @@ GRAPH
|
|
107
62
|
java (2.2.1)
|
108
63
|
homebrew (>= 0.0.0)
|
109
64
|
windows (>= 0.0.0)
|
110
|
-
jenkins (6.2.
|
65
|
+
jenkins (6.2.1)
|
111
66
|
dpkg_autostart (>= 0.0.0)
|
112
67
|
runit (>= 1.7)
|
113
|
-
logrotate (2.2.0)
|
114
|
-
memcached (5.1.1)
|
115
|
-
runit (>= 1.2.0)
|
116
68
|
mingw (2.1.0)
|
117
69
|
seven_zip (>= 0.0.0)
|
118
70
|
mongodb (0.16.2)
|
@@ -125,7 +77,7 @@ GRAPH
|
|
125
77
|
windows (~> 5.1.1)
|
126
78
|
yum-epel (~> 3.2.0)
|
127
79
|
mu-firewall (0.1.0)
|
128
|
-
firewall (~> 2.
|
80
|
+
firewall (~> 2.7.0)
|
129
81
|
mu-glusterfs (0.1.0)
|
130
82
|
mu-firewall (>= 0.0.0)
|
131
83
|
yum (~> 5.1.0)
|
@@ -136,7 +88,7 @@ GRAPH
|
|
136
88
|
mu-master (>= 0.0.0)
|
137
89
|
mu-tools (>= 0.0.0)
|
138
90
|
mu-utility (>= 0.0.0)
|
139
|
-
mu-master (0.9.
|
91
|
+
mu-master (0.9.2)
|
140
92
|
apache2 (< 4.0)
|
141
93
|
bind (~> 2.2.0)
|
142
94
|
bind9-ng (~> 0.1.0)
|
@@ -150,7 +102,7 @@ GRAPH
|
|
150
102
|
nagios (>= 0.0.0)
|
151
103
|
nrpe (~> 2.0.3)
|
152
104
|
postfix (~> 5.3.1)
|
153
|
-
s3fs (
|
105
|
+
s3fs (>= 0.0.0)
|
154
106
|
vault-cluster (~> 2.1.0)
|
155
107
|
mu-mongo (0.5.0)
|
156
108
|
chef-vault (~> 3.1.1)
|
@@ -182,6 +134,7 @@ GRAPH
|
|
182
134
|
windows (~> 5.1.1)
|
183
135
|
yum-epel (~> 3.2.0)
|
184
136
|
mu-utility (0.6.0)
|
137
|
+
mu-firewall (>= 0.0.0)
|
185
138
|
windows (~> 5.1.1)
|
186
139
|
mysql (8.5.1)
|
187
140
|
nagios (7.2.7)
|
@@ -197,7 +150,7 @@ GRAPH
|
|
197
150
|
perl (>= 0.0.0)
|
198
151
|
runit (>= 0.0.0)
|
199
152
|
yum-epel (>= 0.0.0)
|
200
|
-
nrpe (2.0.
|
153
|
+
nrpe (2.0.5)
|
201
154
|
build-essential (>= 0.0.0)
|
202
155
|
yum-epel (>= 0.0.0)
|
203
156
|
nssm (4.0.1)
|
@@ -224,13 +177,13 @@ GRAPH
|
|
224
177
|
poise-service (1.5.2)
|
225
178
|
poise (~> 2.0)
|
226
179
|
postfix (5.3.1)
|
227
|
-
postgresql (7.1.
|
180
|
+
postgresql (7.1.3)
|
228
181
|
python (1.4.6)
|
229
182
|
build-essential (>= 0.0.0)
|
230
183
|
yum-epel (>= 0.0.0)
|
231
184
|
rubyzip (1.3.1)
|
232
185
|
poise (~> 2.2)
|
233
|
-
runit (4.3.
|
186
|
+
runit (4.3.1)
|
234
187
|
packagecloud (>= 0.0.0)
|
235
188
|
yum-epel (>= 0.0.0)
|
236
189
|
s3fs (3.0.1)
|
@@ -242,9 +195,8 @@ GRAPH
|
|
242
195
|
consul-cluster (~> 2.0)
|
243
196
|
hashicorp-vault (~> 2.1)
|
244
197
|
ssl_certificate (~> 1.11)
|
245
|
-
windows (5.1.
|
198
|
+
windows (5.1.6)
|
246
199
|
yum (5.1.0)
|
247
200
|
yum-epel (3.2.0)
|
248
201
|
zap (1.1.0)
|
249
|
-
zipfile (0.2.0)
|
250
202
|
zypper (0.4.0)
|
data/bin/mu-aws-setup
CHANGED
@@ -46,6 +46,20 @@ Usage:
|
|
46
46
|
opt :ephemeral, "Make sure all of our instance store (ephemeral) block devices are mapped and available.", :require => false, :default => false, :type => :boolean
|
47
47
|
end
|
48
48
|
|
49
|
+
if MU::Cloud::AWS.hosted? and !$MU_CFG['aws']
|
50
|
+
new_cfg = $MU_CFG.dup
|
51
|
+
cfg_blob = MU::Cloud::AWS.hosted_config
|
52
|
+
if cfg_blob
|
53
|
+
cfg_blob['log_bucket_name'] ||= $MU_CFG['hostname']
|
54
|
+
new_cfg["aws"] = { "default" => cfg_blob }
|
55
|
+
MU.log "Adding auto-detected AWS stanza to #{cfgPath}", MU::NOTICE
|
56
|
+
if new_cfg != $MU_CFG or !cfgExists?
|
57
|
+
MU.log "Generating #{cfgPath}"
|
58
|
+
saveMuConfig(new_cfg)
|
59
|
+
$MU_CFG = new_cfg
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
49
63
|
|
50
64
|
my_instance_id = MU::Cloud::AWS.getAWSMetaData("instance-id")
|
51
65
|
|
@@ -169,137 +183,146 @@ end
|
|
169
183
|
$bucketname = MU.adminBucketName
|
170
184
|
|
171
185
|
if $opts[:logs]
|
172
|
-
|
186
|
+
MU::Cloud::AWS.listCredentials.each { |credset|
|
187
|
+
bucketname = MU::Cloud::AWS.adminBucketName(credset)
|
173
188
|
|
174
|
-
|
189
|
+
exists = false
|
175
190
|
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
191
|
+
MU.log "Configuring log and secret Amazon S3 bucket '#{bucketname}' for credential set #{credset}"
|
192
|
+
|
193
|
+
resp = MU::Cloud::AWS.s3(credentials: credset).list_buckets
|
194
|
+
resp.buckets.each { |bucket|
|
195
|
+
exists = true if bucket['name'] == bucketname
|
196
|
+
}
|
197
|
+
if !exists
|
198
|
+
MU.log "Creating #{bucketname} bucket"
|
199
|
+
begin
|
200
|
+
resp = MU::Cloud::AWS.s3(credentials: credset).create_bucket(bucket: bucketname, acl: "private")
|
201
|
+
rescue Aws::S3::Errors::BucketAlreadyExists => e
|
202
|
+
MU.log "#{e.inspect}", MU::NOTICE
|
203
|
+
end
|
186
204
|
end
|
187
|
-
end
|
188
205
|
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
)
|
193
|
-
found = false
|
194
|
-
resp.contents.each { |object|
|
195
|
-
found = true if object.key == "log_vol_ebs_key"
|
196
|
-
}
|
197
|
-
if !found
|
198
|
-
MU.log "Creating new key for encrypted EBS log volume"
|
199
|
-
key = SecureRandom.random_bytes(32)
|
200
|
-
MU::Cloud::AWS.s3.put_object(
|
201
|
-
bucket: $bucketname,
|
202
|
-
key: "log_vol_ebs_key",
|
203
|
-
body: "#{key}"
|
204
|
-
)
|
205
|
-
end
|
206
|
-
if File.exists?("#{MU.mySSLDir}/Mu_CA.pem")
|
207
|
-
MU.log "Putting the Mu Master's public SSL certificate into #{$bucketname}/Mu_CA.pem"
|
208
|
-
MU::Cloud::AWS.s3.put_object(
|
209
|
-
bucket: $bucketname,
|
210
|
-
key: "Mu_CA.pem",
|
211
|
-
body: File.read("#{MU.mySSLDir}/Mu_CA.pem"),
|
212
|
-
acl: "public-read",
|
206
|
+
resp = MU::Cloud::AWS.s3(credentials: credset).list_objects(
|
207
|
+
bucket: bucketname,
|
208
|
+
prefix: "log_vol_ebs_key"
|
213
209
|
)
|
214
|
-
|
210
|
+
found = false
|
211
|
+
resp.contents.each { |object|
|
212
|
+
found = true if object.key == "log_vol_ebs_key"
|
213
|
+
}
|
214
|
+
if !found
|
215
|
+
MU.log "Creating new key for encrypted EBS log volume"
|
216
|
+
key = SecureRandom.random_bytes(32)
|
217
|
+
MU::Cloud::AWS.s3(credentials: credset).put_object(
|
218
|
+
bucket: bucketname,
|
219
|
+
key: "log_vol_ebs_key",
|
220
|
+
body: "#{key}"
|
221
|
+
)
|
222
|
+
end
|
223
|
+
if File.exists?("#{MU.mySSLDir}/Mu_CA.pem")
|
224
|
+
MU.log "Putting the Mu Master's public SSL certificate into #{bucketname}/Mu_CA.pem"
|
225
|
+
MU::Cloud::AWS.s3(credentials: credset).put_object(
|
226
|
+
bucket: bucketname,
|
227
|
+
key: "Mu_CA.pem",
|
228
|
+
body: File.read("#{MU.mySSLDir}/Mu_CA.pem"),
|
229
|
+
acl: "public-read",
|
230
|
+
)
|
231
|
+
end
|
215
232
|
|
216
|
-
|
233
|
+
MU::Master.disk("/dev/xvdl", "/Mu_Logs", 50, "log_vol_ebs_key", "ram7")
|
217
234
|
|
218
|
-
# MU.log "Uploading Mu_CA.pem to #{
|
235
|
+
# MU.log "Uploading Mu_CA.pem to #{bucketname}"
|
219
236
|
# MU::Cloud::AWS.s3.put_object(
|
220
|
-
# bucket:
|
237
|
+
# bucket: bucketname,
|
221
238
|
# acl: "public-read",
|
222
239
|
# key: "Mu_CA.pem",
|
223
240
|
# body: File.read("#{ENV['MU_DATADIR']}/ssl/Mu_CA.pem")
|
224
241
|
# )
|
225
242
|
|
226
|
-
|
227
|
-
|
228
|
-
|
229
|
-
|
230
|
-
|
231
|
-
|
232
|
-
MU::Cloud::AWS.s3.put_bucket_acl(
|
233
|
-
bucket: $bucketname,
|
234
|
-
acl: "log-delivery-write"
|
235
|
-
)
|
236
|
-
|
237
|
-
MU::Cloud::AWS.s3.put_bucket_versioning(
|
238
|
-
bucket: $bucketname,
|
239
|
-
versioning_configuration: {
|
240
|
-
status: "Enabled"
|
241
|
-
}
|
242
|
-
)
|
243
|
-
|
244
|
-
MU::Cloud::AWS.s3.put_bucket_lifecycle(
|
245
|
-
bucket: $bucketname,
|
246
|
-
lifecycle_configuration: {
|
247
|
-
rules: [
|
248
|
-
{
|
249
|
-
expiration: {
|
250
|
-
days: 180
|
251
|
-
},
|
252
|
-
prefix: "master.log/",
|
253
|
-
status: "Enabled"
|
254
|
-
},
|
255
|
-
{
|
256
|
-
expiration: {
|
257
|
-
days: 180
|
258
|
-
},
|
259
|
-
prefix: "nodes.log/",
|
260
|
-
status: "Enabled"
|
261
|
-
},
|
262
|
-
{
|
263
|
-
expiration: {
|
264
|
-
days: 180
|
265
|
-
},
|
266
|
-
prefix: "AWSLogs/",
|
267
|
-
status: "Enabled"
|
268
|
-
}
|
269
|
-
]
|
270
|
-
}
|
271
|
-
)
|
243
|
+
resp = MU::Cloud::AWS.s3(credentials: credset).list_objects(
|
244
|
+
bucket: bucketname,
|
245
|
+
prefix: "log_vol_ebs_key"
|
246
|
+
)
|
247
|
+
owner = MU.structToHash(resp.contents.first.owner)
|
272
248
|
|
273
|
-
|
274
|
-
|
275
|
-
|
276
|
-
|
249
|
+
MU::Cloud::AWS.s3(credentials: credset).put_bucket_acl(
|
250
|
+
bucket: bucketname,
|
251
|
+
acl: "log-delivery-write"
|
252
|
+
)
|
277
253
|
|
254
|
+
MU::Cloud::AWS.s3(credentials: credset).put_bucket_versioning(
|
255
|
+
bucket: bucketname,
|
256
|
+
versioning_configuration: {
|
257
|
+
status: "Enabled"
|
258
|
+
}
|
259
|
+
)
|
278
260
|
|
279
|
-
|
280
|
-
|
281
|
-
|
282
|
-
|
283
|
-
|
284
|
-
|
285
|
-
|
261
|
+
MU::Cloud::AWS.s3(credentials: credset).put_bucket_lifecycle(
|
262
|
+
bucket: bucketname,
|
263
|
+
lifecycle_configuration: {
|
264
|
+
rules: [
|
265
|
+
{
|
266
|
+
expiration: {
|
267
|
+
days: 180
|
268
|
+
},
|
269
|
+
prefix: "master.log/",
|
270
|
+
status: "Enabled"
|
271
|
+
},
|
272
|
+
{
|
273
|
+
expiration: {
|
274
|
+
days: 180
|
275
|
+
},
|
276
|
+
prefix: "nodes.log/",
|
277
|
+
status: "Enabled"
|
278
|
+
},
|
279
|
+
{
|
280
|
+
expiration: {
|
281
|
+
days: 180
|
282
|
+
},
|
283
|
+
prefix: "AWSLogs/",
|
284
|
+
status: "Enabled"
|
285
|
+
}
|
286
|
+
]
|
287
|
+
}
|
288
|
+
)
|
286
289
|
|
287
290
|
begin
|
288
|
-
MU::Cloud::AWS.
|
289
|
-
|
290
|
-
|
291
|
-
include_global_service_events: true
|
291
|
+
MU::Cloud::AWS.s3(credentials: credset).put_bucket_policy(
|
292
|
+
bucket: bucketname,
|
293
|
+
policy: MU::Cloud::AWS.cloudtrailBucketPolicy(credset)
|
292
294
|
)
|
293
|
-
rescue Aws::
|
295
|
+
rescue Aws::S3::Errors::MalformedPolicy => e
|
296
|
+
MU.log e.message, MU::ERR, details: MU::Cloud::AWS.cloudtrailBucketPolicy(credset)
|
297
|
+
next
|
298
|
+
end
|
299
|
+
|
300
|
+
|
301
|
+
begin
|
302
|
+
resp = MU::Cloud::AWS.cloudtrail(credentials: credset).describe_trails.trail_list
|
303
|
+
rescue Aws::CloudTrail::Errors::AccessDeniedException => e
|
294
304
|
MU.log e.inspect, MU::WARN
|
295
305
|
end
|
306
|
+
if resp.empty?
|
307
|
+
MU.log "Enabling Cloud Trails, logged to bucket #{bucketname}"
|
296
308
|
|
297
|
-
|
298
|
-
|
299
|
-
|
300
|
-
|
301
|
-
|
309
|
+
begin
|
310
|
+
MU::Cloud::AWS.cloudtrail(credentials: credset).create_trail(
|
311
|
+
name: "cloudtrail",
|
312
|
+
s3_bucket_name: bucketname,
|
313
|
+
include_global_service_events: true
|
314
|
+
)
|
315
|
+
rescue Aws::CloudTrail::Errors::MaximumNumberOfTrailsExceededException, Aws::CloudTrail::Errors::AccessDeniedException => e
|
316
|
+
MU.log e.inspect, MU::WARN
|
317
|
+
end
|
302
318
|
|
319
|
+
# Make sure we actually enable cloudtrail logging
|
320
|
+
MU::Cloud::AWS.cloudtrail(credentials: credset).start_logging(
|
321
|
+
name: "cloudtrail"
|
322
|
+
)
|
323
|
+
end
|
324
|
+
|
325
|
+
}
|
303
326
|
# Now that we've got S3 logging, let's also create an Mu_Logs stack in
|
304
327
|
# CloudWatch logs.
|
305
328
|
# For instances to log to this, they need to invoke the Chef recipe
|