cloud-mu 1.9.0.pre.beta → 2.0.0.pre.alpha

Sign up to get free protection for your applications and to get access to all the features.
Files changed (114) hide show
  1. checksums.yaml +4 -4
  2. data/Berksfile +16 -54
  3. data/Berksfile.lock +14 -62
  4. data/bin/mu-aws-setup +131 -108
  5. data/bin/mu-configure +311 -74
  6. data/bin/mu-gcp-setup +84 -62
  7. data/bin/mu-load-config.rb +46 -2
  8. data/bin/mu-self-update +11 -9
  9. data/bin/mu-upload-chef-artifacts +4 -4
  10. data/{mu.gemspec → cloud-mu.gemspec} +2 -2
  11. data/cookbooks/awscli/Berksfile +8 -0
  12. data/cookbooks/mu-activedirectory/Berksfile +11 -0
  13. data/cookbooks/mu-firewall/Berksfile +9 -0
  14. data/cookbooks/mu-firewall/metadata.rb +1 -1
  15. data/cookbooks/mu-glusterfs/Berksfile +10 -0
  16. data/cookbooks/mu-jenkins/Berksfile +14 -0
  17. data/cookbooks/mu-master/Berksfile +23 -0
  18. data/cookbooks/mu-master/attributes/default.rb +1 -1
  19. data/cookbooks/mu-master/metadata.rb +2 -2
  20. data/cookbooks/mu-master/recipes/default.rb +1 -1
  21. data/cookbooks/mu-master/recipes/init.rb +7 -3
  22. data/cookbooks/mu-master/recipes/ssl-certs.rb +1 -0
  23. data/cookbooks/mu-mongo/Berksfile +10 -0
  24. data/cookbooks/mu-openvpn/Berksfile +11 -0
  25. data/cookbooks/mu-php54/Berksfile +13 -0
  26. data/cookbooks/mu-splunk/Berksfile +10 -0
  27. data/cookbooks/mu-tools/Berksfile +21 -0
  28. data/cookbooks/mu-tools/files/default/Mu_CA.pem +15 -15
  29. data/cookbooks/mu-utility/Berksfile +9 -0
  30. data/cookbooks/mu-utility/metadata.rb +2 -1
  31. data/cookbooks/nagios/Berksfile +7 -4
  32. data/cookbooks/s3fs/Berksfile +9 -0
  33. data/environments/dev.json +6 -6
  34. data/environments/prod.json +6 -6
  35. data/modules/mu.rb +20 -42
  36. data/modules/mu/cleanup.rb +102 -100
  37. data/modules/mu/cloud.rb +90 -28
  38. data/modules/mu/clouds/aws.rb +449 -218
  39. data/modules/mu/clouds/aws/alarm.rb +29 -17
  40. data/modules/mu/clouds/aws/cache_cluster.rb +78 -64
  41. data/modules/mu/clouds/aws/collection.rb +25 -18
  42. data/modules/mu/clouds/aws/container_cluster.rb +73 -66
  43. data/modules/mu/clouds/aws/database.rb +124 -116
  44. data/modules/mu/clouds/aws/dnszone.rb +27 -20
  45. data/modules/mu/clouds/aws/firewall_rule.rb +30 -22
  46. data/modules/mu/clouds/aws/folder.rb +18 -3
  47. data/modules/mu/clouds/aws/function.rb +77 -23
  48. data/modules/mu/clouds/aws/group.rb +19 -12
  49. data/modules/mu/clouds/aws/habitat.rb +153 -0
  50. data/modules/mu/clouds/aws/loadbalancer.rb +59 -52
  51. data/modules/mu/clouds/aws/log.rb +30 -23
  52. data/modules/mu/clouds/aws/msg_queue.rb +29 -20
  53. data/modules/mu/clouds/aws/notifier.rb +222 -0
  54. data/modules/mu/clouds/aws/role.rb +178 -90
  55. data/modules/mu/clouds/aws/search_domain.rb +40 -24
  56. data/modules/mu/clouds/aws/server.rb +169 -137
  57. data/modules/mu/clouds/aws/server_pool.rb +60 -83
  58. data/modules/mu/clouds/aws/storage_pool.rb +59 -31
  59. data/modules/mu/clouds/aws/user.rb +36 -27
  60. data/modules/mu/clouds/aws/userdata/linux.erb +101 -93
  61. data/modules/mu/clouds/aws/vpc.rb +250 -189
  62. data/modules/mu/clouds/azure.rb +132 -0
  63. data/modules/mu/clouds/cloudformation.rb +65 -1
  64. data/modules/mu/clouds/cloudformation/alarm.rb +8 -0
  65. data/modules/mu/clouds/cloudformation/cache_cluster.rb +7 -0
  66. data/modules/mu/clouds/cloudformation/collection.rb +7 -0
  67. data/modules/mu/clouds/cloudformation/database.rb +7 -0
  68. data/modules/mu/clouds/cloudformation/dnszone.rb +7 -0
  69. data/modules/mu/clouds/cloudformation/firewall_rule.rb +9 -2
  70. data/modules/mu/clouds/cloudformation/loadbalancer.rb +7 -0
  71. data/modules/mu/clouds/cloudformation/log.rb +7 -0
  72. data/modules/mu/clouds/cloudformation/server.rb +7 -0
  73. data/modules/mu/clouds/cloudformation/server_pool.rb +7 -0
  74. data/modules/mu/clouds/cloudformation/vpc.rb +7 -0
  75. data/modules/mu/clouds/google.rb +214 -110
  76. data/modules/mu/clouds/google/container_cluster.rb +42 -24
  77. data/modules/mu/clouds/google/database.rb +15 -6
  78. data/modules/mu/clouds/google/firewall_rule.rb +17 -25
  79. data/modules/mu/clouds/google/group.rb +13 -5
  80. data/modules/mu/clouds/google/habitat.rb +105 -0
  81. data/modules/mu/clouds/google/loadbalancer.rb +28 -20
  82. data/modules/mu/clouds/google/server.rb +93 -354
  83. data/modules/mu/clouds/google/server_pool.rb +18 -10
  84. data/modules/mu/clouds/google/user.rb +22 -14
  85. data/modules/mu/clouds/google/vpc.rb +97 -69
  86. data/modules/mu/config.rb +133 -38
  87. data/modules/mu/config/alarm.rb +25 -0
  88. data/modules/mu/config/cache_cluster.rb +5 -3
  89. data/modules/mu/config/cache_cluster.yml +23 -0
  90. data/modules/mu/config/database.rb +25 -16
  91. data/modules/mu/config/database.yml +3 -3
  92. data/modules/mu/config/function.rb +1 -2
  93. data/modules/mu/config/{project.rb → habitat.rb} +10 -10
  94. data/modules/mu/config/notifier.rb +85 -0
  95. data/modules/mu/config/notifier.yml +9 -0
  96. data/modules/mu/config/role.rb +1 -1
  97. data/modules/mu/config/search_domain.yml +2 -2
  98. data/modules/mu/config/server.rb +13 -1
  99. data/modules/mu/config/server.yml +3 -3
  100. data/modules/mu/config/server_pool.rb +3 -1
  101. data/modules/mu/config/storage_pool.rb +3 -1
  102. data/modules/mu/config/storage_pool.yml +19 -0
  103. data/modules/mu/config/vpc.rb +70 -8
  104. data/modules/mu/groomers/chef.rb +2 -3
  105. data/modules/mu/kittens.rb +500 -122
  106. data/modules/mu/master.rb +5 -5
  107. data/modules/mu/mommacat.rb +151 -91
  108. data/modules/tests/super_complex_bok.yml +12 -0
  109. data/modules/tests/super_simple_bok.yml +12 -0
  110. data/spec/mu/clouds/azure_spec.rb +82 -0
  111. data/spec/spec_helper.rb +105 -0
  112. metadata +26 -5
  113. data/modules/mu/clouds/aws/notification.rb +0 -139
  114. data/modules/mu/config/notification.rb +0 -44
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 99522ede9ca4a27289aa29774c90fb8d4ddced64040b62c916a0fc0859530a4a
4
- data.tar.gz: c0a6ef2bcbc026bb4ae35a2661fe1b4d3fd18698aef3822949d14f29ef1ca0d3
3
+ metadata.gz: f1059c013e5f5e7c2ece20c2aa9ffcb60facab001cc864c0c26f60baf384d7c4
4
+ data.tar.gz: ebca2309c37e8a8038df432be18bb2b4f54e44b52da42029a79461515603f899
5
5
  SHA512:
6
- metadata.gz: 8cd48976fc196d3da6c7d6abfd8b1eaeadcfcf88ae4f338513aaa9ce27b8602d4f9912f2a05352b28e4f219915c118c89b8efffebeed8299778e3ad9062efbd9
7
- data.tar.gz: 02ad48db967c76bdadb9c82516c3f0b4ec8926201ff0fb84c3ea8045e72639838b4f97e2e0c92ec21817b94cfb903d21a704adb5d02146981bcff9c901d701b4
6
+ metadata.gz: d73ffd1304213dc06b04f0f350ef9d70cf99e48a3dd1c0ea7db0424606437b83e710bd87c0b9df471ca0ed0998991cf4e0e7a7e482d859ce647d0e0e09f84f6e
7
+ data.tar.gz: ad2503195884645217ee178aa1a9d94fb12520c83132f355cc1042535059d3b8d89cd8ce0066f1eae3d4e665aa6b678599ba2d174acbd7f9701430a1c242b464
data/Berksfile CHANGED
@@ -1,56 +1,18 @@
1
1
  source "https://supermarket.chef.io"
2
- cookbook_path = "cookbooks"
2
+ source chef_repo: "cookbooks/"
3
3
 
4
- # Platform Cookbooks
5
- cookbook 'mu-activedirectory', path: "#{cookbook_path}/mu-activedirectory"
6
- cookbook 'mu-splunk', path: "#{cookbook_path}/mu-splunk"
7
- cookbook 'mu-firewall', path: "#{cookbook_path}/mu-firewall"
8
- cookbook 'mu-glusterfs', path: "#{cookbook_path}/mu-glusterfs"
9
- cookbook 'mu-jenkins', path: "#{cookbook_path}/mu-jenkins"
10
- cookbook 'mu-master', path: "#{cookbook_path}/mu-master"
11
- cookbook 'mu-mongo', path: "#{cookbook_path}/mu-mongo"
12
- cookbook 'mu-openvpn', path: "#{cookbook_path}/mu-openvpn"
13
- cookbook 'mu-php54', path: "#{cookbook_path}/mu-php54"
14
- cookbook 'mu-tools', path: "#{cookbook_path}/mu-tools"
15
- cookbook 'mu-utility', path: "#{cookbook_path}/mu-utility"
16
-
17
- # Forked Cookbooks
18
- # cookbook 'awscli', path: "#{cookbook_path}/awscli"
19
- cookbook 'cloudcli', '~> 1.2.0'
20
- # cookbook 's3fs', path: "#{cookbook_path}/s3fs"
21
- cookbook 's3fs', '~> 3.0.1'
22
-
23
- # Nagios cookbook is borked, and dragging these cookbooks down with it...
24
- cookbook 'nagios', path: "#{cookbook_path}/nagios"
25
- cookbook 'apache2', '< 4.0'
26
-
27
- # Supermarket Cookbooks that are using latest as of 09/07/18
28
- cookbook 'chef-vault', '~> 3.1.1'
29
- cookbook 'windows', '~> 5.1.1'
30
- cookbook 'aws', '~> 2.9.3'
31
- cookbook 'build-essential', '~> 8.2.1'
32
- cookbook 'chef_nginx', '~> 6.2.0'
33
- cookbook 'freebsd', '~> 1.0.2'
34
- cookbook 'jenkins', '~> 6.2.0'
35
- cookbook 'logrotate', '~> 2.2.0'
36
- cookbook 'memcached', '~> 5.1.1'
37
- cookbook 'mongodb', '~> 0.16.2'
38
- cookbook 'runit', '~> 4.3.0'
39
- cookbook 'zipfile', '~> 0.2.0'
40
- cookbook 'yum', '~> 5.1.0'
41
- cookbook 'bind', '~> 2.2.0'
42
- cookbook 'bind9-ng', '~> 0.1.0'
43
- cookbook 'consul-cluster', '~> 2.0.0'
44
- cookbook 'database', '~> 6.1.1'
45
- cookbook 'firewall', '~> 2.6.5'
46
- cookbook 'hostsfile', '~> 3.0.1'
47
- cookbook 'java', '~> 2.2.0'
48
- cookbook 'mysql', '~> 8.5.1'
49
- cookbook 'nrpe', '~> 2.0.3'
50
- cookbook 'oracle-instantclient', '~> 1.1.0'
51
- cookbook 'poise-python', '~> 1.7.0'
52
- cookbook 'postfix', '~> 5.3.1'
53
- cookbook 'postgresql', '~> 7.1.0'
54
- cookbook 'simple_iptables', '~> 0.8.0'
55
- cookbook 'vault-cluster', '~> 2.1.0'
56
- cookbook 'yum-epel', '~> 3.2.0'
4
+ # Mu Platform Cookbooks
5
+ cookbook 'awscli', path: 'cookbooks/awscli'
6
+ cookbook 'mu-activedirectory'
7
+ cookbook 'mu-splunk'
8
+ cookbook 'mu-firewall'
9
+ cookbook 'mu-glusterfs'
10
+ cookbook 'mu-jenkins'
11
+ cookbook 'mu-master'
12
+ cookbook 'mu-mongo'
13
+ cookbook 'mu-openvpn'
14
+ cookbook 'mu-php54'
15
+ cookbook 'mu-tools'
16
+ cookbook 'mu-utility'
17
+ cookbook 'nagios', path: 'cookbooks/nagios'
18
+ #cookbook 's3fs', path: 'cookbooks/s3fs'
@@ -1,72 +1,30 @@
1
1
  DEPENDENCIES
2
- apache2 (< 4.0.0)
3
- aws (~> 2.9.3)
4
- bind (~> 2.2.0)
5
- bind9-ng (~> 0.1.0)
6
- build-essential (~> 8.2.1)
7
- chef-vault (~> 3.1.1)
8
- chef_nginx (~> 6.2.0)
9
- cloudcli (~> 1.2.0)
10
- consul-cluster (~> 2.0.0)
11
- database (~> 6.1.1)
12
- firewall (~> 2.6.5)
13
- freebsd (~> 1.0.2)
14
- hostsfile (~> 3.0.1)
15
- java (~> 2.2.0)
16
- jenkins (~> 6.2.0)
17
- logrotate (~> 2.2.0)
18
- memcached (~> 5.1.1)
19
- mongodb (~> 0.16.2)
2
+ awscli
3
+ path: cookbooks/awscli
20
4
  mu-activedirectory
21
- path: cookbooks/mu-activedirectory
22
5
  mu-firewall
23
- path: cookbooks/mu-firewall
24
6
  mu-glusterfs
25
- path: cookbooks/mu-glusterfs
26
7
  mu-jenkins
27
- path: cookbooks/mu-jenkins
28
8
  mu-master
29
- path: cookbooks/mu-master
30
9
  mu-mongo
31
- path: cookbooks/mu-mongo
32
10
  mu-openvpn
33
- path: cookbooks/mu-openvpn
34
11
  mu-php54
35
- path: cookbooks/mu-php54
36
12
  mu-splunk
37
- path: cookbooks/mu-splunk
38
13
  mu-tools
39
- path: cookbooks/mu-tools
40
14
  mu-utility
41
- path: cookbooks/mu-utility
42
- mysql (~> 8.5.1)
43
15
  nagios
44
16
  path: cookbooks/nagios
45
- nrpe (~> 2.0.3)
46
- oracle-instantclient (~> 1.1.0)
47
- poise-python (~> 1.7.0)
48
- postfix (~> 5.3.1)
49
- postgresql (~> 7.1.0)
50
- runit (~> 4.3.0)
51
- s3fs (~> 3.0.1)
52
- simple_iptables (~> 0.8.0)
53
- vault-cluster (~> 2.1.0)
54
- windows (~> 5.1.1)
55
- yum (~> 5.1.0)
56
- yum-epel (~> 3.2.0)
57
- zipfile (~> 0.2.0)
58
17
 
59
18
  GRAPH
60
19
  apache2 (3.3.1)
61
20
  apt (7.1.1)
62
- aws (2.9.3)
63
- ohai (>= 2.1.0)
21
+ awscli (0.2.1)
64
22
  bind (2.2.1)
65
23
  bind9-ng (0.1.0)
66
24
  build-essential (8.2.1)
67
25
  mingw (>= 1.1)
68
26
  seven_zip (>= 0.0.0)
69
- chef-sugar (4.1.0)
27
+ chef-sugar (5.0.0)
70
28
  chef-vault (3.1.1)
71
29
  chef_nginx (6.2.0)
72
30
  build-essential (>= 0.0.0)
@@ -74,8 +32,6 @@ GRAPH
74
32
  ohai (>= 4.1.0)
75
33
  yum-epel (>= 0.0.0)
76
34
  zypper (>= 0.0.0)
77
- cloudcli (1.2.0)
78
- poise-python (~> 1.6)
79
35
  compat_resource (12.19.1)
80
36
  consul (2.3.0)
81
37
  build-essential (>= 0.0.0)
@@ -92,9 +48,8 @@ GRAPH
92
48
  database (6.1.1)
93
49
  postgresql (>= 1.0.0)
94
50
  dpkg_autostart (0.2.0)
95
- firewall (2.6.5)
51
+ firewall (2.7.0)
96
52
  chef-sugar (>= 0.0.0)
97
- freebsd (1.0.2)
98
53
  golang (1.7.0)
99
54
  hashicorp-vault (2.5.0)
100
55
  build-essential (>= 0.0.0)
@@ -107,12 +62,9 @@ GRAPH
107
62
  java (2.2.1)
108
63
  homebrew (>= 0.0.0)
109
64
  windows (>= 0.0.0)
110
- jenkins (6.2.0)
65
+ jenkins (6.2.1)
111
66
  dpkg_autostart (>= 0.0.0)
112
67
  runit (>= 1.7)
113
- logrotate (2.2.0)
114
- memcached (5.1.1)
115
- runit (>= 1.2.0)
116
68
  mingw (2.1.0)
117
69
  seven_zip (>= 0.0.0)
118
70
  mongodb (0.16.2)
@@ -125,7 +77,7 @@ GRAPH
125
77
  windows (~> 5.1.1)
126
78
  yum-epel (~> 3.2.0)
127
79
  mu-firewall (0.1.0)
128
- firewall (~> 2.6.5)
80
+ firewall (~> 2.7.0)
129
81
  mu-glusterfs (0.1.0)
130
82
  mu-firewall (>= 0.0.0)
131
83
  yum (~> 5.1.0)
@@ -136,7 +88,7 @@ GRAPH
136
88
  mu-master (>= 0.0.0)
137
89
  mu-tools (>= 0.0.0)
138
90
  mu-utility (>= 0.0.0)
139
- mu-master (0.9.0)
91
+ mu-master (0.9.2)
140
92
  apache2 (< 4.0)
141
93
  bind (~> 2.2.0)
142
94
  bind9-ng (~> 0.1.0)
@@ -150,7 +102,7 @@ GRAPH
150
102
  nagios (>= 0.0.0)
151
103
  nrpe (~> 2.0.3)
152
104
  postfix (~> 5.3.1)
153
- s3fs (~> 3.0.1)
105
+ s3fs (>= 0.0.0)
154
106
  vault-cluster (~> 2.1.0)
155
107
  mu-mongo (0.5.0)
156
108
  chef-vault (~> 3.1.1)
@@ -182,6 +134,7 @@ GRAPH
182
134
  windows (~> 5.1.1)
183
135
  yum-epel (~> 3.2.0)
184
136
  mu-utility (0.6.0)
137
+ mu-firewall (>= 0.0.0)
185
138
  windows (~> 5.1.1)
186
139
  mysql (8.5.1)
187
140
  nagios (7.2.7)
@@ -197,7 +150,7 @@ GRAPH
197
150
  perl (>= 0.0.0)
198
151
  runit (>= 0.0.0)
199
152
  yum-epel (>= 0.0.0)
200
- nrpe (2.0.3)
153
+ nrpe (2.0.5)
201
154
  build-essential (>= 0.0.0)
202
155
  yum-epel (>= 0.0.0)
203
156
  nssm (4.0.1)
@@ -224,13 +177,13 @@ GRAPH
224
177
  poise-service (1.5.2)
225
178
  poise (~> 2.0)
226
179
  postfix (5.3.1)
227
- postgresql (7.1.1)
180
+ postgresql (7.1.3)
228
181
  python (1.4.6)
229
182
  build-essential (>= 0.0.0)
230
183
  yum-epel (>= 0.0.0)
231
184
  rubyzip (1.3.1)
232
185
  poise (~> 2.2)
233
- runit (4.3.0)
186
+ runit (4.3.1)
234
187
  packagecloud (>= 0.0.0)
235
188
  yum-epel (>= 0.0.0)
236
189
  s3fs (3.0.1)
@@ -242,9 +195,8 @@ GRAPH
242
195
  consul-cluster (~> 2.0)
243
196
  hashicorp-vault (~> 2.1)
244
197
  ssl_certificate (~> 1.11)
245
- windows (5.1.5)
198
+ windows (5.1.6)
246
199
  yum (5.1.0)
247
200
  yum-epel (3.2.0)
248
201
  zap (1.1.0)
249
- zipfile (0.2.0)
250
202
  zypper (0.4.0)
@@ -46,6 +46,20 @@ Usage:
46
46
  opt :ephemeral, "Make sure all of our instance store (ephemeral) block devices are mapped and available.", :require => false, :default => false, :type => :boolean
47
47
  end
48
48
 
49
+ if MU::Cloud::AWS.hosted? and !$MU_CFG['aws']
50
+ new_cfg = $MU_CFG.dup
51
+ cfg_blob = MU::Cloud::AWS.hosted_config
52
+ if cfg_blob
53
+ cfg_blob['log_bucket_name'] ||= $MU_CFG['hostname']
54
+ new_cfg["aws"] = { "default" => cfg_blob }
55
+ MU.log "Adding auto-detected AWS stanza to #{cfgPath}", MU::NOTICE
56
+ if new_cfg != $MU_CFG or !cfgExists?
57
+ MU.log "Generating #{cfgPath}"
58
+ saveMuConfig(new_cfg)
59
+ $MU_CFG = new_cfg
60
+ end
61
+ end
62
+ end
49
63
 
50
64
  my_instance_id = MU::Cloud::AWS.getAWSMetaData("instance-id")
51
65
 
@@ -169,137 +183,146 @@ end
169
183
  $bucketname = MU.adminBucketName
170
184
 
171
185
  if $opts[:logs]
172
- exists = false
186
+ MU::Cloud::AWS.listCredentials.each { |credset|
187
+ bucketname = MU::Cloud::AWS.adminBucketName(credset)
173
188
 
174
- MU.log "Configuring log and secret Amazon S3 bucket '#{$bucketname}'"
189
+ exists = false
175
190
 
176
- resp = MU::Cloud::AWS.s3.list_buckets
177
- resp.buckets.each { |bucket|
178
- exists = true if bucket['name'] == $bucketname
179
- }
180
- if !exists
181
- MU.log "Creating #{$bucketname} bucket"
182
- begin
183
- resp = MU::Cloud::AWS.s3.create_bucket(bucket: $bucketname, acl: "private")
184
- rescue Aws::S3::Errors::BucketAlreadyExists => e
185
- MU.log "#{e.inspect}", MU::NOTICE
191
+ MU.log "Configuring log and secret Amazon S3 bucket '#{bucketname}' for credential set #{credset}"
192
+
193
+ resp = MU::Cloud::AWS.s3(credentials: credset).list_buckets
194
+ resp.buckets.each { |bucket|
195
+ exists = true if bucket['name'] == bucketname
196
+ }
197
+ if !exists
198
+ MU.log "Creating #{bucketname} bucket"
199
+ begin
200
+ resp = MU::Cloud::AWS.s3(credentials: credset).create_bucket(bucket: bucketname, acl: "private")
201
+ rescue Aws::S3::Errors::BucketAlreadyExists => e
202
+ MU.log "#{e.inspect}", MU::NOTICE
203
+ end
186
204
  end
187
- end
188
205
 
189
- resp = MU::Cloud::AWS.s3.list_objects(
190
- bucket: $bucketname,
191
- prefix: "log_vol_ebs_key"
192
- )
193
- found = false
194
- resp.contents.each { |object|
195
- found = true if object.key == "log_vol_ebs_key"
196
- }
197
- if !found
198
- MU.log "Creating new key for encrypted EBS log volume"
199
- key = SecureRandom.random_bytes(32)
200
- MU::Cloud::AWS.s3.put_object(
201
- bucket: $bucketname,
202
- key: "log_vol_ebs_key",
203
- body: "#{key}"
204
- )
205
- end
206
- if File.exists?("#{MU.mySSLDir}/Mu_CA.pem")
207
- MU.log "Putting the Mu Master's public SSL certificate into #{$bucketname}/Mu_CA.pem"
208
- MU::Cloud::AWS.s3.put_object(
209
- bucket: $bucketname,
210
- key: "Mu_CA.pem",
211
- body: File.read("#{MU.mySSLDir}/Mu_CA.pem"),
212
- acl: "public-read",
206
+ resp = MU::Cloud::AWS.s3(credentials: credset).list_objects(
207
+ bucket: bucketname,
208
+ prefix: "log_vol_ebs_key"
213
209
  )
214
- end
210
+ found = false
211
+ resp.contents.each { |object|
212
+ found = true if object.key == "log_vol_ebs_key"
213
+ }
214
+ if !found
215
+ MU.log "Creating new key for encrypted EBS log volume"
216
+ key = SecureRandom.random_bytes(32)
217
+ MU::Cloud::AWS.s3(credentials: credset).put_object(
218
+ bucket: bucketname,
219
+ key: "log_vol_ebs_key",
220
+ body: "#{key}"
221
+ )
222
+ end
223
+ if File.exists?("#{MU.mySSLDir}/Mu_CA.pem")
224
+ MU.log "Putting the Mu Master's public SSL certificate into #{bucketname}/Mu_CA.pem"
225
+ MU::Cloud::AWS.s3(credentials: credset).put_object(
226
+ bucket: bucketname,
227
+ key: "Mu_CA.pem",
228
+ body: File.read("#{MU.mySSLDir}/Mu_CA.pem"),
229
+ acl: "public-read",
230
+ )
231
+ end
215
232
 
216
- MU::Master.disk("/dev/xvdl", "/Mu_Logs", 50, "log_vol_ebs_key", "ram7")
233
+ MU::Master.disk("/dev/xvdl", "/Mu_Logs", 50, "log_vol_ebs_key", "ram7")
217
234
 
218
- # MU.log "Uploading Mu_CA.pem to #{$bucketname}"
235
+ # MU.log "Uploading Mu_CA.pem to #{bucketname}"
219
236
  # MU::Cloud::AWS.s3.put_object(
220
- # bucket: $bucketname,
237
+ # bucket: bucketname,
221
238
  # acl: "public-read",
222
239
  # key: "Mu_CA.pem",
223
240
  # body: File.read("#{ENV['MU_DATADIR']}/ssl/Mu_CA.pem")
224
241
  # )
225
242
 
226
- resp = MU::Cloud::AWS.s3.list_objects(
227
- bucket: $bucketname,
228
- prefix: "log_vol_ebs_key"
229
- )
230
- owner = MU.structToHash(resp.contents.first.owner)
231
-
232
- MU::Cloud::AWS.s3.put_bucket_acl(
233
- bucket: $bucketname,
234
- acl: "log-delivery-write"
235
- )
236
-
237
- MU::Cloud::AWS.s3.put_bucket_versioning(
238
- bucket: $bucketname,
239
- versioning_configuration: {
240
- status: "Enabled"
241
- }
242
- )
243
-
244
- MU::Cloud::AWS.s3.put_bucket_lifecycle(
245
- bucket: $bucketname,
246
- lifecycle_configuration: {
247
- rules: [
248
- {
249
- expiration: {
250
- days: 180
251
- },
252
- prefix: "master.log/",
253
- status: "Enabled"
254
- },
255
- {
256
- expiration: {
257
- days: 180
258
- },
259
- prefix: "nodes.log/",
260
- status: "Enabled"
261
- },
262
- {
263
- expiration: {
264
- days: 180
265
- },
266
- prefix: "AWSLogs/",
267
- status: "Enabled"
268
- }
269
- ]
270
- }
271
- )
243
+ resp = MU::Cloud::AWS.s3(credentials: credset).list_objects(
244
+ bucket: bucketname,
245
+ prefix: "log_vol_ebs_key"
246
+ )
247
+ owner = MU.structToHash(resp.contents.first.owner)
272
248
 
273
- MU::Cloud::AWS.s3.put_bucket_policy(
274
- bucket: $bucketname,
275
- policy: ERB.new(MU::CLOUDTRAIL_BUCKET_POLICY).result
276
- )
249
+ MU::Cloud::AWS.s3(credentials: credset).put_bucket_acl(
250
+ bucket: bucketname,
251
+ acl: "log-delivery-write"
252
+ )
277
253
 
254
+ MU::Cloud::AWS.s3(credentials: credset).put_bucket_versioning(
255
+ bucket: bucketname,
256
+ versioning_configuration: {
257
+ status: "Enabled"
258
+ }
259
+ )
278
260
 
279
- begin
280
- resp = MU::Cloud::AWS.cloudtrail.describe_trails.trail_list
281
- rescue Aws::CloudTrail::Errors::AccessDeniedException => e
282
- MU.log e.inspect, MU::WARN
283
- end
284
- if resp.empty?
285
- MU.log "Enabling Cloud Trails, logged to bucket #{$bucketname}"
261
+ MU::Cloud::AWS.s3(credentials: credset).put_bucket_lifecycle(
262
+ bucket: bucketname,
263
+ lifecycle_configuration: {
264
+ rules: [
265
+ {
266
+ expiration: {
267
+ days: 180
268
+ },
269
+ prefix: "master.log/",
270
+ status: "Enabled"
271
+ },
272
+ {
273
+ expiration: {
274
+ days: 180
275
+ },
276
+ prefix: "nodes.log/",
277
+ status: "Enabled"
278
+ },
279
+ {
280
+ expiration: {
281
+ days: 180
282
+ },
283
+ prefix: "AWSLogs/",
284
+ status: "Enabled"
285
+ }
286
+ ]
287
+ }
288
+ )
286
289
 
287
290
  begin
288
- MU::Cloud::AWS.cloudtrail.create_trail(
289
- name: "cloudtrail",
290
- s3_bucket_name: $bucketname,
291
- include_global_service_events: true
291
+ MU::Cloud::AWS.s3(credentials: credset).put_bucket_policy(
292
+ bucket: bucketname,
293
+ policy: MU::Cloud::AWS.cloudtrailBucketPolicy(credset)
292
294
  )
293
- rescue Aws::CloudTrail::Errors::MaximumNumberOfTrailsExceededException, Aws::CloudTrail::Errors::AccessDeniedException => e
295
+ rescue Aws::S3::Errors::MalformedPolicy => e
296
+ MU.log e.message, MU::ERR, details: MU::Cloud::AWS.cloudtrailBucketPolicy(credset)
297
+ next
298
+ end
299
+
300
+
301
+ begin
302
+ resp = MU::Cloud::AWS.cloudtrail(credentials: credset).describe_trails.trail_list
303
+ rescue Aws::CloudTrail::Errors::AccessDeniedException => e
294
304
  MU.log e.inspect, MU::WARN
295
305
  end
306
+ if resp.empty?
307
+ MU.log "Enabling Cloud Trails, logged to bucket #{bucketname}"
296
308
 
297
- # Make sure we actually enable cloudtrail logging
298
- MU::Cloud::AWS.cloudtrail.start_logging(
299
- name: "cloudtrail"
300
- )
301
- end
309
+ begin
310
+ MU::Cloud::AWS.cloudtrail(credentials: credset).create_trail(
311
+ name: "cloudtrail",
312
+ s3_bucket_name: bucketname,
313
+ include_global_service_events: true
314
+ )
315
+ rescue Aws::CloudTrail::Errors::MaximumNumberOfTrailsExceededException, Aws::CloudTrail::Errors::AccessDeniedException => e
316
+ MU.log e.inspect, MU::WARN
317
+ end
302
318
 
319
+ # Make sure we actually enable cloudtrail logging
320
+ MU::Cloud::AWS.cloudtrail(credentials: credset).start_logging(
321
+ name: "cloudtrail"
322
+ )
323
+ end
324
+
325
+ }
303
326
  # Now that we've got S3 logging, let's also create an Mu_Logs stack in
304
327
  # CloudWatch logs.
305
328
  # For instances to log to this, they need to invoke the Chef recipe