cloud-mu 1.9.0.pre.beta → 2.0.0.pre.alpha
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Berksfile +16 -54
- data/Berksfile.lock +14 -62
- data/bin/mu-aws-setup +131 -108
- data/bin/mu-configure +311 -74
- data/bin/mu-gcp-setup +84 -62
- data/bin/mu-load-config.rb +46 -2
- data/bin/mu-self-update +11 -9
- data/bin/mu-upload-chef-artifacts +4 -4
- data/{mu.gemspec → cloud-mu.gemspec} +2 -2
- data/cookbooks/awscli/Berksfile +8 -0
- data/cookbooks/mu-activedirectory/Berksfile +11 -0
- data/cookbooks/mu-firewall/Berksfile +9 -0
- data/cookbooks/mu-firewall/metadata.rb +1 -1
- data/cookbooks/mu-glusterfs/Berksfile +10 -0
- data/cookbooks/mu-jenkins/Berksfile +14 -0
- data/cookbooks/mu-master/Berksfile +23 -0
- data/cookbooks/mu-master/attributes/default.rb +1 -1
- data/cookbooks/mu-master/metadata.rb +2 -2
- data/cookbooks/mu-master/recipes/default.rb +1 -1
- data/cookbooks/mu-master/recipes/init.rb +7 -3
- data/cookbooks/mu-master/recipes/ssl-certs.rb +1 -0
- data/cookbooks/mu-mongo/Berksfile +10 -0
- data/cookbooks/mu-openvpn/Berksfile +11 -0
- data/cookbooks/mu-php54/Berksfile +13 -0
- data/cookbooks/mu-splunk/Berksfile +10 -0
- data/cookbooks/mu-tools/Berksfile +21 -0
- data/cookbooks/mu-tools/files/default/Mu_CA.pem +15 -15
- data/cookbooks/mu-utility/Berksfile +9 -0
- data/cookbooks/mu-utility/metadata.rb +2 -1
- data/cookbooks/nagios/Berksfile +7 -4
- data/cookbooks/s3fs/Berksfile +9 -0
- data/environments/dev.json +6 -6
- data/environments/prod.json +6 -6
- data/modules/mu.rb +20 -42
- data/modules/mu/cleanup.rb +102 -100
- data/modules/mu/cloud.rb +90 -28
- data/modules/mu/clouds/aws.rb +449 -218
- data/modules/mu/clouds/aws/alarm.rb +29 -17
- data/modules/mu/clouds/aws/cache_cluster.rb +78 -64
- data/modules/mu/clouds/aws/collection.rb +25 -18
- data/modules/mu/clouds/aws/container_cluster.rb +73 -66
- data/modules/mu/clouds/aws/database.rb +124 -116
- data/modules/mu/clouds/aws/dnszone.rb +27 -20
- data/modules/mu/clouds/aws/firewall_rule.rb +30 -22
- data/modules/mu/clouds/aws/folder.rb +18 -3
- data/modules/mu/clouds/aws/function.rb +77 -23
- data/modules/mu/clouds/aws/group.rb +19 -12
- data/modules/mu/clouds/aws/habitat.rb +153 -0
- data/modules/mu/clouds/aws/loadbalancer.rb +59 -52
- data/modules/mu/clouds/aws/log.rb +30 -23
- data/modules/mu/clouds/aws/msg_queue.rb +29 -20
- data/modules/mu/clouds/aws/notifier.rb +222 -0
- data/modules/mu/clouds/aws/role.rb +178 -90
- data/modules/mu/clouds/aws/search_domain.rb +40 -24
- data/modules/mu/clouds/aws/server.rb +169 -137
- data/modules/mu/clouds/aws/server_pool.rb +60 -83
- data/modules/mu/clouds/aws/storage_pool.rb +59 -31
- data/modules/mu/clouds/aws/user.rb +36 -27
- data/modules/mu/clouds/aws/userdata/linux.erb +101 -93
- data/modules/mu/clouds/aws/vpc.rb +250 -189
- data/modules/mu/clouds/azure.rb +132 -0
- data/modules/mu/clouds/cloudformation.rb +65 -1
- data/modules/mu/clouds/cloudformation/alarm.rb +8 -0
- data/modules/mu/clouds/cloudformation/cache_cluster.rb +7 -0
- data/modules/mu/clouds/cloudformation/collection.rb +7 -0
- data/modules/mu/clouds/cloudformation/database.rb +7 -0
- data/modules/mu/clouds/cloudformation/dnszone.rb +7 -0
- data/modules/mu/clouds/cloudformation/firewall_rule.rb +9 -2
- data/modules/mu/clouds/cloudformation/loadbalancer.rb +7 -0
- data/modules/mu/clouds/cloudformation/log.rb +7 -0
- data/modules/mu/clouds/cloudformation/server.rb +7 -0
- data/modules/mu/clouds/cloudformation/server_pool.rb +7 -0
- data/modules/mu/clouds/cloudformation/vpc.rb +7 -0
- data/modules/mu/clouds/google.rb +214 -110
- data/modules/mu/clouds/google/container_cluster.rb +42 -24
- data/modules/mu/clouds/google/database.rb +15 -6
- data/modules/mu/clouds/google/firewall_rule.rb +17 -25
- data/modules/mu/clouds/google/group.rb +13 -5
- data/modules/mu/clouds/google/habitat.rb +105 -0
- data/modules/mu/clouds/google/loadbalancer.rb +28 -20
- data/modules/mu/clouds/google/server.rb +93 -354
- data/modules/mu/clouds/google/server_pool.rb +18 -10
- data/modules/mu/clouds/google/user.rb +22 -14
- data/modules/mu/clouds/google/vpc.rb +97 -69
- data/modules/mu/config.rb +133 -38
- data/modules/mu/config/alarm.rb +25 -0
- data/modules/mu/config/cache_cluster.rb +5 -3
- data/modules/mu/config/cache_cluster.yml +23 -0
- data/modules/mu/config/database.rb +25 -16
- data/modules/mu/config/database.yml +3 -3
- data/modules/mu/config/function.rb +1 -2
- data/modules/mu/config/{project.rb → habitat.rb} +10 -10
- data/modules/mu/config/notifier.rb +85 -0
- data/modules/mu/config/notifier.yml +9 -0
- data/modules/mu/config/role.rb +1 -1
- data/modules/mu/config/search_domain.yml +2 -2
- data/modules/mu/config/server.rb +13 -1
- data/modules/mu/config/server.yml +3 -3
- data/modules/mu/config/server_pool.rb +3 -1
- data/modules/mu/config/storage_pool.rb +3 -1
- data/modules/mu/config/storage_pool.yml +19 -0
- data/modules/mu/config/vpc.rb +70 -8
- data/modules/mu/groomers/chef.rb +2 -3
- data/modules/mu/kittens.rb +500 -122
- data/modules/mu/master.rb +5 -5
- data/modules/mu/mommacat.rb +151 -91
- data/modules/tests/super_complex_bok.yml +12 -0
- data/modules/tests/super_simple_bok.yml +12 -0
- data/spec/mu/clouds/azure_spec.rb +82 -0
- data/spec/spec_helper.rb +105 -0
- metadata +26 -5
- data/modules/mu/clouds/aws/notification.rb +0 -139
- data/modules/mu/config/notification.rb +0 -44
@@ -39,7 +39,7 @@ CHEF_SERVER_VERSION="12.17.15-1"
|
|
39
39
|
CHEF_CLIENT_VERSION="14.4.56"
|
40
40
|
KNIFE_WINDOWS="1.9.0"
|
41
41
|
MU_BASE="/opt/mu"
|
42
|
-
MU_BRANCH="
|
42
|
+
MU_BRANCH="Azure_you_want_azure" # GIT HOOK EDITABLE DO NOT TOUCH
|
43
43
|
realbranch=`cd #{MU_BASE}/lib && git rev-parse --abbrev-ref HEAD`
|
44
44
|
|
45
45
|
if ENV.key?('MU_BRANCH')
|
@@ -234,7 +234,7 @@ file "#{MU_BASE}/lib/.git/hooks/pre-commit" do
|
|
234
234
|
action :delete
|
235
235
|
end
|
236
236
|
|
237
|
-
[MU_BASE+"/var", MU_BASE+"/
|
237
|
+
[MU_BASE+"/var", MU_BASE+"/var/ssl"].each do |dir|
|
238
238
|
directory dir do
|
239
239
|
recursive true
|
240
240
|
mode 0755
|
@@ -308,7 +308,9 @@ rpms.each_pair { |pkg, src|
|
|
308
308
|
end
|
309
309
|
end
|
310
310
|
}
|
311
|
-
package "jq"
|
311
|
+
package "jq" do
|
312
|
+
ignore_failure true # sometimes we can't see EPEL immediately
|
313
|
+
end
|
312
314
|
package removepackages do
|
313
315
|
action :remove
|
314
316
|
end
|
@@ -343,6 +345,7 @@ file "#{MU_BASE}/var/users/mu/email" do
|
|
343
345
|
content "#{$MU_CFG['mu_admin_email']}\n"
|
344
346
|
else
|
345
347
|
content "root@example.com\n"
|
348
|
+
action :create_if_missing
|
346
349
|
end
|
347
350
|
end
|
348
351
|
file "#{MU_BASE}/var/users/mu/realname" do
|
@@ -350,6 +353,7 @@ file "#{MU_BASE}/var/users/mu/realname" do
|
|
350
353
|
content "#{$MU_CFG['mu_admin_name']}\n"
|
351
354
|
else
|
352
355
|
content "Mu Administrator\n"
|
356
|
+
action :create_if_missing
|
353
357
|
end
|
354
358
|
end
|
355
359
|
|
@@ -25,6 +25,7 @@
|
|
25
25
|
include_recipe 'mu-master::firewall-holes'
|
26
26
|
service_certs = ["rsyslog", "mommacat", "ldap", "consul", "vault"]
|
27
27
|
|
28
|
+
directory "#{$MU_CFG['datadir']}"
|
28
29
|
directory "#{$MU_CFG['datadir']}/ssl"
|
29
30
|
template "#{$MU_CFG['datadir']}/ssl/openssl.cnf" do
|
30
31
|
source "openssl.cnf.erb"
|
@@ -0,0 +1,13 @@
|
|
1
|
+
source 'https://supermarket.chef.io'
|
2
|
+
source chef_repo: ".."
|
3
|
+
|
4
|
+
metadata
|
5
|
+
|
6
|
+
# Mu Cookbooks
|
7
|
+
cookbook 'mu-utility'
|
8
|
+
|
9
|
+
# Supermarket Cookbooks
|
10
|
+
cookbook 'simple_iptables', '~> 0.8.0'
|
11
|
+
cookbook 'apache2', '< 4.0'
|
12
|
+
cookbook 'mysql', '~> 8.5.1'
|
13
|
+
cookbook 'yum-epel', '~> 3.2.0'
|
@@ -0,0 +1,21 @@
|
|
1
|
+
source 'https://supermarket.chef.io'
|
2
|
+
source chef_repo: ".."
|
3
|
+
|
4
|
+
metadata
|
5
|
+
|
6
|
+
# Mu Cookbooks
|
7
|
+
cookbook "nagios"
|
8
|
+
cookbook "mu-utility"
|
9
|
+
cookbook "mu-splunk"
|
10
|
+
cookbook "mu-firewall"
|
11
|
+
cookbook "mu-activedirectory"
|
12
|
+
|
13
|
+
# Supermarket Cookbooks
|
14
|
+
cookbook "oracle-instantclient", '~> 1.1.0'
|
15
|
+
cookbook "database", '~> 6.1.1'
|
16
|
+
cookbook "postgresql", '~> 7.1.0'
|
17
|
+
cookbook "java", '~> 2.2.0'
|
18
|
+
cookbook "windows", '~> 5.1.1'
|
19
|
+
cookbook "chef-vault", '~> 3.1.1'
|
20
|
+
cookbook "poise-python", '~> 1.7.0'
|
21
|
+
cookbook "yum-epel", '~> 3.2.0'
|
@@ -1,8 +1,8 @@
|
|
1
1
|
-----BEGIN CERTIFICATE-----
|
2
|
-
|
2
|
+
MIIF2zCCA8OgAwIBAgIJAJSp1wu4cHj9MA0GCSqGSIb3DQEBDQUAMF0xFjAUBgNV
|
3
3
|
BAMMDTU0LjE3NS44Ni4xOTQxIDAeBgNVBAsMF011IFNlcnZlciA1NC4xNzUuODYu
|
4
|
-
|
5
|
-
|
4
|
+
MTk0MRQwEgYDVQQKDAtlR2xvYmFsVGVjaDELMAkGA1UEBhMCVVMwHhcNMTkwMTIy
|
5
|
+
MTUzMjM4WhcNMjExMTExMTUzMjM4WjBdMRYwFAYDVQQDDA01NC4xNzUuODYuMTk0
|
6
6
|
MSAwHgYDVQQLDBdNdSBTZXJ2ZXIgNTQuMTc1Ljg2LjE5NDEUMBIGA1UECgwLZUds
|
7
7
|
b2JhbFRlY2gxCzAJBgNVBAYTAlVTMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
|
8
8
|
CgKCAgEAo7rntOFj/WPNvh00SN55aJBusppsY9arq7QF5gt/9+cBPsjcXn7jJMu0
|
@@ -19,16 +19,16 @@ e4Q3VnxhRfmkS1NqEzIvPabVLg9qvN419cubpE6HAtBJw/f3ocUCAwEAAaOBnTCB
|
|
19
19
|
mjBKBgNVHREEQzBBhwQ2r1bCgglsb2NhbGhvc3SHBH8AAAGCGXN0YW5nZS1tdS1k
|
20
20
|
ZXYucGxhdGZvcm0tbXWCDXN0YW5nZS1tdS1kZXYwHQYDVR0OBBYEFK/EmtGebCwd
|
21
21
|
5QpM8y/3EKdYNVbcMB8GA1UdIwQYMBaAFK/EmtGebCwd5QpM8y/3EKdYNVbcMAwG
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
+
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
22
|
+
A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBAEQ1l3JqlK7hQHhhA7Y4Odhk
|
23
|
+
mGsEJ8m1Kdb6wq9/hMAAOhzFPtzIzxPaDUuN29nGT/d4urTdJ+fSa7f8uhFyzKEL
|
24
|
+
retbsal0n4MFD7Iu+QopYBSTsS3w7y9a4HGj2AW6IMrYjWFBtl1QjRMKPymwTV6Y
|
25
|
+
ngjfJdJy4ySUP1FTl7hG1LdN+My6Q2ykQznyY/g51RzSNzmreWkK9Qfy/bk7G8ss
|
26
|
+
vDPQOqocwQE/5GoO4WqDn+6IFw1bgs+rPt897MOv0YjLZR3B5Q8SYivp+7CVvLZT
|
27
|
+
hKhIHL41k3H8R7khmV+Ak6ok9k+hCnT6pWC40g0jMyuy/HnlfeXcz9betiNm0Vhg
|
28
|
+
98pxFjISd7GaSmzqH4L+NbNshgRBhgTA+qm5Nu7hETf5b4tV1gBi0MA/CzpD3cq5
|
29
|
+
MadyWDkDnbGnSPqrLHvZwKjvDwUhPYw+6jYU9ejkG8I3G8ntmo4j7el+bYNDa1Yu
|
30
|
+
o60AIxVn2LpDIPICibf2cpspOqxQMB0fClAttajklXCwZ73TomQP/9TegjMeLJMl
|
31
|
+
p2KreRF3lvflajjrV7KHQ6tm8t9NIqljd3q5KW1RqatRwyMQUBWo8i8DlD6HQ+w0
|
32
|
+
gipxlcwMUqjVEIQyUtCNax6RDpysdOsB6uPPkUxb825bRwOWnAHPVCTc/HaTVzmA
|
33
|
+
FTNwHY0pyDGREcu+cb/A
|
34
34
|
-----END CERTIFICATE-----
|
data/cookbooks/nagios/Berksfile
CHANGED
@@ -1,8 +1,11 @@
|
|
1
1
|
source 'https://supermarket.chef.io'
|
2
|
+
source chef_repo: ".."
|
2
3
|
|
3
4
|
metadata
|
4
5
|
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
6
|
+
# Mu Cookbooks
|
7
|
+
|
8
|
+
# Supermarket Cookbooks
|
9
|
+
cookbook 'apache2', '< 4.0'
|
10
|
+
cookbook 'php', '< 6.0'
|
11
|
+
cookbook 'zap', '>= 0.6.0'
|
data/environments/dev.json
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
{
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
2
|
+
"name": "DEV",
|
3
|
+
"default_attributes": {
|
4
|
+
},
|
5
|
+
"json_class": "Chef::Environment",
|
6
|
+
"description": "Infrastructure development environment",
|
7
|
+
"chef_type": "environment"
|
8
8
|
}
|
data/environments/prod.json
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
{
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
2
|
+
"name": "PROD",
|
3
|
+
"default_attributes": {
|
4
|
+
},
|
5
|
+
"json_class": "Chef::Environment",
|
6
|
+
"description": "Infrastructure production environment",
|
7
|
+
"chef_type": "environment"
|
8
8
|
}
|
data/modules/mu.rb
CHANGED
@@ -498,7 +498,7 @@ module MU
|
|
498
498
|
begin
|
499
499
|
@@myAZ_var ||= MU.myCloudDescriptor.placement.availability_zone
|
500
500
|
rescue Aws::EC2::Errors::InternalError => e
|
501
|
-
MU.log "Got #{e.inspect} on MU::Cloud::AWS.ec2(#{MU.myRegion}).describe_instances(instance_ids: [#{@@myInstanceId}])", MU::WARN
|
501
|
+
MU.log "Got #{e.inspect} on MU::Cloud::AWS.ec2(region: #{MU.myRegion}).describe_instances(instance_ids: [#{@@myInstanceId}])", MU::WARN
|
502
502
|
sleep 10
|
503
503
|
end
|
504
504
|
end
|
@@ -514,7 +514,7 @@ module MU
|
|
514
514
|
)
|
515
515
|
elsif MU::Cloud::AWS.hosted?
|
516
516
|
begin
|
517
|
-
@@myCloudDescriptor = MU::Cloud::AWS.ec2(MU.myRegion).describe_instances(instance_ids: [MU.myInstanceId]).reservations.first.instances.first
|
517
|
+
@@myCloudDescriptor = MU::Cloud::AWS.ec2(region: MU.myRegion).describe_instances(instance_ids: [MU.myInstanceId]).reservations.first.instances.first
|
518
518
|
rescue Aws::EC2::Errors::InvalidInstanceIDNotFound => e
|
519
519
|
rescue Aws::Errors::MissingCredentialsError => e
|
520
520
|
MU.log "I'm hosted in AWS, but I can't make API calls. Does this instance have an appropriate IAM profile?", MU::WARN
|
@@ -536,7 +536,7 @@ module MU
|
|
536
536
|
nil
|
537
537
|
end
|
538
538
|
rescue Aws::EC2::Errors::InternalError => e
|
539
|
-
MU.log "Got #{e.inspect} on MU::Cloud::AWS.ec2(#{MU.myRegion}).describe_instances(instance_ids: [#{@@myInstanceId}])", MU::WARN
|
539
|
+
MU.log "Got #{e.inspect} on MU::Cloud::AWS.ec2(region: #{MU.myRegion}).describe_instances(instance_ids: [#{@@myInstanceId}])", MU::WARN
|
540
540
|
sleep 10
|
541
541
|
end
|
542
542
|
@@myVPC_var
|
@@ -546,7 +546,7 @@ module MU
|
|
546
546
|
# The AWS Subnets associated with the VPC this MU Master is in
|
547
547
|
# XXX account for Google and non-cloud situations
|
548
548
|
def self.mySubnets
|
549
|
-
@@mySubnets_var ||= MU::Cloud::AWS.ec2(MU.myRegion).describe_subnets(
|
549
|
+
@@mySubnets_var ||= MU::Cloud::AWS.ec2(region: MU.myRegion).describe_subnets(
|
550
550
|
filters: [
|
551
551
|
{
|
552
552
|
name: "vpc-id",
|
@@ -678,47 +678,25 @@ module MU
|
|
678
678
|
end
|
679
679
|
|
680
680
|
|
681
|
-
# Return the name of the
|
681
|
+
# Return the name of the Mu log and key bucket for this Mu server. Not
|
682
|
+
# necessarily in any specific cloud provider.
|
682
683
|
# @return [String]
|
683
|
-
|
684
|
-
|
685
|
-
|
686
|
-
|
687
|
-
|
688
|
-
|
684
|
+
def self.adminBucketName(platform = nil, credentials: nil)
|
685
|
+
return nil if platform and !MU::Cloud.supportedClouds.include?(platform)
|
686
|
+
|
687
|
+
clouds = platform.nil? ? MU::Cloud.supportedClouds : [platform]
|
688
|
+
clouds.each { |cloud|
|
689
|
+
cloudclass = Object.const_get("MU").const_get("Cloud").const_get(cloud)
|
690
|
+
bucketname = cloudclass.adminBucketName(credentials)
|
691
|
+
begin
|
692
|
+
if platform or (cloudclass.hosted? and platform.nil?) or cloud == MU::Config.defaultCloud
|
693
|
+
return bucketname
|
694
|
+
end
|
695
|
+
end
|
696
|
+
}
|
697
|
+
|
689
698
|
return bucketname
|
690
699
|
end
|
691
700
|
|
692
|
-
# Log bucket policy for enabling CloudTrail logging to our log bucket in S3.
|
693
|
-
CLOUDTRAIL_BUCKET_POLICY = '{
|
694
|
-
"Version": "2012-10-17",
|
695
|
-
"Statement": [
|
696
|
-
{
|
697
|
-
"Sid": "AWSCloudTrailAclCheck20131101",
|
698
|
-
"Effect": "Allow",
|
699
|
-
"Principal": {
|
700
|
-
"AWS": "arn:'+(MU::Cloud::AWS.isGovCloud? ? "aws-us-gov" : "aws")+':iam::<%= MU.account_number %>:root",
|
701
|
-
"Service": "cloudtrail.amazonaws.com"
|
702
|
-
},
|
703
|
-
"Action": "s3:GetBucketAcl",
|
704
|
-
"Resource": "arn:'+(MU::Cloud::AWS.isGovCloud? ? "aws-us-gov" : "aws")+':s3:::<%= $bucketname %>"
|
705
|
-
},
|
706
|
-
{
|
707
|
-
"Sid": "AWSCloudTrailWrite20131101",
|
708
|
-
"Effect": "Allow",
|
709
|
-
"Principal": {
|
710
|
-
"AWS": "arn:'+(MU::Cloud::AWS.isGovCloud? ? "aws-us-gov" : "aws")+':iam::<%= MU.account_number %>:root",
|
711
|
-
"Service": "cloudtrail.amazonaws.com"
|
712
|
-
},
|
713
|
-
"Action": "s3:PutObject",
|
714
|
-
"Resource": "arn:'+(MU::Cloud::AWS.isGovCloud? ? "aws-us-gov" : "aws")+':s3:::<%= $bucketname %>/AWSLogs/<%= MU.account_number %>/*",
|
715
|
-
"Condition": {
|
716
|
-
"StringEquals": {
|
717
|
-
"s3:x-amz-acl": "bucket-owner-full-control"
|
718
|
-
}
|
719
|
-
}
|
720
|
-
}
|
721
|
-
]
|
722
|
-
}'
|
723
701
|
|
724
702
|
end
|
data/modules/mu/cleanup.rb
CHANGED
@@ -60,6 +60,10 @@ module MU
|
|
60
60
|
MU.setVar("dataDir", MU.mainDataDir)
|
61
61
|
end
|
62
62
|
|
63
|
+
|
64
|
+
# XXX AWS needs to check MU::Cloud::AWS.isGovCloud? on some things, or gracefully handle the API not existing
|
65
|
+
types_in_order = ["Collection", "Function", "ServerPool", "ContainerCluster", "SearchDomain", "Server", "MsgQueue", "Database", "CacheCluster", "StoragePool", "LoadBalancer", "FirewallRule", "Alarm", "Notifier", "Log", "VPC", "DNSZone", "Collection"]
|
66
|
+
|
63
67
|
# Load up our deployment metadata
|
64
68
|
if !mommacat.nil?
|
65
69
|
@mommacat = mommacat
|
@@ -82,124 +86,122 @@ module MU
|
|
82
86
|
end
|
83
87
|
end
|
84
88
|
|
85
|
-
projects = {
|
86
|
-
"Google" => MU::Cloud::Google.listProjects,
|
87
|
-
"AWS" => ["dummy"]
|
88
|
-
}
|
89
|
-
|
90
89
|
if !@skipcloud
|
90
|
+
creds = {}
|
91
|
+
MU::Cloud.supportedClouds.each { |cloud|
|
92
|
+
if $MU_CFG[cloud.downcase] and $MU_CFG[cloud.downcase].size > 0
|
93
|
+
cloudclass = Object.const_get("MU").const_get("Cloud").const_get(cloud)
|
94
|
+
creds[cloud] ||= {}
|
95
|
+
$MU_CFG[cloud.downcase].keys.each { |credset|
|
96
|
+
creds[cloud][credset] = cloudclass.listRegions(credentials: credset)
|
97
|
+
}
|
98
|
+
end
|
99
|
+
}
|
91
100
|
parent_thread_id = Thread.current.object_id
|
92
|
-
regions = {}
|
93
|
-
regions['AWS'] = MU::Cloud::AWS.listRegions
|
94
|
-
regions['Google'] = MU::Cloud::Google.listRegions
|
95
101
|
deleted_nodes = 0
|
96
102
|
@regionthreads = []
|
97
103
|
keyname = "deploy-#{MU.deploy_id}"
|
98
104
|
# XXX blindly checking for all of these resources in all clouds is now prohibitively slow. We should only do this when we don't see deployment metadata to work from.
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
MU.
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
MU.
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
MU.log "Service not available in AWS region #{r}, skipping", MU::DEBUG, details: e.message
|
128
|
-
end
|
129
|
-
MU::Cloud::SearchDomain.cleanup(noop: @noop, ignoremaster: @ignoremaster, region: r, cloud: provider, flags: flags) if @mommacat.nil? or @mommacat.numKittens(types: ["SearchDomain"]) > 0
|
130
|
-
MU::Cloud::Server.cleanup(skipsnapshots: @skipsnapshots, onlycloud: @onlycloud, noop: @noop, ignoremaster: @ignoremaster, region: r, cloud: provider, flags: flags) if @mommacat.nil? or @mommacat.numKittens(types: ["Server"]) > 0
|
131
|
-
if provider == "AWS"
|
132
|
-
MU::Cloud::MsgQueue.cleanup(noop: @noop, ignoremaster: @ignoremaster, region: r, cloud: provider, flags: flags) if @mommacat.nil? or @mommacat.numKittens(types: ["MsgQueue"]) > 0
|
133
|
-
MU::Cloud::Database.cleanup(skipsnapshots: @skipsnapshots, noop: @noop, ignoremaster: @ignoremaster, region: r, cloud: provider, flags: flags) if @mommacat.nil? or @mommacat.numKittens(types: ["Database"]) > 0
|
134
|
-
end
|
135
|
-
MU::Cloud::CacheCluster.cleanup(skipsnapshots: @skipsnapshots, noop: @noop, ignoremaster: @ignoremaster, region: r, cloud: provider, flags: flags) if @mommacat.nil? or @mommacat.numKittens(types: ["CacheCluster"]) > 0
|
136
|
-
MU::Cloud::StoragePool.cleanup(noop: @noop, ignoremaster: @ignoremaster, region: r, cloud: provider, flags: flags) if @mommacat.nil? or @mommacat.numKittens(types: ["StoragePool"]) > 0
|
137
|
-
if provider == "AWS"
|
138
|
-
MU::Cloud::FirewallRule.cleanup(noop: @noop, ignoremaster: @ignoremaster, region: r, cloud: provider, flags: flags) if @mommacat.nil? or @mommacat.numKittens(types: ["FirewallRule", "Server", "ServerPool", "Database", "StoragePool"]) > 0
|
139
|
-
end
|
140
|
-
if @mommacat.nil? or @mommacat.numKittens(types: ["LoadBalancer"]) > 0
|
141
|
-
MU::Cloud::LoadBalancer.cleanup(noop: @noop, ignoremaster: @ignoremaster, region: r, cloud: provider, flags: flags)
|
142
|
-
if provider == "AWS"
|
143
|
-
MU::Cloud::FirewallRule.cleanup(noop: @noop, ignoremaster: @ignoremaster, region: r, cloud: provider, flags: flags)
|
105
|
+
creds.each_pair { |provider, credsets|
|
106
|
+
credsets.each_pair { |credset, regions|
|
107
|
+
global_vs_region_semaphore = Mutex.new
|
108
|
+
global_done = []
|
109
|
+
regions.each { |r|
|
110
|
+
@regionthreads << Thread.new {
|
111
|
+
MU.dupGlobals(parent_thread_id)
|
112
|
+
MU.setVar("curRegion", r)
|
113
|
+
projects = []
|
114
|
+
if $MU_CFG[provider.downcase][credset]["project"]
|
115
|
+
# XXX GCP credential schema needs an array for projects
|
116
|
+
projects << $MU_CFG[provider.downcase][credset]["project"]
|
117
|
+
end
|
118
|
+
|
119
|
+
if projects == [""]
|
120
|
+
MU.log "Checking for #{provider}/#{credset} resources from #{MU.deploy_id} in #{r}", MU::NOTICE
|
121
|
+
end
|
122
|
+
|
123
|
+
# We do these in an order that unrolls dependent resources
|
124
|
+
# sensibly, and we hit :Collection twice because AWS
|
125
|
+
# CloudFormation sometimes fails internally.
|
126
|
+
projectthreads = []
|
127
|
+
projects.each { |project|
|
128
|
+
projectthreads << Thread.new {
|
129
|
+
MU.dupGlobals(parent_thread_id)
|
130
|
+
MU.setVar("curRegion", r)
|
131
|
+
if project != ""
|
132
|
+
MU.log "Checking for #{provider}/#{credset} resources from #{MU.deploy_id} in #{r}, project #{project}", MU::NOTICE
|
144
133
|
end
|
145
|
-
end
|
146
|
-
MU::Cloud::Alarm.cleanup(noop: @noop, ignoremaster: @ignoremaster, region: r, cloud: provider, flags: flags) if @mommacat.nil? or @mommacat.numKittens(types: ["Alarm"]) > 0 # XXX other resources can make these appear, I think- which ones?
|
147
|
-
MU::Cloud::Notification.cleanup(noop: @noop, ignoremaster: @ignoremaster, region: r, cloud: provider, flags: flags) if @mommacat.nil? or @mommacat.numKittens(types: ["Notification"]) > 0 # XXX other resources can make these appear, I think- which ones?
|
148
|
-
MU::Cloud::Log.cleanup(noop: @noop, ignoremaster: @ignoremaster, region: r, cloud: provider, flags: flags) if @mommacat.nil? or @mommacat.numKittens(types: ["Log"]) > 0 # XXX other resources can make these appear, I think- which ones?
|
149
|
-
if provider == "AWS" and (@mommacat.nil? or @mommacat.numKittens(types: ["VPC"]) > 0)
|
150
|
-
MU::Cloud::FirewallRule.cleanup(noop: @noop, ignoremaster: @ignoremaster, region: r, cloud: provider, flags: flags)
|
151
|
-
MU::Cloud::VPC.cleanup(noop: @noop, ignoremaster: @ignoremaster, region: r, cloud: provider, flags: flags)
|
152
|
-
end
|
153
|
-
MU::Cloud::Collection.cleanup(noop: @noop, ignoremaster: @ignoremaster, region: r, wait: true, cloud: provider, flags: flags) if @mommacat.nil? or @mommacat.numKittens(types: ["Collection"]) > 0
|
154
|
-
}
|
155
|
-
}
|
156
|
-
projectthreads.each do |t|
|
157
|
-
t.join
|
158
|
-
end
|
159
134
|
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
135
|
+
MU.dupGlobals(parent_thread_id)
|
136
|
+
flags = {
|
137
|
+
"project" => project,
|
138
|
+
"onlycloud" => @onlycloud,
|
139
|
+
"skipsnapshots" => @skipsnapshots,
|
140
|
+
}
|
141
|
+
types_in_order.each { |t|
|
142
|
+
begin
|
143
|
+
skipme = false
|
144
|
+
global_vs_region_semaphore.synchronize {
|
145
|
+
if Object.const_get("MU").const_get("Cloud").const_get(provider).const_get(t).isGlobal?
|
146
|
+
if !global_done.include?(t)
|
147
|
+
global_done << t
|
148
|
+
flags['global'] = true
|
149
|
+
else
|
150
|
+
skipme = true
|
151
|
+
end
|
152
|
+
end
|
153
|
+
}
|
154
|
+
next if skipme
|
155
|
+
rescue MU::Cloud::MuCloudResourceNotImplemented => e
|
156
|
+
next
|
157
|
+
rescue MU::MuError, NoMethodError => e
|
158
|
+
MU.log e.message, MU::WARN
|
159
|
+
next
|
160
|
+
end
|
161
|
+
|
162
|
+
if @mommacat.nil? or @mommacat.numKittens(types: [t]) > 0
|
163
|
+
begin
|
164
|
+
resclass = Object.const_get("MU").const_get("Cloud").const_get(t)
|
165
|
+
resclass.cleanup(
|
166
|
+
noop: @noop,
|
167
|
+
ignoremaster: @ignoremaster,
|
168
|
+
region: r,
|
169
|
+
cloud: provider,
|
170
|
+
flags: flags,
|
171
|
+
credentials: credset
|
172
|
+
)
|
173
|
+
rescue Seahorse::Client::NetworkingError => e
|
174
|
+
MU.log "Service not available in AWS region #{r}, skipping", MU::DEBUG, details: e.message
|
175
|
+
end
|
176
|
+
end
|
177
|
+
}
|
178
|
+
}
|
167
179
|
}
|
168
|
-
|
180
|
+
projectthreads.each do |t|
|
181
|
+
t.join
|
182
|
+
end
|
183
|
+
|
184
|
+
# XXX move to MU::AWS
|
185
|
+
if provider == "AWS"
|
186
|
+
resp = MU::Cloud::AWS.ec2(region: r, credentials: credset).describe_key_pairs(
|
187
|
+
filters: [{name: "key-name", values: [keyname]}]
|
188
|
+
)
|
189
|
+
resp.data.key_pairs.each { |keypair|
|
190
|
+
MU.log "Deleting key pair #{keypair.key_name} from #{r}"
|
191
|
+
MU::Cloud::AWS.ec2(region: r, credentials: credset).delete_key_pair(key_name: keypair.key_name) if !@noop
|
192
|
+
}
|
193
|
+
end
|
194
|
+
}
|
169
195
|
}
|
170
196
|
}
|
171
|
-
MU::Cloud::Role.cleanup(noop: @noop, ignoremaster: @ignoremaster, cloud: provider) if @mommacat.nil? or @mommacat.numKittens(types: ["Role"]) > 0
|
172
|
-
MU::Cloud::Group.cleanup(noop: @noop, ignoremaster: @ignoremaster, cloud: provider) if @mommacat.nil? or @mommacat.numKittens(types: ["Group"]) > 0
|
173
|
-
MU::Cloud::User.cleanup(noop: @noop, ignoremaster: @ignoremaster, cloud: provider) if @mommacat.nil? or @mommacat.numKittens(types: ["User"]) > 0
|
174
197
|
}
|
175
198
|
|
176
|
-
# knock over region-agnostic resources
|
177
|
-
|
178
199
|
@regionthreads.each do |t|
|
179
200
|
t.join
|
180
201
|
end
|
181
202
|
@projectthreads = []
|
182
203
|
|
183
204
|
|
184
|
-
projects["Google"].each { |project|
|
185
|
-
@projectthreads << Thread.new {
|
186
|
-
MU.dupGlobals(parent_thread_id)
|
187
|
-
flags = { "global" => true, "project" => project }
|
188
|
-
MU::Cloud::ServerPool.cleanup(noop: @noop, ignoremaster: @ignoremaster, cloud: "Google", flags: flags) if @mommacat.nil? or @mommacat.numKittens(types: ["ServerPool"]) > 0
|
189
|
-
MU::Cloud::FirewallRule.cleanup(noop: @noop, ignoremaster: @ignoremaster, cloud: "Google", flags: flags) if @mommacat.nil? or @mommacat.numKittens(types: ["FirewallRule"]) > 0
|
190
|
-
MU::Cloud::LoadBalancer.cleanup(noop: @noop, ignoremaster: @ignoremaster, cloud: "Google", flags: flags) if @mommacat.nil? or @mommacat.numKittens(types: ["LoadBalancer"]) > 0
|
191
|
-
MU::Cloud::Database.cleanup(skipsnapshots: @skipsnapshots, noop: @noop, ignoremaster: @ignoremaster, cloud: "Google", flags: flags) if @mommacat.nil? or @mommacat.numKittens(types: ["Database"]) > 0
|
192
|
-
MU::Cloud::VPC.cleanup(noop: @noop, ignoremaster: @ignoremaster, cloud: "Google", flags: flags) if @mommacat.nil? or @mommacat.numKittens(types: ["VPC"]) > 0
|
193
|
-
|
194
|
-
}
|
195
|
-
}
|
196
|
-
|
197
|
-
if !MU::Cloud::AWS.isGovCloud?
|
198
|
-
if $MU_CFG['aws'] and $MU_CFG['aws']['account_number']
|
199
|
-
MU::Cloud::DNSZone.cleanup(noop: @noop, cloud: "AWS", ignoremaster: @ignoremaster) if @mommacat.nil? or @mommacat.numKittens(types: ["DNSZone"]) > 0
|
200
|
-
end
|
201
|
-
end
|
202
|
-
|
203
205
|
@projectthreads.each do |t|
|
204
206
|
t.join
|
205
207
|
end
|
@@ -310,7 +312,7 @@ module MU
|
|
310
312
|
|
311
313
|
if !@noop and !@skipcloud
|
312
314
|
if $MU_CFG['aws'] and $MU_CFG['aws']['account_number']
|
313
|
-
MU::Cloud::AWS.s3(MU.myRegion).delete_object(
|
315
|
+
MU::Cloud::AWS.s3(region: MU.myRegion).delete_object(
|
314
316
|
bucket: MU.adminBucketName,
|
315
317
|
key: "#{MU.deploy_id}-secret"
|
316
318
|
)
|