cloud-mu 1.9.0.pre.beta
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/Berksfile +56 -0
- data/Berksfile.lock +250 -0
- data/Jenkinsfile +184 -0
- data/LICENSE.md +37 -0
- data/README.md +26 -0
- data/bin/mu-aws-setup +376 -0
- data/bin/mu-cleanup +68 -0
- data/bin/mu-configure +1133 -0
- data/bin/mu-deploy +166 -0
- data/bin/mu-firewall-allow-clients +30 -0
- data/bin/mu-gcp-setup +200 -0
- data/bin/mu-gen-docs +34 -0
- data/bin/mu-gen-env +42 -0
- data/bin/mu-load-config.rb +158 -0
- data/bin/mu-node-manage +683 -0
- data/bin/mu-self-update +228 -0
- data/bin/mu-ssh +23 -0
- data/bin/mu-tunnel-nagios +144 -0
- data/bin/mu-upload-chef-artifacts +757 -0
- data/bin/mu-user-manage +275 -0
- data/cookbooks/awscli/LICENSE +37 -0
- data/cookbooks/awscli/README.md +58 -0
- data/cookbooks/awscli/attributes/default.rb +1 -0
- data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
- data/cookbooks/awscli/metadata.rb +20 -0
- data/cookbooks/awscli/recipes/default.rb +56 -0
- data/cookbooks/awscli/templates/default/config.erb +18 -0
- data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
- data/cookbooks/mu-activedirectory/LICENSE +37 -0
- data/cookbooks/mu-activedirectory/README.md +6 -0
- data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
- data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
- data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
- data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
- data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
- data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
- data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
- data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
- data/cookbooks/mu-activedirectory/metadata.rb +17 -0
- data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
- data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
- data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
- data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
- data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
- data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
- data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
- data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
- data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
- data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
- data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
- data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
- data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
- data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
- data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
- data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
- data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
- data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
- data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
- data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
- data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
- data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
- data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
- data/cookbooks/mu-firewall/LICENSE +37 -0
- data/cookbooks/mu-firewall/README.md +5 -0
- data/cookbooks/mu-firewall/attributes/default.rb +3 -0
- data/cookbooks/mu-firewall/metadata.rb +16 -0
- data/cookbooks/mu-firewall/recipes/default.rb +10 -0
- data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
- data/cookbooks/mu-glusterfs/LICENSE +37 -0
- data/cookbooks/mu-glusterfs/README.md +5 -0
- data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
- data/cookbooks/mu-glusterfs/metadata.rb +17 -0
- data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
- data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
- data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
- data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
- data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
- data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
- data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
- data/cookbooks/mu-jenkins/LICENSE +37 -0
- data/cookbooks/mu-jenkins/README.md +105 -0
- data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
- data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
- data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
- data/cookbooks/mu-jenkins/metadata.rb +21 -0
- data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
- data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
- data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
- data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
- data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
- data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
- data/cookbooks/mu-master/CHANGELOG.md +13 -0
- data/cookbooks/mu-master/LICENSE +37 -0
- data/cookbooks/mu-master/README.md +6 -0
- data/cookbooks/mu-master/attributes/default.rb +95 -0
- data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
- data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
- data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
- data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
- data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
- data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
- data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
- data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
- data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
- data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
- data/cookbooks/mu-master/files/default/pam_sshd +18 -0
- data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
- data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
- data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
- data/cookbooks/mu-master/files/default/vimrc +19 -0
- data/cookbooks/mu-master/libraries/mu.rb +29 -0
- data/cookbooks/mu-master/metadata.rb +30 -0
- data/cookbooks/mu-master/providers/user.rb +41 -0
- data/cookbooks/mu-master/recipes/389ds.rb +164 -0
- data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
- data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
- data/cookbooks/mu-master/recipes/default.rb +451 -0
- data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
- data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
- data/cookbooks/mu-master/recipes/init.rb +542 -0
- data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
- data/cookbooks/mu-master/recipes/sssd.rb +89 -0
- data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
- data/cookbooks/mu-master/recipes/vault.rb +111 -0
- data/cookbooks/mu-master/resources/user.rb +19 -0
- data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
- data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
- data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
- data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
- data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
- data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
- data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
- data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
- data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
- data/cookbooks/mu-mongo/LICENSE +37 -0
- data/cookbooks/mu-mongo/README.md +5 -0
- data/cookbooks/mu-mongo/attributes/default.rb +22 -0
- data/cookbooks/mu-mongo/files/default/keyfile +16 -0
- data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
- data/cookbooks/mu-mongo/metadata.rb +17 -0
- data/cookbooks/mu-mongo/recipes/default.rb +149 -0
- data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
- data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
- data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
- data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
- data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
- data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
- data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
- data/cookbooks/mu-openvpn/LICENSE +37 -0
- data/cookbooks/mu-openvpn/README.md +6 -0
- data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
- data/cookbooks/mu-openvpn/metadata.rb +18 -0
- data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
- data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
- data/cookbooks/mu-php54/CHANGELOG.md +12 -0
- data/cookbooks/mu-php54/LICENSE +37 -0
- data/cookbooks/mu-php54/README.md +0 -0
- data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
- data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
- data/cookbooks/mu-php54/metadata.rb +21 -0
- data/cookbooks/mu-php54/recipes/default.rb +97 -0
- data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
- data/cookbooks/mu-splunk/LICENSE +37 -0
- data/cookbooks/mu-splunk/README.md +451 -0
- data/cookbooks/mu-splunk/attributes/default.rb +95 -0
- data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
- data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
- data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
- data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
- data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
- data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
- data/cookbooks/mu-splunk/metadata.json +30 -0
- data/cookbooks/mu-splunk/metadata.rb +17 -0
- data/cookbooks/mu-splunk/recipes/client.rb +143 -0
- data/cookbooks/mu-splunk/recipes/default.rb +31 -0
- data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
- data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
- data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
- data/cookbooks/mu-splunk/recipes/server.rb +53 -0
- data/cookbooks/mu-splunk/recipes/service.rb +95 -0
- data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
- data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
- data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
- data/cookbooks/mu-splunk/recipes/user.rb +34 -0
- data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
- data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
- data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
- data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
- data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
- data/cookbooks/mu-tools/CHANGELOG.md +12 -0
- data/cookbooks/mu-tools/LICENSE +37 -0
- data/cookbooks/mu-tools/README.md +188 -0
- data/cookbooks/mu-tools/attributes/default.rb +142 -0
- data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
- data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
- data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
- data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
- data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
- data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
- data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
- data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
- data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
- data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
- data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
- data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
- data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
- data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
- data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
- data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
- data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
- data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
- data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
- data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
- data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
- data/cookbooks/mu-tools/files/default/mypol.te +37 -0
- data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
- data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
- data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
- data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
- data/cookbooks/mu-tools/files/default/ntrights +0 -0
- data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
- data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
- data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
- data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
- data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
- data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
- data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
- data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
- data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
- data/cookbooks/mu-tools/libraries/helper.rb +292 -0
- data/cookbooks/mu-tools/metadata.rb +28 -0
- data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
- data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
- data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
- data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
- data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
- data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
- data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
- data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
- data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
- data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
- data/cookbooks/mu-tools/recipes/efs.rb +70 -0
- data/cookbooks/mu-tools/recipes/eks.rb +160 -0
- data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
- data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
- data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
- data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
- data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
- data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
- data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
- data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
- data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
- data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
- data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
- data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
- data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
- data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
- data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
- data/cookbooks/mu-tools/recipes/updates.rb +96 -0
- data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
- data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
- data/cookbooks/mu-tools/resources/disk.rb +88 -0
- data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
- data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
- data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
- data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
- data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
- data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
- data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
- data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
- data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
- data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
- data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
- data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
- data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
- data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
- data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
- data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
- data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
- data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
- data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
- data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
- data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
- data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
- data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
- data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
- data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
- data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
- data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
- data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
- data/cookbooks/mu-utility/CHANGELOG.md +12 -0
- data/cookbooks/mu-utility/LICENSE +37 -0
- data/cookbooks/mu-utility/README.md +6 -0
- data/cookbooks/mu-utility/attributes/default.rb +1 -0
- data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
- data/cookbooks/mu-utility/metadata.rb +16 -0
- data/cookbooks/mu-utility/recipes/apt.rb +23 -0
- data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
- data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
- data/cookbooks/mu-utility/recipes/luks.rb +18 -0
- data/cookbooks/mu-utility/recipes/nat.rb +104 -0
- data/cookbooks/mu-utility/recipes/php.rb +33 -0
- data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
- data/cookbooks/mu-utility/recipes/remi.rb +44 -0
- data/cookbooks/mu-utility/recipes/vim.rb +26 -0
- data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
- data/cookbooks/mu-utility/recipes/zip.rb +26 -0
- data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
- data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
- data/cookbooks/nagios/Berksfile +8 -0
- data/cookbooks/nagios/CHANGELOG.md +589 -0
- data/cookbooks/nagios/CONTRIBUTING.md +11 -0
- data/cookbooks/nagios/LICENSE +37 -0
- data/cookbooks/nagios/README.md +328 -0
- data/cookbooks/nagios/TESTING.md +2 -0
- data/cookbooks/nagios/attributes/config.rb +171 -0
- data/cookbooks/nagios/attributes/default.rb +228 -0
- data/cookbooks/nagios/chefignore +102 -0
- data/cookbooks/nagios/definitions/command.rb +33 -0
- data/cookbooks/nagios/definitions/contact.rb +33 -0
- data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
- data/cookbooks/nagios/definitions/host.rb +33 -0
- data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
- data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
- data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
- data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
- data/cookbooks/nagios/definitions/resource.rb +33 -0
- data/cookbooks/nagios/definitions/service.rb +33 -0
- data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
- data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
- data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
- data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
- data/cookbooks/nagios/libraries/base.rb +314 -0
- data/cookbooks/nagios/libraries/command.rb +91 -0
- data/cookbooks/nagios/libraries/contact.rb +230 -0
- data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
- data/cookbooks/nagios/libraries/custom_option.rb +36 -0
- data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
- data/cookbooks/nagios/libraries/default.rb +90 -0
- data/cookbooks/nagios/libraries/host.rb +412 -0
- data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
- data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
- data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
- data/cookbooks/nagios/libraries/nagios.rb +282 -0
- data/cookbooks/nagios/libraries/resource.rb +59 -0
- data/cookbooks/nagios/libraries/service.rb +455 -0
- data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
- data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
- data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
- data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
- data/cookbooks/nagios/libraries/users_helper.rb +54 -0
- data/cookbooks/nagios/metadata.rb +25 -0
- data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
- data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
- data/cookbooks/nagios/recipes/apache.rb +48 -0
- data/cookbooks/nagios/recipes/default.rb +204 -0
- data/cookbooks/nagios/recipes/nginx.rb +82 -0
- data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
- data/cookbooks/nagios/recipes/server_package.rb +40 -0
- data/cookbooks/nagios/recipes/server_source.rb +164 -0
- data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
- data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
- data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
- data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
- data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
- data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
- data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
- data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
- data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
- data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
- data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
- data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
- data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
- data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
- data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
- data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
- data/cookbooks/s3fs/CHANGELOG.md +13 -0
- data/cookbooks/s3fs/LICENSE +37 -0
- data/cookbooks/s3fs/README.md +6 -0
- data/cookbooks/s3fs/attributes/default.rb +15 -0
- data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
- data/cookbooks/s3fs/metadata.rb +16 -0
- data/cookbooks/s3fs/recipes/default.rb +91 -0
- data/data_bags/demo/app.json +7 -0
- data/data_bags/nagios_services/chef.json +6 -0
- data/data_bags/nagios_services/linux_diskspace.json +5 -0
- data/data_bags/nagios_services/momma_cat.json +6 -0
- data/data_bags/nagios_services/mu-master-memory.json +5 -0
- data/data_bags/nagios_services/nagios_ui.json +6 -0
- data/data_bags/nagios_services/node_ssh.json +6 -0
- data/data_bags/nagios_services/ssh.json +6 -0
- data/demo/lambda_test.yaml +29 -0
- data/environments/DEV.json +8 -0
- data/environments/PROD.json +8 -0
- data/environments/dev.json +8 -0
- data/environments/development.json +8 -0
- data/environments/prod.json +8 -0
- data/extras/README.md +1 -0
- data/extras/admin-role-binding.yaml +16 -0
- data/extras/admin-user.yaml +6 -0
- data/extras/aws-auth-cm.yaml.erb +12 -0
- data/extras/clean-stock-amis +48 -0
- data/extras/git-fix-permissions-hook +12 -0
- data/extras/gitlab-eks-helper.sh.erb +20 -0
- data/extras/image-generators/README.md +2 -0
- data/extras/image-generators/aws/centos6.yaml +18 -0
- data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
- data/extras/image-generators/aws/centos7.yaml +17 -0
- data/extras/image-generators/aws/rhel7.yaml +17 -0
- data/extras/image-generators/aws/win2k12.yaml +16 -0
- data/extras/image-generators/aws/win2k16.yaml +16 -0
- data/extras/image-generators/aws/windows.yaml +18 -0
- data/extras/image-generators/gcp/centos6.yaml +17 -0
- data/extras/lambda_waf_domain_blacklist.py +103 -0
- data/extras/platform_berksfile_base +50 -0
- data/extras/ruby_rpm/build.sh +17 -0
- data/extras/ruby_rpm/muby.spec +44 -0
- data/extras/vault_tools/README.md +6 -0
- data/extras/vault_tools/export_vaults.sh +3 -0
- data/extras/vault_tools/recreate_vaults.sh +5 -0
- data/extras/vault_tools/test_vaults.sh +5 -0
- data/install/README.md +8 -0
- data/install/cfn_create_mu_master.json +1034 -0
- data/install/chef-server.rb.erb +19 -0
- data/install/deprecated-bash-library.sh +1891 -0
- data/install/images/Usage.png +0 -0
- data/install/installer +71 -0
- data/install/jenkinskeys.rb +8 -0
- data/install/user-dot-murc.erb +14 -0
- data/modules/html.erb +19 -0
- data/modules/mommacat.ru +426 -0
- data/modules/mu/cleanup.rb +339 -0
- data/modules/mu/cloud.rb +1446 -0
- data/modules/mu/clouds/README.md +201 -0
- data/modules/mu/clouds/aws/alarm.rb +319 -0
- data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
- data/modules/mu/clouds/aws/collection.rb +373 -0
- data/modules/mu/clouds/aws/container_cluster.rb +667 -0
- data/modules/mu/clouds/aws/database.rb +1836 -0
- data/modules/mu/clouds/aws/dnszone.rb +911 -0
- data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
- data/modules/mu/clouds/aws/folder.rb +92 -0
- data/modules/mu/clouds/aws/function.rb +349 -0
- data/modules/mu/clouds/aws/group.rb +251 -0
- data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
- data/modules/mu/clouds/aws/log.rb +363 -0
- data/modules/mu/clouds/aws/msg_queue.rb +480 -0
- data/modules/mu/clouds/aws/notification.rb +139 -0
- data/modules/mu/clouds/aws/role.rb +656 -0
- data/modules/mu/clouds/aws/search_domain.rb +646 -0
- data/modules/mu/clouds/aws/server.rb +2294 -0
- data/modules/mu/clouds/aws/server_pool.rb +1388 -0
- data/modules/mu/clouds/aws/storage_pool.rb +495 -0
- data/modules/mu/clouds/aws/user.rb +382 -0
- data/modules/mu/clouds/aws/userdata/README.md +4 -0
- data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
- data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
- data/modules/mu/clouds/aws/vpc.rb +1943 -0
- data/modules/mu/clouds/aws.rb +1009 -0
- data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
- data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
- data/modules/mu/clouds/cloudformation/collection.rb +117 -0
- data/modules/mu/clouds/cloudformation/database.rb +278 -0
- data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
- data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
- data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
- data/modules/mu/clouds/cloudformation/log.rb +170 -0
- data/modules/mu/clouds/cloudformation/server.rb +370 -0
- data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
- data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
- data/modules/mu/clouds/cloudformation.rb +733 -0
- data/modules/mu/clouds/docker.rb +30 -0
- data/modules/mu/clouds/google/container_cluster.rb +290 -0
- data/modules/mu/clouds/google/database.rb +152 -0
- data/modules/mu/clouds/google/firewall_rule.rb +267 -0
- data/modules/mu/clouds/google/group.rb +164 -0
- data/modules/mu/clouds/google/loadbalancer.rb +479 -0
- data/modules/mu/clouds/google/server.rb +1510 -0
- data/modules/mu/clouds/google/server_pool.rb +274 -0
- data/modules/mu/clouds/google/user.rb +266 -0
- data/modules/mu/clouds/google/userdata/README.md +4 -0
- data/modules/mu/clouds/google/userdata/linux.erb +137 -0
- data/modules/mu/clouds/google/userdata/windows.erb +275 -0
- data/modules/mu/clouds/google/vpc.rb +890 -0
- data/modules/mu/clouds/google.rb +811 -0
- data/modules/mu/config/README.md +11 -0
- data/modules/mu/config/alarm.rb +271 -0
- data/modules/mu/config/cache_cluster.rb +172 -0
- data/modules/mu/config/collection.rb +87 -0
- data/modules/mu/config/container_cluster.rb +103 -0
- data/modules/mu/config/container_cluster.yml +36 -0
- data/modules/mu/config/database.rb +458 -0
- data/modules/mu/config/database.yml +26 -0
- data/modules/mu/config/dnszone.rb +327 -0
- data/modules/mu/config/firewall_rule.rb +118 -0
- data/modules/mu/config/folder.rb +70 -0
- data/modules/mu/config/function.rb +140 -0
- data/modules/mu/config/group.rb +64 -0
- data/modules/mu/config/loadbalancer.rb +482 -0
- data/modules/mu/config/log.rb +47 -0
- data/modules/mu/config/log.yml +6 -0
- data/modules/mu/config/msg_queue.rb +47 -0
- data/modules/mu/config/msg_queue.yml +9 -0
- data/modules/mu/config/notification.rb +44 -0
- data/modules/mu/config/project.rb +71 -0
- data/modules/mu/config/role.rb +102 -0
- data/modules/mu/config/search_domain.rb +61 -0
- data/modules/mu/config/search_domain.yml +25 -0
- data/modules/mu/config/server.rb +587 -0
- data/modules/mu/config/server.yml +8 -0
- data/modules/mu/config/server_pool.rb +216 -0
- data/modules/mu/config/server_pool.yml +71 -0
- data/modules/mu/config/storage_pool.rb +145 -0
- data/modules/mu/config/user.rb +78 -0
- data/modules/mu/config/vpc.rb +743 -0
- data/modules/mu/config/vpc.yml +6 -0
- data/modules/mu/config.rb +2000 -0
- data/modules/mu/defaults/README.md +2 -0
- data/modules/mu/defaults/amazon_images.yaml +121 -0
- data/modules/mu/defaults/google_images.yaml +16 -0
- data/modules/mu/deploy.rb +686 -0
- data/modules/mu/groomer.rb +123 -0
- data/modules/mu/groomers/README.md +58 -0
- data/modules/mu/groomers/chef.rb +1024 -0
- data/modules/mu/kittens.rb +11319 -0
- data/modules/mu/logger.rb +208 -0
- data/modules/mu/master/README.md +27 -0
- data/modules/mu/master/chef.rb +471 -0
- data/modules/mu/master/ldap.rb +1005 -0
- data/modules/mu/master.rb +415 -0
- data/modules/mu/mommacat.rb +2703 -0
- data/modules/mu-load-config.rb +1 -0
- data/modules/mu.rb +724 -0
- data/modules/scratchpad.erb +1 -0
- data/modules/tests/super_complex_bok.yml +41 -0
- data/modules/tests/super_simple_bok.yml +40 -0
- data/mu.gemspec +62 -0
- data/roles/demo-dbservice-configure.json +19 -0
- data/roles/demo-portal-configure.json +19 -0
- data/roles/mu-master-jenkins.json +24 -0
- data/roles/mu-master-nagios-only.json +13 -0
- data/roles/mu-master.json +12 -0
- data/roles/mu-node.json +19 -0
- data/roles/mu-splunk-server.json +13 -0
- data/roles/mu-splunk.json +13 -0
- data/test/clean_up.py +25 -0
- data/test/demo-test-profile/README.md +3 -0
- data/test/demo-test-profile/controls/flask.rb +84 -0
- data/test/demo-test-profile/inspec.lock +7 -0
- data/test/demo-test-profile/inspec.yml +11 -0
- data/test/etco-test-profile/README.md +3 -0
- data/test/etco-test-profile/controls/all-in-one.rb +182 -0
- data/test/etco-test-profile/inspec.lock +7 -0
- data/test/etco-test-profile/inspec.yml +11 -0
- data/test/exec_inspec.py +246 -0
- data/test/exec_mu_install.py +241 -0
- data/test/exec_retry.py +44 -0
- data/test/mu-master-test/README.md +3 -0
- data/test/mu-master-test/controls/all_in_one.rb +557 -0
- data/test/mu-master-test/inspec.lock +3 -0
- data/test/mu-master-test/inspec.yml +11 -0
- data/test/mu-tools-test/README.md +3 -0
- data/test/mu-tools-test/controls/base.rb +265 -0
- data/test/mu-tools-test/inspec.lock +3 -0
- data/test/mu-tools-test/inspec.yml +8 -0
- data/test/simple-server-php-test/README.md +3 -0
- data/test/simple-server-php-test/controls/apachephp.rb +25 -0
- data/test/simple-server-php-test/controls/example.rb +19 -0
- data/test/simple-server-php-test/inspec.lock +7 -0
- data/test/simple-server-php-test/inspec.yml +12 -0
- data/test/simple-server-rails-test/README.md +3 -0
- data/test/simple-server-rails-test/controls/rails.rb +188 -0
- data/test/simple-server-rails-test/inspec.lock +7 -0
- data/test/simple-server-rails-test/inspec.yml +11 -0
- data/test/simple-windows-test/README.md +3 -0
- data/test/simple-windows-test/controls/windows.rb +20 -0
- data/test/simple-windows-test/inspec.lock +7 -0
- data/test/simple-windows-test/inspec.yml +11 -0
- data/test/smoke_test.rb +75 -0
- data/test/wordpress-test/README.md +3 -0
- data/test/wordpress-test/controls/wordpress.rb +97 -0
- data/test/wordpress-test/inspec.lock +7 -0
- data/test/wordpress-test/inspec.yml +11 -0
- metadata +979 -0
@@ -0,0 +1,587 @@
|
|
1
|
+
# Copyright:: Copyright (c) 2018 eGlobalTech, Inc., all rights reserved
|
2
|
+
#
|
3
|
+
# Licensed under the BSD-3 license (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License in the root of the project or at
|
6
|
+
#
|
7
|
+
# http://egt-labs.com/mu/LICENSE.html
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
module MU
|
16
|
+
class Config
|
17
|
+
# Basket of Kittens config schema and parser logic. See modules/mu/clouds/*/server.rb
|
18
|
+
class Server
|
19
|
+
|
20
|
+
# Generate schema for a storage volume
|
21
|
+
# @return [Hash]
|
22
|
+
def self.storage_primitive
|
23
|
+
{
|
24
|
+
"type" => "array",
|
25
|
+
"items" => {
|
26
|
+
"type" => "object",
|
27
|
+
"description" => "Creates and attaches an EBS volume to this instance.",
|
28
|
+
"required" => ["size"],
|
29
|
+
"additionalProperties" => false,
|
30
|
+
"properties" => {
|
31
|
+
"size" => {
|
32
|
+
"type" => "integer",
|
33
|
+
"description" => "Size of this EBS volume (GB)",
|
34
|
+
},
|
35
|
+
"iops" => {
|
36
|
+
"type" => "integer",
|
37
|
+
"description" => "The amount of IOPS to allocate to Provisioned IOPS (io1) volumes.",
|
38
|
+
},
|
39
|
+
"device" => {
|
40
|
+
"type" => "string",
|
41
|
+
"description" => "Map this volume to a specific OS-level device (e.g. /dev/sdg)",
|
42
|
+
},
|
43
|
+
"virtual_name" => {
|
44
|
+
"type" => "string",
|
45
|
+
},
|
46
|
+
"snapshot_id" => {
|
47
|
+
"type" => "string",
|
48
|
+
},
|
49
|
+
"delete_on_termination" => {
|
50
|
+
"type" => "boolean",
|
51
|
+
"default" => true
|
52
|
+
},
|
53
|
+
"no_device" => {
|
54
|
+
"type" => "string",
|
55
|
+
"description" => "Do not share this device with the OS"
|
56
|
+
},
|
57
|
+
"encrypted" => {
|
58
|
+
"type" => "boolean",
|
59
|
+
"default" => false
|
60
|
+
},
|
61
|
+
"volume_type" => {
|
62
|
+
"enum" => ["standard", "io1", "gp2", "st1", "sc1"],
|
63
|
+
"type" => "string",
|
64
|
+
"default" => "gp2"
|
65
|
+
}
|
66
|
+
}
|
67
|
+
}
|
68
|
+
}
|
69
|
+
end
|
70
|
+
|
71
|
+
# Generate schema for an inline userdata script declaration
|
72
|
+
# @return [Hash]
|
73
|
+
def self.userdata_primitive
|
74
|
+
{
|
75
|
+
"type" => "object",
|
76
|
+
"description" => "A script to be run during the bootstrap process. Typically used to preconfigure Windows instances.",
|
77
|
+
"required" => ["path"],
|
78
|
+
"additionalProperties" => false,
|
79
|
+
"properties" => {
|
80
|
+
"use_erb" => {
|
81
|
+
"type" => "boolean",
|
82
|
+
"default" => true,
|
83
|
+
"description" => "Assume that this script is an ERB template and parse it as one before passing to the instance."
|
84
|
+
},
|
85
|
+
"skip_std" => {
|
86
|
+
"type" => "boolean",
|
87
|
+
"default" => false,
|
88
|
+
"description" => "Omit the standard Mu userdata entirely in favor of this custom script (normally we'd run both)."
|
89
|
+
},
|
90
|
+
"path" => {
|
91
|
+
"type" => "string",
|
92
|
+
"description" => "A local path or URL to a file which will be loaded and passed to the instance. Relative paths will be resolved from the current working directory of the deploy tool when invoked."
|
93
|
+
}
|
94
|
+
}
|
95
|
+
}
|
96
|
+
end
|
97
|
+
|
98
|
+
# Generate schema for a static IP assignment for an instance
|
99
|
+
# @return [Hash]
|
100
|
+
def self.static_ip_primitive
|
101
|
+
{
|
102
|
+
"type" => "object",
|
103
|
+
"additionalProperties" => false,
|
104
|
+
"minProperties" => 1,
|
105
|
+
"description" => "Assign a specific IP to this instance once it's ready.",
|
106
|
+
"properties" => {
|
107
|
+
"ip" => {
|
108
|
+
"type" => "string",
|
109
|
+
"pattern" => "^\\d+\\.\\d+\\.\\d+\\.\\d+$",
|
110
|
+
},
|
111
|
+
"assign_ip" => {
|
112
|
+
"type" => "boolean",
|
113
|
+
"default" => true
|
114
|
+
}
|
115
|
+
}
|
116
|
+
}
|
117
|
+
end
|
118
|
+
|
119
|
+
# properties common to both server and server_pool resources
|
120
|
+
def self.common_properties
|
121
|
+
{
|
122
|
+
"name" => {"type" => "string"},
|
123
|
+
"scrub_mu_isms" => {
|
124
|
+
"type" => "boolean",
|
125
|
+
"default" => false,
|
126
|
+
"description" => "When 'cloud' is set to 'CloudFormation,' use this flag to strip out Mu-specific artifacts (tags, standard userdata, naming conventions, etc) to yield a clean, source-agnostic template."
|
127
|
+
},
|
128
|
+
"region" => MU::Config.region_primitive,
|
129
|
+
"async_groom" => {
|
130
|
+
"type" => "boolean",
|
131
|
+
"default" => false,
|
132
|
+
"description" => "Bootstrap asynchronously via the Momma Cat daemon instead of during the main deployment process"
|
133
|
+
},
|
134
|
+
"groomer" => {
|
135
|
+
"type" => "string",
|
136
|
+
"default" => MU::Config.defaultGroomer,
|
137
|
+
"enum" => MU.supportedGroomers
|
138
|
+
},
|
139
|
+
"scrub_groomer" => {
|
140
|
+
"type" => "boolean",
|
141
|
+
"default" => false,
|
142
|
+
"description" => "Remove pre-existing groomer agents from node before bootstrapping. Especially useful for image builds."
|
143
|
+
},
|
144
|
+
"tags" => MU::Config.tags_primitive,
|
145
|
+
"optional_tags" => MU::Config.optional_tags_primitive,
|
146
|
+
"alarms" => MU::Config::Alarm.inline,
|
147
|
+
"active_directory" => {
|
148
|
+
"type" => "object",
|
149
|
+
"additionalProperties" => false,
|
150
|
+
"required" => ["domain_name", "short_domain_name", "domain_controllers", "domain_join_vault", "domain_admin_vault"],
|
151
|
+
"description" => "Integrate this node into an Active Directory domain. On Linux, will configure Winbind and PAM for system-level AD authentication.",
|
152
|
+
"properties" => {
|
153
|
+
"domain_name" => {
|
154
|
+
"type" => "string",
|
155
|
+
"description" => "The full name Active Directory domain to join"
|
156
|
+
},
|
157
|
+
"short_domain_name" => {
|
158
|
+
"type" => "string",
|
159
|
+
"description" => "The short (NetBIOS) Active Directory domain to join"
|
160
|
+
},
|
161
|
+
"domain_controllers" => {
|
162
|
+
"type" => "array",
|
163
|
+
"minItems" => 1,
|
164
|
+
"items" => {
|
165
|
+
"type" => "string",
|
166
|
+
"description" => "IP address of a domain controller"
|
167
|
+
}
|
168
|
+
},
|
169
|
+
"domain_controller_hostname" => {
|
170
|
+
"type" => "string",
|
171
|
+
"description" => "A custom hostname for your domain controller. mu_windows_name will be used if not specified. Do not specify when joining a Domain-Node"
|
172
|
+
},
|
173
|
+
"domain_operation" => {
|
174
|
+
"type" => "string",
|
175
|
+
"default" => "join",
|
176
|
+
"enum" => ["join", "create", "add_controller"],
|
177
|
+
"description" => "Rather to join, create or add a Domain Controller"
|
178
|
+
},
|
179
|
+
"domain_sid" => {
|
180
|
+
"type" => "string",
|
181
|
+
"description" => "SID of a known domain. Used to help Linux clients map uids and gids properly with SSSD."
|
182
|
+
},
|
183
|
+
"node_type" => {
|
184
|
+
"type" => "string",
|
185
|
+
"enum" => ["domain_node", "domain_controller"],
|
186
|
+
"description" => "If the node will be a domain controller or a domain node",
|
187
|
+
"default" => "domain_node",
|
188
|
+
"default_if" => [
|
189
|
+
{
|
190
|
+
"key_is" => "domain_operation",
|
191
|
+
"value_is" => "create",
|
192
|
+
"set" => "domain_controller"
|
193
|
+
},
|
194
|
+
{
|
195
|
+
"key_is" => "domain_operation",
|
196
|
+
"value_is" => "add_controller",
|
197
|
+
"set" => "domain_controller"
|
198
|
+
},
|
199
|
+
{
|
200
|
+
"key_is" => "domain_operation",
|
201
|
+
"value_is" => "join",
|
202
|
+
"set" => "domain_node"
|
203
|
+
}
|
204
|
+
]
|
205
|
+
},
|
206
|
+
"computer_ou" => {
|
207
|
+
"type" => "string",
|
208
|
+
"description" => "The OU to which to add this computer when joining the domain."
|
209
|
+
},
|
210
|
+
"domain_join_vault" => {
|
211
|
+
"type" => "object",
|
212
|
+
"additionalProperties" => false,
|
213
|
+
"description" => "Vault used to store the credentials for the domain join user",
|
214
|
+
"properties" => {
|
215
|
+
"vault" => {
|
216
|
+
"type" => "string",
|
217
|
+
"default" => "active_directory",
|
218
|
+
"description" => "The vault where these credentials reside"
|
219
|
+
},
|
220
|
+
"item" => {
|
221
|
+
"type" => "string",
|
222
|
+
"default" => "join_domain",
|
223
|
+
"description" => "The vault item where these credentials reside"
|
224
|
+
},
|
225
|
+
"password_field" => {
|
226
|
+
"type" => "string",
|
227
|
+
"default" => "password",
|
228
|
+
"description" => "The field within the Vault item where the password for these credentials resides"
|
229
|
+
},
|
230
|
+
"username_field" => {
|
231
|
+
"type" => "string",
|
232
|
+
"default" => "username",
|
233
|
+
"description" => "The field where the user name for these credentials resides"
|
234
|
+
}
|
235
|
+
}
|
236
|
+
},
|
237
|
+
"domain_admin_vault" => {
|
238
|
+
"type" => "object",
|
239
|
+
"additionalProperties" => false,
|
240
|
+
"description" => "Vault used to store the credentials for the domain admin user",
|
241
|
+
"properties" => {
|
242
|
+
"vault" => {
|
243
|
+
"type" => "string",
|
244
|
+
"default" => "active_directory",
|
245
|
+
"description" => "The vault where these credentials reside"
|
246
|
+
},
|
247
|
+
"item" => {
|
248
|
+
"type" => "string",
|
249
|
+
"default" => "domain_admin",
|
250
|
+
"description" => "The vault item where these credentials reside"
|
251
|
+
},
|
252
|
+
"password_field" => {
|
253
|
+
"type" => "string",
|
254
|
+
"default" => "password",
|
255
|
+
"description" => "The field within the Vault item where the password for these credentials resides"
|
256
|
+
},
|
257
|
+
"username_field" => {
|
258
|
+
"type" => "string",
|
259
|
+
"default" => "username",
|
260
|
+
"description" => "The field where the user name for these credentials resides"
|
261
|
+
}
|
262
|
+
}
|
263
|
+
}
|
264
|
+
}
|
265
|
+
},
|
266
|
+
"add_private_ips" => {
|
267
|
+
"type" => "integer",
|
268
|
+
"description" => "Assign extra private IP addresses to this server."
|
269
|
+
},
|
270
|
+
"skipinitialupdates" => {
|
271
|
+
"type" => "boolean",
|
272
|
+
"description" => "Node bootstrapping normally runs an internal recipe that does a full system update. This is very slow for testing, so let's have an option to disable it.",
|
273
|
+
"default" => false
|
274
|
+
},
|
275
|
+
"sync_siblings" => {
|
276
|
+
"type" => "boolean",
|
277
|
+
"description" => "If true, chef-client will automatically re-run on nodes of the same type when this instance has finished grooming. Use, for example, to add new members to a database cluster in an autoscale group by sharing data in Chef's node structures.",
|
278
|
+
"default" => false
|
279
|
+
},
|
280
|
+
"dns_sync_wait" => {
|
281
|
+
"type" => "boolean",
|
282
|
+
"description" => "Wait for DNS record to propagate in DNS Zone.",
|
283
|
+
"default" => true,
|
284
|
+
},
|
285
|
+
"loadbalancers" => MU::Config::LoadBalancer.reference,
|
286
|
+
"add_firewall_rules" => MU::Config::FirewallRule.reference,
|
287
|
+
"static_ip" => static_ip_primitive,
|
288
|
+
"src_dst_check" => {
|
289
|
+
"type" => "boolean",
|
290
|
+
"description" => "Turn off network-level routing paranoia. Set this false to make a NAT do its thing.",
|
291
|
+
"default" => true
|
292
|
+
},
|
293
|
+
"associate_public_ip" => {
|
294
|
+
"type" => "boolean",
|
295
|
+
"default" => false,
|
296
|
+
"description" => "Associate public IP address?"
|
297
|
+
},
|
298
|
+
"userdata_script" => userdata_primitive,
|
299
|
+
"windows_admin_username" => {
|
300
|
+
"type" => "string",
|
301
|
+
"default" => "Administrator",
|
302
|
+
"description" => "Use an alternate Windows account for Administrator functions. Will change the name of the Administrator account, if it has not already been done."
|
303
|
+
},
|
304
|
+
"windows_auth_vault" => {
|
305
|
+
"type" => "object",
|
306
|
+
"additionalProperties" => false,
|
307
|
+
"required" => ["vault", "item"],
|
308
|
+
"description" => "Set Windows nodes' local administrator password to a value specified in a Chef Vault.",
|
309
|
+
"properties" => {
|
310
|
+
"vault" => {
|
311
|
+
"type" => "string",
|
312
|
+
"default" => "windows",
|
313
|
+
"description" => "The vault where these credentials reside"
|
314
|
+
},
|
315
|
+
"item" => {
|
316
|
+
"type" => "string",
|
317
|
+
"default" => "credentials",
|
318
|
+
"description" => "The vault item where these credentials reside"
|
319
|
+
},
|
320
|
+
"password_field" => {
|
321
|
+
"type" => "string",
|
322
|
+
"default" => "password",
|
323
|
+
"description" => "The field within the Vault item where the password for Windows local Administrator user is stored"
|
324
|
+
},
|
325
|
+
"ec2config_password_field" => {
|
326
|
+
"type" => "string",
|
327
|
+
"default" => "ec2config_password",
|
328
|
+
"description" => "The field within the Vault item where the password for the EC2config service user is stored"
|
329
|
+
},
|
330
|
+
"sshd_password_field" => {
|
331
|
+
"type" => "string",
|
332
|
+
"default" => "sshd_password",
|
333
|
+
"description" => "The field within the Vault item where the password for the Cygwin/SSH service user is stored"
|
334
|
+
}
|
335
|
+
}
|
336
|
+
},
|
337
|
+
"ssh_user" => {
|
338
|
+
"type" => "string",
|
339
|
+
"default" => "root",
|
340
|
+
"default_if" => [
|
341
|
+
{
|
342
|
+
"key_is" => "platform",
|
343
|
+
"value_is" => "windows",
|
344
|
+
"set" => "Administrator"
|
345
|
+
},
|
346
|
+
{
|
347
|
+
"key_is" => "platform",
|
348
|
+
"value_is" => "win2k12",
|
349
|
+
"set" => "Administrator"
|
350
|
+
},
|
351
|
+
{
|
352
|
+
"key_is" => "platform",
|
353
|
+
"value_is" => "win2k12r2",
|
354
|
+
"set" => "Administrator"
|
355
|
+
},
|
356
|
+
{
|
357
|
+
"key_is" => "platform",
|
358
|
+
"value_is" => "win2k16",
|
359
|
+
"set" => "Administrator"
|
360
|
+
},
|
361
|
+
{
|
362
|
+
"key_is" => "platform",
|
363
|
+
"value_is" => "ubuntu",
|
364
|
+
"set" => "ubuntu"
|
365
|
+
},
|
366
|
+
{
|
367
|
+
"key_is" => "platform",
|
368
|
+
"value_is" => "ubuntu14",
|
369
|
+
"set" => "ubuntu"
|
370
|
+
},
|
371
|
+
{
|
372
|
+
"key_is" => "platform",
|
373
|
+
"value_is" => "centos7",
|
374
|
+
"set" => "centos"
|
375
|
+
},
|
376
|
+
{
|
377
|
+
"key_is" => "platform",
|
378
|
+
"value_is" => "rhel7",
|
379
|
+
"set" => "ec2-user"
|
380
|
+
},
|
381
|
+
{
|
382
|
+
"key_is" => "platform",
|
383
|
+
"value_is" => "rhel71",
|
384
|
+
"set" => "ec2-user"
|
385
|
+
},
|
386
|
+
{
|
387
|
+
"key_is" => "platform",
|
388
|
+
"value_is" => "amazon",
|
389
|
+
"set" => "ec2-user"
|
390
|
+
}
|
391
|
+
]
|
392
|
+
},
|
393
|
+
"use_cloud_provider_windows_password" => {
|
394
|
+
"type" => "boolean",
|
395
|
+
"default" => true
|
396
|
+
},
|
397
|
+
"platform" => {
|
398
|
+
"type" => "string",
|
399
|
+
"default" => "linux",
|
400
|
+
"enum" => ["linux", "windows", "centos", "ubuntu", "centos6", "ubuntu14", "win2k12", "win2k12r2", "win2k16", "centos7", "rhel7", "rhel71", "amazon"],
|
401
|
+
# XXX change to reflect available keys in mu/defaults/amazon_images.yaml and mu/defaults/google_images.yaml
|
402
|
+
"description" => "Helps select default AMIs, and enables correct grooming behavior based on operating system type.",
|
403
|
+
},
|
404
|
+
"run_list" => {
|
405
|
+
"type" => "array",
|
406
|
+
"items" => {
|
407
|
+
"type" => "string",
|
408
|
+
"description" => "Chef run list entry, e.g. role[rolename] or recipe[recipename]."
|
409
|
+
}
|
410
|
+
},
|
411
|
+
"ingress_rules" => {
|
412
|
+
"type" => "array",
|
413
|
+
"items" => MU::Config::FirewallRule.ruleschema
|
414
|
+
},
|
415
|
+
# This is a free-form means to pass stuff to the mu-tools Chef cookbook
|
416
|
+
"application_attributes" => {
|
417
|
+
"type" => "object",
|
418
|
+
"description" => "Chef Node structure artifact for mu-tools cookbook.",
|
419
|
+
},
|
420
|
+
# Objects here will be stored in this node's Chef Vault
|
421
|
+
"secrets" => {
|
422
|
+
"type" => "object",
|
423
|
+
"description" => "JSON artifact to be stored in Chef Vault for this node. Note that these values will still be stored in plain text local to the MU server, but only accessible to nodes via Vault."
|
424
|
+
},
|
425
|
+
# This node will be granted access to the following Vault items.
|
426
|
+
"vault_access" => {
|
427
|
+
"type" => "array",
|
428
|
+
"minItems" => 1,
|
429
|
+
"items" => {
|
430
|
+
"description" => "Chef Vault items to which this node should be granted access.",
|
431
|
+
"type" => "object",
|
432
|
+
"title" => "vault_access",
|
433
|
+
"required" => ["vault", "item"],
|
434
|
+
"additionalProperties" => false,
|
435
|
+
"properties" => {
|
436
|
+
"vault" => {
|
437
|
+
"type" => "string",
|
438
|
+
"description" => "The Vault to which this node should be granted access."
|
439
|
+
},
|
440
|
+
"item" => {
|
441
|
+
"type" => "string",
|
442
|
+
"description" => "The item within the Vault to which this node should be granted access."
|
443
|
+
}
|
444
|
+
}
|
445
|
+
}
|
446
|
+
},
|
447
|
+
"existing_deploys" => {
|
448
|
+
"type" => "array",
|
449
|
+
"minItems" => 1,
|
450
|
+
"items" => {
|
451
|
+
"type" => "object",
|
452
|
+
"additionalProperties" => false,
|
453
|
+
"description" => "Existing deploys that will be loaded into the new deployment metadata. This metadata will be saved on the Chef node",
|
454
|
+
"properties" => {
|
455
|
+
"cloud_type" => {
|
456
|
+
"type" => "string",
|
457
|
+
"description" => "The type of resource we will parse metdata for",
|
458
|
+
"enum" => ["server", "database", "storage_pool", "cache_cluster"]
|
459
|
+
},
|
460
|
+
"cloud_id" => {
|
461
|
+
"type" => "string",
|
462
|
+
"description" => "The cloud identifier of the resource from which you would like to add metadata to this deployment. eg - i-d96eca0d. Must use either 'cloud_id' OR 'mu_name' AND 'deploy_id'"
|
463
|
+
},
|
464
|
+
"mu_name" => {
|
465
|
+
"type" => "string",
|
466
|
+
"description" => "The full name of a resource in a foreign deployment from which we should add the metdata to this deployment. You should also include 'deploy_id' so we will be able to identifiy a single resource. Use either 'cloud_id' OR 'mu_name' and 'deploy_id'"
|
467
|
+
},
|
468
|
+
"deploy_id" => {
|
469
|
+
"type" => "string",
|
470
|
+
"description" => "Should be used with 'mu_name' to identifiy a single resource."
|
471
|
+
}
|
472
|
+
}
|
473
|
+
}
|
474
|
+
}
|
475
|
+
}
|
476
|
+
end
|
477
|
+
|
478
|
+
# Base configuration schema for a Server
|
479
|
+
# @return [Hash]
|
480
|
+
def self.schema
|
481
|
+
base = {
|
482
|
+
"type" => "object",
|
483
|
+
"required" => ["name", "size", "cloud"],
|
484
|
+
"additionalProperties" => false,
|
485
|
+
"description" => "Create individual server instances.",
|
486
|
+
"properties" => {
|
487
|
+
"dns_records" => MU::Config::DNSZone.records_primitive(need_target: false, default_type: "A", need_zone: true),
|
488
|
+
"create_image" => {
|
489
|
+
"type" => "object",
|
490
|
+
"title" => "create_image",
|
491
|
+
"required" => ["image_then_destroy", "image_exclude_storage", "public"],
|
492
|
+
"additionalProperties" => false,
|
493
|
+
"description" => "Create a reusable image of this server once it is complete.",
|
494
|
+
"properties" => {
|
495
|
+
"public" => {
|
496
|
+
"type" => "boolean",
|
497
|
+
"description" => "Make the image public once it's complete",
|
498
|
+
"default" => false
|
499
|
+
},
|
500
|
+
"image_then_destroy" => {
|
501
|
+
"type" => "boolean",
|
502
|
+
"description" => "Destroy the source server after creating the reusable image(s).",
|
503
|
+
"default" => false
|
504
|
+
},
|
505
|
+
"image_exclude_storage" => {
|
506
|
+
"type" => "boolean",
|
507
|
+
"description" => "When creating an image of this server, exclude the block device mappings of the source server.",
|
508
|
+
"default" => false
|
509
|
+
},
|
510
|
+
"copy_to_regions" => {
|
511
|
+
"type" => "array",
|
512
|
+
"description" => "Replicate the AMI to regions other than the source server's.",
|
513
|
+
"items" => {
|
514
|
+
"type" => "String",
|
515
|
+
"description" => "Regions in which to place more copies of this image. If none are specified, or if the keyword #ALL is specified, will place in all available regions."
|
516
|
+
}
|
517
|
+
}
|
518
|
+
}
|
519
|
+
},
|
520
|
+
"vpc" => MU::Config::VPC.reference(MU::Config::VPC::ONE_SUBNET+MU::Config::VPC::MANY_SUBNETS, MU::Config::VPC::NAT_OPTS, "public"),
|
521
|
+
"monitoring" => {
|
522
|
+
"type" => "boolean",
|
523
|
+
"default" => true,
|
524
|
+
"description" => "Enable detailed instance monitoring.",
|
525
|
+
},
|
526
|
+
"private_ip" => {
|
527
|
+
"type" => "string",
|
528
|
+
"description" => "Request a specific private IP address for this instance.",
|
529
|
+
"pattern" => "^\\d+\\.\\d+\\.\\d+\\.\\d+$"
|
530
|
+
},
|
531
|
+
"size" => {
|
532
|
+
"description" => "The instance type to create. Must be valid for the cloud provider into which we're deploying.",
|
533
|
+
"type" => "string"
|
534
|
+
},
|
535
|
+
"storage" => storage_primitive,
|
536
|
+
}
|
537
|
+
}
|
538
|
+
base["properties"].merge!(common_properties)
|
539
|
+
base
|
540
|
+
end
|
541
|
+
|
542
|
+
# Generic pre-processing of {MU::Config::BasketofKittens::servers}, bare and unvalidated.
|
543
|
+
# @param server [Hash]: The resource to process and validate
|
544
|
+
# @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
|
545
|
+
# @return [Boolean]: True if validation succeeded, False otherwise
|
546
|
+
def self.validate(server, configurator)
|
547
|
+
ok = true
|
548
|
+
if configurator.haveLitterMate?(server["name"], "server_pools")
|
549
|
+
MU.log "Can't use name #{server['name']} more than once in servers/server_pools"
|
550
|
+
ok = false
|
551
|
+
end
|
552
|
+
server['skipinitialupdates'] = true if @skipinitialupdates
|
553
|
+
server['ingress_rules'] ||= []
|
554
|
+
server['vault_access'] ||= []
|
555
|
+
server['vault_access'] << {"vault" => "splunk", "item" => "admin_user"}
|
556
|
+
ok = false if !MU::Config.check_vault_refs(server)
|
557
|
+
|
558
|
+
server['dependencies'] << configurator.adminFirewallRuleset(vpc: server['vpc'], region: server['region'], cloud: server['cloud']) if !server['scrub_mu_isms']
|
559
|
+
|
560
|
+
if !server["vpc"].nil?
|
561
|
+
# Common mistake- using all_public or all_private subnet_pref for
|
562
|
+
# resources that can only go in one subnet. Let's just handle that
|
563
|
+
# for people.
|
564
|
+
if server["vpc"]["subnet_pref"] == "all_private"
|
565
|
+
MU.log "Servers only support single subnets, setting subnet_pref to 'private' instead of 'all_private' on #{server['name']}", MU::WARN
|
566
|
+
server["vpc"]["subnet_pref"] = "private"
|
567
|
+
end
|
568
|
+
if server["vpc"]["subnet_pref"] == "all_public"
|
569
|
+
MU.log "Servers only support single subnets, setting subnet_pref to 'public' instead of 'all_public' on #{server['name']}", MU::WARN
|
570
|
+
server["vpc"]["subnet_pref"] = "public"
|
571
|
+
end
|
572
|
+
|
573
|
+
if !server["vpc"]["subnet_name"].nil? and configurator.nat_routes.has_key?(server["vpc"]["subnet_name"]) and !configurator.nat_routes[server["vpc"]["subnet_name"]].empty?
|
574
|
+
server["dependencies"] << {
|
575
|
+
"type" => "server",
|
576
|
+
"name" => configurator.nat_routes[server["vpc"]["subnet_name"]],
|
577
|
+
"phase" => "groom"
|
578
|
+
}
|
579
|
+
end
|
580
|
+
end
|
581
|
+
|
582
|
+
ok
|
583
|
+
end
|
584
|
+
|
585
|
+
end #class
|
586
|
+
end #class
|
587
|
+
end #module
|