cloud-mu 1.9.0.pre.beta
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/Berksfile +56 -0
- data/Berksfile.lock +250 -0
- data/Jenkinsfile +184 -0
- data/LICENSE.md +37 -0
- data/README.md +26 -0
- data/bin/mu-aws-setup +376 -0
- data/bin/mu-cleanup +68 -0
- data/bin/mu-configure +1133 -0
- data/bin/mu-deploy +166 -0
- data/bin/mu-firewall-allow-clients +30 -0
- data/bin/mu-gcp-setup +200 -0
- data/bin/mu-gen-docs +34 -0
- data/bin/mu-gen-env +42 -0
- data/bin/mu-load-config.rb +158 -0
- data/bin/mu-node-manage +683 -0
- data/bin/mu-self-update +228 -0
- data/bin/mu-ssh +23 -0
- data/bin/mu-tunnel-nagios +144 -0
- data/bin/mu-upload-chef-artifacts +757 -0
- data/bin/mu-user-manage +275 -0
- data/cookbooks/awscli/LICENSE +37 -0
- data/cookbooks/awscli/README.md +58 -0
- data/cookbooks/awscli/attributes/default.rb +1 -0
- data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
- data/cookbooks/awscli/metadata.rb +20 -0
- data/cookbooks/awscli/recipes/default.rb +56 -0
- data/cookbooks/awscli/templates/default/config.erb +18 -0
- data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
- data/cookbooks/mu-activedirectory/LICENSE +37 -0
- data/cookbooks/mu-activedirectory/README.md +6 -0
- data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
- data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
- data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
- data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
- data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
- data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
- data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
- data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
- data/cookbooks/mu-activedirectory/metadata.rb +17 -0
- data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
- data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
- data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
- data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
- data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
- data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
- data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
- data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
- data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
- data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
- data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
- data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
- data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
- data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
- data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
- data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
- data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
- data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
- data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
- data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
- data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
- data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
- data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
- data/cookbooks/mu-firewall/LICENSE +37 -0
- data/cookbooks/mu-firewall/README.md +5 -0
- data/cookbooks/mu-firewall/attributes/default.rb +3 -0
- data/cookbooks/mu-firewall/metadata.rb +16 -0
- data/cookbooks/mu-firewall/recipes/default.rb +10 -0
- data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
- data/cookbooks/mu-glusterfs/LICENSE +37 -0
- data/cookbooks/mu-glusterfs/README.md +5 -0
- data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
- data/cookbooks/mu-glusterfs/metadata.rb +17 -0
- data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
- data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
- data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
- data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
- data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
- data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
- data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
- data/cookbooks/mu-jenkins/LICENSE +37 -0
- data/cookbooks/mu-jenkins/README.md +105 -0
- data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
- data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
- data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
- data/cookbooks/mu-jenkins/metadata.rb +21 -0
- data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
- data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
- data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
- data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
- data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
- data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
- data/cookbooks/mu-master/CHANGELOG.md +13 -0
- data/cookbooks/mu-master/LICENSE +37 -0
- data/cookbooks/mu-master/README.md +6 -0
- data/cookbooks/mu-master/attributes/default.rb +95 -0
- data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
- data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
- data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
- data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
- data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
- data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
- data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
- data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
- data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
- data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
- data/cookbooks/mu-master/files/default/pam_sshd +18 -0
- data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
- data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
- data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
- data/cookbooks/mu-master/files/default/vimrc +19 -0
- data/cookbooks/mu-master/libraries/mu.rb +29 -0
- data/cookbooks/mu-master/metadata.rb +30 -0
- data/cookbooks/mu-master/providers/user.rb +41 -0
- data/cookbooks/mu-master/recipes/389ds.rb +164 -0
- data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
- data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
- data/cookbooks/mu-master/recipes/default.rb +451 -0
- data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
- data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
- data/cookbooks/mu-master/recipes/init.rb +542 -0
- data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
- data/cookbooks/mu-master/recipes/sssd.rb +89 -0
- data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
- data/cookbooks/mu-master/recipes/vault.rb +111 -0
- data/cookbooks/mu-master/resources/user.rb +19 -0
- data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
- data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
- data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
- data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
- data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
- data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
- data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
- data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
- data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
- data/cookbooks/mu-mongo/LICENSE +37 -0
- data/cookbooks/mu-mongo/README.md +5 -0
- data/cookbooks/mu-mongo/attributes/default.rb +22 -0
- data/cookbooks/mu-mongo/files/default/keyfile +16 -0
- data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
- data/cookbooks/mu-mongo/metadata.rb +17 -0
- data/cookbooks/mu-mongo/recipes/default.rb +149 -0
- data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
- data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
- data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
- data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
- data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
- data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
- data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
- data/cookbooks/mu-openvpn/LICENSE +37 -0
- data/cookbooks/mu-openvpn/README.md +6 -0
- data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
- data/cookbooks/mu-openvpn/metadata.rb +18 -0
- data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
- data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
- data/cookbooks/mu-php54/CHANGELOG.md +12 -0
- data/cookbooks/mu-php54/LICENSE +37 -0
- data/cookbooks/mu-php54/README.md +0 -0
- data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
- data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
- data/cookbooks/mu-php54/metadata.rb +21 -0
- data/cookbooks/mu-php54/recipes/default.rb +97 -0
- data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
- data/cookbooks/mu-splunk/LICENSE +37 -0
- data/cookbooks/mu-splunk/README.md +451 -0
- data/cookbooks/mu-splunk/attributes/default.rb +95 -0
- data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
- data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
- data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
- data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
- data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
- data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
- data/cookbooks/mu-splunk/metadata.json +30 -0
- data/cookbooks/mu-splunk/metadata.rb +17 -0
- data/cookbooks/mu-splunk/recipes/client.rb +143 -0
- data/cookbooks/mu-splunk/recipes/default.rb +31 -0
- data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
- data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
- data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
- data/cookbooks/mu-splunk/recipes/server.rb +53 -0
- data/cookbooks/mu-splunk/recipes/service.rb +95 -0
- data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
- data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
- data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
- data/cookbooks/mu-splunk/recipes/user.rb +34 -0
- data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
- data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
- data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
- data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
- data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
- data/cookbooks/mu-tools/CHANGELOG.md +12 -0
- data/cookbooks/mu-tools/LICENSE +37 -0
- data/cookbooks/mu-tools/README.md +188 -0
- data/cookbooks/mu-tools/attributes/default.rb +142 -0
- data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
- data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
- data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
- data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
- data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
- data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
- data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
- data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
- data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
- data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
- data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
- data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
- data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
- data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
- data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
- data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
- data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
- data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
- data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
- data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
- data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
- data/cookbooks/mu-tools/files/default/mypol.te +37 -0
- data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
- data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
- data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
- data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
- data/cookbooks/mu-tools/files/default/ntrights +0 -0
- data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
- data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
- data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
- data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
- data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
- data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
- data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
- data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
- data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
- data/cookbooks/mu-tools/libraries/helper.rb +292 -0
- data/cookbooks/mu-tools/metadata.rb +28 -0
- data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
- data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
- data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
- data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
- data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
- data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
- data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
- data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
- data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
- data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
- data/cookbooks/mu-tools/recipes/efs.rb +70 -0
- data/cookbooks/mu-tools/recipes/eks.rb +160 -0
- data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
- data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
- data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
- data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
- data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
- data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
- data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
- data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
- data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
- data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
- data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
- data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
- data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
- data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
- data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
- data/cookbooks/mu-tools/recipes/updates.rb +96 -0
- data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
- data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
- data/cookbooks/mu-tools/resources/disk.rb +88 -0
- data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
- data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
- data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
- data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
- data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
- data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
- data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
- data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
- data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
- data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
- data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
- data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
- data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
- data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
- data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
- data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
- data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
- data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
- data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
- data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
- data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
- data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
- data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
- data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
- data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
- data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
- data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
- data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
- data/cookbooks/mu-utility/CHANGELOG.md +12 -0
- data/cookbooks/mu-utility/LICENSE +37 -0
- data/cookbooks/mu-utility/README.md +6 -0
- data/cookbooks/mu-utility/attributes/default.rb +1 -0
- data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
- data/cookbooks/mu-utility/metadata.rb +16 -0
- data/cookbooks/mu-utility/recipes/apt.rb +23 -0
- data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
- data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
- data/cookbooks/mu-utility/recipes/luks.rb +18 -0
- data/cookbooks/mu-utility/recipes/nat.rb +104 -0
- data/cookbooks/mu-utility/recipes/php.rb +33 -0
- data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
- data/cookbooks/mu-utility/recipes/remi.rb +44 -0
- data/cookbooks/mu-utility/recipes/vim.rb +26 -0
- data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
- data/cookbooks/mu-utility/recipes/zip.rb +26 -0
- data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
- data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
- data/cookbooks/nagios/Berksfile +8 -0
- data/cookbooks/nagios/CHANGELOG.md +589 -0
- data/cookbooks/nagios/CONTRIBUTING.md +11 -0
- data/cookbooks/nagios/LICENSE +37 -0
- data/cookbooks/nagios/README.md +328 -0
- data/cookbooks/nagios/TESTING.md +2 -0
- data/cookbooks/nagios/attributes/config.rb +171 -0
- data/cookbooks/nagios/attributes/default.rb +228 -0
- data/cookbooks/nagios/chefignore +102 -0
- data/cookbooks/nagios/definitions/command.rb +33 -0
- data/cookbooks/nagios/definitions/contact.rb +33 -0
- data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
- data/cookbooks/nagios/definitions/host.rb +33 -0
- data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
- data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
- data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
- data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
- data/cookbooks/nagios/definitions/resource.rb +33 -0
- data/cookbooks/nagios/definitions/service.rb +33 -0
- data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
- data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
- data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
- data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
- data/cookbooks/nagios/libraries/base.rb +314 -0
- data/cookbooks/nagios/libraries/command.rb +91 -0
- data/cookbooks/nagios/libraries/contact.rb +230 -0
- data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
- data/cookbooks/nagios/libraries/custom_option.rb +36 -0
- data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
- data/cookbooks/nagios/libraries/default.rb +90 -0
- data/cookbooks/nagios/libraries/host.rb +412 -0
- data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
- data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
- data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
- data/cookbooks/nagios/libraries/nagios.rb +282 -0
- data/cookbooks/nagios/libraries/resource.rb +59 -0
- data/cookbooks/nagios/libraries/service.rb +455 -0
- data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
- data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
- data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
- data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
- data/cookbooks/nagios/libraries/users_helper.rb +54 -0
- data/cookbooks/nagios/metadata.rb +25 -0
- data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
- data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
- data/cookbooks/nagios/recipes/apache.rb +48 -0
- data/cookbooks/nagios/recipes/default.rb +204 -0
- data/cookbooks/nagios/recipes/nginx.rb +82 -0
- data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
- data/cookbooks/nagios/recipes/server_package.rb +40 -0
- data/cookbooks/nagios/recipes/server_source.rb +164 -0
- data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
- data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
- data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
- data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
- data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
- data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
- data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
- data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
- data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
- data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
- data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
- data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
- data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
- data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
- data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
- data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
- data/cookbooks/s3fs/CHANGELOG.md +13 -0
- data/cookbooks/s3fs/LICENSE +37 -0
- data/cookbooks/s3fs/README.md +6 -0
- data/cookbooks/s3fs/attributes/default.rb +15 -0
- data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
- data/cookbooks/s3fs/metadata.rb +16 -0
- data/cookbooks/s3fs/recipes/default.rb +91 -0
- data/data_bags/demo/app.json +7 -0
- data/data_bags/nagios_services/chef.json +6 -0
- data/data_bags/nagios_services/linux_diskspace.json +5 -0
- data/data_bags/nagios_services/momma_cat.json +6 -0
- data/data_bags/nagios_services/mu-master-memory.json +5 -0
- data/data_bags/nagios_services/nagios_ui.json +6 -0
- data/data_bags/nagios_services/node_ssh.json +6 -0
- data/data_bags/nagios_services/ssh.json +6 -0
- data/demo/lambda_test.yaml +29 -0
- data/environments/DEV.json +8 -0
- data/environments/PROD.json +8 -0
- data/environments/dev.json +8 -0
- data/environments/development.json +8 -0
- data/environments/prod.json +8 -0
- data/extras/README.md +1 -0
- data/extras/admin-role-binding.yaml +16 -0
- data/extras/admin-user.yaml +6 -0
- data/extras/aws-auth-cm.yaml.erb +12 -0
- data/extras/clean-stock-amis +48 -0
- data/extras/git-fix-permissions-hook +12 -0
- data/extras/gitlab-eks-helper.sh.erb +20 -0
- data/extras/image-generators/README.md +2 -0
- data/extras/image-generators/aws/centos6.yaml +18 -0
- data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
- data/extras/image-generators/aws/centos7.yaml +17 -0
- data/extras/image-generators/aws/rhel7.yaml +17 -0
- data/extras/image-generators/aws/win2k12.yaml +16 -0
- data/extras/image-generators/aws/win2k16.yaml +16 -0
- data/extras/image-generators/aws/windows.yaml +18 -0
- data/extras/image-generators/gcp/centos6.yaml +17 -0
- data/extras/lambda_waf_domain_blacklist.py +103 -0
- data/extras/platform_berksfile_base +50 -0
- data/extras/ruby_rpm/build.sh +17 -0
- data/extras/ruby_rpm/muby.spec +44 -0
- data/extras/vault_tools/README.md +6 -0
- data/extras/vault_tools/export_vaults.sh +3 -0
- data/extras/vault_tools/recreate_vaults.sh +5 -0
- data/extras/vault_tools/test_vaults.sh +5 -0
- data/install/README.md +8 -0
- data/install/cfn_create_mu_master.json +1034 -0
- data/install/chef-server.rb.erb +19 -0
- data/install/deprecated-bash-library.sh +1891 -0
- data/install/images/Usage.png +0 -0
- data/install/installer +71 -0
- data/install/jenkinskeys.rb +8 -0
- data/install/user-dot-murc.erb +14 -0
- data/modules/html.erb +19 -0
- data/modules/mommacat.ru +426 -0
- data/modules/mu/cleanup.rb +339 -0
- data/modules/mu/cloud.rb +1446 -0
- data/modules/mu/clouds/README.md +201 -0
- data/modules/mu/clouds/aws/alarm.rb +319 -0
- data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
- data/modules/mu/clouds/aws/collection.rb +373 -0
- data/modules/mu/clouds/aws/container_cluster.rb +667 -0
- data/modules/mu/clouds/aws/database.rb +1836 -0
- data/modules/mu/clouds/aws/dnszone.rb +911 -0
- data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
- data/modules/mu/clouds/aws/folder.rb +92 -0
- data/modules/mu/clouds/aws/function.rb +349 -0
- data/modules/mu/clouds/aws/group.rb +251 -0
- data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
- data/modules/mu/clouds/aws/log.rb +363 -0
- data/modules/mu/clouds/aws/msg_queue.rb +480 -0
- data/modules/mu/clouds/aws/notification.rb +139 -0
- data/modules/mu/clouds/aws/role.rb +656 -0
- data/modules/mu/clouds/aws/search_domain.rb +646 -0
- data/modules/mu/clouds/aws/server.rb +2294 -0
- data/modules/mu/clouds/aws/server_pool.rb +1388 -0
- data/modules/mu/clouds/aws/storage_pool.rb +495 -0
- data/modules/mu/clouds/aws/user.rb +382 -0
- data/modules/mu/clouds/aws/userdata/README.md +4 -0
- data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
- data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
- data/modules/mu/clouds/aws/vpc.rb +1943 -0
- data/modules/mu/clouds/aws.rb +1009 -0
- data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
- data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
- data/modules/mu/clouds/cloudformation/collection.rb +117 -0
- data/modules/mu/clouds/cloudformation/database.rb +278 -0
- data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
- data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
- data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
- data/modules/mu/clouds/cloudformation/log.rb +170 -0
- data/modules/mu/clouds/cloudformation/server.rb +370 -0
- data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
- data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
- data/modules/mu/clouds/cloudformation.rb +733 -0
- data/modules/mu/clouds/docker.rb +30 -0
- data/modules/mu/clouds/google/container_cluster.rb +290 -0
- data/modules/mu/clouds/google/database.rb +152 -0
- data/modules/mu/clouds/google/firewall_rule.rb +267 -0
- data/modules/mu/clouds/google/group.rb +164 -0
- data/modules/mu/clouds/google/loadbalancer.rb +479 -0
- data/modules/mu/clouds/google/server.rb +1510 -0
- data/modules/mu/clouds/google/server_pool.rb +274 -0
- data/modules/mu/clouds/google/user.rb +266 -0
- data/modules/mu/clouds/google/userdata/README.md +4 -0
- data/modules/mu/clouds/google/userdata/linux.erb +137 -0
- data/modules/mu/clouds/google/userdata/windows.erb +275 -0
- data/modules/mu/clouds/google/vpc.rb +890 -0
- data/modules/mu/clouds/google.rb +811 -0
- data/modules/mu/config/README.md +11 -0
- data/modules/mu/config/alarm.rb +271 -0
- data/modules/mu/config/cache_cluster.rb +172 -0
- data/modules/mu/config/collection.rb +87 -0
- data/modules/mu/config/container_cluster.rb +103 -0
- data/modules/mu/config/container_cluster.yml +36 -0
- data/modules/mu/config/database.rb +458 -0
- data/modules/mu/config/database.yml +26 -0
- data/modules/mu/config/dnszone.rb +327 -0
- data/modules/mu/config/firewall_rule.rb +118 -0
- data/modules/mu/config/folder.rb +70 -0
- data/modules/mu/config/function.rb +140 -0
- data/modules/mu/config/group.rb +64 -0
- data/modules/mu/config/loadbalancer.rb +482 -0
- data/modules/mu/config/log.rb +47 -0
- data/modules/mu/config/log.yml +6 -0
- data/modules/mu/config/msg_queue.rb +47 -0
- data/modules/mu/config/msg_queue.yml +9 -0
- data/modules/mu/config/notification.rb +44 -0
- data/modules/mu/config/project.rb +71 -0
- data/modules/mu/config/role.rb +102 -0
- data/modules/mu/config/search_domain.rb +61 -0
- data/modules/mu/config/search_domain.yml +25 -0
- data/modules/mu/config/server.rb +587 -0
- data/modules/mu/config/server.yml +8 -0
- data/modules/mu/config/server_pool.rb +216 -0
- data/modules/mu/config/server_pool.yml +71 -0
- data/modules/mu/config/storage_pool.rb +145 -0
- data/modules/mu/config/user.rb +78 -0
- data/modules/mu/config/vpc.rb +743 -0
- data/modules/mu/config/vpc.yml +6 -0
- data/modules/mu/config.rb +2000 -0
- data/modules/mu/defaults/README.md +2 -0
- data/modules/mu/defaults/amazon_images.yaml +121 -0
- data/modules/mu/defaults/google_images.yaml +16 -0
- data/modules/mu/deploy.rb +686 -0
- data/modules/mu/groomer.rb +123 -0
- data/modules/mu/groomers/README.md +58 -0
- data/modules/mu/groomers/chef.rb +1024 -0
- data/modules/mu/kittens.rb +11319 -0
- data/modules/mu/logger.rb +208 -0
- data/modules/mu/master/README.md +27 -0
- data/modules/mu/master/chef.rb +471 -0
- data/modules/mu/master/ldap.rb +1005 -0
- data/modules/mu/master.rb +415 -0
- data/modules/mu/mommacat.rb +2703 -0
- data/modules/mu-load-config.rb +1 -0
- data/modules/mu.rb +724 -0
- data/modules/scratchpad.erb +1 -0
- data/modules/tests/super_complex_bok.yml +41 -0
- data/modules/tests/super_simple_bok.yml +40 -0
- data/mu.gemspec +62 -0
- data/roles/demo-dbservice-configure.json +19 -0
- data/roles/demo-portal-configure.json +19 -0
- data/roles/mu-master-jenkins.json +24 -0
- data/roles/mu-master-nagios-only.json +13 -0
- data/roles/mu-master.json +12 -0
- data/roles/mu-node.json +19 -0
- data/roles/mu-splunk-server.json +13 -0
- data/roles/mu-splunk.json +13 -0
- data/test/clean_up.py +25 -0
- data/test/demo-test-profile/README.md +3 -0
- data/test/demo-test-profile/controls/flask.rb +84 -0
- data/test/demo-test-profile/inspec.lock +7 -0
- data/test/demo-test-profile/inspec.yml +11 -0
- data/test/etco-test-profile/README.md +3 -0
- data/test/etco-test-profile/controls/all-in-one.rb +182 -0
- data/test/etco-test-profile/inspec.lock +7 -0
- data/test/etco-test-profile/inspec.yml +11 -0
- data/test/exec_inspec.py +246 -0
- data/test/exec_mu_install.py +241 -0
- data/test/exec_retry.py +44 -0
- data/test/mu-master-test/README.md +3 -0
- data/test/mu-master-test/controls/all_in_one.rb +557 -0
- data/test/mu-master-test/inspec.lock +3 -0
- data/test/mu-master-test/inspec.yml +11 -0
- data/test/mu-tools-test/README.md +3 -0
- data/test/mu-tools-test/controls/base.rb +265 -0
- data/test/mu-tools-test/inspec.lock +3 -0
- data/test/mu-tools-test/inspec.yml +8 -0
- data/test/simple-server-php-test/README.md +3 -0
- data/test/simple-server-php-test/controls/apachephp.rb +25 -0
- data/test/simple-server-php-test/controls/example.rb +19 -0
- data/test/simple-server-php-test/inspec.lock +7 -0
- data/test/simple-server-php-test/inspec.yml +12 -0
- data/test/simple-server-rails-test/README.md +3 -0
- data/test/simple-server-rails-test/controls/rails.rb +188 -0
- data/test/simple-server-rails-test/inspec.lock +7 -0
- data/test/simple-server-rails-test/inspec.yml +11 -0
- data/test/simple-windows-test/README.md +3 -0
- data/test/simple-windows-test/controls/windows.rb +20 -0
- data/test/simple-windows-test/inspec.lock +7 -0
- data/test/simple-windows-test/inspec.yml +11 -0
- data/test/smoke_test.rb +75 -0
- data/test/wordpress-test/README.md +3 -0
- data/test/wordpress-test/controls/wordpress.rb +97 -0
- data/test/wordpress-test/inspec.lock +7 -0
- data/test/wordpress-test/inspec.yml +11 -0
- metadata +979 -0
|
@@ -0,0 +1,216 @@
|
|
|
1
|
+
# Copyright:: Copyright (c) 2018 eGlobalTech, Inc., all rights reserved
|
|
2
|
+
#
|
|
3
|
+
# Licensed under the BSD-3 license (the "License");
|
|
4
|
+
# you may not use this file except in compliance with the License.
|
|
5
|
+
# You may obtain a copy of the License in the root of the project or at
|
|
6
|
+
#
|
|
7
|
+
# http://egt-labs.com/mu/LICENSE.html
|
|
8
|
+
#
|
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
# See the License for the specific language governing permissions and
|
|
13
|
+
# limitations under the License.
|
|
14
|
+
|
|
15
|
+
module MU
|
|
16
|
+
class Config
|
|
17
|
+
# Basket of Kittens config schema and parser logic. See modules/mu/clouds/*/server_pool.rb
|
|
18
|
+
class ServerPool
|
|
19
|
+
|
|
20
|
+
# Base configuration schema for a ServerPool
|
|
21
|
+
# @return [Hash]
|
|
22
|
+
def self.schema
|
|
23
|
+
base = {
|
|
24
|
+
"type" => "object",
|
|
25
|
+
"additionalProperties" => false,
|
|
26
|
+
"description" => "Create scalable pools of identical servers.",
|
|
27
|
+
"required" => ["name", "min_size", "max_size", "basis", "cloud"],
|
|
28
|
+
"properties" => {
|
|
29
|
+
"dns_records" => MU::Config::DNSZone.records_primitive(need_target: false, default_type: "A", need_zone: true),
|
|
30
|
+
"scrub_mu_isms" => {
|
|
31
|
+
"type" => "boolean",
|
|
32
|
+
"default" => false,
|
|
33
|
+
"description" => "When 'cloud' is set to 'CloudFormation,' use this flag to strip out Mu-specific artifacts (tags, standard userdata, naming conventions, etc) to yield a clean, source-agnostic template."
|
|
34
|
+
},
|
|
35
|
+
"wait_for_nodes" => {
|
|
36
|
+
"type" => "integer",
|
|
37
|
+
"description" => "Use this parameter to force a certain number of nodes to come up and be fully bootstrapped before the rest of the pool is initialized.",
|
|
38
|
+
"default" => 0,
|
|
39
|
+
},
|
|
40
|
+
"vpc" => MU::Config::VPC.reference(MU::Config::VPC::MANY_SUBNETS, MU::Config::VPC::NAT_OPTS, "all_private"),
|
|
41
|
+
"min_size" => {"type" => "integer"},
|
|
42
|
+
"max_size" => {"type" => "integer"},
|
|
43
|
+
"tags" => MU::Config.tags_primitive,
|
|
44
|
+
"optional_tags" => MU::Config.optional_tags_primitive,
|
|
45
|
+
"desired_capacity" => {
|
|
46
|
+
"type" => "integer",
|
|
47
|
+
"description" => "The number of Amazon EC2 instances that should be running in the group. Should be between min_size and max_size."
|
|
48
|
+
},
|
|
49
|
+
"default_cooldown" => {
|
|
50
|
+
"type" => "integer",
|
|
51
|
+
"default" => 300
|
|
52
|
+
},
|
|
53
|
+
"health_check_type" => {
|
|
54
|
+
"type" => "string",
|
|
55
|
+
"enum" => ["EC2", "ELB"],
|
|
56
|
+
"default" => "EC2",
|
|
57
|
+
},
|
|
58
|
+
"health_check_grace_period" => {
|
|
59
|
+
"type" => "integer",
|
|
60
|
+
"default" => 0
|
|
61
|
+
},
|
|
62
|
+
"vpc_zone_identifier" => {
|
|
63
|
+
"type" => "string",
|
|
64
|
+
"description" => "A comma-separated list of subnet identifiers of Amazon Virtual Private Clouds (Amazon VPCs).
|
|
65
|
+
|
|
66
|
+
If you specify subnets and Availability Zones with this call, ensure that the subnets' Availability Zones match the Availability Zones specified."
|
|
67
|
+
},
|
|
68
|
+
#XXX this needs its own primitive and discovery mechanism
|
|
69
|
+
"zones" => {
|
|
70
|
+
"type" => "array",
|
|
71
|
+
"minItems" => 1,
|
|
72
|
+
"items" => {
|
|
73
|
+
"type" => "string",
|
|
74
|
+
}
|
|
75
|
+
},
|
|
76
|
+
"basis" => {
|
|
77
|
+
"type" => "object",
|
|
78
|
+
"minProperties" => 1,
|
|
79
|
+
"maxProperties" => 1,
|
|
80
|
+
"additionalProperties" => false,
|
|
81
|
+
"description" => "The baseline for new servers created within this Autoscale Group.",
|
|
82
|
+
"properties" => {
|
|
83
|
+
"instance_id" => {
|
|
84
|
+
"type" => "string",
|
|
85
|
+
"description" => "The AWS instance ID of an existing instance to use as the base image for this Autoscale Group.",
|
|
86
|
+
},
|
|
87
|
+
"server" => {
|
|
88
|
+
"type" => "string",
|
|
89
|
+
"description" => "Build a server defined elsewhere in this stack, then use it as the base image for this Autoscale Group.",
|
|
90
|
+
},
|
|
91
|
+
"launch_config" => {
|
|
92
|
+
"type" => "object",
|
|
93
|
+
"required" => ["name", "size"],
|
|
94
|
+
"minProperties" => 3,
|
|
95
|
+
"additionalProperties" => false,
|
|
96
|
+
"description" => "An Amazon Launch Config for an Autoscale Group.",
|
|
97
|
+
"properties" => {
|
|
98
|
+
"name" => {"type" => "string"},
|
|
99
|
+
"instance_id" => {
|
|
100
|
+
"type" => "string",
|
|
101
|
+
"description" => "The AWS instance ID of an existing instance to use as the base image in this Launch Config.",
|
|
102
|
+
},
|
|
103
|
+
"storage" => MU::Config::Server.storage_primitive,
|
|
104
|
+
"server" => {
|
|
105
|
+
"type" => "string",
|
|
106
|
+
"description" => "Build a server defined elsewhere in this stack, create an AMI from it, then use it as the base image in this Launch Config.",
|
|
107
|
+
},
|
|
108
|
+
"ami_id" => {
|
|
109
|
+
"type" => "string",
|
|
110
|
+
"description" => "The Amazon EC2 AMI to use as the base image in this Launch Config. Will use the default for platform if not specified.",
|
|
111
|
+
},
|
|
112
|
+
"image_id" => {
|
|
113
|
+
"type" => "string",
|
|
114
|
+
"description" => "The Google Cloud Platform Image on which to base this autoscaler. Will use the default appropriate for the platform, if not specified.",
|
|
115
|
+
},
|
|
116
|
+
"monitoring" => {
|
|
117
|
+
"type" => "boolean",
|
|
118
|
+
"default" => true,
|
|
119
|
+
"description" => "Enable instance monitoring?",
|
|
120
|
+
},
|
|
121
|
+
"ebs_optimized" => {
|
|
122
|
+
"type" => "boolean",
|
|
123
|
+
"default" => false,
|
|
124
|
+
"description" => "EBS optimized?",
|
|
125
|
+
},
|
|
126
|
+
"iam_role" => {
|
|
127
|
+
"type" => "string",
|
|
128
|
+
"description" => "An Amazon IAM instance profile, from which to harvest role policies to merge into this node's own instance profile. If generate_iam_role is false, will simple use this profile.",
|
|
129
|
+
},
|
|
130
|
+
"generate_iam_role" => {
|
|
131
|
+
"type" => "boolean",
|
|
132
|
+
"default" => true,
|
|
133
|
+
"description" => "Generate a unique IAM profile for this Server or ServerPool.",
|
|
134
|
+
},
|
|
135
|
+
"iam_policies" => {
|
|
136
|
+
"type" => "array",
|
|
137
|
+
"items" => {
|
|
138
|
+
"description" => "Amazon-compatible role policies which will be merged into this node's own instance profile. Not valid with generate_iam_role set to false. Our parser expects the role policy document to me embedded under a named container, e.g. { 'name_of_policy':'{ <policy document> } }",
|
|
139
|
+
"type" => "object"
|
|
140
|
+
}
|
|
141
|
+
},
|
|
142
|
+
"spot_price" => {
|
|
143
|
+
"type" => "string",
|
|
144
|
+
},
|
|
145
|
+
"kernel_id" => {
|
|
146
|
+
"type" => "string",
|
|
147
|
+
"description" => "Kernel to use with servers created from this Launch Configuration.",
|
|
148
|
+
},
|
|
149
|
+
"ramdisk_id" => {
|
|
150
|
+
"type" => "string",
|
|
151
|
+
"description" => "Kernel to use with servers created from this Launch Configuration.",
|
|
152
|
+
},
|
|
153
|
+
"size" => {
|
|
154
|
+
"description" => "The Amazon EC2 instance type to use when creating this server.",
|
|
155
|
+
"type" => "string"
|
|
156
|
+
}
|
|
157
|
+
}
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
}
|
|
162
|
+
}
|
|
163
|
+
base["properties"].merge!(MU::Config::Server.common_properties)
|
|
164
|
+
base
|
|
165
|
+
end
|
|
166
|
+
|
|
167
|
+
# Generic pre-processing of {MU::Config::BasketofKittens::server_pools}, bare and unvalidated.
|
|
168
|
+
# @param pool [Hash]: The resource to process and validate
|
|
169
|
+
# @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
|
|
170
|
+
# @return [Boolean]: True if validation succeeded, False otherwise
|
|
171
|
+
def self.validate(pool, configurator)
|
|
172
|
+
ok = true
|
|
173
|
+
if configurator.haveLitterMate?(pool["name"], "servers")
|
|
174
|
+
MU.log "Can't use name #{pool['name']} more than once in pools/pool_pools"
|
|
175
|
+
ok = false
|
|
176
|
+
end
|
|
177
|
+
pool['skipinitialupdates'] = true if configurator.skipinitialupdates
|
|
178
|
+
pool['ingress_rules'] ||= []
|
|
179
|
+
pool['vault_access'] ||= []
|
|
180
|
+
pool['vault_access'] << {"vault" => "splunk", "item" => "admin_user"}
|
|
181
|
+
ok = false if !MU::Config.check_vault_refs(pool)
|
|
182
|
+
|
|
183
|
+
pool['dependencies'] << configurator.adminFirewallRuleset(vpc: pool['vpc'], region: pool['region'], cloud: pool['cloud']) if !pool['scrub_mu_isms']
|
|
184
|
+
|
|
185
|
+
if !pool["vpc"].nil?
|
|
186
|
+
if !pool["vpc"]["subnet_name"].nil? and configurator.nat_routes.has_key?(pool["vpc"]["subnet_name"])
|
|
187
|
+
pool["dependencies"] << {
|
|
188
|
+
"type" => "pool",
|
|
189
|
+
"name" => configurator.nat_routes[pool["vpc"]["subnet_name"]],
|
|
190
|
+
"phase" => "groom"
|
|
191
|
+
}
|
|
192
|
+
end
|
|
193
|
+
end
|
|
194
|
+
# TODO make sure this is handled... somewhere
|
|
195
|
+
# if pool["alarms"] && !pool["alarms"].empty?
|
|
196
|
+
# pool["alarms"].each { |alarm|
|
|
197
|
+
# alarm["name"] = "server-#{pool['name']}-#{alarm["name"]}"
|
|
198
|
+
# alarm["namespace"] = "AWS/EC2" if alarm["namespace"].nil?
|
|
199
|
+
# alarm['cloud'] = pool['cloud']
|
|
200
|
+
# ok = false if !insertKitten(alarm, "alarms")
|
|
201
|
+
# }
|
|
202
|
+
# end
|
|
203
|
+
if pool["basis"]["server"] != nil
|
|
204
|
+
pool["dependencies"] << {"type" => "server", "name" => pool["basis"]["server"]}
|
|
205
|
+
end
|
|
206
|
+
if !pool['static_ip'].nil? and !pool['ip'].nil?
|
|
207
|
+
ok = false
|
|
208
|
+
MU.log "Server Pools cannot assign specific static IPs.", MU::ERR
|
|
209
|
+
end
|
|
210
|
+
|
|
211
|
+
ok
|
|
212
|
+
end
|
|
213
|
+
|
|
214
|
+
end
|
|
215
|
+
end
|
|
216
|
+
end
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
<% if $complexity == 'complex' %>
|
|
2
|
+
name: <%= server_pools_name %>
|
|
3
|
+
cloud: AWS
|
|
4
|
+
alarms:
|
|
5
|
+
- comparison_operator: "GreaterThanThreshold"
|
|
6
|
+
metric_name: "HTTPCode_Target_5XX_Count"
|
|
7
|
+
evaluation_periods: 1
|
|
8
|
+
name: "HTTP_Target_500_Count"
|
|
9
|
+
period: 60
|
|
10
|
+
statistic: "Sum"
|
|
11
|
+
threshold: 10
|
|
12
|
+
enable_notifications: true
|
|
13
|
+
notification_endpoint: 'admin@example.com'
|
|
14
|
+
namespace: "AWS/ApplicationELB"
|
|
15
|
+
scale_in_protection: "initial"
|
|
16
|
+
scale_with_cpu: 50.0
|
|
17
|
+
scaling_policies:
|
|
18
|
+
- name: simplediskreads
|
|
19
|
+
policy_type: SimpleScaling
|
|
20
|
+
adjustment: 1
|
|
21
|
+
cooldown: 60
|
|
22
|
+
type: ChangeInCapacity
|
|
23
|
+
alarms:
|
|
24
|
+
- name: simplenetwork
|
|
25
|
+
namespace: "AWS/EC2"
|
|
26
|
+
metric_name: DiskReadBytes
|
|
27
|
+
period: 60
|
|
28
|
+
evaluation_periods: 1
|
|
29
|
+
comparison_operator: GreaterThanThreshold
|
|
30
|
+
statistic: Sum
|
|
31
|
+
threshold: 1073741824
|
|
32
|
+
- name: trackingnetworkin
|
|
33
|
+
policy_type: TargetTrackingScaling
|
|
34
|
+
estimated_instance_warmup: 600
|
|
35
|
+
target_tracking_configuration:
|
|
36
|
+
target_value: 250.0
|
|
37
|
+
predefined_metric_specification: ASGAverageNetworkIn
|
|
38
|
+
termination_policies:
|
|
39
|
+
- "OldestInstance"
|
|
40
|
+
wait_for_nodes: 1
|
|
41
|
+
min_size: 2
|
|
42
|
+
max_size: 2
|
|
43
|
+
schedule:
|
|
44
|
+
- action_name: scale-down-over-night
|
|
45
|
+
recurrence: "30 6 * * *"
|
|
46
|
+
min_size: 1
|
|
47
|
+
max_size: 1
|
|
48
|
+
- action_name: scale-up-during-the-day
|
|
49
|
+
recurrence: "30 12 * * *"
|
|
50
|
+
min_size: 2
|
|
51
|
+
max_size: 2
|
|
52
|
+
ingress_rules:
|
|
53
|
+
- port: 80
|
|
54
|
+
hosts:
|
|
55
|
+
- 0.0.0.0/0
|
|
56
|
+
- port: 443
|
|
57
|
+
hosts:
|
|
58
|
+
- 0.0.0.0/0
|
|
59
|
+
basis:
|
|
60
|
+
launch_config:
|
|
61
|
+
name: <%= server_pools_name %>
|
|
62
|
+
size: t2.medium
|
|
63
|
+
<% else %>
|
|
64
|
+
name: <%= server_pools_name %>
|
|
65
|
+
min_size: 1
|
|
66
|
+
max_size: 1
|
|
67
|
+
basis:
|
|
68
|
+
launch_config:
|
|
69
|
+
name: <%= server_pools_name %>
|
|
70
|
+
size: t2.small
|
|
71
|
+
<% end %>
|
|
@@ -0,0 +1,145 @@
|
|
|
1
|
+
# Copyright:: Copyright (c) 2018 eGlobalTech, Inc., all rights reserved
|
|
2
|
+
#
|
|
3
|
+
# Licensed under the BSD-3 license (the "License");
|
|
4
|
+
# you may not use this file except in compliance with the License.
|
|
5
|
+
# You may obtain a copy of the License in the root of the project or at
|
|
6
|
+
#
|
|
7
|
+
# http://egt-labs.com/mu/LICENSE.html
|
|
8
|
+
#
|
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
# See the License for the specific language governing permissions and
|
|
13
|
+
# limitations under the License.
|
|
14
|
+
|
|
15
|
+
module MU
|
|
16
|
+
class Config
|
|
17
|
+
# Basket of Kittens config schema and parser logic. See modules/mu/clouds/*/storage_pool.rb
|
|
18
|
+
class StoragePool
|
|
19
|
+
|
|
20
|
+
# Base configuration schema for a StoragePool
|
|
21
|
+
# @return [Hash]
|
|
22
|
+
def self.schema
|
|
23
|
+
{
|
|
24
|
+
"type" => "object",
|
|
25
|
+
"title" => "Storage Pool",
|
|
26
|
+
"description" => "Create a storage pool.",
|
|
27
|
+
"required" => ["name", "cloud"],
|
|
28
|
+
"additionalProperties" => false,
|
|
29
|
+
"properties" => {
|
|
30
|
+
"cloud" => MU::Config.cloud_primitive,
|
|
31
|
+
"name" => {"type" => "string"},
|
|
32
|
+
"region" => MU::Config.region_primitive,
|
|
33
|
+
"tags" => MU::Config.tags_primitive,
|
|
34
|
+
"optional_tags" => MU::Config.optional_tags_primitive,
|
|
35
|
+
"dependencies" => MU::Config.dependencies_primitive,
|
|
36
|
+
"storage_type" => {
|
|
37
|
+
"type" => "string",
|
|
38
|
+
"enum" => ["generalPurpose", "maxIO"],
|
|
39
|
+
"description" => "The storage type / performance mode of this storage pool. Defaults to generalPurpose",
|
|
40
|
+
"default" => "generalPurpose"
|
|
41
|
+
},
|
|
42
|
+
"mount_points" => {
|
|
43
|
+
"type" => "array",
|
|
44
|
+
"minItems" => 1,
|
|
45
|
+
"items" => {
|
|
46
|
+
"type" => "object",
|
|
47
|
+
"required" => ["name"],
|
|
48
|
+
"additionalProperties" => false,
|
|
49
|
+
"description" => "Mount points for AWS EFS.",
|
|
50
|
+
"properties" => {
|
|
51
|
+
"name" => {
|
|
52
|
+
"type" => "string"
|
|
53
|
+
},
|
|
54
|
+
"directory" => {
|
|
55
|
+
"type" => "string",
|
|
56
|
+
"description" => "The local directory this mount point will be mounted to",
|
|
57
|
+
"default" => "/efs"
|
|
58
|
+
},
|
|
59
|
+
"vpc" => MU::Config::VPC.reference(MU::Config::VPC::ONE_SUBNET+MU::Config::VPC::MANY_SUBNETS, MU::Config::VPC::NO_NAT_OPTS, "all_private"),
|
|
60
|
+
"add_firewall_rules" => MU::Config::FirewallRule.reference,
|
|
61
|
+
"ingress_rules" => {
|
|
62
|
+
"type" => "array",
|
|
63
|
+
"description" => "Firewall rules to apply to our mountpoints",
|
|
64
|
+
"items" => MU::Config::FirewallRule.ruleschema
|
|
65
|
+
},
|
|
66
|
+
"ip_address" => {
|
|
67
|
+
"type" => "string",
|
|
68
|
+
"pattern" => "^\\d+\\.\\d+\\.\\d+\\.\\d+$",
|
|
69
|
+
"description" => "The private IP address to assign to the mount point."
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
# Generic pre-processing of {MU::Config::BasketofKittens::storage_pools}, bare and unvalidated.
|
|
79
|
+
# @param pool [Hash]: The resource to process and validate
|
|
80
|
+
# @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
|
|
81
|
+
# @return [Boolean]: True if validation succeeded, False otherwise
|
|
82
|
+
def self.validate(pool, configurator)
|
|
83
|
+
ok = true
|
|
84
|
+
if pool['mount_points']
|
|
85
|
+
new_mount_points = []
|
|
86
|
+
pool['mount_points'].each{ |mp|
|
|
87
|
+
if mp["vpc"] and !mp["vpc"].empty?
|
|
88
|
+
if !mp["vpc"]["vpc_name"].nil? and
|
|
89
|
+
configurator.haveLitterMate?(mp["vpc"]["vpc_name"], "vpcs") and
|
|
90
|
+
mp["vpc"]['deploy_id'].nil? and
|
|
91
|
+
mp["vpc"]['vpc_id'].nil?
|
|
92
|
+
|
|
93
|
+
siblingvpc = configurator.haveLitterMate?(mp["vpc"]["vpc_name"], "vpcs")
|
|
94
|
+
if !MU::Config::VPC.processReference(mp['vpc'],
|
|
95
|
+
"storage_pools",
|
|
96
|
+
"storagepool '#{pool['name']}'",
|
|
97
|
+
configurator,
|
|
98
|
+
dflt_region: pool['region'],
|
|
99
|
+
is_sibling: true,
|
|
100
|
+
sibling_vpcs: [siblingvpc])
|
|
101
|
+
ok = false
|
|
102
|
+
end
|
|
103
|
+
else
|
|
104
|
+
if !MU::Config::VPC.processReference(mp["vpc"],
|
|
105
|
+
"storage_pools",
|
|
106
|
+
"storagepool #{pool['name']}",
|
|
107
|
+
configurator,
|
|
108
|
+
dflt_region: pool['region'])
|
|
109
|
+
ok = false
|
|
110
|
+
end
|
|
111
|
+
end
|
|
112
|
+
if mp['vpc']['subnets'] and mp['vpc']['subnets'].size > 1
|
|
113
|
+
seen_azs = []
|
|
114
|
+
count = 0
|
|
115
|
+
mp['vpc']['subnets'].each { |subnet|
|
|
116
|
+
if subnet['az'] and seen_azs.include?(subnet['az'])
|
|
117
|
+
MU.log "VPC config for Storage Pool #{pool['name']} has multiple matching subnets per Availability Zone. Only one mount point per AZ is allowed, so you must explicitly declare which subnets to use.", MU::ERR
|
|
118
|
+
ok = false
|
|
119
|
+
break
|
|
120
|
+
end
|
|
121
|
+
seen_azs << subnet['az']
|
|
122
|
+
subnet.delete("az")
|
|
123
|
+
newmp = Marshal.load(Marshal.dump(mp))
|
|
124
|
+
["subnets", "subnet_pref", "az"].each { |field|
|
|
125
|
+
newmp['vpc'].delete(field)
|
|
126
|
+
}
|
|
127
|
+
newmp['vpc'].merge!(subnet)
|
|
128
|
+
newmp['name'] = newmp['name']+count.to_s
|
|
129
|
+
count = count + 1
|
|
130
|
+
new_mount_points << newmp
|
|
131
|
+
}
|
|
132
|
+
else
|
|
133
|
+
new_mount_points << mp
|
|
134
|
+
end
|
|
135
|
+
end
|
|
136
|
+
}
|
|
137
|
+
pool['mount_points'] = new_mount_points
|
|
138
|
+
end
|
|
139
|
+
|
|
140
|
+
ok
|
|
141
|
+
end
|
|
142
|
+
|
|
143
|
+
end
|
|
144
|
+
end
|
|
145
|
+
end
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
# Copyright:: Copyright (c) 2018 eGlobalTech, Inc., all rights reserved
|
|
2
|
+
#
|
|
3
|
+
# Licensed under the BSD-3 license (the "License");
|
|
4
|
+
# you may not use this file except in compliance with the License.
|
|
5
|
+
# You may obtain a copy of the License in the root of the project or at
|
|
6
|
+
#
|
|
7
|
+
# http://egt-labs.com/mu/LICENSE.html
|
|
8
|
+
#
|
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
# See the License for the specific language governing permissions and
|
|
13
|
+
# limitations under the License.
|
|
14
|
+
|
|
15
|
+
module MU
|
|
16
|
+
class Config
|
|
17
|
+
# Basket of Kittens config schema and parser logic. See modules/mu/clouds/*/user.rb
|
|
18
|
+
class User
|
|
19
|
+
|
|
20
|
+
# Base configuration schema for a User
|
|
21
|
+
# @return [Hash]
|
|
22
|
+
def self.schema
|
|
23
|
+
{
|
|
24
|
+
"type" => "object",
|
|
25
|
+
"additionalProperties" => false,
|
|
26
|
+
"description" => "Set up a cloud provider user or machine account",
|
|
27
|
+
"required" => ["name", "type"],
|
|
28
|
+
"properties" => {
|
|
29
|
+
"name" => {
|
|
30
|
+
"type" => "string",
|
|
31
|
+
"description" => "The name of the account to create or associate."
|
|
32
|
+
},
|
|
33
|
+
"type" => {
|
|
34
|
+
"type" => "string",
|
|
35
|
+
"description" => "Indicates whether to create or associate an account meant for interactive human use, or for a machine or service.",
|
|
36
|
+
"enum" => ["interactive", "service"],
|
|
37
|
+
"default" => "interactive"
|
|
38
|
+
},
|
|
39
|
+
"use_if_exists" => {
|
|
40
|
+
"type" => "boolean",
|
|
41
|
+
"description" => "If we attempt to create or associate a user that already exists, simply modify that user in-place and use it, rather than throwing an error. If this flag is set, the user will *not* be deleted on cleanup, nor will we overwrite any existing tags on cloud platforms that support user tagging.",
|
|
42
|
+
"default" => true
|
|
43
|
+
},
|
|
44
|
+
"create_api_key" => {
|
|
45
|
+
"type" => "boolean",
|
|
46
|
+
"default" => false,
|
|
47
|
+
"description" => "Create a set of cloud API keys for this user. Keys will be shared via Scratchpad for one-time retrieval."
|
|
48
|
+
},
|
|
49
|
+
"preserve_on_cleanup" => {
|
|
50
|
+
"type" => "boolean",
|
|
51
|
+
"default" => false,
|
|
52
|
+
"description" => "Leave the user intact during the cleanup process. If we are re-using an existing user, rather than creating one ourselves, this option has no effect- that user will always be left intact."
|
|
53
|
+
},
|
|
54
|
+
"groups" => {
|
|
55
|
+
"type" => "array",
|
|
56
|
+
"description" => "One or more groups to associate with this user.",
|
|
57
|
+
"items" => {
|
|
58
|
+
"type" => "string",
|
|
59
|
+
"description" => "One or more groups to associate with this user. If there is a 'group' resource defined with this name in this Basket of Kittens, we will use that; if not, and if there is an existing cloud provider group in the appropriate account/project that matches, we will use that; if neither of those exists, we will implicitly create a matching group if it had been declared in this Basket of Kittens."
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
# Generic pre-processing of {MU::Config::BasketofKittens::user}, bare and unvalidated.
|
|
67
|
+
# @param user [Hash]: The resource to process and validate
|
|
68
|
+
# @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
|
|
69
|
+
# @return [Boolean]: True if validation succeeded, False otherwise
|
|
70
|
+
def self.validate(user, configurator)
|
|
71
|
+
ok = true
|
|
72
|
+
|
|
73
|
+
ok
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
end
|
|
77
|
+
end
|
|
78
|
+
end
|