cloud-mu 1.9.0.pre.beta
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/Berksfile +56 -0
- data/Berksfile.lock +250 -0
- data/Jenkinsfile +184 -0
- data/LICENSE.md +37 -0
- data/README.md +26 -0
- data/bin/mu-aws-setup +376 -0
- data/bin/mu-cleanup +68 -0
- data/bin/mu-configure +1133 -0
- data/bin/mu-deploy +166 -0
- data/bin/mu-firewall-allow-clients +30 -0
- data/bin/mu-gcp-setup +200 -0
- data/bin/mu-gen-docs +34 -0
- data/bin/mu-gen-env +42 -0
- data/bin/mu-load-config.rb +158 -0
- data/bin/mu-node-manage +683 -0
- data/bin/mu-self-update +228 -0
- data/bin/mu-ssh +23 -0
- data/bin/mu-tunnel-nagios +144 -0
- data/bin/mu-upload-chef-artifacts +757 -0
- data/bin/mu-user-manage +275 -0
- data/cookbooks/awscli/LICENSE +37 -0
- data/cookbooks/awscli/README.md +58 -0
- data/cookbooks/awscli/attributes/default.rb +1 -0
- data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
- data/cookbooks/awscli/metadata.rb +20 -0
- data/cookbooks/awscli/recipes/default.rb +56 -0
- data/cookbooks/awscli/templates/default/config.erb +18 -0
- data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
- data/cookbooks/mu-activedirectory/LICENSE +37 -0
- data/cookbooks/mu-activedirectory/README.md +6 -0
- data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
- data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
- data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
- data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
- data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
- data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
- data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
- data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
- data/cookbooks/mu-activedirectory/metadata.rb +17 -0
- data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
- data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
- data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
- data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
- data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
- data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
- data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
- data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
- data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
- data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
- data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
- data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
- data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
- data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
- data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
- data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
- data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
- data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
- data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
- data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
- data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
- data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
- data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
- data/cookbooks/mu-firewall/LICENSE +37 -0
- data/cookbooks/mu-firewall/README.md +5 -0
- data/cookbooks/mu-firewall/attributes/default.rb +3 -0
- data/cookbooks/mu-firewall/metadata.rb +16 -0
- data/cookbooks/mu-firewall/recipes/default.rb +10 -0
- data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
- data/cookbooks/mu-glusterfs/LICENSE +37 -0
- data/cookbooks/mu-glusterfs/README.md +5 -0
- data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
- data/cookbooks/mu-glusterfs/metadata.rb +17 -0
- data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
- data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
- data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
- data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
- data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
- data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
- data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
- data/cookbooks/mu-jenkins/LICENSE +37 -0
- data/cookbooks/mu-jenkins/README.md +105 -0
- data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
- data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
- data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
- data/cookbooks/mu-jenkins/metadata.rb +21 -0
- data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
- data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
- data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
- data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
- data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
- data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
- data/cookbooks/mu-master/CHANGELOG.md +13 -0
- data/cookbooks/mu-master/LICENSE +37 -0
- data/cookbooks/mu-master/README.md +6 -0
- data/cookbooks/mu-master/attributes/default.rb +95 -0
- data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
- data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
- data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
- data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
- data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
- data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
- data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
- data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
- data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
- data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
- data/cookbooks/mu-master/files/default/pam_sshd +18 -0
- data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
- data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
- data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
- data/cookbooks/mu-master/files/default/vimrc +19 -0
- data/cookbooks/mu-master/libraries/mu.rb +29 -0
- data/cookbooks/mu-master/metadata.rb +30 -0
- data/cookbooks/mu-master/providers/user.rb +41 -0
- data/cookbooks/mu-master/recipes/389ds.rb +164 -0
- data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
- data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
- data/cookbooks/mu-master/recipes/default.rb +451 -0
- data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
- data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
- data/cookbooks/mu-master/recipes/init.rb +542 -0
- data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
- data/cookbooks/mu-master/recipes/sssd.rb +89 -0
- data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
- data/cookbooks/mu-master/recipes/vault.rb +111 -0
- data/cookbooks/mu-master/resources/user.rb +19 -0
- data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
- data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
- data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
- data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
- data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
- data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
- data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
- data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
- data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
- data/cookbooks/mu-mongo/LICENSE +37 -0
- data/cookbooks/mu-mongo/README.md +5 -0
- data/cookbooks/mu-mongo/attributes/default.rb +22 -0
- data/cookbooks/mu-mongo/files/default/keyfile +16 -0
- data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
- data/cookbooks/mu-mongo/metadata.rb +17 -0
- data/cookbooks/mu-mongo/recipes/default.rb +149 -0
- data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
- data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
- data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
- data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
- data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
- data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
- data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
- data/cookbooks/mu-openvpn/LICENSE +37 -0
- data/cookbooks/mu-openvpn/README.md +6 -0
- data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
- data/cookbooks/mu-openvpn/metadata.rb +18 -0
- data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
- data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
- data/cookbooks/mu-php54/CHANGELOG.md +12 -0
- data/cookbooks/mu-php54/LICENSE +37 -0
- data/cookbooks/mu-php54/README.md +0 -0
- data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
- data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
- data/cookbooks/mu-php54/metadata.rb +21 -0
- data/cookbooks/mu-php54/recipes/default.rb +97 -0
- data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
- data/cookbooks/mu-splunk/LICENSE +37 -0
- data/cookbooks/mu-splunk/README.md +451 -0
- data/cookbooks/mu-splunk/attributes/default.rb +95 -0
- data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
- data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
- data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
- data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
- data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
- data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
- data/cookbooks/mu-splunk/metadata.json +30 -0
- data/cookbooks/mu-splunk/metadata.rb +17 -0
- data/cookbooks/mu-splunk/recipes/client.rb +143 -0
- data/cookbooks/mu-splunk/recipes/default.rb +31 -0
- data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
- data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
- data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
- data/cookbooks/mu-splunk/recipes/server.rb +53 -0
- data/cookbooks/mu-splunk/recipes/service.rb +95 -0
- data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
- data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
- data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
- data/cookbooks/mu-splunk/recipes/user.rb +34 -0
- data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
- data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
- data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
- data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
- data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
- data/cookbooks/mu-tools/CHANGELOG.md +12 -0
- data/cookbooks/mu-tools/LICENSE +37 -0
- data/cookbooks/mu-tools/README.md +188 -0
- data/cookbooks/mu-tools/attributes/default.rb +142 -0
- data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
- data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
- data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
- data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
- data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
- data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
- data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
- data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
- data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
- data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
- data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
- data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
- data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
- data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
- data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
- data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
- data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
- data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
- data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
- data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
- data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
- data/cookbooks/mu-tools/files/default/mypol.te +37 -0
- data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
- data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
- data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
- data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
- data/cookbooks/mu-tools/files/default/ntrights +0 -0
- data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
- data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
- data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
- data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
- data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
- data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
- data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
- data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
- data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
- data/cookbooks/mu-tools/libraries/helper.rb +292 -0
- data/cookbooks/mu-tools/metadata.rb +28 -0
- data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
- data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
- data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
- data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
- data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
- data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
- data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
- data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
- data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
- data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
- data/cookbooks/mu-tools/recipes/efs.rb +70 -0
- data/cookbooks/mu-tools/recipes/eks.rb +160 -0
- data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
- data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
- data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
- data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
- data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
- data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
- data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
- data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
- data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
- data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
- data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
- data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
- data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
- data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
- data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
- data/cookbooks/mu-tools/recipes/updates.rb +96 -0
- data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
- data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
- data/cookbooks/mu-tools/resources/disk.rb +88 -0
- data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
- data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
- data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
- data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
- data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
- data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
- data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
- data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
- data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
- data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
- data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
- data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
- data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
- data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
- data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
- data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
- data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
- data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
- data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
- data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
- data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
- data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
- data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
- data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
- data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
- data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
- data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
- data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
- data/cookbooks/mu-utility/CHANGELOG.md +12 -0
- data/cookbooks/mu-utility/LICENSE +37 -0
- data/cookbooks/mu-utility/README.md +6 -0
- data/cookbooks/mu-utility/attributes/default.rb +1 -0
- data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
- data/cookbooks/mu-utility/metadata.rb +16 -0
- data/cookbooks/mu-utility/recipes/apt.rb +23 -0
- data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
- data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
- data/cookbooks/mu-utility/recipes/luks.rb +18 -0
- data/cookbooks/mu-utility/recipes/nat.rb +104 -0
- data/cookbooks/mu-utility/recipes/php.rb +33 -0
- data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
- data/cookbooks/mu-utility/recipes/remi.rb +44 -0
- data/cookbooks/mu-utility/recipes/vim.rb +26 -0
- data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
- data/cookbooks/mu-utility/recipes/zip.rb +26 -0
- data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
- data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
- data/cookbooks/nagios/Berksfile +8 -0
- data/cookbooks/nagios/CHANGELOG.md +589 -0
- data/cookbooks/nagios/CONTRIBUTING.md +11 -0
- data/cookbooks/nagios/LICENSE +37 -0
- data/cookbooks/nagios/README.md +328 -0
- data/cookbooks/nagios/TESTING.md +2 -0
- data/cookbooks/nagios/attributes/config.rb +171 -0
- data/cookbooks/nagios/attributes/default.rb +228 -0
- data/cookbooks/nagios/chefignore +102 -0
- data/cookbooks/nagios/definitions/command.rb +33 -0
- data/cookbooks/nagios/definitions/contact.rb +33 -0
- data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
- data/cookbooks/nagios/definitions/host.rb +33 -0
- data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
- data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
- data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
- data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
- data/cookbooks/nagios/definitions/resource.rb +33 -0
- data/cookbooks/nagios/definitions/service.rb +33 -0
- data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
- data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
- data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
- data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
- data/cookbooks/nagios/libraries/base.rb +314 -0
- data/cookbooks/nagios/libraries/command.rb +91 -0
- data/cookbooks/nagios/libraries/contact.rb +230 -0
- data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
- data/cookbooks/nagios/libraries/custom_option.rb +36 -0
- data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
- data/cookbooks/nagios/libraries/default.rb +90 -0
- data/cookbooks/nagios/libraries/host.rb +412 -0
- data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
- data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
- data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
- data/cookbooks/nagios/libraries/nagios.rb +282 -0
- data/cookbooks/nagios/libraries/resource.rb +59 -0
- data/cookbooks/nagios/libraries/service.rb +455 -0
- data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
- data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
- data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
- data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
- data/cookbooks/nagios/libraries/users_helper.rb +54 -0
- data/cookbooks/nagios/metadata.rb +25 -0
- data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
- data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
- data/cookbooks/nagios/recipes/apache.rb +48 -0
- data/cookbooks/nagios/recipes/default.rb +204 -0
- data/cookbooks/nagios/recipes/nginx.rb +82 -0
- data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
- data/cookbooks/nagios/recipes/server_package.rb +40 -0
- data/cookbooks/nagios/recipes/server_source.rb +164 -0
- data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
- data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
- data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
- data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
- data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
- data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
- data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
- data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
- data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
- data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
- data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
- data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
- data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
- data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
- data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
- data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
- data/cookbooks/s3fs/CHANGELOG.md +13 -0
- data/cookbooks/s3fs/LICENSE +37 -0
- data/cookbooks/s3fs/README.md +6 -0
- data/cookbooks/s3fs/attributes/default.rb +15 -0
- data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
- data/cookbooks/s3fs/metadata.rb +16 -0
- data/cookbooks/s3fs/recipes/default.rb +91 -0
- data/data_bags/demo/app.json +7 -0
- data/data_bags/nagios_services/chef.json +6 -0
- data/data_bags/nagios_services/linux_diskspace.json +5 -0
- data/data_bags/nagios_services/momma_cat.json +6 -0
- data/data_bags/nagios_services/mu-master-memory.json +5 -0
- data/data_bags/nagios_services/nagios_ui.json +6 -0
- data/data_bags/nagios_services/node_ssh.json +6 -0
- data/data_bags/nagios_services/ssh.json +6 -0
- data/demo/lambda_test.yaml +29 -0
- data/environments/DEV.json +8 -0
- data/environments/PROD.json +8 -0
- data/environments/dev.json +8 -0
- data/environments/development.json +8 -0
- data/environments/prod.json +8 -0
- data/extras/README.md +1 -0
- data/extras/admin-role-binding.yaml +16 -0
- data/extras/admin-user.yaml +6 -0
- data/extras/aws-auth-cm.yaml.erb +12 -0
- data/extras/clean-stock-amis +48 -0
- data/extras/git-fix-permissions-hook +12 -0
- data/extras/gitlab-eks-helper.sh.erb +20 -0
- data/extras/image-generators/README.md +2 -0
- data/extras/image-generators/aws/centos6.yaml +18 -0
- data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
- data/extras/image-generators/aws/centos7.yaml +17 -0
- data/extras/image-generators/aws/rhel7.yaml +17 -0
- data/extras/image-generators/aws/win2k12.yaml +16 -0
- data/extras/image-generators/aws/win2k16.yaml +16 -0
- data/extras/image-generators/aws/windows.yaml +18 -0
- data/extras/image-generators/gcp/centos6.yaml +17 -0
- data/extras/lambda_waf_domain_blacklist.py +103 -0
- data/extras/platform_berksfile_base +50 -0
- data/extras/ruby_rpm/build.sh +17 -0
- data/extras/ruby_rpm/muby.spec +44 -0
- data/extras/vault_tools/README.md +6 -0
- data/extras/vault_tools/export_vaults.sh +3 -0
- data/extras/vault_tools/recreate_vaults.sh +5 -0
- data/extras/vault_tools/test_vaults.sh +5 -0
- data/install/README.md +8 -0
- data/install/cfn_create_mu_master.json +1034 -0
- data/install/chef-server.rb.erb +19 -0
- data/install/deprecated-bash-library.sh +1891 -0
- data/install/images/Usage.png +0 -0
- data/install/installer +71 -0
- data/install/jenkinskeys.rb +8 -0
- data/install/user-dot-murc.erb +14 -0
- data/modules/html.erb +19 -0
- data/modules/mommacat.ru +426 -0
- data/modules/mu/cleanup.rb +339 -0
- data/modules/mu/cloud.rb +1446 -0
- data/modules/mu/clouds/README.md +201 -0
- data/modules/mu/clouds/aws/alarm.rb +319 -0
- data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
- data/modules/mu/clouds/aws/collection.rb +373 -0
- data/modules/mu/clouds/aws/container_cluster.rb +667 -0
- data/modules/mu/clouds/aws/database.rb +1836 -0
- data/modules/mu/clouds/aws/dnszone.rb +911 -0
- data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
- data/modules/mu/clouds/aws/folder.rb +92 -0
- data/modules/mu/clouds/aws/function.rb +349 -0
- data/modules/mu/clouds/aws/group.rb +251 -0
- data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
- data/modules/mu/clouds/aws/log.rb +363 -0
- data/modules/mu/clouds/aws/msg_queue.rb +480 -0
- data/modules/mu/clouds/aws/notification.rb +139 -0
- data/modules/mu/clouds/aws/role.rb +656 -0
- data/modules/mu/clouds/aws/search_domain.rb +646 -0
- data/modules/mu/clouds/aws/server.rb +2294 -0
- data/modules/mu/clouds/aws/server_pool.rb +1388 -0
- data/modules/mu/clouds/aws/storage_pool.rb +495 -0
- data/modules/mu/clouds/aws/user.rb +382 -0
- data/modules/mu/clouds/aws/userdata/README.md +4 -0
- data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
- data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
- data/modules/mu/clouds/aws/vpc.rb +1943 -0
- data/modules/mu/clouds/aws.rb +1009 -0
- data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
- data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
- data/modules/mu/clouds/cloudformation/collection.rb +117 -0
- data/modules/mu/clouds/cloudformation/database.rb +278 -0
- data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
- data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
- data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
- data/modules/mu/clouds/cloudformation/log.rb +170 -0
- data/modules/mu/clouds/cloudformation/server.rb +370 -0
- data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
- data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
- data/modules/mu/clouds/cloudformation.rb +733 -0
- data/modules/mu/clouds/docker.rb +30 -0
- data/modules/mu/clouds/google/container_cluster.rb +290 -0
- data/modules/mu/clouds/google/database.rb +152 -0
- data/modules/mu/clouds/google/firewall_rule.rb +267 -0
- data/modules/mu/clouds/google/group.rb +164 -0
- data/modules/mu/clouds/google/loadbalancer.rb +479 -0
- data/modules/mu/clouds/google/server.rb +1510 -0
- data/modules/mu/clouds/google/server_pool.rb +274 -0
- data/modules/mu/clouds/google/user.rb +266 -0
- data/modules/mu/clouds/google/userdata/README.md +4 -0
- data/modules/mu/clouds/google/userdata/linux.erb +137 -0
- data/modules/mu/clouds/google/userdata/windows.erb +275 -0
- data/modules/mu/clouds/google/vpc.rb +890 -0
- data/modules/mu/clouds/google.rb +811 -0
- data/modules/mu/config/README.md +11 -0
- data/modules/mu/config/alarm.rb +271 -0
- data/modules/mu/config/cache_cluster.rb +172 -0
- data/modules/mu/config/collection.rb +87 -0
- data/modules/mu/config/container_cluster.rb +103 -0
- data/modules/mu/config/container_cluster.yml +36 -0
- data/modules/mu/config/database.rb +458 -0
- data/modules/mu/config/database.yml +26 -0
- data/modules/mu/config/dnszone.rb +327 -0
- data/modules/mu/config/firewall_rule.rb +118 -0
- data/modules/mu/config/folder.rb +70 -0
- data/modules/mu/config/function.rb +140 -0
- data/modules/mu/config/group.rb +64 -0
- data/modules/mu/config/loadbalancer.rb +482 -0
- data/modules/mu/config/log.rb +47 -0
- data/modules/mu/config/log.yml +6 -0
- data/modules/mu/config/msg_queue.rb +47 -0
- data/modules/mu/config/msg_queue.yml +9 -0
- data/modules/mu/config/notification.rb +44 -0
- data/modules/mu/config/project.rb +71 -0
- data/modules/mu/config/role.rb +102 -0
- data/modules/mu/config/search_domain.rb +61 -0
- data/modules/mu/config/search_domain.yml +25 -0
- data/modules/mu/config/server.rb +587 -0
- data/modules/mu/config/server.yml +8 -0
- data/modules/mu/config/server_pool.rb +216 -0
- data/modules/mu/config/server_pool.yml +71 -0
- data/modules/mu/config/storage_pool.rb +145 -0
- data/modules/mu/config/user.rb +78 -0
- data/modules/mu/config/vpc.rb +743 -0
- data/modules/mu/config/vpc.yml +6 -0
- data/modules/mu/config.rb +2000 -0
- data/modules/mu/defaults/README.md +2 -0
- data/modules/mu/defaults/amazon_images.yaml +121 -0
- data/modules/mu/defaults/google_images.yaml +16 -0
- data/modules/mu/deploy.rb +686 -0
- data/modules/mu/groomer.rb +123 -0
- data/modules/mu/groomers/README.md +58 -0
- data/modules/mu/groomers/chef.rb +1024 -0
- data/modules/mu/kittens.rb +11319 -0
- data/modules/mu/logger.rb +208 -0
- data/modules/mu/master/README.md +27 -0
- data/modules/mu/master/chef.rb +471 -0
- data/modules/mu/master/ldap.rb +1005 -0
- data/modules/mu/master.rb +415 -0
- data/modules/mu/mommacat.rb +2703 -0
- data/modules/mu-load-config.rb +1 -0
- data/modules/mu.rb +724 -0
- data/modules/scratchpad.erb +1 -0
- data/modules/tests/super_complex_bok.yml +41 -0
- data/modules/tests/super_simple_bok.yml +40 -0
- data/mu.gemspec +62 -0
- data/roles/demo-dbservice-configure.json +19 -0
- data/roles/demo-portal-configure.json +19 -0
- data/roles/mu-master-jenkins.json +24 -0
- data/roles/mu-master-nagios-only.json +13 -0
- data/roles/mu-master.json +12 -0
- data/roles/mu-node.json +19 -0
- data/roles/mu-splunk-server.json +13 -0
- data/roles/mu-splunk.json +13 -0
- data/test/clean_up.py +25 -0
- data/test/demo-test-profile/README.md +3 -0
- data/test/demo-test-profile/controls/flask.rb +84 -0
- data/test/demo-test-profile/inspec.lock +7 -0
- data/test/demo-test-profile/inspec.yml +11 -0
- data/test/etco-test-profile/README.md +3 -0
- data/test/etco-test-profile/controls/all-in-one.rb +182 -0
- data/test/etco-test-profile/inspec.lock +7 -0
- data/test/etco-test-profile/inspec.yml +11 -0
- data/test/exec_inspec.py +246 -0
- data/test/exec_mu_install.py +241 -0
- data/test/exec_retry.py +44 -0
- data/test/mu-master-test/README.md +3 -0
- data/test/mu-master-test/controls/all_in_one.rb +557 -0
- data/test/mu-master-test/inspec.lock +3 -0
- data/test/mu-master-test/inspec.yml +11 -0
- data/test/mu-tools-test/README.md +3 -0
- data/test/mu-tools-test/controls/base.rb +265 -0
- data/test/mu-tools-test/inspec.lock +3 -0
- data/test/mu-tools-test/inspec.yml +8 -0
- data/test/simple-server-php-test/README.md +3 -0
- data/test/simple-server-php-test/controls/apachephp.rb +25 -0
- data/test/simple-server-php-test/controls/example.rb +19 -0
- data/test/simple-server-php-test/inspec.lock +7 -0
- data/test/simple-server-php-test/inspec.yml +12 -0
- data/test/simple-server-rails-test/README.md +3 -0
- data/test/simple-server-rails-test/controls/rails.rb +188 -0
- data/test/simple-server-rails-test/inspec.lock +7 -0
- data/test/simple-server-rails-test/inspec.yml +11 -0
- data/test/simple-windows-test/README.md +3 -0
- data/test/simple-windows-test/controls/windows.rb +20 -0
- data/test/simple-windows-test/inspec.lock +7 -0
- data/test/simple-windows-test/inspec.yml +11 -0
- data/test/smoke_test.rb +75 -0
- data/test/wordpress-test/README.md +3 -0
- data/test/wordpress-test/controls/wordpress.rb +97 -0
- data/test/wordpress-test/inspec.lock +7 -0
- data/test/wordpress-test/inspec.yml +11 -0
- metadata +979 -0
|
@@ -0,0 +1,743 @@
|
|
|
1
|
+
# Copyright:: Copyright (c) 2018 eGlobalTech, Inc., all rights reserved
|
|
2
|
+
#
|
|
3
|
+
# Licensed under the BSD-3 license (the "License");
|
|
4
|
+
# you may not use this file except in compliance with the License.
|
|
5
|
+
# You may obtain a copy of the License in the root of the project or at
|
|
6
|
+
#
|
|
7
|
+
# http://egt-labs.com/mu/LICENSE.html
|
|
8
|
+
#
|
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
# See the License for the specific language governing permissions and
|
|
13
|
+
# limitations under the License.
|
|
14
|
+
|
|
15
|
+
module MU
|
|
16
|
+
class Config
|
|
17
|
+
# Basket of Kittens config schema and parser logic. See modules/mu/clouds/*/vpc.rb
|
|
18
|
+
class VPC
|
|
19
|
+
|
|
20
|
+
# Base configuration schema for a VPC
|
|
21
|
+
# @return [Hash]
|
|
22
|
+
def self.schema
|
|
23
|
+
{
|
|
24
|
+
"type" => "object",
|
|
25
|
+
"required" => ["name"],
|
|
26
|
+
"additionalProperties" => false,
|
|
27
|
+
"description" => "Create Virtual Private Clouds with custom public or private subnets.",
|
|
28
|
+
"properties" => {
|
|
29
|
+
"name" => {"type" => "string"},
|
|
30
|
+
"cloud" => MU::Config.cloud_primitive,
|
|
31
|
+
"ip_block" => {
|
|
32
|
+
"type" => "string",
|
|
33
|
+
"pattern" => MU::Config::CIDR_PATTERN,
|
|
34
|
+
"description" => MU::Config::CIDR_DESCRIPTION,
|
|
35
|
+
"default" => "10.0.0.0/16"
|
|
36
|
+
},
|
|
37
|
+
"tags" => MU::Config.tags_primitive,
|
|
38
|
+
"optional_tags" => MU::Config.optional_tags_primitive,
|
|
39
|
+
"create_standard_subnets" => {
|
|
40
|
+
"type" => "boolean",
|
|
41
|
+
"description" => "If the 'subnets' parameter to this VPC is not specified, we will instead create one set of public subnets and one set of private, with a public/private pair in each Availability Zone in the target region.",
|
|
42
|
+
"default" => true
|
|
43
|
+
},
|
|
44
|
+
"availability_zones" => {
|
|
45
|
+
"type" => "array",
|
|
46
|
+
"items" => {
|
|
47
|
+
"description" => "When the 'create_standard_subnets' flag is set, use this to target a specific set of availability zones across which to spread those subnets. Will attempt to guess based on the target region, if not specified.",
|
|
48
|
+
"type" => "object",
|
|
49
|
+
"required" => ["zone"],
|
|
50
|
+
"properties" => {
|
|
51
|
+
"zone" => {
|
|
52
|
+
"type" => "string"
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
},
|
|
57
|
+
"create_internet_gateway" => {
|
|
58
|
+
"type" => "boolean",
|
|
59
|
+
"default" => true
|
|
60
|
+
},
|
|
61
|
+
"create_nat_gateway" => {
|
|
62
|
+
"type" => "boolean",
|
|
63
|
+
"description" => "If set to 'true' will create a NAT gateway to enable traffic in private subnets to be routed to the internet.",
|
|
64
|
+
"default" => false
|
|
65
|
+
},
|
|
66
|
+
"enable_dns_support" => {
|
|
67
|
+
"type" => "boolean",
|
|
68
|
+
"default" => true
|
|
69
|
+
},
|
|
70
|
+
"endpoint_policy" => {
|
|
71
|
+
"type" => "array",
|
|
72
|
+
"items" => {
|
|
73
|
+
"description" => "Amazon-compatible endpoint policy that controls access to the endpoint by other resources in the VPC. If not provided Amazon will create a default policy that provides full access.",
|
|
74
|
+
"type" => "object"
|
|
75
|
+
}
|
|
76
|
+
},
|
|
77
|
+
"endpoint" => {
|
|
78
|
+
"type" => "string",
|
|
79
|
+
"description" => "An Amazon service specific endpoint that resources within a VPC can route to without going through a NAT or an internet gateway. Currently only S3 is supported. an example S3 endpoint in the us-east-1 region: com.amazonaws.us-east-1.s3."
|
|
80
|
+
},
|
|
81
|
+
"enable_dns_hostnames" => {
|
|
82
|
+
"type" => "boolean",
|
|
83
|
+
"default" => true
|
|
84
|
+
},
|
|
85
|
+
"nat_gateway_multi_az" => {
|
|
86
|
+
"type" => "boolean",
|
|
87
|
+
"description" => "If set to 'true' will create a separate NAT gateway in each availability zone and configure subnet route tables appropriately",
|
|
88
|
+
"default" => false
|
|
89
|
+
},
|
|
90
|
+
"dependencies" => MU::Config.dependencies_primitive,
|
|
91
|
+
"auto_accept_peers" => {
|
|
92
|
+
"type" => "boolean",
|
|
93
|
+
"description" => "Peering connections requested to this VPC by other deployments on the same Mu master will be automatically accepted.",
|
|
94
|
+
"default" => true
|
|
95
|
+
},
|
|
96
|
+
"peers" => {
|
|
97
|
+
"type" => "array",
|
|
98
|
+
"description" => "One or more other VPCs with which to attempt to create a peering connection.",
|
|
99
|
+
"items" => {
|
|
100
|
+
"type" => "object",
|
|
101
|
+
"required" => ["vpc"],
|
|
102
|
+
"description" => "One or more other VPCs with which to attempt to create a peering connection.",
|
|
103
|
+
"properties" => {
|
|
104
|
+
"account" => {
|
|
105
|
+
"type" => "string",
|
|
106
|
+
"description" => "The AWS account which owns the target VPC."
|
|
107
|
+
},
|
|
108
|
+
"vpc" => reference(MANY_SUBNETS, NO_NAT_OPTS, "all")
|
|
109
|
+
# "route_tables" => {
|
|
110
|
+
# "type" => "array",
|
|
111
|
+
# "items" => {
|
|
112
|
+
# "type" => "string",
|
|
113
|
+
# "description" => "The name of a route to which to add a route for this peering connection. If none are specified, all available route tables will have approprite routes added."
|
|
114
|
+
# }
|
|
115
|
+
# }
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
},
|
|
119
|
+
"route_tables" => {
|
|
120
|
+
"type" => "array",
|
|
121
|
+
"items" => {
|
|
122
|
+
"type" => "object",
|
|
123
|
+
"required" => ["name", "routes"],
|
|
124
|
+
"description" => "A table of route entries, typically for use inside a VPC.",
|
|
125
|
+
"properties" => {
|
|
126
|
+
"name" => {"type" => "string"},
|
|
127
|
+
"routes" => {
|
|
128
|
+
"type" => "array",
|
|
129
|
+
"items" => routeschema
|
|
130
|
+
}
|
|
131
|
+
}
|
|
132
|
+
}
|
|
133
|
+
},
|
|
134
|
+
"subnets" => {
|
|
135
|
+
"type" => "array",
|
|
136
|
+
"items" => {
|
|
137
|
+
"type" => "object",
|
|
138
|
+
"required" => ["name", "ip_block"],
|
|
139
|
+
"description" => "A list of subnets",
|
|
140
|
+
"properties" => {
|
|
141
|
+
"name" => {"type" => "string"},
|
|
142
|
+
"ip_block" => MU::Config::CIDR_PRIMITIVE,
|
|
143
|
+
"availability_zone" => {"type" => "string"},
|
|
144
|
+
"route_table" => {"type" => "string"},
|
|
145
|
+
"map_public_ips" => {
|
|
146
|
+
"type" => "boolean",
|
|
147
|
+
"description" => "If the cloud provider's instances should automatically be assigned publicly routable addresses.",
|
|
148
|
+
"default" => false
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
},
|
|
153
|
+
"dhcp" => {
|
|
154
|
+
"type" => "object",
|
|
155
|
+
"description" => "Alternate DHCP behavior for nodes in this VPC",
|
|
156
|
+
"additionalProperties" => false,
|
|
157
|
+
"properties" => {
|
|
158
|
+
"dns_servers" => {
|
|
159
|
+
"type" => "array",
|
|
160
|
+
"minItems" => 1,
|
|
161
|
+
"maxItems" => 4,
|
|
162
|
+
"items" => {
|
|
163
|
+
"type" => "string",
|
|
164
|
+
"description" => "The IP address of up to four DNS servers",
|
|
165
|
+
"pattern" => "^\\d+\\.\\d+\\.\\d+\\.\\d+$"
|
|
166
|
+
}
|
|
167
|
+
},
|
|
168
|
+
"ntp_servers" => {
|
|
169
|
+
"type" => "array",
|
|
170
|
+
"minItems" => 1,
|
|
171
|
+
"maxItems" => 4,
|
|
172
|
+
"items" => {
|
|
173
|
+
"type" => "string",
|
|
174
|
+
"description" => "The IP address of up to four NTP servers",
|
|
175
|
+
"pattern" => "^\\d+\\.\\d+\\.\\d+\\.\\d+$"
|
|
176
|
+
}
|
|
177
|
+
},
|
|
178
|
+
"netbios_servers" => {
|
|
179
|
+
"type" => "array",
|
|
180
|
+
"minItems" => 1,
|
|
181
|
+
"maxItems" => 4,
|
|
182
|
+
"items" => {
|
|
183
|
+
"type" => "string",
|
|
184
|
+
"description" => "The IP address of up to four NetBIOS servers",
|
|
185
|
+
"pattern" => "^\\d+\\.\\d+\\.\\d+\\.\\d+$"
|
|
186
|
+
}
|
|
187
|
+
},
|
|
188
|
+
"netbios_type" => {
|
|
189
|
+
"type" => "integer",
|
|
190
|
+
"enum" => [1, 2, 4, 8],
|
|
191
|
+
"default" => 2
|
|
192
|
+
},
|
|
193
|
+
"domains" => {
|
|
194
|
+
"type" => "array",
|
|
195
|
+
"minItems" => 1,
|
|
196
|
+
"items" => {
|
|
197
|
+
"type" => "string",
|
|
198
|
+
"description" => "If you're using AmazonProvidedDNS in us-east-1, specify ec2.internal. If you're using AmazonProvidedDNS in another region, specify region.compute.internal (for example, ap-northeast-1.compute.internal). Otherwise, specify a domain name (for example, MyCompany.com)."
|
|
199
|
+
}
|
|
200
|
+
}
|
|
201
|
+
}
|
|
202
|
+
}
|
|
203
|
+
}
|
|
204
|
+
}
|
|
205
|
+
end
|
|
206
|
+
|
|
207
|
+
# Constant for passing into MU::Config::VPC.reference
|
|
208
|
+
NO_SUBNETS = 0.freeze
|
|
209
|
+
# Constant for passing into MU::Config::VPC.reference
|
|
210
|
+
ONE_SUBNET = 1.freeze
|
|
211
|
+
# Constant for passing into MU::Config::VPC.reference
|
|
212
|
+
MANY_SUBNETS = 2.freeze
|
|
213
|
+
# Constant for passing into MU::Config::VPC.reference
|
|
214
|
+
NAT_OPTS = true.freeze
|
|
215
|
+
# Constant for passing into MU::Config::VPC.reference
|
|
216
|
+
NO_NAT_OPTS = false.freeze
|
|
217
|
+
|
|
218
|
+
# There's a small amount of variation in the way various resources need to
|
|
219
|
+
# refer to VPCs, so let's wrap the schema in a method that'll handle the
|
|
220
|
+
# wiggling.
|
|
221
|
+
# @param subnets [Integer]:
|
|
222
|
+
# @param nat_opts [Boolean]:
|
|
223
|
+
# @param subnet_pref [String]:
|
|
224
|
+
# @return [Hash]
|
|
225
|
+
def self.reference(subnets = MANY_SUBNETS, nat_opts = NAT_OPTS, subnet_pref = nil)
|
|
226
|
+
vpc_ref_schema = {
|
|
227
|
+
"type" => "object",
|
|
228
|
+
"description" => "Deploy, attach, allow access from, or peer this resource with a VPC of VPCs.",
|
|
229
|
+
"minProperties" => 1,
|
|
230
|
+
"additionalProperties" => false,
|
|
231
|
+
"properties" => {
|
|
232
|
+
"vpc_id" => {
|
|
233
|
+
"type" => "string",
|
|
234
|
+
"description" => "Discover this VPC by looking for this cloud provider identifier."
|
|
235
|
+
},
|
|
236
|
+
"vpc_name" => {
|
|
237
|
+
"type" => "string",
|
|
238
|
+
"description" => "Discover this VPC by Mu-internal name; typically the shorthand 'name' field of a VPC declared elsewhere in the deploy, or in another deploy that's being referenced with 'deploy_id'."
|
|
239
|
+
},
|
|
240
|
+
"region" => MU::Config.region_primitive,
|
|
241
|
+
"cloud" => MU::Config.cloud_primitive,
|
|
242
|
+
"tag" => {
|
|
243
|
+
"type" => "string",
|
|
244
|
+
"description" => "Discover this VPC by a cloud provider tag (key=value); note that this tag must not match more than one resource.",
|
|
245
|
+
"pattern" => "^[^=]+=.+"
|
|
246
|
+
},
|
|
247
|
+
"deploy_id" => {
|
|
248
|
+
"type" => "string",
|
|
249
|
+
"description" => "Search for this VPC in an existing Mu deploy; specify a Mu deploy id (e.g. DEMO-DEV-2014111400-NG)."
|
|
250
|
+
}
|
|
251
|
+
}
|
|
252
|
+
}
|
|
253
|
+
|
|
254
|
+
if nat_opts
|
|
255
|
+
vpc_ref_schema["properties"].merge!(
|
|
256
|
+
{
|
|
257
|
+
"nat_host_name" => {
|
|
258
|
+
"type" => "string",
|
|
259
|
+
"description" => "The Mu-internal name of a NAT host to use; Typically the shorthand 'name' field of a Server declared elsewhere in the deploy, or in another deploy that's being referenced with 'deploy_id'."
|
|
260
|
+
},
|
|
261
|
+
"nat_host_id" => {
|
|
262
|
+
"type" => "string",
|
|
263
|
+
"description" => "Discover a Server to use as a NAT by looking for this cloud provider identifier."
|
|
264
|
+
},
|
|
265
|
+
"nat_host_ip" => {
|
|
266
|
+
"type" => "string",
|
|
267
|
+
"description" => "Discover a Server to use as a NAT by looking for an associated IP.",
|
|
268
|
+
"pattern" => "^\\d+\\.\\d+\\.\\d+\\.\\d+$"
|
|
269
|
+
},
|
|
270
|
+
"nat_ssh_user" => {
|
|
271
|
+
"type" => "string",
|
|
272
|
+
"default" => "root",
|
|
273
|
+
},
|
|
274
|
+
"nat_ssh_key" => {
|
|
275
|
+
"type" => "string",
|
|
276
|
+
"description" => "An alternate SSH private key for access to the NAT. We'll expect to find this in ~/.ssh along with the regular keys.",
|
|
277
|
+
},
|
|
278
|
+
"nat_host_tag" => {
|
|
279
|
+
"type" => "string",
|
|
280
|
+
"description" => "Discover a Server to use as a NAT by looking for a cloud provider tag (key=value); Note that this tag must not match more than one server.",
|
|
281
|
+
"pattern" => "^[^=]+=.+"
|
|
282
|
+
}
|
|
283
|
+
}
|
|
284
|
+
)
|
|
285
|
+
end
|
|
286
|
+
|
|
287
|
+
if subnets > 0
|
|
288
|
+
vpc_ref_schema["properties"]["subnet_pref"] = {
|
|
289
|
+
"type" => "string",
|
|
290
|
+
"default" => subnet_pref,
|
|
291
|
+
"description" => "When auto-discovering VPC resources, this specifies target subnets for this resource. Special keywords: public, private, any, all, all_public, all_private, all. Using the name of a route table defined elsewhere in this BoK will behave like 'all_<routetablename>.'",
|
|
292
|
+
}
|
|
293
|
+
|
|
294
|
+
# if subnets == ONE_SUBNET
|
|
295
|
+
# vpc_ref_schema["properties"]["subnet_pref"]["enum"] = ["public", "private", "any"]
|
|
296
|
+
# elsif subnets == MANY_SUBNETS
|
|
297
|
+
# vpc_ref_schema["properties"]["subnet_pref"]["enum"] = ["public", "private", "any", "all", "all_public", "all_private"]
|
|
298
|
+
# else
|
|
299
|
+
# vpc_ref_schema["properties"]["subnet_pref"]["enum"] = ["public", "private", "any", "all_public", "all_private", "all"]
|
|
300
|
+
# end
|
|
301
|
+
end
|
|
302
|
+
|
|
303
|
+
if subnets == ONE_SUBNET or subnets == (ONE_SUBNET+MANY_SUBNETS)
|
|
304
|
+
vpc_ref_schema["properties"]["subnet_name"] = {"type" => "string"}
|
|
305
|
+
vpc_ref_schema["properties"]["subnet_id"] = {"type" => "string"}
|
|
306
|
+
end
|
|
307
|
+
if subnets == MANY_SUBNETS or subnets == (ONE_SUBNET+MANY_SUBNETS)
|
|
308
|
+
vpc_ref_schema["properties"]["subnets"] = {
|
|
309
|
+
"type" => "array",
|
|
310
|
+
"items" => {
|
|
311
|
+
"type" => "object",
|
|
312
|
+
"description" => "The subnets to which to attach this resource. Will default to all subnets in this VPC if not specified.",
|
|
313
|
+
"properties" => {
|
|
314
|
+
"subnet_name" => {"type" => "string"},
|
|
315
|
+
"subnet_id" => {"type" => "string"},
|
|
316
|
+
"tag" => {
|
|
317
|
+
"type" => "string",
|
|
318
|
+
"description" => "Identify this subnet by a tag (key=value). Note that this tag must not match more than one resource.",
|
|
319
|
+
"pattern" => "^[^=]+=.+"
|
|
320
|
+
}
|
|
321
|
+
}
|
|
322
|
+
}
|
|
323
|
+
}
|
|
324
|
+
if subnets == (ONE_SUBNET+MANY_SUBNETS)
|
|
325
|
+
vpc_ref_schema["properties"]["subnets"]["items"]["description"] = "Extra subnets to which to attach this {MU::Cloud::AWS::Server}. Extra network interfaces will be created to accomodate these attachments."
|
|
326
|
+
end
|
|
327
|
+
end
|
|
328
|
+
|
|
329
|
+
return vpc_ref_schema
|
|
330
|
+
end
|
|
331
|
+
|
|
332
|
+
# Generate schema for a network route, usually used in the context of a VPC resource
|
|
333
|
+
# @return [Hash]
|
|
334
|
+
def self.routeschema
|
|
335
|
+
{
|
|
336
|
+
"type" => "object",
|
|
337
|
+
"description" => "Define a network route, typically for use inside a VPC.",
|
|
338
|
+
"properties" => {
|
|
339
|
+
"destination_network" => {
|
|
340
|
+
"type" => "string",
|
|
341
|
+
"pattern" => MU::Config::CIDR_PATTERN,
|
|
342
|
+
"description" => MU::Config::CIDR_DESCRIPTION,
|
|
343
|
+
"default" => "0.0.0.0/0"
|
|
344
|
+
},
|
|
345
|
+
"peer_id" => {
|
|
346
|
+
"type" => "string",
|
|
347
|
+
"description" => "The ID of a VPC peering connection to use as a gateway"
|
|
348
|
+
},
|
|
349
|
+
"gateway" => {
|
|
350
|
+
"type" => "string",
|
|
351
|
+
"description" => "The ID of a VPN, NAT, or Internet gateway attached to your VPC. #INTERNET will refer to this VPC's default internet gateway, if one exists. #NAT will refer to a this VPC's NAT gateway, and will implicitly create one if none exists. #DENY will ensure that the subnets associated with this route do *not* have a route outside of the VPC's local address space (primarily for Google Cloud, where we must explicitly disable egress to the internet)."
|
|
352
|
+
},
|
|
353
|
+
"nat_host_id" => {
|
|
354
|
+
"type" => "string",
|
|
355
|
+
"description" => "The instance id of a NAT host in this VPN."
|
|
356
|
+
},
|
|
357
|
+
"nat_host_name" => {
|
|
358
|
+
"type" => "string",
|
|
359
|
+
"description" => "The MU resource name or Name tag of a NAT host in this VPN."
|
|
360
|
+
},
|
|
361
|
+
"interface" => {
|
|
362
|
+
"type" => "string",
|
|
363
|
+
"description" => "A network interface over which to route."
|
|
364
|
+
}
|
|
365
|
+
}
|
|
366
|
+
}
|
|
367
|
+
end
|
|
368
|
+
|
|
369
|
+
# Generic pre-processing of {MU::Config::BasketofKittens::vpcs}, bare and unvalidated.
|
|
370
|
+
# @param vpc [Hash]: The resource to process and validate
|
|
371
|
+
# @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
|
|
372
|
+
# @return [Boolean]: True if validation succeeded, False otherwise
|
|
373
|
+
def self.validate(vpc, configurator)
|
|
374
|
+
ok = true
|
|
375
|
+
|
|
376
|
+
# Look for a common YAML screwup in route table land
|
|
377
|
+
if vpc['route_tables']
|
|
378
|
+
vpc['route_tables'].each { |rtb|
|
|
379
|
+
next if !rtb['routes']
|
|
380
|
+
rtb['routes'].each { |r|
|
|
381
|
+
if r.has_key?("gateway") and (!r["gateway"] or r["gateway"].to_s.empty?)
|
|
382
|
+
MU.log "Route gateway in VPC #{vpc['name']} cannot be nil- did you forget to puts quotes around a #INTERNET, #NAT, or #DENY?", MU::ERR, details: rtb
|
|
383
|
+
ok = false
|
|
384
|
+
end
|
|
385
|
+
}
|
|
386
|
+
}
|
|
387
|
+
end
|
|
388
|
+
|
|
389
|
+
ok = false if !resolvePeers(vpc, configurator)
|
|
390
|
+
|
|
391
|
+
ok
|
|
392
|
+
end
|
|
393
|
+
|
|
394
|
+
# If the passed-in VPC configuration declares any peer VPCs, run it
|
|
395
|
+
# through MU::Config::VPC.processReference. This is separate from our
|
|
396
|
+
# initial validation, because we want all sibling VPCs to have had
|
|
397
|
+
# MU::Config#insertKitten called on them before we do this.
|
|
398
|
+
# @param vpc [Hash]: The config chunk for this VPC
|
|
399
|
+
# @return [Hash]: The modified config chunk containing resolved peers
|
|
400
|
+
def self.resolvePeers(vpc, configurator)
|
|
401
|
+
ok = true
|
|
402
|
+
if !vpc["peers"].nil?
|
|
403
|
+
vpc["peers"].each { |peer|
|
|
404
|
+
peer["#MU_CLOUDCLASS"] = Object.const_get("MU").const_get("Cloud").const_get("VPC")
|
|
405
|
+
# If we're peering with a VPC in this deploy, set it as a dependency
|
|
406
|
+
if !peer['vpc']["vpc_name"].nil? and
|
|
407
|
+
configurator.haveLitterMate?(peer['vpc']["vpc_name"], "vpcs") and
|
|
408
|
+
peer["vpc"]['deploy_id'].nil? and peer["vpc"]['vpc_id'].nil?
|
|
409
|
+
peer['vpc']['cloud'] = vpc['cloud'] if peer['vpc']['cloud'].nil?
|
|
410
|
+
vpc["dependencies"] << {
|
|
411
|
+
"type" => "vpc",
|
|
412
|
+
"name" => peer['vpc']["vpc_name"]
|
|
413
|
+
}
|
|
414
|
+
# If we're using a VPC from somewhere else, make sure the flippin'
|
|
415
|
+
# thing exists, and also fetch its id now so later search routines
|
|
416
|
+
# don't have to work so hard.
|
|
417
|
+
else
|
|
418
|
+
peer['vpc']['cloud'] = vpc['cloud'] if peer['vpc']['cloud'].nil?
|
|
419
|
+
if !peer['account'].nil? and peer['account'] != MU.account_number
|
|
420
|
+
if peer['vpc']["vpc_id"].nil?
|
|
421
|
+
MU.log "VPC peering connections to non-local accounts must specify the vpc_id of the peer.", MU::ERR
|
|
422
|
+
ok = false
|
|
423
|
+
end
|
|
424
|
+
elsif !processReference(peer['vpc'], "vpcs", "vpc '#{vpc['name']}'", configurator, dflt_region: peer["vpc"]['region'])
|
|
425
|
+
ok = false
|
|
426
|
+
end
|
|
427
|
+
end
|
|
428
|
+
}
|
|
429
|
+
end
|
|
430
|
+
ok
|
|
431
|
+
end
|
|
432
|
+
|
|
433
|
+
# Pick apart an external VPC reference, validate it, and resolve it and its
|
|
434
|
+
# various subnets and NAT hosts to live resources.
|
|
435
|
+
# @param vpc_block [Hash]:
|
|
436
|
+
# @param parent_type [String]:
|
|
437
|
+
# @param parent_name [String]:
|
|
438
|
+
# @param configurator [MU::Config]:
|
|
439
|
+
# @param is_sibling [Boolean]:
|
|
440
|
+
# @param sibling_vpcs [Array]:
|
|
441
|
+
# @param dflt_region [String]:
|
|
442
|
+
def self.processReference(vpc_block, parent_type, parent_name, configurator, is_sibling: false, sibling_vpcs: [], dflt_region: MU.curRegion)
|
|
443
|
+
puts vpc_block.ancestors if !vpc_block.is_a?(Hash)
|
|
444
|
+
if !vpc_block.is_a?(Hash) and vpc_block.kind_of?(MU::Cloud::VPC)
|
|
445
|
+
return true
|
|
446
|
+
end
|
|
447
|
+
ok = true
|
|
448
|
+
|
|
449
|
+
if vpc_block['region'].nil? and dflt_region and !dflt_region.empty?
|
|
450
|
+
vpc_block['region'] = dflt_region.to_s
|
|
451
|
+
end
|
|
452
|
+
|
|
453
|
+
flags = {}
|
|
454
|
+
flags["subnet_pref"] = vpc_block["subnet_pref"] if !vpc_block["subnet_pref"].nil?
|
|
455
|
+
|
|
456
|
+
# First, dig up the enclosing VPC
|
|
457
|
+
tag_key, tag_value = vpc_block['tag'].split(/=/, 2) if !vpc_block['tag'].nil?
|
|
458
|
+
if !is_sibling
|
|
459
|
+
begin
|
|
460
|
+
if vpc_block['cloud'] != "CloudFormation"
|
|
461
|
+
found = MU::MommaCat.findStray(
|
|
462
|
+
vpc_block['cloud'],
|
|
463
|
+
"vpc",
|
|
464
|
+
deploy_id: vpc_block["deploy_id"],
|
|
465
|
+
cloud_id: vpc_block["vpc_id"],
|
|
466
|
+
name: vpc_block["vpc_name"],
|
|
467
|
+
tag_key: tag_key,
|
|
468
|
+
tag_value: tag_value,
|
|
469
|
+
region: vpc_block["region"],
|
|
470
|
+
flags: flags,
|
|
471
|
+
dummy_ok: true
|
|
472
|
+
)
|
|
473
|
+
|
|
474
|
+
ext_vpc = found.first if found.size == 1
|
|
475
|
+
end
|
|
476
|
+
rescue Exception => e
|
|
477
|
+
raise MuError, e.inspect, e.backtrace
|
|
478
|
+
ensure
|
|
479
|
+
if !ext_vpc and vpc_block['cloud'] != "CloudFormation"
|
|
480
|
+
MU.log "Couldn't resolve VPC reference to a unique live VPC in #{parent_name} (called by #{caller[0]})", MU::ERR, details: vpc_block
|
|
481
|
+
return false
|
|
482
|
+
elsif !vpc_block["vpc_id"]
|
|
483
|
+
MU.log "Resolved VPC to #{ext_vpc.cloud_id} in #{parent_name}", MU::DEBUG, details: vpc_block
|
|
484
|
+
vpc_block["vpc_id"] = configurator.getTail("#{parent_name} Target VPC", value: ext_vpc.cloud_id, prettyname: "#{parent_name} Target VPC", cloudtype: "AWS::EC2::VPC::Id")
|
|
485
|
+
end
|
|
486
|
+
end
|
|
487
|
+
|
|
488
|
+
# Other !is_sibling logic for external vpcs
|
|
489
|
+
# Next, the NAT host, if there is one
|
|
490
|
+
if (vpc_block['nat_host_name'] or vpc_block['nat_host_ip'] or vpc_block['nat_host_tag'])
|
|
491
|
+
if !vpc_block['nat_host_tag'].nil?
|
|
492
|
+
nat_tag_key, nat_tag_value = vpc_block['nat_host_tag'].to_s.split(/=/, 2)
|
|
493
|
+
else
|
|
494
|
+
nat_tag_key, nat_tag_value = [tag_key.to_s, tag_value.to_s]
|
|
495
|
+
end
|
|
496
|
+
|
|
497
|
+
ext_nat = ext_vpc.findBastion(
|
|
498
|
+
nat_name: vpc_block["nat_host_name"],
|
|
499
|
+
nat_cloud_id: vpc_block["nat_host_id"],
|
|
500
|
+
nat_tag_key: nat_tag_key,
|
|
501
|
+
nat_tag_value: nat_tag_value,
|
|
502
|
+
nat_ip: vpc_block['nat_host_ip']
|
|
503
|
+
)
|
|
504
|
+
ssh_keydir = Etc.getpwnam(MU.mu_user).dir+"/.ssh"
|
|
505
|
+
if !vpc_block['nat_ssh_key'].nil? and !File.exists?(ssh_keydir+"/"+vpc_block['nat_ssh_key'])
|
|
506
|
+
MU.log "Couldn't find alternate NAT key #{ssh_keydir}/#{vpc_block['nat_ssh_key']} in #{parent_name}", MU::ERR, details: vpc_block
|
|
507
|
+
return false
|
|
508
|
+
end
|
|
509
|
+
|
|
510
|
+
if !ext_nat
|
|
511
|
+
if vpc_block["nat_host_id"].nil? and nat_tag_key.nil? and vpc_block['nat_host_ip'].nil? and vpc_block["deploy_id"].nil?
|
|
512
|
+
MU.log "Couldn't resolve NAT host to a live instance in #{parent_name}.", MU::DEBUG, details: vpc_block
|
|
513
|
+
else
|
|
514
|
+
MU.log "Couldn't resolve NAT host to a live instance in #{parent_name}", MU::ERR, details: vpc_block
|
|
515
|
+
return false
|
|
516
|
+
end
|
|
517
|
+
elsif !vpc_block["nat_host_id"]
|
|
518
|
+
MU.log "Resolved NAT host to #{ext_nat.cloud_id} in #{parent_name}", MU::DEBUG, details: vpc_block
|
|
519
|
+
vpc_block["nat_host_id"] = ext_nat.cloud_id
|
|
520
|
+
vpc_block.delete('nat_host_name')
|
|
521
|
+
vpc_block.delete('nat_host_ip')
|
|
522
|
+
vpc_block.delete('nat_host_tag')
|
|
523
|
+
vpc_block.delete('nat_ssh_user')
|
|
524
|
+
end
|
|
525
|
+
end
|
|
526
|
+
|
|
527
|
+
# Some resources specify multiple subnets...
|
|
528
|
+
if vpc_block.has_key?("subnets")
|
|
529
|
+
vpc_block['subnets'].each { |subnet|
|
|
530
|
+
tag_key, tag_value = subnet['tag'].split(/=/, 2) if !subnet['tag'].nil?
|
|
531
|
+
if !ext_vpc.nil?
|
|
532
|
+
begin
|
|
533
|
+
ext_subnet = ext_vpc.getSubnet(cloud_id: subnet['subnet_id'], name: subnet['subnet_name'], tag_key: tag_key, tag_value: tag_value)
|
|
534
|
+
rescue MuError
|
|
535
|
+
end
|
|
536
|
+
end
|
|
537
|
+
|
|
538
|
+
if ext_subnet.nil? and vpc_block["cloud"] != "CloudFormation"
|
|
539
|
+
ok = false
|
|
540
|
+
MU.log "Couldn't resolve subnet reference (list) in #{parent_name} to a live subnet", MU::ERR, details: subnet
|
|
541
|
+
elsif !subnet['subnet_id']
|
|
542
|
+
subnet['subnet_id'] = ext_subnet.cloud_id
|
|
543
|
+
subnet['az'] = ext_subnet.az
|
|
544
|
+
subnet.delete('subnet_name')
|
|
545
|
+
subnet.delete('tag')
|
|
546
|
+
MU.log "Resolved subnet reference in #{parent_name} to #{ext_subnet.cloud_id}", MU::DEBUG, details: subnet
|
|
547
|
+
end
|
|
548
|
+
}
|
|
549
|
+
# ...others single subnets
|
|
550
|
+
elsif vpc_block.has_key?('subnet_name') or vpc_block.has_key?('subnet_id')
|
|
551
|
+
tag_key, tag_value = vpc_block['tag'].split(/=/, 2) if !vpc_block['tag'].nil?
|
|
552
|
+
begin
|
|
553
|
+
ext_subnet = ext_vpc.getSubnet(cloud_id: vpc_block['subnet_id'], name: vpc_block['subnet_name'], tag_key: tag_key, tag_value: tag_value)
|
|
554
|
+
rescue MuError => e
|
|
555
|
+
end
|
|
556
|
+
|
|
557
|
+
if ext_subnet.nil?
|
|
558
|
+
ok = false
|
|
559
|
+
MU.log "Couldn't resolve subnet reference (name/id) in #{parent_name} to a live subnet", MU::ERR, details: vpc_block
|
|
560
|
+
elsif !vpc_block['subnet_id']
|
|
561
|
+
vpc_block['subnet_id'] = ext_subnet.cloud_id
|
|
562
|
+
vpc_block['az'] = ext_subnet.az
|
|
563
|
+
vpc_block.delete('subnet_name')
|
|
564
|
+
vpc_block.delete('subnet_pref')
|
|
565
|
+
MU.log "Resolved subnet reference in #{parent_name} to #{ext_subnet.cloud_id}", MU::DEBUG, details: vpc_block
|
|
566
|
+
end
|
|
567
|
+
end
|
|
568
|
+
end
|
|
569
|
+
|
|
570
|
+
# ...and other times we get to pick
|
|
571
|
+
|
|
572
|
+
# First decide whether we should pay attention to subnet_prefs.
|
|
573
|
+
honor_subnet_prefs = true
|
|
574
|
+
if vpc_block['subnets']
|
|
575
|
+
count = 0
|
|
576
|
+
vpc_block['subnets'].each { |subnet|
|
|
577
|
+
if subnet['subnet_id'] or subnet['subnet_name']
|
|
578
|
+
honor_subnet_prefs=false
|
|
579
|
+
end
|
|
580
|
+
if !subnet['subnet_id'].nil? and subnet['subnet_id'].is_a?(String)
|
|
581
|
+
subnet['subnet_id'] = configurator.getTail("Subnet #{count} for #{parent_name}", value: subnet['subnet_id'], prettyname: "Subnet #{count} for #{parent_name}", cloudtype: "AWS::EC2::Subnet::Id")
|
|
582
|
+
count = count + 1
|
|
583
|
+
end
|
|
584
|
+
}
|
|
585
|
+
elsif (vpc_block['subnet_name'] or vpc_block['subnet_id'])
|
|
586
|
+
honor_subnet_prefs=false
|
|
587
|
+
end
|
|
588
|
+
|
|
589
|
+
if vpc_block['subnet_pref'] and honor_subnet_prefs
|
|
590
|
+
private_subnets = []
|
|
591
|
+
private_subnets_map = {}
|
|
592
|
+
public_subnets = []
|
|
593
|
+
public_subnets_map = {}
|
|
594
|
+
subnet_ptr = "subnet_id"
|
|
595
|
+
all_subnets = []
|
|
596
|
+
if !is_sibling
|
|
597
|
+
pub = priv = 0
|
|
598
|
+
raise MuError, "No subnets found in #{ext_vpc}" if ext_vpc.subnets.nil?
|
|
599
|
+
ext_vpc.subnets.each { |subnet|
|
|
600
|
+
next if dflt_region and vpc_block["cloud"] == "Google" and subnet.az != dflt_region
|
|
601
|
+
if subnet.private? and (vpc_block['subnet_pref'] != "all_public" and vpc_block['subnet_pref'] != "public")
|
|
602
|
+
private_subnets << { "subnet_id" => configurator.getTail("#{parent_name} Private Subnet #{priv}", value: subnet.cloud_id, prettyname: "#{parent_name} Private Subnet #{priv}", cloudtype: "AWS::EC2::Subnet::Id"), "az" => subnet.az }
|
|
603
|
+
private_subnets_map[subnet.cloud_id] = subnet
|
|
604
|
+
priv = priv + 1
|
|
605
|
+
elsif !subnet.private? and vpc_block['subnet_pref'] != "all_private" and vpc_block['subnet_pref'] != "private"
|
|
606
|
+
public_subnets << { "subnet_id" => configurator.getTail("#{parent_name} Public Subnet #{pub}", value: subnet.cloud_id, prettyname: "#{parent_name} Public Subnet #{pub}", cloudtype: "AWS::EC2::Subnet::Id"), "az" => subnet.az }
|
|
607
|
+
public_subnets_map[subnet.cloud_id] = subnet
|
|
608
|
+
pub = pub + 1
|
|
609
|
+
else
|
|
610
|
+
MU.log "#{subnet} didn't match subnet_pref: '#{vpc_block['subnet_pref']}' (private? returned #{subnet.private?})", MU::DEBUG
|
|
611
|
+
end
|
|
612
|
+
}
|
|
613
|
+
else
|
|
614
|
+
sibling_vpcs.each { |ext_vpc|
|
|
615
|
+
if ext_vpc['name'].to_s == vpc_block['vpc_name'].to_s and ext_vpc['subnets']
|
|
616
|
+
subnet_ptr = "subnet_name"
|
|
617
|
+
ext_vpc['subnets'].each { |subnet|
|
|
618
|
+
next if dflt_region and vpc_block["cloud"] == "Google" and subnet['availability_zone'] != dflt_region
|
|
619
|
+
if subnet['is_public'] # NAT nonsense calculated elsewhere, ew
|
|
620
|
+
public_subnets << {"subnet_name" => subnet['name'].to_s}
|
|
621
|
+
else
|
|
622
|
+
private_subnets << {"subnet_name" => subnet['name'].to_s}
|
|
623
|
+
configurator.nat_routes[subnet['name'].to_s] = [] if configurator.nat_routes[subnet['name'].to_s].nil?
|
|
624
|
+
if !subnet['nat_host_name'].nil?
|
|
625
|
+
configurator.nat_routes[subnet['name'].to_s] << subnet['nat_host_name'].to_s
|
|
626
|
+
end
|
|
627
|
+
end
|
|
628
|
+
}
|
|
629
|
+
break
|
|
630
|
+
end
|
|
631
|
+
}
|
|
632
|
+
end
|
|
633
|
+
|
|
634
|
+
if public_subnets.size == 0 and private_subnets == 0
|
|
635
|
+
MU.log "Couldn't find any subnets for #{parent_name}", MU::ERR
|
|
636
|
+
return false
|
|
637
|
+
end
|
|
638
|
+
all_subnets = public_subnets + private_subnets
|
|
639
|
+
|
|
640
|
+
case vpc_block['subnet_pref']
|
|
641
|
+
when "public"
|
|
642
|
+
if !public_subnets.nil? and public_subnets.size > 0
|
|
643
|
+
vpc_block.merge!(public_subnets[rand(public_subnets.length)]) if public_subnets
|
|
644
|
+
else
|
|
645
|
+
MU.log "Public subnet requested for #{parent_name}, but none found in #{vpc_block}", MU::ERR
|
|
646
|
+
return false
|
|
647
|
+
end
|
|
648
|
+
when "private"
|
|
649
|
+
if !private_subnets.nil? and private_subnets.size > 0
|
|
650
|
+
vpc_block.merge!(private_subnets[rand(private_subnets.length)])
|
|
651
|
+
else
|
|
652
|
+
MU.log "Private subnet requested for #{parent_name}, but none found in #{vpc_block}", MU::ERR
|
|
653
|
+
return false
|
|
654
|
+
end
|
|
655
|
+
if !is_sibling and !private_subnets_map[vpc_block[subnet_ptr]].nil?
|
|
656
|
+
vpc_block['nat_host_id'] = private_subnets_map[vpc_block[subnet_ptr]].defaultRoute
|
|
657
|
+
elsif configurator.nat_routes.has_key?(vpc_block[subnet_ptr])
|
|
658
|
+
vpc_block['nat_host_name'] == configurator.nat_routes[vpc_block[subnet_ptr]]
|
|
659
|
+
end
|
|
660
|
+
when "any"
|
|
661
|
+
vpc_block.merge!(all_subnets.sample)
|
|
662
|
+
when "all"
|
|
663
|
+
vpc_block['subnets'] = []
|
|
664
|
+
public_subnets.each { |subnet|
|
|
665
|
+
vpc_block['subnets'] << subnet
|
|
666
|
+
}
|
|
667
|
+
private_subnets.each { |subnet|
|
|
668
|
+
vpc_block['subnets'] << subnet
|
|
669
|
+
}
|
|
670
|
+
when "all_public"
|
|
671
|
+
vpc_block['subnets'] = []
|
|
672
|
+
public_subnets.each { |subnet|
|
|
673
|
+
vpc_block['subnets'] << subnet
|
|
674
|
+
}
|
|
675
|
+
when "all_private"
|
|
676
|
+
vpc_block['subnets'] = []
|
|
677
|
+
private_subnets.each { |subnet|
|
|
678
|
+
vpc_block['subnets'] << subnet
|
|
679
|
+
if !is_sibling and vpc_block['nat_host_id'].nil? and private_subnets_map.has_key?(subnet[subnet_ptr]) and !private_subnets_map[subnet[subnet_ptr]].nil?
|
|
680
|
+
vpc_block['nat_host_id'] = private_subnets_map[subnet[subnet_ptr]].defaultRoute
|
|
681
|
+
elsif configurator.nat_routes.has_key?(subnet) and vpc_block['nat_host_name'].nil?
|
|
682
|
+
vpc_block['nat_host_name'] == configurator.nat_routes[subnet]
|
|
683
|
+
end
|
|
684
|
+
}
|
|
685
|
+
else
|
|
686
|
+
vpc_block['subnets'] ||= []
|
|
687
|
+
|
|
688
|
+
sibling_vpcs.each { |ext_vpc|
|
|
689
|
+
next if ext_vpc["name"] != vpc_block["vpc_name"]
|
|
690
|
+
ext_vpc["subnets"].each { |subnet|
|
|
691
|
+
if subnet["route_table"] == vpc_block["subnet_pref"]
|
|
692
|
+
vpc_block["subnets"] << subnet
|
|
693
|
+
end
|
|
694
|
+
}
|
|
695
|
+
}
|
|
696
|
+
if vpc_block['subnets'].size < 1
|
|
697
|
+
MU.log "Unable to resolve subnet_pref '#{vpc_block['subnet_pref']}' to any route table"
|
|
698
|
+
ok = false
|
|
699
|
+
end
|
|
700
|
+
end
|
|
701
|
+
end
|
|
702
|
+
|
|
703
|
+
if ok
|
|
704
|
+
# Delete values that don't apply to the schema for whatever this VPC's
|
|
705
|
+
# parent resource is.
|
|
706
|
+
vpc_block.keys.each { |vpckey|
|
|
707
|
+
if MU::Config.schema["properties"][parent_type]["items"]["properties"]["vpc"] and
|
|
708
|
+
!MU::Config.schema["properties"][parent_type]["items"]["properties"]["vpc"]["properties"].has_key?(vpckey)
|
|
709
|
+
vpc_block.delete(vpckey)
|
|
710
|
+
end
|
|
711
|
+
}
|
|
712
|
+
if vpc_block['subnets'] and
|
|
713
|
+
MU::Config.schema["properties"][parent_type]["items"]["properties"]["vpc"] and
|
|
714
|
+
MU::Config.schema["properties"][parent_type]["items"]["properties"]["vpc"]["properties"]["subnets"]
|
|
715
|
+
vpc_block['subnets'].each { |subnet|
|
|
716
|
+
subnet.each_key { |subnetkey|
|
|
717
|
+
if !MU::Config.schema["properties"][parent_type]["items"]["properties"]["vpc"]["properties"]["subnets"]["items"]["properties"].has_key?(subnetkey)
|
|
718
|
+
subnet.delete(subnetkey)
|
|
719
|
+
end
|
|
720
|
+
}
|
|
721
|
+
}
|
|
722
|
+
end
|
|
723
|
+
|
|
724
|
+
vpc_block.delete('deploy_id')
|
|
725
|
+
vpc_block.delete('vpc_name') if vpc_block.has_key?('vpc_id')
|
|
726
|
+
vpc_block.delete('deploy_id')
|
|
727
|
+
vpc_block.delete('tag')
|
|
728
|
+
MU.log "Resolved VPC resources for #{parent_name}", MU::DEBUG, details: vpc_block
|
|
729
|
+
end
|
|
730
|
+
|
|
731
|
+
if !vpc_block["vpc_id"].nil? and vpc_block["vpc_id"].is_a?(String)
|
|
732
|
+
vpc_block["vpc_id"] = configurator.getTail("#{parent_name}vpc_id", value: vpc_block["vpc_id"], prettyname: "#{parent_name} Target VPC", cloudtype: "AWS::EC2::VPC::Id")
|
|
733
|
+
elsif !vpc_block["nat_host_name"].nil? and vpc_block["nat_host_name"].is_a?(String)
|
|
734
|
+
vpc_block["nat_host_name"] = MU::Config::Tail.new("#{parent_name}nat_host_name", vpc_block["nat_host_name"])
|
|
735
|
+
|
|
736
|
+
end
|
|
737
|
+
|
|
738
|
+
return ok
|
|
739
|
+
end
|
|
740
|
+
|
|
741
|
+
end
|
|
742
|
+
end
|
|
743
|
+
end
|