RubyGems - cloud-mu - Versions diffs - 1.9.0.pre.beta - Mend

cloud-mu 1.9.0.pre.beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (618) hide show

checksums.yaml +7 -0
data/Berksfile +56 -0
data/Berksfile.lock +250 -0
data/Jenkinsfile +184 -0
data/LICENSE.md +37 -0
data/README.md +26 -0
data/bin/mu-aws-setup +376 -0
data/bin/mu-cleanup +68 -0
data/bin/mu-configure +1133 -0
data/bin/mu-deploy +166 -0
data/bin/mu-firewall-allow-clients +30 -0
data/bin/mu-gcp-setup +200 -0
data/bin/mu-gen-docs +34 -0
data/bin/mu-gen-env +42 -0
data/bin/mu-load-config.rb +158 -0
data/bin/mu-node-manage +683 -0
data/bin/mu-self-update +228 -0
data/bin/mu-ssh +23 -0
data/bin/mu-tunnel-nagios +144 -0
data/bin/mu-upload-chef-artifacts +757 -0
data/bin/mu-user-manage +275 -0
data/cookbooks/awscli/LICENSE +37 -0
data/cookbooks/awscli/README.md +58 -0
data/cookbooks/awscli/attributes/default.rb +1 -0
data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
data/cookbooks/awscli/metadata.rb +20 -0
data/cookbooks/awscli/recipes/default.rb +56 -0
data/cookbooks/awscli/templates/default/config.erb +18 -0
data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
data/cookbooks/mu-activedirectory/LICENSE +37 -0
data/cookbooks/mu-activedirectory/README.md +6 -0
data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
data/cookbooks/mu-activedirectory/metadata.rb +17 -0
data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
data/cookbooks/mu-firewall/LICENSE +37 -0
data/cookbooks/mu-firewall/README.md +5 -0
data/cookbooks/mu-firewall/attributes/default.rb +3 -0
data/cookbooks/mu-firewall/metadata.rb +16 -0
data/cookbooks/mu-firewall/recipes/default.rb +10 -0
data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
data/cookbooks/mu-glusterfs/LICENSE +37 -0
data/cookbooks/mu-glusterfs/README.md +5 -0
data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
data/cookbooks/mu-glusterfs/metadata.rb +17 -0
data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
data/cookbooks/mu-jenkins/LICENSE +37 -0
data/cookbooks/mu-jenkins/README.md +105 -0
data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
data/cookbooks/mu-jenkins/metadata.rb +21 -0
data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
data/cookbooks/mu-master/CHANGELOG.md +13 -0
data/cookbooks/mu-master/LICENSE +37 -0
data/cookbooks/mu-master/README.md +6 -0
data/cookbooks/mu-master/attributes/default.rb +95 -0
data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
data/cookbooks/mu-master/files/default/pam_sshd +18 -0
data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
data/cookbooks/mu-master/files/default/vimrc +19 -0
data/cookbooks/mu-master/libraries/mu.rb +29 -0
data/cookbooks/mu-master/metadata.rb +30 -0
data/cookbooks/mu-master/providers/user.rb +41 -0
data/cookbooks/mu-master/recipes/389ds.rb +164 -0
data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
data/cookbooks/mu-master/recipes/default.rb +451 -0
data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
data/cookbooks/mu-master/recipes/init.rb +542 -0
data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
data/cookbooks/mu-master/recipes/sssd.rb +89 -0
data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
data/cookbooks/mu-master/recipes/vault.rb +111 -0
data/cookbooks/mu-master/resources/user.rb +19 -0
data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
data/cookbooks/mu-mongo/LICENSE +37 -0
data/cookbooks/mu-mongo/README.md +5 -0
data/cookbooks/mu-mongo/attributes/default.rb +22 -0
data/cookbooks/mu-mongo/files/default/keyfile +16 -0
data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
data/cookbooks/mu-mongo/metadata.rb +17 -0
data/cookbooks/mu-mongo/recipes/default.rb +149 -0
data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
data/cookbooks/mu-openvpn/LICENSE +37 -0
data/cookbooks/mu-openvpn/README.md +6 -0
data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
data/cookbooks/mu-openvpn/metadata.rb +18 -0
data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
data/cookbooks/mu-php54/CHANGELOG.md +12 -0
data/cookbooks/mu-php54/LICENSE +37 -0
data/cookbooks/mu-php54/README.md +0 -0
data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
data/cookbooks/mu-php54/metadata.rb +21 -0
data/cookbooks/mu-php54/recipes/default.rb +97 -0
data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
data/cookbooks/mu-splunk/LICENSE +37 -0
data/cookbooks/mu-splunk/README.md +451 -0
data/cookbooks/mu-splunk/attributes/default.rb +95 -0
data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
data/cookbooks/mu-splunk/metadata.json +30 -0
data/cookbooks/mu-splunk/metadata.rb +17 -0
data/cookbooks/mu-splunk/recipes/client.rb +143 -0
data/cookbooks/mu-splunk/recipes/default.rb +31 -0
data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
data/cookbooks/mu-splunk/recipes/server.rb +53 -0
data/cookbooks/mu-splunk/recipes/service.rb +95 -0
data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
data/cookbooks/mu-splunk/recipes/user.rb +34 -0
data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
data/cookbooks/mu-tools/CHANGELOG.md +12 -0
data/cookbooks/mu-tools/LICENSE +37 -0
data/cookbooks/mu-tools/README.md +188 -0
data/cookbooks/mu-tools/attributes/default.rb +142 -0
data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
data/cookbooks/mu-tools/files/default/mypol.te +37 -0
data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
data/cookbooks/mu-tools/files/default/ntrights +0 -0
data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
data/cookbooks/mu-tools/libraries/helper.rb +292 -0
data/cookbooks/mu-tools/metadata.rb +28 -0
data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
data/cookbooks/mu-tools/recipes/efs.rb +70 -0
data/cookbooks/mu-tools/recipes/eks.rb +160 -0
data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
data/cookbooks/mu-tools/recipes/updates.rb +96 -0
data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
data/cookbooks/mu-tools/resources/disk.rb +88 -0
data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
data/cookbooks/mu-utility/CHANGELOG.md +12 -0
data/cookbooks/mu-utility/LICENSE +37 -0
data/cookbooks/mu-utility/README.md +6 -0
data/cookbooks/mu-utility/attributes/default.rb +1 -0
data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
data/cookbooks/mu-utility/metadata.rb +16 -0
data/cookbooks/mu-utility/recipes/apt.rb +23 -0
data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
data/cookbooks/mu-utility/recipes/luks.rb +18 -0
data/cookbooks/mu-utility/recipes/nat.rb +104 -0
data/cookbooks/mu-utility/recipes/php.rb +33 -0
data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
data/cookbooks/mu-utility/recipes/remi.rb +44 -0
data/cookbooks/mu-utility/recipes/vim.rb +26 -0
data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
data/cookbooks/mu-utility/recipes/zip.rb +26 -0
data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
data/cookbooks/nagios/Berksfile +8 -0
data/cookbooks/nagios/CHANGELOG.md +589 -0
data/cookbooks/nagios/CONTRIBUTING.md +11 -0
data/cookbooks/nagios/LICENSE +37 -0
data/cookbooks/nagios/README.md +328 -0
data/cookbooks/nagios/TESTING.md +2 -0
data/cookbooks/nagios/attributes/config.rb +171 -0
data/cookbooks/nagios/attributes/default.rb +228 -0
data/cookbooks/nagios/chefignore +102 -0
data/cookbooks/nagios/definitions/command.rb +33 -0
data/cookbooks/nagios/definitions/contact.rb +33 -0
data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
data/cookbooks/nagios/definitions/host.rb +33 -0
data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
data/cookbooks/nagios/definitions/resource.rb +33 -0
data/cookbooks/nagios/definitions/service.rb +33 -0
data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
data/cookbooks/nagios/libraries/base.rb +314 -0
data/cookbooks/nagios/libraries/command.rb +91 -0
data/cookbooks/nagios/libraries/contact.rb +230 -0
data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
data/cookbooks/nagios/libraries/custom_option.rb +36 -0
data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
data/cookbooks/nagios/libraries/default.rb +90 -0
data/cookbooks/nagios/libraries/host.rb +412 -0
data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
data/cookbooks/nagios/libraries/nagios.rb +282 -0
data/cookbooks/nagios/libraries/resource.rb +59 -0
data/cookbooks/nagios/libraries/service.rb +455 -0
data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
data/cookbooks/nagios/libraries/users_helper.rb +54 -0
data/cookbooks/nagios/metadata.rb +25 -0
data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
data/cookbooks/nagios/recipes/apache.rb +48 -0
data/cookbooks/nagios/recipes/default.rb +204 -0
data/cookbooks/nagios/recipes/nginx.rb +82 -0
data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
data/cookbooks/nagios/recipes/server_package.rb +40 -0
data/cookbooks/nagios/recipes/server_source.rb +164 -0
data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
data/cookbooks/s3fs/CHANGELOG.md +13 -0
data/cookbooks/s3fs/LICENSE +37 -0
data/cookbooks/s3fs/README.md +6 -0
data/cookbooks/s3fs/attributes/default.rb +15 -0
data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
data/cookbooks/s3fs/metadata.rb +16 -0
data/cookbooks/s3fs/recipes/default.rb +91 -0
data/data_bags/demo/app.json +7 -0
data/data_bags/nagios_services/chef.json +6 -0
data/data_bags/nagios_services/linux_diskspace.json +5 -0
data/data_bags/nagios_services/momma_cat.json +6 -0
data/data_bags/nagios_services/mu-master-memory.json +5 -0
data/data_bags/nagios_services/nagios_ui.json +6 -0
data/data_bags/nagios_services/node_ssh.json +6 -0
data/data_bags/nagios_services/ssh.json +6 -0
data/demo/lambda_test.yaml +29 -0
data/environments/DEV.json +8 -0
data/environments/PROD.json +8 -0
data/environments/dev.json +8 -0
data/environments/development.json +8 -0
data/environments/prod.json +8 -0
data/extras/README.md +1 -0
data/extras/admin-role-binding.yaml +16 -0
data/extras/admin-user.yaml +6 -0
data/extras/aws-auth-cm.yaml.erb +12 -0
data/extras/clean-stock-amis +48 -0
data/extras/git-fix-permissions-hook +12 -0
data/extras/gitlab-eks-helper.sh.erb +20 -0
data/extras/image-generators/README.md +2 -0
data/extras/image-generators/aws/centos6.yaml +18 -0
data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
data/extras/image-generators/aws/centos7.yaml +17 -0
data/extras/image-generators/aws/rhel7.yaml +17 -0
data/extras/image-generators/aws/win2k12.yaml +16 -0
data/extras/image-generators/aws/win2k16.yaml +16 -0
data/extras/image-generators/aws/windows.yaml +18 -0
data/extras/image-generators/gcp/centos6.yaml +17 -0
data/extras/lambda_waf_domain_blacklist.py +103 -0
data/extras/platform_berksfile_base +50 -0
data/extras/ruby_rpm/build.sh +17 -0
data/extras/ruby_rpm/muby.spec +44 -0
data/extras/vault_tools/README.md +6 -0
data/extras/vault_tools/export_vaults.sh +3 -0
data/extras/vault_tools/recreate_vaults.sh +5 -0
data/extras/vault_tools/test_vaults.sh +5 -0
data/install/README.md +8 -0
data/install/cfn_create_mu_master.json +1034 -0
data/install/chef-server.rb.erb +19 -0
data/install/deprecated-bash-library.sh +1891 -0
data/install/images/Usage.png +0 -0
data/install/installer +71 -0
data/install/jenkinskeys.rb +8 -0
data/install/user-dot-murc.erb +14 -0
data/modules/html.erb +19 -0
data/modules/mommacat.ru +426 -0
data/modules/mu/cleanup.rb +339 -0
data/modules/mu/cloud.rb +1446 -0
data/modules/mu/clouds/README.md +201 -0
data/modules/mu/clouds/aws/alarm.rb +319 -0
data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
data/modules/mu/clouds/aws/collection.rb +373 -0
data/modules/mu/clouds/aws/container_cluster.rb +667 -0
data/modules/mu/clouds/aws/database.rb +1836 -0
data/modules/mu/clouds/aws/dnszone.rb +911 -0
data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
data/modules/mu/clouds/aws/folder.rb +92 -0
data/modules/mu/clouds/aws/function.rb +349 -0
data/modules/mu/clouds/aws/group.rb +251 -0
data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
data/modules/mu/clouds/aws/log.rb +363 -0
data/modules/mu/clouds/aws/msg_queue.rb +480 -0
data/modules/mu/clouds/aws/notification.rb +139 -0
data/modules/mu/clouds/aws/role.rb +656 -0
data/modules/mu/clouds/aws/search_domain.rb +646 -0
data/modules/mu/clouds/aws/server.rb +2294 -0
data/modules/mu/clouds/aws/server_pool.rb +1388 -0
data/modules/mu/clouds/aws/storage_pool.rb +495 -0
data/modules/mu/clouds/aws/user.rb +382 -0
data/modules/mu/clouds/aws/userdata/README.md +4 -0
data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
data/modules/mu/clouds/aws/vpc.rb +1943 -0
data/modules/mu/clouds/aws.rb +1009 -0
data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
data/modules/mu/clouds/cloudformation/collection.rb +117 -0
data/modules/mu/clouds/cloudformation/database.rb +278 -0
data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
data/modules/mu/clouds/cloudformation/log.rb +170 -0
data/modules/mu/clouds/cloudformation/server.rb +370 -0
data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
data/modules/mu/clouds/cloudformation.rb +733 -0
data/modules/mu/clouds/docker.rb +30 -0
data/modules/mu/clouds/google/container_cluster.rb +290 -0
data/modules/mu/clouds/google/database.rb +152 -0
data/modules/mu/clouds/google/firewall_rule.rb +267 -0
data/modules/mu/clouds/google/group.rb +164 -0
data/modules/mu/clouds/google/loadbalancer.rb +479 -0
data/modules/mu/clouds/google/server.rb +1510 -0
data/modules/mu/clouds/google/server_pool.rb +274 -0
data/modules/mu/clouds/google/user.rb +266 -0
data/modules/mu/clouds/google/userdata/README.md +4 -0
data/modules/mu/clouds/google/userdata/linux.erb +137 -0
data/modules/mu/clouds/google/userdata/windows.erb +275 -0
data/modules/mu/clouds/google/vpc.rb +890 -0
data/modules/mu/clouds/google.rb +811 -0
data/modules/mu/config/README.md +11 -0
data/modules/mu/config/alarm.rb +271 -0
data/modules/mu/config/cache_cluster.rb +172 -0
data/modules/mu/config/collection.rb +87 -0
data/modules/mu/config/container_cluster.rb +103 -0
data/modules/mu/config/container_cluster.yml +36 -0
data/modules/mu/config/database.rb +458 -0
data/modules/mu/config/database.yml +26 -0
data/modules/mu/config/dnszone.rb +327 -0
data/modules/mu/config/firewall_rule.rb +118 -0
data/modules/mu/config/folder.rb +70 -0
data/modules/mu/config/function.rb +140 -0
data/modules/mu/config/group.rb +64 -0
data/modules/mu/config/loadbalancer.rb +482 -0
data/modules/mu/config/log.rb +47 -0
data/modules/mu/config/log.yml +6 -0
data/modules/mu/config/msg_queue.rb +47 -0
data/modules/mu/config/msg_queue.yml +9 -0
data/modules/mu/config/notification.rb +44 -0
data/modules/mu/config/project.rb +71 -0
data/modules/mu/config/role.rb +102 -0
data/modules/mu/config/search_domain.rb +61 -0
data/modules/mu/config/search_domain.yml +25 -0
data/modules/mu/config/server.rb +587 -0
data/modules/mu/config/server.yml +8 -0
data/modules/mu/config/server_pool.rb +216 -0
data/modules/mu/config/server_pool.yml +71 -0
data/modules/mu/config/storage_pool.rb +145 -0
data/modules/mu/config/user.rb +78 -0
data/modules/mu/config/vpc.rb +743 -0
data/modules/mu/config/vpc.yml +6 -0
data/modules/mu/config.rb +2000 -0
data/modules/mu/defaults/README.md +2 -0
data/modules/mu/defaults/amazon_images.yaml +121 -0
data/modules/mu/defaults/google_images.yaml +16 -0
data/modules/mu/deploy.rb +686 -0
data/modules/mu/groomer.rb +123 -0
data/modules/mu/groomers/README.md +58 -0
data/modules/mu/groomers/chef.rb +1024 -0
data/modules/mu/kittens.rb +11319 -0
data/modules/mu/logger.rb +208 -0
data/modules/mu/master/README.md +27 -0
data/modules/mu/master/chef.rb +471 -0
data/modules/mu/master/ldap.rb +1005 -0
data/modules/mu/master.rb +415 -0
data/modules/mu/mommacat.rb +2703 -0
data/modules/mu-load-config.rb +1 -0
data/modules/mu.rb +724 -0
data/modules/scratchpad.erb +1 -0
data/modules/tests/super_complex_bok.yml +41 -0
data/modules/tests/super_simple_bok.yml +40 -0
data/mu.gemspec +62 -0
data/roles/demo-dbservice-configure.json +19 -0
data/roles/demo-portal-configure.json +19 -0
data/roles/mu-master-jenkins.json +24 -0
data/roles/mu-master-nagios-only.json +13 -0
data/roles/mu-master.json +12 -0
data/roles/mu-node.json +19 -0
data/roles/mu-splunk-server.json +13 -0
data/roles/mu-splunk.json +13 -0
data/test/clean_up.py +25 -0
data/test/demo-test-profile/README.md +3 -0
data/test/demo-test-profile/controls/flask.rb +84 -0
data/test/demo-test-profile/inspec.lock +7 -0
data/test/demo-test-profile/inspec.yml +11 -0
data/test/etco-test-profile/README.md +3 -0
data/test/etco-test-profile/controls/all-in-one.rb +182 -0
data/test/etco-test-profile/inspec.lock +7 -0
data/test/etco-test-profile/inspec.yml +11 -0
data/test/exec_inspec.py +246 -0
data/test/exec_mu_install.py +241 -0
data/test/exec_retry.py +44 -0
data/test/mu-master-test/README.md +3 -0
data/test/mu-master-test/controls/all_in_one.rb +557 -0
data/test/mu-master-test/inspec.lock +3 -0
data/test/mu-master-test/inspec.yml +11 -0
data/test/mu-tools-test/README.md +3 -0
data/test/mu-tools-test/controls/base.rb +265 -0
data/test/mu-tools-test/inspec.lock +3 -0
data/test/mu-tools-test/inspec.yml +8 -0
data/test/simple-server-php-test/README.md +3 -0
data/test/simple-server-php-test/controls/apachephp.rb +25 -0
data/test/simple-server-php-test/controls/example.rb +19 -0
data/test/simple-server-php-test/inspec.lock +7 -0
data/test/simple-server-php-test/inspec.yml +12 -0
data/test/simple-server-rails-test/README.md +3 -0
data/test/simple-server-rails-test/controls/rails.rb +188 -0
data/test/simple-server-rails-test/inspec.lock +7 -0
data/test/simple-server-rails-test/inspec.yml +11 -0
data/test/simple-windows-test/README.md +3 -0
data/test/simple-windows-test/controls/windows.rb +20 -0
data/test/simple-windows-test/inspec.lock +7 -0
data/test/simple-windows-test/inspec.yml +11 -0
data/test/smoke_test.rb +75 -0
data/test/wordpress-test/README.md +3 -0
data/test/wordpress-test/controls/wordpress.rb +97 -0
data/test/wordpress-test/inspec.lock +7 -0
data/test/wordpress-test/inspec.yml +11 -0
metadata +979 -0

data/modules/mu.rb ADDED Viewed

@@ -0,0 +1,724 @@
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+require 'rubygems'
+require 'bundler/setup'
+require 'yaml'
+require 'socket'
+require 'net/http'
+gem 'aws-sdk-core'
+autoload :Aws, "aws-sdk-core"
+gem 'nokogiri'
+autoload :Nokogiri, "nokogiri"
+gem 'simple-password-gen'
+autoload :Password, "simple-password-gen"
+autoload :Resolv, 'resolv'
+gem 'netaddr'
+autoload :NetAddr, 'netaddr'
+# weird magic (possibly unnecessary)
+class Object
+  # weird magic (possibly unnecessary)
+  def metaclass
+    class << self;
+      self;
+    end
+  end
+end
+ENV['HOME'] = Etc.getpwuid(Process.uid).dir
+require 'mu/logger'
+module MU
+  # Wrapper class for fatal Exceptions. Gives our internals something to
+  # inherit that will log an error message appropriately before bubbling up.
+  class MuError < StandardError
+    def initialize(message = nil)
+      MU.log message, MU::ERR if !message.nil?
+      if MU.verbosity == MU::Logger::SILENT
+        super
+      else
+        super ""
+      end
+    end
+  end
+  # Wrapper class for temporary Exceptions. Gives our internals something to
+  # inherit that will log a notice message appropriately before bubbling up.
+  class MuNonFatal < StandardError
+    def initialize(message = nil)
+      MU.log message, MU::NOTICE if !message.nil?
+      if MU.verbosity == MU::Logger::SILENT
+        super
+      else
+        super ""
+      end
+    end
+  end
+  if !ENV.has_key?("MU_LIBDIR") and ENV.has_key?("MU_INSTALLDIR")
+    ENV['MU_LIBDIR'] = ENV['MU_INSTALLDIR']+"/lib"
+  else
+    ENV['MU_LIBDIR'] = File.realpath(File.expand_path(File.dirname(__FILE__))+"/../")
+  end
+  # Mu's installation directory.
+  @@myRoot = File.expand_path(ENV['MU_LIBDIR'])
+  # Mu's installation directory.
+  # @return [String]
+  def self.myRoot;
+    @@myRoot
+  end
+  # The main (root) Mu user's data directory.
+  @@mainDataDir = File.expand_path(@@myRoot+"/../var")
+  # The main (root) Mu user's data directory.
+  # @return [String]
+  def self.mainDataDir;
+    @@mainDataDir
+  end
+  # The Mu config directory
+  @@etcDir = File.expand_path(@@myRoot+"/../etc")
+  # The Mu config directory
+  # @return [String]
+  def self.etcDir;
+    @@etcDir
+  end
+  # The Mu install directory
+  @@installDir = File.expand_path(@@myRoot+"/..")
+  # The Mu install directory
+  # @return [String]
+  def self.installDir;
+    @@installDir
+  end
+  # Mu's main metadata directory (also the deployment metadata for the 'mu'
+  @@globals = Hash.new
+  @@globals[Thread.current.object_id] = Hash.new
+  # Rig us up to share some global class variables (as MU.var_name).
+  # These values are PER-THREAD, so that things like Momma Cat can be more or
+  # less thread-safe with global values.
+  def self.globals;
+    @@globals
+  end
+  @@global_var_semaphore = Mutex.new
+  # Set one of our global per-thread variables.
+  def self.setVar(name, value)
+    @@global_var_semaphore.synchronize {
+      @@globals[Thread.current.object_id] ||= Hash.new
+      @@globals[Thread.current.object_id][name] ||= Hash.new
+      @@globals[Thread.current.object_id][name] = value
+    }
+  end
+  # Copy the set of global variables in use by another thread, typically our
+  # parent thread.
+  def self.dupGlobals(parent_thread_id)
+    @@globals[parent_thread_id].each_pair { |name, value|
+      setVar(name, value)
+    }
+  end
+  # Expunge all global variables.
+  def self.purgeGlobals
+    @@globals.delete(Thread.current.object_id)
+  end
+  # Accessor for per-thread global variable. There is probably a Ruby-clever way to define this.
+  def self.mommacat;
+    @@globals[Thread.current.object_id]['mommacat']
+  end
+  # Accessor for per-thread global variable. There is probably a Ruby-clever way to define this.
+  def self.deploy_id;
+    @@globals[Thread.current.object_id]['deploy_id']
+  end
+  # Accessor for per-thread global variable. There is probably a Ruby-clever way to define this.
+  def self.appname;
+    @@globals[Thread.current.object_id]['appname']
+  end
+  # Accessor for per-thread global variable. There is probably a Ruby-clever way to define this.
+  def self.environment;
+    @@globals[Thread.current.object_id]['environment']
+  end
+  # Accessor for per-thread global variable. There is probably a Ruby-clever way to define this.
+  def self.timestamp;
+    @@globals[Thread.current.object_id]['timestamp']
+  end
+  # Accessor for per-thread global variable. There is probably a Ruby-clever way to define this.
+  def self.seed;
+    @@globals[Thread.current.object_id]['seed']
+  end
+  # Accessor for per-thread global variable. There is probably a Ruby-clever way to define this.
+  def self.handle;
+    @@globals[Thread.current.object_id]['handle']
+  end
+  # Accessor for per-thread global variable. There is probably a Ruby-clever way to define this.
+  def self.chef_user;
+    if @@globals.has_key?(Thread.current.object_id) and @@globals[Thread.current.object_id].has_key?('chef_user')
+      @@globals[Thread.current.object_id]['chef_user']
+    elsif Etc.getpwuid(Process.uid).name == "root"
+      return "mu"
+    else
+      return Etc.getpwuid(Process.uid).name
+    end
+  end
+  # Accessor for per-thread global variable. There is probably a Ruby-clever way to define this.
+  def self.mu_user
+    if @@globals.has_key?(Thread.current.object_id) and @@globals[Thread.current.object_id].has_key?('mu_user')
+      return @@globals[Thread.current.object_id]['mu_user']
+    elsif Etc.getpwuid(Process.uid).name == "root"
+      return "mu"
+    else
+      return Etc.getpwuid(Process.uid).name
+    end
+  end
+  # Accessor for per-thread global variable. There is probably a Ruby-clever way to define this.
+  def self.curRegion
+    @@globals[Thread.current.object_id]['curRegion'] ||= myRegion || ENV['EC2_REGION']
+  end
+  # Accessor for per-thread global variable. There is probably a Ruby-clever way to define this.
+  def self.syncLitterThread;
+    @@globals[Thread.current.object_id]['syncLitterThread']
+  end
+  # Mu's deployment metadata directory.
+  @myDataDir = File.expand_path(ENV['MU_DATADIR']) if ENV.has_key?("MU_DATADIR")
+  @myDataDir = @@mainDataDir if @myDataDir.nil?
+  # Mu's deployment metadata directory.
+  def self.dataDir
+    if MU.mu_user.nil? or MU.mu_user.empty? or MU.mu_user == "mu" or MU.mu_user == "root"
+      return @myDataDir
+    else
+      return Etc.getpwnam(MU.mu_user).dir+"/.mu/var"
+    end
+  end
+  # The verbose logging flag merits a default value.
+  def self.verbosity
+    if @@globals[Thread.current.object_id].nil? or @@globals[Thread.current.object_id]['verbosity'].nil?
+      MU.setVar("verbosity", MU::Logger::NORMAL)
+    end
+    @@globals[Thread.current.object_id]['verbosity']
+  end
+  # Set parameters parameters for calls to {MU#log}
+  def self.setLogging(verbosity, webify_logs = false, handle = STDOUT)
+    MU.setVar("verbosity", verbosity)
+    @@logger ||= MU::Logger.new(verbosity, webify_logs, handle)
+    @@logger.html = webify_logs
+    @@logger.verbosity = verbosity
+    @@logger.handle = handle
+  end
+  setLogging(MU::Logger::NORMAL, false)
+  # Shortcut to get SUMMARY messages from the global MU::Logger instance
+  # @return [Array<String>]
+  def self.summary
+    @@logger.summary
+  end
+  # Shortcut to invoke {MU::Logger#log}
+  def self.log(msg, level = MU::INFO, details: nil, html: html = false, verbosity: MU.verbosity)
+    return if (level == MU::DEBUG and verbosity <= MU::Logger::LOUD)
+    return if verbosity == MU::Logger::SILENT
+    if (level == MU::ERR or
+        level == MU::WARN or
+        level == MU::DEBUG or
+        verbosity >= MU::Logger::LOUD or
+        (level == MU::NOTICE and !details.nil?)
+    )
+      # TODO add more stuff to details here (e.g. call stack)
+      extra = nil
+      if Thread.current.thread_variable_get("name") and (level > MU::NOTICE or verbosity >= MU::Logger::LOUD)
+        extra = Hash.new
+        extra = {
+          :thread => Thread.current.object_id,
+          :name => Thread.current.thread_variable_get("name")
+        }
+      end
+      if !details.nil?
+        extra = Hash.new if extra.nil?
+        extra[:details] = details
+      end
+      @@logger.log(msg, level, details: extra, verbosity: MU::Logger::LOUD, html: html)
+    else
+      @@logger.log(msg, level, html: html, verbosity: verbosity)
+    end
+  end
+  # For log entries that should only be logged when we're in verbose mode
+  DEBUG = 0.freeze
+  # For ordinary log entries
+  INFO = 1.freeze
+  # For more interesting log entries which are not errors
+  NOTICE = 2.freeze
+  # Log entries for non-fatal errors
+  WARN = 3.freeze
+  # Log entries for non-fatal errors
+  WARNING = 3.freeze
+  # Log entries for fatal errors
+  ERR = 4.freeze
+  # Log entries for fatal errors
+  ERROR = 4.freeze
+  # Log entries that will be held and displayed/emailed at the end of deploy,
+  # cleanup, etc.
+  SUMMARY = 5.freeze
+  autoload :Cleanup, 'mu/cleanup'
+  autoload :Deploy, 'mu/deploy'
+  autoload :MommaCat, 'mu/mommacat'
+  autoload :Master, 'mu/master'
+  require 'mu/cloud'
+  require 'mu/groomer'
+  # Little hack to initialize library-only environments' config files
+  if !$MU_CFG
+    require "#{@@myRoot}/bin/mu-load-config.rb"
+    if !$MU_CFG['auto_detection_done'] and (!$MU_CFG['multiuser'] or !cfgExists?)
+      MU.log "Auto-detecting cloud providers"
+      new_cfg = $MU_CFG.dup
+      examples = {}
+      MU::Cloud.supportedClouds.each { |cloud|
+        cloudclass = Object.const_get("MU").const_get("Cloud").const_get(cloud)
+        begin
+          if cloudclass.hosted? and !$MU_CFG[cloud.downcase]
+            cfg_blob = cloudclass.hosted_config
+            if cfg_blob
+              new_cfg[cloud.downcase] = cfg_blob
+              MU.log "Adding #{cloud} stanza to #{cfgPath}", MU::NOTICE
+            end
+          elsif !$MU_CFG[cloud.downcase] and !cloudclass.config_example.nil?
+            examples[cloud.downcase] = cloudclass.config_example
+          end
+        rescue NoMethodError => e
+          # missing .hosted? is normal for dummy layers like CloudFormation
+          MU.log e.message, MU::WARN
+        end
+      }
+      new_cfg['auto_detection_done'] = true
+      if new_cfg != $MU_CFG or !cfgExists?
+        MU.log "Generating #{cfgPath}"
+        saveMuConfig(new_cfg, examples) # XXX and reload it
+      end
+    end
+  end
+  @@my_private_ip = nil
+  @@my_public_ip = nil
+  @@mu_public_addr = nil
+  @@mu_public_ip = nil
+  if $MU_CFG['aws'] # XXX this should be abstracted to elsewhere
+    @@my_private_ip = MU::Cloud::AWS.getAWSMetaData("local-ipv4")
+    @@my_public_ip = MU::Cloud::AWS.getAWSMetaData("public-ipv4")
+    @@mu_public_addr = @@my_public_ip
+    @@mu_public_ip = @@my_public_ip
+  end
+  if !$MU_CFG.nil? and !$MU_CFG['public_address'].nil? and !$MU_CFG['public_address'].empty? and @@my_public_ip != $MU_CFG['public_address']
+    @@mu_public_addr = $MU_CFG['public_address']
+    if !@@mu_public_addr.match(/^\d+\.\d+\.\d+\.\d+$/)
+      resolver = Resolv::DNS.new
+      @@mu_public_ip = resolver.getaddress(@@mu_public_addr).to_s
+    else
+      @@mu_public_ip = @@mu_public_addr
+    end
+  elsif !@@my_public_ip.nil? and !@@my_public_ip.empty?
+    @@mu_public_addr = @@my_public_ip
+    @@mu_public_ip = @@my_public_ip
+  else
+    @@mu_public_addr = @@my_private_ip
+    @@mu_public_ip = @@my_private_ip
+  end
+  # This machine's private IP address
+  def self.my_private_ip;
+    @@my_private_ip
+  end
+  # This machine's public IP address
+  def self.my_public_ip;
+    @@my_public_ip
+  end
+  # Public Mu server name, not necessarily the same as MU.my_public_ip (an be a proxy, load balancer, etc)
+  def self.mu_public_ip;
+    @@mu_public_ip
+  end
+  # Public Mu server IP address, not necessarily the same as MU.my_public_ip (an be a proxy, load balancer, etc)
+  def self.mu_public_addr;
+    @@mu_public_addr
+  end
+  mu_user = Etc.getpwuid(Process.uid).name
+  chef_user = Etc.getpwuid(Process.uid).name.gsub(/\./, "")
+  chef_user = "mu" if chef_user == "root"
+  MU.setVar("chef_user", chef_user)
+  MU.setVar("mu_user", mu_user)
+  @userlist = nil
+  # Fetch the email address of a given Mu user
+  def self.userEmail(user = MU.mu_user)
+    @userlist ||= MU::Master.listUsers
+    user = "mu" if user == "root"
+    if Dir.exists?("#{MU.mainDataDir}/users/#{user}")
+      return File.read("#{MU.mainDataDir}/users/#{user}/email").chomp
+    elsif @userlist.has_key?(user)
+      return @userlist[user]['email']
+    else
+      MU.log "Attempted to load nonexistent user #{user}", MU::ERR
+      return nil
+    end
+  end
+  # Fetch the real-world name of a given Mu user
+  def self.userName(user = MU.mu_user)
+    @userlist ||= MU::Master.listUsers
+    if Dir.exists?("#{MU.mainDataDir}/users/#{user}")
+      return File.read("#{MU.mainDataDir}/users/#{user}/realname").chomp
+    elsif @userlist.has_key?(user)
+      return @userlist[user]['email']
+    else
+      MU.log "Attempted to load nonexistent user #{user}", MU::ERR
+      return nil
+    end
+  end
+  # XXX these guys to move into mu/groomer
+  # List of known/supported grooming agents (configuration management tools)
+  def self.supportedGroomers
+    ["Chef"]
+  end
+  MU.supportedGroomers.each { |groomer|
+    require "mu/groomers/#{groomer.downcase}"
+  }
+  # @param groomer [String]: The grooming agent to load.
+  # @return [Class]: The class object implementing this groomer agent
+  def self.loadGroomer(groomer)
+    if !File.size?(MU.myRoot+"/modules/mu/groomers/#{groomer.downcase}.rb")
+      raise MuError, "Requested to use unsupported grooming agent #{groomer}"
+    end
+    require "mu/groomers/#{groomer.downcase}"
+    return Object.const_get("MU").const_get("Groomer").const_get(groomer)
+  end
+  @@myRegion_var = nil
+  # Find the cloud provider region where this master resides, if any
+  def self.myRegion
+    if MU::Cloud::Google.hosted?
+      zone = MU::Cloud::Google.getGoogleMetaData("instance/zone")
+      @@myRegion_var = zone.gsub(/^.*?\/|\-\d+$/, "")
+    elsif MU::Cloud::AWS.hosted?
+      @@myRegion_var ||= MU::Cloud::AWS.myRegion
+    else
+      @@myRegion_var = nil
+    end
+    @@myRegion_var
+  end
+  require 'mu/config'
+  # Figure out what cloud provider we're in, if any.
+  # @return [String]: Google, AWS, etc. Returns nil if we don't seem to be in a cloud.
+  def self.myCloud
+    if MU::Cloud::Google.hosted?
+      @@myInstanceId = MU::Cloud::Google.getGoogleMetaData("instance/name")
+      return "Google"
+    elsif MU::Cloud::AWS.hosted?
+      @@myInstanceId = MU::Cloud::AWS.getAWSMetaData("instance-id")
+      return "AWS"
+    end
+    nil
+  end
+  # Wrapper for {MU::Cloud::AWS.account_number}
+  def self.account_number
+    if !@@globals[Thread.current.object_id].nil? and
+       !@@globals[Thread.current.object_id]['account_number'].nil?
+      return @@globals[Thread.current.object_id]['account_number']
+    end
+    @@globals[Thread.current.object_id] ||= {}
+    @@globals[Thread.current.object_id]['account_number'] = MU::Cloud::AWS.account_number
+    @@globals[Thread.current.object_id]['account_number']
+  end
+  # The cloud instance identifier of this Mu master
+  def self.myInstanceId
+    return nil if MU.myCloud.nil?
+    @@myInstanceId # MU.myCloud will have set this, since it's our test variable
+  end
+  # If our Mu master is hosted in a cloud provider, we can use this to get its
+  # cloud API descriptor.
+  def self.myCloudDescriptor;
+    @@myCloudDescriptor
+  end
+  @@myAZ_var = nil
+  # Find the cloud provider availability zone where this master resides, if any
+  def self.myAZ
+    if MU::Cloud::Google.hosted?
+      zone = MU::Cloud::Google.getGoogleMetaData("instance/zone")
+      @@myAZ_var = zone.gsub(/.*?\//, "")
+    elsif MU::Cloud::AWS.hosted?
+      return nil if MU.myCloudDescriptor.nil?
+      begin
+        @@myAZ_var ||= MU.myCloudDescriptor.placement.availability_zone
+      rescue Aws::EC2::Errors::InternalError => e
+        MU.log "Got #{e.inspect} on MU::Cloud::AWS.ec2(#{MU.myRegion}).describe_instances(instance_ids: [#{@@myInstanceId}])", MU::WARN
+        sleep 10
+      end
+    end
+    @@myAZ_var
+  end
+  @@myCloudDescriptor = nil
+  if MU::Cloud::Google.hosted?
+    @@myCloudDescriptor = MU::Cloud::Google.compute.get_instance(
+      MU::Cloud::Google.myProject,
+      MU.myAZ,
+      MU.myInstanceId
+    )
+  elsif MU::Cloud::AWS.hosted?
+    begin
+      @@myCloudDescriptor = MU::Cloud::AWS.ec2(MU.myRegion).describe_instances(instance_ids: [MU.myInstanceId]).reservations.first.instances.first
+    rescue Aws::EC2::Errors::InvalidInstanceIDNotFound => e
+    rescue Aws::Errors::MissingCredentialsError => e
+      MU.log "I'm hosted in AWS, but I can't make API calls. Does this instance have an appropriate IAM profile?", MU::WARN
+    end
+  end
+  @@myVPC_var = nil
+  # The VPC/Network in which this Mu master resides
+  # XXX account for Google and non-cloud situations
+  def self.myVPC
+    return nil if MU.myCloudDescriptor.nil?
+    begin
+      if MU::Cloud::AWS.hosted?
+        @@myVPC_var ||= MU.myCloudDescriptor.vpc_id
+      elsif MU::Cloud::Google.hosted?
+        @@myVPC_var = MU.myCloudDescriptor.network_interfaces.first.network.gsub(/.*?\/([^\/]+)$/, '\1')
+      else
+        nil
+      end
+    rescue Aws::EC2::Errors::InternalError => e
+      MU.log "Got #{e.inspect} on MU::Cloud::AWS.ec2(#{MU.myRegion}).describe_instances(instance_ids: [#{@@myInstanceId}])", MU::WARN
+      sleep 10
+    end
+    @@myVPC_var
+  end
+  @@mySubnets_var = nil
+  # The AWS Subnets associated with the VPC this MU Master is in
+  # XXX account for Google and non-cloud situations
+  def self.mySubnets
+    @@mySubnets_var ||= MU::Cloud::AWS.ec2(MU.myRegion).describe_subnets(
+      filters: [
+        {
+          name: "vpc-id",
+          values: [MU.myVPC]
+        }
+      ]
+    ).subnets
+  end
+  # The version of Chef we will install on nodes.
+  @@chefVersion = "14.0.190"
+  # The version of Chef we will install on nodes.
+  # @return [String]
+  def self.chefVersion;
+    @@chefVersion
+  end
+  # Mu's SSL certificate directory
+  @@mySSLDir = MU.dataDir+"/ssl" if MU.dataDir
+  @@mySSLDir ||= File.realpath(File.expand_path(File.dirname(__FILE__))+"/../var/ssl")
+  # Mu's SSL certificate directory
+  # @return [String]
+  def self.mySSLDir
+    @@mySSLDir
+  end
+  # Recursively compare two hashes. Intended to see when cloud API descriptions
+  # of existing resources differ from proposed changes so we know when to
+  # bother updating.
+  # @param hash1 [Hash]: The first hash
+  # @param hash2 [Hash]: The second hash
+  # @param missing_is_default [Boolean]: Assume that any element missing from hash2 but present in hash1 is a default value to be ignored
+  # @return [Boolean]
+  def self.hashCmp(hash1, hash2, missing_is_default: false)
+    return false if hash1.nil?
+    hash2.each_pair { |k, v|
+      if hash1[k].nil?
+        return false
+      end
+    }
+    if !missing_is_default
+      hash1.each_pair { |k, v|
+        if hash2[k].nil?
+          return false
+        end
+      }
+    end
+    hash1.each_pair { |k, v|
+      if hash1[k].is_a?(Array)
+        return false if !missing_is_default and hash2[k].nil?
+        if !hash2[k].nil?
+          hash2[k].each { |item|
+            if !hash1[k].include?(item)
+              return false
+            end
+          }
+        end
+      elsif hash1[k].is_a?(Hash) and !hash2[k].nil?
+        result = hashCmp(hash1[k], hash2[k], missing_is_default: missing_is_default)
+        return false if !result
+      else
+        if missing_is_default
+          return false if !hash2[k].nil? and hash1[k] != hash2[k]
+        else
+          return false if hash1[k] != hash2[k]
+        end
+      end
+    }
+    true
+  end
+  # Recursively turn a Ruby OpenStruct into a Hash
+  # @param struct [OpenStruct]
+  # @return [Hash]
+  def self.structToHash(struct)
+    google_struct = false
+    begin
+      google_struct = struct.class.ancestors.include?(::Google::Apis::Core::Hashable)
+    rescue NameError
+    end
+    aws_struct = false
+    begin
+      aws_struct = struct.class.ancestors.include?(::Seahorse::Client::Response)
+    rescue NameError
+    end
+    if struct.is_a?(Struct) or struct.class.ancestors.include?(Struct) or
+       google_struct or aws_struct
+      hash = struct.to_h
+      hash.each_pair { |key, value|
+        hash[key] = self.structToHash(value)
+      }
+      return hash
+    elsif struct.is_a?(Hash)
+      struct.each_pair { |key, value|
+        struct[key] = self.structToHash(value)
+      }
+      return struct
+    elsif struct.is_a?(Array)
+      struct.map! { |elt|
+        self.structToHash(elt)
+      }
+    else
+      return struct
+    end
+  end
+  # Generate a random password which will satisfy the complexity requirements of stock Amazon Windows AMIs.
+  # return [String]: A password string.
+  def self.generateWindowsPassword
+    # We have dopey complexity requirements, be stringent here.
+    # I'll be nice and not condense this into one elegant-but-unreadable regular expression
+    attempts = 0
+    safe_metachars = Regexp.escape('~!@#%^&*_-+=`|(){}[]:;<>,.?')
+    begin
+      if attempts > 25
+        MU.log "Failed to generate an adequate Windows password after #{attempts}", MU::ERR
+        raise MuError, "Failed to generate an adequate Windows password after #{attempts}"
+      end
+      winpass = Password.random(14..16)
+      attempts += 1
+    end while winpass.nil? or !winpass.match(/[A-Z]/) or !winpass.match(/[a-z]/) or !winpass.match(/\d/) or !winpass.match(/[#{safe_metachars}]/) or winpass.match(/[^\w\d#{safe_metachars}]/)
+    MU.log "Generated Windows password after #{attempts} attempts", MU::DEBUG
+    return winpass
+  end
+  # Return the name of the S3 Mu log and key bucket for this Mu server.
+  # @return [String]
+  # XXX account for Google and non-cloud situations
+  def self.adminBucketName
+    bucketname = $MU_CFG['aws']['log_bucket_name']
+    if bucketname.nil? or bucketname.empty?
+      bucketname = "Mu_Logs_"+Socket.gethostname+"_"+MU::Cloud::AWS.getAWSMetaData("instance-id")
+    end
+    return bucketname
+  end
+  # Log bucket policy for enabling CloudTrail logging to our log bucket in S3.
+  CLOUDTRAIL_BUCKET_POLICY = '{
+		"Version": "2012-10-17",
+		"Statement": [
+			{
+				"Sid": "AWSCloudTrailAclCheck20131101",
+				"Effect": "Allow",
+        "Principal": {
+          "AWS": "arn:'+(MU::Cloud::AWS.isGovCloud? ? "aws-us-gov" : "aws")+':iam::<%= MU.account_number %>:root",
+          "Service": "cloudtrail.amazonaws.com"
+        },
+				"Action": "s3:GetBucketAcl",
+				"Resource": "arn:'+(MU::Cloud::AWS.isGovCloud? ? "aws-us-gov" : "aws")+':s3:::<%= $bucketname %>"
+			},
+			{
+				"Sid": "AWSCloudTrailWrite20131101",
+				"Effect": "Allow",
+        "Principal": {
+          "AWS": "arn:'+(MU::Cloud::AWS.isGovCloud? ? "aws-us-gov" : "aws")+':iam::<%= MU.account_number %>:root",
+          "Service": "cloudtrail.amazonaws.com"
+        },
+				"Action": "s3:PutObject",
+				"Resource": "arn:'+(MU::Cloud::AWS.isGovCloud? ? "aws-us-gov" : "aws")+':s3:::<%= $bucketname %>/AWSLogs/<%= MU.account_number %>/*",
+				"Condition": {
+					"StringEquals": {
+						"s3:x-amz-acl": "bucket-owner-full-control"
+					}
+				}
+			}
+		]
+	}'
+end