RubyGems - cloud-mu - Versions diffs - 1.9.0.pre.beta - Mend

cloud-mu 1.9.0.pre.beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (618) hide show

checksums.yaml +7 -0
data/Berksfile +56 -0
data/Berksfile.lock +250 -0
data/Jenkinsfile +184 -0
data/LICENSE.md +37 -0
data/README.md +26 -0
data/bin/mu-aws-setup +376 -0
data/bin/mu-cleanup +68 -0
data/bin/mu-configure +1133 -0
data/bin/mu-deploy +166 -0
data/bin/mu-firewall-allow-clients +30 -0
data/bin/mu-gcp-setup +200 -0
data/bin/mu-gen-docs +34 -0
data/bin/mu-gen-env +42 -0
data/bin/mu-load-config.rb +158 -0
data/bin/mu-node-manage +683 -0
data/bin/mu-self-update +228 -0
data/bin/mu-ssh +23 -0
data/bin/mu-tunnel-nagios +144 -0
data/bin/mu-upload-chef-artifacts +757 -0
data/bin/mu-user-manage +275 -0
data/cookbooks/awscli/LICENSE +37 -0
data/cookbooks/awscli/README.md +58 -0
data/cookbooks/awscli/attributes/default.rb +1 -0
data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
data/cookbooks/awscli/metadata.rb +20 -0
data/cookbooks/awscli/recipes/default.rb +56 -0
data/cookbooks/awscli/templates/default/config.erb +18 -0
data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
data/cookbooks/mu-activedirectory/LICENSE +37 -0
data/cookbooks/mu-activedirectory/README.md +6 -0
data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
data/cookbooks/mu-activedirectory/metadata.rb +17 -0
data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
data/cookbooks/mu-firewall/LICENSE +37 -0
data/cookbooks/mu-firewall/README.md +5 -0
data/cookbooks/mu-firewall/attributes/default.rb +3 -0
data/cookbooks/mu-firewall/metadata.rb +16 -0
data/cookbooks/mu-firewall/recipes/default.rb +10 -0
data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
data/cookbooks/mu-glusterfs/LICENSE +37 -0
data/cookbooks/mu-glusterfs/README.md +5 -0
data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
data/cookbooks/mu-glusterfs/metadata.rb +17 -0
data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
data/cookbooks/mu-jenkins/LICENSE +37 -0
data/cookbooks/mu-jenkins/README.md +105 -0
data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
data/cookbooks/mu-jenkins/metadata.rb +21 -0
data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
data/cookbooks/mu-master/CHANGELOG.md +13 -0
data/cookbooks/mu-master/LICENSE +37 -0
data/cookbooks/mu-master/README.md +6 -0
data/cookbooks/mu-master/attributes/default.rb +95 -0
data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
data/cookbooks/mu-master/files/default/pam_sshd +18 -0
data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
data/cookbooks/mu-master/files/default/vimrc +19 -0
data/cookbooks/mu-master/libraries/mu.rb +29 -0
data/cookbooks/mu-master/metadata.rb +30 -0
data/cookbooks/mu-master/providers/user.rb +41 -0
data/cookbooks/mu-master/recipes/389ds.rb +164 -0
data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
data/cookbooks/mu-master/recipes/default.rb +451 -0
data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
data/cookbooks/mu-master/recipes/init.rb +542 -0
data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
data/cookbooks/mu-master/recipes/sssd.rb +89 -0
data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
data/cookbooks/mu-master/recipes/vault.rb +111 -0
data/cookbooks/mu-master/resources/user.rb +19 -0
data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
data/cookbooks/mu-mongo/LICENSE +37 -0
data/cookbooks/mu-mongo/README.md +5 -0
data/cookbooks/mu-mongo/attributes/default.rb +22 -0
data/cookbooks/mu-mongo/files/default/keyfile +16 -0
data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
data/cookbooks/mu-mongo/metadata.rb +17 -0
data/cookbooks/mu-mongo/recipes/default.rb +149 -0
data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
data/cookbooks/mu-openvpn/LICENSE +37 -0
data/cookbooks/mu-openvpn/README.md +6 -0
data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
data/cookbooks/mu-openvpn/metadata.rb +18 -0
data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
data/cookbooks/mu-php54/CHANGELOG.md +12 -0
data/cookbooks/mu-php54/LICENSE +37 -0
data/cookbooks/mu-php54/README.md +0 -0
data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
data/cookbooks/mu-php54/metadata.rb +21 -0
data/cookbooks/mu-php54/recipes/default.rb +97 -0
data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
data/cookbooks/mu-splunk/LICENSE +37 -0
data/cookbooks/mu-splunk/README.md +451 -0
data/cookbooks/mu-splunk/attributes/default.rb +95 -0
data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
data/cookbooks/mu-splunk/metadata.json +30 -0
data/cookbooks/mu-splunk/metadata.rb +17 -0
data/cookbooks/mu-splunk/recipes/client.rb +143 -0
data/cookbooks/mu-splunk/recipes/default.rb +31 -0
data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
data/cookbooks/mu-splunk/recipes/server.rb +53 -0
data/cookbooks/mu-splunk/recipes/service.rb +95 -0
data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
data/cookbooks/mu-splunk/recipes/user.rb +34 -0
data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
data/cookbooks/mu-tools/CHANGELOG.md +12 -0
data/cookbooks/mu-tools/LICENSE +37 -0
data/cookbooks/mu-tools/README.md +188 -0
data/cookbooks/mu-tools/attributes/default.rb +142 -0
data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
data/cookbooks/mu-tools/files/default/mypol.te +37 -0
data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
data/cookbooks/mu-tools/files/default/ntrights +0 -0
data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
data/cookbooks/mu-tools/libraries/helper.rb +292 -0
data/cookbooks/mu-tools/metadata.rb +28 -0
data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
data/cookbooks/mu-tools/recipes/efs.rb +70 -0
data/cookbooks/mu-tools/recipes/eks.rb +160 -0
data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
data/cookbooks/mu-tools/recipes/updates.rb +96 -0
data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
data/cookbooks/mu-tools/resources/disk.rb +88 -0
data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
data/cookbooks/mu-utility/CHANGELOG.md +12 -0
data/cookbooks/mu-utility/LICENSE +37 -0
data/cookbooks/mu-utility/README.md +6 -0
data/cookbooks/mu-utility/attributes/default.rb +1 -0
data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
data/cookbooks/mu-utility/metadata.rb +16 -0
data/cookbooks/mu-utility/recipes/apt.rb +23 -0
data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
data/cookbooks/mu-utility/recipes/luks.rb +18 -0
data/cookbooks/mu-utility/recipes/nat.rb +104 -0
data/cookbooks/mu-utility/recipes/php.rb +33 -0
data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
data/cookbooks/mu-utility/recipes/remi.rb +44 -0
data/cookbooks/mu-utility/recipes/vim.rb +26 -0
data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
data/cookbooks/mu-utility/recipes/zip.rb +26 -0
data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
data/cookbooks/nagios/Berksfile +8 -0
data/cookbooks/nagios/CHANGELOG.md +589 -0
data/cookbooks/nagios/CONTRIBUTING.md +11 -0
data/cookbooks/nagios/LICENSE +37 -0
data/cookbooks/nagios/README.md +328 -0
data/cookbooks/nagios/TESTING.md +2 -0
data/cookbooks/nagios/attributes/config.rb +171 -0
data/cookbooks/nagios/attributes/default.rb +228 -0
data/cookbooks/nagios/chefignore +102 -0
data/cookbooks/nagios/definitions/command.rb +33 -0
data/cookbooks/nagios/definitions/contact.rb +33 -0
data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
data/cookbooks/nagios/definitions/host.rb +33 -0
data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
data/cookbooks/nagios/definitions/resource.rb +33 -0
data/cookbooks/nagios/definitions/service.rb +33 -0
data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
data/cookbooks/nagios/libraries/base.rb +314 -0
data/cookbooks/nagios/libraries/command.rb +91 -0
data/cookbooks/nagios/libraries/contact.rb +230 -0
data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
data/cookbooks/nagios/libraries/custom_option.rb +36 -0
data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
data/cookbooks/nagios/libraries/default.rb +90 -0
data/cookbooks/nagios/libraries/host.rb +412 -0
data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
data/cookbooks/nagios/libraries/nagios.rb +282 -0
data/cookbooks/nagios/libraries/resource.rb +59 -0
data/cookbooks/nagios/libraries/service.rb +455 -0
data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
data/cookbooks/nagios/libraries/users_helper.rb +54 -0
data/cookbooks/nagios/metadata.rb +25 -0
data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
data/cookbooks/nagios/recipes/apache.rb +48 -0
data/cookbooks/nagios/recipes/default.rb +204 -0
data/cookbooks/nagios/recipes/nginx.rb +82 -0
data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
data/cookbooks/nagios/recipes/server_package.rb +40 -0
data/cookbooks/nagios/recipes/server_source.rb +164 -0
data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
data/cookbooks/s3fs/CHANGELOG.md +13 -0
data/cookbooks/s3fs/LICENSE +37 -0
data/cookbooks/s3fs/README.md +6 -0
data/cookbooks/s3fs/attributes/default.rb +15 -0
data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
data/cookbooks/s3fs/metadata.rb +16 -0
data/cookbooks/s3fs/recipes/default.rb +91 -0
data/data_bags/demo/app.json +7 -0
data/data_bags/nagios_services/chef.json +6 -0
data/data_bags/nagios_services/linux_diskspace.json +5 -0
data/data_bags/nagios_services/momma_cat.json +6 -0
data/data_bags/nagios_services/mu-master-memory.json +5 -0
data/data_bags/nagios_services/nagios_ui.json +6 -0
data/data_bags/nagios_services/node_ssh.json +6 -0
data/data_bags/nagios_services/ssh.json +6 -0
data/demo/lambda_test.yaml +29 -0
data/environments/DEV.json +8 -0
data/environments/PROD.json +8 -0
data/environments/dev.json +8 -0
data/environments/development.json +8 -0
data/environments/prod.json +8 -0
data/extras/README.md +1 -0
data/extras/admin-role-binding.yaml +16 -0
data/extras/admin-user.yaml +6 -0
data/extras/aws-auth-cm.yaml.erb +12 -0
data/extras/clean-stock-amis +48 -0
data/extras/git-fix-permissions-hook +12 -0
data/extras/gitlab-eks-helper.sh.erb +20 -0
data/extras/image-generators/README.md +2 -0
data/extras/image-generators/aws/centos6.yaml +18 -0
data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
data/extras/image-generators/aws/centos7.yaml +17 -0
data/extras/image-generators/aws/rhel7.yaml +17 -0
data/extras/image-generators/aws/win2k12.yaml +16 -0
data/extras/image-generators/aws/win2k16.yaml +16 -0
data/extras/image-generators/aws/windows.yaml +18 -0
data/extras/image-generators/gcp/centos6.yaml +17 -0
data/extras/lambda_waf_domain_blacklist.py +103 -0
data/extras/platform_berksfile_base +50 -0
data/extras/ruby_rpm/build.sh +17 -0
data/extras/ruby_rpm/muby.spec +44 -0
data/extras/vault_tools/README.md +6 -0
data/extras/vault_tools/export_vaults.sh +3 -0
data/extras/vault_tools/recreate_vaults.sh +5 -0
data/extras/vault_tools/test_vaults.sh +5 -0
data/install/README.md +8 -0
data/install/cfn_create_mu_master.json +1034 -0
data/install/chef-server.rb.erb +19 -0
data/install/deprecated-bash-library.sh +1891 -0
data/install/images/Usage.png +0 -0
data/install/installer +71 -0
data/install/jenkinskeys.rb +8 -0
data/install/user-dot-murc.erb +14 -0
data/modules/html.erb +19 -0
data/modules/mommacat.ru +426 -0
data/modules/mu/cleanup.rb +339 -0
data/modules/mu/cloud.rb +1446 -0
data/modules/mu/clouds/README.md +201 -0
data/modules/mu/clouds/aws/alarm.rb +319 -0
data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
data/modules/mu/clouds/aws/collection.rb +373 -0
data/modules/mu/clouds/aws/container_cluster.rb +667 -0
data/modules/mu/clouds/aws/database.rb +1836 -0
data/modules/mu/clouds/aws/dnszone.rb +911 -0
data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
data/modules/mu/clouds/aws/folder.rb +92 -0
data/modules/mu/clouds/aws/function.rb +349 -0
data/modules/mu/clouds/aws/group.rb +251 -0
data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
data/modules/mu/clouds/aws/log.rb +363 -0
data/modules/mu/clouds/aws/msg_queue.rb +480 -0
data/modules/mu/clouds/aws/notification.rb +139 -0
data/modules/mu/clouds/aws/role.rb +656 -0
data/modules/mu/clouds/aws/search_domain.rb +646 -0
data/modules/mu/clouds/aws/server.rb +2294 -0
data/modules/mu/clouds/aws/server_pool.rb +1388 -0
data/modules/mu/clouds/aws/storage_pool.rb +495 -0
data/modules/mu/clouds/aws/user.rb +382 -0
data/modules/mu/clouds/aws/userdata/README.md +4 -0
data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
data/modules/mu/clouds/aws/vpc.rb +1943 -0
data/modules/mu/clouds/aws.rb +1009 -0
data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
data/modules/mu/clouds/cloudformation/collection.rb +117 -0
data/modules/mu/clouds/cloudformation/database.rb +278 -0
data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
data/modules/mu/clouds/cloudformation/log.rb +170 -0
data/modules/mu/clouds/cloudformation/server.rb +370 -0
data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
data/modules/mu/clouds/cloudformation.rb +733 -0
data/modules/mu/clouds/docker.rb +30 -0
data/modules/mu/clouds/google/container_cluster.rb +290 -0
data/modules/mu/clouds/google/database.rb +152 -0
data/modules/mu/clouds/google/firewall_rule.rb +267 -0
data/modules/mu/clouds/google/group.rb +164 -0
data/modules/mu/clouds/google/loadbalancer.rb +479 -0
data/modules/mu/clouds/google/server.rb +1510 -0
data/modules/mu/clouds/google/server_pool.rb +274 -0
data/modules/mu/clouds/google/user.rb +266 -0
data/modules/mu/clouds/google/userdata/README.md +4 -0
data/modules/mu/clouds/google/userdata/linux.erb +137 -0
data/modules/mu/clouds/google/userdata/windows.erb +275 -0
data/modules/mu/clouds/google/vpc.rb +890 -0
data/modules/mu/clouds/google.rb +811 -0
data/modules/mu/config/README.md +11 -0
data/modules/mu/config/alarm.rb +271 -0
data/modules/mu/config/cache_cluster.rb +172 -0
data/modules/mu/config/collection.rb +87 -0
data/modules/mu/config/container_cluster.rb +103 -0
data/modules/mu/config/container_cluster.yml +36 -0
data/modules/mu/config/database.rb +458 -0
data/modules/mu/config/database.yml +26 -0
data/modules/mu/config/dnszone.rb +327 -0
data/modules/mu/config/firewall_rule.rb +118 -0
data/modules/mu/config/folder.rb +70 -0
data/modules/mu/config/function.rb +140 -0
data/modules/mu/config/group.rb +64 -0
data/modules/mu/config/loadbalancer.rb +482 -0
data/modules/mu/config/log.rb +47 -0
data/modules/mu/config/log.yml +6 -0
data/modules/mu/config/msg_queue.rb +47 -0
data/modules/mu/config/msg_queue.yml +9 -0
data/modules/mu/config/notification.rb +44 -0
data/modules/mu/config/project.rb +71 -0
data/modules/mu/config/role.rb +102 -0
data/modules/mu/config/search_domain.rb +61 -0
data/modules/mu/config/search_domain.yml +25 -0
data/modules/mu/config/server.rb +587 -0
data/modules/mu/config/server.yml +8 -0
data/modules/mu/config/server_pool.rb +216 -0
data/modules/mu/config/server_pool.yml +71 -0
data/modules/mu/config/storage_pool.rb +145 -0
data/modules/mu/config/user.rb +78 -0
data/modules/mu/config/vpc.rb +743 -0
data/modules/mu/config/vpc.yml +6 -0
data/modules/mu/config.rb +2000 -0
data/modules/mu/defaults/README.md +2 -0
data/modules/mu/defaults/amazon_images.yaml +121 -0
data/modules/mu/defaults/google_images.yaml +16 -0
data/modules/mu/deploy.rb +686 -0
data/modules/mu/groomer.rb +123 -0
data/modules/mu/groomers/README.md +58 -0
data/modules/mu/groomers/chef.rb +1024 -0
data/modules/mu/kittens.rb +11319 -0
data/modules/mu/logger.rb +208 -0
data/modules/mu/master/README.md +27 -0
data/modules/mu/master/chef.rb +471 -0
data/modules/mu/master/ldap.rb +1005 -0
data/modules/mu/master.rb +415 -0
data/modules/mu/mommacat.rb +2703 -0
data/modules/mu-load-config.rb +1 -0
data/modules/mu.rb +724 -0
data/modules/scratchpad.erb +1 -0
data/modules/tests/super_complex_bok.yml +41 -0
data/modules/tests/super_simple_bok.yml +40 -0
data/mu.gemspec +62 -0
data/roles/demo-dbservice-configure.json +19 -0
data/roles/demo-portal-configure.json +19 -0
data/roles/mu-master-jenkins.json +24 -0
data/roles/mu-master-nagios-only.json +13 -0
data/roles/mu-master.json +12 -0
data/roles/mu-node.json +19 -0
data/roles/mu-splunk-server.json +13 -0
data/roles/mu-splunk.json +13 -0
data/test/clean_up.py +25 -0
data/test/demo-test-profile/README.md +3 -0
data/test/demo-test-profile/controls/flask.rb +84 -0
data/test/demo-test-profile/inspec.lock +7 -0
data/test/demo-test-profile/inspec.yml +11 -0
data/test/etco-test-profile/README.md +3 -0
data/test/etco-test-profile/controls/all-in-one.rb +182 -0
data/test/etco-test-profile/inspec.lock +7 -0
data/test/etco-test-profile/inspec.yml +11 -0
data/test/exec_inspec.py +246 -0
data/test/exec_mu_install.py +241 -0
data/test/exec_retry.py +44 -0
data/test/mu-master-test/README.md +3 -0
data/test/mu-master-test/controls/all_in_one.rb +557 -0
data/test/mu-master-test/inspec.lock +3 -0
data/test/mu-master-test/inspec.yml +11 -0
data/test/mu-tools-test/README.md +3 -0
data/test/mu-tools-test/controls/base.rb +265 -0
data/test/mu-tools-test/inspec.lock +3 -0
data/test/mu-tools-test/inspec.yml +8 -0
data/test/simple-server-php-test/README.md +3 -0
data/test/simple-server-php-test/controls/apachephp.rb +25 -0
data/test/simple-server-php-test/controls/example.rb +19 -0
data/test/simple-server-php-test/inspec.lock +7 -0
data/test/simple-server-php-test/inspec.yml +12 -0
data/test/simple-server-rails-test/README.md +3 -0
data/test/simple-server-rails-test/controls/rails.rb +188 -0
data/test/simple-server-rails-test/inspec.lock +7 -0
data/test/simple-server-rails-test/inspec.yml +11 -0
data/test/simple-windows-test/README.md +3 -0
data/test/simple-windows-test/controls/windows.rb +20 -0
data/test/simple-windows-test/inspec.lock +7 -0
data/test/simple-windows-test/inspec.yml +11 -0
data/test/smoke_test.rb +75 -0
data/test/wordpress-test/README.md +3 -0
data/test/wordpress-test/controls/wordpress.rb +97 -0
data/test/wordpress-test/inspec.lock +7 -0
data/test/wordpress-test/inspec.yml +11 -0
metadata +979 -0

data/cookbooks/mu-master/recipes/init.rb ADDED Viewed

@@ -0,0 +1,542 @@
+# Cookbook Name:: mu-master
+# Recipe:: init
+#
+# Copyright:: Copyright (c) 2017 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# This recipe is meant to be invoked standalone, by chef-apply. It can safely
+# be invoked during a regular chef-client run.
+#
+# When modifying this recipe, DO NOT ADD EXTERNAL DEPENDENCIES. That means no
+# references to other cookbooks, no include_recipes, no cookbook_files, no
+# templates.
+require 'etc'
+require 'open-uri'
+require 'socket'
+# If we're invoked with a stripped-down environment, many of our guards and
+# execs will fail. Append the stuff that's typically missing. Note that even
+# if we hardcode all of our own paths to commands things still break, due to
+# things that spawn commands of their own with the environment they inherit
+# from us.
+ENV['PATH'] = ENV['PATH']+":/bin:/opt/opscode/embedded/bin"
+# XXX We want to be able to override these things when invoked from chef-apply,
+# but, like, how?
+CHEF_SERVER_VERSION="12.17.15-1"
+CHEF_CLIENT_VERSION="14.4.56"
+KNIFE_WINDOWS="1.9.0"
+MU_BASE="/opt/mu"
+MU_BRANCH="i_yam_what_i_yam" # GIT HOOK EDITABLE DO NOT TOUCH
+realbranch=`cd #{MU_BASE}/lib && git rev-parse --abbrev-ref HEAD`
+if ENV.key?('MU_BRANCH')
+  MU_BRANCH = ENV['MU_BRANCH']
+elsif $?.exitstatus == 0
+  MU_BRANCH=realbranch.chomp
+else
+  MU_BRANCH="master"
+end
+begin
+  resources('service[sshd]')
+rescue Chef::Exceptions::ResourceNotFound
+  service "sshd" do
+    action :nothing
+  end
+end
+if File.read("/etc/ssh/sshd_config").match(/^AllowUsers\s+([^\s]+)(?:\s|$)/)
+  SSH_USER = Regexp.last_match[1].chomp
+else
+  execute "sed -i 's/PermitRootLogin no/PermitRootLogin yes/' /etc/ssh/sshd_config" do
+    only_if "grep 'PermitRootLogin no' /etc/ssh/sshd_config"
+    notifies :restart, "service[sshd]", :immediately
+  end
+  SSH_USER="root"
+end
+RUNNING_STANDALONE=node['application_attributes'].nil?
+service "iptables" do
+  ignore_failure true
+  action :nothing
+  only_if "( /bin/systemctl -l --no-pager | grep iptables.service ) || ( /sbin/chkconfig --list | grep ^iptables )"
+end
+# These guys are a workaround for Opscode bugs that seems to affect some Chef
+# Server upgrades.
+directory "/var/run/postgresql" do
+  mode 0755
+#  owner "opscode-pgsql"
+#  group "opscode-pgsql"
+  action :nothing
+end
+#link "/tmp/.s.PGSQL.5432" do
+#  to "/var/run/postgresql/.s.PGSQL.5432"
+#  owner "opscode-pgsql"
+#  group "opscode-pgsql"
+#  action :nothing
+#  only_if { !::File.exists?("/tmp/.s.PGSQL.5432") }
+#  only_if { ::File.exists?("/var/run/postgresql/.s.PGSQL.5432") }
+#end
+link "/var/run/postgresql/.s.PGSQL.5432" do
+  to "/tmp/.s.PGSQL.5432"
+#  owner "opscode-pgsql"
+#  group "opscode-pgsql"
+  notifies :create, "directory[/var/run/postgresql]", :before
+  only_if { !::File.exists?("/var/run/postgresql/.s.PGSQL.5432") }
+#  only_if { ::File.exists?("/tmp/.s.PGSQL.5432") }
+end
+execute "Chef Server rabbitmq workaround" do
+  # This assumes we get clean stop, which *should* be the case if we execute
+  # before any upgrade or reconfigure. If that assumption is wrong we'd prepend:
+  # stop private-chef-runsvdir ; ps auxww | egrep '(opscode|runsv|postgres)' | grep -v grep | awk '{print $2}' | xargs kill
+  command "rm -rf /var/log/opscode/rabbitmq/* /var/opt/opscode/rabbitmq/* /var/opt/opscode/rabbitmq/.??*"
+  action :nothing
+  notifies :stop, "service[chef-server]", :before
+end
+remote_file "back up /etc/hosts" do
+  path "/etc/hosts.muinstaller"
+  source "file:///etc/hosts"
+  action :nothing
+end
+file "use a clean /etc/hosts during install" do
+  path "/etc/hosts"
+  content "
+127.0.0.1       localhost
+::1     localhost6.localdomain6 localhost6
+"
+  notifies :create, "remote_file[back up /etc/hosts]", :before
+  only_if { RUNNING_STANDALONE }
+  not_if { ::Dir.exists?("#{MU_BASE}/lib/.git") }
+end
+execute "reconfigure Chef server" do
+  command "/opt/opscode/bin/chef-server-ctl reconfigure"
+  action :nothing
+  notifies :stop, "service[iptables]", :before
+#  notifies :create, "link[/tmp/.s.PGSQL.5432]", :before
+  notifies :create, "link[/var/run/postgresql/.s.PGSQL.5432]", :before
+  notifies :restart, "service[chef-server]", :immediately
+  notifies :start, "service[iptables]", :immediately
+  only_if { RUNNING_STANDALONE }
+end
+execute "upgrade Chef server" do
+  command "/opt/opscode/bin/chef-server-ctl upgrade"
+  action :nothing
+  timeout 1200 # this can take a while
+  notifies :stop, "service[iptables]", :before
+  notifies :run, "execute[Chef Server rabbitmq workaround]", :before
+#  notifies :create, "link[/tmp/.s.PGSQL.5432]", :before
+  notifies :create, "link[/var/run/postgresql/.s.PGSQL.5432]", :before
+  notifies :start, "service[iptables]", :immediately
+  only_if { RUNNING_STANDALONE }
+end
+service "chef-server" do
+  restart_command "/opt/opscode/bin/chef-server-ctl restart"
+  stop_command "/opt/opscode/bin/chef-server-ctl stop"
+  start_command "/opt/opscode/bin/chef-server-ctl start"
+  pattern "/opt/opscode/embedded/sbin/nginx"
+  action :nothing
+#  notifies :create, "link[/tmp/.s.PGSQL.5432]", :before
+#  notifies :create, "link[/var/run/postgresql/.s.PGSQL.5432]", :before
+  notifies :stop, "service[iptables]", :before
+  notifies :start, "service[iptables]", :immediately
+  only_if { RUNNING_STANDALONE }
+end
+basepackages = []
+removepackages = []
+rpms = {}
+dpkgs = {}
+elversion = node['platform_version'].to_i > 2000 ? 6 : node['platform_version'].to_i
+if platform_family?("rhel")
+  basepackages = ["git", "curl", "diffutils", "patch", "gcc", "gcc-c++", "make", "postgresql-devel", "libyaml", "libffi-devel"]
+#        package epel-release-6-8.9.amzn1.noarch (which is newer than epel-release-6-8.noarch) is already installed
+  rpms = {
+    "epel-release" => "http://dl.fedoraproject.org/pub/epel/epel-release-latest-#{elversion}.noarch.rpm",
+    "chef-server-core" => "https://packages.chef.io/files/stable/chef-server/#{CHEF_SERVER_VERSION.sub(/\-\d+$/, "")}/el/#{elversion}/chef-server-core-#{CHEF_SERVER_VERSION}.el#{elversion}.x86_64.rpm"
+  }
+  if elversion < 6 or elversion >= 8
+    raise "Mu Masters on RHEL-family hosts must be equivalent to RHEL6 or RHEL7 (got #{elversion.to_s})"
+  # RHEL6, CentOS6, Amazon Linux
+  elsif elversion < 7
+    basepackages.concat(["mysql-devel"])
+    rpms["ruby25"] = "https://s3.amazonaws.com/cloudamatic/muby-2.5.3-1.el6.x86_64.rpm"
+    removepackages = ["nagios"]
+  # RHEL7, CentOS7
+  elsif elversion < 8
+    basepackages.concat(["libX11", "tcl", "tk", "mariadb-devel"])
+    rpms["ruby25"] = "https://s3.amazonaws.com/cloudamatic/muby-2.5.3-1.el7.x86_64.rpm"
+    removepackages = ["nagios", "firewalld"]
+  end
+  # Amazon Linux
+  if node['platform_version'].to_i > 2000
+    basepackages.concat(["compat-libffi5"])
+    rpms.delete("epel-release")
+  end
+else
+  raise "Mu Masters are currently only supported on RHEL-family hosts."
+end
+package basepackages
+directory MU_BASE do
+  recursive true
+  mode 0755
+end
+bash "set git default branch to #{MU_BRANCH}" do
+  cwd "#{MU_BASE}/lib"
+  code <<-EOH
+    git config branch.#{MU_BRANCH}.remote origin
+    git config branch.#{MU_BRANCH}.merge refs/heads/#{MU_BRANCH}
+    git checkout #{MU_BRANCH}
+  EOH
+  action :nothing
+end
+git "#{MU_BASE}/lib" do
+  repository "git://github.com/cloudamatic/mu.git"
+  revision MU_BRANCH
+  checkout_branch MU_BRANCH
+  enable_checkout false
+  not_if { ::Dir.exists?("#{MU_BASE}/lib/.git") }
+  notifies :run, "bash[set git default branch to #{MU_BRANCH}]", :immediately
+end
+# Enable some git hook weirdness for Mu developers
+["post-merge", "post-checkout", "post-rewrite"].each { |hook|
+  remote_file "#{MU_BASE}/lib/.git/hooks/#{hook}" do
+    source "file://#{MU_BASE}/lib/extras/git-fix-permissions-hook"
+    mode 0755
+  end
+}
+file  "#{MU_BASE}/lib/.git/hooks/pre-commit" do
+  action :delete
+end
+[MU_BASE+"/var", MU_BASE+"/install", MU_BASE+"/deprecated-bash-library.sh"].each do |dir|
+  directory dir do
+    recursive true
+    mode 0755
+  end
+end
+# Stub files so standalone Ruby programs like mu-configure can know what
+# version to install/find without loading the full Mu library.
+file "#{MU_BASE}/var/mu-chef-client-version" do
+  content CHEF_CLIENT_VERSION
+  mode 0644
+end
+file "#{MU_BASE}/var/mu-chef-server-version" do
+  content CHEF_SERVER_VERSION
+  mode 0644
+end
+# Account for Chef Server upgrades, which require some extra behavior
+execute "move aside old Chef Server files" do
+        command "mv /opt/opscode /opt/opscode.upgrading.backup"
+  notifies :run, "execute[rm -rf /opt/opscode.upgrading.backup]", :delayed
+  action :nothing
+end
+execute "rm -rf /opt/opscode.upgrading.backup" do
+  action :nothing
+end
+rpm_package "Chef Server upgrade package" do
+  source rpms["chef-server-core"]
+  action :upgrade
+  only_if "rpm -q chef-server-core"
+  notifies :run, "execute[move aside old Chef Server files]", :before
+  notifies :run, "execute[upgrade Chef server]", :immediately
+  notifies :run, "execute[reconfigure Chef server]", :immediately
+  notifies :restart, "service[chef-server]", :immediately
+  only_if { RUNNING_STANDALONE }
+end
+# REMOVE OLD RUBYs
+execute "clean up old Ruby 2.1.6" do
+  command "rm -rf /opt/rubies/ruby-2.1.6"
+  only_if { ::Dir.exists?("/opt/rubies/ruby-2.1.6") }
+end
+yum_package 'ruby23-2.3.1-1.el7.centos.x86_64' do
+  action :purge
+end
+execute "Kill ruby-2.3.1" do
+  command "yum erase ruby23-2.3.1-1.el7.centos.x86_64 -y"
+  only_if { ::Dir.exists?("/opt/rubies/ruby-2.3.1") }
+end
+execute "clean up old ruby-2.3.1" do
+  command "rm -rf /opt/rubies/ruby-2.3.1"
+  only_if { ::Dir.exists?("/opt/rubies/ruby-2.3.1") }
+end
+# Regular old rpm-based installs
+rpms.each_pair { |pkg, src|
+  rpm_package pkg do
+    source src
+    if pkg == "ruby25"
+      options '--prefix=/opt/rubies/'
+    end
+    if pkg == "chef-server-core" and File.size?("/etc/opscode/chef-server.rb")
+      # On a normal install this will execute when we set up chef-server.rb,
+      # but on a reinstall or an install on an image where that file already
+      # exists, we need to invoke this some other way.
+      notifies :run, "execute[reconfigure Chef server]", :immediately
+      only_if { RUNNING_STANDALONE }
+    end
+  end
+}
+package "jq"
+package removepackages do
+  action :remove
+end
+file "initial chef-server.rb" do
+  path "/etc/opscode/chef-server.rb"
+  content "server_name='127.0.0.1'
+api_fqdn server_name
+nginx['server_name'] = server_name
+nginx['enable_non_ssl'] = false
+nginx['non_ssl_port'] = 81
+nginx['ssl_port'] = 7443
+nginx['ssl_ciphers'] = 'HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK'
+nginx['ssl_protocols'] = 'TLSv1.2'
+bookshelf['external_url'] = 'https://127.0.0.1:7443'
+bookshelf['vip_port'] = 7443\n"
+  not_if { ::File.size?("/etc/opscode/chef-server.rb") }
+  notifies :run, "execute[reconfigure Chef server]", :immediately
+end
+["bin", "etc", "lib", "var/users/mu", "var/deployments", "var/orgs/mu"].each { |mudir|
+  directory "#{MU_BASE}/#{mudir}" do
+    mode mudir.match(/^var\//) ? 0700 : 0755
+    owner "root"
+    recursive true
+  end
+}
+file "#{MU_BASE}/var/users/mu/email" do
+  if $MU_CFG
+    content "#{$MU_CFG['mu_admin_email']}\n"
+  else
+    content "root@example.com\n"
+  end
+end
+file "#{MU_BASE}/var/users/mu/realname" do
+  if $MU_CFG
+    content "#{$MU_CFG['mu_admin_name']}\n"
+  else
+    content "Mu Administrator\n"
+  end
+end
+["mu-aws-setup", "mu-cleanup", "mu-configure", "mu-deploy", "mu-firewall-allow-clients", "mu-gen-docs", "mu-load-config.rb", "mu-node-manage", "mu-tunnel-nagios", "mu-upload-chef-artifacts", "mu-user-manage", "mu-ssh"].each { |exe|
+  link "#{MU_BASE}/bin/#{exe}" do
+    to "#{MU_BASE}/lib/bin/#{exe}"
+  end
+  file "#{MU_BASE}/lib/bin/#{exe}" do
+    mode 0755
+  end
+}
+remote_file "#{MU_BASE}/bin/mu-self-update" do
+  source "file://#{MU_BASE}/lib/bin/mu-self-update"
+  mode 0755
+end
+["/usr/local/ruby-current", "/opt/chef/embedded"].each { |rubydir|
+  gembin = rubydir+"/bin/gem"
+  gemdir = Dir.glob("#{rubydir}/lib/ruby/gems/?.?.?/gems").last
+  bundler_path = gembin.sub(/gem$/, "bundle")
+  bash "fix #{rubydir} gem permissions" do
+    code <<-EOH
+      find -P #{rubydir}/lib/ruby/gems/?.?.?/ #{rubydir}/lib/ruby/site_ruby/ -type d -exec chmod go+rx {} \\;
+      find -P #{rubydir}/lib/ruby/gems/?.?.?/ #{rubydir}/lib/ruby/site_ruby/ -type f -exec chmod go+r {} \\;
+      find -P #{rubydir}/bin -type f -exec chmod go+rx {} \\;
+    EOH
+    action :nothing
+  end
+  gem_package bundler_path do
+    gem_binary gembin
+    package_name "bundler"
+    action :upgrade if rubydir == "/usr/local/ruby-current"
+    notifies :run, "bash[fix #{rubydir} gem permissions]", :delayed
+  end
+  execute "#{bundler_path} install" do
+    cwd "#{MU_BASE}/lib/modules"
+    umask 0022
+    not_if "#{bundler_path} check"
+    notifies :run, "bash[fix #{rubydir} gem permissions]", :delayed
+    notifies :restart, "service[chef-server]", :delayed if rubydir == "/opt/opscode/embedded"
+    # XXX notify mommacat if we're *not* in chef-apply... RUNNING_STANDALONE
+  end
+  # Expunge old versions of knife-windows
+  if !gemdir.nil?
+    Dir.glob("#{gemdir}/knife-windows-*").each { |dir|
+      next if dir.match(/\/knife-windows-(#{Regexp.quote(KNIFE_WINDOWS)})$/)
+      dir.match(/\/knife-windows-([^\/]+)$/)
+      gem_package "purge #{rubydir} knife windows #{Regexp.last_match[1]} #{gembin}" do
+        gem_binary gembin
+        package_name "knife-windows"
+        version Regexp.last_match[1]
+        action :remove
+        only_if { ::Dir.exists?(dir) }
+        only_if { ::Dir.exists?(gemdir) }
+      end
+      execute "rm -rf #{gemdir}/knife-windows-#{Regexp.last_match[1]}"
+    }
+# XXX rely on bundler to get this right for us
+#    gem_package "#{rubydir} knife-windows #{KNIFE_WINDOWS} #{gembin}" do
+#      gem_binary gembin
+#      package_name "knife-windows"
+#      version KNIFE_WINDOWS
+#      notifies :restart, "service[chef-server]", :delayed if rubydir == "/opt/opscode/embedded"
+#      # XXX notify mommacat if we're *not* in chef-apply... RUNNING_STANDALONE
+#    end
+#    execute "Patch #{rubydir}'s knife-windows for Cygwin SSH bootstraps" do
+#      cwd "#{gemdir}/knife-windows-#{KNIFE_WINDOWS}"
+#      command "patch -p1 < #{MU_BASE}/lib/install/knife-windows-cygwin-#{KNIFE_WINDOWS}.patch"
+#      not_if "grep -i 'locate_config_value(:cygwin)' #{gemdir}/knife-windows-#{KNIFE_WINDOWS}/lib/chef/knife/bootstrap_windows_base.rb"
+#      notifies :restart, "service[chef-server]", :delayed if rubydir == "/opt/opscode/embedded"
+#      only_if { ::Dir.exists?(gemdir) }
+      # XXX notify mommacat if we're *not* in chef-apply... RUNNING_STANDALONE
+#    end
+  end
+}
+# Get a 'mu' Chef org in place and populate it with artifacts
+directory "/root/.chef"
+execute "knife ssl fetch" do
+  action :nothing
+end
+execute "initial Chef artifact upload" do
+  command "MU_INSTALLDIR=#{MU_BASE} MU_LIBDIR=#{MU_BASE}/lib MU_DATADIR=#{MU_BASE}/var #{MU_BASE}/lib/bin/mu-upload-chef-artifacts"
+  action :nothing
+  notifies :stop, "service[iptables]", :before
+  notifies :run, "execute[knife ssl fetch]", :before
+  notifies :start, "service[iptables]", :immediately
+  only_if { RUNNING_STANDALONE }
+end
+chef_gem "simple-password-gen" do
+  compile_time true
+end
+require "simple-password-gen"
+# XXX this would make an awesome library
+execute "create mu Chef user" do
+  command "/opt/opscode/bin/chef-server-ctl user-create mu Mu Master root@example.com #{Password.pronounceable} -f #{MU_BASE}/var/users/mu/mu.user.key"
+  umask 0277
+  not_if "/opt/opscode/bin/chef-server-ctl user-list | grep '^mu$'"
+end
+execute "create mu Chef org" do
+  command "/opt/opscode/bin/chef-server-ctl org-create mu mu -a mu -f #{MU_BASE}/var/orgs/mu/mu.org.key"
+  umask 0277
+  not_if "/opt/opscode/bin/chef-server-ctl org-list | grep '^mu$'"
+end
+# TODO copy in ~/.chef/mu.*.key to /opt/mu/var/users/mu if the stuff already exists
+file "initial root knife.rb" do
+  path "/root/.chef/knife.rb"
+  content "
+  node_name 'mu'
+  client_key '#{MU_BASE}/var/users/mu/mu.user.key'
+  validation_client_name 'mu-validator'
+  validation_key '#{MU_BASE}/var/orgs/mu/mu.org.key'
+  chef_server_url 'https://127.0.0.1:7443/organizations/mu'
+  chef_server_root 'https://127.0.0.1:7443/organizations/mu'
+  syntax_check_cache_path  '/root/.chef/syntax_check_cache'
+  cookbook_path [ '/root/.chef/cookbooks', '/root/.chef/site_cookbooks' ]
+  ssl_verify_mode :verify_none
+  knife[:vault_mode] = 'client'
+  knife[:vault_admins] = ['mu']\n"
+  only_if { !::File.size?("/root/.chef/knife.rb") }
+  notifies :run, "execute[initial Chef artifact upload]", :immediately
+end
+# Rig us up for a knife bootstrap
+SSH_DIR = "#{Etc.getpwnam(SSH_USER).dir}/.ssh"
+ROOT_SSH_DIR = "#{Etc.getpwuid(0).dir}/.ssh"
+directory SSH_DIR do
+  mode 0700
+  user SSH_USER
+end
+if SSH_DIR != ROOT_SSH_DIR
+  directory ROOT_SSH_DIR do
+    mode 0700
+  end
+end
+bash "add localhost ssh to authorized_keys and config" do
+  code <<-EOH
+    cat #{ROOT_SSH_DIR}/id_rsa.pub >> #{SSH_DIR}/authorized_keys
+    echo "Host localhost" >> #{ROOT_SSH_DIR}/config
+    echo "  IdentityFile #{ROOT_SSH_DIR}/id_rsa" >> #{ROOT_SSH_DIR}/config
+  EOH
+  action :nothing
+end
+execute "ssh-keygen -N '' -f #{ROOT_SSH_DIR}/id_rsa" do
+  umask 0177
+  not_if { ::File.exists?("#{ROOT_SSH_DIR}/id_rsa") }
+  notifies :run, "bash[add localhost ssh to authorized_keys and config]", :immediately
+end
+file "/etc/chef/client.pem" do
+  action :nothing
+end
+file "/etc/chef/validation.pem" do
+  action :nothing
+end
+execute "create MU-MASTER Chef client" do
+  if SSH_USER == "root"
+    command "/opt/chef/bin/knife bootstrap -N MU-MASTER --no-node-verify-api-cert --node-ssl-verify-mode=none 127.0.0.1"
+  else
+    command "/opt/chef/bin/knife bootstrap -N MU-MASTER --no-node-verify-api-cert --node-ssl-verify-mode=none -x #{SSH_USER} --sudo 127.0.0.1"
+  end
+  not_if "/opt/chef/bin/knife node list | grep '^MU-MASTER$'"
+  only_if "/opt/chef/bin/knife ssl check" # make sure we don't wipe ourselves due to unrelated SSL issues
+  notifies :delete, "file[/etc/chef/client.pem]", :before
+  notifies :delete, "file[/etc/chef/validation.pem]", :before
+  only_if { RUNNING_STANDALONE }
+end
+file "#{MU_BASE}/etc/mu.rc" do
+  content %Q{export MU_INSTALLDIR="#{MU_BASE}"
+  export MU_DATADIR="#{MU_BASE}/var"
+  export PATH="#{MU_BASE}/bin:/usr/local/ruby-current/bin:${PATH}:/opt/opscode/embedded/bin"
+}
+  mode 0644
+  action :create_if_missing
+end
+# Community cookbooks keep touching gems, and none of them are smart about our
+# default umask. We have to clean up after them every time.
+["/usr/local/ruby-current", "/opt/chef/embedded"].each { |rubydir|
+  execute "trigger permission fix in #{rubydir}" do
+    command "ls /etc/motd > /dev/null"
+    notifies :run, "bash[fix #{rubydir} gem permissions]", :delayed
+  end
+}

data/cookbooks/mu-master/recipes/ssl-certs.rb ADDED Viewed

@@ -0,0 +1,109 @@
+# Cookbook Name:: mu-master
+# Recipe:: ssl-certs
+#
+# Copyright:: Copyright (c) 2017 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# This recipe is meant to be invoked standalone, by chef-apply. It can safely
+# be invoked during a regular chef-client run.
+#
+# When modifying this recipe, DO NOT ADD EXTERNAL DEPENDENCIES. That means no
+# references to other cookbooks, no include_recipes, no cookbook_files, no
+# templates.
+include_recipe 'mu-master::firewall-holes'
+service_certs = ["rsyslog", "mommacat", "ldap", "consul", "vault"]
+directory "#{$MU_CFG['datadir']}/ssl"
+template "#{$MU_CFG['datadir']}/ssl/openssl.cnf" do
+  source "openssl.cnf.erb"
+  mode 0644
+  variables(
+    :mu_ssl_dir => "#{$MU_CFG['datadir']}/ssl",
+    # XXX I feel like including localhost here is bad but I can't justify that
+    # feeling, and 389ds really wants it, so for now it stays.
+    :alt_names => [$MU_CFG['public_address'], "localhost", "127.0.0.1", node['fqdn'], node['hostname'], node['local_hostname'], node['local_ipv4'], node['public_hostname'], node['public_ipv4']].uniq
+  )
+  notifies :delete, "file[#{$MU_CFG['datadir']}/ssl/Mu_CA.pem]", :immediately
+end
+execute "generate SSL CA key" do
+  command "openssl genrsa -out Mu_CA.key 4096"
+  cwd "#{$MU_CFG['datadir']}/ssl"
+  not_if { ::File.exists?("#{$MU_CFG['datadir']}/ssl/Mu_CA.key") }
+  notifies :delete, "file[#{$MU_CFG['datadir']}/ssl/CA-command.txt]", :immediately
+end
+file "#{$MU_CFG['datadir']}/ssl/Mu_CA.key" do
+  mode 0400
+end
+execute "create internal SSL CA" do
+  command "openssl req -subj \"/CN=#{$MU_CFG['public_address']}/OU=Mu Server #{$MU_CFG['public_address']}/O=eGlobalTech/C=US\" -x509 -new -nodes -key Mu_CA.key -days 1024 -out Mu_CA.pem -sha512 -extensions v3_ca -config #{$MU_CFG['datadir']}/ssl/openssl.cnf"
+  cwd "#{$MU_CFG['datadir']}/ssl"
+  action :nothing
+  service_certs.each { |cert|
+    notifies :delete, "file[#{$MU_CFG['datadir']}/ssl/#{cert}.crt]", :immediately
+  }
+end
+file "remove CA-command.txt if Mu_CA.pem is empty or missing" do
+  path "#{$MU_CFG['datadir']}/ssl/CA-command.txt"
+  action :delete
+  not_if { ::File.size?("#{$MU_CFG['datadir']}/ssl/Mu_CA.pem") }
+end
+file "#{$MU_CFG['datadir']}/ssl/CA-command.txt" do
+  content "openssl req -subj \"/CN=#{$MU_CFG['public_address']}/OU=Mu Server #{$MU_CFG['public_address']}/O=eGlobalTech/C=US\" -x509 -new -nodes -key Mu_CA.key -days 1024 -out Mu_CA.pem -sha512 -extensions v3_ca -config #{$MU_CFG['datadir']}/ssl/openssl.cnf"
+  mode 0400
+  notifies :run, "execute[create internal SSL CA]", :immediately
+end
+execute "update CA store" do
+  command "/usr/bin/update-ca-trust force-enable; /usr/bin/update-ca-trust extract"
+  action :nothing
+end
+file "#{$MU_CFG['datadir']}/ssl/Mu_CA.pem" do
+  mode 0444
+end
+remote_file "/etc/pki/ca-trust/source/anchors/Mu_CA.pem" do
+  source "file://#{$MU_CFG['datadir']}/ssl/Mu_CA.pem"
+  notifies :run, "execute[update CA store]", :immediately
+end
+remote_file "#{$MU_CFG['installdir']}/lib/cookbooks/mu-tools/files/default/Mu_CA.pem" do
+  source "file://#{$MU_CFG['datadir']}/ssl/Mu_CA.pem"
+end
+service_certs.each { |cert|
+  bash "generate service cert for #{cert}" do
+    code <<-EOH
+      set -e
+      echo "Generating #{cert}.key"
+      openssl genrsa -out #{cert}.key 4096
+      echo "Generating #{cert}.csr"
+      openssl req -subj "/CN=#{$MU_CFG['public_address']}/OU=Mu #{cert}/O=eGlobalTech/C=US" -new -key #{cert}.key -out #{cert}.csr -sha512 -extensions v3_ca -config #{$MU_CFG['datadir']}/ssl/openssl.cnf
+      echo "Signing #{cert}.csr => #{cert}.crt"
+      openssl x509 -req -in #{cert}.csr -CA Mu_CA.pem -CAkey Mu_CA.key -CAcreateserial -out #{cert}.crt -days 500 -sha512 -extensions v3_req -extfile #{$MU_CFG['datadir']}/ssl/openssl.cnf
+      cat Mu_CA.pem >> #{cert}.crt
+      openssl pkcs12 -export -inkey #{cert}.key -in #{cert}.crt -out #{cert}.p12 -nodes -name "#{cert}" -passout pass:""
+    EOH
+    cwd "#{$MU_CFG['datadir']}/ssl"
+    not_if { ::File.size?("#{$MU_CFG['datadir']}/ssl/#{cert}.crt") }
+  end
+  %w{key crt p12}.each do |type|
+    file "#{$MU_CFG['datadir']}/ssl/#{cert}.#{type}" do
+      mode 0400
+    end
+  end
+  file "#{$MU_CFG['datadir']}/ssl/#{cert}.csr" do
+    action :delete
+  end
+}