RubyGems - cloud-mu - Versions diffs - 1.9.0.pre.beta - Mend

cloud-mu 1.9.0.pre.beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (618) hide show

checksums.yaml +7 -0
data/Berksfile +56 -0
data/Berksfile.lock +250 -0
data/Jenkinsfile +184 -0
data/LICENSE.md +37 -0
data/README.md +26 -0
data/bin/mu-aws-setup +376 -0
data/bin/mu-cleanup +68 -0
data/bin/mu-configure +1133 -0
data/bin/mu-deploy +166 -0
data/bin/mu-firewall-allow-clients +30 -0
data/bin/mu-gcp-setup +200 -0
data/bin/mu-gen-docs +34 -0
data/bin/mu-gen-env +42 -0
data/bin/mu-load-config.rb +158 -0
data/bin/mu-node-manage +683 -0
data/bin/mu-self-update +228 -0
data/bin/mu-ssh +23 -0
data/bin/mu-tunnel-nagios +144 -0
data/bin/mu-upload-chef-artifacts +757 -0
data/bin/mu-user-manage +275 -0
data/cookbooks/awscli/LICENSE +37 -0
data/cookbooks/awscli/README.md +58 -0
data/cookbooks/awscli/attributes/default.rb +1 -0
data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
data/cookbooks/awscli/metadata.rb +20 -0
data/cookbooks/awscli/recipes/default.rb +56 -0
data/cookbooks/awscli/templates/default/config.erb +18 -0
data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
data/cookbooks/mu-activedirectory/LICENSE +37 -0
data/cookbooks/mu-activedirectory/README.md +6 -0
data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
data/cookbooks/mu-activedirectory/metadata.rb +17 -0
data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
data/cookbooks/mu-firewall/LICENSE +37 -0
data/cookbooks/mu-firewall/README.md +5 -0
data/cookbooks/mu-firewall/attributes/default.rb +3 -0
data/cookbooks/mu-firewall/metadata.rb +16 -0
data/cookbooks/mu-firewall/recipes/default.rb +10 -0
data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
data/cookbooks/mu-glusterfs/LICENSE +37 -0
data/cookbooks/mu-glusterfs/README.md +5 -0
data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
data/cookbooks/mu-glusterfs/metadata.rb +17 -0
data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
data/cookbooks/mu-jenkins/LICENSE +37 -0
data/cookbooks/mu-jenkins/README.md +105 -0
data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
data/cookbooks/mu-jenkins/metadata.rb +21 -0
data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
data/cookbooks/mu-master/CHANGELOG.md +13 -0
data/cookbooks/mu-master/LICENSE +37 -0
data/cookbooks/mu-master/README.md +6 -0
data/cookbooks/mu-master/attributes/default.rb +95 -0
data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
data/cookbooks/mu-master/files/default/pam_sshd +18 -0
data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
data/cookbooks/mu-master/files/default/vimrc +19 -0
data/cookbooks/mu-master/libraries/mu.rb +29 -0
data/cookbooks/mu-master/metadata.rb +30 -0
data/cookbooks/mu-master/providers/user.rb +41 -0
data/cookbooks/mu-master/recipes/389ds.rb +164 -0
data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
data/cookbooks/mu-master/recipes/default.rb +451 -0
data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
data/cookbooks/mu-master/recipes/init.rb +542 -0
data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
data/cookbooks/mu-master/recipes/sssd.rb +89 -0
data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
data/cookbooks/mu-master/recipes/vault.rb +111 -0
data/cookbooks/mu-master/resources/user.rb +19 -0
data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
data/cookbooks/mu-mongo/LICENSE +37 -0
data/cookbooks/mu-mongo/README.md +5 -0
data/cookbooks/mu-mongo/attributes/default.rb +22 -0
data/cookbooks/mu-mongo/files/default/keyfile +16 -0
data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
data/cookbooks/mu-mongo/metadata.rb +17 -0
data/cookbooks/mu-mongo/recipes/default.rb +149 -0
data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
data/cookbooks/mu-openvpn/LICENSE +37 -0
data/cookbooks/mu-openvpn/README.md +6 -0
data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
data/cookbooks/mu-openvpn/metadata.rb +18 -0
data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
data/cookbooks/mu-php54/CHANGELOG.md +12 -0
data/cookbooks/mu-php54/LICENSE +37 -0
data/cookbooks/mu-php54/README.md +0 -0
data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
data/cookbooks/mu-php54/metadata.rb +21 -0
data/cookbooks/mu-php54/recipes/default.rb +97 -0
data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
data/cookbooks/mu-splunk/LICENSE +37 -0
data/cookbooks/mu-splunk/README.md +451 -0
data/cookbooks/mu-splunk/attributes/default.rb +95 -0
data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
data/cookbooks/mu-splunk/metadata.json +30 -0
data/cookbooks/mu-splunk/metadata.rb +17 -0
data/cookbooks/mu-splunk/recipes/client.rb +143 -0
data/cookbooks/mu-splunk/recipes/default.rb +31 -0
data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
data/cookbooks/mu-splunk/recipes/server.rb +53 -0
data/cookbooks/mu-splunk/recipes/service.rb +95 -0
data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
data/cookbooks/mu-splunk/recipes/user.rb +34 -0
data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
data/cookbooks/mu-tools/CHANGELOG.md +12 -0
data/cookbooks/mu-tools/LICENSE +37 -0
data/cookbooks/mu-tools/README.md +188 -0
data/cookbooks/mu-tools/attributes/default.rb +142 -0
data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
data/cookbooks/mu-tools/files/default/mypol.te +37 -0
data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
data/cookbooks/mu-tools/files/default/ntrights +0 -0
data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
data/cookbooks/mu-tools/libraries/helper.rb +292 -0
data/cookbooks/mu-tools/metadata.rb +28 -0
data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
data/cookbooks/mu-tools/recipes/efs.rb +70 -0
data/cookbooks/mu-tools/recipes/eks.rb +160 -0
data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
data/cookbooks/mu-tools/recipes/updates.rb +96 -0
data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
data/cookbooks/mu-tools/resources/disk.rb +88 -0
data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
data/cookbooks/mu-utility/CHANGELOG.md +12 -0
data/cookbooks/mu-utility/LICENSE +37 -0
data/cookbooks/mu-utility/README.md +6 -0
data/cookbooks/mu-utility/attributes/default.rb +1 -0
data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
data/cookbooks/mu-utility/metadata.rb +16 -0
data/cookbooks/mu-utility/recipes/apt.rb +23 -0
data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
data/cookbooks/mu-utility/recipes/luks.rb +18 -0
data/cookbooks/mu-utility/recipes/nat.rb +104 -0
data/cookbooks/mu-utility/recipes/php.rb +33 -0
data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
data/cookbooks/mu-utility/recipes/remi.rb +44 -0
data/cookbooks/mu-utility/recipes/vim.rb +26 -0
data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
data/cookbooks/mu-utility/recipes/zip.rb +26 -0
data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
data/cookbooks/nagios/Berksfile +8 -0
data/cookbooks/nagios/CHANGELOG.md +589 -0
data/cookbooks/nagios/CONTRIBUTING.md +11 -0
data/cookbooks/nagios/LICENSE +37 -0
data/cookbooks/nagios/README.md +328 -0
data/cookbooks/nagios/TESTING.md +2 -0
data/cookbooks/nagios/attributes/config.rb +171 -0
data/cookbooks/nagios/attributes/default.rb +228 -0
data/cookbooks/nagios/chefignore +102 -0
data/cookbooks/nagios/definitions/command.rb +33 -0
data/cookbooks/nagios/definitions/contact.rb +33 -0
data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
data/cookbooks/nagios/definitions/host.rb +33 -0
data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
data/cookbooks/nagios/definitions/resource.rb +33 -0
data/cookbooks/nagios/definitions/service.rb +33 -0
data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
data/cookbooks/nagios/libraries/base.rb +314 -0
data/cookbooks/nagios/libraries/command.rb +91 -0
data/cookbooks/nagios/libraries/contact.rb +230 -0
data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
data/cookbooks/nagios/libraries/custom_option.rb +36 -0
data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
data/cookbooks/nagios/libraries/default.rb +90 -0
data/cookbooks/nagios/libraries/host.rb +412 -0
data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
data/cookbooks/nagios/libraries/nagios.rb +282 -0
data/cookbooks/nagios/libraries/resource.rb +59 -0
data/cookbooks/nagios/libraries/service.rb +455 -0
data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
data/cookbooks/nagios/libraries/users_helper.rb +54 -0
data/cookbooks/nagios/metadata.rb +25 -0
data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
data/cookbooks/nagios/recipes/apache.rb +48 -0
data/cookbooks/nagios/recipes/default.rb +204 -0
data/cookbooks/nagios/recipes/nginx.rb +82 -0
data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
data/cookbooks/nagios/recipes/server_package.rb +40 -0
data/cookbooks/nagios/recipes/server_source.rb +164 -0
data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
data/cookbooks/s3fs/CHANGELOG.md +13 -0
data/cookbooks/s3fs/LICENSE +37 -0
data/cookbooks/s3fs/README.md +6 -0
data/cookbooks/s3fs/attributes/default.rb +15 -0
data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
data/cookbooks/s3fs/metadata.rb +16 -0
data/cookbooks/s3fs/recipes/default.rb +91 -0
data/data_bags/demo/app.json +7 -0
data/data_bags/nagios_services/chef.json +6 -0
data/data_bags/nagios_services/linux_diskspace.json +5 -0
data/data_bags/nagios_services/momma_cat.json +6 -0
data/data_bags/nagios_services/mu-master-memory.json +5 -0
data/data_bags/nagios_services/nagios_ui.json +6 -0
data/data_bags/nagios_services/node_ssh.json +6 -0
data/data_bags/nagios_services/ssh.json +6 -0
data/demo/lambda_test.yaml +29 -0
data/environments/DEV.json +8 -0
data/environments/PROD.json +8 -0
data/environments/dev.json +8 -0
data/environments/development.json +8 -0
data/environments/prod.json +8 -0
data/extras/README.md +1 -0
data/extras/admin-role-binding.yaml +16 -0
data/extras/admin-user.yaml +6 -0
data/extras/aws-auth-cm.yaml.erb +12 -0
data/extras/clean-stock-amis +48 -0
data/extras/git-fix-permissions-hook +12 -0
data/extras/gitlab-eks-helper.sh.erb +20 -0
data/extras/image-generators/README.md +2 -0
data/extras/image-generators/aws/centos6.yaml +18 -0
data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
data/extras/image-generators/aws/centos7.yaml +17 -0
data/extras/image-generators/aws/rhel7.yaml +17 -0
data/extras/image-generators/aws/win2k12.yaml +16 -0
data/extras/image-generators/aws/win2k16.yaml +16 -0
data/extras/image-generators/aws/windows.yaml +18 -0
data/extras/image-generators/gcp/centos6.yaml +17 -0
data/extras/lambda_waf_domain_blacklist.py +103 -0
data/extras/platform_berksfile_base +50 -0
data/extras/ruby_rpm/build.sh +17 -0
data/extras/ruby_rpm/muby.spec +44 -0
data/extras/vault_tools/README.md +6 -0
data/extras/vault_tools/export_vaults.sh +3 -0
data/extras/vault_tools/recreate_vaults.sh +5 -0
data/extras/vault_tools/test_vaults.sh +5 -0
data/install/README.md +8 -0
data/install/cfn_create_mu_master.json +1034 -0
data/install/chef-server.rb.erb +19 -0
data/install/deprecated-bash-library.sh +1891 -0
data/install/images/Usage.png +0 -0
data/install/installer +71 -0
data/install/jenkinskeys.rb +8 -0
data/install/user-dot-murc.erb +14 -0
data/modules/html.erb +19 -0
data/modules/mommacat.ru +426 -0
data/modules/mu/cleanup.rb +339 -0
data/modules/mu/cloud.rb +1446 -0
data/modules/mu/clouds/README.md +201 -0
data/modules/mu/clouds/aws/alarm.rb +319 -0
data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
data/modules/mu/clouds/aws/collection.rb +373 -0
data/modules/mu/clouds/aws/container_cluster.rb +667 -0
data/modules/mu/clouds/aws/database.rb +1836 -0
data/modules/mu/clouds/aws/dnszone.rb +911 -0
data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
data/modules/mu/clouds/aws/folder.rb +92 -0
data/modules/mu/clouds/aws/function.rb +349 -0
data/modules/mu/clouds/aws/group.rb +251 -0
data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
data/modules/mu/clouds/aws/log.rb +363 -0
data/modules/mu/clouds/aws/msg_queue.rb +480 -0
data/modules/mu/clouds/aws/notification.rb +139 -0
data/modules/mu/clouds/aws/role.rb +656 -0
data/modules/mu/clouds/aws/search_domain.rb +646 -0
data/modules/mu/clouds/aws/server.rb +2294 -0
data/modules/mu/clouds/aws/server_pool.rb +1388 -0
data/modules/mu/clouds/aws/storage_pool.rb +495 -0
data/modules/mu/clouds/aws/user.rb +382 -0
data/modules/mu/clouds/aws/userdata/README.md +4 -0
data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
data/modules/mu/clouds/aws/vpc.rb +1943 -0
data/modules/mu/clouds/aws.rb +1009 -0
data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
data/modules/mu/clouds/cloudformation/collection.rb +117 -0
data/modules/mu/clouds/cloudformation/database.rb +278 -0
data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
data/modules/mu/clouds/cloudformation/log.rb +170 -0
data/modules/mu/clouds/cloudformation/server.rb +370 -0
data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
data/modules/mu/clouds/cloudformation.rb +733 -0
data/modules/mu/clouds/docker.rb +30 -0
data/modules/mu/clouds/google/container_cluster.rb +290 -0
data/modules/mu/clouds/google/database.rb +152 -0
data/modules/mu/clouds/google/firewall_rule.rb +267 -0
data/modules/mu/clouds/google/group.rb +164 -0
data/modules/mu/clouds/google/loadbalancer.rb +479 -0
data/modules/mu/clouds/google/server.rb +1510 -0
data/modules/mu/clouds/google/server_pool.rb +274 -0
data/modules/mu/clouds/google/user.rb +266 -0
data/modules/mu/clouds/google/userdata/README.md +4 -0
data/modules/mu/clouds/google/userdata/linux.erb +137 -0
data/modules/mu/clouds/google/userdata/windows.erb +275 -0
data/modules/mu/clouds/google/vpc.rb +890 -0
data/modules/mu/clouds/google.rb +811 -0
data/modules/mu/config/README.md +11 -0
data/modules/mu/config/alarm.rb +271 -0
data/modules/mu/config/cache_cluster.rb +172 -0
data/modules/mu/config/collection.rb +87 -0
data/modules/mu/config/container_cluster.rb +103 -0
data/modules/mu/config/container_cluster.yml +36 -0
data/modules/mu/config/database.rb +458 -0
data/modules/mu/config/database.yml +26 -0
data/modules/mu/config/dnszone.rb +327 -0
data/modules/mu/config/firewall_rule.rb +118 -0
data/modules/mu/config/folder.rb +70 -0
data/modules/mu/config/function.rb +140 -0
data/modules/mu/config/group.rb +64 -0
data/modules/mu/config/loadbalancer.rb +482 -0
data/modules/mu/config/log.rb +47 -0
data/modules/mu/config/log.yml +6 -0
data/modules/mu/config/msg_queue.rb +47 -0
data/modules/mu/config/msg_queue.yml +9 -0
data/modules/mu/config/notification.rb +44 -0
data/modules/mu/config/project.rb +71 -0
data/modules/mu/config/role.rb +102 -0
data/modules/mu/config/search_domain.rb +61 -0
data/modules/mu/config/search_domain.yml +25 -0
data/modules/mu/config/server.rb +587 -0
data/modules/mu/config/server.yml +8 -0
data/modules/mu/config/server_pool.rb +216 -0
data/modules/mu/config/server_pool.yml +71 -0
data/modules/mu/config/storage_pool.rb +145 -0
data/modules/mu/config/user.rb +78 -0
data/modules/mu/config/vpc.rb +743 -0
data/modules/mu/config/vpc.yml +6 -0
data/modules/mu/config.rb +2000 -0
data/modules/mu/defaults/README.md +2 -0
data/modules/mu/defaults/amazon_images.yaml +121 -0
data/modules/mu/defaults/google_images.yaml +16 -0
data/modules/mu/deploy.rb +686 -0
data/modules/mu/groomer.rb +123 -0
data/modules/mu/groomers/README.md +58 -0
data/modules/mu/groomers/chef.rb +1024 -0
data/modules/mu/kittens.rb +11319 -0
data/modules/mu/logger.rb +208 -0
data/modules/mu/master/README.md +27 -0
data/modules/mu/master/chef.rb +471 -0
data/modules/mu/master/ldap.rb +1005 -0
data/modules/mu/master.rb +415 -0
data/modules/mu/mommacat.rb +2703 -0
data/modules/mu-load-config.rb +1 -0
data/modules/mu.rb +724 -0
data/modules/scratchpad.erb +1 -0
data/modules/tests/super_complex_bok.yml +41 -0
data/modules/tests/super_simple_bok.yml +40 -0
data/mu.gemspec +62 -0
data/roles/demo-dbservice-configure.json +19 -0
data/roles/demo-portal-configure.json +19 -0
data/roles/mu-master-jenkins.json +24 -0
data/roles/mu-master-nagios-only.json +13 -0
data/roles/mu-master.json +12 -0
data/roles/mu-node.json +19 -0
data/roles/mu-splunk-server.json +13 -0
data/roles/mu-splunk.json +13 -0
data/test/clean_up.py +25 -0
data/test/demo-test-profile/README.md +3 -0
data/test/demo-test-profile/controls/flask.rb +84 -0
data/test/demo-test-profile/inspec.lock +7 -0
data/test/demo-test-profile/inspec.yml +11 -0
data/test/etco-test-profile/README.md +3 -0
data/test/etco-test-profile/controls/all-in-one.rb +182 -0
data/test/etco-test-profile/inspec.lock +7 -0
data/test/etco-test-profile/inspec.yml +11 -0
data/test/exec_inspec.py +246 -0
data/test/exec_mu_install.py +241 -0
data/test/exec_retry.py +44 -0
data/test/mu-master-test/README.md +3 -0
data/test/mu-master-test/controls/all_in_one.rb +557 -0
data/test/mu-master-test/inspec.lock +3 -0
data/test/mu-master-test/inspec.yml +11 -0
data/test/mu-tools-test/README.md +3 -0
data/test/mu-tools-test/controls/base.rb +265 -0
data/test/mu-tools-test/inspec.lock +3 -0
data/test/mu-tools-test/inspec.yml +8 -0
data/test/simple-server-php-test/README.md +3 -0
data/test/simple-server-php-test/controls/apachephp.rb +25 -0
data/test/simple-server-php-test/controls/example.rb +19 -0
data/test/simple-server-php-test/inspec.lock +7 -0
data/test/simple-server-php-test/inspec.yml +12 -0
data/test/simple-server-rails-test/README.md +3 -0
data/test/simple-server-rails-test/controls/rails.rb +188 -0
data/test/simple-server-rails-test/inspec.lock +7 -0
data/test/simple-server-rails-test/inspec.yml +11 -0
data/test/simple-windows-test/README.md +3 -0
data/test/simple-windows-test/controls/windows.rb +20 -0
data/test/simple-windows-test/inspec.lock +7 -0
data/test/simple-windows-test/inspec.yml +11 -0
data/test/smoke_test.rb +75 -0
data/test/wordpress-test/README.md +3 -0
data/test/wordpress-test/controls/wordpress.rb +97 -0
data/test/wordpress-test/inspec.lock +7 -0
data/test/wordpress-test/inspec.yml +11 -0
metadata +979 -0

data/cookbooks/mu-mongo/recipes/default.rb ADDED Viewed

@@ -0,0 +1,149 @@
+#
+# Cookbook Name:: mu-mongo
+# Recipe:: default
+#
+# Copyright 2015, eGlobalTech
+#
+# All rights reserved - Do Not Redistribute
+#
+::Chef::Recipe.send(:include, Chef::Mixin::ShellOut)
+include_recipe "mongodb::install"
+include_recipe 'chef-vault'
+node.normal['mongodb']['config']['replSet'] = "mu"
+node.save
+node['application_attributes']['mongo_dirs'].each { |path|
+  directory path['dir'] do
+    owner "mongod"
+    group "mongod"
+  end
+  execute "mkfs -t ext4 #{path['dev']}" do
+    not_if "tune2fs -l #{path['dev']}"
+  end
+  mount path['dir'] do
+    device path['dev']
+    action [:mount, :enable]
+    notifies :restart, "service[#{node['mongodb']['default_init_name']}]", :delayed
+  end
+}
+execute "fix /tmp permissions" do
+  command "chmod 1777 /tmp ; /sbin/restorecon -R /tmp"
+  notifies :restart, "service[mongod]", :delayed
+end
+[27017, 27018].each { |port|
+  bash "Allow TCP #{port} through iptables" do
+    user "root"
+    not_if "/sbin/iptables -nL | egrep '^ACCEPT.*dpt:#{port}($| )'"
+    code <<-EOH
+      iptables -I INPUT -p tcp --dport #{port} -j ACCEPT
+      service iptables save
+    EOH
+  end
+}
+cookbook_file "/mongo_data/keyfile" do
+  source "keyfile"
+  mode 0400
+  owner "mongod"
+  group "mongod"
+  notifies :restart, "service[mongod]", :delayed
+end
+template "/etc/logrotate.d/mongodb" do
+  source "mongo_logrotate.erb"
+  owner "root"
+  group "root"
+  mode 0644
+  notifies :restart, "service[mongod]", :delayed
+end
+include_recipe "mongodb::replicaset"
+mongo_admin_auth_info = chef_vault_item("mongodb", "admin")
+$mongo_admin_usr = mongo_admin_auth_info['username']
+$mongo_admin_pwd = mongo_admin_auth_info['password']
+mongo_mu_auth_info = chef_vault_item("mongodb", "mu")
+$mongo_mu_usr = mongo_mu_auth_info['username']
+$mongo_mu_pwd = mongo_mu_auth_info['password']
+# Figure out whether we're the first node to the party (CAP will enforce this
+# being atomic). If so, we'll be managing the cluster memberships.
+found_master = false
+i_am_master = false
+node['deployment']['servers']['mongo'].each_pair { |name, data|
+  if data['mongo_master']
+    found_master = true
+    if name == Chef::Config[:node_name]
+      i_am_master = true
+    end
+  end
+}
+if !found_master
+  node.normal['deployment']['servers']['mongo'][Chef::Config['node_name']]['mongo_master'] = true
+  node.save
+  i_am_master = true
+end
+if i_am_master
+  template "/root/replset_init.js" do
+    source "replset_init.js.erb"
+    mode 0400
+    sensitive true
+  end
+  cmd = shell_out("mongo admin --quiet --eval 'rs.conf()'")
+  if cmd.stdout.chop == 'null'
+    execute "/usr/bin/mongo admin /root/replset_init.js" do
+      notifies :restart, "service[mongod]", :delayed
+    end
+  end
+  template "/root/mongo_init.js" do
+    source "mongo_init.js.erb"
+    mode 0400
+    sensitive true
+  end
+  execute "/usr/bin/mongo admin /root/mongo_init.js" do
+    not_if "mongo admin --quiet -u #{$mongo_admin_usr} -p #{$mongo_admin_pwd} --eval \"db.system.users.find({user: '#{$mongo_admin_usr}'}).count()\""
+    retries 4
+    retry_delay 15
+    sensitive true
+  end
+  bash "mongo Create DB #{node['mongodb']['mu_db_name']}" do
+    code <<-EOH
+			mongo admin -u #{$mongo_admin_usr} -p #{$mongo_admin_pwd} <<-EOF
+			use #{node['mongodb']['mu_db_name']}
+			db.createUser({user: "#{$mongo_mu_usr}", pwd: "#{$mongo_mu_pwd}", roles: ['readWrite']})
+			exit
+			EOF
+    EOH
+    sensitive true
+  end
+  template "/root/mongo_replset_addnodes.js" do
+    source "mongo_replset_addnodes.js.erb"
+    mode 0400
+    #notifies :restart, "service[mongod]", :immediately
+  end
+  bash "Adding nodes to ReplicaSet" do
+    code "/usr/bin/mongo admin -u #{$mongo_admin_usr} -p #{$mongo_admin_pwd} /root/mongo_replset_addnodes.js"
+    sensitive true
+  end
+  cookbook_file "/root/remove_nodes.js" do
+    source "remove_nodes.js"
+    mode 0400
+  end
+  bash "Removing nodes from ReplicatSet" do
+    code "/usr/bin/mongo admin -u #{$mongo_admin_usr} -p #{$mongo_admin_pwd} /root/remove_nodes.js"
+    sensitive true
+  end
+end

data/cookbooks/mu-mongo/recipes/yum-update-rule.rb ADDED Viewed

@@ -0,0 +1,18 @@
+#
+# Cookbook Name:: mu-mongo
+# Recipe:: yum-update-rule
+#
+# Copyright 2015, eGlobalTech
+#
+# All rights reserved - Do Not Redistribute
+#
+case node['platform']
+  when "centos"
+    execute "tell yum not to touch MongoDB" do
+      command "echo 'exclude=mongo*' >> /etc/yum.conf"
+      not_if "grep ^exclude=mongo /etc/yum.conf"
+    end
+  else
+    Chef::Log.info("Unsupported platform #{node['platform']}")
+end

data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ db.auth({user: "<%= $mongo_admin_usr %>", pwd: "<%= $mongo_admin_pwd %>"})
2	+ db.createUser({user: "<%= $mongo_openfema_usr %>", pwd: "<%= $mongo_openfema_pwd %>", roles : ['readWrite']})

data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb ADDED Viewed

	@@ -0,0 +1 @@
1	+ db.createUser({user: "<%= $mongo_admin_usr %>", pwd: "<%= $mongo_admin_pwd %>", roles: [{role:"root",db:"admin"}]})

data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb ADDED Viewed

@@ -0,0 +1,14 @@
+<%= node['mongodb']['log_dir'] %>/*.log {
+        daily
+        rotate 365
+        compress
+        dateext
+        missingok
+        notifempty
+        sharedscripts
+        copytruncate
+        postrotate
+                killall -SIGUSR1 mongod
+                find <%= node['mongodb']['log_dir'] %> -type f -regex ".*\.\(log.[0-9].*-[0-9].*\)" -exec rm {} \;
+endscript
+}

data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb ADDED Viewed

@@ -0,0 +1,6 @@
+rs.initiate()
+<% node['deployment']['servers']['mongo'].each_pair { |nodename, data|
+	if !data['mongo_master'] %>
+rs.add("<%= nodename %>:27017")
+<%	end
+} %>

data/cookbooks/mu-mongo/templates/default/replset_init.js.erb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ rs.initiate()
2	+ sleep(60000)

data/cookbooks/mu-openvpn/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,13 @@
+mu-openvpn CHANGELOG
+====================
+This file is used to list changes made in each version of the mu-openvpn cookbook.
+0.1.0
+-----
+- [your_name] - Initial release of mu-openvpn
+- - -
+Check the [Markdown Syntax Guide](http://daringfireball.net/projects/markdown/syntax) for help with Markdown.
+The [Github Flavored Markdown page](http://github.github.com/github-flavored-markdown/) describes the differences between markdown on github and standard markdown.

data/cookbooks/mu-openvpn/LICENSE ADDED Viewed

@@ -0,0 +1,37 @@
+Through accessing, reading, or utilizing this software in any manner whatsoever
+or through any means whatsoever, whether the access, reading or use is either
+solely looking at this software or this software has been integrated into any
+derivative work, the party accessing,  reading, or utilizing the software
+directly or indirectly agrees to abide by the following license.
+The eGlobalTech Cloud Automation Platform is the Copyright (c) 2014 of Global
+Tech Inc. All rights reserved.
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+1. Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright notice,
+this list of conditions and the following disclaimer in the documentation
+and/or other materials provided with the distribution.
+3. Neither the name of the copyright holder nor the names of its contributors
+may be used to endorse or promote products derived from this software without
+specific prior written permission.
+Global Tech, Inc. is the co-owner of any derivative works created with this
+software.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/cookbooks/mu-openvpn/README.md ADDED Viewed

@@ -0,0 +1,6 @@
+mu-openvpn Cookbook
+===================
+Mu OpenVPN Cookbook
+TODO: Improve Readme.md

data/cookbooks/mu-openvpn/attributes/default.rb ADDED Viewed

@@ -0,0 +1,119 @@
+default['openvpn']['version'] = "2.1.4"
+case node['platform_family']
+  when "rhel"
+    default['openvpn']['package'] = "openvpn-as-#{node['openvpn']['version']}-CentOS#{node['platform_version'].to_i}.x86_64.rpm"
+end
+default['openvpn']['vpc_networks'] = %w{172.31.0.0/16 10.0.0.0/16}
+default['openvpn']['base_url'] = "http://swupdate.openvpn.org/as"
+default['openvpn']['url'] = node['ec2']['public_ip_address']
+default['openvpn']['base_dir'] = "/usr/local/openvpn_as"
+default['openvpn']['scripts'] = "#{node['openvpn']['base_dir']}/scripts"
+default['openvpn']['bin'] = "#{node['openvpn']['base_dir']}/bin"
+default['openvpn']['cert_dir'] = "#{node['openvpn']['base_dir']}/etc/web-ssl"
+default['openvpn']['use_ca_signed_cert'] = false
+default['openvpn']['configure_ldap_auth'] = false
+default['openvpn']['ldap_bind_dn'] = "OU=org, DC=example, DC=net"
+default['openvpn']['ldap_display_name'] = "My LDAP servers"
+default['openvpn']['ldap_server1'] = "ldapsvr1"
+default['openvpn']['ldap_server2'] = "ldapsvr2"
+default['openvpn']['ldap_username_attr'] = "sAMAccountName"
+default['openvpn']['ldap_users_base_dn'] = "CN=Users, DC=example, DC=net"
+default['openvpn']['ldap_ssl_verify'] = "never"
+# ldap_ssl_verify can be set to: demand, allow or never
+default['openvpn']['ldap_use_ssl'] = "never"
+# ldap_use_ssl can be set to: always, adaptive or never
+default['openvpn']['auth_type'] = "pam"
+default['openvpn']['tls_version_server'] = 1.0
+default['openvpn']['tls_version_client'] = 1.2
+default['openvpn']['ssl_lib'] = "openssl"
+default['openvpn']['https_port'] = 943
+default['openvpn']['daemon_tcp_port'] = 443
+default['openvpn']['daemon_udp_port'] = 1194
+default['openvpn']['internal_network_ip'] = "172.27.224.0"
+default['openvpn']['internal_network_netmask'] = 20
+default['openvpn']['routing_method'] = "nat"
+default['openvpn']['reroute_all_traffic'] = false
+default['openvpn']['ssl_ciphersuites'] = "DEFAULT:!EXP:!PSK:!SRP:!MEDIUM:!LOW:!RC4:!3DES"
+default['openvpn']['multiple_user_sessions'] = false
+default['openvpn']['fw_rules'] = [
+    {:port => 443, :protocol => "tcp"},
+    {:port => 1194, :protocol => "udp"}
+]
+default['openvpn']['cert_names'] = [
+    {:openvpn_name => "server.crt", :vault_item => "cert"},
+    {:openvpn_name => "server.key", :vault_item => "key"},
+    {:openvpn_name => "ca.crt", :vault_item => "bundle"}
+]
+default['openvpn']['config'] = {
+    # bah!
+    "cs.tls_version_min" => node['openvpn']['tls_version_client'],
+    "cs.ssl_reneg" => false,
+    "sa.ssl_lib" => node['openvpn']['ssl_lib'],
+    "host.name" => node['openvpn']['url'],
+    "vpn.client.routing.inter_client" => false,
+    "vpn.client.routing.reroute_dns" => true,
+    "vpn.client.routing.reroute_gw" => node['openvpn']['reroute_all_traffic'],
+    "vpn.server.routing.gateway_access" => true,
+    "vpn.client.config_text" => "'-remote \nremote-random'",
+    "vpn.server.tls_version_min" => node['openvpn']['tls_version_server'],
+    "admin_ui.https.ip_address" => "eth0",
+    "admin_ui.https.port" => node['openvpn']['https_port'],
+    "auth.ldap.0.name" => "'#{node['openvpn']['ldap_display_name']}'",
+    "auth.ldap.0.ssl_verify" => node['openvpn']['ldap_ssl_verify'],
+    "auth.ldap.0.timeout" => 4,
+    "auth.ldap.0.use_ssl" => node['openvpn']['ldap_use_ssl'],
+    "auth.ldap.0.bind_dn" => "'#{node['openvpn']['ldap_bind_dn']}'",
+    "auth.ldap.0.server.0.host" => node['openvpn']['ldap_server1'],
+    "auth.ldap.0.server.1.host" => node['openvpn']['ldap_server2'],
+    # "auth.ldap.0.ssl_ca_cert" => node['openvpn'][:ldap_ssl_ca_cert],
+    "auth.ldap.0.uname_attr" => node['openvpn']['ldap_username_attr'],
+    "auth.ldap.0.users_base_dn" => "'#{node['openvpn']['ldap_users_base_dn']}'",
+    "auth.module.type" => node['openvpn']['auth_type'],
+    "auth.pam.0.service" => "openvpnas",
+    "auth.radius.0.acct_enable" => "false",
+    "auth.radius.0.name" => "'#{node['openvpn']['ldap_display_name']}'",
+    "cs.cws_proto_v2" => true,
+    "cs.https.ip_address" => "eth0",
+    "cs.https.port" => node['openvpn']['https_port'],
+    "cs.prof_sign_web" => true,
+    "cs.ssl_method" => "SSLv3",
+    "cs.openssl_ciphersuites" => node['openvpn']['ssl_ciphersuites'],
+    "sa.initial_run_groups.0" => "web_group",
+    "sa.initial_run_groups.1" => "openvpn_group",
+    "vpn.daemon.0.client.netmask_bits" => node['openvpn']['internal_network_netmask'],
+    "vpn.daemon.0.client.network" => node['openvpn']['internal_network_ip'],
+    "vpn.daemon.0.listen.ip_address" => "eth0",
+    "vpn.daemon.0.listen.port" => node['openvpn']['daemon_tcp_port'],
+    "vpn.daemon.0.listen.protocol" => "tcp",
+    "vpn.general.osi_layer" => "3",
+    "vpn.daemon.0.server.ip_address" => "eth0",
+    "vpn.server.duplicate_cn" => node['openvpn']['multiple_user_sessions'],
+    "vpn.server.daemon.enable" => true,
+    "vpn.server.daemon.tcp.n_daemons" => 2,
+    "vpn.server.daemon.tcp.port" => node['openvpn']['daemon_tcp_port'],
+    "vpn.server.daemon.udp.n_daemons" => 2,
+    "vpn.server.daemon.udp.port" => node['openvpn']['daemon_udp_port'],
+    "vpn.server.group_pool.0" => "172.27.240.0/20",
+    "vpn.server.port_share.enable" => true,
+    "vpn.server.port_share.ip_address" => "1.2.3.4",
+    "vpn.server.port_share.port" => 1234,
+    "vpn.server.port_share.service" => "admin+client",
+    "vpn.server.routing.private_access" => node['openvpn']['routing_method'],
+    "vpn.tls_refresh.do_reauth" => true,
+    "vpn.tls_refresh.interval" => 360
+}
+default['openvpn']['users'] = [
+    {:name => "openvpn", :type => "admin", :auth => "os"}
+# ,{ :name => "user_name", :type => "user" }
+]
+default['openvpn']['users_vault'] = {
+    :vault => "openvpn", :item => "users"
+}
+default['openvpn']['cert_vault'] = {
+    :vault => "certs", :item => "star_muplatform"
+}
+default['openvpn']['ldap_vault'] = {
+    :vault => "openvpn", :item => "ldap", :field => "bind_password"
+}

data/cookbooks/mu-openvpn/metadata.rb ADDED Viewed

@@ -0,0 +1,18 @@
+name 'mu-openvpn'
+maintainer 'eGlobalTech, Inc'
+maintainer_email 'mu-developers@googlegroups.com'
+license 'BSD-3-Clause'
+description 'Installs/Configures mu-openvpn'
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
+source_url 'https://github.com/cloudamatic/mu'
+issues_url 'https://github.com/cloudamatic/mu/issues'
+chef_version '>= 12.1' if respond_to?(:chef_version)
+version '0.1.0'
+%w( centos redhat ).each do |os|
+	supports os
+end
+depends 'chef-vault', '~> 3.1.1'
+depends 'mu-utility'
+depends 'mu-firewall'

data/cookbooks/mu-openvpn/recipes/default.rb ADDED Viewed

@@ -0,0 +1,108 @@
+#
+# Cookbook Name:: mu-openvpn
+# Recipe:: default
+#
+# Copyright 2015, eGlobalTech, Inc
+#
+# All rights reserved - Do Not Redistribute
+#
+include_recipe 'chef-vault'
+users_vault = chef_vault_item(node['openvpn']['users_vault']['vault'], node['openvpn']['users_vault']['item'])
+case node['platform']
+  when platform_family?('rhel')
+    include_recipe 'mu-firewall'
+    node['openvpn']['fw_rules'].each { |rule|
+      firewall_rule "Allow openvpn #{rule[:port]}" do
+        port rule[:port]
+        protocol rule[:protocol].to_sym
+      end
+    }
+    remote_file "#{Chef::Config[:file_cache_path]}/#{node['openvpn']['package']}" do
+      source "#{node['openvpn']['base_url']}/#{node['openvpn']['package']}"
+    end
+    group "openvpn"
+    node['openvpn']['users'].each { |user|
+      if user[:auth] == "os"
+        user user[:name] do
+          gid "openvpn"
+          home "/home/#{user[:name]}"
+          shell "/sbin/nologin"
+          password users_vault["#{user[:name]}_password_hash"]
+        end
+      end
+    }
+    package "openvpn-as" do
+      source "#{Chef::Config[:file_cache_path]}/#{node['openvpn']['package']}"
+    end
+    service 'openvpnas' do
+      action :nothing
+    end
+    if node['openvpn']['use_ca_signed_cert']
+      certs_vault = chef_vault_item(node['openvpn']['cert_vault']['vault'], node['openvpn']['cert_vault']['item'])
+      node['openvpn']['cert_names'].each { |type|
+        vault_item = type[:vault_item]
+        file "#{node['openvpn']['cert_dir']}/#{type[:openvpn_name]}" do
+          mode 0400
+          content certs_vault[vault_item].strip
+          sensitive true
+          owner "openvpn"
+          group "openvpn"
+          notifies :restart, "service[openvpnas]"
+        end
+      }
+    end
+    if node['openvpn']['configure_ldap_auth']
+      ldap_vault = chef_vault_item(node['openvpn']['ldap_vault']['vault'], node['openvpn']['ldap_vault']['item'])
+      execute "Setting LDAP bind password" do
+        command "./sacli -k auth.ldap.0.bind_pw -v #{ldap_vault[node['openvpn']['ldap_vault']['field']]} ConfigPut"
+        cwd node['openvpn']['scripts']
+        not_if "#{node['openvpn']['scripts']}/sacli ConfigQuery | grep auth.ldap.0.bind_pw | grep #{ldap_vault[node['openvpn']['ldap_vault']['field']]}"
+        notifies :restart, "service[openvpnas]"
+        sensitive true
+      end
+    end
+    node['openvpn']['vpc_networks'].each.with_index { |cidr, i|
+      execute "./sacli -k vpn.server.routing.private_network.#{i} -v #{cidr} ConfigPut" do
+        cwd node['openvpn']['scripts']
+        not_if "#{node['openvpn']['scripts']}/sacli ConfigQuery | grep vpn.server.routing.private_network.#{i} | grep #{cidr}"
+        notifies :restart, "service[openvpnas]"
+      end
+    }
+    node['openvpn']['config'].each { |key, value|
+      execute "./sacli -k #{key} -v #{value} ConfigPut" do
+        cwd node['openvpn']['scripts']
+        not_if "#{node['openvpn']['scripts']}/sacli ConfigQuery | grep #{key} | grep #{value}"
+        notifies :restart, "service[openvpnas]"
+      end
+    }
+    template "#{Chef::Config[:file_cache_path]}/openvpn_users.json" do
+      source "users.json.erb"
+      variables(
+          :users => node['openvpn']['users']
+      )
+    end
+    execute "./confdba -ulf #{Chef::Config[:file_cache_path]}/openvpn_users.json" do
+      # Change user configuration to create json instead of just using this statically
+      # This doesn't create the user accounts, just allows pre existing LDAP/PAM user accounts access to OpenVPN. We limit access to allowed users only.
+      # need to add a guard
+      cwd node['openvpn']['scripts']
+    end
+  else
+    Chef::Log.info("Unsupported platform #{node['platform']}")
+end

data/cookbooks/mu-openvpn/templates/default/users.json.erb ADDED Viewed

@@ -0,0 +1,42 @@
+{
+    "__DEFAULT__": {
+        "conn_group": "users",
+        "def_deny": "true",
+        "prop_autogenerate": "true",
+        "type": "user_default"
+    },
+<%
+@users.each { |user|
+%>
+    "<%= user[:name] %>": {
+       <% if user[:type] == "user" %>
+        "conn_group": "users",
+        "type": "user_connect"
+       <% elsif user[:type] == "admin" %>
+        "conn_group": "admins",
+        "prop_superuser": "true",
+        "type": "user_compile"
+       <% end %>
+    },
+<%
+}
+%>
+    "admins": {
+        "c2s_dest_s": "false",
+        "c2s_dest_v": "false",
+        "group_declare": "true",
+        "prop_autologin": "false",
+        "prop_deny": "false",
+        "prop_superuser": "true",
+        "type": "group"
+    },
+    "users": {
+        "c2s_dest_s": "false",
+        "c2s_dest_v": "false",
+        "group_declare": "true",
+        "prop_autologin": "true",
+        "prop_deny": "false",
+        "prop_superuser": "false",
+        "type": "group"
+    }
+}

data/cookbooks/mu-php54/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,12 @@
+# CHANGELOG for php
+This file is used to list changes made in each version of php.
+## 0.1.0:
+* Initial release of php5-apache
+- - -
+Check the [Markdown Syntax Guide](http://daringfireball.net/projects/markdown/syntax) for help with Markdown.
+The [Github Flavored Markdown page](http://github.github.com/github-flavored-markdown/) describes the differences between markdown on github and standard markdown.

data/cookbooks/mu-php54/LICENSE ADDED Viewed

@@ -0,0 +1,37 @@
+Through accessing, reading, or utilizing this software in any manner whatsoever
+or through any means whatsoever, whether the access, reading or use is either
+solely looking at this software or this software has been integrated into any
+derivative work, the party accessing,  reading, or utilizing the software
+directly or indirectly agrees to abide by the following license.
+The eGlobalTech Cloud Automation Platform is the Copyright (c) 2014 of Global
+Tech Inc. All rights reserved.
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+1. Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright notice,
+this list of conditions and the following disclaimer in the documentation
+and/or other materials provided with the distribution.
+3. Neither the name of the copyright holder nor the names of its contributors
+may be used to endorse or promote products derived from this software without
+specific prior written permission.
+Global Tech, Inc. is the co-owner of any derivative works created with this
+software.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/cookbooks/mu-php54/README.md ADDED Viewed

File without changes