RubyGems - cloud-mu - Versions diffs - 1.9.0.pre.beta - Mend

cloud-mu 1.9.0.pre.beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (618) hide show

checksums.yaml +7 -0
data/Berksfile +56 -0
data/Berksfile.lock +250 -0
data/Jenkinsfile +184 -0
data/LICENSE.md +37 -0
data/README.md +26 -0
data/bin/mu-aws-setup +376 -0
data/bin/mu-cleanup +68 -0
data/bin/mu-configure +1133 -0
data/bin/mu-deploy +166 -0
data/bin/mu-firewall-allow-clients +30 -0
data/bin/mu-gcp-setup +200 -0
data/bin/mu-gen-docs +34 -0
data/bin/mu-gen-env +42 -0
data/bin/mu-load-config.rb +158 -0
data/bin/mu-node-manage +683 -0
data/bin/mu-self-update +228 -0
data/bin/mu-ssh +23 -0
data/bin/mu-tunnel-nagios +144 -0
data/bin/mu-upload-chef-artifacts +757 -0
data/bin/mu-user-manage +275 -0
data/cookbooks/awscli/LICENSE +37 -0
data/cookbooks/awscli/README.md +58 -0
data/cookbooks/awscli/attributes/default.rb +1 -0
data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
data/cookbooks/awscli/metadata.rb +20 -0
data/cookbooks/awscli/recipes/default.rb +56 -0
data/cookbooks/awscli/templates/default/config.erb +18 -0
data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
data/cookbooks/mu-activedirectory/LICENSE +37 -0
data/cookbooks/mu-activedirectory/README.md +6 -0
data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
data/cookbooks/mu-activedirectory/metadata.rb +17 -0
data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
data/cookbooks/mu-firewall/LICENSE +37 -0
data/cookbooks/mu-firewall/README.md +5 -0
data/cookbooks/mu-firewall/attributes/default.rb +3 -0
data/cookbooks/mu-firewall/metadata.rb +16 -0
data/cookbooks/mu-firewall/recipes/default.rb +10 -0
data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
data/cookbooks/mu-glusterfs/LICENSE +37 -0
data/cookbooks/mu-glusterfs/README.md +5 -0
data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
data/cookbooks/mu-glusterfs/metadata.rb +17 -0
data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
data/cookbooks/mu-jenkins/LICENSE +37 -0
data/cookbooks/mu-jenkins/README.md +105 -0
data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
data/cookbooks/mu-jenkins/metadata.rb +21 -0
data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
data/cookbooks/mu-master/CHANGELOG.md +13 -0
data/cookbooks/mu-master/LICENSE +37 -0
data/cookbooks/mu-master/README.md +6 -0
data/cookbooks/mu-master/attributes/default.rb +95 -0
data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
data/cookbooks/mu-master/files/default/pam_sshd +18 -0
data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
data/cookbooks/mu-master/files/default/vimrc +19 -0
data/cookbooks/mu-master/libraries/mu.rb +29 -0
data/cookbooks/mu-master/metadata.rb +30 -0
data/cookbooks/mu-master/providers/user.rb +41 -0
data/cookbooks/mu-master/recipes/389ds.rb +164 -0
data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
data/cookbooks/mu-master/recipes/default.rb +451 -0
data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
data/cookbooks/mu-master/recipes/init.rb +542 -0
data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
data/cookbooks/mu-master/recipes/sssd.rb +89 -0
data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
data/cookbooks/mu-master/recipes/vault.rb +111 -0
data/cookbooks/mu-master/resources/user.rb +19 -0
data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
data/cookbooks/mu-mongo/LICENSE +37 -0
data/cookbooks/mu-mongo/README.md +5 -0
data/cookbooks/mu-mongo/attributes/default.rb +22 -0
data/cookbooks/mu-mongo/files/default/keyfile +16 -0
data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
data/cookbooks/mu-mongo/metadata.rb +17 -0
data/cookbooks/mu-mongo/recipes/default.rb +149 -0
data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
data/cookbooks/mu-openvpn/LICENSE +37 -0
data/cookbooks/mu-openvpn/README.md +6 -0
data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
data/cookbooks/mu-openvpn/metadata.rb +18 -0
data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
data/cookbooks/mu-php54/CHANGELOG.md +12 -0
data/cookbooks/mu-php54/LICENSE +37 -0
data/cookbooks/mu-php54/README.md +0 -0
data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
data/cookbooks/mu-php54/metadata.rb +21 -0
data/cookbooks/mu-php54/recipes/default.rb +97 -0
data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
data/cookbooks/mu-splunk/LICENSE +37 -0
data/cookbooks/mu-splunk/README.md +451 -0
data/cookbooks/mu-splunk/attributes/default.rb +95 -0
data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
data/cookbooks/mu-splunk/metadata.json +30 -0
data/cookbooks/mu-splunk/metadata.rb +17 -0
data/cookbooks/mu-splunk/recipes/client.rb +143 -0
data/cookbooks/mu-splunk/recipes/default.rb +31 -0
data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
data/cookbooks/mu-splunk/recipes/server.rb +53 -0
data/cookbooks/mu-splunk/recipes/service.rb +95 -0
data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
data/cookbooks/mu-splunk/recipes/user.rb +34 -0
data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
data/cookbooks/mu-tools/CHANGELOG.md +12 -0
data/cookbooks/mu-tools/LICENSE +37 -0
data/cookbooks/mu-tools/README.md +188 -0
data/cookbooks/mu-tools/attributes/default.rb +142 -0
data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
data/cookbooks/mu-tools/files/default/mypol.te +37 -0
data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
data/cookbooks/mu-tools/files/default/ntrights +0 -0
data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
data/cookbooks/mu-tools/libraries/helper.rb +292 -0
data/cookbooks/mu-tools/metadata.rb +28 -0
data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
data/cookbooks/mu-tools/recipes/efs.rb +70 -0
data/cookbooks/mu-tools/recipes/eks.rb +160 -0
data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
data/cookbooks/mu-tools/recipes/updates.rb +96 -0
data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
data/cookbooks/mu-tools/resources/disk.rb +88 -0
data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
data/cookbooks/mu-utility/CHANGELOG.md +12 -0
data/cookbooks/mu-utility/LICENSE +37 -0
data/cookbooks/mu-utility/README.md +6 -0
data/cookbooks/mu-utility/attributes/default.rb +1 -0
data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
data/cookbooks/mu-utility/metadata.rb +16 -0
data/cookbooks/mu-utility/recipes/apt.rb +23 -0
data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
data/cookbooks/mu-utility/recipes/luks.rb +18 -0
data/cookbooks/mu-utility/recipes/nat.rb +104 -0
data/cookbooks/mu-utility/recipes/php.rb +33 -0
data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
data/cookbooks/mu-utility/recipes/remi.rb +44 -0
data/cookbooks/mu-utility/recipes/vim.rb +26 -0
data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
data/cookbooks/mu-utility/recipes/zip.rb +26 -0
data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
data/cookbooks/nagios/Berksfile +8 -0
data/cookbooks/nagios/CHANGELOG.md +589 -0
data/cookbooks/nagios/CONTRIBUTING.md +11 -0
data/cookbooks/nagios/LICENSE +37 -0
data/cookbooks/nagios/README.md +328 -0
data/cookbooks/nagios/TESTING.md +2 -0
data/cookbooks/nagios/attributes/config.rb +171 -0
data/cookbooks/nagios/attributes/default.rb +228 -0
data/cookbooks/nagios/chefignore +102 -0
data/cookbooks/nagios/definitions/command.rb +33 -0
data/cookbooks/nagios/definitions/contact.rb +33 -0
data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
data/cookbooks/nagios/definitions/host.rb +33 -0
data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
data/cookbooks/nagios/definitions/resource.rb +33 -0
data/cookbooks/nagios/definitions/service.rb +33 -0
data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
data/cookbooks/nagios/libraries/base.rb +314 -0
data/cookbooks/nagios/libraries/command.rb +91 -0
data/cookbooks/nagios/libraries/contact.rb +230 -0
data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
data/cookbooks/nagios/libraries/custom_option.rb +36 -0
data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
data/cookbooks/nagios/libraries/default.rb +90 -0
data/cookbooks/nagios/libraries/host.rb +412 -0
data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
data/cookbooks/nagios/libraries/nagios.rb +282 -0
data/cookbooks/nagios/libraries/resource.rb +59 -0
data/cookbooks/nagios/libraries/service.rb +455 -0
data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
data/cookbooks/nagios/libraries/users_helper.rb +54 -0
data/cookbooks/nagios/metadata.rb +25 -0
data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
data/cookbooks/nagios/recipes/apache.rb +48 -0
data/cookbooks/nagios/recipes/default.rb +204 -0
data/cookbooks/nagios/recipes/nginx.rb +82 -0
data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
data/cookbooks/nagios/recipes/server_package.rb +40 -0
data/cookbooks/nagios/recipes/server_source.rb +164 -0
data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
data/cookbooks/s3fs/CHANGELOG.md +13 -0
data/cookbooks/s3fs/LICENSE +37 -0
data/cookbooks/s3fs/README.md +6 -0
data/cookbooks/s3fs/attributes/default.rb +15 -0
data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
data/cookbooks/s3fs/metadata.rb +16 -0
data/cookbooks/s3fs/recipes/default.rb +91 -0
data/data_bags/demo/app.json +7 -0
data/data_bags/nagios_services/chef.json +6 -0
data/data_bags/nagios_services/linux_diskspace.json +5 -0
data/data_bags/nagios_services/momma_cat.json +6 -0
data/data_bags/nagios_services/mu-master-memory.json +5 -0
data/data_bags/nagios_services/nagios_ui.json +6 -0
data/data_bags/nagios_services/node_ssh.json +6 -0
data/data_bags/nagios_services/ssh.json +6 -0
data/demo/lambda_test.yaml +29 -0
data/environments/DEV.json +8 -0
data/environments/PROD.json +8 -0
data/environments/dev.json +8 -0
data/environments/development.json +8 -0
data/environments/prod.json +8 -0
data/extras/README.md +1 -0
data/extras/admin-role-binding.yaml +16 -0
data/extras/admin-user.yaml +6 -0
data/extras/aws-auth-cm.yaml.erb +12 -0
data/extras/clean-stock-amis +48 -0
data/extras/git-fix-permissions-hook +12 -0
data/extras/gitlab-eks-helper.sh.erb +20 -0
data/extras/image-generators/README.md +2 -0
data/extras/image-generators/aws/centos6.yaml +18 -0
data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
data/extras/image-generators/aws/centos7.yaml +17 -0
data/extras/image-generators/aws/rhel7.yaml +17 -0
data/extras/image-generators/aws/win2k12.yaml +16 -0
data/extras/image-generators/aws/win2k16.yaml +16 -0
data/extras/image-generators/aws/windows.yaml +18 -0
data/extras/image-generators/gcp/centos6.yaml +17 -0
data/extras/lambda_waf_domain_blacklist.py +103 -0
data/extras/platform_berksfile_base +50 -0
data/extras/ruby_rpm/build.sh +17 -0
data/extras/ruby_rpm/muby.spec +44 -0
data/extras/vault_tools/README.md +6 -0
data/extras/vault_tools/export_vaults.sh +3 -0
data/extras/vault_tools/recreate_vaults.sh +5 -0
data/extras/vault_tools/test_vaults.sh +5 -0
data/install/README.md +8 -0
data/install/cfn_create_mu_master.json +1034 -0
data/install/chef-server.rb.erb +19 -0
data/install/deprecated-bash-library.sh +1891 -0
data/install/images/Usage.png +0 -0
data/install/installer +71 -0
data/install/jenkinskeys.rb +8 -0
data/install/user-dot-murc.erb +14 -0
data/modules/html.erb +19 -0
data/modules/mommacat.ru +426 -0
data/modules/mu/cleanup.rb +339 -0
data/modules/mu/cloud.rb +1446 -0
data/modules/mu/clouds/README.md +201 -0
data/modules/mu/clouds/aws/alarm.rb +319 -0
data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
data/modules/mu/clouds/aws/collection.rb +373 -0
data/modules/mu/clouds/aws/container_cluster.rb +667 -0
data/modules/mu/clouds/aws/database.rb +1836 -0
data/modules/mu/clouds/aws/dnszone.rb +911 -0
data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
data/modules/mu/clouds/aws/folder.rb +92 -0
data/modules/mu/clouds/aws/function.rb +349 -0
data/modules/mu/clouds/aws/group.rb +251 -0
data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
data/modules/mu/clouds/aws/log.rb +363 -0
data/modules/mu/clouds/aws/msg_queue.rb +480 -0
data/modules/mu/clouds/aws/notification.rb +139 -0
data/modules/mu/clouds/aws/role.rb +656 -0
data/modules/mu/clouds/aws/search_domain.rb +646 -0
data/modules/mu/clouds/aws/server.rb +2294 -0
data/modules/mu/clouds/aws/server_pool.rb +1388 -0
data/modules/mu/clouds/aws/storage_pool.rb +495 -0
data/modules/mu/clouds/aws/user.rb +382 -0
data/modules/mu/clouds/aws/userdata/README.md +4 -0
data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
data/modules/mu/clouds/aws/vpc.rb +1943 -0
data/modules/mu/clouds/aws.rb +1009 -0
data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
data/modules/mu/clouds/cloudformation/collection.rb +117 -0
data/modules/mu/clouds/cloudformation/database.rb +278 -0
data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
data/modules/mu/clouds/cloudformation/log.rb +170 -0
data/modules/mu/clouds/cloudformation/server.rb +370 -0
data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
data/modules/mu/clouds/cloudformation.rb +733 -0
data/modules/mu/clouds/docker.rb +30 -0
data/modules/mu/clouds/google/container_cluster.rb +290 -0
data/modules/mu/clouds/google/database.rb +152 -0
data/modules/mu/clouds/google/firewall_rule.rb +267 -0
data/modules/mu/clouds/google/group.rb +164 -0
data/modules/mu/clouds/google/loadbalancer.rb +479 -0
data/modules/mu/clouds/google/server.rb +1510 -0
data/modules/mu/clouds/google/server_pool.rb +274 -0
data/modules/mu/clouds/google/user.rb +266 -0
data/modules/mu/clouds/google/userdata/README.md +4 -0
data/modules/mu/clouds/google/userdata/linux.erb +137 -0
data/modules/mu/clouds/google/userdata/windows.erb +275 -0
data/modules/mu/clouds/google/vpc.rb +890 -0
data/modules/mu/clouds/google.rb +811 -0
data/modules/mu/config/README.md +11 -0
data/modules/mu/config/alarm.rb +271 -0
data/modules/mu/config/cache_cluster.rb +172 -0
data/modules/mu/config/collection.rb +87 -0
data/modules/mu/config/container_cluster.rb +103 -0
data/modules/mu/config/container_cluster.yml +36 -0
data/modules/mu/config/database.rb +458 -0
data/modules/mu/config/database.yml +26 -0
data/modules/mu/config/dnszone.rb +327 -0
data/modules/mu/config/firewall_rule.rb +118 -0
data/modules/mu/config/folder.rb +70 -0
data/modules/mu/config/function.rb +140 -0
data/modules/mu/config/group.rb +64 -0
data/modules/mu/config/loadbalancer.rb +482 -0
data/modules/mu/config/log.rb +47 -0
data/modules/mu/config/log.yml +6 -0
data/modules/mu/config/msg_queue.rb +47 -0
data/modules/mu/config/msg_queue.yml +9 -0
data/modules/mu/config/notification.rb +44 -0
data/modules/mu/config/project.rb +71 -0
data/modules/mu/config/role.rb +102 -0
data/modules/mu/config/search_domain.rb +61 -0
data/modules/mu/config/search_domain.yml +25 -0
data/modules/mu/config/server.rb +587 -0
data/modules/mu/config/server.yml +8 -0
data/modules/mu/config/server_pool.rb +216 -0
data/modules/mu/config/server_pool.yml +71 -0
data/modules/mu/config/storage_pool.rb +145 -0
data/modules/mu/config/user.rb +78 -0
data/modules/mu/config/vpc.rb +743 -0
data/modules/mu/config/vpc.yml +6 -0
data/modules/mu/config.rb +2000 -0
data/modules/mu/defaults/README.md +2 -0
data/modules/mu/defaults/amazon_images.yaml +121 -0
data/modules/mu/defaults/google_images.yaml +16 -0
data/modules/mu/deploy.rb +686 -0
data/modules/mu/groomer.rb +123 -0
data/modules/mu/groomers/README.md +58 -0
data/modules/mu/groomers/chef.rb +1024 -0
data/modules/mu/kittens.rb +11319 -0
data/modules/mu/logger.rb +208 -0
data/modules/mu/master/README.md +27 -0
data/modules/mu/master/chef.rb +471 -0
data/modules/mu/master/ldap.rb +1005 -0
data/modules/mu/master.rb +415 -0
data/modules/mu/mommacat.rb +2703 -0
data/modules/mu-load-config.rb +1 -0
data/modules/mu.rb +724 -0
data/modules/scratchpad.erb +1 -0
data/modules/tests/super_complex_bok.yml +41 -0
data/modules/tests/super_simple_bok.yml +40 -0
data/mu.gemspec +62 -0
data/roles/demo-dbservice-configure.json +19 -0
data/roles/demo-portal-configure.json +19 -0
data/roles/mu-master-jenkins.json +24 -0
data/roles/mu-master-nagios-only.json +13 -0
data/roles/mu-master.json +12 -0
data/roles/mu-node.json +19 -0
data/roles/mu-splunk-server.json +13 -0
data/roles/mu-splunk.json +13 -0
data/test/clean_up.py +25 -0
data/test/demo-test-profile/README.md +3 -0
data/test/demo-test-profile/controls/flask.rb +84 -0
data/test/demo-test-profile/inspec.lock +7 -0
data/test/demo-test-profile/inspec.yml +11 -0
data/test/etco-test-profile/README.md +3 -0
data/test/etco-test-profile/controls/all-in-one.rb +182 -0
data/test/etco-test-profile/inspec.lock +7 -0
data/test/etco-test-profile/inspec.yml +11 -0
data/test/exec_inspec.py +246 -0
data/test/exec_mu_install.py +241 -0
data/test/exec_retry.py +44 -0
data/test/mu-master-test/README.md +3 -0
data/test/mu-master-test/controls/all_in_one.rb +557 -0
data/test/mu-master-test/inspec.lock +3 -0
data/test/mu-master-test/inspec.yml +11 -0
data/test/mu-tools-test/README.md +3 -0
data/test/mu-tools-test/controls/base.rb +265 -0
data/test/mu-tools-test/inspec.lock +3 -0
data/test/mu-tools-test/inspec.yml +8 -0
data/test/simple-server-php-test/README.md +3 -0
data/test/simple-server-php-test/controls/apachephp.rb +25 -0
data/test/simple-server-php-test/controls/example.rb +19 -0
data/test/simple-server-php-test/inspec.lock +7 -0
data/test/simple-server-php-test/inspec.yml +12 -0
data/test/simple-server-rails-test/README.md +3 -0
data/test/simple-server-rails-test/controls/rails.rb +188 -0
data/test/simple-server-rails-test/inspec.lock +7 -0
data/test/simple-server-rails-test/inspec.yml +11 -0
data/test/simple-windows-test/README.md +3 -0
data/test/simple-windows-test/controls/windows.rb +20 -0
data/test/simple-windows-test/inspec.lock +7 -0
data/test/simple-windows-test/inspec.yml +11 -0
data/test/smoke_test.rb +75 -0
data/test/wordpress-test/README.md +3 -0
data/test/wordpress-test/controls/wordpress.rb +97 -0
data/test/wordpress-test/inspec.lock +7 -0
data/test/wordpress-test/inspec.yml +11 -0
metadata +979 -0

data/bin/mu-deploy ADDED Viewed

@@ -0,0 +1,166 @@
+#!/usr/local/ruby-current/bin/ruby
+# Copyright:: Copyright (c) 2014 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+require File.realpath(File.expand_path(File.dirname(__FILE__)+"/mu-load-config.rb"))
+# now we have our global config available as the read-only hash $MU_CFG
+require 'rubygems'
+require 'bundler/setup'
+require 'json'
+require 'erb'
+require 'optimist'
+require 'json-schema'
+require 'mu'
+$opts = Optimist::options do
+  banner <<-EOS
+Usage:
+#{$0} [-e <environment>] [-r region] [-v] [-d] [-w] [-c] [-n] [-s] [-j] [-p parameter=value] /path/to/stack/config.[json|yaml] [-u deploy_id [-l]] [-r deploy_id]
+  EOS
+  opt :environment, "Environment to set on creation.", :require => false, :default => "dev"
+  opt :region, "Default region for newly-created cloud resources.", :require => false, :default => MU.myRegion, :type => :string
+  opt :nocleanup, "Skip cleaning up resources on failed deployments. Used for debugging.", :require => false, :default => false
+  opt :web, "Generate web-friendly (HTML) output.", :require => false, :default => false, :type => :boolean
+  opt :dryrun, "Do not build a stack, only run configuration validation.", :require => false, :default => false, :type => :boolean
+  opt :skipinitialupdates, "Node bootstrapping normally runs an internal recipe that does a full system update. This disables that behavior.", :require => false, :default => false, :type => :boolean
+  opt :parameter, "Pass a parameter to the configuration parser (Name=Value). This will be presented to your config file as the ERB variable $Name.", :require => false, :type => :string, :multi => true
+  opt :update, "Update the stored configuration of an existing deployment, instead of creating a new deploy.", :require => false, :type => :string
+  opt :cloudformation, "Emit Amazon Web Services targets into a CloudFormation template instead of building real services.", :require => false, :default => false, :type => :boolean
+  opt :cloudformation_output, "When emitting a CloudFormation template, put the final product in this location instead of in /tmp. Takes a local file path or an s3:// URI. S3 uploads will be given AUTHENTICATED-READ permissions.", :require => false, :type => :string
+  opt :verbose, "Display debugging output.", :require => false, :default => false, :type => :boolean
+  opt :quiet, "Display minimal output.", :require => false, :default => false, :type => :boolean
+end
+verbosity = MU::Logger::NORMAL
+verbosity = MU::Logger::LOUD if $opts[:verbose]
+verbosity = MU::Logger::QUIET if $opts[:quiet]
+if $opts[:verbose] and $opts[:quiet]
+  MU.log "Cannot set both --verbose and --quiet", MU::ERR
+  exit 1
+end
+if $opts[:liveupdate] and !$opts[:update]
+  MU.log "--liveupdate only valid when combined with --update", MU::ERR
+  exit 1
+end
+MU.setVar("curRegion", $opts[:region]) if $opts[:region]
+MU.setLogging(verbosity, $opts[:web])
+# Parse any paramater options into something useable.
+params = Hash.new
+$opts[:parameter].each { |param|
+  name, value = param.split(/\s*=\s*/, 2)
+  params[name] = value
+}
+# We want our config files (which can be ERB templates) to have this variable
+# available to them.
+$environment = $opts[:environment]
+if !ARGV[0] or ARGV[0].empty?
+  MU.log("You must specify a stack configuration file!", MU::ERR, html: $opts[:web])
+  exit 1
+end
+begin
+  config = File.realdirpath(ARGV[0])
+  File.read(config)
+rescue Errno::ENOENT => e
+  MU.log "#{e.message}", MU::ERR, html: $opts[:web]
+  exit 1
+end
+MU.log "Loading #{config}", html: $opts[:web], details: $opts
+conf_engine = MU::Config.new(config, $opts[:skipinitialupdates], params: params, updating: $opts[:update])
+stack_conf = conf_engine.config
+if $opts[:dryrun] or $opts[:verbose]
+  puts stack_conf.to_yaml
+  conf_engine.visualizeDependencies
+end
+if $opts[:dryrun]
+  MU.log("#{$config} loaded successfully.", html: $opts[:web])
+  if MU::Cloud::AWS.hosted # XXX actually, check whether we're targeting AWS resources
+    # I do not understand why this is necessary, but here we are.
+    Thread.handle_interrupt(MU::Cloud::MuCloudResourceNotImplemented => :never) {
+      begin
+        Thread.handle_interrupt(MU::Cloud::MuCloudResourceNotImplemented => :immediate) {
+          MU.log "Cost calculator not available for this stack, as it uses a resource not implemented in Mu's CloudFormation layer.", MU::WARN, verbosity: MU::Logger::NORMAL
+          Thread.current.exit
+        }
+      ensure
+      end
+    }
+    begin
+      cost_dummy_deploy = MU::Deploy.new(
+        $opts[:environment],
+        verbosity: MU::Logger::SILENT,
+        force_cloudformation: true,
+        cloudformation_path: "/dev/null",
+        nocleanup: false,
+        no_artifacts: true,
+        stack_conf: stack_conf
+      )
+      cost_dummy_deploy.run
+    rescue MU::Cloud::MuCloudResourceNotImplemented, MU::Cloud::MuCloudFlagNotImplemented
+      MU.log "Cost calculator not available for this stack, as it uses a resource not implemented in Mu's CloudFormation layer.", MU::WARN, verbosity: MU::Logger::NORMAL
+    end
+  end
+  exit
+end
+if $opts[:update]
+  deploy = MU::MommaCat.new($opts[:update])
+# TODO consider whether this is useful/valid
+#  old_conf = JSON.parse(File.read(deploy.deploy_dir+"/basket_of_kittens.json"))
+#  stack_conf = old_conf.merge(stack_conf)
+  deploy.updateBasketofKittens(stack_conf)
+  deployer = MU::Deploy.new(
+    deploy.environment,
+    verbosity: verbosity,
+    webify_logs: $opts[:web],
+    nocleanup: true, # don't accidentally blow up an existing deploy
+    stack_conf: stack_conf,
+    deploy_id: $opts[:update],
+    deploy_obj: deploy
+  )
+  deployer.run
+  exit 0
+end
+$application_cookbook = stack_conf["application_cookbook"]
+Dir.chdir(MU.installDir)
+cfm_path = "/tmp/cloudformation-#{stack_conf['appname']}.json"
+if !$opts[:cloudformation_output].nil?
+  cfm_path = $opts[:cloudformation_output]
+end
+deployer = MU::Deploy.new(
+  $opts[:environment],
+  verbosity: verbosity,
+  webify_logs: $opts[:web],
+  nocleanup: $opts[:nocleanup],
+  cloudformation_path: cfm_path,
+  force_cloudformation: $opts[:cloudformation],
+  stack_conf: stack_conf
+)
+deployer.run

data/bin/mu-firewall-allow-clients ADDED Viewed

@@ -0,0 +1,30 @@
+#!/usr/local/ruby-current/bin/ruby
+# Copyright:: Copyright (c) 2014 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Manages network access to our syslog port (10514) for clients, by harvesting
+# a list of IPs from Chef (and assuming that we're in EC2).
+if ARGV.size > 0
+  puts "#{$0}: Freshen the Mu Master's security groups to allow client nodes to connect back."
+  exit 1
+end
+require 'rubygems'
+require 'bundler/setup'
+require 'mu'
+# XXX this should be rolled into mu-aws-setup
+MU::Cloud::AWS.openFirewallForClients

data/bin/mu-gcp-setup ADDED Viewed

@@ -0,0 +1,200 @@
+#!/usr/local/ruby-current/bin/ruby
+#
+# Copyright:: Copyright (c) 2017 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# Perform initial Mu setup tasks:
+# 1. Set up an appropriate Security Group
+# 2. Associate a specific Elastic IP address to this MU server, if required.
+# 3. Create an S3 bucket for Mu logs.
+require 'etc'
+require 'securerandom'
+require File.expand_path(File.dirname(__FILE__))+"/mu-load-config.rb"
+require 'rubygems'
+require 'bundler/setup'
+require 'json'
+require 'erb'
+require 'optimist'
+require 'json-schema'
+require 'mu'
+Dir.chdir(MU.installDir)
+$opts = Optimist::options do
+  banner <<-EOS
+Usage:
+#{$0} [-i] [-s] [-l] [-u] [-d]
+  EOS
+#  opt :ip, "Attempt to configure the IP requested in the CHEF_PUBLIC_IP environment variable, or if none is set, to associate an arbitrary Elastic IP.", :require => false, :default => false, :type => :boolean
+  opt :sg, "Attempt to configure a Security Group with appropriate permissions.", :require => false, :default => false, :type => :boolean
+  opt :logs, "Ensure the presence of an Cloud Storage bucket prefixed with 'Mu_Logs' for use with CloudTrails, syslog, etc.", :require => false, :default => false, :type => :boolean
+#  opt :dns, "Ensure the presence of a private DNS Zone called for internal amongst Mu resources.", :require => false, :default => false, :type => :boolean
+  opt :uploadlogs, "Push today's log files to the Cloud Storage bucket created by the -l option.", :require => false, :default => false, :type => :boolean
+end
+if MU::Cloud::Google.hosted
+  instance = MU.myCloudDescriptor
+  admin_sg_name = "mu-master-"+MU.myInstanceId+"-ingress-allow"
+  if !instance.tags.items or !instance.tags.items.include?(admin_sg_name)
+    newitems = instance.tags.items ? instance.tags.items.dup : []
+    newitems << admin_sg_name
+    MU.log "Setting my instance tags", MU::NOTICE, details: newitems
+    newtags = MU::Cloud::Google.compute(:Tags).new(
+      fingerprint: instance.tags.fingerprint,
+      items: newitems
+    )
+    MU::Cloud::Google.compute.set_instance_tags(
+      MU::Cloud::Google.myProject,
+      MU.myAZ,
+      MU.myInstanceId,
+      newtags
+    )
+    instance = MU.myCloudDescriptor
+  end
+  preferred_ip = MU.mu_public_ip
+end
+# Create a security group, or manipulate an existing one, so that we have all
+# of the appropriate network holes.
+if $opts[:sg]
+  open_ports = [80, 443, 2260, 7443, 8443, 9443, 8200]
+  found = MU::MommaCat.findStray("Google", "firewall_rule", dummy_ok: true, cloud_id: admin_sg_name)
+  admin_sg = found.first if !found.nil? and found.size > 0
+  rules = []
+  open_ports.each { |port|
+    rules << {
+      "proto" => "tcp",
+      "port" => port.to_s,
+      "hosts" => ["0.0.0.0/0"]
+    }
+  }
+# TODO this is getting subsumed in all the 0.0.0.0/0 above; what we really want is a separate rule for this
+  rules << {
+    "proto" => "tcp",
+    "port" => 22,
+    "hosts" => ["#{preferred_ip}/32"]
+  }
+  cfg = {
+    "name" => admin_sg_name,
+    "cloud" => "Google",
+    "rules" => rules,
+    "project" => MU::Cloud::Google.myProject,
+    "target_tags" => [admin_sg_name],
+    "vpc" => {
+      "vpc_id" => instance.network_interfaces.first.network
+    }
+  }
+  if !admin_sg
+    admin_sg = MU::Cloud::FirewallRule.new(kitten_cfg: cfg, mu_name: "mu-master-"+MU.myInstanceId)
+    admin_sg.create
+    admin_sg.groom
+  else
+# TODO Make sure the rules and tags are up to date
+  end
+end
+$bucketname = $MU_CFG['google']['log_bucket_name']
+if $opts[:logs]
+  exists = false
+  MU.log "Configuring log and secret Google Cloud Storage bucket '#{$bucketname}'"
+  bucket = nil
+  begin
+    bucket = MU::Cloud::Google.storage.get_bucket($bucketname)
+  rescue ::Google::Apis::ClientError => e
+    if e.message.match(/notFound:/)
+      MU.log "Creating #{$bucketname} bucket"
+      bucketobj = MU::Cloud::Google.storage(:Bucket).new(
+        name: $bucketname,
+        location: "US", # XXX why is this needed?
+        versioning: MU::Cloud::Google.storage(:Bucket)::Versioning.new(
+          enabled: true
+        ),
+        lifecycle: MU::Cloud::Google.storage(:Bucket)::Lifecycle.new(
+          rule: [ MU::Cloud::Google.storage(:Bucket)::Lifecycle::Rule.new(
+            action: MU::Cloud::Google.storage(:Bucket)::Lifecycle::Rule::Action.new(
+              type: "SetStorageClass",
+              storage_class: "DURABLE_REDUCED_AVAILABILITY"
+            ),
+            condition: MU::Cloud::Google.storage(:Bucket)::Lifecycle::Rule::Condition.new(
+              age: 180
+            )
+          )]
+        )
+      )
+      bucket = MU::Cloud::Google.storage.insert_bucket(
+        MU::Cloud::Google.defaultProject,
+        bucketobj
+      )
+    else
+      raise MuError, e.inspect
+    end
+  end
+  ebs_key = nil
+  begin
+    ebs_key = MU::Cloud::Google.storage.get_object($bucketname, "log_vol_ebs_key")
+  rescue ::Google::Apis::ClientError => e
+    if e.message.match(/notFound:/)
+      # XXX this may not be useful outside of AWS
+      MU.log "Creating new key for encrypted log volume"
+      key = SecureRandom.random_bytes(32)
+      f = Tempfile.new("logvolkey") # XXX this is insecure and stupid
+      f.write key
+      f.close
+      objectobj = MU::Cloud::Google.storage(:Object).new(
+        bucket: $bucketname,
+        name: "log_vol_ebs_key"
+      )
+      ebs_key = MU::Cloud::Google.storage.insert_object(
+        $bucketname,
+        objectobj,
+        upload_source: f.path
+      )
+      f.unlink
+    else
+      raise MuError, e.inspect
+    end
+  end
+  MU::Master.disk("/dev/xvdl", "/Mu_Logs", 50, "log_vol_ebs_key", "ram7")
+end
+if $opts[:dns]
+end
+if $opts[:uploadlogs]
+  today = Time.new.strftime("%Y%m%d").to_s
+  ["master.log", "nodes.log"].each { |log|
+    if File.exists?("/Mu_Logs/#{log}-#{today}")
+      MU.log "Uploading /Mu_Logs/#{log}-#{today} to bucket #{$bucketname}"
+      MU::Cloud::AWS.s3.put_object(
+          bucket: $bucketname,
+          key: "#{log}/#{today}",
+          body: File.read("/Mu_Logs/#{log}-#{today}")
+      )
+    else
+      MU.log "No log /Mu_Logs/#{log}-#{today} was found", MU::WARN
+    end
+  }
+end

data/bin/mu-gen-docs ADDED Viewed

@@ -0,0 +1,34 @@
+#!/usr/local/ruby-current/bin/ruby
+# Copyright:: Copyright (c) 2014 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+if ARGV.size > 0
+  puts "#{$0}: Freshen the Mu Master's API and configuration documentation"
+  exit 1
+end
+require 'rubygems'
+require 'bundler/setup'
+require 'json'
+require 'erb'
+require 'optimist'
+require 'json-schema'
+require File.realpath(File.expand_path(File.dirname(__FILE__)+"/mu-load-config.rb"))
+require 'mu'
+require 'yard'
+MU::Config.emitSchemaAsRuby
+MU.log "Generating YARD documentation in /var/www/html/docs (see http://#{$MU_CFG['public_address']}/docs/frames.html)"
+File.umask(0022)
+exec "cd #{MU.myRoot} && umask 0022 && env -i PATH=#{ENV['PATH']} HOME=#{ENV['HOME']} /usr/local/ruby-current/bin/yard doc modules -m markdown -o /var/www/html/docs && chcon -R -h -t httpd_sys_script_exec_t /var/www/html/ ; /usr/local/ruby-current/bin/yard stats --list-undoc modules"

data/bin/mu-gen-env ADDED Viewed

@@ -0,0 +1,42 @@
+#!/usr/local/ruby-current/bin/ruby
+# Copyright:: Copyright (c) 2017 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# This is a dopey bridge script to support mu-upload-chef-artifacts, the last
+# of our Bourne shell cruft. It expects things to exist in certain env
+# variables, which now live exclusively in mu.yaml. Give it what it wants. This
+# can be removed once mu-upload-chef-artifacts gets its long-overdue rewrite in
+# an adult language.
+require File.realpath(File.expand_path(File.dirname(__FILE__)+"/mu-load-config.rb"))
+keymap = {
+  "installdir" => "MU_INSTALLDIR",
+  "libdir" => "MU_LIBDIR",
+  "repos" => "ADDTL_CHEF_REPOS",
+  "public_address" => "CHEF_PUBLIC_IP"
+}
+require 'mu'
+$MU_CFG.each_pair { |key, val|
+  next if key == "datadir"
+  varname = keymap.has_key?(key) ? keymap[key] : key.upcase
+  if val.is_a?(Array)
+    puts varname+"="+val.join(",")
+  elsif val.is_a?(Hash)
+  # too much work
+  else
+    puts "export "+varname+'="'+val.to_s+'"'
+  end
+}
+puts "export PATH=#{$MU_CFG['installdir']}/bin:/usr/local/ruby-current/bin:${PATH}:/opt/opscode/embedded/bin"

data/bin/mu-load-config.rb ADDED Viewed

@@ -0,0 +1,158 @@
+#!/usr/bin/env PATH="/usr/local/ruby-current/bin/ruby:${PATH}" ruby
+# Copyright:: Copyright (c) 2014 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+require 'yaml'
+require 'etc'
+require 'json'
+require 'erubis'
+require 'socket'
+# Locate and load the Mu Master's configuration, typically stored in
+# /opt/mu/etc/mu.yaml. If ~/.mu.yaml exists, load that too and allow it to
+# override values from the global config. Also puts Mu's /modules directory
+# into the Ruby $LOAD_PATH.
+# @return [Hash]
+def loadMuConfig(default_cfg_overrides = nil)
+  # Start with sane defaults
+  default_cfg = {
+    "installdir" => "/opt/mu",
+    "libdir" => "/opt/mu/lib",
+    "hostname" => "mu-master",
+    "ssl" => {
+      "cert" => "/opt/mu/var/ssl/mommacat.crt",
+      "key" => "/opt/mu/var/ssl/mommacat.key",
+      "chain" => "/opt/mu/var/ssl/Mu_CA.pem"
+    },
+    "mu_admin_email" => "root@localhost",
+    "jenkins_admin_email" => "root@localhost",
+    "allow_invade_foreign_vpcs" => false,
+    "mu_repo" => "cloudamatic/mu.git",
+    "public_address" => Socket.gethostname || "localhost",
+    "banner" => "Mu Master",
+    "scratchpad" => {
+      "template_path" => "/opt/mu/lib/modules/scratchpad.erb",
+      "max_age" => 3600
+    },
+    "ldap" => {
+      "type" => "389 Directory Services",
+      "base_dn" => "OU=Mu,DC=platform-mu",
+      "user_ou" => "OU=Users,OU=Mu,DC=platform-mu",
+      "group_ou" => "OU=Groups,OU=Mu,DC=platform-mu",
+      "bind_creds" => {
+        "vault" => "mu_ldap",
+        "item" => "mu_bind_acct",
+        "username_field" => "username",
+        "password_field" => "password"
+      },
+      "join_creds" => {
+        "vault" => "mu_ldap",
+        "item" => "mu_join_acct",
+        "username_field" => "username",
+        "password_field" => "password"
+      },
+      "domain_name" => "platform-mu",
+      "domain_netbios_name" => "mu",
+      "user_group_dn" => "CN=mu-users,OU=Groups,OU=Mu,DC=platform-mu",
+      "user_group_name" => "mu-users",
+      "admin_group_dn" => "CN=mu-admins,OU=Groups,OU=Mu,DC=platform-mu",
+      "admin_group_name" => "mu-admins",
+      "dcs" => ["127.0.0.1"]
+    }
+  }
+  default_cfg.merge!(default_cfg_overrides) if default_cfg_overrides
+  if !File.exists?(cfgPath) and Process.uid == 0
+    puts "**** Master config #{cfgPath} does not exist, initializing *****"
+    File.open(cfgPath, File::CREAT|File::TRUNC|File::RDWR, 0644){ |f|
+      f.puts default_cfg.to_yaml
+    }
+  end
+  global_cfg = { "config_files" => [] }
+  if File.exists?(cfgPath)
+    global_cfg = YAML.load(File.read(cfgPath))
+    global_cfg["config_files"] = [cfgPath]
+  end
+  home = Etc.getpwuid(Process.uid).dir
+  username = Etc.getpwuid(Process.uid).name
+  if File.readable?("#{home}/.mu.yaml") and cfgPath != "#{home}/.mu.yaml"
+    global_cfg.merge!(YAML.load(File.read("#{home}/.mu.yaml")))
+    global_cfg["config_files"] << "#{home}/.mu.yaml"
+  end
+  if !global_cfg.has_key?("installdir")
+    if ENV['MU_INSTALLDIR']
+      global_cfg["installdir"] = ENV['MU_INSTALLDIR']
+    elsif Gem.paths and Gem.paths.home
+      global_cfg["installdir"] = File.realpath(File.expand_path(File.dirname(Gem.paths.home))+"/../../../")
+    else
+      global_cfg["installdir"] = "/opt/mu"
+    end
+  end
+  if !global_cfg.has_key?("libdir")
+    if ENV['MU_INSTALLDIR']
+      global_cfg["libdir"] = ENV['MU_INSTALLDIR']+"/lib"
+    else
+      global_cfg["libdir"] = File.realpath(File.expand_path(File.dirname(__FILE__))+"/..")
+    end
+  end
+  if !global_cfg.has_key?("datadir")
+    if username != "root"
+      global_cfg["datadir"] = home+"/.mu"
+    elsif global_cfg.has_key?("installdir")
+      global_cfg["datadir"] = global_cfg["installdir"]+"/var"
+    else
+      global_cfg["datadir"] = "/opt/mu/var"
+    end
+  end
+  $LOAD_PATH << "#{global_cfg["libdir"]}/modules"
+  return default_cfg.merge(global_cfg).freeze
+end
+def cfgPath
+  home = Etc.getpwuid(Process.uid).dir
+  username = Etc.getpwuid(Process.uid).name
+  if Process.uid == 0
+    if ENV.include?('MU_INSTALLDIR')
+      ENV['MU_INSTALLDIR']+"/etc/mu.yaml"
+    elsif Dir.exists?("/opt/mu")
+      File.realpath(File.expand_path(File.dirname(__FILE__)+"/../../etc"))
+    else
+      "#{home}/.mu.yaml"
+    end
+  else
+    "#{home}/.mu.yaml"
+  end
+end
+def cfgExists?
+  File.exists?(cfgPath)
+end
+# Output an in-memory configuration hash to the standard config file location,
+# in YAML.
+# @param cfg [Hash]: The configuration to dump
+# @param comment [Hash]: A configuration blob that will be appended as a commented block
+def saveMuConfig(cfg, comment = nil)
+  puts "**** Saving master config to #{cfgPath} *****"
+  File.open(cfgPath, File::CREAT|File::TRUNC|File::RDWR, 0644){ |f|
+    f.puts cfg.to_yaml
+    if comment and comment.size > 0
+      f.puts comment.to_yaml.sub(/^---$/, "EXAMPLE CLOUD LAYERS").gsub(/^/, "# ")
+    end
+  }
+end
+$MU_CFG = loadMuConfig($MU_SET_DEFAULTS)