cloud-mu 1.9.0.pre.beta
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/Berksfile +56 -0
- data/Berksfile.lock +250 -0
- data/Jenkinsfile +184 -0
- data/LICENSE.md +37 -0
- data/README.md +26 -0
- data/bin/mu-aws-setup +376 -0
- data/bin/mu-cleanup +68 -0
- data/bin/mu-configure +1133 -0
- data/bin/mu-deploy +166 -0
- data/bin/mu-firewall-allow-clients +30 -0
- data/bin/mu-gcp-setup +200 -0
- data/bin/mu-gen-docs +34 -0
- data/bin/mu-gen-env +42 -0
- data/bin/mu-load-config.rb +158 -0
- data/bin/mu-node-manage +683 -0
- data/bin/mu-self-update +228 -0
- data/bin/mu-ssh +23 -0
- data/bin/mu-tunnel-nagios +144 -0
- data/bin/mu-upload-chef-artifacts +757 -0
- data/bin/mu-user-manage +275 -0
- data/cookbooks/awscli/LICENSE +37 -0
- data/cookbooks/awscli/README.md +58 -0
- data/cookbooks/awscli/attributes/default.rb +1 -0
- data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
- data/cookbooks/awscli/metadata.rb +20 -0
- data/cookbooks/awscli/recipes/default.rb +56 -0
- data/cookbooks/awscli/templates/default/config.erb +18 -0
- data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
- data/cookbooks/mu-activedirectory/LICENSE +37 -0
- data/cookbooks/mu-activedirectory/README.md +6 -0
- data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
- data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
- data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
- data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
- data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
- data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
- data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
- data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
- data/cookbooks/mu-activedirectory/metadata.rb +17 -0
- data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
- data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
- data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
- data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
- data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
- data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
- data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
- data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
- data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
- data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
- data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
- data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
- data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
- data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
- data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
- data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
- data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
- data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
- data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
- data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
- data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
- data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
- data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
- data/cookbooks/mu-firewall/LICENSE +37 -0
- data/cookbooks/mu-firewall/README.md +5 -0
- data/cookbooks/mu-firewall/attributes/default.rb +3 -0
- data/cookbooks/mu-firewall/metadata.rb +16 -0
- data/cookbooks/mu-firewall/recipes/default.rb +10 -0
- data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
- data/cookbooks/mu-glusterfs/LICENSE +37 -0
- data/cookbooks/mu-glusterfs/README.md +5 -0
- data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
- data/cookbooks/mu-glusterfs/metadata.rb +17 -0
- data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
- data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
- data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
- data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
- data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
- data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
- data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
- data/cookbooks/mu-jenkins/LICENSE +37 -0
- data/cookbooks/mu-jenkins/README.md +105 -0
- data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
- data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
- data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
- data/cookbooks/mu-jenkins/metadata.rb +21 -0
- data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
- data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
- data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
- data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
- data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
- data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
- data/cookbooks/mu-master/CHANGELOG.md +13 -0
- data/cookbooks/mu-master/LICENSE +37 -0
- data/cookbooks/mu-master/README.md +6 -0
- data/cookbooks/mu-master/attributes/default.rb +95 -0
- data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
- data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
- data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
- data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
- data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
- data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
- data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
- data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
- data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
- data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
- data/cookbooks/mu-master/files/default/pam_sshd +18 -0
- data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
- data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
- data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
- data/cookbooks/mu-master/files/default/vimrc +19 -0
- data/cookbooks/mu-master/libraries/mu.rb +29 -0
- data/cookbooks/mu-master/metadata.rb +30 -0
- data/cookbooks/mu-master/providers/user.rb +41 -0
- data/cookbooks/mu-master/recipes/389ds.rb +164 -0
- data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
- data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
- data/cookbooks/mu-master/recipes/default.rb +451 -0
- data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
- data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
- data/cookbooks/mu-master/recipes/init.rb +542 -0
- data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
- data/cookbooks/mu-master/recipes/sssd.rb +89 -0
- data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
- data/cookbooks/mu-master/recipes/vault.rb +111 -0
- data/cookbooks/mu-master/resources/user.rb +19 -0
- data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
- data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
- data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
- data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
- data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
- data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
- data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
- data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
- data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
- data/cookbooks/mu-mongo/LICENSE +37 -0
- data/cookbooks/mu-mongo/README.md +5 -0
- data/cookbooks/mu-mongo/attributes/default.rb +22 -0
- data/cookbooks/mu-mongo/files/default/keyfile +16 -0
- data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
- data/cookbooks/mu-mongo/metadata.rb +17 -0
- data/cookbooks/mu-mongo/recipes/default.rb +149 -0
- data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
- data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
- data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
- data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
- data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
- data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
- data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
- data/cookbooks/mu-openvpn/LICENSE +37 -0
- data/cookbooks/mu-openvpn/README.md +6 -0
- data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
- data/cookbooks/mu-openvpn/metadata.rb +18 -0
- data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
- data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
- data/cookbooks/mu-php54/CHANGELOG.md +12 -0
- data/cookbooks/mu-php54/LICENSE +37 -0
- data/cookbooks/mu-php54/README.md +0 -0
- data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
- data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
- data/cookbooks/mu-php54/metadata.rb +21 -0
- data/cookbooks/mu-php54/recipes/default.rb +97 -0
- data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
- data/cookbooks/mu-splunk/LICENSE +37 -0
- data/cookbooks/mu-splunk/README.md +451 -0
- data/cookbooks/mu-splunk/attributes/default.rb +95 -0
- data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
- data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
- data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
- data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
- data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
- data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
- data/cookbooks/mu-splunk/metadata.json +30 -0
- data/cookbooks/mu-splunk/metadata.rb +17 -0
- data/cookbooks/mu-splunk/recipes/client.rb +143 -0
- data/cookbooks/mu-splunk/recipes/default.rb +31 -0
- data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
- data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
- data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
- data/cookbooks/mu-splunk/recipes/server.rb +53 -0
- data/cookbooks/mu-splunk/recipes/service.rb +95 -0
- data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
- data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
- data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
- data/cookbooks/mu-splunk/recipes/user.rb +34 -0
- data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
- data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
- data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
- data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
- data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
- data/cookbooks/mu-tools/CHANGELOG.md +12 -0
- data/cookbooks/mu-tools/LICENSE +37 -0
- data/cookbooks/mu-tools/README.md +188 -0
- data/cookbooks/mu-tools/attributes/default.rb +142 -0
- data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
- data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
- data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
- data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
- data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
- data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
- data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
- data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
- data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
- data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
- data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
- data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
- data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
- data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
- data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
- data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
- data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
- data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
- data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
- data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
- data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
- data/cookbooks/mu-tools/files/default/mypol.te +37 -0
- data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
- data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
- data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
- data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
- data/cookbooks/mu-tools/files/default/ntrights +0 -0
- data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
- data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
- data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
- data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
- data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
- data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
- data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
- data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
- data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
- data/cookbooks/mu-tools/libraries/helper.rb +292 -0
- data/cookbooks/mu-tools/metadata.rb +28 -0
- data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
- data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
- data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
- data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
- data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
- data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
- data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
- data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
- data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
- data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
- data/cookbooks/mu-tools/recipes/efs.rb +70 -0
- data/cookbooks/mu-tools/recipes/eks.rb +160 -0
- data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
- data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
- data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
- data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
- data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
- data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
- data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
- data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
- data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
- data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
- data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
- data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
- data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
- data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
- data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
- data/cookbooks/mu-tools/recipes/updates.rb +96 -0
- data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
- data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
- data/cookbooks/mu-tools/resources/disk.rb +88 -0
- data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
- data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
- data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
- data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
- data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
- data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
- data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
- data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
- data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
- data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
- data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
- data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
- data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
- data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
- data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
- data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
- data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
- data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
- data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
- data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
- data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
- data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
- data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
- data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
- data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
- data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
- data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
- data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
- data/cookbooks/mu-utility/CHANGELOG.md +12 -0
- data/cookbooks/mu-utility/LICENSE +37 -0
- data/cookbooks/mu-utility/README.md +6 -0
- data/cookbooks/mu-utility/attributes/default.rb +1 -0
- data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
- data/cookbooks/mu-utility/metadata.rb +16 -0
- data/cookbooks/mu-utility/recipes/apt.rb +23 -0
- data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
- data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
- data/cookbooks/mu-utility/recipes/luks.rb +18 -0
- data/cookbooks/mu-utility/recipes/nat.rb +104 -0
- data/cookbooks/mu-utility/recipes/php.rb +33 -0
- data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
- data/cookbooks/mu-utility/recipes/remi.rb +44 -0
- data/cookbooks/mu-utility/recipes/vim.rb +26 -0
- data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
- data/cookbooks/mu-utility/recipes/zip.rb +26 -0
- data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
- data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
- data/cookbooks/nagios/Berksfile +8 -0
- data/cookbooks/nagios/CHANGELOG.md +589 -0
- data/cookbooks/nagios/CONTRIBUTING.md +11 -0
- data/cookbooks/nagios/LICENSE +37 -0
- data/cookbooks/nagios/README.md +328 -0
- data/cookbooks/nagios/TESTING.md +2 -0
- data/cookbooks/nagios/attributes/config.rb +171 -0
- data/cookbooks/nagios/attributes/default.rb +228 -0
- data/cookbooks/nagios/chefignore +102 -0
- data/cookbooks/nagios/definitions/command.rb +33 -0
- data/cookbooks/nagios/definitions/contact.rb +33 -0
- data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
- data/cookbooks/nagios/definitions/host.rb +33 -0
- data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
- data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
- data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
- data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
- data/cookbooks/nagios/definitions/resource.rb +33 -0
- data/cookbooks/nagios/definitions/service.rb +33 -0
- data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
- data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
- data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
- data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
- data/cookbooks/nagios/libraries/base.rb +314 -0
- data/cookbooks/nagios/libraries/command.rb +91 -0
- data/cookbooks/nagios/libraries/contact.rb +230 -0
- data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
- data/cookbooks/nagios/libraries/custom_option.rb +36 -0
- data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
- data/cookbooks/nagios/libraries/default.rb +90 -0
- data/cookbooks/nagios/libraries/host.rb +412 -0
- data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
- data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
- data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
- data/cookbooks/nagios/libraries/nagios.rb +282 -0
- data/cookbooks/nagios/libraries/resource.rb +59 -0
- data/cookbooks/nagios/libraries/service.rb +455 -0
- data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
- data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
- data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
- data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
- data/cookbooks/nagios/libraries/users_helper.rb +54 -0
- data/cookbooks/nagios/metadata.rb +25 -0
- data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
- data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
- data/cookbooks/nagios/recipes/apache.rb +48 -0
- data/cookbooks/nagios/recipes/default.rb +204 -0
- data/cookbooks/nagios/recipes/nginx.rb +82 -0
- data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
- data/cookbooks/nagios/recipes/server_package.rb +40 -0
- data/cookbooks/nagios/recipes/server_source.rb +164 -0
- data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
- data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
- data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
- data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
- data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
- data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
- data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
- data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
- data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
- data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
- data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
- data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
- data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
- data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
- data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
- data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
- data/cookbooks/s3fs/CHANGELOG.md +13 -0
- data/cookbooks/s3fs/LICENSE +37 -0
- data/cookbooks/s3fs/README.md +6 -0
- data/cookbooks/s3fs/attributes/default.rb +15 -0
- data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
- data/cookbooks/s3fs/metadata.rb +16 -0
- data/cookbooks/s3fs/recipes/default.rb +91 -0
- data/data_bags/demo/app.json +7 -0
- data/data_bags/nagios_services/chef.json +6 -0
- data/data_bags/nagios_services/linux_diskspace.json +5 -0
- data/data_bags/nagios_services/momma_cat.json +6 -0
- data/data_bags/nagios_services/mu-master-memory.json +5 -0
- data/data_bags/nagios_services/nagios_ui.json +6 -0
- data/data_bags/nagios_services/node_ssh.json +6 -0
- data/data_bags/nagios_services/ssh.json +6 -0
- data/demo/lambda_test.yaml +29 -0
- data/environments/DEV.json +8 -0
- data/environments/PROD.json +8 -0
- data/environments/dev.json +8 -0
- data/environments/development.json +8 -0
- data/environments/prod.json +8 -0
- data/extras/README.md +1 -0
- data/extras/admin-role-binding.yaml +16 -0
- data/extras/admin-user.yaml +6 -0
- data/extras/aws-auth-cm.yaml.erb +12 -0
- data/extras/clean-stock-amis +48 -0
- data/extras/git-fix-permissions-hook +12 -0
- data/extras/gitlab-eks-helper.sh.erb +20 -0
- data/extras/image-generators/README.md +2 -0
- data/extras/image-generators/aws/centos6.yaml +18 -0
- data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
- data/extras/image-generators/aws/centos7.yaml +17 -0
- data/extras/image-generators/aws/rhel7.yaml +17 -0
- data/extras/image-generators/aws/win2k12.yaml +16 -0
- data/extras/image-generators/aws/win2k16.yaml +16 -0
- data/extras/image-generators/aws/windows.yaml +18 -0
- data/extras/image-generators/gcp/centos6.yaml +17 -0
- data/extras/lambda_waf_domain_blacklist.py +103 -0
- data/extras/platform_berksfile_base +50 -0
- data/extras/ruby_rpm/build.sh +17 -0
- data/extras/ruby_rpm/muby.spec +44 -0
- data/extras/vault_tools/README.md +6 -0
- data/extras/vault_tools/export_vaults.sh +3 -0
- data/extras/vault_tools/recreate_vaults.sh +5 -0
- data/extras/vault_tools/test_vaults.sh +5 -0
- data/install/README.md +8 -0
- data/install/cfn_create_mu_master.json +1034 -0
- data/install/chef-server.rb.erb +19 -0
- data/install/deprecated-bash-library.sh +1891 -0
- data/install/images/Usage.png +0 -0
- data/install/installer +71 -0
- data/install/jenkinskeys.rb +8 -0
- data/install/user-dot-murc.erb +14 -0
- data/modules/html.erb +19 -0
- data/modules/mommacat.ru +426 -0
- data/modules/mu/cleanup.rb +339 -0
- data/modules/mu/cloud.rb +1446 -0
- data/modules/mu/clouds/README.md +201 -0
- data/modules/mu/clouds/aws/alarm.rb +319 -0
- data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
- data/modules/mu/clouds/aws/collection.rb +373 -0
- data/modules/mu/clouds/aws/container_cluster.rb +667 -0
- data/modules/mu/clouds/aws/database.rb +1836 -0
- data/modules/mu/clouds/aws/dnszone.rb +911 -0
- data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
- data/modules/mu/clouds/aws/folder.rb +92 -0
- data/modules/mu/clouds/aws/function.rb +349 -0
- data/modules/mu/clouds/aws/group.rb +251 -0
- data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
- data/modules/mu/clouds/aws/log.rb +363 -0
- data/modules/mu/clouds/aws/msg_queue.rb +480 -0
- data/modules/mu/clouds/aws/notification.rb +139 -0
- data/modules/mu/clouds/aws/role.rb +656 -0
- data/modules/mu/clouds/aws/search_domain.rb +646 -0
- data/modules/mu/clouds/aws/server.rb +2294 -0
- data/modules/mu/clouds/aws/server_pool.rb +1388 -0
- data/modules/mu/clouds/aws/storage_pool.rb +495 -0
- data/modules/mu/clouds/aws/user.rb +382 -0
- data/modules/mu/clouds/aws/userdata/README.md +4 -0
- data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
- data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
- data/modules/mu/clouds/aws/vpc.rb +1943 -0
- data/modules/mu/clouds/aws.rb +1009 -0
- data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
- data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
- data/modules/mu/clouds/cloudformation/collection.rb +117 -0
- data/modules/mu/clouds/cloudformation/database.rb +278 -0
- data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
- data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
- data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
- data/modules/mu/clouds/cloudformation/log.rb +170 -0
- data/modules/mu/clouds/cloudformation/server.rb +370 -0
- data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
- data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
- data/modules/mu/clouds/cloudformation.rb +733 -0
- data/modules/mu/clouds/docker.rb +30 -0
- data/modules/mu/clouds/google/container_cluster.rb +290 -0
- data/modules/mu/clouds/google/database.rb +152 -0
- data/modules/mu/clouds/google/firewall_rule.rb +267 -0
- data/modules/mu/clouds/google/group.rb +164 -0
- data/modules/mu/clouds/google/loadbalancer.rb +479 -0
- data/modules/mu/clouds/google/server.rb +1510 -0
- data/modules/mu/clouds/google/server_pool.rb +274 -0
- data/modules/mu/clouds/google/user.rb +266 -0
- data/modules/mu/clouds/google/userdata/README.md +4 -0
- data/modules/mu/clouds/google/userdata/linux.erb +137 -0
- data/modules/mu/clouds/google/userdata/windows.erb +275 -0
- data/modules/mu/clouds/google/vpc.rb +890 -0
- data/modules/mu/clouds/google.rb +811 -0
- data/modules/mu/config/README.md +11 -0
- data/modules/mu/config/alarm.rb +271 -0
- data/modules/mu/config/cache_cluster.rb +172 -0
- data/modules/mu/config/collection.rb +87 -0
- data/modules/mu/config/container_cluster.rb +103 -0
- data/modules/mu/config/container_cluster.yml +36 -0
- data/modules/mu/config/database.rb +458 -0
- data/modules/mu/config/database.yml +26 -0
- data/modules/mu/config/dnszone.rb +327 -0
- data/modules/mu/config/firewall_rule.rb +118 -0
- data/modules/mu/config/folder.rb +70 -0
- data/modules/mu/config/function.rb +140 -0
- data/modules/mu/config/group.rb +64 -0
- data/modules/mu/config/loadbalancer.rb +482 -0
- data/modules/mu/config/log.rb +47 -0
- data/modules/mu/config/log.yml +6 -0
- data/modules/mu/config/msg_queue.rb +47 -0
- data/modules/mu/config/msg_queue.yml +9 -0
- data/modules/mu/config/notification.rb +44 -0
- data/modules/mu/config/project.rb +71 -0
- data/modules/mu/config/role.rb +102 -0
- data/modules/mu/config/search_domain.rb +61 -0
- data/modules/mu/config/search_domain.yml +25 -0
- data/modules/mu/config/server.rb +587 -0
- data/modules/mu/config/server.yml +8 -0
- data/modules/mu/config/server_pool.rb +216 -0
- data/modules/mu/config/server_pool.yml +71 -0
- data/modules/mu/config/storage_pool.rb +145 -0
- data/modules/mu/config/user.rb +78 -0
- data/modules/mu/config/vpc.rb +743 -0
- data/modules/mu/config/vpc.yml +6 -0
- data/modules/mu/config.rb +2000 -0
- data/modules/mu/defaults/README.md +2 -0
- data/modules/mu/defaults/amazon_images.yaml +121 -0
- data/modules/mu/defaults/google_images.yaml +16 -0
- data/modules/mu/deploy.rb +686 -0
- data/modules/mu/groomer.rb +123 -0
- data/modules/mu/groomers/README.md +58 -0
- data/modules/mu/groomers/chef.rb +1024 -0
- data/modules/mu/kittens.rb +11319 -0
- data/modules/mu/logger.rb +208 -0
- data/modules/mu/master/README.md +27 -0
- data/modules/mu/master/chef.rb +471 -0
- data/modules/mu/master/ldap.rb +1005 -0
- data/modules/mu/master.rb +415 -0
- data/modules/mu/mommacat.rb +2703 -0
- data/modules/mu-load-config.rb +1 -0
- data/modules/mu.rb +724 -0
- data/modules/scratchpad.erb +1 -0
- data/modules/tests/super_complex_bok.yml +41 -0
- data/modules/tests/super_simple_bok.yml +40 -0
- data/mu.gemspec +62 -0
- data/roles/demo-dbservice-configure.json +19 -0
- data/roles/demo-portal-configure.json +19 -0
- data/roles/mu-master-jenkins.json +24 -0
- data/roles/mu-master-nagios-only.json +13 -0
- data/roles/mu-master.json +12 -0
- data/roles/mu-node.json +19 -0
- data/roles/mu-splunk-server.json +13 -0
- data/roles/mu-splunk.json +13 -0
- data/test/clean_up.py +25 -0
- data/test/demo-test-profile/README.md +3 -0
- data/test/demo-test-profile/controls/flask.rb +84 -0
- data/test/demo-test-profile/inspec.lock +7 -0
- data/test/demo-test-profile/inspec.yml +11 -0
- data/test/etco-test-profile/README.md +3 -0
- data/test/etco-test-profile/controls/all-in-one.rb +182 -0
- data/test/etco-test-profile/inspec.lock +7 -0
- data/test/etco-test-profile/inspec.yml +11 -0
- data/test/exec_inspec.py +246 -0
- data/test/exec_mu_install.py +241 -0
- data/test/exec_retry.py +44 -0
- data/test/mu-master-test/README.md +3 -0
- data/test/mu-master-test/controls/all_in_one.rb +557 -0
- data/test/mu-master-test/inspec.lock +3 -0
- data/test/mu-master-test/inspec.yml +11 -0
- data/test/mu-tools-test/README.md +3 -0
- data/test/mu-tools-test/controls/base.rb +265 -0
- data/test/mu-tools-test/inspec.lock +3 -0
- data/test/mu-tools-test/inspec.yml +8 -0
- data/test/simple-server-php-test/README.md +3 -0
- data/test/simple-server-php-test/controls/apachephp.rb +25 -0
- data/test/simple-server-php-test/controls/example.rb +19 -0
- data/test/simple-server-php-test/inspec.lock +7 -0
- data/test/simple-server-php-test/inspec.yml +12 -0
- data/test/simple-server-rails-test/README.md +3 -0
- data/test/simple-server-rails-test/controls/rails.rb +188 -0
- data/test/simple-server-rails-test/inspec.lock +7 -0
- data/test/simple-server-rails-test/inspec.yml +11 -0
- data/test/simple-windows-test/README.md +3 -0
- data/test/simple-windows-test/controls/windows.rb +20 -0
- data/test/simple-windows-test/inspec.lock +7 -0
- data/test/simple-windows-test/inspec.yml +11 -0
- data/test/smoke_test.rb +75 -0
- data/test/wordpress-test/README.md +3 -0
- data/test/wordpress-test/controls/wordpress.rb +97 -0
- data/test/wordpress-test/inspec.lock +7 -0
- data/test/wordpress-test/inspec.yml +11 -0
- metadata +979 -0
|
@@ -0,0 +1,911 @@
|
|
|
1
|
+
# Copyright:: Copyright (c) 2014 eGlobalTech, Inc., all rights reserved
|
|
2
|
+
#
|
|
3
|
+
# Licensed under the BSD-3 license (the "License");
|
|
4
|
+
# you may not use this file except in compliance with the License.
|
|
5
|
+
# You may obtain a copy of the License in the root of the project or at
|
|
6
|
+
#
|
|
7
|
+
# http://egt-labs.com/mu/LICENSE.html
|
|
8
|
+
#
|
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
# See the License for the specific language governing permissions and
|
|
13
|
+
# limitations under the License.
|
|
14
|
+
|
|
15
|
+
module MU
|
|
16
|
+
|
|
17
|
+
class Cloud
|
|
18
|
+
class AWS
|
|
19
|
+
# A DNS Zone as configured in {MU::Config::BasketofKittens::dnszones}
|
|
20
|
+
class DNSZone < MU::Cloud::DNSZone
|
|
21
|
+
|
|
22
|
+
@config = nil
|
|
23
|
+
attr_reader :mu_name
|
|
24
|
+
attr_reader :cloud_id
|
|
25
|
+
attr_reader :config
|
|
26
|
+
|
|
27
|
+
@cloudformation_data = {}
|
|
28
|
+
attr_reader :cloudformation_data
|
|
29
|
+
|
|
30
|
+
# @param mommacat [MU::MommaCat]: A {MU::Mommacat} object containing the deploy of which this resource is/will be a member.
|
|
31
|
+
# @param kitten_cfg [Hash]: The fully parsed and resolved {MU::Config} resource descriptor as defined in {MU::Config::BasketofKittens::dnszones}
|
|
32
|
+
def initialize(mommacat: nil, kitten_cfg: nil, mu_name: nil, cloud_id: nil)
|
|
33
|
+
@deploy = mommacat
|
|
34
|
+
@config = MU::Config.manxify(kitten_cfg)
|
|
35
|
+
unless @mu_name
|
|
36
|
+
@mu_name = mu_name ? mu_name : @deploy.getResourceName(@config["name"])
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
MU.setVar("curRegion", @config['region']) if !@config['region'].nil?
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
# Called automatically by {MU::Deploy#createResources}
|
|
43
|
+
def create
|
|
44
|
+
ext_zone = MU::Cloud::DNSZone.find(cloud_id: @config['name']).values.first
|
|
45
|
+
@config["create_zone"] =
|
|
46
|
+
if ext_zone
|
|
47
|
+
false
|
|
48
|
+
else
|
|
49
|
+
true
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
if @config["create_zone"]
|
|
53
|
+
params = {
|
|
54
|
+
:name => @config['name'],
|
|
55
|
+
:hosted_zone_config => {
|
|
56
|
+
:comment => MU.deploy_id
|
|
57
|
+
},
|
|
58
|
+
:caller_reference => @deploy.getResourceName(@config['name'])
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
# Private zones have their lookup restricted by VPC
|
|
62
|
+
add_vpcs = []
|
|
63
|
+
if @config['private']
|
|
64
|
+
if @config['all_account_vpcs']
|
|
65
|
+
# If we've been told to make this domain available account-wide, do so
|
|
66
|
+
MU::Cloud::AWS.listRegions(@config['us_only']).each { |region|
|
|
67
|
+
known_vpcs = MU::Cloud::AWS.ec2(region).describe_vpcs.vpcs
|
|
68
|
+
|
|
69
|
+
MU.log "Enumerating VPCs in #{region}", MU::DEBUG, details: known_vpcs
|
|
70
|
+
|
|
71
|
+
known_vpcs.each { |vpc|
|
|
72
|
+
add_vpcs << { :vpc_id => vpc.vpc_id, :region => region }
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
else
|
|
76
|
+
# Or if we were given a list of VPCs add them
|
|
77
|
+
raise MuError, "DNS Zone #{@config['name']} is flagged as private, you must either provide a VPC, or set 'all_account_vpcs' to true" if @config['vpcs'].nil? || @config['vpcs'].empty?
|
|
78
|
+
@config['vpcs'].each { |vpc|
|
|
79
|
+
add_vpcs << { :vpc_id => vpc['vpc_id'], :region => vpc['region'] }
|
|
80
|
+
}
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
raise MuError, "DNS Zone #{@config['name']} is flagged as private, but I can't find any VPCs in which to put it" if add_vpcs.empty?
|
|
84
|
+
|
|
85
|
+
# We can only specify one VPC when creating a private zone. We'll add the rest later
|
|
86
|
+
params[:vpc] = {
|
|
87
|
+
:vpc_region => add_vpcs.first[:region],
|
|
88
|
+
:vpc_id => add_vpcs.first[:vpc_id]
|
|
89
|
+
}
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
MU.log "Creating DNS Zone '#{@config['name']}'", details: params
|
|
93
|
+
|
|
94
|
+
resp = MU::Cloud::AWS.route53.create_hosted_zone(params)
|
|
95
|
+
id = resp.hosted_zone.id
|
|
96
|
+
@config['zone_id'] = id
|
|
97
|
+
|
|
98
|
+
begin
|
|
99
|
+
resp = MU::Cloud::AWS.route53.get_hosted_zone(id: id)
|
|
100
|
+
sleep 10
|
|
101
|
+
end while resp.nil? or resp.size == 0
|
|
102
|
+
|
|
103
|
+
if !add_vpcs.empty?
|
|
104
|
+
add_vpcs.each { |vpc|
|
|
105
|
+
if vpc[:vpc_id] != params[:vpc][:vpc_id]
|
|
106
|
+
MU.log "Associating VPC #{vpc[:vpc_id]} in #{vpc[:region]} with DNS Zone #{@config['name']}", MU::DEBUG
|
|
107
|
+
begin
|
|
108
|
+
MU::Cloud::AWS.route53.associate_vpc_with_hosted_zone(
|
|
109
|
+
hosted_zone_id: id,
|
|
110
|
+
vpc: {
|
|
111
|
+
:vpc_region => vpc[:region],
|
|
112
|
+
:vpc_id => vpc[:vpc_id]
|
|
113
|
+
}
|
|
114
|
+
)
|
|
115
|
+
rescue Aws::Route53::Errors::InvalidVPCId => e
|
|
116
|
+
MU.log "Unable to associate #{vpc[:vpc_id]} in #{vpc[:region]} with DNS Zone #{@config['name']}: #{e.inspect}", MU::WARN
|
|
117
|
+
end
|
|
118
|
+
end
|
|
119
|
+
}
|
|
120
|
+
end
|
|
121
|
+
end
|
|
122
|
+
|
|
123
|
+
@config['records'] = [] if !@config['records']
|
|
124
|
+
@config['records'].each { |dnsrec|
|
|
125
|
+
dnsrec['name'] = "#{dnsrec['name']}.#{MU.environment.downcase}" if dnsrec["append_environment_name"] && !dnsrec['name'].match(/\.#{MU.environment.downcase}$/)
|
|
126
|
+
|
|
127
|
+
if dnsrec.has_key?('mu_type')
|
|
128
|
+
dnsrec['target'] =
|
|
129
|
+
if dnsrec['mu_type'] == "loadbalancer"
|
|
130
|
+
if @dependencies.has_key?('loadbalancer') and @dependencies['loadbalancer'].has_key?(dnsrec['target']) and !@dependencies['loadbalancer'][dnsrec['target']].cloudobj.nil? and dnsrec['deploy_id'].nil?
|
|
131
|
+
@dependencies['loadbalancer'][dnsrec['target']].cloudobj.notify['dns']
|
|
132
|
+
elsif dnsrec['deploy_id']
|
|
133
|
+
found = MU::MommaCat.findStray("AWS", "loadbalancer", deploy_id: dnsrec["deploy_id"], mu_name: dnsrec["target"], region: @config["region"])
|
|
134
|
+
raise MuError, "Couldn't find #{dnsrec['mu_type']} #{dnsrec["target"]}" if found.nil? || found.empty?
|
|
135
|
+
found.first.deploydata['dns']
|
|
136
|
+
end
|
|
137
|
+
elsif dnsrec['mu_type'] == "server"
|
|
138
|
+
if @dependencies.has_key?(dnsrec['mu_type']) && dnsrec['deploy_id'].nil?
|
|
139
|
+
MU.log "dnsrec['target'] #{dnsrec['target']}"
|
|
140
|
+
deploydata = @dependencies['server'][dnsrec['target']].deploydata
|
|
141
|
+
elsif dnsrec['deploy_id']
|
|
142
|
+
found = MU::MommaCat.findStray("AWS", "server", deploy_id: dnsrec["deploy_id"], mu_name: dnsrec["target"], region: @config["region"])
|
|
143
|
+
raise MuError, "Couldn't find #{dnsrec['mu_type']} #{dnsrec["target"]}" if found.nil? || found.empty?
|
|
144
|
+
deploydata = found.first.deploydata
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
public = true
|
|
148
|
+
if dnsrec.has_key?("target_type")
|
|
149
|
+
public = dnsrec["target_type"] == "private" ? false : true
|
|
150
|
+
end
|
|
151
|
+
|
|
152
|
+
if dnsrec["type"] == "CNAME"
|
|
153
|
+
if public
|
|
154
|
+
# Make sure we have a public canonical name to register. Use the private one if we don't
|
|
155
|
+
deploydata['public_dns_name'].empty? ? deploydata['private_dns_name'] : deploydata['public_dns_name']
|
|
156
|
+
else
|
|
157
|
+
# If we specifically requested to register the private canonical name lets use that
|
|
158
|
+
deploydata['private_dns_name']
|
|
159
|
+
end
|
|
160
|
+
elsif dnsrec["type"] == "A"
|
|
161
|
+
if public
|
|
162
|
+
# Make sure we have a public IP address to register. Use the private one if we don't
|
|
163
|
+
deploydata['public_ip_address'] ? deploydata['public_ip_address'] : deploydata['private_ip_address']
|
|
164
|
+
else
|
|
165
|
+
# If we specifically requested to register the private IP lets use that
|
|
166
|
+
deploydata['private_ip_address']
|
|
167
|
+
end
|
|
168
|
+
end
|
|
169
|
+
elsif dnsrec['mu_type'] == "database"
|
|
170
|
+
if @dependencies.has_key?(dnsrec['mu_type']) && dnsrec['deploy_id'].nil?
|
|
171
|
+
@dependencies[dnsrec['mu_type']][dnsrec['target']].deploydata['endpoint']
|
|
172
|
+
elsif dnsrec['deploy_id']
|
|
173
|
+
found = MU::MommaCat.findStray("AWS", "database", deploy_id: dnsrec["deploy_id"], mu_name: dnsrec["target"], region: @config["region"])
|
|
174
|
+
raise MuError, "Couldn't find #{dnsrec['mu_type']} #{dnsrec["target"]}" if found.nil? || found.empty?
|
|
175
|
+
found.first.deploydata['endpoint']
|
|
176
|
+
end
|
|
177
|
+
end
|
|
178
|
+
end
|
|
179
|
+
|
|
180
|
+
dnsrec["zone"] = {"name" => @config['name']}
|
|
181
|
+
}
|
|
182
|
+
|
|
183
|
+
MU::Cloud::AWS::DNSZone.createRecordsFromConfig(@config['records'])
|
|
184
|
+
return resp.hosted_zone if @config["create_zone"]
|
|
185
|
+
end
|
|
186
|
+
|
|
187
|
+
# Wrapper for {MU::Cloud::AWS::DNSZone.manageRecord}. Spawns threads to create all
|
|
188
|
+
# requested records in background and returns immediately.
|
|
189
|
+
# @param cfg [Array]: An array of parsed {MU::Config::BasketofKittens::dnszones::records} objects.
|
|
190
|
+
# @param target [String]: Optional target for the records to be created. Overrides targets embedded in cfg records.
|
|
191
|
+
def self.createRecordsFromConfig(cfg, target: nil)
|
|
192
|
+
return if cfg.nil?
|
|
193
|
+
record_threads = []
|
|
194
|
+
|
|
195
|
+
cfg.each { |record|
|
|
196
|
+
record['name'] = "#{record['name']}.#{MU.environment.downcase}" if record["append_environment_name"] && !record['name'].match(/\.#{MU.environment.downcase}$/)
|
|
197
|
+
zone = nil
|
|
198
|
+
if record['zone'].has_key?("id")
|
|
199
|
+
zone = MU::Cloud::DNSZone.find(cloud_id: record['zone']['id']).values.first
|
|
200
|
+
else
|
|
201
|
+
zone = MU::Cloud::DNSZone.find(cloud_id: record['zone']['name']).values.first
|
|
202
|
+
end
|
|
203
|
+
|
|
204
|
+
raise MuError, "Failed to locate Route53 DNS Zone for domain #{record['zone']['name']}" if zone.nil?
|
|
205
|
+
|
|
206
|
+
healthcheck_id = nil
|
|
207
|
+
record['target'] = target if !target.nil?
|
|
208
|
+
child_check_ids = []
|
|
209
|
+
if record.has_key?('healthchecks')
|
|
210
|
+
record['healthchecks'].each { |check|
|
|
211
|
+
child_check_ids << MU::Cloud::AWS::DNSZone.createHealthCheck(check, record['target']) if check['type'] == "secondary"
|
|
212
|
+
}
|
|
213
|
+
|
|
214
|
+
record['healthchecks'].each { |check|
|
|
215
|
+
if check['type'] == "primary"
|
|
216
|
+
check["health_check_ids"] = child_check_ids if !check.has_key?("health_check_ids") || check['health_check_ids'].empty?
|
|
217
|
+
healthcheck_id = MU::Cloud::AWS::DNSZone.createHealthCheck(check, record['target'])
|
|
218
|
+
break
|
|
219
|
+
end
|
|
220
|
+
}
|
|
221
|
+
end
|
|
222
|
+
|
|
223
|
+
# parent_thread_id seems to be nil sometimes, try to make sure we don't fail
|
|
224
|
+
# There has got to be a better way to deal with this than this
|
|
225
|
+
parent_thread_id = Thread.current.object_id
|
|
226
|
+
while parent_thread_id.nil?
|
|
227
|
+
parent_thread_id = Thread.current.object_id
|
|
228
|
+
sleep 3
|
|
229
|
+
end
|
|
230
|
+
|
|
231
|
+
record_threads << Thread.new {
|
|
232
|
+
MU.dupGlobals(parent_thread_id)
|
|
233
|
+
MU::Cloud::AWS::DNSZone.manageRecord(
|
|
234
|
+
zone.id,
|
|
235
|
+
record['name'],
|
|
236
|
+
record['type'],
|
|
237
|
+
targets: [record['target']],
|
|
238
|
+
ttl: record['ttl'],
|
|
239
|
+
failover: record['failover'],
|
|
240
|
+
healthcheck: healthcheck_id,
|
|
241
|
+
weight: record['weight'],
|
|
242
|
+
overwrite: record['override_existing'],
|
|
243
|
+
location: record['geo_location'],
|
|
244
|
+
region: record['region'],
|
|
245
|
+
alias_zone: record['alias_zone'],
|
|
246
|
+
sync_wait: false
|
|
247
|
+
)
|
|
248
|
+
}
|
|
249
|
+
}
|
|
250
|
+
|
|
251
|
+
record_threads.each { |t|
|
|
252
|
+
t.join
|
|
253
|
+
}
|
|
254
|
+
end
|
|
255
|
+
|
|
256
|
+
# Create a Route53 health check.
|
|
257
|
+
# @param cfg [Hash]: Parsed hash of {MU::Config::BasketofKittens::dnszones::records::healthchecks}
|
|
258
|
+
# @param target [String]: The IP address of FQDN of the target resource to check.
|
|
259
|
+
def self.createHealthCheck(cfg, target)
|
|
260
|
+
check = {
|
|
261
|
+
type: cfg['method'],
|
|
262
|
+
inverted: cfg['inverted']
|
|
263
|
+
}
|
|
264
|
+
|
|
265
|
+
if cfg['method'] == "CALCULATED"
|
|
266
|
+
check[:health_threshold] = cfg['health_threshold'] if cfg.has_key?('health_threshold')
|
|
267
|
+
check[:child_health_checks] = cfg['health_check_ids'] if cfg.has_key?('health_check_ids')
|
|
268
|
+
elsif cfg['method'] == "CLOUDWATCH_METRIC"
|
|
269
|
+
check[:insufficient_data] = cfg['insufficient_data'] if cfg.has_key?('insufficient_data')
|
|
270
|
+
check[:alarm_identifier] = {
|
|
271
|
+
region: cfg['alarm_region'],
|
|
272
|
+
name: cfg['alarm_name']
|
|
273
|
+
}
|
|
274
|
+
else
|
|
275
|
+
check[:resource_path] = cfg['path'] if cfg.has_key?('path')
|
|
276
|
+
check[:search_string] = cfg['search_string'] if cfg.has_key?('search_string')
|
|
277
|
+
check[:port] = cfg['port'] if cfg.has_key?('port')
|
|
278
|
+
check[:enable_sni] = cfg['enable_sni'] if cfg.has_key?('enable_sni')
|
|
279
|
+
check[:regions] = cfg['regions'] if cfg.has_key?('regions')
|
|
280
|
+
check[:measure_latency] = cfg['latency'] if cfg.has_key?('latency')
|
|
281
|
+
check[:check_interval] = cfg['check_interval']
|
|
282
|
+
check[:failure_threshold] = cfg['failure_threshold']
|
|
283
|
+
|
|
284
|
+
if target.match(/^\d+\.\d+\.\d+\.\d+$/)
|
|
285
|
+
check[:ip_address] = target
|
|
286
|
+
else
|
|
287
|
+
check[:fully_qualified_domain_name] = target
|
|
288
|
+
end
|
|
289
|
+
end
|
|
290
|
+
|
|
291
|
+
MU.log "Creating health check for #{cfg['name']}", details: check
|
|
292
|
+
id = MU::Cloud::AWS.route53.create_health_check(
|
|
293
|
+
caller_reference: "#{MU.deploy_id}-#{cfg['method']}-#{cfg['name']}-#{Time.now.to_i.to_s}",
|
|
294
|
+
health_check_config: check
|
|
295
|
+
).health_check.id
|
|
296
|
+
|
|
297
|
+
# Currently the only thing we can tag in Route 53... is health checks.
|
|
298
|
+
tags = []
|
|
299
|
+
MU::MommaCat.listStandardTags.each_pair { |name, value|
|
|
300
|
+
tags << {key: name, value: value}
|
|
301
|
+
}
|
|
302
|
+
|
|
303
|
+
tags << {key: "Name", value: "#{MU.deploy_id}-#{cfg['name']}".upcase}
|
|
304
|
+
|
|
305
|
+
if cfg['optional_tags']
|
|
306
|
+
MU::MommaCat.listOptionalTags.each_pair { |name, value|
|
|
307
|
+
tags << {key: name, value: value}
|
|
308
|
+
}
|
|
309
|
+
end
|
|
310
|
+
|
|
311
|
+
if cfg['tags']
|
|
312
|
+
cfg['tags'].each { |tag|
|
|
313
|
+
tags << {key: tag['key'], value: tag['value']}
|
|
314
|
+
}
|
|
315
|
+
end
|
|
316
|
+
|
|
317
|
+
MU::Cloud::AWS.route53.change_tags_for_resource(
|
|
318
|
+
resource_type: "healthcheck",
|
|
319
|
+
resource_id: id,
|
|
320
|
+
add_tags: tags
|
|
321
|
+
)
|
|
322
|
+
|
|
323
|
+
return id
|
|
324
|
+
end
|
|
325
|
+
|
|
326
|
+
|
|
327
|
+
# Add or remove access for a given (presumably) private cloud-hosted DNS
|
|
328
|
+
# zone to/from the specified VPC.
|
|
329
|
+
# @param id [String]: The cloud identifier of the DNS zone to update
|
|
330
|
+
# @param vpc_id [String]: The cloud identifier of the VPC
|
|
331
|
+
# @param region [String]: The cloud provider's region
|
|
332
|
+
# @param remove [Boolean]: Whether to remove access (default: grant access)
|
|
333
|
+
def self.toggleVPCAccess(id: nil, vpc_id: nil, region: MU.curRegion, remove: false)
|
|
334
|
+
|
|
335
|
+
if !remove
|
|
336
|
+
MU.log "Granting VPC #{vpc_id} access to zone #{id}"
|
|
337
|
+
MU::Cloud::AWS.route53(region).associate_vpc_with_hosted_zone(
|
|
338
|
+
hosted_zone_id: id,
|
|
339
|
+
vpc: {
|
|
340
|
+
:vpc_id => vpc_id,
|
|
341
|
+
:vpc_region => region
|
|
342
|
+
},
|
|
343
|
+
comment: MU.deploy_id
|
|
344
|
+
)
|
|
345
|
+
else
|
|
346
|
+
MU.log "Revoking VPC #{vpc_id} access to zone #{id}"
|
|
347
|
+
begin
|
|
348
|
+
MU::Cloud::AWS.route53(region).disassociate_vpc_from_hosted_zone(
|
|
349
|
+
hosted_zone_id: id,
|
|
350
|
+
vpc: {
|
|
351
|
+
:vpc_id => vpc_id,
|
|
352
|
+
:vpc_region => region
|
|
353
|
+
},
|
|
354
|
+
comment: MU.deploy_id
|
|
355
|
+
)
|
|
356
|
+
rescue Aws::Route53::Errors::LastVPCAssociation => e
|
|
357
|
+
MU.log e.inspect, MU::WARN
|
|
358
|
+
rescue Aws::Route53::Errors::VPCAssociationNotFound => e
|
|
359
|
+
MU.log "VPC #{vpc_id} access to zone #{id} already revoked", MU::WARN
|
|
360
|
+
end
|
|
361
|
+
end
|
|
362
|
+
end
|
|
363
|
+
|
|
364
|
+
# Create a new DNS record in the given DNS zone
|
|
365
|
+
# @param id [String]: The cloud provider's identifier for the zone.
|
|
366
|
+
# @param name [String]: The DNS name we're creating
|
|
367
|
+
# @param type [String]: The class of DNS record we're creating (e.g. A, CNAME, PTR, SPF...)
|
|
368
|
+
# @param targets [Array<String>]: Standard DNS values for this record. Must be valid for the 'type' field, e.g. A records must point to a IP addresses.
|
|
369
|
+
# @param ttl [Integer]: The DNS time-to-live value for this record.
|
|
370
|
+
# @param delete [Boolean]: Whether to delete the described record, instead of creating.
|
|
371
|
+
# @param overwrite [Boolean]: Whether to overwrite existing records which match this description, as opposed to creating an entirely new one.
|
|
372
|
+
# @param sync_wait [Boolean]: Wait until the record change has fully propagated throughout Route53 before returning.
|
|
373
|
+
# @param failover [String]: "PRIMARY" or "SECONDARY" for Route53 failover. See also {MU::Config::BasketofKittens::dnszones::records}.
|
|
374
|
+
# @param healthcheck [String]: A Route53 healthcheck identifier for use with failover. Typically created by {MU::Config::BasketofKittens::dnszones::records::healthchecks}.
|
|
375
|
+
# @param region [String]: An Amazon Web Services region for use with latency-based routing. See also {MU::Config::BasketofKittens::dnszones::records}.
|
|
376
|
+
# @param weight [Integer]: A weight value used for weighted routing, used to determine proportion of traffic with other matching weighted records. See also {MU::Config::BasketofKittens::dnszones::records}.
|
|
377
|
+
# @param location [Hash<String>]: A parsed Hash of {MU::Config::BasketofKittens::dnszones::records::geo_location}.
|
|
378
|
+
# @param set_identifier [String]: A unique string to differentiate otherwise-similar records. Normally auto-generated, should not need to specify.
|
|
379
|
+
# @param alias_zone [String]: Zone ID of the target's hosted zone, when creating an alias (type R53ALIAS)
|
|
380
|
+
def self.manageRecord(id, name, type, targets: nil, aliases: nil,
|
|
381
|
+
ttl: 7200, delete: false, sync_wait: true, failover: nil,
|
|
382
|
+
healthcheck: nil, region: nil, weight: nil, overwrite: true,
|
|
383
|
+
location: nil, set_identifier: nil, alias_zone: nil)
|
|
384
|
+
|
|
385
|
+
MU.setVar("curRegion", region) if !region.nil?
|
|
386
|
+
zone = MU::Cloud::DNSZone.find(cloud_id: id).values.first
|
|
387
|
+
raise MuError, "Attempting to add record to nonexistent DNS zone #{id}" if zone.nil?
|
|
388
|
+
name = name + "." + zone.name if !name.match(/(^|\.)#{zone.name}$/)
|
|
389
|
+
|
|
390
|
+
action = "CREATE"
|
|
391
|
+
action = "UPSERT" if overwrite
|
|
392
|
+
action = "DELETE" if delete
|
|
393
|
+
|
|
394
|
+
if type == "R53ALIAS"
|
|
395
|
+
target_zone = id
|
|
396
|
+
target_name = targets[0].downcase
|
|
397
|
+
target_name.chomp!(".")
|
|
398
|
+
|
|
399
|
+
if !alias_zone.nil?
|
|
400
|
+
target_zone = "/hostedzone/"+alias_zone if !alias_zone.match(/^\/hostedzone\//)
|
|
401
|
+
else
|
|
402
|
+
MU::Cloud::AWS.listRegions.each { |region|
|
|
403
|
+
MU::Cloud::AWS.elb(region).describe_load_balancers.load_balancer_descriptions.each { |elb|
|
|
404
|
+
elb_dns = elb.dns_name.downcase
|
|
405
|
+
elb_dns.chomp!(".")
|
|
406
|
+
if target_name == elb_dns
|
|
407
|
+
MU.log "Resolved #{targets[0]} to an Elastic Load Balancer in zone #{elb.canonical_hosted_zone_name_id}", details: elb
|
|
408
|
+
target_zone = "/hostedzone/"+elb.canonical_hosted_zone_name_id
|
|
409
|
+
break
|
|
410
|
+
end
|
|
411
|
+
}
|
|
412
|
+
break if target_zone != id
|
|
413
|
+
}
|
|
414
|
+
end
|
|
415
|
+
|
|
416
|
+
base_rrset = {
|
|
417
|
+
name: name,
|
|
418
|
+
type: "A",
|
|
419
|
+
alias_target: {
|
|
420
|
+
hosted_zone_id: target_zone,
|
|
421
|
+
dns_name: targets[0],
|
|
422
|
+
evaluate_target_health: true
|
|
423
|
+
}
|
|
424
|
+
}
|
|
425
|
+
else
|
|
426
|
+
rrsets = []
|
|
427
|
+
if !targets.nil?
|
|
428
|
+
targets.each { |target|
|
|
429
|
+
rrsets << {value: target}
|
|
430
|
+
}
|
|
431
|
+
end
|
|
432
|
+
|
|
433
|
+
base_rrset = {
|
|
434
|
+
name: name,
|
|
435
|
+
type: type,
|
|
436
|
+
ttl: ttl,
|
|
437
|
+
resource_records: rrsets
|
|
438
|
+
}
|
|
439
|
+
|
|
440
|
+
if !healthcheck.nil?
|
|
441
|
+
base_rrset[:health_check_id] = healthcheck
|
|
442
|
+
end
|
|
443
|
+
end
|
|
444
|
+
|
|
445
|
+
params = {
|
|
446
|
+
hosted_zone_id: id,
|
|
447
|
+
change_batch: {
|
|
448
|
+
changes: [
|
|
449
|
+
{
|
|
450
|
+
action: action,
|
|
451
|
+
resource_record_set: base_rrset
|
|
452
|
+
}
|
|
453
|
+
]
|
|
454
|
+
}
|
|
455
|
+
}
|
|
456
|
+
|
|
457
|
+
# Doing an UPSERT with a new set_identifier will fail with a record already exist error, so lets try and get it from an existing record.
|
|
458
|
+
# This can be an issue with multiple secondary failover records
|
|
459
|
+
if (location || failover || region || weight) && set_identifier.nil?
|
|
460
|
+
record_sets = MU::Cloud::AWS.route53.list_resource_record_sets(
|
|
461
|
+
hosted_zone_id: id,
|
|
462
|
+
start_record_name: name
|
|
463
|
+
).resource_record_sets
|
|
464
|
+
|
|
465
|
+
record_sets.each { |r|
|
|
466
|
+
if r.name == name
|
|
467
|
+
if location && location == r.location
|
|
468
|
+
set_identifier = r.set_identifier
|
|
469
|
+
break
|
|
470
|
+
elsif failover && failover == r.failover
|
|
471
|
+
set_identifier = r.set_identifier
|
|
472
|
+
break
|
|
473
|
+
elsif region && region == r.region
|
|
474
|
+
set_identifier = r.set_identifier
|
|
475
|
+
break
|
|
476
|
+
elsif weight && weight == r.weight
|
|
477
|
+
set_identifier = r.set_identifier
|
|
478
|
+
break
|
|
479
|
+
end
|
|
480
|
+
end
|
|
481
|
+
}
|
|
482
|
+
end
|
|
483
|
+
|
|
484
|
+
if !failover.nil?
|
|
485
|
+
base_rrset[:failover] = failover
|
|
486
|
+
set_identifier ||= "#{MU.deploy_id}-failover-#{failover}".upcase
|
|
487
|
+
elsif !weight.nil?
|
|
488
|
+
base_rrset[:weight] = weight
|
|
489
|
+
set_identifier ||= "#{MU.deploy_id}-weighted-#{weight.to_s}".upcase
|
|
490
|
+
elsif !location.nil?
|
|
491
|
+
loc_arg = Hash.new
|
|
492
|
+
location.each_pair { |key, val|
|
|
493
|
+
sym = key.to_sym
|
|
494
|
+
loc_arg[sym] = val
|
|
495
|
+
}
|
|
496
|
+
base_rrset[:geo_location] = loc_arg
|
|
497
|
+
set_identifier ||= "#{MU.deploy_id}-location-#{location.values.join("-")}".upcase
|
|
498
|
+
elsif !region.nil?
|
|
499
|
+
base_rrset[:region] = region
|
|
500
|
+
set_identifier ||= "#{MU.deploy_id}-latency-#{region}".upcase
|
|
501
|
+
end
|
|
502
|
+
|
|
503
|
+
base_rrset[:set_identifier] = set_identifier if set_identifier
|
|
504
|
+
|
|
505
|
+
if delete
|
|
506
|
+
MU.log "Deleting DNS record #{name} (#{type}) from #{id}", details: params
|
|
507
|
+
else
|
|
508
|
+
MU.log "Adding DNS record #{name} => #{targets} (#{type}) to #{id}", details: params
|
|
509
|
+
end
|
|
510
|
+
|
|
511
|
+
begin
|
|
512
|
+
change_id = MU::Cloud::AWS.route53.change_resource_record_sets(params).change_info.id
|
|
513
|
+
rescue Aws::Route53::Errors::PriorRequestNotComplete => e
|
|
514
|
+
sleep 10
|
|
515
|
+
retry
|
|
516
|
+
rescue Aws::Route53::Errors::InvalidChangeBatch, Aws::Route53::Errors::InvalidInput, Exception => e
|
|
517
|
+
return if e.message.match(/ but it already exists$/) and !delete
|
|
518
|
+
MU.log "Failed to change DNS records, #{e.inspect}", MU::ERR, details: params
|
|
519
|
+
raise e if !delete
|
|
520
|
+
MU.log "Record #{name} (#{type}) in #{id} can't be deleted. Already removed? #{e.inspect}", MU::WARN, details: params if delete
|
|
521
|
+
return
|
|
522
|
+
end
|
|
523
|
+
|
|
524
|
+
if sync_wait
|
|
525
|
+
attempts = 0
|
|
526
|
+
start_time = Time.now.to_i
|
|
527
|
+
begin
|
|
528
|
+
MU.log "Waiting for DNS record change for '#{name}' to propagate in zone '#{zone.name}'", MU::NOTICE if attempts % 3 == 0
|
|
529
|
+
sleep 15
|
|
530
|
+
change_info = MU::Cloud::AWS.route53.get_change(id: change_id).change_info
|
|
531
|
+
if change_info.status != "INSYNC" and attempts % 3 == 0
|
|
532
|
+
MU.log "DNS zone #{zone.name} still in state #{change_info.status} after #{Time.now.to_i - start_time}s", MU::DEBUG, details: change_info
|
|
533
|
+
end
|
|
534
|
+
attempts = attempts + 1
|
|
535
|
+
end while change_info.status != "INSYNC"
|
|
536
|
+
end
|
|
537
|
+
end
|
|
538
|
+
|
|
539
|
+
# @resolver = Resolv::DNS.new
|
|
540
|
+
|
|
541
|
+
# Set a generic .platform-mu DNS entry for a resource, and return the name that
|
|
542
|
+
# was set.
|
|
543
|
+
# @param name [name]: The base name of the resource
|
|
544
|
+
# @param target [String]: The target of the DNS entry, usually an IP.
|
|
545
|
+
# @param noop [Boolean]: Don't attempt to adjust entries, just return the name we'd create/remove.
|
|
546
|
+
# @param delete [Boolean]: Remove this entry instead of creating it.
|
|
547
|
+
# @param cloudclass [Object]: The resource's Mu class.
|
|
548
|
+
# @param sync_wait [Boolean]: Wait for DNS entry to propagate across zone.
|
|
549
|
+
def self.genericMuDNSEntry(name: nil, target: nil, cloudclass: nil, noop: false, delete: false, sync_wait: true)
|
|
550
|
+
return nil if name.nil? or target.nil? or cloudclass.nil?
|
|
551
|
+
mu_zone = MU::Cloud::DNSZone.find(cloud_id: "platform-mu").values.first
|
|
552
|
+
raise MuError, "Couldn't isolate platform-mu DNS zone" if mu_zone.nil?
|
|
553
|
+
|
|
554
|
+
if !mu_zone.nil? and !MU.myVPC.nil?
|
|
555
|
+
subdomain = cloudclass.cfg_name
|
|
556
|
+
dns_name = name.downcase+"."+subdomain+"."+MU.myInstanceId
|
|
557
|
+
record_type = "CNAME"
|
|
558
|
+
record_type = "A" if target.match(/^\d+\.\d+\.\d+\.\d+/)
|
|
559
|
+
ip = nil
|
|
560
|
+
|
|
561
|
+
lookup = MU::Cloud::AWS.route53.list_resource_record_sets(
|
|
562
|
+
hosted_zone_id: mu_zone.id,
|
|
563
|
+
start_record_name: "#{dns_name}.platform-mu",
|
|
564
|
+
start_record_type: record_type
|
|
565
|
+
).resource_record_sets
|
|
566
|
+
|
|
567
|
+
lookup.each { |record|
|
|
568
|
+
if record.name.match(/^#{dns_name}\.platform-mu/i) and record.type == record_type
|
|
569
|
+
record.resource_records.each { |rrset|
|
|
570
|
+
if rrset.value == target
|
|
571
|
+
ip = rrset.value
|
|
572
|
+
end
|
|
573
|
+
}
|
|
574
|
+
|
|
575
|
+
end
|
|
576
|
+
}
|
|
577
|
+
|
|
578
|
+
# begin
|
|
579
|
+
# ip = @resolver.getaddress("#{dns_name}.platform-mu")
|
|
580
|
+
#MU.log "@resolver.getaddress(#{dns_name}.platform-mu) => #{ip.to_s} (target is #{target})", MU::WARN, details: ip
|
|
581
|
+
# rescue Resolv::ResolvError => e
|
|
582
|
+
# MU.log "'#{dns_name}.platform-mu' does not resolve.", MU::DEBUG, details: e.inspect
|
|
583
|
+
# end
|
|
584
|
+
|
|
585
|
+
if ip == target
|
|
586
|
+
return "#{dns_name}.platform-mu" if !delete
|
|
587
|
+
elsif noop
|
|
588
|
+
return nil
|
|
589
|
+
end
|
|
590
|
+
|
|
591
|
+
sync_wait = false if delete
|
|
592
|
+
|
|
593
|
+
record_type = "R53ALIAS" if cloudclass == MU::Cloud::AWS::LoadBalancer
|
|
594
|
+
attempts = 0
|
|
595
|
+
begin
|
|
596
|
+
MU::Cloud::AWS::DNSZone.manageRecord(mu_zone.id, dns_name, record_type, targets: [target], delete: delete, sync_wait: sync_wait)
|
|
597
|
+
rescue Aws::Route53::Errors::PriorRequestNotComplete => e
|
|
598
|
+
MU.log "Route53 was still processing a request, waiting", MU::WARN, details: e
|
|
599
|
+
sleep 15
|
|
600
|
+
retry
|
|
601
|
+
rescue Aws::Route53::Errors::InvalidChangeBatch => e
|
|
602
|
+
if e.inspect.match(/alias target name does not lie within the target zone/) and attempts < 5
|
|
603
|
+
MU.log e.inspect, MU::WARN
|
|
604
|
+
sleep 15
|
|
605
|
+
attempts = attempts + 1
|
|
606
|
+
retry
|
|
607
|
+
elsif !e.inspect.match(/(it|name) already exists/)
|
|
608
|
+
raise MuError, "Problem managing entry for #{dns_name} -> #{target}: #{e.inspect}"
|
|
609
|
+
else
|
|
610
|
+
MU.log "#{dns_name} already exists", MU::DEBUG, details: e.inspect
|
|
611
|
+
end
|
|
612
|
+
end
|
|
613
|
+
return "#{dns_name}.platform-mu"
|
|
614
|
+
else
|
|
615
|
+
return nil
|
|
616
|
+
end
|
|
617
|
+
end
|
|
618
|
+
|
|
619
|
+
# Log DNS zone metadata to the deployment struct for the current deploy.
|
|
620
|
+
def notify
|
|
621
|
+
if @config["create_zone"]
|
|
622
|
+
# # XXX this wants generalization
|
|
623
|
+
# if !@deploy.deployment[MU::Cloud::DNSZone.cfg_plural].nil? and !@deploy.deployment[MU::Cloud::DNSZone.cfg_plural][name].nil?
|
|
624
|
+
# deploydata = @deploy.deployment[MU::Cloud::DNSZone.cfg_plural][name].dup
|
|
625
|
+
# else
|
|
626
|
+
# deploydata = Hash.new
|
|
627
|
+
# end
|
|
628
|
+
|
|
629
|
+
# resp = MU::Cloud::AWS.route53.get_hosted_zone(
|
|
630
|
+
# id: @config['zone_id']
|
|
631
|
+
# )
|
|
632
|
+
# deploydata.merge!(MU.structToHash(resp.hosted_zone))
|
|
633
|
+
# deploydata['vpcs'] = @config['vpcs'] if !@config['vpcs'].nil?
|
|
634
|
+
# deploydata["region"] = @config['region'] if !@config['region'].nil?
|
|
635
|
+
# @deploy.notify(MU::Cloud::DNSZone.cfg_plural, mu_name, deploydata)
|
|
636
|
+
# return deploydata
|
|
637
|
+
|
|
638
|
+
resp = MU::Cloud::AWS.route53.get_hosted_zone(id: @config['zone_id'])
|
|
639
|
+
vpcs = []
|
|
640
|
+
hosted_zone_vpcs = resp.vp_cs
|
|
641
|
+
if !hosted_zone_vpcs.empty?
|
|
642
|
+
hosted_zone_vpcs.each{ |vpc|
|
|
643
|
+
vpcs << vpc.to_h
|
|
644
|
+
}
|
|
645
|
+
end
|
|
646
|
+
|
|
647
|
+
{
|
|
648
|
+
"name" => resp.hosted_zone.name,
|
|
649
|
+
"id" => resp.hosted_zone.id,
|
|
650
|
+
"private" => resp.hosted_zone.config.private_zone,
|
|
651
|
+
"vpcs" => vpcs,
|
|
652
|
+
}
|
|
653
|
+
|
|
654
|
+
else
|
|
655
|
+
# We should probably return the records we created
|
|
656
|
+
{}
|
|
657
|
+
end
|
|
658
|
+
end
|
|
659
|
+
|
|
660
|
+
# Called by {MU::Cleanup}. Locates resources that were created by the
|
|
661
|
+
# currently-loaded deployment, and purges them.
|
|
662
|
+
def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, flags: {})
|
|
663
|
+
checks_to_clean = []
|
|
664
|
+
threads = []
|
|
665
|
+
MU::Cloud::AWS.route53(region).list_health_checks.health_checks.each { |check|
|
|
666
|
+
begin
|
|
667
|
+
tags = MU::Cloud::AWS.route53(region).list_tags_for_resource(
|
|
668
|
+
resource_type: "healthcheck",
|
|
669
|
+
resource_id: check.id
|
|
670
|
+
).resource_tag_set.tags
|
|
671
|
+
muid_match = false
|
|
672
|
+
mumaster_match = false
|
|
673
|
+
tags.each { |tag|
|
|
674
|
+
muid_match = true if tag.key == "MU-ID" and tag.value == MU.deploy_id
|
|
675
|
+
mumaster_match = true if tag.key == "MU-MASTER-IP" and tag.value == MU.mu_public_ip
|
|
676
|
+
}
|
|
677
|
+
|
|
678
|
+
delete = false
|
|
679
|
+
if muid_match
|
|
680
|
+
if ignoremaster
|
|
681
|
+
delete = true
|
|
682
|
+
else
|
|
683
|
+
delete = true if mumaster_match
|
|
684
|
+
end
|
|
685
|
+
end
|
|
686
|
+
|
|
687
|
+
if delete
|
|
688
|
+
parent_thread_id = Thread.current.object_id
|
|
689
|
+
threads << Thread.new(check) { |mycheck|
|
|
690
|
+
MU.dupGlobals(parent_thread_id)
|
|
691
|
+
Thread.abort_on_exception = true
|
|
692
|
+
MU.log "Removing health check #{check.id}"
|
|
693
|
+
retries = 5
|
|
694
|
+
begin
|
|
695
|
+
MU::Cloud::AWS.route53(region).delete_health_check(health_check_id: check.id) if !noop
|
|
696
|
+
rescue Aws::Route53::Errors::NoSuchHealthCheck => e
|
|
697
|
+
MU.log "Health Check '#{check.id}' disappeared before I could remove it", MU::WARN, details: e.inspect
|
|
698
|
+
rescue Aws::Route53::Errors::InvalidInput => e
|
|
699
|
+
if e.message.match(/is still referenced from parent health check/) && retries <= 5
|
|
700
|
+
sleep 5
|
|
701
|
+
retries += 1
|
|
702
|
+
retry
|
|
703
|
+
else
|
|
704
|
+
MU.log "Health Check #{check.id} still has a parent health check associated with it, skipping", MU::WARN, details: e.inspect
|
|
705
|
+
end
|
|
706
|
+
end
|
|
707
|
+
}
|
|
708
|
+
end
|
|
709
|
+
rescue Aws::Route53::Errors::NoSuchHealthCheck => e
|
|
710
|
+
MU.log "Health Check '#{check.id}' disappeared before I could remove it", MU::WARN, details: e.inspect
|
|
711
|
+
end
|
|
712
|
+
}
|
|
713
|
+
|
|
714
|
+
threads.each { |t|
|
|
715
|
+
t.join
|
|
716
|
+
}
|
|
717
|
+
|
|
718
|
+
zones = MU::Cloud::DNSZone.find(deploy_id: MU.deploy_id, region: region)
|
|
719
|
+
zones.each_pair { |id, zone|
|
|
720
|
+
MU.log "Purging DNS Zone '#{zone.name}' (#{zone.id})"
|
|
721
|
+
if !noop
|
|
722
|
+
begin
|
|
723
|
+
# Clean up resource records first
|
|
724
|
+
rrsets = MU::Cloud::AWS.route53(region).list_resource_record_sets(hosted_zone_id: zone.id)
|
|
725
|
+
rrsets.resource_record_sets.each { |rrset|
|
|
726
|
+
next if zone.name == rrset.name and (rrset.type == "NS" or rrset.type == "SOA")
|
|
727
|
+
records = []
|
|
728
|
+
MU::Cloud::AWS.route53(region).change_resource_record_sets(
|
|
729
|
+
hosted_zone_id: zone.id,
|
|
730
|
+
change_batch: {
|
|
731
|
+
changes: [
|
|
732
|
+
{
|
|
733
|
+
action: "DELETE",
|
|
734
|
+
resource_record_set: MU.structToHash(rrset)
|
|
735
|
+
}
|
|
736
|
+
]
|
|
737
|
+
}
|
|
738
|
+
)
|
|
739
|
+
}
|
|
740
|
+
|
|
741
|
+
MU::Cloud::AWS.route53(region).delete_hosted_zone(id: zone.id)
|
|
742
|
+
rescue Aws::Route53::Errors::PriorRequestNotComplete
|
|
743
|
+
MU.log "Still waiting for all records in DNS Zone '#{zone.name}' (#{zone.id}) to delete", MU::WARN
|
|
744
|
+
sleep 20
|
|
745
|
+
retry
|
|
746
|
+
rescue Aws::Route53::Errors::InvalidChangeBatch
|
|
747
|
+
# Just skip this
|
|
748
|
+
rescue Aws::Route53::Errors::NoSuchHostedZone => e
|
|
749
|
+
MU.log "DNS Zone '#{zone.name}' (#{zone.id}) disappeared before I could remove it", MU::WARN, details: e.inspect
|
|
750
|
+
rescue Aws::Route53::Errors::HostedZoneNotEmpty => e
|
|
751
|
+
raise MuError, e.inspect
|
|
752
|
+
end
|
|
753
|
+
end
|
|
754
|
+
}
|
|
755
|
+
|
|
756
|
+
# Lets try cleaning MU DNS records in all zones.
|
|
757
|
+
MU::Cloud::AWS.route53(region).list_hosted_zones.hosted_zones.each { |zone|
|
|
758
|
+
begin
|
|
759
|
+
zone_rrsets = []
|
|
760
|
+
rrsets = MU::Cloud::AWS.route53(region).list_resource_record_sets(hosted_zone_id: zone.id)
|
|
761
|
+
rrsets.resource_record_sets.each { |record|
|
|
762
|
+
zone_rrsets << record
|
|
763
|
+
}
|
|
764
|
+
|
|
765
|
+
# AWS API returns a maximum of 100 results. DNS zones are likely to have more than 100 records, lets page and make sure we grab all records in a given zone
|
|
766
|
+
while rrsets.next_record_name && rrsets.next_record_type
|
|
767
|
+
rrsets = MU::Cloud::AWS.route53(region).list_resource_record_sets(hosted_zone_id: zone.id, start_record_name: rrsets.next_record_name, start_record_type: rrsets.next_record_type)
|
|
768
|
+
rrsets.resource_record_sets.each { |record|
|
|
769
|
+
zone_rrsets << record
|
|
770
|
+
}
|
|
771
|
+
end
|
|
772
|
+
|
|
773
|
+
# TO DO: if we have more than one record it will retry the deletion multiple times and will throw Aws::Route53::Errors::InvalidChangeBatch / record not found even though the record was deleted
|
|
774
|
+
zone_rrsets.each { |record|
|
|
775
|
+
if record.name.match(MU.deploy_id.downcase)
|
|
776
|
+
resource_records = []
|
|
777
|
+
record.resource_records.each { |rrecord|
|
|
778
|
+
resource_records << rrecord.value
|
|
779
|
+
}
|
|
780
|
+
|
|
781
|
+
MU::Cloud::AWS::DNSZone.manageRecord(zone.id, record.name, record.type, targets: resource_records, ttl: record.ttl, sync_wait: false, delete: true) if !noop
|
|
782
|
+
end
|
|
783
|
+
}
|
|
784
|
+
rescue Aws::Route53::Errors::NoSuchHostedZone
|
|
785
|
+
MU.log "DNS Zone '#{zone.name}' #{zone.id} disappeared while was looking at", MU::WARN
|
|
786
|
+
end
|
|
787
|
+
}
|
|
788
|
+
end
|
|
789
|
+
|
|
790
|
+
# Cloud-specific configuration properties.
|
|
791
|
+
# @param config [MU::Config]: The calling MU::Config object
|
|
792
|
+
# @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
|
|
793
|
+
def self.schema(config)
|
|
794
|
+
toplevel_required = []
|
|
795
|
+
schema = {}
|
|
796
|
+
[toplevel_required, schema]
|
|
797
|
+
end
|
|
798
|
+
|
|
799
|
+
# Cloud-specific pre-processing of {MU::Config::BasketofKittens::dnszones}, bare and unvalidated.
|
|
800
|
+
# @param zone [Hash]: The resource to process and validate
|
|
801
|
+
# @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
|
|
802
|
+
# @return [Boolean]: True if validation succeeded, False otherwise
|
|
803
|
+
def self.validateConfig(zone, configurator)
|
|
804
|
+
ok = true
|
|
805
|
+
|
|
806
|
+
if !zone["records"].nil?
|
|
807
|
+
zone["records"].each { |record|
|
|
808
|
+
record['scrub_mu_isms'] = zone['scrub_mu_isms'] if zone.has_key?('scrub_mu_isms')
|
|
809
|
+
route_types = 0
|
|
810
|
+
route_types = route_types + 1 if !record['weight'].nil?
|
|
811
|
+
route_types = route_types + 1 if !record['geo_location'].nil?
|
|
812
|
+
route_types = route_types + 1 if !record['region'].nil?
|
|
813
|
+
route_types = route_types + 1 if !record['failover'].nil?
|
|
814
|
+
|
|
815
|
+
if route_types > 1
|
|
816
|
+
MU.log "At most one of weight, location, region, and failover can be specified in a record.", MU::ERR, details: record
|
|
817
|
+
ok = false
|
|
818
|
+
end
|
|
819
|
+
|
|
820
|
+
if !record['mu_type'].nil?
|
|
821
|
+
zone["dependencies"] << {
|
|
822
|
+
"type" => record['mu_type'],
|
|
823
|
+
"name" => record['target']
|
|
824
|
+
}
|
|
825
|
+
end
|
|
826
|
+
|
|
827
|
+
if record.has_key?('healthchecks') && !record['healthchecks'].empty?
|
|
828
|
+
primary_alarms_set = []
|
|
829
|
+
record['healthchecks'].each { |check|
|
|
830
|
+
check['alarm_region'] ||= zone['region'] if check['method'] == "CLOUDWATCH_METRIC"
|
|
831
|
+
primary_alarms_set << true if check['type'] == 'primary'
|
|
832
|
+
}
|
|
833
|
+
|
|
834
|
+
if primary_alarms_set.size != 1
|
|
835
|
+
MU.log "Must have only one primary health check, but #{primary_alarms_set.size} are set.", MU::ERR, details: record
|
|
836
|
+
ok = false
|
|
837
|
+
end
|
|
838
|
+
|
|
839
|
+
# record['healthcheck']['alarm_region'] ||= zone['region'] if record['healthcheck']['method'] == "CLOUDWATCH_METRIC"
|
|
840
|
+
|
|
841
|
+
if route_types == 0
|
|
842
|
+
MU.log "Health check in a DNS zone only valid with Weighted, Location-based, Latency-based, or Failover routing.", MU::ERR, details: record
|
|
843
|
+
ok = false
|
|
844
|
+
end
|
|
845
|
+
end
|
|
846
|
+
|
|
847
|
+
if !record['geo_location'].nil?
|
|
848
|
+
if !record['geo_location']['continent_code'].nil? and (!record['geo_location']['country_code'].nil? or !record['geo_location']['subdivision_code'].nil?)
|
|
849
|
+
MU.log "Location routing cannot mix continent_code with other location specifiers.", MU::ERR, details: record
|
|
850
|
+
ok = false
|
|
851
|
+
end
|
|
852
|
+
if record['geo_location']['country_code'].nil? and !record['geo_location']['subdivision_code'].nil?
|
|
853
|
+
MU.log "Cannot specify subdivision_code without country_code.", MU::ERR, details: record
|
|
854
|
+
ok = false
|
|
855
|
+
end
|
|
856
|
+
end
|
|
857
|
+
}
|
|
858
|
+
end
|
|
859
|
+
|
|
860
|
+
ok
|
|
861
|
+
end
|
|
862
|
+
|
|
863
|
+
# Canonical Amazon Resource Number for this resource
|
|
864
|
+
# @return [String]
|
|
865
|
+
def arn
|
|
866
|
+
nil # no such animal in Route53
|
|
867
|
+
end
|
|
868
|
+
|
|
869
|
+
# Locate an existing DNSZone or DNSZones and return an array containing matching AWS resource descriptors for those that match.
|
|
870
|
+
# @param cloud_id [String]: The cloud provider's identifier for this resource. Can also use the domain name, we'll check for both.
|
|
871
|
+
# @param region [String]: The cloud provider region
|
|
872
|
+
# @param flags [Hash]: Optional flags
|
|
873
|
+
# @return [Array<Hash<String,OpenStruct>>]: The cloud provider's complete descriptions of matching DNSZones
|
|
874
|
+
def self.find(cloud_id: nil, deploy_id: MU.deploy_id, region: MU.curRegion, flags: {})
|
|
875
|
+
matches = {}
|
|
876
|
+
|
|
877
|
+
resp = MU::Cloud::AWS.route53(region).list_hosted_zones(
|
|
878
|
+
max_items: 100
|
|
879
|
+
)
|
|
880
|
+
|
|
881
|
+
resp.hosted_zones.each { |zone|
|
|
882
|
+
if !cloud_id.nil? and !cloud_id.empty?
|
|
883
|
+
if zone.id == cloud_id
|
|
884
|
+
begin
|
|
885
|
+
matches[zone.id] = MU::Cloud::AWS.route53(region).get_hosted_zone(id: zone.id).hosted_zone
|
|
886
|
+
rescue Aws::Route53::Errors::NoSuchHostedZone
|
|
887
|
+
MU.log "Hosted zone #{zone.id} doesn't exist"
|
|
888
|
+
end
|
|
889
|
+
elsif zone.name == cloud_id or zone.name == cloud_id+"."
|
|
890
|
+
begin
|
|
891
|
+
matches[zone.id] = MU::Cloud::AWS.route53(region).get_hosted_zone(id: zone.id).hosted_zone
|
|
892
|
+
rescue Aws::Route53::Errors::NoSuchHostedZone
|
|
893
|
+
MU.log "Hosted zone #{zone.id} doesn't exist"
|
|
894
|
+
end
|
|
895
|
+
end
|
|
896
|
+
end
|
|
897
|
+
if !deploy_id.nil? and !deploy_id.empty? and zone.config.comment == deploy_id
|
|
898
|
+
begin
|
|
899
|
+
matches[zone.id] = MU::Cloud::AWS.route53(region).get_hosted_zone(id: zone.id).hosted_zone
|
|
900
|
+
rescue Aws::Route53::Errors::NoSuchHostedZone
|
|
901
|
+
MU.log "Hosted zone #{zone.id} doesn't exist"
|
|
902
|
+
end
|
|
903
|
+
end
|
|
904
|
+
}
|
|
905
|
+
|
|
906
|
+
return matches
|
|
907
|
+
end
|
|
908
|
+
end
|
|
909
|
+
end
|
|
910
|
+
end
|
|
911
|
+
end
|