cloud-mu 1.9.0.pre.beta

Sign up to get free protection for your applications and to get access to all the features.
Files changed (618) hide show
  1. checksums.yaml +7 -0
  2. data/Berksfile +56 -0
  3. data/Berksfile.lock +250 -0
  4. data/Jenkinsfile +184 -0
  5. data/LICENSE.md +37 -0
  6. data/README.md +26 -0
  7. data/bin/mu-aws-setup +376 -0
  8. data/bin/mu-cleanup +68 -0
  9. data/bin/mu-configure +1133 -0
  10. data/bin/mu-deploy +166 -0
  11. data/bin/mu-firewall-allow-clients +30 -0
  12. data/bin/mu-gcp-setup +200 -0
  13. data/bin/mu-gen-docs +34 -0
  14. data/bin/mu-gen-env +42 -0
  15. data/bin/mu-load-config.rb +158 -0
  16. data/bin/mu-node-manage +683 -0
  17. data/bin/mu-self-update +228 -0
  18. data/bin/mu-ssh +23 -0
  19. data/bin/mu-tunnel-nagios +144 -0
  20. data/bin/mu-upload-chef-artifacts +757 -0
  21. data/bin/mu-user-manage +275 -0
  22. data/cookbooks/awscli/LICENSE +37 -0
  23. data/cookbooks/awscli/README.md +58 -0
  24. data/cookbooks/awscli/attributes/default.rb +1 -0
  25. data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
  26. data/cookbooks/awscli/metadata.rb +20 -0
  27. data/cookbooks/awscli/recipes/default.rb +56 -0
  28. data/cookbooks/awscli/templates/default/config.erb +18 -0
  29. data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
  30. data/cookbooks/mu-activedirectory/LICENSE +37 -0
  31. data/cookbooks/mu-activedirectory/README.md +6 -0
  32. data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
  33. data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
  34. data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
  35. data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
  36. data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
  37. data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
  38. data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
  39. data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
  40. data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
  41. data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
  42. data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
  43. data/cookbooks/mu-activedirectory/metadata.rb +17 -0
  44. data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
  45. data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
  46. data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
  47. data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
  48. data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
  49. data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
  50. data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
  51. data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
  52. data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
  53. data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
  54. data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
  55. data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
  56. data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
  57. data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
  58. data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
  59. data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
  60. data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
  61. data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
  62. data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
  63. data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
  64. data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
  65. data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
  66. data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
  67. data/cookbooks/mu-firewall/LICENSE +37 -0
  68. data/cookbooks/mu-firewall/README.md +5 -0
  69. data/cookbooks/mu-firewall/attributes/default.rb +3 -0
  70. data/cookbooks/mu-firewall/metadata.rb +16 -0
  71. data/cookbooks/mu-firewall/recipes/default.rb +10 -0
  72. data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
  73. data/cookbooks/mu-glusterfs/LICENSE +37 -0
  74. data/cookbooks/mu-glusterfs/README.md +5 -0
  75. data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
  76. data/cookbooks/mu-glusterfs/metadata.rb +17 -0
  77. data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
  78. data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
  79. data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
  80. data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
  81. data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
  82. data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
  83. data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
  84. data/cookbooks/mu-jenkins/LICENSE +37 -0
  85. data/cookbooks/mu-jenkins/README.md +105 -0
  86. data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
  87. data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
  88. data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
  89. data/cookbooks/mu-jenkins/metadata.rb +21 -0
  90. data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
  91. data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
  92. data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
  93. data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
  94. data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
  95. data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
  96. data/cookbooks/mu-master/CHANGELOG.md +13 -0
  97. data/cookbooks/mu-master/LICENSE +37 -0
  98. data/cookbooks/mu-master/README.md +6 -0
  99. data/cookbooks/mu-master/attributes/default.rb +95 -0
  100. data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
  101. data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
  102. data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
  103. data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
  104. data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
  105. data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
  106. data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
  107. data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
  108. data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
  109. data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
  110. data/cookbooks/mu-master/files/default/pam_sshd +18 -0
  111. data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
  112. data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
  113. data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
  114. data/cookbooks/mu-master/files/default/vimrc +19 -0
  115. data/cookbooks/mu-master/libraries/mu.rb +29 -0
  116. data/cookbooks/mu-master/metadata.rb +30 -0
  117. data/cookbooks/mu-master/providers/user.rb +41 -0
  118. data/cookbooks/mu-master/recipes/389ds.rb +164 -0
  119. data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
  120. data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
  121. data/cookbooks/mu-master/recipes/default.rb +451 -0
  122. data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
  123. data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
  124. data/cookbooks/mu-master/recipes/init.rb +542 -0
  125. data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
  126. data/cookbooks/mu-master/recipes/sssd.rb +89 -0
  127. data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
  128. data/cookbooks/mu-master/recipes/vault.rb +111 -0
  129. data/cookbooks/mu-master/resources/user.rb +19 -0
  130. data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
  131. data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
  132. data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
  133. data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
  134. data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
  135. data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
  136. data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
  137. data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
  138. data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
  139. data/cookbooks/mu-mongo/LICENSE +37 -0
  140. data/cookbooks/mu-mongo/README.md +5 -0
  141. data/cookbooks/mu-mongo/attributes/default.rb +22 -0
  142. data/cookbooks/mu-mongo/files/default/keyfile +16 -0
  143. data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
  144. data/cookbooks/mu-mongo/metadata.rb +17 -0
  145. data/cookbooks/mu-mongo/recipes/default.rb +149 -0
  146. data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
  147. data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
  148. data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
  149. data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
  150. data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
  151. data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
  152. data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
  153. data/cookbooks/mu-openvpn/LICENSE +37 -0
  154. data/cookbooks/mu-openvpn/README.md +6 -0
  155. data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
  156. data/cookbooks/mu-openvpn/metadata.rb +18 -0
  157. data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
  158. data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
  159. data/cookbooks/mu-php54/CHANGELOG.md +12 -0
  160. data/cookbooks/mu-php54/LICENSE +37 -0
  161. data/cookbooks/mu-php54/README.md +0 -0
  162. data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
  163. data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
  164. data/cookbooks/mu-php54/metadata.rb +21 -0
  165. data/cookbooks/mu-php54/recipes/default.rb +97 -0
  166. data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
  167. data/cookbooks/mu-splunk/LICENSE +37 -0
  168. data/cookbooks/mu-splunk/README.md +451 -0
  169. data/cookbooks/mu-splunk/attributes/default.rb +95 -0
  170. data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
  171. data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
  172. data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
  173. data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
  174. data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
  175. data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
  176. data/cookbooks/mu-splunk/metadata.json +30 -0
  177. data/cookbooks/mu-splunk/metadata.rb +17 -0
  178. data/cookbooks/mu-splunk/recipes/client.rb +143 -0
  179. data/cookbooks/mu-splunk/recipes/default.rb +31 -0
  180. data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
  181. data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
  182. data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
  183. data/cookbooks/mu-splunk/recipes/server.rb +53 -0
  184. data/cookbooks/mu-splunk/recipes/service.rb +95 -0
  185. data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
  186. data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
  187. data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
  188. data/cookbooks/mu-splunk/recipes/user.rb +34 -0
  189. data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
  190. data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
  191. data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
  192. data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
  193. data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
  194. data/cookbooks/mu-tools/CHANGELOG.md +12 -0
  195. data/cookbooks/mu-tools/LICENSE +37 -0
  196. data/cookbooks/mu-tools/README.md +188 -0
  197. data/cookbooks/mu-tools/attributes/default.rb +142 -0
  198. data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
  199. data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
  200. data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
  201. data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
  202. data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
  203. data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
  204. data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
  205. data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
  206. data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
  207. data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
  208. data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
  209. data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
  210. data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
  211. data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
  212. data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
  213. data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
  214. data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
  215. data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
  216. data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
  217. data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
  218. data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
  219. data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
  220. data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
  221. data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
  222. data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
  223. data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
  224. data/cookbooks/mu-tools/files/default/mypol.te +37 -0
  225. data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
  226. data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
  227. data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
  228. data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
  229. data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
  230. data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
  231. data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
  232. data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
  233. data/cookbooks/mu-tools/files/default/ntrights +0 -0
  234. data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
  235. data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
  236. data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
  237. data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
  238. data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
  239. data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
  240. data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
  241. data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
  242. data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
  243. data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
  244. data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
  245. data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
  246. data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
  247. data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
  248. data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
  249. data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
  250. data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
  251. data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
  252. data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
  253. data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
  254. data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
  255. data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
  256. data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
  257. data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
  258. data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
  259. data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
  260. data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
  261. data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
  262. data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
  263. data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
  264. data/cookbooks/mu-tools/libraries/helper.rb +292 -0
  265. data/cookbooks/mu-tools/metadata.rb +28 -0
  266. data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
  267. data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
  268. data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
  269. data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
  270. data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
  271. data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
  272. data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
  273. data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
  274. data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
  275. data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
  276. data/cookbooks/mu-tools/recipes/efs.rb +70 -0
  277. data/cookbooks/mu-tools/recipes/eks.rb +160 -0
  278. data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
  279. data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
  280. data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
  281. data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
  282. data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
  283. data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
  284. data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
  285. data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
  286. data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
  287. data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
  288. data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
  289. data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
  290. data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
  291. data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
  292. data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
  293. data/cookbooks/mu-tools/recipes/updates.rb +96 -0
  294. data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
  295. data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
  296. data/cookbooks/mu-tools/resources/disk.rb +88 -0
  297. data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
  298. data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
  299. data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
  300. data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
  301. data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
  302. data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
  303. data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
  304. data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
  305. data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
  306. data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
  307. data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
  308. data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
  309. data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
  310. data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
  311. data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
  312. data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
  313. data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
  314. data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
  315. data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
  316. data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
  317. data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
  318. data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
  319. data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
  320. data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
  321. data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
  322. data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
  323. data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
  324. data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
  325. data/cookbooks/mu-utility/CHANGELOG.md +12 -0
  326. data/cookbooks/mu-utility/LICENSE +37 -0
  327. data/cookbooks/mu-utility/README.md +6 -0
  328. data/cookbooks/mu-utility/attributes/default.rb +1 -0
  329. data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
  330. data/cookbooks/mu-utility/metadata.rb +16 -0
  331. data/cookbooks/mu-utility/recipes/apt.rb +23 -0
  332. data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
  333. data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
  334. data/cookbooks/mu-utility/recipes/luks.rb +18 -0
  335. data/cookbooks/mu-utility/recipes/nat.rb +104 -0
  336. data/cookbooks/mu-utility/recipes/php.rb +33 -0
  337. data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
  338. data/cookbooks/mu-utility/recipes/remi.rb +44 -0
  339. data/cookbooks/mu-utility/recipes/vim.rb +26 -0
  340. data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
  341. data/cookbooks/mu-utility/recipes/zip.rb +26 -0
  342. data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
  343. data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
  344. data/cookbooks/nagios/Berksfile +8 -0
  345. data/cookbooks/nagios/CHANGELOG.md +589 -0
  346. data/cookbooks/nagios/CONTRIBUTING.md +11 -0
  347. data/cookbooks/nagios/LICENSE +37 -0
  348. data/cookbooks/nagios/README.md +328 -0
  349. data/cookbooks/nagios/TESTING.md +2 -0
  350. data/cookbooks/nagios/attributes/config.rb +171 -0
  351. data/cookbooks/nagios/attributes/default.rb +228 -0
  352. data/cookbooks/nagios/chefignore +102 -0
  353. data/cookbooks/nagios/definitions/command.rb +33 -0
  354. data/cookbooks/nagios/definitions/contact.rb +33 -0
  355. data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
  356. data/cookbooks/nagios/definitions/host.rb +33 -0
  357. data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
  358. data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
  359. data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
  360. data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
  361. data/cookbooks/nagios/definitions/resource.rb +33 -0
  362. data/cookbooks/nagios/definitions/service.rb +33 -0
  363. data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
  364. data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
  365. data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
  366. data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
  367. data/cookbooks/nagios/libraries/base.rb +314 -0
  368. data/cookbooks/nagios/libraries/command.rb +91 -0
  369. data/cookbooks/nagios/libraries/contact.rb +230 -0
  370. data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
  371. data/cookbooks/nagios/libraries/custom_option.rb +36 -0
  372. data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
  373. data/cookbooks/nagios/libraries/default.rb +90 -0
  374. data/cookbooks/nagios/libraries/host.rb +412 -0
  375. data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
  376. data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
  377. data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
  378. data/cookbooks/nagios/libraries/nagios.rb +282 -0
  379. data/cookbooks/nagios/libraries/resource.rb +59 -0
  380. data/cookbooks/nagios/libraries/service.rb +455 -0
  381. data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
  382. data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
  383. data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
  384. data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
  385. data/cookbooks/nagios/libraries/users_helper.rb +54 -0
  386. data/cookbooks/nagios/metadata.rb +25 -0
  387. data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
  388. data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
  389. data/cookbooks/nagios/recipes/apache.rb +48 -0
  390. data/cookbooks/nagios/recipes/default.rb +204 -0
  391. data/cookbooks/nagios/recipes/nginx.rb +82 -0
  392. data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
  393. data/cookbooks/nagios/recipes/server_package.rb +40 -0
  394. data/cookbooks/nagios/recipes/server_source.rb +164 -0
  395. data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
  396. data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
  397. data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
  398. data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
  399. data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
  400. data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
  401. data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
  402. data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
  403. data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
  404. data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
  405. data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
  406. data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
  407. data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
  408. data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
  409. data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
  410. data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
  411. data/cookbooks/s3fs/CHANGELOG.md +13 -0
  412. data/cookbooks/s3fs/LICENSE +37 -0
  413. data/cookbooks/s3fs/README.md +6 -0
  414. data/cookbooks/s3fs/attributes/default.rb +15 -0
  415. data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
  416. data/cookbooks/s3fs/metadata.rb +16 -0
  417. data/cookbooks/s3fs/recipes/default.rb +91 -0
  418. data/data_bags/demo/app.json +7 -0
  419. data/data_bags/nagios_services/chef.json +6 -0
  420. data/data_bags/nagios_services/linux_diskspace.json +5 -0
  421. data/data_bags/nagios_services/momma_cat.json +6 -0
  422. data/data_bags/nagios_services/mu-master-memory.json +5 -0
  423. data/data_bags/nagios_services/nagios_ui.json +6 -0
  424. data/data_bags/nagios_services/node_ssh.json +6 -0
  425. data/data_bags/nagios_services/ssh.json +6 -0
  426. data/demo/lambda_test.yaml +29 -0
  427. data/environments/DEV.json +8 -0
  428. data/environments/PROD.json +8 -0
  429. data/environments/dev.json +8 -0
  430. data/environments/development.json +8 -0
  431. data/environments/prod.json +8 -0
  432. data/extras/README.md +1 -0
  433. data/extras/admin-role-binding.yaml +16 -0
  434. data/extras/admin-user.yaml +6 -0
  435. data/extras/aws-auth-cm.yaml.erb +12 -0
  436. data/extras/clean-stock-amis +48 -0
  437. data/extras/git-fix-permissions-hook +12 -0
  438. data/extras/gitlab-eks-helper.sh.erb +20 -0
  439. data/extras/image-generators/README.md +2 -0
  440. data/extras/image-generators/aws/centos6.yaml +18 -0
  441. data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
  442. data/extras/image-generators/aws/centos7.yaml +17 -0
  443. data/extras/image-generators/aws/rhel7.yaml +17 -0
  444. data/extras/image-generators/aws/win2k12.yaml +16 -0
  445. data/extras/image-generators/aws/win2k16.yaml +16 -0
  446. data/extras/image-generators/aws/windows.yaml +18 -0
  447. data/extras/image-generators/gcp/centos6.yaml +17 -0
  448. data/extras/lambda_waf_domain_blacklist.py +103 -0
  449. data/extras/platform_berksfile_base +50 -0
  450. data/extras/ruby_rpm/build.sh +17 -0
  451. data/extras/ruby_rpm/muby.spec +44 -0
  452. data/extras/vault_tools/README.md +6 -0
  453. data/extras/vault_tools/export_vaults.sh +3 -0
  454. data/extras/vault_tools/recreate_vaults.sh +5 -0
  455. data/extras/vault_tools/test_vaults.sh +5 -0
  456. data/install/README.md +8 -0
  457. data/install/cfn_create_mu_master.json +1034 -0
  458. data/install/chef-server.rb.erb +19 -0
  459. data/install/deprecated-bash-library.sh +1891 -0
  460. data/install/images/Usage.png +0 -0
  461. data/install/installer +71 -0
  462. data/install/jenkinskeys.rb +8 -0
  463. data/install/user-dot-murc.erb +14 -0
  464. data/modules/html.erb +19 -0
  465. data/modules/mommacat.ru +426 -0
  466. data/modules/mu/cleanup.rb +339 -0
  467. data/modules/mu/cloud.rb +1446 -0
  468. data/modules/mu/clouds/README.md +201 -0
  469. data/modules/mu/clouds/aws/alarm.rb +319 -0
  470. data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
  471. data/modules/mu/clouds/aws/collection.rb +373 -0
  472. data/modules/mu/clouds/aws/container_cluster.rb +667 -0
  473. data/modules/mu/clouds/aws/database.rb +1836 -0
  474. data/modules/mu/clouds/aws/dnszone.rb +911 -0
  475. data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
  476. data/modules/mu/clouds/aws/folder.rb +92 -0
  477. data/modules/mu/clouds/aws/function.rb +349 -0
  478. data/modules/mu/clouds/aws/group.rb +251 -0
  479. data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
  480. data/modules/mu/clouds/aws/log.rb +363 -0
  481. data/modules/mu/clouds/aws/msg_queue.rb +480 -0
  482. data/modules/mu/clouds/aws/notification.rb +139 -0
  483. data/modules/mu/clouds/aws/role.rb +656 -0
  484. data/modules/mu/clouds/aws/search_domain.rb +646 -0
  485. data/modules/mu/clouds/aws/server.rb +2294 -0
  486. data/modules/mu/clouds/aws/server_pool.rb +1388 -0
  487. data/modules/mu/clouds/aws/storage_pool.rb +495 -0
  488. data/modules/mu/clouds/aws/user.rb +382 -0
  489. data/modules/mu/clouds/aws/userdata/README.md +4 -0
  490. data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
  491. data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
  492. data/modules/mu/clouds/aws/vpc.rb +1943 -0
  493. data/modules/mu/clouds/aws.rb +1009 -0
  494. data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
  495. data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
  496. data/modules/mu/clouds/cloudformation/collection.rb +117 -0
  497. data/modules/mu/clouds/cloudformation/database.rb +278 -0
  498. data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
  499. data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
  500. data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
  501. data/modules/mu/clouds/cloudformation/log.rb +170 -0
  502. data/modules/mu/clouds/cloudformation/server.rb +370 -0
  503. data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
  504. data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
  505. data/modules/mu/clouds/cloudformation.rb +733 -0
  506. data/modules/mu/clouds/docker.rb +30 -0
  507. data/modules/mu/clouds/google/container_cluster.rb +290 -0
  508. data/modules/mu/clouds/google/database.rb +152 -0
  509. data/modules/mu/clouds/google/firewall_rule.rb +267 -0
  510. data/modules/mu/clouds/google/group.rb +164 -0
  511. data/modules/mu/clouds/google/loadbalancer.rb +479 -0
  512. data/modules/mu/clouds/google/server.rb +1510 -0
  513. data/modules/mu/clouds/google/server_pool.rb +274 -0
  514. data/modules/mu/clouds/google/user.rb +266 -0
  515. data/modules/mu/clouds/google/userdata/README.md +4 -0
  516. data/modules/mu/clouds/google/userdata/linux.erb +137 -0
  517. data/modules/mu/clouds/google/userdata/windows.erb +275 -0
  518. data/modules/mu/clouds/google/vpc.rb +890 -0
  519. data/modules/mu/clouds/google.rb +811 -0
  520. data/modules/mu/config/README.md +11 -0
  521. data/modules/mu/config/alarm.rb +271 -0
  522. data/modules/mu/config/cache_cluster.rb +172 -0
  523. data/modules/mu/config/collection.rb +87 -0
  524. data/modules/mu/config/container_cluster.rb +103 -0
  525. data/modules/mu/config/container_cluster.yml +36 -0
  526. data/modules/mu/config/database.rb +458 -0
  527. data/modules/mu/config/database.yml +26 -0
  528. data/modules/mu/config/dnszone.rb +327 -0
  529. data/modules/mu/config/firewall_rule.rb +118 -0
  530. data/modules/mu/config/folder.rb +70 -0
  531. data/modules/mu/config/function.rb +140 -0
  532. data/modules/mu/config/group.rb +64 -0
  533. data/modules/mu/config/loadbalancer.rb +482 -0
  534. data/modules/mu/config/log.rb +47 -0
  535. data/modules/mu/config/log.yml +6 -0
  536. data/modules/mu/config/msg_queue.rb +47 -0
  537. data/modules/mu/config/msg_queue.yml +9 -0
  538. data/modules/mu/config/notification.rb +44 -0
  539. data/modules/mu/config/project.rb +71 -0
  540. data/modules/mu/config/role.rb +102 -0
  541. data/modules/mu/config/search_domain.rb +61 -0
  542. data/modules/mu/config/search_domain.yml +25 -0
  543. data/modules/mu/config/server.rb +587 -0
  544. data/modules/mu/config/server.yml +8 -0
  545. data/modules/mu/config/server_pool.rb +216 -0
  546. data/modules/mu/config/server_pool.yml +71 -0
  547. data/modules/mu/config/storage_pool.rb +145 -0
  548. data/modules/mu/config/user.rb +78 -0
  549. data/modules/mu/config/vpc.rb +743 -0
  550. data/modules/mu/config/vpc.yml +6 -0
  551. data/modules/mu/config.rb +2000 -0
  552. data/modules/mu/defaults/README.md +2 -0
  553. data/modules/mu/defaults/amazon_images.yaml +121 -0
  554. data/modules/mu/defaults/google_images.yaml +16 -0
  555. data/modules/mu/deploy.rb +686 -0
  556. data/modules/mu/groomer.rb +123 -0
  557. data/modules/mu/groomers/README.md +58 -0
  558. data/modules/mu/groomers/chef.rb +1024 -0
  559. data/modules/mu/kittens.rb +11319 -0
  560. data/modules/mu/logger.rb +208 -0
  561. data/modules/mu/master/README.md +27 -0
  562. data/modules/mu/master/chef.rb +471 -0
  563. data/modules/mu/master/ldap.rb +1005 -0
  564. data/modules/mu/master.rb +415 -0
  565. data/modules/mu/mommacat.rb +2703 -0
  566. data/modules/mu-load-config.rb +1 -0
  567. data/modules/mu.rb +724 -0
  568. data/modules/scratchpad.erb +1 -0
  569. data/modules/tests/super_complex_bok.yml +41 -0
  570. data/modules/tests/super_simple_bok.yml +40 -0
  571. data/mu.gemspec +62 -0
  572. data/roles/demo-dbservice-configure.json +19 -0
  573. data/roles/demo-portal-configure.json +19 -0
  574. data/roles/mu-master-jenkins.json +24 -0
  575. data/roles/mu-master-nagios-only.json +13 -0
  576. data/roles/mu-master.json +12 -0
  577. data/roles/mu-node.json +19 -0
  578. data/roles/mu-splunk-server.json +13 -0
  579. data/roles/mu-splunk.json +13 -0
  580. data/test/clean_up.py +25 -0
  581. data/test/demo-test-profile/README.md +3 -0
  582. data/test/demo-test-profile/controls/flask.rb +84 -0
  583. data/test/demo-test-profile/inspec.lock +7 -0
  584. data/test/demo-test-profile/inspec.yml +11 -0
  585. data/test/etco-test-profile/README.md +3 -0
  586. data/test/etco-test-profile/controls/all-in-one.rb +182 -0
  587. data/test/etco-test-profile/inspec.lock +7 -0
  588. data/test/etco-test-profile/inspec.yml +11 -0
  589. data/test/exec_inspec.py +246 -0
  590. data/test/exec_mu_install.py +241 -0
  591. data/test/exec_retry.py +44 -0
  592. data/test/mu-master-test/README.md +3 -0
  593. data/test/mu-master-test/controls/all_in_one.rb +557 -0
  594. data/test/mu-master-test/inspec.lock +3 -0
  595. data/test/mu-master-test/inspec.yml +11 -0
  596. data/test/mu-tools-test/README.md +3 -0
  597. data/test/mu-tools-test/controls/base.rb +265 -0
  598. data/test/mu-tools-test/inspec.lock +3 -0
  599. data/test/mu-tools-test/inspec.yml +8 -0
  600. data/test/simple-server-php-test/README.md +3 -0
  601. data/test/simple-server-php-test/controls/apachephp.rb +25 -0
  602. data/test/simple-server-php-test/controls/example.rb +19 -0
  603. data/test/simple-server-php-test/inspec.lock +7 -0
  604. data/test/simple-server-php-test/inspec.yml +12 -0
  605. data/test/simple-server-rails-test/README.md +3 -0
  606. data/test/simple-server-rails-test/controls/rails.rb +188 -0
  607. data/test/simple-server-rails-test/inspec.lock +7 -0
  608. data/test/simple-server-rails-test/inspec.yml +11 -0
  609. data/test/simple-windows-test/README.md +3 -0
  610. data/test/simple-windows-test/controls/windows.rb +20 -0
  611. data/test/simple-windows-test/inspec.lock +7 -0
  612. data/test/simple-windows-test/inspec.yml +11 -0
  613. data/test/smoke_test.rb +75 -0
  614. data/test/wordpress-test/README.md +3 -0
  615. data/test/wordpress-test/controls/wordpress.rb +97 -0
  616. data/test/wordpress-test/inspec.lock +7 -0
  617. data/test/wordpress-test/inspec.yml +11 -0
  618. metadata +979 -0
@@ -0,0 +1,911 @@
1
+ # Copyright:: Copyright (c) 2014 eGlobalTech, Inc., all rights reserved
2
+ #
3
+ # Licensed under the BSD-3 license (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License in the root of the project or at
6
+ #
7
+ # http://egt-labs.com/mu/LICENSE.html
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ module MU
16
+
17
+ class Cloud
18
+ class AWS
19
+ # A DNS Zone as configured in {MU::Config::BasketofKittens::dnszones}
20
+ class DNSZone < MU::Cloud::DNSZone
21
+
22
+ @config = nil
23
+ attr_reader :mu_name
24
+ attr_reader :cloud_id
25
+ attr_reader :config
26
+
27
+ @cloudformation_data = {}
28
+ attr_reader :cloudformation_data
29
+
30
+ # @param mommacat [MU::MommaCat]: A {MU::Mommacat} object containing the deploy of which this resource is/will be a member.
31
+ # @param kitten_cfg [Hash]: The fully parsed and resolved {MU::Config} resource descriptor as defined in {MU::Config::BasketofKittens::dnszones}
32
+ def initialize(mommacat: nil, kitten_cfg: nil, mu_name: nil, cloud_id: nil)
33
+ @deploy = mommacat
34
+ @config = MU::Config.manxify(kitten_cfg)
35
+ unless @mu_name
36
+ @mu_name = mu_name ? mu_name : @deploy.getResourceName(@config["name"])
37
+ end
38
+
39
+ MU.setVar("curRegion", @config['region']) if !@config['region'].nil?
40
+ end
41
+
42
+ # Called automatically by {MU::Deploy#createResources}
43
+ def create
44
+ ext_zone = MU::Cloud::DNSZone.find(cloud_id: @config['name']).values.first
45
+ @config["create_zone"] =
46
+ if ext_zone
47
+ false
48
+ else
49
+ true
50
+ end
51
+
52
+ if @config["create_zone"]
53
+ params = {
54
+ :name => @config['name'],
55
+ :hosted_zone_config => {
56
+ :comment => MU.deploy_id
57
+ },
58
+ :caller_reference => @deploy.getResourceName(@config['name'])
59
+ }
60
+
61
+ # Private zones have their lookup restricted by VPC
62
+ add_vpcs = []
63
+ if @config['private']
64
+ if @config['all_account_vpcs']
65
+ # If we've been told to make this domain available account-wide, do so
66
+ MU::Cloud::AWS.listRegions(@config['us_only']).each { |region|
67
+ known_vpcs = MU::Cloud::AWS.ec2(region).describe_vpcs.vpcs
68
+
69
+ MU.log "Enumerating VPCs in #{region}", MU::DEBUG, details: known_vpcs
70
+
71
+ known_vpcs.each { |vpc|
72
+ add_vpcs << { :vpc_id => vpc.vpc_id, :region => region }
73
+ }
74
+ }
75
+ else
76
+ # Or if we were given a list of VPCs add them
77
+ raise MuError, "DNS Zone #{@config['name']} is flagged as private, you must either provide a VPC, or set 'all_account_vpcs' to true" if @config['vpcs'].nil? || @config['vpcs'].empty?
78
+ @config['vpcs'].each { |vpc|
79
+ add_vpcs << { :vpc_id => vpc['vpc_id'], :region => vpc['region'] }
80
+ }
81
+ end
82
+
83
+ raise MuError, "DNS Zone #{@config['name']} is flagged as private, but I can't find any VPCs in which to put it" if add_vpcs.empty?
84
+
85
+ # We can only specify one VPC when creating a private zone. We'll add the rest later
86
+ params[:vpc] = {
87
+ :vpc_region => add_vpcs.first[:region],
88
+ :vpc_id => add_vpcs.first[:vpc_id]
89
+ }
90
+ end
91
+
92
+ MU.log "Creating DNS Zone '#{@config['name']}'", details: params
93
+
94
+ resp = MU::Cloud::AWS.route53.create_hosted_zone(params)
95
+ id = resp.hosted_zone.id
96
+ @config['zone_id'] = id
97
+
98
+ begin
99
+ resp = MU::Cloud::AWS.route53.get_hosted_zone(id: id)
100
+ sleep 10
101
+ end while resp.nil? or resp.size == 0
102
+
103
+ if !add_vpcs.empty?
104
+ add_vpcs.each { |vpc|
105
+ if vpc[:vpc_id] != params[:vpc][:vpc_id]
106
+ MU.log "Associating VPC #{vpc[:vpc_id]} in #{vpc[:region]} with DNS Zone #{@config['name']}", MU::DEBUG
107
+ begin
108
+ MU::Cloud::AWS.route53.associate_vpc_with_hosted_zone(
109
+ hosted_zone_id: id,
110
+ vpc: {
111
+ :vpc_region => vpc[:region],
112
+ :vpc_id => vpc[:vpc_id]
113
+ }
114
+ )
115
+ rescue Aws::Route53::Errors::InvalidVPCId => e
116
+ MU.log "Unable to associate #{vpc[:vpc_id]} in #{vpc[:region]} with DNS Zone #{@config['name']}: #{e.inspect}", MU::WARN
117
+ end
118
+ end
119
+ }
120
+ end
121
+ end
122
+
123
+ @config['records'] = [] if !@config['records']
124
+ @config['records'].each { |dnsrec|
125
+ dnsrec['name'] = "#{dnsrec['name']}.#{MU.environment.downcase}" if dnsrec["append_environment_name"] && !dnsrec['name'].match(/\.#{MU.environment.downcase}$/)
126
+
127
+ if dnsrec.has_key?('mu_type')
128
+ dnsrec['target'] =
129
+ if dnsrec['mu_type'] == "loadbalancer"
130
+ if @dependencies.has_key?('loadbalancer') and @dependencies['loadbalancer'].has_key?(dnsrec['target']) and !@dependencies['loadbalancer'][dnsrec['target']].cloudobj.nil? and dnsrec['deploy_id'].nil?
131
+ @dependencies['loadbalancer'][dnsrec['target']].cloudobj.notify['dns']
132
+ elsif dnsrec['deploy_id']
133
+ found = MU::MommaCat.findStray("AWS", "loadbalancer", deploy_id: dnsrec["deploy_id"], mu_name: dnsrec["target"], region: @config["region"])
134
+ raise MuError, "Couldn't find #{dnsrec['mu_type']} #{dnsrec["target"]}" if found.nil? || found.empty?
135
+ found.first.deploydata['dns']
136
+ end
137
+ elsif dnsrec['mu_type'] == "server"
138
+ if @dependencies.has_key?(dnsrec['mu_type']) && dnsrec['deploy_id'].nil?
139
+ MU.log "dnsrec['target'] #{dnsrec['target']}"
140
+ deploydata = @dependencies['server'][dnsrec['target']].deploydata
141
+ elsif dnsrec['deploy_id']
142
+ found = MU::MommaCat.findStray("AWS", "server", deploy_id: dnsrec["deploy_id"], mu_name: dnsrec["target"], region: @config["region"])
143
+ raise MuError, "Couldn't find #{dnsrec['mu_type']} #{dnsrec["target"]}" if found.nil? || found.empty?
144
+ deploydata = found.first.deploydata
145
+ end
146
+
147
+ public = true
148
+ if dnsrec.has_key?("target_type")
149
+ public = dnsrec["target_type"] == "private" ? false : true
150
+ end
151
+
152
+ if dnsrec["type"] == "CNAME"
153
+ if public
154
+ # Make sure we have a public canonical name to register. Use the private one if we don't
155
+ deploydata['public_dns_name'].empty? ? deploydata['private_dns_name'] : deploydata['public_dns_name']
156
+ else
157
+ # If we specifically requested to register the private canonical name lets use that
158
+ deploydata['private_dns_name']
159
+ end
160
+ elsif dnsrec["type"] == "A"
161
+ if public
162
+ # Make sure we have a public IP address to register. Use the private one if we don't
163
+ deploydata['public_ip_address'] ? deploydata['public_ip_address'] : deploydata['private_ip_address']
164
+ else
165
+ # If we specifically requested to register the private IP lets use that
166
+ deploydata['private_ip_address']
167
+ end
168
+ end
169
+ elsif dnsrec['mu_type'] == "database"
170
+ if @dependencies.has_key?(dnsrec['mu_type']) && dnsrec['deploy_id'].nil?
171
+ @dependencies[dnsrec['mu_type']][dnsrec['target']].deploydata['endpoint']
172
+ elsif dnsrec['deploy_id']
173
+ found = MU::MommaCat.findStray("AWS", "database", deploy_id: dnsrec["deploy_id"], mu_name: dnsrec["target"], region: @config["region"])
174
+ raise MuError, "Couldn't find #{dnsrec['mu_type']} #{dnsrec["target"]}" if found.nil? || found.empty?
175
+ found.first.deploydata['endpoint']
176
+ end
177
+ end
178
+ end
179
+
180
+ dnsrec["zone"] = {"name" => @config['name']}
181
+ }
182
+
183
+ MU::Cloud::AWS::DNSZone.createRecordsFromConfig(@config['records'])
184
+ return resp.hosted_zone if @config["create_zone"]
185
+ end
186
+
187
+ # Wrapper for {MU::Cloud::AWS::DNSZone.manageRecord}. Spawns threads to create all
188
+ # requested records in background and returns immediately.
189
+ # @param cfg [Array]: An array of parsed {MU::Config::BasketofKittens::dnszones::records} objects.
190
+ # @param target [String]: Optional target for the records to be created. Overrides targets embedded in cfg records.
191
+ def self.createRecordsFromConfig(cfg, target: nil)
192
+ return if cfg.nil?
193
+ record_threads = []
194
+
195
+ cfg.each { |record|
196
+ record['name'] = "#{record['name']}.#{MU.environment.downcase}" if record["append_environment_name"] && !record['name'].match(/\.#{MU.environment.downcase}$/)
197
+ zone = nil
198
+ if record['zone'].has_key?("id")
199
+ zone = MU::Cloud::DNSZone.find(cloud_id: record['zone']['id']).values.first
200
+ else
201
+ zone = MU::Cloud::DNSZone.find(cloud_id: record['zone']['name']).values.first
202
+ end
203
+
204
+ raise MuError, "Failed to locate Route53 DNS Zone for domain #{record['zone']['name']}" if zone.nil?
205
+
206
+ healthcheck_id = nil
207
+ record['target'] = target if !target.nil?
208
+ child_check_ids = []
209
+ if record.has_key?('healthchecks')
210
+ record['healthchecks'].each { |check|
211
+ child_check_ids << MU::Cloud::AWS::DNSZone.createHealthCheck(check, record['target']) if check['type'] == "secondary"
212
+ }
213
+
214
+ record['healthchecks'].each { |check|
215
+ if check['type'] == "primary"
216
+ check["health_check_ids"] = child_check_ids if !check.has_key?("health_check_ids") || check['health_check_ids'].empty?
217
+ healthcheck_id = MU::Cloud::AWS::DNSZone.createHealthCheck(check, record['target'])
218
+ break
219
+ end
220
+ }
221
+ end
222
+
223
+ # parent_thread_id seems to be nil sometimes, try to make sure we don't fail
224
+ # There has got to be a better way to deal with this than this
225
+ parent_thread_id = Thread.current.object_id
226
+ while parent_thread_id.nil?
227
+ parent_thread_id = Thread.current.object_id
228
+ sleep 3
229
+ end
230
+
231
+ record_threads << Thread.new {
232
+ MU.dupGlobals(parent_thread_id)
233
+ MU::Cloud::AWS::DNSZone.manageRecord(
234
+ zone.id,
235
+ record['name'],
236
+ record['type'],
237
+ targets: [record['target']],
238
+ ttl: record['ttl'],
239
+ failover: record['failover'],
240
+ healthcheck: healthcheck_id,
241
+ weight: record['weight'],
242
+ overwrite: record['override_existing'],
243
+ location: record['geo_location'],
244
+ region: record['region'],
245
+ alias_zone: record['alias_zone'],
246
+ sync_wait: false
247
+ )
248
+ }
249
+ }
250
+
251
+ record_threads.each { |t|
252
+ t.join
253
+ }
254
+ end
255
+
256
+ # Create a Route53 health check.
257
+ # @param cfg [Hash]: Parsed hash of {MU::Config::BasketofKittens::dnszones::records::healthchecks}
258
+ # @param target [String]: The IP address of FQDN of the target resource to check.
259
+ def self.createHealthCheck(cfg, target)
260
+ check = {
261
+ type: cfg['method'],
262
+ inverted: cfg['inverted']
263
+ }
264
+
265
+ if cfg['method'] == "CALCULATED"
266
+ check[:health_threshold] = cfg['health_threshold'] if cfg.has_key?('health_threshold')
267
+ check[:child_health_checks] = cfg['health_check_ids'] if cfg.has_key?('health_check_ids')
268
+ elsif cfg['method'] == "CLOUDWATCH_METRIC"
269
+ check[:insufficient_data] = cfg['insufficient_data'] if cfg.has_key?('insufficient_data')
270
+ check[:alarm_identifier] = {
271
+ region: cfg['alarm_region'],
272
+ name: cfg['alarm_name']
273
+ }
274
+ else
275
+ check[:resource_path] = cfg['path'] if cfg.has_key?('path')
276
+ check[:search_string] = cfg['search_string'] if cfg.has_key?('search_string')
277
+ check[:port] = cfg['port'] if cfg.has_key?('port')
278
+ check[:enable_sni] = cfg['enable_sni'] if cfg.has_key?('enable_sni')
279
+ check[:regions] = cfg['regions'] if cfg.has_key?('regions')
280
+ check[:measure_latency] = cfg['latency'] if cfg.has_key?('latency')
281
+ check[:check_interval] = cfg['check_interval']
282
+ check[:failure_threshold] = cfg['failure_threshold']
283
+
284
+ if target.match(/^\d+\.\d+\.\d+\.\d+$/)
285
+ check[:ip_address] = target
286
+ else
287
+ check[:fully_qualified_domain_name] = target
288
+ end
289
+ end
290
+
291
+ MU.log "Creating health check for #{cfg['name']}", details: check
292
+ id = MU::Cloud::AWS.route53.create_health_check(
293
+ caller_reference: "#{MU.deploy_id}-#{cfg['method']}-#{cfg['name']}-#{Time.now.to_i.to_s}",
294
+ health_check_config: check
295
+ ).health_check.id
296
+
297
+ # Currently the only thing we can tag in Route 53... is health checks.
298
+ tags = []
299
+ MU::MommaCat.listStandardTags.each_pair { |name, value|
300
+ tags << {key: name, value: value}
301
+ }
302
+
303
+ tags << {key: "Name", value: "#{MU.deploy_id}-#{cfg['name']}".upcase}
304
+
305
+ if cfg['optional_tags']
306
+ MU::MommaCat.listOptionalTags.each_pair { |name, value|
307
+ tags << {key: name, value: value}
308
+ }
309
+ end
310
+
311
+ if cfg['tags']
312
+ cfg['tags'].each { |tag|
313
+ tags << {key: tag['key'], value: tag['value']}
314
+ }
315
+ end
316
+
317
+ MU::Cloud::AWS.route53.change_tags_for_resource(
318
+ resource_type: "healthcheck",
319
+ resource_id: id,
320
+ add_tags: tags
321
+ )
322
+
323
+ return id
324
+ end
325
+
326
+
327
+ # Add or remove access for a given (presumably) private cloud-hosted DNS
328
+ # zone to/from the specified VPC.
329
+ # @param id [String]: The cloud identifier of the DNS zone to update
330
+ # @param vpc_id [String]: The cloud identifier of the VPC
331
+ # @param region [String]: The cloud provider's region
332
+ # @param remove [Boolean]: Whether to remove access (default: grant access)
333
+ def self.toggleVPCAccess(id: nil, vpc_id: nil, region: MU.curRegion, remove: false)
334
+
335
+ if !remove
336
+ MU.log "Granting VPC #{vpc_id} access to zone #{id}"
337
+ MU::Cloud::AWS.route53(region).associate_vpc_with_hosted_zone(
338
+ hosted_zone_id: id,
339
+ vpc: {
340
+ :vpc_id => vpc_id,
341
+ :vpc_region => region
342
+ },
343
+ comment: MU.deploy_id
344
+ )
345
+ else
346
+ MU.log "Revoking VPC #{vpc_id} access to zone #{id}"
347
+ begin
348
+ MU::Cloud::AWS.route53(region).disassociate_vpc_from_hosted_zone(
349
+ hosted_zone_id: id,
350
+ vpc: {
351
+ :vpc_id => vpc_id,
352
+ :vpc_region => region
353
+ },
354
+ comment: MU.deploy_id
355
+ )
356
+ rescue Aws::Route53::Errors::LastVPCAssociation => e
357
+ MU.log e.inspect, MU::WARN
358
+ rescue Aws::Route53::Errors::VPCAssociationNotFound => e
359
+ MU.log "VPC #{vpc_id} access to zone #{id} already revoked", MU::WARN
360
+ end
361
+ end
362
+ end
363
+
364
+ # Create a new DNS record in the given DNS zone
365
+ # @param id [String]: The cloud provider's identifier for the zone.
366
+ # @param name [String]: The DNS name we're creating
367
+ # @param type [String]: The class of DNS record we're creating (e.g. A, CNAME, PTR, SPF...)
368
+ # @param targets [Array<String>]: Standard DNS values for this record. Must be valid for the 'type' field, e.g. A records must point to a IP addresses.
369
+ # @param ttl [Integer]: The DNS time-to-live value for this record.
370
+ # @param delete [Boolean]: Whether to delete the described record, instead of creating.
371
+ # @param overwrite [Boolean]: Whether to overwrite existing records which match this description, as opposed to creating an entirely new one.
372
+ # @param sync_wait [Boolean]: Wait until the record change has fully propagated throughout Route53 before returning.
373
+ # @param failover [String]: "PRIMARY" or "SECONDARY" for Route53 failover. See also {MU::Config::BasketofKittens::dnszones::records}.
374
+ # @param healthcheck [String]: A Route53 healthcheck identifier for use with failover. Typically created by {MU::Config::BasketofKittens::dnszones::records::healthchecks}.
375
+ # @param region [String]: An Amazon Web Services region for use with latency-based routing. See also {MU::Config::BasketofKittens::dnszones::records}.
376
+ # @param weight [Integer]: A weight value used for weighted routing, used to determine proportion of traffic with other matching weighted records. See also {MU::Config::BasketofKittens::dnszones::records}.
377
+ # @param location [Hash<String>]: A parsed Hash of {MU::Config::BasketofKittens::dnszones::records::geo_location}.
378
+ # @param set_identifier [String]: A unique string to differentiate otherwise-similar records. Normally auto-generated, should not need to specify.
379
+ # @param alias_zone [String]: Zone ID of the target's hosted zone, when creating an alias (type R53ALIAS)
380
+ def self.manageRecord(id, name, type, targets: nil, aliases: nil,
381
+ ttl: 7200, delete: false, sync_wait: true, failover: nil,
382
+ healthcheck: nil, region: nil, weight: nil, overwrite: true,
383
+ location: nil, set_identifier: nil, alias_zone: nil)
384
+
385
+ MU.setVar("curRegion", region) if !region.nil?
386
+ zone = MU::Cloud::DNSZone.find(cloud_id: id).values.first
387
+ raise MuError, "Attempting to add record to nonexistent DNS zone #{id}" if zone.nil?
388
+ name = name + "." + zone.name if !name.match(/(^|\.)#{zone.name}$/)
389
+
390
+ action = "CREATE"
391
+ action = "UPSERT" if overwrite
392
+ action = "DELETE" if delete
393
+
394
+ if type == "R53ALIAS"
395
+ target_zone = id
396
+ target_name = targets[0].downcase
397
+ target_name.chomp!(".")
398
+
399
+ if !alias_zone.nil?
400
+ target_zone = "/hostedzone/"+alias_zone if !alias_zone.match(/^\/hostedzone\//)
401
+ else
402
+ MU::Cloud::AWS.listRegions.each { |region|
403
+ MU::Cloud::AWS.elb(region).describe_load_balancers.load_balancer_descriptions.each { |elb|
404
+ elb_dns = elb.dns_name.downcase
405
+ elb_dns.chomp!(".")
406
+ if target_name == elb_dns
407
+ MU.log "Resolved #{targets[0]} to an Elastic Load Balancer in zone #{elb.canonical_hosted_zone_name_id}", details: elb
408
+ target_zone = "/hostedzone/"+elb.canonical_hosted_zone_name_id
409
+ break
410
+ end
411
+ }
412
+ break if target_zone != id
413
+ }
414
+ end
415
+
416
+ base_rrset = {
417
+ name: name,
418
+ type: "A",
419
+ alias_target: {
420
+ hosted_zone_id: target_zone,
421
+ dns_name: targets[0],
422
+ evaluate_target_health: true
423
+ }
424
+ }
425
+ else
426
+ rrsets = []
427
+ if !targets.nil?
428
+ targets.each { |target|
429
+ rrsets << {value: target}
430
+ }
431
+ end
432
+
433
+ base_rrset = {
434
+ name: name,
435
+ type: type,
436
+ ttl: ttl,
437
+ resource_records: rrsets
438
+ }
439
+
440
+ if !healthcheck.nil?
441
+ base_rrset[:health_check_id] = healthcheck
442
+ end
443
+ end
444
+
445
+ params = {
446
+ hosted_zone_id: id,
447
+ change_batch: {
448
+ changes: [
449
+ {
450
+ action: action,
451
+ resource_record_set: base_rrset
452
+ }
453
+ ]
454
+ }
455
+ }
456
+
457
+ # Doing an UPSERT with a new set_identifier will fail with a record already exist error, so lets try and get it from an existing record.
458
+ # This can be an issue with multiple secondary failover records
459
+ if (location || failover || region || weight) && set_identifier.nil?
460
+ record_sets = MU::Cloud::AWS.route53.list_resource_record_sets(
461
+ hosted_zone_id: id,
462
+ start_record_name: name
463
+ ).resource_record_sets
464
+
465
+ record_sets.each { |r|
466
+ if r.name == name
467
+ if location && location == r.location
468
+ set_identifier = r.set_identifier
469
+ break
470
+ elsif failover && failover == r.failover
471
+ set_identifier = r.set_identifier
472
+ break
473
+ elsif region && region == r.region
474
+ set_identifier = r.set_identifier
475
+ break
476
+ elsif weight && weight == r.weight
477
+ set_identifier = r.set_identifier
478
+ break
479
+ end
480
+ end
481
+ }
482
+ end
483
+
484
+ if !failover.nil?
485
+ base_rrset[:failover] = failover
486
+ set_identifier ||= "#{MU.deploy_id}-failover-#{failover}".upcase
487
+ elsif !weight.nil?
488
+ base_rrset[:weight] = weight
489
+ set_identifier ||= "#{MU.deploy_id}-weighted-#{weight.to_s}".upcase
490
+ elsif !location.nil?
491
+ loc_arg = Hash.new
492
+ location.each_pair { |key, val|
493
+ sym = key.to_sym
494
+ loc_arg[sym] = val
495
+ }
496
+ base_rrset[:geo_location] = loc_arg
497
+ set_identifier ||= "#{MU.deploy_id}-location-#{location.values.join("-")}".upcase
498
+ elsif !region.nil?
499
+ base_rrset[:region] = region
500
+ set_identifier ||= "#{MU.deploy_id}-latency-#{region}".upcase
501
+ end
502
+
503
+ base_rrset[:set_identifier] = set_identifier if set_identifier
504
+
505
+ if delete
506
+ MU.log "Deleting DNS record #{name} (#{type}) from #{id}", details: params
507
+ else
508
+ MU.log "Adding DNS record #{name} => #{targets} (#{type}) to #{id}", details: params
509
+ end
510
+
511
+ begin
512
+ change_id = MU::Cloud::AWS.route53.change_resource_record_sets(params).change_info.id
513
+ rescue Aws::Route53::Errors::PriorRequestNotComplete => e
514
+ sleep 10
515
+ retry
516
+ rescue Aws::Route53::Errors::InvalidChangeBatch, Aws::Route53::Errors::InvalidInput, Exception => e
517
+ return if e.message.match(/ but it already exists$/) and !delete
518
+ MU.log "Failed to change DNS records, #{e.inspect}", MU::ERR, details: params
519
+ raise e if !delete
520
+ MU.log "Record #{name} (#{type}) in #{id} can't be deleted. Already removed? #{e.inspect}", MU::WARN, details: params if delete
521
+ return
522
+ end
523
+
524
+ if sync_wait
525
+ attempts = 0
526
+ start_time = Time.now.to_i
527
+ begin
528
+ MU.log "Waiting for DNS record change for '#{name}' to propagate in zone '#{zone.name}'", MU::NOTICE if attempts % 3 == 0
529
+ sleep 15
530
+ change_info = MU::Cloud::AWS.route53.get_change(id: change_id).change_info
531
+ if change_info.status != "INSYNC" and attempts % 3 == 0
532
+ MU.log "DNS zone #{zone.name} still in state #{change_info.status} after #{Time.now.to_i - start_time}s", MU::DEBUG, details: change_info
533
+ end
534
+ attempts = attempts + 1
535
+ end while change_info.status != "INSYNC"
536
+ end
537
+ end
538
+
539
+ # @resolver = Resolv::DNS.new
540
+
541
+ # Set a generic .platform-mu DNS entry for a resource, and return the name that
542
+ # was set.
543
+ # @param name [name]: The base name of the resource
544
+ # @param target [String]: The target of the DNS entry, usually an IP.
545
+ # @param noop [Boolean]: Don't attempt to adjust entries, just return the name we'd create/remove.
546
+ # @param delete [Boolean]: Remove this entry instead of creating it.
547
+ # @param cloudclass [Object]: The resource's Mu class.
548
+ # @param sync_wait [Boolean]: Wait for DNS entry to propagate across zone.
549
+ def self.genericMuDNSEntry(name: nil, target: nil, cloudclass: nil, noop: false, delete: false, sync_wait: true)
550
+ return nil if name.nil? or target.nil? or cloudclass.nil?
551
+ mu_zone = MU::Cloud::DNSZone.find(cloud_id: "platform-mu").values.first
552
+ raise MuError, "Couldn't isolate platform-mu DNS zone" if mu_zone.nil?
553
+
554
+ if !mu_zone.nil? and !MU.myVPC.nil?
555
+ subdomain = cloudclass.cfg_name
556
+ dns_name = name.downcase+"."+subdomain+"."+MU.myInstanceId
557
+ record_type = "CNAME"
558
+ record_type = "A" if target.match(/^\d+\.\d+\.\d+\.\d+/)
559
+ ip = nil
560
+
561
+ lookup = MU::Cloud::AWS.route53.list_resource_record_sets(
562
+ hosted_zone_id: mu_zone.id,
563
+ start_record_name: "#{dns_name}.platform-mu",
564
+ start_record_type: record_type
565
+ ).resource_record_sets
566
+
567
+ lookup.each { |record|
568
+ if record.name.match(/^#{dns_name}\.platform-mu/i) and record.type == record_type
569
+ record.resource_records.each { |rrset|
570
+ if rrset.value == target
571
+ ip = rrset.value
572
+ end
573
+ }
574
+
575
+ end
576
+ }
577
+
578
+ # begin
579
+ # ip = @resolver.getaddress("#{dns_name}.platform-mu")
580
+ #MU.log "@resolver.getaddress(#{dns_name}.platform-mu) => #{ip.to_s} (target is #{target})", MU::WARN, details: ip
581
+ # rescue Resolv::ResolvError => e
582
+ # MU.log "'#{dns_name}.platform-mu' does not resolve.", MU::DEBUG, details: e.inspect
583
+ # end
584
+
585
+ if ip == target
586
+ return "#{dns_name}.platform-mu" if !delete
587
+ elsif noop
588
+ return nil
589
+ end
590
+
591
+ sync_wait = false if delete
592
+
593
+ record_type = "R53ALIAS" if cloudclass == MU::Cloud::AWS::LoadBalancer
594
+ attempts = 0
595
+ begin
596
+ MU::Cloud::AWS::DNSZone.manageRecord(mu_zone.id, dns_name, record_type, targets: [target], delete: delete, sync_wait: sync_wait)
597
+ rescue Aws::Route53::Errors::PriorRequestNotComplete => e
598
+ MU.log "Route53 was still processing a request, waiting", MU::WARN, details: e
599
+ sleep 15
600
+ retry
601
+ rescue Aws::Route53::Errors::InvalidChangeBatch => e
602
+ if e.inspect.match(/alias target name does not lie within the target zone/) and attempts < 5
603
+ MU.log e.inspect, MU::WARN
604
+ sleep 15
605
+ attempts = attempts + 1
606
+ retry
607
+ elsif !e.inspect.match(/(it|name) already exists/)
608
+ raise MuError, "Problem managing entry for #{dns_name} -> #{target}: #{e.inspect}"
609
+ else
610
+ MU.log "#{dns_name} already exists", MU::DEBUG, details: e.inspect
611
+ end
612
+ end
613
+ return "#{dns_name}.platform-mu"
614
+ else
615
+ return nil
616
+ end
617
+ end
618
+
619
+ # Log DNS zone metadata to the deployment struct for the current deploy.
620
+ def notify
621
+ if @config["create_zone"]
622
+ # # XXX this wants generalization
623
+ # if !@deploy.deployment[MU::Cloud::DNSZone.cfg_plural].nil? and !@deploy.deployment[MU::Cloud::DNSZone.cfg_plural][name].nil?
624
+ # deploydata = @deploy.deployment[MU::Cloud::DNSZone.cfg_plural][name].dup
625
+ # else
626
+ # deploydata = Hash.new
627
+ # end
628
+
629
+ # resp = MU::Cloud::AWS.route53.get_hosted_zone(
630
+ # id: @config['zone_id']
631
+ # )
632
+ # deploydata.merge!(MU.structToHash(resp.hosted_zone))
633
+ # deploydata['vpcs'] = @config['vpcs'] if !@config['vpcs'].nil?
634
+ # deploydata["region"] = @config['region'] if !@config['region'].nil?
635
+ # @deploy.notify(MU::Cloud::DNSZone.cfg_plural, mu_name, deploydata)
636
+ # return deploydata
637
+
638
+ resp = MU::Cloud::AWS.route53.get_hosted_zone(id: @config['zone_id'])
639
+ vpcs = []
640
+ hosted_zone_vpcs = resp.vp_cs
641
+ if !hosted_zone_vpcs.empty?
642
+ hosted_zone_vpcs.each{ |vpc|
643
+ vpcs << vpc.to_h
644
+ }
645
+ end
646
+
647
+ {
648
+ "name" => resp.hosted_zone.name,
649
+ "id" => resp.hosted_zone.id,
650
+ "private" => resp.hosted_zone.config.private_zone,
651
+ "vpcs" => vpcs,
652
+ }
653
+
654
+ else
655
+ # We should probably return the records we created
656
+ {}
657
+ end
658
+ end
659
+
660
+ # Called by {MU::Cleanup}. Locates resources that were created by the
661
+ # currently-loaded deployment, and purges them.
662
+ def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, flags: {})
663
+ checks_to_clean = []
664
+ threads = []
665
+ MU::Cloud::AWS.route53(region).list_health_checks.health_checks.each { |check|
666
+ begin
667
+ tags = MU::Cloud::AWS.route53(region).list_tags_for_resource(
668
+ resource_type: "healthcheck",
669
+ resource_id: check.id
670
+ ).resource_tag_set.tags
671
+ muid_match = false
672
+ mumaster_match = false
673
+ tags.each { |tag|
674
+ muid_match = true if tag.key == "MU-ID" and tag.value == MU.deploy_id
675
+ mumaster_match = true if tag.key == "MU-MASTER-IP" and tag.value == MU.mu_public_ip
676
+ }
677
+
678
+ delete = false
679
+ if muid_match
680
+ if ignoremaster
681
+ delete = true
682
+ else
683
+ delete = true if mumaster_match
684
+ end
685
+ end
686
+
687
+ if delete
688
+ parent_thread_id = Thread.current.object_id
689
+ threads << Thread.new(check) { |mycheck|
690
+ MU.dupGlobals(parent_thread_id)
691
+ Thread.abort_on_exception = true
692
+ MU.log "Removing health check #{check.id}"
693
+ retries = 5
694
+ begin
695
+ MU::Cloud::AWS.route53(region).delete_health_check(health_check_id: check.id) if !noop
696
+ rescue Aws::Route53::Errors::NoSuchHealthCheck => e
697
+ MU.log "Health Check '#{check.id}' disappeared before I could remove it", MU::WARN, details: e.inspect
698
+ rescue Aws::Route53::Errors::InvalidInput => e
699
+ if e.message.match(/is still referenced from parent health check/) && retries <= 5
700
+ sleep 5
701
+ retries += 1
702
+ retry
703
+ else
704
+ MU.log "Health Check #{check.id} still has a parent health check associated with it, skipping", MU::WARN, details: e.inspect
705
+ end
706
+ end
707
+ }
708
+ end
709
+ rescue Aws::Route53::Errors::NoSuchHealthCheck => e
710
+ MU.log "Health Check '#{check.id}' disappeared before I could remove it", MU::WARN, details: e.inspect
711
+ end
712
+ }
713
+
714
+ threads.each { |t|
715
+ t.join
716
+ }
717
+
718
+ zones = MU::Cloud::DNSZone.find(deploy_id: MU.deploy_id, region: region)
719
+ zones.each_pair { |id, zone|
720
+ MU.log "Purging DNS Zone '#{zone.name}' (#{zone.id})"
721
+ if !noop
722
+ begin
723
+ # Clean up resource records first
724
+ rrsets = MU::Cloud::AWS.route53(region).list_resource_record_sets(hosted_zone_id: zone.id)
725
+ rrsets.resource_record_sets.each { |rrset|
726
+ next if zone.name == rrset.name and (rrset.type == "NS" or rrset.type == "SOA")
727
+ records = []
728
+ MU::Cloud::AWS.route53(region).change_resource_record_sets(
729
+ hosted_zone_id: zone.id,
730
+ change_batch: {
731
+ changes: [
732
+ {
733
+ action: "DELETE",
734
+ resource_record_set: MU.structToHash(rrset)
735
+ }
736
+ ]
737
+ }
738
+ )
739
+ }
740
+
741
+ MU::Cloud::AWS.route53(region).delete_hosted_zone(id: zone.id)
742
+ rescue Aws::Route53::Errors::PriorRequestNotComplete
743
+ MU.log "Still waiting for all records in DNS Zone '#{zone.name}' (#{zone.id}) to delete", MU::WARN
744
+ sleep 20
745
+ retry
746
+ rescue Aws::Route53::Errors::InvalidChangeBatch
747
+ # Just skip this
748
+ rescue Aws::Route53::Errors::NoSuchHostedZone => e
749
+ MU.log "DNS Zone '#{zone.name}' (#{zone.id}) disappeared before I could remove it", MU::WARN, details: e.inspect
750
+ rescue Aws::Route53::Errors::HostedZoneNotEmpty => e
751
+ raise MuError, e.inspect
752
+ end
753
+ end
754
+ }
755
+
756
+ # Lets try cleaning MU DNS records in all zones.
757
+ MU::Cloud::AWS.route53(region).list_hosted_zones.hosted_zones.each { |zone|
758
+ begin
759
+ zone_rrsets = []
760
+ rrsets = MU::Cloud::AWS.route53(region).list_resource_record_sets(hosted_zone_id: zone.id)
761
+ rrsets.resource_record_sets.each { |record|
762
+ zone_rrsets << record
763
+ }
764
+
765
+ # AWS API returns a maximum of 100 results. DNS zones are likely to have more than 100 records, lets page and make sure we grab all records in a given zone
766
+ while rrsets.next_record_name && rrsets.next_record_type
767
+ rrsets = MU::Cloud::AWS.route53(region).list_resource_record_sets(hosted_zone_id: zone.id, start_record_name: rrsets.next_record_name, start_record_type: rrsets.next_record_type)
768
+ rrsets.resource_record_sets.each { |record|
769
+ zone_rrsets << record
770
+ }
771
+ end
772
+
773
+ # TO DO: if we have more than one record it will retry the deletion multiple times and will throw Aws::Route53::Errors::InvalidChangeBatch / record not found even though the record was deleted
774
+ zone_rrsets.each { |record|
775
+ if record.name.match(MU.deploy_id.downcase)
776
+ resource_records = []
777
+ record.resource_records.each { |rrecord|
778
+ resource_records << rrecord.value
779
+ }
780
+
781
+ MU::Cloud::AWS::DNSZone.manageRecord(zone.id, record.name, record.type, targets: resource_records, ttl: record.ttl, sync_wait: false, delete: true) if !noop
782
+ end
783
+ }
784
+ rescue Aws::Route53::Errors::NoSuchHostedZone
785
+ MU.log "DNS Zone '#{zone.name}' #{zone.id} disappeared while was looking at", MU::WARN
786
+ end
787
+ }
788
+ end
789
+
790
+ # Cloud-specific configuration properties.
791
+ # @param config [MU::Config]: The calling MU::Config object
792
+ # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
793
+ def self.schema(config)
794
+ toplevel_required = []
795
+ schema = {}
796
+ [toplevel_required, schema]
797
+ end
798
+
799
+ # Cloud-specific pre-processing of {MU::Config::BasketofKittens::dnszones}, bare and unvalidated.
800
+ # @param zone [Hash]: The resource to process and validate
801
+ # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
802
+ # @return [Boolean]: True if validation succeeded, False otherwise
803
+ def self.validateConfig(zone, configurator)
804
+ ok = true
805
+
806
+ if !zone["records"].nil?
807
+ zone["records"].each { |record|
808
+ record['scrub_mu_isms'] = zone['scrub_mu_isms'] if zone.has_key?('scrub_mu_isms')
809
+ route_types = 0
810
+ route_types = route_types + 1 if !record['weight'].nil?
811
+ route_types = route_types + 1 if !record['geo_location'].nil?
812
+ route_types = route_types + 1 if !record['region'].nil?
813
+ route_types = route_types + 1 if !record['failover'].nil?
814
+
815
+ if route_types > 1
816
+ MU.log "At most one of weight, location, region, and failover can be specified in a record.", MU::ERR, details: record
817
+ ok = false
818
+ end
819
+
820
+ if !record['mu_type'].nil?
821
+ zone["dependencies"] << {
822
+ "type" => record['mu_type'],
823
+ "name" => record['target']
824
+ }
825
+ end
826
+
827
+ if record.has_key?('healthchecks') && !record['healthchecks'].empty?
828
+ primary_alarms_set = []
829
+ record['healthchecks'].each { |check|
830
+ check['alarm_region'] ||= zone['region'] if check['method'] == "CLOUDWATCH_METRIC"
831
+ primary_alarms_set << true if check['type'] == 'primary'
832
+ }
833
+
834
+ if primary_alarms_set.size != 1
835
+ MU.log "Must have only one primary health check, but #{primary_alarms_set.size} are set.", MU::ERR, details: record
836
+ ok = false
837
+ end
838
+
839
+ # record['healthcheck']['alarm_region'] ||= zone['region'] if record['healthcheck']['method'] == "CLOUDWATCH_METRIC"
840
+
841
+ if route_types == 0
842
+ MU.log "Health check in a DNS zone only valid with Weighted, Location-based, Latency-based, or Failover routing.", MU::ERR, details: record
843
+ ok = false
844
+ end
845
+ end
846
+
847
+ if !record['geo_location'].nil?
848
+ if !record['geo_location']['continent_code'].nil? and (!record['geo_location']['country_code'].nil? or !record['geo_location']['subdivision_code'].nil?)
849
+ MU.log "Location routing cannot mix continent_code with other location specifiers.", MU::ERR, details: record
850
+ ok = false
851
+ end
852
+ if record['geo_location']['country_code'].nil? and !record['geo_location']['subdivision_code'].nil?
853
+ MU.log "Cannot specify subdivision_code without country_code.", MU::ERR, details: record
854
+ ok = false
855
+ end
856
+ end
857
+ }
858
+ end
859
+
860
+ ok
861
+ end
862
+
863
+ # Canonical Amazon Resource Number for this resource
864
+ # @return [String]
865
+ def arn
866
+ nil # no such animal in Route53
867
+ end
868
+
869
+ # Locate an existing DNSZone or DNSZones and return an array containing matching AWS resource descriptors for those that match.
870
+ # @param cloud_id [String]: The cloud provider's identifier for this resource. Can also use the domain name, we'll check for both.
871
+ # @param region [String]: The cloud provider region
872
+ # @param flags [Hash]: Optional flags
873
+ # @return [Array<Hash<String,OpenStruct>>]: The cloud provider's complete descriptions of matching DNSZones
874
+ def self.find(cloud_id: nil, deploy_id: MU.deploy_id, region: MU.curRegion, flags: {})
875
+ matches = {}
876
+
877
+ resp = MU::Cloud::AWS.route53(region).list_hosted_zones(
878
+ max_items: 100
879
+ )
880
+
881
+ resp.hosted_zones.each { |zone|
882
+ if !cloud_id.nil? and !cloud_id.empty?
883
+ if zone.id == cloud_id
884
+ begin
885
+ matches[zone.id] = MU::Cloud::AWS.route53(region).get_hosted_zone(id: zone.id).hosted_zone
886
+ rescue Aws::Route53::Errors::NoSuchHostedZone
887
+ MU.log "Hosted zone #{zone.id} doesn't exist"
888
+ end
889
+ elsif zone.name == cloud_id or zone.name == cloud_id+"."
890
+ begin
891
+ matches[zone.id] = MU::Cloud::AWS.route53(region).get_hosted_zone(id: zone.id).hosted_zone
892
+ rescue Aws::Route53::Errors::NoSuchHostedZone
893
+ MU.log "Hosted zone #{zone.id} doesn't exist"
894
+ end
895
+ end
896
+ end
897
+ if !deploy_id.nil? and !deploy_id.empty? and zone.config.comment == deploy_id
898
+ begin
899
+ matches[zone.id] = MU::Cloud::AWS.route53(region).get_hosted_zone(id: zone.id).hosted_zone
900
+ rescue Aws::Route53::Errors::NoSuchHostedZone
901
+ MU.log "Hosted zone #{zone.id} doesn't exist"
902
+ end
903
+ end
904
+ }
905
+
906
+ return matches
907
+ end
908
+ end
909
+ end
910
+ end
911
+ end