cloud-mu 1.9.0.pre.beta
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/Berksfile +56 -0
- data/Berksfile.lock +250 -0
- data/Jenkinsfile +184 -0
- data/LICENSE.md +37 -0
- data/README.md +26 -0
- data/bin/mu-aws-setup +376 -0
- data/bin/mu-cleanup +68 -0
- data/bin/mu-configure +1133 -0
- data/bin/mu-deploy +166 -0
- data/bin/mu-firewall-allow-clients +30 -0
- data/bin/mu-gcp-setup +200 -0
- data/bin/mu-gen-docs +34 -0
- data/bin/mu-gen-env +42 -0
- data/bin/mu-load-config.rb +158 -0
- data/bin/mu-node-manage +683 -0
- data/bin/mu-self-update +228 -0
- data/bin/mu-ssh +23 -0
- data/bin/mu-tunnel-nagios +144 -0
- data/bin/mu-upload-chef-artifacts +757 -0
- data/bin/mu-user-manage +275 -0
- data/cookbooks/awscli/LICENSE +37 -0
- data/cookbooks/awscli/README.md +58 -0
- data/cookbooks/awscli/attributes/default.rb +1 -0
- data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
- data/cookbooks/awscli/metadata.rb +20 -0
- data/cookbooks/awscli/recipes/default.rb +56 -0
- data/cookbooks/awscli/templates/default/config.erb +18 -0
- data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
- data/cookbooks/mu-activedirectory/LICENSE +37 -0
- data/cookbooks/mu-activedirectory/README.md +6 -0
- data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
- data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
- data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
- data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
- data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
- data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
- data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
- data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
- data/cookbooks/mu-activedirectory/metadata.rb +17 -0
- data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
- data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
- data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
- data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
- data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
- data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
- data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
- data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
- data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
- data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
- data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
- data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
- data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
- data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
- data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
- data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
- data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
- data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
- data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
- data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
- data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
- data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
- data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
- data/cookbooks/mu-firewall/LICENSE +37 -0
- data/cookbooks/mu-firewall/README.md +5 -0
- data/cookbooks/mu-firewall/attributes/default.rb +3 -0
- data/cookbooks/mu-firewall/metadata.rb +16 -0
- data/cookbooks/mu-firewall/recipes/default.rb +10 -0
- data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
- data/cookbooks/mu-glusterfs/LICENSE +37 -0
- data/cookbooks/mu-glusterfs/README.md +5 -0
- data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
- data/cookbooks/mu-glusterfs/metadata.rb +17 -0
- data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
- data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
- data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
- data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
- data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
- data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
- data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
- data/cookbooks/mu-jenkins/LICENSE +37 -0
- data/cookbooks/mu-jenkins/README.md +105 -0
- data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
- data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
- data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
- data/cookbooks/mu-jenkins/metadata.rb +21 -0
- data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
- data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
- data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
- data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
- data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
- data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
- data/cookbooks/mu-master/CHANGELOG.md +13 -0
- data/cookbooks/mu-master/LICENSE +37 -0
- data/cookbooks/mu-master/README.md +6 -0
- data/cookbooks/mu-master/attributes/default.rb +95 -0
- data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
- data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
- data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
- data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
- data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
- data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
- data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
- data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
- data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
- data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
- data/cookbooks/mu-master/files/default/pam_sshd +18 -0
- data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
- data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
- data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
- data/cookbooks/mu-master/files/default/vimrc +19 -0
- data/cookbooks/mu-master/libraries/mu.rb +29 -0
- data/cookbooks/mu-master/metadata.rb +30 -0
- data/cookbooks/mu-master/providers/user.rb +41 -0
- data/cookbooks/mu-master/recipes/389ds.rb +164 -0
- data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
- data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
- data/cookbooks/mu-master/recipes/default.rb +451 -0
- data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
- data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
- data/cookbooks/mu-master/recipes/init.rb +542 -0
- data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
- data/cookbooks/mu-master/recipes/sssd.rb +89 -0
- data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
- data/cookbooks/mu-master/recipes/vault.rb +111 -0
- data/cookbooks/mu-master/resources/user.rb +19 -0
- data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
- data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
- data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
- data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
- data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
- data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
- data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
- data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
- data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
- data/cookbooks/mu-mongo/LICENSE +37 -0
- data/cookbooks/mu-mongo/README.md +5 -0
- data/cookbooks/mu-mongo/attributes/default.rb +22 -0
- data/cookbooks/mu-mongo/files/default/keyfile +16 -0
- data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
- data/cookbooks/mu-mongo/metadata.rb +17 -0
- data/cookbooks/mu-mongo/recipes/default.rb +149 -0
- data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
- data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
- data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
- data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
- data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
- data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
- data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
- data/cookbooks/mu-openvpn/LICENSE +37 -0
- data/cookbooks/mu-openvpn/README.md +6 -0
- data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
- data/cookbooks/mu-openvpn/metadata.rb +18 -0
- data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
- data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
- data/cookbooks/mu-php54/CHANGELOG.md +12 -0
- data/cookbooks/mu-php54/LICENSE +37 -0
- data/cookbooks/mu-php54/README.md +0 -0
- data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
- data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
- data/cookbooks/mu-php54/metadata.rb +21 -0
- data/cookbooks/mu-php54/recipes/default.rb +97 -0
- data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
- data/cookbooks/mu-splunk/LICENSE +37 -0
- data/cookbooks/mu-splunk/README.md +451 -0
- data/cookbooks/mu-splunk/attributes/default.rb +95 -0
- data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
- data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
- data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
- data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
- data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
- data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
- data/cookbooks/mu-splunk/metadata.json +30 -0
- data/cookbooks/mu-splunk/metadata.rb +17 -0
- data/cookbooks/mu-splunk/recipes/client.rb +143 -0
- data/cookbooks/mu-splunk/recipes/default.rb +31 -0
- data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
- data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
- data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
- data/cookbooks/mu-splunk/recipes/server.rb +53 -0
- data/cookbooks/mu-splunk/recipes/service.rb +95 -0
- data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
- data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
- data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
- data/cookbooks/mu-splunk/recipes/user.rb +34 -0
- data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
- data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
- data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
- data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
- data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
- data/cookbooks/mu-tools/CHANGELOG.md +12 -0
- data/cookbooks/mu-tools/LICENSE +37 -0
- data/cookbooks/mu-tools/README.md +188 -0
- data/cookbooks/mu-tools/attributes/default.rb +142 -0
- data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
- data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
- data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
- data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
- data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
- data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
- data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
- data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
- data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
- data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
- data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
- data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
- data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
- data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
- data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
- data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
- data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
- data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
- data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
- data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
- data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
- data/cookbooks/mu-tools/files/default/mypol.te +37 -0
- data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
- data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
- data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
- data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
- data/cookbooks/mu-tools/files/default/ntrights +0 -0
- data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
- data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
- data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
- data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
- data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
- data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
- data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
- data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
- data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
- data/cookbooks/mu-tools/libraries/helper.rb +292 -0
- data/cookbooks/mu-tools/metadata.rb +28 -0
- data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
- data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
- data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
- data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
- data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
- data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
- data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
- data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
- data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
- data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
- data/cookbooks/mu-tools/recipes/efs.rb +70 -0
- data/cookbooks/mu-tools/recipes/eks.rb +160 -0
- data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
- data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
- data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
- data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
- data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
- data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
- data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
- data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
- data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
- data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
- data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
- data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
- data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
- data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
- data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
- data/cookbooks/mu-tools/recipes/updates.rb +96 -0
- data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
- data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
- data/cookbooks/mu-tools/resources/disk.rb +88 -0
- data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
- data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
- data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
- data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
- data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
- data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
- data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
- data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
- data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
- data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
- data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
- data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
- data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
- data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
- data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
- data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
- data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
- data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
- data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
- data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
- data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
- data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
- data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
- data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
- data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
- data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
- data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
- data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
- data/cookbooks/mu-utility/CHANGELOG.md +12 -0
- data/cookbooks/mu-utility/LICENSE +37 -0
- data/cookbooks/mu-utility/README.md +6 -0
- data/cookbooks/mu-utility/attributes/default.rb +1 -0
- data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
- data/cookbooks/mu-utility/metadata.rb +16 -0
- data/cookbooks/mu-utility/recipes/apt.rb +23 -0
- data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
- data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
- data/cookbooks/mu-utility/recipes/luks.rb +18 -0
- data/cookbooks/mu-utility/recipes/nat.rb +104 -0
- data/cookbooks/mu-utility/recipes/php.rb +33 -0
- data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
- data/cookbooks/mu-utility/recipes/remi.rb +44 -0
- data/cookbooks/mu-utility/recipes/vim.rb +26 -0
- data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
- data/cookbooks/mu-utility/recipes/zip.rb +26 -0
- data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
- data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
- data/cookbooks/nagios/Berksfile +8 -0
- data/cookbooks/nagios/CHANGELOG.md +589 -0
- data/cookbooks/nagios/CONTRIBUTING.md +11 -0
- data/cookbooks/nagios/LICENSE +37 -0
- data/cookbooks/nagios/README.md +328 -0
- data/cookbooks/nagios/TESTING.md +2 -0
- data/cookbooks/nagios/attributes/config.rb +171 -0
- data/cookbooks/nagios/attributes/default.rb +228 -0
- data/cookbooks/nagios/chefignore +102 -0
- data/cookbooks/nagios/definitions/command.rb +33 -0
- data/cookbooks/nagios/definitions/contact.rb +33 -0
- data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
- data/cookbooks/nagios/definitions/host.rb +33 -0
- data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
- data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
- data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
- data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
- data/cookbooks/nagios/definitions/resource.rb +33 -0
- data/cookbooks/nagios/definitions/service.rb +33 -0
- data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
- data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
- data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
- data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
- data/cookbooks/nagios/libraries/base.rb +314 -0
- data/cookbooks/nagios/libraries/command.rb +91 -0
- data/cookbooks/nagios/libraries/contact.rb +230 -0
- data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
- data/cookbooks/nagios/libraries/custom_option.rb +36 -0
- data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
- data/cookbooks/nagios/libraries/default.rb +90 -0
- data/cookbooks/nagios/libraries/host.rb +412 -0
- data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
- data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
- data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
- data/cookbooks/nagios/libraries/nagios.rb +282 -0
- data/cookbooks/nagios/libraries/resource.rb +59 -0
- data/cookbooks/nagios/libraries/service.rb +455 -0
- data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
- data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
- data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
- data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
- data/cookbooks/nagios/libraries/users_helper.rb +54 -0
- data/cookbooks/nagios/metadata.rb +25 -0
- data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
- data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
- data/cookbooks/nagios/recipes/apache.rb +48 -0
- data/cookbooks/nagios/recipes/default.rb +204 -0
- data/cookbooks/nagios/recipes/nginx.rb +82 -0
- data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
- data/cookbooks/nagios/recipes/server_package.rb +40 -0
- data/cookbooks/nagios/recipes/server_source.rb +164 -0
- data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
- data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
- data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
- data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
- data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
- data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
- data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
- data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
- data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
- data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
- data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
- data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
- data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
- data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
- data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
- data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
- data/cookbooks/s3fs/CHANGELOG.md +13 -0
- data/cookbooks/s3fs/LICENSE +37 -0
- data/cookbooks/s3fs/README.md +6 -0
- data/cookbooks/s3fs/attributes/default.rb +15 -0
- data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
- data/cookbooks/s3fs/metadata.rb +16 -0
- data/cookbooks/s3fs/recipes/default.rb +91 -0
- data/data_bags/demo/app.json +7 -0
- data/data_bags/nagios_services/chef.json +6 -0
- data/data_bags/nagios_services/linux_diskspace.json +5 -0
- data/data_bags/nagios_services/momma_cat.json +6 -0
- data/data_bags/nagios_services/mu-master-memory.json +5 -0
- data/data_bags/nagios_services/nagios_ui.json +6 -0
- data/data_bags/nagios_services/node_ssh.json +6 -0
- data/data_bags/nagios_services/ssh.json +6 -0
- data/demo/lambda_test.yaml +29 -0
- data/environments/DEV.json +8 -0
- data/environments/PROD.json +8 -0
- data/environments/dev.json +8 -0
- data/environments/development.json +8 -0
- data/environments/prod.json +8 -0
- data/extras/README.md +1 -0
- data/extras/admin-role-binding.yaml +16 -0
- data/extras/admin-user.yaml +6 -0
- data/extras/aws-auth-cm.yaml.erb +12 -0
- data/extras/clean-stock-amis +48 -0
- data/extras/git-fix-permissions-hook +12 -0
- data/extras/gitlab-eks-helper.sh.erb +20 -0
- data/extras/image-generators/README.md +2 -0
- data/extras/image-generators/aws/centos6.yaml +18 -0
- data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
- data/extras/image-generators/aws/centos7.yaml +17 -0
- data/extras/image-generators/aws/rhel7.yaml +17 -0
- data/extras/image-generators/aws/win2k12.yaml +16 -0
- data/extras/image-generators/aws/win2k16.yaml +16 -0
- data/extras/image-generators/aws/windows.yaml +18 -0
- data/extras/image-generators/gcp/centos6.yaml +17 -0
- data/extras/lambda_waf_domain_blacklist.py +103 -0
- data/extras/platform_berksfile_base +50 -0
- data/extras/ruby_rpm/build.sh +17 -0
- data/extras/ruby_rpm/muby.spec +44 -0
- data/extras/vault_tools/README.md +6 -0
- data/extras/vault_tools/export_vaults.sh +3 -0
- data/extras/vault_tools/recreate_vaults.sh +5 -0
- data/extras/vault_tools/test_vaults.sh +5 -0
- data/install/README.md +8 -0
- data/install/cfn_create_mu_master.json +1034 -0
- data/install/chef-server.rb.erb +19 -0
- data/install/deprecated-bash-library.sh +1891 -0
- data/install/images/Usage.png +0 -0
- data/install/installer +71 -0
- data/install/jenkinskeys.rb +8 -0
- data/install/user-dot-murc.erb +14 -0
- data/modules/html.erb +19 -0
- data/modules/mommacat.ru +426 -0
- data/modules/mu/cleanup.rb +339 -0
- data/modules/mu/cloud.rb +1446 -0
- data/modules/mu/clouds/README.md +201 -0
- data/modules/mu/clouds/aws/alarm.rb +319 -0
- data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
- data/modules/mu/clouds/aws/collection.rb +373 -0
- data/modules/mu/clouds/aws/container_cluster.rb +667 -0
- data/modules/mu/clouds/aws/database.rb +1836 -0
- data/modules/mu/clouds/aws/dnszone.rb +911 -0
- data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
- data/modules/mu/clouds/aws/folder.rb +92 -0
- data/modules/mu/clouds/aws/function.rb +349 -0
- data/modules/mu/clouds/aws/group.rb +251 -0
- data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
- data/modules/mu/clouds/aws/log.rb +363 -0
- data/modules/mu/clouds/aws/msg_queue.rb +480 -0
- data/modules/mu/clouds/aws/notification.rb +139 -0
- data/modules/mu/clouds/aws/role.rb +656 -0
- data/modules/mu/clouds/aws/search_domain.rb +646 -0
- data/modules/mu/clouds/aws/server.rb +2294 -0
- data/modules/mu/clouds/aws/server_pool.rb +1388 -0
- data/modules/mu/clouds/aws/storage_pool.rb +495 -0
- data/modules/mu/clouds/aws/user.rb +382 -0
- data/modules/mu/clouds/aws/userdata/README.md +4 -0
- data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
- data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
- data/modules/mu/clouds/aws/vpc.rb +1943 -0
- data/modules/mu/clouds/aws.rb +1009 -0
- data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
- data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
- data/modules/mu/clouds/cloudformation/collection.rb +117 -0
- data/modules/mu/clouds/cloudformation/database.rb +278 -0
- data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
- data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
- data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
- data/modules/mu/clouds/cloudformation/log.rb +170 -0
- data/modules/mu/clouds/cloudformation/server.rb +370 -0
- data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
- data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
- data/modules/mu/clouds/cloudformation.rb +733 -0
- data/modules/mu/clouds/docker.rb +30 -0
- data/modules/mu/clouds/google/container_cluster.rb +290 -0
- data/modules/mu/clouds/google/database.rb +152 -0
- data/modules/mu/clouds/google/firewall_rule.rb +267 -0
- data/modules/mu/clouds/google/group.rb +164 -0
- data/modules/mu/clouds/google/loadbalancer.rb +479 -0
- data/modules/mu/clouds/google/server.rb +1510 -0
- data/modules/mu/clouds/google/server_pool.rb +274 -0
- data/modules/mu/clouds/google/user.rb +266 -0
- data/modules/mu/clouds/google/userdata/README.md +4 -0
- data/modules/mu/clouds/google/userdata/linux.erb +137 -0
- data/modules/mu/clouds/google/userdata/windows.erb +275 -0
- data/modules/mu/clouds/google/vpc.rb +890 -0
- data/modules/mu/clouds/google.rb +811 -0
- data/modules/mu/config/README.md +11 -0
- data/modules/mu/config/alarm.rb +271 -0
- data/modules/mu/config/cache_cluster.rb +172 -0
- data/modules/mu/config/collection.rb +87 -0
- data/modules/mu/config/container_cluster.rb +103 -0
- data/modules/mu/config/container_cluster.yml +36 -0
- data/modules/mu/config/database.rb +458 -0
- data/modules/mu/config/database.yml +26 -0
- data/modules/mu/config/dnszone.rb +327 -0
- data/modules/mu/config/firewall_rule.rb +118 -0
- data/modules/mu/config/folder.rb +70 -0
- data/modules/mu/config/function.rb +140 -0
- data/modules/mu/config/group.rb +64 -0
- data/modules/mu/config/loadbalancer.rb +482 -0
- data/modules/mu/config/log.rb +47 -0
- data/modules/mu/config/log.yml +6 -0
- data/modules/mu/config/msg_queue.rb +47 -0
- data/modules/mu/config/msg_queue.yml +9 -0
- data/modules/mu/config/notification.rb +44 -0
- data/modules/mu/config/project.rb +71 -0
- data/modules/mu/config/role.rb +102 -0
- data/modules/mu/config/search_domain.rb +61 -0
- data/modules/mu/config/search_domain.yml +25 -0
- data/modules/mu/config/server.rb +587 -0
- data/modules/mu/config/server.yml +8 -0
- data/modules/mu/config/server_pool.rb +216 -0
- data/modules/mu/config/server_pool.yml +71 -0
- data/modules/mu/config/storage_pool.rb +145 -0
- data/modules/mu/config/user.rb +78 -0
- data/modules/mu/config/vpc.rb +743 -0
- data/modules/mu/config/vpc.yml +6 -0
- data/modules/mu/config.rb +2000 -0
- data/modules/mu/defaults/README.md +2 -0
- data/modules/mu/defaults/amazon_images.yaml +121 -0
- data/modules/mu/defaults/google_images.yaml +16 -0
- data/modules/mu/deploy.rb +686 -0
- data/modules/mu/groomer.rb +123 -0
- data/modules/mu/groomers/README.md +58 -0
- data/modules/mu/groomers/chef.rb +1024 -0
- data/modules/mu/kittens.rb +11319 -0
- data/modules/mu/logger.rb +208 -0
- data/modules/mu/master/README.md +27 -0
- data/modules/mu/master/chef.rb +471 -0
- data/modules/mu/master/ldap.rb +1005 -0
- data/modules/mu/master.rb +415 -0
- data/modules/mu/mommacat.rb +2703 -0
- data/modules/mu-load-config.rb +1 -0
- data/modules/mu.rb +724 -0
- data/modules/scratchpad.erb +1 -0
- data/modules/tests/super_complex_bok.yml +41 -0
- data/modules/tests/super_simple_bok.yml +40 -0
- data/mu.gemspec +62 -0
- data/roles/demo-dbservice-configure.json +19 -0
- data/roles/demo-portal-configure.json +19 -0
- data/roles/mu-master-jenkins.json +24 -0
- data/roles/mu-master-nagios-only.json +13 -0
- data/roles/mu-master.json +12 -0
- data/roles/mu-node.json +19 -0
- data/roles/mu-splunk-server.json +13 -0
- data/roles/mu-splunk.json +13 -0
- data/test/clean_up.py +25 -0
- data/test/demo-test-profile/README.md +3 -0
- data/test/demo-test-profile/controls/flask.rb +84 -0
- data/test/demo-test-profile/inspec.lock +7 -0
- data/test/demo-test-profile/inspec.yml +11 -0
- data/test/etco-test-profile/README.md +3 -0
- data/test/etco-test-profile/controls/all-in-one.rb +182 -0
- data/test/etco-test-profile/inspec.lock +7 -0
- data/test/etco-test-profile/inspec.yml +11 -0
- data/test/exec_inspec.py +246 -0
- data/test/exec_mu_install.py +241 -0
- data/test/exec_retry.py +44 -0
- data/test/mu-master-test/README.md +3 -0
- data/test/mu-master-test/controls/all_in_one.rb +557 -0
- data/test/mu-master-test/inspec.lock +3 -0
- data/test/mu-master-test/inspec.yml +11 -0
- data/test/mu-tools-test/README.md +3 -0
- data/test/mu-tools-test/controls/base.rb +265 -0
- data/test/mu-tools-test/inspec.lock +3 -0
- data/test/mu-tools-test/inspec.yml +8 -0
- data/test/simple-server-php-test/README.md +3 -0
- data/test/simple-server-php-test/controls/apachephp.rb +25 -0
- data/test/simple-server-php-test/controls/example.rb +19 -0
- data/test/simple-server-php-test/inspec.lock +7 -0
- data/test/simple-server-php-test/inspec.yml +12 -0
- data/test/simple-server-rails-test/README.md +3 -0
- data/test/simple-server-rails-test/controls/rails.rb +188 -0
- data/test/simple-server-rails-test/inspec.lock +7 -0
- data/test/simple-server-rails-test/inspec.yml +11 -0
- data/test/simple-windows-test/README.md +3 -0
- data/test/simple-windows-test/controls/windows.rb +20 -0
- data/test/simple-windows-test/inspec.lock +7 -0
- data/test/simple-windows-test/inspec.yml +11 -0
- data/test/smoke_test.rb +75 -0
- data/test/wordpress-test/README.md +3 -0
- data/test/wordpress-test/controls/wordpress.rb +97 -0
- data/test/wordpress-test/inspec.lock +7 -0
- data/test/wordpress-test/inspec.yml +11 -0
- metadata +979 -0
data/bin/mu-user-manage
ADDED
|
@@ -0,0 +1,275 @@
|
|
|
1
|
+
#!/usr/local/ruby-current/bin/ruby
|
|
2
|
+
# Copyright:: Copyright (c) 2014 eGlobalTech, Inc., all rights reserved
|
|
3
|
+
#
|
|
4
|
+
# Licensed under the BSD-3 license (the "License");
|
|
5
|
+
# you may not use this file except in compliance with the License.
|
|
6
|
+
# You may obtain a copy of the License in the root of the project or at
|
|
7
|
+
#
|
|
8
|
+
# http://egt-labs.com/mu/LICENSE.html
|
|
9
|
+
#
|
|
10
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
12
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
13
|
+
# See the License for the specific language governing permissions and
|
|
14
|
+
# limitations under the License.
|
|
15
|
+
|
|
16
|
+
require File.realpath(File.expand_path(File.dirname(__FILE__)+"/mu-load-config.rb"))
|
|
17
|
+
# now we have our global config available as the read-only hash $MU_CFG
|
|
18
|
+
|
|
19
|
+
require 'mu'
|
|
20
|
+
require 'optimist'
|
|
21
|
+
require 'simple-password-gen'
|
|
22
|
+
require 'net/smtp'
|
|
23
|
+
|
|
24
|
+
if Etc.getpwuid(Process.uid).name != "root"
|
|
25
|
+
MU.log "#{$0} can only be run as root", MU::ERR
|
|
26
|
+
exit 1
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
$opts = Optimist::options do
|
|
30
|
+
banner <<-EOS
|
|
31
|
+
Listing users:
|
|
32
|
+
#{$0}
|
|
33
|
+
|
|
34
|
+
Show details for a specific user:
|
|
35
|
+
#{$0} <username>
|
|
36
|
+
|
|
37
|
+
Adding/modifying users:
|
|
38
|
+
#{$0} [-a|-r] [-e <email>] [-n '<Real Name>'] [-i|-p <password>|-g] [-o <chef_org>] [-v <chef_org>] [-m <email>] [-l <chef_user>] <username>
|
|
39
|
+
|
|
40
|
+
Deleting users:
|
|
41
|
+
#{$0} [-i] -d <username>
|
|
42
|
+
|
|
43
|
+
EOS
|
|
44
|
+
opt :delete, "Delete the user and all of their Chef and filesystem artifacts.", :require => false, :default => false, :type => :boolean
|
|
45
|
+
opt :skipupload, "Do not upload Chef artifacts to new users' orgs for them. The user's dotfiles will be configured to do so automatically on their first interactive login.", :require => false, :default => false, :type => :boolean
|
|
46
|
+
opt :monitoring_alerts_to, "Send this user's monitoring alerts to an alternate address. Set to 'none' to disable monitoring alerts to this user.", :require => false, :type => :string
|
|
47
|
+
opt :name, "The user's real name. Required when creating a new user.", :require => false, :type => :string
|
|
48
|
+
opt :email, "The user's email address. Required when creating a new user.", :require => false, :type => :string
|
|
49
|
+
opt :admin, "Flag the user as a Mu admin. They will be granted sudo access to the 'mu' (root's) Chef organization.", :require => false, :type => :boolean
|
|
50
|
+
opt :revoke_admin, "Revoke the user's status as a Mu admin. Access to the 'mu' (root) Chef organization and sudoers will be removed.", :require => false, :type => :boolean
|
|
51
|
+
opt :orgs, "Add the user to the named Chef organization, in addition to their default org or orgs.", :require => false, :type => :strings
|
|
52
|
+
opt :remove_from_orgs, "Remove the user to the named Chef organization.", :require => false, :type => :strings
|
|
53
|
+
opt :password, "Set a specific password for this user.", :require => false, :type => :string
|
|
54
|
+
opt :generate_password, "Generate and set a random password for this user.", :require => false, :type => :boolean, :default => false
|
|
55
|
+
opt :link_to_chef_user, "Link to an existing Chef user. Chef's naming restrictions sometimes necessitate having a different account name than everything else. Also useful for linking a pre-existing Chef user to the rest of a Mu account.", :require => false, :type => :string
|
|
56
|
+
opt :interactive, "Interactive prompt to set a password.", :require => false, :type => :boolean
|
|
57
|
+
opt :scratchpad, "Use Mu's Scratchpad to securely share user passwords instead of printing the password directly to the terminal.", :require => false, :type => :boolean, :default => true
|
|
58
|
+
opt :notify_user, "Share the Scratchpad link for new passwords to users via email, instead of printing to the screen.", :require => false, :type => :boolean, :default => false
|
|
59
|
+
opt :force_uid, "Change a user's uid, or request a specific uid for a new user. Not valid for Active Directory.", :require => false, :type => :integer, :default => -1
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
def mailUser(to, subject, message)
|
|
63
|
+
from = "root@#{$MU_CFG['host_name']}"
|
|
64
|
+
fullmsg = <<MESSAGE_END
|
|
65
|
+
From: Mu <#{from}>
|
|
66
|
+
To: #{to}
|
|
67
|
+
MIME-Version: 1.0
|
|
68
|
+
Content-type: text/html
|
|
69
|
+
Subject: #{subject}
|
|
70
|
+
|
|
71
|
+
<br>
|
|
72
|
+
<pre>#{message}</pre>
|
|
73
|
+
MESSAGE_END
|
|
74
|
+
Net::SMTP.start('localhost') do |smtp|
|
|
75
|
+
smtp.send_message(fullmsg, from, to)
|
|
76
|
+
end
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
def sendPassword(username, password, scratchpad: true, notify: true)
|
|
80
|
+
users = MU::Master::LDAP.findUsers
|
|
81
|
+
if scratchpad
|
|
82
|
+
scratchitem = MU::Master.storeScratchPadSecret("Mu password for user #{username}: #{password}")
|
|
83
|
+
url = "https://#{$MU_CFG['public_address']}/scratchpad/#{scratchitem}"
|
|
84
|
+
MU.log "Stored in scratchpad, public URL: #{url}", MU::NOTICE
|
|
85
|
+
if users[username]["mail"] and
|
|
86
|
+
users[username]["mail"].match(/^[A-Z0-9\._%\+\-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}$/i)
|
|
87
|
+
if notify
|
|
88
|
+
message = "Your Mu development credentials have been set.\nYou can access your new password ONCE by visiting the following url:\n\n<a href='#{url}'>#{url}</a>"
|
|
89
|
+
mailUser(users[username]["mail"], "Your Mu password password", message)
|
|
90
|
+
MU.log "Sent new password notification to #{users[username]["mail"]}."
|
|
91
|
+
MU.log "IMPORTANT: Be sure that your Mu Master is able to send mail (see /var/log/maillog)", MU::NOTICE
|
|
92
|
+
else
|
|
93
|
+
MU.log "Email notification disabled by default. Don't forget to share the Scratchpad URL with the user.", MU::WARN
|
|
94
|
+
end
|
|
95
|
+
else
|
|
96
|
+
MU.log "No email address found for #{username}, you will have to share the Scratchpad URL some other way.", MU::WARN
|
|
97
|
+
end
|
|
98
|
+
else
|
|
99
|
+
# XXX skip this message if we read the password interactively
|
|
100
|
+
MU.log "Password for #{username}: #{password}", MU::NOTICE
|
|
101
|
+
end
|
|
102
|
+
end
|
|
103
|
+
|
|
104
|
+
|
|
105
|
+
Dir.mkdir($MU_CFG['datadir']+"/users", 0755) if !Dir.exist?($MU_CFG['datadir']+"/users")
|
|
106
|
+
|
|
107
|
+
if $opts[:admin] and $opts[:revoke_admin]
|
|
108
|
+
MU.log "Cannot both add and revoke admin access", MU::ERR
|
|
109
|
+
Optimist::educate
|
|
110
|
+
end
|
|
111
|
+
if $opts[:password] and $opts[:generate_password]
|
|
112
|
+
MU.log "Cannot both specify a password and generate a password", MU::ERR
|
|
113
|
+
Optimist::educate
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
if $opts[:orgs] and $opts[:remove_from_orgs] and ($opts[:orgs] & $opts[:remove_from_orgs]).size > 0
|
|
117
|
+
MU.log "Cannot both add and remove from the same Chef org", MU::ERR
|
|
118
|
+
exit 1
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
$password = nil
|
|
122
|
+
if $opts[:generate_password]
|
|
123
|
+
$password = MU.generateWindowsPassword
|
|
124
|
+
elsif $opts[:password]
|
|
125
|
+
$password = $opts[:password]
|
|
126
|
+
elsif $opts[:interactive]
|
|
127
|
+
STDOUT.print "Enter password for #{$username}: "
|
|
128
|
+
$password = STDIN.noecho(&:gets)
|
|
129
|
+
puts
|
|
130
|
+
MU.log "Note: If this password does not comply with complexity requirements, you may get an 'Unwilling to perform' response", MU::NOTICE
|
|
131
|
+
end
|
|
132
|
+
|
|
133
|
+
$cur_users = MU::Master.listUsers
|
|
134
|
+
|
|
135
|
+
$opts.select { |opt| opt =~ /_given$/ }.size == 0
|
|
136
|
+
|
|
137
|
+
if !ARGV[0] or ARGV[0].empty?
|
|
138
|
+
bail = false
|
|
139
|
+
$opts.each_key { |opt|
|
|
140
|
+
if $opts[opt] and !opt.to_s.match(/_given$/) and !["notify_user", "scratchpad", "force_uid"].include?(opt.to_s)
|
|
141
|
+
MU.log "Must specify a username with the '#{opt.to_s}' option", MU::ERR
|
|
142
|
+
bail = true
|
|
143
|
+
end
|
|
144
|
+
}
|
|
145
|
+
Optimist::educate if bail
|
|
146
|
+
MU::Master.printUsersToTerminal
|
|
147
|
+
exit 0
|
|
148
|
+
elsif $opts.select { |opt| opt =~ /_given$/ }.size == 0
|
|
149
|
+
MU::Master.printUserDetails(ARGV[0])
|
|
150
|
+
exit 0
|
|
151
|
+
end
|
|
152
|
+
$username = ARGV[0]
|
|
153
|
+
|
|
154
|
+
[:orgs, :remove_from_orgs].each { |org_field|
|
|
155
|
+
bail = false
|
|
156
|
+
if $opts[org_field]
|
|
157
|
+
$opts[org_field].each { |org|
|
|
158
|
+
if !org.match(/^[a-z_][a-z0-9_]{0,30}$/i)
|
|
159
|
+
MU.log "'#{org}' is not a valid Chef org name", MU::ERR
|
|
160
|
+
bail = true
|
|
161
|
+
end
|
|
162
|
+
}
|
|
163
|
+
end
|
|
164
|
+
exit 1 if bail
|
|
165
|
+
}
|
|
166
|
+
|
|
167
|
+
[:email, :monitoring_alerts_to].each { |email_field|
|
|
168
|
+
bail = false
|
|
169
|
+
if $opts[email_field] and !$opts[email_field].match(/^[A-Z0-9\._%\+\-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}$/i) and !(email_field == :monitoring_alerts_to and $opts[email_field] == "none")
|
|
170
|
+
MU.log "'#{$opts[email_field]}' is not a valid email address", MU::ERR
|
|
171
|
+
bail = true
|
|
172
|
+
end
|
|
173
|
+
exit 1 if bail
|
|
174
|
+
}
|
|
175
|
+
|
|
176
|
+
if $opts[:name] and !$opts[:name].match(/ /)
|
|
177
|
+
MU.log "'name' field must consist of at least two words (saw '#{$opts[:name]}')", MU::ERR
|
|
178
|
+
exit 1
|
|
179
|
+
end
|
|
180
|
+
|
|
181
|
+
if $opts[:link_to_chef_user] and !MU::Master::Chef.getUser($opts[:link_to_chef_user])
|
|
182
|
+
MU.log "Requested link to Chef user '#{$opts[:link_to_chef_user]}', but that user doesn't exist", MU::ERR
|
|
183
|
+
exit 1
|
|
184
|
+
end
|
|
185
|
+
|
|
186
|
+
# Delete an existing account
|
|
187
|
+
if $opts[:delete]
|
|
188
|
+
bail = false
|
|
189
|
+
$opts.each_key { |opt|
|
|
190
|
+
if !["delete", "scratchpad", "notify_user"].include?(opt.to_s) and
|
|
191
|
+
$opts[opt] and !opt.to_s.match(/_given$/)
|
|
192
|
+
MU.log "Ignoring extraneous option '#{opt.to_s}' in delete", MU::WARN
|
|
193
|
+
end
|
|
194
|
+
}
|
|
195
|
+
exit 1 if bail
|
|
196
|
+
|
|
197
|
+
MU::Master.deleteUser($username)
|
|
198
|
+
|
|
199
|
+
else
|
|
200
|
+
create = false
|
|
201
|
+
if !$cur_users.has_key?($username)
|
|
202
|
+
$cur_users[$username] = {} if !$cur_users.has_key?($username)
|
|
203
|
+
create = true
|
|
204
|
+
end
|
|
205
|
+
|
|
206
|
+
$cur_users[$username]['realname'] = $opts[:name] if $opts[:name]
|
|
207
|
+
$cur_users[$username]['email'] = $opts[:email] if $opts[:email]
|
|
208
|
+
$cur_users[$username]['admin'] = true if $opts[:admin]
|
|
209
|
+
$cur_users[$username]['admin'] = false if $opts[:revoke_admin]
|
|
210
|
+
if $opts[:link_to_chef_user]
|
|
211
|
+
$cur_users[$username]['chef_user'] = $opts[:link_to_chef_user].dup
|
|
212
|
+
else
|
|
213
|
+
$cur_users[$username]['chef_user'] = $username.dup
|
|
214
|
+
end
|
|
215
|
+
|
|
216
|
+
# Validate for modifying an existing account
|
|
217
|
+
if !create
|
|
218
|
+
bail = false
|
|
219
|
+
if !$cur_users[$username].has_key?("email") and !$opts[:email]
|
|
220
|
+
MU.log "#{$username} does not have an email address set in LDAP, must supply one with -e to modify this account.", MU::ERR
|
|
221
|
+
bail = true
|
|
222
|
+
end
|
|
223
|
+
if !$cur_users[$username].has_key?("realname") and !$opts[:name]
|
|
224
|
+
MU.log "#{$username} does not have a display name set in LDAP, must supply one with -n to modify this account.", MU::ERR
|
|
225
|
+
bail = true
|
|
226
|
+
end
|
|
227
|
+
exit 1 if bail
|
|
228
|
+
|
|
229
|
+
# Validate for creating a new account
|
|
230
|
+
else
|
|
231
|
+
bail = false
|
|
232
|
+
|
|
233
|
+
if !$opts[:email]
|
|
234
|
+
MU.log "#{$username} does not have an email address set in LDAP, must supply one with -e.", MU::ERR
|
|
235
|
+
bail = true
|
|
236
|
+
end
|
|
237
|
+
if !$opts[:name]
|
|
238
|
+
MU.log "#{$username} does not have a display name set in LDAP, must supply one with -n.", MU::ERR
|
|
239
|
+
bail = true
|
|
240
|
+
end
|
|
241
|
+
if $password.nil?
|
|
242
|
+
$password = MU.generateWindowsPassword
|
|
243
|
+
MU.log "Creating a new account but no password supplied, invoking -g (generate) behavior.", MU::NOTICE
|
|
244
|
+
end
|
|
245
|
+
exit 1 if bail
|
|
246
|
+
end
|
|
247
|
+
|
|
248
|
+
if !MU::Master.manageUser(
|
|
249
|
+
$username,
|
|
250
|
+
chef_username: $cur_users[$username]['chef_user'],
|
|
251
|
+
name: $cur_users[$username]['realname'],
|
|
252
|
+
email: $cur_users[$username]['email'],
|
|
253
|
+
admin: $cur_users[$username]['admin'],
|
|
254
|
+
password: $password,
|
|
255
|
+
change_uid: $opts[:force_uid],
|
|
256
|
+
orgs: $opts[:orgs],
|
|
257
|
+
remove_orgs: $opts[:remove_from_orgs]
|
|
258
|
+
)
|
|
259
|
+
exit 1
|
|
260
|
+
end
|
|
261
|
+
if create and !$opts[:skipupload]
|
|
262
|
+
home = Etc.getpwnam($username).dir
|
|
263
|
+
MU.log "Uploading Chef artifacts to the new '#{$username}' organization. This may take a while.", MU::NOTICE
|
|
264
|
+
%x{/bin/su - #{$username} -c "#{$MU_CFG['installdir']}/bin/mu-upload-chef-artifacts -n 2>&1 > /dev/null && touch #{home}/.first_chef_upload"}
|
|
265
|
+
end
|
|
266
|
+
end
|
|
267
|
+
if $password
|
|
268
|
+
if $opts[:notify_user] or $opts[:scratchpad]
|
|
269
|
+
sendPassword($username, $password, scratchpad: $opts[:scratchpad], notify: $opts[:notify_user])
|
|
270
|
+
elsif $opts[:generate_password]
|
|
271
|
+
MU.log "Generated password for #{$username}: #{$password}", MU::NOTICE
|
|
272
|
+
end
|
|
273
|
+
end
|
|
274
|
+
|
|
275
|
+
MU::Master.printUsersToTerminal
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
Through accessing, reading, or utilizing this software in any manner whatsoever
|
|
2
|
+
or through any means whatsoever, whether the access, reading or use is either
|
|
3
|
+
solely looking at this software or this software has been integrated into any
|
|
4
|
+
derivative work, the party accessing, reading, or utilizing the software
|
|
5
|
+
directly or indirectly agrees to abide by the following license.
|
|
6
|
+
|
|
7
|
+
The eGlobalTech Cloud Automation Platform is the Copyright (c) 2014 of Global
|
|
8
|
+
Tech Inc. All rights reserved.
|
|
9
|
+
|
|
10
|
+
Redistribution and use in source and binary forms, with or without
|
|
11
|
+
modification, are permitted provided that the following conditions are met:
|
|
12
|
+
|
|
13
|
+
1. Redistributions of source code must retain the above copyright notice, this
|
|
14
|
+
list of conditions and the following disclaimer.
|
|
15
|
+
|
|
16
|
+
2. Redistributions in binary form must reproduce the above copyright notice,
|
|
17
|
+
this list of conditions and the following disclaimer in the documentation
|
|
18
|
+
and/or other materials provided with the distribution.
|
|
19
|
+
|
|
20
|
+
3. Neither the name of the copyright holder nor the names of its contributors
|
|
21
|
+
may be used to endorse or promote products derived from this software without
|
|
22
|
+
specific prior written permission.
|
|
23
|
+
|
|
24
|
+
Global Tech, Inc. is the co-owner of any derivative works created with this
|
|
25
|
+
software.
|
|
26
|
+
|
|
27
|
+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
|
28
|
+
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
29
|
+
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
30
|
+
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
|
|
31
|
+
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
32
|
+
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
33
|
+
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
|
34
|
+
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
35
|
+
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
36
|
+
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
37
|
+
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
awscli
|
|
2
|
+
======
|
|
3
|
+
|
|
4
|
+
Installs and configures the awscli command-line tool [(the new one, supporting all AWS services)][1]
|
|
5
|
+
|
|
6
|
+
Configuring
|
|
7
|
+
===========
|
|
8
|
+
|
|
9
|
+
You can control when the awscli tool will be installed during the chef run, either
|
|
10
|
+
in the compile stage or in the converge stage.
|
|
11
|
+
|
|
12
|
+
The attribute `[:awscli][:compile_time]` defaults to `false`, meaning the awscli
|
|
13
|
+
will be installed during converge time. It can be set to `true` to install at compile time.
|
|
14
|
+
Do this if you need to use the awscli in your recipes during compile time (for example, to list
|
|
15
|
+
the EBS attachments of the current instance).
|
|
16
|
+
|
|
17
|
+
This cookbook will optionally configure the awscli tool. If your instance has an IAM
|
|
18
|
+
Role then the awscli will pick up that role's credentials automatically from the instance
|
|
19
|
+
metadata, so you may not need to configure the access keys. You might still want to configure the
|
|
20
|
+
default region.
|
|
21
|
+
|
|
22
|
+
The following attributes are optional and are not specified by default. If present these
|
|
23
|
+
will be used configure the awscli:
|
|
24
|
+
|
|
25
|
+
[:awscli][:config_profiles] - a hash of configuration profiles
|
|
26
|
+
[:awscli][:config_profiles]<profile_key> - the name of the profile
|
|
27
|
+
[:awscli][:config_profiles][<profile_key>]<option_name> = <option_value> - config options
|
|
28
|
+
|
|
29
|
+
For example, to configure the default profile, specify the following:
|
|
30
|
+
|
|
31
|
+
'awscli': {
|
|
32
|
+
'config_profiles': {
|
|
33
|
+
'default' : {
|
|
34
|
+
'region' : 'us-east-1',
|
|
35
|
+
'aws_acces_key_id' : 'SOMESECRET',
|
|
36
|
+
'aws_secret_access_key : 'ANOTHERSECRET'
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
The keys and values inside the profile_key hash are placed directly into the awscli config file.
|
|
42
|
+
Use this mechanism to specify additional configuration (such as output style) and additional profiles.
|
|
43
|
+
|
|
44
|
+
Using
|
|
45
|
+
=====
|
|
46
|
+
|
|
47
|
+
If you use the awscli in your recipes, you may want to make use of the
|
|
48
|
+
library provided by this cookbook, InstanceMetadata. It provides a method
|
|
49
|
+
`wait_for_instance_IAM_metadata_to_be_available` which you may call before attempting
|
|
50
|
+
to use the awscli with credentials from the instance's IAM role.
|
|
51
|
+
|
|
52
|
+
Here's why: When you are running on an instance with an IAM role, the IAM credentials
|
|
53
|
+
are not ready until some time after the instance boots. Calling the awscli before the IAM
|
|
54
|
+
credentials are ready will fail.
|
|
55
|
+
|
|
56
|
+
If you specify AWS credentials in the config file, then you won't need to worry about this.
|
|
57
|
+
|
|
58
|
+
[1]: http://aws.amazon.com/cli/
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
default['awscli']['compile_time'] = false
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
module InstanceMetadata
|
|
2
|
+
|
|
3
|
+
@metadata_ready = false
|
|
4
|
+
|
|
5
|
+
def self.wait_for_instance_IAM_metadata_to_be_available()
|
|
6
|
+
unless @metadata_ready
|
|
7
|
+
loop do
|
|
8
|
+
wget = Mixlib::ShellOut.new("wget -q -O - 'http://169.254.169.254/latest/meta-data/iam/info/'").run_command
|
|
9
|
+
if wget.exitstatus && wget.stdout.length > 1
|
|
10
|
+
Chef::Log.info("Instance IAM metadata is available.")
|
|
11
|
+
@metadata_ready = true
|
|
12
|
+
break
|
|
13
|
+
else
|
|
14
|
+
Chef::Log.debug("Waiting 2 more seconds for instance IAM metadata to be available...")
|
|
15
|
+
sleep 2
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
end
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
name 'awscli'
|
|
2
|
+
maintainer 'Shlomo Swidler'
|
|
3
|
+
maintainer_email 'shlomo.swidler@orchestratus.com'
|
|
4
|
+
license 'BSD-3-Clause'
|
|
5
|
+
description 'Installs the AWS command line tools'
|
|
6
|
+
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
|
|
7
|
+
source_url 'https://github.com/cloudamatic/mu'
|
|
8
|
+
issues_url 'https://github.com/cloudamatic/mu/issues'
|
|
9
|
+
chef_version '>= 12.1' if respond_to?(:chef_version)
|
|
10
|
+
version '0.2.1'
|
|
11
|
+
|
|
12
|
+
# Mod by rpc to depend on epel recipe.
|
|
13
|
+
|
|
14
|
+
recipe "default", "Install AWS CLI tools"
|
|
15
|
+
|
|
16
|
+
%w{redhat centos fedora amazon scientific debian ubuntu}.each do |plat|
|
|
17
|
+
supports plat
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
#depends 'mu-utility::epel'
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
# installs Amazon's awscli tools
|
|
2
|
+
# mod by rpc to include epel
|
|
3
|
+
|
|
4
|
+
case node['platform']
|
|
5
|
+
when 'debian', 'ubuntu'
|
|
6
|
+
file = "/usr/local/bin/aws"
|
|
7
|
+
cmd = "apt-get install -y python-pip && pip install awscli"
|
|
8
|
+
when 'redhat', 'centos', 'fedora', 'amazon', 'scientific'
|
|
9
|
+
# must include epel for centos. For now do in roles until we fix egt-get-cookbooks.sh
|
|
10
|
+
#include_recipe "mu-utility::epel"
|
|
11
|
+
file = "/usr/bin/aws"
|
|
12
|
+
cmd = "yum -y install python-pip && pip install awscli"
|
|
13
|
+
end
|
|
14
|
+
r = execute "install awscli" do
|
|
15
|
+
command cmd
|
|
16
|
+
not_if { ::File.exists?(file) }
|
|
17
|
+
if node['awscli']['compile_time']
|
|
18
|
+
action :nothing
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
if node['awscli']['compile_time']
|
|
22
|
+
r.run_action(:run)
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
if node['awscli']['config_profiles']
|
|
26
|
+
config_file="/root/.aws/config"
|
|
27
|
+
|
|
28
|
+
r = directory ::File.dirname(config_file) do
|
|
29
|
+
recursive true
|
|
30
|
+
owner 'root'
|
|
31
|
+
group 'root'
|
|
32
|
+
mode 00700
|
|
33
|
+
not_if { ::File.exists?(::File.dirname(config_file)) }
|
|
34
|
+
if node['awscli']['compile_time']
|
|
35
|
+
action :nothing
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
if node['awscli']['compile_time']
|
|
39
|
+
r.run_action(:create)
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
r = template config_file do
|
|
43
|
+
mode 00600
|
|
44
|
+
owner 'root'
|
|
45
|
+
group 'root'
|
|
46
|
+
source 'config.erb'
|
|
47
|
+
not_if { ::File.exists?(config_file) }
|
|
48
|
+
if node['awscli']['compile_time']
|
|
49
|
+
action :nothing
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
if node['awscli']['compile_time']
|
|
53
|
+
r.run_action(:create)
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
# Configuration for the awscli tool
|
|
2
|
+
|
|
3
|
+
<% default_profile = node['awscli']['config_profiles']['default']
|
|
4
|
+
unless default_profile.nil? %>
|
|
5
|
+
[default]
|
|
6
|
+
<% default_profile.each do |key, value| %>
|
|
7
|
+
<%= key %> = <%= value %>
|
|
8
|
+
<% end
|
|
9
|
+
end %>
|
|
10
|
+
|
|
11
|
+
<% node['awscli']['config_profiles'].each do |profile, options|
|
|
12
|
+
next if profile=='default' %>
|
|
13
|
+
[profile <%= profile %>]
|
|
14
|
+
<% options.each do |key, value| %>
|
|
15
|
+
<%= key %> = <%= value %>
|
|
16
|
+
<% end %>
|
|
17
|
+
|
|
18
|
+
<% end %>
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
mu-activedirectory CHANGELOG
|
|
2
|
+
==========================
|
|
3
|
+
|
|
4
|
+
This file is used to list changes made in each version of the mu-activedirectory cookbook.
|
|
5
|
+
|
|
6
|
+
0.1.0
|
|
7
|
+
-----
|
|
8
|
+
- [your_name] - Initial release of mu-activedirectory
|
|
9
|
+
|
|
10
|
+
- - -
|
|
11
|
+
Check the [Markdown Syntax Guide](http://daringfireball.net/projects/markdown/syntax) for help with Markdown.
|
|
12
|
+
|
|
13
|
+
The [Github Flavored Markdown page](http://github.github.com/github-flavored-markdown/) describes the differences between markdown on github and standard markdown.
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
Through accessing, reading, or utilizing this software in any manner whatsoever
|
|
2
|
+
or through any means whatsoever, whether the access, reading or use is either
|
|
3
|
+
solely looking at this software or this software has been integrated into any
|
|
4
|
+
derivative work, the party accessing, reading, or utilizing the software
|
|
5
|
+
directly or indirectly agrees to abide by the following license.
|
|
6
|
+
|
|
7
|
+
The eGlobalTech Cloud Automation Platform is the Copyright (c) 2014 of Global
|
|
8
|
+
Tech Inc. All rights reserved.
|
|
9
|
+
|
|
10
|
+
Redistribution and use in source and binary forms, with or without
|
|
11
|
+
modification, are permitted provided that the following conditions are met:
|
|
12
|
+
|
|
13
|
+
1. Redistributions of source code must retain the above copyright notice, this
|
|
14
|
+
list of conditions and the following disclaimer.
|
|
15
|
+
|
|
16
|
+
2. Redistributions in binary form must reproduce the above copyright notice,
|
|
17
|
+
this list of conditions and the following disclaimer in the documentation
|
|
18
|
+
and/or other materials provided with the distribution.
|
|
19
|
+
|
|
20
|
+
3. Neither the name of the copyright holder nor the names of its contributors
|
|
21
|
+
may be used to endorse or promote products derived from this software without
|
|
22
|
+
specific prior written permission.
|
|
23
|
+
|
|
24
|
+
Global Tech, Inc. is the co-owner of any derivative works created with this
|
|
25
|
+
software.
|
|
26
|
+
|
|
27
|
+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
|
28
|
+
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
29
|
+
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
30
|
+
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
|
|
31
|
+
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
32
|
+
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
33
|
+
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
|
34
|
+
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
35
|
+
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
36
|
+
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
37
|
+
|
|
@@ -0,0 +1,98 @@
|
|
|
1
|
+
default['ad']['samba_include_file'] = "smb_extra.conf"
|
|
2
|
+
default['ad']['samba_conf_dir'] = "/etc/samba"
|
|
3
|
+
default['ad']['netbios_name'] = "cloudamatic"
|
|
4
|
+
default['ad']['dns_name'] = "ad.cloudamatic.com"
|
|
5
|
+
default['ad']['site_name'] = "AZ1"
|
|
6
|
+
default['ad']['dn_dc_ou'] = "Domain Controllers"
|
|
7
|
+
default['ad']['dn_domain_cmpnt'] = "dc=ad,dc=cloudamatic,dc=com"
|
|
8
|
+
default['ad']['computer_ou'] = nil
|
|
9
|
+
default['ad']['domain_controller_names'] = []
|
|
10
|
+
default['ad']['computer_name'] = nil
|
|
11
|
+
default['ad']['homedir'] = "/home/%u"
|
|
12
|
+
|
|
13
|
+
# This is done in Mu.
|
|
14
|
+
# node[:deployment][:servers].each_pair { |node_class, nodes|
|
|
15
|
+
# nodes.each_pair { |name, data|
|
|
16
|
+
# if name == Chef::Config[:node_name]
|
|
17
|
+
# my_subnet_id = data['subnet_id']
|
|
18
|
+
# if node['ad'][:domain_controller_names].empty?
|
|
19
|
+
# if data['mu_windows_name']
|
|
20
|
+
# default['ad'][:computer_name] = data['mu_windows_name']
|
|
21
|
+
# default['ad'][:node_class] = node_class
|
|
22
|
+
# end
|
|
23
|
+
# end
|
|
24
|
+
# end
|
|
25
|
+
# } rescue NoMethodError
|
|
26
|
+
# } rescue NoMethodError
|
|
27
|
+
|
|
28
|
+
default['ad']['sites'] = []
|
|
29
|
+
if !node['deployment']['vpcs'].empty?
|
|
30
|
+
vpc = node['deployment']['vpcs'][node['deployment']['vpcs'].keys.first]
|
|
31
|
+
vpc['subnets'].each_pair { |name, data|
|
|
32
|
+
default['ad']['sites'] << {
|
|
33
|
+
:name => data['name'],
|
|
34
|
+
:ip_block => data['ip_block']
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
end rescue NoMethodError
|
|
38
|
+
|
|
39
|
+
default['ad']['ntds_static_port'] = 50152
|
|
40
|
+
default['ad']['ntfrs_static_port'] = 50154
|
|
41
|
+
default['ad']['dfsr_static_port'] = 50156
|
|
42
|
+
default['ad']['netlogon_static_port'] = 50158
|
|
43
|
+
|
|
44
|
+
default['windows_admin_username'] = "Administrator"
|
|
45
|
+
# Credentials for joining an Active Directory domain should be stored in a Chef
|
|
46
|
+
# Vault structured like so:
|
|
47
|
+
# {
|
|
48
|
+
# "username": "join_domain_user",
|
|
49
|
+
# "password": "join_domain_password"
|
|
50
|
+
# }
|
|
51
|
+
|
|
52
|
+
begin
|
|
53
|
+
default['ad']['admin_auth'] = {
|
|
54
|
+
:vault => node['ad']['domain_admin_vault'],
|
|
55
|
+
:item => node['ad']['domain_admin_item'],
|
|
56
|
+
:password_field => node['ad']['domain_admin_password_field'],
|
|
57
|
+
:username_field => node['ad']['domain_admin_username_field']
|
|
58
|
+
}
|
|
59
|
+
rescue NoMethodError => e
|
|
60
|
+
default['ad']['admin_auth'] = {
|
|
61
|
+
:vault => "activedirectory",
|
|
62
|
+
:item => "domain_admin",
|
|
63
|
+
:password_field => "password",
|
|
64
|
+
:username_field => "username"
|
|
65
|
+
}
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
begin
|
|
69
|
+
default['ad']['join_auth'] = {
|
|
70
|
+
:vault => node['ad']['domain_join_vault'],
|
|
71
|
+
:item => node['ad']['domain_join_item'],
|
|
72
|
+
:password_field => node['ad']['domain_join_password_field'],
|
|
73
|
+
:username_field => node['ad']['domain_join_username_field']
|
|
74
|
+
}
|
|
75
|
+
rescue NoMethodError => e
|
|
76
|
+
default['ad']['join_auth'] = {
|
|
77
|
+
:vault => "activedirectory",
|
|
78
|
+
:item => "join_domain",
|
|
79
|
+
:password_field => "password",
|
|
80
|
+
:username_field => "username"
|
|
81
|
+
}
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
default['ad']['dc_ips'] = []
|
|
85
|
+
if node['ad']['dc_ips'].empty?
|
|
86
|
+
resolver = Resolv::DNS.new
|
|
87
|
+
node['ad']['dcs'].each { |dc|
|
|
88
|
+
if dc.match(/^\d+\.\d+\.\d+\.\d+$/)
|
|
89
|
+
default['ad']['dc_ips'] << dc
|
|
90
|
+
else
|
|
91
|
+
begin
|
|
92
|
+
default['ad']['dc_ips'] << resolver.getaddress(dc).to_s
|
|
93
|
+
rescue Resolv::ResolvError => e
|
|
94
|
+
Chef::Log.warn ("Couldn't resolve domain controller #{dc}!")
|
|
95
|
+
end
|
|
96
|
+
end
|
|
97
|
+
} rescue NoMethodError
|
|
98
|
+
end
|