RubyGems - cloud-mu - Versions diffs - 1.9.0.pre.beta - Mend

cloud-mu 1.9.0.pre.beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (618) hide show

checksums.yaml +7 -0
data/Berksfile +56 -0
data/Berksfile.lock +250 -0
data/Jenkinsfile +184 -0
data/LICENSE.md +37 -0
data/README.md +26 -0
data/bin/mu-aws-setup +376 -0
data/bin/mu-cleanup +68 -0
data/bin/mu-configure +1133 -0
data/bin/mu-deploy +166 -0
data/bin/mu-firewall-allow-clients +30 -0
data/bin/mu-gcp-setup +200 -0
data/bin/mu-gen-docs +34 -0
data/bin/mu-gen-env +42 -0
data/bin/mu-load-config.rb +158 -0
data/bin/mu-node-manage +683 -0
data/bin/mu-self-update +228 -0
data/bin/mu-ssh +23 -0
data/bin/mu-tunnel-nagios +144 -0
data/bin/mu-upload-chef-artifacts +757 -0
data/bin/mu-user-manage +275 -0
data/cookbooks/awscli/LICENSE +37 -0
data/cookbooks/awscli/README.md +58 -0
data/cookbooks/awscli/attributes/default.rb +1 -0
data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
data/cookbooks/awscli/metadata.rb +20 -0
data/cookbooks/awscli/recipes/default.rb +56 -0
data/cookbooks/awscli/templates/default/config.erb +18 -0
data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
data/cookbooks/mu-activedirectory/LICENSE +37 -0
data/cookbooks/mu-activedirectory/README.md +6 -0
data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
data/cookbooks/mu-activedirectory/metadata.rb +17 -0
data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
data/cookbooks/mu-firewall/LICENSE +37 -0
data/cookbooks/mu-firewall/README.md +5 -0
data/cookbooks/mu-firewall/attributes/default.rb +3 -0
data/cookbooks/mu-firewall/metadata.rb +16 -0
data/cookbooks/mu-firewall/recipes/default.rb +10 -0
data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
data/cookbooks/mu-glusterfs/LICENSE +37 -0
data/cookbooks/mu-glusterfs/README.md +5 -0
data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
data/cookbooks/mu-glusterfs/metadata.rb +17 -0
data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
data/cookbooks/mu-jenkins/LICENSE +37 -0
data/cookbooks/mu-jenkins/README.md +105 -0
data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
data/cookbooks/mu-jenkins/metadata.rb +21 -0
data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
data/cookbooks/mu-master/CHANGELOG.md +13 -0
data/cookbooks/mu-master/LICENSE +37 -0
data/cookbooks/mu-master/README.md +6 -0
data/cookbooks/mu-master/attributes/default.rb +95 -0
data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
data/cookbooks/mu-master/files/default/pam_sshd +18 -0
data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
data/cookbooks/mu-master/files/default/vimrc +19 -0
data/cookbooks/mu-master/libraries/mu.rb +29 -0
data/cookbooks/mu-master/metadata.rb +30 -0
data/cookbooks/mu-master/providers/user.rb +41 -0
data/cookbooks/mu-master/recipes/389ds.rb +164 -0
data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
data/cookbooks/mu-master/recipes/default.rb +451 -0
data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
data/cookbooks/mu-master/recipes/init.rb +542 -0
data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
data/cookbooks/mu-master/recipes/sssd.rb +89 -0
data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
data/cookbooks/mu-master/recipes/vault.rb +111 -0
data/cookbooks/mu-master/resources/user.rb +19 -0
data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
data/cookbooks/mu-mongo/LICENSE +37 -0
data/cookbooks/mu-mongo/README.md +5 -0
data/cookbooks/mu-mongo/attributes/default.rb +22 -0
data/cookbooks/mu-mongo/files/default/keyfile +16 -0
data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
data/cookbooks/mu-mongo/metadata.rb +17 -0
data/cookbooks/mu-mongo/recipes/default.rb +149 -0
data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
data/cookbooks/mu-openvpn/LICENSE +37 -0
data/cookbooks/mu-openvpn/README.md +6 -0
data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
data/cookbooks/mu-openvpn/metadata.rb +18 -0
data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
data/cookbooks/mu-php54/CHANGELOG.md +12 -0
data/cookbooks/mu-php54/LICENSE +37 -0
data/cookbooks/mu-php54/README.md +0 -0
data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
data/cookbooks/mu-php54/metadata.rb +21 -0
data/cookbooks/mu-php54/recipes/default.rb +97 -0
data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
data/cookbooks/mu-splunk/LICENSE +37 -0
data/cookbooks/mu-splunk/README.md +451 -0
data/cookbooks/mu-splunk/attributes/default.rb +95 -0
data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
data/cookbooks/mu-splunk/metadata.json +30 -0
data/cookbooks/mu-splunk/metadata.rb +17 -0
data/cookbooks/mu-splunk/recipes/client.rb +143 -0
data/cookbooks/mu-splunk/recipes/default.rb +31 -0
data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
data/cookbooks/mu-splunk/recipes/server.rb +53 -0
data/cookbooks/mu-splunk/recipes/service.rb +95 -0
data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
data/cookbooks/mu-splunk/recipes/user.rb +34 -0
data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
data/cookbooks/mu-tools/CHANGELOG.md +12 -0
data/cookbooks/mu-tools/LICENSE +37 -0
data/cookbooks/mu-tools/README.md +188 -0
data/cookbooks/mu-tools/attributes/default.rb +142 -0
data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
data/cookbooks/mu-tools/files/default/mypol.te +37 -0
data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
data/cookbooks/mu-tools/files/default/ntrights +0 -0
data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
data/cookbooks/mu-tools/libraries/helper.rb +292 -0
data/cookbooks/mu-tools/metadata.rb +28 -0
data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
data/cookbooks/mu-tools/recipes/efs.rb +70 -0
data/cookbooks/mu-tools/recipes/eks.rb +160 -0
data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
data/cookbooks/mu-tools/recipes/updates.rb +96 -0
data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
data/cookbooks/mu-tools/resources/disk.rb +88 -0
data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
data/cookbooks/mu-utility/CHANGELOG.md +12 -0
data/cookbooks/mu-utility/LICENSE +37 -0
data/cookbooks/mu-utility/README.md +6 -0
data/cookbooks/mu-utility/attributes/default.rb +1 -0
data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
data/cookbooks/mu-utility/metadata.rb +16 -0
data/cookbooks/mu-utility/recipes/apt.rb +23 -0
data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
data/cookbooks/mu-utility/recipes/luks.rb +18 -0
data/cookbooks/mu-utility/recipes/nat.rb +104 -0
data/cookbooks/mu-utility/recipes/php.rb +33 -0
data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
data/cookbooks/mu-utility/recipes/remi.rb +44 -0
data/cookbooks/mu-utility/recipes/vim.rb +26 -0
data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
data/cookbooks/mu-utility/recipes/zip.rb +26 -0
data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
data/cookbooks/nagios/Berksfile +8 -0
data/cookbooks/nagios/CHANGELOG.md +589 -0
data/cookbooks/nagios/CONTRIBUTING.md +11 -0
data/cookbooks/nagios/LICENSE +37 -0
data/cookbooks/nagios/README.md +328 -0
data/cookbooks/nagios/TESTING.md +2 -0
data/cookbooks/nagios/attributes/config.rb +171 -0
data/cookbooks/nagios/attributes/default.rb +228 -0
data/cookbooks/nagios/chefignore +102 -0
data/cookbooks/nagios/definitions/command.rb +33 -0
data/cookbooks/nagios/definitions/contact.rb +33 -0
data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
data/cookbooks/nagios/definitions/host.rb +33 -0
data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
data/cookbooks/nagios/definitions/resource.rb +33 -0
data/cookbooks/nagios/definitions/service.rb +33 -0
data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
data/cookbooks/nagios/libraries/base.rb +314 -0
data/cookbooks/nagios/libraries/command.rb +91 -0
data/cookbooks/nagios/libraries/contact.rb +230 -0
data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
data/cookbooks/nagios/libraries/custom_option.rb +36 -0
data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
data/cookbooks/nagios/libraries/default.rb +90 -0
data/cookbooks/nagios/libraries/host.rb +412 -0
data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
data/cookbooks/nagios/libraries/nagios.rb +282 -0
data/cookbooks/nagios/libraries/resource.rb +59 -0
data/cookbooks/nagios/libraries/service.rb +455 -0
data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
data/cookbooks/nagios/libraries/users_helper.rb +54 -0
data/cookbooks/nagios/metadata.rb +25 -0
data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
data/cookbooks/nagios/recipes/apache.rb +48 -0
data/cookbooks/nagios/recipes/default.rb +204 -0
data/cookbooks/nagios/recipes/nginx.rb +82 -0
data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
data/cookbooks/nagios/recipes/server_package.rb +40 -0
data/cookbooks/nagios/recipes/server_source.rb +164 -0
data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
data/cookbooks/s3fs/CHANGELOG.md +13 -0
data/cookbooks/s3fs/LICENSE +37 -0
data/cookbooks/s3fs/README.md +6 -0
data/cookbooks/s3fs/attributes/default.rb +15 -0
data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
data/cookbooks/s3fs/metadata.rb +16 -0
data/cookbooks/s3fs/recipes/default.rb +91 -0
data/data_bags/demo/app.json +7 -0
data/data_bags/nagios_services/chef.json +6 -0
data/data_bags/nagios_services/linux_diskspace.json +5 -0
data/data_bags/nagios_services/momma_cat.json +6 -0
data/data_bags/nagios_services/mu-master-memory.json +5 -0
data/data_bags/nagios_services/nagios_ui.json +6 -0
data/data_bags/nagios_services/node_ssh.json +6 -0
data/data_bags/nagios_services/ssh.json +6 -0
data/demo/lambda_test.yaml +29 -0
data/environments/DEV.json +8 -0
data/environments/PROD.json +8 -0
data/environments/dev.json +8 -0
data/environments/development.json +8 -0
data/environments/prod.json +8 -0
data/extras/README.md +1 -0
data/extras/admin-role-binding.yaml +16 -0
data/extras/admin-user.yaml +6 -0
data/extras/aws-auth-cm.yaml.erb +12 -0
data/extras/clean-stock-amis +48 -0
data/extras/git-fix-permissions-hook +12 -0
data/extras/gitlab-eks-helper.sh.erb +20 -0
data/extras/image-generators/README.md +2 -0
data/extras/image-generators/aws/centos6.yaml +18 -0
data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
data/extras/image-generators/aws/centos7.yaml +17 -0
data/extras/image-generators/aws/rhel7.yaml +17 -0
data/extras/image-generators/aws/win2k12.yaml +16 -0
data/extras/image-generators/aws/win2k16.yaml +16 -0
data/extras/image-generators/aws/windows.yaml +18 -0
data/extras/image-generators/gcp/centos6.yaml +17 -0
data/extras/lambda_waf_domain_blacklist.py +103 -0
data/extras/platform_berksfile_base +50 -0
data/extras/ruby_rpm/build.sh +17 -0
data/extras/ruby_rpm/muby.spec +44 -0
data/extras/vault_tools/README.md +6 -0
data/extras/vault_tools/export_vaults.sh +3 -0
data/extras/vault_tools/recreate_vaults.sh +5 -0
data/extras/vault_tools/test_vaults.sh +5 -0
data/install/README.md +8 -0
data/install/cfn_create_mu_master.json +1034 -0
data/install/chef-server.rb.erb +19 -0
data/install/deprecated-bash-library.sh +1891 -0
data/install/images/Usage.png +0 -0
data/install/installer +71 -0
data/install/jenkinskeys.rb +8 -0
data/install/user-dot-murc.erb +14 -0
data/modules/html.erb +19 -0
data/modules/mommacat.ru +426 -0
data/modules/mu/cleanup.rb +339 -0
data/modules/mu/cloud.rb +1446 -0
data/modules/mu/clouds/README.md +201 -0
data/modules/mu/clouds/aws/alarm.rb +319 -0
data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
data/modules/mu/clouds/aws/collection.rb +373 -0
data/modules/mu/clouds/aws/container_cluster.rb +667 -0
data/modules/mu/clouds/aws/database.rb +1836 -0
data/modules/mu/clouds/aws/dnszone.rb +911 -0
data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
data/modules/mu/clouds/aws/folder.rb +92 -0
data/modules/mu/clouds/aws/function.rb +349 -0
data/modules/mu/clouds/aws/group.rb +251 -0
data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
data/modules/mu/clouds/aws/log.rb +363 -0
data/modules/mu/clouds/aws/msg_queue.rb +480 -0
data/modules/mu/clouds/aws/notification.rb +139 -0
data/modules/mu/clouds/aws/role.rb +656 -0
data/modules/mu/clouds/aws/search_domain.rb +646 -0
data/modules/mu/clouds/aws/server.rb +2294 -0
data/modules/mu/clouds/aws/server_pool.rb +1388 -0
data/modules/mu/clouds/aws/storage_pool.rb +495 -0
data/modules/mu/clouds/aws/user.rb +382 -0
data/modules/mu/clouds/aws/userdata/README.md +4 -0
data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
data/modules/mu/clouds/aws/vpc.rb +1943 -0
data/modules/mu/clouds/aws.rb +1009 -0
data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
data/modules/mu/clouds/cloudformation/collection.rb +117 -0
data/modules/mu/clouds/cloudformation/database.rb +278 -0
data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
data/modules/mu/clouds/cloudformation/log.rb +170 -0
data/modules/mu/clouds/cloudformation/server.rb +370 -0
data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
data/modules/mu/clouds/cloudformation.rb +733 -0
data/modules/mu/clouds/docker.rb +30 -0
data/modules/mu/clouds/google/container_cluster.rb +290 -0
data/modules/mu/clouds/google/database.rb +152 -0
data/modules/mu/clouds/google/firewall_rule.rb +267 -0
data/modules/mu/clouds/google/group.rb +164 -0
data/modules/mu/clouds/google/loadbalancer.rb +479 -0
data/modules/mu/clouds/google/server.rb +1510 -0
data/modules/mu/clouds/google/server_pool.rb +274 -0
data/modules/mu/clouds/google/user.rb +266 -0
data/modules/mu/clouds/google/userdata/README.md +4 -0
data/modules/mu/clouds/google/userdata/linux.erb +137 -0
data/modules/mu/clouds/google/userdata/windows.erb +275 -0
data/modules/mu/clouds/google/vpc.rb +890 -0
data/modules/mu/clouds/google.rb +811 -0
data/modules/mu/config/README.md +11 -0
data/modules/mu/config/alarm.rb +271 -0
data/modules/mu/config/cache_cluster.rb +172 -0
data/modules/mu/config/collection.rb +87 -0
data/modules/mu/config/container_cluster.rb +103 -0
data/modules/mu/config/container_cluster.yml +36 -0
data/modules/mu/config/database.rb +458 -0
data/modules/mu/config/database.yml +26 -0
data/modules/mu/config/dnszone.rb +327 -0
data/modules/mu/config/firewall_rule.rb +118 -0
data/modules/mu/config/folder.rb +70 -0
data/modules/mu/config/function.rb +140 -0
data/modules/mu/config/group.rb +64 -0
data/modules/mu/config/loadbalancer.rb +482 -0
data/modules/mu/config/log.rb +47 -0
data/modules/mu/config/log.yml +6 -0
data/modules/mu/config/msg_queue.rb +47 -0
data/modules/mu/config/msg_queue.yml +9 -0
data/modules/mu/config/notification.rb +44 -0
data/modules/mu/config/project.rb +71 -0
data/modules/mu/config/role.rb +102 -0
data/modules/mu/config/search_domain.rb +61 -0
data/modules/mu/config/search_domain.yml +25 -0
data/modules/mu/config/server.rb +587 -0
data/modules/mu/config/server.yml +8 -0
data/modules/mu/config/server_pool.rb +216 -0
data/modules/mu/config/server_pool.yml +71 -0
data/modules/mu/config/storage_pool.rb +145 -0
data/modules/mu/config/user.rb +78 -0
data/modules/mu/config/vpc.rb +743 -0
data/modules/mu/config/vpc.yml +6 -0
data/modules/mu/config.rb +2000 -0
data/modules/mu/defaults/README.md +2 -0
data/modules/mu/defaults/amazon_images.yaml +121 -0
data/modules/mu/defaults/google_images.yaml +16 -0
data/modules/mu/deploy.rb +686 -0
data/modules/mu/groomer.rb +123 -0
data/modules/mu/groomers/README.md +58 -0
data/modules/mu/groomers/chef.rb +1024 -0
data/modules/mu/kittens.rb +11319 -0
data/modules/mu/logger.rb +208 -0
data/modules/mu/master/README.md +27 -0
data/modules/mu/master/chef.rb +471 -0
data/modules/mu/master/ldap.rb +1005 -0
data/modules/mu/master.rb +415 -0
data/modules/mu/mommacat.rb +2703 -0
data/modules/mu-load-config.rb +1 -0
data/modules/mu.rb +724 -0
data/modules/scratchpad.erb +1 -0
data/modules/tests/super_complex_bok.yml +41 -0
data/modules/tests/super_simple_bok.yml +40 -0
data/mu.gemspec +62 -0
data/roles/demo-dbservice-configure.json +19 -0
data/roles/demo-portal-configure.json +19 -0
data/roles/mu-master-jenkins.json +24 -0
data/roles/mu-master-nagios-only.json +13 -0
data/roles/mu-master.json +12 -0
data/roles/mu-node.json +19 -0
data/roles/mu-splunk-server.json +13 -0
data/roles/mu-splunk.json +13 -0
data/test/clean_up.py +25 -0
data/test/demo-test-profile/README.md +3 -0
data/test/demo-test-profile/controls/flask.rb +84 -0
data/test/demo-test-profile/inspec.lock +7 -0
data/test/demo-test-profile/inspec.yml +11 -0
data/test/etco-test-profile/README.md +3 -0
data/test/etco-test-profile/controls/all-in-one.rb +182 -0
data/test/etco-test-profile/inspec.lock +7 -0
data/test/etco-test-profile/inspec.yml +11 -0
data/test/exec_inspec.py +246 -0
data/test/exec_mu_install.py +241 -0
data/test/exec_retry.py +44 -0
data/test/mu-master-test/README.md +3 -0
data/test/mu-master-test/controls/all_in_one.rb +557 -0
data/test/mu-master-test/inspec.lock +3 -0
data/test/mu-master-test/inspec.yml +11 -0
data/test/mu-tools-test/README.md +3 -0
data/test/mu-tools-test/controls/base.rb +265 -0
data/test/mu-tools-test/inspec.lock +3 -0
data/test/mu-tools-test/inspec.yml +8 -0
data/test/simple-server-php-test/README.md +3 -0
data/test/simple-server-php-test/controls/apachephp.rb +25 -0
data/test/simple-server-php-test/controls/example.rb +19 -0
data/test/simple-server-php-test/inspec.lock +7 -0
data/test/simple-server-php-test/inspec.yml +12 -0
data/test/simple-server-rails-test/README.md +3 -0
data/test/simple-server-rails-test/controls/rails.rb +188 -0
data/test/simple-server-rails-test/inspec.lock +7 -0
data/test/simple-server-rails-test/inspec.yml +11 -0
data/test/simple-windows-test/README.md +3 -0
data/test/simple-windows-test/controls/windows.rb +20 -0
data/test/simple-windows-test/inspec.lock +7 -0
data/test/simple-windows-test/inspec.yml +11 -0
data/test/smoke_test.rb +75 -0
data/test/wordpress-test/README.md +3 -0
data/test/wordpress-test/controls/wordpress.rb +97 -0
data/test/wordpress-test/inspec.lock +7 -0
data/test/wordpress-test/inspec.yml +11 -0
metadata +979 -0

data/modules/mu/clouds/google/server.rb ADDED Viewed

@@ -0,0 +1,1510 @@
+# Copyright:: Copyright (c) 2017 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+require 'net/ssh'
+require 'net/ssh/multi'
+require 'net/ssh/proxy/command'
+autoload :OpenStruct, "ostruct"
+autoload :Timeout, "timeout"
+autoload :ERB, "erb"
+autoload :Base64, "base64"
+require 'open-uri'
+module MU
+  class Cloud
+    class Google
+      # A server as configured in {MU::Config::BasketofKittens::servers}. In
+      # Google Cloud, this amounts to a single Instance in an Unmanaged
+      # Instance Group.
+      class Server < MU::Cloud::Server
+        attr_reader :mu_name
+        attr_reader :config
+        attr_reader :deploy
+        attr_reader :cloud_id
+        attr_reader :cloud_desc
+        attr_reader :groomer
+        attr_accessor :mu_windows_name
+        # @param mommacat [MU::MommaCat]: A {MU::Mommacat} object containing the deploy of which this resource is/will be a member.
+        # @param kitten_cfg [Hash]: The fully parsed and resolved {MU::Config} resource descriptor as defined in {MU::Config::BasketofKittens::servers}
+        def initialize(mommacat: nil, kitten_cfg: nil, mu_name: nil, cloud_id: nil)
+          @deploy = mommacat
+          @config = MU::Config.manxify(kitten_cfg)
+          @cloud_id = cloud_id
+          if @deploy
+            @userdata = MU::Cloud.fetchUserdata(
+              platform: @config["platform"],
+              cloud: "google",
+              template_variables: {
+                "deployKey" => Base64.urlsafe_encode64(@deploy.public_key),
+                "deploySSHKey" => @deploy.ssh_public_key,
+                "muID" => MU.deploy_id,
+                "muUser" => MU.mu_user,
+                "publicIP" => MU.mu_public_ip,
+                "skipApplyUpdates" => @config['skipinitialupdates'],
+                "windowsAdminName" => @config['windows_admin_username'],
+                "resourceName" => @config["name"],
+                "resourceType" => "server",
+                "platform" => @config["platform"]
+              },
+              custom_append: @config['userdata_script']
+            )
+          end
+          if !mu_name.nil?
+            @mu_name = mu_name
+            @config['mu_name'] = @mu_name
+            # describe
+            @mu_windows_name = @deploydata['mu_windows_name'] if @mu_windows_name.nil? and @deploydata
+          else
+            if kitten_cfg.has_key?("basis")
+              @mu_name = @deploy.getResourceName(@config['name'], need_unique_string: true)
+            else
+              @mu_name = @deploy.getResourceName(@config['name'])
+            end
+            @config['mu_name'] = @mu_name
+            @config['instance_secret'] = Password.random(50)
+          end
+          @config['ssh_user'] ||= "mu"
+          @groomer = MU::Groomer.new(self)
+        end
+        # Generate a server-class specific service account, used to grant
+        # permission to do various API things to a node.
+        # @param rolename [String]:
+        # @param project [String]:
+        # @param scopes [Array<String>]: https://developers.google.com/identity/protocols/googlescopes
+        def self.createServiceAccount(rolename, project: MU::Cloud::Google.defaultProject, scopes: ["https://www.googleapis.com/auth/compute.readonly", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/cloud-platform"])
+#https://www.googleapis.com/auth/devstorage.read_only ?
+          name = MU::Cloud::Google.nameStr(rolename)
+          saobj = MU::Cloud::Google.iam(:CreateServiceAccountRequest).new(
+            account_id: rolename.gsub(/[^a-z]/, ""), # XXX this mangling isn't required in the console, so why is it here?
+            service_account: MU::Cloud::Google.iam(:ServiceAccount).new(
+              display_name: rolename,
+# do NOT specify project_id or name, we know that much
+            )
+          )
+          resp = MU::Cloud::Google.iam.create_service_account(
+            "projects/#{project}",
+            saobj
+          )
+          MU::Cloud::Google.compute(:ServiceAccount).new(
+            email: resp.email,
+            scopes: scopes
+          )
+        end
+        # Retrieve the cloud descriptor for this machine image, which can be
+        # a whole or partial URL. Will follow deprecation notices and retrieve
+        # the latest version, if applicable.
+        # @param image_id [String]: URL to a Google disk image
+        # @return [Google::Apis::ComputeBeta::Image]
+        def self.fetchImage(image_id)
+          img_proj = img_name = nil
+          begin
+            img_proj = image_id.gsub(/.*?\/?projects\/([^\/]+)\/.*/, '\1')
+            img_name = image_id.gsub(/.*?([^\/]+)$/, '\1')
+            img = MU::Cloud::Google.compute.get_image(img_proj, img_name)
+            if !img.deprecated.nil? and !img.deprecated.replacement.nil?
+              image_id = img.deprecated.replacement
+            end
+          end while !img.deprecated.nil? and img.deprecated.state == "DEPRECATED" and !img.deprecated.replacement.nil?
+          MU::Cloud::Google.compute.get_image(img_proj, img_name)
+        end
+        # Generator for disk configuration parameters for a Compute instance
+        # @param config [Hash]: The MU::Cloud::Server config hash for whom we're configuring disks
+        # @param create [Boolean]: Actually create extra (non-root) disks, or just the one declared as the root disk of the image
+        # @param disk_as_url [Boolean]: Whether to declare the disk type as a short string or full URL, which can vary depending on the calling resource
+        # @return [Array]: The Compute :AttachedDisk objects describing disks that've been created
+        def self.diskConfig(config, create = true, disk_as_url = true)
+          disks = []
+          puts config['image_id']
+          puts config['basis']
+          img = fetchImage(config['image_id'] || config['basis']['launch_config']['image_id'])
+# XXX slurp settings from /dev/sda or w/e by convention?
+          disktype = "projects/#{config['project']}/zones/#{config['availability_zone']}/diskTypes/pd-standard"
+          disktype = "pd-standard" if !disk_as_url
+# disk_type: projects/project/zones/#{config['availability_zone']}/diskTypes/pd-standard Other values include pd-ssd and local-ssd
+          imageobj = MU::Cloud::Google.compute(:AttachedDiskInitializeParams).new(
+            source_image: img.self_link,
+            disk_size_gb: 10, # this is binary? 2gb, that says
+            disk_type: disktype,
+          )
+          disks << MU::Cloud::Google.compute(:AttachedDisk).new(
+            auto_delete: true,
+            boot: true,
+            mode: "READ_WRITE",
+            type: "PERSISTENT",
+            initialize_params: imageobj
+          )
+          if config["storage"]
+            config["storage"].each { |vol|
+              devicename = vol['device'].gsub(/[^\w\-\.]/, "-").sub(/^[^\w]/, "")
+              disk_desc = {
+                :auto_delete => true,
+                :device_name => devicename, # XXX empty string is also legit
+                :mode => "READ_WRITE",
+                :type => "PERSISTENT" # SCRATCH is equivalent of ephemeral? cheap virtual memory disk? maybe ship a standard set
+              }
+              if vol['snapshot_id']
+                disk_desc[:source_snapshot] = vol['snapshot_id']
+# XXX check existence in in validateConfig
+              elsif vol['somekindofidforaloosevolume']
+                disk_desc[:source] = vol['somekindofidforaloosevolume']
+# XXX check existence in in validateConfig
+              end
+# XXX I don't know how to do this in managed instance groups
+#next
+next if !create
+              diskname = MU::Cloud::Google.nameStr(config['mu_name']+"-"+devicename)
+              newdiskobj = MU::Cloud::Google.compute(:Disk).new(
+                size_gb: vol['size'],
+                description: MU.deploy_id,
+                zone: config['availability_zone'],
+#                    type: "projects/#{config['project']}/zones/#{config['availability_zone']}/diskTypes/pd-ssd",
+                type: "projects/#{config['project']}/zones/#{config['availability_zone']}/diskTypes/pd-standard",
+                source_snapshot: vol['snapshot_id'],
+# type: projects/project/zones/#{config['availability_zone']}/diskTypes/pd-standard Other values include pd-ssd and local-ssd
+                name: diskname
+              )
+              MU.log "Creating disk #{diskname}", details: newdiskobj
+              newdisk = MU::Cloud::Google.compute.insert_disk(
+                config['project'],
+                config['availability_zone'],
+                newdiskobj
+              )
+              disk_desc[:source] = newdisk.self_link
+              disks << MU::Cloud::Google.compute(:AttachedDisk).new(disk_desc)
+            }
+          end
+          disks
+        end
+        # Generator for disk configuration parameters for a Compute instance
+        # @param config [Hash]: The MU::Cloud::Server config hash for whom we're configuring network interfaces
+        # @param vpc [MU::Cloud::Google::VPC]: The VPC in which this interface should reside
+        # @return [Array]: Configuration objects for network interfaces, suitable for passing to the Compute API
+        def self.interfaceConfig(config, vpc)
+          subnet_cfg = config['vpc']
+          if config['vpc']['subnets'] and
+             !subnet_cfg['subnet_name'] and !subnet_cfg['subnet_id']
+            subnet_cfg = config['vpc']['subnets'].sample
+          end
+          subnet = vpc.getSubnet(name: subnet_cfg['subnet_name'], cloud_id: subnet_cfg['subnet_id'])
+          if subnet.nil?
+            raise MuError, "Couldn't find subnet details while configuring Server #{config['name']} (VPC: #{vpc.mu_name})"
+          end
+          base_iface_obj = {
+            :network => vpc.url,
+            :subnetwork => subnet.url
+          }
+          if config['associate_public_ip']
+            base_iface_obj[:access_configs] = [
+              MU::Cloud::Google.compute(:AccessConfig).new
+            ]
+          end
+          interfaces = [base_iface_obj]
+          # XXX add more if they asked for it (e.g. config['private_ip'])
+          interfaces
+        end
+        # Called automatically by {MU::Deploy#createResources}
+        def create
+          service_acct = MU::Cloud::Google::Server.createServiceAccount(
+            @mu_name.downcase,
+            project: @config['project']
+          )
+          MU::Cloud::Google.grantDeploySecretAccess(service_acct.email)
+          begin
+            disks = MU::Cloud::Google::Server.diskConfig(@config)
+            interfaces = MU::Cloud::Google::Server.interfaceConfig(@config, @vpc)
+            if @config['routes']
+              @config['routes'].each { |route|
+                @vpc.cloudobj.createRouteForInstance(route, self)
+              }
+            end
+            desc = {
+              :name => MU::Cloud::Google.nameStr(@mu_name),
+              :can_ip_forward => !@config['src_dst_check'],
+              :description => @deploy.deploy_id,
+              :service_accounts => [service_acct],
+              :network_interfaces => interfaces,
+              :machine_type => "zones/"+@config['availability_zone']+"/machineTypes/"+@config['size'],
+              :metadata => {
+                :items => [
+                  {
+                    :key => "ssh-keys",
+                    :value => @config['ssh_user']+":"+@deploy.ssh_public_key
+                  },
+                  {
+                    :key => "startup-script",
+                    :value => @userdata
+                  }
+                ]
+              },
+              :tags => MU::Cloud::Google.compute(:Tags).new(items: [MU::Cloud::Google.nameStr(@mu_name)])
+            }
+            desc[:disks] = disks if disks.size > 0
+            # Tags in GCP means something other than what we think of;
+            # labels are the thing you think you mean
+            desc[:labels] = {}
+            MU::MommaCat.listStandardTags.each_pair { |name, value|
+              if !value.nil?
+                desc[:labels][name.downcase] = value.downcase.gsub(/[^a-z0-9\-\_]/i, "_")
+              end
+            }
+            desc[:labels]["name"] = @mu_name.downcase
+            instanceobj = MU::Cloud::Google.compute(:Instance).new(desc)
+            MU.log "Creating instance #{@mu_name}"
+            begin
+            instance = MU::Cloud::Google.compute.insert_instance(
+              @config['project'],
+              @config['availability_zone'],
+              instanceobj
+            )
+            rescue ::Google::Apis::ClientError => e
+              MU.log e.message, MU::ERR
+              raise e
+            end
+            @cloud_id = instance.name # XXX or instance.target_link... pick a convention, would you?
+            if !@config['async_groom']
+              sleep 5
+              MU::MommaCat.lock(@cloud_id+"-create")
+              if !postBoot
+                MU.log "#{@config['name']} is already being groomed, skipping", MU::NOTICE
+              else
+                MU.log "Node creation complete for #{@config['name']}"
+              end
+              MU::MommaCat.unlock(@cloud_id+"-create")
+            end
+            done = false
+            @deploy.saveNodeSecret(@cloud_id, @config['instance_secret'], "instance_secret")
+            @config.delete("instance_secret")
+            if cloud_desc.nil? or cloud_desc.status != "RUNNING"
+              raiseert MuError, "#{@cloud_id} appears to have gone sideways mid-bootstrap #{cloud_desc.status if cloud_desc.nil?}"
+            end
+            notify
+          rescue Exception => e
+            if !cloud_desc.nil? and !done
+              MU.log "Aborted before I could finish setting up #{@config['name']}, cleaning it up. Stack trace will print once cleanup is complete.", MU::WARN if !@deploy.nocleanup
+              MU::MommaCat.unlockAll
+              if !@deploy.nocleanup
+                parent_thread_id = Thread.current.object_id
+                Thread.new {
+                  MU.dupGlobals(parent_thread_id)
+                  MU::Cloud::Google::Server.cleanup(noop: false, ignoremaster: false, skipsnapshots: true)
+                }
+              end
+            end
+            raise e
+          end
+          return @config
+        end
+        # Return a BoK-style config hash describing a NAT instance. We use this
+        # to approximate Amazon's NAT gateway functionality with a plain
+        # instance.
+        # @return [Hash]
+        def self.genericNAT
+          return {
+            "cloud" => "Google",
+            "size" => "g1-small",
+            "run_list" => [ "mu-utility::nat" ],
+            "platform" => "centos7",
+            "ssh_user" => "centos",
+            "associate_public_ip" => true,
+            "static_ip" => { "assign_ip" => true },
+            "routes" => [ {
+              "gateway" => "#INTERNET",
+              "priority" => 50,
+              "destination_network" => "0.0.0.0/0"
+            } ]
+          }
+        end
+        # Ask the Google API to stop this node
+        def stop
+          MU.log "Stopping #{@cloud_id}"
+          MU::Cloud::Google.compute.stop_instance(
+            @config['project'],
+            @config['availability_zone'],
+            @cloud_id
+          )
+          begin
+            sleep 5
+          end while cloud_desc.status != "TERMINATED" # means STOPPED
+        end
+        # Ask the Google API to start this node
+        def start
+          MU.log "Starting #{@cloud_id}"
+          MU::Cloud::Google.compute.start_instance(
+            @config['project'],
+            @config['availability_zone'],
+            @cloud_id
+          )
+          begin
+            sleep 5
+          end while cloud_desc.status != "RUNNING"
+        end
+        # Ask the Google API to restart this node
+        def reboot(hard = false)
+          return if @cloud_id.nil?
+          if hard
+            groupname = nil
+            if !@config['basis'].nil?
+              resp = MU::Cloud::AWS.autoscale(@config['region']).describe_auto_scaling_instances(
+                instance_ids: [@cloud_id]
+              )
+              groupname = resp.auto_scaling_instances.first.auto_scaling_group_name
+              MU.log "Pausing Autoscale processes in #{groupname}", MU::NOTICE
+              MU::Cloud::AWS.autoscale(@config['region']).suspend_processes(
+                auto_scaling_group_name: groupname
+              )
+            end
+            begin
+              MU.log "Stopping #{@mu_name} (#{@cloud_id})", MU::NOTICE
+              MU::Cloud::AWS.ec2(@config['region']).stop_instances(
+                instance_ids: [@cloud_id]
+              )
+              MU::Cloud::AWS.ec2(@config['region']).wait_until(:instance_stopped, instance_ids: [@cloud_id]) do |waiter|
+                waiter.before_attempt do |attempts|
+                  MU.log "Waiting for #{@mu_name} to stop for hard reboot"
+                end
+              end
+              MU.log "Starting #{@mu_name} (#{@cloud_id})"
+              MU::Cloud::AWS.ec2(@config['region']).start_instances(
+                instance_ids: [@cloud_id]
+              )
+            ensure
+              if !groupname.nil?
+                MU.log "Resuming Autoscale processes in #{groupname}", MU::NOTICE
+                MU::Cloud::AWS.autoscale(@config['region']).resume_processes(
+                  auto_scaling_group_name: groupname
+                )
+              end
+            end
+          else
+            MU.log "Rebooting #{@mu_name} (#{@cloud_id})"
+            MU::Cloud::AWS.ec2(@config['region']).reboot_instances(
+              instance_ids: [@cloud_id]
+            )
+          end
+        end
+        # Figure out what's needed to SSH into this server.
+        # @return [Array<String>]: nat_ssh_key, nat_ssh_user, nat_ssh_host, canonical_ip, ssh_user, ssh_key_name, alternate_names
+        def getSSHConfig
+          node, config, deploydata = describe(cloud_id: @cloud_id)
+# XXX add some awesome alternate names from metadata and make sure they end
+# up in MU::MommaCat's ssh config wangling
+          ssh_keydir = Etc.getpwuid(Process.uid).dir+"/.ssh"
+          return nil if @config.nil? or @deploy.nil?
+          nat_ssh_key = nat_ssh_user = nat_ssh_host = nil
+          if !@config["vpc"].nil? and !MU::Cloud::Google::VPC.haveRouteToInstance?(cloud_desc, region: @config['region'])
+            if !@nat.nil?
+              if @nat.cloud_desc.nil?
+                MU.log "NAT was missing cloud descriptor when called in #{@mu_name}'s getSSHConfig", MU::ERR
+                return nil
+              end
+              foo, bar, baz, nat_ssh_host, nat_ssh_user, nat_ssh_key  = @nat.getSSHConfig
+              if nat_ssh_user.nil? and !nat_ssh_host.nil?
+                MU.log "#{@config["name"]} (#{MU.deploy_id}) is configured to use #{@config['vpc']} NAT #{nat_ssh_host}, but username isn't specified. Guessing root.", MU::ERR, details: caller
+                nat_ssh_user = "root"
+              end
+            end
+          end
+          if @config['ssh_user'].nil?
+            if windows?
+              @config['ssh_user'] = "Administrator"
+            else
+              @config['ssh_user'] = "root"
+            end
+          end
+          return [nat_ssh_key, nat_ssh_user, nat_ssh_host, canonicalIP, @config['ssh_user'], @deploy.ssh_key_name]
+        end
+        # Apply tags, bootstrap our configuration management, and other
+        # administravia for a new instance.
+        def postBoot(instance_id = nil)
+          if !instance_id.nil?
+            @cloud_id = instance_id
+          end
+          instance = cloud_desc
+          node, config, deploydata = describe(cloud_id: @cloud_id)
+          instance = cloud_desc
+          raise MuError, "Couldn't find instance of #{@mu_name} (#{@cloud_id})" if !instance
+          return false if !MU::MommaCat.lock(@cloud_id+"-orchestrate", true)
+          return false if !MU::MommaCat.lock(@cloud_id+"-groom", true)
+#          MU::MommaCat.createStandardTags(@cloud_id, region: @config['region'])
+#          MU::MommaCat.createTag(@cloud_id, "Name", node, region: @config['region'])
+#
+#          if @config['optional_tags']
+#            MU::MommaCat.listOptionalTags.each { |key, value|
+#              MU::MommaCat.createTag(@cloud_id, key, value, region: @config['region'])
+#            }
+#          end
+#
+#          if !@config['tags'].nil?
+#            @config['tags'].each { |tag|
+#              MU::MommaCat.createTag(@cloud_id, tag['key'], tag['value'], region: @config['region'])
+#            }
+#          end
+#          MU.log "Tagged #{node} (#{@cloud_id}) with MU-ID=#{MU.deploy_id}", MU::DEBUG
+#
+          # Make double sure we don't lose a cached mu_windows_name value.
+          if windows? or !@config['active_directory'].nil?
+            if @mu_windows_name.nil?
+              @mu_windows_name = deploydata['mu_windows_name']
+            end
+          end
+#          punchAdminNAT
+#
+#
+#          # If we came up via AutoScale, the Alarm module won't have had our
+#          # instance ID to associate us with itself. So invoke that here.
+#          if !@config['basis'].nil? and @config["alarms"] and !@config["alarms"].empty?
+#            @config["alarms"].each { |alarm|
+#              alarm_obj = MU::MommaCat.findStray(
+#                "AWS",
+#                "alarms",
+#                region: @config["region"],
+#                deploy_id: @deploy.deploy_id,
+#                name: alarm['name']
+#              ).first
+#              alarm["dimensions"] = [{:name => "InstanceId", :value => @cloud_id}]
+#
+#              if alarm["enable_notifications"]
+#                topic_arn = MU::Cloud::AWS::Notification.createTopic(alarm["notification_group"], region: @config["region"])
+#                MU::Cloud::AWS::Notification.subscribe(arn: topic_arn, protocol: alarm["notification_type"], endpoint: alarm["notification_endpoint"], region: @config["region"])
+#                alarm["alarm_actions"] = [topic_arn]
+#                alarm["ok_actions"]  = [topic_arn]
+#              end
+#
+#              alarm_name = alarm_obj ? alarm_obj.cloud_id : "#{node}-#{alarm['name']}".upcase
+#
+#              MU::Cloud::AWS::Alarm.setAlarm(
+#                name: alarm_name,
+#                ok_actions: alarm["ok_actions"],
+#                alarm_actions: alarm["alarm_actions"],
+#                insufficient_data_actions: alarm["no_data_actions"],
+#                metric_name: alarm["metric_name"],
+#                namespace: alarm["namespace"],
+#                statistic: alarm["statistic"],
+#                dimensions: alarm["dimensions"],
+#                period: alarm["period"],
+#                unit: alarm["unit"],
+#                evaluation_periods: alarm["evaluation_periods"],
+#                threshold: alarm["threshold"],
+#                comparison_operator: alarm["comparison_operator"],
+#                region: @config["region"]
+#              )
+#            }
+#          end
+#
+#          # We have issues sometimes where our dns_records are pointing at the wrong node name and IP address.
+#          # Make sure that doesn't happen. Happens with server pools only
+#          if @config['dns_records'] && !@config['dns_records'].empty?
+#            @config['dns_records'].each { |dnsrec|
+#              if dnsrec.has_key?("name")
+#                if dnsrec['name'].start_with?(MU.deploy_id.downcase) && !dnsrec['name'].start_with?(node.downcase)
+#                  MU.log "DNS records for #{node} seem to be wrong, deleting from current config", MU::WARN, details: dnsrec
+#                  dnsrec.delete('name')
+#                  dnsrec.delete('target')
+#                end
+#              end
+#            }
+#          end
+          # Unless we're planning on associating a different IP later, set up a
+          # DNS entry for this thing and let it sync in the background. We'll
+          # come back to it later.
+          if @config['static_ip'].nil? && !@named
+            MU::MommaCat.nameKitten(self)
+            @named = true
+          end
+          nat_ssh_key, nat_ssh_user, nat_ssh_host, canonical_ip, ssh_user, ssh_key_name = getSSHConfig
+          if !nat_ssh_host and !MU::Cloud::Google::VPC.haveRouteToInstance?(cloud_desc, region: @config['region'])
+# XXX check if canonical_ip is in the private ranges
+#            raise MuError, "#{node} has no NAT host configured, and I have no other route to it"
+          end
+#          # Set console termination protection. Autoscale nodes won't set this
+#          # by default.
+#          MU::Cloud::AWS.ec2(@config['region']).modify_instance_attribute(
+#              instance_id: @cloud_id,
+#              disable_api_termination: {:value => true}
+#          )
+#MU.log "Let's deal with addressing", MU::WARN, details: cloud_desc
+            # If we asked for a public IP address, make sure we get one
+#              addrobj = MU::Cloud::Google.compute(:Address).new(
+#                name: @mu_name+"-public-ip",
+#                description: @deploy.deploy_id
+#              )
+#              addr_insert = MU::Cloud::Google.compute.insert_global_address(
+#                @config['project'],
+##                @config['region'],
+#                addrobj
+#              )
+#              pp addr_insert
+#              raise "BOOP"
+#          has_elastic_ip = false
+#          if !instance.public_ip_address.nil?
+#            begin
+#              resp = MU::Cloud::AWS.ec2((@config['region'])).describe_addresses(public_ips: [instance.public_ip_address])
+#              if resp.addresses.size > 0 and resp.addresses.first.instance_id == @cloud_id
+#                has_elastic_ip = true
+#              end
+#            rescue Aws::EC2::Errors::InvalidAddressNotFound => e
+#              # XXX this is ok to ignore, it means the public IP isn't Elastic
+#            end
+#          end
+#          win_admin_password = nil
+#          ec2config_password = nil
+#          sshd_password = nil
+#          if windows?
+#            ssh_keydir = "#{Etc.getpwuid(Process.uid).dir}/.ssh"
+#            ssh_key_name = @deploy.ssh_key_name
+#
+#            if @config['use_cloud_provider_windows_password']
+#              win_admin_password = getWindowsAdminPassword
+#            elsif @config['windows_auth_vault'] && !@config['windows_auth_vault'].empty?
+#              if @config["windows_auth_vault"].has_key?("password_field")
+#                win_admin_password = @groomer.getSecret(
+#                    vault: @config['windows_auth_vault']['vault'],
+#                    item: @config['windows_auth_vault']['item'],
+#                    field: @config["windows_auth_vault"]["password_field"]
+#                )
+#              else
+#                win_admin_password = getWindowsAdminPassword
+#              end
+#
+#              if @config["windows_auth_vault"].has_key?("ec2config_password_field")
+#                ec2config_password = @groomer.getSecret(
+#                    vault: @config['windows_auth_vault']['vault'],
+#                    item: @config['windows_auth_vault']['item'],
+#                    field: @config["windows_auth_vault"]["ec2config_password_field"]
+#                )
+#              end
+#
+#              if @config["windows_auth_vault"].has_key?("sshd_password_field")
+#                sshd_password = @groomer.getSecret(
+#                    vault: @config['windows_auth_vault']['vault'],
+#                    item: @config['windows_auth_vault']['item'],
+#                    field: @config["windows_auth_vault"]["sshd_password_field"]
+#                )
+#              end
+#            end
+#
+#            win_admin_password = MU.generateWindowsPassword if win_admin_password.nil?
+#            ec2config_password = MU.generateWindowsPassword if ec2config_password.nil?
+#            sshd_password = MU.generateWindowsPassword if sshd_password.nil?
+#
+#            # We're creating the vault here so when we run
+#            # MU::Cloud::Server.initialSSHTasks and we need to set the Windows
+#            # Admin password we can grab it from said vault.
+#            creds = {
+#                "username" => @config['windows_admin_username'],
+#                "password" => win_admin_password,
+#                "ec2config_username" => "ec2config",
+#                "ec2config_password" => ec2config_password,
+#                "sshd_username" => "sshd_service",
+#                "sshd_password" => sshd_password
+#            }
+#            @groomer.saveSecret(vault: @mu_name, item: "windows_credentials", data: creds, permissions: "name:#{@mu_name}")
+#          end
+#
+#
+#
+#            # If we've asked for additional subnets (and this @config is not a
+#            # member of a Server Pool, which has different semantics), create
+#            # extra interfaces to accomodate.
+#            if !@config['vpc']['subnets'].nil? and @config['basis'].nil?
+#              device_index = 1
+#              @vpc.subnets { |subnet|
+#                subnet_id = subnet.cloud_id
+#                MU.log "Adding network interface on subnet #{subnet_id} for #{node}"
+#                iface = MU::Cloud::AWS.ec2(@config['region']).create_network_interface(subnet_id: subnet_id).network_interface
+#                MU::MommaCat.createStandardTags(iface.network_interface_id, region: @config['region'])
+#                MU::MommaCat.createTag(iface.network_interface_id, "Name", node+"-ETH"+device_index.to_s, region: @config['region'])
+#
+#                if @config['optional_tags']
+#                  MU::MommaCat.listOptionalTags.each { |key, value|
+#                    MU::MommaCat.createTag(iface.network_interface_id, key, value, region: @config['region'])
+#                  }
+#                end
+#
+#                if !@config['tags'].nil?
+#                  @config['tags'].each { |tag|
+#                    MU::MommaCat.createTag(iface.network_interface_id, tag['key'], tag['value'], region: @config['region'])
+#                  }
+#                end
+#
+#                MU::Cloud::AWS.ec2(@config['region']).attach_network_interface(
+#                    network_interface_id: iface.network_interface_id,
+#                    instance_id: @cloud_id,
+#                    device_index: device_index
+#                )
+#                device_index = device_index + 1
+#              }
+#            end
+#          elsif !@config['static_ip'].nil?
+#            if !@config['static_ip']['ip'].nil?
+#              public_ip = MU::Cloud::AWS::Server.associateElasticIp(@cloud_id, classic: true, ip: @config['static_ip']['ip'])
+#            elsif !has_elastic_ip
+#              public_ip = MU::Cloud::AWS::Server.associateElasticIp(@cloud_id, classic: true)
+#            end
+#          end
+#
+#
+#          if !@config['image_then_destroy']
+#            notify
+#          end
+#
+#          MU.log "EC2 instance #{node} has id #{@cloud_id}", MU::DEBUG
+#
+#          @config["private_dns_name"] = instance.private_dns_name
+#          @config["public_dns_name"] = instance.public_dns_name
+#          @config["private_ip_address"] = instance.private_ip_address
+#          @config["public_ip_address"] = instance.public_ip_address
+#
+#          ext_mappings = MU.structToHash(instance.block_device_mappings)
+#
+#          # Root disk on standard CentOS AMI
+#          # tagVolumes(@cloud_id, "/dev/sda", "Name", "ROOT-"+MU.deploy_id+"-"+@config["name"].upcase)
+#          # Root disk on standard Ubuntu AMI
+#          # tagVolumes(@cloud_id, "/dev/sda1", "Name", "ROOT-"+MU.deploy_id+"-"+@config["name"].upcase)
+#
+#          # Generic deploy ID tag
+#          # tagVolumes(@cloud_id)
+#
+#          # Tag volumes with all our standard tags.
+#          # Maybe replace tagVolumes with this? There is one more place tagVolumes is called from
+#          volumes = MU::Cloud::AWS.ec2(@config['region']).describe_volumes(filters: [name: "attachment.instance-id", values: [@cloud_id]])
+#          volumes.each { |vol|
+#            vol.volumes.each { |volume|
+#              volume.attachments.each { |attachment|
+#                MU::MommaCat.listStandardTags.each_pair { |key, value|
+#                  MU::MommaCat.createTag(attachment.volume_id, key, value, region: @config['region'])
+#
+#                  if attachment.device == "/dev/sda" or attachment.device == "/dev/sda1"
+#                    MU::MommaCat.createTag(attachment.volume_id, "Name", "ROOT-#{MU.deploy_id}-#{@config["name"].upcase}", region: @config['region'])
+#                  else
+#                    MU::MommaCat.createTag(attachment.volume_id, "Name", "#{MU.deploy_id}-#{@config["name"].upcase}-#{attachment.device.upcase}", region: @config['region'])
+#                  end
+#                }
+#
+#                if @config['optional_tags']
+#                  MU::MommaCat.listOptionalTags.each { |key, value|
+#                    MU::MommaCat.createTag(attachment.volume_id, key, value, region: @config['region'])
+#                  }
+#                end
+#
+#                if @config['tags']
+#                  @config['tags'].each { |tag|
+#                    MU::MommaCat.createTag(attachment.volume_id, tag['key'], tag['value'], region: @config['region'])
+#                  }
+#                end
+#              }
+#            }
+#          }
+#
+#          canonical_name = instance.public_dns_name
+#          canonical_name = instance.private_dns_name if !canonical_name or nat_ssh_host != nil
+#          @config['canonical_name'] = canonical_name
+#
+#          if !@config['add_private_ips'].nil?
+#            instance.network_interfaces.each { |int|
+#              if int.private_ip_address == instance.private_ip_address and int.private_ip_addresses.size < (@config['add_private_ips'] + 1)
+#                MU.log "Adding #{@config['add_private_ips']} extra private IP addresses to #{@cloud_id}"
+#                MU::Cloud::AWS.ec2(@config['region']).assign_private_ip_addresses(
+#                    network_interface_id: int.network_interface_id,
+#                    secondary_private_ip_address_count: @config['add_private_ips'],
+#                    allow_reassignment: false
+#                )
+#              end
+#            }
+#            notify
+#          end
+#
+#          windows? ? ssh_wait = 60 : ssh_wait = 30
+#          windows? ? max_retries = 50 : max_retries = 35
+#          begin
+#            session = getSSHSession(max_retries, ssh_wait)
+#            initialSSHTasks(session)
+#          rescue BootstrapTempFail
+#            sleep ssh_wait
+#            retry
+#          ensure
+#            session.close if !session.nil?
+#          end
+#
+#          if @config["existing_deploys"] && !@config["existing_deploys"].empty?
+#            @config["existing_deploys"].each { |ext_deploy|
+#              if ext_deploy["cloud_id"]
+#                found = MU::MommaCat.findStray(
+#                  @config['cloud'],
+#                  ext_deploy["cloud_type"],
+#                  cloud_id: ext_deploy["cloud_id"],
+#                  region: @config['region'],
+#                  dummy_ok: false
+#                ).first
+#
+#                MU.log "Couldn't find existing resource #{ext_deploy["cloud_id"]}, #{ext_deploy["cloud_type"]}", MU::ERR if found.nil?
+#                @deploy.notify(ext_deploy["cloud_type"], found.config["name"], found.deploydata, mu_name: found.mu_name, triggering_node: @mu_name)
+#              elsif ext_deploy["mu_name"] && ext_deploy["deploy_id"]
+#                MU.log "#{ext_deploy["mu_name"]} / #{ext_deploy["deploy_id"]}"
+#                found = MU::MommaCat.findStray(
+#                  @config['cloud'],
+#                  ext_deploy["cloud_type"],
+#                  deploy_id: ext_deploy["deploy_id"],
+#                  mu_name: ext_deploy["mu_name"],
+#                  region: @config['region'],
+#                  dummy_ok: false
+#                ).first
+#
+#                MU.log "Couldn't find existing resource #{ext_deploy["mu_name"]}/#{ext_deploy["deploy_id"]}, #{ext_deploy["cloud_type"]}", MU::ERR if found.nil?
+#                @deploy.notify(ext_deploy["cloud_type"], found.config["name"], found.deploydata, mu_name: ext_deploy["mu_name"], triggering_node: @mu_name)
+#              else
+#                MU.log "Trying to find existing deploy, but either the cloud_id is not valid or no mu_name and deploy_id where provided", MU::ERR
+#              end
+#            }
+#          end
+          # See if this node already exists in our config management. If it does,
+          # we're done.
+          if @groomer.haveBootstrapped?
+            MU.log "Node #{node} has already been bootstrapped, skipping groomer setup.", MU::NOTICE
+            @groomer.saveDeployData
+            MU::MommaCat.unlock(@cloud_id+"-orchestrate")
+            MU::MommaCat.unlock(@cloud_id+"-groom")
+            return true
+          end
+          @groomer.bootstrap
+          # Make sure we got our name written everywhere applicable
+          if !@named
+            MU::MommaCat.nameKitten(self)
+            @named = true
+          end
+          MU::MommaCat.unlock(@cloud_id+"-groom")
+          MU::MommaCat.unlock(@cloud_id+"-orchestrate")
+          return true
+        end #postBoot
+        # Locate an existing instance or instances and return an array containing matching AWS resource descriptors for those that match.
+        # @param cloud_id [String]: The cloud provider's identifier for this resource.
+        # @param region [String]: The cloud provider region
+        # @param tag_key [String]: A tag key to search.
+        # @param tag_value [String]: The value of the tag specified by tag_key to match when searching by tag.
+        # @param ip [String]: An IP address associated with the instance
+        # @param flags [Hash]: Optional flags
+        # @return [Array<Hash<String,OpenStruct>>]: The cloud provider's complete descriptions of matching instances
+        def self.find(cloud_id: nil, region: MU.curRegion, tag_key: "Name", tag_value: nil, ip: nil, flags: {})
+# XXX put that 'ip' value into flags
+          instance = nil
+          flags["project"] ||= MU::Cloud::Google.defaultProject
+          if !region.nil? and MU::Cloud::Google.listRegions.include?(region)
+            regions = [region]
+          else
+            regions = MU::Cloud::Google.listRegions
+          end
+          found_instances = {}
+          search_semaphore = Mutex.new
+          search_threads = []
+          # If we got an instance id, go get it
+          if !cloud_id.nil? and !cloud_id.empty?
+            parent_thread_id = Thread.current.object_id
+            regions.each { |region|
+              search_threads << Thread.new {
+                Thread.abort_on_exception = false
+                MU.dupGlobals(parent_thread_id)
+                MU.log "Hunting for instance with cloud id '#{cloud_id}' in #{region}", MU::DEBUG
+                MU::Cloud::Google.listAZs(region).each { |az|
+                  resp = nil
+                  begin
+                    resp = MU::Cloud::Google.compute.get_instance(
+                      flags["project"],
+                      az,
+                      cloud_id
+                    )
+                  rescue ::Google::Apis::ClientError => e
+                    raise e if !e.message.match(/^notFound: /)
+                  end
+                  found_instances[cloud_id] = resp if !resp.nil?
+                }
+              }
+            }
+            done_threads = []
+            begin
+              search_threads.each { |t|
+                joined = t.join(2)
+                done_threads << joined if !joined.nil?
+              }
+            end while found_instances.size < 1 and done_threads.size != search_threads.size
+          end
+          if found_instances.size > 0
+            return found_instances
+          end
+          # Ok, well, let's try looking it up by IP then
+          if instance.nil? and !ip.nil?
+            MU.log "Hunting for instance by IP '#{ip}'", MU::DEBUG
+          end
+          if !instance.nil?
+            return {instance.name => instance} if !instance.nil?
+          end
+          # Fine, let's try it by tag.
+          if !tag_value.nil?
+            MU.log "Searching for instance by tag '#{tag_key}=#{tag_value}'", MU::DEBUG
+          end
+          return found_instances
+        end
+        # Return a description of this resource appropriate for deployment
+        # metadata. Arguments reflect the return values of the MU::Cloud::[Resource].describe method
+        def notify
+          node, config, deploydata = describe(cloud_id: @cloud_id, update_cache: true)
+          deploydata = {} if deploydata.nil?
+          if cloud_desc.nil?
+            raise MuError, "Failed to load instance metadata for #{@config['mu_name']}/#{@cloud_id}"
+          end
+          interfaces = []
+          private_ips = []
+          public_ips = []
+          cloud_desc.network_interfaces.each { |iface|
+            private_ips << iface.network_ip
+            if iface.access_configs
+              iface.access_configs.each { |acfg|
+                public_ips << acfg.nat_ip if acfg.nat_ip
+              }
+            end
+            interfaces << {
+              "network_interface_id" => iface.name,
+              "subnet_id" => iface.subnetwork,
+              "vpc_id" => iface.network
+            }
+          }
+          deploydata = {
+              "nodename" => @mu_name,
+              "run_list" => @config['run_list'],
+              "image_created" => @config['image_created'],
+#              "iam_role" => @config['iam_role'],
+              "cloud_desc_id" => @cloud_id,
+              "private_ip_address" => private_ips.first,
+              "public_ip_address" => public_ips.first,
+              "private_ip_list" => private_ips,
+#              "key_name" => cloud_desc.key_name,
+#              "subnet_id" => cloud_desc.subnet_id,
+#              "cloud_desc_type" => cloud_desc.instance_type #,
+              #				"network_interfaces" => interfaces,
+              #				"config" => server
+          }
+          if !@mu_windows_name.nil?
+            deploydata["mu_windows_name"] = @mu_windows_name
+          end
+          if !@config['chef_data'].nil?
+            deploydata.merge!(@config['chef_data'])
+          end
+          deploydata["region"] = @config['region'] if !@config['region'].nil?
+          if !@named
+            MU::MommaCat.nameKitten(self)
+            @named = true
+          end
+          return deploydata
+        end
+        # Called automatically by {MU::Deploy#createResources}
+        def groom
+          MU::MommaCat.lock(@cloud_id+"-groom")
+          node, config, deploydata = describe(cloud_id: @cloud_id)
+          if node.nil? or node.empty?
+            raise MuError, "MU::Cloud::Google::Server.groom was called without a mu_name"
+          end
+          # Make double sure we don't lose a cached mu_windows_name value.
+          if windows? or !@config['active_directory'].nil?
+            if @mu_windows_name.nil?
+              @mu_windows_name = deploydata['mu_windows_name']
+            end
+          end
+#          punchAdminNAT
+#          MU::Cloud::AWS::Server.tagVolumes(@cloud_id)
+          # If we have a loadbalancer configured, attach us to it
+#          if !@config['loadbalancers'].nil?
+#            if @loadbalancers.nil?
+#              raise MuError, "#{@mu_name} is configured to use LoadBalancers, but none have been loaded by dependencies()"
+#            end
+#            @loadbalancers.each { |lb|
+#              lb.registerNode(@cloud_id)
+#            }
+#          end
+          # Let us into any databases we depend on.
+          # This is probelmtic with autscaling - old ips are not removed, and access to the database can easily be given at the BoK level
+          # if @dependencies.has_key?("database")
+            # @dependencies['database'].values.each { |db|
+              # db.allowHost(@deploydata["private_ip_address"]+"/32")
+              # if @deploydata["public_ip_address"]
+                # db.allowHost(@deploydata["public_ip_address"]+"/32")
+              # end
+            # }
+          # end
+          @groomer.saveDeployData
+          begin
+            @groomer.run(purpose: "Full Initial Run", max_retries: 15)
+          rescue MU::Groomer::RunError
+            MU.log "Proceeding after failed initial Groomer run, but #{node} may not behave as expected!", MU::WARN
+          end
+          if !@config['create_image'].nil? and !@config['image_created']
+            img_cfg = @config['create_image']
+            # Scrub things that don't belong on an AMI
+            session = getSSHSession
+            sudo = purgecmd = ""
+            sudo = "sudo" if @config['ssh_user'] != "root"
+            if windows?
+              purgecmd = "rm -rf /cygdrive/c/mu_installed_chef"
+            else
+              purgecmd = "rm -rf /opt/mu_installed_chef"
+            end
+            if img_cfg['image_then_destroy']
+              if windows?
+                purgecmd = "rm -rf /cygdrive/c/chef/ /home/#{@config['windows_admin_username']}/.ssh/authorized_keys /home/Administrator/.ssh/authorized_keys /cygdrive/c/mu-installer-ran-updates /cygdrive/c/mu_installed_chef"
+                # session.exec!("powershell -Command \"& {(Get-WmiObject -Class Win32_Product -Filter \"Name='UniversalForwarder'\").Uninstall()}\"")
+              else
+                purgecmd = "#{sudo} rm -rf /root/.ssh/authorized_keys /etc/ssh/ssh_host_*key* /etc/chef /etc/opscode/* /.mu-installer-ran-updates /var/chef /opt/mu_installed_chef /opt/chef ; #{sudo} sed -i 's/^HOSTNAME=.*//' /etc/sysconfig/network"
+              end
+            end
+            session.exec!(purgecmd)
+            session.close
+            stop
+            image_id = MU::Cloud::Google::Server.createImage(
+                name: MU::Cloud::Google.nameStr(@mu_name),
+                instance_id: @cloud_id,
+                region: @config['region'],
+                storage: @config['storage'],
+                family: ("mu-"+@config['platform']+"-"+MU.environment).downcase,
+                project: @config['project'],
+                exclude_storage: img_cfg['image_exclude_storage'],
+                make_public: img_cfg['public'],
+                tags: @config['tags'],
+                zone: @config['availability_zone']
+            )
+            @deploy.notify("images", @config['name'], {"image_id" => image_id})
+            @config['image_created'] = true
+            if img_cfg['image_then_destroy']
+              MU.log "Image #{image_id} ready, removing source node #{node}"
+              MU::Cloud::Google.compute.delete_instance(
+                @config['project'],
+                @config['availability_zone'],
+                @cloud_id
+              )
+              destroy
+            else
+              start
+            end
+          end
+          MU::MommaCat.unlock(@cloud_id+"-groom")
+        end
+        # Create an image out of a running server. Requires either the name of a MU resource in the current deployment, or the cloud provider id of a running instance.
+        # @param name [String]: The MU resource name of the server to use as the basis for this image.
+        # @param instance_id [String]: The cloud provider resource identifier of the server to use as the basis for this image.
+        # @param storage [Hash]: The storage devices to include in this image.
+        # @param exclude_storage [Boolean]: Do not include the storage device profile of the running instance when creating this image.
+        # @param region [String]: The cloud provider region
+        # @param tags [Array<String>]: Extra/override tags to apply to the image.
+        # @return [String]: The cloud provider identifier of the new machine image.
+        def self.createImage(name: nil, instance_id: nil, storage: {}, exclude_storage: false, project: MU::Cloud::Google.defaultProject, make_public: false, tags: [], region: nil, family: "mu", zone: MU::Cloud::Google.listAZs.sample)
+          instance = MU::Cloud::Server.find(cloud_id: instance_id, region: region)
+          if instance.nil?
+            raise MuError, "Failed to find instance '#{instance_id}' in createImage"
+          end
+          labels = {}
+          MU::MommaCat.listStandardTags.each_pair { |key, value|
+            if !value.nil?
+              labels[key.downcase] = value.downcase.gsub(/[^a-z0-9\-\_]/i, "_")
+            end
+          }
+          bootdisk = nil
+          threads = []
+          parent_thread_id = Thread.current.object_id
+          instance[instance_id].disks.each { |disk|
+            threads << Thread.new {
+              Thread.abort_on_exception = false
+              MU.dupGlobals(parent_thread_id)
+              if disk.boot
+                bootdisk = disk.source
+              else
+                snapobj = MU::Cloud::Google.compute(:Snapshot).new(
+                  name: name+"-"+disk.device_name,
+                  description: "Mu image created from #{name} (#{disk.device_name})"
+                )
+                diskname = disk.source.gsub(/.*?\//, "")
+                MU.log "Creating snapshot of #{diskname} in #{zone}", MU::NOTICE, details: snapobj
+                snap = MU::Cloud::Google.compute.create_disk_snapshot(
+                  project,
+                  zone,
+                  diskname,
+                  snapobj
+                )
+                MU::Cloud::Google.compute.set_snapshot_labels(
+                  project,
+                  snap.name,
+                  MU::Cloud::Google.compute(:GlobalSetLabelsRequest).new(
+                    label_fingerprint: snap.label_fingerprint,
+                    labels: labels.merge({
+                      "mu-device-name" => disk.device_name,
+                      "mu-parent-image" => name,
+                      "mu-orig-zone" => zone
+                    })
+                  )
+                )
+              end
+            }
+          }
+          threads.each do |t|
+            t.join
+          end
+          labels["name"] = instance_id.downcase
+          imageobj = MU::Cloud::Google.compute(:Image).new(
+            name: name,
+            source_disk: bootdisk,
+            description: "Mu image created from #{name}",
+            labels: labels,
+            family: family
+          )
+          newimage = MU::Cloud::Google.compute.insert_image(
+            project,
+            imageobj
+          )
+          newimage.name
+        end
+        def cloud_desc
+          max_retries = 5
+          retries = 0
+          if !@cloud_id.nil?
+            begin
+              return MU::Cloud::Google.compute.get_instance(
+                @config['project'],
+                @config['availability_zone'],
+                @cloud_id
+              )
+            rescue ::Google::Apis::ClientError => e
+              if e.message.match(/^notFound: /)
+                return nil
+              else
+                raise e
+              end
+            end
+          end
+          nil
+        end
+        def cloud_desc
+          MU::Cloud::Google::Server.find(cloud_id: @cloud_id).values.first
+        end
+        # Return the IP address that we, the Mu server, should be using to access
+        # this host via the network. Note that this does not factor in SSH
+        # bastion hosts that may be in the path, see getSSHConfig if that's what
+        # you need.
+        def canonicalIP
+          mu_name, config, deploydata = describe(cloud_id: @cloud_id)
+          if !cloud_desc
+            raise MuError, "Couldn't retrieve cloud descriptor for server #{self}"
+          end
+          private_ips = []
+          public_ips = []
+          cloud_desc.network_interfaces.each { |iface|
+            private_ips << iface.network_ip
+            if iface.access_configs
+              iface.access_configs.each { |acfg|
+                public_ips << acfg.nat_ip if acfg.nat_ip
+              }
+            end
+          }
+          # Our deploydata gets corrupted often with server pools, this will cause us to use the wrong IP to identify a node
+          # which will cause us to create certificates, DNS records and other artifacts with incorrect information which will cause our deploy to fail.
+          # The cloud_id is always correct so lets use 'cloud_desc' to get the correct IPs
+          if MU::Cloud::Google::VPC.haveRouteToInstance?(cloud_desc) or public_ips.size == 0
+            @config['canonical_ip'] = private_ips.first
+            return private_ips.first
+          else
+            @config['canonical_ip'] = public_ips.first
+            return public_ips.first
+          end
+        end
+        # Retrieves the Cloud provider's randomly generated Windows password
+        # Will only work on stock Amazon Windows AMIs or custom AMIs that where created with Administrator Password set to random in EC2Config
+        # return [String]: A password string.
+        def getWindowsAdminPassword
+        end
+        # Add a volume to this instance
+        # @param dev [String]: Device name to use when attaching to instance
+        # @param size [String]: Size (in gb) of the new volume
+        # @param type [String]: Cloud storage type of the volume, if applicable
+        def addVolume(dev, size, type: "pd-standard")
+          devname = dev.gsub(/.*?\/([^\/]+)$/, '\1')
+          resname = MU::Cloud::Google.nameStr(@mu_name+"-"+devname)
+          MU.log "Creating disk #{resname}"
+          description = @deploy ? @deploy.deploy_id : @mu_name+"-"+devname
+          newdiskobj = MU::Cloud::Google.compute(:Disk).new(
+            size_gb: size,
+            description: description,
+            zone: @config['availability_zone'],
+#            type: "projects/#{config['project']}/zones/#{config['availability_zone']}/diskTypes/pd-ssd",
+            type: "projects/#{@config['project']}/zones/#{@config['availability_zone']}/diskTypes/pd-standard",
+# Other values include pd-ssd and local-ssd
+            name: resname
+          )
+          begin
+            newdisk = MU::Cloud::Google.compute.insert_disk(
+              @config['project'],
+              @config['availability_zone'],
+              newdiskobj
+            )
+          rescue ::Google::Apis::ClientError => e
+            if e.message.match(/^alreadyExists: /)
+              MU.log "Disk #{resname} already exists, ignoring request to create", MU::WARN
+              return
+            else
+              raise e
+            end
+          end
+          attachobj = MU::Cloud::Google.compute(:AttachedDisk).new(
+            auto_delete: true,
+            device_name: devname,
+            source: newdisk.self_link,
+            type: "PERSISTENT"
+          )
+          attachment = MU::Cloud::Google.compute.attach_disk(
+            @config['project'],
+            @config['availability_zone'],
+            @cloud_id,
+            attachobj
+          )
+        end
+        # Determine whether the node in question exists at the Cloud provider
+        # layer.
+        # @return [Boolean]
+        def active?
+          true
+        end
+        # Remove all instances associated with the currently loaded deployment. Also cleans up associated volumes, droppings in the MU master's /etc/hosts and ~/.ssh, and in whatever Groomer was used.
+        # @param noop [Boolean]: If true, will only print what would be done
+        # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
+        # @param region [String]: The cloud provider region
+        # @return [void]
+        def self.cleanup(noop: false, ignoremaster: false, region: $MU_CFG['google']['region'], skipsnapshots: false, onlycloud: false, flags: {})
+          flags["project"] ||= MU::Cloud::Google.defaultProject
+# XXX make damn sure MU.deploy_id is set
+          MU::Cloud::Google.listAZs(region).each { |az|
+            disks = []
+            resp = MU::Cloud::Google.compute.list_instances(
+              flags["project"],
+              az,
+              filter: "description eq #{MU.deploy_id}"
+            )
+            if !resp.items.nil? and resp.items.size > 0
+              resp.items.each { |instance|
+                saname = instance.tags.items.first.gsub(/[^a-z]/, "") # XXX this nonsense again
+                MU.log "Terminating instance #{instance.name}"
+                if !instance.disks.nil? and instance.disks.size > 0
+                  instance.disks.each { |disk|
+                    disks << disk if !disk.auto_delete
+                  }
+                end
+                deletia = MU::Cloud::Google.compute.delete_instance(
+                  flags["project"],
+                  az,
+                  instance.name
+                ) if !noop
+                MU.log "Removing service account #{saname}"
+                begin
+                  MU::Cloud::Google.iam.delete_project_service_account(
+                    "projects/#{flags["project"]}/serviceAccounts/#{saname}@#{flags["project"]}.iam.gserviceaccount.com"
+                  ) if !noop
+                rescue ::Google::Apis::ClientError => e
+                  raise e if !e.message.match(/^notFound: /)
+                end
+# XXX wait-loop on pending?
+#                pp deletia
+              }
+            end
+            if disks.size > 0
+# XXX make sure we don't miss anything that got created with dumb flags
+            end
+# XXX honor snapshotting
+            MU::Cloud::Google.compute.delete(
+              "disk",
+              flags["project"],
+              az,
+              noop
+            ) if !noop
+          }
+        end
+        # Cloud-specific configuration properties.
+        # @param config [MU::Config]: The calling MU::Config object
+        # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
+        def self.schema(config)
+          toplevel_required = []
+          schema = {
+            "image_id" => {
+              "type" => "string",
+              "description" => "The Google Cloud Platform Image on which to base this instance. Will use the default appropriate for the platform, if not specified."
+            },
+            "routes" => {
+              "type" => "array",
+              "items" => MU::Config::VPC.routeschema
+            }
+          }
+          [toplevel_required, schema]
+        end
+        # Confirm that the given instance size is valid for the given region.
+        # If someone accidentally specified an equivalent size from some other cloud provider, return something that makes sense. If nothing makes sense, return nil.
+        # @param size [String]: Instance type to check
+        # @param region [String]: Region to check against
+        # @return [String,nil]
+        def self.validateInstanceType(size, region)
+          types = (MU::Cloud::Google.listInstanceTypes(region))[region]
+          if types and (size.nil? or !types.has_key?(size))
+            # See if it's a type we can approximate from one of the other clouds
+            atypes = (MU::Cloud::AWS.listInstanceTypes)[MU::Cloud::AWS.myRegion]
+            foundmatch = false
+            if atypes and atypes.size > 0 and atypes.has_key?(size)
+              vcpu = atypes[size]["vcpu"]
+              mem = atypes[size]["memory"]
+              ecu = atypes[size]["ecu"]
+              types.keys.sort.reverse.each { |type|
+                features = types[type]
+                next if ecu == "Variable" and ecu != features["ecu"]
+                next if features["vcpu"] != vcpu
+                if (features["memory"] - mem.to_f).abs < 0.10*mem
+                  foundmatch = true
+                  MU.log "You specified an Amazon instance type '#{size}.' Approximating with Google Compute type '#{type}.'", MU::WARN
+                  size = type
+                  break
+                end
+              }
+            end
+            if !foundmatch
+              MU.log "Invalid size '#{size}' for Google Compute instance in #{region}. Supported types:", MU::ERR, details: types.keys.sort.join(", ")
+              return nil
+            end
+          end
+          size
+        end
+        # Cloud-specific pre-processing of {MU::Config::BasketofKittens::servers}, bare and unvalidated.
+        # @param server [Hash]: The resource to process and validate
+        # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+        # @return [Boolean]: True if validation succeeded, False otherwise
+        def self.validateConfig(server, configurator)
+          ok = true
+          server['size'] = validateInstanceType(server["size"], server["region"])
+          ok = false if server['size'].nil?
+          # If we're not targeting an availability zone, pick one randomly
+          if !server['availability_zone']
+            server['availability_zone'] = MU::Cloud::Google.listAZs(server['region']).sample
+          end
+          subnets = nil
+          if !server['vpc']
+            vpcs = MU::Cloud::Google::VPC.find
+            if vpcs["default"]
+              server["vpc"] ||= {}
+              server["vpc"]["vpc_id"] = vpcs["default"].self_link
+              subnets = vpcs["default"].subnetworks
+              MU.log "No VPC specified for Server #{server['name']}, using default VPC for project #{server['project']}", MU::NOTICE
+            else
+              ok = false
+              MU.log "You must specify a target VPC when creating a Server", MU::ERR
+            end
+          end
+          if !server['vpc']['subnet_id'] and server['vpc']['subnet_name'].nil?
+            if !subnets
+              if server["vpc"]["vpc_id"]
+                vpcs = MU::Cloud::Google::VPC.find(cloud_id: server["vpc"]["vpc_id"])
+                subnets = vpcs["default"].subnetworks.sample
+              end
+            end
+            if subnets
+              server['vpc']['subnet_id'] = subnets.delete_if { |subnet|
+                !subnet.match(/regions\/#{Regexp.quote(server['region'])}\/subnetworks/)
+              }.sample
+            end
+            if server['vpc']['subnet_id'].nil?
+              ok = false
+              MU.log "Failed to identify a subnet in my region (#{server['region']})", MU::ERR, details: server["vpc"]["vpc_id"]
+            end
+          end
+          if server['image_id'].nil?
+            if MU::Config.google_images.has_key?(server['platform'])
+              server['image_id'] = configurator.getTail("server"+server['name']+"Image", value: MU::Config.google_images[server['platform']], prettyname: "server"+server['name']+"Image", cloudtype: "Google::::Apis::ComputeBeta::Image")
+            else
+              MU.log "No image specified for #{server['name']} and no default available for platform #{server['platform']}", MU::ERR, details: server
+              ok = false
+            end
+          end
+          real_image = nil
+          begin
+            real_image = MU::Cloud::Google::Server.fetchImage(server['image_id'].to_s)
+          rescue ::Google::Apis::ClientError => e
+            MU.log e.inspect, MU::WARN
+          end
+          if real_image.nil?
+            MU.log "Image #{server['image_id']} for server #{server['name']} does not appear to exist", MU::ERR
+            ok = false
+          else
+            server['image_id'] = real_image.self_link
+            server['image_id'].match(/projects\/([^\/]+)\/.*?\/([^\/]+)$/)
+            img_project = Regexp.last_match[1]
+            img_name = Regexp.last_match[2]
+            begin
+              snaps = MU::Cloud::Google.compute.list_snapshots(
+                img_project,
+                filter: "name eq #{img_name}-.*"
+              )
+              server['storage'] ||= []
+              used_devs = server['storage'].map { |disk| disk['device'].gsub(/.*?\//, "") }
+              snaps.items.each { |snap|
+                next if !snap.labels.is_a?(Hash) or !snap.labels["mu-device-name"] or snap.labels["mu-parent-image"] != img_name
+                devname = snap.labels["mu-device-name"]
+                if used_devs.include?(devname)
+                  MU.log "Device name #{devname} already declared in server #{server['name']} (snapshot #{snap.name} wants the name)", MU::ERR
+                  ok = false
+                end
+                server['storage'] << {
+                  "snapshot_id" => snap.self_link,
+                  "size" => snap.disk_size_gb,
+                  "delete_on_termination" => true,
+                  "device" => devname
+                }
+                used_devs << devname
+              }
+            rescue ::Google::Apis::ClientError => e
+              # it's ok, sometimes we don't have permission to list snapshots
+              # in other peoples' projects
+              raise e if !e.message.match(/^forbidden: /)
+            end
+          end
+          ok
+        end
+        private
+      end #class
+    end #class
+  end
+end #module